Mededeling

**Pimmerd** · 27-04-08, 15:19

Volg deze instructies om ComboFix te downloaden:

Voer de instructies op de BleepingComputer pagina uit, inclusief het installeren van de XP Recovery Console
Indien je Combofix al eerder hebt gebruikt, gelieve die versie te verwijderen en Combofix opnieuw te downloaden via bovenstaande link, want Combofix wordt dagelijks geupdate.

OPMERKING: indien je, tijdens of na het downloaden van Combofix of tijdens het gebruik van Combofix een melding krijgt van je Antivirus- of een andere realtime scanner,
schakel dan deze scanner uit en download Combofix opnieuw.
Sommige scanners zien bepaalde componenten die Combofix gebruikt als verdacht en gaan deze blokkeren of verwijderen!
- Dubbelklik op Combofix.exe
  Tijdens het runnen van de fix, NIET in het venster klikken, want dit zal je pc doen vasthangen.
  Wanneer de fix voltooid is en na herstart, zal de log Combofix.txt openen.
Plaats deze log in je volgende post, samen met een vers HijackThis logje.

**splinter** · 27-04-08, 16:56

hey pimmerd,
Eerst en vooral dank voor de tijd. Zie dat je ver aan 1000 berichten zit, kan er binnekort een jubeleum gevierd worde

.
anyway, heb gedaan wat je vroeg en dit is de status nu:
-tijdens het rebooten kreeg ik de volgende melding: Er is een fout opgetreden bij het laden van c:\windows\system32\khfDwwus.dll
-virusscanner(bullguard) geeft nog steeds meldingen van verschillende trojans (waaronder de vundo)
-wel krijg ik voorlopig geen vervelende spam meer in IE

dit is de log van combofix:

ComboFix 08-04-26.3 - splinter_x 2008-04-27 16:35:05.4 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1043.18.1190 [GMT 2:00]
Gestart vanuit: C:\Users\splinter_x\Desktop\ComboFix.exe
.

(((((((((((((((((((( Bestanden Gemaakt van 2008-03-27 to 2008-04-27 ))))))))))))))))))))))))))))))
.

Geen nieuwe bestanden aangemaakt in deze periode

.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-27 12:04 13,260 ----a-w C:\Users\splinter_x\AppData\Roaming\nvModes.dat
2008-04-27 10:44 --------- d-----w C:\Program Files\Trend Micro
2008-04-27 10:06 --------- d-----w C:\ProgramData\Lavasoft
2008-04-27 09:54 --------- d-----w C:\Program Files\Lavasoft
2008-04-27 09:53 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-04-27 08:54 --------- d-----w C:\ProgramData\BullGuard
2008-04-25 23:48 --------- d-----w C:\Users\splinter_x\AppData\Roaming\Azureus
2008-04-25 12:30 --------- d-----w C:\ProgramData\emqhztmi
2008-04-25 11:13 --------- d-----w C:\Program Files\CCleaner
2008-04-25 10:04 --------- d-----w C:\Users\splinter_x\AppData\Roaming\PC-Cleaner
2008-04-25 09:59 --------- d-----w C:\Users\splinter_x\AppData\Roaming\BullGuard
2008-04-25 09:42 102,400 ----a-w C:\Windows\System32\rubarmhy.exe
2008-04-25 09:42 --------- d-----w C:\ProgramData\pkzkzehs
2008-04-24 23:47 --------- d-----w C:\Users\splinter_x\AppData\Roaming\LimeWire
2008-04-24 09:29 98,304 ----a-w C:\Windows\olgdqarf.exe
2008-04-24 09:29 90,112 ----a-w C:\Windows\wxvgsdbq.exe
2008-04-24 09:29 319,488 ----a-w C:\Windows\wdpoefan.dll
2008-04-24 09:29 270,336 ----a-w C:\Windows\qnmargolxgn.dll
2008-04-24 09:29 221,184 ----a-w C:\Windows\vadokmxt.dll
2008-04-22 20:55 --------- d-----w C:\Users\splinter_x\AppData\Roaming\Vso
2008-04-22 20:09 --------- d-----w C:\Program Files\DVD Decrypter
2008-04-22 19:50 --------- d-----w C:\Program Files\NeroInstall.bak
2008-04-22 19:42 --------- d-----w C:\Users\splinter_x\AppData\Roaming\Nero
2008-04-22 19:39 --------- d-----w C:\Program Files\Common Files\Nero
2008-04-22 19:36 --------- d-----w C:\ProgramData\Nero
2008-04-22 19:36 --------- d-----w C:\Program Files\Nero
2008-04-22 16:32 --------- d-----w C:\Program Files\MSXML 4.0
2008-04-20 16:01 --------- d-----w C:\Users\splinter_x\AppData\Roaming\COREL
2008-04-20 11:14 --------- d-----w C:\Program Files\Common Files\Ahead
2008-04-20 11:11 --------- d-----w C:\Users\splinter_x\AppData\Roaming\Ahead
2008-04-20 08:03 --------- d-----w C:\ProgramData\vsosdk
2008-04-19 21:23 --------- d-----w C:\ProgramData\NVIDIA
2008-04-18 21:25 --------- d-----w C:\Program Files\SubSync
2008-04-18 21:24 73,216 ----a-w C:\Windows\ST6UNST.EXE
2008-04-18 21:24 249,856 ------w C:\Windows\Setup1.exe
2008-04-18 17:23 --------- d-----w C:\Users\splinter_x\AppData\Roaming\vlc
2008-04-18 17:17 --------- d-----w C:\Program Files\VideoLAN
2008-04-16 19:10 47,360 ----a-w C:\Windows\system32\drivers\pcouffin.sys
2008-04-16 19:10 47,360 ----a-w C:\Users\splinter_x\AppData\Roaming\pcouffin.sys
2008-04-16 19:10 --------- d-----w C:\Program Files\VSO
2008-04-16 12:12 --------- d-----w C:\ProgramData\Azureus
2008-04-16 12:11 --------- d-----w C:\Program Files\Azureus
2008-04-16 07:23 --------- d-----w C:\Program Files\Common Files\Adobe
2008-04-12 12:18 --------- d-----w C:\Program Files\LimeWire
2008-04-12 11:30 174 --sha-w C:\Program Files\desktop.ini
2008-04-12 11:25 --------- d-----w C:\Program Files\Windows Mail
2008-04-12 11:25 --------- d-----w C:\Program Files\Windows Defender
2008-04-12 11:25 --------- d-----w C:\Program Files\Windows Calendar
2008-04-12 11:24 --------- d-----w C:\Program Files\Windows Sidebar
2008-04-12 11:18 87,040 ----a-w C:\Windows\System32\msoert2.dll
2008-04-12 11:18 39,424 ----a-w C:\Windows\System32\ACCTRES.dll
2008-04-12 11:18 205,824 ----a-w C:\Windows\System32\msoeacct.dll
2008-04-12 11:17 704,000 ----a-w C:\Windows\System32\PhotoScreensaver.scr
2008-04-12 11:15 194,560 ----a-w C:\Windows\System32\WebClnt.dll
2008-04-12 11:15 110,080 ----a-w C:\Windows\system32\drivers\mrxdav.sys
2008-04-12 11:11 49,664 ----a-w C:\Windows\System32\csrsrv.dll
2008-04-12 11:11 376,320 ----a-w C:\Windows\System32\winsrv.dll
2008-04-12 11:05 41,984 ----a-w C:\Windows\system32\drivers\monitor.sys
2008-04-12 11:05 1,060,920 ----a-w C:\Windows\system32\drivers\ntfs.sys
2008-04-12 11:03 414,208 ----a-w C:\Windows\System32\msscp.dll
2008-04-12 11:01 8,147,968 ----a-w C:\Windows\System32\wmploc.DLL
2008-04-12 11:00 7,680 ----a-w C:\Windows\System32\spwmp.dll
2008-04-12 11:00 4,096 ----a-w C:\Windows\System32\dxmasf.dll
2008-04-12 11:00 356,864 ----a-w C:\Windows\System32\MediaMetadataHandler.dll
2008-04-12 10:58 86,016 ----a-w C:\Windows\System32\icfupgd.dll
2008-04-12 10:58 63,488 ----a-w C:\Windows\system32\drivers\mpsdrv.sys
2008-04-12 10:58 61,952 ----a-w C:\Windows\System32\cmifw.dll
2008-04-12 10:58 396,800 ----a-w C:\Windows\System32\MPSSVC.dll
2008-04-12 10:58 392,192 ----a-w C:\Windows\System32\FirewallAPI.dll
2008-04-12 10:58 23,040 ----a-w C:\Windows\system32\drivers\tunnel.sys
2008-04-12 10:58 178,688 ----a-w C:\Windows\System32\iphlpsvc.dll
2008-04-12 10:58 16,896 ----a-w C:\Windows\System32\wfapigp.dll
2008-04-12 10:58 15,360 ----a-w C:\Windows\system32\drivers\TUNMP.SYS
2008-04-12 10:54 45,112 ----a-w C:\Windows\system32\drivers\pciidex.sys
2008-04-12 10:54 3,504,696 ----a-w C:\Windows\System32\ntkrnlpa.exe
2008-04-12 10:54 3,470,392 ----a-w C:\Windows\System32\ntoskrnl.exe
2008-04-12 10:54 211,000 ----a-w C:\Windows\system32\drivers\volsnap.sys
2008-04-12 10:54 21,560 ----a-w C:\Windows\system32\drivers\atapi.sys
2008-04-12 10:54 154,624 ----a-w C:\Windows\system32\drivers\nwifi.sys
2008-04-12 10:54 15,928 ----a-w C:\Windows\system32\drivers\pciide.sys
2008-04-12 10:54 110,136 ----a-w C:\Windows\system32\drivers\ataport.sys
2008-04-12 10:53 104,448 ----a-w C:\Windows\System32\DWWIN.EXE
2008-04-12 10:51 2,048 ----a-w C:\Windows\System32\msxml3r.dll
2008-04-12 10:51 1,191,936 ----a-w C:\Windows\System32\msxml3.dll
2008-04-12 10:49 803,328 ----a-w C:\Windows\system32\drivers\tcpip.sys
2008-04-12 10:49 24,064 ----a-w C:\Windows\System32\netcfg.exe
2008-04-12 10:49 22,016 ----a-w C:\Windows\System32\netiougc.exe
2008-04-12 10:49 216,632 ----a-w C:\Windows\system32\drivers\netio.sys
2008-04-12 10:49 167,424 ----a-w C:\Windows\System32\tcpipcfg.dll
2008-04-12 10:48 1,327,104 ----a-w C:\Windows\System32\quartz.dll
2008-04-12 10:44 1,585,664 ----a-w C:\Windows\System32\setupapi.dll
2008-04-12 10:41 82,432 ----a-w C:\Windows\system32\drivers\sdbus.sys
2008-04-12 10:41 2,027,008 ----a-w C:\Windows\System32\win32k.sys
2008-04-12 10:40 9,728 ----a-w C:\Windows\System32\LAPRXY.DLL
2008-04-12 10:40 223,232 ----a-w C:\Windows\System32\WMASF.DLL
2008-04-12 10:40 2,048 ----a-w C:\Windows\System32\asferror.dll
2008-04-12 10:39 57,856 ----a-w C:\Windows\System32\SLUINotify.dll
2008-04-12 10:39 566,784 ----a-w C:\Windows\System32\SLCommDlg.dll
2008-04-12 10:39 39,936 ----a-w C:\Windows\System32\slcinst.dll
2008-04-12 10:39 351,232 ----a-w C:\Windows\System32\SLUI.exe
.

((((((((((((((((((((((((((((( snapshot_2008-04-27_16.28.36,01 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-04-27 14:25:24 262,144 ----a-w C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\usrclass.dat
+ 2008-04-27 14:35:07 262,144 ----a-w C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\usrclass.dat
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7A6FD945-14B0-41F8-84FB-74DEF17528BB}]
2008-04-24 11:29 270336 --a------ C:\Windows\qnmargolxgn.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-04-12 12:35 1232896]
"BullGuard"="C:\Program Files\BullGuard Software\BullGuard\BullGuard.exe" [2008-04-12 14:25 308552]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 14:35 125440]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [ ]
"gwvoltmg"="C:\Windows\system32\rubarmhy.exe" [2008-04-25 11:42 102400]
"emqhztmi"="C:\ProgramData\emqhztmi\pmdonwrm.exe" [2008-04-25 14:30 90112]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2008-04-12 13:07 1006264]
"RtHDVCpl"="RtHDVCpl.exe" [2007-02-15 17:07 4390912 C:\Windows\RtHDVCpl.exe]
"LaunchAp"="C:\Program Files\Launch Manager\LaunchAp.exe" [2005-07-25 14:36 32768]
"HotkeyApp"="C:\Program Files\Launch Manager\HotkeyApp.exe" [2007-04-16 16:24 192512]
"CtrlVol"="C:\Program Files\Launch Manager\CtrlVol.exe" [ ]
"LMgrOSD"="C:\Program Files\Launch Manager\OSD.exe" [2006-12-26 12:23 180224]
"Wbutton"="C:\Program Files\Launch Manager\Wbutton.exe" [2006-11-09 15:37 86016]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2007-02-15 21:50 857648]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-01-13 10:40 90191]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-01-13 10:40 7766016]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-01-13 10:40 81920]
"BullGuard"="C:\Program Files\BullGuard Software\BullGuard\bullguard.exe" [2008-04-12 14:25 308552]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-08-11 17:30 81920]
"QuickFinder Scheduler"="C:\Program Files\WordPerfect Office X3\Programs\QFSCHD130.EXE" [2006-07-05 01:01 77892]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 02:11 132496]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-11-19 14:35 220160]
"toolbar_eula_launcher"="C:\Program Files\GoogleEULA\EULALauncher.exe" [2007-02-09 16:54 16896]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-02-18 16:29 2221352]
"MSServer"="C:\Windows\system32\khfDwwus.dll" [2008-04-25 11:43 40448]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]
"4b0wWc5XV0"= C:\ProgramData\pkzkzehs\rcvefudo.exe

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{D2376FB3-3D0D-414D-83AA-3AD6AD6B111F}"= C:\Windows\system32\khfDwwus.dll [2008-04-25 11:43 40448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"vadokmxt"= {C9D7719A-9B83-43D3-8692-59847C1B2DA8} - C:\Windows\vadokmxt.dll [2008-04-24 11:29 221184]
"wdpoefan"= {091710D8-A8AB-41D9-B404-0E437C154AC4} - C:\Windows\wdpoefan.dll [2008-04-24 11:29 319488]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{8CD56CE8-189D-4A9F-A0FF-0B5450E42179}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{ED89D8F1-34FB-4528-903A-8D17DE9049D0}"= UDP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire
"{D910A642-BE28-4CA3-9F3A-E31A8009A363}"= TCP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire
"TCP Query User{40AFE31E-81BB-4BE9-8BA6-2BBD90051468}C:\\program files\\common files\\nero\\nero web\\setupx.exe"= UDP:C:\program files\common files\nero\nero web\setupx.exe:Nero Installer
"UDP Query User{9693A19F-9B45-4326-A51D-992185CF1F42}C:\\program files\\common files\\nero\\nero web\\setupx.exe"= TCP:C:\program files\common files\nero\nero web\setupx.exe:Nero Installer

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

R1 Hotkey;Hotkey;C:\Windows\system32\drivers\Hotkey.sys [2003-04-28 12:27]
R2 BdFileSpy;BullGuard File Monitor Driver;C:\Windows\system32\drivers\BdFileSpy.sys [2008-04-12 11:52]
R2 BsFileScan;BullGuard File Scan Service;C:\Windows\System32\svchost.exe [2006-11-02 11:45]
R3 athrusb;Atheros Wireless LAN USB device driver;C:\Windows\system32\DRIVERS\athrusb.sys [2007-01-08 20:34]
R3 nvsmu;nvsmu;C:\Windows\system32\DRIVERS\nvsmu.sys [2006-09-15 08:44]
R3 Reconn;BullGuard Email Monitor;C:\Program Files\BullGuard Software\BullGuard\reconn.sys [2007-05-16 13:07]
R3 WisLMSvc;WisLMSvc;"C:\Program Files\Launch Manager\WisLMSvc.exe" [2006-11-17 21:45]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
BullGuard REG_MULTI_SZ BgMainSvc BsFileScan BsMailProxy

.
**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-27 16:36:17
Windows 6.0.6000 NTFS

scannen van verborgen processen ...

scannen van verborgen autostart items ...

scannen van verborgen bestanden ...

Scan succesvol afgerond
verborgen bestanden: 0

**************************************************************************
.
Voltooingstijd: 2008-04-27 16:36:56
ComboFix-quarantined-files.txt 2008-04-27 14:36:52
ComboFix2.txt 2008-04-27 14:29:04
ComboFix3.txt 2008-04-26 20:13:41
ComboFix4.txt 2008-04-25 12:32:16

Kan het bericht voor berichtnummer 0x2379 niet vinden in berichtenbestand voor Application.
Kan het bericht voor berichtnummer 0x2379 niet vinden in berichtenbestand voor Application.

195 --- E O F --- 2008-04-24 23:33:45

**splinter** · 27-04-08, 17:01

en dit de nieuwe Hijack:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:44:44, on 27/04/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16643)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\ProgramData\pkzkzehs\rcvefudo.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Launch Manager\LaunchAp.exe
C:\Program Files\Launch Manager\HotkeyApp.exe
C:\Program Files\Launch Manager\OSD.exe
C:\Program Files\Launch Manager\WButton.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\BullGuard Software\BullGuard\BullGuard.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\System32\rubarmhy.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Synaptics\SynTP\SynMedion.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Windows\System32\rundll32.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\Explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\SearchFilterHost.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.medion.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: DVA Gate - {7A6FD945-14B0-41F8-84FB-74DEF17528BB} - C:\Windows\qnmargolxgn.dll (file missing)
O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: (no name) - {B21EAD36-EC0C-4B82-B102-1AB20B481977} - (no file)
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [LaunchAp] "C:\Program Files\Launch Manager\LaunchAp.exe"
O4 - HKLM\..\Run: [HotkeyApp] "C:\Program Files\Launch Manager\HotkeyApp.exe"
O4 - HKLM\..\Run: [CtrlVol] "C:\Program Files\Launch Manager\CtrlVol.exe"
O4 - HKLM\..\Run: [LMgrOSD] "C:\Program Files\Launch Manager\OSD.exe"
O4 - HKLM\..\Run: [Wbutton] "C:\Program Files\Launch Manager\Wbutton.exe"
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [BullGuard] "C:\Program Files\BullGuard Software\BullGuard\bullguard.exe" -boot
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [QuickFinder Scheduler] "C:\Program Files\WordPerfect Office X3\Programs\QFSCHD130.EXE"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [toolbar_eula_launcher] C:\Program Files\GoogleEULA\EULALauncher.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [MSServer] rundll32.exe C:\Windows\system32\khfDwwus.dll,#1
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [BullGuard] "C:\Program Files\BullGuard Software\BullGuard\BullGuard.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [gwvoltmg] C:\Windows\system32\rubarmhy.exe
O4 - HKCU\..\Run: [emqhztmi] C:\ProgramData\emqhztmi\pmdonwrm.exe
O4 - HKCU\..\Run: [cmds] rundll32.exe C:\Users\SPLINT~1\AppData\Local\Temp\fccccCTJ.dll,c
O4 - HKCU\..\Run: [e096188d] rundll32.exe "C:\Users\SPLINT~1\AppData\Local\Temp\lgvdkuuk.dll",b
O4 - HKCU\..\Run: [BMe3a52b11] Rundll32.exe "C:\Users\SPLINT~1\AppData\Local\Temp\wwpxvkmr.dll",s
O4 - HKLM\..\Policies\Explorer\Run: [4b0wWc5XV0] C:\ProgramData\pkzkzehs\rcvefudo.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O8 - Extra context menu item: Open with WordPerfect - C:\Program Files\WordPerfect Office X3\Programs\WPLauncher.hta
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O13 - Gopher Prefix:
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
O21 - SSODL: vadokmxt - {C9D7719A-9B83-43D3-8692-59847C1B2DA8} - C:\Windows\vadokmxt.dll (file missing)
O21 - SSODL: wdpoefan - {091710D8-A8AB-41D9-B404-0E437C154AC4} - C:\Windows\wdpoefan.dll (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: BullGuard LiveUpdate (BGLiveSvc) - BullGuard Software - C:\Program Files\BullGuard Software\BullGuard\BullGuardUpdate.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktopManager.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\system32\IoctlSvc.exe
O23 - Service: WisLMSvc - Wistron Corp. - C:\Program Files\Launch Manager\WisLMSvc.exe

--
End of file - 7893 bytes

Greetz,
SPLINTER

**Pimmerd** · 27-04-08, 22:17

Open Kladblok, kopiëer en plak het volgende (vetgedrukte tekst) in een leeg venster:

File::
C:\Windows\System32\rubarmhy.exe
C:\Windows\olgdqarf.exe
C:\Windows\wxvgsdbq.exe
C:\Windows\wdpoefan.dll
C:\Windows\qnmargolxgn.dll
C:\Windows\vadokmxt.dll
C:\Windows\Setup1.exe
C:\Windows\system32\khfDwwus.dll

Folder::
C:\ProgramData\pkzkzehs

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7A6FD945-14B0-41F8-84FB-74DEF17528BB}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"gwvoltmg"=-
"emqhztmi"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSServer"=-
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]
"4b0wWc5XV0"=-
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{D2376FB3-3D0D-414D-83AA-3AD6AD6B111F}"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"vadokmxt"=-
"wdpoefan"=-

Sla dit op op je Bureaublad als CFScript.txt

Sleep CFScript.txt in ComboFix.exe zoals getoond in onderstaand voorbeeld :

Dit zal ComboFix doen herstarten.
Start opnieuw op als daarom gevraagd wordt,
en post de inhoud van de Combofix.txt in je volgende antwoord samen met een nieuw HijackThislogje.

Hoe is het met je problemen?

**splinter** · 29-04-08, 19:28

Hey pimmerd,
Heb gedaan wat je gevraagd hebt

Bullguard vindt echter nog twee virussen, met name
de trojan.vundo (lijkt me wel ee harnekkig virus hé

) en een nieuwe
Adware.systemerrorfixer. We zijn er bijna

Combo log:

ComboFix 08-04-28.2 - splinter_x 2008-04-29 19:11:56.6 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1043.18.1244 [GMT 2:00]
Gestart vanuit: C:\Users\splinter_x\Desktop\ComboFix.exe
Command switches used :: C:\Users\splinter_x\Desktop\CFScript.txt
* Nieuw herstelpunt werd aangemaakt

FILE ::
C:\Windows\olgdqarf.exe
C:\Windows\qnmargolxgn.dll
C:\Windows\Setup1.exe
C:\Windows\system32\khfDwwus.dll
C:\Windows\System32\rubarmhy.exe
C:\Windows\vadokmxt.dll
C:\Windows\wdpoefan.dll
C:\Windows\wxvgsdbq.exe
.

(((((((((((((((((((( Bestanden Gemaakt van 2008-03-28 to 2008-04-29 ))))))))))))))))))))))))))))))
.

Geen nieuwe bestanden aangemaakt in deze periode

.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-29 16:13 --------- d-----w C:\ProgramData\BullGuard
2008-04-29 16:12 13,260 ----a-w C:\Users\splinter_x\AppData\Roaming\nvModes.dat
2008-04-28 22:13 --------- d-----w C:\Users\splinter_x\AppData\Roaming\Vso
2008-04-28 18:33 --------- d-----w C:\Users\splinter_x\AppData\Roaming\BullGuard
2008-04-27 21:05 --------- d-----w C:\Users\splinter_x\AppData\Roaming\Azureus
2008-04-27 17:42 --------- d-----w C:\Program Files\K-Lite Codec Pack
2008-04-27 14:40 --------- d-----w C:\ProgramData\gqkqwnsw
2008-04-27 10:44 --------- d-----w C:\Program Files\Trend Micro
2008-04-27 10:06 --------- d-----w C:\ProgramData\Lavasoft
2008-04-27 09:54 --------- d-----w C:\Program Files\Lavasoft
2008-04-27 09:53 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-04-25 12:30 --------- d-----w C:\ProgramData\emqhztmi
2008-04-25 11:13 --------- d-----w C:\Program Files\CCleaner
2008-04-25 10:04 --------- d-----w C:\Users\splinter_x\AppData\Roaming\PC-Cleaner
2008-04-24 23:47 --------- d-----w C:\Users\splinter_x\AppData\Roaming\LimeWire
2008-04-22 20:09 --------- d-----w C:\Program Files\DVD Decrypter
2008-04-22 19:50 --------- d-----w C:\Program Files\NeroInstall.bak
2008-04-22 19:42 --------- d-----w C:\Users\splinter_x\AppData\Roaming\Nero
2008-04-22 19:39 --------- d-----w C:\Program Files\Common Files\Nero
2008-04-22 19:36 --------- d-----w C:\ProgramData\Nero
2008-04-22 19:36 --------- d-----w C:\Program Files\Nero
2008-04-22 16:32 --------- d-----w C:\Program Files\MSXML 4.0
2008-04-20 16:01 --------- d-----w C:\Users\splinter_x\AppData\Roaming\COREL
2008-04-20 11:14 --------- d-----w C:\Program Files\Common Files\Ahead
2008-04-20 11:11 --------- d-----w C:\Users\splinter_x\AppData\Roaming\Ahead
2008-04-20 08:03 --------- d-----w C:\ProgramData\vsosdk
2008-04-19 21:23 --------- d-----w C:\ProgramData\NVIDIA
2008-04-18 21:25 --------- d-----w C:\Program Files\SubSync
2008-04-18 21:24 73,216 ----a-w C:\Windows\ST6UNST.EXE
2008-04-18 17:23 --------- d-----w C:\Users\splinter_x\AppData\Roaming\vlc
2008-04-18 17:17 --------- d-----w C:\Program Files\VideoLAN
2008-04-16 19:10 47,360 ----a-w C:\Windows\system32\drivers\pcouffin.sys
2008-04-16 19:10 47,360 ----a-w C:\Users\splinter_x\AppData\Roaming\pcouffin.sys
2008-04-16 19:10 --------- d-----w C:\Program Files\VSO
2008-04-16 12:12 --------- d-----w C:\ProgramData\Azureus
2008-04-16 12:11 --------- d-----w C:\Program Files\Azureus
2008-04-16 07:23 --------- d-----w C:\Program Files\Common Files\Adobe
2008-04-12 12:18 --------- d-----w C:\Program Files\LimeWire
2008-04-12 11:30 174 --sha-w C:\Program Files\desktop.ini
2008-04-12 11:25 --------- d-----w C:\Program Files\Windows Mail
2008-04-12 11:25 --------- d-----w C:\Program Files\Windows Defender
2008-04-12 11:25 --------- d-----w C:\Program Files\Windows Calendar
2008-04-12 11:24 --------- d-----w C:\Program Files\Windows Sidebar
2008-04-12 11:18 87,040 ----a-w C:\Windows\System32\msoert2.dll
2008-04-12 11:18 39,424 ----a-w C:\Windows\System32\ACCTRES.dll
2008-04-12 11:18 205,824 ----a-w C:\Windows\System32\msoeacct.dll
2008-04-12 11:17 704,000 ----a-w C:\Windows\System32\PhotoScreensaver.scr
2008-04-12 11:15 194,560 ----a-w C:\Windows\System32\WebClnt.dll
2008-04-12 11:15 110,080 ----a-w C:\Windows\system32\drivers\mrxdav.sys
2008-04-12 11:11 49,664 ----a-w C:\Windows\System32\csrsrv.dll
2008-04-12 11:11 376,320 ----a-w C:\Windows\System32\winsrv.dll
2008-04-12 11:05 41,984 ----a-w C:\Windows\system32\drivers\monitor.sys
2008-04-12 11:05 1,060,920 ----a-w C:\Windows\system32\drivers\ntfs.sys
2008-04-12 11:03 414,208 ----a-w C:\Windows\System32\msscp.dll
2008-04-12 11:01 8,147,968 ----a-w C:\Windows\System32\wmploc.DLL
2008-04-12 11:00 7,680 ----a-w C:\Windows\System32\spwmp.dll
2008-04-12 11:00 4,096 ----a-w C:\Windows\System32\dxmasf.dll
2008-04-12 11:00 356,864 ----a-w C:\Windows\System32\MediaMetadataHandler.dll
2008-04-12 10:58 86,016 ----a-w C:\Windows\System32\icfupgd.dll
2008-04-12 10:58 63,488 ----a-w C:\Windows\system32\drivers\mpsdrv.sys
2008-04-12 10:58 61,952 ----a-w C:\Windows\System32\cmifw.dll
2008-04-12 10:58 396,800 ----a-w C:\Windows\System32\MPSSVC.dll
2008-04-12 10:58 392,192 ----a-w C:\Windows\System32\FirewallAPI.dll
2008-04-12 10:58 23,040 ----a-w C:\Windows\system32\drivers\tunnel.sys
2008-04-12 10:58 178,688 ----a-w C:\Windows\System32\iphlpsvc.dll
2008-04-12 10:58 16,896 ----a-w C:\Windows\System32\wfapigp.dll
2008-04-12 10:58 15,360 ----a-w C:\Windows\system32\drivers\TUNMP.SYS
2008-04-12 10:54 45,112 ----a-w C:\Windows\system32\drivers\pciidex.sys
2008-04-12 10:54 3,504,696 ----a-w C:\Windows\System32\ntkrnlpa.exe
2008-04-12 10:54 3,470,392 ----a-w C:\Windows\System32\ntoskrnl.exe
2008-04-12 10:54 211,000 ----a-w C:\Windows\system32\drivers\volsnap.sys
2008-04-12 10:54 21,560 ----a-w C:\Windows\system32\drivers\atapi.sys
2008-04-12 10:54 154,624 ----a-w C:\Windows\system32\drivers\nwifi.sys
2008-04-12 10:54 15,928 ----a-w C:\Windows\system32\drivers\pciide.sys
2008-04-12 10:54 110,136 ----a-w C:\Windows\system32\drivers\ataport.sys
2008-04-12 10:53 104,448 ----a-w C:\Windows\System32\DWWIN.EXE
2008-04-12 10:51 2,048 ----a-w C:\Windows\System32\msxml3r.dll
2008-04-12 10:51 1,191,936 ----a-w C:\Windows\System32\msxml3.dll
2008-04-12 10:49 803,328 ----a-w C:\Windows\system32\drivers\tcpip.sys
2008-04-12 10:49 24,064 ----a-w C:\Windows\System32\netcfg.exe
2008-04-12 10:49 22,016 ----a-w C:\Windows\System32\netiougc.exe
2008-04-12 10:49 216,632 ----a-w C:\Windows\system32\drivers\netio.sys
2008-04-12 10:49 167,424 ----a-w C:\Windows\System32\tcpipcfg.dll
2008-04-12 10:48 1,327,104 ----a-w C:\Windows\System32\quartz.dll
2008-04-12 10:44 1,585,664 ----a-w C:\Windows\System32\setupapi.dll
2008-04-12 10:41 82,432 ----a-w C:\Windows\system32\drivers\sdbus.sys
2008-04-12 10:41 2,027,008 ----a-w C:\Windows\System32\win32k.sys
2008-04-12 10:40 9,728 ----a-w C:\Windows\System32\LAPRXY.DLL
2008-04-12 10:40 223,232 ----a-w C:\Windows\System32\WMASF.DLL
2008-04-12 10:40 2,048 ----a-w C:\Windows\System32\asferror.dll
2008-04-12 10:39 57,856 ----a-w C:\Windows\System32\SLUINotify.dll
2008-04-12 10:39 566,784 ----a-w C:\Windows\System32\SLCommDlg.dll
2008-04-12 10:39 39,936 ----a-w C:\Windows\System32\slcinst.dll
2008-04-12 10:39 351,232 ----a-w C:\Windows\System32\SLUI.exe
2008-04-12 10:39 33,280 ----a-w C:\Windows\System32\slwmi.dll
2008-04-12 10:39 296,448 ----a-w C:\Windows\System32\gdi32.dll
2008-04-12 10:39 268,288 ----a-w C:\Windows\System32\mcbuilder.exe
2008-04-12 10:39 223,232 ----a-w C:\Windows\System32\SLC.dll
2008-04-12 10:39 2,605,568 ----a-w C:\Windows\System32\SLsvc.exe
2008-04-12 10:39 186,368 ----a-w C:\Windows\System32\SLLUA.exe
.

((((((((((((((((((((((((((((( snapshot_2008-04-27_23.11.56.12 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-04-27 21:06:36 67,584 --s-a-w C:\Windows\bootstat.dat
+ 2008-04-29 16:11:31 67,584 --s-a-w C:\Windows\bootstat.dat
- 2008-04-27 21:06:36 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2008-04-29 16:11:32 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2008-04-27 21:06:36 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2008-04-29 16:11:32 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2008-04-27 21:08:39 262,144 ----a-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\usrclass.dat
+ 2008-04-29 16:26:41 262,144 ----a-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\usrclass.dat
- 2008-04-27 21:09:18 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2008-04-29 16:13:04 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2008-04-29 16:13:04 262,144 ---ha-w C:\Windows\ServiceProfiles\LocalService\ntuser.dat.LOG1
- 2008-04-27 21:08:38 262,144 ----a-w C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\usrclass.dat
+ 2008-04-29 17:11:26 262,144 ----a-w C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\usrclass.dat
- 2008-04-27 21:09:18 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2008-04-29 16:12:58 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2008-04-29 16:12:58 262,144 ---ha-w C:\Windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1
- 2008-04-27 14:26:03 262,144 ----a-w C:\Windows\System32\config\systemprofile\ntuser.dat
+ 2008-04-29 17:11:52 262,144 ----a-w C:\Windows\System32\config\systemprofile\ntuser.dat
- 2008-04-27 15:03:03 103,924 ----a-w C:\Windows\System32\perfc009.dat
+ 2008-04-29 16:15:57 103,924 ----a-w C:\Windows\System32\perfc009.dat
- 2008-04-27 15:03:04 122,796 ----a-w C:\Windows\System32\perfc013.dat
+ 2008-04-29 16:15:57 122,796 ----a-w C:\Windows\System32\perfc013.dat
- 2008-04-27 15:03:03 610,142 ----a-w C:\Windows\System32\perfh009.dat
+ 2008-04-29 16:15:57 610,142 ----a-w C:\Windows\System32\perfh009.dat
- 2008-04-27 15:03:04 689,618 ----a-w C:\Windows\System32\perfh013.dat
+ 2008-04-29 16:15:57 689,618 ----a-w C:\Windows\System32\perfh013.dat
- 2008-04-27 14:59:43 3,242 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2804389587-1086438779-3256742696-1000_UserData.bin
+ 2008-04-29 16:13:28 3,662 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2804389587-1086438779-3256742696-1000_UserData.bin
- 2008-04-27 14:59:43 47,284 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2008-04-29 16:13:27 47,494 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2008-04-27 14:59:41 30,412 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2008-04-29 16:13:26 31,736 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-04-12 12:35 1232896]
"BullGuard"="C:\Program Files\BullGuard Software\BullGuard\BullGuard.exe" [2008-04-12 14:25 308552]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 14:35 125440]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [ ]
"gqkqwnsw"="C:\ProgramData\gqkqwnsw\mxgxirqt.exe" [2008-04-27 16:40 114688]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2008-04-12 13:07 1006264]
"RtHDVCpl"="RtHDVCpl.exe" [2007-02-15 17:07 4390912 C:\Windows\RtHDVCpl.exe]
"LaunchAp"="C:\Program Files\Launch Manager\LaunchAp.exe" [2005-07-25 14:36 32768]
"HotkeyApp"="C:\Program Files\Launch Manager\HotkeyApp.exe" [2007-04-16 16:24 192512]
"CtrlVol"="C:\Program Files\Launch Manager\CtrlVol.exe" [ ]
"LMgrOSD"="C:\Program Files\Launch Manager\OSD.exe" [2006-12-26 12:23 180224]
"Wbutton"="C:\Program Files\Launch Manager\Wbutton.exe" [2006-11-09 15:37 86016]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2007-02-15 21:50 857648]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-01-13 10:40 90191]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-01-13 10:40 7766016]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-01-13 10:40 81920]
"BullGuard"="C:\Program Files\BullGuard Software\BullGuard\bullguard.exe" [2008-04-12 14:25 308552]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-08-11 17:30 81920]
"QuickFinder Scheduler"="C:\Program Files\WordPerfect Office X3\Programs\QFSCHD130.EXE" [2006-07-05 01:01 77892]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 02:11 132496]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-11-19 14:35 220160]
"toolbar_eula_launcher"="C:\Program Files\GoogleEULA\EULALauncher.exe" [2007-02-09 16:54 16896]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-02-18 16:29 2221352]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.l3fhg"= mp3fhg.acm
"msacm.divxa32"= divxa32.acm

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{8CD56CE8-189D-4A9F-A0FF-0B5450E42179}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{ED89D8F1-34FB-4528-903A-8D17DE9049D0}"= UDP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire
"{D910A642-BE28-4CA3-9F3A-E31A8009A363}"= TCP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire
"TCP Query User{40AFE31E-81BB-4BE9-8BA6-2BBD90051468}C:\\program files\\common files\\nero\\nero web\\setupx.exe"= UDP:C:\program files\common files\nero\nero web\setupx.exe:Nero Installer
"UDP Query User{9693A19F-9B45-4326-A51D-992185CF1F42}C:\\program files\\common files\\nero\\nero web\\setupx.exe"= TCP:C:\program files\common files\nero\nero web\setupx.exe:Nero Installer

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

R1 Hotkey;Hotkey;C:\Windows\system32\drivers\Hotkey.sys [2003-04-28 12:27]
R2 BdFileSpy;BullGuard File Monitor Driver;C:\Windows\system32\drivers\BdFileSpy.sys [2008-04-12 11:52]
R2 BsFileScan;BullGuard File Scan Service;C:\Windows\System32\svchost.exe [2006-11-02 11:45]
R3 athrusb;Atheros Wireless LAN USB device driver;C:\Windows\system32\DRIVERS\athrusb.sys [2007-01-08 20:34]
R3 nvsmu;nvsmu;C:\Windows\system32\DRIVERS\nvsmu.sys [2006-09-15 08:44]
R3 Reconn;BullGuard Email Monitor;C:\Program Files\BullGuard Software\BullGuard\reconn.sys [2007-05-16 13:07]
R3 WisLMSvc;WisLMSvc;"C:\Program Files\Launch Manager\WisLMSvc.exe" [2006-11-17 21:45]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
BullGuard REG_MULTI_SZ BgMainSvc BsFileScan BsMailProxy

*Newly Created Service* - CATCHME
.
**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-29 19:13:21
Windows 6.0.6000 NTFS

scannen van verborgen processen ...

scannen van verborgen autostart items ...

scannen van verborgen bestanden ...

Scan succesvol afgerond
verborgen bestanden: 0

**************************************************************************
.
Voltooingstijd: 2008-04-29 19:14:11
ComboFix-quarantined-files.txt 2008-04-29 17:13:58
ComboFix2.txt 2008-04-27 21:12:39
ComboFix3.txt 2008-04-27 14:36:57
ComboFix4.txt 2008-04-27 14:29:04
ComboFix5.txt 2008-04-26 20:13:41

Kan het bericht voor berichtnummer 0x2379 niet vinden in berichtenbestand voor Application.
Kan het bericht voor berichtnummer 0x2379 niet vinden in berichtenbestand voor Application.

232 --- E O F --- 2008-04-24 23:33:45

Hijack:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:44:44, on 27/04/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16643)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\ProgramData\pkzkzehs\rcvefudo.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Launch Manager\LaunchAp.exe
C:\Program Files\Launch Manager\HotkeyApp.exe
C:\Program Files\Launch Manager\OSD.exe
C:\Program Files\Launch Manager\WButton.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\BullGuard Software\BullGuard\BullGuard.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\System32\rubarmhy.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Synaptics\SynTP\SynMedion.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Windows\System32\rundll32.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\Explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\SearchFilterHost.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.medion.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: DVA Gate - {7A6FD945-14B0-41F8-84FB-74DEF17528BB} - C:\Windows\qnmargolxgn.dll (file missing)
O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: (no name) - {B21EAD36-EC0C-4B82-B102-1AB20B481977} - (no file)
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [LaunchAp] "C:\Program Files\Launch Manager\LaunchAp.exe"
O4 - HKLM\..\Run: [HotkeyApp] "C:\Program Files\Launch Manager\HotkeyApp.exe"
O4 - HKLM\..\Run: [CtrlVol] "C:\Program Files\Launch Manager\CtrlVol.exe"
O4 - HKLM\..\Run: [LMgrOSD] "C:\Program Files\Launch Manager\OSD.exe"
O4 - HKLM\..\Run: [Wbutton] "C:\Program Files\Launch Manager\Wbutton.exe"
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [BullGuard] "C:\Program Files\BullGuard Software\BullGuard\bullguard.exe" -boot
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [QuickFinder Scheduler] "C:\Program Files\WordPerfect Office X3\Programs\QFSCHD130.EXE"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [toolbar_eula_launcher] C:\Program Files\GoogleEULA\EULALauncher.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [MSServer] rundll32.exe C:\Windows\system32\khfDwwus.dll,#1
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [BullGuard] "C:\Program Files\BullGuard Software\BullGuard\BullGuard.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [gwvoltmg] C:\Windows\system32\rubarmhy.exe
O4 - HKCU\..\Run: [emqhztmi] C:\ProgramData\emqhztmi\pmdonwrm.exe
O4 - HKCU\..\Run: [cmds] rundll32.exe C:\Users\SPLINT~1\AppData\Local\Temp\fccccCTJ.dll,c
O4 - HKCU\..\Run: [e096188d] rundll32.exe "C:\Users\SPLINT~1\AppData\Local\Temp\lgvdkuuk.dll",b
O4 - HKCU\..\Run: [BMe3a52b11] Rundll32.exe "C:\Users\SPLINT~1\AppData\Local\Temp\wwpxvkmr.dll",s
O4 - HKLM\..\Policies\Explorer\Run: [4b0wWc5XV0] C:\ProgramData\pkzkzehs\rcvefudo.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O8 - Extra context menu item: Open with WordPerfect - C:\Program Files\WordPerfect Office X3\Programs\WPLauncher.hta
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O13 - Gopher Prefix:
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
O21 - SSODL: vadokmxt - {C9D7719A-9B83-43D3-8692-59847C1B2DA8} - C:\Windows\vadokmxt.dll (file missing)
O21 - SSODL: wdpoefan - {091710D8-A8AB-41D9-B404-0E437C154AC4} - C:\Windows\wdpoefan.dll (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: BullGuard LiveUpdate (BGLiveSvc) - BullGuard Software - C:\Program Files\BullGuard Software\BullGuard\BullGuardUpdate.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktopManager.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\system32\IoctlSvc.exe
O23 - Service: WisLMSvc - Wistron Corp. - C:\Program Files\Launch Manager\WisLMSvc.exe

--
End of file - 7893 bytes

greetz,
SPLINTER

**Pimmerd** · 01-05-08, 14:46

Open Kladblok, kopiëer en plak het volgende (vetgedrukte tekst) in een leeg venster:

File::
C:\ProgramData\gqkqwnsw
C:\ProgramData\emqhztmi

Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"gqkqwnsw"=-

Sla dit op op je Bureaublad als CFScript.txt

Sleep CFScript.txt in ComboFix.exe zoals getoond in onderstaand voorbeeld :

Dit zal ComboFix doen herstarten.
Start opnieuw op als daarom gevraagd wordt,
en post de inhoud van de Combofix.txt in je volgende antwoord samen met een nieuw HijackThislogje.

Hoe is het met je problemen?
Indien Bullgard nog iets vind, kan je de exacte locatie eens vermelden?

**splinter** · 01-05-08, 15:30

hey pimmerd,

Beide virussen zijn nog steeds aanwezig

locatie van Trojan.vundo.EIO -> C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32

locatie van Adware.SystemErrorFixer.A ->
C:\USERS\SPLINTER_X\APPDATA\LOCAL\MICROSOFT\WINDOWS INTERNET FILES\LOW\CONTENT.IE5\QSS0SZTR

combofix lof:

ComboFix 08-04-28.2 - splinter_x 2008-05-01 14:51:10.7 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1043.18.1209 [GMT 2:00]
Gestart vanuit: C:\Users\splinter_x\Desktop\ComboFix.exe
Command switches used :: C:\Users\splinter_x\Desktop\CFScript.txt
* Nieuw herstelpunt werd aangemaakt

FILE ::
C:\ProgramData\emqhztmi
C:\ProgramData\gqkqwnsw
.

(((((((((((((((((((( Bestanden Gemaakt van 2008-04-01 to 2008-05-01 ))))))))))))))))))))))))))))))
.

Geen nieuwe bestanden aangemaakt in deze periode

.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-01 12:46 --------- d-----w C:\Users\splinter_x\AppData\Roaming\Vso
2008-04-30 20:27 --------- d-----w C:\ProgramData\BullGuard
2008-04-29 16:12 13,260 ----a-w C:\Users\splinter_x\AppData\Roaming\nvModes.dat
2008-04-28 18:33 --------- d-----w C:\Users\splinter_x\AppData\Roaming\BullGuard
2008-04-27 21:05 --------- d-----w C:\Users\splinter_x\AppData\Roaming\Azureus
2008-04-27 17:42 --------- d-----w C:\Program Files\K-Lite Codec Pack
2008-04-27 14:40 --------- d-----w C:\ProgramData\gqkqwnsw
2008-04-27 10:44 --------- d-----w C:\Program Files\Trend Micro
2008-04-27 10:06 --------- d-----w C:\ProgramData\Lavasoft
2008-04-27 09:54 --------- d-----w C:\Program Files\Lavasoft
2008-04-27 09:53 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-04-25 12:30 --------- d-----w C:\ProgramData\emqhztmi
2008-04-25 11:13 --------- d-----w C:\Program Files\CCleaner
2008-04-25 10:04 --------- d-----w C:\Users\splinter_x\AppData\Roaming\PC-Cleaner
2008-04-24 23:47 --------- d-----w C:\Users\splinter_x\AppData\Roaming\LimeWire
2008-04-22 20:09 --------- d-----w C:\Program Files\DVD Decrypter
2008-04-22 19:50 --------- d-----w C:\Program Files\NeroInstall.bak
2008-04-22 19:42 --------- d-----w C:\Users\splinter_x\AppData\Roaming\Nero
2008-04-22 19:39 --------- d-----w C:\Program Files\Common Files\Nero
2008-04-22 19:36 --------- d-----w C:\ProgramData\Nero
2008-04-22 19:36 --------- d-----w C:\Program Files\Nero
2008-04-22 16:32 --------- d-----w C:\Program Files\MSXML 4.0
2008-04-20 16:01 --------- d-----w C:\Users\splinter_x\AppData\Roaming\COREL
2008-04-20 11:14 --------- d-----w C:\Program Files\Common Files\Ahead
2008-04-20 11:11 --------- d-----w C:\Users\splinter_x\AppData\Roaming\Ahead
2008-04-20 08:03 --------- d-----w C:\ProgramData\vsosdk
2008-04-19 21:23 --------- d-----w C:\ProgramData\NVIDIA
2008-04-18 21:25 --------- d-----w C:\Program Files\SubSync
2008-04-18 21:24 73,216 ----a-w C:\Windows\ST6UNST.EXE
2008-04-18 17:23 --------- d-----w C:\Users\splinter_x\AppData\Roaming\vlc
2008-04-18 17:17 --------- d-----w C:\Program Files\VideoLAN
2008-04-16 19:10 47,360 ----a-w C:\Windows\system32\drivers\pcouffin.sys
2008-04-16 19:10 47,360 ----a-w C:\Users\splinter_x\AppData\Roaming\pcouffin.sys
2008-04-16 19:10 --------- d-----w C:\Program Files\VSO
2008-04-16 12:12 --------- d-----w C:\ProgramData\Azureus
2008-04-16 12:11 --------- d-----w C:\Program Files\Azureus
2008-04-16 07:23 --------- d-----w C:\Program Files\Common Files\Adobe
2008-04-12 12:18 --------- d-----w C:\Program Files\LimeWire
2008-04-12 11:30 174 --sha-w C:\Program Files\desktop.ini
2008-04-12 11:25 --------- d-----w C:\Program Files\Windows Mail
2008-04-12 11:25 --------- d-----w C:\Program Files\Windows Defender
2008-04-12 11:25 --------- d-----w C:\Program Files\Windows Calendar
2008-04-12 11:24 --------- d-----w C:\Program Files\Windows Sidebar
2008-04-12 11:18 87,040 ----a-w C:\Windows\System32\msoert2.dll
2008-04-12 11:18 39,424 ----a-w C:\Windows\System32\ACCTRES.dll
2008-04-12 11:18 205,824 ----a-w C:\Windows\System32\msoeacct.dll
2008-04-12 11:17 704,000 ----a-w C:\Windows\System32\PhotoScreensaver.scr
2008-04-12 11:15 194,560 ----a-w C:\Windows\System32\WebClnt.dll
2008-04-12 11:15 110,080 ----a-w C:\Windows\system32\drivers\mrxdav.sys
2008-04-12 11:11 49,664 ----a-w C:\Windows\System32\csrsrv.dll
2008-04-12 11:11 376,320 ----a-w C:\Windows\System32\winsrv.dll
2008-04-12 11:05 41,984 ----a-w C:\Windows\system32\drivers\monitor.sys
2008-04-12 11:05 1,060,920 ----a-w C:\Windows\system32\drivers\ntfs.sys
2008-04-12 11:03 414,208 ----a-w C:\Windows\System32\msscp.dll
2008-04-12 11:01 8,147,968 ----a-w C:\Windows\System32\wmploc.DLL
2008-04-12 11:00 7,680 ----a-w C:\Windows\System32\spwmp.dll
2008-04-12 11:00 4,096 ----a-w C:\Windows\System32\dxmasf.dll
2008-04-12 11:00 356,864 ----a-w C:\Windows\System32\MediaMetadataHandler.dll
2008-04-12 10:58 86,016 ----a-w C:\Windows\System32\icfupgd.dll
2008-04-12 10:58 63,488 ----a-w C:\Windows\system32\drivers\mpsdrv.sys
2008-04-12 10:58 61,952 ----a-w C:\Windows\System32\cmifw.dll
2008-04-12 10:58 396,800 ----a-w C:\Windows\System32\MPSSVC.dll
2008-04-12 10:58 392,192 ----a-w C:\Windows\System32\FirewallAPI.dll
2008-04-12 10:58 23,040 ----a-w C:\Windows\system32\drivers\tunnel.sys
2008-04-12 10:58 178,688 ----a-w C:\Windows\System32\iphlpsvc.dll
2008-04-12 10:58 16,896 ----a-w C:\Windows\System32\wfapigp.dll
2008-04-12 10:58 15,360 ----a-w C:\Windows\system32\drivers\TUNMP.SYS
2008-04-12 10:54 45,112 ----a-w C:\Windows\system32\drivers\pciidex.sys
2008-04-12 10:54 3,504,696 ----a-w C:\Windows\System32\ntkrnlpa.exe
2008-04-12 10:54 3,470,392 ----a-w C:\Windows\System32\ntoskrnl.exe
2008-04-12 10:54 211,000 ----a-w C:\Windows\system32\drivers\volsnap.sys
2008-04-12 10:54 21,560 ----a-w C:\Windows\system32\drivers\atapi.sys
2008-04-12 10:54 154,624 ----a-w C:\Windows\system32\drivers\nwifi.sys
2008-04-12 10:54 15,928 ----a-w C:\Windows\system32\drivers\pciide.sys
2008-04-12 10:54 110,136 ----a-w C:\Windows\system32\drivers\ataport.sys
2008-04-12 10:53 104,448 ----a-w C:\Windows\System32\DWWIN.EXE
2008-04-12 10:51 2,048 ----a-w C:\Windows\System32\msxml3r.dll
2008-04-12 10:51 1,191,936 ----a-w C:\Windows\System32\msxml3.dll
2008-04-12 10:49 803,328 ----a-w C:\Windows\system32\drivers\tcpip.sys
2008-04-12 10:49 24,064 ----a-w C:\Windows\System32\netcfg.exe
2008-04-12 10:49 22,016 ----a-w C:\Windows\System32\netiougc.exe
2008-04-12 10:49 216,632 ----a-w C:\Windows\system32\drivers\netio.sys
2008-04-12 10:49 167,424 ----a-w C:\Windows\System32\tcpipcfg.dll
2008-04-12 10:48 1,327,104 ----a-w C:\Windows\System32\quartz.dll
2008-04-12 10:44 1,585,664 ----a-w C:\Windows\System32\setupapi.dll
2008-04-12 10:41 82,432 ----a-w C:\Windows\system32\drivers\sdbus.sys
2008-04-12 10:41 2,027,008 ----a-w C:\Windows\System32\win32k.sys
2008-04-12 10:40 9,728 ----a-w C:\Windows\System32\LAPRXY.DLL
2008-04-12 10:40 223,232 ----a-w C:\Windows\System32\WMASF.DLL
2008-04-12 10:40 2,048 ----a-w C:\Windows\System32\asferror.dll
2008-04-12 10:39 57,856 ----a-w C:\Windows\System32\SLUINotify.dll
2008-04-12 10:39 566,784 ----a-w C:\Windows\System32\SLCommDlg.dll
2008-04-12 10:39 39,936 ----a-w C:\Windows\System32\slcinst.dll
2008-04-12 10:39 351,232 ----a-w C:\Windows\System32\SLUI.exe
2008-04-12 10:39 33,280 ----a-w C:\Windows\System32\slwmi.dll
2008-04-12 10:39 296,448 ----a-w C:\Windows\System32\gdi32.dll
2008-04-12 10:39 268,288 ----a-w C:\Windows\System32\mcbuilder.exe
2008-04-12 10:39 223,232 ----a-w C:\Windows\System32\SLC.dll
2008-04-12 10:39 2,605,568 ----a-w C:\Windows\System32\SLsvc.exe
2008-04-12 10:39 186,368 ----a-w C:\Windows\System32\SLLUA.exe
.

((((((((((((((((((((((((((((( snapshot_2008-04-29_19.13.42,32 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-04-29 16:11:31 67,584 --s-a-w C:\Windows\bootstat.dat
+ 2008-04-30 20:22:25 67,584 --s-a-w C:\Windows\bootstat.dat
- 2008-04-29 16:11:32 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2008-04-30 20:22:26 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2008-04-29 16:11:32 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2008-04-30 20:22:26 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2008-04-29 16:26:41 262,144 ----a-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\usrclass.dat
+ 2008-05-01 12:37:35 262,144 ----a-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\usrclass.dat
- 2008-04-29 16:13:04 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2008-04-30 20:25:42 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
- 2008-04-29 17:11:26 262,144 ----a-w C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\usrclass.dat
+ 2008-05-01 12:50:47 262,144 ----a-w C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\usrclass.dat
- 2008-04-29 16:12:58 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2008-04-30 20:25:36 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2008-04-30 20:25:36 262,144 ---ha-w C:\Windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1
- 2008-04-27 13:07:32 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.d at
+ 2008-04-29 19:08:17 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.d at
- 2008-04-27 13:07:32 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-04-29 19:08:17 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-04-27 13:07:32 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-04-29 19:08:17 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2008-04-29 16:15:57 103,924 ----a-w C:\Windows\System32\perfc009.dat
+ 2008-04-30 20:28:25 103,924 ----a-w C:\Windows\System32\perfc009.dat
- 2008-04-29 16:15:57 122,796 ----a-w C:\Windows\System32\perfc013.dat
+ 2008-04-30 20:28:25 122,796 ----a-w C:\Windows\System32\perfc013.dat
- 2008-04-29 16:15:57 610,142 ----a-w C:\Windows\System32\perfh009.dat
+ 2008-04-30 20:28:25 610,142 ----a-w C:\Windows\System32\perfh009.dat
- 2008-04-29 16:15:57 689,618 ----a-w C:\Windows\System32\perfh013.dat
+ 2008-04-30 20:28:25 689,618 ----a-w C:\Windows\System32\perfh013.dat
- 2008-04-29 16:13:28 3,662 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2804389587-1086438779-3256742696-1000_UserData.bin
+ 2008-04-30 20:26:32 3,662 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2804389587-1086438779-3256742696-1000_UserData.bin
- 2008-04-29 16:13:27 47,494 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2008-04-30 20:26:31 47,510 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2008-04-29 16:13:26 31,736 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2008-04-30 20:26:29 31,792 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-04-12 12:35 1232896]
"BullGuard"="C:\Program Files\BullGuard Software\BullGuard\BullGuard.exe" [2008-04-12 14:25 308552]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 14:35 125440]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2008-04-12 13:07 1006264]
"RtHDVCpl"="RtHDVCpl.exe" [2007-02-15 17:07 4390912 C:\Windows\RtHDVCpl.exe]
"LaunchAp"="C:\Program Files\Launch Manager\LaunchAp.exe" [2005-07-25 14:36 32768]
"HotkeyApp"="C:\Program Files\Launch Manager\HotkeyApp.exe" [2007-04-16 16:24 192512]
"CtrlVol"="C:\Program Files\Launch Manager\CtrlVol.exe" [ ]
"LMgrOSD"="C:\Program Files\Launch Manager\OSD.exe" [2006-12-26 12:23 180224]
"Wbutton"="C:\Program Files\Launch Manager\Wbutton.exe" [2006-11-09 15:37 86016]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2007-02-15 21:50 857648]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-01-13 10:40 90191]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-01-13 10:40 7766016]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-01-13 10:40 81920]
"BullGuard"="C:\Program Files\BullGuard Software\BullGuard\bullguard.exe" [2008-04-12 14:25 308552]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-08-11 17:30 81920]
"QuickFinder Scheduler"="C:\Program Files\WordPerfect Office X3\Programs\QFSCHD130.EXE" [2006-07-05 01:01 77892]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 02:11 132496]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-11-19 14:35 220160]
"toolbar_eula_launcher"="C:\Program Files\GoogleEULA\EULALauncher.exe" [2007-02-09 16:54 16896]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-02-18 16:29 2221352]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.l3fhg"= mp3fhg.acm
"msacm.divxa32"= divxa32.acm

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{8CD56CE8-189D-4A9F-A0FF-0B5450E42179}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{ED89D8F1-34FB-4528-903A-8D17DE9049D0}"= UDP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire
"{D910A642-BE28-4CA3-9F3A-E31A8009A363}"= TCP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire
"TCP Query User{40AFE31E-81BB-4BE9-8BA6-2BBD90051468}C:\\program files\\common files\\nero\\nero web\\setupx.exe"= UDP:C:\program files\common files\nero\nero web\setupx.exe:Nero Installer
"UDP Query User{9693A19F-9B45-4326-A51D-992185CF1F42}C:\\program files\\common files\\nero\\nero web\\setupx.exe"= TCP:C:\program files\common files\nero\nero web\setupx.exe:Nero Installer

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

R1 Hotkey;Hotkey;C:\Windows\system32\drivers\Hotkey.sys [2003-04-28 12:27]
R2 BdFileSpy;BullGuard File Monitor Driver;C:\Windows\system32\drivers\BdFileSpy.sys [2008-04-12 11:52]
R2 BsFileScan;BullGuard File Scan Service;C:\Windows\System32\svchost.exe [2006-11-02 11:45]
R3 athrusb;Atheros Wireless LAN USB device driver;C:\Windows\system32\DRIVERS\athrusb.sys [2007-01-08 20:34]
R3 nvsmu;nvsmu;C:\Windows\system32\DRIVERS\nvsmu.sys [2006-09-15 08:44]
R3 Reconn;BullGuard Email Monitor;C:\Program Files\BullGuard Software\BullGuard\reconn.sys [2007-05-16 13:07]
R3 WisLMSvc;WisLMSvc;"C:\Program Files\Launch Manager\WisLMSvc.exe" [2006-11-17 21:45]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
BullGuard REG_MULTI_SZ BgMainSvc BsFileScan BsMailProxy

.
**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-01 14:52:49
Windows 6.0.6000 NTFS

scannen van verborgen processen ...

scannen van verborgen autostart items ...

scannen van verborgen bestanden ...

Scan succesvol afgerond
verborgen bestanden: 0

**************************************************************************
.
Voltooingstijd: 2008-05-01 14:53:35
ComboFix-quarantined-files.txt 2008-05-01 12:53:26
ComboFix2.txt 2008-04-29 17:14:12
ComboFix3.txt 2008-04-27 21:12:39
ComboFix4.txt 2008-04-27 14:36:57
ComboFix5.txt 2008-04-27 14:29:04

Kan het bericht voor berichtnummer 0x2379 niet vinden in berichtenbestand voor Application.
Kan het bericht voor berichtnummer 0x2379 niet vinden in berichtenbestand voor Application.

227 --- E O F --- 2008-04-24 23:33:45

hijack log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:44:44, on 27/04/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16643)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\ProgramData\pkzkzehs\rcvefudo.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Launch Manager\LaunchAp.exe
C:\Program Files\Launch Manager\HotkeyApp.exe
C:\Program Files\Launch Manager\OSD.exe
C:\Program Files\Launch Manager\WButton.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\BullGuard Software\BullGuard\BullGuard.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\System32\rubarmhy.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Synaptics\SynTP\SynMedion.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Windows\System32\rundll32.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\Explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\SearchFilterHost.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.medion.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: DVA Gate - {7A6FD945-14B0-41F8-84FB-74DEF17528BB} - C:\Windows\qnmargolxgn.dll (file missing)
O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: (no name) - {B21EAD36-EC0C-4B82-B102-1AB20B481977} - (no file)
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [LaunchAp] "C:\Program Files\Launch Manager\LaunchAp.exe"
O4 - HKLM\..\Run: [HotkeyApp] "C:\Program Files\Launch Manager\HotkeyApp.exe"
O4 - HKLM\..\Run: [CtrlVol] "C:\Program Files\Launch Manager\CtrlVol.exe"
O4 - HKLM\..\Run: [LMgrOSD] "C:\Program Files\Launch Manager\OSD.exe"
O4 - HKLM\..\Run: [Wbutton] "C:\Program Files\Launch Manager\Wbutton.exe"
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [BullGuard] "C:\Program Files\BullGuard Software\BullGuard\bullguard.exe" -boot
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [QuickFinder Scheduler] "C:\Program Files\WordPerfect Office X3\Programs\QFSCHD130.EXE"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [toolbar_eula_launcher] C:\Program Files\GoogleEULA\EULALauncher.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [MSServer] rundll32.exe C:\Windows\system32\khfDwwus.dll,#1
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [BullGuard] "C:\Program Files\BullGuard Software\BullGuard\BullGuard.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [gwvoltmg] C:\Windows\system32\rubarmhy.exe
O4 - HKCU\..\Run: [emqhztmi] C:\ProgramData\emqhztmi\pmdonwrm.exe
O4 - HKCU\..\Run: [cmds] rundll32.exe C:\Users\SPLINT~1\AppData\Local\Temp\fccccCTJ.dll,c
O4 - HKCU\..\Run: [e096188d] rundll32.exe "C:\Users\SPLINT~1\AppData\Local\Temp\lgvdkuuk.dll",b
O4 - HKCU\..\Run: [BMe3a52b11] Rundll32.exe "C:\Users\SPLINT~1\AppData\Local\Temp\wwpxvkmr.dll",s
O4 - HKLM\..\Policies\Explorer\Run: [4b0wWc5XV0] C:\ProgramData\pkzkzehs\rcvefudo.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O8 - Extra context menu item: Open with WordPerfect - C:\Program Files\WordPerfect Office X3\Programs\WPLauncher.hta
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O13 - Gopher Prefix:
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
O21 - SSODL: vadokmxt - {C9D7719A-9B83-43D3-8692-59847C1B2DA8} - C:\Windows\vadokmxt.dll (file missing)
O21 - SSODL: wdpoefan - {091710D8-A8AB-41D9-B404-0E437C154AC4} - C:\Windows\wdpoefan.dll (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: BullGuard LiveUpdate (BGLiveSvc) - BullGuard Software - C:\Program Files\BullGuard Software\BullGuard\BullGuardUpdate.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktopManager.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\system32\IoctlSvc.exe
O23 - Service: WisLMSvc - Wistron Corp. - C:\Program Files\Launch Manager\WisLMSvc.exe

--
End of file - 7893 bytes

GREETZ,
SPLINTER

**Pimmerd** · 01-05-08, 18:27

Deinstalleer Combofix:
Ga naar start --> uitvoeren en typ daar: combofix /u
Combofix wordt nu verwijderd en er wordt een nieuw herstelpunt aangemaakt.

Start je computer in veilige modus:

404 Not Found

http://users.telenet.be/marcvn/spyware/1378056.htm

Leeg je Temp-mappen (Let op : de mappen leegmaken, niet verwijderen !!):

C:\Windows\Temp
C:\Documents and Settings\<profielnaam>\Local Settings\Temp
C:\Documents and Settings\<profielnaam>\Local Settings\Temporary Internet Files
C:\Documents and Settings\<profielnaam>\Local Settings\Temporary Internet Files\content.ie5
Als de laatste map niet wordt weergegeven, ga dan naar de map Temporary Internet Files en type er \content.ie5 achter in de adresbalk en klik enter.

Maak je prullenbak leeg.

Herstart je computer terug in normale modus.
Nog problemen?

**splinter** · 01-05-08, 19:05

hey pimmerd,
Moet je tereurstellen maar ze worden nog steeds gevonden

Zolang bully ze tegenhoudt geen probleem natuurlek...

Heb gedaan wat je vroeg
eerste twee temps geleegd

ik kreeg geen toegang tot de derde en de vierde was leeg.
Mss preventie tegen het verwijderen van het virus?

Weet niet of je het nodig hebt maar hier heb je nogmaals een logje

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:44:44, on 27/04/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16643)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\ProgramData\pkzkzehs\rcvefudo.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Launch Manager\LaunchAp.exe
C:\Program Files\Launch Manager\HotkeyApp.exe
C:\Program Files\Launch Manager\OSD.exe
C:\Program Files\Launch Manager\WButton.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\BullGuard Software\BullGuard\BullGuard.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\System32\rubarmhy.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Synaptics\SynTP\SynMedion.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Windows\System32\rundll32.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\Explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\SearchFilterHost.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.medion.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: DVA Gate - {7A6FD945-14B0-41F8-84FB-74DEF17528BB} - C:\Windows\qnmargolxgn.dll (file missing)
O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: (no name) - {B21EAD36-EC0C-4B82-B102-1AB20B481977} - (no file)
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [LaunchAp] "C:\Program Files\Launch Manager\LaunchAp.exe"
O4 - HKLM\..\Run: [HotkeyApp] "C:\Program Files\Launch Manager\HotkeyApp.exe"
O4 - HKLM\..\Run: [CtrlVol] "C:\Program Files\Launch Manager\CtrlVol.exe"
O4 - HKLM\..\Run: [LMgrOSD] "C:\Program Files\Launch Manager\OSD.exe"
O4 - HKLM\..\Run: [Wbutton] "C:\Program Files\Launch Manager\Wbutton.exe"
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [BullGuard] "C:\Program Files\BullGuard Software\BullGuard\bullguard.exe" -boot
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [QuickFinder Scheduler] "C:\Program Files\WordPerfect Office X3\Programs\QFSCHD130.EXE"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [toolbar_eula_launcher] C:\Program Files\GoogleEULA\EULALauncher.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [MSServer] rundll32.exe C:\Windows\system32\khfDwwus.dll,#1
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [BullGuard] "C:\Program Files\BullGuard Software\BullGuard\BullGuard.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [gwvoltmg] C:\Windows\system32\rubarmhy.exe
O4 - HKCU\..\Run: [emqhztmi] C:\ProgramData\emqhztmi\pmdonwrm.exe
O4 - HKCU\..\Run: [cmds] rundll32.exe C:\Users\SPLINT~1\AppData\Local\Temp\fccccCTJ.dll,c
O4 - HKCU\..\Run: [e096188d] rundll32.exe "C:\Users\SPLINT~1\AppData\Local\Temp\lgvdkuuk.dll",b
O4 - HKCU\..\Run: [BMe3a52b11] Rundll32.exe "C:\Users\SPLINT~1\AppData\Local\Temp\wwpxvkmr.dll",s
O4 - HKLM\..\Policies\Explorer\Run: [4b0wWc5XV0] C:\ProgramData\pkzkzehs\rcvefudo.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O8 - Extra context menu item: Open with WordPerfect - C:\Program Files\WordPerfect Office X3\Programs\WPLauncher.hta
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O13 - Gopher Prefix:
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
O21 - SSODL: vadokmxt - {C9D7719A-9B83-43D3-8692-59847C1B2DA8} - C:\Windows\vadokmxt.dll (file missing)
O21 - SSODL: wdpoefan - {091710D8-A8AB-41D9-B404-0E437C154AC4} - C:\Windows\wdpoefan.dll (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: BullGuard LiveUpdate (BGLiveSvc) - BullGuard Software - C:\Program Files\BullGuard Software\BullGuard\BullGuardUpdate.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktopManager.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\system32\IoctlSvc.exe
O23 - Service: WisLMSvc - Wistron Corp. - C:\Program Files\Launch Manager\WisLMSvc.exe

--
End of file - 7893 bytes

greetz,
splinter

**Pimmerd** · 01-05-08, 23:13

Je hebt het oude logje gepost.

Herstart je PC. Open Hijackthis en maak daarmee een nieuwe scan ('Do a system scan and save a logfile'). Kopieer de tekst in het kladblok bestand in je volgende bericht.

**splinter** · 04-05-08, 13:00

hey pimmerd,
Dit is nieuwe log;
status: vundo nog aanwezig en er staan nu meerdere
systemerrorfixers in de map

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:44:44, on 27/04/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16643)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\ProgramData\pkzkzehs\rcvefudo.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Launch Manager\LaunchAp.exe
C:\Program Files\Launch Manager\HotkeyApp.exe
C:\Program Files\Launch Manager\OSD.exe
C:\Program Files\Launch Manager\WButton.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\BullGuard Software\BullGuard\BullGuard.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\System32\rubarmhy.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Synaptics\SynTP\SynMedion.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Windows\System32\rundll32.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\Explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\SearchFilterHost.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.medion.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: DVA Gate - {7A6FD945-14B0-41F8-84FB-74DEF17528BB} - C:\Windows\qnmargolxgn.dll (file missing)
O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: (no name) - {B21EAD36-EC0C-4B82-B102-1AB20B481977} - (no file)
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [LaunchAp] "C:\Program Files\Launch Manager\LaunchAp.exe"
O4 - HKLM\..\Run: [HotkeyApp] "C:\Program Files\Launch Manager\HotkeyApp.exe"
O4 - HKLM\..\Run: [CtrlVol] "C:\Program Files\Launch Manager\CtrlVol.exe"
O4 - HKLM\..\Run: [LMgrOSD] "C:\Program Files\Launch Manager\OSD.exe"
O4 - HKLM\..\Run: [Wbutton] "C:\Program Files\Launch Manager\Wbutton.exe"
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [BullGuard] "C:\Program Files\BullGuard Software\BullGuard\bullguard.exe" -boot
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [QuickFinder Scheduler] "C:\Program Files\WordPerfect Office X3\Programs\QFSCHD130.EXE"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [toolbar_eula_launcher] C:\Program Files\GoogleEULA\EULALauncher.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [MSServer] rundll32.exe C:\Windows\system32\khfDwwus.dll,#1
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [BullGuard] "C:\Program Files\BullGuard Software\BullGuard\BullGuard.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [gwvoltmg] C:\Windows\system32\rubarmhy.exe
O4 - HKCU\..\Run: [emqhztmi] C:\ProgramData\emqhztmi\pmdonwrm.exe
O4 - HKCU\..\Run: [cmds] rundll32.exe C:\Users\SPLINT~1\AppData\Local\Temp\fccccCTJ.dll,c
O4 - HKCU\..\Run: [e096188d] rundll32.exe "C:\Users\SPLINT~1\AppData\Local\Temp\lgvdkuuk.dll",b
O4 - HKCU\..\Run: [BMe3a52b11] Rundll32.exe "C:\Users\SPLINT~1\AppData\Local\Temp\wwpxvkmr.dll",s
O4 - HKLM\..\Policies\Explorer\Run: [4b0wWc5XV0] C:\ProgramData\pkzkzehs\rcvefudo.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O8 - Extra context menu item: Open with WordPerfect - C:\Program Files\WordPerfect Office X3\Programs\WPLauncher.hta
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O13 - Gopher Prefix:
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
O21 - SSODL: vadokmxt - {C9D7719A-9B83-43D3-8692-59847C1B2DA8} - C:\Windows\vadokmxt.dll (file missing)
O21 - SSODL: wdpoefan - {091710D8-A8AB-41D9-B404-0E437C154AC4} - C:\Windows\wdpoefan.dll (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: BullGuard LiveUpdate (BGLiveSvc) - BullGuard Software - C:\Program Files\BullGuard Software\BullGuard\BullGuardUpdate.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktopManager.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\system32\IoctlSvc.exe
O23 - Service: WisLMSvc - Wistron Corp. - C:\Program Files\Launch Manager\WisLMSvc.exe

--
End of file - 7893 bytes

**Pimmerd** · 04-05-08, 13:34

Scan saved at 12:44:44, on 27/04/2008

Het is nog steeds het oude logje

Laat deze maar zitten anders en doe deze:

Download Deckard's System Scanner naar je Bureaublad

Sluit alle toepassingen en vensters.
Dubbelklik op dss.exe om het te activeren, en volg de aanwijzingen.
Wanneer de scan volledig is, zal een tekstbestand - main.txt - openen.
Kopiëer Ctrl+A gevolgd door Ctrl+C) en plak (Ctrl+V) de inhoud van main.txt in je volgende antwoord.

Opmerking: Sommige firewalls kunnen waarschuwen dat sigcheck.exe probeert verbinding te maken met het internet
- zorg dat sigcheck.exe toestemming krijgt om dit te doen !
Tevens kan het gebeuren dat je Antivirus DSS als verdacht aangeeft, of zelfs probeert te verwijderen.
Laat je Antivirus dit niet verwijderen ! (In dit geval is het misschien beter om tijdens de scan van DSS je Antivirus even uit te schakelen)

**splinter** · 04-05-08, 17:28

hey pimmerd,
had toch tot 2X toe nieuwe scan gedaan met hijack en de "nieuwe" log geplaatst. heb zelf gecheckt en da datum bleef idd elke keer steken op hetzelfde tydstip steken. heb hijack gedeînstaleerd en opnieuw gedownload

wil nog even zeggen dat ik na het gebruik van dekard geen meldingen meer kreeg.

als dit nog veranderd laat ik het weten
dit is nieuwe logje:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:12:08, on 4/05/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16643)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Launch Manager\LaunchAp.exe
C:\Program Files\Launch Manager\HotkeyApp.exe
C:\Program Files\Launch Manager\OSD.exe
C:\Program Files\Launch Manager\WButton.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\BullGuard Software\BullGuard\BullGuard.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Synaptics\SynTP\SynMedion.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Azureus\Azureus.exe
C:\Windows\system32\conime.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.medion.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: (no name) - {B21EAD36-EC0C-4B82-B102-1AB20B481977} - (no file)
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [LaunchAp] "C:\Program Files\Launch Manager\LaunchAp.exe"
O4 - HKLM\..\Run: [HotkeyApp] "C:\Program Files\Launch Manager\HotkeyApp.exe"
O4 - HKLM\..\Run: [CtrlVol] "C:\Program Files\Launch Manager\CtrlVol.exe"
O4 - HKLM\..\Run: [LMgrOSD] "C:\Program Files\Launch Manager\OSD.exe"
O4 - HKLM\..\Run: [Wbutton] "C:\Program Files\Launch Manager\Wbutton.exe"
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [BullGuard] "C:\Program Files\BullGuard Software\BullGuard\bullguard.exe" -boot
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [QuickFinder Scheduler] "C:\Program Files\WordPerfect Office X3\Programs\QFSCHD130.EXE"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [toolbar_eula_launcher] C:\Program Files\GoogleEULA\EULALauncher.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [MSConfig] "C:\Windows\system32\msconfig.exe" /auto
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [BullGuard] "C:\Program Files\BullGuard Software\BullGuard\BullGuard.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O8 - Extra context menu item: Open with WordPerfect - C:\Program Files\WordPerfect Office X3\Programs\WPLauncher.hta
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O13 - Gopher Prefix:
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: BullGuard LiveUpdate (BGLiveSvc) - BullGuard Software - C:\Program Files\BullGuard Software\BullGuard\BullGuardUpdate.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktopManager.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\system32\IoctlSvc.exe
O23 - Service: WisLMSvc - Wistron Corp. - C:\Program Files\Launch Manager\WisLMSvc.exe

--
End of file - 6865 bytes

deckard's main.txt:

Deckard's System Scanner v20071014.68
Run by splinter_x on 2008-05-04 17:19:02
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- Last 3 Restore Point(s) --
3: 2008-05-04 11:03:58 UTC - RP69 - Installed OpenOffice.org Installer 1.0
2: 2008-05-04 11:01:21 UTC - RP68 - Installed Java(TM) 6 Update 5
1: 2008-05-02 22:52:45 UTC - RP67 - Gepland herstelpunt

Backed up registry hives.
Performed disk cleanup.

-- HijackThis (run as splinter_x.exe) ------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:19:53, on 4/05/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16643)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Launch Manager\LaunchAp.exe
C:\Program Files\Launch Manager\HotkeyApp.exe
C:\Program Files\Launch Manager\OSD.exe
C:\Program Files\Launch Manager\WButton.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\BullGuard Software\BullGuard\BullGuard.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Synaptics\SynTP\SynMedion.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\conime.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Users\splinter_x\Videos\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\splinter_x.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.medion.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: (no name) - {B21EAD36-EC0C-4B82-B102-1AB20B481977} - (no file)
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [LaunchAp] "C:\Program Files\Launch Manager\LaunchAp.exe"
O4 - HKLM\..\Run: [HotkeyApp] "C:\Program Files\Launch Manager\HotkeyApp.exe"
O4 - HKLM\..\Run: [CtrlVol] "C:\Program Files\Launch Manager\CtrlVol.exe"
O4 - HKLM\..\Run: [LMgrOSD] "C:\Program Files\Launch Manager\OSD.exe"
O4 - HKLM\..\Run: [Wbutton] "C:\Program Files\Launch Manager\Wbutton.exe"
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [BullGuard] "C:\Program Files\BullGuard Software\BullGuard\bullguard.exe" -boot
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [QuickFinder Scheduler] "C:\Program Files\WordPerfect Office X3\Programs\QFSCHD130.EXE"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [toolbar_eula_launcher] C:\Program Files\GoogleEULA\EULALauncher.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [MSConfig] "C:\Windows\system32\msconfig.exe" /auto
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [BullGuard] "C:\Program Files\BullGuard Software\BullGuard\BullGuard.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O8 - Extra context menu item: Open with WordPerfect - C:\Program Files\WordPerfect Office X3\Programs\WPLauncher.hta
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O13 - Gopher Prefix:
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: BullGuard LiveUpdate (BGLiveSvc) - BullGuard Software - C:\Program Files\BullGuard Software\BullGuard\BullGuardUpdate.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktopManager.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\system32\IoctlSvc.exe
O23 - Service: WisLMSvc - Wistron Corp. - C:\Program Files\Launch Manager\WisLMSvc.exe

--
End of file - 6692 bytes

-- File Associations -----------------------------------------------------------

.cpl - cplfile - shell\cplopen\command - rundll32.exe shell32.dll,Control_RunDLL "%1",%*

-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 Hotkey - c:\windows\system32\drivers\hotkey.sys

-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 BGLiveSvc (BullGuard LiveUpdate) - "c:\program files\bullguard software\bullguard\bullguardupdate.exe" <Not Verified; BullGuard Software; BullGuard>
R2 Nero BackItUp Scheduler 3 - c:\program files\nero\nero8\nero backitup\nbservice.exe
R2 PLFlash DeviceIoControl Service - c:\windows\system32\ioctlsvc.exe <Not Verified; Prolific Technology Inc.; IoctlSvc Application>
R3 WisLMSvc - "c:\program files\launch manager\wislmsvc.exe" <Not Verified; Wistron Corp.; >

-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.

-- Files created between 2008-04-04 and 2008-05-04 -----------------------------

2008-05-04 17:11:57 0 d-------- C:\Users\splinter_x\Desktop
2008-05-04 13:04:13 0 d-------- C:\Program Files\Sun
2008-05-01 18:46:17 0 d-------- C:\Windows\pss
2008-05-01 18:43:20 0 d-------- C:\327882R2FWJFW
2008-04-27 19:42:26 164352 --a------ C:\Windows\system32\unrar.dll
2008-04-27 19:42:19 7680 --a------ C:\Windows\system32\ff_vfw.dll
2008-04-27 19:42:17 0 d-------- C:\Program Files\K-Lite Codec Pack
2008-04-27 16:40:43 0 d-------- C:\Users\All Users\gqkqwnsw
2008-04-27 12:44:22 0 d-------- C:\Program Files\Trend Micro
2008-04-27 11:54:27 0 d-------- C:\Users\All Users\Lavasoft
2008-04-27 11:54:27 0 d-------- C:\Program Files\Lavasoft
2008-04-27 11:53:16 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-04-25 14:30:08 0 d-------- C:\Users\All Users\emqhztmi
2008-04-25 13:13:23 0 d-------- C:\Program Files\CCleaner
2008-04-25 11:43:04 4096 --a------ C:\Windows\system32\winlogonpc.exe
2008-04-25 11:43:04 4096 --a------ C:\Windows\system32\taack.exe
2008-04-25 11:43:04 4096 --a------ C:\Windows\system32\taack.dat
2008-04-25 11:43:04 4096 --a------ C:\Windows\system32\sncntr.exe
2008-04-25 11:43:04 4096 --a------ C:\Windows\system32\mwin32.exe
2008-04-25 11:43:04 4096 --a------ C:\Windows\system32\hxiwlgpm.exe
2008-04-25 11:43:04 4096 --a------ C:\Windows\system32\hxiwlgpm.dat
2008-04-25 11:43:04 4096 --a------ C:\Windows\system32\hoproxy.dll
2008-04-25 11:43:03 4096 --a------ C:\Windows\system32\thun32.dll
2008-04-25 11:43:03 4096 --a------ C:\Windows\system32\thun.dll
2008-04-25 11:43:03 4096 --a------ C:\Windows\system32\temp#01.exe
2008-04-25 11:43:03 4096 --a------ C:\Windows\system32\ssvchost.exe
2008-04-25 11:43:03 4096 --a------ C:\Windows\system32\ssvchost.com
2008-04-25 11:43:03 4096 --a------ C:\Windows\system32\ssurf022.dll
2008-04-25 11:43:03 4096 --a------ C:\Windows\system32\Rundl1.exe
2008-04-25 11:43:03 4096 --a------ C:\Windows\system32\regm64.dll
2008-04-25 11:43:03 4096 --a------ C:\Windows\system32\regc64.dll
2008-04-25 11:43:03 4096 --a------ C:\Windows\system32\psoft1.exe
2008-04-25 11:43:03 4096 --a------ C:\Windows\system32\psof1.exe
2008-04-25 11:43:03 4096 --a------ C:\Windows\system32\ps1.exe
2008-04-25 11:43:03 4096 --a------ C:\Windows\system32\newsd32.exe
2008-04-25 11:43:03 4096 --a------ C:\Windows\system32\netode.exe
2008-04-25 11:43:03 4096 --a------ C:\Windows\system32\mtr2.exe
2008-04-25 11:43:03 4096 --a------ C:\Windows\system32\msvchost.exe
2008-04-25 11:43:03 4096 --a------ C:\Windows\system32\msnbho.dll
2008-04-25 11:43:03 4096 --a------ C:\Windows\system32\msgp.exe
2008-04-25 11:43:03 4096 --a------ C:\Windows\system32\medup020.dll
2008-04-25 11:43:03 4096 --a------ C:\Windows\system32\medup012.dll
2008-04-25 11:43:03 4096 --a------ C:\Windows\system32\[email protected]@@k.dll
2008-04-25 11:43:03 4096 --a------ C:\Windows\system32\dpcproxy.exe
2008-04-25 11:43:02 4096 --a------ C:\Windows\system32\WINWGPX.EXE
2008-04-25 11:43:02 4096 --a------ C:\Windows\system32\winsystem.exe
2008-04-25 11:43:02 4096 --a------ C:\Windows\system32\vcatchpi.dll
2008-04-25 11:43:02 4096 --a------ C:\Windows\system32\vbsys2.dll
2008-04-25 11:43:02 4096 --a------ C:\Windows\system32\sysreq.exe
2008-04-25 11:43:02 4096 --a------ C:\Windows\system32\mssecu.exe
2008-04-25 11:43:02 4096 --a------ C:\Windows\system32\bdn.com
2008-04-25 11:43:02 4096 --a------ C:\Windows\system32\awtoolb.dll
2008-04-25 11:43:02 4096 --a------ C:\Windows\system32\anticipator.dll
2008-04-25 11:43:02 4096 --a------ C:\Windows\system32\akttzn.exe
2008-04-22 22:09:33 0 d-------- C:\Program Files\DVD Decrypter
2008-04-22 21:50:26 0 d-------- C:\Program Files\NeroInstall.bak
2008-04-22 21:36:17 0 d-------- C:\Program Files\Common Files\Nero
2008-04-22 18:32:15 0 d-------- C:\Program Files\MSXML 4.0
2008-04-20 10:03:45 0 d-------- C:\Users\All Users\vsosdk
2008-04-19 23:23:44 0 d-------- C:\Users\All Users\NVIDIA
2008-04-18 23:25:09 0 d-------- C:\Program Files\SubSync
2008-04-18 23:24:58 73216 --a------ C:\Windows\ST6UNST.EXE <Not Verified; Microsoft Corporation; Microsoft® Visual Basic for Windows>
2008-04-18 19:17:59 0 d-------- C:\Program Files\VideoLAN
2008-04-16 21:10:31 626688 --a------ C:\Windows\system32\vp7vfw.dll <Not Verified; On2.com; On2_VP70>
2008-04-16 21:10:31 217127 --a------ C:\Windows\system32\drv43260.dll <Not Verified; RealNetworks, Inc.; RealVideo 9 (32-bit)>
2008-04-16 21:10:31 208935 --a------ C:\Windows\system32\drv33260.dll <Not Verified; RealNetworks, Inc.; RealVideo 8 (32-bit)>
2008-04-16 21:10:31 176165 --a------ C:\Windows\system32\drv23260.dll <Not Verified; RealNetworks, Inc.; RealVideo G2 (32-bit)>
2008-04-16 21:10:31 65602 --a------ C:\Windows\system32\cook3260.dll <Not Verified; RealNetworks, Inc.; RealPlayer 10>
2008-04-16 21:10:27 0 d-------- C:\Program Files\VSO
2008-04-16 14:12:17 0 d-------- C:\Users\All Users\Azureus
2008-04-16 14:11:28 0 d-------- C:\Program Files\Azureus
2008-04-16 09:23:15 0 d-------- C:\Program Files\Common Files\Adobe
2008-04-12 14:20:21 0 d-------- C:\Users\splinter_x\Incomplete
2008-04-12 14:18:26 0 d-------- C:\Program Files\LimeWire
2008-04-12 12:41:56 0 d-------- C:\Windows\system32\Macromed
2008-04-12 12:09:28 0 d-------- C:\Windows\PCHEALTH
2008-04-12 11:48:09 0 d--hs--c- C:\Program Files\Common Files\WindowsLiveInstaller
2008-04-12 11:47:41 0 d-------- C:\Program Files\Windows Live
2008-04-12 11:46:43 0 d-------- C:\Users\All Users\WLInstaller
2008-04-12 10:09:33 0 dr------- C:\Users\splinter_x\Searches
2008-04-12 10:09:18 0 dr------- C:\Users\splinter_x\Contacts
2008-04-12 10:09:08 0 d--hs---- C:\Users\splinter_x\Sjablonen
2008-04-12 10:09:08 0 d--hs---- C:\Users\splinter_x\SendTo
2008-04-12 10:09:08 0 d--hs---- C:\Users\splinter_x\Recent
2008-04-12 10:09:08 0 d--hs---- C:\Users\splinter_x\Netwerkprinteromgeving
2008-04-12 10:09:08 0 d--hs---- C:\Users\splinter_x\NetHood
2008-04-12 10:09:08 0 d--hs---- C:\Users\splinter_x\Mijn documenten
2008-04-12 10:09:08 0 d--hs---- C:\Users\splinter_x\Menu Start
2008-04-12 10:09:08 0 d--hs---- C:\Users\splinter_x\Local Settings
2008-04-12 10:09:08 0 d--hs---- C:\Users\splinter_x\Cookies
2008-04-12 10:09:08 0 d--hs---- C:\Users\splinter_x\Application Data
2008-04-12 10:09:07 0 dr------- C:\Users\splinter_x\Videos
2008-04-12 10:09:07 0 dr------- C:\Users\splinter_x\Saved Games
2008-04-12 10:09:07 0 dr------- C:\Users\splinter_x\Pictures
2008-04-12 10:09:07 1572864 --ahs---- C:\Users\splinter_x\NTUSER.DAT
2008-04-12 10:09:07 0 d-------- C:\Users\splinter_x\Music
2008-04-12 10:09:07 0 dr------- C:\Users\splinter_x\Links
2008-04-12 10:09:07 0 dr------- C:\Users\splinter_x\Favorites
2008-04-12 10:09:07 0 dr------- C:\Users\splinter_x\Documents
2008-04-12 10:09:07 0 d--h----- C:\Users\splinter_x\AppData
2008-04-12 10:08:16 0 d--hs---- C:\Users\Default\Sjablonen
2008-04-12 10:08:16 0 d--hs---- C:\Users\Default\Netwerkprinteromgeving
2008-04-12 10:08:16 0 d--hs---- C:\Users\Default\Mijn documenten
2008-04-12 10:08:16 0 d--hs---- C:\Users\Default\Menu Start
2008-04-12 10:08:16 0 d--hs---- C:\Users\All Users\Sjablonen
2008-04-12 10:08:16 0 d--hs---- C:\Users\All Users\Menu Start
2008-04-12 10:08:16 0 d--hs---- C:\Users\All Users\Favorieten
2008-04-12 10:08:16 0 d--hs---- C:\Users\All Users\Documenten
2008-04-12 10:08:16 0 d--hs---- C:\Users\All Users\Bureaublad
2008-04-12 10:07:30 0 d-------- C:\Windows\SoftwareDistribution

-- Find3M Report ---------------------------------------------------------------

2008-05-04 17:17:20 0 d-------- C:\Users\splinter_x\AppData\Roaming\Azureus
2008-05-04 17:10:01 13260 --a------ C:\Users\splinter_x\AppData\Roaming\nvModes.001
2008-05-04 16:55:57 13260 --a------ C:\Users\splinter_x\AppData\Roaming\nvModes.dat
2008-05-04 16:52:59 668 --a------ C:\Users\splinter_x\AppData\Roaming\vso_ts_preview.xml
2008-05-04 16:52:59 0 d-------- C:\Users\splinter_x\AppData\Roaming\Vso
2008-05-04 13:03:49 0 d-------- C:\Program Files\Java
2008-05-04 13:00:09 689618 --a------ C:\Windows\system32\perfh013.dat
2008-05-04 13:00:09 122796 --a------ C:\Windows\system32\perfc013.dat
2008-05-03 19:47:13 0 d-------- C:\Users\splinter_x\AppData\Roaming\Media Player Classic
2008-04-28 20:33:37 0 d-------- C:\Users\splinter_x\AppData\Roaming\BullGuard
2008-04-27 11:53:16 0 d-------- C:\Program Files\Common Files
2008-04-25 12:04:32 0 d-------- C:\Users\splinter_x\AppData\Roaming\PC-Cleaner
2008-04-25 01:47:56 0 d-------- C:\Users\splinter_x\AppData\Roaming\LimeWire
2008-04-22 21:42:11 0 d-------- C:\Users\splinter_x\AppData\Roaming\Nero
2008-04-22 21:36:17 0 d-------- C:\Program Files\Nero
2008-04-20 18:01:53 0 d-------- C:\Users\splinter_x\AppData\Roaming\COREL
2008-04-20 13:14:31 0 d-------- C:\Program Files\Common Files\Ahead
2008-04-20 13:11:26 0 d-------- C:\Users\splinter_x\AppData\Roaming\Ahead
2008-04-18 19:23:55 0 d-------- C:\Users\splinter_x\AppData\Roaming\vlc
2008-04-16 21:50:30 0 d-------- C:\Users\splinter_x\AppData\Roaming\WinRAR
2008-04-16 21:12:52 34 --a------ C:\Users\splinter_x\AppData\Roaming\pcouffin.log
2008-04-16 21:10:40 7887 --a------ C:\Users\splinter_x\AppData\Roaming\pcouffin.cat
2008-04-15 22:02:09 0 d-------- C:\Users\splinter_x\AppData\Roaming\Adobe
2008-04-12 14:04:43 0 d-------- C:\Users\splinter_x\AppData\Roaming\Google
2008-04-12 13:30:37 174 --ahs---- C:\Program Files\desktop.ini
2008-04-12 13:25:13 0 d-------- C:\Program Files\Windows Calendar
2008-04-12 13:25:11 0 d-------- C:\Program Files\Windows Mail
2008-04-12 13:25:08 0 d-------- C:\Program Files\Windows Defender
2008-04-12 13:24:57 0 d-------- C:\Program Files\Windows Sidebar
2008-04-12 12:43:17 0 d-------- C:\Users\splinter_x\AppData\Roaming\Macromedia
2008-04-12 10:09:22 0 d-------- C:\Users\splinter_x\AppData\Roaming\Identities
2008-04-12 10:08:16 0 d-------- C:\Program Files\Windows NT

-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [12/04/2008 13:07]
"RtHDVCpl"="RtHDVCpl.exe" [15/02/2007 17:07 C:\Windows\RtHDVCpl.exe]
"LaunchAp"="C:\Program Files\Launch Manager\LaunchAp.exe" [25/07/2005 14:36]
"HotkeyApp"="C:\Program Files\Launch Manager\HotkeyApp.exe" [16/04/2007 16:24]
"CtrlVol"="C:\Program Files\Launch Manager\CtrlVol.exe"

"LMgrOSD"="C:\Program Files\Launch Manager\OSD.exe" [26/12/2006 12:23]
"Wbutton"="C:\Program Files\Launch Manager\Wbutton.exe" [09/11/2006 15:37]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [15/02/2007 21:50]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [13/01/2007 10:40]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [13/01/2007 10:40]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [13/01/2007 10:40]
"BullGuard"="C:\Program Files\BullGuard Software\BullGuard\bullguard.exe" [12/04/2008 14:25]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [11/08/2005 17:30]
"QuickFinder Scheduler"="C:\Program Files\WordPerfect Office X3\Programs\QFSCHD130.EXE" [05/07/2006 01:01]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [22/02/2008 04:25]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [19/11/2007 14:35]
"toolbar_eula_launcher"="C:\Program Files\GoogleEULA\EULALauncher.exe" [09/02/2007 16:54]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [11/01/2008 22:16]
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [18/02/2008 16:29]
"MSConfig"="C:\Windows\system32\msconfig.exe" [02/11/2006 11:45]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [12/04/2008 12:35]
"BullGuard"="C:\Program Files\BullGuard Software\BullGuard\BullGuard.exe" [12/04/2008 14:25]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [18/10/2007 11:34]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [02/11/2006 14:35]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"=2 (0x2)
"DisableRegistryTools"=0 (0x0)
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=1 (0x1)
"HideStartupScripts"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=1 (0x1)
"HideStartupScripts"=0 (0x0)
"disableregistrytools"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]
@="IEEE 1394 Bus host controllers"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]
@="SBP2 IEEE 1394 Devices"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]
@="SecurityDevices"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalSystemNetworkRestricted hidserv UxSms WdiSystemHost Netman trkwks AudioEndpointBuilder WUDFSvc irmon sysmain IPBusEnum dot3svc PcaSvc EMDMgmt TabletInputService wlansvc WPDBusEnum
BullGuard BgMainSvc BsFileScan BsMailProxy

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
C:\Windows\system32\unregmp2.exe /ShowWMP

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
%SystemRoot%\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI

-- End of Deckard's System Scanner: finished at 2008-05-04 17:20:52 ------------

dekard's extra.txt

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft® Windows Vista™ Home Premium (build 6000)
Architecture: X86; Language: Dutch

CPU 0: AMD Turion(tm) 64 X2 Mobile Technology TL-56
Percentage of Memory in Use: 33%
Physical Memory (total/avail): 1918.06 MiB / 1282.63 MiB
Pagefile Memory (total/avail): 4060.59 MiB / 3209.9 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1924.63 MiB

C: is Fixed (NTFS) - 119.49 GiB total, 74.69 GiB free.
D: is Fixed (FAT32) - 29.54 GiB total, 24.89 GiB free.
E: is CDROM (No Media)

\\.\PHYSICALDRIVE0 - WDC WD16 00BEVS-22RST SCSI Disk Device - 149.05 GiB - 2 partitions
\PARTITION0 (bootable) - Installable File System - 119.49 GiB - C:
\PARTITION1 - Unknown - 29.56 GiB - D:

-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.

AV: BullGuard Antivirus v (BullGuard Software)
AS: Windows Defender v1.1.1505.0 (Microsoft Corporation)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\Authoriz edApplications\List]

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\Author izedApplications\List]

-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\ProgramData
APPDATA=C:\Users\splinter_x\AppData\Roaming
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=LANA
ComSpec=C:\Windows\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Users\splinter_x
LOCALAPPDATA=C:\Users\splinter_x\AppData\Local
LOGONSERVER=\\LANA
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 104 Stepping 1, AuthenticAMD
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=6801
ProgramData=C:\ProgramData
ProgramFiles=C:\Program Files
PROMPT=$P$G
PUBLIC=C:\Users\Public
SystemDrive=C:
SystemRoot=C:\Windows
TEMP=C:\Users\SPLINT~1\AppData\Local\Temp
TMP=C:\Users\SPLINT~1\AppData\Local\Temp
USERDOMAIN=Lana
USERNAME=splinter_x
USERPROFILE=C:\Users\splinter_x
windir=C:\Windows

-- User Profiles ---------------------------------------------------------------

splinter_x

-- Add/Remove Programs ---------------------------------------------------------

--> C:\Program Files\Nero\Nero8\\nero\uninstall\UNNERO.exe /UNINSTALL
--> C:\Windows\UNNeroBackItUp.exe /UNINSTALL
--> C:\Windows\UNNeroMediaHome.exe /UNINSTALL
--> C:\Windows\UNNeroShowTime.exe /UNINSTALL
--> C:\Windows\UNNeroVision.exe /UNINSTALL
--> C:\Windows\UNRecode.exe /UNINSTALL
Ad-Aware 2007 --> MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe Flash Player ActiveX --> C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 8.1.2 - Nederlands --> MsiExec.exe /I{AC76BA86-7AD7-1043-7B44-A81200000003}
Azureus Vuze --> C:\Program Files\Azureus\uninstall.exe
BullGuard 7.0 for Vista --> C:\Program Files\BullGuard Software\BullGuard\uninst.exe
CCleaner (remove only) --> "C:\Program Files\CCleaner\uninst.exe"
ConvertXtoDVD 3.0.0.9 --> "C:\Program Files\VSO\ConvertX\3\unins000.exe"
DVD Decrypter (Remove Only) --> "C:\Program Files\DVD Decrypter\uninstall.exe"
Google Desktop --> C:\Program Files\Google\Google Desktop Search\GoogleDesktopSetup.exe -uninstall
Google Toolbar for Internet Explorer --> MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29}
Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar1.dll"
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
IEEE 802.11g Wireless LAN driver --> C:\Program Files\InstallShield Installation Information\{1EDFA38A-2FEB-4E62-82C9-DA415C0EEF33}\setup.exe -runfromtemp -l0x0009 -removeonly
Java(TM) 6 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Java(TM) 6 Update 5 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
K-Lite Codec Pack 3.8.0 Full --> "C:\Program Files\K-Lite Codec Pack\unins000.exe"
Launch Manager V1.4.0 --> C:\Program Files\InstallShield Installation Information\{D0846526-66DD-4DC9-A02C-98F9A2806812}\setup.exe -runfromtemp -l0x0013 -removeonly
LimeWire 4.16.6 --> "C:\Program Files\LimeWire\uninstall.exe"
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
MSXML 4.0 SP2 (KB936181) --> MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB941833) --> MsiExec.exe /I{C523D256-313D-4866-B36A-F3DE528246EF}
Nero 8 Trial --> MsiExec.exe /X{D6D5CB84-0E6E-4E69-B300-C690B6911043}
neroxml --> MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
NVIDIA Drivers --> C:\Windows\system32\NVUNINST.EXE UninstallGUI
OpenOffice.org Installer 1.0 --> MsiExec.exe /X{0D499481-22C6-4B25-8AC2-6D3F6C885FB9}
PC-Cleaner --> C:\Program Files\PC-Cleaner\Uninstall.exe
Realtek High Definition Audio Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -l0x13 -removeonly
SubSync --> C:\WINDOWS\st6unst.exe -n "C:\Program Files\SubSync\ST6UNST.LOG"
Suyin Live Camera --> C:\Program Files\InstallShield Installation Information\{399C37FB-08AF-493B-BFED-20FBD85EDF7F}\setup.exe -runfromtemp -l0x0013 -removeonly -u
SUYIN webcam --> C:\Program Files\InstallShield Installation Information\{AA047D7C-5E7C-4878-B75C-77589151B563}\setup.exe -runfromtemp -l0x0009 -removeonly
Synaptics Pointing Device Driver --> rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
Update Manager --> MsiExec.exe /I{F428D0FB-765D-40EB-BDD8-A1E7F5C597FA}
VCRedistSetup --> MsiExec.exe /I{3921A67A-5AB1-4E48-9444-C71814CF3027}
VideoLAN VLC media player 0.8.6f --> C:\Program Files\VideoLAN\VLC\uninstall.exe
Windows Live aanmeldhulp --> MsiExec.exe /I{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}
Windows Live installer --> MsiExec.exe /X{A258173E-F308-475A-951B-F1BF76A4451B}
Windows Live Messenger --> MsiExec.exe /X{A0C978B8-B82B-4FAD-8C31-EBEE8E57468A}
WinRAR --> C:\Program Files\WinRAR\uninstall.exe
WordPerfect Office X3 --> MsiExec.exe /I{54DB13F1-0CE0-4BAB-BD5F-7DE150C043C8}

-- Application Event Log -------------------------------------------------------

Event Record #/Type1976 / Success
Event Submitted/Written: 05/04/2008 00:54:37 PM
Event ID/Source: 12001 / usnjsvc
Event Description:
The Messenger Sharing USN Journal Reader service started successfully.

Event Record #/Type1970 / Success
Event Submitted/Written: 05/04/2008 00:54:05 PM
Event ID/Source: 5617 / WinMgmt
Event Description:

Event Record #/Type1969 / Success
Event Submitted/Written: 05/04/2008 00:54:05 PM
Event ID/Source: 5615 / WinMgmt
Event Description:

Event Record #/Type1962 / Success
Event Submitted/Written: 05/04/2008 00:53:56 PM
Event ID/Source: 902 / Software Licensing Service
Event Description:
De Software Licensing-service is gestart.

Event Record #/Type1953 / Warning
Event Submitted/Written: 05/04/2008 02:31:25 AM
Event ID/Source: 1530 / profsvc
Event Description:
Uw registerbestand is nog steeds in gebruik door andere toepassingen of services. Het bestand wordt nu verwijderd. De toepassingen en services die het registerbestand nu gebruiken, werken achteraf mogelijk niet meer goed.

DETAIL -
1 user registry handles leaked from \Registry\User\S-1-5-21-2804389587-1086438779-3256742696-1000_Classes:
Process 896 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-2804389587-1086438779-3256742696-1000_CLASSES

-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.

-- System Event Log ------------------------------------------------------------

Event Record #/Type13746 / Warning
Event Submitted/Written: 05/04/2008 02:56:00 PM
Event ID/Source: 4226 / Tcpip
Event Description:
De beveiligingslimiet voor het aantal gelijktijdige TCP-verbindingspogingen is bereikt door TCP/IP.

Event Record #/Type13745 / Warning
Event Submitted/Written: 05/04/2008 02:44:43 PM
Event ID/Source: 51 / cdrom
Event Description:
Er is een fout ontdekt op apparaat \Device\CdRom0 tijdens een wisselbestandsbewerking.

Event Record #/Type13744 / Warning
Event Submitted/Written: 05/04/2008 02:44:42 PM
Event ID/Source: 51 / cdrom
Event Description:
Er is een fout ontdekt op apparaat \Device\CdRom0 tijdens een wisselbestandsbewerking.

Event Record #/Type13743 / Warning
Event Submitted/Written: 05/04/2008 02:44:42 PM
Event ID/Source: 51 / cdrom
Event Description:
Er is een fout ontdekt op apparaat \Device\CdRom0 tijdens een wisselbestandsbewerking.

Event Record #/Type13742 / Warning
Event Submitted/Written: 05/04/2008 02:44:42 PM
Event ID/Source: 51 / cdrom
Event Description:
Er is een fout ontdekt op apparaat \Device\CdRom0 tijdens een wisselbestandsbewerking.

-- End of Deckard's System Scanner: finished at 2008-05-04 17:20:52 ------------

greetz
SPLINTER

**splinter** · 04-05-08, 17:33

sorry te vroeg gejuicht

Mededeling

trojan.vundo meldingen

trojan.vundo meldingen

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment