Archief - Rami Royal

Het archief is een bevroren moment uit een vorige versie van dit forum, met andere regels en andere bazen. Deze posts weerspiegelen op geen enkele manier onze huidige ideeën, waarden of wereldbeelden en zijn op sommige plaatsen gecensureerd wegens ontoelaatbaar. Veel zijn in een andere tijdsgeest gemaakt, al dan niet ironisch - zoals in het ironische subforum Off-Topic - en zouden op dit moment niet meer gepost (mogen) worden. Toch bieden we dit archief nog graag aan als informatiedatabank en naslagwerk. Lees er hier meer over of start een gesprek met anderen.

Dogchild

Legacy Member
Ik krijg dit vervelend probleem niet opgelost . als ik firefox open opent deze pagina ( rami royal ) een nieuw blad ad- spy ware controle vind niks , antivirus vind ook niks . iemand een idee hoe ik dit vervelende probleem oplos ? Bedankt voor de hulp

Dogchild

Legacy Member
ik hoop dat je dit bedoeld ? ben niet bekend met hijack this

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:25:25, on 1/02/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Common Files\logishrd\LComMgr\Communications_Helper.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Creative\Volume Panel\VolPanlu.exe
C:\Windows\System32\Ctxfihlp.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Creative\Shared Files\CTSched.exe
C:\Users\Tommy\Program Files\DNA\btdna.exe
C:\Program Files\ISP Monitor\isp.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Siber Systems\AI RoboForm\robotaskbaricon.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Ralink\Common\RaUI.exe
C:\Windows\SYSTEM32\CTXFISPI.EXE
C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Windows Mail\WinMail.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\Tommy\Downloads\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Zita portaal | Nieuws | Entertainment | Lifestyle | Fun | Business
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Web Search :: DAEMON-Search.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Zita portaal | Nieuws | Entertainment | Lifestyle | Fun | Business
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Zita portaal | Nieuws | Entertainment | Lifestyle | Fun | Business
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Telenet Internet
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: RoboForm - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [UpdReg] C:\Windows\UpdReg.EXE
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [VolPanel] "C:\Program Files\Creative\Volume Panel\VolPanlu.exe" /r
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [CreativeTaskScheduler] "C:\Program Files\Creative\Shared Files\CTSched.exe" /logon
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Users\Tommy\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [ISPMonitor] C:\Program Files\ISP Monitor\isp.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - Startup: Logitech . Productregistratie.lnk = C:\Program Files\Logitech\QuickCam\eReg.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Ralink Wireless Utility.lnk = C:\Program Files\Ralink\Common\RaUI.exe
O8 - Extra context menu item: Afbeelding verzenden naar &Bluetooth-apparaat... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Formulieren opslaan - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O8 - Extra context menu item: Invul Formulieren - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: Menu aanpassen - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: Pagina verzenden naar &Bluetooth-apparaat... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O8 - Extra context menu item: RoboForm Werkbalk - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Formulier Invullen - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Invul Formulieren - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Opslaan - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Formulieren opslaan - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Werkbalk - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Creative ALchemy AL6 Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\AL6Licensing.exe
O23 - Service: Creative Audio Engine Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe
O23 - Service: Creative Dolby Digital Live Pack Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\DDLLicensing.exe
O23 - Service: Creative Audio Service (CTAudSvcService) - Creative Technology Ltd - C:\Program Files\Creative\Shared Files\CTAudSvc.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: ISP Monitor (ISPMonitorSrv) - How2 Studios - C:\Program Files\ISP Monitor\ISPMonitorSrv.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Unknown owner - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe (file missing)
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\system32\IoctlSvc.exe
O23 - Service: Ralink Registry Writer (RalinkRegistryWriter) - Ralink Technology, Corp. - C:\Program Files\Ralink\Common\RalinkRegistryWriter.exe

--
End of file - 13586 bytes

TiZon

Legacy Member
Ja, er zit vuil op...
Begin al eens met combofix te draaien en daarna een nieuw logje te posten in het subforum 'HijackThis'

Dogchild

Legacy Member
IK begin die combofix en nu reageert adware dat er een trojan op mijn systeem zit en zodoende doet die combofix nix . win32trojanqhost ofzo .

Dogchild

Legacy Member
den logfile na combofix

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:07:58, on 1/02/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Common Files\logishrd\LComMgr\Communications_Helper.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Creative\Volume Panel\VolPanlu.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\Windows\SYSTEM32\CTXFISPI.EXE
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Creative\Shared Files\CTSched.exe
C:\Users\Tommy\Program Files\DNA\btdna.exe
C:\Program Files\ISP Monitor\isp.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\Siber Systems\AI RoboForm\robotaskbaricon.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Windows Mail\WinMail.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
C:\Windows\Explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\Tommy\Downloads\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Web Search :: DAEMON-Search.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Zita portaal | Nieuws | Entertainment | Lifestyle | Fun | Business
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: RoboForm - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [UpdReg] C:\Windows\UpdReg.EXE
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [VolPanel] "C:\Program Files\Creative\Volume Panel\VolPanlu.exe" /r
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [CreativeTaskScheduler] "C:\Program Files\Creative\Shared Files\CTSched.exe" /logon
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Users\Tommy\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [ISPMonitor] C:\Program Files\ISP Monitor\isp.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - Startup: Logitech . Productregistratie.lnk = C:\Program Files\Logitech\QuickCam\eReg.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Ralink Wireless Utility.lnk = C:\Program Files\Ralink\Common\RaUI.exe
O8 - Extra context menu item: Afbeelding verzenden naar &Bluetooth-apparaat... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Formulieren opslaan - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O8 - Extra context menu item: Invul Formulieren - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: Menu aanpassen - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: Pagina verzenden naar &Bluetooth-apparaat... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O8 - Extra context menu item: RoboForm Werkbalk - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Formulier Invullen - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Invul Formulieren - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Opslaan - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Formulieren opslaan - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Werkbalk - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Creative ALchemy AL6 Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\AL6Licensing.exe
O23 - Service: Creative Audio Engine Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe
O23 - Service: Creative Dolby Digital Live Pack Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\DDLLicensing.exe
O23 - Service: Creative Audio Service (CTAudSvcService) - Creative Technology Ltd - C:\Program Files\Creative\Shared Files\CTAudSvc.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: ISP Monitor (ISPMonitorSrv) - How2 Studios - C:\Program Files\ISP Monitor\ISPMonitorSrv.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Unknown owner - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe (file missing)
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\system32\IoctlSvc.exe
O23 - Service: Ralink Registry Writer (RalinkRegistryWriter) - Ralink Technology, Corp. - C:\Program Files\Ralink\Common\RalinkRegistryWriter.exe

--
End of file - 12998 bytes

Juisterr

Legacy Member
Klik met de rechtermuis op het programma Hijackthis
Kies voor uitvoeren als administrator. En kies dan 'Do a system scan only'
Selecteer alleen de items die hieronder zijn genoemd:

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Web Search :: DAEMON-Search.com
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

Sluit alle vensters behalve Hijackthis
Klik op 'Fix checked' om de items te verwijderen.






Download Combofix naar je Bureaublad en gebruik het volgens deze handleiding.

OPMERKING: indien je, tijdens of na het downloaden van Combofix of tijdens het gebruik van Combofix een melding krijgt van je Antivirus- of een andere realtime scanner, schakel dan deze scanner uit en download Combofix opnieuw.
Sommige scanners zien bepaalde componenten die Combofix gebruikt als verdacht en gaan deze blokkeren of verwijderen!
  • Dubbelklik op Combofix.exe om het te starten.
  • Indien je Combofix al eerder hebt gebruikt, kan je een waarschuwing krijgen dat een update beschikbaar is. Sta toe dat ComboFix wordt geupdate.
  • Klik op OK in het "NirCmd" venstertje.
  • Klik na afloop terug op Ja om het scannen op malware te starten.
  • Tijdens het runnen van de fix, NIET in het venster klikken, want dit zal je pc doen vasthangen.
  • Wanneer de fix voltooid is en na herstart, zal de log Combofix.txt openen.
Post dit logje in je volgende antwoord

Dogchild

Legacy Member
ComboFix 09-02-01.01 - Tommy 2009-02-01 21:50:45.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1043.18.3326.1895 [GMT 1:00]
Gestart vanuit: c:\users\Tommy\Downloads\ComboFix.exe
AV: ESET NOD32 Antivirus 3.0 *On-access scanning disabled* (Updated)
* Nieuw herstelpunt werd aangemaakt
.

(((((((((((((((((((( Bestanden Gemaakt van 2009-01-01 to 2009-02-01 ))))))))))))))))))))))))))))))
.

2009-02-01 21:43 . 2009-02-01 21:43 106 --ah----- C:\aaw7boot.cmd
2009-02-01 18:31 . 2009-02-01 18:31 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-02-01 18:31 . 2009-01-14 16:11 38,496 --a------ c:\windows\System32\drivers\mbamswissarmy.sys
2009-02-01 18:31 . 2009-01-14 16:11 15,504 --a------ c:\windows\System32\drivers\mbam.sys
2009-02-01 18:25 . 2009-02-01 18:25 <DIR> d-------- c:\program files\Microsoft
2009-01-31 10:20 . 2009-01-31 10:20 <DIR> d-------- c:\programdata\Ralink
2009-01-31 10:20 . 2008-09-09 11:12 1,597,440 --a------ c:\windows\System32\RaCertMgr.dll
2009-01-31 10:19 . 2009-01-31 10:19 <DIR> d-------- c:\users\Tommy\{911154f0-d308-4e1f-9c87-5784c2f42e05}
2009-01-31 10:19 . 2009-01-31 10:19 <DIR> d-------- c:\programdata\Ralink Driver
2009-01-31 10:19 . 2009-01-31 10:19 <DIR> d-------- c:\program files\Ralink
2009-01-31 10:19 . 2009-01-31 10:19 <DIR> d-------- c:\program files\Cisco
2009-01-31 10:19 . 2007-12-07 06:36 958,464 --a------ c:\windows\System32\CiscoEapFast.dll
2009-01-31 10:19 . 2008-09-10 14:47 763,392 --a------ c:\windows\System32\RAIHV.dll
2009-01-31 10:19 . 2008-08-28 17:21 97,280 --a------ c:\windows\System32\RAEXTUI.dll
2009-01-31 10:19 . 2008-11-03 12:09 15,312 --a------ c:\windows\System32\RaCoInst.dat
2009-01-31 09:49 . 2009-01-31 09:49 <DIR> d-------- c:\programdata\Office Genuine Advantage
2009-01-31 09:21 . 2008-06-20 02:14 781,344 --a------ c:\windows\System32\PresentationNative_v0300.dll
2009-01-31 09:21 . 2008-06-20 02:14 622,080 --a------ c:\windows\System32\icardagt.exe
2009-01-31 09:21 . 2008-06-20 02:14 326,160 --a------ c:\windows\System32\PresentationHost.exe
2009-01-31 09:21 . 2008-06-20 02:14 105,016 --a------ c:\windows\System32\PresentationCFFRasterizerNative_v0300.dll
2009-01-31 09:21 . 2008-06-20 02:14 97,800 --a------ c:\windows\System32\infocardapi.dll
2009-01-31 09:21 . 2008-06-20 02:14 43,544 --a------ c:\windows\System32\PresentationHostProxy.dll
2009-01-31 09:21 . 2008-06-20 02:14 37,384 --a------ c:\windows\System32\infocardcpl.cpl
2009-01-31 09:21 . 2008-06-20 02:14 11,264 --a------ c:\windows\System32\icardres.dll
2009-01-31 09:16 . 2008-07-27 19:03 282,112 --a------ c:\windows\System32\mscoree.dll
2009-01-31 09:16 . 2008-07-27 19:03 158,720 --a------ c:\windows\System32\mscorier.dll
2009-01-31 09:16 . 2008-07-27 19:03 96,760 --a------ c:\windows\System32\dfshim.dll
2009-01-31 09:16 . 2008-07-27 19:03 41,984 --a------ c:\windows\System32\netfxperf.dll
2009-01-31 09:15 . 2008-07-27 19:03 83,968 --a------ c:\windows\System32\mscories.dll
2009-01-27 20:39 . 2006-10-26 19:56 32,592 --a------ c:\windows\System32\msonpmon.dll
2009-01-27 20:38 . 2009-01-27 20:38 <DIR> d-------- c:\program files\Microsoft Works
2009-01-27 20:36 . 2009-01-27 20:36 <DIR> d-------- c:\program files\Microsoft.NET
2009-01-27 20:34 . 2009-01-27 20:34 <DIR> d-------- c:\program files\Microsoft Visual Studio 8
2009-01-27 20:32 . 2009-01-27 20:32 <DIR> dr-h----- C:\MSOCache
2009-01-27 15:04 . 2009-01-27 15:04 <DIR> dr-h----- c:\users\Tommy\AppData\Roaming\SecuROM
2009-01-27 15:04 . 2009-01-27 15:04 <DIR> d-------- c:\programdata\Electronic Arts
2009-01-25 11:54 . 2009-02-01 22:02 <DIR> d-------- c:\users\Tommy\AppData\Roaming\Skype
2009-01-25 11:49 . 2009-01-25 11:49 <DIR> d-------- c:\program files\Skype
2009-01-25 11:49 . 2009-01-25 11:49 <DIR> d-------- c:\program files\Common Files\Skype
2009-01-24 22:56 . 2009-01-31 22:19 15,688 --a------ c:\windows\System32\lsdelete.exe
2009-01-24 22:19 . 2009-01-24 22:19 <DIR> d----c--- c:\windows\System32\DRVSTORE
2009-01-24 22:19 . 2009-01-24 22:19 64,160 --a------ c:\windows\System32\drivers\Lbd.sys
2009-01-24 22:17 . 2009-01-24 22:17 <DIR> d--h-c--- c:\programdata\{83C91755-2546-441D-AC40-9A6B4B860800}
2009-01-24 22:17 . 2009-01-24 22:17 <DIR> d-------- c:\program files\Lavasoft
2009-01-24 14:38 . 2009-01-24 14:38 <DIR> d-------- c:\programdata\Apple Computer
2009-01-24 14:38 . 2009-01-24 14:38 <DIR> d-------- c:\program files\QuickTime
2009-01-23 16:46 . 2009-01-23 16:46 0 --ah----- c:\windows\System32\drivers\Msft_Kernel_LMouFilt_01005.Wdf
2009-01-23 16:46 . 2009-01-23 16:46 0 --ah----- c:\windows\System32\drivers\Msft_Kernel_LHidFilt_01005.Wdf
2009-01-18 11:47 . 2009-01-18 11:47 <DIR> d-------- c:\users\Tommy\AppData\Roaming\Malwarebytes
2009-01-18 11:47 . 2009-01-18 11:47 <DIR> d-------- c:\programdata\Malwarebytes
2009-01-17 22:31 . 2009-01-26 08:59 <DIR> d-------- c:\users\Tommy\AppData\Roaming\Red Alert 3
2009-01-17 19:36 . 2009-01-17 19:36 <DIR> d-------- c:\program files\Sports Interactive
2009-01-16 14:57 . 2009-01-16 14:57 22,328 --a------ c:\users\Tommy\AppData\Roaming\PnkBstrK.sys
2009-01-16 14:44 . 2009-01-16 14:44 <DIR> d-------- c:\program files\Activision
2009-01-16 08:31 . 2009-02-01 18:22 <DIR> d-------- c:\users\Tommy\AppData\Roaming\skypePM
2009-01-16 08:31 . 2009-01-16 08:31 56 --ah----- c:\programdata\ezsidmv.dat
2009-01-15 18:34 . 2009-01-25 11:49 <DIR> d-------- c:\programdata\Skype
2009-01-14 13:47 . 2008-12-16 03:42 288,768 --a------ c:\windows\System32\drivers\srv.sys
2009-01-10 17:56 . 2009-01-10 17:56 <DIR> d-------- c:\programdata\RoboForm
2009-01-10 17:56 . 2009-01-10 17:56 <DIR> d-------- c:\program files\Siber Systems
2009-01-05 20:05 . 2009-01-05 20:05 <DIR> d-------- c:\users\Tommy\AppData\Roaming\Leadertech
2009-01-05 19:57 . 2009-01-07 09:21 <DIR> d-------- c:\programdata\Logishrd
2009-01-05 16:18 . 2009-01-05 16:18 90,112 --a------ c:\windows\System32\QuickTimeVR.qtx
2009-01-05 16:18 . 2009-01-05 16:18 57,344 --a------ c:\windows\System32\QuickTime.qts
2009-01-02 16:28 . 1997-11-19 15:49 303,616 --a------ c:\windows\IsUninst.exe
2009-01-02 15:21 . 2009-01-17 22:17 <DIR> d-------- c:\program files\Electronic Arts
2009-01-02 11:21 . 2009-01-17 19:40 <DIR> d-------- c:\users\Tommy\AppData\Roaming\Sports Interactive
2009-01-02 11:20 . 2009-01-02 11:20 <DIR> d-------- c:\programdata\Sports Interactive
2009-01-02 11:11 . 2009-01-02 11:11 <DIR> d--h----- c:\users\Tommy\InstallAnywhere
2009-01-02 11:11 . 2009-01-02 11:14 <DIR> d--h----- c:\program files\Zero G Registry

.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-01 21:01 --------- d-----w c:\users\Tommy\AppData\Roaming\DNA
2009-02-01 20:31 0 ----a-w c:\windows\system32\drivers\lvuvc.hs
2009-02-01 08:38 --------- d-----w c:\programdata\Spybot - Search & Destroy
2009-01-31 18:58 --------- d-----w c:\users\Tommy\AppData\Roaming\BitTorrent
2009-01-31 09:19 --------- d--h--w c:\program files\InstallShield Installation Information
2009-01-31 06:56 --------- d-----w c:\program files\Common Files\InstallShield
2009-01-30 21:00 --------- d-----w c:\users\Tommy\AppData\Roaming\LimeWire
2009-01-28 09:50 --------- d-----w c:\programdata\Microsoft Help
2009-01-27 19:37 --------- d-----w c:\program files\MSBuild
2009-01-24 21:17 --------- d-----w c:\programdata\Lavasoft
2009-01-24 21:16 --------- d-----w c:\program files\Common Files\Wise Installation Wizard
2009-01-23 15:46 --------- d-----w c:\program files\Common Files\logishrd
2009-01-23 15:45 --------- d-----w c:\programdata\Logitech
2009-01-23 15:45 --------- d-----w c:\program files\Common Files\Logitech
2009-01-14 13:50 --------- d-----w c:\program files\Windows Mail
2009-01-11 10:01 --------- d-----w c:\program files\SUPERAntiSpyware
2009-01-05 18:57 --------- d-----w c:\program files\Logitech
2009-01-01 20:35 --------- d--h--w c:\program files\Creative Installation Information
2009-01-01 20:32 --------- d-----w c:\program files\Creative
2008-12-31 16:04 691,560 ----a-w c:\windows\System32\OGACheckControl.dll
2008-12-31 16:04 528,744 ----a-w c:\windows\System32\OGAVerify.exe
2008-12-31 16:04 502,120 ----a-w c:\windows\System32\OGAAddin.dll
2008-12-30 18:20 --------- d-----w c:\program files\CCleaner
2008-12-30 17:16 --------- d-----w c:\program files\Spybot - Search & Destroy
2008-12-30 16:30 --------- d-----w c:\users\Tommy\AppData\Roaming\ImgBurn
2008-12-30 16:28 --------- d-----w c:\program files\ImgBurn
2008-12-30 14:52 --------- d-----w c:\program files\K-Lite Codec Pack
2008-12-30 09:25 --------- d-----w c:\users\Tommy\AppData\Roaming\Winamp
2008-12-30 09:24 --------- d-----w c:\program files\Winamp
2008-12-29 08:48 --------- d-----w c:\program files\PokerStars
2008-12-21 22:34 --------- d-----w c:\users\Tommy\AppData\Roaming\vlc
2008-12-21 22:33 --------- d-----w c:\program files\VideoLAN
2008-12-21 22:28 --------- d-----w c:\program files\WIDCOMM
2008-12-21 21:58 --------- d-----w c:\users\Tommy\AppData\Roaming\Nero
2008-12-21 21:58 --------- d-----w c:\program files\Common Files\Nero
2008-12-21 21:57 --------- d-----w c:\programdata\Nero
2008-12-21 21:56 --------- d-----w c:\program files\Nero
2008-12-20 11:52 --------- d-----w c:\programdata\LightScribe
2008-12-19 22:31 --------- d-----w c:\program files\Windows Live
2008-12-19 22:09 --------- d-----w c:\users\Tommy\AppData\Roaming\Creative
2008-12-19 19:22 --------- d-----w c:\users\Tommy\AppData\Roaming\SUPERAntiSpyware.com
2008-12-19 19:22 --------- d-----w c:\programdata\SUPERAntiSpyware.com
2008-12-19 18:30 --------- d-----w c:\program files\Common Files\LightScribe
2008-12-18 22:06 410,984 ----a-w c:\windows\System32\deploytk.dll
2008-12-18 22:06 --------- d-----w c:\program files\Java
2008-12-18 22:05 --------- d-----w c:\program files\LimeWire
2008-12-18 21:56 --------- d-----w c:\programdata\HP Product Assistant
2008-12-16 17:14 --------- d-----w c:\program files\DAEMON Tools Lite
2008-12-14 15:55 --------- d-----w c:\users\Tommy\AppData\Roaming\DAEMON Tools Lite
2008-12-14 14:37 --------- d-----w c:\users\Tommy\AppData\Roaming\DAEMON Tools Pro
2008-12-14 14:37 --------- d-----w c:\users\Tommy\AppData\Roaming\DAEMON Tools
2008-12-14 14:37 --------- d-----w c:\programdata\DAEMON Tools Lite
2008-12-14 14:03 717,296 ----a-w c:\windows\system32\drivers\sptd.sys
2008-12-13 23:18 --------- d-----w c:\users\Tommy\AppData\Roaming\ISP Monitor
2008-12-13 23:16 737,280 ----a-w c:\windows\iun6002.exe
2008-12-13 23:16 --------- d-----w c:\program files\ISP Monitor
2008-12-10 20:04 --------- d-----w c:\programdata\NOS
2008-12-10 20:04 --------- d-----w c:\program files\NOS
2008-12-10 17:12 --------- d-----w c:\program files\Common Files\Adobe
2008-12-08 11:53 57,344 ----a-w c:\windows\System32\ff_vfw.dll
2008-12-07 19:40 --------- d-----w c:\programdata\Apple
2008-12-07 19:40 --------- d-----w c:\program files\Apple Software Update
2008-12-07 18:08 795,648 ----a-w c:\windows\System32\xvidcore.dll
2008-12-07 18:08 130,048 ----a-w c:\windows\System32\xvidvfw.dll
2008-12-06 15:22 --------- d-----w c:\program files\ASUS
2008-12-06 13:55 --------- d-----w c:\program files\DNA
2008-12-06 13:55 --------- d-----w c:\program files\BitTorrent
2008-12-06 13:49 --------- d-----w c:\users\Tommy\AppData\Roaming\Media Player Classic
2008-12-06 13:43 --------- d-----w c:\programdata\Creative
2008-12-06 13:17 --------- d-----w c:\programdata\ESET
2008-12-06 13:17 --------- d-----w c:\program files\ESET
2008-12-05 23:34 --------- d-----w c:\users\Tommy\AppData\Roaming\GrabIt
2008-12-05 22:13 --------- d-----w c:\program files\GrabIt
2008-12-05 19:35 --------- d-----w c:\program files\Common Files\Creative
2008-12-05 19:26 413,696 ----a-w c:\windows\System32\wrap_oal.dll
2008-12-05 19:26 110,592 ----a-w c:\windows\System32\OpenAL32.dll
2008-12-04 22:17 --------- d-----w c:\program files\FTDv3.8
2008-12-04 20:19 --------- d-----w c:\users\Tommy\AppData\Roaming\Logitech
2008-11-04 19:22 9,728 ----a-w c:\windows\System32\rnaph.dll
2008-11-01 03:44 541,696 ----a-w c:\windows\AppPatch\AcLayers.dll
2008-11-01 03:44 52,736 ----a-w c:\windows\AppPatch\iebrshim.dll
2008-11-01 03:44 460,288 ----a-w c:\windows\AppPatch\AcSpecfc.dll
2008-11-01 03:44 28,672 ----a-w c:\windows\System32\Apphlpdm.dll
2008-11-01 03:44 2,154,496 ----a-w c:\windows\AppPatch\AcGenral.dll
2008-11-01 03:44 173,056 ----a-w c:\windows\AppPatch\AcXtrnal.dll
2008-11-01 01:21 4,240,384 ----a-w c:\windows\System32\GameUXLegacyGDFs.dll
2008-01-21 02:43 174 --sha-w c:\program files\desktop.ini
2006-06-23 06:48 32,768 ----a-r c:\windows\inf\UpdateUSB.exe
2008-10-30 20:30 16,384 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
2008-10-30 20:30 32,768 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
2008-10-30 20:30 16,384 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-21 1233920]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2008-12-12 5724184]
"CreativeTaskScheduler"="c:\program files\Creative\Shared Files\CTSched.exe" [2006-11-17 53341]
"BitTorrent DNA"="c:\users\Tommy\Program Files\DNA\btdna.exe" [2008-12-16 342848]
"ISPMonitor"="c:\program files\ISP Monitor\isp.exe" [2008-06-10 446192]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-12-10 216520]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-12-05 1809648]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2008-06-09 2363392]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2008-06-24 1840424]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2008-09-16 1833296]
"RoboForm"="c:\program files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2009-01-10 160592]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2008-11-07 21633320]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LogitechCommunicationsManager"="c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2008-08-14 565008]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-12-10 49152]
"VolPanel"="c:\program files\Creative\Volume Panel\VolPanlu.exe" [2008-08-06 233576]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2007-12-21 1443072]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-18 136600]
"NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-06-08 2221352]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2008-08-04 36352]
"LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam\Quickcam.exe" [2008-08-14 2407184]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-01-31 509784]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2009-01-14 399504]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-04-11 c:\windows\KHALMNPR.Exe]
"CTxfiHlp"="CTXFIHLP.EXE" [2008-08-06 c:\windows\System32\Ctxfihlp.exe]

c:\users\Tommy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Logitech . Productregistratie.lnk - c:\program files\Logitech\QuickCam\eReg.exe [2008-02-13 493832]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
BTTray.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-02-27 715568]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-01-02 210520]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2009-01-23 692224]
Ralink Wireless Utility.lnk - c:\program files\Ralink\Common\RaUI.exe [2009-01-31 1799456]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-03 14:56 352256 c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"TCP Query User{4E6B7152-E8AF-4D78-AAE3-F0A757C7AE33}c:\\program files\\windows live\\messenger\\msnmsgr.exe"= UDP:c:\program files\windows live\messenger\msnmsgr.exe:Windows Live Messenger
"UDP Query User{5564B068-81D0-4EA3-9A13-5B1D0FA8A734}c:\\program files\\windows live\\messenger\\msnmsgr.exe"= TCP:c:\program files\windows live\messenger\msnmsgr.exe:Windows Live Messenger
"{E1F34F99-1EFC-4F88-9A53-FFDF53E33FED}"= UDP:c:\program files\DNA\btdna.exe:DNA (TCP-In)
"{A8668D9F-CBE8-4114-BED8-9DEC27AEEBAE}"= TCP:c:\program files\DNA\btdna.exe:DNA (UDP-In)
"{2BD6601C-5F2A-453F-8408-AAC93EFA4216}"= UDP:c:\program files\BitTorrent\BitTorrent.exe:BitTorrent (TCP-In)
"{2A1CFCD3-A031-4421-8D46-28E8FCA073AE}"= TCP:c:\program files\BitTorrent\BitTorrent.exe:BitTorrent (UDP-In)
"TCP Query User{723D7E9B-EA0A-4CE6-9EE6-99C7DF398231}c:\\users\\tommy\\program files\\dna\\btdna.exe"= UDP:c:\users\tommy\program files\dna\btdna.exe:btdna.exe
"UDP Query User{CE8857F6-9185-49EC-B2C5-EFFD9D03D0F9}c:\\users\\tommy\\program files\\dna\\btdna.exe"= TCP:c:\users\tommy\program files\dna\btdna.exe:btdna.exe
"TCP Query User{ED27060A-F029-4D88-B653-119ACC7E0573}c:\\program files\\windows live\\messenger\\msnmsgr.exe"= UDP:c:\program files\windows live\messenger\msnmsgr.exe:Windows Live Messenger
"UDP Query User{5C1C93ED-766D-43BF-8D12-1AEB86873CF5}c:\\program files\\windows live\\messenger\\msnmsgr.exe"= TCP:c:\program files\windows live\messenger\msnmsgr.exe:Windows Live Messenger
"TCP Query User{F75229D4-E5D5-4C73-89C6-F5F110BF0AD2}c:\\program files\\windows sidebar\\sidebar.exe"= UDP:c:\program files\windows sidebar\sidebar.exe:Windows Sidebar
"UDP Query User{1DA92844-93E7-4351-80CB-15742D524B5E}c:\\program files\\windows sidebar\\sidebar.exe"= TCP:c:\program files\windows sidebar\sidebar.exe:Windows Sidebar
"TCP Query User{578A0198-E145-4039-9089-257471857DFA}c:\\program files\\limewire\\limewire.exe"= UDP:c:\program files\limewire\limewire.exe:LimeWire
"UDP Query User{F8032233-9C27-4734-97DE-FEC968FED6E0}c:\\program files\\limewire\\limewire.exe"= TCP:c:\program files\limewire\limewire.exe:LimeWire
"{1A9C6170-2BC8-4C37-9873-247354FF7165}"= UDP:c:\windows\System32\PnkBstrA.exe:PnkBstrA
"{2A1E71A7-3C5A-4E2F-A538-A74BCE5B36E6}"= TCP:c:\windows\System32\PnkBstrA.exe:PnkBstrA
"{FD34D9C6-29DA-4902-A86F-E9A03F08454C}"= UDP:c:\windows\System32\PnkBstrB.exe:PnkBstrB
"{02A17AB0-EE1D-4195-9A2E-56019C444E06}"= TCP:c:\windows\System32\PnkBstrB.exe:PnkBstrB
"{3A2597A5-D136-46A6-8D19-0487835E794D}"= UDP:c:\program files\Activision\Call of Duty - World at War\CoDWaWmp.exe:Call of Duty(R) - World at War(TM)
"{5343297E-0BF2-4705-ADE9-3B57505C7F85}"= TCP:c:\program files\Activision\Call of Duty - World at War\CoDWaWmp.exe:Call of Duty(R) - World at War(TM)
"{A1F48115-DFB2-41C4-B1B7-79E16BEB775A}"= UDP:c:\program files\Activision\Call of Duty - World at War\CoDWaW.exe:Call of Duty(R) - World at War(TM)
"{64FA7715-43CD-46F6-B3F2-B1606139A82C}"= TCP:c:\program files\Activision\Call of Duty - World at War\CoDWaW.exe:Call of Duty(R) - World at War(TM)
"{2C4F428A-54A8-44E6-AFF0-ECEFAFD69497}"= UDP:c:\program files\Sports Interactive\Football Manager 2009 Demo\fm.exe:Football Manager 2009 Demo
"{A7A0C3B7-C1E0-4731-B715-CFC524234DC2}"= TCP:c:\program files\Sports Interactive\Football Manager 2009 Demo\fm.exe:Football Manager 2009 Demo
"{11F43972-3A38-4F01-A5A2-B8DDD5B867E9}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{9B4C4D56-E463-449F-8C4B-37ABBA1FF40D}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{1641B7A6-0ABE-4C66-A7F2-ACB347A080A1}"= UDP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{8465BE7E-0D58-413F-9CDF-3A0D292D5429}"= TCP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{916890E6-EE4A-427F-A146-A5350C20DF08}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{12C4A968-5451-4680-9D4C-1D3E1C3CA87D}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"c:\\Program Files\\BitTorrent\\bittorrent.exe"= c:\program files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent

R0 Lbd;Lbd;c:\windows\System32\drivers\Lbd.sys [2009-01-24 64160]
R0 mv61xx;mv61xx;c:\windows\System32\drivers\mv61xx.sys [2008-10-30 150568]
R1 epfwtdir;epfwtdir;c:\windows\System32\drivers\epfwtdir.sys [2007-12-21 33800]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2008-12-04 8944]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2008-12-04 55024]
R2 ekrn;Eset Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [2007-12-21 468224]
R2 ISPMonitorSrv;ISP Monitor;c:\program files\ISP Monitor\ISPMonitorSrv.exe [2007-08-23 36864]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2009-01-18 950096]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2009-02-01 170640]
R2 RalinkRegistryWriter;Ralink Registry Writer;c:\program files\Ralink\Common\RalinkRegistryWriter.exe [2009-01-31 75040]
R3 CT20XUT.SYS;CT20XUT.SYS;c:\windows\System32\drivers\CT20XUT.sys [2008-08-06 198168]
R3 CTEXFIFX.SYS;CTEXFIFX.SYS;c:\windows\System32\drivers\CTEXFIFX.sys [2008-08-06 1353240]
R3 CTHWIUT.SYS;CTHWIUT.SYS;c:\windows\System32\drivers\CTHWIUT.sys [2008-08-06 73752]
R3 ha20x22k;Creative 20X2 HAL Driver;c:\windows\System32\drivers\ha20x22k.sys [2008-08-06 1221144]
R3 MBAMProtector;MBAMProtector;c:\windows\System32\drivers\mbam.sys [2009-02-01 15504]
R3 netr28u;RT2870 USB Wireless LAN Card Driver for Vista;c:\windows\System32\drivers\netr28u.sys [2008-10-30 552448]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2008-12-04 7408]
S3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;c:\program files\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2008-12-05 79360]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2008-12-05 79360]
S3 Creative Dolby Digital Live Pack Licensing Service;Creative Dolby Digital Live Pack Licensing Service;c:\program files\Common Files\Creative Labs Shared\Service\DDLLicensing.exe [2008-11-04 79360]
S3 CT20XUT;CT20XUT;c:\windows\System32\drivers\CT20XUT.sys [2008-08-06 198168]
S3 CTEXFIFX;CTEXFIFX;c:\windows\System32\drivers\CTEXFIFX.sys [2008-08-06 1353240]
S3 CTHWIUT;CTHWIUT;c:\windows\System32\drivers\CTHWIUT.sys [2008-08-06 73752]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
bthsvcs REG_MULTI_SZ BthServ

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4456a587-c9ec-11dd-a4e4-00221523e01a}]
\shell\AutoRun\command - H:\Autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d807ed1a-d899-11dd-a588-000272150f17}]
\shell\AutoRun\command - I:\Autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d807ed1c-d899-11dd-a588-000272150f17}]
\shell\AutoRun\command - J:\Autorun.exe

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"c:\program files\Common Files\LightScribe\LSRunOnce.exe"
.
Inhoud van de 'Gedeelde Taken' map

2009-01-31 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-01-31 22:19]

2009-01-31 c:\windows\Tasks\OGADaily.job
- c:\windows\system32\OGAVerify.exe [2008-12-31 17:04]

2009-02-01 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAVerify.exe [2008-12-31 17:04]

2009-02-01 c:\windows\Tasks\RtlVistaStart.job
- c:\program files\ASUS WiFi-AP Solo\RtWLan.exe []
.
.
------- Bijkomende Scan -------
.
uStart Page = hxxp://www.daemon-search.com/startpage
mStart Page = hxxp://breedband.telenet.be
mWindow Title = Telenet Internet
IE: Afbeelding verzenden naar &Bluetooth-apparaat... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Formulieren opslaan - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
IE: Invul Formulieren - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
IE: Menu aanpassen - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
IE: Pagina verzenden naar &Bluetooth-apparaat... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: RoboForm Werkbalk - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
FF - ProfilePath - c:\users\Tommy\AppData\Roaming\Mozilla\Firefox\Profiles\zyfu74p9.default\
FF - prefs.js: browser.startup.homepage - hxxp://nl.start2.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:nl:official
FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll
FF - plugin: c:\users\Tommy\Program Files\DNA\plugins\npbtdna.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-01 22:02:27
Windows 6.0.6001 Service Pack 1 NTFS

scannen van verborgen processen ...

scannen van verborgen autostart items ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
CTxfiHlp = CTXFIHLP.EXE?

scannen van verborgen bestanden ...

Scan succesvol afgerond
verborgen bestanden: 0

**************************************************************************
.
--------------------- DLLs Geladen Onder Lopende Processen ---------------------

- - - - - - - > 'Explorer.exe'(5572)
c:\program files\Logitech\SetPoint\IMHook.dll
c:\program files\Logitech\SetPoint\GameHook.dll
c:\program files\Logitech\SetPoint\lgscroll.dll
c:\windows\system32\btmmhook.dll
.
Voltooingstijd: 2009-02-01 22:04:25
ComboFix-quarantined-files.txt 2009-02-01 21:04:21

Pre-Run: 29.718.675.456 bytes beschikbaar
Post-Run: 30,471,823,360 bytes beschikbaar

348 --- E O F --- 2009-02-01 17:25:57

Juisterr

Legacy Member
Open Kladblok, kopiëer en plak het volgende (vetgedrukte, blauwe tekst) in een leeg venster:

  • Registry::
    [-HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{4456a587-c9ec-11dd-a4e4-00221523e01a}]

    [-HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{d807ed1a-d899-11dd-a588-000272150f17}]

    [-HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{d807ed1c-d899-11dd-a588-000272150f17}]




Sla dit op op je Bureaublad als CFScript.txt


Sleep CFScript.txt in ComboFix.exe zoals getoond in onderstaand voorbeeld :

CFScriptB-4.gif


Dit zal ComboFix doen herstarten.
Start opnieuw op als daarom gevraagd wordt,
en post de inhoud van de Combofix.txt in je volgende antwoord samen met een nieuw HijackThislogje.

Dogchild

Legacy Member
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:03, on 2009-02-04
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Common Files\logishrd\LComMgr\Communications_Helper.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Creative\Volume Panel\VolPanlu.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Creative\Shared Files\CTSched.exe
C:\Users\Tommy\Program Files\DNA\btdna.exe
C:\Program Files\ISP Monitor\isp.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Windows\SYSTEM32\CTXFISPI.EXE
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\Siber Systems\AI RoboForm\robotaskbaricon.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Mail\WinMail.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
C:\Windows\Explorer.exe
C:\Users\Tommy\Desktop\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Zita portaal | Nieuws | Entertainment | Lifestyle | Fun | Business
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: RoboForm - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [UpdReg] C:\Windows\UpdReg.EXE
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [VolPanel] "C:\Program Files\Creative\Volume Panel\VolPanlu.exe" /r
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [CreativeTaskScheduler] "C:\Program Files\Creative\Shared Files\CTSched.exe" /logon
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Users\Tommy\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [ISPMonitor] C:\Program Files\ISP Monitor\isp.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - Startup: Logitech . Productregistratie.lnk = C:\Program Files\Logitech\QuickCam\eReg.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Ralink Wireless Utility.lnk = C:\Program Files\Ralink\Common\RaUI.exe
O8 - Extra context menu item: Afbeelding verzenden naar &Bluetooth-apparaat... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Formulieren opslaan - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O8 - Extra context menu item: Invul Formulieren - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: Menu aanpassen - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: Pagina verzenden naar &Bluetooth-apparaat... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O8 - Extra context menu item: RoboForm Werkbalk - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Formulier Invullen - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Invul Formulieren - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Opslaan - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Formulieren opslaan - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Werkbalk - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Creative ALchemy AL6 Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\AL6Licensing.exe
O23 - Service: Creative Audio Engine Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe
O23 - Service: Creative Dolby Digital Live Pack Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\DDLLicensing.exe
O23 - Service: Creative Audio Service (CTAudSvcService) - Creative Technology Ltd - C:\Program Files\Creative\Shared Files\CTAudSvc.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: ISP Monitor (ISPMonitorSrv) - How2 Studios - C:\Program Files\ISP Monitor\ISPMonitorSrv.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Unknown owner - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe (file missing)
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\system32\IoctlSvc.exe
O23 - Service: Ralink Registry Writer (RalinkRegistryWriter) - Ralink Technology, Corp. - C:\Program Files\Ralink\Common\RalinkRegistryWriter.exe

--
End of file - 12722 bytes

Dogchild

Legacy Member
2009-02-04 15:37 . 2009-02-04 15:37 106 --ah----- C:\aaw7boot.cmd
2009-02-01 18:31 . 2009-02-01 18:31 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2009-02-01 18:31 . 2009-01-14 16:11 38,496 --a------ C:\Windows\System32\drivers\mbamswissarmy.sys
2009-02-01 18:31 . 2009-01-14 16:11 15,504 --a------ C:\Windows\System32\drivers\mbam.sys
2009-02-01 18:25 . 2009-02-01 18:25 <DIR> d-------- C:\Program Files\Microsoft
2009-01-31 10:20 . 2009-01-31 10:20 <DIR> d-------- C:\ProgramData\Ralink
2009-01-31 10:20 . 2008-09-09 11:12 1,597,440 --a------ C:\Windows\System32\RaCertMgr.dll
2009-01-31 10:19 . 2009-01-31 10:19 <DIR> d-------- C:\Users\Tommy\{911154f0-d308-4e1f-9c87-5784c2f42e05}
2009-01-31 10:19 . 2009-01-31 10:19 <DIR> d-------- C:\ProgramData\Ralink Driver
2009-01-31 10:19 . 2009-01-31 10:19 <DIR> d-------- C:\Program Files\Ralink
2009-01-31 10:19 . 2009-01-31 10:19 <DIR> d-------- C:\Program Files\Cisco
2009-01-31 10:19 . 2007-12-07 06:36 958,464 --a------ C:\Windows\System32\CiscoEapFast.dll
2009-01-31 10:19 . 2008-09-10 14:47 763,392 --a------ C:\Windows\System32\RAIHV.dll
2009-01-31 10:19 . 2008-08-28 17:21 97,280 --a------ C:\Windows\System32\RAEXTUI.dll
2009-01-31 10:19 . 2008-11-03 12:09 15,312 --a------ C:\Windows\System32\RaCoInst.dat
2009-01-31 09:49 . 2009-01-31 09:49 <DIR> d-------- C:\ProgramData\Office Genuine Advantage
2009-01-31 09:21 . 2008-06-20 02:14 781,344 --a------ C:\Windows\System32\PresentationNative_v0300.dll
2009-01-31 09:21 . 2008-06-20 02:14 622,080 --a------ C:\Windows\System32\icardagt.exe
2009-01-31 09:21 . 2008-06-20 02:14 326,160 --a------ C:\Windows\System32\PresentationHost.exe
2009-01-31 09:21 . 2008-06-20 02:14 105,016 --a------ C:\Windows\System32\PresentationCFFRasterizerNative_v0300.dll
2009-01-31 09:21 . 2008-06-20 02:14 97,800 --a------ C:\Windows\System32\infocardapi.dll
2009-01-31 09:21 . 2008-06-20 02:14 43,544 --a------ C:\Windows\System32\PresentationHostProxy.dll
2009-01-31 09:21 . 2008-06-20 02:14 37,384 --a------ C:\Windows\System32\infocardcpl.cpl
2009-01-31 09:21 . 2008-06-20 02:14 11,264 --a------ C:\Windows\System32\icardres.dll
2009-01-31 09:16 . 2008-07-27 19:03 282,112 --a------ C:\Windows\System32\mscoree.dll
2009-01-31 09:16 . 2008-07-27 19:03 158,720 --a------ C:\Windows\System32\mscorier.dll
2009-01-31 09:16 . 2008-07-27 19:03 96,760 --a------ C:\Windows\System32\dfshim.dll
2009-01-31 09:16 . 2008-07-27 19:03 41,984 --a------ C:\Windows\System32\netfxperf.dll
2009-01-31 09:15 . 2008-07-27 19:03 83,968 --a------ C:\Windows\System32\mscories.dll
2009-01-27 20:39 . 2006-10-26 19:56 32,592 --a------ C:\Windows\System32\msonpmon.dll
2009-01-27 20:38 . 2009-01-27 20:38 <DIR> d-------- C:\Program Files\Microsoft Works
2009-01-27 20:36 . 2009-01-27 20:36 <DIR> d-------- C:\Program Files\Microsoft.NET
2009-01-27 20:34 . 2009-01-27 20:34 <DIR> d-------- C:\Program Files\Microsoft Visual Studio 8
2009-01-27 20:32 . 2009-01-27 20:32 <DIR> dr-h----- C:\MSOCache
2009-01-27 15:04 . 2009-01-27 15:04 <DIR> dr-h----- C:\Users\Tommy\AppData\Roaming\SecuROM
2009-01-27 15:04 . 2009-01-27 15:04 <DIR> d-------- C:\ProgramData\Electronic Arts
2009-01-25 11:54 . 2009-02-04 15:59 <DIR> d-------- C:\Users\Tommy\AppData\Roaming\Skype
2009-01-25 11:49 . 2009-01-25 11:49 <DIR> d-------- C:\Program Files\Skype
2009-01-25 11:49 . 2009-01-25 11:49 <DIR> d-------- C:\Program Files\Common Files\Skype
2009-01-24 22:56 . 2009-01-31 22:19 15,688 --a------ C:\Windows\System32\lsdelete.exe
2009-01-24 22:19 . 2009-01-24 22:19 <DIR> d----c--- C:\Windows\System32\DRVSTORE
2009-01-24 22:19 . 2009-01-24 22:19 64,160 --a------ C:\Windows\System32\drivers\Lbd.sys
2009-01-24 22:17 . 2009-01-24 22:17 <DIR> d--h-c--- C:\ProgramData\{83C91755-2546-441D-AC40-9A6B4B860800}
2009-01-24 22:17 . 2009-01-24 22:17 <DIR> d-------- C:\Program Files\Lavasoft
2009-01-24 14:38 . 2009-01-24 14:38 <DIR> d-------- C:\ProgramData\Apple Computer
2009-01-24 14:38 . 2009-01-24 14:38 <DIR> d-------- C:\Program Files\QuickTime
2009-01-23 16:46 . 2009-01-23 16:46 0 --ah----- C:\Windows\System32\drivers\Msft_Kernel_LMouFilt_01005.Wdf
2009-01-23 16:46 . 2009-01-23 16:46 0 --ah----- C:\Windows\System32\drivers\Msft_Kernel_LHidFilt_01005.Wdf
2009-01-18 11:47 . 2009-01-18 11:47 <DIR> d-------- C:\Users\Tommy\AppData\Roaming\Malwarebytes
2009-01-18 11:47 . 2009-01-18 11:47 <DIR> d-------- C:\ProgramData\Malwarebytes
2009-01-17 22:31 . 2009-01-26 08:59 <DIR> d-------- C:\Users\Tommy\AppData\Roaming\Red Alert 3
2009-01-17 19:36 . 2009-01-17 19:36 <DIR> d-------- C:\Program Files\Sports Interactive
2009-01-16 14:57 . 2009-01-16 14:57 22,328 --a------ C:\Users\Tommy\AppData\Roaming\PnkBstrK.sys
2009-01-16 14:44 . 2009-01-16 14:44 <DIR> d-------- C:\Program Files\Activision
2009-01-16 08:31 . 2009-02-04 16:00 <DIR> d-------- C:\Users\Tommy\AppData\Roaming\skypePM
2009-01-16 08:31 . 2009-01-16 08:31 56 --ah----- C:\ProgramData\ezsidmv.dat
2009-01-15 18:34 . 2009-01-25 11:49 <DIR> d-------- C:\ProgramData\Skype
2009-01-14 13:47 . 2008-12-16 03:42 288,768 --a------ C:\Windows\System32\drivers\srv.sys
2009-01-10 17:56 . 2009-01-10 17:56 <DIR> d-------- C:\ProgramData\RoboForm
2009-01-10 17:56 . 2009-01-10 17:56 <DIR> d-------- C:\Program Files\Siber Systems
2009-01-05 20:05 . 2009-01-05 20:05 <DIR> d-------- C:\Users\Tommy\AppData\Roaming\Leadertech
2009-01-05 19:57 . 2009-01-07 09:21 <DIR> d-------- C:\ProgramData\Logishrd
2009-01-05 16:18 . 2009-01-05 16:18 90,112 --a------ C:\Windows\System32\QuickTimeVR.qtx
2009-01-05 16:18 . 2009-01-05 16:18 57,344 --a------ C:\Windows\System32\QuickTime.qts

.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-04 14:53 --------- d-----w C:\Users\Tommy\AppData\Roaming\DNA
2009-02-04 14:33 0 ----a-w C:\Windows\system32\drivers\lvuvc.hs
2009-02-02 21:45 --------- d-----w C:\Users\Tommy\AppData\Roaming\BitTorrent
2009-02-01 08:38 --------- d-----w C:\ProgramData\Spybot - Search & Destroy
2009-01-31 09:19 --------- d--h--w C:\Program Files\InstallShield Installation Information
2009-01-31 06:56 --------- d-----w C:\Program Files\Common Files\InstallShield
2009-01-30 21:00 --------- d-----w C:\Users\Tommy\AppData\Roaming\LimeWire
2009-01-28 09:50 --------- d-----w C:\ProgramData\Microsoft Help
2009-01-27 19:37 --------- d-----w C:\Program Files\MSBuild
2009-01-24 21:17 --------- d-----w C:\ProgramData\Lavasoft
2009-01-24 21:16 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2009-01-23 15:46 --------- d-----w C:\Program Files\Common Files\logishrd
2009-01-23 15:45 --------- d-----w C:\ProgramData\Logitech
2009-01-23 15:45 --------- d-----w C:\Program Files\Common Files\Logitech
2009-01-17 21:17 --------- d-----w C:\Program Files\Electronic Arts
2009-01-17 18:40 --------- d-----w C:\Users\Tommy\AppData\Roaming\Sports Interactive
2009-01-14 13:50 --------- d-----w C:\Program Files\Windows Mail
2009-01-11 10:01 --------- d-----w C:\Program Files\SUPERAntiSpyware
2009-01-05 18:57 --------- d-----w C:\Program Files\Logitech
2009-01-02 10:20 --------- d-----w C:\ProgramData\Sports Interactive
2009-01-02 10:14 --------- d--h--w C:\Program Files\Zero G Registry
2009-01-01 20:35 --------- d--h--w C:\Program Files\Creative Installation Information
2009-01-01 20:32 --------- d-----w C:\Program Files\Creative
2008-12-31 16:04 691,560 ----a-w C:\Windows\System32\OGACheckControl.dll
2008-12-31 16:04 528,744 ----a-w C:\Windows\System32\OGAVerify.exe
2008-12-31 16:04 502,120 ----a-w C:\Windows\System32\OGAAddin.dll
2008-12-30 18:20 --------- d-----w C:\Program Files\CCleaner
2008-12-30 17:16 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-12-30 16:30 --------- d-----w C:\Users\Tommy\AppData\Roaming\ImgBurn
2008-12-30 16:28 --------- d-----w C:\Program Files\ImgBurn
2008-12-30 14:52 --------- d-----w C:\Program Files\K-Lite Codec Pack
2008-12-30 09:25 --------- d-----w C:\Users\Tommy\AppData\Roaming\Winamp
2008-12-30 09:24 --------- d-----w C:\Program Files\Winamp
2008-12-29 08:48 --------- d-----w C:\Program Files\PokerStars
2008-12-21 22:34 --------- d-----w C:\Users\Tommy\AppData\Roaming\vlc
2008-12-21 22:33 --------- d-----w C:\Program Files\VideoLAN
2008-12-21 22:28 --------- d-----w C:\Program Files\WIDCOMM
2008-12-21 21:58 --------- d-----w C:\Users\Tommy\AppData\Roaming\Nero
2008-12-21 21:58 --------- d-----w C:\Program Files\Common Files\Nero
2008-12-21 21:57 --------- d-----w C:\ProgramData\Nero
2008-12-21 21:56 --------- d-----w C:\Program Files\Nero
2008-12-20 11:52 --------- d-----w C:\ProgramData\LightScribe
2008-12-19 22:31 --------- d-----w C:\Program Files\Windows Live
2008-12-19 22:09 --------- d-----w C:\Users\Tommy\AppData\Roaming\Creative
2008-12-19 19:22 --------- d-----w C:\Users\Tommy\AppData\Roaming\SUPERAntiSpyware.com
2008-12-19 19:22 --------- d-----w C:\ProgramData\SUPERAntiSpyware.com
2008-12-19 18:30 --------- d-----w C:\Program Files\Common Files\LightScribe
2008-12-18 22:06 410,984 ----a-w C:\Windows\System32\deploytk.dll
2008-12-18 22:06 --------- d-----w C:\Program Files\Java
2008-12-18 22:05 --------- d-----w C:\Program Files\LimeWire
2008-12-18 21:56 --------- d-----w C:\ProgramData\HP Product Assistant
2008-12-16 17:14 --------- d-----w C:\Program Files\DAEMON Tools Lite
2008-12-14 15:55 --------- d-----w C:\Users\Tommy\AppData\Roaming\DAEMON Tools Lite
2008-12-14 14:37 --------- d-----w C:\Users\Tommy\AppData\Roaming\DAEMON Tools Pro
2008-12-14 14:37 --------- d-----w C:\Users\Tommy\AppData\Roaming\DAEMON Tools
2008-12-14 14:37 --------- d-----w C:\ProgramData\DAEMON Tools Lite
2008-12-14 14:03 717,296 ----a-w C:\Windows\system32\drivers\sptd.sys
2008-12-13 23:18 --------- d-----w C:\Users\Tommy\AppData\Roaming\ISP Monitor
2008-12-13 23:16 737,280 ----a-w C:\Windows\iun6002.exe
2008-12-13 23:16 --------- d-----w C:\Program Files\ISP Monitor
2008-12-10 20:04 --------- d-----w C:\ProgramData\NOS
2008-12-10 20:04 --------- d-----w C:\Program Files\NOS
2008-12-10 17:12 --------- d-----w C:\Program Files\Common Files\Adobe
2008-12-08 11:53 57,344 ----a-w C:\Windows\System32\ff_vfw.dll
2008-12-07 19:40 --------- d-----w C:\ProgramData\Apple
2008-12-07 19:40 --------- d-----w C:\Program Files\Apple Software Update
2008-12-07 18:08 795,648 ----a-w C:\Windows\System32\xvidcore.dll
2008-12-07 18:08 130,048 ----a-w C:\Windows\System32\xvidvfw.dll
2008-12-06 15:22 --------- d-----w C:\Program Files\ASUS
2008-12-06 13:55 --------- d-----w C:\Program Files\DNA
2008-12-06 13:55 --------- d-----w C:\Program Files\BitTorrent
2008-12-06 13:49 --------- d-----w C:\Users\Tommy\AppData\Roaming\Media Player Classic
2008-12-06 13:43 --------- d-----w C:\ProgramData\Creative
2008-12-06 13:17 --------- d-----w C:\ProgramData\ESET
2008-12-06 13:17 --------- d-----w C:\Program Files\ESET
2008-12-05 23:34 --------- d-----w C:\Users\Tommy\AppData\Roaming\GrabIt
2008-12-05 22:13 --------- d-----w C:\Program Files\GrabIt
2008-12-05 19:35 --------- d-----w C:\Program Files\Common Files\Creative
2008-12-05 19:26 413,696 ----a-w C:\Windows\System32\wrap_oal.dll
2008-12-05 19:26 110,592 ----a-w C:\Windows\System32\OpenAL32.dll
2008-12-04 22:17 --------- d-----w C:\Program Files\FTDv3.8
2008-12-04 20:19 --------- d-----w C:\Users\Tommy\AppData\Roaming\Logitech
2008-11-04 19:22 9,728 ----a-w C:\Windows\System32\rnaph.dll
2008-01-21 02:43 174 --sha-w C:\Program Files\desktop.ini
2006-06-23 06:48 32,768 ----a-r C:\Windows\inf\UpdateUSB.exe
2008-10-30 20:30 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
2008-10-30 20:30 32,768 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
2008-10-30 20:30 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
.

((((((((((((((((((((((((((((( snapshot_2009-02-02_20.47.12,07 )))))))))))))))))))))))))))))))))))))))))
.
- 2005-10-20 12:02:28 163,328 ----a-w C:\Windows\ERDNT\Hiv-backup\ERDNT.EXE
+ 2005-10-20 19:02:28 163,328 ----a-w C:\Windows\ERDNT\Hiv-backup\ERDNT.EXE
- 2009-02-02 16:10:05 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-02-04 14:33:10 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-02-02 16:10:05 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2009-02-04 14:33:10 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2009-02-02 16:20:37 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2009-02-04 14:34:41 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
- 2009-02-02 19:46:44 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2009-02-04 15:00:41 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2009-02-04 15:00:41 262,144 ---ha-w C:\Windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1
- 2009-02-02 16:37:46 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-02-04 14:33:13 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-02-02 16:37:46 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-02-04 14:33:13 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-02-02 16:37:46 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-02-04 14:33:13 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-02-02 19:34:45 262,144 ----a-w C:\Windows\System32\config\systemprofile\ntuser.dat
+ 2009-02-04 14:48:47 262,144 ----a-w C:\Windows\System32\config\systemprofile\ntuser.dat
+ 2009-02-04 14:48:47 262,144 ---ha-w C:\Windows\System32\config\systemprofile\ntuser.dat.LOG1
- 2009-02-02 16:15:51 101,052 ----a-w C:\Windows\System32\perfc009.dat
+ 2009-02-04 14:37:59 101,052 ----a-w C:\Windows\System32\perfc009.dat
- 2009-02-02 16:15:51 126,648 ----a-w C:\Windows\System32\perfc013.dat
+ 2009-02-04 14:37:59 126,648 ----a-w C:\Windows\System32\perfc013.dat
- 2009-02-02 16:15:51 586,980 ----a-w C:\Windows\System32\perfh009.dat
+ 2009-02-04 14:37:59 586,980 ----a-w C:\Windows\System32\perfh009.dat
- 2009-02-02 16:15:51 667,114 ----a-w C:\Windows\System32\perfh013.dat
+ 2009-02-04 14:37:59 667,114 ----a-w C:\Windows\System32\perfh013.dat
- 2009-02-02 16:39:23 7,368 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-222201139-3677312697-3172188081-1000_UserData.bin
+ 2009-02-04 14:34:59 7,432 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-222201139-3677312697-3172188081-1000_UserData.bin
- 2009-02-02 16:39:21 88,662 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2009-02-04 14:34:59 88,886 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2009-02-02 15:49:44 2,854 ----a-w C:\Windows\System32\WDI\ERCQueuedResolutions.dat
+ 2009-02-04 14:31:50 2,944 ----a-w C:\Windows\System32\WDI\ERCQueuedResolutions.dat
- 2009-02-02 16:39:19 53,946 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-02-04 14:34:57 54,296 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
.
-- Snapshot teruggezet naar huidige datum --
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-21 03:23 1233920]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2008-12-12 21:54 5724184]
"CreativeTaskScheduler"="C:\Program Files\Creative\Shared Files\CTSched.exe" [2006-11-17 10:42 53341]
"BitTorrent DNA"="C:\Users\Tommy\Program Files\DNA\btdna.exe" [2008-12-16 18:09 342848]
"ISPMonitor"="C:\Program Files\ISP Monitor\isp.exe" [2008-06-10 00:12 446192]
"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [2008-12-10 10:02 216520]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-12-05 22:41 1809648]
"LightScribe Control Panel"="C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe" [2008-06-09 10:16 2363392]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2008-06-24 16:06 1840424]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-09-16 12:16 1833296]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2008-11-07 14:31 21633320]
"RoboForm"="C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2009-01-10 17:56 160592]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LogitechCommunicationsManager"="C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2008-08-14 17:11 565008]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 12:17 61440]
"UpdReg"="C:\Windows\UpdReg.EXE" [2000-05-11 01:00 90112]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2006-12-10 21:52 49152]
"VolPanel"="C:\Program Files\Creative\Volume Panel\VolPanlu.exe" [2008-08-06 16:31 233576]
"egui"="C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" [2007-12-21 08:21 1443072]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 02:38 34672]
"SunJavaUpdateSched"="C:\Program Files\Java\jre6\bin\jusched.exe" [2008-12-18 23:07 136600]
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-06-08 09:31 2221352]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2008-08-04 00:02 36352]
"LogitechQuickCamRibbon"="C:\Program Files\Logitech\QuickCam\Quickcam.exe" [2008-08-14 17:15 2407184]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2009-01-05 16:18 413696]
"Ad-Watch"="C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-01-31 22:19 509784]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 07:00 33648]
"Malwarebytes' Anti-Malware"="C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" [2009-01-14 16:11 399504]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-04-11 15:32 56080 C:\Windows\KHALMNPR.Exe]
"CTxfiHlp"="CTXFIHLP.EXE" [2008-08-06 21:15 23040 C:\Windows\System32\Ctxfihlp.exe]

C:\Users\Tommy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Logitech . Productregistratie.lnk - C:\Program Files\Logitech\QuickCam\eReg.exe [2008-02-13 15:32:58 493832]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
BTTray.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-02-27 11:04:02 715568]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2007-01-02 21:40:10 210520]
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2009-01-23 16:45:25 692224]
Ralink Wireless Utility.lnk - C:\Program Files\Ralink\Common\RaUI.exe [2009-01-31 10:20:21 1799456]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 09:13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-03 14:56 352256 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"TCP Query User{4E6B7152-E8AF-4D78-AAE3-F0A757C7AE33}C:\\program files\\windows live\\messenger\\msnmsgr.exe"= UDP:C:\program files\windows live\messenger\msnmsgr.exe:Windows Live Messenger
"UDP Query User{5564B068-81D0-4EA3-9A13-5B1D0FA8A734}C:\\program files\\windows live\\messenger\\msnmsgr.exe"= TCP:C:\program files\windows live\messenger\msnmsgr.exe:Windows Live Messenger
"{E1F34F99-1EFC-4F88-9A53-FFDF53E33FED}"= UDP:C:\Program Files\DNA\btdna.exe:DNA (TCP-In)
"{A8668D9F-CBE8-4114-BED8-9DEC27AEEBAE}"= TCP:C:\Program Files\DNA\btdna.exe:DNA (UDP-In)
"{2BD6601C-5F2A-453F-8408-AAC93EFA4216}"= UDP:C:\Program Files\BitTorrent\BitTorrent.exe:BitTorrent (TCP-In)
"{2A1CFCD3-A031-4421-8D46-28E8FCA073AE}"= TCP:C:\Program Files\BitTorrent\BitTorrent.exe:BitTorrent (UDP-In)
"TCP Query User{723D7E9B-EA0A-4CE6-9EE6-99C7DF398231}C:\\users\\tommy\\program files\\dna\\btdna.exe"= UDP:C:\users\tommy\program files\dna\btdna.exe:btdna.exe
"UDP Query User{CE8857F6-9185-49EC-B2C5-EFFD9D03D0F9}C:\\users\\tommy\\program files\\dna\\btdna.exe"= TCP:C:\users\tommy\program files\dna\btdna.exe:btdna.exe
"TCP Query User{ED27060A-F029-4D88-B653-119ACC7E0573}C:\\program files\\windows live\\messenger\\msnmsgr.exe"= UDP:C:\program files\windows live\messenger\msnmsgr.exe:Windows Live Messenger
"UDP Query User{5C1C93ED-766D-43BF-8D12-1AEB86873CF5}C:\\program files\\windows live\\messenger\\msnmsgr.exe"= TCP:C:\program files\windows live\messenger\msnmsgr.exe:Windows Live Messenger
"TCP Query User{F75229D4-E5D5-4C73-89C6-F5F110BF0AD2}C:\\program files\\windows sidebar\\sidebar.exe"= UDP:C:\program files\windows sidebar\sidebar.exe:Windows Sidebar
"UDP Query User{1DA92844-93E7-4351-80CB-15742D524B5E}C:\\program files\\windows sidebar\\sidebar.exe"= TCP:C:\program files\windows sidebar\sidebar.exe:Windows Sidebar
"TCP Query User{578A0198-E145-4039-9089-257471857DFA}C:\\program files\\limewire\\limewire.exe"= UDP:C:\program files\limewire\limewire.exe:LimeWire
"UDP Query User{F8032233-9C27-4734-97DE-FEC968FED6E0}C:\\program files\\limewire\\limewire.exe"= TCP:C:\program files\limewire\limewire.exe:LimeWire
"{1A9C6170-2BC8-4C37-9873-247354FF7165}"= UDP:C:\Windows\System32\PnkBstrA.exe:PnkBstrA
"{2A1E71A7-3C5A-4E2F-A538-A74BCE5B36E6}"= TCP:C:\Windows\System32\PnkBstrA.exe:PnkBstrA
"{FD34D9C6-29DA-4902-A86F-E9A03F08454C}"= UDP:C:\Windows\System32\PnkBstrB.exe:PnkBstrB
"{02A17AB0-EE1D-4195-9A2E-56019C444E06}"= TCP:C:\Windows\System32\PnkBstrB.exe:PnkBstrB
"{3A2597A5-D136-46A6-8D19-0487835E794D}"= UDP:C:\Program Files\Activision\Call of Duty - World at War\CoDWaWmp.exe:Call of Duty(R) - World at War(TM)
"{5343297E-0BF2-4705-ADE9-3B57505C7F85}"= TCP:C:\Program Files\Activision\Call of Duty - World at War\CoDWaWmp.exe:Call of Duty(R) - World at War(TM)
"{A1F48115-DFB2-41C4-B1B7-79E16BEB775A}"= UDP:C:\Program Files\Activision\Call of Duty - World at War\CoDWaW.exe:Call of Duty(R) - World at War(TM)
"{64FA7715-43CD-46F6-B3F2-B1606139A82C}"= TCP:C:\Program Files\Activision\Call of Duty - World at War\CoDWaW.exe:Call of Duty(R) - World at War(TM)
"{2C4F428A-54A8-44E6-AFF0-ECEFAFD69497}"= UDP:C:\Program Files\Sports Interactive\Football Manager 2009 Demo\fm.exe:Football Manager 2009 Demo
"{A7A0C3B7-C1E0-4731-B715-CFC524234DC2}"= TCP:C:\Program Files\Sports Interactive\Football Manager 2009 Demo\fm.exe:Football Manager 2009 Demo
"{11F43972-3A38-4F01-A5A2-B8DDD5B867E9}"= C:\Program Files\Skype\Phone\Skype.exe:Skype
"{9B4C4D56-E463-449F-8C4B-37ABBA1FF40D}"= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{1641B7A6-0ABE-4C66-A7F2-ACB347A080A1}"= UDP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{8465BE7E-0D58-413F-9CDF-3A0D292D5429}"= TCP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{916890E6-EE4A-427F-A146-A5350C20DF08}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{12C4A968-5451-4680-9D4C-1D3E1C3CA87D}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"C:\\Program Files\\BitTorrent\\bittorrent.exe"= C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent

R0 Lbd;Lbd;C:\Windows\System32\drivers\Lbd.sys [2009-01-24 22:19:15 64160]
R0 mv61xx;mv61xx;C:\Windows\System32\drivers\mv61xx.sys [2008-10-30 21:47:28 150568]
R1 epfwtdir;epfwtdir;C:\Windows\System32\drivers\epfwtdir.sys [2007-12-21 08:21:56 33800]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv.sys [2008-12-04 13:50:04 8944]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [2008-12-04 13:50:02 55024]
R2 ekrn;Eset Service;C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [2007-12-21 08:21:16 468224]
R2 ISPMonitorSrv;ISP Monitor;C:\Program Files\ISP Monitor\ISPMonitorSrv.exe [2007-08-23 00:55:16 36864]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe [2009-01-18 22:34:37 950096]
R2 MBAMService;MBAMService;C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [2009-02-01 18:31:31 170640]
R2 RalinkRegistryWriter;Ralink Registry Writer;C:\Program Files\Ralink\Common\RalinkRegistryWriter.exe [2009-01-31 10:20:22 75040]
R3 CT20XUT.SYS;CT20XUT.SYS;C:\Windows\System32\drivers\CT20XUT.sys [2008-08-06 23:01:54 198168]
R3 CTEXFIFX.SYS;CTEXFIFX.SYS;C:\Windows\System32\drivers\CTEXFIFX.sys [2008-08-06 23:02:22 1353240]
R3 CTHWIUT.SYS;CTHWIUT.SYS;C:\Windows\System32\drivers\CTHWIUT.sys [2008-08-06 23:02:02 73752]
R3 ha20x22k;Creative 20X2 HAL Driver;C:\Windows\System32\drivers\ha20x22k.sys [2008-08-06 23:03:58 1221144]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2009-02-01 18:31:32 15504]
R3 netr28u;RT2870 USB Wireless LAN Card Driver for Vista;C:\Windows\System32\drivers\netr28u.sys [2008-10-30 20:58:10 552448]
R3 SASENUM;SASENUM;C:\Program Files\SUPERAntiSpyware\SASENUM.SYS [2008-12-04 13:50:06 7408]
S3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;C:\Program Files\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2008-12-05 20:28:05 79360]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;C:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2008-12-05 20:09:16 79360]
S3 Creative Dolby Digital Live Pack Licensing Service;Creative Dolby Digital Live Pack Licensing Service;C:\Program Files\Common Files\Creative Labs Shared\Service\DDLLicensing.exe [2008-11-04 19:33:58 79360]
S3 CT20XUT;CT20XUT;C:\Windows\System32\drivers\CT20XUT.sys [2008-08-06 23:01:54 198168]
S3 CTEXFIFX;CTEXFIFX;C:\Windows\System32\drivers\CTEXFIFX.sys [2008-08-06 23:02:22 1353240]
S3 CTHWIUT;CTHWIUT;C:\Windows\System32\drivers\CTHWIUT.sys [2008-08-06 23:02:02 73752]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
bthsvcs REG_MULTI_SZ BthServ

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4456a587-c9ec-11dd-a4e4-00221523e01a}]
\shell\AutoRun\command - H:\Autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d807ed1a-d899-11dd-a588-000272150f17}]
\shell\AutoRun\command - I:\Autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d807ed1c-d899-11dd-a588-000272150f17}]
\shell\AutoRun\command - J:\Autorun.exe

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"C:\Program Files\Common Files\LightScribe\LSRunOnce.exe"
.
Inhoud van de 'Gedeelde Taken' map

2009-02-02 C:\Windows\Tasks\Ad-Aware Update (Weekly).job
- C:\Program Files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-01-31 22:19]

2009-01-31 C:\Windows\Tasks\OGADaily.job
- C:\Windows\system32\OGAVerify.exe [2008-12-31 17:04]

2009-02-04 C:\Windows\Tasks\OGALogon.job
- C:\Windows\system32\OGAVerify.exe [2008-12-31 17:04]

2009-02-04 C:\Windows\Tasks\RtlVistaStart.job
- C:\Program Files\ASUS WiFi-AP Solo\RtWLan.exe []
mStart Page = hxxp://breedband.telenet.be
mWindow Title = Telenet Internet
IE: Afbeelding verzenden naar &Bluetooth-apparaat... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: E&xporteren naar Microsoft Excel - C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Formulieren opslaan - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
IE: Invul Formulieren - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
IE: Menu aanpassen - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
IE: Pagina verzenden naar &Bluetooth-apparaat... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: RoboForm Werkbalk - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
FF - ProfilePath - C:\Users\Tommy\AppData\Roaming\Mozilla\Firefox\Profiles\zyfu74p9.default\
FF - prefs.js: browser.startup.homepage - hxxp://nl.start2.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:nl:official
FF - component: C:\Program Files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
FF - plugin: C:\Program Files\Microsoft\Office Live\npOLW.dll
FF - plugin: C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: C:\Program Files\Mozilla Firefox\plugins\npbittorrent.dll
FF - plugin: C:\Users\Tommy\Program Files\DNA\plugins\npbtdna.dll

Dogchild

Legacy Member
eerlijk , nee maar ge hoort me niet zeggen dat da aan u ligt he . maar nu flest mijn geluid af en toe , er is een proces op de achtergrond da mijn systeem vertraagt op sommige momenten , cpu usage tot 100 % voor enkele seconden . en die rami royal pop up blijft komen . soms denk ik dat der iets is aan die roboform da ik gebruik . alle handige tool maar is allemaal zowat begonnen sinds ik dat geinstalleerd heb .

Dogchild

Legacy Member
om maar een voorbeeld te geven er treden te pas en te onpas systeemfouten op , mpc media player classic wil niet meer opstarten en ik gebruik die om via hdmi films te zien bvb . alle zo allerlei kleine dingen

Juisterr

Legacy Member
Doe je windows updaten en start opnieuw op.

1. Download ATF cleaner (gemaakt door Atribune)
Dubbelklik op ATF cleaner om het programma te starten.
Op het tabblad "Main", plaats je een vinkje bij Select All.
Klik op de knop Empty Selected.

Het volgende doen als je ook FireFox als browser hebt:
Klik op tabblad "Firefox", plaats een vinkje bij Select All.
Wil je de door Firefox opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op "No".
(dit haalt het vinkje weer weg bij "Firefox saved passwords")
Klik op de knop Empty Selected.

Het volgende doen als je ook Opera als browser hebt:
Klik op tabblad "Opera", plaats een vinkje bij Select All.
Wil je de door Opera opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op "No".
Klik op de knop Empty Selected.
Ga naar het tabblad "Main" en klik op de knop Exit om het programma af te sluiten.

2. Download Dr.Web CureIt en sla het op je bureaublad op.
  • Dubbelklik drweb-cureit.exe en sta het toe om te express scan te starten.
    Indien er een popup verschijnt met het voorstel tot kopen/50% korting mag je deze sluiten.
  • De express scan zal de bestanden scannen die momenteel in het geheugen geladen zijn. Wanneer er iets gevonden wordt klik op 'alles selecteren' kies nu voor 'repareren' en uit het kleine menutje dat verschijnt kies je 'verplaatsen'.
  • Kies bovenaan in het menu voor Language/Taal en wijzig deze naar Dutch (Nederlands) indien deze bij jou anders staat ingesteld.
  • Druk op F9, kies daarna voor het tabblad Acties en stel daar het volgende in onder Malware:
    • Adware: Verplaats
    • Dialers: Verplaats
    • Jokes: Rapportage
    • Riskware: Rapportage
    • Hacktools: Verplaats
    • Haal dan het vinkje weg bij 'Prompt bij actie'.
  • Kies daarna voor het tabblad Scan en verwijder het vinkje bij Heuristische analyse.
    Druk vervolgens op Toepassen gevolgd door OK.
  • Eenmaal als de korte scan is beëindigd vink je aan: Volledige scan.
    Druk daarna op het groene pijltje (start knop) om de scan te starten.
  • Gevonden bestanden worden naar '%USERPROFILE%\DocterWeb\Quarantine' -map verplaatst indien het herstellen niet mogelijk is.
  • Nadat de scan gedaan is ga dan naar Bestand en kies Rapportage lijst opslaan.
    Bewaar deze op je bureaublad en sluit daarna Dr.Web CureIt.
  • Herstart vervolgens de computer!! Dit is een belangrijke stap want het kan zijn dat Dr.Web CureIt bestanden zal verplaatsen/verwijderen tijdens herstart.
  • Na het herstarten, kopieer en plak de inhoud van die log die je eerder hebt bewaard in je volgende post.

Dogchild

Legacy Member
bedankt voor de hulp hij draait al vlotter alleen die rami royal blijft dus komen he die pop up . alleen kan ik je die log niet posten ik kreeg een leuk blauw scherm toen ik die logfile wou opslaan .

Juisterr

Legacy Member
Ik weet helaas niet hoe ik dat wegkrijg, kan je mij zeggen waar rami royal op je pc geinstalleerd staat ?
Het archief is een bevroren moment uit een vorige versie van dit forum, met andere regels en andere bazen. Deze posts weerspiegelen op geen enkele manier onze huidige ideeën, waarden of wereldbeelden en zijn op sommige plaatsen gecensureerd wegens ontoelaatbaar. Veel zijn in een andere tijdsgeest gemaakt, al dan niet ironisch - zoals in het ironische subforum Off-Topic - en zouden op dit moment niet meer gepost (mogen) worden. Toch bieden we dit archief nog graag aan als informatiedatabank en naslagwerk. Lees er hier meer over of start een gesprek met anderen.
Terug
Bovenaan