Mededeling

**smeenk** · 28-03-08, 20:00

Start HijackThis nog een keer en plaats alleen een vinkje voor de volgende regels:
O2 - BHO: Give4Free Plugin Installer - {208E7E77-507A-4649-B0C9-D39E9049C7A2} - C:\Program Files\Give4Free Plugin\ibho.dll (file missing)
O2 - BHO: {223d8999-5ab4-2919-3734-d38f161ecc04} - {40cce161-f83d-4373-9192-4ba59998d322} - C:\WINDOWS\system32\cplyravh.dll (file missing)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {81B1E6D1-3B37-43C4-9962-E1626E8BA05D} - C:\WINDOWS\system32\ssqrp.dll
O2 - BHO: (no name) - {C20E9EB2-0971-44BC-A2ED-96117BF275EE} - (no file)
O2 - BHO: WebManager Class - {D5792AA9-D373-4039-8670-2CDAB6A71F15} - C:\Program Files\TorrentQ\TorrentManager.dll (file missing)
O4 - HKLM\..\Run: [a0fabe9c] rundll32.exe "C:\WINDOWS\system32\gjeauixg.dll",b
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\León\Menu Start\Programma's\IMVU\Run IMVU.lnk (file missing)
O20 - Winlogon Notify: befbefafe - C:\WINDOWS\system32\befbefafe.dll
O20 - Winlogon Notify: cbxxxus - cbxxxus.dll (file missing)
Sluit alle open vensters(behalve HijackThis), klik daarna op "Fix checked" en sluit HijackThis af.

Download Malwarebytes' Anti-Malware op je bureaublad.
Dubbelklik mbam-setup.exe en kies voor "Next" om de tool te installeren.
Als de installatie voltooid is zet je vinkjes bij "Update MalwareBytes' Anti-Malware" en bij "Launch MalwareBytes' Anti-Malware".
Druk daarna op "Finish".
Kies in het hoofdscherm voor de tab "Scanner" en selecteer het keuzerondje "Perform full scan".
Druk op de knop "Scan" en zorg dat al je harde schijven/partities aangevinkt staan.
Druk dan op de knop "Start Scan".
Wanneer de scan voltooid is klik je op OK, daarna op "Show Results" om de resultaten te zien.
Zorg ervoor dat alles aangevinkt is, klik daarna op "Remove Selected".
Als het programma je computer wil laten herstarten, sta je dit toe.
Daarna opent een logje(mbam-log-XX-XX-XXXX(xx-xx-xx).txt)
Post deze log in je volgende bericht tesamen met een nieuw logje van Hijackthis

**RHCPFreak** · 29-03-08, 11:15

ik heb malwarebytes anti malware gedownload en de scan gedaan.
dit is de Hijack log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:50:12, on 29-3-2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\SiteAdvisor\6253\SAService.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
c:\PROGRA~1\mcafee\VIRUSS~1\mcvsshld.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
C:\PROGRA~1\mcafee.com\mps\mscifapp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exe
C:\Program Files\TrojanHunter 5.0\THGuard.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\WiFiConnector\NintendoWFCReg.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.nl/ig/dell?hl=nl&client=dell-row&channel=nl&ibd=5061003
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.goldeagle.hyves.nl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.nl/ig/dell?hl=nl&client=dell-row&channel=nl&ibd=5061003
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O2 - BHO: McBrwHelper Class - {227B8AA8-DAF2-4892-BD1D-73F568BCB24E} - c:\PROGRA~1\mcafee.com\mps\mcbrhlpr.dll
O2 - BHO: McAfee PopupKiller - {3EC8255F-E043-4cae-8B3B-B191550C2A22} - c:\program files\mcafee.com\mps\popupkiller.dll
O2 - BHO: McAfee AntiPhishing Filter - {41D68ED8-4CFF-4115-88A6-6EBB8AF19000} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptcl.dll
O2 - BHO: (no name) - {81B1E6D1-3B37-43C4-9962-E1626E8BA05D} - (no file)
O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe /startup
O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
O4 - HKLM\..\Run: [MPSExe] c:\PROGRA~1\mcafee.com\mps\mscifapp.exe /embedding
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1043
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [LogonStudio] "C:\Program Files\WinCustomize\LogonStudio\logonstudio.exe" /RANDOM
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SpyHunter Security Suite] C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exe
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 5.0\THGuard.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: wkcalrem.LNK = C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Nintendo Wi-Fi USB Connector registratiesoftware uitvoeren.lnk = C:\Program Files\WiFiConnector\NintendoWFCReg.exe
O9 - Extra button: In weblog opnemen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &In weblog opnemen met Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O9 - Extra 'Tools' menuitem: McAfee AntiPhishing Filter - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/20061205/qtinstall.info.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://leon22.spaces.live.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/NL-NL/a-UNO1/GAME_UNO1.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://cache.hyves.net/statics/Aurigma/ImageUploader4.cab
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - http://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/win/ActiveXPlugin.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab53083.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game09.zylom.com/activex/zylomgamesplayer.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {E55FD215-A32E-43FE-A777-A7E8F165F551} (Flatcast Viewer 4.15) - http://www.flatcast.com/de/download/NpFv415.dll
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O20 - Winlogon Notify: befbefafe - C:\WINDOWS\system32\befbefafe.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SiteAdvisor-service (SiteAdvisor Service) - Unknown owner - C:\Program Files\SiteAdvisor\6253\SAService.exe

--
End of file - 15096 bytes

en dit de Malwarebytes log:
Malwarebytes' Anti-Malware 1.09
Database versie: 560

Scan type: Volledige Scan (C:\|D:\|)
Objecten gescand: 113082
Verstreken tijd: 1 hour(s), 3 minute(s), 35 second(s)

Geheugenprocessen geïnfecteerd: 0
Geheugenmodulen geïnfecteerd: 1
Registersleutels geïnfecteerd: 17
Registerwaarden geïnfecteerd: 0
Registerdata bestanden geïnfecteerd: 2
Mappen geïnfecteerd: 0
Bestanden geïnfecteerd: 7

Geheugenprocessen geïnfecteerd:
(Geen kwaadaardige items gevonden)

Geheugenmodulen geïnfecteerd:
C:\WINDOWS\system32\ssqrp.dll (Trojan.Vundo) -> Unloaded module successfully.

Registersleutels geïnfecteerd:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{81b1e6d1-3b37-43c4-9962-e1626e8ba05d} (Trojan.Vundo) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{81b1e6d1-3b37-43c4-9962-e1626e8ba05d} (Trojan.Vundo) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{90b5a95a-afd5-4d11-b9bd-a69d53d22226} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{8109fd3d-d891-4f80-8339-50a4913ace6f} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8109fd3d-d891-4f80-8339-50a4913ace6f} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{85e06077-c824-43d0-a8dc-5efb17bc348a} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\jkwslist (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\WakeNet (Trojan.Adware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Juan (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.

Registerwaarden geïnfecteerd:
(Geen kwaadaardige items gevonden)

Registerdata bestanden geïnfecteerd:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\ssqrp.dll -> Delete on reboot.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\ssqrp.dll -> Delete on reboot.

Mappen geïnfecteerd:
(Geen kwaadaardige items gevonden)

Bestanden geïnfecteerd:
C:\WINDOWS\system32\ssqrp.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\prqss.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\prqss.ini2 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\axmfr.exe (Trojan.Peed) -> Quarantined and deleted successfully.
C:\fvsyct.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\7CF28762C38CA0D4.tmp (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\AE8AB41F91F72503.tmp (Malware.Trace) -> Quarantined and deleted successfully.

**smeenk** · 29-03-08, 11:43

Download KillAFile.exe en plaats het op je bureaublad: http://users.telenet.be/marcvn/tools/KillAFile.exe
Dubbelklik op KillAFile.exe om de tool te starten.
In het keuzemenu kies je voor optie 1:
1: Delete a file on reboot
Wanneer deze melding verschijnt

Code:

Insert full path and filename to delete.
and then press enter:

tik je dit in: C:\WINDOWS\system32\befbefafe.dll
Indien het bestandje aanwezig is, zal de computer vragen om te herstarten.
Sta dit toe.
Wanneer de computer opnieuw opgestart is, opent er een kladblokbestandje. Post de inhoud van dit bestand.

**RHCPFreak** · 29-03-08, 15:49

ik heb killafile gedaan en dit is het logje:

KILLAFILE - logfile

Running from: "C:\Documents and Settings\Le¢n\Bureaublad"

Delete on reboot: C:\WINDOWS\system32\befbefafe.dll

--- Rebooting the computer ---

C:\WINDOWS\system32\befbefafe.dll not deleted

Finished!

maar er komt nu een melding vn MCAfee:
Ongewenst programma
PrcViewer

programma verwijderen
programma toestaan

en van trojanhunter:
trojanhunterguard has found trojans running in memory. it is strongly recommended thath you check all checkboxes and press clean to remove the trojans memory

**smeenk** · 29-03-08, 16:49

Download Deckard's System Scanner naar je Bureaublad.

Sluit alle toepassingen en vensters.
Dubbelklik op dss.exe om het te activeren, en volg de aanwijzingen.
Wanneer de scan volledig is, zal een tekstbestand - main.txt - openen.
Kopiëer (Ctrl+A gevolgd door Ctrl+C) en plak (Ctrl+V) de inhoud van main.txt in je volgende antwoord.

Opmerking: Sommige firewalls kunnen waarschuwen dat sigcheck.exe probeert verbinding te maken met het internet
- zorg dat sigcheck.exe toestemming krijgt om dit te doen !
Tevens kan het gebeuren dat je Antivirus DSS als verdacht aangeeft, of zelfs probeert te verwijderen.
Laat je Antivirus dit niet verwijderen ! (In dit geval is het misschien beter om tijdens de scan van DSS je Antivirus even uit te schakelen)

**RHCPFreak** · 29-03-08, 17:34

Deckard's System Scanner v20071014.68
Run by León on 2005-03-29 17:25:32
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

System Restore is disabled; attempting to re-enable...success.

-- Last 1 Restore Point(s) --
1: 2005-03-29 15:25:36 UTC - RP1 - Controlepunt van systeem

Backed up registry hives.
Performed disk cleanup.

Percentage of Memory in Use: 80% (more than 75%).
Total Physical Memory: 447 MiB (512 MiB recommended).

-- HijackThis (run as León.exe) ------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:27:43, on 29-3-2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\SiteAdvisor\6253\SAService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
C:\PROGRA~1\mcafee.com\mps\mscifapp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exe
C:\Program Files\TrojanHunter 5.0\THGuard.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\DNA\btdna.exe
c:\PROGRA~1\mcafee\VIRUSS~1\mcvsshld.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\WiFiConnector\NintendoWFCReg.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
C:\Documents and Settings\León\Bureaublad\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\León.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.nl/ig/dell?hl=nl&client=dell-row&channel=nl&ibd=5061003
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.goldeagle.hyves.nl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.nl/ig/dell?hl=nl&client=dell-row&channel=nl&ibd=5061003
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O2 - BHO: McBrwHelper Class - {227B8AA8-DAF2-4892-BD1D-73F568BCB24E} - c:\PROGRA~1\mcafee.com\mps\mcbrhlpr.dll
O2 - BHO: McAfee PopupKiller - {3EC8255F-E043-4cae-8B3B-B191550C2A22} - c:\program files\mcafee.com\mps\popupkiller.dll
O2 - BHO: McAfee AntiPhishing Filter - {41D68ED8-4CFF-4115-88A6-6EBB8AF19000} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptcl.dll
O2 - BHO: (no name) - {81B1E6D1-3B37-43C4-9962-E1626E8BA05D} - (no file)
O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe /startup
O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
O4 - HKLM\..\Run: [MPSExe] c:\PROGRA~1\mcafee.com\mps\mscifapp.exe /embedding
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1043
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [LogonStudio] "C:\Program Files\WinCustomize\LogonStudio\logonstudio.exe" /RANDOM
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SpyHunter Security Suite] C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exe
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 5.0\THGuard.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: wkcalrem.LNK = C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Nintendo Wi-Fi USB Connector registratiesoftware uitvoeren.lnk = C:\Program Files\WiFiConnector\NintendoWFCReg.exe
O9 - Extra button: In weblog opnemen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &In weblog opnemen met Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O9 - Extra 'Tools' menuitem: McAfee AntiPhishing Filter - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/20061205/qtinstall.info.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://leon22.spaces.live.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/NL-NL/a-UNO1/GAME_UNO1.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://cache.hyves.net/statics/Aurigma/ImageUploader4.cab
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - http://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/win/ActiveXPlugin.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab53083.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game09.zylom.com/activex/zylomgamesplayer.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {E55FD215-A32E-43FE-A777-A7E8F165F551} (Flatcast Viewer 4.15) - http://www.flatcast.com/de/download/NpFv415.dll
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O20 - Winlogon Notify: befbefafe - C:\WINDOWS\system32\befbefafe.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SiteAdvisor-service (SiteAdvisor Service) - Unknown owner - C:\Program Files\SiteAdvisor\6253\SAService.exe

--
End of file - 15045 bytes

**RHCPFreak** · 29-03-08, 17:34

-- HijackThis Fixed Entries (C:\PROGRA~1\TRENDM~1\HIJACK~1\backups\) -----------

backup-20050328-211625-210 O2 - BHO: Give4Free Plugin Installer - {208E7E77-507A-4649-B0C9-D39E9049C7A2} - C:\Program Files\Give4Free Plugin\ibho.dll (file missing)
backup-20050328-211625-592 O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
backup-20050328-211625-813 O2 - BHO: {223d8999-5ab4-2919-3734-d38f161ecc04} - {40cce161-f83d-4373-9192-4ba59998d322} - C:\WINDOWS\system32\cplyravh.dll (file missing)
backup-20050328-211625-987 O2 - BHO: (no name) - {81B1E6D1-3B37-43C4-9962-E1626E8BA05D} - C:\WINDOWS\system32\ssqrp.dll
backup-20050328-211641-432 O2 - BHO: (no name) - {C20E9EB2-0971-44BC-A2ED-96117BF275EE} - (no file)
backup-20050328-211641-786 O2 - BHO: WebManager Class - {D5792AA9-D373-4039-8670-2CDAB6A71F15} - C:\Program Files\TorrentQ\TorrentManager.dll (file missing)
backup-20050328-211702-778 O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
backup-20050328-211702-923 O4 - HKLM\..\Run: [a0fabe9c] rundll32.exe "C:\WINDOWS\system32\gjeauixg.dll",b
backup-20050328-211915-573 O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\León\Menu Start\Programma's\IMVU\Run IMVU.lnk (file missing)
backup-20050328-211915-819 O20 - Winlogon Notify: befbefafe - C:\WINDOWS\system32\befbefafe.dll
backup-20050328-211916-586 O20 - Winlogon Notify: cbxxxus - cbxxxus.dll (file missing)
backup-20080322-150326-634 O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"

-- File Associations -----------------------------------------------------------

.reg - regfile - shell\open\command - regedit.exe"%1" %*
.scr - scrfile - shell\open\command - "%1" %*

-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 BootScreen - c:\windows\\systemroot\system32\drivers\vidstub.sys (file missing)
R1 StarOpen - c:\windows\system32\drivers\staropen.sys
R3 ovt519 (Trust 320 SpaceCam) - c:\windows\system32\drivers\ov519vid.sys <Not Verified; OmniVision Technologies, Inc.; Dual Mode USB Camera 519>

S3 RT25USBAP (Nintendo Wi-Fi USB Connector Service) - c:\windows\system32\drivers\rt25usbap.sys <Not Verified; Ralink Technology Inc.; Ralink 802.11g Wireless USB Adapters>

-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
R2 Bonjour Service (##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##) - "c:\program files\bonjour\mdnsresponder.exe" <Not Verified; Apple Computer, Inc.; Bonjour>

S2 MskService (McAfee SpamKiller Server) - c:\progra~1\mcafee\spamki~1\msksrvr.exe <Not Verified; McAfee Inc.; McAfee SpamKiller>
S3 FLEXnet Licensing Service - "c:\program files\common files\macrovision shared\flexnet publisher\fnplicensingservice.exe" <Not Verified; Macrovision Europe Ltd.; FLEXnet Publisher (32 bit)>

-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.

-- Scheduled Tasks -------------------------------------------------------------

2008-03-25 15:59:14 420 --ah----- C:\WINDOWS\Tasks\User_Feed_Synchronization-{BF02C6A2-05D6-475F-A710-739FBC138E9A}.job
2008-03-24 15:48:16 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
2008-03-15 02:28:42 354 --a------ C:\WINDOWS\Tasks\McDefragTask.job
2008-03-01 02:00:28 350 --a------ C:\WINDOWS\Tasks\McQcTask.job
2007-11-21 08:09:21 386 --a------ C:\WINDOWS\Tasks\Jochem Meijer - Wakk.job

-- Files created between 2005-02-28 and 2005-03-29 -----------------------------

2078-07-14 02:00:00 0 d-------- C:\Program Files\VIDEOCD
2070-01-01 02:00:00 0 d-------- C:\Program Files\The Sims 2 Pets
2070-01-01 02:00:00 0 d-------- C:\Program Files\Sims2_EP4_1
2008-03-23 13:03:12 0 d-------- C:\Documents and Settings\León\.SunDownloadManager
2008-03-22 17:32:52 0 d-------- C:\Documents and Settings\León\Application Data\TrojanHunter
2008-03-22 16:00:24 0 d-------- C:\Program Files\Trend Micro
2008-03-22 15:49:44 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-03-22 15:37:50 0 d-------- C:\Program Files\TrojanHunter 5.0
2008-03-21 22:47:29 0 d-------- C:\Program Files\Enigma Software Group
2008-03-21 22:46:20 0 d-------- C:\WINDOWS\BDOSCAN8
2008-03-21 14:18:05 0 d-------- C:\Documents and Settings\León\Dr Delete
2008-03-18 21:39:57 290816 -----n--- C:\WINDOWS\system32\ssqrp.dll
2008-03-18 21:24:42 0 d-------- C:\Documents and Settings\All Users\Application Data\FLEXnet
2008-03-18 21:11:33 0 d-------- C:\Program Files\Common Files\Macrovision Shared
2008-03-18 21:10:22 0 d-------- C:\Program Files\Bonjour
2008-03-08 13:05:24 0 d-------- C:\Program Files\SopCast
2008-03-06 22:54:08 0 d-------- C:\Documents and Settings\León\Application Data\InstallShield
2008-03-06 22:40:53 0 d-------- C:\WINDOWS\NV54165668.TMP
2008-03-06 22:32:51 0 d-------- C:\Program Files\SystemRequirementsLab
2008-03-06 22:30:05 0 d-------- C:\NVIDIA
2008-03-06 16:45:13 0 dr-h----- C:\Documents and Settings\León\Application Data\SecuROM
2008-03-05 13:37:56 0 d-------- C:\Program Files\Malmberg
2008-03-05 13:37:36 0 d-------- C:\Documents and Settings\All Users\Application Data\QuickTime
2008-03-05 13:37:14 101888 -----n--- C:\WINDOWS\system32\VB6STKIT.DLL <Not Verified; Microsoft Corporation; Microsoft® Visual Basic for Windows>
2008-03-05 13:35:23 0 d-------- C:\Program Files\Common Files\YDP
2008-03-05 13:34:44 327168 --a------ C:\WINDOWS\IsUn0413.exe <Not Verified; InstallShield Software Corporation; InstallShield(r) unInstaller>
2008-03-03 18:32:47 0 d-------- C:\Program Files\iPod
2008-02-26 14:11:52 0 d-------- C:\Program Files\Guitar Pro 5
2008-02-24 04:01:06 0 d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-02-22 22:14:50 0 d-------- C:\Program Files\Microsoft SQL Server Compact Edition
2008-02-22 21:59:43 0 d--hs--c- C:\Program Files\Common Files\WindowsLiveInstaller
2008-02-22 21:58:37 0 d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-02-16 14:11:43 0 d-------- C:\Documents and Settings\León\Application Data\BitTorrent
2008-02-16 14:10:44 0 d-------- C:\Program Files\DNA
2008-02-16 14:10:44 0 d-------- C:\Documents and Settings\León\Application Data\DNA
2008-02-16 14:10:40 0 d-------- C:\Program Files\BitTorrent
2008-02-06 16:20:18 0 d-------- C:\Program Files\Remote Desktop Control
2008-02-04 20:42:57 12 --a------ C:\Documents and Settings\León\usb002
2008-02-03 00:32:24 0 d-------- C:\Documents and Settings\León\Application Data\DassaultSystemes
2008-02-03 00:32:24 0 d-------- C:\Documents and Settings\All Users\Application Data\DassaultSystemes
2008-02-03 00:31:02 0 d-------- C:\Program Files\Dassault Systemes
2008-02-03 00:29:53 0 d-------- C:\Program Files\MSXML 6.0
2008-02-02 17:27:23 0 d-------- C:\Program Files\Virtual Earth 3D
2008-02-01 12:17:18 587264 --a------ C:\WINDOWS\WLXPGSS.SCR <Not Verified; Microsoft Corporation; Windows Live Fotogalerij>
2008-01-27 14:39:03 0 d-------- C:\Program Files\Pivot Stickfigure Animator <PIVOTS~1>
2008-01-09 16:01:48 53248 --a------ C:\WINDOWS\bdoscandel.exe
2007-11-20 22:51:06 0 --a------ C:\Documents and Settings\León\Application Data\wklnhst.dat
2007-11-18 12:53:17 237568 --a------ C:\Documents and Settings\LocalService\ntuser.dat
2007-11-18 12:53:17 5242880 --a------ C:\Documents and Settings\León\ntuser.dat
2007-11-17 22:46:43 0 d-------- C:\Program Files\MWSnap
2007-11-17 16:05:44 187392 --a------ C:\WINDOWS\system32\JPGUtils.dll
2007-11-17 16:05:42 0 d-------- C:\Program Files\WinCustomize
2007-11-17 16:03:20 0 d-------- C:\Program Files\Common Files\Stardock
2007-11-17 16:03:18 163712 --a------ C:\WINDOWS\system32\drivers\vidstub.sys
2007-11-17 15:44:55 0 d-------- C:\Program Files\Stardock
2007-11-09 21:01:22 0 d-------- C:\Program Files\IDoser v4
2007-10-21 09:27:41 0 d-------- C:\Program Files\Infogrames
2007-10-20 12:21:10 0 d-------- C:\Program Files\Common Files\Apple
2007-10-20 12:17:10 0 d-------- C:\Documents and Settings\All Users\Application Data\Apple
2007-10-15 17:54:11 0 d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2007-10-10 20:05:53 108562 -----n--- C:\WINDOWS\system32\befbefafe.dll
2007-10-08 20:10:06 0 d-------- C:\Documents and Settings\All Users\Application Data\nView_Profiles
2007-10-08 13:12:07 0 d-------- C:\Documents and Settings\Gast\Application Data\SiteAdvisor
2007-10-06 12:45:11 0 d-------- C:\Program Files\Norton Security Scan
2007-10-01 16:46:27 0 d-------- C:\Documents and Settings\LocalService\Bureaublad
2007-10-01 16:46:27 0 d-------- C:\Documents and Settings\LocalService\Application Data\SiteAdvisor
2007-10-01 16:46:19 0 d-------- C:\Program Files\SiteAdvisor
2007-10-01 16:46:19 0 d-------- C:\Documents and Settings\León\Application Data\SiteAdvisor
2007-10-01 16:46:19 0 d-------- C:\Documents and Settings\All Users\Application Data\SiteAdvisor
2007-10-01 16:43:44 0 d-------- C:\Program Files\Common Files\McAfee
2007-09-17 18:31:47 0 d-------- C:\Program Files\TorrentQ
2007-09-17 18:31:47 0 d-------- C:\Documents and Settings\León\Application Data\TorrentQ
2007-09-17 18:31:45 0 d-------- C:\Program Files\Flash DVD Ripper
2007-09-17 18:31:44 0 d-------- C:\Program Files\South Park Desktop Friends
2007-09-17 18:31:38 0 d--h----- C:\Program Files\Give4Free Plugin
2007-09-17 18:16:30 0 d-------- C:\Documents and Settings\Administrator\Favorieten
2007-09-17 18:16:30 0 d-------- C:\Documents and Settings\Administrator\Cookies
2007-09-17 18:16:30 0 d-------- C:\Documents and Settings\Administrator\Application Data
2007-09-17 18:16:30 0 d-------- C:\Documents and Settings\Administrator\Application Data\Microsoft
2007-09-17 18:16:30 0 d-------- C:\Documents and Settings\Administrator\Application Data\Corel
2007-09-17 18:16:29 0 d-------- C:\Documents and Settings\Administrator\Sjablonen
2007-09-17 18:16:29 786432 --ah----- C:\Documents and Settings\Administrator\NTUSER.DAT
2007-09-17 18:16:29 0 d-------- C:\Documents and Settings\Administrator\Mijn documenten
2007-09-17 18:16:29 0 d-------- C:\Documents and Settings\Administrator\Local Settings
2007-09-06 18:08:55 102060 --a------ C:\WINDOWS\system32\USB poort
2007-06-17 22:21:21 0 d-------- C:\Program Files\Windows Live
2007-06-17 15:54:25 5248 --a------ C:\WINDOWS\system32\drivers\d347prt.sys
2007-06-17 15:54:25 155136 --a------ C:\WINDOWS\system32\drivers\d347bus.sys
2007-06-17 15:45:26 682232 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2007-06-15 18:27:26 0 d-------- C:\Program Files\Dvd-to-mpeg
2007-06-15 18:13:30 0 d-------- C:\Program Files\SubtitleCreator
2007-06-15 18:06:08 0 d-------- C:\Documents and Settings\León\Application Data\vlc
2007-06-15 18:01:13 0 d-------- C:\Program Files\VideoLAN
2007-06-09 10:34:41 0 d-------- C:\Program Files\Common Files\SWF Studio
2007-06-08 16:31:50 0 d-------- C:\Documents and Settings\León\Application Data\WinRAR
2007-06-08 16:18:58 0 d-------- C:\Program Files\utorrent
2007-05-28 14:45:50 0 d-------- C:\Program Files\DivX
2007-05-08 15:03:04 1275392 --a------ C:\WINDOWS\system32\msxml4.dll <Not Verified; Microsoft Corporation; Microsoft(R) MSXML 4.0 SP 2>
2007-05-01 17:45:49 0 d-------- C:\Program Files\Casperlab Software
2007-04-29 09:07:27 0 d-------- C:\Temp
2007-04-28 21:40:04 0 d-------- C:\OutputFolder
2007-04-28 21:35:11 0 d-------- C:\Program Files\Common Files\Download Manager
2007-04-28 18:07:21 0 d-------- C:\Program Files\SHOUTcast
2007-04-28 16:56:49 0 d-------- C:\Documents and Settings\León\Application Data\MusicIP
2007-04-28 16:56:00 0 d-------- C:\Program Files\Winamp
2007-04-22 18:56:18 766 --a------ C:\rockon
2007-04-20 17:25:55 0 d-------- C:\Program Files\thriXXX
2007-04-16 15:18:19 1936528 --a------ C:\WINDOWS\system32\ltmm15.dll <Not Verified; ; LEADTOOLS Multimedia Toolkit>
2007-04-16 15:18:16 135168 --a------ C:\WINDOWS\system32\DSKernel2.dll <Not Verified; LEAD Technologies, Inc.; LEADTOOLS Multimedia Filter Pack>
2007-04-16 15:17:23 737280 --a------ C:\WINDOWS\iun6002.exe <Not Verified; Indigo Rose Corporation; Setup Factory 6.0 Runtime Module>
2007-04-16 15:17:01 2874926 --a------ C:\Program Files\FLV PlayerRCATSetup.exe
2007-04-16 15:16:45 0 d-------- C:\Program Files\Replay Converter
2007-04-16 15:13:31 0 d-------- C:\WINDOWS\FLV Player
2007-04-16 14:31:47 0 d-------- C:\Documents and Settings\Gast\Application Data\Real
2007-04-13 03:21:14 271360 --a------ C:\WINDOWS\system32\mscoree.dll <Not Verified; Microsoft Corporation; Microsoft® .NET Framework>
2007-04-11 17:51:15 0 d-------- C:\Program Files\WiFiConnector
2007-04-09 16:15:40 278528 --a------ C:\WINDOWS\system32\livesnth.dll <Not Verified; LiveUpdate; LiveSynth>
2007-04-08 10:40:52 0 d-------- C:\WINDOWS\.file_store_32
2007-04-02 19:03:41 0 d-------- C:\Documents and Settings\León\Application Data\ConvertTemp
2007-04-02 19:03:29 0 d-------- C:\Documents and Settings\León\Application Data\TransRender
2007-04-02 19:03:29 0 d-------- C:\Documents and Settings\León\Application Data\Temporary
2007-03-29 16:51:05 5632 --a------ C:\WINDOWS\system32\drivers\StarOpen.sys
2007-03-22 22:01:51 0 d-------- C:\Program Files\Common Files\xing shared
2007-03-22 22:01:30 0 d-------- C:\Program Files\Common Files\Real
2007-03-22 22:01:21 0 d-------- C:\Program Files\Real
2007-03-22 22:00:46 0 d-------- C:\Documents and Settings\León\Application Data\Real
2007-03-18 20:08:39 0 d-------- C:\Program Files\Activision
2007-03-18 19:04:06 0 d-------- C:\Documents and Settings\León\Application Data\NCH Swift Sound
2007-03-18 19:04:05 0 d-------- C:\Documents and Settings\León\Application Data\RecordPad
2007-03-18 19:04:05 0 d-------- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
2007-03-18 19:03:18 0 d-------- C:\Program Files\NCH Swift Sound
2007-03-18 18:52:36 0 d-------- C:\Documents and Settings\León\Application Data\Screenshot Sender
2007-03-18 16:58:38 0 d-------- C:\My Downloads
2007-03-17 16:45:19 0 d-------- C:\Program Files\iTunes
2007-03-06 21:44:32 0 d-------- C:\Documents and Settings\All Users\Application Data\Zylom
2007-03-05 21:56:25 0 d-------- C:\Program Files\D-Tools
2007-03-05 21:38:22 0 d-------- C:\Program Files\EA GAMES
2007-03-05 21:27:21 0 d-------- C:\Program Files\Smart Projects
2007-03-05 16:28:45 0 d-------- C:\Documents and Settings\León\Application Data\Apple Computer
2007-03-04 10:43:11 1755 --a------ C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
2007-03-03 16:56:48 0 d-------- C:\Program Files\Apple Software Update
2007-03-03 16:56:29 0 d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
2007-02-20 12:30:36 0 d-------- C:\Documents and Settings\León\Application Data\ZangoToolbar
2007-02-19 13:18:49 0 d-------- C:\Documents and Settings\Gast\Application Data\Macromedia
2007-02-19 13:17:18 0 d-------- C:\Documents and Settings\Gast\Application Data\Google
2007-02-18 12:54:03 0 d-------- C:\Documents and Settings\León\Application Data\AdobeUM
2007-02-18 09:58:37 0 d-------- C:\WINDOWS\.jagex_cache_32
2007-02-18 09:58:25 0 d-------- C:\WINDOWS\Sun
2007-02-18 09:58:25 0 d-------- C:\Documents and Settings\León\Application Data\Sun
2007-02-16 14:28:38 19 --a------ C:\WINDOWS\popcinfo.dat
2007-02-16 14:28:38 0 d-------- C:\Program Files\PopCap Games
2007-02-08 20:44:59 0 d-------- C:\Program Files\Windows Journal Viewer
2007-02-07 11:58:32 0 d-------- C:\Program Files\iWin
2007-02-05 19:22:53 0 d-------- C:\Documents and Settings\Gast\Application Data\Identities
2007-02-05 19:22:53 0 d-------- C:\Documents and Settings\Gast\Application Data\Corel
2007-02-05 19:22:52 0 d--h----- C:\Documents and Settings\Gast\Sjablonen
2007-02-05 19:22:52 0 dr-h----- C:\Documents and Settings\Gast\SendTo
2007-02-05 19:22:52 0 dr-h----- C:\Documents and Settings\Gast\Onlangs geopend
2007-02-05 19:22:52 0 d--h----- C:\Documents and Settings\Gast\Netwerkprinteromgeving
2007-02-05 19:22:52 0 d--h----- C:\Documents and Settings\Gast\NetHood
2007-02-05 19:22:52 0 dr------- C:\Documents and Settings\Gast\Mijn documenten
2007-02-05 19:22:52 0 dr------- C:\Documents and Settings\Gast\Menu Start
2007-02-05 19:22:52 0 d--h----- C:\Documents and Settings\Gast\Local Settings
2007-02-05 19:22:52 0 dr------- C:\Documents and Settings\Gast\Favorieten
2007-02-05 19:22:52 0 d--hs---- C:\Documents and Settings\Gast\Cookies
2007-02-05 19:22:52 0 d-------- C:\Documents and Settings\Gast\Bureaublad
2007-02-05 19:22:52 0 dr-h----- C:\Documents and Settings\Gast\Application Data
2007-02-05 19:22:52 0 d-------- C:\Documents and Settings\Gast\Application Data\Symantec
2007-02-05 19:22:52 0 d---s---- C:\Documents and Settings\Gast\Application Data\Microsoft
2007-02-05 19:22:51 1048576 --ah----- C:\Documents and Settings\Gast\ntuser.dat
2007-02-04 16:45:09 0 d-------- C:\Documents and Settings\León\Application Data\Samsung
2007-02-04 15:15:15 0 d-------- C:\WINDOWS\system32\Samsung_USB_Drivers
2007-02-04 15:14:53 0 d-------- C:\WINDOWS\system32\Samsung PC Studio Codecs
2007-02-04 15:14:53 61440 --a------ C:\WINDOWS\system32\mp4_vcodec.dll <Not Verified; Mobile Leader; MPEG4 Video Codec Library>
2007-02-04 15:14:53 679936 --a------ C:\WINDOWS\system32\fun_mp4_enc.dll <Not Verified; Mobile Leader; MPEG4 Encoder Dynamic Link Library>
2007-02-04 15:14:53 2067140 -ra------ C:\WINDOWS\system32\avcodec.dll
2007-02-04 15:14:46 0 d-------- C:\Program Files\Samsung
2007-02-01 17:08:06 0 d-------- C:\Program Files\Electronic Arts
2007-02-01 16:15:26 0 d-------- C:\Program Files\Hyves Kwekker
2007-01-31 21:59:28 0 d--h----- C:\WINDOWS\msdownld.tmp
2007-01-31 17:46:33 0 d-------- C:\Program Files\QuickTime
2007-01-26 16:24:43 0 d-------- C:\Documents and Settings\León\Application Data\Corel Photo Album
2007-01-26 16:24:32 88 -r-hs---- C:\WINDOWS\system32\CAFECAFAE5.sys
2007-01-23 21:36:00 0 d-------- C:\Program Files\Voyage Century Online
2007-01-23 20:46:56 0 d-------- C:\Documents and Settings\León\Application Data\uTorrent
2007-01-20 18:08:24 0 d-------- C:\WINDOWS\system32\nl-nl
2007-01-20 18:00:10 0 d-------- C:\WINDOWS\network diagnostic
2007-01-17 22:45:23 65536 --a------ C:\WINDOWS\IFinst27.exe
2007-01-17 16:24:34 0 d-------- C:\Documents and Settings\León\Application Data\IMVU
2007-01-14 18:01:13 0 d-------- C:\Program Files\Incomplete
2007-01-12 23:26:57 0 d-------- C:\Program Files\PartyGaming
2007-01-12 22:15:22 0 d-------- C:\Documents and Settings\León\Application Data\McAfee
2007-01-12 19:02:53 0 d-------- C:\WINDOWS\system32\mclsphlr
2007-01-12 19:02:46 0 d--h----- C:\Documents and Settings\LocalService\SendTo
2007-01-12 19:02:36 90112 --a------ C:\WINDOWS\system32\mcrtl32.dll <Not Verified; McAfee, Inc.; McAfee Privacy Service>
2007-01-12 19:02:33 131072 --a------ C:\WINDOWS\system32\mclsp.dll <Not Verified; McAfee, Inc.; McAfee Privacy Service>
2007-01-12 19:02:33 32768 --a------ C:\WINDOWS\system32\instlsp.exe
2007-01-12 19:02:32 11264 --a------ C:\WINDOWS\system32\sporder.dll <Not Verified; Microsoft Corporation; Microsoft(R) Windows NT(TM) Operating System>
2007-01-12 18:56:39 0 d-------- C:\Documents and Settings\LocalService\Application Data\Google
2007-01-12 18:56:38 0 dr------- C:\Documents and Settings\LocalService\Favorieten
2007-01-08 19:20:42 0 d-------- C:\Program Files\MSXML 4.0
2007-01-08 19:20:23 0 d-------- C:\d661a69f1a002a85d3e200d208503b
2007-01-08 15:55:53 0 d-------- C:\WINDOWS\OvtCam
2007-01-08 15:51:52 0 d-------- C:\Documents and Settings\León\Application Data\ArcSoft
2007-01-08 15:48:37 212480 --a------ C:\WINDOWS\pcdlib32.dll <Not Verified; Eastman Kodak; Kodak Photo CD Access Developer Toolkit>
2007-01-08 15:48:37 0 d-------- C:\Program Files\ArcSoft
2007-01-08 15:48:35 0 d-------- C:\Documents and Settings\León\Application Data\Adobe
2007-01-08 15:42:17 16426 --a------ C:\WINDOWS\system32\ov519usd.dll <Not Verified; OmniVision Technologies Inc.; Dual Mode USB Camera 519>
2007-01-08 15:42:17 40960 --a------ C:\WINDOWS\system32\ov519ext.dll <Not Verified; OmniVision Technologies Inc.; Dual Mode USB Camera 519>
2007-01-08 15:42:17 174530 --a------ C:\WINDOWS\system32\drivers\ov519vid.sys <Not Verified; OmniVision Technologies, Inc.; Dual Mode USB Camera 519>
2007-01-08 15:42:17 25211 --a------ C:\WINDOWS\system32\drivers\ov519cmd.sys <Not Verified; OmniVision Technologies Inc.; Dual Mode USB Camera 519>
2007-01-08 15:42:17 61440 --a------ C:\WINDOWS\ov519dib.dll <Not Verified; OmniVision Technologies, Inc.; OmniVision USB Camera OV519>
2007-01-08 15:42:17 135168 --a------ C:\WINDOWS\ov519cap.exe <Not Verified; OmniVision Technologies, Inc.; OmniVision USB Camera OV519>
2007-01-08 15:42:17 40960 --a------ C:\WINDOWS\CleanDev.exe <Not Verified; ; CleanDevice>
2007-01-08 15:42:16 307200 --a------ C:\WINDOWS\vidcap32.exe <Not Verified; Microsoft Corporation; Microsoft Windows>
2007-01-08 15:42:16 0 d-------- C:\WINDOWS\Options
2007-01-08 15:42:16 32528 --a------ C:\WINDOWS\amcap.exe
2007-01-08 15:31:41 0 d-------- C:\Program Files\Trust 320 SpaceCam
2007-01-07 21:37:10 0 d-------- C:\WINDOWS\system32\PreInstall
2007-01-07 18:50:17 0 d-------- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
2007-01-07 18:46:04 0 d-------- C:\Documents and Settings\All Users\Application Data\Messenger Plus!
2007-01-07 18:39:20 0 d-------- C:\Documents and Settings\León\Muziek vn Leon
2007-01-07 18:39:18 0 d-------- C:\Documents and Settings\León\Incomplete
2007-01-07 18:27:29 0 d-------- C:\Program Files\Windows Media Connect 2
2007-01-07 18:15:44 0 d-------- C:\WINDOWS\system32\drivers\UMDF
2007-01-07 18:15:43 0 d-------- C:\WINDOWS\system32\LogFiles
2007-01-07 17:54:58 0 d-------- C:\Program Files\LimeWire
2007-01-07 17:53:12 0 d-------- C:\Documents and Settings\León\.limewire
2007-01-07 17:38:42 0 d-------- C:\Program Files\Messenger Plus! Live
2007-01-07 17:35:21 0 d-------- C:\Documents and Settings\León\Contacts
2007-01-07 17:34:15 0 d------c- C:\WINDOWS\system32\DRVSTORE
2007-01-07 17:33:37 0 d-------- C:\Program Files\MSN Messenger
2007-01-07 17:26:55 0 d--hs---- C:\Documents and Settings\León\UserData
2007-01-07 17:19:48 0 d-------- C:\Documents and Settings\León\Application Data\Google
2007-01-07 16:44:09 0 d-------- C:\Documents and Settings\All Users\Application Data\Google
2007-01-07 16:16:42 0 d-------- C:\WINDOWS\system32\SoftwareDistribution
2006-12-08 05:57:20 69632 --a------ C:\WINDOWS\system32\TWUNK_32.EXE <Not Verified; Twain Working Group; Twain Thunker>
2006-12-08 05:57:20 48560 --a------ C:\WINDOWS\system32\TWUNK_16.EXE <Not Verified; Twain Working Group; Twain Thunker>
2006-12-08 05:57:20 77312 --a------ C:\WINDOWS\system32\TWAIN_32.DLL <Not Verified; Twain Working Group; Twain_32 Source Manager>
2006-11-11 13:11:28 10 --a------ C:\WINDOWS\Spel_1.dat
2006-11-11 13:08:43 10 --a------ C:\WINDOWS\Spel_8.dat
2006-11-11 13:08:29 10 --a------ C:\WINDOWS\Spel_6.dat
2006-10-25 17:01:49 0 d-------- C:\Program Files\directx
2006-10-25 17:01:48 38160 --a------ C:\WINDOWS\system32\LMRTREND.dll <Not Verified; Microsoft Corporation; Microsoft® Windows(TM) Operating System>
2006-10-25 17:01:46 182032 --a------ C:\WINDOWS\system32\dxtmsft3.dll <Not Verified; Microsoft Corporation; Microsoft® Windows(TM) Operating System>
2006-10-25 17:01:40 63488 --a------ C:\WINDOWS\system32\unam4ie.exe <Not Verified; Microsoft Corporation; DirectShow>
2006-10-25 17:01:36 10240 --a------ C:\WINDOWS\system32\vidx16.dll
2006-10-25 17:01:35 194320 --a------ C:\WINDOWS\system32\qcut.dll <Not Verified; Microsoft Corporation; DirectShow>
2006-10-25 17:01:32 4608 --a------ C:\WINDOWS\system32\w95inf32.dll <Not Verified; Microsoft Corporation; Microsoft® Plus! for Windows® 95>
2006-10-25 17:01:32 2272 --a------ C:\WINDOWS\system32\w95inf16.dll <Not Verified; Microsoft Corporation; Microsoft® Plus! for Windows® 95>
2006-10-25 10:05:22 0 d-------- C:\SIERRA
2006-10-25 10:03:39 314880 --a------ C:\WINDOWS\IsUninst.exe <Not Verified; InstallShield Software Corporation; InstallShield® unInstaller>
2006-10-25 10:03:36 0 d-------- C:\Documents and Settings\León\WINDOWS
2006-10-15 16:08:33 0 d-------- C:\WINDOWS\ShellNew
2006-10-15 16:07:02 0 d-------- C:\Documents and Settings\León\Application Data\Microsoft Web Folders
2006-10-15 16:04:37 0 d-------- C:\Documents and Settings\León\Application Data\Macromedia
2006-10-14 20:48:35 0 d-------- C:\Documents and Settings\León\Application Data\Sonic
2006-10-14 20:48:18 0 d-------- C:\Documents and Settings\León\Application Data\Leadertech
2006-10-14 18:44:10 56 -r-hs---- C:\WINDOWS\system32\E5FACAFECA.sys
2006-10-14 18:43:52 5852 --ahs---- C:\WINDOWS\system32\KGyGaAvL.sys
2006-10-14 17:24:21 0 d-------- C:\Documents and Settings\León\Application Data\Help
2006-10-14 16:32:20 56832 -----n--- C:\WINDOWS\system32\iyvu9_32.dll
2006-10-14 16:32:20 143872 -----n--- C:\WINDOWS\system32\iacenc.dll <Not Verified; Intel Corporation; Indeo® audio software>
2006-10-14 16:29:34 0 d-------- C:\Program Files\Microsoft Games
2006-10-14 15:57:34 0 d--h----- C:\Program Files\InstallShield Installation Information
2006-10-14 15:51:36 0 d--hs---- C:\WINDOWS\ftpcache
2006-10-14 15:04:46 0 d--h----- C:\Documents and Settings\León\Sjablonen
2006-10-14 15:04:46 0 dr-h----- C:\Documents and Settings\León\SendTo
2006-10-14 15:04:46 0 dr-h----- C:\Documents and Settings\León\Onlangs geopend
2006-10-14 15:04:46 0 d--h----- C:\Documents and Settings\León\Netwerkprinteromgeving
2006-10-14 15:04:46 0 d--h----- C:\Documents and Settings\León\NetHood
2006-10-14 15:04:46 0 dr------- C:\Documents and Settings\León\Mijn documenten
2006-10-14 15:04:46 0 dr------- C:\Documents and Settings\León\Menu Start
2006-10-14 15:04:46 0 d--h----- C:\Documents and Settings\León\Local Settings
2006-10-14 15:04:46 0 dr------- C:\Documents and Settings\León\Favorieten
2006-10-14 15:04:46 0 d--hs---- C:\Documents and Settings\León\Cookies
2006-10-14 15:04:46 0 d-------- C:\Documents and Settings\León\Bureaublad
2006-10-14 15:04:46 0 dr-h----- C:\Documents and Settings\León\Application Data
2006-10-14 15:04:46 0 d-------- C:\Documents and Settings\León\Application Data\Symantec
2006-10-14 15:04:46 0 d-------- C:\Documents and Settings\León\Application Data\Identities
2006-10-14 15:04:46 0 d-------- C:\Documents and Settings\León\Application Data\Corel
2006-10-14 15:04:35 262144 --a------ C:\Documents and Settings\All Users\NTUSER.DAT
2006-10-14 15:04:31 0 d-------- C:\Documents and Settings\Default User\Application Data\Identities
2006-10-14 15:04:31 0 d-------- C:\Documents and Settings\Default User\Application Data\Corel
2006-10-14 15:04:30 0 d-------- C:\Documents and Settings\Default User\Application Data\Symantec
2006-10-05 05:31:10 79872 --a------ C:\WINDOWS\system32\msxml6r.dll <Not Verified; Microsoft Corporation; Microsoft(R) MSXML 6.0>
2006-10-03 20:50:25 0 d-------- C:\Program Files\Common Files\Adobe
2006-10-03 20:50:23 0 d-------- C:\Documents and Settings\All Users\Application Data\Adobe
2006-10-03 20:48:21 0 d-------- C:\Program Files\Google
2006-10-03 20:48:20 0 d-------- C:\Program Files\BAE
2006-10-03 20:47:50 0 d-------- C:\Program Files\McAfee
2006-10-03 20:47:50 0 d-------- C:\Documents and Settings\All Users\Application Data\McAfee
2006-10-03 20:47:11 0 d-------- C:\Documents and Settings\All Users\Application Data\McAfee.com
2006-10-03 20:45:39 0 d-------- C:\Program Files\McAfee.com
2006-10-03 20:45:37 0 d-------- C:\Program Files\Sonic
2006-10-03 20:44:39 0 d-------- C:\Program Files\Common Files\TiVo Shared
2006-10-03 20:44:23 0 d-------- C:\WINDOWS\system32\DLA
2006-10-03 20:44:23 0 d-------- C:\Program Files\Roxio
2006-10-03 20:43:30 0 d-------- C:\Program Files\Corel Corporation
2006-10-03 20:43:13 0 d-------- C:\WINDOWS\RegisteredPackages
2006-10-03 20:43:09 0 d-------- C:\Documents and Settings\All Users\Application Data\InstallShield
2006-10-03 20:43:02 0 d-------- C:\Program Files\Corel
2006-10-03 20:42:59 712704 --a------ C:\WINDOWS\system32\DellSystemRestore.dll
2006-10-03 20:42:36 0 d-------- C:\Program Files\Norton Ghost
2006-10-03 20:41:54 0 d-------- C:\Documents and Settings\All Users\Application Data\Symantec
2006-10-03 20:41:53 0 d-------- C:\Program Files\Symantec
2006-10-03 20:41:53 0 d-------- C:\Program Files\Common Files\Symantec Shared
2006-10-03 20:41:03 0 d-------- C:\Program Files\Microsoft Works
2006-10-03 20:40:48 0 d-------- C:\Program Files\InterActual
2006-10-03 20:40:46 0 d-------- C:\Program Files\Common Files\Sonic Shared
2006-10-03 20:40:45 0 d-------- C:\Program Files\Dell
2006-10-03 20:40:35 0 d-------- C:\Program Files\Broadcom
2006-10-03 20:40:34 0 d-------- C:\WINDOWS\Downloaded Installations
2006-10-03 20:40:30 0 d-------- C:\Documents and Settings\All Users\Application Data\Sonic
2006-10-03 20:40:29 0 d-------- C:\Program Files\Common Files\Roxio Shared
2006-10-03 20:40:29 0 d-------- C:\Program Files\Common Files\InstallShield
2006-10-03 20:38:50 1093632 --a------ C:\WINDOWS\system32\stlang.dll <Not Verified; SigmaTel, Inc.; C-Major Audio>
2006-10-03 20:38:50 282624 --a------ C:\WINDOWS\stsystra.exe <Not Verified; SigmaTel, Inc.; C-Major Audio>
2006-10-03 20:38:50 0 d-------- C:\Program Files\Sigmatel
2006-10-03 20:35:56 0 d-------- C:\Program Files\Java
2006-10-03 20:34:32 0 d--h----- C:\WINDOWS\$hf_mig$
2006-10-03 20:28:07 0 d-------- C:\WINDOWS\nview
2006-10-03 20:27:56 0 d-------- C:\WINDOWS\system32\ReinstallBackups
2006-10-03 20:25:01 0 d-------- C:\dell
2006-10-03 20:24:49 0 d-------- C:\WINDOWS
2006-10-03 20:22:00 77824 --a------ C:\WINDOWS\setpwr32.exe
2006-10-03 20:21:48 0 d-------- C:\drivers
2006-10-03 20:21:47 0 d-------- C:\WINDOWS\system32\drivers
2006-10-03 20:21:44 1617920 --a------ C:\WINDOWS\system32\nwiz.exe
2006-10-03 20:21:44 1019904 --a------ C:\WINDOWS\system32\nvwimg.dll
2006-10-03 20:21:44 1703936 --a------ C:\WINDOWS\system32\nvwdmcpl.dll
2006-10-03 20:21:44 466944 --a------ C:\WINDOWS\system32\nvshell.dll
2006-10-03 20:21:42 1474560 --a------ C:\WINDOWS\system32\nview.dll
2006-10-03 20:21:42 1339392 --a------ C:\WINDOWS\system32\nvdspsch.exe
2006-10-03 20:21:42 442368 --a------ C:\WINDOWS\system32\nvappbar.exe
2006-10-03 20:21:42 425984 --a------ C:\WINDOWS\system32\keystone.exe
2006-10-03 20:21:32 0 d-------- C:\i386
2006-10-03 20:20:57 0 d-------- C:\WINDOWS\system32
2006-10-03 20:20:50 0 d-------- C:\WINDOWS\system32\dllcache
2006-10-03 20:20:35 0 d-------- C:\WINDOWS\system32\oobe
2006-06-05 01:57:56 82432 -----n--- C:\WINDOWS\system32\msxml4r.dll <Not Verified; Microsoft Corporation; Microsoft(R) MSXML 4.0 SP1>
2006-06-05 01:57:56 91136 -r------- C:\WINDOWS\system32\msls2.dll <Not Verified; Microsoft Corporation; Microsoft® Line Services>
2006-06-05 01:57:56 31744 -----n--- C:\WINDOWS\system32\hlp95en.dll <Not Verified; Microsoft Corporation; Microsoft Office>
2006-05-29 13:00:00 0 d-------- C:\Program Files\De_Sims_2_Mega12
2006-02-28 13:41:34 61440 --a------ C:\WINDOWS\system32\dns-sd.exe <Not Verified; Apple Computer, Inc.; Bonjour>
2006-02-28 13:41:22 53248 --a------ C:\WINDOWS\system32\dnssd.dll <Not Verified; Apple Computer, Inc.; Bonjour>
2006-01-12 23:29:38 13568 --a------ C:\WINDOWS\system32\drivers\wsp_pkt.sys <Not Verified; SingleClick Systems; Wireless Security Protocol Driver>
2006-01-12 23:27:16 13696 --a------ C:\WINDOWS\system32\drivers\hnm_wrls_pkt.sys <Not Verified; SingleClick Systems; Wireless Protocol Driver>
2006-01-12 23:26:10 13312 --a------ C:\WINDOWS\system32\drivers\packet.sys <Not Verified; SingleClick Systems; Auto IP Protocol Driver>
2005-12-09 06:53:14 162944 -ra------ C:\WINDOWS\system32\drivers\rt25usbap.sys <Not Verified; Ralink Technology Inc.; Ralink 802.11g Wireless USB Adapters>
2005-10-31 17:56:00 700416 --a------ C:\StubInstaller.exe <Not Verified; LimeWire; LimeWire swarmed installer>
2005-09-23 07:28:52 74240 --a------ C:\WINDOWS\system32\mscories.dll <Not Verified; Microsoft Corporation; Microsoft® .NET Framework>
2005-09-23 07:28:52 150016 --a------ C:\WINDOWS\system32\mscorier.dll <Not Verified; Microsoft Corporation; Microsoft® .NET Framework>
2005-09-23 07:28:38 83456 --a------ C:\WINDOWS\system32\dfshim.dll <Not Verified; Microsoft Corporation; Microsoft® .NET Framework>
2005-03-29 12:35:07 16384 --a------ C:\WINDOWS\system32\restart.exe <Not Verified; WareSoft Software; restart>
2005-03-29 12:35:07 90112 --a------ C:\WINDOWS\system32\regdacl.exe <Not Verified; Frank Heyne Software; RegTools>
2005-03-29 12:35:07 4096 --a------ C:\WINDOWS\system32\reboot.exe
2005-03-29 12:35:06 0 d-------- C:\WINDOWS\system32\regdacl
2005-03-28 23:42:47 165186 --ahs---- C:\WINDOWS\system32\prqss.ini2
2005-03-28 21:37:34 0 d-------- C:\Documents and Settings\León\Application Data\Malwarebytes
2005-03-28 21:36:31 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2005-03-28 21:36:30 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware

-- Find3M Report ---------------------------------------------------------------

2008-03-24 10:43:25 0 d-------- C:\Program Files\Common Files
2007-11-17 16:19:24 4860416 --a------ C:\WINDOWS\system32\logonuiX.exe <Not Verified; Microsoft Corporation; Besturingssysteem Microsoft® Windows®>
2007-06-27 15:30:54 3584 --a------ C:\Documents and Settings\León\Application Data\dvd.bmk
2006-10-15 16:06:53 0 d-------- C:\Program Files\microsoft frontpage
2006-10-03 20:36:43 0 d-------- C:\Program Files\Messenger
2005-03-28 23:46:57 467444 --a------ C:\WINDOWS\system32\perfh013.dat
2005-03-28 23:46:57 82312 --a------ C:\WINDOWS\system32\perfc013.dat

-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{81B1E6D1-3B37-43C4-9962-E1626E8BA05D}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"nwiz"="nwiz.exe" [23-08-2006 20:12 C:\WINDOWS\system32\nwiz.exe]
"SigmatelSysTrayApp"="stsystra.exe" [15-08-2006 11:00 C:\WINDOWS\stsystra.exe]
"DMXLauncher"="C:\Program Files\Dell\Media Experience\DMXLauncher.exe" [05-10-2005 04:12]
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [10-06-2005 11:44]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [10-06-2005 11:44]
"DLA"="C:\WINDOWS\System32\DLA\DLACTRLW.EXE" [08-09-2005 06:20]
"MSKDetectorExe"="C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe" [12-08-2005 17:16]
"MSKAGENTEXE"="C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe" [09-11-2005 16:08]
"MPSExe"="c:\PROGRA~1\mcafee.com\mps\mscifapp.exe" [30-03-2006 15:31]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [22-03-2007 22:01]
"DAEMON Tools-1033"="C:\Program Files\D-Tools\daemon.exe" [22-08-2004 17:05]
"SiteAdvisor"="C:\Program Files\SiteAdvisor\6253\SiteAdv.exe" [17-01-2007 22:04]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [05-12-2007 02:41]
"LogonStudio"="C:\Program Files\WinCustomize\LogonStudio\logonstudio.exe" [03-09-2002 19:38]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [01-02-2008 00:13]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [19-02-2008 14:10]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [05-12-2007 02:41]
"SpyHunter Security Suite"="C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exe" [23-01-2008 15:47]
"THGuard"="C:\Program Files\TrojanHunter 5.0\THGuard.exe" [08-02-2008 12:22]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [04-08-2004 13:00]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [08-06-2007 18:35]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [18-10-2007 12:34]
"BitTorrent DNA"="C:\Program Files\DNA\btdna.exe" [27-03-2005 18:25]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [28-01-2008 12:43]

C:\Documents and Settings\Le¢n\Menu Start\Programma's\Opstarten\
wkcalrem.LNK - C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe [5-6-2006 1:58:10]

C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [23-9-2005 23:05:26]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [17-2-1999 21:05:56]
Nintendo Wi-Fi USB Connector registratiesoftware uitvoeren.lnk - C:\Program Files\WiFiConnector\NintendoWFCReg.exe [11-4-2007 17:51:17]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\befbefafe]
C:\WINDOWS\system32\befbefafe.dll 18-03-2008 22:18 108562 C:\WINDOWS\system32\befbefafe.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv]
C:\Program Files\Stardock\Object Desktop\WindowBlinds\wbsrv.dll 02-11-2007 12:47 120056 C:\Program Files\Stardock\Object Desktop\WindowBlinds\WbSrv.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=wbsys.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b1ecf36e-8ef5-11dc-9103-00137233162a}]
AutoRun\command- K:\System32.exe

-- Hosts -----------------------------------------------------------------------

127.0.0.1 bin.errorprotector.com ## added by CiD
127.0.0.1 br.errorsafe.com ## added by CiD
127.0.0.1 br.winantivirus.com ## added by CiD
127.0.0.1 br.winfixer.com ## added by CiD
127.0.0.1 cdn.drivecleaner.com ## added by CiD
127.0.0.1 cdn.errorsafe.com ## added by CiD
127.0.0.1 cdn.winsoftware.com ## added by CiD
127.0.0.1 de.errorsafe.com ## added by CiD
127.0.0.1 de.winantivirus.com ## added by CiD
127.0.0.1 download.cdn.drivecleaner.com ## added by CiD

60 more entries in hosts file.

-- End of Deckard's System Scanner: finished at 2005-03-29 17:32:42 ------------

**smeenk** · 29-03-08, 17:47

Download The Avenger naar je Bureaublad.

Klik op Avenger.zip om het uit te pakken naar je bureaublad

Start The Avenger door op het icoontje met het zwaard te dubbelklikken.

Onder "Script file to execute" kies "Input Script Manually".
Klik op het vergrootglas icoontje; een nieuw venster zal openen met de naam "View/edit script"
Kopieer en plak het volgende blauw vetgedrukte erin:

Files to delete:
C:\WINDOWS\system32\prqss.ini2
C:\WINDOWS\system32\ssqrp.dll
C:\WINDOWS\system32\befbefafe.dll
Klik Done
Daarna klik op het Groen verkeerslicht om het script uit te voeren
Antwoord "Yes/Ja" wanneer daarnaar gevraagd wordt.

The Avenger zal daarna het volgende doen:

Uw computer herstarten.
Na herstart, zal het vlug een zwart command window openen. Dit is normaal.
Na herstart, zal het een log maken die zal openen met de resultaten van The Avenger. Dit log zal te vinden zijn op C:\avenger.txt
The Avenger maakt ook backups aan met alle bestanden, etc., die eerder werden verwijderd door The Avenger, deze backups bevinden zich op volgende plaats: C:\avenger\backup.zip.

Kopieer en plak de inhoud van avenger.txt in je volgende bericht.
Post ook een nieuw logje van Hijackthis

Groeten smeenk

**RHCPFreak** · 29-03-08, 18:38

Bij mij ziet the avenger er heel anders uit

dit is een screen shot vn the avenger
~$ddddd.doc

**smeenk** · 29-03-08, 19:02

Klopt, er is sinds kort een nieuwe versie van The Avenger.
Ik heb daar helaas nog geen gebruikshandleiding van en heb zelf ook nog geen tijd gehad om er mee te testen.

Denk je dat je er zelf uit komt?(in grote lijnen zou het toch nog ongeveer hetzelfde moeten werken)

**smeenk** · 29-03-08, 19:19

Ik heb de nieuwe canned gevonden

Download The Avenger en plaats het op je bureaublad: http://swandog46.geekstogo.com/avenger2/download.php
Unzip het.
Start het programma door op avenger.exe te klikken.
In het venster "Input Script here", plak je het volgende (vetgedrukte):

Files to delete:
C:\WINDOWS\system32\prqss.ini2
C:\WINDOWS\system32\ssqrp.dll
C:\WINDOWS\system32\befbefafe.dll

Klik daarna op de knop "Execute".
Avenger zal aangeven dat de computer gaat herstarten, sta dit toe.
Na reboot opent een logfile (avenger .txt). Post de inhoud van de logfile.

**RHCPFreak** · 30-03-08, 12:22

Dit is het avenger logje

Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!

File "C:\WINDOWS\system32\prqss.ini2" deleted successfully.
File "C:\WINDOWS\system32\ssqrp.dll" deleted successfully.
File "C:\WINDOWS\system32\befbefafe.dll" deleted successfully.

Completed script processing.

*******************

Finished! Terminate.

**smeenk** · 30-03-08, 13:32

Download DAFT naar je Bureaublad

Dubbelklik op het groene daft.exe icoon.
Lees de disclaimer en klik op OK.
Klik op de Scan knop.
Vink (indien foutieve associaties worden aangetroffen) alle weergegeven items aan.
Klik op de Fix knop.
Herhaal de scan en klik op "Save log".
Standaard wordt dit op je Bureaublad opgeslagen als daft.txt.

Post ook een nieuw logje van Hijackthis

**RHCPFreak** · 30-03-08, 13:49

Hier is de nieuwe Hijacklog:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:51:51, on 30-3-2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\SiteAdvisor\6253\SAService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\alg.exe
C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
c:\PROGRA~1\mcafee\VIRUSS~1\mcvsshld.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
C:\PROGRA~1\mcafee.com\mps\mscifapp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exe
C:\Program Files\TrojanHunter 5.0\THGuard.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\WiFiConnector\NintendoWFCReg.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.nl/ig/dell?hl=nl&client=dell-row&channel=nl&ibd=5061003
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.goldeagle.hyves.nl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.nl/ig/dell?hl=nl&client=dell-row&channel=nl&ibd=5061003
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O2 - BHO: McBrwHelper Class - {227B8AA8-DAF2-4892-BD1D-73F568BCB24E} - c:\PROGRA~1\mcafee.com\mps\mcbrhlpr.dll
O2 - BHO: McAfee PopupKiller - {3EC8255F-E043-4cae-8B3B-B191550C2A22} - c:\program files\mcafee.com\mps\popupkiller.dll
O2 - BHO: McAfee AntiPhishing Filter - {41D68ED8-4CFF-4115-88A6-6EBB8AF19000} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptcl.dll
O2 - BHO: (no name) - {81B1E6D1-3B37-43C4-9962-E1626E8BA05D} - (no file)
O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe /startup
O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
O4 - HKLM\..\Run: [MPSExe] c:\PROGRA~1\mcafee.com\mps\mscifapp.exe /embedding
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1043
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [LogonStudio] "C:\Program Files\WinCustomize\LogonStudio\logonstudio.exe" /RANDOM
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SpyHunter Security Suite] C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exe
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 5.0\THGuard.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: wkcalrem.LNK = C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Nintendo Wi-Fi USB Connector registratiesoftware uitvoeren.lnk = C:\Program Files\WiFiConnector\NintendoWFCReg.exe
O9 - Extra button: In weblog opnemen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &In weblog opnemen met Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O9 - Extra 'Tools' menuitem: McAfee AntiPhishing Filter - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/20061205/qtinstall.info.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://leon22.spaces.live.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/NL-NL/a-UNO1/GAME_UNO1.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://cache.hyves.net/statics/Aurigma/ImageUploader4.cab
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - http://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/win/ActiveXPlugin.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab53083.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game09.zylom.com/activex/zylomgamesplayer.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {E55FD215-A32E-43FE-A777-A7E8F165F551} (Flatcast Viewer 4.15) - http://www.flatcast.com/de/download/NpFv415.dll
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O20 - Winlogon Notify: befbefafe - C:\WINDOWS\system32\befbefafe.dll (file missing)
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SiteAdvisor-service (SiteAdvisor Service) - Unknown owner - C:\Program Files\SiteAdvisor\6253\SAService.exe

--
End of file - 15078 bytes

en de Daft log:

DAFT Log saved on 2005-03-30 13:51:19
-----------------------------------------------------------------------
All associations okay!

Mededeling

TrojaansPaard Vundo op mijn computer

TrojaansPaard Vundo op mijn computer

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment