Archief - logje na virus ( Pic Format )

Het archief is een bevroren moment uit een vorige versie van dit forum, met andere regels en andere bazen. Deze posts weerspiegelen op geen enkele manier onze huidige ideeën, waarden of wereldbeelden en zijn op sommige plaatsen gecensureerd wegens ontoelaatbaar. Veel zijn in een andere tijdsgeest gemaakt, al dan niet ironisch - zoals in het ironische subforum Off-Topic - en zouden op dit moment niet meer gepost (mogen) worden. Toch bieden we dit archief nog graag aan als informatiedatabank en naslagwerk. Lees er hier meer over of start een gesprek met anderen.

maximvdb

Legacy Member
Ad aware dedecteerde een virus (pic format) heb het een paar keer verwijderd maar het kwam terug. (Nu is het weg dacht ik), Ik starte dernet pc op & ik kreeg "clean boot sector pic format"

Logje :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:46:49, on 18-2-2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
E:\Telemeter 3.0\Telemeter3.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Logitech\SetPoint II\SetpointII.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
C:\Program Files\Lavasoft\Ad-Aware\Ad-Aware.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = WarFear Clan: News
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Yahoo! UK & Ireland
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Yahoo! UK & Ireland
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Click-to-Call BHO - {5C255C8A-E604-49b4-9D64-90988571CECB} - C:\Program Files\Windows Live\Messenger\wlchtc.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Telemeter 3.0] "E:\Telemeter 3.0\telemeter3.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKCU\..\Run: [?????????] ??????????????e
O4 - HKCU\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: SetPointII.lnk = ?
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: In weblog opnemen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &In weblog opnemen met Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Mobiel Apple apparaat (Apple Mobile Device) - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe
O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software - C:\Windows\System32\TuneUpDefragService.exe
O23 - Service: @%SystemRoot%\System32\TUProgSt.exe,-1 (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\Windows\System32\TUProgSt.exe

--
End of file - 8335 bytes


Nog iets vreemd te vinden ?

Juisterr

Legacy Member
Hallo en welkom,

Klik met de rechtermuis op het programma Hijackthis en kies voor "Uitvoeren als Administrator"
Kies voor 'Do a system scan only'
Selecteer alleen de items die hieronder zijn genoemd:

O4 - HKCU\..\Run: [?????????] ??????????????e
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe (file missing)


Klik op 'Fix checked' om de items te verwijderen.

Download Combofix naar je Bureaublad en gebruik het volgens deze handleiding.
OPMERKING: indien je, tijdens of na het downloaden van Combofix of tijdens het gebruik van Combofix een melding krijgt van je Antivirus- of een andere realtime scanner, schakel dan deze scanner uit en download Combofix opnieuw.
Sommige scanners zien bepaalde componenten die Combofix gebruikt als verdacht en gaan deze blokkeren of verwijderen!
  • Dubbelklik op Combofix.exe om het te starten.
  • Indien je Combofix al eerder hebt gebruikt, kan je een waarschuwing krijgen dat een update beschikbaar is. Sta toe dat ComboFix wordt geupdate.
  • Klik op OK in het "NirCmd" venstertje.
  • Klik na afloop terug op Ja om het scannen op malware te starten.
  • Tijdens het runnen van de fix, NIET in het venster klikken, want dit zal je pc doen vasthangen.
  • Wanneer de fix voltooid is en na herstart, zal de log Combofix.txt openen.
Post dit logje in je volgende antwoord

maximvdb

Legacy Member
ComboFix 09-02-17.02 - mathias 2009-02-18 20:42:02.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1043.18.2046.1140 [GMT 1:00]
Gestart vanuit: c:\users\mathias\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated)
AV: ESET NOD32 antivirus systeem 2.70 *On-access scanning enabled* (Updated)
* Nieuw herstelpunt werd aangemaakt
* Resident AV is active

.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\users\mathias\AppData\Roaming\inst.exe
c:\users\mathias\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Videos.url
c:\users\mathias\EULA.txt
c:\users\mathias\FAVORI~1\Videos.url
c:\users\mathias\Favorites\Videos.url
L:\Autorun.inf

.
(((((((((((((((((((( Bestanden Gemaakt van 2009-01-18 to 2009-02-18 ))))))))))))))))))))))))))))))
.

2009-02-17 07:51 . 2009-02-16 21:22 15,688 --a------ c:\windows\System32\lsdelete.exe
2009-02-16 21:22 . 2009-02-16 21:21 64,160 --a------ c:\windows\System32\drivers\Lbd.sys
2009-02-16 20:54 . 2009-02-16 20:54 <DIR> d--h-c--- c:\users\All Users\{83C91755-2546-441D-AC40-9A6B4B860800}
2009-02-16 20:54 . 2009-02-16 20:54 <DIR> d--h-c--- c:\programdata\{83C91755-2546-441D-AC40-9A6B4B860800}
2009-02-16 20:53 . 2009-02-16 20:53 <DIR> d-------- c:\program files\Lavasoft
2009-02-13 17:50 . 2008-06-20 02:14 781,344 --a------ c:\windows\System32\PresentationNative_v0300.dll
2009-02-13 17:50 . 2008-06-20 02:14 622,080 --a------ c:\windows\System32\icardagt.exe
2009-02-13 17:50 . 2008-06-20 02:14 326,160 --a------ c:\windows\System32\PresentationHost.exe
2009-02-13 17:50 . 2008-06-20 02:14 105,016 --a------ c:\windows\System32\PresentationCFFRasterizerNative_v0300.dll
2009-02-13 17:50 . 2008-06-20 02:14 97,800 --a------ c:\windows\System32\infocardapi.dll
2009-02-13 17:50 . 2008-06-20 02:14 43,544 --a------ c:\windows\System32\PresentationHostProxy.dll
2009-02-13 17:50 . 2008-06-20 02:14 37,384 --a------ c:\windows\System32\infocardcpl.cpl
2009-02-13 17:50 . 2008-06-20 02:14 11,264 --a------ c:\windows\System32\icardres.dll
2009-02-13 17:42 . 2008-07-27 19:03 282,112 --a------ c:\windows\System32\mscoree.dll
2009-02-13 17:42 . 2008-07-27 19:03 158,720 --a------ c:\windows\System32\mscorier.dll
2009-02-13 17:42 . 2008-07-27 19:03 96,760 --a------ c:\windows\System32\dfshim.dll
2009-02-13 17:42 . 2008-07-27 19:03 41,984 --a------ c:\windows\System32\netfxperf.dll
2009-02-13 17:41 . 2008-07-27 19:03 83,968 --a------ c:\windows\System32\mscories.dll
2009-02-13 17:38 . 2008-12-05 05:32 428,544 --a------ c:\windows\System32\EncDec.dll
2009-02-13 17:38 . 2008-12-05 05:32 293,376 --a------ c:\windows\System32\psisdecd.dll
2009-02-13 17:38 . 2008-12-05 05:31 217,088 --a------ c:\windows\System32\psisrndr.ax
2009-02-13 17:38 . 2008-12-05 05:31 177,664 --a------ c:\windows\System32\mpg2splt.ax
2009-02-13 17:38 . 2008-12-05 05:31 80,896 --a------ c:\windows\System32\MSNP.ax
2009-02-11 18:29 . 2009-01-15 04:36 1,383,424 --a------ c:\windows\System32\mshtml.tlb
2009-02-11 18:29 . 2009-01-15 07:11 827,392 --a------ c:\windows\System32\wininet.dll
2009-02-08 19:28 . 2009-02-08 19:29 <DIR> d-------- c:\program files\CCleaner
2009-02-08 19:14 . 2009-02-08 19:14 <DIR> d-------- c:\users\mathias\AppData\Roaming\TuneUp Software
2009-02-08 19:14 . 2009-02-08 19:14 603,904 --a------ c:\windows\System32\TUProgSt.exe
2009-02-08 19:14 . 2009-02-08 19:14 360,192 --a------ c:\windows\System32\TuneUpDefragService.exe
2009-02-08 19:14 . 2008-12-11 13:31 27,904 --a------ c:\windows\System32\uxtuneup.dll
2009-02-08 19:14 . 2008-12-11 13:31 17,152 --a------ c:\windows\System32\authuitu.dll
2009-02-08 19:13 . 2009-02-08 19:13 <DIR> d-------- c:\users\All Users\TuneUp Software
2009-02-08 19:13 . 2009-02-08 19:13 <DIR> d--hs---- c:\users\All Users\{55A29068-F2CE-456C-9148-C869879E2357}
2009-02-08 19:13 . 2009-02-08 19:13 <DIR> d-------- c:\programdata\TuneUp Software
2009-02-08 19:13 . 2009-02-08 19:13 <DIR> d--hs---- c:\programdata\{55A29068-F2CE-456C-9148-C869879E2357}
2009-02-08 19:13 . 2009-02-08 19:14 <DIR> d-------- c:\program files\TuneUp Utilities 2009
2009-02-04 13:31 . 2009-02-04 13:31 <DIR> d-------- c:\windows\System32\Futuremark
2009-02-04 13:31 . 2009-02-04 13:31 <DIR> d-------- c:\program files\Common Files\Futuremark Shared
2009-02-04 13:31 . 2008-09-17 15:14 27,672 -ra------ c:\windows\System32\drivers\Entech.sys
2009-02-02 17:18 . 2009-02-02 17:18 <DIR> d-------- c:\program files\SpeedFan
2009-02-02 17:18 . 2009-02-02 17:18 45 --a------ c:\windows\System32\initdebug.nfo
2009-01-31 18:42 . 2009-01-31 18:42 107,272 --a------ c:\windows\System32\drivers\avgtdix.sys
2009-01-26 22:52 . 2006-10-26 19:56 32,592 --a------ c:\windows\System32\msonpmon.dll
2009-01-26 22:49 . 2009-01-26 22:49 <DIR> d-------- c:\program files\Microsoft Works
2009-01-26 22:47 . 2009-01-26 22:47 <DIR> d-------- c:\program files\Microsoft.NET
2009-01-26 21:10 . 2009-01-26 21:10 <DIR> d-------- c:\users\mathias\AppData\Roaming\LaCie
2009-01-26 21:09 . 2009-01-26 21:09 <DIR> d-------- c:\program files\LaCie
2009-01-26 21:08 . 2009-01-26 21:08 <DIR> d-------- c:\windows\System32\URTTEMP
2009-01-23 02:18 . 2009-01-23 02:18 42,320 --a------ c:\windows\System32\xfcodec.dll
2009-01-18 12:16 . 2009-01-26 22:39 <DIR> d-------- c:\program files\Microsoft Visual Studio 8
2009-01-18 12:15 . 2009-02-12 18:36 <DIR> d-------- c:\users\All Users\Microsoft Help
2009-01-18 12:15 . 2009-02-12 18:36 <DIR> d-------- c:\programdata\Microsoft Help

.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-16 19:53 --------- d-----w c:\programdata\Lavasoft
2009-02-16 18:43 201,352 ----a-w c:\windows\System32\PnkBstrB.exe
2009-02-16 18:43 140,216 ----a-w c:\windows\system32\drivers\PnkBstrK.sys
2009-02-15 15:09 --------- d-----w c:\users\mathias\AppData\Roaming\LimeWire
2009-02-15 13:01 --------- d-----w c:\program files\Electronic Arts
2009-02-12 17:36 --------- d-----w c:\program files\Windows Mail
2009-02-09 16:16 --------- d-----w c:\users\mathias\AppData\Roaming\uTorrent
2009-02-08 15:51 --------- d-----w c:\program files\Common Files\DVDVideoSoft
2009-02-08 15:50 --------- d-----w c:\program files\DVDVideoSoft
2009-02-04 12:31 --------- d--h--w c:\program files\InstallShield Installation Information
2009-01-31 17:42 325,128 ----a-w c:\windows\system32\drivers\avgldx86.sys
2009-01-31 17:42 10,520 ----a-w c:\windows\System32\avgrsstx.dll
2009-01-31 17:42 --------- d-----w c:\programdata\avg8
2009-01-29 17:03 --------- d-----w c:\programdata\Xfire
2009-01-28 19:09 --------- d-----w c:\users\mathias\AppData\Roaming\Xfire
2009-01-28 19:09 --------- d-----w c:\program files\Xfire
2009-01-27 16:41 --------- d-----w c:\program files\PKR
2009-01-27 00:58 --------- d-----w c:\users\mathias\AppData\Roaming\teamspeak2
2009-01-27 00:58 --------- d-----w c:\users\mathias\AppData\Roaming\DAEMON Tools
2009-01-26 21:49 --------- d-----w c:\program files\MSBuild
2009-01-19 17:42 --------- d-----w c:\program files\EA GAMES
2009-01-16 11:48 --------- d-----w c:\programdata\Electronic Arts
2008-12-30 01:21 66,872 ----a-w c:\windows\System32\PnkBstrA.exe
2008-12-25 20:18 --------- d-----w c:\program files\VirtualDJ
2008-12-21 12:56 410,984 ----a-w c:\windows\System32\deploytk.dll
2008-12-21 12:55 --------- d-----w c:\program files\Java
2008-12-19 12:37 --------- d-----w c:\program files\Windows Live
2008-12-19 12:37 --------- d-----w c:\program files\Microsoft Office Outlook Connector
2008-12-19 12:37 --------- d-----w c:\program files\Microsoft
2008-12-19 12:36 --------- d-----w c:\program files\Microsoft Sync Framework
2008-12-19 12:32 --------- d-----w c:\program files\Windows Live SkyDrive
2008-12-04 23:31 308,584 ----a-w c:\windows\WLXPGSS.SCR
2008-12-02 21:37 49,480 ----a-w c:\windows\System32\sirenacm.dll
2008-11-28 18:23 47,360 ----a-w c:\users\mathias\AppData\Roaming\pcouffin.sys
2008-08-01 17:00 56 ---ha-w c:\users\All Users\ezsidmv.dat
2008-08-01 17:00 56 ---ha-w c:\programdata\ezsidmv.dat
2008-05-29 16:10 174 --sha-w c:\program files\desktop.ini
.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"????r"="" [?]
"?????????"="??????????????e" [?]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-06-14 221184]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-07-11 90112]
"nod32kui"="c:\program files\Eset\nod32kui.exe" [2007-07-21 949376]
"Telemeter 3.0"="e:\telemeter 3.0\telemeter3.exe" [2007-04-15 1441792]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-01-31 1601304]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-10-07 13584928]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-10-07 92704]
"WarReg_PopUp"="c:\acer\WR_PopUp\WarReg_PopUp.exe" [2006-11-05 57344]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-02-16 509784]
"RtHDVCpl"="RtHDVCpl.exe" [2007-02-15 c:\windows\RtHDVCpl.exe]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 c:\windows\KHALMNPR.Exe]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2008-07-26 805392]
SetPointII.lnk - c:\program files\Logitech\SetPoint II\SetpointII.exe [2007-08-30 319488]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.XFR1"= xfcodec.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKLM\~\startupfolder\C:^Users^mathias^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Xfire.lnk]
path=c:\users\mathias\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Xfire.lnk
backup=c:\windows\pss\Xfire.lnk.Startup
backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acer Empowering Technology Monitor]
--a------ 2006-11-23 15:24 319488 c:\windows\System32\SysMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
--a------ 2008-10-01 12:57 111936 c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
--a------ 2008-08-08 13:11 490952 c:\program files\DAEMON Tools Lite\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LaCie Backup]
--a------ 2007-12-03 10:31 2600960 c:\program files\LaCie\Backup Software\LacieBackup.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
--a------ 2008-12-02 22:38 3882312 c:\program files\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-09-06 15:09 413696 c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
-ra------ 2008-07-30 16:17 21738792 c:\program files\Skype\Phone\Skype.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ISUSPM Startup"=c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
"Sidebar"=c:\program files\Windows Sidebar\sidebar.exe /autoRun

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"BrMfcWnd"=c:\program files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe"
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" -start
"ControlCenter3"=c:\program files\Brother\ControlCenter3\brctrcen.exe /autorun
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"TCP Query User{6E2C6225-73EB-451D-9DC3-F9CE6ECF4774}c:\\program files\\xfire\\xfire.exe"= UDP:c:\program files\xfire\xfire.exe:Xfire
"UDP Query User{AA28F8B0-ED24-436B-8F51-3A6D1F2940E5}c:\\program files\\xfire\\xfire.exe"= TCP:c:\program files\xfire\xfire.exe:Xfire
"TCP Query User{E41E58CB-0713-45C1-BA68-E278856CD631}c:\\program files\\skype\\phone\\skype.exe"= UDP:c:\program files\skype\phone\skype.exe:Skype. Take a deep breath
"UDP Query User{70F32CDB-7A81-40F0-934F-AD0FBA09E77D}c:\\program files\\skype\\phone\\skype.exe"= TCP:c:\program files\skype\phone\skype.exe:Skype. Take a deep breath
"TCP Query User{6BFBACAA-C246-448F-A2E1-8DC55F0CE7D7}c:\\program files\\ea games\\battlefield 2\\bf2_w32ded.exe"= UDP:c:\program files\ea games\battlefield 2\bf2_w32ded.exe:bf2_w32ded
"UDP Query User{84037F5F-DB24-4B8B-93DE-E4B6DC4726F8}c:\\program files\\ea games\\battlefield 2\\bf2_w32ded.exe"= TCP:c:\program files\ea games\battlefield 2\bf2_w32ded.exe:bf2_w32ded
"TCP Query User{86214709-A0D4-40BC-B3F1-0801DCD0BC7D}c:\\program files\\internet explorer\\iexplore.exe"= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{851F5145-FFEC-4BA2-973E-55FB244ACAD7}c:\\program files\\internet explorer\\iexplore.exe"= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"TCP Query User{7A3DA3B7-59F8-450B-A3C9-55030BC7A1A6}c:\\program files\\mozilla firefox\\firefox.exe"= UDP:c:\program files\mozilla firefox\firefox.exe:Firefox
"UDP Query User{F3032BC4-2797-4E45-980F-A5C06D9520A5}c:\\program files\\mozilla firefox\\firefox.exe"= TCP:c:\program files\mozilla firefox\firefox.exe:Firefox
"{BA701152-4132-4131-9750-BC23BE7929F7}"= UDP:c:\program files\GameSpy Arcade\Aphex.exe:GameSpy Arcade
"{6CD1DD7C-4875-4927-ADD5-3E6A82054D4B}"= TCP:c:\program files\GameSpy Arcade\Aphex.exe:GameSpy Arcade
"TCP Query User{F2D1BDF2-1238-4905-AA55-B76DC4CF069D}c:\\program files\\utorrent\\utorrent.exe"= UDP:c:\program files\utorrent\utorrent.exe:uTorrent
"UDP Query User{D8FA5FEF-71D2-405D-89DE-5C475BDB5814}c:\\program files\\utorrent\\utorrent.exe"= TCP:c:\program files\utorrent\utorrent.exe:uTorrent
"{C99AC7D6-C5CF-434D-B32B-D4A69B6EDD5C}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent (TCP-In)
"{844680D3-1B4D-4EC6-AF1F-BF2E806C1221}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent (UDP-In)
"TCP Query User{B7675C40-FBBC-41C9-9D8F-5E143150AEFE}c:\\program files\\limewire\\limewire.exe"= UDP:c:\program files\limewire\limewire.exe:LimeWire
"UDP Query User{EE730E70-10B8-4646-808C-D46A018ED114}c:\\program files\\limewire\\limewire.exe"= TCP:c:\program files\limewire\limewire.exe:LimeWire
"{9286939F-333A-4A8C-AA97-7B970C75C6D2}"= c:\program files\AVG\AVG8\avgupd.exe:avgupd.exe
"TCP Query User{7E00D05B-960B-40E0-89F0-83E34EBDC017}c:\\windows\\system32\\dplaysvr.exe"= UDP:c:\windows\system32\dplaysvr.exe:Microsoft DirectPlay Helper
"UDP Query User{977E4EFD-4D67-489E-8790-1FEC1FC60978}c:\\windows\\system32\\dplaysvr.exe"= TCP:c:\windows\system32\dplaysvr.exe:Microsoft DirectPlay Helper
"{C3629801-B2DA-42E8-9944-40B6AA5803CA}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{10E18A41-066D-4B3C-86B5-465B44CA8273}"= UDP:c:\program files\EA GAMES\Battlefield 2\BF2.exe:Battlefield 2
"{4D387EB7-FC19-44F3-9EBC-5A2ABC3C868E}"= TCP:c:\program files\EA GAMES\Battlefield 2\BF2.exe:Battlefield 2
"{33073742-4900-4F78-A7DC-E7ACCAC44F42}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{8023EC48-346E-4E44-8071-900CC5F95696}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{A9D82A4A-EE70-4DC2-859D-FB240320748C}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{936BCB89-7631-4A97-9F66-F7CC69AF4A66}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"{42864C84-E7EA-432F-9B05-3A7DEEA5A2B0}"= UDP:c:\program files\Ubisoft\Assassin's Creed\AssassinsCreed_Dx9.exe:Assassin's Creed Dx9
"{2D2810A1-5A48-4C3C-8EDC-25E37CC92590}"= TCP:c:\program files\Ubisoft\Assassin's Creed\AssassinsCreed_Dx9.exe:Assassin's Creed Dx9
"{1EEE6A8D-2150-4F5E-BDDA-12CC51ED069E}"= UDP:c:\program files\Ubisoft\Assassin's Creed\AssassinsCreed_Dx10.exe:Assassin's Creed Dx10
"{47C7637A-2DC5-4777-BCC6-03EEEC3E3B22}"= TCP:c:\program files\Ubisoft\Assassin's Creed\AssassinsCreed_Dx10.exe:Assassin's Creed Dx10
"{666FE74F-A710-4F5E-9AAF-3B672888F7CB}"= UDP:c:\program files\Ubisoft\Assassin's Creed\AssassinsCreed_Launcher.exe:Assassin's Creed Update
"{EEBC02F9-A38E-4833-B52C-FE8B7FCF3E25}"= TCP:c:\program files\Ubisoft\Assassin's Creed\AssassinsCreed_Launcher.exe:Assassin's Creed Update
"{B2DE4B7E-2BA5-40BD-AE63-7DB9C70264BA}"= c:\program files\Windows Live\Sync\WindowsLiveSync.exe:Windows Live Sync
"TCP Query User{61DF8BA7-DF8D-46CC-BB5D-F06967E48868}c:\\program files\\ea games\\battlefield 2\\mods\\stats\\server\\udrive\\usr\\local\\apache2\\bin\\apache.exe"= UDP:c:\program files\ea games\battlefield 2\mods\stats\server\udrive\usr\local\apache2\bin\apache.exe:Apache HTTP Server
"UDP Query User{96DC01DA-E41E-4F91-A74E-9ADA7C83F3FE}c:\\program files\\ea games\\battlefield 2\\mods\\stats\\server\\udrive\\usr\\local\\apache2\\bin\\apache.exe"= TCP:c:\program files\ea games\battlefield 2\mods\stats\server\udrive\usr\local\apache2\bin\apache.exe:Apache HTTP Server
"TCP Query User{D592C757-7B81-4EC9-9BD7-5FB3C27B9DBF}c:\\program files\\ea games\\battlefield 2\\mods\\stats\\server\\udrive\\usr\\local\\mysql\\bin\\mysqld-opt.exe"= UDP:c:\program files\ea games\battlefield 2\mods\stats\server\udrive\usr\local\mysql\bin\mysqld-opt.exe:mysqld-opt
"UDP Query User{E8702F7A-CA15-4A1A-98BF-00ABB604E82C}c:\\program files\\ea games\\battlefield 2\\mods\\stats\\server\\udrive\\usr\\local\\mysql\\bin\\mysqld-opt.exe"= TCP:c:\program files\ea games\battlefield 2\mods\stats\server\udrive\usr\local\mysql\bin\mysqld-opt.exe:mysqld-opt
"{06D0DBA4-4FB1-4E5A-AF59-13C08785533E}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{89A781AF-5605-4114-8054-5296019E0527}"= UDP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{8944B1EE-BEC3-4C0E-8C95-54497BDC225F}"= TCP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{579B5768-F02B-45F2-B85E-CDD0E8B07333}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{ED19D8CC-F1B1-47EA-B095-C0593787A7C1}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{9E505651-588A-4DC1-A224-2AD49BF6C79A}"= c:\program files\AVG\AVG8\avgnsx.exe:avgnsx.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

R0 Lbd;Lbd;c:\windows\System32\drivers\Lbd.sys [2009-02-16 64160]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\System32\drivers\avgldx86.sys [2008-06-21 325128]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\System32\drivers\avgtdix.sys [2009-01-31 107272]
R1 nod32drv;nod32drv;c:\windows\System32\drivers\nod32drv.sys [2007-07-21 15424]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2008-06-21 298264]
R2 SeaPort;SeaPort;c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2008-12-04 226640]
R2 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service;c:\windows\System32\TUProgSt.exe [2009-02-08 603904]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2009-01-18 950096]
S3 WinRing0_1_1_1;WinRing0_1_1_1;c:\users\mathias\Desktop\RealTemp_2.70\WinRing0.sys [2008-12-29 13904]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{638267bc-371a-11dc-be92-806e6f6e6963}]
\shell\AutoRun\command - F:\Autorun.exe
.
Inhoud van de 'Gedeelde Taken' map

2009-02-18 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2008-12-11 21:36]

2009-02-16 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-02-16 21:21]
.
- - - - ORPHANS VERWIJDERD - - - -

MSConfigStartUp-Sony Ericsson PC Suite - c:\program files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe


.
------- Bijkomende Scan -------
.
uStart Page = hxxp://warfearclan.co.uk/news.php
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
mStart Page = hxxp://nl.intl.acer.yahoo.com
uInternet Settings,ProxyOverride = *.local
IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
LSP: c:\windows\system32\imon.dll
FF - ProfilePath - c:\users\mathias\AppData\Roaming\Mozilla\Firefox\Profiles\c0lt7d3d.default\
FF - prefs.js: browser.startup.homepage - hxxp://warfearclan.co.uk/news.php
1 bestand(en) zijn verplaatst.
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll

---- FIREFOX POLICIES ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-18 20:44:56
Windows 6.0.6001 Service Pack 1 NTFS

scannen van verborgen processen ...

scannen van verborgen autostart items ...

scannen van verborgen bestanden ...

Scan succesvol afgerond
verborgen bestanden: 0

**************************************************************************
.
Voltooingstijd: 2009-02-18 20:47:27
ComboFix-quarantined-files.txt 2009-02-18 19:47:24

Pre-Run: 32.630.112.256 bytes beschikbaar
Post-Run: 32,384,716,800 bytes beschikbaar

287 --- E O F --- 2009-02-16 17:47:57

Opmerkingen: Na combofix geen internet meer! Heb dat die gids nog is doorgenomen ( op voorhand afgedrukt :D ) en opnieuw opgestart. Internet was terug.

Nu dat ding met die ???????? stond ook bij die lijst die moeten geladen worden tijdens het opstarten ( en ik kon da nooit afzetten)

En kan iemand mij wat info verschaffen over wat dat virus aanricht(e)?

EDIT: Net mijn C schijf doorgenomen! Een aantal documenten gevonden die voor die "cleaning boot sector" er niet waren

Titel eerste document "aaw7boot "staat het volgende in

================================================================================
Boot Cleaner
================================================================================
[~] Cleaning started at 2009-02-18 12:29
[~] Preparing to execute queued commands
[~] Deleting file: C:\Windows\System32\PicFormat32.dll
[~] Finished processing queued commands


================================================================================
Boot Cleaner
================================================================================
[~] Cleaning started at 2009-02-18 20:00


2de document : BOOTSECT.bak ( bak bestand dus ik duw daar maar niet op )

3De document: Rhd Setup : [ResponseResult]
ResultCode=0
[Install Progress]
Confirm Realtek Driver
Check Operation System Version
Realtek HD Audio Driver Vista Directory Exist .
delete C:\Program Files\Realtek\InstallShield
Copy Realtek HD Audio Driver from Vista Directory
Execute RTHDCPL.exe -Q to Stop it from C:Windows
Install Realtek HD Audio Audio Driver
--> SetupAPI result LAAW_PARAMETERS.nLaunchResult = -4
Register C:\Windows\system32\RtkAPO.dll in Vista system .


4de document TRACE bevat niks!

( begin mij hier ongerust te maken ... )

Juisterr

Legacy Member
Dat wat die vraagtekens waren weet ik ook niet, het kan een fout bestand of een corrupt bestand zijn.

Heeft U nog een nieuw HJT logje ter controle aub

maximvdb

Legacy Member
aub

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:28:56, on 19-2-2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\RtHDVCpl.exe
E:\Telemeter 3.0\Telemeter3.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Logitech\SetPoint II\SetpointII.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = WarFear Clan: News
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Yahoo! UK & Ireland
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Click-to-Call BHO - {5C255C8A-E604-49b4-9D64-90988571CECB} - C:\Program Files\Windows Live\Messenger\wlchtc.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Telemeter 3.0] "E:\Telemeter 3.0\telemeter3.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKCU\..\Run: [?????????] ??????????????e
O4 - HKCU\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: SetPointII.lnk = ?
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: In weblog opnemen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &In weblog opnemen met Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Mobiel Apple apparaat (Apple Mobile Device) - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe
O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software - C:\Windows\System32\TuneUpDefragService.exe
O23 - Service: @%SystemRoot%\System32\TUProgSt.exe,-1 (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\Windows\System32\TUProgSt.exe

--
End of file - 7492 bytes

Juisterr

Legacy Member
zet Ad-Watch van ad-aware even uit.

Klik met de rechtermuis op het programma Hijackthis
Kies voor uitvoeren als administrator. En kies dan 'Do a system scan only'
Selecteer alleen de items die hieronder zijn genoemd:

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O4 - HKCU\..\Run: [?????????] ??????????????e





Sluit alle vensters behalve Hijackthis
Klik op 'Fix checked' om de items te verwijderen.

maximvdb

Legacy Member
Heb dit gedaan! En dan nog is gescant ( met log file)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:15:18, on 20-2-2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\RtHDVCpl.exe
E:\Telemeter 3.0\Telemeter3.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Logitech\SetPoint II\SetpointII.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
C:\Program Files\iTunes\iTunes.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\TuneUp Utilities 2009\OneClick.exe
C:\Program Files\TuneUp Utilities 2009\RegistryCleaner.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = WarFear Clan: News
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Yahoo! UK & Ireland
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Click-to-Call BHO - {5C255C8A-E604-49b4-9D64-90988571CECB} - C:\Program Files\Windows Live\Messenger\wlchtc.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Telemeter 3.0] "E:\Telemeter 3.0\telemeter3.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKCU\..\Run: [?????????] ??????????????e
O4 - HKCU\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: SetPointII.lnk = ?
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: In weblog opnemen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &In weblog opnemen met Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Mobiel Apple apparaat (Apple Mobile Device) - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe
O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software - C:\Windows\System32\TuneUpDefragService.exe
O23 - Service: @%SystemRoot%\System32\TUProgSt.exe,-1 (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\Windows\System32\TUProgSt.exe

--
End of file - 7504 bytes



Die Yahoo is weg

Maar da ???????? staat er nog altijd tussen :S

Juisterr

Legacy Member
Open Kladblok, kopieer en plak het volgende (vetgedrukte, blauwe tekst) in een leeg venster:

Registry::

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"????r"=-


Sla dit op op je Bureaublad als CFScript.txt.

Sleep CFScript.txt in ComboFix.exe zoals getoond in onderstaand voorbeeld :

CFScriptB-4.gif




Dit zal ComboFix doen herstarten.

Na het herstarten van je computer, (indien het vraagt om te herstarten), kopieer en plak de inhoud van log.txt in je volgende antwoord.

maximvdb

Legacy Member
ComboFix 09-02-27.01 - mathias 2009-03-01 10:24:11.2 - NTFSx86
Microsoft® Windows Vista&#8482; Home Premium 6.0.6001.1.1252.1.1043.18.2046.1260 [GMT 1:00]
Gestart vanuit: c:\users\mathias\Desktop\ComboFix.exe
gebruikte Opdracht switches :: c:\users\mathias\Desktop\CFScript.txt..txt
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated)
AV: ESET NOD32 antivirus systeem 2.70 *On-access scanning enabled* (Updated)
* Nieuw herstelpunt werd aangemaakt
* Resident AV is active

.

(((((((((((((((((((( Bestanden Gemaakt van 2009-02-01 to 2009-03-01 ))))))))))))))))))))))))))))))
.

2009-02-20 17:28 . 2009-02-20 17:28 <DIR> d-------- c:\users\mathias\AppData\Roaming\Sony
2009-02-20 17:28 . 2009-02-20 17:28 <DIR> d-------- c:\users\All Users\Sony
2009-02-20 17:28 . 2009-02-20 17:28 <DIR> d-------- c:\programdata\Sony
2009-02-20 17:23 . 2009-02-20 17:23 <DIR> d-------- c:\program files\Sony Ericsson
2009-02-20 17:23 . 2009-02-20 17:23 <DIR> d-------- c:\program files\Sony
2009-02-20 17:23 . 2009-02-20 17:23 <DIR> d-------- c:\program files\Common Files\Sony Shared
2009-02-17 07:51 . 2009-02-16 21:22 15,688 --a------ c:\windows\System32\lsdelete.exe
2009-02-16 21:22 . 2009-02-16 21:21 64,160 --a------ c:\windows\System32\drivers\Lbd.sys
2009-02-16 20:54 . 2009-02-16 20:54 <DIR> d--h-c--- c:\users\All Users\{83C91755-2546-441D-AC40-9A6B4B860800}
2009-02-16 20:54 . 2009-02-16 20:54 <DIR> d--h-c--- c:\programdata\{83C91755-2546-441D-AC40-9A6B4B860800}
2009-02-16 20:53 . 2009-02-16 20:53 <DIR> d-------- c:\program files\Lavasoft
2009-02-13 17:50 . 2008-06-20 02:14 781,344 --a------ c:\windows\System32\PresentationNative_v0300.dll
2009-02-13 17:50 . 2008-06-20 02:14 622,080 --a------ c:\windows\System32\icardagt.exe
2009-02-13 17:50 . 2008-06-20 02:14 326,160 --a------ c:\windows\System32\PresentationHost.exe
2009-02-13 17:50 . 2008-06-20 02:14 105,016 --a------ c:\windows\System32\PresentationCFFRasterizerNative_v0300.dll
2009-02-13 17:50 . 2008-06-20 02:14 97,800 --a------ c:\windows\System32\infocardapi.dll
2009-02-13 17:50 . 2008-06-20 02:14 43,544 --a------ c:\windows\System32\PresentationHostProxy.dll
2009-02-13 17:50 . 2008-06-20 02:14 37,384 --a------ c:\windows\System32\infocardcpl.cpl
2009-02-13 17:50 . 2008-06-20 02:14 11,264 --a------ c:\windows\System32\icardres.dll
2009-02-13 17:42 . 2008-07-27 19:03 282,112 --a------ c:\windows\System32\mscoree.dll
2009-02-13 17:42 . 2008-07-27 19:03 158,720 --a------ c:\windows\System32\mscorier.dll
2009-02-13 17:42 . 2008-07-27 19:03 96,760 --a------ c:\windows\System32\dfshim.dll
2009-02-13 17:42 . 2008-07-27 19:03 41,984 --a------ c:\windows\System32\netfxperf.dll
2009-02-13 17:41 . 2008-07-27 19:03 83,968 --a------ c:\windows\System32\mscories.dll
2009-02-13 17:38 . 2008-12-05 05:32 428,544 --a------ c:\windows\System32\EncDec.dll
2009-02-13 17:38 . 2008-12-05 05:32 293,376 --a------ c:\windows\System32\psisdecd.dll
2009-02-13 17:38 . 2008-12-05 05:31 217,088 --a------ c:\windows\System32\psisrndr.ax
2009-02-13 17:38 . 2008-12-05 05:31 177,664 --a------ c:\windows\System32\mpg2splt.ax
2009-02-13 17:38 . 2008-12-05 05:31 80,896 --a------ c:\windows\System32\MSNP.ax
2009-02-11 18:29 . 2009-01-15 04:36 1,383,424 --a------ c:\windows\System32\mshtml.tlb
2009-02-11 18:29 . 2009-01-15 07:11 827,392 --a------ c:\windows\System32\wininet.dll
2009-02-08 19:28 . 2009-02-08 19:29 <DIR> d-------- c:\program files\CCleaner
2009-02-08 19:14 . 2009-02-08 19:14 <DIR> d-------- c:\users\mathias\AppData\Roaming\TuneUp Software
2009-02-08 19:14 . 2009-02-08 19:14 603,904 --a------ c:\windows\System32\TUProgSt.exe
2009-02-08 19:14 . 2009-02-08 19:14 360,192 --a------ c:\windows\System32\TuneUpDefragService.exe
2009-02-08 19:14 . 2008-12-11 13:31 27,904 --a------ c:\windows\System32\uxtuneup.dll
2009-02-08 19:14 . 2008-12-11 13:31 17,152 --a------ c:\windows\System32\authuitu.dll
2009-02-08 19:13 . 2009-02-08 19:13 <DIR> d-------- c:\users\All Users\TuneUp Software
2009-02-08 19:13 . 2009-02-08 19:13 <DIR> d--hs---- c:\users\All Users\{55A29068-F2CE-456C-9148-C869879E2357}
2009-02-08 19:13 . 2009-02-08 19:13 <DIR> d-------- c:\programdata\TuneUp Software
2009-02-08 19:13 . 2009-02-08 19:13 <DIR> d--hs---- c:\programdata\{55A29068-F2CE-456C-9148-C869879E2357}
2009-02-08 19:13 . 2009-02-08 19:14 <DIR> d-------- c:\program files\TuneUp Utilities 2009
2009-02-04 13:31 . 2009-02-04 13:31 <DIR> d-------- c:\windows\System32\Futuremark
2009-02-04 13:31 . 2009-02-04 13:31 <DIR> d-------- c:\program files\Common Files\Futuremark Shared
2009-02-04 13:31 . 2008-09-17 15:14 27,672 -ra------ c:\windows\System32\drivers\Entech.sys
2009-02-02 17:18 . 2009-02-02 17:18 <DIR> d-------- c:\program files\SpeedFan
2009-02-02 17:18 . 2009-02-02 17:18 45 --a------ c:\windows\System32\initdebug.nfo

.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-28 21:00 --------- d-----w c:\users\mathias\AppData\Roaming\LimeWire
2009-02-28 10:57 --------- d-----w c:\program files\Microsoft Silverlight
2009-02-16 19:53 --------- d-----w c:\programdata\Lavasoft
2009-02-16 18:43 201,352 ----a-w c:\windows\System32\PnkBstrB.exe
2009-02-16 18:43 140,216 ----a-w c:\windows\system32\drivers\PnkBstrK.sys
2009-02-15 13:01 --------- d-----w c:\program files\Electronic Arts
2009-02-12 17:36 --------- d-----w c:\programdata\Microsoft Help
2009-02-12 17:36 --------- d-----w c:\program files\Windows Mail
2009-02-09 16:16 --------- d-----w c:\users\mathias\AppData\Roaming\uTorrent
2009-02-08 15:51 --------- d-----w c:\program files\Common Files\DVDVideoSoft
2009-02-08 15:50 --------- d-----w c:\program files\DVDVideoSoft
2009-02-04 12:31 --------- d--h--w c:\program files\InstallShield Installation Information
2009-01-31 17:42 325,128 ----a-w c:\windows\system32\drivers\avgldx86.sys
2009-01-31 17:42 107,272 ----a-w c:\windows\system32\drivers\avgtdix.sys
2009-01-31 17:42 10,520 ----a-w c:\windows\System32\avgrsstx.dll
2009-01-31 17:42 --------- d-----w c:\programdata\avg8
2009-01-29 17:03 --------- d-----w c:\programdata\Xfire
2009-01-28 19:09 --------- d-----w c:\users\mathias\AppData\Roaming\Xfire
2009-01-28 19:09 --------- d-----w c:\program files\Xfire
2009-01-27 16:41 --------- d-----w c:\program files\PKR
2009-01-27 00:58 --------- d-----w c:\users\mathias\AppData\Roaming\teamspeak2
2009-01-27 00:58 --------- d-----w c:\users\mathias\AppData\Roaming\DAEMON Tools
2009-01-26 21:49 --------- d-----w c:\program files\MSBuild
2009-01-26 21:49 --------- d-----w c:\program files\Microsoft Works
2009-01-26 21:47 --------- d-----w c:\program files\Microsoft.NET
2009-01-26 21:39 --------- d-----w c:\program files\Microsoft Visual Studio 8
2009-01-26 20:10 --------- d-----w c:\users\mathias\AppData\Roaming\LaCie
2009-01-26 20:09 --------- d-----w c:\program files\LaCie
2009-01-23 01:18 42,320 ----a-w c:\windows\System32\xfcodec.dll
2009-01-19 17:42 --------- d-----w c:\program files\EA GAMES
2009-01-16 11:48 --------- d-----w c:\programdata\Electronic Arts
2008-12-30 01:21 66,872 ----a-w c:\windows\System32\PnkBstrA.exe
2008-12-21 12:56 410,984 ----a-w c:\windows\System32\deploytk.dll
2008-12-04 23:31 308,584 ----a-w c:\windows\WLXPGSS.SCR
2008-12-02 21:37 49,480 ----a-w c:\windows\System32\sirenacm.dll
2008-11-28 18:23 47,360 ----a-w c:\users\mathias\AppData\Roaming\pcouffin.sys
2008-08-01 17:00 56 ---ha-w c:\users\All Users\ezsidmv.dat
2008-08-01 17:00 56 ---ha-w c:\programdata\ezsidmv.dat
2008-05-29 16:10 174 --sha-w c:\program files\desktop.ini
.

((((((((((((((((((((((((((((( SnapShot@2009-02-18_20.45.29,00 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-02-20 16:25:01 7,510,016 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\AppCommon\e38327028c834364a32d520952c698d0\AppCommon.ni.dll
+ 2009-02-20 16:25:18 59,904 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\AxInterop.QTOContro#\41c5b6ee1574174cfa6e670f6adf319a\AxInterop.QTOControlLib.ni.dll
+ 2009-02-20 16:25:08 114,176 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\AxInterop.SHDocVw\7ac62b4d10e40d56ca2cbf00d6e484a6\AxInterop.SHDocVw.ni.dll
+ 2009-02-20 16:25:16 151,552 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\AxInterop.WMPLib\bcbd1e1fb2e61688adc52a07c8d3c3cf\AxInterop.WMPLib.ni.dll
+ 2009-02-20 16:25:12 210,432 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\GCPlayer\55b919767f44ba9ac061dbdb60568cfd\GCPlayer.ni.dll
+ 2009-02-20 16:25:13 30,208 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\Interfaces\fa3d88c8547a4689e5740c114ceb491b\Interfaces.ni.dll
+ 2009-02-20 16:25:14 374,784 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\Interop.CDDBCONTROL#\8282af6c1c240d66562a84aec8287dcf\Interop.CDDBCONTROLLibSMS.ni.dll
+ 2009-02-20 16:25:15 42,496 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\Interop.CDDBLINKLib#\42a1c542da975e1085b09e5c58f14fee\Interop.CDDBLINKLibSMS.ni.dll
+ 2009-02-20 16:25:19 35,328 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\Interop.CDDBUICONTR#\8bb81ff0510cb6e77d0a0f9c7c7a5c49\Interop.CDDBUICONTROLLibSMS.ni.dll
+ 2009-02-20 16:25:12 100,864 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\Interop.IWshRuntime#\46de9acfa744ac39c17829df0868859d\Interop.IWshRuntimeLibrary.ni.dll
+ 2009-02-20 16:25:13 77,312 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\Interop.PortableDev#\2b04206e49af8418a61ac7032dfe929b\Interop.PortableDeviceApiLib.ni.dll
+ 2009-02-20 16:25:19 76,800 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\Interop.PortableDev#\fb22d56db8ee722ad6619c847cad31c7\Interop.PortableDeviceTypesLib.ni.dll
+ 2009-02-20 16:25:18 60,928 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\Interop.QTOControlL#\3a6d3b1cbd8167833bf9c8163ef3c4b4\Interop.QTOControlLib.ni.dll
+ 2009-02-20 16:25:19 204,288 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\Interop.QTOLibrary\65f651e080112919978d43c544e1c71e\Interop.QTOLibrary.ni.dll
+ 2009-02-20 16:25:09 311,808 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\Interop.SHDocVw\d8f55817b394549b9c69afcdce31d634\Interop.SHDocVw.ni.dll
+ 2009-02-20 16:25:16 812,032 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\Interop.WMPLib\e9e320cf9ec276fdf7f35ebe443fd84c\Interop.WMPLib.ni.dll
+ 2009-02-20 16:25:08 657,920 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\log4net\ac04479607865fbf9b52da2e4726533d\log4net.ni.dll
+ 2009-02-20 16:25:15 856,576 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\Lucene.Net\ac75b659148387659f3c03e9371d1868\Lucene.Net.ni.dll
+ 2009-02-20 16:25:06 950,272 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\MediaManager.GUI\095a2f50fa66004af8c35a5b66c3acb7\MediaManager.GUI.ni.dll
+ 2009-02-20 16:25:20 261,120 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\MediaManager.Splash#\c392a46ef96970f3a257b8d26cd1464b\MediaManager.SplashScreen.ni.dll
+ 2009-02-20 16:25:11 122,368 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\MediaManager.Utils\396edde8c2d5d3fb6e871333377740ec\MediaManager.Utils.ni.dll
+ 2009-02-20 16:24:56 1,794,048 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\MediaManager\3a0c7cf8bcc6b3007ec105eacb7d9aeb\MediaManager.ni.exe
+ 2009-02-20 16:25:04 600,064 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\PerstNET\9e41eb44a2755244f5acc1bf7d10c5ca\PerstNET.ni.dll
+ 2009-02-20 16:25:17 29,184 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\SFMARKETLib\0a048ef3379f2d36b4a137d6d703ee59\SFMARKETLib.ni.dll
+ 2009-02-20 16:25:10 1,005,568 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\Sony.MediaSoftware.#\b48ef65e137196ceb63af5ce11ca15eb\Sony.MediaSoftware.clrshared.ni.dll
- 2009-02-18 12:29:20 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-03-01 08:58:16 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-02-18 12:29:20 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2009-03-01 08:58:16 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2009-02-18 12:31:15 155,648 ----a-w c:\windows\ServiceProfiles\LocalService\ntuser.dat
+ 2009-03-01 09:00:06 155,648 ----a-w c:\windows\ServiceProfiles\LocalService\ntuser.dat
- 2009-02-18 12:31:10 155,648 ----a-w c:\windows\ServiceProfiles\NetworkService\ntuser.dat
+ 2009-03-01 09:00:01 155,648 ----a-w c:\windows\ServiceProfiles\NetworkService\ntuser.dat
- 2009-02-18 12:29:20 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-03-01 08:59:45 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-02-18 12:29:20 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-03-01 08:59:45 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-02-18 12:29:20 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-03-01 08:59:45 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-02-18 19:41:49 262,144 ----a-w c:\windows\System32\config\systemprofile\ntuser.dat
+ 2009-03-01 09:23:41 262,144 ----a-w c:\windows\System32\config\systemprofile\ntuser.dat
+ 2009-03-01 09:23:41 262,144 ---ha-w c:\windows\System32\config\systemprofile\ntuser.dat.LOG1
- 2009-02-18 12:33:52 117,790 ----a-w c:\windows\System32\perfc009.dat
+ 2009-02-20 16:09:18 117,790 ----a-w c:\windows\System32\perfc009.dat
- 2009-02-18 12:33:53 148,342 ----a-w c:\windows\System32\perfc013.dat
+ 2009-02-20 16:09:18 148,342 ----a-w c:\windows\System32\perfc013.dat
- 2009-02-18 12:33:53 628,288 ----a-w c:\windows\System32\perfh009.dat
+ 2009-02-20 16:09:18 628,288 ----a-w c:\windows\System32\perfh009.dat
- 2009-02-18 12:33:53 714,616 ----a-w c:\windows\System32\perfh013.dat
+ 2009-02-20 16:09:18 714,616 ----a-w c:\windows\System32\perfh013.dat
- 2009-02-18 12:31:29 12,040 ----a-w c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-651620978-1254063982-356993984-1000_UserData.bin
+ 2009-03-01 09:00:16 12,418 ----a-w c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-651620978-1254063982-356993984-1000_UserData.bin
- 2009-02-18 12:31:29 118,032 ----a-w c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2009-03-01 09:00:15 119,102 ----a-w c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2009-02-18 12:31:23 69,792 ----a-w c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-03-01 09:00:13 71,294 ----a-w c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
.
-- Snapshot teruggezet naar huidige datum --
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"????r"="" [?]
"?????????"="??????????????e" [?]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-06-14 221184]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-07-11 90112]
"nod32kui"="c:\program files\Eset\nod32kui.exe" [2007-07-21 949376]
"Telemeter 3.0"="e:\telemeter 3.0\telemeter3.exe" [2007-04-15 1441792]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-01-31 1601304]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-10-07 13584928]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-10-07 92704]
"WarReg_PopUp"="c:\acer\WR_PopUp\WarReg_PopUp.exe" [2006-11-05 57344]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-02-16 509784]
"RtHDVCpl"="RtHDVCpl.exe" [2007-02-15 c:\windows\RtHDVCpl.exe]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 c:\windows\KHALMNPR.Exe]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2008-07-26 805392]
SetPointII.lnk - c:\program files\Logitech\SetPoint II\SetpointII.exe [2007-08-30 319488]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.XFR1"= xfcodec.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKLM\~\startupfolder\C:^Users^mathias^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Xfire.lnk]
path=c:\users\mathias\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Xfire.lnk
backup=c:\windows\pss\Xfire.lnk.Startup
backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acer Empowering Technology Monitor]
--a------ 2006-11-23 15:24 319488 c:\windows\System32\SysMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
--a------ 2008-10-01 12:57 111936 c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
--a------ 2008-08-08 13:11 490952 c:\program files\DAEMON Tools Lite\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LaCie Backup]
--a------ 2007-12-03 10:31 2600960 c:\program files\LaCie\Backup Software\LacieBackup.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
--a------ 2008-12-02 22:38 3882312 c:\program files\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-09-06 15:09 413696 c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
-ra------ 2008-07-30 16:17 21738792 c:\program files\Skype\Phone\Skype.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ISUSPM Startup"=c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
"Sidebar"=c:\program files\Windows Sidebar\sidebar.exe /autoRun

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"BrMfcWnd"=c:\program files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe"
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" -start
"ControlCenter3"=c:\program files\Brother\ControlCenter3\brctrcen.exe /autorun
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"TCP Query User{6E2C6225-73EB-451D-9DC3-F9CE6ECF4774}c:\\program files\\xfire\\xfire.exe"= UDP:c:\program files\xfire\xfire.exe:Xfire
"UDP Query User{AA28F8B0-ED24-436B-8F51-3A6D1F2940E5}c:\\program files\\xfire\\xfire.exe"= TCP:c:\program files\xfire\xfire.exe:Xfire
"TCP Query User{E41E58CB-0713-45C1-BA68-E278856CD631}c:\\program files\\skype\\phone\\skype.exe"= UDP:c:\program files\skype\phone\skype.exe:Skype. Take a deep breath
"UDP Query User{70F32CDB-7A81-40F0-934F-AD0FBA09E77D}c:\\program files\\skype\\phone\\skype.exe"= TCP:c:\program files\skype\phone\skype.exe:Skype. Take a deep breath
"TCP Query User{6BFBACAA-C246-448F-A2E1-8DC55F0CE7D7}c:\\program files\\ea games\\battlefield 2\\bf2_w32ded.exe"= UDP:c:\program files\ea games\battlefield 2\bf2_w32ded.exe:bf2_w32ded
"UDP Query User{84037F5F-DB24-4B8B-93DE-E4B6DC4726F8}c:\\program files\\ea games\\battlefield 2\\bf2_w32ded.exe"= TCP:c:\program files\ea games\battlefield 2\bf2_w32ded.exe:bf2_w32ded
"TCP Query User{86214709-A0D4-40BC-B3F1-0801DCD0BC7D}c:\\program files\\internet explorer\\iexplore.exe"= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{851F5145-FFEC-4BA2-973E-55FB244ACAD7}c:\\program files\\internet explorer\\iexplore.exe"= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"TCP Query User{7A3DA3B7-59F8-450B-A3C9-55030BC7A1A6}c:\\program files\\mozilla firefox\\firefox.exe"= UDP:c:\program files\mozilla firefox\firefox.exe:Firefox
"UDP Query User{F3032BC4-2797-4E45-980F-A5C06D9520A5}c:\\program files\\mozilla firefox\\firefox.exe"= TCP:c:\program files\mozilla firefox\firefox.exe:Firefox
"{BA701152-4132-4131-9750-BC23BE7929F7}"= UDP:c:\program files\GameSpy Arcade\Aphex.exe:GameSpy Arcade
"{6CD1DD7C-4875-4927-ADD5-3E6A82054D4B}"= TCP:c:\program files\GameSpy Arcade\Aphex.exe:GameSpy Arcade
"TCP Query User{F2D1BDF2-1238-4905-AA55-B76DC4CF069D}c:\\program files\\utorrent\\utorrent.exe"= UDP:c:\program files\utorrent\utorrent.exe:uTorrent
"UDP Query User{D8FA5FEF-71D2-405D-89DE-5C475BDB5814}c:\\program files\\utorrent\\utorrent.exe"= TCP:c:\program files\utorrent\utorrent.exe:uTorrent
"{C99AC7D6-C5CF-434D-B32B-D4A69B6EDD5C}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent (TCP-In)
"{844680D3-1B4D-4EC6-AF1F-BF2E806C1221}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent (UDP-In)
"TCP Query User{B7675C40-FBBC-41C9-9D8F-5E143150AEFE}c:\\program files\\limewire\\limewire.exe"= UDP:c:\program files\limewire\limewire.exe:LimeWire
"UDP Query User{EE730E70-10B8-4646-808C-D46A018ED114}c:\\program files\\limewire\\limewire.exe"= TCP:c:\program files\limewire\limewire.exe:LimeWire
"{9286939F-333A-4A8C-AA97-7B970C75C6D2}"= c:\program files\AVG\AVG8\avgupd.exe:avgupd.exe
"TCP Query User{7E00D05B-960B-40E0-89F0-83E34EBDC017}c:\\windows\\system32\\dplaysvr.exe"= UDP:c:\windows\system32\dplaysvr.exe:Microsoft DirectPlay Helper
"UDP Query User{977E4EFD-4D67-489E-8790-1FEC1FC60978}c:\\windows\\system32\\dplaysvr.exe"= TCP:c:\windows\system32\dplaysvr.exe:Microsoft DirectPlay Helper
"{C3629801-B2DA-42E8-9944-40B6AA5803CA}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{10E18A41-066D-4B3C-86B5-465B44CA8273}"= UDP:c:\program files\EA GAMES\Battlefield 2\BF2.exe:Battlefield 2
"{4D387EB7-FC19-44F3-9EBC-5A2ABC3C868E}"= TCP:c:\program files\EA GAMES\Battlefield 2\BF2.exe:Battlefield 2
"{33073742-4900-4F78-A7DC-E7ACCAC44F42}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{8023EC48-346E-4E44-8071-900CC5F95696}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{A9D82A4A-EE70-4DC2-859D-FB240320748C}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{936BCB89-7631-4A97-9F66-F7CC69AF4A66}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"{42864C84-E7EA-432F-9B05-3A7DEEA5A2B0}"= UDP:c:\program files\Ubisoft\Assassin's Creed\AssassinsCreed_Dx9.exe:Assassin's Creed Dx9
"{2D2810A1-5A48-4C3C-8EDC-25E37CC92590}"= TCP:c:\program files\Ubisoft\Assassin's Creed\AssassinsCreed_Dx9.exe:Assassin's Creed Dx9
"{1EEE6A8D-2150-4F5E-BDDA-12CC51ED069E}"= UDP:c:\program files\Ubisoft\Assassin's Creed\AssassinsCreed_Dx10.exe:Assassin's Creed Dx10
"{47C7637A-2DC5-4777-BCC6-03EEEC3E3B22}"= TCP:c:\program files\Ubisoft\Assassin's Creed\AssassinsCreed_Dx10.exe:Assassin's Creed Dx10
"{666FE74F-A710-4F5E-9AAF-3B672888F7CB}"= UDP:c:\program files\Ubisoft\Assassin's Creed\AssassinsCreed_Launcher.exe:Assassin's Creed Update
"{EEBC02F9-A38E-4833-B52C-FE8B7FCF3E25}"= TCP:c:\program files\Ubisoft\Assassin's Creed\AssassinsCreed_Launcher.exe:Assassin's Creed Update
"{B2DE4B7E-2BA5-40BD-AE63-7DB9C70264BA}"= c:\program files\Windows Live\Sync\WindowsLiveSync.exe:Windows Live Sync
"TCP Query User{61DF8BA7-DF8D-46CC-BB5D-F06967E48868}c:\\program files\\ea games\\battlefield 2\\mods\\stats\\server\\udrive\\usr\\local\\apache2\\bin\\apache.exe"= UDP:c:\program files\ea games\battlefield 2\mods\stats\server\udrive\usr\local\apache2\bin\apache.exe:Apache HTTP Server
"UDP Query User{96DC01DA-E41E-4F91-A74E-9ADA7C83F3FE}c:\\program files\\ea games\\battlefield 2\\mods\\stats\\server\\udrive\\usr\\local\\apache2\\bin\\apache.exe"= TCP:c:\program files\ea games\battlefield 2\mods\stats\server\udrive\usr\local\apache2\bin\apache.exe:Apache HTTP Server
"TCP Query User{D592C757-7B81-4EC9-9BD7-5FB3C27B9DBF}c:\\program files\\ea games\\battlefield 2\\mods\\stats\\server\\udrive\\usr\\local\\mysql\\bin\\mysqld-opt.exe"= UDP:c:\program files\ea games\battlefield 2\mods\stats\server\udrive\usr\local\mysql\bin\mysqld-opt.exe:mysqld-opt
"UDP Query User{E8702F7A-CA15-4A1A-98BF-00ABB604E82C}c:\\program files\\ea games\\battlefield 2\\mods\\stats\\server\\udrive\\usr\\local\\mysql\\bin\\mysqld-opt.exe"= TCP:c:\program files\ea games\battlefield 2\mods\stats\server\udrive\usr\local\mysql\bin\mysqld-opt.exe:mysqld-opt
"{06D0DBA4-4FB1-4E5A-AF59-13C08785533E}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{89A781AF-5605-4114-8054-5296019E0527}"= UDP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{8944B1EE-BEC3-4C0E-8C95-54497BDC225F}"= TCP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{579B5768-F02B-45F2-B85E-CDD0E8B07333}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{ED19D8CC-F1B1-47EA-B095-C0593787A7C1}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{9E505651-588A-4DC1-A224-2AD49BF6C79A}"= c:\program files\AVG\AVG8\avgnsx.exe:avgnsx.exe
"{51260B86-443D-47BF-ADE0-5419C0AB41A1}"= UDP:c:\program files\Sony Ericsson\Sony Ericsson Media Manager\MediaManager.exe:Sony Ericsson Media Manager 1.2
"{370FCB6B-520F-49FB-896F-EFCC2F4E934C}"= TCP:c:\program files\Sony Ericsson\Sony Ericsson Media Manager\MediaManager.exe:Sony Ericsson Media Manager 1.2

R0 Lbd;Lbd;c:\windows\System32\drivers\Lbd.sys [2009-02-16 64160]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\System32\drivers\avgldx86.sys [2008-06-21 325128]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\System32\drivers\avgtdix.sys [2009-01-31 107272]
R1 nod32drv;nod32drv;c:\windows\System32\drivers\nod32drv.sys [2007-07-21 15424]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2008-06-21 298264]
R2 SeaPort;SeaPort;c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2008-12-04 226640]
R2 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service;c:\windows\System32\TUProgSt.exe [2009-02-08 603904]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2009-01-18 950096]
S3 WinRing0_1_1_1;WinRing0_1_1_1;c:\users\mathias\Desktop\RealTemp_2.70\WinRing0.sys [2008-12-29 13904]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{638267bc-371a-11dc-be92-806e6f6e6963}]
\shell\AutoRun\command - F:\Start.exe
.
Inhoud van de 'Gedeelde Taken' map

2009-03-01 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2008-12-11 21:36]

2009-02-16 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-02-16 21:21]
.
.
------- Bijkomende Scan -------
.
uStart Page = hxxp://warfearclan.co.uk/news.php
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
mStart Page = hxxp://nl.intl.acer.yahoo.com
uInternet Settings,ProxyOverride = *.local
IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
LSP: c:\windows\system32\imon.dll
FF - ProfilePath - c:\users\mathias\AppData\Roaming\Mozilla\Firefox\Profiles\c0lt7d3d.default\
FF - prefs.js: browser.startup.homepage - hxxp://warfearclan.co.uk/news.php
1 bestand(en) zijn verplaatst.
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll

---- FIREFOX POLICIES ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-01 10:26:54
Windows 6.0.6001 Service Pack 1 NTFS

scannen van verborgen processen ...

scannen van verborgen autostart items ...

scannen van verborgen bestanden ...

Scan succesvol afgerond
verborgen bestanden: 0

**************************************************************************
.
--------------------- DLLs Geladen Onder Lopende Processen ---------------------

- - - - - - - > 'Explorer.exe'(3444)
c:\program files\Logitech\SetPoint\lgscroll.dll
.
Voltooingstijd: 2009-03-01 10:29:33
ComboFix-quarantined-files.txt 2009-03-01 09:29:29
ComboFix2.txt 2009-02-18 19:47:29

Pre-Run: 25.417.379.840 bytes beschikbaar
Post-Run: 25,198,718,976 bytes beschikbaar

340 --- E O F --- 2009-02-28 10:44:04

maximvdb

Legacy Member
En hier een Hijackthis logje:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:46:00, on 1-3-2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
E:\Telemeter 3.0\Telemeter3.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Logitech\SetPoint II\SetpointII.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Microsoft Office\Office12\WINWORD.EXE
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\Microsoft\Office Live\OfficeLiveSignIn.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = WarFear Clan: News
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Yahoo! UK & Ireland
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Click-to-Call BHO - {5C255C8A-E604-49b4-9D64-90988571CECB} - C:\Program Files\Windows Live\Messenger\wlchtc.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Telemeter 3.0] "E:\Telemeter 3.0\telemeter3.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKCU\..\Run: [?????????] ??????????????e
O4 - HKCU\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: SetPointII.lnk = ?
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: In weblog opnemen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &In weblog opnemen met Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Mobiel Apple apparaat (Apple Mobile Device) - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe
O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software - C:\Windows\System32\TuneUpDefragService.exe
O23 - Service: @%SystemRoot%\System32\TUProgSt.exe,-1 (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\Windows\System32\TUProgSt.exe

--
End of file - 7605 bytes


Sorry voor het late antwoord maar ik was gaan skiën.

( Ik moest 2 posts maken! te veel tekens voor 1 post ...)

OPM. Toen ik combofix liet lopen had ik al mijn virus scanners uitgezet! Toch bleef hij beweren dat NOD32 opstond :S

Juisterr

Legacy Member
Open Kladblok, kopieer en plak het volgende (vetgedrukte, blauwe
tekst) in een leeg venster:


  • @echo off

    sc stop CLTNetCnService
    sc delete CLTNetCnService
    cls

    exit



    Sla dit op op je Bureaublad als service.bat, met als type 'alle
    bestanden'

    Dubbelklik op service.bat om uit te voeren.



    vraagje, ik kan niet zien wat dit nu precies is voor bestand.
    O4 - HKCU\..\Run: [?????????] ??????????????e

    Misschien dan je die opzoeken kan op je pc ?

maximvdb

Legacy Member
Als ik dubbel click op die service.bat komt er 1 sec een venstertje en dat is dan direct weg ... Normaal of niet ?


Van dat ????? vind ik nergens terug... Als ik tuneup utilities open kan ik dat zien staan bij opstart programmas maar als ik het wil afzetten of verwijderen krijg ik een error!

Zal sebiet nog een Hijackthislog plaatsen

EDIT: als ik zoek op ??????????????e dan krijg een groot deel van mijn films muziek word documenten etc ....

Juisterr

Legacy Member
die films en muziek bestanden doen het allemaal ? misschien zit er een corrupt file bij

maximvdb

Legacy Member
Heb net nog is gedaan! en dan krijg windows search kan niet alle resultaten bevatten! Krijg alle soorten files (mp3 video photo word excel etc...)

Juisterr

Legacy Member
ik weet niet waarom er vraagtekens in staan maar het lijkt me geen kwaad te kunnen.

maximvdb

Legacy Member
Ik denkt het ook niet! Maar ik vind het gewoon vreemd dat het bij opstart programma's staat en dat ik het niet kan uitzetten!

maximvdb

Legacy Member
Ik denk het ook niet! Goed werk juisterr bedankt voor het opkuiswerk!

Juisterr

Legacy Member
Je mag alle gebruikte tools en aangemaakte mappen terug verwijderen.

Verwijder ComboFix via Start > Uitvoeren, kopiëer en plak Combofix /U
Klik op OK of toets Enter.
Dit verwijdert zowel ComboFix, als je oude systeemherstelpunten (met eventuele restanten van malware), en maakt een nieuw systeemherstelpunt aan.

CFuninstall.png

maximvdb

Legacy Member
Combofix verwijderd!

maar euh! Dernet even Adaware laten lopen! 4 fouten in system 32

Hier log van ad aware

Logfile created: 7-3-2009 18:25:47
Lavasoft Ad-Aware version: 8.0
Extended engine version: 8.1
User performing scan: mathias

*********************** Definitions database information ***********************
Lavasoft definition file: 146.18
Extended engine definition file: 8.1

******************************** Scan results: *********************************
Scan profile name: Vol. scan (ID: full)
Objects scanned: 155010
Objects detected: 27


Type Detected
==========================
Processes.......: 0
Registry entries: 0
Hostfile entries: 0
Files...........: 4
Folders.........: 0
LSPs............: 0
Cookies.........: 23
Browser hijacks.: 0
MRU objects.....: 0



Removed items:
Description: *atdmt* Family Name: Cookies Clean status: Success Item ID: 408910 Family ID: 0
Description: *metriweb* Family Name: Cookies Clean status: Success Item ID: 408990 Family ID: 0
Description: *2o7* Family Name: Cookies Clean status: Success Item ID: 408943 Family ID: 0
Description: *atdmt* Family Name: Cookies Clean status: Success Item ID: 408910 Family ID: 0
Description: *metriweb* Family Name: Cookies Clean status: Success Item ID: 408990 Family ID: 0
Description: *2o7* Family Name: Cookies Clean status: Success Item ID: 408943 Family ID: 0
Description: *2o7* Family Name: Cookies Clean status: Success Item ID: 408943 Family ID: 0
Description: *atdmt* Family Name: Cookies Clean status: Success Item ID: 408910 Family ID: 0
Description: *tradedoubler* Family Name: Cookies Clean status: Success Item ID: 408964 Family ID: 0
Description: *metriweb* Family Name: Cookies Clean status: Success Item ID: 408990 Family ID: 0
Description: *doubleclick* Family Name: Cookies Clean status: Success Item ID: 408875 Family ID: 0
Description: *statcounter* Family Name: Cookies Clean status: Success Item ID: 409185 Family ID: 0
Description: *adultfriendfinder* Family Name: Cookies Clean status: Success Item ID: 409164 Family ID: 0
Description: *adopt.euroclick* Family Name: Cookies Clean status: Success Item ID: 409169 Family ID: 0
Description: *ad.yieldmanager* Family Name: Cookies Clean status: Success Item ID: 409172 Family ID: 0
Description: *estat* Family Name: Cookies Clean status: Success Item ID: 408873 Family ID: 0
Description: *webstat* Family Name: Cookies Clean status: Success Item ID: 409228 Family ID: 0
Description: *statse.webtrends* Family Name: Cookies Clean status: Success Item ID: 408803 Family ID: 0
Description: *webtrendslive* Family Name: Cookies Clean status: Success Item ID: 408954 Family ID: 0
Description: *.webtrendslive* Family Name: Cookies Clean status: Success Item ID: 409033 Family ID: 0
Description: *statse.webtrendslive* Family Name: Cookies Clean status: Success Item ID: 409269 Family ID: 0
Description: *webtrends* Family Name: Cookies Clean status: Success Item ID: 599640 Family ID: 0
Description: *adverserve* Family Name: Cookies Clean status: Success Item ID: 408919 Family ID: 0
Description: C:\Windows\ERDNT\Hiv-backup\ERDNT.EXE Family Name: Suspicious Object Clean status: Success Item ID: 0 Family ID: 0
Description: C:\Windows\NIRCMD.exe Family Name: Suspicious Object Clean status: Success Item ID: 0 Family ID: 0
Description: C:\Windows\SWREG.exe Family Name: Suspicious Object Clean status: Success Item ID: 0 Family ID: 0
Description: C:\Windows\SWSC.exe Family Name: Suspicious Object Clean status: Success Item ID: 0 Family ID: 0

Scan and cleaning complete: Finished correctly after 2441 seconds

*********************************** Settings ***********************************

Scan profile:
ID: full, enabled:1, value: Vol. scan
ID: scancriticalareas, enabled:1, value: true
ID: scanrunningapps, enabled:1, value: true
ID: scanregistry, enabled:1, value: true
ID: scanlsp, enabled:1, value: true
ID: scanads, enabled:1, value: true
ID: scanhostsfile, enabled:1, value: true
ID: scanmru, enabled:1, value: true
ID: scanbrowserhijacks, enabled:1, value: true
ID: scantrackingcookies, enabled:1, value: true
ID: closebrowsers, enabled:1, value: false
ID: folderstoscan, enabled:1, value: C:\
ID: scanrootkits, enabled:1, value: true
ID: usespywareheuristics, enabled:1, value: true
ID: extendedengine, enabled:0, value: true
ID: useheuristics, enabled:0, value: true
ID: heuristicslevel, enabled:0, value: mild, domain: medium,mild,strict
ID: filescanningoptions, enabled:1
ID: archives, enabled:1, value: true
ID: onlyexecutables, enabled:1, value: false
ID: skiplargerthan, enabled:1, value: 20480

Scan global:
ID: global, enabled:1
ID: addtocontextmenu, enabled:1, value: true
ID: playsoundoninfection, enabled:1, value: false
ID: soundfile, enabled:0, value: *to be filled in automatically*\alert.wav

Scheduled scan settings:
<Empty>

Update settings:
ID: updates, enabled:1
ID: launchthreatworksafterscan, enabled:1, value: normal, domain: normal,off,silently
ID: displaystatus, enabled:1, value: false
ID: deffiles, enabled:1, value: downloadandinstall, domain: dontcheck,downloadandinstall
ID: autodetectproxy, enabled:1, value: false
ID: useautoconfigscript, enabled:1, value: false
ID: autoconfigurl, enabled:0, value:
ID: useproxy, enabled:1, value: false
ID: proxyserver, enabled:0, value:
ID: softwareupdates, enabled:1, value: downloadandinstall, domain: dontcheck,downloadandinstall
ID: licenseandinfo, enabled:1, value: downloadandinstall, domain: dontcheck,downloadandinstall
ID: schedules, enabled:1, value: true
ID: updatedaily, enabled:1, value: Daily
ID: time, enabled:1, value: Mon Feb 16 21:22:00 2009
ID: frequency, enabled:1, value: daily, domain: daily,monthly,once,systemstart,weekly
ID: weekdays, enabled:1
ID: monday, enabled:1, value: false
ID: tuesday, enabled:1, value: false
ID: wednesday, enabled:1, value: false
ID: thursday, enabled:1, value: false
ID: friday, enabled:1, value: false
ID: saturday, enabled:1, value: false
ID: sunday, enabled:1, value: false
ID: monthly, enabled:1, value: 1, minvalue: 1, maxvalue: 31
ID: scanprofile, enabled:1, value:
ID: auto_deal_with_infections, enabled:1, value: false
ID: updateweekly, enabled:1, value: Weekly
ID: time, enabled:1, value: Mon Feb 16 21:22:00 2009
ID: frequency, enabled:1, value: weekly, domain: daily,monthly,once,systemstart,weekly
ID: weekdays, enabled:1
ID: monday, enabled:1, value: true
ID: tuesday, enabled:1, value: false
ID: wednesday, enabled:1, value: false
ID: thursday, enabled:1, value: false
ID: friday, enabled:1, value: false
ID: saturday, enabled:1, value: false
ID: sunday, enabled:1, value: false
ID: monthly, enabled:1, value: 1, minvalue: 1, maxvalue: 31
ID: scanprofile, enabled:1, value:
ID: auto_deal_with_infections, enabled:1, value: false

Appearance settings:
ID: appearance, enabled:1
ID: skin, enabled:1, value: Gold.eGL, reglocation: HKEY_LOCAL_MACHINE\SOFTWARE\Lavasoft\Ad-Aware\Resource
ID: showtrayicon, enabled:1, value: true
ID: language, enabled:1, value: nl, reglocation: HKEY_LOCAL_MACHINE\SOFTWARE\Lavasoft\Ad-Aware\Language

Realtime protection settings:
ID: realtime, enabled:1
ID: processprotection, enabled:1, value: true
ID: registryprotection, enabled:0, value: false
ID: networkprotection, enabled:0, value: false
ID: loadatstartup, enabled:1, value: true
ID: usespywareheuristics, enabled:0, value: false
ID: extendedengine, enabled:0, value: false
ID: useheuristics, enabled:0, value: false
ID: heuristicslevel, enabled:0, value: mild, domain: medium,mild,strict
ID: infomessages, enabled:1, value: onlyimportant, domain: display,dontnotify,onlyimportant


****************************** System information ******************************
Computer name: MAXIM
Processor name: Intel(R) Core(TM)2 CPU 4400 @ 2.00GHz
Processor identifier: x86 Family 6 Model 15 Stepping 2
Raw info: processorarchitecture 0, processortype 586, processorlevel 6, processor revision 3842, number of processors 2
Physical memory available: 845955072 bytes
Physical memory total: 2145140736 bytes
Virtual memory available: 2010546176 bytes
Virtual memory total: 2147352576 bytes
Memory load: 60%
Microsoft Windows Vista Home Premium Edition, 32-bit Service Pack 1 (build 6001)
Windows startup mode:

Running processes:
PID: 452 name: C:\Windows\System32\smss.exe owner: SYSTEEM domain: NT AUTHORITY
PID: 528 name: C:\Windows\System32\csrss.exe owner: SYSTEEM domain: NT AUTHORITY
PID: 580 name: C:\Windows\System32\wininit.exe owner: SYSTEEM domain: NT AUTHORITY
PID: 592 name: C:\Windows\System32\csrss.exe owner: SYSTEEM domain: NT AUTHORITY
PID: 624 name: C:\Windows\System32\services.exe owner: SYSTEEM domain: NT AUTHORITY
PID: 636 name: C:\Windows\System32\lsass.exe owner: SYSTEEM domain: NT AUTHORITY
PID: 644 name: C:\Windows\System32\lsm.exe owner: SYSTEEM domain: NT AUTHORITY
PID: 812 name: C:\Windows\System32\winlogon.exe owner: SYSTEEM domain: NT AUTHORITY
PID: 836 name: C:\Windows\System32\svchost.exe owner: SYSTEEM domain: NT AUTHORITY
PID: 880 name: C:\Windows\System32\nvvsvc.exe owner: SYSTEEM domain: NT AUTHORITY
PID: 908 name: C:\Windows\System32\svchost.exe owner: NETWORK SERVICE domain: NT AUTHORITY
PID: 968 name: C:\Windows\System32\svchost.exe owner: SYSTEEM domain: NT AUTHORITY
PID: 1008 name: C:\Windows\System32\Ati2evxx.exe owner: SYSTEEM domain: NT AUTHORITY
PID: 1028 name: C:\Windows\System32\svchost.exe owner: LOCAL SERVICE domain: NT AUTHORITY
PID: 1052 name: C:\Windows\System32\svchost.exe owner: SYSTEEM domain: NT AUTHORITY
PID: 1088 name: C:\Windows\System32\svchost.exe owner: SYSTEEM domain: NT AUTHORITY
PID: 1184 name: C:\Windows\System32\SLsvc.exe owner: NETWORK SERVICE domain: NT AUTHORITY
PID: 1224 name: C:\Windows\System32\svchost.exe owner: LOCAL SERVICE domain: NT AUTHORITY
PID: 1332 name: C:\Windows\System32\svchost.exe owner: NETWORK SERVICE domain: NT AUTHORITY
PID: 1460 name: C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe owner: SYSTEEM domain: NT AUTHORITY
PID: 1580 name: C:\Windows\System32\rundll32.exe owner: SYSTEEM domain: NT AUTHORITY
PID: 1764 name: C:\Windows\System32\spoolsv.exe owner: SYSTEEM domain: NT AUTHORITY
PID: 1812 name: C:\Windows\System32\svchost.exe owner: LOCAL SERVICE domain: NT AUTHORITY
PID: 324 name: C:\Windows\System32\dwm.exe owner: mathias domain: MAXIM
PID: 12 name: C:\Windows\explorer.exe owner: mathias domain: MAXIM
PID: 792 name: C:\Windows\System32\taskeng.exe owner: SYSTEEM domain: NT AUTHORITY
PID: 1100 name: C:\Program Files\Google\Update\GoogleUpdate.exe owner: SYSTEEM domain: NT AUTHORITY
PID: 1292 name: C:\Windows\System32\taskeng.exe owner: mathias domain: MAXIM
PID: 2128 name: C:\Windows\RtHDVCpl.exe owner: mathias domain: MAXIM
PID: 2172 name: E:\Telemeter 3.0\Telemeter3.exe owner: mathias domain: MAXIM
PID: 2184 name: C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe owner: mathias domain: MAXIM
PID: 2236 name: C:\Windows\System32\rundll32.exe owner: mathias domain: MAXIM
PID: 2256 name: C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe owner: mathias domain: MAXIM
PID: 2340 name: C:\Program Files\Logitech\SetPoint\SetPoint.exe owner: mathias domain: MAXIM
PID: 2352 name: C:\Program Files\Logitech\SetPoint II\SetPointII.exe owner: mathias domain: MAXIM
PID: 2504 name: C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe owner: mathias domain: MAXIM
PID: 2960 name: C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe owner: SYSTEEM domain: NT AUTHORITY
PID: 2972 name: C:\Program Files\Bonjour\mDNSResponder.exe owner: SYSTEEM domain: NT AUTHORITY
PID: 3148 name: C:\Program Files\Common Files\LightScribe\LSSrvc.exe owner: SYSTEEM domain: NT AUTHORITY
PID: 3220 name: C:\Program Files\ESET\nod32krn.exe owner: SYSTEEM domain: NT AUTHORITY
PID: 3260 name: C:\Windows\System32\PnkBstrA.exe owner: SYSTEEM domain: NT AUTHORITY
PID: 3276 name: C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe owner: SYSTEEM domain: NT AUTHORITY
PID: 3328 name: C:\Windows\System32\svchost.exe owner: LOCAL SERVICE domain: NT AUTHORITY
PID: 3388 name: C:\Windows\System32\TUProgSt.exe owner: SYSTEEM domain: NT AUTHORITY
PID: 3428 name: C:\Windows\System32\svchost.exe owner: SYSTEEM domain: NT AUTHORITY
PID: 3572 name: C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe owner: SYSTEEM domain: NT AUTHORITY
PID: 3856 name: C:\Windows\System32\WUDFHost.exe owner: LOCAL SERVICE domain: NT AUTHORITY
PID: 3912 name: C:\Windows\System32\wbem\unsecapp.exe owner: SYSTEEM domain: NT AUTHORITY
PID: 1944 name: C:\Windows\System32\wbem\WmiPrvSE.exe owner: SYSTEEM domain: NT AUTHORITY
PID: 2524 name: C:\Program Files\ESET\nod32kui.exe owner: mathias domain: MAXIM
PID: 3436 name: C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe owner: mathias domain: MAXIM
PID: 1164 name: C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe owner: mathias domain: MAXIM
PID: 1256 name: C:\Program Files\iTunes\iTunes.exe owner: mathias domain: MAXIM
PID: 2936 name: C:\Program Files\iPod\bin\iPodService.exe owner: SYSTEEM domain: NT AUTHORITY
PID: 3072 name: C:\Program Files\LimeWire\LimeWire.exe owner: mathias domain: MAXIM
PID: 3848 name: C:\Program Files\Windows Live\Messenger\msnmsgr.exe owner: mathias domain: MAXIM
PID: 4036 name: C:\Program Files\Windows Live\Contacts\wlcomm.exe owner: mathias domain: MAXIM
PID: 5128 name: C:\Windows\System32\taskeng.exe owner: LOCAL SERVICE domain: NT AUTHORITY
PID: 5440 name: C:\Program Files\Mozilla Firefox\firefox.exe owner: mathias domain: MAXIM
PID: 5280 name: C:\Program Files\Lavasoft\Ad-Aware\Ad-Aware.exe owner: mathias domain: MAXIM

Startup items:
Name: ATICCC
imagepath: "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
Name: RtHDVCpl
imagepath: RtHDVCpl.exe
Name: nod32kui
imagepath: "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
Name: Kernel and Hardware Abstraction Layer
imagepath: KHALMNPR.EXE
Name: Telemeter 3.0
imagepath: "E:\Telemeter 3.0\telemeter3.exe"
Name: NvCplDaemon
imagepath: RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
Name: NvMediaCenter
imagepath: RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
Name: WarReg_PopUp
imagepath: C:\Acer\WR_PopUp\WarReg_PopUp.exe
Name: Ad-Watch
imagepath: C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
Name: WebCheck
imagepath: {E6FB5E20-DE35-11CF-9C87-00AA005127ED}
Name: {8C7461EF-2B13-11d2-BE35-3078302C2030}
imagepath: Component Categories cache daemon

Bootexecute items:
Name:
imagepath: autocheck autochk *
Name:
imagepath: lsdelete

Running services:
Name: AeLookupSvc
displayname: Application Experience
Name: Apple Mobile Device
displayname: Mobiel Apple apparaat
Name: Ati External Event Utility
displayname: Ati External Event Utility
Name: AudioEndpointBuilder
displayname: Windows Audio Endpoint Builder
Name: Audiosrv
displayname: Windows Audio
Name: BFE
displayname: Base Filtering Engine
Name: BITS
displayname: Background Intelligent Transfer Service
Name: Bonjour Service
displayname: Bonjour-service
Name: Browser
displayname: Computer Browser
Name: CryptSvc
displayname: Cryptographic Services
Name: DcomLaunch
displayname: DCOM Server Process Launcher
Name: Dhcp
displayname: DHCP Client
Name: Dnscache
displayname: DNS Client
Name: DPS
displayname: Diagnostic Policy Service
Name: EMDMgmt
displayname: ReadyBoost
Name: eRecoveryService
displayname: eRecovery Service
Name: Eventlog
displayname: Windows Event Log
Name: EventSystem
displayname: COM+ Event System
Name: fdPHost
displayname: Function Discovery Provider Host
Name: FDResPub
displayname: Function Discovery Resource Publication
Name: gpsvc
displayname: Group Policy Client
Name: hidserv
displayname: Human Interface Device Access
Name: iphlpsvc
displayname: IP Helper
Name: iPod Service
displayname: iPod-service
Name: KtmRm
displayname: KtmRm for Distributed Transaction Coordinator
Name: LanmanServer
displayname: Server
Name: LanmanWorkstation
displayname: Workstation
Name: Lavasoft Ad-Aware Service
displayname: Lavasoft Ad-Aware Service
Name: LightScribeService
displayname: LightScribeService Direct Disc Labeling Service
Name: lmhosts
displayname: TCP/IP NetBIOS Helper
Name: MMCSS
displayname: Multimedia Class Scheduler
Name: MpsSvc
displayname: Windows Firewall
Name: Netman
displayname: Network Connections
Name: netprofm
displayname: Network List-service
Name: NlaSvc
displayname: Network Location Awareness
Name: NOD32krn
displayname: NOD32 Kernel Service
Name: nsi
displayname: Network Store Interface-service
Name: nvsvc
displayname: NVIDIA Display Driver Service
Name: PcaSvc
displayname: Program Compatibility Assistant-service
Name: PlugPlay
displayname: Plug and Play
Name: PnkBstrA
displayname: PnkBstrA
Name: ProfSvc
displayname: User Profile-service
Name: RasMan
displayname: Remote Access Connection Manager
Name: RpcSs
displayname: Remote Procedure Call (RPC)
Name: SamSs
displayname: Security Accounts Manager
Name: Schedule
displayname: Task Scheduler
Name: SeaPort
displayname: SeaPort
Name: SENS
displayname: System Event Notification-service
Name: ShellHWDetection
displayname: Shell Hardware Detection
Name: slsvc
displayname: Software Licensing
Name: Spooler
displayname: Print Spooler
Name: SstpSvc
displayname: SSTP-service (Secure Socket Tunneling Protocol)
Name: stisvc
displayname: WIA (Windows Image Acquisition)
Name: SysMain
displayname: Superfetch
Name: TapiSrv
displayname: Telephony
Name: TermService
displayname: Terminal Services
Name: Themes
displayname: Themes
Name: TrkWks
displayname: Distributed Link Tracking Client
Name: TuneUp.ProgramStatisticsSvc
displayname: TuneUp Program Statistics Service
Name: UxSms
displayname: Desktop Window Manager Session Manager
Name: UxTuneUp
displayname: TuneUp Thema-uitbreiding
Name: W32Time
displayname: Windows Time
Name: WdiSystemHost
displayname: Diagnostic System Host
Name: WerSvc
displayname: Windows Error Reporting-service
Name: WinDefend
displayname: Windows Defender
Name: Winmgmt
displayname: Windows Management Instrumentation
Name: WPDBusEnum
displayname: Portable Device Enumerator-service
Name: wscsvc
displayname: Security Center
Name: wuauserv
displayname: Windows Update
Name: wudfsvc
displayname: Windows Driver Foundation - User-mode Driver Framework

Hijackthis sebiet!!

EDIT: Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:41:32, on 7-3-2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\RtHDVCpl.exe
E:\Telemeter 3.0\Telemeter3.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\Windows\System32\rundll32.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Logitech\SetPoint II\SetpointII.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Lavasoft\Ad-Aware\Ad-Aware.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = WarFear Clan: News
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Yahoo! UK & Ireland
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Click-to-Call BHO - {5C255C8A-E604-49b4-9D64-90988571CECB} - C:\Program Files\Windows Live\Messenger\wlchtc.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Telemeter 3.0] "E:\Telemeter 3.0\telemeter3.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKCU\..\Run: [?????????] ??????????????e
O4 - HKCU\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: SetPointII.lnk = ?
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: In weblog opnemen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &In weblog opnemen met Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Mobiel Apple apparaat (Apple Mobile Device) - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: Google Updateservice (gupdate1c99a8632f89674) (gupdate1c99a8632f89674) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software - C:\Windows\System32\TuneUpDefragService.exe
O23 - Service: @%SystemRoot%\System32\TUProgSt.exe,-1 (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\Windows\System32\TUProgSt.exe

--
End of file - 6861 bytes
Het archief is een bevroren moment uit een vorige versie van dit forum, met andere regels en andere bazen. Deze posts weerspiegelen op geen enkele manier onze huidige ideeën, waarden of wereldbeelden en zijn op sommige plaatsen gecensureerd wegens ontoelaatbaar. Veel zijn in een andere tijdsgeest gemaakt, al dan niet ironisch - zoals in het ironische subforum Off-Topic - en zouden op dit moment niet meer gepost (mogen) worden. Toch bieden we dit archief nog graag aan als informatiedatabank en naslagwerk. Lees er hier meer over of start een gesprek met anderen.
Terug
Bovenaan