Archief - Kan er iemand deze log nakijken aub? :)

Het archief is een bevroren moment uit een vorige versie van dit forum, met andere regels en andere bazen. Deze posts weerspiegelen op geen enkele manier onze huidige ideeën, waarden of wereldbeelden en zijn op sommige plaatsen gecensureerd wegens ontoelaatbaar. Veel zijn in een andere tijdsgeest gemaakt, al dan niet ironisch - zoals in het ironische subforum Off-Topic - en zouden op dit moment niet meer gepost (mogen) worden. Toch bieden we dit archief nog graag aan als informatiedatabank en naslagwerk. Lees er hier meer over of start een gesprek met anderen.

Cypher666

Legacy Member
Mijn PC is laatste tijd weeral erg traag.. Beetje iedereen hier heeft mijn PC gebruikt laatste tijd en sinds dan draait hij niet meer hoe het moet...

Zou iemand deze eens kunnen nakijken :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:57:05, on 3/12/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Windows\System32\rundll32.exe
D:\Program Files\Adobe\Adobe Bridge CS4\Bridge.exe
C:\Program Files\VistaOSX\RKLauncher.exe
C:\Program Files\VistaOSX\leftsider.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Windows\System32\spool\drivers\w32x86\3\CAPM2LAK.EXE
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\System32\spool\drivers\w32x86\3\CAPM2SWK.EXE
C:\Windows\System32\mobsync.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
D:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Het Nieuwsblad Online
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 192.17.239.253:8888->United States(anonymous)
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local;*.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O4 - HKLM\..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [scheduler_monitor] C:\Program Files\ReaConverter 5.0 Pro\init_scheduler.exe
O4 - HKCU\..\Run: [AdobeBridge] "D:\Program Files\Adobe\Adobe Bridge CS4\Bridge.exe" -stealth
O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEEM')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Dock.lnk = C:\Program Files\VistaOSX\RKLauncher.exe
O4 - Global Startup: Fenêtre d'état de Canon iR1200-1300.LNK = C:\Windows\System32\spool\drivers\w32x86\3\CAPM2LAK.EXE
O4 - Global Startup: Leftisder.lnk = C:\Program Files\VistaOSX\leftsider.exe
O4 - Global Startup: Spaces.lnk = C:\Program Files\VistaOSX\spaces.exe
O4 - Global Startup: theme.lnk = C:\Windows\Resources\Themes\theme.bat
O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\Windows\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Mobiel Apple apparaat (Apple Mobile Device) - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CT Device Query service (CTDevice_Srv) - Creative Technology Ltd - C:\Program Files\Creative\Shared Files\CTDevSrv.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Nakido - Nakido - C:\Program Files\Nakido\nakido.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: ReaConverter scheduler service (rcp_service) - ReaSoft - C:\Program Files\ReaConverter 5.0 Pro\rcp_scheduler.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe

--
End of file - 8113 bytes

Juisterr

Legacy Member
Download OTCleanIt (by OldTimer)
  • Plaats het bestand op je bureaublad.
  • Zorg dat er een internetverbinding is en dubbelklik vervolgens OTCleanIt.exe om het programma te starten.
  • Klik nu op de knop "CleanUp!"
  • Als je firewall, of een ander beveiligingsprogramma, een waarschuwing geeft dat OTCleanIt.exe internettoegang wil, mag je dit toestaan, het programma heeft die connectie nodig.
  • OTCleanIt zal als laatste vragen of je de computer herstarten wilt, dit mag je toestaan, hiermee verwijdert het zichzelf ook.


Download Combofix naar je Bureaublad.

OPMERKING: indien je, tijdens of na het downloaden van Combofix of tijdens het gebruik van Combofix een melding krijgt van je Antivirus- of een andere realtime scanner, schakel dan deze scanner uit en download Combofix opnieuw.
Sommige scanners zien bepaalde componenten die Combofix gebruikt als verdacht en gaan deze blokkeren of verwijderen!


  • Dubbelklik op Combofix.exe om het te starten.
  • Indien je Combofix al eerder hebt gebruikt, kan je een waarschuwing krijgen dat een update beschikbaar is. Sta toe dat ComboFix wordt geupdate.
  • Klik op OK in het "NirCmd" venstertje.
  • Indien de Recovery Console niet geïnstalleerd is, wordt je gevraagd om dit alsnog te doen door op JA te klikken in het "Query - Recovery Console" venster.
  • Klik op OK en Ja om automatisch de Recovery Console te laten installeren.
  • Klik na afloop terug op Ja om het scannen op malware te starten.
  • Tijdens het runnen van de fix, NIET in het venster klikken, want dit zal je pc doen vasthangen.
  • Wanneer de fix voltooid is en na herstart, zal de log Combofix.txt openen.

Post dit logje in je volgende antwoord.

Cypher666

Legacy Member
Heb het allemaal gerund,hier is de log van combofix :



ComboFix 08-12-05.02 - 2008-12-06 12:33:16.4 - NTFSx86
Microsoft® Windows Vista™ Home Premium [GMT 1:00]
Gestart vanuit: c:\users\BVBA Naudts\Desktop\ComboFix.exe
* Nieuw herstelpunt werd aangemaakt
.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\comsa32.sys
c:\windows\system32\drmgs.sys
c:\windows\system32\Install.txt
c:\windows\system32\P3vA32sU.exe.a_a
c:\windows\system32\tmp0_787513436882.bk

.
(((((((((((((((((((( Bestanden Gemaakt van 2008-11-06 to 2008-12-06 ))))))))))))))))))))))))))))))
.

2008-12-04 16:31 . 2008-12-04 16:31 <DIR> d-------- c:\program files\WinPcap
2008-12-04 16:31 . 2008-12-04 16:31 <DIR> d-------- c:\program files\MSN Webcam Recorder
2008-12-02 21:37 . 2008-12-02 21:41 <DIR> d-------- c:\users\BVBA Naudts\AppData\Roaming\FileZilla
2008-12-02 21:37 . 2008-12-02 21:37 <DIR> d-------- c:\program files\FileZilla FTP Client
2008-12-02 16:06 . 2008-12-02 16:06 <DIR> d-------- c:\program files\FLV Player
2008-12-01 13:37 . 2008-12-01 13:37 <DIR> d-------- c:\program files\LucasArts
2008-12-01 13:37 . 1997-01-18 10:40 299,520 --a------ c:\windows\uninst.exe
2008-11-30 05:02 . 2008-11-30 05:02 <DIR> d-------- c:\windows\Easy Decrypter
2008-11-30 05:02 . 2008-11-30 19:41 <DIR> d-------- c:\program files\Easy Decrypter
2008-11-28 22:52 . 2008-10-21 06:25 1,645,568 --a------ c:\windows\System32\connect.dll
2008-11-28 22:52 . 2008-08-28 04:40 712,704 --a------ c:\windows\System32\WindowsCodecs.dll
2008-11-28 22:52 . 2008-08-28 04:40 425,472 --a------ c:\windows\System32\PhotoMetadataHandler.dll
2008-11-28 22:52 . 2008-08-28 04:40 347,136 --a------ c:\windows\System32\WindowsCodecsExt.dll
2008-11-28 22:52 . 2008-10-22 04:57 241,152 --a------ c:\windows\System32\PortableDeviceApi.dll
2008-11-25 00:27 . 2008-11-25 00:27 1,024 --a------ c:\windows\System32\gncontent.cch
2008-11-25 00:26 . 2008-11-25 00:26 <DIR> d-------- c:\users\BVBA Naudts\AppData\Roaming\Sony
2008-11-25 00:26 . 2008-11-25 00:26 <DIR> d-------- c:\programdata\Sony
2008-11-25 00:23 . 2008-11-25 00:23 <DIR> d-------- c:\program files\Sony Ericsson
2008-11-25 00:23 . 2008-11-25 00:23 <DIR> d-------- c:\program files\Sony
2008-11-25 00:23 . 2008-11-25 00:23 <DIR> d-------- c:\program files\Common Files\Sony Shared
2008-11-25 00:22 . 2008-11-25 00:22 <DIR> d-------- c:\program files\Sony Setup
2008-11-23 19:35 . 2008-11-23 19:35 <DIR> d-------- c:\programdata\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-11-23 19:35 . 2008-11-23 19:35 <DIR> d-------- c:\program files\iTunes
2008-11-23 19:35 . 2008-11-23 19:35 <DIR> d-------- c:\program files\iPod
2008-11-23 04:03 . 2008-10-16 22:13 1,809,944 --a------ c:\windows\System32\wuaueng.dll
2008-11-23 04:03 . 2008-10-16 21:56 1,524,736 --a------ c:\windows\System32\wucltux.dll
2008-11-23 04:03 . 2008-10-16 22:12 561,688 --a------ c:\windows\System32\wuapi.dll
2008-11-23 04:03 . 2008-10-16 14:08 162,064 --a------ c:\windows\System32\wuwebv.dll
2008-11-23 04:03 . 2008-10-16 21:55 83,456 --a------ c:\windows\System32\wudriver.dll
2008-11-23 04:03 . 2008-10-16 22:09 51,224 --a------ c:\windows\System32\wuauclt.exe
2008-11-23 04:03 . 2008-10-16 22:09 43,544 --a------ c:\windows\System32\wups2.dll
2008-11-23 04:03 . 2008-10-16 22:08 34,328 --a------ c:\windows\System32\wups.dll
2008-11-23 04:03 . 2008-10-16 13:56 31,232 --a------ c:\windows\System32\wuapp.exe
2008-11-17 23:37 . 2008-11-23 19:20 218,429,594 --a------ c:\windows\MEMORY.DMP
2008-11-17 22:40 . 2001-10-26 23:16 16,384 --a------ c:\windows\System32\FileOps.exe
2008-11-17 22:38 . 2008-11-17 22:38 <DIR> d-------- C:\Adobe Illustrator Installer
2008-11-17 22:10 . 2008-11-17 22:10 <DIR> d-------- c:\program files\gs
2008-11-14 12:40 . 2008-11-14 12:40 <DIR> d-------- c:\program files\MSXML 4.0
2008-11-13 19:39 . 2008-09-10 04:40 1,334,272 --a------ c:\windows\System32\msxml6.dll
2008-11-13 19:39 . 2008-09-05 06:14 1,191,936 --a------ c:\windows\System32\msxml3.dll
2008-11-13 19:39 . 2008-08-27 02:05 212,480 --a------ c:\windows\System32\drivers\mrxsmb10.sys
2008-11-12 20:35 . 2008-11-12 20:35 <DIR> d-------- c:\program files\Adobe Media Player
2008-11-12 20:33 . 2008-11-12 20:33 <DIR> d-------- c:\program files\Common Files\Adobe AIR
2008-11-11 20:31 . 2008-11-11 20:31 <DIR> d-------- c:\program files\Activision

.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-06 11:22 --------- d-----w c:\program files\Nakido
2008-12-04 15:17 --------- d-----w c:\users\BVBA Naudts\AppData\Roaming\uTorrent
2008-11-30 04:04 --------- d-----w c:\users\BVBA Naudts\AppData\Roaming\Orbit
2008-11-23 20:46 --------- d-----w c:\users\BVBA Naudts\AppData\Roaming\Vso
2008-11-23 18:35 --------- d-----w c:\program files\Common Files\Apple
2008-11-23 18:33 --------- d-----w c:\program files\QuickTime
2008-11-23 18:25 --------- d-----w c:\program files\Safari
2008-11-17 21:40 --------- d-----w c:\program files\Common Files\Adobe
2008-11-17 21:39 --------- d--h--w c:\program files\InstallShield Installation Information
2008-11-17 21:11 --------- d-----w c:\users\BVBA Naudts\AppData\Roaming\RCP 5
2008-11-07 10:00 --------- d-----w c:\program files\Spybot - Search & Destroy
2008-11-06 16:50 --------- d-----w c:\program files\Common Files\Steam
2008-11-01 17:30 --------- d-----w c:\programdata\Messenger Plus!
2008-10-28 09:43 --------- d-----w c:\program files\PicoZipRT
2008-10-28 01:03 --------- d-----w c:\program files\Bowling Buddies Bot
2008-10-16 22:08 --------- d-----w c:\program files\Windows Mail
2008-10-02 03:49 827,392 ----a-w c:\windows\System32\wininet.dll
2008-09-30 15:43 1,286,152 ----a-w c:\windows\System32\msxml4.dll
2008-09-18 05:09 3,601,464 ----a-w c:\windows\System32\ntkrnlpa.exe
2008-09-18 05:09 3,549,240 ----a-w c:\windows\System32\ntoskrnl.exe
2008-09-18 04:56 147,456 ----a-w c:\windows\System32\Faultrep.dll
2008-09-18 04:56 125,952 ----a-w c:\windows\System32\wersvc.dll
2008-09-18 02:16 2,032,640 ----a-w c:\windows\System32\win32k.sys
2008-06-14 21:27 174 --sha-w c:\program files\desktop.ini
2007-08-07 14:54 47,360 ----a-w c:\users\BVBA Naudts\AppData\Roaming\pcouffin.sys
2007-11-28 19:27 16,384 --sha-w c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
2007-11-28 19:27 32,768 --sha-w c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
2007-11-28 19:27 16,384 --sha-w c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
2008-01-24 16:45 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012008011420080121\index.dat
2008-02-01 16:43 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012008012120080128\index.dat
2008-02-01 16:43 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012008020120080202\index.dat
2008-02-02 10:55 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012008020220080203\index.dat
.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-18 1233920]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-12-23 143360]
"msnmsgr"="c:\program files\MSN Messenger\msnmsgr.exe" [2007-01-19 5674352]
"scheduler_monitor"="c:\program files\ReaConverter 5.0 Pro\init_scheduler.exe" [2007-06-15 27136]
"AdobeBridge"="d:\program files\Adobe\Adobe Bridge CS4\Bridge.exe" [2008-08-28 13145448]
"AdobeUpdater"="c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [2007-02-28 2321600]
"MSN Webcam Recorder"="c:\program files\MSN Webcam Recorder\ml20gui.exe" [2007-11-27 110592]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2008-11-28 1261336]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-09-12 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-09-12 8497696]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-09-12 81920]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-10-01 111936]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-11-04 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"MySpaceIM"="c:\program files\MySpace\IM\MySpaceIM.exe" [2008-04-18 9117696]

c:\users\BVBA Naudts\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2007-03-22 110592]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2007-03-22 110592]
Dock.lnk - c:\program files\VistaOSX\RKLauncher.exe [2008-06-14 708608]
Fen&#710;tre d'&#8218;tat de Canon iR1200-1300.LNK - c:\windows\System32\spool\drivers\w32x86\3\CAPM2LAK.EXE [2004-12-02 30720]
Leftisder.lnk - c:\program files\VistaOSX\leftsider.exe [2008-06-14 74752]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.X264"= x264vfw.dll
"VIDC.3iv2"= 3ivxVfWCodec.dll
"VIDC.HFYU"= huffyuv.dll
"vidc.i263"= i263_32.drv
"VIDC.VP31"= vp31vfw.dll
"msacm.l3fhg"= mp3fhg.acm
"msacm.imc"= imc32.acm
"VIDC.I420"= emYUV.dll
"msacm.dvacm"= c:\progra~1\COMMON~1\ULEADS~1\Vio\Dvacm.acm

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"MessengerPlus3"="c:\program files\MessengerPlus! 3\MsgPlus.exe" /WinStart

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"MessengerPlus3"="c:\program files\MessengerPlus! 3\MsgPlus.exe"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"TCP Query User{974D8215-C9DD-489F-AEF4-429B8A0C0CBC}c:\\stubinstaller.exe"= UDP:C:\stubinstaller.exe:LimeWire swarmed installer
"UDP Query User{7E408393-4B86-4D79-B381-4BB1C7DD9AFA}c:\\stubinstaller.exe"= TCP:C:\stubinstaller.exe:LimeWire swarmed installer
"{0FD03D05-251E-49F7-9CCE-CAD2ECCCA985}"= UDP:c:\program files\LimeWire\LimeWire.exe:LimeWire
"{B780A232-4D7F-4B3A-A9DD-DABC7A1DE209}"= TCP:c:\program files\LimeWire\LimeWire.exe:LimeWire
"TCP Query User{37CCF07F-CECF-4D6B-B8A8-EBC40B2EDF56}c:\\program files\\azureus\\azureus.exe"= UDP:c:\program files\azureus\azureus.exe:Azureus
"UDP Query User{C045C373-6D0A-4612-84ED-7C910E03CCBC}c:\\program files\\azureus\\azureus.exe"= TCP:c:\program files\azureus\azureus.exe:Azureus
"TCP Query User{65B9CEB4-947F-4033-88AB-142396679C6D}c:\\program files\\msn messenger\\msnmsgr.exe"= UDP:c:\program files\msn messenger\msnmsgr.exe:MSN Messenger
"UDP Query User{AFC67F3F-15BC-415F-A04B-1FC4B86F6088}c:\\program files\\msn messenger\\msnmsgr.exe"= TCP:c:\program files\msn messenger\msnmsgr.exe:MSN Messenger
"TCP Query User{7062E39D-28A2-4A0D-B8DE-80CEC61C28CA}c:\\program files\\bittorrent\\bittorrent.exe"= UDP:c:\program files\bittorrent\bittorrent.exe:bittorrent
"UDP Query User{DB6083D6-84EE-4EAE-BEE9-E99AD068561F}c:\\program files\\bittorrent\\bittorrent.exe"= TCP:c:\program files\bittorrent\bittorrent.exe:bittorrent
"TCP Query User{3D653DB2-4082-4DA3-8EDC-9E29C76E4B84}c:\\program files\\bittorrent\\bittorrent.exe"= UDP:c:\program files\bittorrent\bittorrent.exe:bittorrent
"UDP Query User{E24361EB-2D78-47E4-A32D-2BD078B917FC}c:\\program files\\bittorrent\\bittorrent.exe"= TCP:c:\program files\bittorrent\bittorrent.exe:bittorrent
"TCP Query User{8C991D54-CF19-4904-95DA-3DF969CB53B6}c:\\program files\\limewire\\limewire.exe"= UDP:c:\program files\limewire\limewire.exe:LimeWire
"UDP Query User{E8A9A88C-5667-4B94-90C3-AFAA5481BB63}c:\\program files\\limewire\\limewire.exe"= TCP:c:\program files\limewire\limewire.exe:LimeWire
"{64C0A818-0716-4C6B-84D5-33E6C8B35941}"= c:\program files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)
"{6B540D12-36B7-45A8-9B1B-5C966FEF0389}"= c:\program files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)
"TCP Query User{099E13E6-0C5B-47A5-8881-F3945245E67F}c:\\program files\\mozilla firefox\\firefox.exe"= UDP:c:\program files\mozilla firefox\firefox.exe:Firefox
"UDP Query User{3CE3BBE8-AF4A-40FC-BC98-A58711DB2878}c:\\program files\\mozilla firefox\\firefox.exe"= TCP:c:\program files\mozilla firefox\firefox.exe:Firefox
"TCP Query User{A1B13C64-828D-4A50-BCC0-A95BE850E33B}c:\\program files\\valve\\steam\\steamapps\\cypher666\\counter-strike source\\hl2.exe"= UDP:c:\program files\valve\steam\steamapps\cypher666\counter-strike source\hl2.exe:hl2
"UDP Query User{860A01CA-78DB-43B3-9442-CA9F9EF4AE72}c:\\program files\\valve\\steam\\steamapps\\cypher666\\counter-strike source\\hl2.exe"= TCP:c:\program files\valve\steam\steamapps\cypher666\counter-strike source\hl2.exe:hl2
"TCP Query User{E5B93A02-08E3-42DD-907D-50DB829354EA}c:\\program files\\valve\\steam\\steamapps\\cypher666\\half-life 2 deathmatch\\hl2.exe"= UDP:c:\program files\valve\steam\steamapps\cypher666\half-life 2 deathmatch\hl2.exe:hl2
"UDP Query User{748A9CA8-A804-45A6-B4D9-F2E1A5D1FF1B}c:\\program files\\valve\\steam\\steamapps\\cypher666\\half-life 2 deathmatch\\hl2.exe"= TCP:c:\program files\valve\steam\steamapps\cypher666\half-life 2 deathmatch\hl2.exe:hl2
"TCP Query User{06749D1B-4EF6-46FD-A4CC-3F338C555B94}c:\\program files\\valve\\steam\\steamapps\\cypher666\\counter-strike\\hl.exe"= UDP:c:\program files\valve\steam\steamapps\cypher666\counter-strike\hl.exe:Half-Life Launcher
"UDP Query User{46CC6AFD-2D3C-4701-BF32-FEB105C332AD}c:\\program files\\valve\\steam\\steamapps\\cypher666\\counter-strike\\hl.exe"= TCP:c:\program files\valve\steam\steamapps\cypher666\counter-strike\hl.exe:Half-Life Launcher
"TCP Query User{A1AC413E-CAE4-40AD-805C-4A07485A026C}c:\\program files\\ip hider\\ip hider.exe"= UDP:c:\program files\ip hider\ip hider.exe:IP Hider
"UDP Query User{6F742782-D15C-4106-935C-9E6722E5A70E}c:\\program files\\ip hider\\ip hider.exe"= TCP:c:\program files\ip hider\ip hider.exe:IP Hider
"TCP Query User{2147EBE1-1DD8-46DD-B016-408A83E80311}c:\\program files\\valve\\steam\\steamapps\\cypher666\\source sdk base\\hl2.exe"= UDP:c:\program files\valve\steam\steamapps\cypher666\source sdk base\hl2.exe:hl2
"UDP Query User{91CF560C-7EFF-494D-9C91-063F5144C2CE}c:\\program files\\valve\\steam\\steamapps\\cypher666\\source sdk base\\hl2.exe"= TCP:c:\program files\valve\steam\steamapps\cypher666\source sdk base\hl2.exe:hl2
"{8F146E2E-0266-4E88-8029-A7AF09007D3E}"= c:\program files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)
"{3399A9C0-CDE7-4479-AAF6-DEA8E1F3EB7E}"= UDP:c:\program files\SmartFTP Client\SmartFTP.exe:SmartFTP Client
"{9CCC115B-14EB-4AE4-AEAB-73BF523C00DB}"= TCP:c:\program files\SmartFTP Client\SmartFTP.exe:SmartFTP Client
"TCP Query User{CF872945-7251-46E0-B400-47B7CFC8B57A}c:\\program files\\mozilla firefox\\firefox.exe"= UDP:c:\program files\mozilla firefox\firefox.exe:Firefox
"UDP Query User{FE7E921F-4355-4D28-8EC7-C6220A487DB2}c:\\program files\\mozilla firefox\\firefox.exe"= TCP:c:\program files\mozilla firefox\firefox.exe:Firefox
"TCP Query User{B337F6F9-FEC3-4194-8C6B-A58D2226E8FD}c:\\program files\\valve\\steam\\steamapps\\cypher666\\half-life 2 deathmatch\\hl2.exe"= UDP:c:\program files\valve\steam\steamapps\cypher666\half-life 2 deathmatch\hl2.exe:hl2
"UDP Query User{2F60B05D-B8A8-4948-B803-3836E334161D}c:\\program files\\valve\\steam\\steamapps\\cypher666\\half-life 2 deathmatch\\hl2.exe"= TCP:c:\program files\valve\steam\steamapps\cypher666\half-life 2 deathmatch\hl2.exe:hl2
"TCP Query User{7152E14E-3999-40F6-BAEE-0011A2467BF0}c:\\program files\\valve\\steam\\steamapps\\cypher666\\source sdk base\\hl2.exe"= UDP:c:\program files\valve\steam\steamapps\cypher666\source sdk base\hl2.exe:hl2
"UDP Query User{2864346A-AE91-4563-9A85-ACBFE79E1E78}c:\\program files\\valve\\steam\\steamapps\\cypher666\\source sdk base\\hl2.exe"= TCP:c:\program files\valve\steam\steamapps\cypher666\source sdk base\hl2.exe:hl2
"TCP Query User{2A33FD7F-E7CB-47CB-911B-D4ED75605877}c:\\program files\\utorrent\\utorrent.exe"= UDP:c:\program files\utorrent\utorrent.exe:uTorrent
"UDP Query User{70DE7886-0B94-425D-82BE-8E935D7ECFD9}c:\\program files\\utorrent\\utorrent.exe"= TCP:c:\program files\utorrent\utorrent.exe:uTorrent
"TCP Query User{1D7C27B8-9D3E-4092-9470-3B57C70D152D}c:\\program files\\common files\\ahead\\nero web\\setupx.exe"= UDP:c:\program files\common files\ahead\nero web\setupx.exe:MSI starter
"UDP Query User{30AC6175-B765-45BE-832E-2105378BD125}c:\\program files\\common files\\ahead\\nero web\\setupx.exe"= TCP:c:\program files\common files\ahead\nero web\setupx.exe:MSI starter
"TCP Query User{6A4E21D0-7F39-499B-B0AA-E20CC4E068E5}c:\\program files\\internet explorer\\iexplore.exe"= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{8A6919BA-78DA-4BC0-8FEF-C4F547214442}c:\\program files\\internet explorer\\iexplore.exe"= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"{6075E81E-7433-46C3-99E4-E2C19E27EEE8}"= UDP:c:\program files\IVT Corporation\BlueSoleil\BlueSoleil.exe:BlueSoleil
"{E0013D57-0E59-44E9-AB25-4B38B657AEE1}"= TCP:c:\program files\IVT Corporation\BlueSoleil\BlueSoleil.exe:BlueSoleil
"TCP Query User{98BF520A-ED2E-4171-8456-7B2316B6A5CC}c:\\program files\\orbitdownloader\\orbitnet.exe"= UDP:c:\program files\orbitdownloader\orbitnet.exe:P2P service of Orbit Downloader
"UDP Query User{71A15F2E-3779-461D-9B64-339E9FB32E32}c:\\program files\\orbitdownloader\\orbitnet.exe"= TCP:c:\program files\orbitdownloader\orbitnet.exe:P2P service of Orbit Downloader
"TCP Query User{5BF2B55B-D560-4B92-B076-29F2B2FB6F90}c:\\program files\\valve\\steam\\steamapps\\common\\trackmania nations forever\\tmforever.exe"= UDP:c:\program files\valve\steam\steamapps\common\trackmania nations forever\tmforever.exe:TmForever
"UDP Query User{4882E85C-E6A0-47E6-9962-ED1CBCBFC8A3}c:\\program files\\valve\\steam\\steamapps\\common\\trackmania nations forever\\tmforever.exe"= TCP:c:\program files\valve\steam\steamapps\common\trackmania nations forever\tmforever.exe:TmForever
"TCP Query User{7BA42869-E25E-4C4B-B03B-6C74A35B03DC}c:\\program files\\xplosiv\\sof platinum\\sof.exe"= UDP:c:\program files\xplosiv\sof platinum\sof.exe:SoF
"UDP Query User{C7663C21-C361-4217-B8AA-BF5141A4659E}c:\\program files\\xplosiv\\sof platinum\\sof.exe"= TCP:c:\program files\xplosiv\sof platinum\sof.exe:SoF
"{9726206C-66DB-4844-9C73-3048F021F6D4}"= c:\program files\AVG\AVG8\avgupd.exe:avgupd.exe
"{94F9C7DD-60F0-4AA9-A24D-E4BEE5FB719C}"= c:\program files\AVG\AVG8\avgemc.exe:avgemc.exe
"TCP Query User{34DDA5C0-4DF0-49B6-B63F-BD4A4E655313}c:\\program files\\veoh networks\\veoh\\veohclient.exe"= UDP:c:\program files\veoh networks\veoh\veohclient.exe:Veoh Client
"UDP Query User{20A2EB01-01B4-48DB-B3E7-7234BD83F01E}c:\\program files\\veoh networks\\veoh\\veohclient.exe"= TCP:c:\program files\veoh networks\veoh\veohclient.exe:Veoh Client
"TCP Query User{FAC2D2D2-932A-4E74-B9B9-9A69E79EF8B7}c:\\program files\\windows sidebar\\sidebar.exe"= UDP:c:\program files\windows sidebar\sidebar.exe:Windows Sidebar
"UDP Query User{6942A8D4-515B-4689-A14B-9DA55ECDCF83}c:\\program files\\windows sidebar\\sidebar.exe"= TCP:c:\program files\windows sidebar\sidebar.exe:Windows Sidebar
"{778A0191-4EB7-4B18-9E14-E86963AFD22D}"= c:\program files\MySpace\IM\MySpaceIM.exe:MySpaceIM
"{0C2BFF82-77F9-43A3-8A44-B2463D8242CA}"= UDP:c:\program files\Nakido\nakido.exe:Nakido
"{74BFC218-5399-4B49-BD2B-18AF600A525F}"= TCP:c:\program files\Nakido\nakido.exe:Nakido
"{34CF555A-7B63-40FE-8608-773CE4181BF1}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{62013B4F-D47D-4915-A61A-4237056C2EF7}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{81F71266-95FA-487B-9D42-A79CDAB3659B}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{2FFCBFB1-A5BC-4C16-A13B-D89AB7F0A7F2}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"TCP Query User{19AFB0F6-C07C-4038-A2E2-2907F50D244E}c:\\users\\bvba naudts\\desktop\\mercury\\mercury\\mercury.exe"= UDP:c:\users\bvba naudts\desktop\mercury\mercury\mercury.exe:mercury.exe
"UDP Query User{C9682A8E-9C91-4B8D-B93C-38CB251D882E}c:\\users\\bvba naudts\\desktop\\mercury\\mercury\\mercury.exe"= TCP:c:\users\bvba naudts\desktop\mercury\mercury\mercury.exe:mercury.exe
"TCP Query User{EE0BA2D9-2263-4D03-A83F-485C990D78BB}c:\\program files\\utorrent\\utorrent.exe"= UDP:c:\program files\utorrent\utorrent.exe:uTorrent
"UDP Query User{27F90253-1125-404A-98F6-54E577FD8A6E}c:\\program files\\utorrent\\utorrent.exe"= TCP:c:\program files\utorrent\utorrent.exe:uTorrent
"{A8642318-877D-420B-BAE7-41E9F998C1F4}"= UDP:c:\program files\Activision\Call of Duty - World at War\CoDWaWmp.exe:Call of Duty(R) - World at War(TM)
"{847A884C-FE37-471C-909A-EE5013E607B0}"= TCP:c:\program files\Activision\Call of Duty - World at War\CoDWaWmp.exe:Call of Duty(R) - World at War(TM)
"{32B4CC30-6749-4F9C-9A06-94465E39AE8D}"= UDP:c:\program files\Activision\Call of Duty - World at War\CoDWaW.exe:Call of Duty(R) - World at War(TM)
"{62D42E78-FF8A-4222-9C85-8E6A6895502A}"= TCP:c:\program files\Activision\Call of Duty - World at War\CoDWaW.exe:Call of Duty(R) - World at War(TM)
"{35605389-B361-420D-B818-76FC0FAF9965}"= UDP:5353:Adobe CSI CS4
"{2AABF8E7-8756-4E28-BE8E-CA1ABEDE795B}"= UDP:c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe:Adobe CSI CS4
"{41E3A0A1-B273-4257-8123-6461BE579B7C}"= TCP:c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe:Adobe CSI CS4
"{F2BAA538-795B-41EF-A828-7F8E9A377A40}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{CD474C92-DA88-4500-919C-B2F41FAA0A3D}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"{C10227D2-D398-4549-8547-6357B9983386}"= UDP:c:\program files\IVT Corporation\BlueSoleil\BlueSoleil.exe:BlueSoleil
"{112FBE4D-C237-4E61-A73B-C9013DC358FB}"= TCP:c:\program files\IVT Corporation\BlueSoleil\BlueSoleil.exe:BlueSoleil
"{77F9E4C6-B5FA-4045-B72F-1B9EE512FE87}"= UDP:c:\program files\Sony Ericsson\Sony Ericsson Media Manager\MediaManager.exe:Sony Ericsson Media Manager 1.2
"{EB3C7FC4-1EB7-4611-BF37-86016B1713A2}"= TCP:c:\program files\Sony Ericsson\Sony Ericsson Media Manager\MediaManager.exe:Sony Ericsson Media Manager 1.2

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"c:\\Program Files\\BitTorrent\\bittorrent.exe"= c:\program files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent
"c:\\Program Files\\Orbitdownloader\\orbitdm.exe"= c:\program files\Orbitdownloader\orbitdm.exe:*:Enabled:Orbit
"c:\\Program Files\\Orbitdownloader\\orbitnet.exe"= c:\program files\Orbitdownloader\orbitnet.exe:*:Enabled:Orbit

R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\Drivers\avgldx86.sys [2008-05-24 97928]
R2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2008-05-24 875288]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2008-05-24 231704]
R2 Nakido;Nakido;c:\program files\Nakido\nakido.exe [2008-09-18 320000]
R2 P1C1394;Phase One 1394 Camera Driver;c:\windows\system32\Drivers\p1c1394.sys [2008-09-27 23936]
R2 RapidPortM2;RapidPortM2;\??\c:\windows\system32\Drivers\CAPM2LP.SYS [2007-11-06 23232]
R3 AvgWfpX;AVG8 Firewall Driver x86;c:\windows\system32\Drivers\avgwfpx.sys [2008-05-24 69128]
R3 camvid20;Philips ToUcam Camera; Video;c:\windows\system32\DRIVERS\camdrv21.sys [2007-03-22 253909]
R3 rt61x86;Linksys Wireless-G PCI Adapter Driver;c:\windows\system32\DRIVERS\WMP54Gv41x86.sys [2007-03-12 286208]
S3 libusb0;LibUsb-Win32 - Kernel Driver 11/20/2005, 20051120;c:\windows\system32\DRIVERS\libusb0.sys [2007-12-18 29184]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2007-11-06 34064]
S3 rcp_service;ReaConverter scheduler service;c:\program files\ReaConverter 5.0 Pro\rcp_scheduler.exe [2007-11-30 558592]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]
\shell\AutoRun\command - G:\GRIM.EXE

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\L]
\shell\AutoRun\command - l:\setup\rsrc\Autorun.exe
\shell\dinstall\command - l:\directx\dxsetup.exe
.
Inhoud van de 'Gedeelde Taken' map

2008-12-05 c:\windows\Tasks\At1.job
- c:\windows\system32\P3vA32sU.exe []

2008-11-30 c:\windows\Tasks\At10.job
- c:\windows\system32\P3vA32sU.exe []

2008-11-30 c:\windows\Tasks\At11.job
- c:\windows\system32\P3vA32sU.exe []

2008-11-30 c:\windows\Tasks\At12.job
- c:\windows\system32\P3vA32sU.exe []

2008-12-01 c:\windows\Tasks\At13.job
- c:\windows\system32\P3vA32sU.exe []

2008-12-03 c:\windows\Tasks\At14.job
- c:\windows\system32\P3vA32sU.exe []

2008-12-03 c:\windows\Tasks\At15.job
- c:\windows\system32\P3vA32sU.exe []

2008-12-04 c:\windows\Tasks\At16.job
- c:\windows\system32\P3vA32sU.exe []

2008-12-04 c:\windows\Tasks\At17.job
- c:\windows\system32\P3vA32sU.exe []

2008-12-04 c:\windows\Tasks\At18.job
- c:\windows\system32\P3vA32sU.exe []

2008-12-05 c:\windows\Tasks\At19.job
- c:\windows\system32\P3vA32sU.exe []

2008-12-06 c:\windows\Tasks\At2.job
- c:\windows\system32\P3vA32sU.exe []

2008-12-05 c:\windows\Tasks\At20.job
- c:\windows\system32\P3vA32sU.exe []

2008-12-05 c:\windows\Tasks\At21.job
- c:\windows\system32\P3vA32sU.exe []

2008-12-05 c:\windows\Tasks\At22.job
- c:\windows\system32\P3vA32sU.exe []

2008-12-05 c:\windows\Tasks\At23.job
- c:\windows\system32\P3vA32sU.exe []

2008-12-05 c:\windows\Tasks\At24.job
- c:\windows\system32\P3vA32sU.exe []

2008-12-06 c:\windows\Tasks\At3.job
- c:\windows\system32\P3vA32sU.exe []

2008-12-06 c:\windows\Tasks\At4.job
- c:\windows\system32\P3vA32sU.exe []

2008-12-06 c:\windows\Tasks\At5.job
- c:\windows\system32\P3vA32sU.exe []

2008-12-06 c:\windows\Tasks\At6.job
- c:\windows\system32\P3vA32sU.exe []

2008-11-30 c:\windows\Tasks\At7.job
- c:\windows\system32\P3vA32sU.exe []

2008-11-30 c:\windows\Tasks\At8.job
- c:\windows\system32\P3vA32sU.exe []

2008-11-30 c:\windows\Tasks\At9.job
- c:\windows\system32\P3vA32sU.exe []
.
- - - - ORPHANS VERWIJDERD - - - -

HKLM-Run-UnlockerAssistant - c:\program files\Unlocker\UnlockerAssistant.exe


.
------- Bijkomende Scan -------
.
uStart Page = hxxp://www.nieuwsblad.be/index.html?ref=0820
uInternet Settings,ProxyOverride = local;*.local
uInternet Settings,ProxyServer = 192.17.239.253:8888->United States(anonymous)
IE: &Download by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/204
IE: Do&wnload selected by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/202
IE: Read with DeskBot
FireFox -: Profile - c:\users\BVBA Naudts\AppData\Roaming\Mozilla\Firefox\Profiles\vottky9m.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.stubru.be/
FF -: plugin - c:\program files\Common Files\ParallelGraphics\Cortona\npCortona.dll
FF -: plugin - c:\program files\iTunes\Mozilla Plugins\npitunes.dll
FF -: plugin - c:\program files\Mozilla Firefox\plugins\npCortona.dll
FF -: plugin - c:\program files\Veoh Networks\Veoh\Plugins\noreg\NPVeohVersion.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-06 12:42:24
Windows 6.0.6001 Service Pack 1 NTFS

scannen van verborgen processen ...

scannen van verborgen autostart items ...

scannen van verborgen bestanden ...

Scan succesvol afgerond
verborgen bestanden: 0

**************************************************************************
.
--------------------- DLLs Geladen Onder Lopende Processen ---------------------

- - - - - - - > 'winlogon.exe'(936)
c:\windows\system32\avgrsstx.dll

- - - - - - - > 'lsass.exe'(784)
c:\windows\system32\avgrsstx.dll
.
Voltooingstijd: 2008-12-06 12:44:31
ComboFix-quarantined-files.txt 2008-12-06 11:43:51
ComboFix2.txt 2008-02-03 01:49:09

Pre-Run: 28,695,105,536 bytes beschikbaar
Post-Run: 28,702,355,456 bytes beschikbaar

341 --- E O F --- 2008-12-02 13:30:14

Juisterr

Legacy Member
Open Kladblok, kopieer en plak het volgende (vetgedrukte, blauwe tekst) in een leeg venster:

File::
c:\windows\Tasks\At1.job
c:\windows\Tasks\At2.job
c:\windows\Tasks\At3.job
c:\windows\Tasks\At11.job
c:\windows\Tasks\At12.job
c:\windows\Tasks\At13.job
c:\windows\Tasks\At14.job
c:\windows\Tasks\At15.job
c:\windows\Tasks\At16.job
c:\windows\Tasks\At17.job
c:\windows\Tasks\At18.job
c:\windows\Tasks\At19.job
c:\windows\Tasks\At21.job
c:\windows\Tasks\At22.job
c:\windows\Tasks\At23.job
c:\windows\Tasks\At24.job
c:\windows\Tasks\At4.job
c:\windows\Tasks\At5.job
c:\windows\Tasks\At6.job
c:\windows\Tasks\At7.job
c:\windows\Tasks\At8.job
c:\windows\Tasks\At9.job






Sla dit op op je Bureaublad als CFScript.txt.

Sleep CFScript.txt in ComboFix.exe zoals getoond in onderstaand voorbeeld :

CFScriptB-4.gif




Dit zal ComboFix doen herstarten.

Na het herstarten van je computer, (indien het vraagt om te herstarten), kopieer en plak de inhoud van Combofix.txt in je volgende antwoord.

Cypher666

Legacy Member
Hey,

hier is de log na de handeling :

ComboFix 08-12-06.01 - BVBA Naudts 2008-12-06 19:20:43.5 - NTFSx86
Gestart vanuit: c:\users\BVBA Naudts\Desktop\ComboFix.exe
gebruikte Opdracht switches :: c:\users\BVBA Naudts\Desktop\CFScript.txt
* Nieuw herstelpunt werd aangemaakt

FILE ::
c:\windows\Tasks\At1.job
c:\windows\Tasks\At11.job
c:\windows\Tasks\At12.job
c:\windows\Tasks\At13.job
c:\windows\Tasks\At14.job
c:\windows\Tasks\At15.job
c:\windows\Tasks\At16.job
c:\windows\Tasks\At17.job
c:\windows\Tasks\At18.job
c:\windows\Tasks\At19.job
c:\windows\Tasks\At2.job
c:\windows\Tasks\At21.job
c:\windows\Tasks\At22.job
c:\windows\Tasks\At23.job
c:\windows\Tasks\At24.job
c:\windows\Tasks\At3.job
c:\windows\Tasks\At4.job
c:\windows\Tasks\At5.job
c:\windows\Tasks\At6.job
c:\windows\Tasks\At7.job
c:\windows\Tasks\At8.job
c:\windows\Tasks\At9.job
.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\Tasks\At1.job
c:\windows\Tasks\At11.job
c:\windows\Tasks\At12.job
c:\windows\Tasks\At13.job
c:\windows\Tasks\At14.job
c:\windows\Tasks\At15.job
c:\windows\Tasks\At16.job
c:\windows\Tasks\At17.job
c:\windows\Tasks\At18.job
c:\windows\Tasks\At19.job
c:\windows\Tasks\At2.job
c:\windows\Tasks\At21.job
c:\windows\Tasks\At22.job
c:\windows\Tasks\At23.job
c:\windows\Tasks\At24.job
c:\windows\Tasks\At3.job
c:\windows\Tasks\At4.job
c:\windows\Tasks\At5.job
c:\windows\Tasks\At6.job
c:\windows\Tasks\At7.job
c:\windows\Tasks\At8.job
c:\windows\Tasks\At9.job

.
(((((((((((((((((((( Bestanden Gemaakt van 2008-11-06 to 2008-12-06 ))))))))))))))))))))))))))))))
.

2008-12-04 16:31 . 2008-12-04 16:31 <DIR> d-------- c:\program files\WinPcap
2008-12-04 16:31 . 2008-12-04 16:31 <DIR> d-------- c:\program files\MSN Webcam Recorder
2008-12-02 21:37 . 2008-12-02 21:41 <DIR> d-------- c:\users\BVBA Naudts\AppData\Roaming\FileZilla
2008-12-02 21:37 . 2008-12-02 21:37 <DIR> d-------- c:\program files\FileZilla FTP Client
2008-12-02 16:06 . 2008-12-02 16:06 <DIR> d-------- c:\program files\FLV Player
2008-12-01 13:37 . 2008-12-01 13:37 <DIR> d-------- c:\program files\LucasArts
2008-12-01 13:37 . 1997-01-18 10:40 299,520 --a------ c:\windows\uninst.exe
2008-11-30 05:02 . 2008-11-30 05:02 <DIR> d-------- c:\windows\Easy Decrypter
2008-11-30 05:02 . 2008-11-30 19:41 <DIR> d-------- c:\program files\Easy Decrypter
2008-11-28 22:52 . 2008-10-21 06:25 1,645,568 --a------ c:\windows\System32\connect.dll
2008-11-28 22:52 . 2008-08-28 04:40 712,704 --a------ c:\windows\System32\WindowsCodecs.dll
2008-11-28 22:52 . 2008-08-28 04:40 425,472 --a------ c:\windows\System32\PhotoMetadataHandler.dll
2008-11-28 22:52 . 2008-08-28 04:40 347,136 --a------ c:\windows\System32\WindowsCodecsExt.dll
2008-11-28 22:52 . 2008-10-22 04:57 241,152 --a------ c:\windows\System32\PortableDeviceApi.dll
2008-11-25 00:27 . 2008-11-25 00:27 1,024 --a------ c:\windows\System32\gncontent.cch
2008-11-25 00:26 . 2008-11-25 00:26 <DIR> d-------- c:\users\BVBA Naudts\AppData\Roaming\Sony
2008-11-25 00:26 . 2008-11-25 00:26 <DIR> d-------- c:\programdata\Sony
2008-11-25 00:23 . 2008-11-25 00:23 <DIR> d-------- c:\program files\Sony Ericsson
2008-11-25 00:23 . 2008-11-25 00:23 <DIR> d-------- c:\program files\Sony
2008-11-25 00:23 . 2008-11-25 00:23 <DIR> d-------- c:\program files\Common Files\Sony Shared
2008-11-25 00:22 . 2008-11-25 00:22 <DIR> d-------- c:\program files\Sony Setup
2008-11-23 19:35 . 2008-11-23 19:35 <DIR> d-------- c:\programdata\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-11-23 19:35 . 2008-11-23 19:35 <DIR> d-------- c:\program files\iTunes
2008-11-23 19:35 . 2008-11-23 19:35 <DIR> d-------- c:\program files\iPod
2008-11-23 04:03 . 2008-10-16 22:13 1,809,944 --a------ c:\windows\System32\wuaueng.dll
2008-11-23 04:03 . 2008-10-16 21:56 1,524,736 --a------ c:\windows\System32\wucltux.dll
2008-11-23 04:03 . 2008-10-16 22:12 561,688 --a------ c:\windows\System32\wuapi.dll
2008-11-23 04:03 . 2008-10-16 14:08 162,064 --a------ c:\windows\System32\wuwebv.dll
2008-11-23 04:03 . 2008-10-16 21:55 83,456 --a------ c:\windows\System32\wudriver.dll
2008-11-23 04:03 . 2008-10-16 22:09 51,224 --a------ c:\windows\System32\wuauclt.exe
2008-11-23 04:03 . 2008-10-16 22:09 43,544 --a------ c:\windows\System32\wups2.dll
2008-11-23 04:03 . 2008-10-16 22:08 34,328 --a------ c:\windows\System32\wups.dll
2008-11-23 04:03 . 2008-10-16 13:56 31,232 --a------ c:\windows\System32\wuapp.exe
2008-11-17 23:37 . 2008-11-23 19:20 218,429,594 --a------ c:\windows\MEMORY.DMP
2008-11-17 22:40 . 2001-10-26 23:16 16,384 --a------ c:\windows\System32\FileOps.exe
2008-11-17 22:38 . 2008-11-17 22:38 <DIR> d-------- C:\Adobe Illustrator Installer
2008-11-17 22:10 . 2008-11-17 22:10 <DIR> d-------- c:\program files\gs
2008-11-14 12:40 . 2008-11-14 12:40 <DIR> d-------- c:\program files\MSXML 4.0
2008-11-13 19:39 . 2008-09-10 04:40 1,334,272 --a------ c:\windows\System32\msxml6.dll
2008-11-13 19:39 . 2008-09-05 06:14 1,191,936 --a------ c:\windows\System32\msxml3.dll
2008-11-13 19:39 . 2008-08-27 02:05 212,480 --a------ c:\windows\System32\drivers\mrxsmb10.sys
2008-11-12 20:35 . 2008-11-12 20:35 <DIR> d-------- c:\program files\Adobe Media Player
2008-11-12 20:33 . 2008-11-12 20:33 <DIR> d-------- c:\program files\Common Files\Adobe AIR
2008-11-11 20:31 . 2008-11-11 20:31 <DIR> d-------- c:\program files\Activision

.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-06 11:22 --------- d-----w c:\program files\Nakido
2008-12-04 15:17 --------- d-----w c:\users\BVBA Naudts\AppData\Roaming\uTorrent
2008-11-30 04:04 --------- d-----w c:\users\BVBA Naudts\AppData\Roaming\Orbit
2008-11-23 20:46 --------- d-----w c:\users\BVBA Naudts\AppData\Roaming\Vso
2008-11-23 18:35 --------- d-----w c:\program files\Common Files\Apple
2008-11-23 18:33 --------- d-----w c:\program files\QuickTime
2008-11-23 18:25 --------- d-----w c:\program files\Safari
2008-11-17 21:40 --------- d-----w c:\program files\Common Files\Adobe
2008-11-17 21:39 --------- d--h--w c:\program files\InstallShield Installation Information
2008-11-17 21:11 --------- d-----w c:\users\BVBA Naudts\AppData\Roaming\RCP 5
2008-11-07 10:00 --------- d-----w c:\program files\Spybot - Search & Destroy
2008-11-06 16:50 --------- d-----w c:\program files\Common Files\Steam
2008-11-01 17:30 --------- d-----w c:\programdata\Messenger Plus!
2008-10-28 09:43 --------- d-----w c:\program files\PicoZipRT
2008-10-28 01:03 --------- d-----w c:\program files\Bowling Buddies Bot
2008-10-16 22:08 --------- d-----w c:\program files\Windows Mail
2008-10-02 03:49 827,392 ----a-w c:\windows\System32\wininet.dll
2008-09-30 15:43 1,286,152 ----a-w c:\windows\System32\msxml4.dll
2008-09-18 05:09 3,601,464 ----a-w c:\windows\System32\ntkrnlpa.exe
2008-09-18 05:09 3,549,240 ----a-w c:\windows\System32\ntoskrnl.exe
2008-09-18 04:56 147,456 ----a-w c:\windows\System32\Faultrep.dll
2008-09-18 04:56 125,952 ----a-w c:\windows\System32\wersvc.dll
2008-09-18 02:16 2,032,640 ----a-w c:\windows\System32\win32k.sys
2008-06-14 21:27 174 --sha-w c:\program files\desktop.ini
2007-08-07 14:54 47,360 ----a-w c:\users\BVBA Naudts\AppData\Roaming\pcouffin.sys
2007-11-28 19:27 16,384 --sha-w c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
2007-11-28 19:27 32,768 --sha-w c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
2007-11-28 19:27 16,384 --sha-w c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
2008-01-24 16:45 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012008011420080121\index.dat
2008-02-01 16:43 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012008012120080128\index.dat
2008-02-01 16:43 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012008020120080202\index.dat
2008-02-02 10:55 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012008020220080203\index.dat
.

((((((((((((((((((((((((((((( snapshot@2008-12-06_12.42.47.89 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-12-05 18:25:08 327,680 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-12-06 11:21:05 327,680 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2008-12-05 18:25:08 360,448 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-12-06 11:21:05 360,448 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-12-05 18:25:08 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-12-06 11:21:05 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2008-12-06 11:33:06 262,144 ----a-w c:\windows\System32\config\systemprofile\ntuser.dat
+ 2008-12-06 18:20:14 262,144 ----a-w c:\windows\System32\config\systemprofile\ntuser.dat
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-18 1233920]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-12-23 143360]
"msnmsgr"="c:\program files\MSN Messenger\msnmsgr.exe" [2007-01-19 5674352]
"scheduler_monitor"="c:\program files\ReaConverter 5.0 Pro\init_scheduler.exe" [2007-06-15 27136]
"AdobeBridge"="d:\program files\Adobe\Adobe Bridge CS4\Bridge.exe" [2008-08-28 13145448]
"AdobeUpdater"="c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [2007-02-28 2321600]
"MSN Webcam Recorder"="c:\program files\MSN Webcam Recorder\ml20gui.exe" [2007-11-27 110592]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2008-11-28 1261336]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-09-12 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-09-12 8497696]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-09-12 81920]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-10-01 111936]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-11-04 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"MySpaceIM"="c:\program files\MySpace\IM\MySpaceIM.exe" [2008-04-18 9117696]

c:\users\BVBA Naudts\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2007-03-22 110592]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2007-03-22 110592]
Dock.lnk - c:\program files\VistaOSX\RKLauncher.exe [2008-06-14 708608]
Fen&#710;tre d'&#8218;tat de Canon iR1200-1300.LNK - c:\windows\System32\spool\drivers\w32x86\3\CAPM2LAK.EXE [2004-12-02 30720]
Leftisder.lnk - c:\program files\VistaOSX\leftsider.exe [2008-06-14 74752]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.X264"= x264vfw.dll
"VIDC.3iv2"= 3ivxVfWCodec.dll
"VIDC.HFYU"= huffyuv.dll
"vidc.i263"= i263_32.drv
"VIDC.VP31"= vp31vfw.dll
"msacm.l3fhg"= mp3fhg.acm
"msacm.imc"= imc32.acm
"VIDC.I420"= emYUV.dll
"msacm.dvacm"= c:\progra~1\COMMON~1\ULEADS~1\Vio\Dvacm.acm

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"MessengerPlus3"="c:\program files\MessengerPlus! 3\MsgPlus.exe" /WinStart

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"MessengerPlus3"="c:\program files\MessengerPlus! 3\MsgPlus.exe"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"TCP Query User{974D8215-C9DD-489F-AEF4-429B8A0C0CBC}c:\\stubinstaller.exe"= UDP:C:\stubinstaller.exe:LimeWire swarmed installer
"UDP Query User{7E408393-4B86-4D79-B381-4BB1C7DD9AFA}c:\\stubinstaller.exe"= TCP:C:\stubinstaller.exe:LimeWire swarmed installer
"{0FD03D05-251E-49F7-9CCE-CAD2ECCCA985}"= UDP:c:\program files\LimeWire\LimeWire.exe:LimeWire
"{B780A232-4D7F-4B3A-A9DD-DABC7A1DE209}"= TCP:c:\program files\LimeWire\LimeWire.exe:LimeWire
"TCP Query User{37CCF07F-CECF-4D6B-B8A8-EBC40B2EDF56}c:\\program files\\azureus\\azureus.exe"= UDP:c:\program files\azureus\azureus.exe:Azureus
"UDP Query User{C045C373-6D0A-4612-84ED-7C910E03CCBC}c:\\program files\\azureus\\azureus.exe"= TCP:c:\program files\azureus\azureus.exe:Azureus
"TCP Query User{65B9CEB4-947F-4033-88AB-142396679C6D}c:\\program files\\msn messenger\\msnmsgr.exe"= UDP:c:\program files\msn messenger\msnmsgr.exe:MSN Messenger
"UDP Query User{AFC67F3F-15BC-415F-A04B-1FC4B86F6088}c:\\program files\\msn messenger\\msnmsgr.exe"= TCP:c:\program files\msn messenger\msnmsgr.exe:MSN Messenger
"TCP Query User{7062E39D-28A2-4A0D-B8DE-80CEC61C28CA}c:\\program files\\bittorrent\\bittorrent.exe"= UDP:c:\program files\bittorrent\bittorrent.exe:bittorrent
"UDP Query User{DB6083D6-84EE-4EAE-BEE9-E99AD068561F}c:\\program files\\bittorrent\\bittorrent.exe"= TCP:c:\program files\bittorrent\bittorrent.exe:bittorrent
"TCP Query User{3D653DB2-4082-4DA3-8EDC-9E29C76E4B84}c:\\program files\\bittorrent\\bittorrent.exe"= UDP:c:\program files\bittorrent\bittorrent.exe:bittorrent
"UDP Query User{E24361EB-2D78-47E4-A32D-2BD078B917FC}c:\\program files\\bittorrent\\bittorrent.exe"= TCP:c:\program files\bittorrent\bittorrent.exe:bittorrent
"TCP Query User{8C991D54-CF19-4904-95DA-3DF969CB53B6}c:\\program files\\limewire\\limewire.exe"= UDP:c:\program files\limewire\limewire.exe:LimeWire
"UDP Query User{E8A9A88C-5667-4B94-90C3-AFAA5481BB63}c:\\program files\\limewire\\limewire.exe"= TCP:c:\program files\limewire\limewire.exe:LimeWire
"{64C0A818-0716-4C6B-84D5-33E6C8B35941}"= c:\program files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)
"{6B540D12-36B7-45A8-9B1B-5C966FEF0389}"= c:\program files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)
"TCP Query User{099E13E6-0C5B-47A5-8881-F3945245E67F}c:\\program files\\mozilla firefox\\firefox.exe"= UDP:c:\program files\mozilla firefox\firefox.exe:Firefox
"UDP Query User{3CE3BBE8-AF4A-40FC-BC98-A58711DB2878}c:\\program files\\mozilla firefox\\firefox.exe"= TCP:c:\program files\mozilla firefox\firefox.exe:Firefox
"TCP Query User{A1B13C64-828D-4A50-BCC0-A95BE850E33B}c:\\program files\\valve\\steam\\steamapps\\cypher666\\counter-strike source\\hl2.exe"= UDP:c:\program files\valve\steam\steamapps\cypher666\counter-strike source\hl2.exe:hl2
"UDP Query User{860A01CA-78DB-43B3-9442-CA9F9EF4AE72}c:\\program files\\valve\\steam\\steamapps\\cypher666\\counter-strike source\\hl2.exe"= TCP:c:\program files\valve\steam\steamapps\cypher666\counter-strike source\hl2.exe:hl2
"TCP Query User{E5B93A02-08E3-42DD-907D-50DB829354EA}c:\\program files\\valve\\steam\\steamapps\\cypher666\\half-life 2 deathmatch\\hl2.exe"= UDP:c:\program files\valve\steam\steamapps\cypher666\half-life 2 deathmatch\hl2.exe:hl2
"UDP Query User{748A9CA8-A804-45A6-B4D9-F2E1A5D1FF1B}c:\\program files\\valve\\steam\\steamapps\\cypher666\\half-life 2 deathmatch\\hl2.exe"= TCP:c:\program files\valve\steam\steamapps\cypher666\half-life 2 deathmatch\hl2.exe:hl2
"TCP Query User{06749D1B-4EF6-46FD-A4CC-3F338C555B94}c:\\program files\\valve\\steam\\steamapps\\cypher666\\counter-strike\\hl.exe"= UDP:c:\program files\valve\steam\steamapps\cypher666\counter-strike\hl.exe:Half-Life Launcher
"UDP Query User{46CC6AFD-2D3C-4701-BF32-FEB105C332AD}c:\\program files\\valve\\steam\\steamapps\\cypher666\\counter-strike\\hl.exe"= TCP:c:\program files\valve\steam\steamapps\cypher666\counter-strike\hl.exe:Half-Life Launcher
"TCP Query User{A1AC413E-CAE4-40AD-805C-4A07485A026C}c:\\program files\\ip hider\\ip hider.exe"= UDP:c:\program files\ip hider\ip hider.exe:IP Hider
"UDP Query User{6F742782-D15C-4106-935C-9E6722E5A70E}c:\\program files\\ip hider\\ip hider.exe"= TCP:c:\program files\ip hider\ip hider.exe:IP Hider
"TCP Query User{2147EBE1-1DD8-46DD-B016-408A83E80311}c:\\program files\\valve\\steam\\steamapps\\cypher666\\source sdk base\\hl2.exe"= UDP:c:\program files\valve\steam\steamapps\cypher666\source sdk base\hl2.exe:hl2
"UDP Query User{91CF560C-7EFF-494D-9C91-063F5144C2CE}c:\\program files\\valve\\steam\\steamapps\\cypher666\\source sdk base\\hl2.exe"= TCP:c:\program files\valve\steam\steamapps\cypher666\source sdk base\hl2.exe:hl2
"{8F146E2E-0266-4E88-8029-A7AF09007D3E}"= c:\program files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)
"{3399A9C0-CDE7-4479-AAF6-DEA8E1F3EB7E}"= UDP:c:\program files\SmartFTP Client\SmartFTP.exe:SmartFTP Client
"{9CCC115B-14EB-4AE4-AEAB-73BF523C00DB}"= TCP:c:\program files\SmartFTP Client\SmartFTP.exe:SmartFTP Client
"TCP Query User{CF872945-7251-46E0-B400-47B7CFC8B57A}c:\\program files\\mozilla firefox\\firefox.exe"= UDP:c:\program files\mozilla firefox\firefox.exe:Firefox
"UDP Query User{FE7E921F-4355-4D28-8EC7-C6220A487DB2}c:\\program files\\mozilla firefox\\firefox.exe"= TCP:c:\program files\mozilla firefox\firefox.exe:Firefox
"TCP Query User{B337F6F9-FEC3-4194-8C6B-A58D2226E8FD}c:\\program files\\valve\\steam\\steamapps\\cypher666\\half-life 2 deathmatch\\hl2.exe"= UDP:c:\program files\valve\steam\steamapps\cypher666\half-life 2 deathmatch\hl2.exe:hl2
"UDP Query User{2F60B05D-B8A8-4948-B803-3836E334161D}c:\\program files\\valve\\steam\\steamapps\\cypher666\\half-life 2 deathmatch\\hl2.exe"= TCP:c:\program files\valve\steam\steamapps\cypher666\half-life 2 deathmatch\hl2.exe:hl2
"TCP Query User{7152E14E-3999-40F6-BAEE-0011A2467BF0}c:\\program files\\valve\\steam\\steamapps\\cypher666\\source sdk base\\hl2.exe"= UDP:c:\program files\valve\steam\steamapps\cypher666\source sdk base\hl2.exe:hl2
"UDP Query User{2864346A-AE91-4563-9A85-ACBFE79E1E78}c:\\program files\\valve\\steam\\steamapps\\cypher666\\source sdk base\\hl2.exe"= TCP:c:\program files\valve\steam\steamapps\cypher666\source sdk base\hl2.exe:hl2
"TCP Query User{2A33FD7F-E7CB-47CB-911B-D4ED75605877}c:\\program files\\utorrent\\utorrent.exe"= UDP:c:\program files\utorrent\utorrent.exe:uTorrent
"UDP Query User{70DE7886-0B94-425D-82BE-8E935D7ECFD9}c:\\program files\\utorrent\\utorrent.exe"= TCP:c:\program files\utorrent\utorrent.exe:uTorrent
"TCP Query User{1D7C27B8-9D3E-4092-9470-3B57C70D152D}c:\\program files\\common files\\ahead\\nero web\\setupx.exe"= UDP:c:\program files\common files\ahead\nero web\setupx.exe:MSI starter
"UDP Query User{30AC6175-B765-45BE-832E-2105378BD125}c:\\program files\\common files\\ahead\\nero web\\setupx.exe"= TCP:c:\program files\common files\ahead\nero web\setupx.exe:MSI starter
"TCP Query User{6A4E21D0-7F39-499B-B0AA-E20CC4E068E5}c:\\program files\\internet explorer\\iexplore.exe"= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{8A6919BA-78DA-4BC0-8FEF-C4F547214442}c:\\program files\\internet explorer\\iexplore.exe"= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"{6075E81E-7433-46C3-99E4-E2C19E27EEE8}"= UDP:c:\program files\IVT Corporation\BlueSoleil\BlueSoleil.exe:BlueSoleil
"{E0013D57-0E59-44E9-AB25-4B38B657AEE1}"= TCP:c:\program files\IVT Corporation\BlueSoleil\BlueSoleil.exe:BlueSoleil
"TCP Query User{98BF520A-ED2E-4171-8456-7B2316B6A5CC}c:\\program files\\orbitdownloader\\orbitnet.exe"= UDP:c:\program files\orbitdownloader\orbitnet.exe:P2P service of Orbit Downloader
"UDP Query User{71A15F2E-3779-461D-9B64-339E9FB32E32}c:\\program files\\orbitdownloader\\orbitnet.exe"= TCP:c:\program files\orbitdownloader\orbitnet.exe:P2P service of Orbit Downloader
"TCP Query User{5BF2B55B-D560-4B92-B076-29F2B2FB6F90}c:\\program files\\valve\\steam\\steamapps\\common\\trackmania nations forever\\tmforever.exe"= UDP:c:\program files\valve\steam\steamapps\common\trackmania nations forever\tmforever.exe:TmForever
"UDP Query User{4882E85C-E6A0-47E6-9962-ED1CBCBFC8A3}c:\\program files\\valve\\steam\\steamapps\\common\\trackmania nations forever\\tmforever.exe"= TCP:c:\program files\valve\steam\steamapps\common\trackmania nations forever\tmforever.exe:TmForever
"TCP Query User{7BA42869-E25E-4C4B-B03B-6C74A35B03DC}c:\\program files\\xplosiv\\sof platinum\\sof.exe"= UDP:c:\program files\xplosiv\sof platinum\sof.exe:SoF
"UDP Query User{C7663C21-C361-4217-B8AA-BF5141A4659E}c:\\program files\\xplosiv\\sof platinum\\sof.exe"= TCP:c:\program files\xplosiv\sof platinum\sof.exe:SoF
"{9726206C-66DB-4844-9C73-3048F021F6D4}"= c:\program files\AVG\AVG8\avgupd.exe:avgupd.exe
"{94F9C7DD-60F0-4AA9-A24D-E4BEE5FB719C}"= c:\program files\AVG\AVG8\avgemc.exe:avgemc.exe
"TCP Query User{34DDA5C0-4DF0-49B6-B63F-BD4A4E655313}c:\\program files\\veoh networks\\veoh\\veohclient.exe"= UDP:c:\program files\veoh networks\veoh\veohclient.exe:Veoh Client
"UDP Query User{20A2EB01-01B4-48DB-B3E7-7234BD83F01E}c:\\program files\\veoh networks\\veoh\\veohclient.exe"= TCP:c:\program files\veoh networks\veoh\veohclient.exe:Veoh Client
"TCP Query User{FAC2D2D2-932A-4E74-B9B9-9A69E79EF8B7}c:\\program files\\windows sidebar\\sidebar.exe"= UDP:c:\program files\windows sidebar\sidebar.exe:Windows Sidebar
"UDP Query User{6942A8D4-515B-4689-A14B-9DA55ECDCF83}c:\\program files\\windows sidebar\\sidebar.exe"= TCP:c:\program files\windows sidebar\sidebar.exe:Windows Sidebar
"{778A0191-4EB7-4B18-9E14-E86963AFD22D}"= c:\program files\MySpace\IM\MySpaceIM.exe:MySpaceIM
"{0C2BFF82-77F9-43A3-8A44-B2463D8242CA}"= UDP:c:\program files\Nakido\nakido.exe:Nakido
"{74BFC218-5399-4B49-BD2B-18AF600A525F}"= TCP:c:\program files\Nakido\nakido.exe:Nakido
"{34CF555A-7B63-40FE-8608-773CE4181BF1}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{62013B4F-D47D-4915-A61A-4237056C2EF7}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{81F71266-95FA-487B-9D42-A79CDAB3659B}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{2FFCBFB1-A5BC-4C16-A13B-D89AB7F0A7F2}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"TCP Query User{19AFB0F6-C07C-4038-A2E2-2907F50D244E}c:\\users\\bvba naudts\\desktop\\mercury\\mercury\\mercury.exe"= UDP:c:\users\bvba naudts\desktop\mercury\mercury\mercury.exe:mercury.exe
"UDP Query User{C9682A8E-9C91-4B8D-B93C-38CB251D882E}c:\\users\\bvba naudts\\desktop\\mercury\\mercury\\mercury.exe"= TCP:c:\users\bvba naudts\desktop\mercury\mercury\mercury.exe:mercury.exe
"TCP Query User{EE0BA2D9-2263-4D03-A83F-485C990D78BB}c:\\program files\\utorrent\\utorrent.exe"= UDP:c:\program files\utorrent\utorrent.exe:uTorrent
"UDP Query User{27F90253-1125-404A-98F6-54E577FD8A6E}c:\\program files\\utorrent\\utorrent.exe"= TCP:c:\program files\utorrent\utorrent.exe:uTorrent
"{A8642318-877D-420B-BAE7-41E9F998C1F4}"= UDP:c:\program files\Activision\Call of Duty - World at War\CoDWaWmp.exe:Call of Duty(R) - World at War(TM)
"{847A884C-FE37-471C-909A-EE5013E607B0}"= TCP:c:\program files\Activision\Call of Duty - World at War\CoDWaWmp.exe:Call of Duty(R) - World at War(TM)
"{32B4CC30-6749-4F9C-9A06-94465E39AE8D}"= UDP:c:\program files\Activision\Call of Duty - World at War\CoDWaW.exe:Call of Duty(R) - World at War(TM)
"{62D42E78-FF8A-4222-9C85-8E6A6895502A}"= TCP:c:\program files\Activision\Call of Duty - World at War\CoDWaW.exe:Call of Duty(R) - World at War(TM)
"{35605389-B361-420D-B818-76FC0FAF9965}"= UDP:5353:Adobe CSI CS4
"{2AABF8E7-8756-4E28-BE8E-CA1ABEDE795B}"= UDP:c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe:Adobe CSI CS4
"{41E3A0A1-B273-4257-8123-6461BE579B7C}"= TCP:c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe:Adobe CSI CS4
"{F2BAA538-795B-41EF-A828-7F8E9A377A40}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{CD474C92-DA88-4500-919C-B2F41FAA0A3D}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"{C10227D2-D398-4549-8547-6357B9983386}"= UDP:c:\program files\IVT Corporation\BlueSoleil\BlueSoleil.exe:BlueSoleil
"{112FBE4D-C237-4E61-A73B-C9013DC358FB}"= TCP:c:\program files\IVT Corporation\BlueSoleil\BlueSoleil.exe:BlueSoleil
"{77F9E4C6-B5FA-4045-B72F-1B9EE512FE87}"= UDP:c:\program files\Sony Ericsson\Sony Ericsson Media Manager\MediaManager.exe:Sony Ericsson Media Manager 1.2
"{EB3C7FC4-1EB7-4611-BF37-86016B1713A2}"= TCP:c:\program files\Sony Ericsson\Sony Ericsson Media Manager\MediaManager.exe:Sony Ericsson Media Manager 1.2

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"c:\\Program Files\\BitTorrent\\bittorrent.exe"= c:\program files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent
"c:\\Program Files\\Orbitdownloader\\orbitdm.exe"= c:\program files\Orbitdownloader\orbitdm.exe:*:Enabled:Orbit
"c:\\Program Files\\Orbitdownloader\\orbitnet.exe"= c:\program files\Orbitdownloader\orbitnet.exe:*:Enabled:Orbit

R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\Drivers\avgldx86.sys [2008-05-24 97928]
R2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2008-05-24 875288]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2008-05-24 231704]
R2 Nakido;Nakido;c:\program files\Nakido\nakido.exe [2008-09-18 320000]
R2 P1C1394;Phase One 1394 Camera Driver;c:\windows\system32\Drivers\p1c1394.sys [2008-09-27 23936]
R2 RapidPortM2;RapidPortM2;\??\c:\windows\system32\Drivers\CAPM2LP.SYS [2007-11-06 23232]
R3 AvgWfpX;AVG8 Firewall Driver x86;c:\windows\system32\Drivers\avgwfpx.sys [2008-05-24 69128]
R3 camvid20;Philips ToUcam Camera; Video;c:\windows\system32\DRIVERS\camdrv21.sys [2007-03-22 253909]
R3 rt61x86;Linksys Wireless-G PCI Adapter Driver;c:\windows\system32\DRIVERS\WMP54Gv41x86.sys [2007-03-12 286208]
S3 libusb0;LibUsb-Win32 - Kernel Driver 11/20/2005, 20051120;c:\windows\system32\DRIVERS\libusb0.sys [2007-12-18 29184]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2007-11-06 34064]
S3 rcp_service;ReaConverter scheduler service;c:\program files\ReaConverter 5.0 Pro\rcp_scheduler.exe [2007-11-30 558592]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]
\shell\AutoRun\command - G:\GRIM.EXE

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\L]
\shell\AutoRun\command - l:\setup\rsrc\Autorun.exe
\shell\dinstall\command - l:\directx\dxsetup.exe

*Newly Created Service* - CATCHME
.
Inhoud van de 'Gedeelde Taken' map

2008-11-30 c:\windows\Tasks\At10.job
- c:\windows\system32\P3vA32sU.exe []

2008-12-06 c:\windows\Tasks\At20.job
- c:\windows\system32\P3vA32sU.exe []
.
.
------- Bijkomende Scan -------
.
uStart Page = hxxp://www.nieuwsblad.be/index.html?ref=0820
uInternet Settings,ProxyOverride = local;*.local
uInternet Settings,ProxyServer = 192.17.239.253:8888->United States(anonymous)
IE: &Download by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/204
IE: Do&wnload selected by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/202
IE: Read with DeskBot
FireFox -: Profile - c:\users\BVBA Naudts\AppData\Roaming\Mozilla\Firefox\Profiles\vottky9m.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.stubru.be/
FF -: plugin - c:\program files\Common Files\ParallelGraphics\Cortona\npCortona.dll
FF -: plugin - c:\program files\iTunes\Mozilla Plugins\npitunes.dll
FF -: plugin - c:\program files\Mozilla Firefox\plugins\npCortona.dll
FF -: plugin - c:\program files\Veoh Networks\Veoh\Plugins\noreg\NPVeohVersion.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-06 19:24:10
Windows 6.0.6001 Service Pack 1 NTFS

scannen van verborgen processen ...

5 [13569] 0x00350065
5 [13569] 0x00430022
scannen van verborgen autostart items ...

scannen van verborgen bestanden ...

Scan succesvol afgerond
verborgen bestanden: 0

**************************************************************************
.
--------------------- DLLs Geladen Onder Lopende Processen ---------------------

- - - - - - - > 'winlogon.exe'(936)
c:\windows\system32\avgrsstx.dll

- - - - - - - > 'lsass.exe'(784)
c:\windows\system32\avgrsstx.dll
.
Voltooingstijd: 2008-12-06 19:26:19
ComboFix-quarantined-files.txt 2008-12-06 18:26:02
ComboFix2.txt 2008-12-06 11:44:34
ComboFix3.txt 2008-02-03 01:49:09

Pre-Run: 25.863.618.560 bytes beschikbaar
Post-Run: 25,713,164,288 bytes beschikbaar

350 --- E O F --- 2008-12-02 13:30:14

Juisterr

Legacy Member
Open Kladblok, kopieer en plak het volgende (vetgedrukte, blauwe tekst) in een leeg venster:

File::
c:\windows\Tasks\At10.job
c:\windows\Tasks\At20.job




Sla dit op op je Bureaublad als CFScript.txt.

Sleep CFScript.txt in ComboFix.exe zoals getoond in onderstaand voorbeeld :

CFScriptB-4.gif




Dit zal ComboFix doen herstarten.

Na het herstarten van je computer, (indien het vraagt om te herstarten), kopieer en plak de inhoud van Combofix.txt in je volgende antwoord.

vertel ook even hoe het nu gaat aub.

Cypher666

Legacy Member
Ok ,computer lijkt het beter te doen. Reactietijden lijken me sneller en opstarttijd ook! Bedankt!

Hier is de log :

ComboFix 08-12-06.06 - BVBA Naudts 2008-12-07 16:49:47.6 - NTFSx86
Microsoft® Windows Vista&#8482; Home Premium 6.0.6001.1.1252.1.1043.18.1187 [GMT 1:00]
Gestart vanuit: c:\users\BVBA Naudts\Desktop\ComboFix.exe
gebruikte Opdracht switches :: c:\users\BVBA Naudts\Desktop\CFScript.txt
* Nieuw herstelpunt werd aangemaakt

FILE ::
c:\windows\Tasks\At10.job
c:\windows\Tasks\At20.job
.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\Tasks\At10.job
c:\windows\Tasks\At20.job

.
(((((((((((((((((((( Bestanden Gemaakt van 2008-11-07 to 2008-12-07 ))))))))))))))))))))))))))))))
.

2008-12-04 16:31 . 2008-12-04 16:31 <DIR> d-------- c:\program files\WinPcap
2008-12-04 16:31 . 2008-12-04 16:31 <DIR> d-------- c:\program files\MSN Webcam Recorder
2008-12-02 21:37 . 2008-12-02 21:41 <DIR> d-------- c:\users\BVBA Naudts\AppData\Roaming\FileZilla
2008-12-02 21:37 . 2008-12-02 21:37 <DIR> d-------- c:\program files\FileZilla FTP Client
2008-12-02 16:06 . 2008-12-02 16:06 <DIR> d-------- c:\program files\FLV Player
2008-12-01 13:37 . 2008-12-01 13:37 <DIR> d-------- c:\program files\LucasArts
2008-12-01 13:37 . 1997-01-18 10:40 299,520 --a------ c:\windows\uninst.exe
2008-11-30 05:02 . 2008-11-30 05:02 <DIR> d-------- c:\windows\Easy Decrypter
2008-11-30 05:02 . 2008-11-30 19:41 <DIR> d-------- c:\program files\Easy Decrypter
2008-11-28 22:52 . 2008-10-21 06:25 1,645,568 --a------ c:\windows\System32\connect.dll
2008-11-28 22:52 . 2008-08-28 04:40 712,704 --a------ c:\windows\System32\WindowsCodecs.dll
2008-11-28 22:52 . 2008-08-28 04:40 425,472 --a------ c:\windows\System32\PhotoMetadataHandler.dll
2008-11-28 22:52 . 2008-08-28 04:40 347,136 --a------ c:\windows\System32\WindowsCodecsExt.dll
2008-11-28 22:52 . 2008-10-22 04:57 241,152 --a------ c:\windows\System32\PortableDeviceApi.dll
2008-11-25 00:27 . 2008-11-25 00:27 1,024 --a------ c:\windows\System32\gncontent.cch
2008-11-25 00:26 . 2008-11-25 00:26 <DIR> d-------- c:\users\BVBA Naudts\AppData\Roaming\Sony
2008-11-25 00:26 . 2008-11-25 00:26 <DIR> d-------- c:\programdata\Sony
2008-11-25 00:23 . 2008-11-25 00:23 <DIR> d-------- c:\program files\Sony Ericsson
2008-11-25 00:23 . 2008-11-25 00:23 <DIR> d-------- c:\program files\Sony
2008-11-25 00:23 . 2008-11-25 00:23 <DIR> d-------- c:\program files\Common Files\Sony Shared
2008-11-25 00:22 . 2008-11-25 00:22 <DIR> d-------- c:\program files\Sony Setup
2008-11-23 19:35 . 2008-11-23 19:35 <DIR> d-------- c:\programdata\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-11-23 19:35 . 2008-11-23 19:35 <DIR> d-------- c:\program files\iTunes
2008-11-23 19:35 . 2008-11-23 19:35 <DIR> d-------- c:\program files\iPod
2008-11-23 04:03 . 2008-10-16 22:13 1,809,944 --a------ c:\windows\System32\wuaueng.dll
2008-11-23 04:03 . 2008-10-16 21:56 1,524,736 --a------ c:\windows\System32\wucltux.dll
2008-11-23 04:03 . 2008-10-16 22:12 561,688 --a------ c:\windows\System32\wuapi.dll
2008-11-23 04:03 . 2008-10-16 14:08 162,064 --a------ c:\windows\System32\wuwebv.dll
2008-11-23 04:03 . 2008-10-16 21:55 83,456 --a------ c:\windows\System32\wudriver.dll
2008-11-23 04:03 . 2008-10-16 22:09 51,224 --a------ c:\windows\System32\wuauclt.exe
2008-11-23 04:03 . 2008-10-16 22:09 43,544 --a------ c:\windows\System32\wups2.dll
2008-11-23 04:03 . 2008-10-16 22:08 34,328 --a------ c:\windows\System32\wups.dll
2008-11-23 04:03 . 2008-10-16 13:56 31,232 --a------ c:\windows\System32\wuapp.exe
2008-11-17 23:37 . 2008-11-23 19:20 218,429,594 --a------ c:\windows\MEMORY.DMP
2008-11-17 22:40 . 2001-10-26 23:16 16,384 --a------ c:\windows\System32\FileOps.exe
2008-11-17 22:38 . 2008-11-17 22:38 <DIR> d-------- C:\Adobe Illustrator Installer
2008-11-17 22:10 . 2008-11-17 22:10 <DIR> d-------- c:\program files\gs
2008-11-14 12:40 . 2008-11-14 12:40 <DIR> d-------- c:\program files\MSXML 4.0
2008-11-13 19:39 . 2008-09-10 04:40 1,334,272 --a------ c:\windows\System32\msxml6.dll
2008-11-13 19:39 . 2008-09-05 06:14 1,191,936 --a------ c:\windows\System32\msxml3.dll
2008-11-13 19:39 . 2008-08-27 02:05 212,480 --a------ c:\windows\System32\drivers\mrxsmb10.sys
2008-11-12 20:35 . 2008-11-12 20:35 <DIR> d-------- c:\program files\Adobe Media Player
2008-11-12 20:33 . 2008-11-12 20:33 <DIR> d-------- c:\program files\Common Files\Adobe AIR
2008-11-11 20:31 . 2008-11-11 20:31 <DIR> d-------- c:\program files\Activision

.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-07 15:03 --------- d-----w c:\program files\Nakido
2008-12-04 15:17 --------- d-----w c:\users\BVBA Naudts\AppData\Roaming\uTorrent
2008-11-30 04:04 --------- d-----w c:\users\BVBA Naudts\AppData\Roaming\Orbit
2008-11-23 20:46 --------- d-----w c:\users\BVBA Naudts\AppData\Roaming\Vso
2008-11-23 18:35 --------- d-----w c:\program files\Common Files\Apple
2008-11-23 18:33 --------- d-----w c:\program files\QuickTime
2008-11-23 18:25 --------- d-----w c:\program files\Safari
2008-11-17 21:40 --------- d-----w c:\program files\Common Files\Adobe
2008-11-17 21:39 --------- d--h--w c:\program files\InstallShield Installation Information
2008-11-17 21:11 --------- d-----w c:\users\BVBA Naudts\AppData\Roaming\RCP 5
2008-11-07 10:00 --------- d-----w c:\program files\Spybot - Search & Destroy
2008-11-06 16:50 --------- d-----w c:\program files\Common Files\Steam
2008-11-01 17:30 --------- d-----w c:\programdata\Messenger Plus!
2008-10-28 09:43 --------- d-----w c:\program files\PicoZipRT
2008-10-28 01:03 --------- d-----w c:\program files\Bowling Buddies Bot
2008-10-16 22:08 --------- d-----w c:\program files\Windows Mail
2008-10-02 03:49 827,392 ----a-w c:\windows\System32\wininet.dll
2008-09-30 15:43 1,286,152 ----a-w c:\windows\System32\msxml4.dll
2008-09-18 05:09 3,601,464 ----a-w c:\windows\System32\ntkrnlpa.exe
2008-09-18 05:09 3,549,240 ----a-w c:\windows\System32\ntoskrnl.exe
2008-09-18 04:56 147,456 ----a-w c:\windows\System32\Faultrep.dll
2008-09-18 04:56 125,952 ----a-w c:\windows\System32\wersvc.dll
2008-09-18 02:16 2,032,640 ----a-w c:\windows\System32\win32k.sys
2008-06-14 21:27 174 --sha-w c:\program files\desktop.ini
2007-08-07 14:54 47,360 ----a-w c:\users\BVBA Naudts\AppData\Roaming\pcouffin.sys
2007-11-28 19:27 16,384 --sha-w c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
2007-11-28 19:27 32,768 --sha-w c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
2007-11-28 19:27 16,384 --sha-w c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
2008-01-24 16:45 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012008011420080121\index.dat
2008-02-01 16:43 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012008012120080128\index.dat
2008-02-01 16:43 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012008020120080202\index.dat
2008-02-02 10:55 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012008020220080203\index.dat
.

((((((((((((((((((((((((((((( snapshot@2008-12-06_12.42.47.89 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-12-06 11:21:04 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2008-12-07 15:02:22 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2008-12-06 11:21:04 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2008-12-07 15:02:22 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2008-12-06 11:41:57 1,572,864 --sha-w c:\windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2008-12-07 15:04:57 1,572,864 --sha-w c:\windows\ServiceProfiles\LocalService\NTUSER.DAT
- 2008-12-06 11:41:49 1,572,864 --sha-w c:\windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2008-12-07 15:04:51 1,572,864 --sha-w c:\windows\ServiceProfiles\NetworkService\NTUSER.DAT
- 2008-12-05 18:25:08 327,680 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-12-06 11:21:05 327,680 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2008-12-05 18:25:08 360,448 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-12-06 11:21:05 360,448 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-12-05 18:25:08 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-12-06 11:21:05 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2008-12-06 11:33:06 262,144 ----a-w c:\windows\System32\config\systemprofile\ntuser.dat
+ 2008-12-07 15:48:45 262,144 ----a-w c:\windows\System32\config\systemprofile\ntuser.dat
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-18 1233920]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-12-23 143360]
"msnmsgr"="c:\program files\MSN Messenger\msnmsgr.exe" [2007-01-19 5674352]
"scheduler_monitor"="c:\program files\ReaConverter 5.0 Pro\init_scheduler.exe" [2007-06-15 27136]
"AdobeBridge"="d:\program files\Adobe\Adobe Bridge CS4\Bridge.exe" [2008-08-28 13145448]
"AdobeUpdater"="c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [2007-02-28 2321600]
"MSN Webcam Recorder"="c:\program files\MSN Webcam Recorder\ml20gui.exe" [2007-11-27 110592]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2008-11-28 1261336]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-09-12 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-09-12 8497696]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-09-12 81920]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-10-01 111936]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-11-04 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"MySpaceIM"="c:\program files\MySpace\IM\MySpaceIM.exe" [2008-04-18 9117696]

c:\users\BVBA Naudts\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2007-03-22 110592]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2007-03-22 110592]
Dock.lnk - c:\program files\VistaOSX\RKLauncher.exe [2008-06-14 708608]
Fen&#710;tre d'&#8218;tat de Canon iR1200-1300.LNK - c:\windows\System32\spool\drivers\w32x86\3\CAPM2LAK.EXE [2004-12-02 30720]
Leftisder.lnk - c:\program files\VistaOSX\leftsider.exe [2008-06-14 74752]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.X264"= x264vfw.dll
"VIDC.3iv2"= 3ivxVfWCodec.dll
"VIDC.HFYU"= huffyuv.dll
"vidc.i263"= i263_32.drv
"VIDC.VP31"= vp31vfw.dll
"msacm.l3fhg"= mp3fhg.acm
"msacm.imc"= imc32.acm
"VIDC.I420"= emYUV.dll
"msacm.dvacm"= c:\progra~1\COMMON~1\ULEADS~1\Vio\Dvacm.acm

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"MessengerPlus3"="c:\program files\MessengerPlus! 3\MsgPlus.exe" /WinStart

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"MessengerPlus3"="c:\program files\MessengerPlus! 3\MsgPlus.exe"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"TCP Query User{974D8215-C9DD-489F-AEF4-429B8A0C0CBC}c:\\stubinstaller.exe"= UDP:C:\stubinstaller.exe:LimeWire swarmed installer
"UDP Query User{7E408393-4B86-4D79-B381-4BB1C7DD9AFA}c:\\stubinstaller.exe"= TCP:C:\stubinstaller.exe:LimeWire swarmed installer
"{0FD03D05-251E-49F7-9CCE-CAD2ECCCA985}"= UDP:c:\program files\LimeWire\LimeWire.exe:LimeWire
"{B780A232-4D7F-4B3A-A9DD-DABC7A1DE209}"= TCP:c:\program files\LimeWire\LimeWire.exe:LimeWire
"TCP Query User{37CCF07F-CECF-4D6B-B8A8-EBC40B2EDF56}c:\\program files\\azureus\\azureus.exe"= UDP:c:\program files\azureus\azureus.exe:Azureus
"UDP Query User{C045C373-6D0A-4612-84ED-7C910E03CCBC}c:\\program files\\azureus\\azureus.exe"= TCP:c:\program files\azureus\azureus.exe:Azureus
"TCP Query User{65B9CEB4-947F-4033-88AB-142396679C6D}c:\\program files\\msn messenger\\msnmsgr.exe"= UDP:c:\program files\msn messenger\msnmsgr.exe:MSN Messenger
"UDP Query User{AFC67F3F-15BC-415F-A04B-1FC4B86F6088}c:\\program files\\msn messenger\\msnmsgr.exe"= TCP:c:\program files\msn messenger\msnmsgr.exe:MSN Messenger
"TCP Query User{7062E39D-28A2-4A0D-B8DE-80CEC61C28CA}c:\\program files\\bittorrent\\bittorrent.exe"= UDP:c:\program files\bittorrent\bittorrent.exe:bittorrent
"UDP Query User{DB6083D6-84EE-4EAE-BEE9-E99AD068561F}c:\\program files\\bittorrent\\bittorrent.exe"= TCP:c:\program files\bittorrent\bittorrent.exe:bittorrent
"TCP Query User{3D653DB2-4082-4DA3-8EDC-9E29C76E4B84}c:\\program files\\bittorrent\\bittorrent.exe"= UDP:c:\program files\bittorrent\bittorrent.exe:bittorrent
"UDP Query User{E24361EB-2D78-47E4-A32D-2BD078B917FC}c:\\program files\\bittorrent\\bittorrent.exe"= TCP:c:\program files\bittorrent\bittorrent.exe:bittorrent
"TCP Query User{8C991D54-CF19-4904-95DA-3DF969CB53B6}c:\\program files\\limewire\\limewire.exe"= UDP:c:\program files\limewire\limewire.exe:LimeWire
"UDP Query User{E8A9A88C-5667-4B94-90C3-AFAA5481BB63}c:\\program files\\limewire\\limewire.exe"= TCP:c:\program files\limewire\limewire.exe:LimeWire
"{64C0A818-0716-4C6B-84D5-33E6C8B35941}"= c:\program files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)
"{6B540D12-36B7-45A8-9B1B-5C966FEF0389}"= c:\program files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)
"TCP Query User{099E13E6-0C5B-47A5-8881-F3945245E67F}c:\\program files\\mozilla firefox\\firefox.exe"= UDP:c:\program files\mozilla firefox\firefox.exe:Firefox
"UDP Query User{3CE3BBE8-AF4A-40FC-BC98-A58711DB2878}c:\\program files\\mozilla firefox\\firefox.exe"= TCP:c:\program files\mozilla firefox\firefox.exe:Firefox
"TCP Query User{A1B13C64-828D-4A50-BCC0-A95BE850E33B}c:\\program files\\valve\\steam\\steamapps\\cypher666\\counter-strike source\\hl2.exe"= UDP:c:\program files\valve\steam\steamapps\cypher666\counter-strike source\hl2.exe:hl2
"UDP Query User{860A01CA-78DB-43B3-9442-CA9F9EF4AE72}c:\\program files\\valve\\steam\\steamapps\\cypher666\\counter-strike source\\hl2.exe"= TCP:c:\program files\valve\steam\steamapps\cypher666\counter-strike source\hl2.exe:hl2
"TCP Query User{E5B93A02-08E3-42DD-907D-50DB829354EA}c:\\program files\\valve\\steam\\steamapps\\cypher666\\half-life 2 deathmatch\\hl2.exe"= UDP:c:\program files\valve\steam\steamapps\cypher666\half-life 2 deathmatch\hl2.exe:hl2
"UDP Query User{748A9CA8-A804-45A6-B4D9-F2E1A5D1FF1B}c:\\program files\\valve\\steam\\steamapps\\cypher666\\half-life 2 deathmatch\\hl2.exe"= TCP:c:\program files\valve\steam\steamapps\cypher666\half-life 2 deathmatch\hl2.exe:hl2
"TCP Query User{06749D1B-4EF6-46FD-A4CC-3F338C555B94}c:\\program files\\valve\\steam\\steamapps\\cypher666\\counter-strike\\hl.exe"= UDP:c:\program files\valve\steam\steamapps\cypher666\counter-strike\hl.exe:Half-Life Launcher
"UDP Query User{46CC6AFD-2D3C-4701-BF32-FEB105C332AD}c:\\program files\\valve\\steam\\steamapps\\cypher666\\counter-strike\\hl.exe"= TCP:c:\program files\valve\steam\steamapps\cypher666\counter-strike\hl.exe:Half-Life Launcher
"TCP Query User{A1AC413E-CAE4-40AD-805C-4A07485A026C}c:\\program files\\ip hider\\ip hider.exe"= UDP:c:\program files\ip hider\ip hider.exe:IP Hider
"UDP Query User{6F742782-D15C-4106-935C-9E6722E5A70E}c:\\program files\\ip hider\\ip hider.exe"= TCP:c:\program files\ip hider\ip hider.exe:IP Hider
"TCP Query User{2147EBE1-1DD8-46DD-B016-408A83E80311}c:\\program files\\valve\\steam\\steamapps\\cypher666\\source sdk base\\hl2.exe"= UDP:c:\program files\valve\steam\steamapps\cypher666\source sdk base\hl2.exe:hl2
"UDP Query User{91CF560C-7EFF-494D-9C91-063F5144C2CE}c:\\program files\\valve\\steam\\steamapps\\cypher666\\source sdk base\\hl2.exe"= TCP:c:\program files\valve\steam\steamapps\cypher666\source sdk base\hl2.exe:hl2
"{8F146E2E-0266-4E88-8029-A7AF09007D3E}"= c:\program files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)
"{3399A9C0-CDE7-4479-AAF6-DEA8E1F3EB7E}"= UDP:c:\program files\SmartFTP Client\SmartFTP.exe:SmartFTP Client
"{9CCC115B-14EB-4AE4-AEAB-73BF523C00DB}"= TCP:c:\program files\SmartFTP Client\SmartFTP.exe:SmartFTP Client
"TCP Query User{CF872945-7251-46E0-B400-47B7CFC8B57A}c:\\program files\\mozilla firefox\\firefox.exe"= UDP:c:\program files\mozilla firefox\firefox.exe:Firefox
"UDP Query User{FE7E921F-4355-4D28-8EC7-C6220A487DB2}c:\\program files\\mozilla firefox\\firefox.exe"= TCP:c:\program files\mozilla firefox\firefox.exe:Firefox
"TCP Query User{B337F6F9-FEC3-4194-8C6B-A58D2226E8FD}c:\\program files\\valve\\steam\\steamapps\\cypher666\\half-life 2 deathmatch\\hl2.exe"= UDP:c:\program files\valve\steam\steamapps\cypher666\half-life 2 deathmatch\hl2.exe:hl2
"UDP Query User{2F60B05D-B8A8-4948-B803-3836E334161D}c:\\program files\\valve\\steam\\steamapps\\cypher666\\half-life 2 deathmatch\\hl2.exe"= TCP:c:\program files\valve\steam\steamapps\cypher666\half-life 2 deathmatch\hl2.exe:hl2
"TCP Query User{7152E14E-3999-40F6-BAEE-0011A2467BF0}c:\\program files\\valve\\steam\\steamapps\\cypher666\\source sdk base\\hl2.exe"= UDP:c:\program files\valve\steam\steamapps\cypher666\source sdk base\hl2.exe:hl2
"UDP Query User{2864346A-AE91-4563-9A85-ACBFE79E1E78}c:\\program files\\valve\\steam\\steamapps\\cypher666\\source sdk base\\hl2.exe"= TCP:c:\program files\valve\steam\steamapps\cypher666\source sdk base\hl2.exe:hl2
"TCP Query User{2A33FD7F-E7CB-47CB-911B-D4ED75605877}c:\\program files\\utorrent\\utorrent.exe"= UDP:c:\program files\utorrent\utorrent.exe:uTorrent
"UDP Query User{70DE7886-0B94-425D-82BE-8E935D7ECFD9}c:\\program files\\utorrent\\utorrent.exe"= TCP:c:\program files\utorrent\utorrent.exe:uTorrent
"TCP Query User{1D7C27B8-9D3E-4092-9470-3B57C70D152D}c:\\program files\\common files\\ahead\\nero web\\setupx.exe"= UDP:c:\program files\common files\ahead\nero web\setupx.exe:MSI starter
"UDP Query User{30AC6175-B765-45BE-832E-2105378BD125}c:\\program files\\common files\\ahead\\nero web\\setupx.exe"= TCP:c:\program files\common files\ahead\nero web\setupx.exe:MSI starter
"TCP Query User{6A4E21D0-7F39-499B-B0AA-E20CC4E068E5}c:\\program files\\internet explorer\\iexplore.exe"= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{8A6919BA-78DA-4BC0-8FEF-C4F547214442}c:\\program files\\internet explorer\\iexplore.exe"= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"{6075E81E-7433-46C3-99E4-E2C19E27EEE8}"= UDP:c:\program files\IVT Corporation\BlueSoleil\BlueSoleil.exe:BlueSoleil
"{E0013D57-0E59-44E9-AB25-4B38B657AEE1}"= TCP:c:\program files\IVT Corporation\BlueSoleil\BlueSoleil.exe:BlueSoleil
"TCP Query User{98BF520A-ED2E-4171-8456-7B2316B6A5CC}c:\\program files\\orbitdownloader\\orbitnet.exe"= UDP:c:\program files\orbitdownloader\orbitnet.exe:P2P service of Orbit Downloader
"UDP Query User{71A15F2E-3779-461D-9B64-339E9FB32E32}c:\\program files\\orbitdownloader\\orbitnet.exe"= TCP:c:\program files\orbitdownloader\orbitnet.exe:P2P service of Orbit Downloader
"TCP Query User{5BF2B55B-D560-4B92-B076-29F2B2FB6F90}c:\\program files\\valve\\steam\\steamapps\\common\\trackmania nations forever\\tmforever.exe"= UDP:c:\program files\valve\steam\steamapps\common\trackmania nations forever\tmforever.exe:TmForever
"UDP Query User{4882E85C-E6A0-47E6-9962-ED1CBCBFC8A3}c:\\program files\\valve\\steam\\steamapps\\common\\trackmania nations forever\\tmforever.exe"= TCP:c:\program files\valve\steam\steamapps\common\trackmania nations forever\tmforever.exe:TmForever
"TCP Query User{7BA42869-E25E-4C4B-B03B-6C74A35B03DC}c:\\program files\\xplosiv\\sof platinum\\sof.exe"= UDP:c:\program files\xplosiv\sof platinum\sof.exe:SoF
"UDP Query User{C7663C21-C361-4217-B8AA-BF5141A4659E}c:\\program files\\xplosiv\\sof platinum\\sof.exe"= TCP:c:\program files\xplosiv\sof platinum\sof.exe:SoF
"{9726206C-66DB-4844-9C73-3048F021F6D4}"= c:\program files\AVG\AVG8\avgupd.exe:avgupd.exe
"{94F9C7DD-60F0-4AA9-A24D-E4BEE5FB719C}"= c:\program files\AVG\AVG8\avgemc.exe:avgemc.exe
"TCP Query User{34DDA5C0-4DF0-49B6-B63F-BD4A4E655313}c:\\program files\\veoh networks\\veoh\\veohclient.exe"= UDP:c:\program files\veoh networks\veoh\veohclient.exe:Veoh Client
"UDP Query User{20A2EB01-01B4-48DB-B3E7-7234BD83F01E}c:\\program files\\veoh networks\\veoh\\veohclient.exe"= TCP:c:\program files\veoh networks\veoh\veohclient.exe:Veoh Client
"TCP Query User{FAC2D2D2-932A-4E74-B9B9-9A69E79EF8B7}c:\\program files\\windows sidebar\\sidebar.exe"= UDP:c:\program files\windows sidebar\sidebar.exe:Windows Sidebar
"UDP Query User{6942A8D4-515B-4689-A14B-9DA55ECDCF83}c:\\program files\\windows sidebar\\sidebar.exe"= TCP:c:\program files\windows sidebar\sidebar.exe:Windows Sidebar
"{778A0191-4EB7-4B18-9E14-E86963AFD22D}"= c:\program files\MySpace\IM\MySpaceIM.exe:MySpaceIM
"{0C2BFF82-77F9-43A3-8A44-B2463D8242CA}"= UDP:c:\program files\Nakido\nakido.exe:Nakido
"{74BFC218-5399-4B49-BD2B-18AF600A525F}"= TCP:c:\program files\Nakido\nakido.exe:Nakido
"{34CF555A-7B63-40FE-8608-773CE4181BF1}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{62013B4F-D47D-4915-A61A-4237056C2EF7}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{81F71266-95FA-487B-9D42-A79CDAB3659B}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{2FFCBFB1-A5BC-4C16-A13B-D89AB7F0A7F2}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"TCP Query User{19AFB0F6-C07C-4038-A2E2-2907F50D244E}c:\\users\\bvba naudts\\desktop\\mercury\\mercury\\mercury.exe"= UDP:c:\users\bvba naudts\desktop\mercury\mercury\mercury.exe:mercury.exe
"UDP Query User{C9682A8E-9C91-4B8D-B93C-38CB251D882E}c:\\users\\bvba naudts\\desktop\\mercury\\mercury\\mercury.exe"= TCP:c:\users\bvba naudts\desktop\mercury\mercury\mercury.exe:mercury.exe
"TCP Query User{EE0BA2D9-2263-4D03-A83F-485C990D78BB}c:\\program files\\utorrent\\utorrent.exe"= UDP:c:\program files\utorrent\utorrent.exe:uTorrent
"UDP Query User{27F90253-1125-404A-98F6-54E577FD8A6E}c:\\program files\\utorrent\\utorrent.exe"= TCP:c:\program files\utorrent\utorrent.exe:uTorrent
"{A8642318-877D-420B-BAE7-41E9F998C1F4}"= UDP:c:\program files\Activision\Call of Duty - World at War\CoDWaWmp.exe:Call of Duty(R) - World at War(TM)
"{847A884C-FE37-471C-909A-EE5013E607B0}"= TCP:c:\program files\Activision\Call of Duty - World at War\CoDWaWmp.exe:Call of Duty(R) - World at War(TM)
"{32B4CC30-6749-4F9C-9A06-94465E39AE8D}"= UDP:c:\program files\Activision\Call of Duty - World at War\CoDWaW.exe:Call of Duty(R) - World at War(TM)
"{62D42E78-FF8A-4222-9C85-8E6A6895502A}"= TCP:c:\program files\Activision\Call of Duty - World at War\CoDWaW.exe:Call of Duty(R) - World at War(TM)
"{35605389-B361-420D-B818-76FC0FAF9965}"= UDP:5353:Adobe CSI CS4
"{2AABF8E7-8756-4E28-BE8E-CA1ABEDE795B}"= UDP:c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe:Adobe CSI CS4
"{41E3A0A1-B273-4257-8123-6461BE579B7C}"= TCP:c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe:Adobe CSI CS4
"{F2BAA538-795B-41EF-A828-7F8E9A377A40}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{CD474C92-DA88-4500-919C-B2F41FAA0A3D}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"{C10227D2-D398-4549-8547-6357B9983386}"= UDP:c:\program files\IVT Corporation\BlueSoleil\BlueSoleil.exe:BlueSoleil
"{112FBE4D-C237-4E61-A73B-C9013DC358FB}"= TCP:c:\program files\IVT Corporation\BlueSoleil\BlueSoleil.exe:BlueSoleil
"{77F9E4C6-B5FA-4045-B72F-1B9EE512FE87}"= UDP:c:\program files\Sony Ericsson\Sony Ericsson Media Manager\MediaManager.exe:Sony Ericsson Media Manager 1.2
"{EB3C7FC4-1EB7-4611-BF37-86016B1713A2}"= TCP:c:\program files\Sony Ericsson\Sony Ericsson Media Manager\MediaManager.exe:Sony Ericsson Media Manager 1.2

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"c:\\Program Files\\BitTorrent\\bittorrent.exe"= c:\program files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent
"c:\\Program Files\\Orbitdownloader\\orbitdm.exe"= c:\program files\Orbitdownloader\orbitdm.exe:*:Enabled:Orbit
"c:\\Program Files\\Orbitdownloader\\orbitnet.exe"= c:\program files\Orbitdownloader\orbitnet.exe:*:Enabled:Orbit

R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\Drivers\avgldx86.sys [2008-05-24 97928]
R2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2008-05-24 875288]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2008-05-24 231704]
R2 Nakido;Nakido;c:\program files\Nakido\nakido.exe [2008-09-18 320000]
R2 P1C1394;Phase One 1394 Camera Driver;c:\windows\system32\Drivers\p1c1394.sys [2008-09-27 23936]
R2 RapidPortM2;RapidPortM2;\??\c:\windows\system32\Drivers\CAPM2LP.SYS [2007-11-06 23232]
R3 AvgWfpX;AVG8 Firewall Driver x86;c:\windows\system32\Drivers\avgwfpx.sys [2008-05-24 69128]
R3 camvid20;Philips ToUcam Camera; Video;c:\windows\system32\DRIVERS\camdrv21.sys [2007-03-22 253909]
R3 rt61x86;Linksys Wireless-G PCI Adapter Driver;c:\windows\system32\DRIVERS\WMP54Gv41x86.sys [2007-03-12 286208]
S3 libusb0;LibUsb-Win32 - Kernel Driver 11/20/2005, 20051120;c:\windows\system32\DRIVERS\libusb0.sys [2007-12-18 29184]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2007-11-06 34064]
S3 rcp_service;ReaConverter scheduler service;c:\program files\ReaConverter 5.0 Pro\rcp_scheduler.exe [2007-11-30 558592]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]
\shell\AutoRun\command - G:\GRIM.EXE

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\L]
\shell\AutoRun\command - l:\setup\rsrc\Autorun.exe
\shell\dinstall\command - l:\directx\dxsetup.exe
.
.
------- Bijkomende Scan -------
.
uStart Page = hxxp://www.nieuwsblad.be/index.html?ref=0820
uInternet Settings,ProxyOverride = local;*.local
uInternet Settings,ProxyServer = 192.17.239.253:8888->United States(anonymous)
IE: &Download by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/204
IE: Do&wnload selected by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/202
IE: Read with DeskBot
FireFox -: Profile - c:\users\BVBA Naudts\AppData\Roaming\Mozilla\Firefox\Profiles\vottky9m.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.stubru.be/
FF -: plugin - c:\program files\Common Files\ParallelGraphics\Cortona\npCortona.dll
FF -: plugin - c:\program files\iTunes\Mozilla Plugins\npitunes.dll
FF -: plugin - c:\program files\Mozilla Firefox\plugins\npCortona.dll
FF -: plugin - c:\program files\Veoh Networks\Veoh\Plugins\noreg\NPVeohVersion.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-07 16:53:59
Windows 6.0.6001 Service Pack 1 NTFS

scannen van verborgen processen ...

scannen van verborgen autostart items ...

scannen van verborgen bestanden ...

Scan succesvol afgerond
verborgen bestanden: 0

**************************************************************************
.
Voltooingstijd: 2008-12-07 16:55:51
ComboFix-quarantined-files.txt 2008-12-07 15:55:30
ComboFix2.txt 2008-12-06 18:26:21
ComboFix3.txt 2008-12-06 11:44:34
ComboFix4.txt 2008-02-03 01:49:09

Pre-Run: 23.299.993.600 bytes beschikbaar
Post-Run: 23,163,879,424 bytes beschikbaar

305 --- E O F --- 2008-12-02 13:30:14
Het archief is een bevroren moment uit een vorige versie van dit forum, met andere regels en andere bazen. Deze posts weerspiegelen op geen enkele manier onze huidige ideeën, waarden of wereldbeelden en zijn op sommige plaatsen gecensureerd wegens ontoelaatbaar. Veel zijn in een andere tijdsgeest gemaakt, al dan niet ironisch - zoals in het ironische subforum Off-Topic - en zouden op dit moment niet meer gepost (mogen) worden. Toch bieden we dit archief nog graag aan als informatiedatabank en naslagwerk. Lees er hier meer over of start een gesprek met anderen.
Terug
Bovenaan