Mededeling

Collapse
No announcement yet.

trojan.vundo.dvs

Collapse
X
 •  
 • Filter
 • Tijd
 • Show
Clear All
new posts

 • trojan.vundo.dvs

  sinds vandaag heb ik een trojan.vundo.dvs op de computer en met bullguard krijg ik hem niet verwijderd hoe krijg ik dit verwijderd dit is mn

  hijackthis

  Logfile of Trend Micro HijackThis v2.0.2
  Scan saved at 22:20:24, on 2-4-2008
  Platform: Windows Vista (WinNT 6.00.1904)
  MSIE: Internet Explorer v7.00 (7.00.6000.16609)
  Boot mode: Normal

  Running processes:
  C:\Windows\system32\Dwm.exe
  C:\Windows\Explorer.EXE
  C:\Windows\system32\taskeng.exe
  C:\Program Files\Windows Defender\MSASCui.exe
  C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
  C:\Windows\RtHDVCpl.exe
  C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
  C:\Windows\System32\rundll32.exe
  C:\Program Files\Genesys PC Camera Device\GenePccMon.exe
  C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
  C:\Windows\WindowsMobile\wmdc.exe
  C:\Program Files\Windows Sidebar\sidebar.exe
  C:\Program Files\BullGuard Software\BullGuard\BullGuard.exe
  C:\Windows\ehome\ehtray.exe
  C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
  C:\Users\jamie\Program Files\DNA\btdna.exe
  C:\Program Files\Windows Media Player\wmpnscfg.exe
  C:\Windows\System32\rundll32.exe
  C:\Windows\System32\rundll32.exe
  C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
  C:\Windows\ehome\ehmsas.exe
  C:\Program Files\Internet Explorer\ieuser.exe
  C:\Program Files\Internet Explorer\iexplore.exe
  C:\Program Files\Internet Explorer\iexplore.exe
  C:\Windows\system32\SearchFilterHost.exe
  C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

  R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.nucia.eu/forum/forumdisplay.php?f=41
  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
  R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
  R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
  O1 - Hosts: ::1 localhost
  O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
  O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
  O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
  O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
  O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
  O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
  O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
  O4 - HKLM\..\Run: [Skytel] Skytel.exe
  O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
  O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
  O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
  O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
  O4 - HKLM\..\Run: [GenePccMon.exe] C:\Program Files\Genesys PC Camera Device\GenePccMon.exe
  O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
  O4 - HKLM\..\Run: [QuickFinder Scheduler] "C:\Program Files\WordPerfect Office X3\Programs\QFSCHD130.EXE"
  O4 - HKLM\..\Run: [BullGuard] "C:\Program Files\BullGuard Software\BullGuard\bullguard.exe" -boot
  O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
  O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
  O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
  O4 - HKLM\..\Run: [toolbar_eula_launcher] C:\Program Files\GoogleEULA\EULALauncher.exe
  O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
  O4 - HKLM\..\Run: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe
  O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
  O4 - HKCU\..\Run: [BullGuard] "C:\Program Files\BullGuard Software\BullGuard\BullGuard.exe"
  O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
  O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
  O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Users\jamie\Program Files\DNA\btdna.exe"
  O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
  O4 - HKCU\..\Run: [cmds] rundll32.exe C:\Users\jamie\AppData\Local\Temp\geBtUnnl.dll,c
  O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
  O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
  O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
  O8 - Extra context menu item: Open with WordPerfect - C:\Program Files\WordPerfect Office X3\Programs\WPLauncher.hta
  O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
  O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
  O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
  O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
  O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
  O13 - Gopher Prefix:
  O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
  O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
  O23 - Service: BullGuard LiveUpdate (BGLiveSvc) - BullGuard Software - C:\Program Files\BullGuard Software\BullGuard\BullGuardUpdate.exe
  O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktopManager.exe
  O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
  O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
  O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
  O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
  O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
  O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe

  --
  End of file - 7176 bytes

 • #2
  Volg deze instructies om ComboFix te downloaden:
  • Voer de instructies op de BleepingComputer pagina uit, inclusief het installeren van de XP Recovery Console
   Indien je Combofix al eerder hebt gebruikt, gelieve die versie te verwijderen en Combofix opnieuw te downloaden via bovenstaande link, want Combofix wordt dagelijks geupdate.

   OPMERKING: indien je, tijdens of na het downloaden van Combofix of tijdens het gebruik van Combofix een melding krijgt van je Antivirus- of een andere realtime scanner,
   schakel dan deze scanner uit en download Combofix opnieuw.
   Sommige scanners zien bepaalde componenten die Combofix gebruikt als verdacht en gaan deze blokkeren of verwijderen!
   • Dubbelklik op Combofix.exe
    Tijdens het runnen van de fix, NIET in het venster klikken, want dit zal je pc doen vasthangen.
    Wanneer de fix voltooid is en na herstart, zal de log Combofix.txt openen.


   Plaats deze log in je volgende post, samen met een vers HijackThis logje.
  Groet,
  Pimmerd

  Comment


  • #3
   ComboFix 08-04-02.1 - jamie 2008-04-02 22:46:27.2 - NTFSx86
   Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1043.18.1091 [GMT 2:00]
   Gestart vanuit: C:\Users\jamie\Desktop\ComboFix.exe
   * Nieuw herstelpunt werd aangemaakt
   * Resident AV is active

   .

   (((((((((((((((((((( Bestanden Gemaakt van 2008-03-02 to 2008-04-02 ))))))))))))))))))))))))))))))
   .

   2008-04-02 22:20 . 2008-04-02 22:20 <DIR> d-------- C:\Program Files\Trend Micro
   2008-04-02 21:25 . 2008-04-02 21:30 <DIR> d-------- C:\ComboFix[1]
   2008-04-02 20:31 . 2008-04-02 20:53 <DIR> d-a------ C:\Users\All Users\TEMP
   2008-04-02 20:31 . 2008-04-02 20:53 <DIR> d-a------ C:\ProgramData\TEMP
   2008-04-02 17:43 . 2008-04-02 17:48 <DIR> d-------- C:\Users\jamie\AppData\Roaming\Azureus
   2008-04-02 17:43 . 2008-04-02 17:43 <DIR> d-------- C:\Users\All Users\Azureus
   2008-04-02 17:43 . 2008-04-02 17:43 <DIR> d-------- C:\ProgramData\Azureus
   2008-04-02 16:35 . 2008-04-02 16:35 2,560 --a------ C:\Windows\_MSRSTRT.EXE
   2008-04-02 09:07 . 2008-04-02 09:07 <DIR> d-------- C:\Program Files\MSECache
   2008-04-01 21:59 . 2008-04-02 22:20 <DIR> d-------- C:\My Downloads
   2008-04-01 21:59 . 2007-11-22 16:00 483,328 --a------ C:\Windows\System32\actskn45.ocx
   2008-04-01 17:52 . 2008-04-01 17:52 <DIR> d-------- C:\Users\jamie\Program Files
   2008-03-31 22:21 . 2008-04-02 22:45 <DIR> d-------- C:\Users\jamie\AppData\Roaming\DNA
   2008-03-31 22:21 . 2008-03-31 22:21 <DIR> d-------- C:\Program Files\DNA
   2008-03-29 22:36 . 2008-04-02 09:00 <DIR> d-------- C:\Users\jamie\AppData\Roaming\Corel
   2008-03-29 21:30 . 2008-03-31 22:34 <DIR> d-------- C:\Users\jamie\programma's
   2008-03-28 21:04 . 2008-03-29 13:44 <DIR> d-------- C:\Users\jamie\winrar bestanden
   2008-03-28 15:30 . 2008-03-28 15:30 <DIR> d-------- C:\Windows\System32\Adobe
   2008-03-27 13:04 . 2008-03-27 13:05 <DIR> d-------- C:\Program Files\Common Files\Adobe
   2008-03-25 20:58 . 2008-03-25 23:32 <DIR> d-------- C:\Program Files\Belastingdienst
   2008-03-24 20:29 . 2008-03-24 21:51 <DIR> d-------- C:\Users\jamie\AppData\Roaming\Ahead
   2008-03-22 19:45 . 2008-03-22 19:45 <DIR> d-------- C:\Windows\System32\URTTEMP
   2008-03-22 19:10 . 2008-03-22 19:10 <DIR> d-------- C:\Program Files\EA GAMES
   2008-03-22 18:50 . 2008-03-22 18:50 <DIR> d-------- C:\Program Files\Masc software
   2008-03-22 18:24 . 2008-03-22 18:49 <DIR> d-------- C:\Program Files\MASC Software BV
   2008-03-21 17:32 . 2008-03-21 17:32 <DIR> dr------- C:\Windows\System32\config\systemprofile\Music
   2008-03-20 21:00 . 2008-04-01 21:41 <DIR> d-------- C:\Users\jamie\AppData\Roaming\LimeWirePlus
   2008-03-20 21:00 . 2008-04-02 16:36 <DIR> d-------- C:\Program Files\LimewirePlus
   2008-03-20 19:09 . 2008-03-20 19:09 14,152 --a------ C:\Windows\System32\lccl.dll
   2008-03-20 19:09 . 2008-03-20 19:09 14,152 --a------ C:\Windows\System32\client_cc.dll
   2008-03-19 21:16 . 2008-03-19 21:16 <DIR> d-------- C:\Program Files\directx
   2008-03-17 22:03 . 2008-03-17 22:03 <DIR> d-------- C:\Program Files\Toshiba
   2008-03-17 21:32 . 2008-03-17 21:32 194,560 --a------ C:\Windows\System32\WebClnt.dll
   2008-03-17 21:32 . 2008-03-17 21:32 110,080 --a------ C:\Windows\System32\drivers\mrxdav.sys
   2008-03-17 21:29 . 2008-03-31 15:45 82,171 --a------ C:\Users\jamie\AppData\Roaming\nvModes.dat
   2008-03-17 21:28 . 2008-03-17 21:28 3,504,696 --a------ C:\Windows\System32\ntkrnlpa.exe
   2008-03-17 21:28 . 2008-03-17 21:28 3,470,392 --a------ C:\Windows\System32\ntoskrnl.exe
   2008-03-17 21:28 . 2008-03-17 21:28 1,060,920 --a------ C:\Windows\System32\drivers\ntfs.sys
   2008-03-17 21:28 . 2008-03-17 21:28 41,984 --a------ C:\Windows\System32\drivers\monitor.sys
   2008-03-17 21:26 . 2008-03-17 21:26 1,327,104 --a------ C:\Windows\System32\quartz.dll
   2008-03-17 21:26 . 2008-03-17 21:26 223,232 --a------ C:\Windows\System32\WMASF.DLL
   2008-03-17 21:26 . 2008-03-17 21:26 9,728 --a------ C:\Windows\System32\LAPRXY.DLL
   2008-03-17 21:26 . 2008-03-17 21:26 2,048 --a------ C:\Windows\System32\asferror.dll
   2008-03-17 21:25 . 2008-03-17 21:25 4,247,552 --a------ C:\Windows\System32\GameUXLegacyGDFs.dll
   2008-03-17 21:25 . 2008-03-17 21:25 1,686,528 --a------ C:\Windows\System32\gameux.dll
   2008-03-17 21:25 . 2008-03-17 21:25 11,776 --a------ C:\Windows\System32\sbunattend.exe
   2008-03-17 21:24 . 2008-03-17 21:24 <DIR> d-------- C:\Windows\System32\Macromed
   2008-03-17 21:24 . 2008-03-17 21:24 130,048 --a------ C:\Windows\System32\drivers\srv2.sys
   2008-03-17 21:24 . 2008-03-17 21:24 101,888 --a------ C:\Windows\System32\drivers\mrxsmb.sys
   2008-03-17 21:24 . 2008-03-17 21:24 84,992 --a------ C:\Windows\System32\drivers\srvnet.sys
   2008-03-17 21:24 . 2008-03-17 21:24 58,368 --a------ C:\Windows\System32\drivers\mrxsmb20.sys
   2008-03-17 21:21 . 2008-03-17 21:21 1,244,672 --a------ C:\Windows\System32\mcmde.dll
   2008-03-17 21:13 . 2008-03-17 21:13 50,896 --a------ C:\Windows\System32\drivers\BdFileSpy.sys
   2008-03-17 20:51 . 2008-03-17 20:51 <DIR> dr------- C:\Users\jamie\Searches
   2008-03-17 20:51 . 2008-04-02 11:55 <DIR> d-------- C:\Users\jamie\AppData\Roaming\BullGuard
   2008-03-17 20:50 . 2008-03-29 21:43 <DIR> dr------- C:\Users\jamie\Videos
   2008-03-17 20:50 . 2008-03-17 22:39 <DIR> dr------- C:\Users\jamie\Saved Games
   2008-03-17 20:50 . 2008-03-29 22:40 <DIR> dr------- C:\Users\jamie\Pictures
   2008-03-17 20:50 . 2008-04-02 17:48 <DIR> dr------- C:\Users\jamie\Music
   2008-03-17 20:50 . 2008-03-17 20:51 <DIR> dr------- C:\Users\jamie\Links
   2008-03-17 20:50 . 2008-04-02 22:06 <DIR> d-------- C:\Users\jamie\Downloads
   2008-03-17 20:50 . 2008-04-02 17:22 <DIR> dr------- C:\Users\jamie\Documents
   2008-03-17 20:50 . 2008-03-17 20:50 <DIR> dr------- C:\Users\jamie\Contacts
   2008-03-17 20:50 . 2006-11-02 14:37 <DIR> d-------- C:\Users\jamie\AppData\Roaming\Media Center Programs
   2008-03-17 20:50 . 2008-03-24 21:52 <DIR> d--h----- C:\Users\jamie\AppData
   2008-03-17 20:48 . 2008-03-17 20:48 <DIR> dr------- C:\Windows\System32\config\systemprofile\Contacts

   .
   ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
   .
   2008-04-02 19:56 --------- d-----w C:\ProgramData\BullGuard
   2008-03-31 20:32 --------- d--h--w C:\Program Files\InstallShield Installation Information
   2008-03-19 19:05 --------- d-----w C:\Program Files\Common Files\InstallShield
   2008-03-17 19:37 --------- d-----w C:\Program Files\Windows Sidebar
   2008-03-17 19:37 --------- d-----w C:\Program Files\Windows Mail
   2008-03-17 19:30 943,800 ----a-w C:\Windows\System32\winload.exe
   2008-03-17 19:27 803,328 ----a-w C:\Windows\system32\drivers\tcpip.sys
   2008-03-17 19:27 45,112 ----a-w C:\Windows\system32\drivers\pciidex.sys
   2008-03-17 19:27 24,064 ----a-w C:\Windows\System32\netcfg.exe
   2008-03-17 19:27 22,016 ----a-w C:\Windows\System32\netiougc.exe
   2008-03-17 19:27 216,632 ----a-w C:\Windows\system32\drivers\netio.sys
   2008-03-17 19:27 211,000 ----a-w C:\Windows\system32\drivers\volsnap.sys
   2008-03-17 19:27 21,560 ----a-w C:\Windows\system32\drivers\atapi.sys
   2008-03-17 19:27 17,976 ----a-w C:\Windows\system32\drivers\intelide.sys
   2008-03-17 19:27 167,424 ----a-w C:\Windows\System32\tcpipcfg.dll
   2008-03-17 19:27 154,624 ----a-w C:\Windows\system32\drivers\nwifi.sys
   2008-03-17 19:27 110,136 ----a-w C:\Windows\system32\drivers\ataport.sys
   2008-03-17 19:25 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll
   2008-03-17 19:25 449,536 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
   2008-03-17 19:25 2,144,256 ----a-w C:\Windows\AppPatch\AcGenral.dll
   2008-03-17 19:25 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
   2008-03-17 19:22 824,832 ----a-w C:\Windows\System32\wininet.dll
   2008-03-17 19:22 56,320 ----a-w C:\Windows\System32\iesetup.dll
   2008-03-17 19:22 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
   2008-03-17 19:22 26,624 ----a-w C:\Windows\System32\ieUnatt.exe
   2008-03-17 18:50 --------- d-sh--w C:\ProgramData\Sjablonen
   2008-03-17 18:50 --------- d-sh--w C:\ProgramData\Menu Start
   2008-03-17 18:50 --------- d-sh--w C:\ProgramData\Favorieten
   2008-03-17 18:50 --------- d-sh--w C:\ProgramData\Documenten
   2008-03-17 18:50 --------- d-sh--w C:\ProgramData\Bureaublad
   2008-01-14 10:56 53,080 ----a-w C:\Windows\System32\wuauclt.exe
   2008-01-14 10:56 43,352 ----a-w C:\Windows\System32\wups2.dll
   2008-01-14 10:56 1,712,984 ----a-w C:\Windows\System32\wuaueng.dll
   2008-01-14 10:56 1,524,224 ----a-w C:\Windows\System32\wucltux.dll
   2008-01-14 10:55 80,896 ----a-w C:\Windows\System32\wudriver.dll
   2008-01-14 10:55 549,720 ----a-w C:\Windows\System32\wuapi.dll
   2008-01-14 10:55 33,624 ----a-w C:\Windows\System32\wups.dll
   2008-01-14 10:55 31,232 ----a-w C:\Windows\System32\wuapp.exe
   2008-01-14 10:55 163,000 ----a-w C:\Windows\System32\wuwebv.dll
   2008-01-08 14:10 319,456 ----a-w C:\Windows\DIFxAPI.dll
   2008-01-08 14:08 315,392 ----a-w C:\Windows\HideWin.exe
   2008-01-08 13:19 174 --sha-w C:\Program Files\desktop.ini
   .

   ((((((((((((((((((((((((((((( [email protected]_21.30.14,32 )))))))))))))))))))))))))))))))))))))))))
   .
   - 2008-04-02 14:36:56 67,584 --s-a-w C:\Windows\bootstat.dat
   + 2008-04-02 19:54:40 67,584 --s-a-w C:\Windows\bootstat.dat
   - 2008-04-02 18:52:06 262,144 ----a-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\usrclass.dat
   + 2008-04-02 20:09:46 262,144 ----a-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\usrclass.dat
   - 2008-04-02 14:39:10 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
   + 2008-04-02 19:56:51 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
   + 2008-04-02 19:56:51 262,144 ---ha-w C:\Windows\ServiceProfiles\LocalService\ntuser.dat.LOG1
   - 2008-04-02 19:26:40 262,144 ----a-w C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\usrclass.dat
   + 2008-04-02 20:45:40 262,144 ----a-w C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\usrclass.dat
   - 2008-04-02 15:48:48 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
   + 2008-04-02 19:56:46 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
   + 2008-04-02 19:56:46 262,144 ---ha-w C:\Windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1
   - 2008-04-02 18:31:15 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.d at
   + 2008-04-02 20:33:55 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.d at
   - 2008-04-02 18:31:15 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
   + 2008-04-02 20:33:55 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
   - 2008-04-02 18:31:15 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
   + 2008-04-02 20:33:55 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
   - 2008-04-02 19:27:23 262,144 ----a-w C:\Windows\System32\config\systemprofile\ntuser.dat
   + 2008-04-02 20:46:21 262,144 ----a-w C:\Windows\System32\config\systemprofile\ntuser.dat
   + 2008-04-02 20:46:21 262,144 ---ha-w C:\Windows\System32\config\systemprofile\ntuser.dat.LOG1
   - 2008-04-02 18:33:53 107,614 ----a-w C:\Windows\System32\perfc009.dat
   + 2008-04-02 20:03:31 107,614 ----a-w C:\Windows\System32\perfc009.dat
   - 2008-04-02 18:33:53 127,416 ----a-w C:\Windows\System32\perfc013.dat
   + 2008-04-02 20:03:31 127,416 ----a-w C:\Windows\System32\perfc013.dat
   - 2008-04-02 18:33:53 618,470 ----a-w C:\Windows\System32\perfh009.dat
   + 2008-04-02 20:03:31 618,470 ----a-w C:\Windows\System32\perfh009.dat
   - 2008-04-02 18:33:53 699,276 ----a-w C:\Windows\System32\perfh013.dat
   + 2008-04-02 20:03:31 699,276 ----a-w C:\Windows\System32\perfh013.dat
   - 2008-04-02 14:39:36 4,928 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2647415776-350541049-2584541440-1000_UserData.bin
   + 2008-04-02 19:57:22 5,126 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2647415776-350541049-2584541440-1000_UserData.bin
   - 2008-04-02 14:39:36 48,706 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
   + 2008-04-02 19:57:21 48,746 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
   - 2008-04-02 14:39:33 28,842 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
   + 2008-04-02 19:57:17 29,220 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
   .
   -- Snapshot reset to current date --
   .
   ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
   .
   .
   REGEDIT4
   *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

   [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
   "Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-03-17 21:25 1232896]
   "BullGuard"="C:\Program Files\BullGuard Software\BullGuard\BullGuard.exe" [2008-03-17 21:13 308552]
   "ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 14:35 125440]
   "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-12-23 19:05 143360]
   "BitTorrent DNA"="C:\Users\jamie\Program Files\DNA\btdna.exe" [2008-04-01 17:52 288576]
   "WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 14:36 201728]
   "cmds"="C:\Users\jamie\AppData\Local\Temp\geBtUnnl.dll" [2008-04-02 11:28 265728]

   [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
   "Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2007-10-16 14:25 1006264]
   "IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-07-12 17:36 178712]
   "RtHDVCpl"="RtHDVCpl.exe" [2007-12-05 03:31 4710400 C:\Windows\RtHDVCpl.exe]
   "Skytel"="Skytel.exe" [2007-11-20 10:15 1826816 C:\Windows\SkyTel.exe]
   "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2007-01-05 08:18 827392]
   "NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-10-23 15:03 86016]
   "NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-10-23 15:03 8501792]
   "NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-10-23 15:03 81920]
   "GenePccMon.exe"="C:\Program Files\Genesys PC Camera Device\GenePccMon.exe" [2007-02-13 08:21 36864]
   "ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-08-11 17:30 81920]
   "QuickFinder Scheduler"="C:\Program Files\WordPerfect Office X3\Programs\QFSCHD130.EXE" [2006-07-05 01:01 77892]
   "BullGuard"="C:\Program Files\BullGuard Software\BullGuard\bullguard.exe" [2008-03-17 21:13 308552]
   "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 02:11 132496]
   "NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 16:40 155648]
   "Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-01-14 13:17 220160]
   "toolbar_eula_launcher"="C:\Program Files\GoogleEULA\EULALauncher.exe" [2007-02-09 16:54 16896]
   "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
   "Windows Mobile Device Center"="%windir%\WindowsMobile\wmdc.exe" [ ]

   [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
   "TCP Query User{80CAF260-587B-40A1-A037-607D7BC91718}C:\\program files\\ea games\\need for speed underground 2\\speed2.exe"= UDP:C:\program files\ea games\need for speed underground 2\speed2.exe:speed2
   "UDP Query User{15C9E0BF-828E-4007-B256-597EB1696D0C}C:\\program files\\ea games\\need for speed underground 2\\speed2.exe"= TCP:C:\program files\ea games\need for speed underground 2\speed2.exe:speed2
   "TCP Query User{F2E2B5E0-597F-421F-AA69-D70591395CAD}C:\\program files\\limewire plus\\limewire.exe"= UDP:C:\program files\limewire plus\limewire.exe:LimeWire
   "UDP Query User{01F5895D-A08A-4D1D-B027-4064496BB126}C:\\program files\\limewire plus\\limewire.exe"= TCP:C:\program files\limewire plus\limewire.exe:LimeWire
   "{7DCBBB21-73C3-437B-9806-B0F9E4D6D991}"= UDP:C:\Program Files\DNA\btdna.exeNA
   "{B9354E4F-41CD-45C2-A932-491C7C46B58D}"= TCP:C:\Program Files\DNA\btdna.exeNA
   "{99C58959-29A3-4A29-96CC-6BFF0EE4029B}"= UDP:C:\Users\jamie\programma's\BitTorrent\bittorrent.exe:BitTorrent
   "{259C54F2-96B4-4339-A399-E80C83E287B5}"= TCP:C:\Users\jamie\programma's\BitTorrent\bittorrent.exe:BitTorrent
   "TCP Query User{8923067A-2596-4B85-8307-1EB58F64E168}C:\\program files\\bearshare applications\\bearshare\\bearshare.exe"= UDP:C:\program files\bearshare applications\bearshare\bearshare.exe:BearShare
   "UDP Query User{E8602E20-A7C7-46FD-BF4A-6D52FA2E379D}C:\\program files\\bearshare applications\\bearshare\\bearshare.exe"= TCP:C:\program files\bearshare applications\bearshare\bearshare.exe:BearShare
   "{F3FECF57-D924-4EED-98FC-DC53060C20E2}"= UDP:C:\Users\jamie\Downloads\BitTorrent\bittorrent.exe:BitTorrent
   "{EE5939C0-2DD4-42E1-8B20-E217EC039F49}"= TCP:C:\Users\jamie\Downloads\BitTorrent\bittorrent.exe:BitTorrent
   "TCP Query User{76B955E3-093C-4E47-8CF5-53D81892F69C}C:\\users\\jamie\\downloads\\bittorrent\\bittorrent.exe"= UDP:C:\users\jamie\downloads\bittorrent\bittorrent.exe:bittorrent.exe
   "UDP Query User{34F3F91F-26AD-4287-BFEF-0CC28D7CFEA8}C:\\users\\jamie\\downloads\\bittorrent\\bittorrent.exe"= TCP:C:\users\jamie\downloads\bittorrent\bittorrent.exe:bittorrent.exe
   "TCP Query User{23E44C77-539B-45CA-B0EB-5D09E6C5D0CF}C:\\users\\jamie\\program files\\dna\\btdna.exe"= UDP:C:\users\jamie\program files\dna\btdna.exe:btdna.exe
   "UDP Query User{96C4B857-E8B0-4A1F-936B-A4954005BB4E}C:\\users\\jamie\\program files\\dna\\btdna.exe"= TCP:C:\users\jamie\program files\dna\btdna.exe:btdna.exe
   "TCP Query User{B140F037-BFAD-4EC9-B0D7-A7490605CFD0}C:\\users\\jamie\\downloads\\azureus\\azureus.exe"= UDP:C:\users\jamie\downloads\azureus\azureus.exe:azureus.exe
   "UDP Query User{EDB903AE-810C-4F0D-BA0F-E36B37BBFF0B}C:\\users\\jamie\\downloads\\azureus\\azureus.exe"= TCP:C:\users\jamie\downloads\azureus\azureus.exe:azureus.exe

   [HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
   "DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

   [HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
   "C:\\Users\\jamie\\programma's\\BitTorrent\\bittorrent.exe"= C:\Users\jamie\programma's\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent
   "C:\\Users\\jamie\\Downloads\\BitTorrent\\bittorrent.exe"= C:\Users\jamie\Downloads\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent

   R2 BdFileSpy;BullGuard File Monitor Driver;C:\Windows\system32\drivers\BdFileSpy.sys [2008-03-17 21:13]
   R2 BsFileScan;BullGuard File Scan Service;C:\Windows\System32\svchost.exe [2006-11-02 11:45]
   R2 RapiMgr;Windows Mobile-based device connectivity;C:\Windows\system32\svchost.exe [2006-11-02 11:45]
   R2 TOSHIBA Bluetooth Service;TOSHIBA Bluetooth Service;C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe [2007-02-25 22:55]
   R2 WcesComm;Windows Mobile-2003-based device connectivity;C:\Windows\system32\svchost.exe [2006-11-02 11:45]
   R3 DCamUSBGene;GenesysLogic USB2.0 PC Camera;C:\Windows\system32\DRIVERS\usbgene.sys [2007-06-26 04:44]
   R3 netr28;Ralink 802.11n Wireless Driver for Windows Vista;C:\Windows\system32\DRIVERS\netr28.sys [2007-11-21 12:17]
   R3 Reconn;BullGuard Email Monitor;C:\Program Files\BullGuard Software\BullGuard\reconn.sys [2007-05-16 13:07]
   R3 RTSTOR;USB Mass Storage Device;C:\Windows\system32\drivers\RTSTOR.SYS [2007-11-09 23:30]

   [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
   bthsvcs REG_MULTI_SZ BthServ
   BullGuard REG_MULTI_SZ BgMainSvc BsFileScan BsMailProxy
   WindowsMobile REG_MULTI_SZ wcescomm rapimgr
   LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr

   .
   **************************************************************************

   catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
   Rootkit scan 2008-04-02 22:48:37
   Windows 6.0.6000 NTFS

   scannen van verborgen processen ...

   scannen van verborgen autostart items ...

   HKLM\Software\Microsoft\Windows\CurrentVersion\Run
   GenePccMon.exe = C:\Program Files\Genesys PC Camera Device\GenePccMon.exe??????????????????????????????????????????????????????????????????????????????? ????????????????????????

   scannen van verborgen bestanden ...

   Scan succesvol afgerond
   verborgen bestanden: 0

   **************************************************************************
   .
   --------------------- DLLs Geladen Onder Lopende Processen ---------------------

   PROCESS: C:\Windows\Explorer.exe
   -> C:\Users\jamie\AppData\Local\Temp\geBtUnnl.dll
   .
   Voltooingstijd: 2008-04-02 22:49:19
   ComboFix-quarantined-files.txt 2008-04-02 20:49:14
   ComboFix2.txt 2008-04-02 19:30:37
   Pre-Run: 174,869,991,424 bytes beschikbaar
   Post-Run: 174,841,303,040 bytes beschikbaar
   .
   2008-04-02 14:28:49 --- E O F ---

   Logfile of Trend Micro HijackThis v2.0.2
   Scan saved at 22:20:24, on 2-4-2008
   Platform: Windows Vista (WinNT 6.00.1904)
   MSIE: Internet Explorer v7.00 (7.00.6000.16609)
   Boot mode: Normal

   Running processes:
   C:\Windows\system32\Dwm.exe
   C:\Windows\Explorer.EXE
   C:\Windows\system32\taskeng.exe
   C:\Program Files\Windows Defender\MSASCui.exe
   C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
   C:\Windows\RtHDVCpl.exe
   C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
   C:\Windows\System32\rundll32.exe
   C:\Program Files\Genesys PC Camera Device\GenePccMon.exe
   C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
   C:\Windows\WindowsMobile\wmdc.exe
   C:\Program Files\Windows Sidebar\sidebar.exe
   C:\Program Files\BullGuard Software\BullGuard\BullGuard.exe
   C:\Windows\ehome\ehtray.exe
   C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
   C:\Users\jamie\Program Files\DNA\btdna.exe
   C:\Program Files\Windows Media Player\wmpnscfg.exe
   C:\Windows\System32\rundll32.exe
   C:\Windows\System32\rundll32.exe
   C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
   C:\Windows\ehome\ehmsas.exe
   C:\Program Files\Internet Explorer\ieuser.exe
   C:\Program Files\Internet Explorer\iexplore.exe
   C:\Program Files\Internet Explorer\iexplore.exe
   C:\Windows\system32\SearchFilterHost.exe
   C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

   R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.nucia.eu/forum/forumdisplay.php?f=41
   R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
   R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
   R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
   R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
   R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
   O1 - Hosts: ::1 localhost
   O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
   O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
   O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
   O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
   O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
   O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
   O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
   O4 - HKLM\..\Run: [Skytel] Skytel.exe
   O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
   O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
   O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
   O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
   O4 - HKLM\..\Run: [GenePccMon.exe] C:\Program Files\Genesys PC Camera Device\GenePccMon.exe
   O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
   O4 - HKLM\..\Run: [QuickFinder Scheduler] "C:\Program Files\WordPerfect Office X3\Programs\QFSCHD130.EXE"
   O4 - HKLM\..\Run: [BullGuard] "C:\Program Files\BullGuard Software\BullGuard\bullguard.exe" -boot
   O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
   O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
   O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
   O4 - HKLM\..\Run: [toolbar_eula_launcher] C:\Program Files\GoogleEULA\EULALauncher.exe
   O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
   O4 - HKLM\..\Run: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe
   O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
   O4 - HKCU\..\Run: [BullGuard] "C:\Program Files\BullGuard Software\BullGuard\BullGuard.exe"
   O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
   O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
   O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Users\jamie\Program Files\DNA\btdna.exe"
   O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
   O4 - HKCU\..\Run: [cmds] rundll32.exe C:\Users\jamie\AppData\Local\Temp\geBtUnnl.dll,c
   O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
   O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
   O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
   O8 - Extra context menu item: Open with WordPerfect - C:\Program Files\WordPerfect Office X3\Programs\WPLauncher.hta
   O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
   O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
   O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
   O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
   O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
   O13 - Gopher Prefix:
   O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
   O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
   O23 - Service: BullGuard LiveUpdate (BGLiveSvc) - BullGuard Software - C:\Program Files\BullGuard Software\BullGuard\BullGuardUpdate.exe
   O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktopManager.exe
   O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
   O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
   O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
   O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
   O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
   O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe

   --
   End of file - 7176 bytes

   Comment


   • #4
    Open Kladblok, kopiëer en plak het volgende (vetgedrukte tekst) in een leeg venster:

    File::
    C:\Users\jamie\AppData\Local\Temp\geBtUnnl.dll

    Registry::
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "cmds"=-

    Sla dit op op je Bureaublad als CFScript.txt

    Sleep CFScript.txt in ComboFix.exe zoals getoond in onderstaand voorbeeld :    Dit zal ComboFix doen herstarten.
    Start opnieuw op als daarom gevraagd wordt,
    en post de inhoud van de Combofix.txt in je volgende antwoord

    Nog problemen?
    Groet,
    Pimmerd

    Comment


    • #5
     ComboFix 08-04-02.1 - jamie 2008-04-02 23:04:52.3 - NTFSx86
     Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1043.18.1114 [GMT 2:00]
     Gestart vanuit: C:\Users\jamie\Desktop\ComboFix.exe
     Command switches used :: C:\Users\jamie\Desktop\CFScript.txt
     * Nieuw herstelpunt werd aangemaakt
     * Resident AV is active


     FILE ::
     C:\Users\jamie\AppData\Local\Temp\geBtUnnl.dll
     .

     (((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
     .

     C:\Users\jamie\AppData\Local\Temp\geBtUnnl.dll

     .
     (((((((((((((((((((( Bestanden Gemaakt van 2008-03-02 to 2008-04-02 ))))))))))))))))))))))))))))))
     .

     2008-04-02 22:20 . 2008-04-02 22:20 <DIR> d-------- C:\Program Files\Trend Micro
     2008-04-02 21:25 . 2008-04-02 21:30 <DIR> d-------- C:\ComboFix[1]
     2008-04-02 20:31 . 2008-04-02 20:53 <DIR> d-a------ C:\Users\All Users\TEMP
     2008-04-02 20:31 . 2008-04-02 20:53 <DIR> d-a------ C:\ProgramData\TEMP
     2008-04-02 17:43 . 2008-04-02 17:48 <DIR> d-------- C:\Users\jamie\AppData\Roaming\Azureus
     2008-04-02 17:43 . 2008-04-02 17:43 <DIR> d-------- C:\Users\All Users\Azureus
     2008-04-02 17:43 . 2008-04-02 17:43 <DIR> d-------- C:\ProgramData\Azureus
     2008-04-02 16:35 . 2008-04-02 16:35 2,560 --a------ C:\Windows\_MSRSTRT.EXE
     2008-04-02 09:07 . 2008-04-02 09:07 <DIR> d-------- C:\Program Files\MSECache
     2008-04-01 21:59 . 2008-04-02 22:51 <DIR> d-------- C:\My Downloads
     2008-04-01 21:59 . 2007-11-22 16:00 483,328 --a------ C:\Windows\System32\actskn45.ocx
     2008-04-01 17:52 . 2008-04-01 17:52 <DIR> d-------- C:\Users\jamie\Program Files
     2008-03-31 22:21 . 2008-04-02 23:06 <DIR> d-------- C:\Users\jamie\AppData\Roaming\DNA
     2008-03-31 22:21 . 2008-03-31 22:21 <DIR> d-------- C:\Program Files\DNA
     2008-03-29 22:36 . 2008-04-02 09:00 <DIR> d-------- C:\Users\jamie\AppData\Roaming\Corel
     2008-03-29 21:30 . 2008-03-31 22:34 <DIR> d-------- C:\Users\jamie\programma's
     2008-03-28 21:04 . 2008-03-29 13:44 <DIR> d-------- C:\Users\jamie\winrar bestanden
     2008-03-28 15:30 . 2008-03-28 15:30 <DIR> d-------- C:\Windows\System32\Adobe
     2008-03-27 13:04 . 2008-03-27 13:05 <DIR> d-------- C:\Program Files\Common Files\Adobe
     2008-03-25 20:58 . 2008-03-25 23:32 <DIR> d-------- C:\Program Files\Belastingdienst
     2008-03-24 20:29 . 2008-03-24 21:51 <DIR> d-------- C:\Users\jamie\AppData\Roaming\Ahead
     2008-03-22 19:45 . 2008-03-22 19:45 <DIR> d-------- C:\Windows\System32\URTTEMP
     2008-03-22 19:10 . 2008-03-22 19:10 <DIR> d-------- C:\Program Files\EA GAMES
     2008-03-22 18:50 . 2008-03-22 18:50 <DIR> d-------- C:\Program Files\Masc software
     2008-03-22 18:24 . 2008-03-22 18:49 <DIR> d-------- C:\Program Files\MASC Software BV
     2008-03-21 17:32 . 2008-03-21 17:32 <DIR> dr------- C:\Windows\System32\config\systemprofile\Music
     2008-03-20 21:00 . 2008-04-01 21:41 <DIR> d-------- C:\Users\jamie\AppData\Roaming\LimeWirePlus
     2008-03-20 21:00 . 2008-04-02 16:36 <DIR> d-------- C:\Program Files\LimewirePlus
     2008-03-20 19:09 . 2008-03-20 19:09 14,152 --a------ C:\Windows\System32\lccl.dll
     2008-03-20 19:09 . 2008-03-20 19:09 14,152 --a------ C:\Windows\System32\client_cc.dll
     2008-03-19 21:16 . 2008-03-19 21:16 <DIR> d-------- C:\Program Files\directx
     2008-03-17 22:03 . 2008-03-17 22:03 <DIR> d-------- C:\Program Files\Toshiba
     2008-03-17 21:32 . 2008-03-17 21:32 194,560 --a------ C:\Windows\System32\WebClnt.dll
     2008-03-17 21:32 . 2008-03-17 21:32 110,080 --a------ C:\Windows\System32\drivers\mrxdav.sys
     2008-03-17 21:29 . 2008-03-31 15:45 82,171 --a------ C:\Users\jamie\AppData\Roaming\nvModes.dat
     2008-03-17 21:28 . 2008-03-17 21:28 3,504,696 --a------ C:\Windows\System32\ntkrnlpa.exe
     2008-03-17 21:28 . 2008-03-17 21:28 3,470,392 --a------ C:\Windows\System32\ntoskrnl.exe
     2008-03-17 21:28 . 2008-03-17 21:28 1,060,920 --a------ C:\Windows\System32\drivers\ntfs.sys
     2008-03-17 21:28 . 2008-03-17 21:28 41,984 --a------ C:\Windows\System32\drivers\monitor.sys
     2008-03-17 21:26 . 2008-03-17 21:26 1,327,104 --a------ C:\Windows\System32\quartz.dll
     2008-03-17 21:26 . 2008-03-17 21:26 223,232 --a------ C:\Windows\System32\WMASF.DLL
     2008-03-17 21:26 . 2008-03-17 21:26 9,728 --a------ C:\Windows\System32\LAPRXY.DLL
     2008-03-17 21:26 . 2008-03-17 21:26 2,048 --a------ C:\Windows\System32\asferror.dll
     2008-03-17 21:25 . 2008-03-17 21:25 4,247,552 --a------ C:\Windows\System32\GameUXLegacyGDFs.dll
     2008-03-17 21:25 . 2008-03-17 21:25 1,686,528 --a------ C:\Windows\System32\gameux.dll
     2008-03-17 21:25 . 2008-03-17 21:25 11,776 --a------ C:\Windows\System32\sbunattend.exe
     2008-03-17 21:24 . 2008-03-17 21:24 <DIR> d-------- C:\Windows\System32\Macromed
     2008-03-17 21:24 . 2008-03-17 21:24 130,048 --a------ C:\Windows\System32\drivers\srv2.sys
     2008-03-17 21:24 . 2008-03-17 21:24 101,888 --a------ C:\Windows\System32\drivers\mrxsmb.sys
     2008-03-17 21:24 . 2008-03-17 21:24 84,992 --a------ C:\Windows\System32\drivers\srvnet.sys
     2008-03-17 21:24 . 2008-03-17 21:24 58,368 --a------ C:\Windows\System32\drivers\mrxsmb20.sys
     2008-03-17 21:21 . 2008-03-17 21:21 1,244,672 --a------ C:\Windows\System32\mcmde.dll
     2008-03-17 21:13 . 2008-03-17 21:13 50,896 --a------ C:\Windows\System32\drivers\BdFileSpy.sys
     2008-03-17 20:51 . 2008-03-17 20:51 <DIR> dr------- C:\Users\jamie\Searches
     2008-03-17 20:51 . 2008-04-02 11:55 <DIR> d-------- C:\Users\jamie\AppData\Roaming\BullGuard
     2008-03-17 20:50 . 2008-03-29 21:43 <DIR> dr------- C:\Users\jamie\Videos
     2008-03-17 20:50 . 2008-03-17 22:39 <DIR> dr------- C:\Users\jamie\Saved Games
     2008-03-17 20:50 . 2008-03-29 22:40 <DIR> dr------- C:\Users\jamie\Pictures
     2008-03-17 20:50 . 2008-04-02 17:48 <DIR> dr------- C:\Users\jamie\Music
     2008-03-17 20:50 . 2008-03-17 20:51 <DIR> dr------- C:\Users\jamie\Links
     2008-03-17 20:50 . 2008-04-02 22:06 <DIR> d-------- C:\Users\jamie\Downloads
     2008-03-17 20:50 . 2008-04-02 17:22 <DIR> dr------- C:\Users\jamie\Documents
     2008-03-17 20:50 . 2008-03-17 20:50 <DIR> dr------- C:\Users\jamie\Contacts
     2008-03-17 20:50 . 2006-11-02 14:37 <DIR> d-------- C:\Users\jamie\AppData\Roaming\Media Center Programs
     2008-03-17 20:50 . 2008-03-24 21:52 <DIR> d--h----- C:\Users\jamie\AppData
     2008-03-17 20:48 . 2008-03-17 20:48 <DIR> dr------- C:\Windows\System32\config\systemprofile\Contacts

     .
     ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
     .
     2008-04-02 19:56 --------- d-----w C:\ProgramData\BullGuard
     2008-03-31 20:32 --------- d--h--w C:\Program Files\InstallShield Installation Information
     2008-03-19 19:05 --------- d-----w C:\Program Files\Common Files\InstallShield
     2008-03-17 19:37 --------- d-----w C:\Program Files\Windows Sidebar
     2008-03-17 19:37 --------- d-----w C:\Program Files\Windows Mail
     2008-03-17 19:34 28,344 ----a-w C:\Windows\system32\drivers\battc.sys
     2008-03-17 19:34 258,232 ----a-w C:\Windows\system32\drivers\acpi.sys
     2008-03-17 19:34 20,920 ----a-w C:\Windows\system32\drivers\compbatt.sys
     2008-03-17 19:34 2,923,520 ----a-w C:\Windows\explorer.exe
     2008-03-17 19:34 14,208 ----a-w C:\Windows\system32\drivers\CmBatt.sys
     2008-03-17 19:30 54,784 ----a-w C:\Windows\system32\drivers\i8042prt.sys
     2008-03-17 19:30 495,160 ----a-w C:\Windows\system32\drivers\Wdf01000.sys
     2008-03-17 19:30 35,384 ----a-w C:\Windows\system32\drivers\WdfLdr.sys
     2008-03-17 19:30 35,384 ----a-w C:\Windows\system32\drivers\kbdclass.sys
     2008-03-17 19:30 34,360 ----a-w C:\Windows\system32\drivers\mouclass.sys
     2008-03-17 19:30 19,968 ----a-w C:\Windows\system32\drivers\sermouse.sys
     2008-03-17 19:30 15,872 ----a-w C:\Windows\system32\drivers\mouhid.sys
     2008-03-17 19:27 803,328 ----a-w C:\Windows\system32\drivers\tcpip.sys
     2008-03-17 19:27 45,112 ----a-w C:\Windows\system32\drivers\pciidex.sys
     2008-03-17 19:27 216,632 ----a-w C:\Windows\system32\drivers\netio.sys
     2008-03-17 19:27 211,000 ----a-w C:\Windows\system32\drivers\volsnap.sys
     2008-03-17 19:27 21,560 ----a-w C:\Windows\system32\drivers\atapi.sys
     2008-03-17 19:27 17,976 ----a-w C:\Windows\system32\drivers\intelide.sys
     2008-03-17 19:27 154,624 ----a-w C:\Windows\system32\drivers\nwifi.sys
     2008-03-17 19:27 110,136 ----a-w C:\Windows\system32\drivers\ataport.sys
     2008-03-17 19:25 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll
     2008-03-17 19:25 449,536 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
     2008-03-17 19:25 2,144,256 ----a-w C:\Windows\AppPatch\AcGenral.dll
     2008-03-17 19:25 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
     2008-03-17 19:22 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
     2008-03-17 18:50 --------- d-sh--w C:\ProgramData\Sjablonen
     2008-03-17 18:50 --------- d-sh--w C:\ProgramData\Menu Start
     2008-03-17 18:50 --------- d-sh--w C:\ProgramData\Favorieten
     2008-03-17 18:50 --------- d-sh--w C:\ProgramData\Documenten
     2008-03-17 18:50 --------- d-sh--w C:\ProgramData\Bureaublad
     2008-01-08 14:10 319,456 ----a-w C:\Windows\DIFxAPI.dll
     2008-01-08 14:08 315,392 ----a-w C:\Windows\HideWin.exe
     2008-01-08 13:19 174 --sha-w C:\Program Files\desktop.ini
     .

     ((((((((((((((((((((((((((((( snapshot_2008-04-02_22.48.59,60 )))))))))))))))))))))))))))))))))))))))))
     .
     - 2008-04-02 19:54:40 67,584 --s-a-w C:\Windows\bootstat.dat
     + 2008-04-02 21:08:06 67,584 --s-a-w C:\Windows\bootstat.dat
     - 2008-04-02 20:09:46 262,144 ----a-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\usrclass.dat
     + 2008-04-02 21:09:19 262,144 ----a-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\usrclass.dat
     - 2008-04-02 19:56:51 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
     + 2008-04-02 21:09:10 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
     + 2008-04-02 21:09:10 262,144 ---ha-w C:\Windows\ServiceProfiles\LocalService\ntuser.dat.LOG1
     - 2008-04-02 20:45:40 262,144 ----a-w C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\usrclass.dat
     + 2008-04-02 21:09:16 262,144 ----a-w C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\usrclass.dat
     - 2008-04-02 19:56:46 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
     + 2008-04-02 21:09:10 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
     + 2008-04-02 21:09:10 262,144 ---ha-w C:\Windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1
     .
     ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
     .
     .
     REGEDIT4
     *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

     [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
     "Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-03-17 21:25 1232896]
     "BullGuard"="C:\Program Files\BullGuard Software\BullGuard\BullGuard.exe" [2008-03-17 21:13 308552]
     "ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 14:35 125440]
     "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-12-23 19:05 143360]
     "BitTorrent DNA"="C:\Users\jamie\Program Files\DNA\btdna.exe" [2008-04-01 17:52 288576]
     "WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 14:36 201728]

     [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
     "Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2007-10-16 14:25 1006264]
     "IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-07-12 17:36 178712]
     "RtHDVCpl"="RtHDVCpl.exe" [2007-12-05 03:31 4710400 C:\Windows\RtHDVCpl.exe]
     "Skytel"="Skytel.exe" [2007-11-20 10:15 1826816 C:\Windows\SkyTel.exe]
     "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2007-01-05 08:18 827392]
     "NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-10-23 15:03 86016]
     "NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-10-23 15:03 8501792]
     "NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-10-23 15:03 81920]
     "GenePccMon.exe"="C:\Program Files\Genesys PC Camera Device\GenePccMon.exe" [2007-02-13 08:21 36864]
     "ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-08-11 17:30 81920]
     "QuickFinder Scheduler"="C:\Program Files\WordPerfect Office X3\Programs\QFSCHD130.EXE" [2006-07-05 01:01 77892]
     "BullGuard"="C:\Program Files\BullGuard Software\BullGuard\bullguard.exe" [2008-03-17 21:13 308552]
     "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 02:11 132496]
     "NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 16:40 155648]
     "Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-01-14 13:17 220160]
     "toolbar_eula_launcher"="C:\Program Files\GoogleEULA\EULALauncher.exe" [2007-02-09 16:54 16896]
     "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
     "Windows Mobile Device Center"="%windir%\WindowsMobile\wmdc.exe" [ ]

     [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
     "TCP Query User{80CAF260-587B-40A1-A037-607D7BC91718}C:\\program files\\ea games\\need for speed underground 2\\speed2.exe"= UDP:C:\program files\ea games\need for speed underground 2\speed2.exe:speed2
     "UDP Query User{15C9E0BF-828E-4007-B256-597EB1696D0C}C:\\program files\\ea games\\need for speed underground 2\\speed2.exe"= TCP:C:\program files\ea games\need for speed underground 2\speed2.exe:speed2
     "TCP Query User{F2E2B5E0-597F-421F-AA69-D70591395CAD}C:\\program files\\limewire plus\\limewire.exe"= UDP:C:\program files\limewire plus\limewire.exe:LimeWire
     "UDP Query User{01F5895D-A08A-4D1D-B027-4064496BB126}C:\\program files\\limewire plus\\limewire.exe"= TCP:C:\program files\limewire plus\limewire.exe:LimeWire
     "{7DCBBB21-73C3-437B-9806-B0F9E4D6D991}"= UDP:C:\Program Files\DNA\btdna.exeNA
     "{B9354E4F-41CD-45C2-A932-491C7C46B58D}"= TCP:C:\Program Files\DNA\btdna.exeNA
     "{99C58959-29A3-4A29-96CC-6BFF0EE4029B}"= UDP:C:\Users\jamie\programma's\BitTorrent\bittorrent.exe:BitTorrent
     "{259C54F2-96B4-4339-A399-E80C83E287B5}"= TCP:C:\Users\jamie\programma's\BitTorrent\bittorrent.exe:BitTorrent
     "TCP Query User{8923067A-2596-4B85-8307-1EB58F64E168}C:\\program files\\bearshare applications\\bearshare\\bearshare.exe"= UDP:C:\program files\bearshare applications\bearshare\bearshare.exe:BearShare
     "UDP Query User{E8602E20-A7C7-46FD-BF4A-6D52FA2E379D}C:\\program files\\bearshare applications\\bearshare\\bearshare.exe"= TCP:C:\program files\bearshare applications\bearshare\bearshare.exe:BearShare
     "{F3FECF57-D924-4EED-98FC-DC53060C20E2}"= UDP:C:\Users\jamie\Downloads\BitTorrent\bittorrent.exe:BitTorrent
     "{EE5939C0-2DD4-42E1-8B20-E217EC039F49}"= TCP:C:\Users\jamie\Downloads\BitTorrent\bittorrent.exe:BitTorrent
     "TCP Query User{76B955E3-093C-4E47-8CF5-53D81892F69C}C:\\users\\jamie\\downloads\\bittorrent\\bittorrent.exe"= UDP:C:\users\jamie\downloads\bittorrent\bittorrent.exe:bittorrent.exe
     "UDP Query User{34F3F91F-26AD-4287-BFEF-0CC28D7CFEA8}C:\\users\\jamie\\downloads\\bittorrent\\bittorrent.exe"= TCP:C:\users\jamie\downloads\bittorrent\bittorrent.exe:bittorrent.exe
     "TCP Query User{23E44C77-539B-45CA-B0EB-5D09E6C5D0CF}C:\\users\\jamie\\program files\\dna\\btdna.exe"= UDP:C:\users\jamie\program files\dna\btdna.exe:btdna.exe
     "UDP Query User{96C4B857-E8B0-4A1F-936B-A4954005BB4E}C:\\users\\jamie\\program files\\dna\\btdna.exe"= TCP:C:\users\jamie\program files\dna\btdna.exe:btdna.exe
     "TCP Query User{B140F037-BFAD-4EC9-B0D7-A7490605CFD0}C:\\users\\jamie\\downloads\\azureus\\azureus.exe"= UDP:C:\users\jamie\downloads\azureus\azureus.exe:azureus.exe
     "UDP Query User{EDB903AE-810C-4F0D-BA0F-E36B37BBFF0B}C:\\users\\jamie\\downloads\\azureus\\azureus.exe"= TCP:C:\users\jamie\downloads\azureus\azureus.exe:azureus.exe

     [HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
     "DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

     [HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
     "C:\\Users\\jamie\\programma's\\BitTorrent\\bittorrent.exe"= C:\Users\jamie\programma's\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent
     "C:\\Users\\jamie\\Downloads\\BitTorrent\\bittorrent.exe"= C:\Users\jamie\Downloads\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent

     R2 BdFileSpy;BullGuard File Monitor Driver;C:\Windows\system32\drivers\BdFileSpy.sys [2008-03-17 21:13]
     R2 BsFileScan;BullGuard File Scan Service;C:\Windows\System32\svchost.exe [2006-11-02 11:45]
     R2 RapiMgr;Windows Mobile-based device connectivity;C:\Windows\system32\svchost.exe [2006-11-02 11:45]
     R2 TOSHIBA Bluetooth Service;TOSHIBA Bluetooth Service;C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe [2007-02-25 22:55]
     R2 WcesComm;Windows Mobile-2003-based device connectivity;C:\Windows\system32\svchost.exe [2006-11-02 11:45]
     R3 DCamUSBGene;GenesysLogic USB2.0 PC Camera;C:\Windows\system32\DRIVERS\usbgene.sys [2007-06-26 04:44]
     R3 netr28;Ralink 802.11n Wireless Driver for Windows Vista;C:\Windows\system32\DRIVERS\netr28.sys [2007-11-21 12:17]
     R3 Reconn;BullGuard Email Monitor;C:\Program Files\BullGuard Software\BullGuard\reconn.sys [2007-05-16 13:07]
     R3 RTSTOR;USB Mass Storage Device;C:\Windows\system32\drivers\RTSTOR.SYS [2007-11-09 23:30]

     [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
     bthsvcs REG_MULTI_SZ BthServ
     BullGuard REG_MULTI_SZ BgMainSvc BsFileScan BsMailProxy
     WindowsMobile REG_MULTI_SZ wcescomm rapimgr
     LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr

     .
     **************************************************************************

     catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
     Rootkit scan 2008-04-02 23:09:21
     Windows 6.0.6000 NTFS

     scannen van verborgen processen ...

     scannen van verborgen autostart items ...

     scannen van verborgen bestanden ...

     Scan succesvol afgerond
     verborgen bestanden: 0

     **************************************************************************
     .
     ------------------------ Other Running Processes ------------------------
     .
     C:\Program Files\BullGuard Software\BullGuard\BullGuardUpdate.exe
     C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
     C:\Program Files\Common Files\LightScribe\LSSrvc.exe
     C:\Windows\system32\WUDFHost.exe
     C:\Windows\system32\conime.exe
     C:\Windows\System32\rundll32.exe
     C:\Windows\System32\rundll32.exe
     C:\Windows\WindowsMobile\wmdc.exe
     C:\Windows\ehome\ehmsas.exe
     C:\Program Files\Windows Media Player\wmpnetwk.exe
     C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
     C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
     .
     **************************************************************************
     .
     Voltooingstijd: 2008-04-02 23:11:55 - machine was rebooted
     ComboFix-quarantined-files.txt 2008-04-02 21:11:46
     ComboFix2.txt 2008-04-02 20:49:20
     ComboFix3.txt 2008-04-02 19:30:37
     Pre-Run: 174,100,811,776 bytes beschikbaar
     Post-Run: 173,971,558,400 bytes beschikbaar
     .
     2008-04-02 14:28:49 --- E O F ---

     Comment


     • #6
      hij geeft nog steeds aan dat hij deze virus heeft

      Comment


      • #7
       ik heb mn laptop opnieuw opgestart en de virus scanner er opnieuw overheen gejaagd en nu hem ik die virus niet meer ik ben je zeer dankbaar !!!!

       echt knap dat je dat allemaal weet hoe je dat moet doen nogmaals bedankt

       Comment


       • #8
        Logje ziet er weer goed uit

        Deinstalleer Combofix:
        Ga naar start --> uitvoeren en typ daar: combofix /u
        Combofix wordt nu verwijderd en er wordt een nieuw herstelpunt aangemaakt.

        * Clean de Cache and Cookies in IE:

        * Sluit Internet Explorer.
        * Ga naar Configuratiescherm > Internet Opties > tab Algemeen
        * Klik de Cookies verwijderen knop
        * Klik op de Bestanden verwijderen knop ernaast
        * Vink aan: Ook alle off line items verwijderen, klik OK

        * Clean de Cache and Cookies in Firefox (In geval Firefox geïnstalleerd is):

        * Go to Extra > Opties.
        * Klik Privacy in het menu.
        * Klik op de knop wissen (Geschiedenis, Cookies, Cache).
        * Klik OK om het venster opnieuw te sluiten.

        * Clean andere Temporary files + Prullenbak

        * Ga naar Start > Uitvoeren en typ: cleanmgr en klik ok.
        * Laat het je systeem scannen op bestanden die moeten verwijderd worden
        * Zorg er wel voor dat je daar enkel maar 'tijdelijke bestanden', 'tijdelijke internetbestanden' en 'prullenbak' staan aangevinkt.
        * Klik daarna op OK.


        Groet,
        Pim
        Groet,
        Pimmerd

        Comment


        • #9
         tnhx

         Comment


         • #10
          Graag gedaan
          Groet,
          Pimmerd

          Comment

          Sorry, you are not authorized to view this page
          Working...
          X