Mededeling

Collapse
No announcement yet.

TrojaansPaard Vundo op mijn computer

Collapse
X
  •  
  • Filter
  • Tijd
  • Show
Clear All
new posts

  • TrojaansPaard Vundo op mijn computer

    Hee!

    ik heb een Trojaanspaard op mijn computer en die wil niet verwijderd worden met computer is heel traag daardoor.

    dit is mijn Hijackthis log:

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 19:35:40, on 28-3-2005
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16608)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
    C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
    c:\program files\common files\mcafee\mna\mcnasvc.exe
    C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
    C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
    c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
    C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
    C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
    C:\Program Files\McAfee\MPF\MPFSrv.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\Program Files\SiteAdvisor\6253\SAService.exe
    C:\WINDOWS\system32\svchost.exe
    C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
    C:\WINDOWS\System32\alg.exe
    C:\WINDOWS\Explorer.EXE
    c:\PROGRA~1\mcafee\VIRUSS~1\mcvsshld.exe
    C:\PROGRA~1\mcafee.com\agent\mcagent.exe
    C:\WINDOWS\stsystra.exe
    C:\Program Files\Dell\Media Experience\DMXLauncher.exe
    C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
    C:\WINDOWS\System32\DLA\DLACTRLW.EXE
    C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
    C:\PROGRA~1\mcafee.com\mps\mscifapp.exe
    C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
    C:\Program Files\QuickTime\QTTask.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exe
    C:\Program Files\TrojanHunter 5.0\THGuard.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\Program Files\WiFiConnector\NintendoWFCReg.exe
    C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
    C:\Program Files\Windows Media Player\wmplayer.exe
    C:\Program Files\DNA\btdna.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.nl/ig/dell?hl=nl&client=dell-row&channel=nl&ibd=5061003
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.goldeagle.hyves.nl/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.nl/ig/dell?hl=nl&client=dell-row&channel=nl&ibd=5061003
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
    O2 - BHO: Give4Free Plugin Installer - {208E7E77-507A-4649-B0C9-D39E9049C7A2} - C:\Program Files\Give4Free Plugin\ibho.dll (file missing)
    O2 - BHO: McBrwHelper Class - {227B8AA8-DAF2-4892-BD1D-73F568BCB24E} - c:\PROGRA~1\mcafee.com\mps\mcbrhlpr.dll
    O2 - BHO: McAfee PopupKiller - {3EC8255F-E043-4cae-8B3B-B191550C2A22} - c:\program files\mcafee.com\mps\popupkiller.dll
    O2 - BHO: {223d8999-5ab4-2919-3734-d38f161ecc04} - {40cce161-f83d-4373-9192-4ba59998d322} - C:\WINDOWS\system32\cplyravh.dll (file missing)
    O2 - BHO: McAfee AntiPhishing Filter - {41D68ED8-4CFF-4115-88A6-6EBB8AF19000} - c:\program files\mcafee\spamkiller\mcapfbho.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
    O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptcl.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: (no name) - {81B1E6D1-3B37-43C4-9962-E1626E8BA05D} - C:\WINDOWS\system32\ssqrp.dll
    O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
    O2 - BHO: (no name) - {C20E9EB2-0971-44BC-A2ED-96117BF275EE} - (no file)
    O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
    O2 - BHO: WebManager Class - {D5792AA9-D373-4039-8670-2CDAB6A71F15} - C:\Program Files\TorrentQ\TorrentManager.dll (file missing)
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
    O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
    O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
    O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
    O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe /startup
    O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
    O4 - HKLM\..\Run: [MPSExe] c:\PROGRA~1\mcafee.com\mps\mscifapp.exe /embedding
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1043
    O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [LogonStudio] "C:\Program Files\WinCustomize\LogonStudio\logonstudio.exe" /RANDOM
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [a0fabe9c] rundll32.exe "C:\WINDOWS\system32\gjeauixg.dll",b
    O4 - HKLM\..\Run: [SpyHunter Security Suite] C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exe
    O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 5.0\THGuard.exe"
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Startup: wkcalrem.LNK = C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O4 - Global Startup: Nintendo Wi-Fi USB Connector registratiesoftware uitvoeren.lnk = C:\Program Files\WiFiConnector\NintendoWFCReg.exe
    O9 - Extra button: In weblog opnemen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: &In weblog opnemen met Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: (no name) - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll
    O9 - Extra 'Tools' menuitem: McAfee AntiPhishing Filter - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
    O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
    O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
    O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\León\Menu Start\Programma's\IMVU\Run IMVU.lnk (file missing)
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/20061205/qtinstall.info.apple.com/qtactivex/qtplugin.cab
    O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
    O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://leon22.spaces.live.com//PhotoUpload/MsnPUpld.cab
    O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/NL-NL/a-UNO1/GAME_UNO1.cab
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
    O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab
    O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
    O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://cache.hyves.net/statics/Aurigma/ImageUploader4.cab
    O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - http://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
    O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/win/ActiveXPlugin.cab
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab53083.cab
    O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game09.zylom.com/activex/zylomgamesplayer.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    O16 - DPF: {E55FD215-A32E-43FE-A777-A7E8F165F551} (Flatcast Viewer 4.15) - http://www.flatcast.com/de/download/NpFv415.dll
    O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
    O20 - Winlogon Notify: befbefafe - C:\WINDOWS\system32\befbefafe.dll
    O20 - Winlogon Notify: cbxxxus - cbxxxus.dll (file missing)
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
    O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
    O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
    O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
    O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
    O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
    O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
    O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
    O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
    O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
    O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: SiteAdvisor-service (SiteAdvisor Service) - Unknown owner - C:\Program Files\SiteAdvisor\6253\SAService.exe

    --
    End of file - 16343 bytes


    Alvasst bedankt

  • #2
    Start HijackThis nog een keer en plaats alleen een vinkje voor de volgende regels:
    O2 - BHO: Give4Free Plugin Installer - {208E7E77-507A-4649-B0C9-D39E9049C7A2} - C:\Program Files\Give4Free Plugin\ibho.dll (file missing)
    O2 - BHO: {223d8999-5ab4-2919-3734-d38f161ecc04} - {40cce161-f83d-4373-9192-4ba59998d322} - C:\WINDOWS\system32\cplyravh.dll (file missing)
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: (no name) - {81B1E6D1-3B37-43C4-9962-E1626E8BA05D} - C:\WINDOWS\system32\ssqrp.dll
    O2 - BHO: (no name) - {C20E9EB2-0971-44BC-A2ED-96117BF275EE} - (no file)
    O2 - BHO: WebManager Class - {D5792AA9-D373-4039-8670-2CDAB6A71F15} - C:\Program Files\TorrentQ\TorrentManager.dll (file missing)
    O4 - HKLM\..\Run: [a0fabe9c] rundll32.exe "C:\WINDOWS\system32\gjeauixg.dll",b
    O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
    O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
    O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\León\Menu Start\Programma's\IMVU\Run IMVU.lnk (file missing)
    O20 - Winlogon Notify: befbefafe - C:\WINDOWS\system32\befbefafe.dll
    O20 - Winlogon Notify: cbxxxus - cbxxxus.dll (file missing)

    Sluit alle open vensters(behalve HijackThis), klik daarna op "Fix checked" en sluit HijackThis af.

    Download Malwarebytes' Anti-Malware op je bureaublad.
    Dubbelklik mbam-setup.exe en kies voor "Next" om de tool te installeren.
    Als de installatie voltooid is zet je vinkjes bij "Update MalwareBytes' Anti-Malware" en bij "Launch MalwareBytes' Anti-Malware".
    Druk daarna op "Finish".
    Kies in het hoofdscherm voor de tab "Scanner" en selecteer het keuzerondje "Perform full scan".
    Druk op de knop "Scan" en zorg dat al je harde schijven/partities aangevinkt staan.
    Druk dan op de knop "Start Scan".
    Wanneer de scan voltooid is klik je op OK, daarna op "Show Results" om de resultaten te zien.
    Zorg ervoor dat alles aangevinkt is, klik daarna op "Remove Selected".
    Als het programma je computer wil laten herstarten, sta je dit toe.
    Daarna opent een logje(mbam-log-XX-XX-XXXX(xx-xx-xx).txt)
    Post deze log in je volgende bericht tesamen met een nieuw logje van Hijackthis

    Comment


    • #3
      ik heb malwarebytes anti malware gedownload en de scan gedaan.
      dit is de Hijack log:
      Logfile of Trend Micro HijackThis v2.0.2
      Scan saved at 10:50:12, on 29-3-2005
      Platform: Windows XP SP2 (WinNT 5.01.2600)
      MSIE: Internet Explorer v7.00 (7.00.6000.16608)
      Boot mode: Normal

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\csrss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\system32\spoolsv.exe
      C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
      C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
      C:\Program Files\Bonjour\mDNSResponder.exe
      C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
      C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
      c:\program files\common files\mcafee\mna\mcnasvc.exe
      C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
      C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
      c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
      C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
      C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
      C:\Program Files\McAfee\MPF\MPFSrv.exe
      C:\WINDOWS\system32\nvsvc32.exe
      C:\Program Files\SiteAdvisor\6253\SAService.exe
      C:\WINDOWS\system32\svchost.exe
      C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
      C:\WINDOWS\System32\alg.exe
      C:\WINDOWS\Explorer.EXE
      c:\PROGRA~1\mcafee\VIRUSS~1\mcvsshld.exe
      C:\PROGRA~1\mcafee.com\agent\mcagent.exe
      C:\WINDOWS\stsystra.exe
      C:\Program Files\Dell\Media Experience\DMXLauncher.exe
      C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
      C:\WINDOWS\System32\DLA\DLACTRLW.EXE
      C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
      C:\PROGRA~1\mcafee.com\mps\mscifapp.exe
      C:\Program Files\Common Files\Real\Update_OB\realsched.exe
      C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
      C:\Program Files\QuickTime\QTTask.exe
      C:\Program Files\iTunes\iTunesHelper.exe
      C:\WINDOWS\system32\RUNDLL32.EXE
      C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exe
      C:\Program Files\TrojanHunter 5.0\THGuard.exe
      C:\WINDOWS\system32\ctfmon.exe
      C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
      C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
      C:\Program Files\DNA\btdna.exe
      C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
      C:\Program Files\WiFiConnector\NintendoWFCReg.exe
      C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe
      C:\Program Files\iPod\bin\iPodService.exe
      C:\Program Files\Windows Media Player\wmplayer.exe
      C:\WINDOWS\system32\NOTEPAD.EXE
      C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
      C:\WINDOWS\system32\wbem\wmiprvse.exe

      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.nl/ig/dell?hl=nl&client=dell-row&channel=nl&ibd=5061003
      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.goldeagle.hyves.nl/
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
      R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.nl/ig/dell?hl=nl&client=dell-row&channel=nl&ibd=5061003
      R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
      R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
      O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
      O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
      O2 - BHO: McBrwHelper Class - {227B8AA8-DAF2-4892-BD1D-73F568BCB24E} - c:\PROGRA~1\mcafee.com\mps\mcbrhlpr.dll
      O2 - BHO: McAfee PopupKiller - {3EC8255F-E043-4cae-8B3B-B191550C2A22} - c:\program files\mcafee.com\mps\popupkiller.dll
      O2 - BHO: McAfee AntiPhishing Filter - {41D68ED8-4CFF-4115-88A6-6EBB8AF19000} - c:\program files\mcafee\spamkiller\mcapfbho.dll
      O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
      O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
      O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptcl.dll
      O2 - BHO: (no name) - {81B1E6D1-3B37-43C4-9962-E1626E8BA05D} - (no file)
      O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
      O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
      O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
      O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
      O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
      O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
      O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
      O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
      O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
      O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
      O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
      O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
      O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe /startup
      O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
      O4 - HKLM\..\Run: [MPSExe] c:\PROGRA~1\mcafee.com\mps\mscifapp.exe /embedding
      O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
      O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1043
      O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
      O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
      O4 - HKLM\..\Run: [LogonStudio] "C:\Program Files\WinCustomize\LogonStudio\logonstudio.exe" /RANDOM
      O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
      O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
      O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
      O4 - HKLM\..\Run: [SpyHunter Security Suite] C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exe
      O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 5.0\THGuard.exe"
      O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
      O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
      O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
      O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
      O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
      O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
      O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
      O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
      O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
      O4 - Startup: wkcalrem.LNK = C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe
      O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
      O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
      O4 - Global Startup: Nintendo Wi-Fi USB Connector registratiesoftware uitvoeren.lnk = C:\Program Files\WiFiConnector\NintendoWFCReg.exe
      O9 - Extra button: In weblog opnemen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
      O9 - Extra 'Tools' menuitem: &In weblog opnemen met Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
      O9 - Extra button: (no name) - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll
      O9 - Extra 'Tools' menuitem: McAfee AntiPhishing Filter - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll
      O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
      O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
      O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
      O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
      O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
      O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
      O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/20061205/qtinstall.info.apple.com/qtactivex/qtplugin.cab
      O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
      O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
      O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://leon22.spaces.live.com//PhotoUpload/MsnPUpld.cab
      O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/NL-NL/a-UNO1/GAME_UNO1.cab
      O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
      O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab
      O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
      O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://cache.hyves.net/statics/Aurigma/ImageUploader4.cab
      O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - http://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab
      O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
      O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/win/ActiveXPlugin.cab
      O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab53083.cab
      O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game09.zylom.com/activex/zylomgamesplayer.cab
      O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
      O16 - DPF: {E55FD215-A32E-43FE-A777-A7E8F165F551} (Flatcast Viewer 4.15) - http://www.flatcast.com/de/download/NpFv415.dll
      O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
      O20 - Winlogon Notify: befbefafe - C:\WINDOWS\system32\befbefafe.dll
      O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
      O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
      O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
      O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
      O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
      O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
      O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
      O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
      O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
      O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
      O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
      O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
      O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
      O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
      O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
      O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
      O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
      O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
      O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
      O23 - Service: SiteAdvisor-service (SiteAdvisor Service) - Unknown owner - C:\Program Files\SiteAdvisor\6253\SAService.exe

      --
      End of file - 15096 bytes





      en dit de Malwarebytes log:
      Malwarebytes' Anti-Malware 1.09
      Database versie: 560

      Scan type: Volledige Scan (C:\|D:\|)
      Objecten gescand: 113082
      Verstreken tijd: 1 hour(s), 3 minute(s), 35 second(s)

      Geheugenprocessen geïnfecteerd: 0
      Geheugenmodulen geïnfecteerd: 1
      Registersleutels geïnfecteerd: 17
      Registerwaarden geïnfecteerd: 0
      Registerdata bestanden geïnfecteerd: 2
      Mappen geïnfecteerd: 0
      Bestanden geïnfecteerd: 7

      Geheugenprocessen geïnfecteerd:
      (Geen kwaadaardige items gevonden)

      Geheugenmodulen geïnfecteerd:
      C:\WINDOWS\system32\ssqrp.dll (Trojan.Vundo) -> Unloaded module successfully.

      Registersleutels geïnfecteerd:
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{81b1e6d1-3b37-43c4-9962-e1626e8ba05d} (Trojan.Vundo) -> Delete on reboot.
      HKEY_CLASSES_ROOT\CLSID\{81b1e6d1-3b37-43c4-9962-e1626e8ba05d} (Trojan.Vundo) -> Delete on reboot.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{90b5a95a-afd5-4d11-b9bd-a69d53d22226} (Adware.Hotbar) -> Quarantined and deleted successfully.
      HKEY_CLASSES_ROOT\CLSID\{8109fd3d-d891-4f80-8339-50a4913ace6f} (Adware.Zango) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8109fd3d-d891-4f80-8339-50a4913ace6f} (Adware.Zango) -> Quarantined and deleted successfully.
      HKEY_CLASSES_ROOT\Interface\{85e06077-c824-43d0-a8dc-5efb17bc348a} (Adware.Zango) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\jkwslist (Malware.Trace) -> Quarantined and deleted successfully.
      HKEY_CURRENT_USER\Software\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
      HKEY_CURRENT_USER\Software\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
      HKEY_CURRENT_USER\Software\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
      HKEY_CURRENT_USER\Software\WakeNet (Trojan.Adware) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Juan (Trojan.Vundo) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.

      Registerwaarden geïnfecteerd:
      (Geen kwaadaardige items gevonden)

      Registerdata bestanden geïnfecteerd:
      HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\ssqrp.dll -> Delete on reboot.
      HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\ssqrp.dll -> Delete on reboot.

      Mappen geïnfecteerd:
      (Geen kwaadaardige items gevonden)

      Bestanden geïnfecteerd:
      C:\WINDOWS\system32\ssqrp.dll (Trojan.Vundo) -> Delete on reboot.
      C:\WINDOWS\system32\prqss.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
      C:\WINDOWS\system32\prqss.ini2 (Trojan.Vundo) -> Quarantined and deleted successfully.
      C:\axmfr.exe (Trojan.Peed) -> Quarantined and deleted successfully.
      C:\fvsyct.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
      C:\WINDOWS\Temp\7CF28762C38CA0D4.tmp (Trojan.Dropper) -> Quarantined and deleted successfully.
      C:\WINDOWS\Temp\AE8AB41F91F72503.tmp (Malware.Trace) -> Quarantined and deleted successfully.

      Comment


      • #4
        Download KillAFile.exe en plaats het op je bureaublad: http://users.telenet.be/marcvn/tools/KillAFile.exe
        Dubbelklik op KillAFile.exe om de tool te starten.
        In het keuzemenu kies je voor optie 1:
        1: Delete a file on reboot
        Wanneer deze melding verschijnt
        Code:
        Insert full path and filename to delete.
        and then press enter:
        tik je dit in: C:\WINDOWS\system32\befbefafe.dll
        Indien het bestandje aanwezig is, zal de computer vragen om te herstarten.
        Sta dit toe.
        Wanneer de computer opnieuw opgestart is, opent er een kladblokbestandje. Post de inhoud van dit bestand.

        Comment


        • #5
          ik heb killafile gedaan en dit is het logje:

          KILLAFILE - logfile


          Running from: "C:\Documents and Settings\Le¢n\Bureaublad"

          Delete on reboot: C:\WINDOWS\system32\befbefafe.dll

          --- Rebooting the computer ---

          C:\WINDOWS\system32\befbefafe.dll not deleted


          Finished!


          maar er komt nu een melding vn MCAfee:
          Ongewenst programma
          PrcViewer

          programma verwijderen
          programma toestaan

          en van trojanhunter:
          trojanhunterguard has found trojans running in memory. it is strongly recommended thath you check all checkboxes and press clean to remove the trojans memory

          Comment


          • #6
            Download Deckard's System Scanner naar je Bureaublad.
            • Sluit alle toepassingen en vensters.
            • Dubbelklik op dss.exe om het te activeren, en volg de aanwijzingen.
            • Wanneer de scan volledig is, zal een tekstbestand - main.txt - openen.
            • Kopiëer (Ctrl+A gevolgd door Ctrl+C) en plak (Ctrl+V) de inhoud van main.txt in je volgende antwoord.

            Opmerking: Sommige firewalls kunnen waarschuwen dat sigcheck.exe probeert verbinding te maken met het internet
            - zorg dat sigcheck.exe toestemming krijgt om dit te doen !
            Tevens kan het gebeuren dat je Antivirus DSS als verdacht aangeeft, of zelfs probeert te verwijderen.
            Laat je Antivirus dit niet verwijderen ! (In dit geval is het misschien beter om tijdens de scan van DSS je Antivirus even uit te schakelen)

            Comment


            • #7
              Deckard's System Scanner v20071014.68
              Run by León on 2005-03-29 17:25:32
              Computer is in Normal Mode.
              --------------------------------------------------------------------------------

              -- System Restore --------------------------------------------------------------

              System Restore is disabled; attempting to re-enable...success.


              -- Last 1 Restore Point(s) --
              1: 2005-03-29 15:25:36 UTC - RP1 - Controlepunt van systeem


              Backed up registry hives.
              Performed disk cleanup.

              Percentage of Memory in Use: 80% (more than 75%).
              Total Physical Memory: 447 MiB (512 MiB recommended).


              -- HijackThis (run as León.exe) ------------------------------------------------

              Logfile of Trend Micro HijackThis v2.0.2
              Scan saved at 17:27:43, on 29-3-2005
              Platform: Windows XP SP2 (WinNT 5.01.2600)
              MSIE: Internet Explorer v7.00 (7.00.6000.16608)
              Boot mode: Normal

              Running processes:
              C:\WINDOWS\System32\smss.exe
              C:\WINDOWS\system32\csrss.exe
              C:\WINDOWS\system32\winlogon.exe
              C:\WINDOWS\system32\services.exe
              C:\WINDOWS\system32\lsass.exe
              C:\WINDOWS\system32\svchost.exe
              C:\WINDOWS\system32\svchost.exe
              C:\WINDOWS\System32\svchost.exe
              C:\WINDOWS\system32\svchost.exe
              C:\WINDOWS\system32\svchost.exe
              C:\WINDOWS\system32\spoolsv.exe
              C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
              C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
              C:\Program Files\Bonjour\mDNSResponder.exe
              C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
              C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
              c:\program files\common files\mcafee\mna\mcnasvc.exe
              C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
              C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
              c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
              C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
              C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
              C:\Program Files\McAfee\MPF\MPFSrv.exe
              C:\WINDOWS\system32\nvsvc32.exe
              C:\Program Files\SiteAdvisor\6253\SAService.exe
              C:\WINDOWS\system32\svchost.exe
              C:\WINDOWS\System32\alg.exe
              C:\WINDOWS\Explorer.EXE
              C:\PROGRA~1\mcafee.com\agent\mcagent.exe
              C:\WINDOWS\stsystra.exe
              C:\Program Files\Dell\Media Experience\DMXLauncher.exe
              C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
              C:\WINDOWS\System32\DLA\DLACTRLW.EXE
              C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
              C:\PROGRA~1\mcafee.com\mps\mscifapp.exe
              C:\Program Files\Common Files\Real\Update_OB\realsched.exe
              C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
              C:\Program Files\QuickTime\QTTask.exe
              C:\Program Files\iTunes\iTunesHelper.exe
              C:\WINDOWS\system32\RUNDLL32.EXE
              C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exe
              C:\Program Files\TrojanHunter 5.0\THGuard.exe
              C:\WINDOWS\system32\ctfmon.exe
              C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
              C:\Program Files\iPod\bin\iPodService.exe
              C:\Program Files\DNA\btdna.exe
              c:\PROGRA~1\mcafee\VIRUSS~1\mcvsshld.exe
              C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
              C:\Program Files\WiFiConnector\NintendoWFCReg.exe
              C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe
              C:\Program Files\Windows Media Player\wmplayer.exe
              C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
              C:\Documents and Settings\León\Bureaublad\dss.exe
              C:\PROGRA~1\TRENDM~1\HIJACK~1\León.exe
              C:\WINDOWS\system32\wbem\wmiprvse.exe

              R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.nl/ig/dell?hl=nl&client=dell-row&channel=nl&ibd=5061003
              R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
              R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
              R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.goldeagle.hyves.nl/
              R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
              R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
              R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
              R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
              R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.nl/ig/dell?hl=nl&client=dell-row&channel=nl&ibd=5061003
              R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
              R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
              R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
              O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
              O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
              O2 - BHO: McBrwHelper Class - {227B8AA8-DAF2-4892-BD1D-73F568BCB24E} - c:\PROGRA~1\mcafee.com\mps\mcbrhlpr.dll
              O2 - BHO: McAfee PopupKiller - {3EC8255F-E043-4cae-8B3B-B191550C2A22} - c:\program files\mcafee.com\mps\popupkiller.dll
              O2 - BHO: McAfee AntiPhishing Filter - {41D68ED8-4CFF-4115-88A6-6EBB8AF19000} - c:\program files\mcafee\spamkiller\mcapfbho.dll
              O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
              O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
              O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptcl.dll
              O2 - BHO: (no name) - {81B1E6D1-3B37-43C4-9962-E1626E8BA05D} - (no file)
              O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
              O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
              O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
              O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
              O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
              O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
              O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
              O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
              O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
              O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
              O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
              O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
              O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe /startup
              O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
              O4 - HKLM\..\Run: [MPSExe] c:\PROGRA~1\mcafee.com\mps\mscifapp.exe /embedding
              O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
              O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1043
              O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
              O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
              O4 - HKLM\..\Run: [LogonStudio] "C:\Program Files\WinCustomize\LogonStudio\logonstudio.exe" /RANDOM
              O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
              O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
              O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
              O4 - HKLM\..\Run: [SpyHunter Security Suite] C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exe
              O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 5.0\THGuard.exe"
              O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
              O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
              O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
              O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
              O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
              O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
              O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
              O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
              O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
              O4 - Startup: wkcalrem.LNK = C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe
              O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
              O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
              O4 - Global Startup: Nintendo Wi-Fi USB Connector registratiesoftware uitvoeren.lnk = C:\Program Files\WiFiConnector\NintendoWFCReg.exe
              O9 - Extra button: In weblog opnemen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
              O9 - Extra 'Tools' menuitem: &In weblog opnemen met Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
              O9 - Extra button: (no name) - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll
              O9 - Extra 'Tools' menuitem: McAfee AntiPhishing Filter - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll
              O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
              O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
              O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
              O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
              O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
              O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
              O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
              O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
              O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/20061205/qtinstall.info.apple.com/qtactivex/qtplugin.cab
              O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
              O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
              O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://leon22.spaces.live.com//PhotoUpload/MsnPUpld.cab
              O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/NL-NL/a-UNO1/GAME_UNO1.cab
              O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
              O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab
              O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
              O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://cache.hyves.net/statics/Aurigma/ImageUploader4.cab
              O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - http://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab
              O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
              O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/win/ActiveXPlugin.cab
              O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab53083.cab
              O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game09.zylom.com/activex/zylomgamesplayer.cab
              O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
              O16 - DPF: {E55FD215-A32E-43FE-A777-A7E8F165F551} (Flatcast Viewer 4.15) - http://www.flatcast.com/de/download/NpFv415.dll
              O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
              O20 - Winlogon Notify: befbefafe - C:\WINDOWS\system32\befbefafe.dll
              O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
              O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
              O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
              O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
              O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
              O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
              O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
              O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
              O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
              O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
              O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
              O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
              O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
              O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
              O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
              O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
              O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
              O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
              O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
              O23 - Service: SiteAdvisor-service (SiteAdvisor Service) - Unknown owner - C:\Program Files\SiteAdvisor\6253\SAService.exe

              --
              End of file - 15045 bytes

              Comment


              • #8
                -- HijackThis Fixed Entries (C:\PROGRA~1\TRENDM~1\HIJACK~1\backups\) -----------

                backup-20050328-211625-210 O2 - BHO: Give4Free Plugin Installer - {208E7E77-507A-4649-B0C9-D39E9049C7A2} - C:\Program Files\Give4Free Plugin\ibho.dll (file missing)
                backup-20050328-211625-592 O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
                backup-20050328-211625-813 O2 - BHO: {223d8999-5ab4-2919-3734-d38f161ecc04} - {40cce161-f83d-4373-9192-4ba59998d322} - C:\WINDOWS\system32\cplyravh.dll (file missing)
                backup-20050328-211625-987 O2 - BHO: (no name) - {81B1E6D1-3B37-43C4-9962-E1626E8BA05D} - C:\WINDOWS\system32\ssqrp.dll
                backup-20050328-211641-432 O2 - BHO: (no name) - {C20E9EB2-0971-44BC-A2ED-96117BF275EE} - (no file)
                backup-20050328-211641-786 O2 - BHO: WebManager Class - {D5792AA9-D373-4039-8670-2CDAB6A71F15} - C:\Program Files\TorrentQ\TorrentManager.dll (file missing)
                backup-20050328-211702-778 O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
                backup-20050328-211702-923 O4 - HKLM\..\Run: [a0fabe9c] rundll32.exe "C:\WINDOWS\system32\gjeauixg.dll",b
                backup-20050328-211915-573 O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\León\Menu Start\Programma's\IMVU\Run IMVU.lnk (file missing)
                backup-20050328-211915-819 O20 - Winlogon Notify: befbefafe - C:\WINDOWS\system32\befbefafe.dll
                backup-20050328-211916-586 O20 - Winlogon Notify: cbxxxus - cbxxxus.dll (file missing)
                backup-20080322-150326-634 O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"

                -- File Associations -----------------------------------------------------------

                .reg - regfile - shell\open\command - regedit.exe"%1" %*
                .scr - scrfile - shell\open\command - "%1" %*


                -- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

                R0 BootScreen - c:\windows\\systemroot\system32\drivers\vidstub.sys (file missing)
                R1 StarOpen - c:\windows\system32\drivers\staropen.sys
                R3 ovt519 (Trust 320 SpaceCam) - c:\windows\system32\drivers\ov519vid.sys <Not Verified; OmniVision Technologies, Inc.; Dual Mode USB Camera 519>

                S3 RT25USBAP (Nintendo Wi-Fi USB Connector Service) - c:\windows\system32\drivers\rt25usbap.sys <Not Verified; Ralink Technology Inc.; Ralink 802.11g Wireless USB Adapters>


                -- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

                R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
                R2 Bonjour Service (##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##) - "c:\program files\bonjour\mdnsresponder.exe" <Not Verified; Apple Computer, Inc.; Bonjour>

                S2 MskService (McAfee SpamKiller Server) - c:\progra~1\mcafee\spamki~1\msksrvr.exe <Not Verified; McAfee Inc.; McAfee SpamKiller>
                S3 FLEXnet Licensing Service - "c:\program files\common files\macrovision shared\flexnet publisher\fnplicensingservice.exe" <Not Verified; Macrovision Europe Ltd.; FLEXnet Publisher (32 bit)>


                -- Device Manager: Disabled ----------------------------------------------------

                No disabled devices found.


                -- Scheduled Tasks -------------------------------------------------------------

                2008-03-25 15:59:14 420 --ah----- C:\WINDOWS\Tasks\User_Feed_Synchronization-{BF02C6A2-05D6-475F-A710-739FBC138E9A}.job
                2008-03-24 15:48:16 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
                2008-03-15 02:28:42 354 --a------ C:\WINDOWS\Tasks\McDefragTask.job
                2008-03-01 02:00:28 350 --a------ C:\WINDOWS\Tasks\McQcTask.job
                2007-11-21 08:09:21 386 --a------ C:\WINDOWS\Tasks\Jochem Meijer - Wakk.job


                -- Files created between 2005-02-28 and 2005-03-29 -----------------------------

                2078-07-14 02:00:00 0 d-------- C:\Program Files\VIDEOCD
                2070-01-01 02:00:00 0 d-------- C:\Program Files\The Sims 2 Pets
                2070-01-01 02:00:00 0 d-------- C:\Program Files\Sims2_EP4_1
                2008-03-23 13:03:12 0 d-------- C:\Documents and Settings\León\.SunDownloadManager
                2008-03-22 17:32:52 0 d-------- C:\Documents and Settings\León\Application Data\TrojanHunter
                2008-03-22 16:00:24 0 d-------- C:\Program Files\Trend Micro
                2008-03-22 15:49:44 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
                2008-03-22 15:37:50 0 d-------- C:\Program Files\TrojanHunter 5.0
                2008-03-21 22:47:29 0 d-------- C:\Program Files\Enigma Software Group
                2008-03-21 22:46:20 0 d-------- C:\WINDOWS\BDOSCAN8
                2008-03-21 14:18:05 0 d-------- C:\Documents and Settings\León\Dr Delete
                2008-03-18 21:39:57 290816 -----n--- C:\WINDOWS\system32\ssqrp.dll
                2008-03-18 21:24:42 0 d-------- C:\Documents and Settings\All Users\Application Data\FLEXnet
                2008-03-18 21:11:33 0 d-------- C:\Program Files\Common Files\Macrovision Shared
                2008-03-18 21:10:22 0 d-------- C:\Program Files\Bonjour
                2008-03-08 13:05:24 0 d-------- C:\Program Files\SopCast
                2008-03-06 22:54:08 0 d-------- C:\Documents and Settings\León\Application Data\InstallShield
                2008-03-06 22:40:53 0 d-------- C:\WINDOWS\NV54165668.TMP
                2008-03-06 22:32:51 0 d-------- C:\Program Files\SystemRequirementsLab
                2008-03-06 22:30:05 0 d-------- C:\NVIDIA
                2008-03-06 16:45:13 0 dr-h----- C:\Documents and Settings\León\Application Data\SecuROM
                2008-03-05 13:37:56 0 d-------- C:\Program Files\Malmberg
                2008-03-05 13:37:36 0 d-------- C:\Documents and Settings\All Users\Application Data\QuickTime
                2008-03-05 13:37:14 101888 -----n--- C:\WINDOWS\system32\VB6STKIT.DLL <Not Verified; Microsoft Corporation; Microsoft® Visual Basic for Windows>
                2008-03-05 13:35:23 0 d-------- C:\Program Files\Common Files\YDP
                2008-03-05 13:34:44 327168 --a------ C:\WINDOWS\IsUn0413.exe <Not Verified; InstallShield Software Corporation; InstallShield(r) unInstaller>
                2008-03-03 18:32:47 0 d-------- C:\Program Files\iPod
                2008-02-26 14:11:52 0 d-------- C:\Program Files\Guitar Pro 5
                2008-02-24 04:01:06 0 d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
                2008-02-22 22:14:50 0 d-------- C:\Program Files\Microsoft SQL Server Compact Edition
                2008-02-22 21:59:43 0 d--hs--c- C:\Program Files\Common Files\WindowsLiveInstaller
                2008-02-22 21:58:37 0 d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
                2008-02-16 14:11:43 0 d-------- C:\Documents and Settings\León\Application Data\BitTorrent
                2008-02-16 14:10:44 0 d-------- C:\Program Files\DNA
                2008-02-16 14:10:44 0 d-------- C:\Documents and Settings\León\Application Data\DNA
                2008-02-16 14:10:40 0 d-------- C:\Program Files\BitTorrent
                2008-02-06 16:20:18 0 d-------- C:\Program Files\Remote Desktop Control
                2008-02-04 20:42:57 12 --a------ C:\Documents and Settings\León\usb002
                2008-02-03 00:32:24 0 d-------- C:\Documents and Settings\León\Application Data\DassaultSystemes
                2008-02-03 00:32:24 0 d-------- C:\Documents and Settings\All Users\Application Data\DassaultSystemes
                2008-02-03 00:31:02 0 d-------- C:\Program Files\Dassault Systemes
                2008-02-03 00:29:53 0 d-------- C:\Program Files\MSXML 6.0
                2008-02-02 17:27:23 0 d-------- C:\Program Files\Virtual Earth 3D
                2008-02-01 12:17:18 587264 --a------ C:\WINDOWS\WLXPGSS.SCR <Not Verified; Microsoft Corporation; Windows Live Fotogalerij>
                2008-01-27 14:39:03 0 d-------- C:\Program Files\Pivot Stickfigure Animator <PIVOTS~1>
                2008-01-09 16:01:48 53248 --a------ C:\WINDOWS\bdoscandel.exe
                2007-11-20 22:51:06 0 --a------ C:\Documents and Settings\León\Application Data\wklnhst.dat
                2007-11-18 12:53:17 237568 --a------ C:\Documents and Settings\LocalService\ntuser.dat
                2007-11-18 12:53:17 5242880 --a------ C:\Documents and Settings\León\ntuser.dat
                2007-11-17 22:46:43 0 d-------- C:\Program Files\MWSnap
                2007-11-17 16:05:44 187392 --a------ C:\WINDOWS\system32\JPGUtils.dll
                2007-11-17 16:05:42 0 d-------- C:\Program Files\WinCustomize
                2007-11-17 16:03:20 0 d-------- C:\Program Files\Common Files\Stardock
                2007-11-17 16:03:18 163712 --a------ C:\WINDOWS\system32\drivers\vidstub.sys
                2007-11-17 15:44:55 0 d-------- C:\Program Files\Stardock
                2007-11-09 21:01:22 0 d-------- C:\Program Files\IDoser v4
                2007-10-21 09:27:41 0 d-------- C:\Program Files\Infogrames
                2007-10-20 12:21:10 0 d-------- C:\Program Files\Common Files\Apple
                2007-10-20 12:17:10 0 d-------- C:\Documents and Settings\All Users\Application Data\Apple
                2007-10-15 17:54:11 0 d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
                2007-10-10 20:05:53 108562 -----n--- C:\WINDOWS\system32\befbefafe.dll
                2007-10-08 20:10:06 0 d-------- C:\Documents and Settings\All Users\Application Data\nView_Profiles
                2007-10-08 13:12:07 0 d-------- C:\Documents and Settings\Gast\Application Data\SiteAdvisor
                2007-10-06 12:45:11 0 d-------- C:\Program Files\Norton Security Scan
                2007-10-01 16:46:27 0 d-------- C:\Documents and Settings\LocalService\Bureaublad
                2007-10-01 16:46:27 0 d-------- C:\Documents and Settings\LocalService\Application Data\SiteAdvisor
                2007-10-01 16:46:19 0 d-------- C:\Program Files\SiteAdvisor
                2007-10-01 16:46:19 0 d-------- C:\Documents and Settings\León\Application Data\SiteAdvisor
                2007-10-01 16:46:19 0 d-------- C:\Documents and Settings\All Users\Application Data\SiteAdvisor
                2007-10-01 16:43:44 0 d-------- C:\Program Files\Common Files\McAfee
                2007-09-17 18:31:47 0 d-------- C:\Program Files\TorrentQ
                2007-09-17 18:31:47 0 d-------- C:\Documents and Settings\León\Application Data\TorrentQ
                2007-09-17 18:31:45 0 d-------- C:\Program Files\Flash DVD Ripper
                2007-09-17 18:31:44 0 d-------- C:\Program Files\South Park Desktop Friends
                2007-09-17 18:31:38 0 d--h----- C:\Program Files\Give4Free Plugin
                2007-09-17 18:16:30 0 d-------- C:\Documents and Settings\Administrator\Favorieten
                2007-09-17 18:16:30 0 d-------- C:\Documents and Settings\Administrator\Cookies
                2007-09-17 18:16:30 0 d-------- C:\Documents and Settings\Administrator\Application Data
                2007-09-17 18:16:30 0 d-------- C:\Documents and Settings\Administrator\Application Data\Microsoft
                2007-09-17 18:16:30 0 d-------- C:\Documents and Settings\Administrator\Application Data\Corel
                2007-09-17 18:16:29 0 d-------- C:\Documents and Settings\Administrator\Sjablonen
                2007-09-17 18:16:29 786432 --ah----- C:\Documents and Settings\Administrator\NTUSER.DAT
                2007-09-17 18:16:29 0 d-------- C:\Documents and Settings\Administrator\Mijn documenten
                2007-09-17 18:16:29 0 d-------- C:\Documents and Settings\Administrator\Local Settings
                2007-09-06 18:08:55 102060 --a------ C:\WINDOWS\system32\USB poort
                2007-06-17 22:21:21 0 d-------- C:\Program Files\Windows Live
                2007-06-17 15:54:25 5248 --a------ C:\WINDOWS\system32\drivers\d347prt.sys
                2007-06-17 15:54:25 155136 --a------ C:\WINDOWS\system32\drivers\d347bus.sys
                2007-06-17 15:45:26 682232 --a------ C:\WINDOWS\system32\drivers\sptd.sys
                2007-06-15 18:27:26 0 d-------- C:\Program Files\Dvd-to-mpeg
                2007-06-15 18:13:30 0 d-------- C:\Program Files\SubtitleCreator
                2007-06-15 18:06:08 0 d-------- C:\Documents and Settings\León\Application Data\vlc
                2007-06-15 18:01:13 0 d-------- C:\Program Files\VideoLAN
                2007-06-09 10:34:41 0 d-------- C:\Program Files\Common Files\SWF Studio
                2007-06-08 16:31:50 0 d-------- C:\Documents and Settings\León\Application Data\WinRAR
                2007-06-08 16:18:58 0 d-------- C:\Program Files\utorrent
                2007-05-28 14:45:50 0 d-------- C:\Program Files\DivX
                2007-05-08 15:03:04 1275392 --a------ C:\WINDOWS\system32\msxml4.dll <Not Verified; Microsoft Corporation; Microsoft(R) MSXML 4.0 SP 2>
                2007-05-01 17:45:49 0 d-------- C:\Program Files\Casperlab Software
                2007-04-29 09:07:27 0 d-------- C:\Temp
                2007-04-28 21:40:04 0 d-------- C:\OutputFolder
                2007-04-28 21:35:11 0 d-------- C:\Program Files\Common Files\Download Manager
                2007-04-28 18:07:21 0 d-------- C:\Program Files\SHOUTcast
                2007-04-28 16:56:49 0 d-------- C:\Documents and Settings\León\Application Data\MusicIP
                2007-04-28 16:56:00 0 d-------- C:\Program Files\Winamp
                2007-04-22 18:56:18 766 --a------ C:\rockon
                2007-04-20 17:25:55 0 d-------- C:\Program Files\thriXXX
                2007-04-16 15:18:19 1936528 --a------ C:\WINDOWS\system32\ltmm15.dll <Not Verified; ; LEADTOOLS Multimedia Toolkit>
                2007-04-16 15:18:16 135168 --a------ C:\WINDOWS\system32\DSKernel2.dll <Not Verified; LEAD Technologies, Inc.; LEADTOOLS Multimedia Filter Pack>
                2007-04-16 15:17:23 737280 --a------ C:\WINDOWS\iun6002.exe <Not Verified; Indigo Rose Corporation; Setup Factory 6.0 Runtime Module>
                2007-04-16 15:17:01 2874926 --a------ C:\Program Files\FLV PlayerRCATSetup.exe
                2007-04-16 15:16:45 0 d-------- C:\Program Files\Replay Converter
                2007-04-16 15:13:31 0 d-------- C:\WINDOWS\FLV Player
                2007-04-16 14:31:47 0 d-------- C:\Documents and Settings\Gast\Application Data\Real
                2007-04-13 03:21:14 271360 --a------ C:\WINDOWS\system32\mscoree.dll <Not Verified; Microsoft Corporation; Microsoft® .NET Framework>
                2007-04-11 17:51:15 0 d-------- C:\Program Files\WiFiConnector
                2007-04-09 16:15:40 278528 --a------ C:\WINDOWS\system32\livesnth.dll <Not Verified; LiveUpdate; LiveSynth>
                2007-04-08 10:40:52 0 d-------- C:\WINDOWS\.file_store_32
                2007-04-02 19:03:41 0 d-------- C:\Documents and Settings\León\Application Data\ConvertTemp
                2007-04-02 19:03:29 0 d-------- C:\Documents and Settings\León\Application Data\TransRender
                2007-04-02 19:03:29 0 d-------- C:\Documents and Settings\León\Application Data\Temporary
                2007-03-29 16:51:05 5632 --a------ C:\WINDOWS\system32\drivers\StarOpen.sys
                2007-03-22 22:01:51 0 d-------- C:\Program Files\Common Files\xing shared
                2007-03-22 22:01:30 0 d-------- C:\Program Files\Common Files\Real
                2007-03-22 22:01:21 0 d-------- C:\Program Files\Real
                2007-03-22 22:00:46 0 d-------- C:\Documents and Settings\León\Application Data\Real
                2007-03-18 20:08:39 0 d-------- C:\Program Files\Activision
                2007-03-18 19:04:06 0 d-------- C:\Documents and Settings\León\Application Data\NCH Swift Sound
                2007-03-18 19:04:05 0 d-------- C:\Documents and Settings\León\Application Data\RecordPad
                2007-03-18 19:04:05 0 d-------- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
                2007-03-18 19:03:18 0 d-------- C:\Program Files\NCH Swift Sound
                2007-03-18 18:52:36 0 d-------- C:\Documents and Settings\León\Application Data\Screenshot Sender
                2007-03-18 16:58:38 0 d-------- C:\My Downloads
                2007-03-17 16:45:19 0 d-------- C:\Program Files\iTunes
                2007-03-06 21:44:32 0 d-------- C:\Documents and Settings\All Users\Application Data\Zylom
                2007-03-05 21:56:25 0 d-------- C:\Program Files\D-Tools
                2007-03-05 21:38:22 0 d-------- C:\Program Files\EA GAMES
                2007-03-05 21:27:21 0 d-------- C:\Program Files\Smart Projects
                2007-03-05 16:28:45 0 d-------- C:\Documents and Settings\León\Application Data\Apple Computer
                2007-03-04 10:43:11 1755 --a------ C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
                2007-03-03 16:56:48 0 d-------- C:\Program Files\Apple Software Update
                2007-03-03 16:56:29 0 d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
                2007-02-20 12:30:36 0 d-------- C:\Documents and Settings\León\Application Data\ZangoToolbar
                2007-02-19 13:18:49 0 d-------- C:\Documents and Settings\Gast\Application Data\Macromedia
                2007-02-19 13:17:18 0 d-------- C:\Documents and Settings\Gast\Application Data\Google
                2007-02-18 12:54:03 0 d-------- C:\Documents and Settings\León\Application Data\AdobeUM
                2007-02-18 09:58:37 0 d-------- C:\WINDOWS\.jagex_cache_32
                2007-02-18 09:58:25 0 d-------- C:\WINDOWS\Sun
                2007-02-18 09:58:25 0 d-------- C:\Documents and Settings\León\Application Data\Sun
                2007-02-16 14:28:38 19 --a------ C:\WINDOWS\popcinfo.dat
                2007-02-16 14:28:38 0 d-------- C:\Program Files\PopCap Games
                2007-02-08 20:44:59 0 d-------- C:\Program Files\Windows Journal Viewer
                2007-02-07 11:58:32 0 d-------- C:\Program Files\iWin
                2007-02-05 19:22:53 0 d-------- C:\Documents and Settings\Gast\Application Data\Identities
                2007-02-05 19:22:53 0 d-------- C:\Documents and Settings\Gast\Application Data\Corel
                2007-02-05 19:22:52 0 d--h----- C:\Documents and Settings\Gast\Sjablonen
                2007-02-05 19:22:52 0 dr-h----- C:\Documents and Settings\Gast\SendTo
                2007-02-05 19:22:52 0 dr-h----- C:\Documents and Settings\Gast\Onlangs geopend
                2007-02-05 19:22:52 0 d--h----- C:\Documents and Settings\Gast\Netwerkprinteromgeving
                2007-02-05 19:22:52 0 d--h----- C:\Documents and Settings\Gast\NetHood
                2007-02-05 19:22:52 0 dr------- C:\Documents and Settings\Gast\Mijn documenten
                2007-02-05 19:22:52 0 dr------- C:\Documents and Settings\Gast\Menu Start
                2007-02-05 19:22:52 0 d--h----- C:\Documents and Settings\Gast\Local Settings
                2007-02-05 19:22:52 0 dr------- C:\Documents and Settings\Gast\Favorieten
                2007-02-05 19:22:52 0 d--hs---- C:\Documents and Settings\Gast\Cookies
                2007-02-05 19:22:52 0 d-------- C:\Documents and Settings\Gast\Bureaublad
                2007-02-05 19:22:52 0 dr-h----- C:\Documents and Settings\Gast\Application Data
                2007-02-05 19:22:52 0 d-------- C:\Documents and Settings\Gast\Application Data\Symantec
                2007-02-05 19:22:52 0 d---s---- C:\Documents and Settings\Gast\Application Data\Microsoft
                2007-02-05 19:22:51 1048576 --ah----- C:\Documents and Settings\Gast\ntuser.dat
                2007-02-04 16:45:09 0 d-------- C:\Documents and Settings\León\Application Data\Samsung
                2007-02-04 15:15:15 0 d-------- C:\WINDOWS\system32\Samsung_USB_Drivers
                2007-02-04 15:14:53 0 d-------- C:\WINDOWS\system32\Samsung PC Studio Codecs
                2007-02-04 15:14:53 61440 --a------ C:\WINDOWS\system32\mp4_vcodec.dll <Not Verified; Mobile Leader; MPEG4 Video Codec Library>
                2007-02-04 15:14:53 679936 --a------ C:\WINDOWS\system32\fun_mp4_enc.dll <Not Verified; Mobile Leader; MPEG4 Encoder Dynamic Link Library>
                2007-02-04 15:14:53 2067140 -ra------ C:\WINDOWS\system32\avcodec.dll
                2007-02-04 15:14:46 0 d-------- C:\Program Files\Samsung
                2007-02-01 17:08:06 0 d-------- C:\Program Files\Electronic Arts
                2007-02-01 16:15:26 0 d-------- C:\Program Files\Hyves Kwekker
                2007-01-31 21:59:28 0 d--h----- C:\WINDOWS\msdownld.tmp
                2007-01-31 17:46:33 0 d-------- C:\Program Files\QuickTime
                2007-01-26 16:24:43 0 d-------- C:\Documents and Settings\León\Application Data\Corel Photo Album
                2007-01-26 16:24:32 88 -r-hs---- C:\WINDOWS\system32\CAFECAFAE5.sys
                2007-01-23 21:36:00 0 d-------- C:\Program Files\Voyage Century Online
                2007-01-23 20:46:56 0 d-------- C:\Documents and Settings\León\Application Data\uTorrent
                2007-01-20 18:08:24 0 d-------- C:\WINDOWS\system32\nl-nl
                2007-01-20 18:00:10 0 d-------- C:\WINDOWS\network diagnostic
                2007-01-17 22:45:23 65536 --a------ C:\WINDOWS\IFinst27.exe
                2007-01-17 16:24:34 0 d-------- C:\Documents and Settings\León\Application Data\IMVU
                2007-01-14 18:01:13 0 d-------- C:\Program Files\Incomplete
                2007-01-12 23:26:57 0 d-------- C:\Program Files\PartyGaming
                2007-01-12 22:15:22 0 d-------- C:\Documents and Settings\León\Application Data\McAfee
                2007-01-12 19:02:53 0 d-------- C:\WINDOWS\system32\mclsphlr
                2007-01-12 19:02:46 0 d--h----- C:\Documents and Settings\LocalService\SendTo
                2007-01-12 19:02:36 90112 --a------ C:\WINDOWS\system32\mcrtl32.dll <Not Verified; McAfee, Inc.; McAfee Privacy Service>
                2007-01-12 19:02:33 131072 --a------ C:\WINDOWS\system32\mclsp.dll <Not Verified; McAfee, Inc.; McAfee Privacy Service>
                2007-01-12 19:02:33 32768 --a------ C:\WINDOWS\system32\instlsp.exe
                2007-01-12 19:02:32 11264 --a------ C:\WINDOWS\system32\sporder.dll <Not Verified; Microsoft Corporation; Microsoft(R) Windows NT(TM) Operating System>
                2007-01-12 18:56:39 0 d-------- C:\Documents and Settings\LocalService\Application Data\Google
                2007-01-12 18:56:38 0 dr------- C:\Documents and Settings\LocalService\Favorieten
                2007-01-08 19:20:42 0 d-------- C:\Program Files\MSXML 4.0
                2007-01-08 19:20:23 0 d-------- C:\d661a69f1a002a85d3e200d208503b
                2007-01-08 15:55:53 0 d-------- C:\WINDOWS\OvtCam
                2007-01-08 15:51:52 0 d-------- C:\Documents and Settings\León\Application Data\ArcSoft
                2007-01-08 15:48:37 212480 --a------ C:\WINDOWS\pcdlib32.dll <Not Verified; Eastman Kodak; Kodak Photo CD Access Developer Toolkit>
                2007-01-08 15:48:37 0 d-------- C:\Program Files\ArcSoft
                2007-01-08 15:48:35 0 d-------- C:\Documents and Settings\León\Application Data\Adobe
                2007-01-08 15:42:17 16426 --a------ C:\WINDOWS\system32\ov519usd.dll <Not Verified; OmniVision Technologies Inc.; Dual Mode USB Camera 519>
                2007-01-08 15:42:17 40960 --a------ C:\WINDOWS\system32\ov519ext.dll <Not Verified; OmniVision Technologies Inc.; Dual Mode USB Camera 519>
                2007-01-08 15:42:17 174530 --a------ C:\WINDOWS\system32\drivers\ov519vid.sys <Not Verified; OmniVision Technologies, Inc.; Dual Mode USB Camera 519>
                2007-01-08 15:42:17 25211 --a------ C:\WINDOWS\system32\drivers\ov519cmd.sys <Not Verified; OmniVision Technologies Inc.; Dual Mode USB Camera 519>
                2007-01-08 15:42:17 61440 --a------ C:\WINDOWS\ov519dib.dll <Not Verified; OmniVision Technologies, Inc.; OmniVision USB Camera OV519>
                2007-01-08 15:42:17 135168 --a------ C:\WINDOWS\ov519cap.exe <Not Verified; OmniVision Technologies, Inc.; OmniVision USB Camera OV519>
                2007-01-08 15:42:17 40960 --a------ C:\WINDOWS\CleanDev.exe <Not Verified; ; CleanDevice>
                2007-01-08 15:42:16 307200 --a------ C:\WINDOWS\vidcap32.exe <Not Verified; Microsoft Corporation; Microsoft Windows>
                2007-01-08 15:42:16 0 d-------- C:\WINDOWS\Options
                2007-01-08 15:42:16 32528 --a------ C:\WINDOWS\amcap.exe
                2007-01-08 15:31:41 0 d-------- C:\Program Files\Trust 320 SpaceCam
                2007-01-07 21:37:10 0 d-------- C:\WINDOWS\system32\PreInstall
                2007-01-07 18:50:17 0 d-------- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
                2007-01-07 18:46:04 0 d-------- C:\Documents and Settings\All Users\Application Data\Messenger Plus!
                2007-01-07 18:39:20 0 d-------- C:\Documents and Settings\León\Muziek vn Leon
                2007-01-07 18:39:18 0 d-------- C:\Documents and Settings\León\Incomplete
                2007-01-07 18:27:29 0 d-------- C:\Program Files\Windows Media Connect 2
                2007-01-07 18:15:44 0 d-------- C:\WINDOWS\system32\drivers\UMDF
                2007-01-07 18:15:43 0 d-------- C:\WINDOWS\system32\LogFiles
                2007-01-07 17:54:58 0 d-------- C:\Program Files\LimeWire
                2007-01-07 17:53:12 0 d-------- C:\Documents and Settings\León\.limewire
                2007-01-07 17:38:42 0 d-------- C:\Program Files\Messenger Plus! Live
                2007-01-07 17:35:21 0 d-------- C:\Documents and Settings\León\Contacts
                2007-01-07 17:34:15 0 d------c- C:\WINDOWS\system32\DRVSTORE
                2007-01-07 17:33:37 0 d-------- C:\Program Files\MSN Messenger
                2007-01-07 17:26:55 0 d--hs---- C:\Documents and Settings\León\UserData
                2007-01-07 17:19:48 0 d-------- C:\Documents and Settings\León\Application Data\Google
                2007-01-07 16:44:09 0 d-------- C:\Documents and Settings\All Users\Application Data\Google
                2007-01-07 16:16:42 0 d-------- C:\WINDOWS\system32\SoftwareDistribution
                2006-12-08 05:57:20 69632 --a------ C:\WINDOWS\system32\TWUNK_32.EXE <Not Verified; Twain Working Group; Twain Thunker>
                2006-12-08 05:57:20 48560 --a------ C:\WINDOWS\system32\TWUNK_16.EXE <Not Verified; Twain Working Group; Twain Thunker>
                2006-12-08 05:57:20 77312 --a------ C:\WINDOWS\system32\TWAIN_32.DLL <Not Verified; Twain Working Group; Twain_32 Source Manager>
                2006-11-11 13:11:28 10 --a------ C:\WINDOWS\Spel_1.dat
                2006-11-11 13:08:43 10 --a------ C:\WINDOWS\Spel_8.dat
                2006-11-11 13:08:29 10 --a------ C:\WINDOWS\Spel_6.dat
                2006-10-25 17:01:49 0 d-------- C:\Program Files\directx
                2006-10-25 17:01:48 38160 --a------ C:\WINDOWS\system32\LMRTREND.dll <Not Verified; Microsoft Corporation; Microsoft® Windows(TM) Operating System>
                2006-10-25 17:01:46 182032 --a------ C:\WINDOWS\system32\dxtmsft3.dll <Not Verified; Microsoft Corporation; Microsoft® Windows(TM) Operating System>
                2006-10-25 17:01:40 63488 --a------ C:\WINDOWS\system32\unam4ie.exe <Not Verified; Microsoft Corporation; DirectShow>
                2006-10-25 17:01:36 10240 --a------ C:\WINDOWS\system32\vidx16.dll
                2006-10-25 17:01:35 194320 --a------ C:\WINDOWS\system32\qcut.dll <Not Verified; Microsoft Corporation; DirectShow>
                2006-10-25 17:01:32 4608 --a------ C:\WINDOWS\system32\w95inf32.dll <Not Verified; Microsoft Corporation; Microsoft® Plus! for Windows® 95>
                2006-10-25 17:01:32 2272 --a------ C:\WINDOWS\system32\w95inf16.dll <Not Verified; Microsoft Corporation; Microsoft® Plus! for Windows® 95>
                2006-10-25 10:05:22 0 d-------- C:\SIERRA
                2006-10-25 10:03:39 314880 --a------ C:\WINDOWS\IsUninst.exe <Not Verified; InstallShield Software Corporation; InstallShield® unInstaller>
                2006-10-25 10:03:36 0 d-------- C:\Documents and Settings\León\WINDOWS
                2006-10-15 16:08:33 0 d-------- C:\WINDOWS\ShellNew
                2006-10-15 16:07:02 0 d-------- C:\Documents and Settings\León\Application Data\Microsoft Web Folders
                2006-10-15 16:04:37 0 d-------- C:\Documents and Settings\León\Application Data\Macromedia
                2006-10-14 20:48:35 0 d-------- C:\Documents and Settings\León\Application Data\Sonic
                2006-10-14 20:48:18 0 d-------- C:\Documents and Settings\León\Application Data\Leadertech
                2006-10-14 18:44:10 56 -r-hs---- C:\WINDOWS\system32\E5FACAFECA.sys
                2006-10-14 18:43:52 5852 --ahs---- C:\WINDOWS\system32\KGyGaAvL.sys
                2006-10-14 17:24:21 0 d-------- C:\Documents and Settings\León\Application Data\Help
                2006-10-14 16:32:20 56832 -----n--- C:\WINDOWS\system32\iyvu9_32.dll
                2006-10-14 16:32:20 143872 -----n--- C:\WINDOWS\system32\iacenc.dll <Not Verified; Intel Corporation; Indeo® audio software>
                2006-10-14 16:29:34 0 d-------- C:\Program Files\Microsoft Games
                2006-10-14 15:57:34 0 d--h----- C:\Program Files\InstallShield Installation Information
                2006-10-14 15:51:36 0 d--hs---- C:\WINDOWS\ftpcache
                2006-10-14 15:04:46 0 d--h----- C:\Documents and Settings\León\Sjablonen
                2006-10-14 15:04:46 0 dr-h----- C:\Documents and Settings\León\SendTo
                2006-10-14 15:04:46 0 dr-h----- C:\Documents and Settings\León\Onlangs geopend
                2006-10-14 15:04:46 0 d--h----- C:\Documents and Settings\León\Netwerkprinteromgeving
                2006-10-14 15:04:46 0 d--h----- C:\Documents and Settings\León\NetHood
                2006-10-14 15:04:46 0 dr------- C:\Documents and Settings\León\Mijn documenten
                2006-10-14 15:04:46 0 dr------- C:\Documents and Settings\León\Menu Start
                2006-10-14 15:04:46 0 d--h----- C:\Documents and Settings\León\Local Settings
                2006-10-14 15:04:46 0 dr------- C:\Documents and Settings\León\Favorieten
                2006-10-14 15:04:46 0 d--hs---- C:\Documents and Settings\León\Cookies
                2006-10-14 15:04:46 0 d-------- C:\Documents and Settings\León\Bureaublad
                2006-10-14 15:04:46 0 dr-h----- C:\Documents and Settings\León\Application Data
                2006-10-14 15:04:46 0 d-------- C:\Documents and Settings\León\Application Data\Symantec
                2006-10-14 15:04:46 0 d-------- C:\Documents and Settings\León\Application Data\Identities
                2006-10-14 15:04:46 0 d-------- C:\Documents and Settings\León\Application Data\Corel
                2006-10-14 15:04:35 262144 --a------ C:\Documents and Settings\All Users\NTUSER.DAT
                2006-10-14 15:04:31 0 d-------- C:\Documents and Settings\Default User\Application Data\Identities
                2006-10-14 15:04:31 0 d-------- C:\Documents and Settings\Default User\Application Data\Corel
                2006-10-14 15:04:30 0 d-------- C:\Documents and Settings\Default User\Application Data\Symantec
                2006-10-05 05:31:10 79872 --a------ C:\WINDOWS\system32\msxml6r.dll <Not Verified; Microsoft Corporation; Microsoft(R) MSXML 6.0>
                2006-10-03 20:50:25 0 d-------- C:\Program Files\Common Files\Adobe
                2006-10-03 20:50:23 0 d-------- C:\Documents and Settings\All Users\Application Data\Adobe
                2006-10-03 20:48:21 0 d-------- C:\Program Files\Google
                2006-10-03 20:48:20 0 d-------- C:\Program Files\BAE
                2006-10-03 20:47:50 0 d-------- C:\Program Files\McAfee
                2006-10-03 20:47:50 0 d-------- C:\Documents and Settings\All Users\Application Data\McAfee
                2006-10-03 20:47:11 0 d-------- C:\Documents and Settings\All Users\Application Data\McAfee.com
                2006-10-03 20:45:39 0 d-------- C:\Program Files\McAfee.com
                2006-10-03 20:45:37 0 d-------- C:\Program Files\Sonic
                2006-10-03 20:44:39 0 d-------- C:\Program Files\Common Files\TiVo Shared
                2006-10-03 20:44:23 0 d-------- C:\WINDOWS\system32\DLA
                2006-10-03 20:44:23 0 d-------- C:\Program Files\Roxio
                2006-10-03 20:43:30 0 d-------- C:\Program Files\Corel Corporation
                2006-10-03 20:43:13 0 d-------- C:\WINDOWS\RegisteredPackages
                2006-10-03 20:43:09 0 d-------- C:\Documents and Settings\All Users\Application Data\InstallShield
                2006-10-03 20:43:02 0 d-------- C:\Program Files\Corel
                2006-10-03 20:42:59 712704 --a------ C:\WINDOWS\system32\DellSystemRestore.dll
                2006-10-03 20:42:36 0 d-------- C:\Program Files\Norton Ghost
                2006-10-03 20:41:54 0 d-------- C:\Documents and Settings\All Users\Application Data\Symantec
                2006-10-03 20:41:53 0 d-------- C:\Program Files\Symantec
                2006-10-03 20:41:53 0 d-------- C:\Program Files\Common Files\Symantec Shared
                2006-10-03 20:41:03 0 d-------- C:\Program Files\Microsoft Works
                2006-10-03 20:40:48 0 d-------- C:\Program Files\InterActual
                2006-10-03 20:40:46 0 d-------- C:\Program Files\Common Files\Sonic Shared
                2006-10-03 20:40:45 0 d-------- C:\Program Files\Dell
                2006-10-03 20:40:35 0 d-------- C:\Program Files\Broadcom
                2006-10-03 20:40:34 0 d-------- C:\WINDOWS\Downloaded Installations
                2006-10-03 20:40:30 0 d-------- C:\Documents and Settings\All Users\Application Data\Sonic
                2006-10-03 20:40:29 0 d-------- C:\Program Files\Common Files\Roxio Shared
                2006-10-03 20:40:29 0 d-------- C:\Program Files\Common Files\InstallShield
                2006-10-03 20:38:50 1093632 --a------ C:\WINDOWS\system32\stlang.dll <Not Verified; SigmaTel, Inc.; C-Major Audio>
                2006-10-03 20:38:50 282624 --a------ C:\WINDOWS\stsystra.exe <Not Verified; SigmaTel, Inc.; C-Major Audio>
                2006-10-03 20:38:50 0 d-------- C:\Program Files\Sigmatel
                2006-10-03 20:35:56 0 d-------- C:\Program Files\Java
                2006-10-03 20:34:32 0 d--h----- C:\WINDOWS\$hf_mig$
                2006-10-03 20:28:07 0 d-------- C:\WINDOWS\nview
                2006-10-03 20:27:56 0 d-------- C:\WINDOWS\system32\ReinstallBackups
                2006-10-03 20:25:01 0 d-------- C:\dell
                2006-10-03 20:24:49 0 d-------- C:\WINDOWS
                2006-10-03 20:22:00 77824 --a------ C:\WINDOWS\setpwr32.exe
                2006-10-03 20:21:48 0 d-------- C:\drivers
                2006-10-03 20:21:47 0 d-------- C:\WINDOWS\system32\drivers
                2006-10-03 20:21:44 1617920 --a------ C:\WINDOWS\system32\nwiz.exe
                2006-10-03 20:21:44 1019904 --a------ C:\WINDOWS\system32\nvwimg.dll
                2006-10-03 20:21:44 1703936 --a------ C:\WINDOWS\system32\nvwdmcpl.dll
                2006-10-03 20:21:44 466944 --a------ C:\WINDOWS\system32\nvshell.dll
                2006-10-03 20:21:42 1474560 --a------ C:\WINDOWS\system32\nview.dll
                2006-10-03 20:21:42 1339392 --a------ C:\WINDOWS\system32\nvdspsch.exe
                2006-10-03 20:21:42 442368 --a------ C:\WINDOWS\system32\nvappbar.exe
                2006-10-03 20:21:42 425984 --a------ C:\WINDOWS\system32\keystone.exe
                2006-10-03 20:21:32 0 d-------- C:\i386
                2006-10-03 20:20:57 0 d-------- C:\WINDOWS\system32
                2006-10-03 20:20:50 0 d-------- C:\WINDOWS\system32\dllcache
                2006-10-03 20:20:35 0 d-------- C:\WINDOWS\system32\oobe
                2006-06-05 01:57:56 82432 -----n--- C:\WINDOWS\system32\msxml4r.dll <Not Verified; Microsoft Corporation; Microsoft(R) MSXML 4.0 SP1>
                2006-06-05 01:57:56 91136 -r------- C:\WINDOWS\system32\msls2.dll <Not Verified; Microsoft Corporation; Microsoft® Line Services>
                2006-06-05 01:57:56 31744 -----n--- C:\WINDOWS\system32\hlp95en.dll <Not Verified; Microsoft Corporation; Microsoft Office>
                2006-05-29 13:00:00 0 d-------- C:\Program Files\De_Sims_2_Mega12
                2006-02-28 13:41:34 61440 --a------ C:\WINDOWS\system32\dns-sd.exe <Not Verified; Apple Computer, Inc.; Bonjour>
                2006-02-28 13:41:22 53248 --a------ C:\WINDOWS\system32\dnssd.dll <Not Verified; Apple Computer, Inc.; Bonjour>
                2006-01-12 23:29:38 13568 --a------ C:\WINDOWS\system32\drivers\wsp_pkt.sys <Not Verified; SingleClick Systems; Wireless Security Protocol Driver>
                2006-01-12 23:27:16 13696 --a------ C:\WINDOWS\system32\drivers\hnm_wrls_pkt.sys <Not Verified; SingleClick Systems; Wireless Protocol Driver>
                2006-01-12 23:26:10 13312 --a------ C:\WINDOWS\system32\drivers\packet.sys <Not Verified; SingleClick Systems; Auto IP Protocol Driver>
                2005-12-09 06:53:14 162944 -ra------ C:\WINDOWS\system32\drivers\rt25usbap.sys <Not Verified; Ralink Technology Inc.; Ralink 802.11g Wireless USB Adapters>
                2005-10-31 17:56:00 700416 --a------ C:\StubInstaller.exe <Not Verified; LimeWire; LimeWire swarmed installer>
                2005-09-23 07:28:52 74240 --a------ C:\WINDOWS\system32\mscories.dll <Not Verified; Microsoft Corporation; Microsoft® .NET Framework>
                2005-09-23 07:28:52 150016 --a------ C:\WINDOWS\system32\mscorier.dll <Not Verified; Microsoft Corporation; Microsoft® .NET Framework>
                2005-09-23 07:28:38 83456 --a------ C:\WINDOWS\system32\dfshim.dll <Not Verified; Microsoft Corporation; Microsoft® .NET Framework>
                2005-03-29 12:35:07 16384 --a------ C:\WINDOWS\system32\restart.exe <Not Verified; WareSoft Software; restart>
                2005-03-29 12:35:07 90112 --a------ C:\WINDOWS\system32\regdacl.exe <Not Verified; Frank Heyne Software; RegTools>
                2005-03-29 12:35:07 4096 --a------ C:\WINDOWS\system32\reboot.exe
                2005-03-29 12:35:06 0 d-------- C:\WINDOWS\system32\regdacl
                2005-03-28 23:42:47 165186 --ahs---- C:\WINDOWS\system32\prqss.ini2
                2005-03-28 21:37:34 0 d-------- C:\Documents and Settings\León\Application Data\Malwarebytes
                2005-03-28 21:36:31 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
                2005-03-28 21:36:30 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware


                -- Find3M Report ---------------------------------------------------------------

                2008-03-24 10:43:25 0 d-------- C:\Program Files\Common Files
                2007-11-17 16:19:24 4860416 --a------ C:\WINDOWS\system32\logonuiX.exe <Not Verified; Microsoft Corporation; Besturingssysteem Microsoft® Windows®>
                2007-06-27 15:30:54 3584 --a------ C:\Documents and Settings\León\Application Data\dvd.bmk
                2006-10-15 16:06:53 0 d-------- C:\Program Files\microsoft frontpage
                2006-10-03 20:36:43 0 d-------- C:\Program Files\Messenger
                2005-03-28 23:46:57 467444 --a------ C:\WINDOWS\system32\perfh013.dat
                2005-03-28 23:46:57 82312 --a------ C:\WINDOWS\system32\perfc013.dat


                -- Registry Dump ---------------------------------------------------------------

                *Note* empty entries & legit default entries are not shown


                [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{81B1E6D1-3B37-43C4-9962-E1626E8BA05D}]

                [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
                "nwiz"="nwiz.exe" [23-08-2006 20:12 C:\WINDOWS\system32\nwiz.exe]
                "SigmatelSysTrayApp"="stsystra.exe" [15-08-2006 11:00 C:\WINDOWS\stsystra.exe]
                "DMXLauncher"="C:\Program Files\Dell\Media Experience\DMXLauncher.exe" [05-10-2005 04:12]
                "ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [10-06-2005 11:44]
                "ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [10-06-2005 11:44]
                "DLA"="C:\WINDOWS\System32\DLA\DLACTRLW.EXE" [08-09-2005 06:20]
                "MSKDetectorExe"="C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe" [12-08-2005 17:16]
                "MSKAGENTEXE"="C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe" [09-11-2005 16:08]
                "MPSExe"="c:\PROGRA~1\mcafee.com\mps\mscifapp.exe" [30-03-2006 15:31]
                "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [22-03-2007 22:01]
                "DAEMON Tools-1033"="C:\Program Files\D-Tools\daemon.exe" [22-08-2004 17:05]
                "SiteAdvisor"="C:\Program Files\SiteAdvisor\6253\SiteAdv.exe" [17-01-2007 22:04]
                "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [05-12-2007 02:41]
                "LogonStudio"="C:\Program Files\WinCustomize\LogonStudio\logonstudio.exe" [03-09-2002 19:38]
                "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [01-02-2008 00:13]
                "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [19-02-2008 14:10]
                "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [05-12-2007 02:41]
                "SpyHunter Security Suite"="C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exe" [23-01-2008 15:47]
                "THGuard"="C:\Program Files\TrojanHunter 5.0\THGuard.exe" [08-02-2008 12:22]

                [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
                "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [04-08-2004 13:00]
                "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [08-06-2007 18:35]
                "MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [18-10-2007 12:34]
                "BitTorrent DNA"="C:\Program Files\DNA\btdna.exe" [27-03-2005 18:25]
                "SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [28-01-2008 12:43]

                C:\Documents and Settings\Le¢n\Menu Start\Programma's\Opstarten\
                wkcalrem.LNK - C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe [5-6-2006 1:58:10]

                C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\
                Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [23-9-2005 23:05:26]
                Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [17-2-1999 21:05:56]
                Nintendo Wi-Fi USB Connector registratiesoftware uitvoeren.lnk - C:\Program Files\WiFiConnector\NintendoWFCReg.exe [11-4-2007 17:51:17]

                [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
                "DisableRegistryTools"=0 (0x0)

                [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\befbefafe]
                C:\WINDOWS\system32\befbefafe.dll 18-03-2008 22:18 108562 C:\WINDOWS\system32\befbefafe.dll

                [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv]
                C:\Program Files\Stardock\Object Desktop\WindowBlinds\wbsrv.dll 02-11-2007 12:47 120056 C:\Program Files\Stardock\Object Desktop\WindowBlinds\WbSrv.dll

                [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
                "appinit_dlls"=wbsys.dll

                [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
                SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

                [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
                @=""


                [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b1ecf36e-8ef5-11dc-9103-00137233162a}]
                AutoRun\command- K:\System32.exe




                -- Hosts -----------------------------------------------------------------------

                127.0.0.1 bin.errorprotector.com ## added by CiD
                127.0.0.1 br.errorsafe.com ## added by CiD
                127.0.0.1 br.winantivirus.com ## added by CiD
                127.0.0.1 br.winfixer.com ## added by CiD
                127.0.0.1 cdn.drivecleaner.com ## added by CiD
                127.0.0.1 cdn.errorsafe.com ## added by CiD
                127.0.0.1 cdn.winsoftware.com ## added by CiD
                127.0.0.1 de.errorsafe.com ## added by CiD
                127.0.0.1 de.winantivirus.com ## added by CiD
                127.0.0.1 download.cdn.drivecleaner.com ## added by CiD

                60 more entries in hosts file.


                -- End of Deckard's System Scanner: finished at 2005-03-29 17:32:42 ------------

                Comment


                • #9
                  Download The Avenger naar je Bureaublad.
                  • Klik op Avenger.zip om het uit te pakken naar je bureaublad
                  Start The Avenger door op het icoontje met het zwaard te dubbelklikken.
                  • Onder "Script file to execute" kies "Input Script Manually".
                  • Klik op het vergrootglas icoontje; een nieuw venster zal openen met de naam "View/edit script"
                  • Kopieer en plak het volgende blauw vetgedrukte erin:



                    Files to delete:
                    C:\WINDOWS\system32\prqss.ini2
                    C:\WINDOWS\system32\ssqrp.dll
                    C:\WINDOWS\system32\befbefafe.dll



                  • Klik Done
                  • Daarna klik op het Groen verkeerslicht om het script uit te voeren
                  • Antwoord "Yes/Ja" wanneer daarnaar gevraagd wordt.
                  The Avenger zal daarna het volgende doen:
                  • Uw computer herstarten.
                  • Na herstart, zal het vlug een zwart command window openen. Dit is normaal.
                  • Na herstart, zal het een log maken die zal openen met de resultaten van The Avenger. Dit log zal te vinden zijn op C:\avenger.txt
                  • The Avenger maakt ook backups aan met alle bestanden, etc., die eerder werden verwijderd door The Avenger, deze backups bevinden zich op volgende plaats: C:\avenger\backup.zip.
                  Kopieer en plak de inhoud van avenger.txt in je volgende bericht.
                  Post ook een nieuw logje van Hijackthis

                  Groeten smeenk

                  Comment


                  • #10
                    Bij mij ziet the avenger er heel anders uit
                    dit is een screen shot vn the avenger
                    ~$ddddd.doc

                    Comment


                    • #11
                      Klopt, er is sinds kort een nieuwe versie van The Avenger.
                      Ik heb daar helaas nog geen gebruikshandleiding van en heb zelf ook nog geen tijd gehad om er mee te testen.

                      Denk je dat je er zelf uit komt?(in grote lijnen zou het toch nog ongeveer hetzelfde moeten werken)

                      Comment


                      • #12
                        Ik heb de nieuwe canned gevonden

                        Download The Avenger en plaats het op je bureaublad: http://swandog46.geekstogo.com/avenger2/download.php
                        Unzip het.
                        Start het programma door op avenger.exe te klikken.
                        In het venster "Input Script here", plak je het volgende (vetgedrukte):


                        Files to delete:
                        C:\WINDOWS\system32\prqss.ini2
                        C:\WINDOWS\system32\ssqrp.dll
                        C:\WINDOWS\system32\befbefafe.dll



                        Klik daarna op de knop "Execute".
                        Avenger zal aangeven dat de computer gaat herstarten, sta dit toe.
                        Na reboot opent een logfile (avenger .txt). Post de inhoud van de logfile.

                        Comment


                        • #13
                          Dit is het avenger logje

                          Logfile of The Avenger Version 2.0, (c) by Swandog46
                          http://swandog46.geekstogo.com

                          Platform: Windows XP

                          *******************

                          Script file opened successfully.
                          Script file read successfully.

                          Backups directory opened successfully at C:\Avenger

                          *******************

                          Beginning to process script file:

                          Rootkit scan active.
                          No rootkits found!

                          File "C:\WINDOWS\system32\prqss.ini2" deleted successfully.
                          File "C:\WINDOWS\system32\ssqrp.dll" deleted successfully.
                          File "C:\WINDOWS\system32\befbefafe.dll" deleted successfully.

                          Completed script processing.

                          *******************

                          Finished! Terminate.

                          Comment


                          • #14
                            Download DAFT naar je Bureaublad
                            • Dubbelklik op het groene daft.exe icoon.
                            • Lees de disclaimer en klik op OK.
                            • Klik op de Scan knop.
                            • Vink (indien foutieve associaties worden aangetroffen) alle weergegeven items aan.
                            • Klik op de Fix knop.
                            • Herhaal de scan en klik op "Save log".
                              Standaard wordt dit op je Bureaublad opgeslagen als daft.txt.
                            Post ook een nieuw logje van Hijackthis

                            Comment


                            • #15
                              Hier is de nieuwe Hijacklog:
                              Logfile of Trend Micro HijackThis v2.0.2
                              Scan saved at 13:51:51, on 30-3-2005
                              Platform: Windows XP SP2 (WinNT 5.01.2600)
                              MSIE: Internet Explorer v7.00 (7.00.6000.16608)
                              Boot mode: Normal

                              Running processes:
                              C:\WINDOWS\System32\smss.exe
                              C:\WINDOWS\system32\csrss.exe
                              C:\WINDOWS\system32\winlogon.exe
                              C:\WINDOWS\system32\services.exe
                              C:\WINDOWS\system32\lsass.exe
                              C:\WINDOWS\system32\svchost.exe
                              C:\WINDOWS\system32\svchost.exe
                              C:\WINDOWS\System32\svchost.exe
                              C:\WINDOWS\system32\svchost.exe
                              C:\WINDOWS\system32\svchost.exe
                              C:\WINDOWS\system32\spoolsv.exe
                              C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
                              C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
                              C:\Program Files\Bonjour\mDNSResponder.exe
                              C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
                              C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
                              c:\program files\common files\mcafee\mna\mcnasvc.exe
                              C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
                              C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
                              c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
                              C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
                              C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
                              C:\Program Files\McAfee\MPF\MPFSrv.exe
                              C:\WINDOWS\system32\nvsvc32.exe
                              C:\Program Files\SiteAdvisor\6253\SAService.exe
                              C:\WINDOWS\system32\svchost.exe
                              C:\WINDOWS\System32\alg.exe
                              C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
                              C:\WINDOWS\Explorer.EXE
                              C:\PROGRA~1\mcafee.com\agent\mcagent.exe
                              c:\PROGRA~1\mcafee\VIRUSS~1\mcvsshld.exe
                              C:\WINDOWS\stsystra.exe
                              C:\Program Files\Dell\Media Experience\DMXLauncher.exe
                              C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
                              C:\WINDOWS\System32\DLA\DLACTRLW.EXE
                              C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
                              C:\PROGRA~1\mcafee.com\mps\mscifapp.exe
                              C:\Program Files\Common Files\Real\Update_OB\realsched.exe
                              C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
                              C:\Program Files\QuickTime\QTTask.exe
                              C:\Program Files\iTunes\iTunesHelper.exe
                              C:\WINDOWS\system32\RUNDLL32.EXE
                              C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exe
                              C:\Program Files\TrojanHunter 5.0\THGuard.exe
                              C:\WINDOWS\system32\ctfmon.exe
                              C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
                              C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
                              C:\Program Files\DNA\btdna.exe
                              C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
                              C:\Program Files\WiFiConnector\NintendoWFCReg.exe
                              C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe
                              C:\Program Files\iPod\bin\iPodService.exe
                              C:\Program Files\Windows Media Player\wmplayer.exe
                              C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
                              C:\WINDOWS\system32\wbem\wmiprvse.exe

                              R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.nl/ig/dell?hl=nl&client=dell-row&channel=nl&ibd=5061003
                              R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
                              R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
                              R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.goldeagle.hyves.nl/
                              R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
                              R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
                              R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
                              R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
                              R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.nl/ig/dell?hl=nl&client=dell-row&channel=nl&ibd=5061003
                              R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
                              R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
                              R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
                              O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
                              O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
                              O2 - BHO: McBrwHelper Class - {227B8AA8-DAF2-4892-BD1D-73F568BCB24E} - c:\PROGRA~1\mcafee.com\mps\mcbrhlpr.dll
                              O2 - BHO: McAfee PopupKiller - {3EC8255F-E043-4cae-8B3B-B191550C2A22} - c:\program files\mcafee.com\mps\popupkiller.dll
                              O2 - BHO: McAfee AntiPhishing Filter - {41D68ED8-4CFF-4115-88A6-6EBB8AF19000} - c:\program files\mcafee\spamkiller\mcapfbho.dll
                              O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
                              O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
                              O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptcl.dll
                              O2 - BHO: (no name) - {81B1E6D1-3B37-43C4-9962-E1626E8BA05D} - (no file)
                              O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
                              O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
                              O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
                              O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
                              O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
                              O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
                              O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
                              O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
                              O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
                              O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
                              O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
                              O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
                              O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe /startup
                              O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
                              O4 - HKLM\..\Run: [MPSExe] c:\PROGRA~1\mcafee.com\mps\mscifapp.exe /embedding
                              O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
                              O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1043
                              O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
                              O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
                              O4 - HKLM\..\Run: [LogonStudio] "C:\Program Files\WinCustomize\LogonStudio\logonstudio.exe" /RANDOM
                              O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
                              O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
                              O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
                              O4 - HKLM\..\Run: [SpyHunter Security Suite] C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exe
                              O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 5.0\THGuard.exe"
                              O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
                              O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
                              O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
                              O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
                              O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
                              O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
                              O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
                              O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
                              O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
                              O4 - Startup: wkcalrem.LNK = C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe
                              O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
                              O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
                              O4 - Global Startup: Nintendo Wi-Fi USB Connector registratiesoftware uitvoeren.lnk = C:\Program Files\WiFiConnector\NintendoWFCReg.exe
                              O9 - Extra button: In weblog opnemen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
                              O9 - Extra 'Tools' menuitem: &In weblog opnemen met Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
                              O9 - Extra button: (no name) - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll
                              O9 - Extra 'Tools' menuitem: McAfee AntiPhishing Filter - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll
                              O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
                              O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
                              O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
                              O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
                              O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
                              O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
                              O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
                              O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
                              O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/20061205/qtinstall.info.apple.com/qtactivex/qtplugin.cab
                              O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
                              O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
                              O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://leon22.spaces.live.com//PhotoUpload/MsnPUpld.cab
                              O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/NL-NL/a-UNO1/GAME_UNO1.cab
                              O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
                              O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab
                              O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
                              O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://cache.hyves.net/statics/Aurigma/ImageUploader4.cab
                              O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - http://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab
                              O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
                              O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/win/ActiveXPlugin.cab
                              O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab53083.cab
                              O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game09.zylom.com/activex/zylomgamesplayer.cab
                              O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
                              O16 - DPF: {E55FD215-A32E-43FE-A777-A7E8F165F551} (Flatcast Viewer 4.15) - http://www.flatcast.com/de/download/NpFv415.dll
                              O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
                              O20 - Winlogon Notify: befbefafe - C:\WINDOWS\system32\befbefafe.dll (file missing)
                              O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
                              O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
                              O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
                              O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
                              O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
                              O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
                              O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
                              O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
                              O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
                              O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
                              O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
                              O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
                              O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
                              O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
                              O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
                              O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
                              O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
                              O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
                              O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
                              O23 - Service: SiteAdvisor-service (SiteAdvisor Service) - Unknown owner - C:\Program Files\SiteAdvisor\6253\SAService.exe

                              --
                              End of file - 15078 bytes

                              en de Daft log:

                              DAFT Log saved on 2005-03-30 13:51:19
                              -----------------------------------------------------------------------
                              All associations okay!

                              Comment

                              Sorry, you are not authorized to view this page
                              Working...
                              X