Archief - log

Het archief is een bevroren moment uit een vorige versie van dit forum, met andere regels en andere bazen. Deze posts weerspiegelen op geen enkele manier onze huidige ideeën, waarden of wereldbeelden en zijn op sommige plaatsen gecensureerd wegens ontoelaatbaar. Veel zijn in een andere tijdsgeest gemaakt, al dan niet ironisch - zoals in het ironische subforum Off-Topic - en zouden op dit moment niet meer gepost (mogen) worden. Toch bieden we dit archief nog graag aan als informatiedatabank en naslagwerk. Lees er hier meer over of start een gesprek met anderen.

folser

Legacy Member
Kan iemand mij vertellen wat weg mag? :)
Want heb veel problemen op mijn pc, bijvoorbeeld, een hyperlink van eender welke zoekopdracht op google die naar een reclame site gaat. Sites van avg, hijackthis of eender welk programma rond virus en spyware wilt hij niet laden en kon eerst hijack this niet installeren, wou gewoon niet openen, heb het dan hernoemd naar gewoon een paar letters en het werkte wel.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:56:08, on 13/12/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16764)
Boot mode: Normal

Running processes:
C:\Windows\SYSTEM32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\ppcbooster\ppcb_32.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {2bae58c2-79f9-45d1-a286-81f911301c3a} - (no file)
O1 - Hosts: ::1 localhost
O2 - BHO: C:\Windows\system32\jsdf768wude.dll - {D5BF49A2-94F1-42BD-F434-3604812C807D} - C:\Windows\system32\jsdf768wude.dll (file missing)
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [LanzarL2007] "C:\Users\Davy\AppData\Local\Temp\{0ACB903F-0B41-4D78-B6FE-CA9C1EEB1250}\{D1DA2BA7-2592-4036-9BB2-DCCABDE8DC1A}\..\..\L2007tmp\Setup.exe" /SETUP:"/l0x0013"
O4 - HKLM\..\Run: [XboxStat] "C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe" silentrun
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [xsjfn83jkemfofght] C:\Users\Davy\AppData\Local\Temp\winloggn.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [DAEMON Tools Pro Agent] "C:\Program Files\DAEMON Tools Pro\DTProAgent.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [xsjfn83jkemfofght] C:\Users\Davy\AppData\Local\Temp\winloggn.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: ppcb_32.lnk = C:\Program Files\ppcbooster\ppcb_32.exe
O13 - Gopher Prefix:
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{DD5B05A1-6F37-4DE4-95F8-7F183B97678B}: NameServer = 195.130.130.2,195.130.131.2
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O20 - Winlogon Notify: crypt - C:\Windows\SYSTEM32\crypts.dll
O22 - SharedTaskScheduler: KJhaiufhw3nrih7wefywjfsdfd - {D5BF49A2-94F1-42BD-F434-3604812C807D} - C:\Windows\system32\jsdf768wude.dll (file missing)
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe

--
End of file - 5762 bytes

Juisterr

Legacy Member
Hallo en welkom,

Klik met de rechtermuis op het programma Hijackthis
Kies voor uitvoeren als administrator. En kies dan 'Do a system scan only'
Selecteer alleen de items die hieronder zijn genoemd:

R3 - URLSearchHook: (no name) - {2bae58c2-79f9-45d1-a286-81f911301c3a} - (no file)
O2 - BHO: C:\Windows\system32\jsdf768wude.dll - {D5BF49A2-94F1-42BD-F434-3604812C807D} - C:\Windows\system32\jsdf768wude.dll (file missing)
O4 - HKLM\..\Run: [xsjfn83jkemfofght] C:\Users\Davy\AppData\Local\Temp\winloggn.exe
O4 - HKCU\..\Run: [xsjfn83jkemfofght] C:\Users\Davy\AppData\Local\Temp\winloggn.exe
O22 - SharedTaskScheduler: KJhaiufhw3nrih7wefywjfsdfd - {D5BF49A2-94F1-42BD-F434-3604812C807D} - C:\Windows\system32\jsdf768wude.dll (file missing)

Sluit alle vensters behalve Hijackthis
Klik op 'Fix checked' om de items te verwijderen.


Download MalwareBytes' Anti-Malware en sla het op je bureaublad op.
Dubbelklik op mbam-setup.exe om het programma te installeren.

Zorg dat er na de installatie een vinkje is geplaatst bij:
  • Update MalwareBytes' Anti-Malware
  • Start MalwareBytes' Anti-Malware
Klik daarna op "Voltooien".
Indien een update gevonden wordt, zal die gedownload en geïnstalleerd worden.
  • Zodra het programma gestart is, ga dan naar het tabblad "Instellingen".
  • Vink hier aan: "Sluit Internet Explorer tijdens verwijdering van malware".
  • Ga daarna naar het tabblad "Scanner", kies hier voor "Snelle Scan".
  • Druk vervolgens op "Scannen" om de scan te starten.
  • Het scannen kan een tijdje duren, dus wees geduldig.
  • Wanneer de scan voltooid is, klik op OK, daarna "Bekijk Resultaten" om de resultaten te zien.
  • Zorg ervoor dat daar alles aangevinkt is, daarna klik op: "Verwijder geselecteerde".
  • Na het verwijderen zal een log openen en zal er gevraagd worden om de computer opnieuw op te starten.
Het log wordt automatisch bewaard door MalwareBytes' Anti-Malware en kan je terugvinden door op de "Logs" tab te klikken in het programma.

Plaats dit logje samen met een nieuw logje van HijackThis.

folser

Legacy Member
Ik krijg die site voor dat programmatje te downloaden nie geladen, niet in Firefox en niet in IE :s
In firefox gebeurt er niets, dan blijft firefox gewoon op dezelfde pagina en bij IE komt erop dat ik geen internetverbinding heb, er problemen zijn met de site of dat het adres verkeerd is

Juisterr

Legacy Member
Download ComboFix.

Mirror 1.

Mirror 2.

Voor je het opslaat, moet je ComboFix hernoemen.



CF_download_FF.gif




CF_download_rename.gif




Plaats het op je bureaublad.

Dubbelklik op het bestand (de hernoemde ComboFix.exe) dat je juist gedownload hebt, en volg de instructies.
Wanneer de tool klaar is, dit kan zijn na een reboot, post je de inhoud van de logfile die opent.

folser

Legacy Member
Kan ik ook niet downloaden, heb het geprobeerd langs alle drie die mirrors maar hij wil het gewoon niet laden zoals bij die malwarebytes. :s

Juisterr

Legacy Member
ook niet als je het anders noemt cbf.exe of fix.exe of hetmaaktnietuit.exe

folser

Legacy Member
nee, als ik koppeling opslagen als .. probeer komt er "de download kan niet worden opgeslagen omdat een onbekende fout is opgetreden" op.

Juisterr

Legacy Member
fix die regels even en start opnieuw op, plaats een nieuw HJT logje

folser

Legacy Member
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:31:03, on 17/12/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16764)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
C:\Windows\System32\rundll32.exe
C:\Windows\SYSTEM32\taskeng.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Vuze\Azureus.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
O1 - Hosts: ::1 localhost
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [XboxStat] "C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe" silentrun
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [DAEMON Tools Pro Agent] "C:\Program Files\DAEMON Tools Pro\DTProAgent.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{DD5B05A1-6F37-4DE4-95F8-7F183B97678B}: NameServer = 195.130.130.2,195.130.131.2
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe

--
End of file - 4586 bytes

Kan die bestanden wel nog altijd niet downloaden.

Juisterr

Legacy Member
Download GMER Rootkit detector

  • Bewaar het op een veilige plaats en pak het uit naar je bureaublad
  • Verbreek je internetverbinding en sluit ALLE programma's
  • Er is een kleine kans dat tijdens het runnen van deze applicatie de computer uitvalt, dus zorg dat je al je werk hebt opgeslagen
  • Dubbelklik gmer.exe en selecteer de “rootkit tab” > klik “scan”
  • Als je een waarschuwing krijgt over "rootkitactiviteiten" en als er wordt gevraagd om toestemming voor de scan geef OK
  • Klik rootkit tab en klik scan
  • als het scannen klaar is klik je copy
  • Open notepad en copy/paste de tekst
  • Herstel je internetverbinding en post de tekst in je volgende antwoord.

folser

Legacy Member
Sorry voor het late antwoord, kon die Gmer dus ook niet downloaden. Ik heb dan bij een maat al die bestanden gedownload (die malware scanner, gmer en combofix) en heb ze allemaal moeten hernoemen voordat ik ze kon openen. Die malware scanner is geinstalleerd maar wil hij niet openen. Foutmelding 'programma werkt niet meer'.
Logje van gmer kan ik hier niet posten. (The text that you have entered is too long (46402 characters). Please shorten it to 30000 characters long.)
Ik heb het dus gesaved en op rapidshare gezet: RapidShare: Easy Filehosting
Die combofix ga ik straks nog doen.

folser

Legacy Member
En de log van combofix:
ComboFix 08-12-26.03 - Davy 2008-12-27 23:16:25.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1043.18.3070.2053 [GMT 1:00]
Gestart vanuit: c:\users\Davy\Downloads\Documenten\jk.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Outdated)
* Nieuw herstelpunt werd aangemaakt
.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\install.exe
c:\program files\iCheck
c:\program files\iCheck\Uninstall.exe
c:\program files\ppcbooster
c:\program files\ppcbooster\ppcb_32.exe
c:\program files\ppcbooster\ppcbu_32.exe
c:\program files\VnrBlock
c:\program files\VnrBlock\xtarga.gz
c:\windows\gncyq5.exe
c:\windows\system32.exe
c:\windows\system32\crypts.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_TDSSSERV.SYS


(((((((((((((((((((( Bestanden Gemaakt van 2008-11-27 to 2008-12-27 ))))))))))))))))))))))))))))))
.

2008-12-27 23:03 . 2008-12-27 23:03 <DIR> d-------- c:\users\All Users\Malwarebytes
2008-12-27 23:03 . 2008-12-27 23:03 <DIR> d-------- c:\programdata\Malwarebytes
2008-12-27 23:03 . 2008-12-27 23:03 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2008-12-27 23:03 . 2008-12-03 19:59 38,496 --a------ c:\windows\System32\drivers\mbamswissarmy.sys
2008-12-27 23:03 . 2008-12-03 19:59 15,504 --a------ c:\windows\System32\drivers\mbam.sys
2008-12-26 00:15 . 2008-12-27 00:03 <DIR> d-------- c:\users\Davy\AppData\Roaming\LimeWire
2008-12-26 00:15 . 2008-12-26 00:45 <DIR> d-------- c:\program files\LimeWire
2008-12-25 23:11 . 2008-12-25 23:11 0 --a------ c:\windows\nsreg.dat
2008-12-25 13:05 . 2008-12-25 13:05 0 --ah----- c:\windows\System32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2008-12-24 23:37 . 2008-12-24 23:37 <DIR> d-------- c:\program files\Orca
2008-12-24 22:35 . 2008-12-24 22:35 <DIR> d-------- c:\users\Davy\AppData\Roaming\SystemRequirementsLab
2008-12-24 22:35 . 2008-12-24 22:35 <DIR> d-------- c:\program files\SystemRequirementsLab
2008-12-24 22:34 . 2008-12-24 22:34 <DIR> d-------- c:\windows\Sun
2008-12-24 18:09 . 2008-04-26 09:26 891,448 --a------ c:\windows\System32\drivers\tcpip.sys
2008-12-24 13:13 . 2008-12-24 13:13 <DIR> d-------- C:\PerfLogs
2008-12-22 12:03 . 2008-12-22 12:03 <DIR> d-------- c:\users\All Users\X10 Settings
2008-12-22 12:03 . 2008-12-22 12:03 <DIR> d-------- c:\programdata\X10 Settings
2008-12-22 12:02 . 2008-12-22 12:04 <DIR> d-------- c:\program files\X10 Hardware
2008-12-22 12:02 . 2008-12-22 12:02 <DIR> d-------- c:\program files\Common Files\X10
2008-12-22 12:02 . 2002-01-05 03:37 344,064 --a------ c:\windows\System32\msvcr70.dll
2008-12-22 12:02 . 1999-06-25 09:56 127,184 --a------ c:\windows\Unwise.exe
2008-12-22 12:02 . 2006-11-17 10:31 13,976 --a------ c:\windows\System32\drivers\x10hid.sys
2008-12-18 21:44 . 2008-01-19 08:33 8,139,264 --a------ c:\windows\System32\ssBranded.scr
2008-12-18 21:43 . 2008-01-19 07:06 8,147,456 --a------ c:\windows\System32\wmploc.DLL
2008-12-18 21:42 . 2008-01-19 08:36 704,512 --a------ c:\windows\System32\SmiEngine.dll
2008-12-18 21:42 . 2008-01-19 08:36 357,888 --a------ c:\windows\System32\wbemcomn.dll
2008-12-18 21:42 . 2008-01-19 08:36 139,264 --a------ c:\windows\System32\SmiInstaller.dll
2008-12-18 21:42 . 2008-01-19 08:36 129,536 --a------ c:\windows\System32\sqmapi.dll
2008-12-18 21:41 . 2008-01-19 08:36 218,624 --a------ c:\windows\System32\wdscore.dll
2008-12-18 21:41 . 2008-01-19 08:33 130,560 --a------ c:\windows\System32\PkgMgr.exe
2008-12-18 21:40 . 2008-01-19 08:34 305,152 --a------ c:\windows\System32\msdelta.dll
2008-12-18 21:40 . 2008-01-19 08:34 258,560 --a------ c:\windows\System32\dpx.dll
2008-12-18 21:40 . 2008-01-19 08:34 246,784 --a------ c:\windows\System32\drvstore.dll
2008-12-18 21:40 . 2008-01-19 08:35 35,328 --a------ c:\windows\System32\mspatcha.dll
2008-12-17 23:40 . 2008-12-17 23:40 <DIR> d-------- c:\program files\PQDVD
2008-12-17 18:07 . 2006-09-20 16:58 40,960 --a------ c:\windows\System32\psfind.dll
2008-12-17 18:02 . 2008-12-17 18:02 <DIR> d-------- c:\program files\THQ
2008-12-13 21:55 . 2008-12-13 21:55 <DIR> d-------- c:\program files\Trend Micro
2008-12-13 20:14 . 2008-12-27 23:06 <DIR> d--h----- C:\$AVG8.VAULT$
2008-12-13 20:14 . 2007-11-06 20:00 1,073,152 --a------ c:\windows\System32\nvcpluir.dll
2008-12-13 20:14 . 2007-11-06 20:00 307,200 --a------ c:\windows\System32\nvexpbar.dll
2008-12-13 20:11 . 2008-12-13 20:11 <DIR> d-------- c:\windows\System32\drivers\Avg
2008-12-13 20:11 . 2008-12-13 20:11 97,928 --a------ c:\windows\System32\drivers\avgldx86.sys
2008-12-13 20:11 . 2008-12-13 20:11 69,128 --a------ c:\windows\System32\drivers\avgwfpx.sys
2008-12-13 20:11 . 2008-12-13 20:11 10,520 --a------ c:\windows\System32\avgrsstx.dll
2008-12-13 20:10 . 2008-12-13 20:15 <DIR> d-------- c:\users\All Users\avg8
2008-12-13 20:10 . 2008-12-13 20:15 <DIR> d-------- c:\programdata\avg8
2008-12-13 20:10 . 2008-12-13 20:10 <DIR> d-------- c:\program files\AVG
2008-12-12 22:36 . 2008-12-24 23:54 200,980,605 --a------ c:\windows\MEMORY.DMP
2008-12-12 11:48 . 2008-12-12 11:48 <DIR> d-------- c:\program files\Microsoft Xbox 360 Accessories
2008-12-12 11:29 . 2008-10-22 02:22 2,048 --a------ c:\windows\System32\tzres.dll
2008-12-11 18:50 . 2008-12-11 18:50 <DIR> dr-h----- c:\users\Davy\AppData\Roaming\SecuROM
2008-12-11 18:50 . 2008-12-11 18:50 98,304 --a------ c:\windows\System32\CmdLineExt.dll
2008-12-11 18:39 . 2008-12-11 18:39 <DIR> d-------- c:\program files\Sierra
2008-12-11 18:36 . 2008-12-11 18:36 <DIR> d-------- c:\users\Davy\AppData\Roaming\InstallShield
2008-12-11 18:02 . 2008-12-11 18:02 <DIR> d-------- c:\users\Davy\AppData\Roaming\Lavasoft
2008-12-11 18:01 . 2008-12-11 18:01 <DIR> d-------- c:\program files\Lavasoft
2008-12-11 17:03 . 2008-12-11 17:03 <DIR> d-------- c:\users\All Users\sentinel
2008-12-11 17:03 . 2008-12-11 17:03 <DIR> d-------- c:\programdata\sentinel
2008-12-11 16:28 . 2008-11-01 02:21 4,240,384 --a------ c:\windows\System32\GameUXLegacyGDFs.dll
2008-12-11 16:28 . 2008-10-21 06:25 296,960 --a------ c:\windows\System32\gdi32.dll
2008-12-11 16:28 . 2008-11-01 04:44 28,672 --a------ c:\windows\System32\Apphlpdm.dll
2008-12-08 12:35 . 2008-12-08 12:35 16,384 --a------ c:\windows\wuan364443.exe
2008-12-08 12:35 . 2008-12-08 12:35 16,384 --a------ c:\windows\gbg033414.exe
2008-12-08 12:34 . 2008-12-08 12:34 88,064 --a------ C:\cepdtqe.exe
2008-12-08 12:34 . 2008-12-08 12:34 84,982 --a------ c:\windows\vtj708346.exe
2008-12-08 12:34 . 2008-12-08 12:34 54,255 --a------ c:\windows\c20232.exe
2008-12-08 12:34 . 2008-12-08 12:34 16,384 --a------ c:\windows\ykgee3362.exe
2008-12-08 12:34 . 2008-12-08 12:34 16,384 --a------ c:\windows\hw5305.exe
2008-12-08 12:34 . 2008-12-08 12:34 16,384 --a------ c:\windows\gu58826.exe
2008-12-08 12:34 . 2008-12-08 12:34 2 --a------ C:\-795856615
2008-12-08 12:31 . 2008-12-25 13:43 <DIR> d-------- c:\users\Davy\Shared
2008-12-08 12:30 . 2008-12-12 22:32 <DIR> d-------- c:\users\Davy\Incomplete
2008-12-08 12:30 . 2008-12-11 17:03 <DIR> d-------- c:\users\Davy\AppData\Roaming\LimeWireTurbo
2008-12-08 12:30 . 2008-12-12 22:35 <DIR> d-------- c:\program files\Conduit
2008-12-08 08:39 . 2008-12-08 12:42 <DIR> d-------- c:\users\Davy\Flatout 2
2008-12-07 22:48 . 2008-12-07 22:48 269,312 --a------ c:\windows\System32\es.dll
2008-12-07 21:16 . 2008-12-07 21:16 779,800 --a------ c:\windows\System32\PresentationNative_v0300.dll
2008-12-07 21:16 . 2008-12-07 21:16 579,584 --a------ c:\windows\System32\icardagt.exe
2008-12-07 21:16 . 2008-12-07 21:16 350,744 --a------ c:\windows\System32\PresentationHost.exe
2008-12-07 21:16 . 2008-12-07 21:16 106,520 --a------ c:\windows\System32\PresentationCFFRasterizerNative_v0300.dll
2008-12-07 21:16 . 2008-12-07 21:16 33,304 --a------ c:\windows\System32\PresentationHostProxy.dll
2008-12-07 21:16 . 2008-12-07 21:16 11,776 --a------ c:\windows\System32\icardres.dll
2008-12-07 21:06 . 2008-12-07 21:06 41,984 --a------ c:\windows\System32\netfxperf.dll
2008-12-07 00:21 . 2008-12-07 00:21 <DIR> d-------- c:\users\Davy\AppData\Roaming\Download Manager
2008-12-07 00:15 . 2008-12-07 00:15 <DIR> d-------- c:\program files\ImTOO
2008-12-06 21:57 . 2008-12-27 23:07 <DIR> d-------- c:\users\Davy\AppData\Roaming\Azureus
2008-12-06 21:57 . 2008-12-06 21:57 <DIR> d-------- c:\users\All Users\Azureus
2008-12-06 21:57 . 2008-12-06 21:57 <DIR> d-------- c:\programdata\Azureus
2008-12-06 21:56 . 2008-12-06 21:56 <DIR> d-------- c:\program files\Vuze
2008-12-06 21:55 . 2008-12-06 21:55 <DIR> d-------- c:\program files\Java
2008-12-06 21:55 . 2008-12-06 21:55 410,984 --a------ c:\windows\System32\deploytk.dll
2008-12-06 19:50 . 2008-12-06 19:50 <DIR> d-------- c:\program files\Microsoft Silverlight
2008-12-06 19:01 . 2008-12-06 19:01 361,984 --a------ c:\windows\System32\IPSECSVC.DLL
2008-12-06 19:01 . 2008-12-06 19:01 272,896 --a------ c:\windows\System32\polstore.dll
2008-12-06 19:01 . 2008-12-06 19:01 61,440 --a------ c:\windows\System32\winipsec.dll
2008-12-06 19:01 . 2008-12-06 19:01 28,672 --a------ c:\windows\System32\FwRemoteSvr.dll
2008-12-06 19:00 . 2008-12-06 19:00 1,695,744 --a------ c:\windows\System32\gameux.dll
2008-12-06 19:00 . 2008-12-06 19:00 241,152 --a------ c:\windows\System32\PortableDeviceApi.dll
2008-12-06 19:00 . 2008-12-06 19:00 160,768 --a------ c:\windows\System32\PortableDeviceTypes.dll
2008-12-06 19:00 . 2008-12-06 19:00 94,720 --a------ c:\windows\System32\PortableDeviceClassExtension.dll
2008-12-06 19:00 . 2008-12-06 19:00 1,820 --a------ c:\windows\System32\rasctrnm.h
2008-12-04 17:29 . 2008-12-04 17:29 428,544 --a------ c:\windows\System32\EncDec.dll
2008-12-04 17:29 . 2008-12-04 17:29 293,376 --a------ c:\windows\System32\psisdecd.dll
2008-12-04 17:29 . 2008-12-04 17:29 217,088 --a------ c:\windows\System32\psisrndr.ax
2008-12-04 17:29 . 2008-12-04 17:29 177,664 --a------ c:\windows\System32\mpg2splt.ax
2008-12-04 17:29 . 2008-12-04 17:29 80,896 --a------ c:\windows\System32\MSNP.ax
2008-12-04 17:29 . 2008-12-04 17:29 69,632 --a------ c:\windows\System32\Mpeg2Data.ax
2008-12-04 17:29 . 2008-12-04 17:29 57,856 --a------ c:\windows\System32\MSDvbNP.ax
2008-12-04 17:25 . 2008-12-04 17:25 212,480 --a------ c:\windows\System32\drivers\mrxsmb10.sys
2008-12-04 17:23 . 2008-12-04 17:23 303,616 --a------ c:\windows\System32\wmpeffects.dll
2008-12-04 17:22 . 2008-12-04 17:22 2,032,640 --a------ c:\windows\System32\win32k.sys
2008-12-04 17:22 . 2008-12-04 17:22 1,191,936 --a------ c:\windows\System32\msxml3.dll
2008-12-04 17:22 . 2008-12-04 17:22 2,048 --a------ c:\windows\System32\msxml3r.dll
2008-12-04 17:21 . 2008-12-04 17:21 0 --ah----- c:\windows\System32\drivers\Msft_Kernel_xusb21_01005.Wdf
2008-12-04 17:17 . 2008-01-19 08:34 15,872 --a------ c:\windows\System32\hcrstco.dll
2008-12-04 17:17 . 2006-11-02 10:46 8,704 --a------ c:\windows\System32\hccoin.dll
2008-12-04 17:13 . 2008-12-04 17:13 988,216 --a------ c:\windows\System32\winload.exe
2008-12-04 17:13 . 2008-12-04 17:13 927,288 --a------ c:\windows\System32\winresume.exe
2008-12-04 17:13 . 2008-12-04 17:13 615,992 --a------ c:\windows\System32\ci.dll
2008-12-04 17:13 . 2008-12-04 17:13 378,368 --a------ c:\windows\System32\srcore.dll
2008-12-04 17:13 . 2008-12-04 17:13 318,464 --a------ c:\windows\System32\rstrui.exe
2008-12-04 17:13 . 2008-12-04 17:13 46,592 --a------ c:\windows\System32\setbcdlocale.dll
2008-12-04 17:13 . 2008-12-04 17:13 40,960 --a------ c:\windows\System32\srclient.dll
2008-12-04 17:13 . 2008-12-04 17:13 19,000 --a------ c:\windows\System32\kd1394.dll

.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-24 12:22 174 --sha-w c:\program files\desktop.ini
2008-12-24 12:15 --------- d-----w c:\program files\Windows Sidebar
2008-12-24 12:15 --------- d-----w c:\program files\Windows Photo Gallery
2008-12-24 12:15 --------- d-----w c:\program files\Windows Mail
2008-12-24 12:15 --------- d-----w c:\program files\Windows Journal
2008-12-24 12:15 --------- d-----w c:\program files\Windows Defender
2008-12-24 12:15 --------- d-----w c:\program files\Windows Collaboration
2008-12-24 12:15 --------- d-----w c:\program files\Windows Calendar
2008-12-06 18:00 2,560 ----a-w c:\windows\AppPatch\AcRes.dll
2008-12-01 21:08 --------- d-sh--w c:\programdata\Sjablonen
2008-12-01 21:08 --------- d-sh--w c:\programdata\Menu Start
2008-12-01 21:08 --------- d-sh--w c:\programdata\Favorieten
2008-12-01 21:08 --------- d-sh--w c:\programdata\Documenten
2008-12-01 21:08 --------- d-sh--w c:\programdata\Bureaublad
2008-11-01 03:44 541,696 ----a-w c:\windows\AppPatch\AcLayers.dll
2008-11-01 03:44 52,736 ----a-w c:\windows\AppPatch\iebrshim.dll
2008-11-01 03:44 460,288 ----a-w c:\windows\AppPatch\AcSpecfc.dll
2008-11-01 03:44 2,154,496 ----a-w c:\windows\AppPatch\AcGenral.dll
2008-11-01 03:44 173,056 ----a-w c:\windows\AppPatch\AcXtrnal.dll
2008-10-29 06:29 2,927,104 ----a-w c:\windows\explorer.exe
.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-12-23 143360]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-06 136600]
"XboxStat"="c:\program files\Microsoft Xbox 360 Accessories\XboxStat.exe" [2007-02-13 734624]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2008-12-13 1261336]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-11-06 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-11-06 8530464]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-11-06 81920]
"RtHDVCpl"="RtHDVCpl.exe" [2007-01-18 c:\windows\RtHDVCpl.exe]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{15951E54-2492-4C5B-AED5-71B1A8698B63}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{AD7D7161-C414-4AD2-8360-E127492713BE}"= c:\program files\AVG\AVG8\avgemc.exe:avgemc.exe
"{1542F147-E78F-4B39-9EAF-5CC47FCD29B4}"= c:\program files\AVG\AVG8\avgupd.exe:avgupd.exe
"TCP Query User{F2CA693C-B9F9-42B0-8BD9-0558F246D10E}c:\\program files\\vuze\\azureus.exe"= UDP:c:\program files\vuze\azureus.exe:Azureus
"UDP Query User{E34C4506-D934-4C98-B38E-75554649EE39}c:\\program files\\vuze\\azureus.exe"= TCP:c:\program files\vuze\azureus.exe:Azureus
"TCP Query User{0410AC73-83C7-4739-85EA-4D4B0AF846D2}e:\\rise of the argonauts\\rise of the argonauts\\binaries\\riseoftheargonauts.exe"= UDP:e:\rise of the argonauts\rise of the argonauts\binaries\riseoftheargonauts.exe:RiseOfTheArgonauts
"UDP Query User{33143E01-88EB-4530-B9E3-9AD23118020C}e:\\rise of the argonauts\\rise of the argonauts\\binaries\\riseoftheargonauts.exe"= TCP:e:\rise of the argonauts\rise of the argonauts\binaries\riseoftheargonauts.exe:RiseOfTheArgonauts
"{EBA54F3C-4578-4E33-ABE8-13993B8BC3FC}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"TCP Query User{99100A71-D78A-4849-87C0-4EA87F568B5F}c:\\users\\davy\\shared\\[ pc games ] - age of empires ii(full)(2)\\empires2.exe"= UDP:c:\users\davy\shared\[ pc games ] - age of empires ii(full)(2)\empires2.exe:empires2.exe
"UDP Query User{BB63E4C9-C01B-480D-9868-E9AE9B9A210F}c:\\users\\davy\\shared\\[ pc games ] - age of empires ii(full)(2)\\empires2.exe"= TCP:c:\users\davy\shared\[ pc games ] - age of empires ii(full)(2)\empires2.exe:empires2.exe
"{E05FF5F7-D93B-45F7-B625-945824D7ED0B}"= UDP:c:\program files\LimeWire\LimeWire.exe:LimeWire
"{1C9E6C86-7F3D-4173-882A-6D3A0875DA7F}"= TCP:c:\program files\LimeWire\LimeWire.exe:LimeWire
"TCP Query User{4B545164-F968-43B5-8D02-76DF3E8C6BF2}c:\\program files\\vuze\\azureus.exe"= UDP:c:\program files\vuze\azureus.exe:Azureus
"UDP Query User{119F92E3-BCBA-428A-ACC1-2F10DAB75189}c:\\program files\\vuze\\azureus.exe"= TCP:c:\program files\vuze\azureus.exe:Azureus

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\Drivers\avgldx86.sys [2008-12-13 97928]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2008-12-13 875288]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2008-12-13 231704]
R3 AvgWfpX;AVG Free8 Firewall Driver x86;c:\windows\system32\Drivers\avgwfpx.sys [2008-12-13 69128]
R3 netr73;RT73 USB Wireless LAN Card Driver for Vista;c:\windows\system32\DRIVERS\netr73.sys [2007-05-11 329728]
R3 Ph3xIB32;Philips 713x Inbox PCI TV Card;c:\windows\system32\DRIVERS\Ph3xIB32.sys [2007-04-03 1131136]
R3 X10Hid;X10 Hid Device;c:\windows\system32\Drivers\x10hid.sys [2008-12-22 13976]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{71e13cbe-bfdb-11dd-ad50-806e6f6e6963}]
\shell\AutoRun\command - F:\Launch.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{71e13cbf-bfdb-11dd-ad50-806e6f6e6963}]
\shell\AutoRun\command - G:\FahrenheitAutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e862c09e-c0b9-11dd-9d5d-0019db5d422a}]
\shell\AutoRun\command - I:\autorun.exe

*Newly Created Service* - TDSSSERV.SYS
.
- - - - ORPHANS VERWIJDERD - - - -

HKCU-Run-DAEMON Tools Pro Agent - c:\program files\DAEMON Tools Pro\DTProAgent.exe



**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-27 23:22:09
Windows 6.0.6001 Service Pack 1 NTFS

scannen van verborgen processen ...

scannen van verborgen autostart items ...

scannen van verborgen bestanden ...

Scan succesvol afgerond
verborgen bestanden:

**************************************************************************
.
------------------------ Andere Aktieve Processen ------------------------
.
c:\windows\System32\nvvsvc.exe
c:\windows\System32\audiodg.exe
c:\windows\System32\rundll32.exe
c:\program files\AVG\AVG8\avgtray.exe
c:\windows\System32\rundll32.exe
c:\program files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
c:\windows\ehome\ehmsas.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\progra~1\COMMON~1\X10\Common\X10nets.exe
c:\windows\System32\WUDFHost.exe
c:\progra~1\AVG\AVG8\avgrsx.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\Common Files\Ahead\Lib\NMIndexingService.exe
c:\windows\System32\dllhost.exe
.
**************************************************************************
.
Voltooingstijd: 2008-12-27 23:29:26 - machine werd herstart [Davy]
ComboFix-quarantined-files.txt 2008-12-27 22:29:20

Pre-Run: 29.950.115.840 bytes beschikbaar
Post-Run: 29,895,536,640 bytes beschikbaar

264 --- E O F --- 2008-12-24 17:23:48

Juisterr

Legacy Member
Open Kladblok, kopieer en plak het volgende (vetgedrukte, blauwe tekst) in een leeg venster:

File::
c:\windows\wuan364443.exe
c:\windows\gbg033414.exe
c:\windows\ykgee3362.exe
c:\windows\hw5305.exe
c:\windows\gu58826.exe
C:\-795856615
c:\windows\vtj708346.exe
c:\windows\c20232.exe
C:\cepdtqe.exe



Sla dit op op je Bureaublad als CFScript.txt.

Sleep CFScript.txt in ComboFix.exe zoals getoond in onderstaand voorbeeld :

CFScript.gif





Dit zal ComboFix doen herstarten.

Na het herstarten van je computer, (indien het vraagt om te herstarten), kopieer en plak de inhoud van Combofix.txt in je volgende antwoord.



plaats een nieuw HJT logje

folser

Legacy Member
Combofix:

ComboFix 08-12-26.03 - Davy 2008-12-28 23:38:23.2 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1043.18.3070.1693 [GMT 1:00]
Gestart vanuit: c:\users\Davy\Downloads\Documenten\jk.exe
gebruikte Opdracht switches :: c:\users\Davy\Desktop\CFScript.txt
AV: AVG Anti-Virus Free *On-access scanning disabled* (Outdated)
* Nieuw herstelpunt werd aangemaakt

FILE ::
C:\-795856615
C:\cepdtqe.exe
c:\windows\c20232.exe
c:\windows\gbg033414.exe
c:\windows\gu58826.exe
c:\windows\hw5305.exe
c:\windows\vtj708346.exe
c:\windows\wuan364443.exe
c:\windows\ykgee3362.exe
.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\-795856615
c:\windows\system32\TDSSbojx.dll
c:\windows\system32\TDSSwows.dat

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_TDSSSERV.SYS
-------\Service_TDSSserv.sys


(((((((((((((((((((( Bestanden Gemaakt van 2008-11-28 to 2008-12-28 ))))))))))))))))))))))))))))))
.

2008-12-27 23:34 . 2008-12-27 23:34 <DIR> d-------- c:\users\Davy\AppData\Roaming\Malwarebytes
2008-12-27 23:03 . 2008-12-27 23:03 <DIR> d-------- c:\users\All Users\Malwarebytes
2008-12-27 23:03 . 2008-12-27 23:03 <DIR> d-------- c:\programdata\Malwarebytes
2008-12-27 23:03 . 2008-12-27 23:03 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2008-12-27 23:03 . 2008-12-03 19:59 38,496 --a------ c:\windows\System32\drivers\mbamswissarmy.sys
2008-12-27 23:03 . 2008-12-03 19:59 15,504 --a------ c:\windows\System32\drivers\mbam.sys
2008-12-26 00:15 . 2008-12-27 00:03 <DIR> d-------- c:\users\Davy\AppData\Roaming\LimeWire
2008-12-26 00:15 . 2008-12-26 00:45 <DIR> d-------- c:\program files\LimeWire
2008-12-25 23:11 . 2008-12-25 23:11 0 --a------ c:\windows\nsreg.dat
2008-12-25 13:05 . 2008-12-25 13:05 0 --ah----- c:\windows\System32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2008-12-24 23:37 . 2008-12-24 23:37 <DIR> d-------- c:\program files\Orca
2008-12-24 22:35 . 2008-12-24 22:35 <DIR> d-------- c:\users\Davy\AppData\Roaming\SystemRequirementsLab
2008-12-24 22:35 . 2008-12-24 22:35 <DIR> d-------- c:\program files\SystemRequirementsLab
2008-12-24 22:34 . 2008-12-24 22:34 <DIR> d-------- c:\windows\Sun
2008-12-24 18:09 . 2008-04-26 09:26 891,448 --a------ c:\windows\System32\drivers\tcpip.sys
2008-12-24 13:13 . 2008-12-24 13:13 <DIR> d-------- C:\PerfLogs
2008-12-22 12:03 . 2008-12-22 12:03 <DIR> d-------- c:\users\All Users\X10 Settings
2008-12-22 12:03 . 2008-12-22 12:03 <DIR> d-------- c:\programdata\X10 Settings
2008-12-22 12:02 . 2008-12-22 12:04 <DIR> d-------- c:\program files\X10 Hardware
2008-12-22 12:02 . 2008-12-22 12:02 <DIR> d-------- c:\program files\Common Files\X10
2008-12-22 12:02 . 2002-01-05 03:37 344,064 --a------ c:\windows\System32\msvcr70.dll
2008-12-22 12:02 . 1999-06-25 09:56 127,184 --a------ c:\windows\Unwise.exe
2008-12-22 12:02 . 2006-11-17 10:31 13,976 --a------ c:\windows\System32\drivers\x10hid.sys
2008-12-18 21:44 . 2008-01-19 08:33 8,139,264 --a------ c:\windows\System32\ssBranded.scr
2008-12-18 21:43 . 2008-01-19 07:06 8,147,456 --a------ c:\windows\System32\wmploc.DLL
2008-12-18 21:42 . 2008-01-19 08:36 704,512 --a------ c:\windows\System32\SmiEngine.dll
2008-12-18 21:42 . 2008-01-19 08:36 357,888 --a------ c:\windows\System32\wbemcomn.dll
2008-12-18 21:42 . 2008-01-19 08:36 139,264 --a------ c:\windows\System32\SmiInstaller.dll
2008-12-18 21:42 . 2008-01-19 08:36 129,536 --a------ c:\windows\System32\sqmapi.dll
2008-12-18 21:41 . 2008-01-19 08:36 218,624 --a------ c:\windows\System32\wdscore.dll
2008-12-18 21:41 . 2008-01-19 08:33 130,560 --a------ c:\windows\System32\PkgMgr.exe
2008-12-18 21:40 . 2008-01-19 08:34 305,152 --a------ c:\windows\System32\msdelta.dll
2008-12-18 21:40 . 2008-01-19 08:34 258,560 --a------ c:\windows\System32\dpx.dll
2008-12-18 21:40 . 2008-01-19 08:34 246,784 --a------ c:\windows\System32\drvstore.dll
2008-12-18 21:40 . 2008-01-19 08:35 35,328 --a------ c:\windows\System32\mspatcha.dll
2008-12-17 23:40 . 2008-12-17 23:40 <DIR> d-------- c:\program files\PQDVD
2008-12-17 18:07 . 2006-09-20 16:58 40,960 --a------ c:\windows\System32\psfind.dll
2008-12-17 18:02 . 2008-12-17 18:02 <DIR> d-------- c:\program files\THQ
2008-12-13 21:55 . 2008-12-13 21:55 <DIR> d-------- c:\program files\Trend Micro
2008-12-13 20:14 . 2008-12-28 00:58 <DIR> d--h----- C:\$AVG8.VAULT$
2008-12-13 20:14 . 2007-11-06 20:00 1,073,152 --a------ c:\windows\System32\nvcpluir.dll
2008-12-13 20:14 . 2007-11-06 20:00 307,200 --a------ c:\windows\System32\nvexpbar.dll
2008-12-13 20:11 . 2008-12-28 18:01 <DIR> d-------- c:\windows\System32\drivers\Avg
2008-12-13 20:11 . 2008-12-13 20:11 97,928 --a------ c:\windows\System32\drivers\avgldx86.sys
2008-12-13 20:11 . 2008-12-13 20:11 69,128 --a------ c:\windows\System32\drivers\avgwfpx.sys
2008-12-13 20:11 . 2008-12-13 20:11 10,520 --a------ c:\windows\System32\avgrsstx.dll
2008-12-13 20:10 . 2008-12-13 20:15 <DIR> d-------- c:\users\All Users\avg8
2008-12-13 20:10 . 2008-12-13 20:15 <DIR> d-------- c:\programdata\avg8
2008-12-13 20:10 . 2008-12-13 20:10 <DIR> d-------- c:\program files\AVG
2008-12-12 22:36 . 2008-12-24 23:54 200,980,605 --a------ c:\windows\MEMORY.DMP
2008-12-12 11:48 . 2008-12-28 00:56 <DIR> d-------- c:\program files\Microsoft Xbox 360 Accessories
2008-12-12 11:29 . 2008-10-22 02:22 2,048 --a------ c:\windows\System32\tzres.dll
2008-12-11 18:50 . 2008-12-11 18:50 <DIR> dr-h----- c:\users\Davy\AppData\Roaming\SecuROM
2008-12-11 18:50 . 2008-12-11 18:50 98,304 --a------ c:\windows\System32\CmdLineExt.dll
2008-12-11 18:39 . 2008-12-11 18:39 <DIR> d-------- c:\program files\Sierra
2008-12-11 18:36 . 2008-12-11 18:36 <DIR> d-------- c:\users\Davy\AppData\Roaming\InstallShield
2008-12-11 18:02 . 2008-12-11 18:02 <DIR> d-------- c:\users\Davy\AppData\Roaming\Lavasoft
2008-12-11 18:01 . 2008-12-11 18:01 <DIR> d-------- c:\program files\Lavasoft
2008-12-11 17:03 . 2008-12-11 17:03 <DIR> d-------- c:\users\All Users\sentinel
2008-12-11 17:03 . 2008-12-11 17:03 <DIR> d-------- c:\programdata\sentinel
2008-12-11 16:28 . 2008-11-01 02:21 4,240,384 --a------ c:\windows\System32\GameUXLegacyGDFs.dll
2008-12-11 16:28 . 2008-10-21 06:25 296,960 --a------ c:\windows\System32\gdi32.dll
2008-12-11 16:28 . 2008-11-01 04:44 28,672 --a------ c:\windows\System32\Apphlpdm.dll
2008-12-08 12:31 . 2008-12-25 13:43 <DIR> d-------- c:\users\Davy\Shared
2008-12-08 12:30 . 2008-12-12 22:32 <DIR> d-------- c:\users\Davy\Incomplete
2008-12-08 12:30 . 2008-12-11 17:03 <DIR> d-------- c:\users\Davy\AppData\Roaming\LimeWireTurbo
2008-12-08 12:30 . 2008-12-12 22:35 <DIR> d-------- c:\program files\Conduit
2008-12-08 08:39 . 2008-12-08 12:42 <DIR> d-------- c:\users\Davy\Flatout 2
2008-12-07 22:48 . 2008-12-07 22:48 269,312 --a------ c:\windows\System32\es.dll
2008-12-07 21:16 . 2008-12-07 21:16 779,800 --a------ c:\windows\System32\PresentationNative_v0300.dll
2008-12-07 21:16 . 2008-12-07 21:16 579,584 --a------ c:\windows\System32\icardagt.exe
2008-12-07 21:16 . 2008-12-07 21:16 350,744 --a------ c:\windows\System32\PresentationHost.exe
2008-12-07 21:16 . 2008-12-07 21:16 106,520 --a------ c:\windows\System32\PresentationCFFRasterizerNative_v0300.dll
2008-12-07 21:16 . 2008-12-07 21:16 33,304 --a------ c:\windows\System32\PresentationHostProxy.dll
2008-12-07 21:16 . 2008-12-07 21:16 11,776 --a------ c:\windows\System32\icardres.dll
2008-12-07 21:06 . 2008-12-07 21:06 41,984 --a------ c:\windows\System32\netfxperf.dll
2008-12-07 00:21 . 2008-12-07 00:21 <DIR> d-------- c:\users\Davy\AppData\Roaming\Download Manager
2008-12-07 00:15 . 2008-12-07 00:15 <DIR> d-------- c:\program files\ImTOO
2008-12-06 21:57 . 2008-12-28 23:42 <DIR> d-------- c:\users\Davy\AppData\Roaming\Azureus
2008-12-06 21:57 . 2008-12-06 21:57 <DIR> d-------- c:\users\All Users\Azureus
2008-12-06 21:57 . 2008-12-06 21:57 <DIR> d-------- c:\programdata\Azureus
2008-12-06 21:56 . 2008-12-06 21:56 <DIR> d-------- c:\program files\Vuze
2008-12-06 21:55 . 2008-12-06 21:55 <DIR> d-------- c:\program files\Java
2008-12-06 21:55 . 2008-12-06 21:55 410,984 --a------ c:\windows\System32\deploytk.dll
2008-12-06 19:50 . 2008-12-06 19:50 <DIR> d-------- c:\program files\Microsoft Silverlight
2008-12-06 19:01 . 2008-12-06 19:01 361,984 --a------ c:\windows\System32\IPSECSVC.DLL
2008-12-06 19:01 . 2008-12-06 19:01 272,896 --a------ c:\windows\System32\polstore.dll
2008-12-06 19:01 . 2008-12-06 19:01 61,440 --a------ c:\windows\System32\winipsec.dll
2008-12-06 19:01 . 2008-12-06 19:01 28,672 --a------ c:\windows\System32\FwRemoteSvr.dll
2008-12-06 19:00 . 2008-12-06 19:00 1,695,744 --a------ c:\windows\System32\gameux.dll
2008-12-06 19:00 . 2008-12-06 19:00 241,152 --a------ c:\windows\System32\PortableDeviceApi.dll
2008-12-06 19:00 . 2008-12-06 19:00 160,768 --a------ c:\windows\System32\PortableDeviceTypes.dll
2008-12-06 19:00 . 2008-12-06 19:00 94,720 --a------ c:\windows\System32\PortableDeviceClassExtension.dll
2008-12-06 19:00 . 2008-12-06 19:00 1,820 --a------ c:\windows\System32\rasctrnm.h
2008-12-04 17:29 . 2008-12-04 17:29 428,544 --a------ c:\windows\System32\EncDec.dll
2008-12-04 17:29 . 2008-12-04 17:29 293,376 --a------ c:\windows\System32\psisdecd.dll
2008-12-04 17:29 . 2008-12-04 17:29 217,088 --a------ c:\windows\System32\psisrndr.ax
2008-12-04 17:29 . 2008-12-04 17:29 177,664 --a------ c:\windows\System32\mpg2splt.ax
2008-12-04 17:29 . 2008-12-04 17:29 80,896 --a------ c:\windows\System32\MSNP.ax
2008-12-04 17:29 . 2008-12-04 17:29 69,632 --a------ c:\windows\System32\Mpeg2Data.ax
2008-12-04 17:29 . 2008-12-04 17:29 57,856 --a------ c:\windows\System32\MSDvbNP.ax
2008-12-04 17:25 . 2008-12-04 17:25 212,480 --a------ c:\windows\System32\drivers\mrxsmb10.sys
2008-12-04 17:23 . 2008-12-04 17:23 303,616 --a------ c:\windows\System32\wmpeffects.dll
2008-12-04 17:22 . 2008-12-04 17:22 2,032,640 --a------ c:\windows\System32\win32k.sys
2008-12-04 17:22 . 2008-12-04 17:22 1,191,936 --a------ c:\windows\System32\msxml3.dll
2008-12-04 17:22 . 2008-12-04 17:22 2,048 --a------ c:\windows\System32\msxml3r.dll
2008-12-04 17:21 . 2008-12-04 17:21 0 --ah----- c:\windows\System32\drivers\Msft_Kernel_xusb21_01005.Wdf
2008-12-04 17:17 . 2008-01-19 08:34 15,872 --a------ c:\windows\System32\hcrstco.dll
2008-12-04 17:17 . 2006-11-02 10:46 8,704 --a------ c:\windows\System32\hccoin.dll
2008-12-04 17:13 . 2008-12-04 17:13 988,216 --a------ c:\windows\System32\winload.exe
2008-12-04 17:13 . 2008-12-04 17:13 927,288 --a------ c:\windows\System32\winresume.exe
2008-12-04 17:13 . 2008-12-04 17:13 615,992 --a------ c:\windows\System32\ci.dll
2008-12-04 17:13 . 2008-12-04 17:13 378,368 --a------ c:\windows\System32\srcore.dll
2008-12-04 17:13 . 2008-12-04 17:13 318,464 --a------ c:\windows\System32\rstrui.exe
2008-12-04 17:13 . 2008-12-04 17:13 46,592 --a------ c:\windows\System32\setbcdlocale.dll
2008-12-04 17:13 . 2008-12-04 17:13 40,960 --a------ c:\windows\System32\srclient.dll
2008-12-04 17:13 . 2008-12-04 17:13 19,000 --a------ c:\windows\System32\kd1394.dll
2008-12-04 17:13 . 2008-12-04 17:13 14,848 --a------ c:\windows\System32\srdelayed.exe
2008-12-04 17:13 . 2008-12-04 17:13 6,656 --a------ c:\windows\System32\kbd106n.dll
2008-12-04 17:11 . 2008-12-04 17:11 288,768 --a------ c:\windows\System32\drivers\srv.sys
2008-12-04 17:09 . 2008-12-04 17:09 712,704 --a------ c:\windows\System32\WindowsCodecs.dll
2008-12-04 17:09 . 2008-12-04 17:09 425,472 --a------ c:\windows\System32\PhotoMetadataHandler.dll
2008-12-04 17:09 . 2008-12-04 17:09 347,136 --a------ c:\windows\System32\WindowsCodecsExt.dll
2008-12-04 17:08 . 2008-12-04 17:08 443,392 --a------ c:\windows\System32\win32spl.dll
2008-12-04 17:08 . 2008-12-04 17:08 37,888 --a------ c:\windows\System32\printcom.dll

.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-24 12:22 174 --sha-w c:\program files\desktop.ini
2008-12-24 12:15 --------- d-----w c:\program files\Windows Sidebar
2008-12-24 12:15 --------- d-----w c:\program files\Windows Photo Gallery
2008-12-24 12:15 --------- d-----w c:\program files\Windows Mail
2008-12-24 12:15 --------- d-----w c:\program files\Windows Journal
2008-12-24 12:15 --------- d-----w c:\program files\Windows Defender
2008-12-24 12:15 --------- d-----w c:\program files\Windows Collaboration
2008-12-24 12:15 --------- d-----w c:\program files\Windows Calendar
2008-12-06 18:00 2,560 ----a-w c:\windows\AppPatch\AcRes.dll
2008-12-01 21:08 --------- d-sh--w c:\programdata\Sjablonen
2008-12-01 21:08 --------- d-sh--w c:\programdata\Menu Start
2008-12-01 21:08 --------- d-sh--w c:\programdata\Favorieten
2008-12-01 21:08 --------- d-sh--w c:\programdata\Documenten
2008-12-01 21:08 --------- d-sh--w c:\programdata\Bureaublad
2008-11-01 03:44 541,696 ----a-w c:\windows\AppPatch\AcLayers.dll
2008-11-01 03:44 52,736 ----a-w c:\windows\AppPatch\iebrshim.dll
2008-11-01 03:44 460,288 ----a-w c:\windows\AppPatch\AcSpecfc.dll
2008-11-01 03:44 2,154,496 ----a-w c:\windows\AppPatch\AcGenral.dll
2008-11-01 03:44 173,056 ----a-w c:\windows\AppPatch\AcXtrnal.dll
2008-10-29 06:29 2,927,104 ----a-w c:\windows\explorer.exe
.

((((((((((((((((((((((((((((( snapshot@2008-12-27_23.25.21.02 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-12-27 23:57:02 25,214 ----a-r c:\windows\Installer\{66F0AC35-4805-44BC-A3D4-347D4196F9B3}\Checker.exe
+ 2008-12-27 23:57:02 439,926 ----a-r c:\windows\Installer\{66F0AC35-4805-44BC-A3D4-347D4196F9B3}\XBoxStat.exe
- 2008-12-27 22:21:35 262,144 --sha-w c:\windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2008-12-28 22:44:04 262,144 --sha-w c:\windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2008-12-28 22:44:04 262,144 ---ha-w c:\windows\ServiceProfiles\LocalService\ntuser.dat.LOG1
- 2008-12-27 22:21:32 262,144 --sha-w c:\windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2008-12-28 22:44:02 262,144 --sha-w c:\windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2008-12-28 22:44:02 262,144 ---ha-w c:\windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1
- 2008-12-27 22:21:22 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-12-27 22:50:56 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2008-12-27 22:21:22 98,304 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-12-27 22:50:56 98,304 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-12-27 22:21:22 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-12-27 22:50:56 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2008-12-27 20:04:55 101,052 ----a-w c:\windows\System32\perfc009.dat
+ 2008-12-28 17:05:52 101,052 ----a-w c:\windows\System32\perfc009.dat
- 2008-12-27 20:04:55 126,648 ----a-w c:\windows\System32\perfc013.dat
+ 2008-12-28 17:05:52 126,648 ----a-w c:\windows\System32\perfc013.dat
- 2008-12-27 20:04:55 586,980 ----a-w c:\windows\System32\perfh009.dat
+ 2008-12-28 17:05:52 586,980 ----a-w c:\windows\System32\perfh009.dat
- 2008-12-27 20:04:55 667,114 ----a-w c:\windows\System32\perfh013.dat
+ 2008-12-28 17:05:52 667,114 ----a-w c:\windows\System32\perfh013.dat
- 2008-12-27 20:00:24 4,982 ----a-w c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-4265983345-3037586335-2177389312-1000_UserData.bin
+ 2008-12-28 22:45:45 5,430 ----a-w c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-4265983345-3037586335-2177389312-1000_UserData.bin
- 2008-12-27 20:00:24 69,880 ----a-w c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2008-12-28 22:45:45 70,350 ----a-w c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2008-12-27 20:00:22 33,798 ----a-w c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2008-12-27 22:52:50 34,204 ----a-w c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
- 2008-12-19 23:28:25 134,426 ----a-w c:\windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_FastS4.bin
+ 2008-12-28 12:51:04 161,248 ----a-w c:\windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_FastS4.bin
.
-- Snapshot teruggezet naar huidige datum --
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-12-23 143360]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-06 136600]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2008-12-13 1261336]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-11-06 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-11-06 8530464]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-11-06 81920]
"XboxStat"="c:\program files\Microsoft Xbox 360 Accessories\XboxStat.exe" [2007-09-26 734264]
"RtHDVCpl"="RtHDVCpl.exe" [2007-01-18 c:\windows\RtHDVCpl.exe]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{15951E54-2492-4C5B-AED5-71B1A8698B63}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{AD7D7161-C414-4AD2-8360-E127492713BE}"= c:\program files\AVG\AVG8\avgemc.exe:avgemc.exe
"{1542F147-E78F-4B39-9EAF-5CC47FCD29B4}"= c:\program files\AVG\AVG8\avgupd.exe:avgupd.exe
"TCP Query User{F2CA693C-B9F9-42B0-8BD9-0558F246D10E}c:\\program files\\vuze\\azureus.exe"= UDP:c:\program files\vuze\azureus.exe:Azureus
"UDP Query User{E34C4506-D934-4C98-B38E-75554649EE39}c:\\program files\\vuze\\azureus.exe"= TCP:c:\program files\vuze\azureus.exe:Azureus
"TCP Query User{0410AC73-83C7-4739-85EA-4D4B0AF846D2}e:\\rise of the argonauts\\rise of the argonauts\\binaries\\riseoftheargonauts.exe"= UDP:e:\rise of the argonauts\rise of the argonauts\binaries\riseoftheargonauts.exe:RiseOfTheArgonauts
"UDP Query User{33143E01-88EB-4530-B9E3-9AD23118020C}e:\\rise of the argonauts\\rise of the argonauts\\binaries\\riseoftheargonauts.exe"= TCP:e:\rise of the argonauts\rise of the argonauts\binaries\riseoftheargonauts.exe:RiseOfTheArgonauts
"{EBA54F3C-4578-4E33-ABE8-13993B8BC3FC}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"TCP Query User{99100A71-D78A-4849-87C0-4EA87F568B5F}c:\\users\\davy\\shared\\[ pc games ] - age of empires ii(full)(2)\\empires2.exe"= UDP:c:\users\davy\shared\[ pc games ] - age of empires ii(full)(2)\empires2.exe:empires2.exe
"UDP Query User{BB63E4C9-C01B-480D-9868-E9AE9B9A210F}c:\\users\\davy\\shared\\[ pc games ] - age of empires ii(full)(2)\\empires2.exe"= TCP:c:\users\davy\shared\[ pc games ] - age of empires ii(full)(2)\empires2.exe:empires2.exe
"{E05FF5F7-D93B-45F7-B625-945824D7ED0B}"= UDP:c:\program files\LimeWire\LimeWire.exe:LimeWire
"{1C9E6C86-7F3D-4173-882A-6D3A0875DA7F}"= TCP:c:\program files\LimeWire\LimeWire.exe:LimeWire
"TCP Query User{4B545164-F968-43B5-8D02-76DF3E8C6BF2}c:\\program files\\vuze\\azureus.exe"= UDP:c:\program files\vuze\azureus.exe:Azureus
"UDP Query User{119F92E3-BCBA-428A-ACC1-2F10DAB75189}c:\\program files\\vuze\\azureus.exe"= TCP:c:\program files\vuze\azureus.exe:Azureus

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\Drivers\avgldx86.sys [2008-12-13 97928]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2008-12-13 875288]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2008-12-13 231704]
R3 AvgWfpX;AVG Free8 Firewall Driver x86;c:\windows\system32\Drivers\avgwfpx.sys [2008-12-13 69128]
R3 netr73;RT73 USB Wireless LAN Card Driver for Vista;c:\windows\system32\DRIVERS\netr73.sys [2007-05-11 329728]
R3 Ph3xIB32;Philips 713x Inbox PCI TV Card;c:\windows\system32\DRIVERS\Ph3xIB32.sys [2007-04-03 1131136]
R3 X10Hid;X10 Hid Device;c:\windows\system32\Drivers\x10hid.sys [2008-12-22 13976]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{71e13cbe-bfdb-11dd-ad50-806e6f6e6963}]
\shell\AutoRun\command - F:\Launch.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{71e13cbf-bfdb-11dd-ad50-806e6f6e6963}]
\shell\AutoRun\command - G:\FahrenheitAutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e862c09e-c0b9-11dd-9d5d-0019db5d422a}]
\shell\AutoRun\command - I:\autorun.exe
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-28 23:44:24
Windows 6.0.6001 Service Pack 1 NTFS

scannen van verborgen processen ...

scannen van verborgen autostart items ...

scannen van verborgen bestanden ...

Scan succesvol afgerond
verborgen bestanden: 0

**************************************************************************
.
------------------------ Andere Aktieve Processen ------------------------
.
c:\windows\System32\nvvsvc.exe
c:\windows\System32\audiodg.exe
c:\windows\System32\rundll32.exe
c:\program files\AVG\AVG8\avgtray.exe
c:\windows\System32\rundll32.exe
c:\windows\ehome\ehmsas.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\progra~1\COMMON~1\X10\Common\X10nets.exe
c:\windows\System32\WUDFHost.exe
c:\program files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
c:\progra~1\AVG\AVG8\avgrsx.exe
c:\program files\Common Files\Ahead\Lib\NMIndexingService.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\Mozilla Firefox\firefox.exe
c:\windows\System32\dllhost.exe
.
**************************************************************************
.
Voltooingstijd: 2008-12-28 23:52:04 - machine werd herstart
ComboFix-quarantined-files.txt 2008-12-28 22:52:00
ComboFix2.txt 2008-12-27 22:29:28

Pre-Run: 26.451.533.824 bytes beschikbaar
Post-Run: 26,143,424,512 bytes beschikbaar

302 --- E O F --- 2008-12-24 17:23:48

folser

Legacy Member
en hijack this logje:

ComboFix 08-12-26.03 - Davy 2008-12-28 23:38:23.2 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1043.18.3070.1693 [GMT 1:00]
Gestart vanuit: c:\users\Davy\Downloads\Documenten\jk.exe
gebruikte Opdracht switches :: c:\users\Davy\Desktop\CFScript.txt
AV: AVG Anti-Virus Free *On-access scanning disabled* (Outdated)
* Nieuw herstelpunt werd aangemaakt

FILE ::
C:\-795856615
C:\cepdtqe.exe
c:\windows\c20232.exe
c:\windows\gbg033414.exe
c:\windows\gu58826.exe
c:\windows\hw5305.exe
c:\windows\vtj708346.exe
c:\windows\wuan364443.exe
c:\windows\ykgee3362.exe
.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\-795856615
c:\windows\system32\TDSSbojx.dll
c:\windows\system32\TDSSwows.dat

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_TDSSSERV.SYS
-------\Service_TDSSserv.sys


(((((((((((((((((((( Bestanden Gemaakt van 2008-11-28 to 2008-12-28 ))))))))))))))))))))))))))))))
.

2008-12-27 23:34 . 2008-12-27 23:34 <DIR> d-------- c:\users\Davy\AppData\Roaming\Malwarebytes
2008-12-27 23:03 . 2008-12-27 23:03 <DIR> d-------- c:\users\All Users\Malwarebytes
2008-12-27 23:03 . 2008-12-27 23:03 <DIR> d-------- c:\programdata\Malwarebytes
2008-12-27 23:03 . 2008-12-27 23:03 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2008-12-27 23:03 . 2008-12-03 19:59 38,496 --a------ c:\windows\System32\drivers\mbamswissarmy.sys
2008-12-27 23:03 . 2008-12-03 19:59 15,504 --a------ c:\windows\System32\drivers\mbam.sys
2008-12-26 00:15 . 2008-12-27 00:03 <DIR> d-------- c:\users\Davy\AppData\Roaming\LimeWire
2008-12-26 00:15 . 2008-12-26 00:45 <DIR> d-------- c:\program files\LimeWire
2008-12-25 23:11 . 2008-12-25 23:11 0 --a------ c:\windows\nsreg.dat
2008-12-25 13:05 . 2008-12-25 13:05 0 --ah----- c:\windows\System32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2008-12-24 23:37 . 2008-12-24 23:37 <DIR> d-------- c:\program files\Orca
2008-12-24 22:35 . 2008-12-24 22:35 <DIR> d-------- c:\users\Davy\AppData\Roaming\SystemRequirementsLab
2008-12-24 22:35 . 2008-12-24 22:35 <DIR> d-------- c:\program files\SystemRequirementsLab
2008-12-24 22:34 . 2008-12-24 22:34 <DIR> d-------- c:\windows\Sun
2008-12-24 18:09 . 2008-04-26 09:26 891,448 --a------ c:\windows\System32\drivers\tcpip.sys
2008-12-24 13:13 . 2008-12-24 13:13 <DIR> d-------- C:\PerfLogs
2008-12-22 12:03 . 2008-12-22 12:03 <DIR> d-------- c:\users\All Users\X10 Settings
2008-12-22 12:03 . 2008-12-22 12:03 <DIR> d-------- c:\programdata\X10 Settings
2008-12-22 12:02 . 2008-12-22 12:04 <DIR> d-------- c:\program files\X10 Hardware
2008-12-22 12:02 . 2008-12-22 12:02 <DIR> d-------- c:\program files\Common Files\X10
2008-12-22 12:02 . 2002-01-05 03:37 344,064 --a------ c:\windows\System32\msvcr70.dll
2008-12-22 12:02 . 1999-06-25 09:56 127,184 --a------ c:\windows\Unwise.exe
2008-12-22 12:02 . 2006-11-17 10:31 13,976 --a------ c:\windows\System32\drivers\x10hid.sys
2008-12-18 21:44 . 2008-01-19 08:33 8,139,264 --a------ c:\windows\System32\ssBranded.scr
2008-12-18 21:43 . 2008-01-19 07:06 8,147,456 --a------ c:\windows\System32\wmploc.DLL
2008-12-18 21:42 . 2008-01-19 08:36 704,512 --a------ c:\windows\System32\SmiEngine.dll
2008-12-18 21:42 . 2008-01-19 08:36 357,888 --a------ c:\windows\System32\wbemcomn.dll
2008-12-18 21:42 . 2008-01-19 08:36 139,264 --a------ c:\windows\System32\SmiInstaller.dll
2008-12-18 21:42 . 2008-01-19 08:36 129,536 --a------ c:\windows\System32\sqmapi.dll
2008-12-18 21:41 . 2008-01-19 08:36 218,624 --a------ c:\windows\System32\wdscore.dll
2008-12-18 21:41 . 2008-01-19 08:33 130,560 --a------ c:\windows\System32\PkgMgr.exe
2008-12-18 21:40 . 2008-01-19 08:34 305,152 --a------ c:\windows\System32\msdelta.dll
2008-12-18 21:40 . 2008-01-19 08:34 258,560 --a------ c:\windows\System32\dpx.dll
2008-12-18 21:40 . 2008-01-19 08:34 246,784 --a------ c:\windows\System32\drvstore.dll
2008-12-18 21:40 . 2008-01-19 08:35 35,328 --a------ c:\windows\System32\mspatcha.dll
2008-12-17 23:40 . 2008-12-17 23:40 <DIR> d-------- c:\program files\PQDVD
2008-12-17 18:07 . 2006-09-20 16:58 40,960 --a------ c:\windows\System32\psfind.dll
2008-12-17 18:02 . 2008-12-17 18:02 <DIR> d-------- c:\program files\THQ
2008-12-13 21:55 . 2008-12-13 21:55 <DIR> d-------- c:\program files\Trend Micro
2008-12-13 20:14 . 2008-12-28 00:58 <DIR> d--h----- C:\$AVG8.VAULT$
2008-12-13 20:14 . 2007-11-06 20:00 1,073,152 --a------ c:\windows\System32\nvcpluir.dll
2008-12-13 20:14 . 2007-11-06 20:00 307,200 --a------ c:\windows\System32\nvexpbar.dll
2008-12-13 20:11 . 2008-12-28 18:01 <DIR> d-------- c:\windows\System32\drivers\Avg
2008-12-13 20:11 . 2008-12-13 20:11 97,928 --a------ c:\windows\System32\drivers\avgldx86.sys
2008-12-13 20:11 . 2008-12-13 20:11 69,128 --a------ c:\windows\System32\drivers\avgwfpx.sys
2008-12-13 20:11 . 2008-12-13 20:11 10,520 --a------ c:\windows\System32\avgrsstx.dll
2008-12-13 20:10 . 2008-12-13 20:15 <DIR> d-------- c:\users\All Users\avg8
2008-12-13 20:10 . 2008-12-13 20:15 <DIR> d-------- c:\programdata\avg8
2008-12-13 20:10 . 2008-12-13 20:10 <DIR> d-------- c:\program files\AVG
2008-12-12 22:36 . 2008-12-24 23:54 200,980,605 --a------ c:\windows\MEMORY.DMP
2008-12-12 11:48 . 2008-12-28 00:56 <DIR> d-------- c:\program files\Microsoft Xbox 360 Accessories
2008-12-12 11:29 . 2008-10-22 02:22 2,048 --a------ c:\windows\System32\tzres.dll
2008-12-11 18:50 . 2008-12-11 18:50 <DIR> dr-h----- c:\users\Davy\AppData\Roaming\SecuROM
2008-12-11 18:50 . 2008-12-11 18:50 98,304 --a------ c:\windows\System32\CmdLineExt.dll
2008-12-11 18:39 . 2008-12-11 18:39 <DIR> d-------- c:\program files\Sierra
2008-12-11 18:36 . 2008-12-11 18:36 <DIR> d-------- c:\users\Davy\AppData\Roaming\InstallShield
2008-12-11 18:02 . 2008-12-11 18:02 <DIR> d-------- c:\users\Davy\AppData\Roaming\Lavasoft
2008-12-11 18:01 . 2008-12-11 18:01 <DIR> d-------- c:\program files\Lavasoft
2008-12-11 17:03 . 2008-12-11 17:03 <DIR> d-------- c:\users\All Users\sentinel
2008-12-11 17:03 . 2008-12-11 17:03 <DIR> d-------- c:\programdata\sentinel
2008-12-11 16:28 . 2008-11-01 02:21 4,240,384 --a------ c:\windows\System32\GameUXLegacyGDFs.dll
2008-12-11 16:28 . 2008-10-21 06:25 296,960 --a------ c:\windows\System32\gdi32.dll
2008-12-11 16:28 . 2008-11-01 04:44 28,672 --a------ c:\windows\System32\Apphlpdm.dll
2008-12-08 12:31 . 2008-12-25 13:43 <DIR> d-------- c:\users\Davy\Shared
2008-12-08 12:30 . 2008-12-12 22:32 <DIR> d-------- c:\users\Davy\Incomplete
2008-12-08 12:30 . 2008-12-11 17:03 <DIR> d-------- c:\users\Davy\AppData\Roaming\LimeWireTurbo
2008-12-08 12:30 . 2008-12-12 22:35 <DIR> d-------- c:\program files\Conduit
2008-12-08 08:39 . 2008-12-08 12:42 <DIR> d-------- c:\users\Davy\Flatout 2
2008-12-07 22:48 . 2008-12-07 22:48 269,312 --a------ c:\windows\System32\es.dll
2008-12-07 21:16 . 2008-12-07 21:16 779,800 --a------ c:\windows\System32\PresentationNative_v0300.dll
2008-12-07 21:16 . 2008-12-07 21:16 579,584 --a------ c:\windows\System32\icardagt.exe
2008-12-07 21:16 . 2008-12-07 21:16 350,744 --a------ c:\windows\System32\PresentationHost.exe
2008-12-07 21:16 . 2008-12-07 21:16 106,520 --a------ c:\windows\System32\PresentationCFFRasterizerNative_v0300.dll
2008-12-07 21:16 . 2008-12-07 21:16 33,304 --a------ c:\windows\System32\PresentationHostProxy.dll
2008-12-07 21:16 . 2008-12-07 21:16 11,776 --a------ c:\windows\System32\icardres.dll
2008-12-07 21:06 . 2008-12-07 21:06 41,984 --a------ c:\windows\System32\netfxperf.dll
2008-12-07 00:21 . 2008-12-07 00:21 <DIR> d-------- c:\users\Davy\AppData\Roaming\Download Manager
2008-12-07 00:15 . 2008-12-07 00:15 <DIR> d-------- c:\program files\ImTOO
2008-12-06 21:57 . 2008-12-28 23:42 <DIR> d-------- c:\users\Davy\AppData\Roaming\Azureus
2008-12-06 21:57 . 2008-12-06 21:57 <DIR> d-------- c:\users\All Users\Azureus
2008-12-06 21:57 . 2008-12-06 21:57 <DIR> d-------- c:\programdata\Azureus
2008-12-06 21:56 . 2008-12-06 21:56 <DIR> d-------- c:\program files\Vuze
2008-12-06 21:55 . 2008-12-06 21:55 <DIR> d-------- c:\program files\Java
2008-12-06 21:55 . 2008-12-06 21:55 410,984 --a------ c:\windows\System32\deploytk.dll
2008-12-06 19:50 . 2008-12-06 19:50 <DIR> d-------- c:\program files\Microsoft Silverlight
2008-12-06 19:01 . 2008-12-06 19:01 361,984 --a------ c:\windows\System32\IPSECSVC.DLL
2008-12-06 19:01 . 2008-12-06 19:01 272,896 --a------ c:\windows\System32\polstore.dll
2008-12-06 19:01 . 2008-12-06 19:01 61,440 --a------ c:\windows\System32\winipsec.dll
2008-12-06 19:01 . 2008-12-06 19:01 28,672 --a------ c:\windows\System32\FwRemoteSvr.dll
2008-12-06 19:00 . 2008-12-06 19:00 1,695,744 --a------ c:\windows\System32\gameux.dll
2008-12-06 19:00 . 2008-12-06 19:00 241,152 --a------ c:\windows\System32\PortableDeviceApi.dll
2008-12-06 19:00 . 2008-12-06 19:00 160,768 --a------ c:\windows\System32\PortableDeviceTypes.dll
2008-12-06 19:00 . 2008-12-06 19:00 94,720 --a------ c:\windows\System32\PortableDeviceClassExtension.dll
2008-12-06 19:00 . 2008-12-06 19:00 1,820 --a------ c:\windows\System32\rasctrnm.h
2008-12-04 17:29 . 2008-12-04 17:29 428,544 --a------ c:\windows\System32\EncDec.dll
2008-12-04 17:29 . 2008-12-04 17:29 293,376 --a------ c:\windows\System32\psisdecd.dll
2008-12-04 17:29 . 2008-12-04 17:29 217,088 --a------ c:\windows\System32\psisrndr.ax
2008-12-04 17:29 . 2008-12-04 17:29 177,664 --a------ c:\windows\System32\mpg2splt.ax
2008-12-04 17:29 . 2008-12-04 17:29 80,896 --a------ c:\windows\System32\MSNP.ax
2008-12-04 17:29 . 2008-12-04 17:29 69,632 --a------ c:\windows\System32\Mpeg2Data.ax
2008-12-04 17:29 . 2008-12-04 17:29 57,856 --a------ c:\windows\System32\MSDvbNP.ax
2008-12-04 17:25 . 2008-12-04 17:25 212,480 --a------ c:\windows\System32\drivers\mrxsmb10.sys
2008-12-04 17:23 . 2008-12-04 17:23 303,616 --a------ c:\windows\System32\wmpeffects.dll
2008-12-04 17:22 . 2008-12-04 17:22 2,032,640 --a------ c:\windows\System32\win32k.sys
2008-12-04 17:22 . 2008-12-04 17:22 1,191,936 --a------ c:\windows\System32\msxml3.dll
2008-12-04 17:22 . 2008-12-04 17:22 2,048 --a------ c:\windows\System32\msxml3r.dll
2008-12-04 17:21 . 2008-12-04 17:21 0 --ah----- c:\windows\System32\drivers\Msft_Kernel_xusb21_01005.Wdf
2008-12-04 17:17 . 2008-01-19 08:34 15,872 --a------ c:\windows\System32\hcrstco.dll
2008-12-04 17:17 . 2006-11-02 10:46 8,704 --a------ c:\windows\System32\hccoin.dll
2008-12-04 17:13 . 2008-12-04 17:13 988,216 --a------ c:\windows\System32\winload.exe
2008-12-04 17:13 . 2008-12-04 17:13 927,288 --a------ c:\windows\System32\winresume.exe
2008-12-04 17:13 . 2008-12-04 17:13 615,992 --a------ c:\windows\System32\ci.dll
2008-12-04 17:13 . 2008-12-04 17:13 378,368 --a------ c:\windows\System32\srcore.dll
2008-12-04 17:13 . 2008-12-04 17:13 318,464 --a------ c:\windows\System32\rstrui.exe
2008-12-04 17:13 . 2008-12-04 17:13 46,592 --a------ c:\windows\System32\setbcdlocale.dll
2008-12-04 17:13 . 2008-12-04 17:13 40,960 --a------ c:\windows\System32\srclient.dll
2008-12-04 17:13 . 2008-12-04 17:13 19,000 --a------ c:\windows\System32\kd1394.dll
2008-12-04 17:13 . 2008-12-04 17:13 14,848 --a------ c:\windows\System32\srdelayed.exe
2008-12-04 17:13 . 2008-12-04 17:13 6,656 --a------ c:\windows\System32\kbd106n.dll
2008-12-04 17:11 . 2008-12-04 17:11 288,768 --a------ c:\windows\System32\drivers\srv.sys
2008-12-04 17:09 . 2008-12-04 17:09 712,704 --a------ c:\windows\System32\WindowsCodecs.dll
2008-12-04 17:09 . 2008-12-04 17:09 425,472 --a------ c:\windows\System32\PhotoMetadataHandler.dll
2008-12-04 17:09 . 2008-12-04 17:09 347,136 --a------ c:\windows\System32\WindowsCodecsExt.dll
2008-12-04 17:08 . 2008-12-04 17:08 443,392 --a------ c:\windows\System32\win32spl.dll
2008-12-04 17:08 . 2008-12-04 17:08 37,888 --a------ c:\windows\System32\printcom.dll

.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-24 12:22 174 --sha-w c:\program files\desktop.ini
2008-12-24 12:15 --------- d-----w c:\program files\Windows Sidebar
2008-12-24 12:15 --------- d-----w c:\program files\Windows Photo Gallery
2008-12-24 12:15 --------- d-----w c:\program files\Windows Mail
2008-12-24 12:15 --------- d-----w c:\program files\Windows Journal
2008-12-24 12:15 --------- d-----w c:\program files\Windows Defender
2008-12-24 12:15 --------- d-----w c:\program files\Windows Collaboration
2008-12-24 12:15 --------- d-----w c:\program files\Windows Calendar
2008-12-06 18:00 2,560 ----a-w c:\windows\AppPatch\AcRes.dll
2008-12-01 21:08 --------- d-sh--w c:\programdata\Sjablonen
2008-12-01 21:08 --------- d-sh--w c:\programdata\Menu Start
2008-12-01 21:08 --------- d-sh--w c:\programdata\Favorieten
2008-12-01 21:08 --------- d-sh--w c:\programdata\Documenten
2008-12-01 21:08 --------- d-sh--w c:\programdata\Bureaublad
2008-11-01 03:44 541,696 ----a-w c:\windows\AppPatch\AcLayers.dll
2008-11-01 03:44 52,736 ----a-w c:\windows\AppPatch\iebrshim.dll
2008-11-01 03:44 460,288 ----a-w c:\windows\AppPatch\AcSpecfc.dll
2008-11-01 03:44 2,154,496 ----a-w c:\windows\AppPatch\AcGenral.dll
2008-11-01 03:44 173,056 ----a-w c:\windows\AppPatch\AcXtrnal.dll
2008-10-29 06:29 2,927,104 ----a-w c:\windows\explorer.exe
.

((((((((((((((((((((((((((((( snapshot@2008-12-27_23.25.21.02 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-12-27 23:57:02 25,214 ----a-r c:\windows\Installer\{66F0AC35-4805-44BC-A3D4-347D4196F9B3}\Checker.exe
+ 2008-12-27 23:57:02 439,926 ----a-r c:\windows\Installer\{66F0AC35-4805-44BC-A3D4-347D4196F9B3}\XBoxStat.exe
- 2008-12-27 22:21:35 262,144 --sha-w c:\windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2008-12-28 22:44:04 262,144 --sha-w c:\windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2008-12-28 22:44:04 262,144 ---ha-w c:\windows\ServiceProfiles\LocalService\ntuser.dat.LOG1
- 2008-12-27 22:21:32 262,144 --sha-w c:\windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2008-12-28 22:44:02 262,144 --sha-w c:\windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2008-12-28 22:44:02 262,144 ---ha-w c:\windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1
- 2008-12-27 22:21:22 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-12-27 22:50:56 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2008-12-27 22:21:22 98,304 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-12-27 22:50:56 98,304 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-12-27 22:21:22 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-12-27 22:50:56 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2008-12-27 20:04:55 101,052 ----a-w c:\windows\System32\perfc009.dat
+ 2008-12-28 17:05:52 101,052 ----a-w c:\windows\System32\perfc009.dat
- 2008-12-27 20:04:55 126,648 ----a-w c:\windows\System32\perfc013.dat
+ 2008-12-28 17:05:52 126,648 ----a-w c:\windows\System32\perfc013.dat
- 2008-12-27 20:04:55 586,980 ----a-w c:\windows\System32\perfh009.dat
+ 2008-12-28 17:05:52 586,980 ----a-w c:\windows\System32\perfh009.dat
- 2008-12-27 20:04:55 667,114 ----a-w c:\windows\System32\perfh013.dat
+ 2008-12-28 17:05:52 667,114 ----a-w c:\windows\System32\perfh013.dat
- 2008-12-27 20:00:24 4,982 ----a-w c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-4265983345-3037586335-2177389312-1000_UserData.bin
+ 2008-12-28 22:45:45 5,430 ----a-w c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-4265983345-3037586335-2177389312-1000_UserData.bin
- 2008-12-27 20:00:24 69,880 ----a-w c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2008-12-28 22:45:45 70,350 ----a-w c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2008-12-27 20:00:22 33,798 ----a-w c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2008-12-27 22:52:50 34,204 ----a-w c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
- 2008-12-19 23:28:25 134,426 ----a-w c:\windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_FastS4.bin
+ 2008-12-28 12:51:04 161,248 ----a-w c:\windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_FastS4.bin
.
-- Snapshot teruggezet naar huidige datum --
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-12-23 143360]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-06 136600]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2008-12-13 1261336]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-11-06 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-11-06 8530464]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-11-06 81920]
"XboxStat"="c:\program files\Microsoft Xbox 360 Accessories\XboxStat.exe" [2007-09-26 734264]
"RtHDVCpl"="RtHDVCpl.exe" [2007-01-18 c:\windows\RtHDVCpl.exe]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{15951E54-2492-4C5B-AED5-71B1A8698B63}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{AD7D7161-C414-4AD2-8360-E127492713BE}"= c:\program files\AVG\AVG8\avgemc.exe:avgemc.exe
"{1542F147-E78F-4B39-9EAF-5CC47FCD29B4}"= c:\program files\AVG\AVG8\avgupd.exe:avgupd.exe
"TCP Query User{F2CA693C-B9F9-42B0-8BD9-0558F246D10E}c:\\program files\\vuze\\azureus.exe"= UDP:c:\program files\vuze\azureus.exe:Azureus
"UDP Query User{E34C4506-D934-4C98-B38E-75554649EE39}c:\\program files\\vuze\\azureus.exe"= TCP:c:\program files\vuze\azureus.exe:Azureus
"TCP Query User{0410AC73-83C7-4739-85EA-4D4B0AF846D2}e:\\rise of the argonauts\\rise of the argonauts\\binaries\\riseoftheargonauts.exe"= UDP:e:\rise of the argonauts\rise of the argonauts\binaries\riseoftheargonauts.exe:RiseOfTheArgonauts
"UDP Query User{33143E01-88EB-4530-B9E3-9AD23118020C}e:\\rise of the argonauts\\rise of the argonauts\\binaries\\riseoftheargonauts.exe"= TCP:e:\rise of the argonauts\rise of the argonauts\binaries\riseoftheargonauts.exe:RiseOfTheArgonauts
"{EBA54F3C-4578-4E33-ABE8-13993B8BC3FC}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"TCP Query User{99100A71-D78A-4849-87C0-4EA87F568B5F}c:\\users\\davy\\shared\\[ pc games ] - age of empires ii(full)(2)\\empires2.exe"= UDP:c:\users\davy\shared\[ pc games ] - age of empires ii(full)(2)\empires2.exe:empires2.exe
"UDP Query User{BB63E4C9-C01B-480D-9868-E9AE9B9A210F}c:\\users\\davy\\shared\\[ pc games ] - age of empires ii(full)(2)\\empires2.exe"= TCP:c:\users\davy\shared\[ pc games ] - age of empires ii(full)(2)\empires2.exe:empires2.exe
"{E05FF5F7-D93B-45F7-B625-945824D7ED0B}"= UDP:c:\program files\LimeWire\LimeWire.exe:LimeWire
"{1C9E6C86-7F3D-4173-882A-6D3A0875DA7F}"= TCP:c:\program files\LimeWire\LimeWire.exe:LimeWire
"TCP Query User{4B545164-F968-43B5-8D02-76DF3E8C6BF2}c:\\program files\\vuze\\azureus.exe"= UDP:c:\program files\vuze\azureus.exe:Azureus
"UDP Query User{119F92E3-BCBA-428A-ACC1-2F10DAB75189}c:\\program files\\vuze\\azureus.exe"= TCP:c:\program files\vuze\azureus.exe:Azureus

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\Drivers\avgldx86.sys [2008-12-13 97928]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2008-12-13 875288]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2008-12-13 231704]
R3 AvgWfpX;AVG Free8 Firewall Driver x86;c:\windows\system32\Drivers\avgwfpx.sys [2008-12-13 69128]
R3 netr73;RT73 USB Wireless LAN Card Driver for Vista;c:\windows\system32\DRIVERS\netr73.sys [2007-05-11 329728]
R3 Ph3xIB32;Philips 713x Inbox PCI TV Card;c:\windows\system32\DRIVERS\Ph3xIB32.sys [2007-04-03 1131136]
R3 X10Hid;X10 Hid Device;c:\windows\system32\Drivers\x10hid.sys [2008-12-22 13976]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{71e13cbe-bfdb-11dd-ad50-806e6f6e6963}]
\shell\AutoRun\command - F:\Launch.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{71e13cbf-bfdb-11dd-ad50-806e6f6e6963}]
\shell\AutoRun\command - G:\FahrenheitAutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e862c09e-c0b9-11dd-9d5d-0019db5d422a}]
\shell\AutoRun\command - I:\autorun.exe
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-28 23:44:24
Windows 6.0.6001 Service Pack 1 NTFS

scannen van verborgen processen ...

scannen van verborgen autostart items ...

scannen van verborgen bestanden ...

Scan succesvol afgerond
verborgen bestanden: 0

**************************************************************************
.
------------------------ Andere Aktieve Processen ------------------------
.
c:\windows\System32\nvvsvc.exe
c:\windows\System32\audiodg.exe
c:\windows\System32\rundll32.exe
c:\program files\AVG\AVG8\avgtray.exe
c:\windows\System32\rundll32.exe
c:\windows\ehome\ehmsas.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\progra~1\COMMON~1\X10\Common\X10nets.exe
c:\windows\System32\WUDFHost.exe
c:\program files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
c:\progra~1\AVG\AVG8\avgrsx.exe
c:\program files\Common Files\Ahead\Lib\NMIndexingService.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\Mozilla Firefox\firefox.exe
c:\windows\System32\dllhost.exe
.
**************************************************************************
.
Voltooingstijd: 2008-12-28 23:52:04 - machine werd herstart
ComboFix-quarantined-files.txt 2008-12-28 22:52:00
ComboFix2.txt 2008-12-27 22:29:28

Pre-Run: 26.451.533.824 bytes beschikbaar
Post-Run: 26,143,424,512 bytes beschikbaar

302 --- E O F --- 2008-12-24 17:23:48

Juisterr

Legacy Member
jammer 2x combofix txt en geen hijackthis log, kan je die alsnog even plaatsen aub.

folser

Legacy Member
aah sorry, hier is dat hijack logje:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:36:56, on 1/01/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\SYSTEM32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [XboxStat] "C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe" silentrun
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{DD5B05A1-6F37-4DE4-95F8-7F183B97678B}: NameServer = 195.130.130.2,195.130.131.2
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe

--
End of file - 4360 bytes

Pc is wel al sneller, en ik krijg ook geen pop ups meer. Dus denk dat de grootste problemen wel al weg zijn?

folser

Legacy Member
aah sorry, hier is dat hijack logje:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:36:56, on 1/01/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\SYSTEM32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [XboxStat] "C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe" silentrun
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{DD5B05A1-6F37-4DE4-95F8-7F183B97678B}: NameServer = 195.130.130.2,195.130.131.2
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe

--
End of file - 4360 bytes

Pc is wel al sneller, en ik krijg ook geen pop ups meer. Dus denk dat de grootste problemen wel al weg zijn?
Het archief is een bevroren moment uit een vorige versie van dit forum, met andere regels en andere bazen. Deze posts weerspiegelen op geen enkele manier onze huidige ideeën, waarden of wereldbeelden en zijn op sommige plaatsen gecensureerd wegens ontoelaatbaar. Veel zijn in een andere tijdsgeest gemaakt, al dan niet ironisch - zoals in het ironische subforum Off-Topic - en zouden op dit moment niet meer gepost (mogen) worden. Toch bieden we dit archief nog graag aan als informatiedatabank en naslagwerk. Lees er hier meer over of start een gesprek met anderen.
Terug
Bovenaan