Mededeling

Collapse
No announcement yet.

trojan.vundo.dvs

Collapse
X
  •  
  • Filter
  • Tijd
  • Show
Clear All
new posts

  • trojan.vundo.dvs

    sinds vandaag heb ik een trojan.vundo.dvs op de computer en met bullguard krijg ik hem niet verwijderd hoe krijg ik dit verwijderd dit is mn

    hijackthis

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 22:20:24, on 2-4-2008
    Platform: Windows Vista (WinNT 6.00.1904)
    MSIE: Internet Explorer v7.00 (7.00.6000.16609)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Windows\system32\taskeng.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
    C:\Windows\RtHDVCpl.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Windows\System32\rundll32.exe
    C:\Program Files\Genesys PC Camera Device\GenePccMon.exe
    C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
    C:\Windows\WindowsMobile\wmdc.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files\BullGuard Software\BullGuard\BullGuard.exe
    C:\Windows\ehome\ehtray.exe
    C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
    C:\Users\jamie\Program Files\DNA\btdna.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Windows\System32\rundll32.exe
    C:\Windows\System32\rundll32.exe
    C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
    C:\Windows\ehome\ehmsas.exe
    C:\Program Files\Internet Explorer\ieuser.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.nucia.eu/forum/forumdisplay.php?f=41
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O1 - Hosts: ::1 localhost
    O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
    O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
    O4 - HKLM\..\Run: [Skytel] Skytel.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [GenePccMon.exe] C:\Program Files\Genesys PC Camera Device\GenePccMon.exe
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [QuickFinder Scheduler] "C:\Program Files\WordPerfect Office X3\Programs\QFSCHD130.EXE"
    O4 - HKLM\..\Run: [BullGuard] "C:\Program Files\BullGuard Software\BullGuard\bullguard.exe" -boot
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
    O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
    O4 - HKLM\..\Run: [toolbar_eula_launcher] C:\Program Files\GoogleEULA\EULALauncher.exe
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe
    O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    O4 - HKCU\..\Run: [BullGuard] "C:\Program Files\BullGuard Software\BullGuard\BullGuard.exe"
    O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
    O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Users\jamie\Program Files\DNA\btdna.exe"
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - HKCU\..\Run: [cmds] rundll32.exe C:\Users\jamie\AppData\Local\Temp\geBtUnnl.dll,c
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
    O8 - Extra context menu item: Open with WordPerfect - C:\Program Files\WordPerfect Office X3\Programs\WPLauncher.hta
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
    O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
    O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
    O13 - Gopher Prefix:
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
    O23 - Service: BullGuard LiveUpdate (BGLiveSvc) - BullGuard Software - C:\Program Files\BullGuard Software\BullGuard\BullGuardUpdate.exe
    O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktopManager.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
    O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
    O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe

    --
    End of file - 7176 bytes

  • #2
    Volg deze instructies om ComboFix te downloaden:
    • Voer de instructies op de BleepingComputer pagina uit, inclusief het installeren van de XP Recovery Console
      Indien je Combofix al eerder hebt gebruikt, gelieve die versie te verwijderen en Combofix opnieuw te downloaden via bovenstaande link, want Combofix wordt dagelijks geupdate.

      OPMERKING: indien je, tijdens of na het downloaden van Combofix of tijdens het gebruik van Combofix een melding krijgt van je Antivirus- of een andere realtime scanner,
      schakel dan deze scanner uit en download Combofix opnieuw.
      Sommige scanners zien bepaalde componenten die Combofix gebruikt als verdacht en gaan deze blokkeren of verwijderen!
      • Dubbelklik op Combofix.exe
        Tijdens het runnen van de fix, NIET in het venster klikken, want dit zal je pc doen vasthangen.
        Wanneer de fix voltooid is en na herstart, zal de log Combofix.txt openen.


      Plaats deze log in je volgende post, samen met een vers HijackThis logje.
    Groet,
    Pimmerd

    Comment


    • #3
      ComboFix 08-04-02.1 - jamie 2008-04-02 22:46:27.2 - NTFSx86
      Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1043.18.1091 [GMT 2:00]
      Gestart vanuit: C:\Users\jamie\Desktop\ComboFix.exe
      * Nieuw herstelpunt werd aangemaakt
      * Resident AV is active

      .

      (((((((((((((((((((( Bestanden Gemaakt van 2008-03-02 to 2008-04-02 ))))))))))))))))))))))))))))))
      .

      2008-04-02 22:20 . 2008-04-02 22:20 <DIR> d-------- C:\Program Files\Trend Micro
      2008-04-02 21:25 . 2008-04-02 21:30 <DIR> d-------- C:\ComboFix[1]
      2008-04-02 20:31 . 2008-04-02 20:53 <DIR> d-a------ C:\Users\All Users\TEMP
      2008-04-02 20:31 . 2008-04-02 20:53 <DIR> d-a------ C:\ProgramData\TEMP
      2008-04-02 17:43 . 2008-04-02 17:48 <DIR> d-------- C:\Users\jamie\AppData\Roaming\Azureus
      2008-04-02 17:43 . 2008-04-02 17:43 <DIR> d-------- C:\Users\All Users\Azureus
      2008-04-02 17:43 . 2008-04-02 17:43 <DIR> d-------- C:\ProgramData\Azureus
      2008-04-02 16:35 . 2008-04-02 16:35 2,560 --a------ C:\Windows\_MSRSTRT.EXE
      2008-04-02 09:07 . 2008-04-02 09:07 <DIR> d-------- C:\Program Files\MSECache
      2008-04-01 21:59 . 2008-04-02 22:20 <DIR> d-------- C:\My Downloads
      2008-04-01 21:59 . 2007-11-22 16:00 483,328 --a------ C:\Windows\System32\actskn45.ocx
      2008-04-01 17:52 . 2008-04-01 17:52 <DIR> d-------- C:\Users\jamie\Program Files
      2008-03-31 22:21 . 2008-04-02 22:45 <DIR> d-------- C:\Users\jamie\AppData\Roaming\DNA
      2008-03-31 22:21 . 2008-03-31 22:21 <DIR> d-------- C:\Program Files\DNA
      2008-03-29 22:36 . 2008-04-02 09:00 <DIR> d-------- C:\Users\jamie\AppData\Roaming\Corel
      2008-03-29 21:30 . 2008-03-31 22:34 <DIR> d-------- C:\Users\jamie\programma's
      2008-03-28 21:04 . 2008-03-29 13:44 <DIR> d-------- C:\Users\jamie\winrar bestanden
      2008-03-28 15:30 . 2008-03-28 15:30 <DIR> d-------- C:\Windows\System32\Adobe
      2008-03-27 13:04 . 2008-03-27 13:05 <DIR> d-------- C:\Program Files\Common Files\Adobe
      2008-03-25 20:58 . 2008-03-25 23:32 <DIR> d-------- C:\Program Files\Belastingdienst
      2008-03-24 20:29 . 2008-03-24 21:51 <DIR> d-------- C:\Users\jamie\AppData\Roaming\Ahead
      2008-03-22 19:45 . 2008-03-22 19:45 <DIR> d-------- C:\Windows\System32\URTTEMP
      2008-03-22 19:10 . 2008-03-22 19:10 <DIR> d-------- C:\Program Files\EA GAMES
      2008-03-22 18:50 . 2008-03-22 18:50 <DIR> d-------- C:\Program Files\Masc software
      2008-03-22 18:24 . 2008-03-22 18:49 <DIR> d-------- C:\Program Files\MASC Software BV
      2008-03-21 17:32 . 2008-03-21 17:32 <DIR> dr------- C:\Windows\System32\config\systemprofile\Music
      2008-03-20 21:00 . 2008-04-01 21:41 <DIR> d-------- C:\Users\jamie\AppData\Roaming\LimeWirePlus
      2008-03-20 21:00 . 2008-04-02 16:36 <DIR> d-------- C:\Program Files\LimewirePlus
      2008-03-20 19:09 . 2008-03-20 19:09 14,152 --a------ C:\Windows\System32\lccl.dll
      2008-03-20 19:09 . 2008-03-20 19:09 14,152 --a------ C:\Windows\System32\client_cc.dll
      2008-03-19 21:16 . 2008-03-19 21:16 <DIR> d-------- C:\Program Files\directx
      2008-03-17 22:03 . 2008-03-17 22:03 <DIR> d-------- C:\Program Files\Toshiba
      2008-03-17 21:32 . 2008-03-17 21:32 194,560 --a------ C:\Windows\System32\WebClnt.dll
      2008-03-17 21:32 . 2008-03-17 21:32 110,080 --a------ C:\Windows\System32\drivers\mrxdav.sys
      2008-03-17 21:29 . 2008-03-31 15:45 82,171 --a------ C:\Users\jamie\AppData\Roaming\nvModes.dat
      2008-03-17 21:28 . 2008-03-17 21:28 3,504,696 --a------ C:\Windows\System32\ntkrnlpa.exe
      2008-03-17 21:28 . 2008-03-17 21:28 3,470,392 --a------ C:\Windows\System32\ntoskrnl.exe
      2008-03-17 21:28 . 2008-03-17 21:28 1,060,920 --a------ C:\Windows\System32\drivers\ntfs.sys
      2008-03-17 21:28 . 2008-03-17 21:28 41,984 --a------ C:\Windows\System32\drivers\monitor.sys
      2008-03-17 21:26 . 2008-03-17 21:26 1,327,104 --a------ C:\Windows\System32\quartz.dll
      2008-03-17 21:26 . 2008-03-17 21:26 223,232 --a------ C:\Windows\System32\WMASF.DLL
      2008-03-17 21:26 . 2008-03-17 21:26 9,728 --a------ C:\Windows\System32\LAPRXY.DLL
      2008-03-17 21:26 . 2008-03-17 21:26 2,048 --a------ C:\Windows\System32\asferror.dll
      2008-03-17 21:25 . 2008-03-17 21:25 4,247,552 --a------ C:\Windows\System32\GameUXLegacyGDFs.dll
      2008-03-17 21:25 . 2008-03-17 21:25 1,686,528 --a------ C:\Windows\System32\gameux.dll
      2008-03-17 21:25 . 2008-03-17 21:25 11,776 --a------ C:\Windows\System32\sbunattend.exe
      2008-03-17 21:24 . 2008-03-17 21:24 <DIR> d-------- C:\Windows\System32\Macromed
      2008-03-17 21:24 . 2008-03-17 21:24 130,048 --a------ C:\Windows\System32\drivers\srv2.sys
      2008-03-17 21:24 . 2008-03-17 21:24 101,888 --a------ C:\Windows\System32\drivers\mrxsmb.sys
      2008-03-17 21:24 . 2008-03-17 21:24 84,992 --a------ C:\Windows\System32\drivers\srvnet.sys
      2008-03-17 21:24 . 2008-03-17 21:24 58,368 --a------ C:\Windows\System32\drivers\mrxsmb20.sys
      2008-03-17 21:21 . 2008-03-17 21:21 1,244,672 --a------ C:\Windows\System32\mcmde.dll
      2008-03-17 21:13 . 2008-03-17 21:13 50,896 --a------ C:\Windows\System32\drivers\BdFileSpy.sys
      2008-03-17 20:51 . 2008-03-17 20:51 <DIR> dr------- C:\Users\jamie\Searches
      2008-03-17 20:51 . 2008-04-02 11:55 <DIR> d-------- C:\Users\jamie\AppData\Roaming\BullGuard
      2008-03-17 20:50 . 2008-03-29 21:43 <DIR> dr------- C:\Users\jamie\Videos
      2008-03-17 20:50 . 2008-03-17 22:39 <DIR> dr------- C:\Users\jamie\Saved Games
      2008-03-17 20:50 . 2008-03-29 22:40 <DIR> dr------- C:\Users\jamie\Pictures
      2008-03-17 20:50 . 2008-04-02 17:48 <DIR> dr------- C:\Users\jamie\Music
      2008-03-17 20:50 . 2008-03-17 20:51 <DIR> dr------- C:\Users\jamie\Links
      2008-03-17 20:50 . 2008-04-02 22:06 <DIR> d-------- C:\Users\jamie\Downloads
      2008-03-17 20:50 . 2008-04-02 17:22 <DIR> dr------- C:\Users\jamie\Documents
      2008-03-17 20:50 . 2008-03-17 20:50 <DIR> dr------- C:\Users\jamie\Contacts
      2008-03-17 20:50 . 2006-11-02 14:37 <DIR> d-------- C:\Users\jamie\AppData\Roaming\Media Center Programs
      2008-03-17 20:50 . 2008-03-24 21:52 <DIR> d--h----- C:\Users\jamie\AppData
      2008-03-17 20:48 . 2008-03-17 20:48 <DIR> dr------- C:\Windows\System32\config\systemprofile\Contacts

      .
      ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
      .
      2008-04-02 19:56 --------- d-----w C:\ProgramData\BullGuard
      2008-03-31 20:32 --------- d--h--w C:\Program Files\InstallShield Installation Information
      2008-03-19 19:05 --------- d-----w C:\Program Files\Common Files\InstallShield
      2008-03-17 19:37 --------- d-----w C:\Program Files\Windows Sidebar
      2008-03-17 19:37 --------- d-----w C:\Program Files\Windows Mail
      2008-03-17 19:30 943,800 ----a-w C:\Windows\System32\winload.exe
      2008-03-17 19:27 803,328 ----a-w C:\Windows\system32\drivers\tcpip.sys
      2008-03-17 19:27 45,112 ----a-w C:\Windows\system32\drivers\pciidex.sys
      2008-03-17 19:27 24,064 ----a-w C:\Windows\System32\netcfg.exe
      2008-03-17 19:27 22,016 ----a-w C:\Windows\System32\netiougc.exe
      2008-03-17 19:27 216,632 ----a-w C:\Windows\system32\drivers\netio.sys
      2008-03-17 19:27 211,000 ----a-w C:\Windows\system32\drivers\volsnap.sys
      2008-03-17 19:27 21,560 ----a-w C:\Windows\system32\drivers\atapi.sys
      2008-03-17 19:27 17,976 ----a-w C:\Windows\system32\drivers\intelide.sys
      2008-03-17 19:27 167,424 ----a-w C:\Windows\System32\tcpipcfg.dll
      2008-03-17 19:27 154,624 ----a-w C:\Windows\system32\drivers\nwifi.sys
      2008-03-17 19:27 110,136 ----a-w C:\Windows\system32\drivers\ataport.sys
      2008-03-17 19:25 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll
      2008-03-17 19:25 449,536 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
      2008-03-17 19:25 2,144,256 ----a-w C:\Windows\AppPatch\AcGenral.dll
      2008-03-17 19:25 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
      2008-03-17 19:22 824,832 ----a-w C:\Windows\System32\wininet.dll
      2008-03-17 19:22 56,320 ----a-w C:\Windows\System32\iesetup.dll
      2008-03-17 19:22 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
      2008-03-17 19:22 26,624 ----a-w C:\Windows\System32\ieUnatt.exe
      2008-03-17 18:50 --------- d-sh--w C:\ProgramData\Sjablonen
      2008-03-17 18:50 --------- d-sh--w C:\ProgramData\Menu Start
      2008-03-17 18:50 --------- d-sh--w C:\ProgramData\Favorieten
      2008-03-17 18:50 --------- d-sh--w C:\ProgramData\Documenten
      2008-03-17 18:50 --------- d-sh--w C:\ProgramData\Bureaublad
      2008-01-14 10:56 53,080 ----a-w C:\Windows\System32\wuauclt.exe
      2008-01-14 10:56 43,352 ----a-w C:\Windows\System32\wups2.dll
      2008-01-14 10:56 1,712,984 ----a-w C:\Windows\System32\wuaueng.dll
      2008-01-14 10:56 1,524,224 ----a-w C:\Windows\System32\wucltux.dll
      2008-01-14 10:55 80,896 ----a-w C:\Windows\System32\wudriver.dll
      2008-01-14 10:55 549,720 ----a-w C:\Windows\System32\wuapi.dll
      2008-01-14 10:55 33,624 ----a-w C:\Windows\System32\wups.dll
      2008-01-14 10:55 31,232 ----a-w C:\Windows\System32\wuapp.exe
      2008-01-14 10:55 163,000 ----a-w C:\Windows\System32\wuwebv.dll
      2008-01-08 14:10 319,456 ----a-w C:\Windows\DIFxAPI.dll
      2008-01-08 14:08 315,392 ----a-w C:\Windows\HideWin.exe
      2008-01-08 13:19 174 --sha-w C:\Program Files\desktop.ini
      .

      ((((((((((((((((((((((((((((( [email protected]_21.30.14,32 )))))))))))))))))))))))))))))))))))))))))
      .
      - 2008-04-02 14:36:56 67,584 --s-a-w C:\Windows\bootstat.dat
      + 2008-04-02 19:54:40 67,584 --s-a-w C:\Windows\bootstat.dat
      - 2008-04-02 18:52:06 262,144 ----a-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\usrclass.dat
      + 2008-04-02 20:09:46 262,144 ----a-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\usrclass.dat
      - 2008-04-02 14:39:10 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
      + 2008-04-02 19:56:51 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
      + 2008-04-02 19:56:51 262,144 ---ha-w C:\Windows\ServiceProfiles\LocalService\ntuser.dat.LOG1
      - 2008-04-02 19:26:40 262,144 ----a-w C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\usrclass.dat
      + 2008-04-02 20:45:40 262,144 ----a-w C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\usrclass.dat
      - 2008-04-02 15:48:48 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
      + 2008-04-02 19:56:46 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
      + 2008-04-02 19:56:46 262,144 ---ha-w C:\Windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1
      - 2008-04-02 18:31:15 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.d at
      + 2008-04-02 20:33:55 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.d at
      - 2008-04-02 18:31:15 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
      + 2008-04-02 20:33:55 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
      - 2008-04-02 18:31:15 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
      + 2008-04-02 20:33:55 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
      - 2008-04-02 19:27:23 262,144 ----a-w C:\Windows\System32\config\systemprofile\ntuser.dat
      + 2008-04-02 20:46:21 262,144 ----a-w C:\Windows\System32\config\systemprofile\ntuser.dat
      + 2008-04-02 20:46:21 262,144 ---ha-w C:\Windows\System32\config\systemprofile\ntuser.dat.LOG1
      - 2008-04-02 18:33:53 107,614 ----a-w C:\Windows\System32\perfc009.dat
      + 2008-04-02 20:03:31 107,614 ----a-w C:\Windows\System32\perfc009.dat
      - 2008-04-02 18:33:53 127,416 ----a-w C:\Windows\System32\perfc013.dat
      + 2008-04-02 20:03:31 127,416 ----a-w C:\Windows\System32\perfc013.dat
      - 2008-04-02 18:33:53 618,470 ----a-w C:\Windows\System32\perfh009.dat
      + 2008-04-02 20:03:31 618,470 ----a-w C:\Windows\System32\perfh009.dat
      - 2008-04-02 18:33:53 699,276 ----a-w C:\Windows\System32\perfh013.dat
      + 2008-04-02 20:03:31 699,276 ----a-w C:\Windows\System32\perfh013.dat
      - 2008-04-02 14:39:36 4,928 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2647415776-350541049-2584541440-1000_UserData.bin
      + 2008-04-02 19:57:22 5,126 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2647415776-350541049-2584541440-1000_UserData.bin
      - 2008-04-02 14:39:36 48,706 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
      + 2008-04-02 19:57:21 48,746 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
      - 2008-04-02 14:39:33 28,842 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
      + 2008-04-02 19:57:17 29,220 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
      .
      -- Snapshot reset to current date --
      .
      ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
      .
      .
      REGEDIT4
      *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

      [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-03-17 21:25 1232896]
      "BullGuard"="C:\Program Files\BullGuard Software\BullGuard\BullGuard.exe" [2008-03-17 21:13 308552]
      "ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 14:35 125440]
      "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-12-23 19:05 143360]
      "BitTorrent DNA"="C:\Users\jamie\Program Files\DNA\btdna.exe" [2008-04-01 17:52 288576]
      "WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 14:36 201728]
      "cmds"="C:\Users\jamie\AppData\Local\Temp\geBtUnnl.dll" [2008-04-02 11:28 265728]

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2007-10-16 14:25 1006264]
      "IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-07-12 17:36 178712]
      "RtHDVCpl"="RtHDVCpl.exe" [2007-12-05 03:31 4710400 C:\Windows\RtHDVCpl.exe]
      "Skytel"="Skytel.exe" [2007-11-20 10:15 1826816 C:\Windows\SkyTel.exe]
      "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2007-01-05 08:18 827392]
      "NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-10-23 15:03 86016]
      "NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-10-23 15:03 8501792]
      "NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-10-23 15:03 81920]
      "GenePccMon.exe"="C:\Program Files\Genesys PC Camera Device\GenePccMon.exe" [2007-02-13 08:21 36864]
      "ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-08-11 17:30 81920]
      "QuickFinder Scheduler"="C:\Program Files\WordPerfect Office X3\Programs\QFSCHD130.EXE" [2006-07-05 01:01 77892]
      "BullGuard"="C:\Program Files\BullGuard Software\BullGuard\bullguard.exe" [2008-03-17 21:13 308552]
      "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 02:11 132496]
      "NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 16:40 155648]
      "Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-01-14 13:17 220160]
      "toolbar_eula_launcher"="C:\Program Files\GoogleEULA\EULALauncher.exe" [2007-02-09 16:54 16896]
      "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
      "Windows Mobile Device Center"="%windir%\WindowsMobile\wmdc.exe" [ ]

      [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
      "TCP Query User{80CAF260-587B-40A1-A037-607D7BC91718}C:\\program files\\ea games\\need for speed underground 2\\speed2.exe"= UDP:C:\program files\ea games\need for speed underground 2\speed2.exe:speed2
      "UDP Query User{15C9E0BF-828E-4007-B256-597EB1696D0C}C:\\program files\\ea games\\need for speed underground 2\\speed2.exe"= TCP:C:\program files\ea games\need for speed underground 2\speed2.exe:speed2
      "TCP Query User{F2E2B5E0-597F-421F-AA69-D70591395CAD}C:\\program files\\limewire plus\\limewire.exe"= UDP:C:\program files\limewire plus\limewire.exe:LimeWire
      "UDP Query User{01F5895D-A08A-4D1D-B027-4064496BB126}C:\\program files\\limewire plus\\limewire.exe"= TCP:C:\program files\limewire plus\limewire.exe:LimeWire
      "{7DCBBB21-73C3-437B-9806-B0F9E4D6D991}"= UDP:C:\Program Files\DNA\btdna.exeNA
      "{B9354E4F-41CD-45C2-A932-491C7C46B58D}"= TCP:C:\Program Files\DNA\btdna.exeNA
      "{99C58959-29A3-4A29-96CC-6BFF0EE4029B}"= UDP:C:\Users\jamie\programma's\BitTorrent\bittorrent.exe:BitTorrent
      "{259C54F2-96B4-4339-A399-E80C83E287B5}"= TCP:C:\Users\jamie\programma's\BitTorrent\bittorrent.exe:BitTorrent
      "TCP Query User{8923067A-2596-4B85-8307-1EB58F64E168}C:\\program files\\bearshare applications\\bearshare\\bearshare.exe"= UDP:C:\program files\bearshare applications\bearshare\bearshare.exe:BearShare
      "UDP Query User{E8602E20-A7C7-46FD-BF4A-6D52FA2E379D}C:\\program files\\bearshare applications\\bearshare\\bearshare.exe"= TCP:C:\program files\bearshare applications\bearshare\bearshare.exe:BearShare
      "{F3FECF57-D924-4EED-98FC-DC53060C20E2}"= UDP:C:\Users\jamie\Downloads\BitTorrent\bittorrent.exe:BitTorrent
      "{EE5939C0-2DD4-42E1-8B20-E217EC039F49}"= TCP:C:\Users\jamie\Downloads\BitTorrent\bittorrent.exe:BitTorrent
      "TCP Query User{76B955E3-093C-4E47-8CF5-53D81892F69C}C:\\users\\jamie\\downloads\\bittorrent\\bittorrent.exe"= UDP:C:\users\jamie\downloads\bittorrent\bittorrent.exe:bittorrent.exe
      "UDP Query User{34F3F91F-26AD-4287-BFEF-0CC28D7CFEA8}C:\\users\\jamie\\downloads\\bittorrent\\bittorrent.exe"= TCP:C:\users\jamie\downloads\bittorrent\bittorrent.exe:bittorrent.exe
      "TCP Query User{23E44C77-539B-45CA-B0EB-5D09E6C5D0CF}C:\\users\\jamie\\program files\\dna\\btdna.exe"= UDP:C:\users\jamie\program files\dna\btdna.exe:btdna.exe
      "UDP Query User{96C4B857-E8B0-4A1F-936B-A4954005BB4E}C:\\users\\jamie\\program files\\dna\\btdna.exe"= TCP:C:\users\jamie\program files\dna\btdna.exe:btdna.exe
      "TCP Query User{B140F037-BFAD-4EC9-B0D7-A7490605CFD0}C:\\users\\jamie\\downloads\\azureus\\azureus.exe"= UDP:C:\users\jamie\downloads\azureus\azureus.exe:azureus.exe
      "UDP Query User{EDB903AE-810C-4F0D-BA0F-E36B37BBFF0B}C:\\users\\jamie\\downloads\\azureus\\azureus.exe"= TCP:C:\users\jamie\downloads\azureus\azureus.exe:azureus.exe

      [HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
      "DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

      [HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
      "C:\\Users\\jamie\\programma's\\BitTorrent\\bittorrent.exe"= C:\Users\jamie\programma's\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent
      "C:\\Users\\jamie\\Downloads\\BitTorrent\\bittorrent.exe"= C:\Users\jamie\Downloads\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent

      R2 BdFileSpy;BullGuard File Monitor Driver;C:\Windows\system32\drivers\BdFileSpy.sys [2008-03-17 21:13]
      R2 BsFileScan;BullGuard File Scan Service;C:\Windows\System32\svchost.exe [2006-11-02 11:45]
      R2 RapiMgr;Windows Mobile-based device connectivity;C:\Windows\system32\svchost.exe [2006-11-02 11:45]
      R2 TOSHIBA Bluetooth Service;TOSHIBA Bluetooth Service;C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe [2007-02-25 22:55]
      R2 WcesComm;Windows Mobile-2003-based device connectivity;C:\Windows\system32\svchost.exe [2006-11-02 11:45]
      R3 DCamUSBGene;GenesysLogic USB2.0 PC Camera;C:\Windows\system32\DRIVERS\usbgene.sys [2007-06-26 04:44]
      R3 netr28;Ralink 802.11n Wireless Driver for Windows Vista;C:\Windows\system32\DRIVERS\netr28.sys [2007-11-21 12:17]
      R3 Reconn;BullGuard Email Monitor;C:\Program Files\BullGuard Software\BullGuard\reconn.sys [2007-05-16 13:07]
      R3 RTSTOR;USB Mass Storage Device;C:\Windows\system32\drivers\RTSTOR.SYS [2007-11-09 23:30]

      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
      bthsvcs REG_MULTI_SZ BthServ
      BullGuard REG_MULTI_SZ BgMainSvc BsFileScan BsMailProxy
      WindowsMobile REG_MULTI_SZ wcescomm rapimgr
      LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr

      .
      **************************************************************************

      catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
      Rootkit scan 2008-04-02 22:48:37
      Windows 6.0.6000 NTFS

      scannen van verborgen processen ...

      scannen van verborgen autostart items ...

      HKLM\Software\Microsoft\Windows\CurrentVersion\Run
      GenePccMon.exe = C:\Program Files\Genesys PC Camera Device\GenePccMon.exe??????????????????????????????????????????????????????????????????????????????? ????????????????????????

      scannen van verborgen bestanden ...

      Scan succesvol afgerond
      verborgen bestanden: 0

      **************************************************************************
      .
      --------------------- DLLs Geladen Onder Lopende Processen ---------------------

      PROCESS: C:\Windows\Explorer.exe
      -> C:\Users\jamie\AppData\Local\Temp\geBtUnnl.dll
      .
      Voltooingstijd: 2008-04-02 22:49:19
      ComboFix-quarantined-files.txt 2008-04-02 20:49:14
      ComboFix2.txt 2008-04-02 19:30:37
      Pre-Run: 174,869,991,424 bytes beschikbaar
      Post-Run: 174,841,303,040 bytes beschikbaar
      .
      2008-04-02 14:28:49 --- E O F ---





      Logfile of Trend Micro HijackThis v2.0.2
      Scan saved at 22:20:24, on 2-4-2008
      Platform: Windows Vista (WinNT 6.00.1904)
      MSIE: Internet Explorer v7.00 (7.00.6000.16609)
      Boot mode: Normal

      Running processes:
      C:\Windows\system32\Dwm.exe
      C:\Windows\Explorer.EXE
      C:\Windows\system32\taskeng.exe
      C:\Program Files\Windows Defender\MSASCui.exe
      C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
      C:\Windows\RtHDVCpl.exe
      C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
      C:\Windows\System32\rundll32.exe
      C:\Program Files\Genesys PC Camera Device\GenePccMon.exe
      C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
      C:\Windows\WindowsMobile\wmdc.exe
      C:\Program Files\Windows Sidebar\sidebar.exe
      C:\Program Files\BullGuard Software\BullGuard\BullGuard.exe
      C:\Windows\ehome\ehtray.exe
      C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
      C:\Users\jamie\Program Files\DNA\btdna.exe
      C:\Program Files\Windows Media Player\wmpnscfg.exe
      C:\Windows\System32\rundll32.exe
      C:\Windows\System32\rundll32.exe
      C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
      C:\Windows\ehome\ehmsas.exe
      C:\Program Files\Internet Explorer\ieuser.exe
      C:\Program Files\Internet Explorer\iexplore.exe
      C:\Program Files\Internet Explorer\iexplore.exe
      C:\Windows\system32\SearchFilterHost.exe
      C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.nucia.eu/forum/forumdisplay.php?f=41
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
      O1 - Hosts: ::1 localhost
      O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
      O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
      O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
      O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
      O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
      O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
      O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
      O4 - HKLM\..\Run: [Skytel] Skytel.exe
      O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
      O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
      O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
      O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
      O4 - HKLM\..\Run: [GenePccMon.exe] C:\Program Files\Genesys PC Camera Device\GenePccMon.exe
      O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
      O4 - HKLM\..\Run: [QuickFinder Scheduler] "C:\Program Files\WordPerfect Office X3\Programs\QFSCHD130.EXE"
      O4 - HKLM\..\Run: [BullGuard] "C:\Program Files\BullGuard Software\BullGuard\bullguard.exe" -boot
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
      O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
      O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
      O4 - HKLM\..\Run: [toolbar_eula_launcher] C:\Program Files\GoogleEULA\EULALauncher.exe
      O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
      O4 - HKLM\..\Run: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe
      O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
      O4 - HKCU\..\Run: [BullGuard] "C:\Program Files\BullGuard Software\BullGuard\BullGuard.exe"
      O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
      O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
      O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Users\jamie\Program Files\DNA\btdna.exe"
      O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
      O4 - HKCU\..\Run: [cmds] rundll32.exe C:\Users\jamie\AppData\Local\Temp\geBtUnnl.dll,c
      O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
      O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
      O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
      O8 - Extra context menu item: Open with WordPerfect - C:\Program Files\WordPerfect Office X3\Programs\WPLauncher.hta
      O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
      O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
      O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
      O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
      O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
      O13 - Gopher Prefix:
      O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
      O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
      O23 - Service: BullGuard LiveUpdate (BGLiveSvc) - BullGuard Software - C:\Program Files\BullGuard Software\BullGuard\BullGuardUpdate.exe
      O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktopManager.exe
      O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
      O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
      O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
      O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
      O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
      O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe

      --
      End of file - 7176 bytes

      Comment


      • #4
        Open Kladblok, kopiëer en plak het volgende (vetgedrukte tekst) in een leeg venster:

        File::
        C:\Users\jamie\AppData\Local\Temp\geBtUnnl.dll

        Registry::
        [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
        "cmds"=-

        Sla dit op op je Bureaublad als CFScript.txt

        Sleep CFScript.txt in ComboFix.exe zoals getoond in onderstaand voorbeeld :



        Dit zal ComboFix doen herstarten.
        Start opnieuw op als daarom gevraagd wordt,
        en post de inhoud van de Combofix.txt in je volgende antwoord

        Nog problemen?
        Groet,
        Pimmerd

        Comment


        • #5
          ComboFix 08-04-02.1 - jamie 2008-04-02 23:04:52.3 - NTFSx86
          Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1043.18.1114 [GMT 2:00]
          Gestart vanuit: C:\Users\jamie\Desktop\ComboFix.exe
          Command switches used :: C:\Users\jamie\Desktop\CFScript.txt
          * Nieuw herstelpunt werd aangemaakt
          * Resident AV is active


          FILE ::
          C:\Users\jamie\AppData\Local\Temp\geBtUnnl.dll
          .

          (((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
          .

          C:\Users\jamie\AppData\Local\Temp\geBtUnnl.dll

          .
          (((((((((((((((((((( Bestanden Gemaakt van 2008-03-02 to 2008-04-02 ))))))))))))))))))))))))))))))
          .

          2008-04-02 22:20 . 2008-04-02 22:20 <DIR> d-------- C:\Program Files\Trend Micro
          2008-04-02 21:25 . 2008-04-02 21:30 <DIR> d-------- C:\ComboFix[1]
          2008-04-02 20:31 . 2008-04-02 20:53 <DIR> d-a------ C:\Users\All Users\TEMP
          2008-04-02 20:31 . 2008-04-02 20:53 <DIR> d-a------ C:\ProgramData\TEMP
          2008-04-02 17:43 . 2008-04-02 17:48 <DIR> d-------- C:\Users\jamie\AppData\Roaming\Azureus
          2008-04-02 17:43 . 2008-04-02 17:43 <DIR> d-------- C:\Users\All Users\Azureus
          2008-04-02 17:43 . 2008-04-02 17:43 <DIR> d-------- C:\ProgramData\Azureus
          2008-04-02 16:35 . 2008-04-02 16:35 2,560 --a------ C:\Windows\_MSRSTRT.EXE
          2008-04-02 09:07 . 2008-04-02 09:07 <DIR> d-------- C:\Program Files\MSECache
          2008-04-01 21:59 . 2008-04-02 22:51 <DIR> d-------- C:\My Downloads
          2008-04-01 21:59 . 2007-11-22 16:00 483,328 --a------ C:\Windows\System32\actskn45.ocx
          2008-04-01 17:52 . 2008-04-01 17:52 <DIR> d-------- C:\Users\jamie\Program Files
          2008-03-31 22:21 . 2008-04-02 23:06 <DIR> d-------- C:\Users\jamie\AppData\Roaming\DNA
          2008-03-31 22:21 . 2008-03-31 22:21 <DIR> d-------- C:\Program Files\DNA
          2008-03-29 22:36 . 2008-04-02 09:00 <DIR> d-------- C:\Users\jamie\AppData\Roaming\Corel
          2008-03-29 21:30 . 2008-03-31 22:34 <DIR> d-------- C:\Users\jamie\programma's
          2008-03-28 21:04 . 2008-03-29 13:44 <DIR> d-------- C:\Users\jamie\winrar bestanden
          2008-03-28 15:30 . 2008-03-28 15:30 <DIR> d-------- C:\Windows\System32\Adobe
          2008-03-27 13:04 . 2008-03-27 13:05 <DIR> d-------- C:\Program Files\Common Files\Adobe
          2008-03-25 20:58 . 2008-03-25 23:32 <DIR> d-------- C:\Program Files\Belastingdienst
          2008-03-24 20:29 . 2008-03-24 21:51 <DIR> d-------- C:\Users\jamie\AppData\Roaming\Ahead
          2008-03-22 19:45 . 2008-03-22 19:45 <DIR> d-------- C:\Windows\System32\URTTEMP
          2008-03-22 19:10 . 2008-03-22 19:10 <DIR> d-------- C:\Program Files\EA GAMES
          2008-03-22 18:50 . 2008-03-22 18:50 <DIR> d-------- C:\Program Files\Masc software
          2008-03-22 18:24 . 2008-03-22 18:49 <DIR> d-------- C:\Program Files\MASC Software BV
          2008-03-21 17:32 . 2008-03-21 17:32 <DIR> dr------- C:\Windows\System32\config\systemprofile\Music
          2008-03-20 21:00 . 2008-04-01 21:41 <DIR> d-------- C:\Users\jamie\AppData\Roaming\LimeWirePlus
          2008-03-20 21:00 . 2008-04-02 16:36 <DIR> d-------- C:\Program Files\LimewirePlus
          2008-03-20 19:09 . 2008-03-20 19:09 14,152 --a------ C:\Windows\System32\lccl.dll
          2008-03-20 19:09 . 2008-03-20 19:09 14,152 --a------ C:\Windows\System32\client_cc.dll
          2008-03-19 21:16 . 2008-03-19 21:16 <DIR> d-------- C:\Program Files\directx
          2008-03-17 22:03 . 2008-03-17 22:03 <DIR> d-------- C:\Program Files\Toshiba
          2008-03-17 21:32 . 2008-03-17 21:32 194,560 --a------ C:\Windows\System32\WebClnt.dll
          2008-03-17 21:32 . 2008-03-17 21:32 110,080 --a------ C:\Windows\System32\drivers\mrxdav.sys
          2008-03-17 21:29 . 2008-03-31 15:45 82,171 --a------ C:\Users\jamie\AppData\Roaming\nvModes.dat
          2008-03-17 21:28 . 2008-03-17 21:28 3,504,696 --a------ C:\Windows\System32\ntkrnlpa.exe
          2008-03-17 21:28 . 2008-03-17 21:28 3,470,392 --a------ C:\Windows\System32\ntoskrnl.exe
          2008-03-17 21:28 . 2008-03-17 21:28 1,060,920 --a------ C:\Windows\System32\drivers\ntfs.sys
          2008-03-17 21:28 . 2008-03-17 21:28 41,984 --a------ C:\Windows\System32\drivers\monitor.sys
          2008-03-17 21:26 . 2008-03-17 21:26 1,327,104 --a------ C:\Windows\System32\quartz.dll
          2008-03-17 21:26 . 2008-03-17 21:26 223,232 --a------ C:\Windows\System32\WMASF.DLL
          2008-03-17 21:26 . 2008-03-17 21:26 9,728 --a------ C:\Windows\System32\LAPRXY.DLL
          2008-03-17 21:26 . 2008-03-17 21:26 2,048 --a------ C:\Windows\System32\asferror.dll
          2008-03-17 21:25 . 2008-03-17 21:25 4,247,552 --a------ C:\Windows\System32\GameUXLegacyGDFs.dll
          2008-03-17 21:25 . 2008-03-17 21:25 1,686,528 --a------ C:\Windows\System32\gameux.dll
          2008-03-17 21:25 . 2008-03-17 21:25 11,776 --a------ C:\Windows\System32\sbunattend.exe
          2008-03-17 21:24 . 2008-03-17 21:24 <DIR> d-------- C:\Windows\System32\Macromed
          2008-03-17 21:24 . 2008-03-17 21:24 130,048 --a------ C:\Windows\System32\drivers\srv2.sys
          2008-03-17 21:24 . 2008-03-17 21:24 101,888 --a------ C:\Windows\System32\drivers\mrxsmb.sys
          2008-03-17 21:24 . 2008-03-17 21:24 84,992 --a------ C:\Windows\System32\drivers\srvnet.sys
          2008-03-17 21:24 . 2008-03-17 21:24 58,368 --a------ C:\Windows\System32\drivers\mrxsmb20.sys
          2008-03-17 21:21 . 2008-03-17 21:21 1,244,672 --a------ C:\Windows\System32\mcmde.dll
          2008-03-17 21:13 . 2008-03-17 21:13 50,896 --a------ C:\Windows\System32\drivers\BdFileSpy.sys
          2008-03-17 20:51 . 2008-03-17 20:51 <DIR> dr------- C:\Users\jamie\Searches
          2008-03-17 20:51 . 2008-04-02 11:55 <DIR> d-------- C:\Users\jamie\AppData\Roaming\BullGuard
          2008-03-17 20:50 . 2008-03-29 21:43 <DIR> dr------- C:\Users\jamie\Videos
          2008-03-17 20:50 . 2008-03-17 22:39 <DIR> dr------- C:\Users\jamie\Saved Games
          2008-03-17 20:50 . 2008-03-29 22:40 <DIR> dr------- C:\Users\jamie\Pictures
          2008-03-17 20:50 . 2008-04-02 17:48 <DIR> dr------- C:\Users\jamie\Music
          2008-03-17 20:50 . 2008-03-17 20:51 <DIR> dr------- C:\Users\jamie\Links
          2008-03-17 20:50 . 2008-04-02 22:06 <DIR> d-------- C:\Users\jamie\Downloads
          2008-03-17 20:50 . 2008-04-02 17:22 <DIR> dr------- C:\Users\jamie\Documents
          2008-03-17 20:50 . 2008-03-17 20:50 <DIR> dr------- C:\Users\jamie\Contacts
          2008-03-17 20:50 . 2006-11-02 14:37 <DIR> d-------- C:\Users\jamie\AppData\Roaming\Media Center Programs
          2008-03-17 20:50 . 2008-03-24 21:52 <DIR> d--h----- C:\Users\jamie\AppData
          2008-03-17 20:48 . 2008-03-17 20:48 <DIR> dr------- C:\Windows\System32\config\systemprofile\Contacts

          .
          ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
          .
          2008-04-02 19:56 --------- d-----w C:\ProgramData\BullGuard
          2008-03-31 20:32 --------- d--h--w C:\Program Files\InstallShield Installation Information
          2008-03-19 19:05 --------- d-----w C:\Program Files\Common Files\InstallShield
          2008-03-17 19:37 --------- d-----w C:\Program Files\Windows Sidebar
          2008-03-17 19:37 --------- d-----w C:\Program Files\Windows Mail
          2008-03-17 19:34 28,344 ----a-w C:\Windows\system32\drivers\battc.sys
          2008-03-17 19:34 258,232 ----a-w C:\Windows\system32\drivers\acpi.sys
          2008-03-17 19:34 20,920 ----a-w C:\Windows\system32\drivers\compbatt.sys
          2008-03-17 19:34 2,923,520 ----a-w C:\Windows\explorer.exe
          2008-03-17 19:34 14,208 ----a-w C:\Windows\system32\drivers\CmBatt.sys
          2008-03-17 19:30 54,784 ----a-w C:\Windows\system32\drivers\i8042prt.sys
          2008-03-17 19:30 495,160 ----a-w C:\Windows\system32\drivers\Wdf01000.sys
          2008-03-17 19:30 35,384 ----a-w C:\Windows\system32\drivers\WdfLdr.sys
          2008-03-17 19:30 35,384 ----a-w C:\Windows\system32\drivers\kbdclass.sys
          2008-03-17 19:30 34,360 ----a-w C:\Windows\system32\drivers\mouclass.sys
          2008-03-17 19:30 19,968 ----a-w C:\Windows\system32\drivers\sermouse.sys
          2008-03-17 19:30 15,872 ----a-w C:\Windows\system32\drivers\mouhid.sys
          2008-03-17 19:27 803,328 ----a-w C:\Windows\system32\drivers\tcpip.sys
          2008-03-17 19:27 45,112 ----a-w C:\Windows\system32\drivers\pciidex.sys
          2008-03-17 19:27 216,632 ----a-w C:\Windows\system32\drivers\netio.sys
          2008-03-17 19:27 211,000 ----a-w C:\Windows\system32\drivers\volsnap.sys
          2008-03-17 19:27 21,560 ----a-w C:\Windows\system32\drivers\atapi.sys
          2008-03-17 19:27 17,976 ----a-w C:\Windows\system32\drivers\intelide.sys
          2008-03-17 19:27 154,624 ----a-w C:\Windows\system32\drivers\nwifi.sys
          2008-03-17 19:27 110,136 ----a-w C:\Windows\system32\drivers\ataport.sys
          2008-03-17 19:25 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll
          2008-03-17 19:25 449,536 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
          2008-03-17 19:25 2,144,256 ----a-w C:\Windows\AppPatch\AcGenral.dll
          2008-03-17 19:25 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
          2008-03-17 19:22 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
          2008-03-17 18:50 --------- d-sh--w C:\ProgramData\Sjablonen
          2008-03-17 18:50 --------- d-sh--w C:\ProgramData\Menu Start
          2008-03-17 18:50 --------- d-sh--w C:\ProgramData\Favorieten
          2008-03-17 18:50 --------- d-sh--w C:\ProgramData\Documenten
          2008-03-17 18:50 --------- d-sh--w C:\ProgramData\Bureaublad
          2008-01-08 14:10 319,456 ----a-w C:\Windows\DIFxAPI.dll
          2008-01-08 14:08 315,392 ----a-w C:\Windows\HideWin.exe
          2008-01-08 13:19 174 --sha-w C:\Program Files\desktop.ini
          .

          ((((((((((((((((((((((((((((( snapshot_2008-04-02_22.48.59,60 )))))))))))))))))))))))))))))))))))))))))
          .
          - 2008-04-02 19:54:40 67,584 --s-a-w C:\Windows\bootstat.dat
          + 2008-04-02 21:08:06 67,584 --s-a-w C:\Windows\bootstat.dat
          - 2008-04-02 20:09:46 262,144 ----a-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\usrclass.dat
          + 2008-04-02 21:09:19 262,144 ----a-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\usrclass.dat
          - 2008-04-02 19:56:51 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
          + 2008-04-02 21:09:10 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
          + 2008-04-02 21:09:10 262,144 ---ha-w C:\Windows\ServiceProfiles\LocalService\ntuser.dat.LOG1
          - 2008-04-02 20:45:40 262,144 ----a-w C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\usrclass.dat
          + 2008-04-02 21:09:16 262,144 ----a-w C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\usrclass.dat
          - 2008-04-02 19:56:46 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
          + 2008-04-02 21:09:10 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
          + 2008-04-02 21:09:10 262,144 ---ha-w C:\Windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1
          .
          ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
          .
          .
          REGEDIT4
          *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

          [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
          "Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-03-17 21:25 1232896]
          "BullGuard"="C:\Program Files\BullGuard Software\BullGuard\BullGuard.exe" [2008-03-17 21:13 308552]
          "ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 14:35 125440]
          "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-12-23 19:05 143360]
          "BitTorrent DNA"="C:\Users\jamie\Program Files\DNA\btdna.exe" [2008-04-01 17:52 288576]
          "WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 14:36 201728]

          [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
          "Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2007-10-16 14:25 1006264]
          "IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-07-12 17:36 178712]
          "RtHDVCpl"="RtHDVCpl.exe" [2007-12-05 03:31 4710400 C:\Windows\RtHDVCpl.exe]
          "Skytel"="Skytel.exe" [2007-11-20 10:15 1826816 C:\Windows\SkyTel.exe]
          "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2007-01-05 08:18 827392]
          "NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-10-23 15:03 86016]
          "NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-10-23 15:03 8501792]
          "NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-10-23 15:03 81920]
          "GenePccMon.exe"="C:\Program Files\Genesys PC Camera Device\GenePccMon.exe" [2007-02-13 08:21 36864]
          "ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-08-11 17:30 81920]
          "QuickFinder Scheduler"="C:\Program Files\WordPerfect Office X3\Programs\QFSCHD130.EXE" [2006-07-05 01:01 77892]
          "BullGuard"="C:\Program Files\BullGuard Software\BullGuard\bullguard.exe" [2008-03-17 21:13 308552]
          "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 02:11 132496]
          "NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 16:40 155648]
          "Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-01-14 13:17 220160]
          "toolbar_eula_launcher"="C:\Program Files\GoogleEULA\EULALauncher.exe" [2007-02-09 16:54 16896]
          "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
          "Windows Mobile Device Center"="%windir%\WindowsMobile\wmdc.exe" [ ]

          [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
          "TCP Query User{80CAF260-587B-40A1-A037-607D7BC91718}C:\\program files\\ea games\\need for speed underground 2\\speed2.exe"= UDP:C:\program files\ea games\need for speed underground 2\speed2.exe:speed2
          "UDP Query User{15C9E0BF-828E-4007-B256-597EB1696D0C}C:\\program files\\ea games\\need for speed underground 2\\speed2.exe"= TCP:C:\program files\ea games\need for speed underground 2\speed2.exe:speed2
          "TCP Query User{F2E2B5E0-597F-421F-AA69-D70591395CAD}C:\\program files\\limewire plus\\limewire.exe"= UDP:C:\program files\limewire plus\limewire.exe:LimeWire
          "UDP Query User{01F5895D-A08A-4D1D-B027-4064496BB126}C:\\program files\\limewire plus\\limewire.exe"= TCP:C:\program files\limewire plus\limewire.exe:LimeWire
          "{7DCBBB21-73C3-437B-9806-B0F9E4D6D991}"= UDP:C:\Program Files\DNA\btdna.exeNA
          "{B9354E4F-41CD-45C2-A932-491C7C46B58D}"= TCP:C:\Program Files\DNA\btdna.exeNA
          "{99C58959-29A3-4A29-96CC-6BFF0EE4029B}"= UDP:C:\Users\jamie\programma's\BitTorrent\bittorrent.exe:BitTorrent
          "{259C54F2-96B4-4339-A399-E80C83E287B5}"= TCP:C:\Users\jamie\programma's\BitTorrent\bittorrent.exe:BitTorrent
          "TCP Query User{8923067A-2596-4B85-8307-1EB58F64E168}C:\\program files\\bearshare applications\\bearshare\\bearshare.exe"= UDP:C:\program files\bearshare applications\bearshare\bearshare.exe:BearShare
          "UDP Query User{E8602E20-A7C7-46FD-BF4A-6D52FA2E379D}C:\\program files\\bearshare applications\\bearshare\\bearshare.exe"= TCP:C:\program files\bearshare applications\bearshare\bearshare.exe:BearShare
          "{F3FECF57-D924-4EED-98FC-DC53060C20E2}"= UDP:C:\Users\jamie\Downloads\BitTorrent\bittorrent.exe:BitTorrent
          "{EE5939C0-2DD4-42E1-8B20-E217EC039F49}"= TCP:C:\Users\jamie\Downloads\BitTorrent\bittorrent.exe:BitTorrent
          "TCP Query User{76B955E3-093C-4E47-8CF5-53D81892F69C}C:\\users\\jamie\\downloads\\bittorrent\\bittorrent.exe"= UDP:C:\users\jamie\downloads\bittorrent\bittorrent.exe:bittorrent.exe
          "UDP Query User{34F3F91F-26AD-4287-BFEF-0CC28D7CFEA8}C:\\users\\jamie\\downloads\\bittorrent\\bittorrent.exe"= TCP:C:\users\jamie\downloads\bittorrent\bittorrent.exe:bittorrent.exe
          "TCP Query User{23E44C77-539B-45CA-B0EB-5D09E6C5D0CF}C:\\users\\jamie\\program files\\dna\\btdna.exe"= UDP:C:\users\jamie\program files\dna\btdna.exe:btdna.exe
          "UDP Query User{96C4B857-E8B0-4A1F-936B-A4954005BB4E}C:\\users\\jamie\\program files\\dna\\btdna.exe"= TCP:C:\users\jamie\program files\dna\btdna.exe:btdna.exe
          "TCP Query User{B140F037-BFAD-4EC9-B0D7-A7490605CFD0}C:\\users\\jamie\\downloads\\azureus\\azureus.exe"= UDP:C:\users\jamie\downloads\azureus\azureus.exe:azureus.exe
          "UDP Query User{EDB903AE-810C-4F0D-BA0F-E36B37BBFF0B}C:\\users\\jamie\\downloads\\azureus\\azureus.exe"= TCP:C:\users\jamie\downloads\azureus\azureus.exe:azureus.exe

          [HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
          "DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

          [HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
          "C:\\Users\\jamie\\programma's\\BitTorrent\\bittorrent.exe"= C:\Users\jamie\programma's\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent
          "C:\\Users\\jamie\\Downloads\\BitTorrent\\bittorrent.exe"= C:\Users\jamie\Downloads\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent

          R2 BdFileSpy;BullGuard File Monitor Driver;C:\Windows\system32\drivers\BdFileSpy.sys [2008-03-17 21:13]
          R2 BsFileScan;BullGuard File Scan Service;C:\Windows\System32\svchost.exe [2006-11-02 11:45]
          R2 RapiMgr;Windows Mobile-based device connectivity;C:\Windows\system32\svchost.exe [2006-11-02 11:45]
          R2 TOSHIBA Bluetooth Service;TOSHIBA Bluetooth Service;C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe [2007-02-25 22:55]
          R2 WcesComm;Windows Mobile-2003-based device connectivity;C:\Windows\system32\svchost.exe [2006-11-02 11:45]
          R3 DCamUSBGene;GenesysLogic USB2.0 PC Camera;C:\Windows\system32\DRIVERS\usbgene.sys [2007-06-26 04:44]
          R3 netr28;Ralink 802.11n Wireless Driver for Windows Vista;C:\Windows\system32\DRIVERS\netr28.sys [2007-11-21 12:17]
          R3 Reconn;BullGuard Email Monitor;C:\Program Files\BullGuard Software\BullGuard\reconn.sys [2007-05-16 13:07]
          R3 RTSTOR;USB Mass Storage Device;C:\Windows\system32\drivers\RTSTOR.SYS [2007-11-09 23:30]

          [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
          bthsvcs REG_MULTI_SZ BthServ
          BullGuard REG_MULTI_SZ BgMainSvc BsFileScan BsMailProxy
          WindowsMobile REG_MULTI_SZ wcescomm rapimgr
          LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr

          .
          **************************************************************************

          catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
          Rootkit scan 2008-04-02 23:09:21
          Windows 6.0.6000 NTFS

          scannen van verborgen processen ...

          scannen van verborgen autostart items ...

          scannen van verborgen bestanden ...

          Scan succesvol afgerond
          verborgen bestanden: 0

          **************************************************************************
          .
          ------------------------ Other Running Processes ------------------------
          .
          C:\Program Files\BullGuard Software\BullGuard\BullGuardUpdate.exe
          C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
          C:\Program Files\Common Files\LightScribe\LSSrvc.exe
          C:\Windows\system32\WUDFHost.exe
          C:\Windows\system32\conime.exe
          C:\Windows\System32\rundll32.exe
          C:\Windows\System32\rundll32.exe
          C:\Windows\WindowsMobile\wmdc.exe
          C:\Windows\ehome\ehmsas.exe
          C:\Program Files\Windows Media Player\wmpnetwk.exe
          C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
          C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
          .
          **************************************************************************
          .
          Voltooingstijd: 2008-04-02 23:11:55 - machine was rebooted
          ComboFix-quarantined-files.txt 2008-04-02 21:11:46
          ComboFix2.txt 2008-04-02 20:49:20
          ComboFix3.txt 2008-04-02 19:30:37
          Pre-Run: 174,100,811,776 bytes beschikbaar
          Post-Run: 173,971,558,400 bytes beschikbaar
          .
          2008-04-02 14:28:49 --- E O F ---

          Comment


          • #6
            hij geeft nog steeds aan dat hij deze virus heeft

            Comment


            • #7
              ik heb mn laptop opnieuw opgestart en de virus scanner er opnieuw overheen gejaagd en nu hem ik die virus niet meer ik ben je zeer dankbaar !!!!

              echt knap dat je dat allemaal weet hoe je dat moet doen nogmaals bedankt

              Comment


              • #8
                Logje ziet er weer goed uit

                Deinstalleer Combofix:
                Ga naar start --> uitvoeren en typ daar: combofix /u
                Combofix wordt nu verwijderd en er wordt een nieuw herstelpunt aangemaakt.

                * Clean de Cache and Cookies in IE:

                * Sluit Internet Explorer.
                * Ga naar Configuratiescherm > Internet Opties > tab Algemeen
                * Klik de Cookies verwijderen knop
                * Klik op de Bestanden verwijderen knop ernaast
                * Vink aan: Ook alle off line items verwijderen, klik OK

                * Clean de Cache and Cookies in Firefox (In geval Firefox geïnstalleerd is):

                * Go to Extra > Opties.
                * Klik Privacy in het menu.
                * Klik op de knop wissen (Geschiedenis, Cookies, Cache).
                * Klik OK om het venster opnieuw te sluiten.

                * Clean andere Temporary files + Prullenbak

                * Ga naar Start > Uitvoeren en typ: cleanmgr en klik ok.
                * Laat het je systeem scannen op bestanden die moeten verwijderd worden
                * Zorg er wel voor dat je daar enkel maar 'tijdelijke bestanden', 'tijdelijke internetbestanden' en 'prullenbak' staan aangevinkt.
                * Klik daarna op OK.


                Groet,
                Pim
                Groet,
                Pimmerd

                Comment


                • #9
                  tnhx

                  Comment


                  • #10
                    Graag gedaan
                    Groet,
                    Pimmerd

                    Comment

                    Sorry, you are not authorized to view this page
                    Working...
                    X