PDA

Volledige versie bekijken : Foutcode 0x80244019 Windows defender



nigel555
1 februari 2009, 16:00
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:38:20, on 1/02/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Synaptics\SynTP\SynTPStart.exe
C:\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
C:\Acer\Empowering Technology\eAudio\eAudio.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Launch Manager\QtZgAcer.EXE
C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Lexmark X5400 Series\lxdvmon.exe
C:\Program Files\Lexmark X5400 Series\lxdvamon.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Xfire\Xfire.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Users\Jasper\AppData\Local\Temp\RtkBtMnt.exe
C:\Windows\ehome\ehmsas.exe
C:\Acer\Empowering Technology\ENET\ENMTRAY.EXE
C:\Acer\Empowering Technology\EPOWER\EPOWER_DMC.EXE
C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EX E
C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Last.fm\LastFM.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Xfire\Xfire.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Jasper\Downloads\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search (http://go.microsoft.com/fwlink/?LinkId=54896)
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Yahoo! UK & Ireland (http://nl.intl.acer.yahoo.com)
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Yahoo! UK & Ireland (http://nl.intl.acer.yahoo.com)
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search (http://go.microsoft.com/fwlink/?LinkId=54896)
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search (http://go.microsoft.com/fwlink/?LinkId=54896)
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Yahoo! UK & Ireland (http://nl.intl.acer.yahoo.com)
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll
O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe
O4 - HKLM\..\Run: [eAudio] "C:\Acer\Empowering Technology\eAudio\eAudio.exe"
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE
O4 - HKLM\..\Run: [PlayMovie] "C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe"
O4 - HKLM\..\Run: [WarReg_PopUp] C:\Program Files\Acer\WR_PopUp\WarReg_PopUp.exe
O4 - HKLM\..\Run: [PLFSet] rundll32.exe C:\Windows\PLFSet.dll,PLFDefSetting
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [lxdvmon.exe] "C:\Program Files\Lexmark X5400 Series\lxdvmon.exe"
O4 - HKLM\..\Run: [lxdvamon] "C:\Program Files\Lexmark X5400 Series\lxdvamon.exe"
O4 - HKLM\..\Run: [Lexmark X5400 Series Fax Server] "C:\Program Files\Lexmark X5400 Series\fm3032.exe" /s
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: OpenOffice.org 3.0 .lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\Xfire.exe
O4 - Global Startup: Empowering Technology Launcher.lnk = ?
O4 - Global Startup: SETAUDIO.EXE
O4 - Global Startup: SETRES.EXE
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Mobiel Apple apparaat (Apple Mobile Device) - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\Windows\system32\CTsvcCDA.exe
O23 - Service: eDataSecurity Service - Egis Incorporated - C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
O23 - Service: eLock Service (eLockService) - Acer Inc. - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
O23 - Service: eNet Service - Acer Inc. - C:\Acer\Empowering Technology\eNet\eNet Service.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: lxdvCATSCustConnectService - Lexmark International, Inc. - C:\Windows\system32\spool\DRIVERS\W32X86\3\\lxdvse rv.exe
O23 - Service: lxdv_device - - C:\Windows\system32\lxdvcoms.exe
O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: ePower Service (WMIService) - acer - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 10531 bytes


Mijn windows defender kan niet meer updaten en geeft volgende foutcode weer: 0x80244019.

Ook mijn avg free 8.0 kan niet meer updaten.

Ik heb mijn computer 2x gescand met Malwarebytes' Anti-Malware en kreeg de eerste keer 8 infecties en tweede keer 4 infecties, waaronder Trojan.DNSChanger en Zlob.DNS.

Juisterr
1 februari 2009, 17:44
Hallo en welkom,

Klik met de rechtermuis op het programma Hijackthis
Kies voor uitvoeren als administrator. En kies dan 'Do a system scan only'
Selecteer alleen de items die hieronder zijn genoemd:

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = *.local
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)





Sluit alle vensters behalve Hijackthis
Klik op 'Fix checked' om de items te verwijderen.


Download MalwareBytes' Anti-Malware (http://www.besttechie.net/tools/mbam-setup.exe) en sla het op je bureaublad op.
Dubbelklik op mbam-setup.exe om het programma te installeren.

Zorg dat er na de installatie een vinkje is geplaatst bij:
Update MalwareBytes' Anti-Malware
Start MalwareBytes' Anti-Malware
Klik daarna op "Voltooien".
Indien een update gevonden wordt, zal die gedownload en geïnstalleerd worden.
Zodra het programma gestart is, ga dan naar het tabblad "Instellingen".
Vink hier aan: "Sluit Internet Explorer tijdens verwijdering van malware".
Ga daarna naar het tabblad "Scanner", kies hier voor "Snelle Scan".
Druk vervolgens op "Scannen" om de scan te starten.
Het scannen kan een tijdje duren, dus wees geduldig.

Wanneer de scan voltooid is, klik op OK, daarna "Bekijk Resultaten" om de resultaten te zien.
Zorg ervoor dat daar alles aangevinkt is, daarna klik op: "Verwijder geselecteerde".
Na het verwijderen zal een log openen en zal er gevraagd worden om de computer opnieuw op te starten.
Het log wordt automatisch bewaard door MalwareBytes' Anti-Malware en kan je terugvinden door op de "Logs" tab te klikken in het programma.

Plaats dit logje samen met een nieuw logje van HijackThis.

nigel555
1 februari 2009, 18:28
Malwarebytes' Anti-Malware 1.33
Database versie: 1713
Windows 6.0.6001 Service Pack 1

1/02/2009 18:23:48
mbam-log-2009-02-01 (18-23-48).txt

Scan type: Snelle Scan
Objecten gescand: 53770
Verstreken tijd: 2 minute(s), 23 second(s)

Geheugenprocessen geïnfecteerd: 0
Geheugenmodulen geïnfecteerd: 0
Registersleutels geïnfecteerd: 0
Registerwaarden geïnfecteerd: 0
Registerdata bestanden geïnfecteerd: 0
Mappen geïnfecteerd: 0
Bestanden geïnfecteerd: 0

Geheugenprocessen geïnfecteerd:
(Geen kwaadaardige items gevonden)

Geheugenmodulen geïnfecteerd:
(Geen kwaadaardige items gevonden)

Registersleutels geïnfecteerd:
(Geen kwaadaardige items gevonden)

Registerwaarden geïnfecteerd:
(Geen kwaadaardige items gevonden)

Registerdata bestanden geïnfecteerd:
(Geen kwaadaardige items gevonden)

Mappen geïnfecteerd:
(Geen kwaadaardige items gevonden)

Bestanden geïnfecteerd:
(Geen kwaadaardige items gevonden)

nigel555
1 februari 2009, 18:32
en dan nog
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:30:35, on 1/02/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Windows\system32\conime.exe
C:\Program Files\Xfire\Xfire.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Acer\Empowering Technology\ENET\ENMTRAY.EXE
C:\Acer\Empowering Technology\EPOWER\EPOWER_DMC.EXE
C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EX E
C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
C:\Windows\Explorer.exe
C:\Acer\Empowering Technology\eAudio\eAudio.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\NOTEPAD.EXE
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Users\Jasper\Downloads\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Yahoo! UK & Ireland (http://nl.intl.acer.yahoo.com)
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com (http://go.microsoft.com/fwlink/?LinkId=69157)
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search (http://go.microsoft.com/fwlink/?LinkId=54896)
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search (http://go.microsoft.com/fwlink/?LinkId=54896)
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Yahoo! UK & Ireland (http://nl.intl.acer.yahoo.com)
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll
O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe
O4 - HKLM\..\Run: [eAudio] "C:\Acer\Empowering Technology\eAudio\eAudio.exe"
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE
O4 - HKLM\..\Run: [PlayMovie] "C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe"
O4 - HKLM\..\Run: [WarReg_PopUp] C:\Program Files\Acer\WR_PopUp\WarReg_PopUp.exe
O4 - HKLM\..\Run: [PLFSet] rundll32.exe C:\Windows\PLFSet.dll,PLFDefSetting
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [lxdvmon.exe] "C:\Program Files\Lexmark X5400 Series\lxdvmon.exe"
O4 - HKLM\..\Run: [lxdvamon] "C:\Program Files\Lexmark X5400 Series\lxdvamon.exe"
O4 - HKLM\..\Run: [Lexmark X5400 Series Fax Server] "C:\Program Files\Lexmark X5400 Series\fm3032.exe" /s
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - Startup: OpenOffice.org 3.0 .lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\Xfire.exe
O4 - Global Startup: Empowering Technology Launcher.lnk = ?
O4 - Global Startup: SETAUDIO.EXE
O4 - Global Startup: SETRES.EXE
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Mobiel Apple apparaat (Apple Mobile Device) - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\Windows\system32\CTsvcCDA.exe
O23 - Service: eDataSecurity Service - Egis Incorporated - C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
O23 - Service: eLock Service (eLockService) - Acer Inc. - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
O23 - Service: eNet Service - Acer Inc. - C:\Acer\Empowering Technology\eNet\eNet Service.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: lxdvCATSCustConnectService - Lexmark International, Inc. - C:\Windows\system32\spool\DRIVERS\W32X86\3\\lxdvse rv.exe
O23 - Service: lxdv_device - - C:\Windows\system32\lxdvcoms.exe
O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: ePower Service (WMIService) - acer - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 8504 bytes

nigel555
2 februari 2009, 11:24
Zou ik je vriendelijk mogen vragen even met malware bytes te scannen en daarvan ook logje te posten ;) ik heb namelijk het gevoel dat je zoals ik daarstraks een trojan DNS changer hebt...wees er wel zeker van dat IE of FF afgesloten is tijdens scan ;)


Zal eens met Malware bytes een volledige scan doen :)


edit,
het is ook nog juist. Ik heb zelf ook nagekeken om die DNSchanger trojan te verwijderen. En ik heb combofix er op los gelaten. Euhm maar ben wel dat logje kwijt.

TiZon
2 februari 2009, 12:14
zet dan nog eens een nieuwe HJT.

nigel555
2 februari 2009, 12:37
zet dan nog eens een nieuwe HJT.

euhm het logje hierboven :)
dit is gemaakt nadat ik met combofix heb laten lopen :)

sorry ik moest het gezegd hebben :$ :$
Maar ik zal nadat malwarebytes klaar is ook nog eens een hijackthis logje aanmaken en hier plaatsen.

Oke ik heb combofix laten lopen nadat ik de eerste hijackthis log heb gepost. En voor ik die veranderingen heb gedaan die jullie hebben gezegd. Ik hoop dat je hier dan nog iets mee bent. En sorry dat ik ietwat moeilijk doe. :$

ComboFix 09-01-31.03 - Jasper 2009-02-01 16:40:25.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1043.18.3070.1948 [GMT 1:00]
Gestart vanuit: c:\users\Jasper\Desktop\ComboFix.exe
* Nieuw herstelpunt werd aangemaakt
.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\users\Jasper\AppData\Roaming\.#
c:\windows\system32\drivers\gaopdxcfrdwmde.sys
c:\windows\system32\gaopdxvyqstphi.dll
D:\resycled
d:\resycled\boot.com

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_gaopdxserv.sys


(((((((((((((((((((( Bestanden Gemaakt van 2009-01-01 to 2009-02-01 ))))))))))))))))))))))))))))))
.

2009-02-01 16:13 . 2009-02-01 16:19 <DIR> d-------- c:\users\Jasper\SmitfraudFix
2009-01-31 12:10 . 2009-01-18 22:35 15,688 --a------ c:\windows\System32\lsdelete.exe
2009-01-31 01:27 . 2009-01-31 01:27 <DIR> d-------- c:\users\All Users\Lavasoft
2009-01-31 01:27 . 2009-01-31 01:27 <DIR> d--h-c--- c:\users\All Users\{83C91755-2546-441D-AC40-9A6B4B860800}
2009-01-31 01:27 . 2009-01-31 01:27 <DIR> d-------- c:\programdata\Lavasoft
2009-01-31 01:27 . 2009-01-31 01:27 <DIR> d--h-c--- c:\programdata\{83C91755-2546-441D-AC40-9A6B4B860800}
2009-01-31 01:27 . 2009-01-31 01:27 <DIR> d-------- c:\program files\Lavasoft
2009-01-31 01:27 . 2009-01-18 22:30 64,160 --a------ c:\windows\System32\drivers\Lbd.sys
2009-01-31 00:53 . 2009-01-31 00:53 <DIR> d-------- c:\program files\Panda Security
2009-01-24 20:26 . 2009-01-24 20:49 <DIR> d-------- c:\program files\PokerStars
2009-01-24 14:39 . 2009-01-25 10:51 <DIR> d-------- c:\program files\VCLB Service BVBA
2009-01-19 20:57 . 2009-01-19 20:57 <DIR> d-------- c:\program files\BitLord
2009-01-15 09:37 . 2009-01-15 09:37 42,320 --a------ c:\windows\System32\xfcodec.dll
2009-01-14 17:37 . 2009-01-14 17:37 107,832 --a------ c:\windows\System32\PnkBstrB.exe
2009-01-14 17:37 . 2009-01-14 17:37 66,872 --a------ c:\windows\System32\PnkBstrA.exe
2009-01-14 17:37 . 2009-01-14 17:37 22,328 --a------ c:\windows\System32\drivers\PnkBstrK.sys
2009-01-13 19:47 . 2009-01-13 19:47 <DIR> d-------- c:\users\Jasper\AppData\Roaming\Malwarebytes
2009-01-13 19:47 . 2009-01-13 19:47 <DIR> d-------- c:\users\All Users\Malwarebytes
2009-01-13 19:47 . 2009-01-13 19:47 <DIR> d-------- c:\programdata\Malwarebytes
2009-01-13 19:47 . 2009-01-31 14:36 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-01-13 19:47 . 2009-01-14 16:11 38,496 --a------ c:\windows\System32\drivers\mbamswissarmy.sys
2009-01-13 19:47 . 2009-01-14 16:11 15,504 --a------ c:\windows\System32\drivers\mbam.sys
2009-01-13 19:04 . 2009-01-13 19:04 <DIR> d-------- c:\users\Jasper\AppData\Roaming\MAGIX
2009-01-13 19:01 . 2009-01-13 19:03 <DIR> d-------- c:\users\All Users\MAGIX
2009-01-13 19:01 . 2009-01-13 19:03 <DIR> d-------- c:\programdata\MAGIX
2009-01-13 19:01 . 2009-01-13 19:03 <DIR> d-------- c:\program files\MAGIX
2009-01-13 19:01 . 2007-04-27 10:43 120,200 --a------ c:\windows\System32\DLLDEV32i.dll
2009-01-13 19:00 . 2009-01-13 20:37 <DIR> d-------- c:\windows\System32\MAGIX
2009-01-13 19:00 . 2008-04-15 16:14 700,416 --a------ c:\windows\System32\mgxoschk.dll
2009-01-13 19:00 . 2009-01-13 20:37 5,937 --a------ c:\windows\mgxoschk.ini
2009-01-12 17:12 . 2009-01-12 18:44 <DIR> d-------- c:\program files\America's Army Server Manager
2009-01-12 16:56 . 2009-01-12 17:11 <DIR> d-------- c:\program files\America's Army
2009-01-11 13:20 . 2009-01-12 17:11 <DIR> d-------- c:\program files\America's Army Deploy Client

.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2009-02-01 15:25 --------- d-----w c:\users\Jasper\AppData\Roaming\Xfire
2009-01-31 15:58 --------- d-----w c:\users\Jasper\AppData\Roaming\LimeWire
2009-01-31 12:40 --------- d-----w c:\programdata\avg8
2009-01-30 09:30 --------- d-----w c:\programdata\Xfire
2009-01-27 22:01 --------- d-----w c:\programdata\Lx_cats
2009-01-24 19:01 --------- d-----w c:\program files\PKR
2009-01-21 18:32 --------- d-----w c:\program files\Xfire
2009-01-11 12:20 --------- d-----w c:\programdata\America's Army Deploy Client
2008-12-31 17:43 --------- d-----w c:\users\Jasper\AppData\Roaming\mIRC
2008-12-30 10:48 --------- d-----w c:\program files\mIRC
2008-12-28 21:51 --------- d-----w c:\program files\Netlog Music Tool
2008-12-27 23:36 --------- d-----w c:\programdata\TrackMania
2008-12-23 20:30 --------- d-----w c:\programdata\KONAMI
2008-12-20 12:50 --------- d-----w c:\program files\VirtualDJ
2008-12-20 12:41 --------- d-----w c:\program files\VDJ5
2008-12-19 14:53 --------- d-----w c:\programdata\CyberLink
2008-12-18 15:53 --------- d-----w c:\program files\SEGA
2008-12-18 15:26 --------- d--h--w c:\program files\InstallShield Installation Information
2008-12-18 14:54 --------- d-----w c:\programdata\Apple Computer
2008-12-18 14:54 --------- d-----w c:\program files\Common Files\Apple
2008-12-18 14:53 --------- d-----w c:\users\Jasper\AppData\Roaming\Apple Computer
2008-12-18 14:50 --------- d-----w c:\program files\Acer Inc
2008-12-18 14:42 --------- d-----w c:\programdata\Zylom
2008-12-18 14:42 --------- d-----w c:\program files\Zylom Games
2008-12-17 12:52 --------- d-----w c:\program files\Microsoft Games
2008-12-16 11:20 --------- d-----w c:\program files\Cyanide
2008-12-15 19:56 --------- d-----w c:\users\Gast\AppData\Roaming\X5400 Series
2008-12-15 19:55 --------- d-----w c:\users\Gast\AppData\Roaming\ATI
2008-12-15 17:49 --------- d-----w c:\program files\Common Files\Adobe
2008-12-12 06:36 --------- d-----w c:\program files\Windows Mail
2008-12-11 23:18 --------- d-----w c:\programdata\Microsoft Help
2008-12-10 19:47 --------- d-----w c:\users\Jasper\AppData\Roaming\IrfanView
2008-12-10 19:47 --------- d-----w c:\program files\IrfanView
2008-12-08 16:41 --------- d-----w c:\program files\Apple Software Update
2008-12-08 16:38 --------- d-----w c:\program files\QuickTime
2008-12-08 16:21 --------- d-----w c:\program files\Bonjour
2008-11-01 03:44 541,696 ----a-w c:\windows\AppPatch\AcLayers.dll
2008-11-01 03:44 52,736 ----a-w c:\windows\AppPatch\iebrshim.dll
2008-11-01 03:44 460,288 ----a-w c:\windows\AppPatch\AcSpecfc.dll
2008-11-01 03:44 28,672 ----a-w c:\windows\System32\Apphlpdm.dll
2008-11-01 03:44 2,154,496 ----a-w c:\windows\AppPatch\AcGenral.dll
2008-11-01 03:44 173,056 ----a-w c:\windows\AppPatch\AcXtrnal.dll
2008-11-01 01:21 4,240,384 ----a-w c:\windows\System32\GameUXLegacyGDFs.dll
2008-10-03 22:53 0 ----a-w c:\users\Jasper\AppData\Roaming\wklnhst.dat
2008-01-21 02:43 174 --sha-w c:\program files\desktop.ini
.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))) )
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\explorer\shelliconoverlayidentifiers\eg isPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2008-01-03 01:00 39472 --a------ c:\acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-21 1233920]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2008-03-11 92704]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-03-11 8534560]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-03-11 88608]
"SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2008-01-24 102400]
"eDataSecurity Loader"="c:\acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe" [2008-02-25 518656]
"eAudio"="c:\acer\Empowering Technology\eAudio\eAudio.exe" [2007-10-10 1286144]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2007-11-22 178712]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]
"LManager"="c:\progra~1\LAUNCH~1\QtZgAcer.EXE" [2008-01-02 707080]
"PlayMovie"="c:\program files\Acer Arcade Deluxe\Play Movie\PMVService.exe" [2008-01-22 200704]
"WarReg_PopUp"="c:\program files\Acer\WR_PopUp\WarReg_PopUp.exe" [2008-01-29 303104]
"PLFSet"="c:\windows\PLFSet.dll" [2007-04-25 45056]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-10-26 136600]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-10-04 185872]
"lxdvmon.exe"="c:\program files\Lexmark X5400 Series\lxdvmon.exe" [2007-11-02 455336]
"lxdvamon"="c:\program files\Lexmark X5400 Series\lxdvamon.exe" [2007-11-02 25256]
"Lexmark X5400 Series Fax Server"="c:\program files\Lexmark X5400 Series\fm3032.exe" [2007-11-02 307880]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-11-04 413696]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-01-18 506712]
"RtHDVCpl"="RtHDVCpl.exe" [2008-01-24 c:\windows\RtHDVCpl.exe]
"Skytel"="Skytel.exe" [2008-01-24 c:\windows\SkyTel.exe]

c:\users\Jasper\AppData\Roaming\Microsoft\Windows\ Start Menu\Programs\Startup\
OpenOffice.org 3.0 .lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2008-09-12 384000]
Xfire.lnk - c:\program files\Xfire\Xfire.exe [2009-01-15 2993488]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Empowering Technology Launcher.lnk - c:\acer\Empowering Technology\eAPLauncher.exe [2008-04-16 535336]
SETAUDIO.EXE [2008-04-04 20480]
SETRES.EXE [2008-04-04 20480]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.fraunhoferacm"= l3codecp.acm
"VIDC.XFR1"= xfcodec.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKLM\~\startupfolder\C:^Users^Jasper^AppData^Roami ng^Microsoft^Windows^Start Menu^Programs^Startup^Orion.lnk]
path=c:\users\Jasper\AppData\Roaming\Microsoft\Win dows\Start Menu\Programs\Startup\Orion.lnk
backup=c:\windows\pss\Orion.lnk.Startup
backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\FirewallRules]
"{8F45E4D7-9D8D-4C4C-994E-94C28EE5AB39}"= c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\Acer Arcade Deluxe.exe:Acer Arcade Deluxe
"{E35401BB-1234-4D07-977A-9F39BC32738B}"= c:\program files\Acer Arcade Deluxe\VideoMagician\VideoMagician.exe:VideoMagici an
"{1D720274-3003-410E-9155-AC0850BF0BFE}"= c:\program files\Acer Arcade Deluxe\HomeMedia\HomeMedia.exe:HomeMedia
"{BAAFD965-C6F5-442D-B717-1CD69E7FC7BA}"= c:\program files\Acer Arcade Deluxe\DV Wizard\DV Wizard.exe:DV Wizard
"{ABF0BDD2-A747-43B4-9D97-313DF5C15A57}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{0B7A6176-AD44-46C0-9D09-E02388D0B970}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{C12C383D-6695-44AB-A566-B28FA0B12F93}"= c:\program files\Acer Arcade Deluxe\DVDivine\DVDivine.exe:DVDivine
"{5DB4BED3-551B-47E1-A648-F086EB1E5720}"= c:\program files\Acer Arcade Deluxe\Play Movie\PlayMovie.exe:Play Movie
"{4E623CE8-588F-481A-9A7E-00D05BF958B2}"= c:\program files\Acer Arcade Deluxe\Play Movie\PMVService.exe:Play Movie Resident Program
"{9F1A0F47-B48C-4ACA-AC0A-46353F22E450}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"TCP Query User{FA64F5C5-3B9B-44F1-B53E-2CCBE8A1AFB3}c:\\program files\\limewire\\limewire.exe"= UDP:c:\program files\limewire\limewire.exe:LimeWire
"UDP Query User{8FD2895D-BBD4-43C8-8388-C54F75B8F8D6}c:\\program files\\limewire\\limewire.exe"= TCP:c:\program files\limewire\limewire.exe:LimeWire
"TCP Query User{C816A7CE-B361-4E06-9DAC-19A3A6BA32E8}c:\\program files\\trackmania nations eswc\\tmnationseswc.exe"= UDP:c:\program files\trackmania nations eswc\tmnationseswc.exe:TmNationsESWC
"UDP Query User{214A5E7F-6656-48F8-9BA2-4BBBD41C4203}c:\\program files\\trackmania nations eswc\\tmnationseswc.exe"= TCP:c:\program files\trackmania nations eswc\tmnationseswc.exe:TmNationsESWC
"TCP Query User{8513F3D1-9EDD-4E22-AD9D-38DD3524860B}c:\\program files\\tmnationsforever\\tmforever.exe"= UDP:c:\program files\tmnationsforever\tmforever.exe:TmForever
"UDP Query User{011A8FCE-7F2E-460D-8C83-7BE8B252CAD0}c:\\program files\\tmnationsforever\\tmforever.exe"= TCP:c:\program files\tmnationsforever\tmforever.exe:TmForever
"TCP Query User{28FF8EE5-4F34-427C-963B-A22E32603B44}c:\\program files\\ubisoft\\xiii\\system\\xiii.exe"= UDP:c:\program files\ubisoft\xiii\system\xiii.exe:XIII
"UDP Query User{D5587DE7-A6FD-4218-9D4C-41CD41EEE89D}c:\\program files\\ubisoft\\xiii\\system\\xiii.exe"= TCP:c:\program files\ubisoft\xiii\system\xiii.exe:XIII
"TCP Query User{99D19CD8-1A0D-415C-B8CD-F06726C39218}c:\\program files\\electronic arts\\eadm\\core.exe"= UDP:c:\program files\electronic arts\eadm\core.exe:EA Download Manager
"UDP Query User{C6395B76-FE05-490F-891F-4E0438CC9933}c:\\program files\\electronic arts\\eadm\\core.exe"= TCP:c:\program files\electronic arts\eadm\core.exe:EA Download Manager
"TCP Query User{353DE465-837A-4FB8-9EED-21482435BFEE}c:\\program files\\mozilla firefox\\firefox.exe"= Disabled:UDP:c:\program files\mozilla firefox\firefox.exe:Firefox
"UDP Query User{55E802B5-A63D-4CD3-95E0-B8DC8D69CFCE}c:\\program files\\mozilla firefox\\firefox.exe"= Disabled:TCP:c:\program files\mozilla firefox\firefox.exe:Firefox
"{6E6D1873-6C88-4F9A-AC30-A24AB261A4CF}"= UDP:c:\program files\Lexmark X5400 Series\lxdvamon.exe:Lexmark Device Monitor
"{3F752BBB-1AF0-40F7-9DA6-E933B1C3454B}"= TCP:c:\program files\Lexmark X5400 Series\lxdvamon.exe:Lexmark Device Monitor
"{3D5F18E9-F784-454B-8E1E-9AB3D7CA9FCA}"= UDP:c:\program files\Lexmark X5400 Series\frun.exe:Lexmark Productivity Studio
"{497E8685-8371-4986-9B45-A6E9EB7099F9}"= TCP:c:\program files\Lexmark X5400 Series\frun.exe:Lexmark Productivity Studio
"{8916CB4A-221D-452F-B21A-25BEEA8E8C9A}"= UDP:c:\program files\Abbyy FineReader 6.0 Sprint\Scan\ScanMan6.exe:ABBYY FineReader
"{E9E19118-DC64-4A4B-B2ED-E5C69FAC2F6F}"= TCP:c:\program files\Abbyy FineReader 6.0 Sprint\Scan\ScanMan6.exe:ABBYY FineReader
"{C38C9FE4-C5E0-477A-B01E-4F33CD4DE7C6}"= UDP:c:\program files\Lexmark X5400 Series\LXDVFax.exe:Fax software
"{87C2FE4E-C980-4CBD-9F9A-A7F9D6332898}"= TCP:c:\program files\Lexmark X5400 Series\LXDVFax.exe:Fax software
"{DF36DD17-17E6-4B91-A431-30FE135DA472}"= UDP:c:\program files\Lexmark X5400 Series\lxdvmon.exe:Printer Device Monitor
"{97AFA5FD-E911-4DA8-BFC1-6C1FD0397034}"= TCP:c:\program files\Lexmark X5400 Series\lxdvmon.exe:Printer Device Monitor
"{42028776-1503-48E5-A5A2-002B059FAA95}"= UDP:c:\windows\System32\lxdvcoms.exe:Lexmark Communications System
"{D4290D29-927C-4A43-9696-050781CEF878}"= TCP:c:\windows\System32\lxdvcoms.exe:Lexmark Communications System
"{CC8B3D5F-4873-47F7-BA02-39D8DB6A9D96}"= UDP:c:\windows\System32\spool\drivers\w32x86\3\lxd vpswx.exe:Printer Status Window Interface
"{C1652A08-7B2F-4611-AA06-3EBA142DD3E2}"= TCP:c:\windows\System32\spool\drivers\w32x86\3\lxd vpswx.exe:Printer Status Window Interface
"{9AF3BA7A-7EA8-4F46-86D0-7CFC7C98F19D}"= UDP:c:\windows\System32\spool\drivers\w32x86\3\lxd vtime.exe:Lexmark Connect Time Executable
"{7A88D95B-48C6-4D9B-98BE-83AAC39DA3A8}"= TCP:c:\windows\System32\spool\drivers\w32x86\3\lxd vtime.exe:Lexmark Connect Time Executable
"{EB60D053-B853-4F20-85BB-4585D92F5BD0}"= UDP:c:\windows\System32\spool\drivers\w32x86\3\lxd vjswx.exe:Job Status Window Interface
"{F6A78C02-5512-4571-AD68-E614734A8D82}"= TCP:c:\windows\System32\spool\drivers\w32x86\3\lxd vjswx.exe:Job Status Window Interface
"TCP Query User{BF7BD75E-79A9-4120-917E-9301B476E2AD}c:\\program files\\konami\\pro evolution soccer 2009\\pes2009.exe"= UDP:c:\program files\konami\pro evolution soccer 2009\pes2009.exe:Pro Evolution Soccer 2009
"UDP Query User{BA471AB0-95B9-4A53-B523-9FD3D79332D0}c:\\program files\\konami\\pro evolution soccer 2009\\pes2009.exe"= TCP:c:\program files\konami\pro evolution soccer 2009\pes2009.exe:Pro Evolution Soccer 2009
"TCP Query User{59FC6D06-B20E-47FA-A4D9-DC119081408D}c:\\program files\\cyanide\\cycling manager 3\\cym2003.exe"= UDP:c:\program files\cyanide\cycling manager 3\cym2003.exe:CyclingManager
"UDP Query User{213528EF-3CBF-403C-A370-A0FDDE483E93}c:\\program files\\cyanide\\cycling manager 3\\cym2003.exe"= TCP:c:\program files\cyanide\cycling manager 3\cym2003.exe:CyclingManager
"{7C795F07-4E11-48D0-8E79-14A4294BBDA6}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{5A02903B-9C43-4272-B306-93E35F30C999}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"TCP Query User{47EC01A1-D784-4493-9585-3640665645F8}c:\\program files\\xfire\\xfire.exe"= UDP:c:\program files\xfire\xfire.exe:Xfire
"UDP Query User{C305619F-AFDC-4E31-A58C-1F36CA39267C}c:\\program files\\xfire\\xfire.exe"= TCP:c:\program files\xfire\xfire.exe:Xfire
"TCP Query User{6ED7A2BF-D70C-4A56-9A26-F8E8E9F290F0}c:\\program files\\america's army deploy client\\aadeployclient.exe"= UDP:c:\program files\america's army deploy client\aadeployclient.exe:AADeployClient
"UDP Query User{AB058BA0-2190-4194-8A8C-119501A2B213}c:\\program files\\america's army deploy client\\aadeployclient.exe"= TCP:c:\program files\america's army deploy client\aadeployclient.exe:AADeployClient
"TCP Query User{80E87769-CB80-4E87-AA22-DEA94576D32C}c:\\program files\\mirc\\mirc.exe"= UDP:c:\program files\mirc\mirc.exe:mIRC
"UDP Query User{9B4383B9-2918-474B-BA54-849CE2741B93}c:\\program files\\mirc\\mirc.exe"= TCP:c:\program files\mirc\mirc.exe:mIRC
"TCP Query User{EEBEE0AA-FF4A-47ED-A769-64115980DB37}c:\\program files\\america's army\\system\\armyops.exe"= UDP:c:\program files\america's army\system\armyops.exe:ArmyOps
"UDP Query User{96C26E81-2BF9-4B7D-96EF-160C1A2E37BD}c:\\program files\\america's army\\system\\armyops.exe"= TCP:c:\program files\america's army\system\armyops.exe:ArmyOps
"TCP Query User{AF99077E-7C4E-4FA8-88B1-EF5E47656868}c:\\program files\\bitlord\\bitlord.exe"= UDP:c:\program files\bitlord\bitlord.exe:BitLord
"UDP Query User{D8F8F6C6-62B6-4FEC-B392-5693C8E28618}c:\\program files\\bitlord\\bitlord.exe"= TCP:c:\program files\bitlord\bitlord.exe:BitLord
"{E32CC8A7-96EC-478A-987A-2168159509FB}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{2726878D-7A53-4BD5-AEE6-66214044A617}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{FDA90097-8149-4B32-A5B4-FD66B3BBCC68}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)

R0 Lbd;Lbd;c:\windows\System32\drivers\Lbd.sys [2009-01-31 64160]
R2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};{49DE1C67-83F8-4102-99E0-C16DCC7EEC796};c:\program files\Acer Arcade Deluxe\Play Movie\000.fcl [2008-08-26 11:01:25 41456]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2009-01-18 921936]
R2 lxdv_device;lxdv_device;c:\windows\system32\lxdvco ms.exe -service --> c:\windows\system32\lxdvcoms.exe -service [?]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\System32\drivers\b57nd60x.sys [2008-04-16 179712]
R3 winbondcir;Winbond IR Transceiver;c:\windows\System32\drivers\winbondcir .sys [2008-04-16 43008]
S2 lxdvCATSCustConnectService;lxdvCATSCustConnectServ ice;c:\windows\System32\spool\drivers\w32x86\3\lxd vserv.exe [2007-10-18 98984]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\MAGIX\Common\Database\bin\fbserver.exe [2009-01-13 1527900]

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{c0b15b15-7385-11dd-b94a-806e6f6e6963}]
\shell\AutoRun\command - F:\Launch.exe

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{caa7f8be-7359-11dd-94c0-f994668757d8}]
\shell\AutoRun\command - wscript.exe .\.vbs
\shell\open\command - wscript.exe .\.vbs
.
Inhoud van de 'Gedeelde Taken' map

2009-01-31 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-01-18 22:34]
.
- - - - ORPHANS VERWIJDERD - - - -

HKLM-Run-eRecoveryService - (no file)


.
------- Bijkomende Scan -------
.
uStart Page = hxxp://nl.intl.acer.yahoo.com
mStart Page = hxxp://nl.intl.acer.yahoo.com
uInternet Settings,ProxyOverride = *.local
IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\Jasper\AppData\Roaming\Mozilla\Firefox\Pr ofiles\uog3jjgk.default\
FF - component: c:\users\Jasper\AppData\Roaming\Mozilla\Firefox\Pr ofiles\uog3jjgk.default\extensions\{7c5c0f58-e061-457d-9033-77307f5ed00c}\components\FFAlert.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npzylomgamesplayer.dll
FF - plugin: c:\programdata\Zylom\ZylomGamesPlayer\npzylomgames player.dll
.

************************************************** ************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-01 16:58:10
Windows 6.0.6001 Service Pack 1 NTFS

scannen van verborgen processen ...

scannen van verborgen autostart items ...

scannen van verborgen bestanden ...

Scan succesvol afgerond
verborgen bestanden:

************************************************** ************************
.
Voltooingstijd: 2009-02-01 16:59:48
ComboFix-quarantined-files.txt 2009-02-01 15:59:46

Pre-Run: 55,995,670,528 bytes beschikbaar
Post-Run: 55,981,420,544 bytes beschikbaar

266 --- E O F --- 2009-01-12 20:58:54

nigel555
2 februari 2009, 18:41
Malwarebytes' Anti-Malware 1.33
Database versie: 1715
Windows 6.0.6001 Service Pack 1

2/02/2009 18:24:14
mbam-log-2009-02-02 (18-24-14).txt

Scan type: Volledige Scan (C:\|D:\|F:\|)
Objecten gescand: 171241
Verstreken tijd: 48 minute(s), 55 second(s)

Geheugenprocessen geïnfecteerd: 0
Geheugenmodulen geïnfecteerd: 0
Registersleutels geïnfecteerd: 0
Registerwaarden geïnfecteerd: 0
Registerdata bestanden geïnfecteerd: 0
Mappen geïnfecteerd: 0
Bestanden geïnfecteerd: 1

Geheugenprocessen geïnfecteerd:
(Geen kwaadaardige items gevonden)

Geheugenmodulen geïnfecteerd:
(Geen kwaadaardige items gevonden)

Registersleutels geïnfecteerd:
(Geen kwaadaardige items gevonden)

Registerwaarden geïnfecteerd:
(Geen kwaadaardige items gevonden)

Registerdata bestanden geïnfecteerd:
(Geen kwaadaardige items gevonden)

Mappen geïnfecteerd:
(Geen kwaadaardige items gevonden)

Bestanden geïnfecteerd:
C:\Qoobox\Quarantine\C\Windows\System32\gaopdxvyqs tphi.dll.vir (Trojan.FakeAlert) -> Quarantined and deleted successfully.

nigel555
2 februari 2009, 18:42
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:26:45, on 2/02/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPStart.exe
C:\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
C:\Acer\Empowering Technology\eAudio\eAudio.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Launch Manager\QtZgAcer.EXE
C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Lexmark X5400 Series\lxdvmon.exe
C:\Program Files\Lexmark X5400 Series\lxdvamon.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Xfire\Xfire.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\ehome\ehmsas.exe
C:\Users\Jasper\AppData\Local\Temp\RtkBtMnt.exe
C:\Acer\Empowering Technology\ENET\ENMTRAY.EXE
C:\Acer\Empowering Technology\EPOWER\EPOWER_DMC.EXE
C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EX E
C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
C:\Program Files\Xfire\Xfire.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Jasper\Downloads\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Yahoo! UK & Ireland (http://nl.intl.acer.yahoo.com)
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com (http://go.microsoft.com/fwlink/?LinkId=69157)
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search (http://go.microsoft.com/fwlink/?LinkId=54896)
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search (http://go.microsoft.com/fwlink/?LinkId=54896)
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Yahoo! UK & Ireland (http://nl.intl.acer.yahoo.com)
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll
O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe
O4 - HKLM\..\Run: [eAudio] "C:\Acer\Empowering Technology\eAudio\eAudio.exe"
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE
O4 - HKLM\..\Run: [PlayMovie] "C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe"
O4 - HKLM\..\Run: [WarReg_PopUp] C:\Program Files\Acer\WR_PopUp\WarReg_PopUp.exe
O4 - HKLM\..\Run: [PLFSet] rundll32.exe C:\Windows\PLFSet.dll,PLFDefSetting
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [lxdvmon.exe] "C:\Program Files\Lexmark X5400 Series\lxdvmon.exe"
O4 - HKLM\..\Run: [lxdvamon] "C:\Program Files\Lexmark X5400 Series\lxdvamon.exe"
O4 - HKLM\..\Run: [Lexmark X5400 Series Fax Server] "C:\Program Files\Lexmark X5400 Series\fm3032.exe" /s
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - Startup: OpenOffice.org 3.0 .lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\Xfire.exe
O4 - Global Startup: Empowering Technology Launcher.lnk = ?
O4 - Global Startup: SETAUDIO.EXE
O4 - Global Startup: SETRES.EXE
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Mobiel Apple apparaat (Apple Mobile Device) - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\Windows\system32\CTsvcCDA.exe
O23 - Service: eDataSecurity Service - Egis Incorporated - C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
O23 - Service: eLock Service (eLockService) - Acer Inc. - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
O23 - Service: eNet Service - Acer Inc. - C:\Acer\Empowering Technology\eNet\eNet Service.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: lxdvCATSCustConnectService - Lexmark International, Inc. - C:\Windows\system32\spool\DRIVERS\W32X86\3\\lxdvse rv.exe
O23 - Service: lxdv_device - - C:\Windows\system32\lxdvcoms.exe
O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: ePower Service (WMIService) - acer - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 9587 bytes


voila ^^
en dns trojan is er lijk niet:p maar wel trojan FakeAlert xD hehe

nigel555
2 februari 2009, 18:47
oja,
bepaalde dingen die defect waren werken nu ondertussen alweer :)
dus ofwel is alles clean ofwel zitten we al bijna op het einde :p

Juisterr
2 februari 2009, 18:54
Zou ik je vriendelijk mogen vragen even met malware bytes te scannen en daarvan ook logje te posten ;) ik heb namelijk het gevoel dat je zoals ik daarstraks een trojan DNS changer hebt...wees er wel zeker van dat IE of FF afgesloten is tijdens scan ;)
Mag ik je nu nogmaals vragen om geen antwoorden te geven op vragen in deze sectie aub.

Op de gok tools runnen is zinloos.

En daarbij was er al gescant met Mbam.

nigel555
2 februari 2009, 18:55
Mag ik je nu nogmaals vragen om geen antwoorden te geven op vragen in deze sectie aub.

Op de gok tools runnen is zinloos.

En daarbij was er al gescant met Mbam.

hmm ken je die gast?

En inderdaad had daar al mee gescand maar de eerste keer vond hij niets nu wel :p

Juisterr
2 februari 2009, 19:00
Misschien wil nigel555 even alleen doen wat ik vraag en niet meer of minder aub.



Open Kladblok, kopieer en plak het volgende (vetgedrukte, blauwe tekst) in een leeg venster:

Registry::

[-HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{c0b15b15-7385-11dd-b94a-806e6f6e6963}]


[-HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{caa7f8be-7359-11dd-94c0-f994668757d8}]

Sla dit op op je Bureaublad als CFScript.txt.

Sleep CFScript.txt in ComboFix.exe zoals getoond in onderstaand voorbeeld :

http://img.photobucket.com/albums/v666/sUBs/CFScriptB-4.gif



Dit zal ComboFix doen herstarten.

Na het herstarten van je computer, (indien het vraagt om te herstarten), kopieer en plak de inhoud van log.txt in je volgende antwoord.

Plaats ook een nieuw HJT logje aub.

Vertel ook even hoe het nu gaat.

Juisterr
2 februari 2009, 19:01
hmm ken je die gast?

En inderdaad had daar al mee gescand maar de eerste keer vond hij niets nu wel :p
ja hij vond iets wat combofix gevonden had en die in Qoobox stond. Dat is een soort backup die nu dus weg is.

nigel555
2 februari 2009, 19:06
Ik luister eigenlijk enkel naar u :) maar ik was dat zowiezo van plan nog eens te scanne aangezien ik het raar vond om een snelle scan te doen.

Maar dit is bijzaak. ik zal nu hetgene doen wat je zegt :) al vraag ik mij wel af wat dit scriptje doet:p

En nu gaat het al veel beter kan terug updates doen. websites die geblokeerd leken werken ook terug :)

En ah zo over die backup die weg is :)

nigel555
3 februari 2009, 10:54
ComboFix 09-01-31.03 - Jasper 2009-02-02 19:53:56.2 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1043.18.3070.1730 [GMT 1:00]
Gestart vanuit: c:\users\Jasper\Desktop\ComboFix.exe
gebruikte Opdracht switches :: c:\users\Jasper\Desktop\CFScript.txt
* Nieuw herstelpunt werd aangemaakt
.

(((((((((((((((((((( Bestanden Gemaakt van 2009-01-02 to 2009-02-02 ))))))))))))))))))))))))))))))
.

2009-02-02 19:45 . 2009-02-02 19:45 108 --ah----- C:\aaw7boot.cmd
2009-02-02 17:32 . 2009-02-02 17:32 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-02-02 17:32 . 2009-01-14 16:11 38,496 --a------ c:\windows\System32\drivers\mbamswissarmy.sys
2009-02-02 17:32 . 2009-01-14 16:11 15,504 --a------ c:\windows\System32\drivers\mbam.sys
2009-02-01 20:46 . 2008-12-16 03:42 288,768 --a------ c:\windows\System32\drivers\srv.sys
2009-02-01 16:13 . 2009-02-01 16:19 <DIR> d-------- c:\users\Jasper\SmitfraudFix
2009-01-31 12:10 . 2009-02-02 19:00 15,688 --a------ c:\windows\System32\lsdelete.exe
2009-01-31 01:27 . 2009-01-31 01:27 <DIR> d-------- c:\users\All Users\Lavasoft
2009-01-31 01:27 . 2009-01-31 01:27 <DIR> d--h-c--- c:\users\All Users\{83C91755-2546-441D-AC40-9A6B4B860800}
2009-01-31 01:27 . 2009-01-31 01:27 <DIR> d-------- c:\programdata\Lavasoft
2009-01-31 01:27 . 2009-01-31 01:27 <DIR> d--h-c--- c:\programdata\{83C91755-2546-441D-AC40-9A6B4B860800}
2009-01-31 01:27 . 2009-01-31 01:27 <DIR> d-------- c:\program files\Lavasoft
2009-01-31 01:27 . 2009-01-18 22:30 64,160 --a------ c:\windows\System32\drivers\Lbd.sys
2009-01-31 00:53 . 2009-01-31 00:53 <DIR> d-------- c:\program files\Panda Security
2009-01-24 20:26 . 2009-01-24 20:49 <DIR> d-------- c:\program files\PokerStars
2009-01-24 14:39 . 2009-01-25 10:51 <DIR> d-------- c:\program files\VCLB Service BVBA
2009-01-19 20:57 . 2009-01-19 20:57 <DIR> d-------- c:\program files\BitLord
2009-01-15 09:37 . 2009-01-15 09:37 42,320 --a------ c:\windows\System32\xfcodec.dll
2009-01-14 17:37 . 2009-01-14 17:37 107,832 --a------ c:\windows\System32\PnkBstrB.exe
2009-01-14 17:37 . 2009-01-14 17:37 66,872 --a------ c:\windows\System32\PnkBstrA.exe
2009-01-14 17:37 . 2009-01-14 17:37 22,328 --a------ c:\windows\System32\drivers\PnkBstrK.sys
2009-01-13 19:47 . 2009-01-13 19:47 <DIR> d-------- c:\users\Jasper\AppData\Roaming\Malwarebytes
2009-01-13 19:47 . 2009-01-13 19:47 <DIR> d-------- c:\users\All Users\Malwarebytes
2009-01-13 19:47 . 2009-01-13 19:47 <DIR> d-------- c:\programdata\Malwarebytes
2009-01-13 19:04 . 2009-01-13 19:04 <DIR> d-------- c:\users\Jasper\AppData\Roaming\MAGIX
2009-01-13 19:01 . 2009-01-13 19:03 <DIR> d-------- c:\users\All Users\MAGIX
2009-01-13 19:01 . 2009-01-13 19:03 <DIR> d-------- c:\programdata\MAGIX
2009-01-13 19:01 . 2009-01-13 19:03 <DIR> d-------- c:\program files\MAGIX
2009-01-13 19:01 . 2007-04-27 10:43 120,200 --a------ c:\windows\System32\DLLDEV32i.dll
2009-01-13 19:00 . 2009-01-13 20:37 <DIR> d-------- c:\windows\System32\MAGIX
2009-01-13 19:00 . 2008-04-15 16:14 700,416 --a------ c:\windows\System32\mgxoschk.dll
2009-01-13 19:00 . 2009-01-13 20:37 5,937 --a------ c:\windows\mgxoschk.ini
2009-01-12 17:12 . 2009-01-12 18:44 <DIR> d-------- c:\program files\America's Army Server Manager
2009-01-12 16:56 . 2009-01-12 17:11 <DIR> d-------- c:\program files\America's Army
2009-01-11 13:20 . 2009-01-12 17:11 <DIR> d-------- c:\program files\America's Army Deploy Client

.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2009-02-02 17:46 --------- d-----w c:\programdata\avg8
2009-02-02 16:06 --------- d-----w c:\program files\Windows Mail
2009-02-01 15:25 --------- d-----w c:\users\Jasper\AppData\Roaming\Xfire
2009-01-31 15:58 --------- d-----w c:\users\Jasper\AppData\Roaming\LimeWire
2009-01-30 09:30 --------- d-----w c:\programdata\Xfire
2009-01-27 22:01 --------- d-----w c:\programdata\Lx_cats
2009-01-24 19:01 --------- d-----w c:\program files\PKR
2009-01-21 18:32 --------- d-----w c:\program files\Xfire
2009-01-11 12:20 --------- d-----w c:\programdata\America's Army Deploy Client
2008-12-31 17:43 --------- d-----w c:\users\Jasper\AppData\Roaming\mIRC
2008-12-30 10:48 --------- d-----w c:\program files\mIRC
2008-12-28 21:51 --------- d-----w c:\program files\Netlog Music Tool
2008-12-27 23:36 --------- d-----w c:\programdata\TrackMania
2008-12-23 20:30 --------- d-----w c:\programdata\KONAMI
2008-12-20 12:50 --------- d-----w c:\program files\VirtualDJ
2008-12-20 12:41 --------- d-----w c:\program files\VDJ5
2008-12-19 14:53 --------- d-----w c:\programdata\CyberLink
2008-12-18 15:53 --------- d-----w c:\program files\SEGA
2008-12-18 15:26 --------- d--h--w c:\program files\InstallShield Installation Information
2008-12-18 14:54 --------- d-----w c:\programdata\Apple Computer
2008-12-18 14:54 --------- d-----w c:\program files\Common Files\Apple
2008-12-18 14:53 --------- d-----w c:\users\Jasper\AppData\Roaming\Apple Computer
2008-12-18 14:50 --------- d-----w c:\program files\Acer Inc
2008-12-18 14:42 --------- d-----w c:\programdata\Zylom
2008-12-18 14:42 --------- d-----w c:\program files\Zylom Games
2008-12-17 12:52 --------- d-----w c:\program files\Microsoft Games
2008-12-16 11:20 --------- d-----w c:\program files\Cyanide
2008-12-15 19:56 --------- d-----w c:\users\Gast\AppData\Roaming\X5400 Series
2008-12-15 19:55 --------- d-----w c:\users\Gast\AppData\Roaming\ATI
2008-12-15 17:49 --------- d-----w c:\program files\Common Files\Adobe
2008-12-11 23:18 --------- d-----w c:\programdata\Microsoft Help
2008-12-10 19:47 --------- d-----w c:\users\Jasper\AppData\Roaming\IrfanView
2008-12-10 19:47 --------- d-----w c:\program files\IrfanView
2008-12-08 16:41 --------- d-----w c:\program files\Apple Software Update
2008-12-08 16:38 --------- d-----w c:\program files\QuickTime
2008-12-08 16:21 --------- d-----w c:\program files\Bonjour
2008-10-03 22:53 0 ----a-w c:\users\Jasper\AppData\Roaming\wklnhst.dat
2008-01-21 02:43 174 --sha-w c:\program files\desktop.ini
.

((((((((((((((((((((((((((((( snapshot@2009-02-01_16.58.35.33 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-02-02 18:53:26 6,258,688 ----a-w c:\windows\ERDNT\Hiv-backup\SCHEMA.DAT
- 2009-02-01 15:39:21 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Lo cal\lastalive0.dat
+ 2009-02-02 16:01:14 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Lo cal\lastalive0.dat
- 2009-02-01 15:39:21 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Lo cal\lastalive1.dat
+ 2009-02-02 16:01:14 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Lo cal\lastalive1.dat
- 2009-02-01 15:40:47 262,144 --sha-w c:\windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2009-02-02 17:46:48 262,144 --sha-w c:\windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2009-02-02 17:46:48 262,144 ---ha-w c:\windows\ServiceProfiles\LocalService\ntuser.dat .LOG1
- 2009-02-01 15:40:41 262,144 --sha-w c:\windows\ServiceProfiles\NetworkService\NTUSER.D AT
+ 2009-02-02 17:46:43 262,144 --sha-w c:\windows\ServiceProfiles\NetworkService\NTUSER.D AT
- 2009-02-01 15:39:22 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\L ocal\Microsoft\Windows\History\History.IE5\index.d at
+ 2009-02-02 18:01:03 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\L ocal\Microsoft\Windows\History\History.IE5\index.d at
- 2009-02-01 15:39:22 49,152 --sha-w c:\windows\System32\config\systemprofile\AppData\L ocal\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-02-02 18:01:03 49,152 --sha-w c:\windows\System32\config\systemprofile\AppData\L ocal\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-02-01 15:39:22 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\R oaming\Microsoft\Windows\Cookies\index.dat
+ 2009-02-02 18:01:03 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\R oaming\Microsoft\Windows\Cookies\index.dat
- 2008-12-09 23:24:37 17,593,280 ----a-w c:\windows\System32\mrt.exe
+ 2009-01-10 01:35:28 20,853,704 ----a-w c:\windows\System32\mrt.exe
- 2009-02-01 15:46:07 101,250 ----a-w c:\windows\System32\perfc009.dat
+ 2009-02-02 16:07:44 101,250 ----a-w c:\windows\System32\perfc009.dat
- 2009-02-01 15:46:07 126,854 ----a-w c:\windows\System32\perfc013.dat
+ 2009-02-02 16:07:44 126,854 ----a-w c:\windows\System32\perfc013.dat
- 2009-02-01 15:46:07 587,178 ----a-w c:\windows\System32\perfh009.dat
+ 2009-02-02 16:07:44 587,178 ----a-w c:\windows\System32\perfh009.dat
- 2009-02-01 15:46:07 667,352 ----a-w c:\windows\System32\perfh013.dat
+ 2009-02-02 16:07:45 667,352 ----a-w c:\windows\System32\perfh013.dat
- 2009-01-31 00:28:17 6,291,456 ----a-w c:\windows\System32\SMI\Store\Machine\SCHEMA.DAT
+ 2009-02-02 16:06:36 6,291,456 ----a-w c:\windows\System32\SMI\Store\Machine\SCHEMA.DAT
- 2009-02-01 14:16:09 11,306 ----a-w c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2400693884-4028743024-2199199145-1000_UserData.bin
+ 2009-02-02 16:03:06 11,338 ----a-w c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2400693884-4028743024-2199199145-1000_UserData.bin
- 2009-02-01 15:41:07 86,708 ----a-w c:\windows\System32\WDI\BootPerformanceDiagnostics _SystemData.bin
+ 2009-02-02 16:03:06 86,748 ----a-w c:\windows\System32\WDI\BootPerformanceDiagnostics _SystemData.bin
- 2009-02-01 15:41:06 66,322 ----a-w c:\windows\System32\WDI\ShutdownPerformanceDiagnos tics_SystemData.bin
+ 2009-02-02 16:03:04 66,370 ----a-w c:\windows\System32\WDI\ShutdownPerformanceDiagnos tics_SystemData.bin
- 2009-01-31 00:27:39 48,214,871 ----a-w c:\windows\winsxs\ManifestCache\6.0.6001.18000_001 c50b5_blobs.bin
+ 2009-02-01 19:46:04 48,261,496 ----a-w c:\windows\winsxs\ManifestCache\6.0.6001.18000_001 c50b5_blobs.bin
+ 2008-12-08 23:22:10 2,410,800 ----a-w c:\windows\winsxs\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6000.16787_none_f052600a6 e8e5046\OESpamFilter.dat
+ 2008-12-08 23:23:32 2,410,800 ----a-w c:\windows\winsxs\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6000.20972_none_f0e1cd358 7a85293\OESpamFilter.dat
+ 2008-12-09 23:54:42 2,410,800 ----a-w c:\windows\winsxs\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6001.18182_none_f2339d3e6 bb96284\OESpamFilter.dat
+ 2008-12-09 23:55:37 2,410,800 ----a-w c:\windows\winsxs\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6001.22327_none_f3031ce98 4a1d682\OESpamFilter.dat
+ 2008-12-16 03:14:37 290,304 ----a-w c:\windows\winsxs\x86_microsoft-windows-smbserver-v1_31bf3856ad364e35_6.0.6000.16789_none_d7c3afd4f9 85c7a2\srv.sys
+ 2008-12-16 03:07:02 290,816 ----a-w c:\windows\winsxs\x86_microsoft-windows-smbserver-v1_31bf3856ad364e35_6.0.6000.20976_none_d8551d9412 9dfc9d\srv.sys
+ 2008-12-16 02:42:39 288,768 ----a-w c:\windows\winsxs\x86_microsoft-windows-smbserver-v1_31bf3856ad364e35_6.0.6001.18185_none_d9a5ed52f6 aff337\srv.sys
+ 2008-12-16 01:53:56 288,768 ----a-w c:\windows\winsxs\x86_microsoft-windows-smbserver-v1_31bf3856ad364e35_6.0.6001.22331_none_da619a780f a89f17\srv.sys
.
-- Snapshot teruggezet naar huidige datum --
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))) )
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\explorer\shelliconoverlayidentifiers\eg isPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2008-01-03 01:00 39472 --a------ c:\acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-21 1233920]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2008-03-11 92704]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-03-11 8534560]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-03-11 88608]
"SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2008-01-24 102400]
"eDataSecurity Loader"="c:\acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe" [2008-02-25 518656]
"eAudio"="c:\acer\Empowering Technology\eAudio\eAudio.exe" [2007-10-10 1286144]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2007-11-22 178712]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]
"LManager"="c:\progra~1\LAUNCH~1\QtZgAcer.EXE" [2008-01-02 707080]
"PlayMovie"="c:\program files\Acer Arcade Deluxe\Play Movie\PMVService.exe" [2008-01-22 200704]
"WarReg_PopUp"="c:\program files\Acer\WR_PopUp\WarReg_PopUp.exe" [2008-01-29 303104]
"PLFSet"="c:\windows\PLFSet.dll" [2007-04-25 45056]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-10-26 136600]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-10-04 185872]
"lxdvmon.exe"="c:\program files\Lexmark X5400 Series\lxdvmon.exe" [2007-11-02 455336]
"lxdvamon"="c:\program files\Lexmark X5400 Series\lxdvamon.exe" [2007-11-02 25256]
"Lexmark X5400 Series Fax Server"="c:\program files\Lexmark X5400 Series\fm3032.exe" [2007-11-02 307880]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-11-04 413696]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-02-02 509784]
"RtHDVCpl"="RtHDVCpl.exe" [2008-01-24 c:\windows\RtHDVCpl.exe]
"Skytel"="Skytel.exe" [2008-01-24 c:\windows\SkyTel.exe]

c:\users\Jasper\AppData\Roaming\Microsoft\Windows\ Start Menu\Programs\Startup\
OpenOffice.org 3.0 .lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2008-09-12 384000]
Xfire.lnk - c:\program files\Xfire\Xfire.exe [2009-01-15 2993488]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Empowering Technology Launcher.lnk - c:\acer\Empowering Technology\eAPLauncher.exe [2008-04-16 535336]
SETAUDIO.EXE [2008-04-04 20480]
SETRES.EXE [2008-04-04 20480]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.fraunhoferacm"= l3codecp.acm
"VIDC.XFR1"= xfcodec.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKLM\~\startupfolder\C:^Users^Jasper^AppData^Roami ng^Microsoft^Windows^Start Menu^Programs^Startup^Orion.lnk]
path=c:\users\Jasper\AppData\Roaming\Microsoft\Win dows\Start Menu\Programs\Startup\Orion.lnk
backup=c:\windows\pss\Orion.lnk.Startup
backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\FirewallRules]
"{8F45E4D7-9D8D-4C4C-994E-94C28EE5AB39}"= c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\Acer Arcade Deluxe.exe:Acer Arcade Deluxe
"{E35401BB-1234-4D07-977A-9F39BC32738B}"= c:\program files\Acer Arcade Deluxe\VideoMagician\VideoMagician.exe:VideoMagici an
"{1D720274-3003-410E-9155-AC0850BF0BFE}"= c:\program files\Acer Arcade Deluxe\HomeMedia\HomeMedia.exe:HomeMedia
"{BAAFD965-C6F5-442D-B717-1CD69E7FC7BA}"= c:\program files\Acer Arcade Deluxe\DV Wizard\DV Wizard.exe:DV Wizard
"{ABF0BDD2-A747-43B4-9D97-313DF5C15A57}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{0B7A6176-AD44-46C0-9D09-E02388D0B970}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{C12C383D-6695-44AB-A566-B28FA0B12F93}"= c:\program files\Acer Arcade Deluxe\DVDivine\DVDivine.exe:DVDivine
"{5DB4BED3-551B-47E1-A648-F086EB1E5720}"= c:\program files\Acer Arcade Deluxe\Play Movie\PlayMovie.exe:Play Movie
"{4E623CE8-588F-481A-9A7E-00D05BF958B2}"= c:\program files\Acer Arcade Deluxe\Play Movie\PMVService.exe:Play Movie Resident Program
"{9F1A0F47-B48C-4ACA-AC0A-46353F22E450}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"TCP Query User{FA64F5C5-3B9B-44F1-B53E-2CCBE8A1AFB3}c:\\program files\\limewire\\limewire.exe"= UDP:c:\program files\limewire\limewire.exe:LimeWire
"UDP Query User{8FD2895D-BBD4-43C8-8388-C54F75B8F8D6}c:\\program files\\limewire\\limewire.exe"= TCP:c:\program files\limewire\limewire.exe:LimeWire
"TCP Query User{C816A7CE-B361-4E06-9DAC-19A3A6BA32E8}c:\\program files\\trackmania nations eswc\\tmnationseswc.exe"= UDP:c:\program files\trackmania nations eswc\tmnationseswc.exe:TmNationsESWC
"UDP Query User{214A5E7F-6656-48F8-9BA2-4BBBD41C4203}c:\\program files\\trackmania nations eswc\\tmnationseswc.exe"= TCP:c:\program files\trackmania nations eswc\tmnationseswc.exe:TmNationsESWC
"TCP Query User{8513F3D1-9EDD-4E22-AD9D-38DD3524860B}c:\\program files\\tmnationsforever\\tmforever.exe"= UDP:c:\program files\tmnationsforever\tmforever.exe:TmForever
"UDP Query User{011A8FCE-7F2E-460D-8C83-7BE8B252CAD0}c:\\program files\\tmnationsforever\\tmforever.exe"= TCP:c:\program files\tmnationsforever\tmforever.exe:TmForever
"TCP Query User{28FF8EE5-4F34-427C-963B-A22E32603B44}c:\\program files\\ubisoft\\xiii\\system\\xiii.exe"= UDP:c:\program files\ubisoft\xiii\system\xiii.exe:XIII
"UDP Query User{D5587DE7-A6FD-4218-9D4C-41CD41EEE89D}c:\\program files\\ubisoft\\xiii\\system\\xiii.exe"= TCP:c:\program files\ubisoft\xiii\system\xiii.exe:XIII
"TCP Query User{99D19CD8-1A0D-415C-B8CD-F06726C39218}c:\\program files\\electronic arts\\eadm\\core.exe"= UDP:c:\program files\electronic arts\eadm\core.exe:EA Download Manager
"UDP Query User{C6395B76-FE05-490F-891F-4E0438CC9933}c:\\program files\\electronic arts\\eadm\\core.exe"= TCP:c:\program files\electronic arts\eadm\core.exe:EA Download Manager
"TCP Query User{353DE465-837A-4FB8-9EED-21482435BFEE}c:\\program files\\mozilla firefox\\firefox.exe"= Disabled:UDP:c:\program files\mozilla firefox\firefox.exe:Firefox
"UDP Query User{55E802B5-A63D-4CD3-95E0-B8DC8D69CFCE}c:\\program files\\mozilla firefox\\firefox.exe"= Disabled:TCP:c:\program files\mozilla firefox\firefox.exe:Firefox
"{6E6D1873-6C88-4F9A-AC30-A24AB261A4CF}"= UDP:c:\program files\Lexmark X5400 Series\lxdvamon.exe:Lexmark Device Monitor
"{3F752BBB-1AF0-40F7-9DA6-E933B1C3454B}"= TCP:c:\program files\Lexmark X5400 Series\lxdvamon.exe:Lexmark Device Monitor
"{3D5F18E9-F784-454B-8E1E-9AB3D7CA9FCA}"= UDP:c:\program files\Lexmark X5400 Series\frun.exe:Lexmark Productivity Studio
"{497E8685-8371-4986-9B45-A6E9EB7099F9}"= TCP:c:\program files\Lexmark X5400 Series\frun.exe:Lexmark Productivity Studio
"{8916CB4A-221D-452F-B21A-25BEEA8E8C9A}"= UDP:c:\program files\Abbyy FineReader 6.0 Sprint\Scan\ScanMan6.exe:ABBYY FineReader
"{E9E19118-DC64-4A4B-B2ED-E5C69FAC2F6F}"= TCP:c:\program files\Abbyy FineReader 6.0 Sprint\Scan\ScanMan6.exe:ABBYY FineReader
"{C38C9FE4-C5E0-477A-B01E-4F33CD4DE7C6}"= UDP:c:\program files\Lexmark X5400 Series\LXDVFax.exe:Fax software
"{87C2FE4E-C980-4CBD-9F9A-A7F9D6332898}"= TCP:c:\program files\Lexmark X5400 Series\LXDVFax.exe:Fax software
"{DF36DD17-17E6-4B91-A431-30FE135DA472}"= UDP:c:\program files\Lexmark X5400 Series\lxdvmon.exe:Printer Device Monitor
"{97AFA5FD-E911-4DA8-BFC1-6C1FD0397034}"= TCP:c:\program files\Lexmark X5400 Series\lxdvmon.exe:Printer Device Monitor
"{42028776-1503-48E5-A5A2-002B059FAA95}"= UDP:c:\windows\System32\lxdvcoms.exe:Lexmark Communications System
"{D4290D29-927C-4A43-9696-050781CEF878}"= TCP:c:\windows\System32\lxdvcoms.exe:Lexmark Communications System
"{CC8B3D5F-4873-47F7-BA02-39D8DB6A9D96}"= UDP:c:\windows\System32\spool\drivers\w32x86\3\lxd vpswx.exe:Printer Status Window Interface
"{C1652A08-7B2F-4611-AA06-3EBA142DD3E2}"= TCP:c:\windows\System32\spool\drivers\w32x86\3\lxd vpswx.exe:Printer Status Window Interface
"{9AF3BA7A-7EA8-4F46-86D0-7CFC7C98F19D}"= UDP:c:\windows\System32\spool\drivers\w32x86\3\lxd vtime.exe:Lexmark Connect Time Executable
"{7A88D95B-48C6-4D9B-98BE-83AAC39DA3A8}"= TCP:c:\windows\System32\spool\drivers\w32x86\3\lxd vtime.exe:Lexmark Connect Time Executable
"{EB60D053-B853-4F20-85BB-4585D92F5BD0}"= UDP:c:\windows\System32\spool\drivers\w32x86\3\lxd vjswx.exe:Job Status Window Interface
"{F6A78C02-5512-4571-AD68-E614734A8D82}"= TCP:c:\windows\System32\spool\drivers\w32x86\3\lxd vjswx.exe:Job Status Window Interface
"TCP Query User{BF7BD75E-79A9-4120-917E-9301B476E2AD}c:\\program files\\konami\\pro evolution soccer 2009\\pes2009.exe"= UDP:c:\program files\konami\pro evolution soccer 2009\pes2009.exe:Pro Evolution Soccer 2009
"UDP Query User{BA471AB0-95B9-4A53-B523-9FD3D79332D0}c:\\program files\\konami\\pro evolution soccer 2009\\pes2009.exe"= TCP:c:\program files\konami\pro evolution soccer 2009\pes2009.exe:Pro Evolution Soccer 2009
"TCP Query User{59FC6D06-B20E-47FA-A4D9-DC119081408D}c:\\program files\\cyanide\\cycling manager 3\\cym2003.exe"= UDP:c:\program files\cyanide\cycling manager 3\cym2003.exe:CyclingManager
"UDP Query User{213528EF-3CBF-403C-A370-A0FDDE483E93}c:\\program files\\cyanide\\cycling manager 3\\cym2003.exe"= TCP:c:\program files\cyanide\cycling manager 3\cym2003.exe:CyclingManager
"{7C795F07-4E11-48D0-8E79-14A4294BBDA6}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{5A02903B-9C43-4272-B306-93E35F30C999}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"TCP Query User{47EC01A1-D784-4493-9585-3640665645F8}c:\\program files\\xfire\\xfire.exe"= UDP:c:\program files\xfire\xfire.exe:Xfire
"UDP Query User{C305619F-AFDC-4E31-A58C-1F36CA39267C}c:\\program files\\xfire\\xfire.exe"= TCP:c:\program files\xfire\xfire.exe:Xfire
"TCP Query User{6ED7A2BF-D70C-4A56-9A26-F8E8E9F290F0}c:\\program files\\america's army deploy client\\aadeployclient.exe"= UDP:c:\program files\america's army deploy client\aadeployclient.exe:AADeployClient
"UDP Query User{AB058BA0-2190-4194-8A8C-119501A2B213}c:\\program files\\america's army deploy client\\aadeployclient.exe"= TCP:c:\program files\america's army deploy client\aadeployclient.exe:AADeployClient
"TCP Query User{80E87769-CB80-4E87-AA22-DEA94576D32C}c:\\program files\\mirc\\mirc.exe"= UDP:c:\program files\mirc\mirc.exe:mIRC
"UDP Query User{9B4383B9-2918-474B-BA54-849CE2741B93}c:\\program files\\mirc\\mirc.exe"= TCP:c:\program files\mirc\mirc.exe:mIRC
"TCP Query User{EEBEE0AA-FF4A-47ED-A769-64115980DB37}c:\\program files\\america's army\\system\\armyops.exe"= UDP:c:\program files\america's army\system\armyops.exe:ArmyOps
"UDP Query User{96C26E81-2BF9-4B7D-96EF-160C1A2E37BD}c:\\program files\\america's army\\system\\armyops.exe"= TCP:c:\program files\america's army\system\armyops.exe:ArmyOps
"TCP Query User{AF99077E-7C4E-4FA8-88B1-EF5E47656868}c:\\program files\\bitlord\\bitlord.exe"= UDP:c:\program files\bitlord\bitlord.exe:BitLord
"UDP Query User{D8F8F6C6-62B6-4FEC-B392-5693C8E28618}c:\\program files\\bitlord\\bitlord.exe"= TCP:c:\program files\bitlord\bitlord.exe:BitLord
"{E32CC8A7-96EC-478A-987A-2168159509FB}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{2726878D-7A53-4BD5-AEE6-66214044A617}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{FDA90097-8149-4B32-A5B4-FD66B3BBCC68}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)

R0 Lbd;Lbd;c:\windows\System32\drivers\Lbd.sys [2009-01-31 64160]
R2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};{49DE1C67-83F8-4102-99E0-C16DCC7EEC796};c:\program files\Acer Arcade Deluxe\Play Movie\000.fcl [2008-08-26 11:01:25 41456]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2009-01-18 950096]
R2 lxdv_device;lxdv_device;c:\windows\system32\lxdvco ms.exe -service --> c:\windows\system32\lxdvcoms.exe -service [?]
R3 winbondcir;Winbond IR Transceiver;c:\windows\System32\drivers\winbondcir .sys [2008-04-16 43008]
S2 lxdvCATSCustConnectService;lxdvCATSCustConnectServ ice;c:\windows\System32\spool\drivers\w32x86\3\lxd vserv.exe [2007-10-18 98984]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\System32\drivers\b57nd60x.sys [2008-04-16 179712]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\MAGIX\Common\Database\bin\fbserver.exe [2009-01-13 1527900]

--- Andere Services/Drivers In Geheugen ---

*NewlyCreated* - AVGLDX86
*Deregistered* - AvgLdx86

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{c0b15b15-7385-11dd-b94a-806e6f6e6963}]
\shell\AutoRun\command - F:\Launch.exe

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{caa7f8be-7359-11dd-94c0-f994668757d8}]
\shell\AutoRun\command - wscript.exe .\.vbs
\shell\open\command - wscript.exe .\.vbs
.
Inhoud van de 'Gedeelde Taken' map

2009-01-31 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-02-02 18:58]
.
.
------- Bijkomende Scan -------
.
uStart Page = hxxp://nl.intl.acer.yahoo.com
mStart Page = hxxp://nl.intl.acer.yahoo.com
IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\Jasper\AppData\Roaming\Mozilla\Firefox\Pr ofiles\uog3jjgk.default\
FF - component: c:\users\Jasper\AppData\Roaming\Mozilla\Firefox\Pr ofiles\uog3jjgk.default\extensions\{7c5c0f58-e061-457d-9033-77307f5ed00c}\components\FFAlert.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npzylomgamesplayer.dll
FF - plugin: c:\programdata\Zylom\ZylomGamesPlayer\npzylomgames player.dll
.

************************************************** ************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-02 20:11:00
Windows 6.0.6001 Service Pack 1 NTFS

scannen van verborgen processen ...

scannen van verborgen autostart items ...

scannen van verborgen bestanden ...


************************************************** ************************
.
--------------------- DLLs Geladen Onder Lopende Processen ---------------------

- - - - - - - > 'Explorer.exe'(6052)
c:\program files\Xfire\xfire_toucan_35479.dll
c:\acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll
c:\acer\Empowering Technology\eDataSecurity\x86\sysenv.dll
c:\acer\Empowering Technology\EPOWER\SysHook.dll
.
Voltooingstijd: 2009-02-02 20:13:59
ComboFix-quarantined-files.txt 2009-02-02 19:12:41
ComboFix2.txt 2009-02-01 15:59:49

Pre-Run: 55.164.088.320 bytes beschikbaar
Post-Run: 54,823,710,720 bytes beschikbaar

306 --- E O F --- 2009-02-02 16:06:38

En ook daarjuist Ad-aware laten lopen en deze vond Win32TrojanQhost. En staat nu in quarantaine. Ik zal strax een nieuw hijjackthislogje plaatsen. Was dit vergeten aanmaken.

nigel555
3 februari 2009, 10:54
ComboFix 09-01-31.03 - Jasper 2009-02-02 19:53:56.2 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1043.18.3070.1730 [GMT 1:00]
Gestart vanuit: c:\users\Jasper\Desktop\ComboFix.exe
gebruikte Opdracht switches :: c:\users\Jasper\Desktop\CFScript.txt
* Nieuw herstelpunt werd aangemaakt
.

(((((((((((((((((((( Bestanden Gemaakt van 2009-01-02 to 2009-02-02 ))))))))))))))))))))))))))))))
.

2009-02-02 19:45 . 2009-02-02 19:45 108 --ah----- C:\aaw7boot.cmd
2009-02-02 17:32 . 2009-02-02 17:32 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-02-02 17:32 . 2009-01-14 16:11 38,496 --a------ c:\windows\System32\drivers\mbamswissarmy.sys
2009-02-02 17:32 . 2009-01-14 16:11 15,504 --a------ c:\windows\System32\drivers\mbam.sys
2009-02-01 20:46 . 2008-12-16 03:42 288,768 --a------ c:\windows\System32\drivers\srv.sys
2009-02-01 16:13 . 2009-02-01 16:19 <DIR> d-------- c:\users\Jasper\SmitfraudFix
2009-01-31 12:10 . 2009-02-02 19:00 15,688 --a------ c:\windows\System32\lsdelete.exe
2009-01-31 01:27 . 2009-01-31 01:27 <DIR> d-------- c:\users\All Users\Lavasoft
2009-01-31 01:27 . 2009-01-31 01:27 <DIR> d--h-c--- c:\users\All Users\{83C91755-2546-441D-AC40-9A6B4B860800}
2009-01-31 01:27 . 2009-01-31 01:27 <DIR> d-------- c:\programdata\Lavasoft
2009-01-31 01:27 . 2009-01-31 01:27 <DIR> d--h-c--- c:\programdata\{83C91755-2546-441D-AC40-9A6B4B860800}
2009-01-31 01:27 . 2009-01-31 01:27 <DIR> d-------- c:\program files\Lavasoft
2009-01-31 01:27 . 2009-01-18 22:30 64,160 --a------ c:\windows\System32\drivers\Lbd.sys
2009-01-31 00:53 . 2009-01-31 00:53 <DIR> d-------- c:\program files\Panda Security
2009-01-24 20:26 . 2009-01-24 20:49 <DIR> d-------- c:\program files\PokerStars
2009-01-24 14:39 . 2009-01-25 10:51 <DIR> d-------- c:\program files\VCLB Service BVBA
2009-01-19 20:57 . 2009-01-19 20:57 <DIR> d-------- c:\program files\BitLord
2009-01-15 09:37 . 2009-01-15 09:37 42,320 --a------ c:\windows\System32\xfcodec.dll
2009-01-14 17:37 . 2009-01-14 17:37 107,832 --a------ c:\windows\System32\PnkBstrB.exe
2009-01-14 17:37 . 2009-01-14 17:37 66,872 --a------ c:\windows\System32\PnkBstrA.exe
2009-01-14 17:37 . 2009-01-14 17:37 22,328 --a------ c:\windows\System32\drivers\PnkBstrK.sys
2009-01-13 19:47 . 2009-01-13 19:47 <DIR> d-------- c:\users\Jasper\AppData\Roaming\Malwarebytes
2009-01-13 19:47 . 2009-01-13 19:47 <DIR> d-------- c:\users\All Users\Malwarebytes
2009-01-13 19:47 . 2009-01-13 19:47 <DIR> d-------- c:\programdata\Malwarebytes
2009-01-13 19:04 . 2009-01-13 19:04 <DIR> d-------- c:\users\Jasper\AppData\Roaming\MAGIX
2009-01-13 19:01 . 2009-01-13 19:03 <DIR> d-------- c:\users\All Users\MAGIX
2009-01-13 19:01 . 2009-01-13 19:03 <DIR> d-------- c:\programdata\MAGIX
2009-01-13 19:01 . 2009-01-13 19:03 <DIR> d-------- c:\program files\MAGIX
2009-01-13 19:01 . 2007-04-27 10:43 120,200 --a------ c:\windows\System32\DLLDEV32i.dll
2009-01-13 19:00 . 2009-01-13 20:37 <DIR> d-------- c:\windows\System32\MAGIX
2009-01-13 19:00 . 2008-04-15 16:14 700,416 --a------ c:\windows\System32\mgxoschk.dll
2009-01-13 19:00 . 2009-01-13 20:37 5,937 --a------ c:\windows\mgxoschk.ini
2009-01-12 17:12 . 2009-01-12 18:44 <DIR> d-------- c:\program files\America's Army Server Manager
2009-01-12 16:56 . 2009-01-12 17:11 <DIR> d-------- c:\program files\America's Army
2009-01-11 13:20 . 2009-01-12 17:11 <DIR> d-------- c:\program files\America's Army Deploy Client

.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2009-02-02 17:46 --------- d-----w c:\programdata\avg8
2009-02-02 16:06 --------- d-----w c:\program files\Windows Mail
2009-02-01 15:25 --------- d-----w c:\users\Jasper\AppData\Roaming\Xfire
2009-01-31 15:58 --------- d-----w c:\users\Jasper\AppData\Roaming\LimeWire
2009-01-30 09:30 --------- d-----w c:\programdata\Xfire
2009-01-27 22:01 --------- d-----w c:\programdata\Lx_cats
2009-01-24 19:01 --------- d-----w c:\program files\PKR
2009-01-21 18:32 --------- d-----w c:\program files\Xfire
2009-01-11 12:20 --------- d-----w c:\programdata\America's Army Deploy Client
2008-12-31 17:43 --------- d-----w c:\users\Jasper\AppData\Roaming\mIRC
2008-12-30 10:48 --------- d-----w c:\program files\mIRC
2008-12-28 21:51 --------- d-----w c:\program files\Netlog Music Tool
2008-12-27 23:36 --------- d-----w c:\programdata\TrackMania
2008-12-23 20:30 --------- d-----w c:\programdata\KONAMI
2008-12-20 12:50 --------- d-----w c:\program files\VirtualDJ
2008-12-20 12:41 --------- d-----w c:\program files\VDJ5
2008-12-19 14:53 --------- d-----w c:\programdata\CyberLink
2008-12-18 15:53 --------- d-----w c:\program files\SEGA
2008-12-18 15:26 --------- d--h--w c:\program files\InstallShield Installation Information
2008-12-18 14:54 --------- d-----w c:\programdata\Apple Computer
2008-12-18 14:54 --------- d-----w c:\program files\Common Files\Apple
2008-12-18 14:53 --------- d-----w c:\users\Jasper\AppData\Roaming\Apple Computer
2008-12-18 14:50 --------- d-----w c:\program files\Acer Inc
2008-12-18 14:42 --------- d-----w c:\programdata\Zylom
2008-12-18 14:42 --------- d-----w c:\program files\Zylom Games
2008-12-17 12:52 --------- d-----w c:\program files\Microsoft Games
2008-12-16 11:20 --------- d-----w c:\program files\Cyanide
2008-12-15 19:56 --------- d-----w c:\users\Gast\AppData\Roaming\X5400 Series
2008-12-15 19:55 --------- d-----w c:\users\Gast\AppData\Roaming\ATI
2008-12-15 17:49 --------- d-----w c:\program files\Common Files\Adobe
2008-12-11 23:18 --------- d-----w c:\programdata\Microsoft Help
2008-12-10 19:47 --------- d-----w c:\users\Jasper\AppData\Roaming\IrfanView
2008-12-10 19:47 --------- d-----w c:\program files\IrfanView
2008-12-08 16:41 --------- d-----w c:\program files\Apple Software Update
2008-12-08 16:38 --------- d-----w c:\program files\QuickTime
2008-12-08 16:21 --------- d-----w c:\program files\Bonjour
2008-10-03 22:53 0 ----a-w c:\users\Jasper\AppData\Roaming\wklnhst.dat
2008-01-21 02:43 174 --sha-w c:\program files\desktop.ini
.

((((((((((((((((((((((((((((( snapshot@2009-02-01_16.58.35.33 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-02-02 18:53:26 6,258,688 ----a-w c:\windows\ERDNT\Hiv-backup\SCHEMA.DAT
- 2009-02-01 15:39:21 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Lo cal\lastalive0.dat
+ 2009-02-02 16:01:14 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Lo cal\lastalive0.dat
- 2009-02-01 15:39:21 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Lo cal\lastalive1.dat
+ 2009-02-02 16:01:14 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Lo cal\lastalive1.dat
- 2009-02-01 15:40:47 262,144 --sha-w c:\windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2009-02-02 17:46:48 262,144 --sha-w c:\windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2009-02-02 17:46:48 262,144 ---ha-w c:\windows\ServiceProfiles\LocalService\ntuser.dat .LOG1
- 2009-02-01 15:40:41 262,144 --sha-w c:\windows\ServiceProfiles\NetworkService\NTUSER.D AT
+ 2009-02-02 17:46:43 262,144 --sha-w c:\windows\ServiceProfiles\NetworkService\NTUSER.D AT
- 2009-02-01 15:39:22 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\L ocal\Microsoft\Windows\History\History.IE5\index.d at
+ 2009-02-02 18:01:03 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\L ocal\Microsoft\Windows\History\History.IE5\index.d at
- 2009-02-01 15:39:22 49,152 --sha-w c:\windows\System32\config\systemprofile\AppData\L ocal\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-02-02 18:01:03 49,152 --sha-w c:\windows\System32\config\systemprofile\AppData\L ocal\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-02-01 15:39:22 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\R oaming\Microsoft\Windows\Cookies\index.dat
+ 2009-02-02 18:01:03 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\R oaming\Microsoft\Windows\Cookies\index.dat
- 2008-12-09 23:24:37 17,593,280 ----a-w c:\windows\System32\mrt.exe
+ 2009-01-10 01:35:28 20,853,704 ----a-w c:\windows\System32\mrt.exe
- 2009-02-01 15:46:07 101,250 ----a-w c:\windows\System32\perfc009.dat
+ 2009-02-02 16:07:44 101,250 ----a-w c:\windows\System32\perfc009.dat
- 2009-02-01 15:46:07 126,854 ----a-w c:\windows\System32\perfc013.dat
+ 2009-02-02 16:07:44 126,854 ----a-w c:\windows\System32\perfc013.dat
- 2009-02-01 15:46:07 587,178 ----a-w c:\windows\System32\perfh009.dat
+ 2009-02-02 16:07:44 587,178 ----a-w c:\windows\System32\perfh009.dat
- 2009-02-01 15:46:07 667,352 ----a-w c:\windows\System32\perfh013.dat
+ 2009-02-02 16:07:45 667,352 ----a-w c:\windows\System32\perfh013.dat
- 2009-01-31 00:28:17 6,291,456 ----a-w c:\windows\System32\SMI\Store\Machine\SCHEMA.DAT
+ 2009-02-02 16:06:36 6,291,456 ----a-w c:\windows\System32\SMI\Store\Machine\SCHEMA.DAT
- 2009-02-01 14:16:09 11,306 ----a-w c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2400693884-4028743024-2199199145-1000_UserData.bin
+ 2009-02-02 16:03:06 11,338 ----a-w c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2400693884-4028743024-2199199145-1000_UserData.bin
- 2009-02-01 15:41:07 86,708 ----a-w c:\windows\System32\WDI\BootPerformanceDiagnostics _SystemData.bin
+ 2009-02-02 16:03:06 86,748 ----a-w c:\windows\System32\WDI\BootPerformanceDiagnostics _SystemData.bin
- 2009-02-01 15:41:06 66,322 ----a-w c:\windows\System32\WDI\ShutdownPerformanceDiagnos tics_SystemData.bin
+ 2009-02-02 16:03:04 66,370 ----a-w c:\windows\System32\WDI\ShutdownPerformanceDiagnos tics_SystemData.bin
- 2009-01-31 00:27:39 48,214,871 ----a-w c:\windows\winsxs\ManifestCache\6.0.6001.18000_001 c50b5_blobs.bin
+ 2009-02-01 19:46:04 48,261,496 ----a-w c:\windows\winsxs\ManifestCache\6.0.6001.18000_001 c50b5_blobs.bin
+ 2008-12-08 23:22:10 2,410,800 ----a-w c:\windows\winsxs\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6000.16787_none_f052600a6 e8e5046\OESpamFilter.dat
+ 2008-12-08 23:23:32 2,410,800 ----a-w c:\windows\winsxs\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6000.20972_none_f0e1cd358 7a85293\OESpamFilter.dat
+ 2008-12-09 23:54:42 2,410,800 ----a-w c:\windows\winsxs\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6001.18182_none_f2339d3e6 bb96284\OESpamFilter.dat
+ 2008-12-09 23:55:37 2,410,800 ----a-w c:\windows\winsxs\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6001.22327_none_f3031ce98 4a1d682\OESpamFilter.dat
+ 2008-12-16 03:14:37 290,304 ----a-w c:\windows\winsxs\x86_microsoft-windows-smbserver-v1_31bf3856ad364e35_6.0.6000.16789_none_d7c3afd4f9 85c7a2\srv.sys
+ 2008-12-16 03:07:02 290,816 ----a-w c:\windows\winsxs\x86_microsoft-windows-smbserver-v1_31bf3856ad364e35_6.0.6000.20976_none_d8551d9412 9dfc9d\srv.sys
+ 2008-12-16 02:42:39 288,768 ----a-w c:\windows\winsxs\x86_microsoft-windows-smbserver-v1_31bf3856ad364e35_6.0.6001.18185_none_d9a5ed52f6 aff337\srv.sys
+ 2008-12-16 01:53:56 288,768 ----a-w c:\windows\winsxs\x86_microsoft-windows-smbserver-v1_31bf3856ad364e35_6.0.6001.22331_none_da619a780f a89f17\srv.sys
.
-- Snapshot teruggezet naar huidige datum --
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))) )
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\explorer\shelliconoverlayidentifiers\eg isPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2008-01-03 01:00 39472 --a------ c:\acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-21 1233920]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2008-03-11 92704]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-03-11 8534560]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-03-11 88608]
"SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2008-01-24 102400]
"eDataSecurity Loader"="c:\acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe" [2008-02-25 518656]
"eAudio"="c:\acer\Empowering Technology\eAudio\eAudio.exe" [2007-10-10 1286144]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2007-11-22 178712]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]
"LManager"="c:\progra~1\LAUNCH~1\QtZgAcer.EXE" [2008-01-02 707080]
"PlayMovie"="c:\program files\Acer Arcade Deluxe\Play Movie\PMVService.exe" [2008-01-22 200704]
"WarReg_PopUp"="c:\program files\Acer\WR_PopUp\WarReg_PopUp.exe" [2008-01-29 303104]
"PLFSet"="c:\windows\PLFSet.dll" [2007-04-25 45056]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-10-26 136600]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-10-04 185872]
"lxdvmon.exe"="c:\program files\Lexmark X5400 Series\lxdvmon.exe" [2007-11-02 455336]
"lxdvamon"="c:\program files\Lexmark X5400 Series\lxdvamon.exe" [2007-11-02 25256]
"Lexmark X5400 Series Fax Server"="c:\program files\Lexmark X5400 Series\fm3032.exe" [2007-11-02 307880]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-11-04 413696]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-02-02 509784]
"RtHDVCpl"="RtHDVCpl.exe" [2008-01-24 c:\windows\RtHDVCpl.exe]
"Skytel"="Skytel.exe" [2008-01-24 c:\windows\SkyTel.exe]

c:\users\Jasper\AppData\Roaming\Microsoft\Windows\ Start Menu\Programs\Startup\
OpenOffice.org 3.0 .lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2008-09-12 384000]
Xfire.lnk - c:\program files\Xfire\Xfire.exe [2009-01-15 2993488]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Empowering Technology Launcher.lnk - c:\acer\Empowering Technology\eAPLauncher.exe [2008-04-16 535336]
SETAUDIO.EXE [2008-04-04 20480]
SETRES.EXE [2008-04-04 20480]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.fraunhoferacm"= l3codecp.acm
"VIDC.XFR1"= xfcodec.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKLM\~\startupfolder\C:^Users^Jasper^AppData^Roami ng^Microsoft^Windows^Start Menu^Programs^Startup^Orion.lnk]
path=c:\users\Jasper\AppData\Roaming\Microsoft\Win dows\Start Menu\Programs\Startup\Orion.lnk
backup=c:\windows\pss\Orion.lnk.Startup
backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\FirewallRules]
"{8F45E4D7-9D8D-4C4C-994E-94C28EE5AB39}"= c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\Acer Arcade Deluxe.exe:Acer Arcade Deluxe
"{E35401BB-1234-4D07-977A-9F39BC32738B}"= c:\program files\Acer Arcade Deluxe\VideoMagician\VideoMagician.exe:VideoMagici an
"{1D720274-3003-410E-9155-AC0850BF0BFE}"= c:\program files\Acer Arcade Deluxe\HomeMedia\HomeMedia.exe:HomeMedia
"{BAAFD965-C6F5-442D-B717-1CD69E7FC7BA}"= c:\program files\Acer Arcade Deluxe\DV Wizard\DV Wizard.exe:DV Wizard
"{ABF0BDD2-A747-43B4-9D97-313DF5C15A57}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{0B7A6176-AD44-46C0-9D09-E02388D0B970}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{C12C383D-6695-44AB-A566-B28FA0B12F93}"= c:\program files\Acer Arcade Deluxe\DVDivine\DVDivine.exe:DVDivine
"{5DB4BED3-551B-47E1-A648-F086EB1E5720}"= c:\program files\Acer Arcade Deluxe\Play Movie\PlayMovie.exe:Play Movie
"{4E623CE8-588F-481A-9A7E-00D05BF958B2}"= c:\program files\Acer Arcade Deluxe\Play Movie\PMVService.exe:Play Movie Resident Program
"{9F1A0F47-B48C-4ACA-AC0A-46353F22E450}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"TCP Query User{FA64F5C5-3B9B-44F1-B53E-2CCBE8A1AFB3}c:\\program files\\limewire\\limewire.exe"= UDP:c:\program files\limewire\limewire.exe:LimeWire
"UDP Query User{8FD2895D-BBD4-43C8-8388-C54F75B8F8D6}c:\\program files\\limewire\\limewire.exe"= TCP:c:\program files\limewire\limewire.exe:LimeWire
"TCP Query User{C816A7CE-B361-4E06-9DAC-19A3A6BA32E8}c:\\program files\\trackmania nations eswc\\tmnationseswc.exe"= UDP:c:\program files\trackmania nations eswc\tmnationseswc.exe:TmNationsESWC
"UDP Query User{214A5E7F-6656-48F8-9BA2-4BBBD41C4203}c:\\program files\\trackmania nations eswc\\tmnationseswc.exe"= TCP:c:\program files\trackmania nations eswc\tmnationseswc.exe:TmNationsESWC
"TCP Query User{8513F3D1-9EDD-4E22-AD9D-38DD3524860B}c:\\program files\\tmnationsforever\\tmforever.exe"= UDP:c:\program files\tmnationsforever\tmforever.exe:TmForever
"UDP Query User{011A8FCE-7F2E-460D-8C83-7BE8B252CAD0}c:\\program files\\tmnationsforever\\tmforever.exe"= TCP:c:\program files\tmnationsforever\tmforever.exe:TmForever
"TCP Query User{28FF8EE5-4F34-427C-963B-A22E32603B44}c:\\program files\\ubisoft\\xiii\\system\\xiii.exe"= UDP:c:\program files\ubisoft\xiii\system\xiii.exe:XIII
"UDP Query User{D5587DE7-A6FD-4218-9D4C-41CD41EEE89D}c:\\program files\\ubisoft\\xiii\\system\\xiii.exe"= TCP:c:\program files\ubisoft\xiii\system\xiii.exe:XIII
"TCP Query User{99D19CD8-1A0D-415C-B8CD-F06726C39218}c:\\program files\\electronic arts\\eadm\\core.exe"= UDP:c:\program files\electronic arts\eadm\core.exe:EA Download Manager
"UDP Query User{C6395B76-FE05-490F-891F-4E0438CC9933}c:\\program files\\electronic arts\\eadm\\core.exe"= TCP:c:\program files\electronic arts\eadm\core.exe:EA Download Manager
"TCP Query User{353DE465-837A-4FB8-9EED-21482435BFEE}c:\\program files\\mozilla firefox\\firefox.exe"= Disabled:UDP:c:\program files\mozilla firefox\firefox.exe:Firefox
"UDP Query User{55E802B5-A63D-4CD3-95E0-B8DC8D69CFCE}c:\\program files\\mozilla firefox\\firefox.exe"= Disabled:TCP:c:\program files\mozilla firefox\firefox.exe:Firefox
"{6E6D1873-6C88-4F9A-AC30-A24AB261A4CF}"= UDP:c:\program files\Lexmark X5400 Series\lxdvamon.exe:Lexmark Device Monitor
"{3F752BBB-1AF0-40F7-9DA6-E933B1C3454B}"= TCP:c:\program files\Lexmark X5400 Series\lxdvamon.exe:Lexmark Device Monitor
"{3D5F18E9-F784-454B-8E1E-9AB3D7CA9FCA}"= UDP:c:\program files\Lexmark X5400 Series\frun.exe:Lexmark Productivity Studio
"{497E8685-8371-4986-9B45-A6E9EB7099F9}"= TCP:c:\program files\Lexmark X5400 Series\frun.exe:Lexmark Productivity Studio
"{8916CB4A-221D-452F-B21A-25BEEA8E8C9A}"= UDP:c:\program files\Abbyy FineReader 6.0 Sprint\Scan\ScanMan6.exe:ABBYY FineReader
"{E9E19118-DC64-4A4B-B2ED-E5C69FAC2F6F}"= TCP:c:\program files\Abbyy FineReader 6.0 Sprint\Scan\ScanMan6.exe:ABBYY FineReader
"{C38C9FE4-C5E0-477A-B01E-4F33CD4DE7C6}"= UDP:c:\program files\Lexmark X5400 Series\LXDVFax.exe:Fax software
"{87C2FE4E-C980-4CBD-9F9A-A7F9D6332898}"= TCP:c:\program files\Lexmark X5400 Series\LXDVFax.exe:Fax software
"{DF36DD17-17E6-4B91-A431-30FE135DA472}"= UDP:c:\program files\Lexmark X5400 Series\lxdvmon.exe:Printer Device Monitor
"{97AFA5FD-E911-4DA8-BFC1-6C1FD0397034}"= TCP:c:\program files\Lexmark X5400 Series\lxdvmon.exe:Printer Device Monitor
"{42028776-1503-48E5-A5A2-002B059FAA95}"= UDP:c:\windows\System32\lxdvcoms.exe:Lexmark Communications System
"{D4290D29-927C-4A43-9696-050781CEF878}"= TCP:c:\windows\System32\lxdvcoms.exe:Lexmark Communications System
"{CC8B3D5F-4873-47F7-BA02-39D8DB6A9D96}"= UDP:c:\windows\System32\spool\drivers\w32x86\3\lxd vpswx.exe:Printer Status Window Interface
"{C1652A08-7B2F-4611-AA06-3EBA142DD3E2}"= TCP:c:\windows\System32\spool\drivers\w32x86\3\lxd vpswx.exe:Printer Status Window Interface
"{9AF3BA7A-7EA8-4F46-86D0-7CFC7C98F19D}"= UDP:c:\windows\System32\spool\drivers\w32x86\3\lxd vtime.exe:Lexmark Connect Time Executable
"{7A88D95B-48C6-4D9B-98BE-83AAC39DA3A8}"= TCP:c:\windows\System32\spool\drivers\w32x86\3\lxd vtime.exe:Lexmark Connect Time Executable
"{EB60D053-B853-4F20-85BB-4585D92F5BD0}"= UDP:c:\windows\System32\spool\drivers\w32x86\3\lxd vjswx.exe:Job Status Window Interface
"{F6A78C02-5512-4571-AD68-E614734A8D82}"= TCP:c:\windows\System32\spool\drivers\w32x86\3\lxd vjswx.exe:Job Status Window Interface
"TCP Query User{BF7BD75E-79A9-4120-917E-9301B476E2AD}c:\\program files\\konami\\pro evolution soccer 2009\\pes2009.exe"= UDP:c:\program files\konami\pro evolution soccer 2009\pes2009.exe:Pro Evolution Soccer 2009
"UDP Query User{BA471AB0-95B9-4A53-B523-9FD3D79332D0}c:\\program files\\konami\\pro evolution soccer 2009\\pes2009.exe"= TCP:c:\program files\konami\pro evolution soccer 2009\pes2009.exe:Pro Evolution Soccer 2009
"TCP Query User{59FC6D06-B20E-47FA-A4D9-DC119081408D}c:\\program files\\cyanide\\cycling manager 3\\cym2003.exe"= UDP:c:\program files\cyanide\cycling manager 3\cym2003.exe:CyclingManager
"UDP Query User{213528EF-3CBF-403C-A370-A0FDDE483E93}c:\\program files\\cyanide\\cycling manager 3\\cym2003.exe"= TCP:c:\program files\cyanide\cycling manager 3\cym2003.exe:CyclingManager
"{7C795F07-4E11-48D0-8E79-14A4294BBDA6}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{5A02903B-9C43-4272-B306-93E35F30C999}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"TCP Query User{47EC01A1-D784-4493-9585-3640665645F8}c:\\program files\\xfire\\xfire.exe"= UDP:c:\program files\xfire\xfire.exe:Xfire
"UDP Query User{C305619F-AFDC-4E31-A58C-1F36CA39267C}c:\\program files\\xfire\\xfire.exe"= TCP:c:\program files\xfire\xfire.exe:Xfire
"TCP Query User{6ED7A2BF-D70C-4A56-9A26-F8E8E9F290F0}c:\\program files\\america's army deploy client\\aadeployclient.exe"= UDP:c:\program files\america's army deploy client\aadeployclient.exe:AADeployClient
"UDP Query User{AB058BA0-2190-4194-8A8C-119501A2B213}c:\\program files\\america's army deploy client\\aadeployclient.exe"= TCP:c:\program files\america's army deploy client\aadeployclient.exe:AADeployClient
"TCP Query User{80E87769-CB80-4E87-AA22-DEA94576D32C}c:\\program files\\mirc\\mirc.exe"= UDP:c:\program files\mirc\mirc.exe:mIRC
"UDP Query User{9B4383B9-2918-474B-BA54-849CE2741B93}c:\\program files\\mirc\\mirc.exe"= TCP:c:\program files\mirc\mirc.exe:mIRC
"TCP Query User{EEBEE0AA-FF4A-47ED-A769-64115980DB37}c:\\program files\\america's army\\system\\armyops.exe"= UDP:c:\program files\america's army\system\armyops.exe:ArmyOps
"UDP Query User{96C26E81-2BF9-4B7D-96EF-160C1A2E37BD}c:\\program files\\america's army\\system\\armyops.exe"= TCP:c:\program files\america's army\system\armyops.exe:ArmyOps
"TCP Query User{AF99077E-7C4E-4FA8-88B1-EF5E47656868}c:\\program files\\bitlord\\bitlord.exe"= UDP:c:\program files\bitlord\bitlord.exe:BitLord
"UDP Query User{D8F8F6C6-62B6-4FEC-B392-5693C8E28618}c:\\program files\\bitlord\\bitlord.exe"= TCP:c:\program files\bitlord\bitlord.exe:BitLord
"{E32CC8A7-96EC-478A-987A-2168159509FB}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{2726878D-7A53-4BD5-AEE6-66214044A617}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{FDA90097-8149-4B32-A5B4-FD66B3BBCC68}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)

R0 Lbd;Lbd;c:\windows\System32\drivers\Lbd.sys [2009-01-31 64160]
R2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};{49DE1C67-83F8-4102-99E0-C16DCC7EEC796};c:\program files\Acer Arcade Deluxe\Play Movie\000.fcl [2008-08-26 11:01:25 41456]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2009-01-18 950096]
R2 lxdv_device;lxdv_device;c:\windows\system32\lxdvco ms.exe -service --> c:\windows\system32\lxdvcoms.exe -service [?]
R3 winbondcir;Winbond IR Transceiver;c:\windows\System32\drivers\winbondcir .sys [2008-04-16 43008]
S2 lxdvCATSCustConnectService;lxdvCATSCustConnectServ ice;c:\windows\System32\spool\drivers\w32x86\3\lxd vserv.exe [2007-10-18 98984]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\System32\drivers\b57nd60x.sys [2008-04-16 179712]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\MAGIX\Common\Database\bin\fbserver.exe [2009-01-13 1527900]

--- Andere Services/Drivers In Geheugen ---

*NewlyCreated* - AVGLDX86
*Deregistered* - AvgLdx86

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{c0b15b15-7385-11dd-b94a-806e6f6e6963}]
\shell\AutoRun\command - F:\Launch.exe

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{caa7f8be-7359-11dd-94c0-f994668757d8}]
\shell\AutoRun\command - wscript.exe .\.vbs
\shell\open\command - wscript.exe .\.vbs
.
Inhoud van de 'Gedeelde Taken' map

2009-01-31 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-02-02 18:58]
.
.
------- Bijkomende Scan -------
.
uStart Page = hxxp://nl.intl.acer.yahoo.com
mStart Page = hxxp://nl.intl.acer.yahoo.com
IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\Jasper\AppData\Roaming\Mozilla\Firefox\Pr ofiles\uog3jjgk.default\
FF - component: c:\users\Jasper\AppData\Roaming\Mozilla\Firefox\Pr ofiles\uog3jjgk.default\extensions\{7c5c0f58-e061-457d-9033-77307f5ed00c}\components\FFAlert.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npzylomgamesplayer.dll
FF - plugin: c:\programdata\Zylom\ZylomGamesPlayer\npzylomgames player.dll
.

************************************************** ************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-02 20:11:00
Windows 6.0.6001 Service Pack 1 NTFS

scannen van verborgen processen ...

scannen van verborgen autostart items ...

scannen van verborgen bestanden ...


************************************************** ************************
.
--------------------- DLLs Geladen Onder Lopende Processen ---------------------

- - - - - - - > 'Explorer.exe'(6052)
c:\program files\Xfire\xfire_toucan_35479.dll
c:\acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll
c:\acer\Empowering Technology\eDataSecurity\x86\sysenv.dll
c:\acer\Empowering Technology\EPOWER\SysHook.dll
.
Voltooingstijd: 2009-02-02 20:13:59
ComboFix-quarantined-files.txt 2009-02-02 19:12:41
ComboFix2.txt 2009-02-01 15:59:49

Pre-Run: 55.164.088.320 bytes beschikbaar
Post-Run: 54,823,710,720 bytes beschikbaar

306 --- E O F --- 2009-02-02 16:06:38

En ook daarjuist Ad-aware laten lopen en deze vond Win32TrojanQhost. En staat nu in quarantaine. Ik zal strax een nieuw hijjackthislogje plaatsen. Was dit vergeten aanmaken.

nigel555
4 februari 2009, 10:17
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:54:32, on 3/02/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPStart.exe
C:\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
C:\Acer\Empowering Technology\eAudio\eAudio.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Launch Manager\QtZgAcer.EXE
C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Lexmark X5400 Series\lxdvmon.exe
C:\Program Files\Lexmark X5400 Series\lxdvamon.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Users\Jasper\AppData\Local\Temp\RtkBtMnt.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\Xfire\Xfire.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Acer\Empowering Technology\ENET\ENMTRAY.EXE
C:\Acer\Empowering Technology\EPOWER\EPOWER_DMC.EXE
C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EX E
C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
C:\Program Files\Xfire\Xfire.exe
C:\Program Files\Last.fm\LastFM.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Users\Jasper\Downloads\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Yahoo! UK & Ireland (http://nl.intl.acer.yahoo.com)
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com (http://go.microsoft.com/fwlink/?LinkId=69157)
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search (http://go.microsoft.com/fwlink/?LinkId=54896)
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search (http://go.microsoft.com/fwlink/?LinkId=54896)
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Yahoo! UK & Ireland (http://nl.intl.acer.yahoo.com)
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll
O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe
O4 - HKLM\..\Run: [eAudio] "C:\Acer\Empowering Technology\eAudio\eAudio.exe"
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE
O4 - HKLM\..\Run: [PlayMovie] "C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe"
O4 - HKLM\..\Run: [WarReg_PopUp] C:\Program Files\Acer\WR_PopUp\WarReg_PopUp.exe
O4 - HKLM\..\Run: [PLFSet] rundll32.exe C:\Windows\PLFSet.dll,PLFDefSetting
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [lxdvmon.exe] "C:\Program Files\Lexmark X5400 Series\lxdvmon.exe"
O4 - HKLM\..\Run: [lxdvamon] "C:\Program Files\Lexmark X5400 Series\lxdvamon.exe"
O4 - HKLM\..\Run: [Lexmark X5400 Series Fax Server] "C:\Program Files\Lexmark X5400 Series\fm3032.exe" /s
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - Startup: OpenOffice.org 3.0 .lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\Xfire.exe
O4 - Global Startup: Empowering Technology Launcher.lnk = ?
O4 - Global Startup: SETAUDIO.EXE
O4 - Global Startup: SETRES.EXE
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Mobiel Apple apparaat (Apple Mobile Device) - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\Windows\system32\CTsvcCDA.exe
O23 - Service: eDataSecurity Service - Egis Incorporated - C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
O23 - Service: eLock Service (eLockService) - Acer Inc. - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
O23 - Service: eNet Service - Acer Inc. - C:\Acer\Empowering Technology\eNet\eNet Service.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: lxdvCATSCustConnectService - Lexmark International, Inc. - C:\Windows\system32\spool\DRIVERS\W32X86\3\\lxdvse rv.exe
O23 - Service: lxdv_device - - C:\Windows\system32\lxdvcoms.exe
O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: ePower Service (WMIService) - acer - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 9463 bytes

Juisterr
4 februari 2009, 13:43
Sorry dak mensen wil helpen?:confused:

worden toch al geholpen of zie ik dat verkeerd.

Juisterr
4 februari 2009, 13:47
Klik met de rechtermuis op het programma Hijackthis en Kies voor uitvoeren als administrator en dan
'Do a system scan only'
Selecteer alleen de items die hieronder zijn genoemd:

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (file missing)




Sluit alle vensters behalve Hijackthis
Klik op 'Fix checked' om de items te verwijderen.

voor de rest goed, nog ergens last van ?

nigel555
4 februari 2009, 16:06
oke bedankt :)
en voor de rest geen last meer :)
alles werkt en ziet er goed uit :D

Hartelijk dank :)