Vraag & Antwoord

Beveiliging & privacy

hijackthis logje

Anoniem
None
32 antwoorden
  • ik heb last van askbar en ik heb het geprobeerd te verwijderen maar het komt telkens terug, verder wil ik me systeem laten checken op virussen, malware en spyware, omdat ik een systeemherstelpunt wil maken dat virus vrij is.

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 12:49:10 PM, on 10/5/2009
    Platform: Windows Vista SP1 (WinNT 6.00.1905)
    MSIE: Internet Explorer v8.00 (8.00.6001.18813)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Windows\system32\taskeng.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\LG Software\LG OSD\HotKey.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Program Files\LG Software\LG Magnifier\MagnifyingGlass.exe
    C:\Program Files\lg_swupdate\GiljabiStart.exe
    C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
    C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
    C:\Windows\System32\rundll32.exe
    C:\Windows\System32\wpcumi.exe
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
    C:\Program Files\LG Software\LG Magnifier\Maglev.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Windows\system32\wuauclt.exe
    C:\Program Files\windows sidebar\gadgets\LGSmartI.Gadget\plugins\LGSmartI.exe
    C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
    C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.lge.com
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.lge.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.lge.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.lge.com
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O1 - Hosts: ::1 localhost
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
    O2 - BHO: XML module - {500BCA15-57A7-4eaf-8143-8C619470B13D} - (no file)
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
    O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll
    O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
    O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
    O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
    O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [zOSD] C:\Program Files\LG Software\LG OSD\HotKey.exe
    O4 - HKLM\..\Run: [KeybdUtility] C:\Program Files\LG Software\LG OSD\HotKey.exe
    O4 - HKLM\..\Run: [LG Magnifier] %ProgramFiles%\LG Software\LG Magnifier\MagnifyingGlass.exe
    O4 - HKLM\..\Run: [LGSR_Menu] "C:\Program Files\LG Software\LG Smart Recovery\MUITransfer\MUIStartMenu.exe" "C:\Program Files\LG Software\LG Smart Recovery" UpdateWithCreateOnce Software\CyberLink\PowerRecover
    O4 - HKLM\..\Run: [LG Intelligent Update] "C:\Program Files\lg_swupdate\giljabistart.exe" Gilautouc
    O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
    O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
    O4 - HKLM\..\Run: [IaNvSrv] C:\Program Files\Intel\Intel Matrix Storage Manager\OROM\IaNvSrv\IaNvSrv.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [UCam_Menu] "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\2.0"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [WPCUMI] C:\Windows\system32\WpcUmi.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
    O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
    O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
    O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
    O4 - Global Startup: Bluetooth.lnk = ?
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O8 - Extra context menu item: Send image to &Bluetooth Device… - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
    O8 - Extra context menu item: Send page to &Bluetooth Device… - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe (file missing)
    O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe (file missing)
    O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
    O13 - Gopher Prefix:
    O17 - HKLM\System\CCS\Services\Tcpip\..\{640D2B37-D923-4A58-9E16-C45D498929C7}: Domain = flits.rug.nl
    O17 - HKLM\System\CCS\Services\Tcpip\..\{640D2B37-D923-4A58-9E16-C45D498929C7}: NameServer = 129.125.36.9,129.125.4.13
    O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: ASKService - Unknown owner - C:\Program Files\AskBarDis\bar\bin\AskService.exe
    O23 - Service: ASKUpgrade - Unknown owner - C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
    O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
    O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
    O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
    O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
    O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
    O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe


    End of file - 11232 bytes


    alvast hartstikke bedankt!

    Groetjes Niels
  • Hallo Nacho,

    dat Ask-toolbarprobleem: ga naar C:\Program Files en verwijder daar handmatig de map [b:a1ef4039f5]AskBarDis[/b:a1ef4039f5] - maar eerst schakel je via Taakbeheer [b:a1ef4039f5]askBar.dll, AskService.exe en de ASKUpgrade.exe[/b:a1ef4039f5] uit!


    Start HijackThis opnieuw en kies voor [b:a1ef4039f5]Scan only[/b:a1ef4039f5], nadat je een vinkje hebt gezet voor de met de onderstaand corresponderende regels, klik je vervolgens op de knop [b:a1ef4039f5]Fix checked[/b:a1ef4039f5]:

    O2 - BHO: XML module - {500BCA15-57A7-4eaf-8143-8C619470B13D} - (no file)
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
    O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe (file missing)
    O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe (file missing)



    Doe tevens het volgende: download, installeer en blijf [b:a1ef4039f5]MBAM[/b:a1ef4039f5] gebruiken.
    Al meteen na de installatie wil [b:a1ef4039f5]MBAM[/b:a1ef4039f5] zijn database opwaarderen – toestaan dus.
    Ook bij herhaald gebruik: eerst de tab [b:a1ef4039f5]Update[/b:a1ef4039f5] aandoen!

    [b:a1ef4039f5]Download MBAM[/b:a1ef4039f5] (klik)

    Start [b:a1ef4039f5]MBAM[/b:a1ef4039f5] en kies voor [b:a1ef4039f5]Snelle Scan[/b:a1ef4039f5]


    [b:a1ef4039f5]N.B.: Vistagebruikers starten MBAM via rechtsklikken en kiezen voor Als Admistrator uitvoeren![/b:a1ef4039f5]

    Het scannen kan een tijdje duren, dus wees geduldig.
    Wanneer de scan voltooid is, klik dan op de knop [b:a1ef4039f5]OK[/b:a1ef4039f5] , daarna op de knop [b:a1ef4039f5]Bekijk Resultaten[/b:a1ef4039f5] om de resultaten te zien.
    Zorg ervoor dat daar alles aangevinkt is, daarna klikken op: [b:a1ef4039f5]Verwijder geselecteerde[/b:a1ef4039f5] .
    Na het verwijderen zal een log openen en zal er gevraagd worden om de computer opnieuw op te starten.


    Hierna een nieuw Hijack This Log aanmaken en het resultaat daarvan samen met het eerste scanresultaat van MBAM posten;
    tevens een Uninstall-lijst posten (Start HijackThis, klik op de knop Open the Misc Tools section, dan op de knop Open Uninstall Manager en als laatse op de knop Save).
  • bedankt dat je me helpt :).


    [code:1:e043450f6a]het nieuw Hijack This Logje[/code:1:e043450f6a]

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 11:20:00 PM, on 10/11/2009
    Platform: Windows Vista SP1 (WinNT 6.00.1905)
    MSIE: Internet Explorer v8.00 (8.00.6001.18813)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\LG Software\LG OSD\HotKey.exe
    C:\Program Files\LG Software\LG Magnifier\MagnifyingGlass.exe
    C:\Program Files\lg_swupdate\GiljabiStart.exe
    C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
    C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
    C:\Windows\System32\rundll32.exe
    C:\Windows\System32\wpcumi.exe
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
    C:\Program Files\LG Software\LG Magnifier\Maglev.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files\windows sidebar\gadgets\LGSmartI.Gadget\plugins\LGSmartI.exe
    C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    C:\Windows\system32\wuauclt.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.lge.com
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.lge.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.lge.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.lge.com
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    O1 - Hosts: ::1 localhost
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
    O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll
    O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
    O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
    O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [zOSD] C:\Program Files\LG Software\LG OSD\HotKey.exe
    O4 - HKLM\..\Run: [KeybdUtility] C:\Program Files\LG Software\LG OSD\HotKey.exe
    O4 - HKLM\..\Run: [LG Magnifier] %ProgramFiles%\LG Software\LG Magnifier\MagnifyingGlass.exe
    O4 - HKLM\..\Run: [LGSR_Menu] "C:\Program Files\LG Software\LG Smart Recovery\MUITransfer\MUIStartMenu.exe" "C:\Program Files\LG Software\LG Smart Recovery" UpdateWithCreateOnce Software\CyberLink\PowerRecover
    O4 - HKLM\..\Run: [LG Intelligent Update] "C:\Program Files\lg_swupdate\giljabistart.exe" Gilautouc
    O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
    O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
    O4 - HKLM\..\Run: [IaNvSrv] C:\Program Files\Intel\Intel Matrix Storage Manager\OROM\IaNvSrv\IaNvSrv.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [UCam_Menu] "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\2.0"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [WPCUMI] C:\Windows\system32\WpcUmi.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
    O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
    O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
    O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
    O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
    O4 - Global Startup: Bluetooth.lnk = ?
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O8 - Extra context menu item: Send image to &Bluetooth Device… - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
    O8 - Extra context menu item: Send page to &Bluetooth Device… - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
    O13 - Gopher Prefix:
    O17 - HKLM\System\CCS\Services\Tcpip\..\{640D2B37-D923-4A58-9E16-C45D498929C7}: Domain = flits.rug.nl
    O17 - HKLM\System\CCS\Services\Tcpip\..\{640D2B37-D923-4A58-9E16-C45D498929C7}: NameServer = 129.125.36.9,129.125.4.13
    O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
    O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
    O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
    O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
    O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
    O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe


    End of file - 10270 bytes



    [code:1:e043450f6a]het scanresultaat van MBAM[/code:1:e043450f6a]

    Malwarebytes' Anti-Malware 1.41
    Database versie: 2943
    Windows 6.0.6001 Service Pack 1

    10/11/2009 11:10:28 PM
    mbam-log-2009-10-11 (23-10-28).txt

    Scan type: Snelle Scan
    Objecten gescand: 90298
    Verstreken tijd: 3 minute(s), 19 second(s)

    Geheugenprocessen geïnfecteerd: 0
    Geheugenmodulen geïnfecteerd: 0
    Registersleutels geïnfecteerd: 7
    Registerwaarden geïnfecteerd: 0
    Registerdata bestanden geïnfecteerd: 0
    Mappen geïnfecteerd: 0
    Bestanden geïnfecteerd: 2

    Geheugenprocessen geïnfecteerd:
    (Geen kwaadaardige items gevonden)

    Geheugenmodulen geïnfecteerd:
    (Geen kwaadaardige items gevonden)

    Registersleutels geïnfecteerd:
    HKEY_CLASSES_ROOT\xml.xml (Worm.Allaple) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\xml.xml.1 (Worm.Allaple) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Typelib\{c20ee2d6-81c3-6a08-79c5-1989da43bc19} (Trojan.Downloader) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{500bca15-57a7-4eaf-8143-8c619470b13d} (Worm.Allaple) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\NordBull (Malware.Trace) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\poprock (Trojan.Downloader) -> Quarantined and deleted successfully.

    Registerwaarden geïnfecteerd:
    (Geen kwaadaardige items gevonden)

    Registerdata bestanden geïnfecteerd:
    (Geen kwaadaardige items gevonden)

    Mappen geïnfecteerd:
    (Geen kwaadaardige items gevonden)

    Bestanden geïnfecteerd:
    C:\Windows\Tasks\{7B02EF0B-A410-4938-8480-9BA26420A627}.job (Trojan.Downloader) -> Quarantined and deleted successfully.
    C:\Windows\Tasks\{BB65B0FB-5712-401b-B616-E69AC55E2757}.job (Trojan.Downloader) -> Quarantined and deleted successfully.




    [code:1:e043450f6a]een Uninstall-lijst[/code:1:e043450f6a]

    2007 Microsoft Office Suite Service Pack 2 (SP2)
    2007 Microsoft Office Suite Service Pack 2 (SP2)
    2007 Microsoft Office Suite Service Pack 2 (SP2)
    2007 Microsoft Office Suite Service Pack 2 (SP2)
    2007 Microsoft Office Suite Service Pack 2 (SP2)
    2007 Microsoft Office Suite Service Pack 2 (SP2)
    2007 Microsoft Office Suite Service Pack 2 (SP2)
    2007 Microsoft Office Suite Service Pack 2 (SP2)
    2007 Microsoft Office Suite Service Pack 2 (SP2)
    2007 Microsoft Office Suite Service Pack 2 (SP2)
    2007 Microsoft Office Suite Service Pack 2 (SP2)
    2007 Microsoft Office Suite Service Pack 2 (SP2)
    2007 Microsoft Office Suite Service Pack 2 (SP2)
    2007 Microsoft Office Suite Service Pack 2 (SP2)
    2007 Microsoft Office Suite Service Pack 2 (SP2)
    2007 Microsoft Office Suite Service Pack 2 (SP2)
    2007 Microsoft Office Suite Service Pack 2 (SP2)
    2007 Microsoft Office Suite Service Pack 2 (SP2)
    2007 Microsoft Office Suite Service Pack 2 (SP2)
    2007 Microsoft Office Suite Service Pack 2 (SP2)
    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 10 Plugin
    Adobe Reader 8.1.2
    Adobe Shockwave Player 11.5
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    Bonjour
    Choice Guard
    CyberLink YouCam
    CyberLink YouCam
    Evaluatieversie van Microsoft Office Professional 2007
    EzManual
    Google Toolbar for Internet Explorer
    Google Toolbar for Internet Explorer
    HijackThis 2.0.2
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    Intel® Matrix Storage Manager
    Intel® Turbo Memory
    iPhone Configuration Utility
    iTunes
    Java(TM) 6 Update 15
    LG Fan Mode Tile for Windows Mobility Center
    LG Intelligent Update
    LG Magnifier
    LG OSD
    LG Smart Care
    LG Smart Indicator
    LG Smart Recovery
    LG Smart Recovery
    LG TouchPad Tile for Windows Mobility Center
    Malwarebytes' Anti-Malware
    Microsoft .NET Framework 3.5 SP1
    Microsoft .NET Framework 3.5 SP1
    Microsoft Office Access MUI (Dutch) 2007
    Microsoft Office Access MUI (English) 2007
    Microsoft Office Access Setup Metadata MUI (English) 2007
    Microsoft Office Enterprise 2007
    Microsoft Office Enterprise 2007
    Microsoft Office Excel MUI (Dutch) 2007
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office Groove MUI (English) 2007
    Microsoft Office Groove Setup Metadata MUI (English) 2007
    Microsoft Office InfoPath MUI (English) 2007
    Microsoft Office Live Add-in 1.4
    Microsoft Office OneNote MUI (English) 2007
    Microsoft Office Outlook Connector
    Microsoft Office Outlook MUI (Dutch) 2007
    Microsoft Office Outlook MUI (English) 2007
    Microsoft Office PowerPoint MUI (Dutch) 2007
    Microsoft Office PowerPoint MUI (English) 2007
    Microsoft Office Professional 2007
    Microsoft Office Proof (Dutch) 2007
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (German) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (Dutch) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Publisher MUI (Dutch) 2007
    Microsoft Office Publisher MUI (English) 2007
    Microsoft Office Shared MUI (Dutch) 2007
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Suite Activation Assistant
    Microsoft Office Word MUI (Dutch) 2007
    Microsoft Office Word MUI (English) 2007
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Minimizor 1.8
    Miro
    Mozilla Firefox (3.5.3)
    MSVCRT
    MSXML 4.0 SP2 (KB954430)
    neroxml
    NVIDIA Drivers
    OGA Notifier 2.0.0048.0
    Panda ActiveScan 2.0
    PokerStars
    QuickTime
    Ralink Wireless LAN Client Adapter
    Realtek Ethernet Controller Driver For Windows Vista and Later
    Realtek High Definition Audio Driver
    Realtek USB 2.0 Card Reader
    Security Update for 2007 Microsoft Office System (KB969559)
    Security Update for 2007 Microsoft Office System (KB969559)
    Security Update for 2007 Microsoft Office System (KB969679)
    Security Update for 2007 Microsoft Office System (KB969679)
    Security Update for Microsoft Office Excel 2007 (KB969682)
    Security Update for Microsoft Office Excel 2007 (KB969682)
    Security Update for Microsoft Office PowerPoint 2007 (KB957789)
    Security Update for Microsoft Office PowerPoint 2007 (KB957789)
    Security Update for Microsoft Office Publisher 2007 (KB969693)
    Security Update for Microsoft Office Publisher 2007 (KB969693)
    Security Update for Microsoft Office system 2007 (KB969613)
    Security Update for Microsoft Office system 2007 (KB969613)
    Security Update for Microsoft Office Word 2007 (KB969604)
    Security Update for Microsoft Office Word 2007 (KB969604)
    SubSync
    SUPERAntiSpyware Free Edition
    Synaptics Pointing Device Driver
    Update for 2007 Microsoft Office System (KB967642)
    Update for 2007 Microsoft Office System (KB967642)
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Microsoft Office 2007 Help for Common Features (KB963673)
    Update for Microsoft Office Access 2007 Help (KB963663)
    Update for Microsoft Office Excel 2007 Help (KB963678)
    Update for Microsoft Office Infopath 2007 Help (KB963662)
    Update for Microsoft Office OneNote 2007 Help (KB963670)
    Update for Microsoft Office Outlook 2007 (KB969907)
    Update for Microsoft Office Outlook 2007 (KB969907)
    Update for Microsoft Office Outlook 2007 Help (KB963677)
    Update for Microsoft Office Powerpoint 2007 Help (KB963669)
    Update for Microsoft Office Publisher 2007 Help (KB963667)
    Update for Microsoft Office Script Editor Help (KB963671)
    Update for Microsoft Office Word 2007 Help (KB963665)
    Update for Outlook 2007 Junk Email Filter (kb973514)
    Update for Outlook 2007 Junk Email Filter (kb973514)
    Update voor Microsoft Office Excel 2007 Help (KB963678)
    Update voor Microsoft Office Powerpoint 2007 Help (KB963669)
    Update voor Microsoft Office Word 2007 Help (KB963665)
    VLC media player 1.0.1
    Vuze
    Vuze Toolbar
    WIDCOMM Bluetooth Software 6.0.1.5600
    Windows Live - Hulpprogramma voor uploaden
    Windows Live Call
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Essentials
    Windows Live ID Sign-in Assistant
    Windows Live Messenger
    WinRAR archiver
    WinUHA 2.0 RC1 (2005.02.27)
    Wolfenstein - Enemy Territory
    Wondershare iPod Transfer(Build 1.0.1.0)
    Xfire (remove only)
  • Hallo Nacho, natuurlijk help ik je graag.

    Wat MBAM heeft gevonden, vind ik niet niks.

    Het is ook daarom, dat ik je wil aanraden om [b:28877f8c94] Combofix jouw Windows te laten scannen[/b:28877f8c94] (KLIK).

    [b:28877f8c94]Hoe Combofix goed te gebruiken[/b:28877f8c94] (KLIK)

    [b:28877f8c94]Aanvulling: om Combofix te kunnen gebruiken geldt het volgende:[/b:28877f8c94]

    [b:28877f8c94]- er mogen geen webbrowsers openstaan
    - antivirus moet geheel gedeaktiveerd zijn
    - actieve mal- en spywarescanners moeten gedeaktiveerd zijn.[/b:28877f8c94]

    Niet in het actieve Combofixvnster klikken – dit zal Combofix doen bevriezen!

    Combofix sluit de internet verbinding – probeer deze tussentijds niet te herstellen!

    [b:28877f8c94]Vistagebruikers starten Combofix op met Administratorrechten!

    En vergeten niet Windows Defender tijdelijk uit te schakelen: zie daarvoor http://windowshelp.microsoft.com/Windows/nl-NL/help/31d797aa-091d-4d67-a556-dbfaf21bf0dc1043.mspx
    [/b:28877f8c94]



    [b:28877f8c94]Hier vindt je gegevens hoe antivirus te deaktiveren[/b:28877f8c94] (KLIK)


    Overigens: waarom is jouw Vista nog niet in SP2-uitvoering?
  • hey ik heb combofix gebruikt hier is het logje.

    ComboFix 09-10-11.01 - user 10/12/2009 0:55.2.2 - NTFSx86
    Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.3068.1962 [GMT 2:00]
    Running from: c:\users\user\Desktop\ComboFix.exe
    SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}
    SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
    * Resident AV is active

    .

    ((((((((((((((((((((((((( Files Created from 2009-09-11 to 2009-10-11 )))))))))))))))))))))))))))))))
    .

    2009-10-11 22:59 . 2009-10-11 22:59 ——– d—–w- c:\users\user\AppData\Local\temp
    2009-10-11 22:59 . 2009-10-11 22:59 ——– d—–w- c:\users\Public\AppData\Local\temp
    2009-10-11 22:59 . 2009-10-11 22:59 ——– d—–w- c:\users\Default\AppData\Local\temp
    2009-10-11 21:04 . 2009-10-11 21:04 ——– d—–w- c:\users\user\AppData\Roaming\Malwarebytes
    2009-10-11 21:04 . 2009-09-10 12:54 38224 —-a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2009-10-11 21:04 . 2009-10-11 21:04 ——– d—–w- c:\programdata\Malwarebytes
    2009-10-11 21:04 . 2009-09-10 12:53 19160 —-a-w- c:\windows\system32\drivers\mbam.sys
    2009-10-11 21:04 . 2009-10-11 21:10 ——– d—–w- c:\program files\Malwarebytes' Anti-Malware
    2009-10-06 09:36 . 2009-08-07 02:24 44768 —-a-w- c:\windows\system32\wups2.dll
    2009-10-06 09:36 . 2009-08-07 02:24 53472 —-a-w- c:\windows\system32\wuauclt.exe
    2009-10-06 09:36 . 2009-08-07 02:23 1929952 —-a-w- c:\windows\system32\wuaueng.dll
    2009-10-06 09:36 . 2009-08-07 01:45 2421760 —-a-w- c:\windows\system32\wucltux.dll
    2009-10-06 09:36 . 2009-08-07 02:24 35552 —-a-w- c:\windows\system32\wups.dll
    2009-10-06 09:36 . 2009-08-07 02:23 575704 —-a-w- c:\windows\system32\wuapi.dll
    2009-10-06 09:36 . 2009-08-07 01:44 87552 —-a-w- c:\windows\system32\wudriver.dll
    2009-10-06 09:36 . 2009-08-06 17:23 171608 —-a-w- c:\windows\system32\wuwebv.dll
    2009-10-06 09:36 . 2009-08-06 16:44 33792 —-a-w- c:\windows\system32\wuapp.exe
    2009-10-05 10:48 . 2009-10-05 10:48 ——– d—–w- c:\program files\Trend Micro
    2009-10-03 10:19 . 2009-10-01 08:29 195440 ——w- c:\windows\system32\MpSigStub.exe
    2009-10-01 19:03 . 2009-10-02 15:53 ——– d—–w- c:\program files\call of duty modern warfare
    2009-09-30 10:56 . 2009-09-30 10:56 ——– d—–w- c:\users\Default\AppData\Local\Microsoft Help
    2009-09-29 19:52 . 2009-09-29 19:52 ——– d—–w- c:\program files\Microsoft Office Outlook Connector
    2009-09-29 19:51 . 2009-09-29 19:51 ——– d—–w- c:\program files\MSECache
    2009-09-29 19:32 . 2009-09-29 19:32 ——– d—–w- c:\users\user\AppData\Local\Apps
    2009-09-29 19:32 . 2009-09-29 19:32 ——– d—–w- c:\users\user\AppData\Local\Deployment
    2009-09-29 19:31 . 2008-02-22 04:47 53248 —-a-w- c:\windows\system32\davclnt.dll
    2009-09-29 19:04 . 2008-11-10 09:41 32656 —-a-w- c:\windows\system32\msonpmon.dll
    2009-09-29 18:57 . 2009-09-29 18:57 ——– d—–w- c:\program files\Microsoft Visual Studio 8
    2009-09-29 14:05 . 2009-09-29 19:08 ——– d—–w- c:\program files\Microsoft Works
    2009-09-29 14:04 . 2009-09-29 14:04 ——– d—–w- c:\program files\Microsoft.NET
    2009-09-29 13:57 . 2009-09-29 13:57 ——– d—–r- C:\MSOCache
    2009-09-29 13:32 . 2009-10-05 10:34 ——– d—–w- c:\program files\PacificPoker
    2009-09-29 00:36 . 2009-10-08 20:24 ——– d—–w- c:\users\user\AppData\Local\PokerStars
    2009-09-29 00:36 . 2009-09-29 00:36 ——– d—–w- c:\program files\PokerStars
    2009-09-29 00:26 . 2009-09-29 00:26 ——– d—–w- C:\Programs
    2009-09-28 12:31 . 2009-09-28 12:31 ——– d—–w- c:\program files\SubSync
    2009-09-28 12:31 . 2009-09-28 12:31 249856 ——w- c:\windows\Setup1.exe
    2009-09-28 12:31 . 2009-09-28 12:31 73216 —-a-w- c:\windows\ST6UNST.EXE
    2009-09-27 21:56 . 2009-09-27 21:56 ——– d—–w- c:\users\user\AppData\Roaming\PCF-VLC
    2009-09-27 21:41 . 2009-09-27 21:41 ——– d—–w- c:\users\user\AppData\Roaming\Participatory Culture Foundation
    2009-09-27 21:41 . 2009-09-27 21:41 ——– d—–w- c:\program files\Participatory Culture Foundation
    2009-09-27 21:31 . 2009-09-27 21:36 ——– d—–w- c:\program files\EZ Boosters
    2009-09-26 16:54 . 2009-09-26 16:54 680 —-a-w- c:\users\user\AppData\Local\d3d9caps.dat
    2009-09-26 13:08 . 2009-09-26 18:37 ——– d—–w- C:\efba4d6d9e367b6fbb40130791fef2ab
    2009-09-26 09:58 . 2009-04-22 22:27 38480 —-a-w- c:\windows\system32\drivers\WdfLdr.sys
    2009-09-26 09:58 . 2009-04-22 22:27 445008 —-a-w- c:\windows\system32\drivers\Wdf01000.sys
    2009-09-26 09:51 . 2009-09-02 09:09 176128 —-a-w- c:\windows\system32\drivers\Rtlh86.sys
    2009-09-26 09:51 . 2009-07-22 16:24 94208 —-a-w- c:\windows\system32\RTNUninst32.dll
    2009-09-26 09:51 . 2009-03-05 12:54 73728 —-a-w- c:\windows\system32\RtNicProp32.dll
    2009-09-26 09:49 . 2009-09-26 09:49 ——– d—–w- c:\program files\QMI
    2009-09-26 09:48 . 2008-04-28 09:37 393216 —-a-w- c:\windows\system32\athihvs.dll
    2009-09-26 09:48 . 2009-04-14 14:01 385024 —-a-w- c:\windows\system32\QmiInstDev.exe
    2009-09-26 09:29 . 2009-09-26 09:29 ——– d—–w- c:\program files\EzManual
    2009-09-26 00:20 . 2009-09-26 00:20 ——– d—–w- C:\437f0073dad264c3d2259447
    2009-09-26 00:18 . 2009-09-26 00:18 ——– d—–w- c:\windows\system32\EventProviders
    2009-09-25 22:20 . 2009-09-25 22:20 41872 —-a-w- c:\windows\system32\xfcodec.dll
    2009-09-19 15:16 . 2009-09-19 15:16 ——– d—–w- c:\program files\Wondershare
    2009-09-18 23:53 . 2009-09-18 23:53 ——– d—–w- c:\program files\iPhone Configuration Utility
    2009-09-18 23:52 . 2008-04-17 11:12 107368 —-a-w- c:\windows\system32\GEARAspi.dll
    2009-09-18 23:52 . 2009-05-18 12:17 26600 —-a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
    2009-09-18 23:52 . 2009-09-18 23:52 ——– d—–w- c:\program files\iPod
    2009-09-18 23:52 . 2009-09-18 23:52 ——– d—–w- c:\programdata\{755AC846-7372-4AC8-8550-C52491DAA8BD}
    2009-09-18 23:49 . 2009-09-18 23:50 ——– d—–w- c:\program files\QuickTime
    2009-09-18 23:27 . 2009-09-18 23:27 ——– d—–w- c:\programdata\Office Genuine Advantage
    2009-09-18 15:13 . 2009-06-15 15:24 175104 —-a-w- c:\windows\system32\wdigest.dll
    2009-09-18 15:13 . 2009-06-15 15:22 213504 —-a-w- c:\windows\system32\msv1_0.dll
    2009-09-18 15:13 . 2009-06-15 15:21 499712 —-a-w- c:\windows\system32\kerberos.dll
    2009-09-18 15:13 . 2009-06-15 15:24 270848 —-a-w- c:\windows\system32\schannel.dll
    2009-09-18 15:13 . 2009-06-15 15:23 1256448 —-a-w- c:\windows\system32\lsasrv.dll
    2009-09-18 15:13 . 2009-06-15 18:20 439896 —-a-w- c:\windows\system32\drivers\ksecdd.sys
    2009-09-18 15:13 . 2009-06-15 15:24 72704 —-a-w- c:\windows\system32\secur32.dll
    2009-09-18 15:13 . 2009-06-15 12:57 9728 —-a-w- c:\windows\system32\lsass.exe
    2009-09-18 14:39 . 2009-08-14 17:07 897608 —-a-w- c:\windows\system32\drivers\tcpip.sys
    2009-09-18 14:39 . 2009-08-14 16:29 104960 —-a-w- c:\windows\system32\netiohlp.dll
    2009-09-18 14:39 . 2009-08-14 14:16 27136 —-a-w- c:\windows\system32\NETSTAT.EXE
    2009-09-18 14:39 . 2009-08-14 14:16 9728 —-a-w- c:\windows\system32\TCPSVCS.EXE
    2009-09-18 14:39 . 2009-08-14 14:16 19968 —-a-w- c:\windows\system32\ARP.EXE
    2009-09-18 14:39 . 2009-08-14 14:16 10240 —-a-w- c:\windows\system32\finger.exe
    2009-09-18 14:38 . 2009-08-14 16:29 17920 —-a-w- c:\windows\system32\netevent.dll
    2009-09-18 14:38 . 2009-08-14 14:16 17920 —-a-w- c:\windows\system32\ROUTE.EXE
    2009-09-18 14:38 . 2009-08-14 14:16 11264 —-a-w- c:\windows\system32\MRINFO.EXE
    2009-09-18 14:38 . 2009-08-14 14:16 8704 —-a-w- c:\windows\system32\HOSTNAME.EXE
    2009-09-18 14:38 . 2009-07-11 19:32 513024 —-a-w- c:\windows\system32\wlansvc.dll
    2009-09-18 14:38 . 2009-07-11 19:32 302592 —-a-w- c:\windows\system32\wlansec.dll
    2009-09-18 14:38 . 2009-07-11 19:32 293376 —-a-w- c:\windows\system32\wlanmsm.dll
    2009-09-18 14:38 . 2009-07-11 19:29 127488 —-a-w- c:\windows\system32\L2SecHC.dll
    2009-09-18 14:38 . 2009-06-10 12:11 2868224 —-a-w- c:\windows\system32\mf.dll

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2009-10-11 22:39 . 2009-06-09 02:35 12 —-a-w- c:\windows\bthservsdp.dat
    2009-10-11 22:34 . 2009-09-01 19:24 ——– d—–w- c:\users\user\AppData\Roaming\Azureus
    2009-10-11 22:06 . 2009-08-08 20:53 62804 —-a-w- c:\programdata\nvModes.dat
    2009-10-11 22:00 . 2009-08-08 21:06 139904 —-a-w- c:\windows\system32\drivers\PnkBstrK.sys
    2009-10-11 21:59 . 2009-08-08 21:05 189744 —-a-w- c:\windows\system32\PnkBstrB.exe
    2009-10-11 21:58 . 2009-08-08 19:54 ——– d—–w- c:\programdata\Xfire
    2009-10-06 18:41 . 2009-08-09 08:02 ——– d—–w- c:\users\user\AppData\Roaming\vlc
    2009-10-06 10:04 . 2009-08-22 21:49 ——– d—–w- c:\programdata\Nero
    2009-10-01 19:35 . 2009-08-08 19:54 ——– d—–w- c:\users\user\AppData\Roaming\Xfire
    2009-09-30 10:57 . 2009-06-09 02:42 ——– d—–w- c:\programdata\Microsoft Help
    2009-09-30 10:33 . 2009-08-08 19:54 ——– d—–w- c:\program files\Xfire
    2009-09-29 19:32 . 2009-08-06 18:24 104584 —-a-w- c:\users\user\AppData\Local\GDIPFONTCACHEV1.DAT
    2009-09-29 19:31 . 2009-08-09 06:08 ——– d—–w- c:\program files\Microsoft
    2009-09-29 19:02 . 2006-11-02 12:37 ——– d—–w- c:\program files\MSBuild
    2009-09-29 07:47 . 2006-11-02 12:37 ——– d—–w- c:\program files\Windows Sidebar
    2009-09-29 00:34 . 2009-08-22 16:24 ——– d—–w- c:\program files\URUSoft
    2009-09-28 15:13 . 2009-08-09 06:16 ——– d—–w- c:\users\user\AppData\Roaming\Apple Computer
    2009-09-26 18:36 . 2006-11-02 11:18 ——– d—–w- c:\program files\Windows Mail
    2009-09-26 16:54 . 2009-06-25 07:39 ——– d—–w- c:\programdata\NVIDIA
    2009-09-26 10:00 . 2009-06-09 21:29 ——– d—–w- c:\program files\lg_swupdate
    2009-09-26 09:51 . 2009-06-09 15:49 ——– d—–w- c:\program files\Realtek
    2009-09-26 09:51 . 2009-06-09 15:49 ——– d–h–w- c:\program files\InstallShield Installation Information
    2009-09-18 23:52 . 2009-08-09 06:15 ——– d—–w- c:\program files\iTunes
    2009-09-18 23:52 . 2009-08-09 06:12 ——– d—–w- c:\program files\Common Files\Apple
    2009-09-01 21:13 . 2009-09-01 21:13 ——– d—–w- c:\program files\WinUHA
    2009-09-01 19:24 . 2009-09-01 19:24 ——– d—–w- c:\programdata\Azureus
    2009-09-01 19:23 . 2009-09-01 19:22 ——– d—–w- c:\program files\Vuze
    2009-08-28 12:39 . 2009-09-03 16:12 28672 —-a-w- c:\windows\system32\Apphlpdm.dll
    2009-08-28 10:15 . 2009-09-03 16:12 4240384 —-a-w- c:\windows\system32\GameUXLegacyGDFs.dll
    2009-08-23 09:02 . 2009-08-23 09:02 ——– d—–w- c:\program files\MSXML 4.0
    2009-08-15 18:49 . 2009-08-15 18:49 ——– d—–w- c:\users\user\AppData\Roaming\VitySoft
    2009-08-09 07:36 . 2009-08-09 07:36 411368 —-a-w- c:\windows\system32\deploytk.dll
    2009-08-08 21:05 . 2009-08-08 21:05 75064 —-a-w- c:\windows\system32\PnkBstrA.exe
    2009-08-03 13:07 . 2009-08-03 13:07 403816 —-a-w- c:\windows\system32\OGACheckControl.dll
    2009-08-03 13:07 . 2009-08-03 13:07 322928 —-a-w- c:\windows\system32\OGAAddin.dll
    2009-08-03 13:07 . 2009-08-03 13:07 230768 —-a-w- c:\windows\system32\OGAEXEC.exe
    2009-07-21 21:52 . 2009-08-09 12:18 915456 —-a-w- c:\windows\system32\wininet.dll
    2009-07-21 21:47 . 2009-08-09 12:18 109056 —-a-w- c:\windows\system32\iesysprep.dll
    2009-07-21 21:47 . 2009-08-09 12:18 71680 —-a-w- c:\windows\system32\iesetup.dll
    2009-07-21 20:13 . 2009-08-09 12:18 133632 —-a-w- c:\windows\system32\ieUnatt.exe
    2009-07-21 06:52 . 2009-07-21 06:52 499712 —-a-w- c:\windows\system32\msvcp71.dll
    2009-07-21 06:52 . 2009-07-21 06:52 348160 —-a-w- c:\windows\system32\msvcr71.dll
    2009-07-17 14:35 . 2009-08-15 15:13 71680 —-a-w- c:\windows\system32\atl.dll
    2009-07-14 13:00 . 2009-08-15 15:13 313344 —-a-w- c:\windows\system32\wmpdxm.dll
    2009-07-14 12:59 . 2009-08-15 15:13 4096 —-a-w- c:\windows\system32\dxmasf.dll
    2009-07-14 12:58 . 2009-08-15 15:13 7680 —-a-w- c:\windows\system32\spwmp.dll
    2009-07-14 10:59 . 2009-08-15 15:13 8147456 —-a-w- c:\windows\system32\wmploc.DLL
    .

    ((((((((((((((((((((((((((((( SnapShot@2009-10-11_22.36.01 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2008-01-21 01:58 . 2009-10-11 22:42 49732 c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
    + 2006-11-02 13:05 . 2009-10-11 22:42 93256 c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
    - 2009-08-06 18:24 . 2009-10-11 21:14 5920 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-647323661-476650339-1405456048-1000_UserData.bin
    + 2009-08-06 18:24 . 2009-10-11 22:42 5920 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-647323661-476650339-1405456048-1000_UserData.bin
    - 2009-10-11 21:12 . 2009-10-11 21:12 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
    + 2009-10-11 22:40 . 2009-10-11 22:40 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
    - 2009-10-11 21:12 . 2009-10-11 21:12 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
    + 2009-10-11 22:40 . 2009-10-11 22:40 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
    + 2006-11-02 10:33 . 2009-10-11 22:48 595684 c:\windows\System32\perfh009.dat
    - 2006-11-02 10:33 . 2009-10-11 21:19 595684 c:\windows\System32\perfh009.dat
    + 2006-11-02 10:33 . 2009-10-11 22:48 101350 c:\windows\System32\perfc009.dat
    - 2006-11-02 10:33 . 2009-10-11 21:19 101350 c:\windows\System32\perfc009.dat
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-21 1233920]
    "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-06-09 39408]
    "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]
    "SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-08-05 1830128]
    "WindowsWelcomeCenter"="oobefldr.dll" - c:\windows\System32\oobefldr.dll [2008-01-21 2153472]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
    "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-12-07 1029416]
    "zOSD"="c:\program files\LG Software\LG OSD\HotKey.exe" [2009-05-13 3166208]
    "KeybdUtility"="c:\program files\LG Software\LG OSD\HotKey.exe" [2009-05-13 3166208]
    "LG Magnifier"="c:\program files\LG Software\LG Magnifier\MagnifyingGlass.exe" [2008-05-20 144688]
    "LGSR_Menu"="c:\program files\LG Software\LG Smart Recovery\MUITransfer\MUIStartMenu.exe" [2008-09-24 210216]
    "LG Intelligent Update"="c:\program files\lg_swupdate\giljabistart.exe" [2009-02-16 304432]
    "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-05-07 7227936]
    "IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-04-27 186904]
    "IaNvSrv"="c:\program files\Intel\Intel Matrix Storage Manager\OROM\IaNvSrv\IaNvSrv.exe" [2009-03-09 33304]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-05-08 13605408]
    "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-05-08 92704]
    "UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2008-12-04 218408]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-12 39792]
    "WPCUMI"="c:\windows\system32\WpcUmi.exe" [2006-11-02 176128]
    "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-08-09 149280]
    "egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-02-06 2021400]
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-09-04 417792]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-09-08 305440]
    "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
    "Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]

    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-10-2 727592]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableUIADesktopToggle"= 0 (0x0)

    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
    "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
    2008-12-22 10:05 356352 —-a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "mixer3"=wdmaud.drv

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
    @="Service"

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
    "TCP Query User{B75DB40B-6AC9-4821-8A22-E08C6D942D2A}c:\\program files\\xfire\\xfire.exe"= UDP:c:\program files\xfire\xfire.exe:Xfire
    "UDP Query User{C603EE2D-1283-4621-A62A-BD6DF1DA7A53}c:\\program files\\xfire\\xfire.exe"= TCP:c:\program files\xfire\xfire.exe:Xfire
    "TCP Query User{7530347D-74E3-4DCB-B067-17E929E7CEC9}c:\\program files\\wolfenstein - enemy territory\\et.exe"= UDP:c:\program files\wolfenstein - enemy territory\et.exe:ET
    "UDP Query User{D968FB5B-1150-4099-8DD3-6AA11F8282DA}c:\\program files\\wolfenstein - enemy territory\\et.exe"= TCP:c:\program files\wolfenstein - enemy territory\et.exe:ET
    "{C8AE2C17-2CFC-40A7-B5F5-0F30EAC5F4F3}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
    "{551BA0DD-21B5-4F69-B3D0-2805E7130D36}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
    "{6CD9D12C-73F2-462C-A512-1540E68E1CF1}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
    "{D306976D-BB1A-4FE1-851C-1742EDDB6182}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
    "TCP Query User{A7DA8E50-2A84-4867-B0E8-C95388D186C6}c:\\program files\\participatory culture foundation\\miro\\miro_downloader.exe"= UDP:c:\program files\participatory culture foundation\miro\miro_downloader.exe:Miro_Downloader
    "UDP Query User{C1066CB7-CA67-48F4-B728-7481696D87C7}c:\\program files\\participatory culture foundation\\miro\\miro_downloader.exe"= TCP:c:\program files\participatory culture foundation\miro\miro_downloader.exe:Miro_Downloader
    "{6B33024D-981F-4022-846A-153063AA48BC}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
    "{61A0E5CD-C2F7-4631-81C8-4F780CAFF57D}"= UDP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
    "{F9421800-CAA1-464F-A6A0-DE1C068ACAC2}"= TCP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
    "{AED5D5BF-9888-4896-96CA-F27F69124C78}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
    "{19C1D88F-314F-43B3-9973-3DDC8B1EA0C2}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
    "TCP Query User{A2204E3B-FCAA-4FF2-9541-FF23EE8036B8}c:\\program files\\vuze\\azureus.exe"= UDP:c:\program files\vuze\azureus.exe:Azureus
    "UDP Query User{B17B35D2-9819-4961-BB04-5ECE55B8159E}c:\\program files\\vuze\\azureus.exe"= TCP:c:\program files\vuze\azureus.exe:Azureus

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
    "EnableFirewall"= 0 (0x0)

    R0 iaNvStor;Intel(R) Turbo Memory Controller;c:\windows\System32\drivers\iaNvStor.sys [6/9/2009 5:45 PM 229400]
    R0 pavboot;pavboot;c:\windows\System32\drivers\pavboot.sys [8/9/2009 9:39 AM 28544]
    R1 ehdrv;ehdrv;c:\windows\System32\drivers\ehdrv.sys [2/6/2009 2:23 PM 106208]
    R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [8/5/2009 4:06 PM 9968]
    R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [8/5/2009 4:06 PM 74480]
    R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [2/6/2009 2:23 PM 727720]
    R2 epfwwfp;epfwwfp;c:\windows\System32\drivers\epfwwfp.sys [2/6/2009 2:24 PM 38240]
    R3 netr28;Ralink 802.11n Wireless Driver for Windows Vista;c:\windows\System32\drivers\netr28.sys [3/27/2009 4:18 PM 529920]
    R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\System32\drivers\nvhda32v.sys [6/9/2009 5:45 PM 52768]
    R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [8/5/2009 4:06 PM 7408]
    S2 wlidsvc;Windows Live ID Sign-in Assistant;c:\program files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE [3/30/2009 4:28 PM 1533808]
    S3 AVer8G54;AVerMedia A855 II BDA Digital Tuner;c:\windows\System32\drivers\AVer8G54.sys [7/10/2009 1:05 AM 47104]
    S3 wsvd;wsvd;c:\windows\System32\drivers\wsvd.sys [5/26/2008 8:54 PM 81704]
    S4 ASKService;ASKService;c:\program files\AskBarDis\bar\bin\AskService.exe –> c:\program files\AskBarDis\bar\bin\AskService.exe [?]
    S4 ASKUpgrade;ASKUpgrade;c:\program files\AskBarDis\bar\bin\ASKUpgrade.exe –> c:\program files\AskBarDis\bar\bin\ASKUpgrade.exe [?]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    bthsvcs REG_MULTI_SZ BthServ

    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
    "c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
    .
    Contents of the 'Scheduled Tasks' folder

    2009-10-11 c:\windows\Tasks\User_Feed_Synchronization-{4C93D44A-C9D5-475B-883C-436E3DDE5EA8}.job
    - c:\windows\system32\msfeedssync.exe [2009-08-09 20:13]
    .
    .
    ——- Supplementary Scan ——-
    .
    uStart Page = hxxp://www.lge.com
    mStart Page = hxxp://www.lge.com
    uInternet Settings,ProxyOverride = *.local
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
    IE: Send image to &Bluetooth Device… - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
    IE: Send page to &Bluetooth Device… - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    LSP: c:\windows\system32\wpclsp.dll
    TCP: {640D2B37-D923-4A58-9E16-C45D498929C7} = 129.125.36.9,129.125.4.13
    FF - ProfilePath - c:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\eciyk4pe.default\
    FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
    FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
    .

    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2009-10-12 00:59
    Windows 6.0.6001 Service Pack 1 NTFS

    scanning hidden processes …

    scanning hidden autostart entries …

    scanning hidden files …

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    ——————— DLLs Loaded Under Running Processes ———————

    - - - - - - - > 'Explorer.exe'(3104)
    c:\windows\system32\btmmhook.dll
    .
    Completion time: 2009-10-11 1:01
    ComboFix-quarantined-files.txt 2009-10-11 23:01
    ComboFix2.txt 2009-10-11 22:37

    Pre-Run: 163,714,953,216 bytes free
    Post-Run: 163,610,005,504 bytes free

    288 — E O F — 2009-10-09 11:08

    het is niet een heel relaxt programma, mijn internet wordt niet automatisch herstelt…
    moest even zoeken maar me internet werkt weer (het herstelt niet automatisch mijn gateway IP).

    over dat Windows vista pack2
    ik heb het geprobeerd, maar telkens als ik het installeerde en Windows opnieuw opstartte flipte Windows en moest ik me LG recovery draaien om naar een eerder herstelpunt terug te kunnen. (dus weer terug naar vista pack 1)

    misschien ligt het aan malware of aan LG
  • Hllo Nacho, de Combofixscan is van weinig waarde geworden: je antivirus was niet gedeaktiveerd!
    Daardoor heeft Combofix niet juist kunnen werken, mogelijk was het bestand al beschadigd ook door jouw antivirus!

    Wat dat betreft kan ik dus je opmerking over het tool begrijpen.

    Maar: download Combofix opnieuw (het oude bestand mag je verwijderen), [b:25c3a97a8f]deaktiveer weer de scanners en nu ook je antivirus, voordat je Combofix opstart![/b:25c3a97a8f]
  • ComboFix 09-10-11.03 - user 10/12/2009 15:42.3.2 - NTFSx86
    Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.3068.1863 [GMT 2:00]
    Running from: c:\users\user\Desktop\ComboFix.exe
    SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}
    SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
    .

    ((((((((((((((((((((((((( Files Created from 2009-09-12 to 2009-10-12 )))))))))))))))))))))))))))))))
    .

    2009-10-12 13:46 . 2009-10-12 13:46 ——– d—–w- c:\users\user\AppData\Local\temp
    2009-10-12 13:46 . 2009-10-12 13:46 ——– d—–w- c:\users\Public\AppData\Local\temp
    2009-10-12 13:46 . 2009-10-12 13:46 ——– d—–w- c:\users\Default\AppData\Local\temp
    2009-10-11 21:04 . 2009-10-11 21:04 ——– d—–w- c:\users\user\AppData\Roaming\Malwarebytes
    2009-10-11 21:04 . 2009-09-10 12:54 38224 —-a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2009-10-11 21:04 . 2009-10-11 21:04 ——– d—–w- c:\programdata\Malwarebytes
    2009-10-11 21:04 . 2009-09-10 12:53 19160 —-a-w- c:\windows\system32\drivers\mbam.sys
    2009-10-11 21:04 . 2009-10-11 21:10 ——– d—–w- c:\program files\Malwarebytes' Anti-Malware
    2009-10-06 09:36 . 2009-08-07 02:24 44768 —-a-w- c:\windows\system32\wups2.dll
    2009-10-06 09:36 . 2009-08-07 02:24 53472 —-a-w- c:\windows\system32\wuauclt.exe
    2009-10-06 09:36 . 2009-08-07 02:23 1929952 —-a-w- c:\windows\system32\wuaueng.dll
    2009-10-06 09:36 . 2009-08-07 01:45 2421760 —-a-w- c:\windows\system32\wucltux.dll
    2009-10-06 09:36 . 2009-08-07 02:24 35552 —-a-w- c:\windows\system32\wups.dll
    2009-10-06 09:36 . 2009-08-07 02:23 575704 —-a-w- c:\windows\system32\wuapi.dll
    2009-10-06 09:36 . 2009-08-07 01:44 87552 —-a-w- c:\windows\system32\wudriver.dll
    2009-10-06 09:36 . 2009-08-06 17:23 171608 —-a-w- c:\windows\system32\wuwebv.dll
    2009-10-06 09:36 . 2009-08-06 16:44 33792 —-a-w- c:\windows\system32\wuapp.exe
    2009-10-05 10:48 . 2009-10-05 10:48 ——– d—–w- c:\program files\Trend Micro
    2009-10-03 10:19 . 2009-10-01 08:29 195440 ——w- c:\windows\system32\MpSigStub.exe
    2009-10-01 19:03 . 2009-10-02 15:53 ——– d—–w- c:\program files\call of duty modern warfare
    2009-09-30 10:56 . 2009-09-30 10:56 ——– d—–w- c:\users\Default\AppData\Local\Microsoft Help
    2009-09-29 19:52 . 2009-09-29 19:52 ——– d—–w- c:\program files\Microsoft Office Outlook Connector
    2009-09-29 19:51 . 2009-09-29 19:51 ——– d—–w- c:\program files\MSECache
    2009-09-29 19:32 . 2009-09-29 19:32 ——– d—–w- c:\users\user\AppData\Local\Apps
    2009-09-29 19:32 . 2009-09-29 19:32 ——– d—–w- c:\users\user\AppData\Local\Deployment
    2009-09-29 19:31 . 2008-02-22 04:47 53248 —-a-w- c:\windows\system32\davclnt.dll
    2009-09-29 19:04 . 2008-11-10 09:41 32656 —-a-w- c:\windows\system32\msonpmon.dll
    2009-09-29 18:57 . 2009-09-29 18:57 ——– d—–w- c:\program files\Microsoft Visual Studio 8
    2009-09-29 14:05 . 2009-09-29 19:08 ——– d—–w- c:\program files\Microsoft Works
    2009-09-29 14:04 . 2009-09-29 14:04 ——– d—–w- c:\program files\Microsoft.NET
    2009-09-29 13:57 . 2009-09-29 13:57 ——– d—–r- C:\MSOCache
    2009-09-29 13:32 . 2009-10-05 10:34 ——– d—–w- c:\program files\PacificPoker
    2009-09-29 00:36 . 2009-10-08 20:24 ——– d—–w- c:\users\user\AppData\Local\PokerStars
    2009-09-29 00:36 . 2009-09-29 00:36 ——– d—–w- c:\program files\PokerStars
    2009-09-29 00:26 . 2009-09-29 00:26 ——– d—–w- C:\Programs
    2009-09-28 12:31 . 2009-09-28 12:31 ——– d—–w- c:\program files\SubSync
    2009-09-28 12:31 . 2009-09-28 12:31 249856 ——w- c:\windows\Setup1.exe
    2009-09-28 12:31 . 2009-09-28 12:31 73216 —-a-w- c:\windows\ST6UNST.EXE
    2009-09-27 21:56 . 2009-09-27 21:56 ——– d—–w- c:\users\user\AppData\Roaming\PCF-VLC
    2009-09-27 21:41 . 2009-09-27 21:41 ——– d—–w- c:\users\user\AppData\Roaming\Participatory Culture Foundation
    2009-09-27 21:41 . 2009-09-27 21:41 ——– d—–w- c:\program files\Participatory Culture Foundation
    2009-09-27 21:31 . 2009-09-27 21:36 ——– d—–w- c:\program files\EZ Boosters
    2009-09-26 16:54 . 2009-09-26 16:54 680 —-a-w- c:\users\user\AppData\Local\d3d9caps.dat
    2009-09-26 13:08 . 2009-09-26 18:37 ——– d—–w- C:\efba4d6d9e367b6fbb40130791fef2ab
    2009-09-26 09:58 . 2009-04-22 22:27 38480 —-a-w- c:\windows\system32\drivers\WdfLdr.sys
    2009-09-26 09:58 . 2009-04-22 22:27 445008 —-a-w- c:\windows\system32\drivers\Wdf01000.sys
    2009-09-26 09:51 . 2009-09-02 09:09 176128 —-a-w- c:\windows\system32\drivers\Rtlh86.sys
    2009-09-26 09:51 . 2009-07-22 16:24 94208 —-a-w- c:\windows\system32\RTNUninst32.dll
    2009-09-26 09:51 . 2009-03-05 12:54 73728 —-a-w- c:\windows\system32\RtNicProp32.dll
    2009-09-26 09:49 . 2009-09-26 09:49 ——– d—–w- c:\program files\QMI
    2009-09-26 09:48 . 2008-04-28 09:37 393216 —-a-w- c:\windows\system32\athihvs.dll
    2009-09-26 09:48 . 2009-04-14 14:01 385024 —-a-w- c:\windows\system32\QmiInstDev.exe
    2009-09-26 09:29 . 2009-09-26 09:29 ——– d—–w- c:\program files\EzManual
    2009-09-26 00:20 . 2009-09-26 00:20 ——– d—–w- C:\437f0073dad264c3d2259447
    2009-09-26 00:18 . 2009-09-26 00:18 ——– d—–w- c:\windows\system32\EventProviders
    2009-09-25 22:20 . 2009-09-25 22:20 41872 —-a-w- c:\windows\system32\xfcodec.dll
    2009-09-19 15:16 . 2009-09-19 15:16 ——– d—–w- c:\program files\Wondershare
    2009-09-18 23:53 . 2009-09-18 23:53 ——– d—–w- c:\program files\iPhone Configuration Utility
    2009-09-18 23:52 . 2008-04-17 11:12 107368 —-a-w- c:\windows\system32\GEARAspi.dll
    2009-09-18 23:52 . 2009-05-18 12:17 26600 —-a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
    2009-09-18 23:52 . 2009-09-18 23:52 ——– d—–w- c:\program files\iPod
    2009-09-18 23:52 . 2009-09-18 23:52 ——– d—–w- c:\programdata\{755AC846-7372-4AC8-8550-C52491DAA8BD}
    2009-09-18 23:49 . 2009-09-18 23:50 ——– d—–w- c:\program files\QuickTime
    2009-09-18 23:27 . 2009-09-18 23:27 ——– d—–w- c:\programdata\Office Genuine Advantage
    2009-09-18 15:13 . 2009-06-15 15:24 175104 —-a-w- c:\windows\system32\wdigest.dll
    2009-09-18 15:13 . 2009-06-15 15:22 213504 —-a-w- c:\windows\system32\msv1_0.dll
    2009-09-18 15:13 . 2009-06-15 15:21 499712 —-a-w- c:\windows\system32\kerberos.dll
    2009-09-18 15:13 . 2009-06-15 15:24 270848 —-a-w- c:\windows\system32\schannel.dll
    2009-09-18 15:13 . 2009-06-15 15:23 1256448 —-a-w- c:\windows\system32\lsasrv.dll
    2009-09-18 15:13 . 2009-06-15 18:20 439896 —-a-w- c:\windows\system32\drivers\ksecdd.sys
    2009-09-18 15:13 . 2009-06-15 15:24 72704 —-a-w- c:\windows\system32\secur32.dll
    2009-09-18 15:13 . 2009-06-15 12:57 9728 —-a-w- c:\windows\system32\lsass.exe
    2009-09-18 14:39 . 2009-08-14 17:07 897608 —-a-w- c:\windows\system32\drivers\tcpip.sys
    2009-09-18 14:39 . 2009-08-14 16:29 104960 —-a-w- c:\windows\system32\netiohlp.dll
    2009-09-18 14:39 . 2009-08-14 14:16 27136 —-a-w- c:\windows\system32\NETSTAT.EXE
    2009-09-18 14:39 . 2009-08-14 14:16 9728 —-a-w- c:\windows\system32\TCPSVCS.EXE
    2009-09-18 14:39 . 2009-08-14 14:16 19968 —-a-w- c:\windows\system32\ARP.EXE
    2009-09-18 14:39 . 2009-08-14 14:16 10240 —-a-w- c:\windows\system32\finger.exe
    2009-09-18 14:38 . 2009-08-14 16:29 17920 —-a-w- c:\windows\system32\netevent.dll
    2009-09-18 14:38 . 2009-08-14 14:16 17920 —-a-w- c:\windows\system32\ROUTE.EXE
    2009-09-18 14:38 . 2009-08-14 14:16 11264 —-a-w- c:\windows\system32\MRINFO.EXE
    2009-09-18 14:38 . 2009-08-14 14:16 8704 —-a-w- c:\windows\system32\HOSTNAME.EXE
    2009-09-18 14:38 . 2009-07-11 19:32 513024 —-a-w- c:\windows\system32\wlansvc.dll
    2009-09-18 14:38 . 2009-07-11 19:32 302592 —-a-w- c:\windows\system32\wlansec.dll
    2009-09-18 14:38 . 2009-07-11 19:32 293376 —-a-w- c:\windows\system32\wlanmsm.dll
    2009-09-18 14:38 . 2009-07-11 19:29 127488 —-a-w- c:\windows\system32\L2SecHC.dll
    2009-09-18 14:38 . 2009-06-10 12:11 2868224 —-a-w- c:\windows\system32\mf.dll

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2009-10-12 13:38 . 2009-09-01 19:24 ——– d—–w- c:\users\user\AppData\Roaming\Azureus
    2009-10-12 13:31 . 2009-08-08 20:53 62804 —-a-w- c:\programdata\nvModes.dat
    2009-10-12 12:04 . 2009-08-08 21:06 139904 —-a-w- c:\windows\system32\drivers\PnkBstrK.sys
    2009-10-12 12:04 . 2009-08-08 21:05 189744 —-a-w- c:\windows\system32\PnkBstrB.exe
    2009-10-11 23:03 . 2009-06-09 02:35 12 —-a-w- c:\windows\bthservsdp.dat
    2009-10-11 21:58 . 2009-08-08 19:54 ——– d—–w- c:\programdata\Xfire
    2009-10-06 18:41 . 2009-08-09 08:02 ——– d—–w- c:\users\user\AppData\Roaming\vlc
    2009-10-06 10:04 . 2009-08-22 21:49 ——– d—–w- c:\programdata\Nero
    2009-10-01 19:35 . 2009-08-08 19:54 ——– d—–w- c:\users\user\AppData\Roaming\Xfire
    2009-09-30 10:57 . 2009-06-09 02:42 ——– d—–w- c:\programdata\Microsoft Help
    2009-09-30 10:33 . 2009-08-08 19:54 ——– d—–w- c:\program files\Xfire
    2009-09-29 19:32 . 2009-08-06 18:24 104584 —-a-w- c:\users\user\AppData\Local\GDIPFONTCACHEV1.DAT
    2009-09-29 19:31 . 2009-08-09 06:08 ——– d—–w- c:\program files\Microsoft
    2009-09-29 19:02 . 2006-11-02 12:37 ——– d—–w- c:\program files\MSBuild
    2009-09-29 07:47 . 2006-11-02 12:37 ——– d—–w- c:\program files\Windows Sidebar
    2009-09-29 00:34 . 2009-08-22 16:24 ——– d—–w- c:\program files\URUSoft
    2009-09-28 15:13 . 2009-08-09 06:16 ——– d—–w- c:\users\user\AppData\Roaming\Apple Computer
    2009-09-26 18:36 . 2006-11-02 11:18 ——– d—–w- c:\program files\Windows Mail
    2009-09-26 16:54 . 2009-06-25 07:39 ——– d—–w- c:\programdata\NVIDIA
    2009-09-26 10:00 . 2009-06-09 21:29 ——– d—–w- c:\program files\lg_swupdate
    2009-09-26 09:51 . 2009-06-09 15:49 ——– d—–w- c:\program files\Realtek
    2009-09-26 09:51 . 2009-06-09 15:49 ——– d–h–w- c:\program files\InstallShield Installation Information
    2009-09-18 23:52 . 2009-08-09 06:15 ——– d—–w- c:\program files\iTunes
    2009-09-18 23:52 . 2009-08-09 06:12 ——– d—–w- c:\program files\Common Files\Apple
    2009-09-01 21:13 . 2009-09-01 21:13 ——– d—–w- c:\program files\WinUHA
    2009-09-01 19:24 . 2009-09-01 19:24 ——– d—–w- c:\programdata\Azureus
    2009-09-01 19:23 . 2009-09-01 19:22 ——– d—–w- c:\program files\Vuze
    2009-08-28 12:39 . 2009-09-03 16:12 28672 —-a-w- c:\windows\system32\Apphlpdm.dll
    2009-08-28 10:15 . 2009-09-03 16:12 4240384 —-a-w- c:\windows\system32\GameUXLegacyGDFs.dll
    2009-08-23 09:02 . 2009-08-23 09:02 ——– d—–w- c:\program files\MSXML 4.0
    2009-08-15 18:49 . 2009-08-15 18:49 ——– d—–w- c:\users\user\AppData\Roaming\VitySoft
    2009-08-09 07:36 . 2009-08-09 07:36 411368 —-a-w- c:\windows\system32\deploytk.dll
    2009-08-08 21:05 . 2009-08-08 21:05 75064 —-a-w- c:\windows\system32\PnkBstrA.exe
    2009-08-03 13:07 . 2009-08-03 13:07 403816 —-a-w- c:\windows\system32\OGACheckControl.dll
    2009-08-03 13:07 . 2009-08-03 13:07 322928 —-a-w- c:\windows\system32\OGAAddin.dll
    2009-08-03 13:07 . 2009-08-03 13:07 230768 —-a-w- c:\windows\system32\OGAEXEC.exe
    2009-07-21 21:52 . 2009-08-09 12:18 915456 —-a-w- c:\windows\system32\wininet.dll
    2009-07-21 21:47 . 2009-08-09 12:18 109056 —-a-w- c:\windows\system32\iesysprep.dll
    2009-07-21 21:47 . 2009-08-09 12:18 71680 —-a-w- c:\windows\system32\iesetup.dll
    2009-07-21 20:13 . 2009-08-09 12:18 133632 —-a-w- c:\windows\system32\ieUnatt.exe
    2009-07-21 06:52 . 2009-07-21 06:52 499712 —-a-w- c:\windows\system32\msvcp71.dll
    2009-07-21 06:52 . 2009-07-21 06:52 348160 —-a-w- c:\windows\system32\msvcr71.dll
    2009-07-17 14:35 . 2009-08-15 15:13 71680 —-a-w- c:\windows\system32\atl.dll
    .

    ((((((((((((((((((((((((((((( SnapShot@2009-10-11_22.36.01 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2008-01-21 01:58 . 2009-10-12 11:14 49798 c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
    + 2006-11-02 13:05 . 2009-10-12 11:14 93264 c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
    + 2009-08-06 18:24 . 2009-10-12 11:14 6064 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-647323661-476650339-1405456048-1000_UserData.bin
    - 2009-10-11 21:12 . 2009-10-11 21:12 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
    + 2009-10-12 11:08 . 2009-10-12 11:08 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
    - 2009-10-11 21:12 . 2009-10-11 21:12 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
    + 2009-10-12 11:08 . 2009-10-12 11:08 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
    + 2006-11-02 10:33 . 2009-10-12 11:16 595684 c:\windows\System32\perfh009.dat
    - 2006-11-02 10:33 . 2009-10-11 21:19 595684 c:\windows\System32\perfh009.dat
    + 2006-11-02 10:33 . 2009-10-12 11:16 101350 c:\windows\System32\perfc009.dat
    - 2006-11-02 10:33 . 2009-10-11 21:19 101350 c:\windows\System32\perfc009.dat
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-21 1233920]
    "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-06-09 39408]
    "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]
    "SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-08-05 1830128]
    "WindowsWelcomeCenter"="oobefldr.dll" - c:\windows\System32\oobefldr.dll [2008-01-21 2153472]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
    "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-12-07 1029416]
    "zOSD"="c:\program files\LG Software\LG OSD\HotKey.exe" [2009-05-13 3166208]
    "KeybdUtility"="c:\program files\LG Software\LG OSD\HotKey.exe" [2009-05-13 3166208]
    "LG Magnifier"="c:\program files\LG Software\LG Magnifier\MagnifyingGlass.exe" [2008-05-20 144688]
    "LGSR_Menu"="c:\program files\LG Software\LG Smart Recovery\MUITransfer\MUIStartMenu.exe" [2008-09-24 210216]
    "LG Intelligent Update"="c:\program files\lg_swupdate\giljabistart.exe" [2009-02-16 304432]
    "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-05-07 7227936]
    "IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-04-27 186904]
    "IaNvSrv"="c:\program files\Intel\Intel Matrix Storage Manager\OROM\IaNvSrv\IaNvSrv.exe" [2009-03-09 33304]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-05-08 13605408]
    "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-05-08 92704]
    "UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2008-12-04 218408]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-12 39792]
    "WPCUMI"="c:\windows\system32\WpcUmi.exe" [2006-11-02 176128]
    "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-08-09 149280]
    "egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-02-06 2021400]
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-09-04 417792]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-09-08 305440]
    "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
    "Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]

    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-10-2 727592]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableUIADesktopToggle"= 0 (0x0)

    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
    "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
    2008-12-22 10:05 356352 —-a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "mixer3"=wdmaud.drv

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
    @="Service"

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
    "TCP Query User{B75DB40B-6AC9-4821-8A22-E08C6D942D2A}c:\\program files\\xfire\\xfire.exe"= UDP:c:\program files\xfire\xfire.exe:Xfire
    "UDP Query User{C603EE2D-1283-4621-A62A-BD6DF1DA7A53}c:\\program files\\xfire\\xfire.exe"= TCP:c:\program files\xfire\xfire.exe:Xfire
    "TCP Query User{7530347D-74E3-4DCB-B067-17E929E7CEC9}c:\\program files\\wolfenstein - enemy territory\\et.exe"= UDP:c:\program files\wolfenstein - enemy territory\et.exe:ET
    "UDP Query User{D968FB5B-1150-4099-8DD3-6AA11F8282DA}c:\\program files\\wolfenstein - enemy territory\\et.exe"= TCP:c:\program files\wolfenstein - enemy territory\et.exe:ET
    "{C8AE2C17-2CFC-40A7-B5F5-0F30EAC5F4F3}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
    "{551BA0DD-21B5-4F69-B3D0-2805E7130D36}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
    "{6CD9D12C-73F2-462C-A512-1540E68E1CF1}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
    "{D306976D-BB1A-4FE1-851C-1742EDDB6182}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
    "TCP Query User{A7DA8E50-2A84-4867-B0E8-C95388D186C6}c:\\program files\\participatory culture foundation\\miro\\miro_downloader.exe"= UDP:c:\program files\participatory culture foundation\miro\miro_downloader.exe:Miro_Downloader
    "UDP Query User{C1066CB7-CA67-48F4-B728-7481696D87C7}c:\\program files\\participatory culture foundation\\miro\\miro_downloader.exe"= TCP:c:\program files\participatory culture foundation\miro\miro_downloader.exe:Miro_Downloader
    "{6B33024D-981F-4022-846A-153063AA48BC}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
    "{61A0E5CD-C2F7-4631-81C8-4F780CAFF57D}"= UDP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
    "{F9421800-CAA1-464F-A6A0-DE1C068ACAC2}"= TCP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
    "{AED5D5BF-9888-4896-96CA-F27F69124C78}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
    "{19C1D88F-314F-43B3-9973-3DDC8B1EA0C2}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
    "TCP Query User{A2204E3B-FCAA-4FF2-9541-FF23EE8036B8}c:\\program files\\vuze\\azureus.exe"= UDP:c:\program files\vuze\azureus.exe:Azureus
    "UDP Query User{B17B35D2-9819-4961-BB04-5ECE55B8159E}c:\\program files\\vuze\\azureus.exe"= TCP:c:\program files\vuze\azureus.exe:Azureus

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
    "EnableFirewall"= 0 (0x0)

    R0 iaNvStor;Intel(R) Turbo Memory Controller;c:\windows\System32\drivers\iaNvStor.sys [6/9/2009 5:45 PM 229400]
    R0 pavboot;pavboot;c:\windows\System32\drivers\pavboot.sys [8/9/2009 9:39 AM 28544]
    R1 ehdrv;ehdrv;c:\windows\System32\drivers\ehdrv.sys [2/6/2009 2:23 PM 106208]
    R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [8/5/2009 4:06 PM 9968]
    R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [8/5/2009 4:06 PM 74480]
    R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [2/6/2009 2:23 PM 727720]
    R2 epfwwfp;epfwwfp;c:\windows\System32\drivers\epfwwfp.sys [2/6/2009 2:24 PM 38240]
    R3 netr28;Ralink 802.11n Wireless Driver for Windows Vista;c:\windows\System32\drivers\netr28.sys [3/27/2009 4:18 PM 529920]
    R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\System32\drivers\nvhda32v.sys [6/9/2009 5:45 PM 52768]
    R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [8/5/2009 4:06 PM 7408]
    S2 wlidsvc;Windows Live ID Sign-in Assistant;c:\program files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE [3/30/2009 4:28 PM 1533808]
    S3 AVer8G54;AVerMedia A855 II BDA Digital Tuner;c:\windows\System32\drivers\AVer8G54.sys [7/10/2009 1:05 AM 47104]
    S3 wsvd;wsvd;c:\windows\System32\drivers\wsvd.sys [5/26/2008 8:54 PM 81704]
    S4 ASKService;ASKService;c:\program files\AskBarDis\bar\bin\AskService.exe –> c:\program files\AskBarDis\bar\bin\AskService.exe [?]
    S4 ASKUpgrade;ASKUpgrade;c:\program files\AskBarDis\bar\bin\ASKUpgrade.exe –> c:\program files\AskBarDis\bar\bin\ASKUpgrade.exe [?]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    bthsvcs REG_MULTI_SZ BthServ

    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
    "c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
    .
    Contents of the 'Scheduled Tasks' folder

    2009-10-11 c:\windows\Tasks\User_Feed_Synchronization-{4C93D44A-C9D5-475B-883C-436E3DDE5EA8}.job
    - c:\windows\system32\msfeedssync.exe [2009-08-09 20:13]
    .
    .
    ——- Supplementary Scan ——-
    .
    uStart Page = hxxp://www.lge.com
    mStart Page = hxxp://www.lge.com
    uInternet Settings,ProxyOverride = *.local
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
    IE: Send image to &Bluetooth Device… - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
    IE: Send page to &Bluetooth Device… - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    LSP: c:\windows\system32\wpclsp.dll
    TCP: {640D2B37-D923-4A58-9E16-C45D498929C7} = 129.125.36.9,129.125.4.13
    FF - ProfilePath - c:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\eciyk4pe.default\
    FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
    FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
    .

    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2009-10-12 15:46
    Windows 6.0.6001 Service Pack 1 NTFS

    scanning hidden processes …

    scanning hidden autostart entries …

    scanning hidden files …

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    ——————— DLLs Loaded Under Running Processes ———————

    - - - - - - - > 'Explorer.exe'(3844)
    c:\windows\system32\btmmhook.dll
    .
    Completion time: 2009-10-12 15:47
    ComboFix-quarantined-files.txt 2009-10-12 13:47
    ComboFix2.txt 2009-10-11 23:01
    ComboFix3.txt 2009-10-11 22:37

    Pre-Run: 163,541,450,752 bytes free
    Post-Run: 163,448,233,984 bytes free

    283 — E O F — 2009-10-12 11:15
  • Hallo Nacho, ik heb een heel vervelende mededeling voor je: in jouw Windows zit het polymorfe virus Virut.

    Daar helpt maar één ding tegen: een schone installatie.

    Voordat je dan met programma's installeren begint, zet er eerst ook SP2 in - dat maakt Vista stabieler en sneller!

    En ga een andere dan de Windows firewall gebruiken, bijv. ZoneAlarmFree!

    Want Virut weet hoe de Windows firewall te omzeilen!
  • hmm ok,

    ik heb nog wel een paar vragen dan.

    wat is het precies voor virus wat doet het en wat voor effect heeft het voor me laptop?

    waar is de oorsprong van het virus? in welk bestand?

    zit het virus in al me bestanden en programma's dus ook in me externe harde schijf? (daar bevinden zich alleen films en foto's)

    kan ik bestanden/programma's dus op de externe hardeschijf plaatsen en zo dingen bewaren en later na de installatie terugplaatsen?

    hoe installeer ik vista opnieuw ik heb namelijk alleen vista op de computer staan en geen cd-schijf meegekregen van de winkel.
  • Virut is een zelfstandig virus.
    Het is een virus, dat zichzelf herbenoemt, om ontdekking tegen te gaan! Het verandert systeembestanden, herbenoemt files en nog meer en is bijzonder moeilijk te verwijderen!
    Virut is slim genoeg, om de Windows firewall te omzeilen, om binnen te dringen!

    Daarom: een schone herinstallatie is de beste oplossing en ga dan ook een echte firewall gebruiken
  • hey ik heb vista via mijn lg recovery buiten vista om terug kunnen zetten naar de utigave van wanneer hij uit de fabriek kwam.
    ik weet niet of dat hetzelfde is als een complete nieuwe installatie van vista daarom heb ik nu nog een combofix gemaakt.
    kan je misschien controleren of het virus nog in mijn laptop gegevens is?

    alvast hartstikke bedankt :wink:

    ComboFix 09-10-15.01 - user 10/15/2009 19:14.1.2 - NTFSx86
    Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3068.1932 [GMT 2:00]
    Running from: c:\users\user\Desktop\ComboFix.exe
    FW: Outpost Firewall *enabled* {8A20CA2A-9E02-4A64-923B-0A38208EB7FD}
    SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\$recycle.bin\S-1-5-21-1075378636-3642388641-673769889-500
    c:\$recycle.bin\S-1-5-21-647323661-476650339-1405456048-500

    .
    ((((((((((((((((((((((((( Files Created from 2009-09-15 to 2009-10-15 )))))))))))))))))))))))))))))))
    .

    2009-10-15 17:19 . 2009-10-15 17:19 ——– d—–w- c:\users\Default\AppData\Local\temp
    2009-10-15 01:54 . 2009-10-15 01:54 ——– d—–w- c:\windows\system32\ca-ES
    2009-10-15 01:54 . 2009-10-15 01:54 ——– d—–w- c:\windows\system32\eu-ES
    2009-10-15 01:53 . 2009-10-15 01:54 ——– d—–w- c:\windows\system32\vi-VN
    2009-10-15 01:39 . 2009-10-15 01:39 ——– d—–w- c:\windows\system32\EventProviders
    2009-10-15 01:38 . 2009-04-11 05:03 12240896 —-a-w- c:\windows\system32\NlsLexicons0007.dll
    2009-10-15 01:38 . 2009-04-11 06:28 1081344 —-a-w- c:\windows\system32\SLCExt.dll
    2009-10-15 01:38 . 2009-04-11 06:27 3408896 —-a-w- c:\windows\system32\SLsvc.exe
    2009-10-15 01:38 . 2009-04-11 06:28 2134528 —-a-w- c:\windows\system32\FunctionDiscoveryFolder.dll
    2009-10-15 01:38 . 2009-04-11 06:27 65536 —-a-w- c:\windows\system32\DevicePairingWizard.exe
    2009-10-15 01:36 . 2009-04-11 06:28 592896 —-a-w- c:\windows\system32\netlogon.dll
    2009-10-15 01:35 . 2009-04-11 06:28 83968 —-a-w- c:\windows\system32\wbem\wmiutils.dll
    2009-10-15 01:35 . 2009-04-11 06:28 744448 —-a-w- c:\windows\system32\wbem\wbemcore.dll
    2009-10-15 01:35 . 2009-04-11 06:28 30208 —-a-w- c:\windows\system32\wbem\wbemprox.dll
    2009-10-15 01:35 . 2009-04-11 06:28 265728 —-a-w- c:\windows\system32\wbem\repdrvfs.dll
    2009-10-15 01:35 . 2009-04-11 06:28 189440 —-a-w- c:\windows\system32\wbem\mofd.dll
    2009-10-15 01:35 . 2009-04-11 06:28 614912 —-a-w- c:\windows\system32\wbem\fastprox.dll
    2009-10-15 01:35 . 2009-04-11 06:28 265728 —-a-w- c:\windows\system32\wbem\esscli.dll
    2009-10-15 01:35 . 2009-04-11 06:28 705536 —-a-w- c:\windows\system32\SmiEngine.dll
    2009-10-15 01:35 . 2009-04-11 06:28 218624 —-a-w- c:\windows\system32\wdscore.dll
    2009-10-15 01:35 . 2009-04-11 06:27 130560 —-a-w- c:\windows\system32\PkgMgr.exe
    2009-10-15 01:35 . 2009-04-11 06:28 247808 —-a-w- c:\windows\system32\drvstore.dll
    2009-10-14 23:20 . 2009-10-14 23:20 ——– d—–w- c:\program files\Trend Micro
    2009-10-14 23:10 . 2009-04-06 09:37 704384 —-a-w- c:\windows\system32\drivers\SandBox.sys
    2009-10-14 23:10 . 2009-02-10 14:12 307224 —-a-w- c:\windows\system32\drivers\afwcore.sys
    2009-10-14 23:08 . 2009-02-18 15:27 29208 —-a-w- c:\windows\system32\drivers\afw.sys
    2009-10-14 23:08 . 2009-10-14 23:08 ——– d—–w- c:\program files\Agnitum
    2009-10-14 23:07 . 2009-10-14 23:07 ——– d—–w- c:\programdata\Agnitum
    2009-10-14 22:00 . 2009-02-15 21:11 293528 —-a-w- c:\windows\system32\drivers\vsdatant.sys
    2009-10-14 14:17 . 2009-10-14 14:17 ——– d—–w- c:\program files\ESET
    2009-10-14 14:10 . 2009-10-14 14:10 ——– d—–w- c:\users\user\AppData\Roaming\Malwarebytes
    2009-10-14 14:10 . 2009-09-10 12:54 38224 —-a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2009-10-14 14:10 . 2009-10-14 14:10 ——– d—–w- c:\program files\Malwarebytes' Anti-Malware
    2009-10-14 14:10 . 2009-10-14 14:10 ——– d—–w- c:\programdata\Malwarebytes
    2009-10-14 14:10 . 2009-09-10 12:53 19160 —-a-w- c:\windows\system32\drivers\mbam.sys
    2009-10-14 14:04 . 2009-10-14 14:04 ——– d—–w- c:\users\user\AppData\Roaming\GetRightToGo
    2009-10-14 12:52 . 2009-10-14 12:52 ——– d—–w- c:\users\user\AppData\Local\Mozilla
    2009-10-14 11:45 . 2009-06-22 10:09 2048 —-a-w- c:\windows\system32\tzres.dll
    2009-10-14 11:28 . 2009-10-14 11:28 ——– d—–w- c:\program files\Zone Labs
    2009-10-14 11:27 . 2009-10-14 11:27 ——– d—–w- c:\programdata\CheckPoint
    2009-10-14 11:23 . 2009-10-01 08:29 195440 ——w- c:\windows\system32\MpSigStub.exe
    2009-10-14 11:11 . 2009-10-14 22:39 ——– d—–w- c:\windows\Internet Logs
    2009-10-14 11:10 . 2008-07-27 18:03 41984 —-a-w- c:\windows\system32\netfxperf.dll
    2009-10-14 11:09 . 2009-04-11 06:28 1696768 —-a-w- c:\windows\system32\gameux.dll
    2009-10-14 11:09 . 2009-08-29 00:27 4240384 —-a-w- c:\windows\system32\GameUXLegacyGDFs.dll
    2009-10-14 11:09 . 2009-08-29 00:14 28672 —-a-w- c:\windows\system32\Apphlpdm.dll
    2009-10-14 11:09 . 2009-06-10 11:38 91136 —-a-w- c:\windows\system32\avifil32.dll
    2009-10-14 11:09 . 2009-05-08 12:53 604672 —-a-w- c:\windows\system32\WMSPDMOD.DLL
    2009-10-14 11:09 . 2009-06-15 14:54 175104 —-a-w- c:\windows\system32\wdigest.dll
    2009-10-14 11:09 . 2009-06-15 14:52 1259008 —-a-w- c:\windows\system32\lsasrv.dll
    2009-10-14 11:09 . 2009-06-15 14:52 499712 —-a-w- c:\windows\system32\kerberos.dll
    2009-10-14 11:09 . 2009-06-15 23:15 439864 —-a-w- c:\windows\system32\drivers\ksecdd.sys
    2009-10-14 11:09 . 2009-06-15 14:53 72704 —-a-w- c:\windows\system32\secur32.dll
    2009-10-14 11:09 . 2009-06-15 14:53 270848 —-a-w- c:\windows\system32\schannel.dll
    2009-10-14 11:09 . 2009-06-15 12:48 9728 —-a-w- c:\windows\system32\lsass.exe
    2009-10-14 11:07 . 2009-10-14 12:11 ——– d—–w- c:\users\user\AppData\Local\Google
    2009-10-14 11:01 . 2008-10-16 21:13 1809944 —-a-w- c:\windows\system32\wuaueng.dll
    2009-10-14 11:01 . 2008-10-16 21:09 51224 —-a-w- c:\windows\system32\wuauclt.exe
    2009-10-14 11:01 . 2008-10-16 21:09 43544 —-a-w- c:\windows\system32\wups2.dll
    2009-10-14 11:01 . 2008-10-16 20:56 1524736 —-a-w- c:\windows\system32\wucltux.dll
    2009-10-14 11:01 . 2008-10-16 12:08 162064 —-a-w- c:\windows\system32\wuwebv.dll
    2009-10-14 11:01 . 2008-10-16 11:56 31232 —-a-w- c:\windows\system32\wuapp.exe

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2009-10-15 16:11 . 2009-06-09 02:35 12 —-a-w- c:\windows\bthservsdp.dat
    2009-10-15 16:08 . 2009-06-09 15:54 ——– d—–w- c:\programdata\Partner
    2009-10-15 02:01 . 2009-06-25 07:39 ——– d—–w- c:\programdata\NVIDIA
    2009-10-15 01:55 . 2006-11-02 12:37 ——– d—–w- c:\program files\Windows Calendar
    2009-10-15 01:55 . 2006-11-02 11:18 ——– d—–w- c:\program files\Windows Mail
    2009-10-15 01:55 . 2006-11-02 12:37 ——– d—–w- c:\program files\Windows Sidebar
    2009-10-15 01:55 . 2006-11-02 12:37 ——– d—–w- c:\program files\Windows Journal
    2009-10-15 01:55 . 2006-11-02 12:37 ——– d—–w- c:\program files\Windows Collaboration
    2009-10-15 01:55 . 2006-11-02 12:37 ——– d—–w- c:\program files\Windows Photo Gallery
    2009-10-15 01:55 . 2006-11-02 12:37 ——– d—–w- c:\program files\Windows Defender
    2009-10-15 01:28 . 2009-06-09 21:29 ——– d—–w- c:\program files\lg_swupdate
    2009-09-14 09:29 . 2009-10-14 11:08 144896 —-a-w- c:\windows\system32\drivers\srv2.sys
    2009-09-11 05:26 . 2009-09-11 05:26 95896 —-a-w- c:\windows\system32\drivers\epfwwfpr.sys
    2009-09-11 05:23 . 2009-09-11 05:23 108792 —-a-w- c:\windows\system32\drivers\ehdrv.sys
    2009-09-11 05:17 . 2009-09-11 05:17 116008 ——w- c:\windows\system32\drivers\eamon.sys
    2009-09-10 16:48 . 2009-10-14 11:08 218624 —-a-w- c:\windows\system32\msv1_0.dll
    2009-09-04 11:41 . 2009-10-14 11:08 60928 —-a-w- c:\windows\system32\msasn1.dll
    2009-08-27 05:22 . 2009-10-14 11:38 916480 —-a-w- c:\windows\system32\wininet.dll
    2009-08-27 05:17 . 2009-10-14 11:38 71680 —-a-w- c:\windows\system32\iesetup.dll
    2009-08-27 05:17 . 2009-10-14 11:38 109056 —-a-w- c:\windows\system32\iesysprep.dll
    2009-08-27 03:42 . 2009-10-14 11:38 133632 —-a-w- c:\windows\system32\ieUnatt.exe
    2009-08-21 18:24 . 2009-08-21 18:24 66592 —-a-w- c:\windows\system32\drivers\nvhda32v.sys
    2009-08-21 18:23 . 2009-08-21 18:23 57344 —-a-w- c:\windows\system32\nvapo32v.dll
    2009-08-21 18:23 . 2009-08-21 18:23 19456 —-a-w- c:\windows\system32\nvhdap32.dll
    2009-08-20 17:18 . 2009-06-09 15:45 155648 —-a-w- c:\windows\system32\nvcohda.dll
    2009-08-20 17:18 . 2009-08-20 17:18 485920 —-a-w- c:\windows\system32\nvuhda.exe
    2009-08-20 17:18 . 2009-06-25 07:37 485920 —-a-w- c:\windows\system32\NVUNINST.EXE
    2009-08-14 16:27 . 2009-10-14 11:08 904776 —-a-w- c:\windows\system32\drivers\tcpip.sys
    2009-08-14 15:53 . 2009-10-14 11:08 17920 —-a-w- c:\windows\system32\netevent.dll
    2009-08-14 13:49 . 2009-10-14 11:08 9728 —-a-w- c:\windows\system32\TCPSVCS.EXE
    2009-08-14 13:49 . 2009-10-14 11:08 17920 —-a-w- c:\windows\system32\ROUTE.EXE
    2009-08-14 13:49 . 2009-10-14 11:08 11264 —-a-w- c:\windows\system32\MRINFO.EXE
    2009-08-14 13:49 . 2009-10-14 11:08 27136 —-a-w- c:\windows\system32\NETSTAT.EXE
    2009-08-14 13:49 . 2009-10-14 11:08 8704 —-a-w- c:\windows\system32\HOSTNAME.EXE
    2009-08-14 13:49 . 2009-10-14 11:08 19968 —-a-w- c:\windows\system32\ARP.EXE
    2009-08-14 13:49 . 2009-10-14 11:08 10240 —-a-w- c:\windows\system32\finger.exe
    2009-08-14 13:48 . 2009-10-14 11:08 30720 —-a-w- c:\windows\system32\drivers\tcpipreg.sys
    2009-08-14 13:48 . 2009-10-14 11:08 105984 —-a-w- c:\windows\system32\netiohlp.dll
    2009-08-06 18:24 . 2009-08-06 18:24 104584 —-a-w- c:\users\user\AppData\Local\GDIPFONTCACHEV1.DAT
    2009-08-04 12:34 . 2009-10-14 11:08 3600456 —-a-w- c:\windows\system32\ntkrnlpa.exe
    2009-08-04 12:34 . 2009-10-14 11:08 3548216 —-a-w- c:\windows\system32\ntoskrnl.exe
    2009-08-03 11:54 . 2009-08-03 11:54 569856 —-a-w- c:\windows\system32\drivers\netr28.sys
    2009-08-03 11:50 . 2009-08-03 11:50 221184 —-a-w- c:\windows\system32\RaCoInst.dll
    2009-08-03 11:50 . 2009-08-03 11:50 13931 —-a-w- c:\windows\system32\RaCoInst.dat
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
    "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-06-09 39408]
    "WindowsWelcomeCenter"="oobefldr.dll" - c:\windows\System32\oobefldr.dll [2009-04-11 2153472]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
    "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-03-28 1045800]
    "zOSD"="c:\program files\LG Software\LG OSD\HotKey.exe" [2009-05-13 3166208]
    "KeybdUtility"="c:\program files\LG Software\LG OSD\HotKey.exe" [2009-05-13 3166208]
    "LG Magnifier"="c:\program files\LG Software\LG Magnifier\MagnifyingGlass.exe" [2008-05-20 144688]
    "LGSR_Menu"="c:\program files\LG Software\LG Smart Recovery\MUITransfer\MUIStartMenu.exe" [2008-09-24 210216]
    "LG Intelligent Update"="c:\program files\lg_swupdate\giljabistart.exe" [2009-02-16 304432]
    "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-05-07 7227936]
    "IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-04-27 186904]
    "IaNvSrv"="c:\program files\Intel\Intel Matrix Storage Manager\OROM\IaNvSrv\IaNvSrv.exe" [2009-03-09 33304]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-05-08 13605408]
    "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-05-08 92704]
    "UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2008-12-04 218408]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-12 39792]
    "egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2009-09-11 2054360]
    "Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
    "OutpostMonitor"="c:\progra~1\Agnitum\OUTPOS~1\op_mon.exe" [2009-04-28 2374464]
    "OutpostFeedBack"="c:\program files\Agnitum\Outpost Firewall\feedback.exe" [2009-04-28 428032]
    "Skytel"="c:\program files\Realtek\Audio\HDA\Skytel.exe" [2009-05-07 1833504]

    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-10-2 727592]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableUIADesktopToggle"= 0 (0x0)

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"=c:\progra~1\Agnitum\OUTPOS~1\wl_hook.dll

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
    @="Service"

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
    "VistaSp2"=hex(b):3d,34,47,41,3b,4d,ca,01

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
    "{1C80DDF6-21DA-4CE0-906B-9878A4F960D1}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook

    R0 iaNvStor;Intel(R) Turbo Memory Controller;c:\windows\System32\drivers\iaNvStor.sys [6/9/2009 5:45 PM 229400]
    R1 afw;Agnitum Firewall Driver;c:\windows\System32\drivers\afw.sys [10/15/2009 1:08 AM 29208]
    R1 ehdrv;ehdrv;c:\windows\System32\drivers\ehdrv.sys [9/11/2009 7:23 AM 108792]
    R1 SandBox;SandBox;c:\windows\System32\drivers\SandBox.sys [10/15/2009 1:10 AM 704384]
    R2 acssrv;Agnitum Client Security Service;c:\progra~1\Agnitum\OUTPOS~1\acs.exe [10/15/2009 1:08 AM 1195008]
    R2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [9/11/2009 7:24 AM 735960]
    R2 epfwwfpr;epfwwfpr;c:\windows\System32\drivers\epfwwfpr.sys [9/11/2009 7:26 AM 95896]
    R3 afwcore;afwcore;c:\windows\System32\drivers\afwcore.sys [10/15/2009 1:10 AM 307224]
    R3 netr28;Ralink 802.11n Wireless Driver for Windows Vista;c:\windows\System32\drivers\netr28.sys [8/3/2009 1:54 PM 569856]
    R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\System32\drivers\nvhda32v.sys [8/21/2009 8:24 PM 66592]
    S3 AVer8G54;AVerMedia A855 II BDA Digital Tuner;c:\windows\System32\drivers\AVer8G54.sys [7/10/2009 1:05 AM 47104]
    S3 wsvd;wsvd;c:\windows\System32\drivers\wsvd.sys [5/26/2008 8:54 PM 81704]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    bthsvcs REG_MULTI_SZ BthServ

    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
    "c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
    .
    .
    ——- Supplementary Scan ——-
    .
    uStart Page = hxxp://www.lge.com
    mStart Page = hxxp://www.lge.com
    IE: Send image to &Bluetooth Device… - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
    IE: Send page to &Bluetooth Device… - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    TCP: {640D2B37-D923-4A58-9E16-C45D498929C7} = 129.125.36.9,129.125.4.13
    FF - ProfilePath - c:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\lv2mz8c9.default\
    FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
    .

    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2009-10-15 19:19
    Windows 6.0.6002 Service Pack 2 NTFS

    scanning hidden processes …

    scanning hidden autostart entries …

    scanning hidden files …

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    ——————— DLLs Loaded Under Running Processes ———————

    - - - - - - - > 'Explorer.exe'(3736)
    c:\windows\system32\btmmhook.dll
    .
    Completion time: 2009-10-15 19:20
    ComboFix-quarantined-files.txt 2009-10-15 17:20

    Pre-Run: 205,704,019,968 bytes free
    Post-Run: 205,817,556,992 bytes free

    211 — E O F — 2009-10-15 14:54


    Groetjes Niels
  • Hallo Nacho, die installatie is gepaard gegaan met een formatering!
    Dus is het een schone installatie geworden.
    En iik zie, dat ServicePack 2 nu ook geïnstalleerd is.

    Ik kan concluderen, dat het er nu prima uitziet.
    Ook het gegeven dat je de Outpost Firewal van Agnitum nu gebruikt, is goed.

    Heb je overigens middels het Beveiligscentrum gecontroleerd, of de Windows firewall nu is uitgegeschakeld?

    Zoniet, typ dan in de zoekregel [b:7306eda60e]services.msc[/b:7306eda60e] en schakel daar de Windows Firewall op uitgeschakeld! Vegeet dan ook niet de knop [b:7306eda60e]Stoppen[/b:7306eda60e] aan te klikken!

    Overigens denk ik, dat je niet eerder zo'n snelle Vista hebt gehad!
  • [quote:c1d1d4d80b="Abraham54"]Hallo Nacho, ik heb een heel vervelende mededeling voor je: in jouw Windows zit het polymorfe virus Virut.[/quote:c1d1d4d80b] Nog even gewoon uit nieuwsgierigheid : waar zat dan dat Virut-virus ?
  • @ Abraham: Kan je mij eens vertellen waaruit jij concludeert dat het een virut infectie is, want ik mis iets blijkbaar na analyzeren van de logs.

    Emphyrio :)
  • Even aansluitend bij de vorige sprekers, ik zie ook geen virut infectie terug in de logjes. Wellicht kan A54 even vertellen waar hij dit ziet ?
  • Vind de vraag van de 3 experts een beetje flauw. Zelf reageren ze amper op de enorme vraag om HIjT-logproblemen te verhelpen. Ik vind dat Abraham54 gewoon zijn best doet om zoveel mogelijk problemen op te lossen. :o
  • maar het was dus geen virus?
    fijn :D,
    maarja alsnog bedankt a54 je bent inderdaad de enige die reageert :wink:
  • Flauw ? , het gaat om het zo juist mogelijk advies, en niet zo maar wat roepen.

    Enig idee hoeveel logjes ik ( en mijn twee collega's ) per dag behandelen.


    We vragen alleen maar om aan te geven waar hij Virut ziet, ik had het ook al per pm gevraagd maar daar krijg ik een ontwijkend antwoord.

    Ik vind het niet flauw hoor, het gaat om het kwaliteit van antwoorden.
  • Allereerst denk ik dat iedereen hier probeert de ander te helpen!
    Neemt ook niet weg dat de mensen die advies geven wellicht ook wel eens iets van elkaar kunnen leren!
    Denk alleen ook niet dat het erg handig is om dan op het forum zo'n discussie te gaan voeren…
    Kortom… maakt niet uit wie er gelijk heeft…. bespreek dat even samen via de mail…
  • Vind je?
    O maar ik ben het eens als je zegt dat hij probeert te helpen, dat is ook de discussie niet. Het gaat ons erom dat hij goed helpt, dus als hij zegt dat hij Virut vind, en dat is een ernstige infectie, het enige wat helpt is formateren, dat moet het er ook zijn anders is hij alleen aan het paniek zaaien.
    En ik had het per pm gevraagd trouwens.

    Ik zie trouwens nog geen reactie van A54 of vind hij dit forum ook een oude wijven club ?

Beantwoord deze vraag

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.