Help - Search - Members - Calendar
Full Version: Trojan horse BackDoor.Generic11.IZW
Gladiator Security Forum > Malware Help Forum > HELP! Think you are Infected?
kweeki
Apr 28 2009, 02:49 PM
hi

I've got a stupid trojan on my pc and I can't get it removed.
I've got AVG and it say that the file does not excist.
I have even tryed trojan remover but that doesnt work either.


OTListIt.txt
OTListIt logfile created on: 28/04/2009 16:39:49 - Run 1
OTListIt2 by OldTimer - Version 2.0.14.0 Folder = C:\Users\kweeki\Downloads
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000813 | Country: België | Language: NLB | Date Format: d/MM/yyyy

2,00 Gb Total Physical Memory | 1,51 Gb Available Physical Memory | 75,52% Memory free
4,00 Gb Paging File | 4,00 Gb Available in Paging File | 100,00% Paging File free
Paging file location(s): ?:\pagefile.sys;

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 435,76 Gb Total Space | 272,12 Gb Free Space | 62,45% Space Free | Partition Type: NTFS
Drive D: | 29,98 Gb Total Space | 21,41 Gb Free Space | 71,41% Space Free | Partition Type: FAT32
Drive E: | 639,30 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: SVEN
Current User Name: kweeki
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Output = Standard
File Age = 30 Days
Company Name Whitelist: On

========== Processes (SafeList) ==========

PRC - [2008/12/26 01:08:00 | 00,207,392 | -H-- | M] (NVIDIA Corporation) -- C:\Windows\system32\nvvsvc.exe
PRC - [2009/04/26 17:28:58 | 00,953,168 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2009/04/13 18:25:41 | 00,298,264 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe
PRC - [2009/04/13 18:25:38 | 01,356,616 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgfws8.exe
PRC - [2009/02/06 19:08:58 | 00,533,360 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe
PRC - [2009/04/13 18:25:29 | 00,832,792 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgam.exe
PRC - [2007/09/20 09:51:46 | 00,853,288 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
PRC - [2009/04/13 18:25:55 | 00,485,144 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgrsx.exe
PRC - [2009/04/13 18:25:47 | 00,593,176 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgnsx.exe
PRC - [2009/04/12 04:16:14 | 00,294,912 | ---- | M] () -- C:\Program Files\HomeCinema\TV Enhance\Kernel\TV\TVECapSvc.exe
PRC - [2001/11/12 13:31:48 | 00,020,480 | ---- | M] (X10) -- C:\Program Files\Common Files\X10\Common\X10nets.exe
PRC - [2009/04/12 04:16:12 | 00,158,208 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe
PRC - [2009/04/12 04:16:14 | 00,118,784 | ---- | M] () -- C:\Program Files\HomeCinema\TV Enhance\Kernel\TV\TVESched.exe
PRC - [2009/04/12 04:16:12 | 00,446,976 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe
PRC - [2008/01/19 09:33:33 | 00,037,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\wbem\unsecapp.exe
PRC - [2009/03/03 04:16:04 | 00,247,296 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\wbem\wmiprvse.exe
PRC - [2008/10/29 08:29:41 | 02,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\Explorer.EXE
PRC - [2007/11/14 16:50:42 | 04,706,304 | -H-- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2009/02/06 19:08:58 | 00,454,000 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Family Safety\fsui.exe
PRC - [2007/08/24 07:00:48 | 00,033,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
PRC - [2007/08/20 12:58:20 | 00,701,736 | ---- | M] (PC Tools) -- C:\Program Files\Registry Mechanic\RMTray.exe
PRC - [2007/02/04 13:02:14 | 00,079,400 | ---- | M] (Nuance Communications, Inc.) -- C:\Program Files\ScanSoft\OmniPageSE4\OpWareSE4.exe
PRC - [2009/03/09 06:19:17 | 00,148,888 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
PRC - [2009/04/26 17:28:59 | 00,516,440 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
PRC - [2009/04/13 18:25:51 | 01,932,568 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgtray.exe
PRC - [2008/01/19 09:33:39 | 00,202,240 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnscfg.exe
PRC - [2008/01/19 09:33:39 | 00,896,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe
PRC - [2008/01/19 09:33:33 | 00,037,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\wbem\unsecapp.exe
PRC - [2008/01/19 09:33:30 | 01,233,920 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Sidebar\sidebar.exe
PRC - [2008/01/19 09:33:09 | 00,125,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehtray.exe
PRC - [2008/01/19 09:33:09 | 00,037,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehmsas.exe
PRC - [2006/11/02 14:35:29 | 00,131,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehsched.exe
PRC - [2008/01/19 09:33:09 | 00,292,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehRecvr.exe
PRC - [2008/01/19 09:33:30 | 01,233,920 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Sidebar\sidebar.exe
PRC - [2009/04/13 18:25:55 | 00,691,992 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgcsrvx.exe
PRC - [2009/04/28 14:46:06 | 00,307,704 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2008/01/19 09:33:12 | 00,299,520 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\ieuser.exe
PRC - [2009/03/03 06:40:22 | 00,636,072 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
PRC - [2008/06/20 03:14:31 | 00,881,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
PRC - [2009/02/06 19:52:40 | 03,885,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\msnmsgr.exe
PRC - [2009/02/03 04:07:18 | 00,240,544 | R--- | M] (Adobe Systems, Inc.) -- C:\Windows\system32\Macromed\Flash\FlashUtil10b.exe
PRC - [2009/04/06 15:32:44 | 01,277,584 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
PRC - [2009/02/26 00:37:14 | 17,937,768 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\EXCEL.EXE
PRC - [2009/04/13 18:25:55 | 00,691,992 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgcsrvx.exe
PRC - [2008/11/13 10:33:54 | 00,097,128 | ---- | M] (Microsoft Corp.) -- C:\Program Files\Microsoft\Office Live\OfficeLiveSignIn.exe
PRC - [2009/04/28 15:33:22 | 00,501,248 | ---- | M] (OldTimer Tools) -- C:\Users\kweeki\Downloads\OTListIt2.exe

========== Win32 Services (SafeList) ==========

SRV - File not found -- -- (AlertService [Auto | Stopped])
SRV - File not found -- -- (Automatic LiveUpdate Scheduler [Disabled | Stopped])
SRV - [2009/04/13 18:25:41 | 00,298,264 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe -- (avg8wd [Auto | Running])
SRV - [2009/04/13 18:25:38 | 01,356,616 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgfws8.exe -- (avgfws8 [Auto | Running])
SRV - [2008/07/27 20:03:13 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
SRV - File not found -- -- (DQLWinService [Auto | Stopped])
SRV - [2008/01/19 09:33:09 | 00,292,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehRecvr.exe -- (ehRecvr [On_Demand | Running])
SRV - [2006/11/02 14:35:29 | 00,131,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehsched.exe -- (ehSched [On_Demand | Running])
SRV - [2006/11/02 14:35:29 | 00,013,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehstart.dll -- (ehstart [Auto | Stopped])
SRV - [2008/06/20 03:14:44 | 00,046,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped])
SRV - [2009/02/06 19:08:58 | 00,533,360 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe -- (fsssvc [Auto | Running])
SRV - [2008/06/20 03:14:31 | 00,881,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [Unknown | Running])
SRV - File not found -- -- (ISSM [Auto | Stopped])
SRV - [2009/04/26 17:28:58 | 00,953,168 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service [Auto | Running])
SRV - File not found -- -- (LiveUpdate [On_Demand | Stopped])
SRV - File not found -- -- (M1 Server [Auto | Stopped])
SRV - [2009/04/12 04:16:12 | 00,158,208 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe -- (MCLServiceATL [Auto | Running])
SRV - [2007/08/24 06:59:20 | 00,068,464 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service [On_Demand | Stopped])
SRV - [2007/09/20 09:51:46 | 00,853,288 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe -- (Nero BackItUp Scheduler 3 [Auto | Running])
SRV - [2008/06/20 03:14:31 | 00,132,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])
SRV - File not found -- -- (NMIndexingService [On_Demand | Stopped])
SRV - File not found -- -- (NMSCore [Auto | Stopped])
SRV - [2008/12/26 01:08:00 | 00,207,392 | -H-- | M] (NVIDIA Corporation) -- C:\Windows\system32\nvvsvc.exe -- (nvsvc [Auto | Running])
SRV - [2009/04/12 03:42:34 | 00,443,904 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv [On_Demand | Stopped])
SRV - [2009/04/12 03:42:34 | 00,145,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
SRV - File not found -- -- (QualityManager [Auto | Stopped])
SRV - [2009/04/12 04:16:12 | 00,446,976 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe -- (Remote UI Service [Auto | Running])
SRV - File not found -- -- (RichVideo [Auto | Stopped])
SRV - [2009/04/12 04:16:14 | 00,294,912 | ---- | M] () -- C:\Program Files\HomeCinema\TV Enhance\Kernel\TV\TVECapSvc.exe -- (TVECapSvc [Auto | Running])
SRV - [2009/04/12 04:16:14 | 00,118,784 | ---- | M] () -- C:\Program Files\HomeCinema\TV Enhance\Kernel\TV\TVESched.exe -- (TVESched [Auto | Running])
SRV - [2008/01/19 09:38:24 | 00,272,952 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend [Auto | Stopped])
SRV - [2007/10/25 16:27:54 | 00,266,240 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\installer\WLSetupSvc.exe -- (WLSetupSvc [On_Demand | Stopped])
SRV - [2008/01/19 09:33:39 | 00,896,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc [Auto | Running])
SRV - [2001/11/12 13:31:48 | 00,020,480 | ---- | M] (X10) -- C:\Program Files\Common Files\X10\Common\X10nets.exe -- (x10nets [Auto | Running])

========== Driver Services (SafeList) ==========

DRV - [2008/01/08 09:17:08 | 01,302,368 | -H-- | M] (NXP Semiconductors Germany GmbH) -- C:\Windows\system32\DRIVERS\3xHybrid.sys -- (3xHybrid [On_Demand | Running])
DRV - [2007/01/12 18:26:14 | 00,035,712 | -H-- | M] (Advanced Card Systems Ltd) -- C:\Windows\system32\DRIVERS\a38usb.sys -- (ACSSCR [On_Demand | Stopped])
DRV - [2006/11/02 11:51:38 | 00,420,968 | -H-- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx [Disabled | Stopped])
DRV - [2006/11/02 11:51:32 | 00,297,576 | -H-- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci [Disabled | Stopped])
DRV - [2006/11/02 11:50:35 | 00,098,408 | -H-- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m [Disabled | Stopped])
DRV - [2006/11/02 11:51:00 | 00,147,048 | -H-- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320 [Disabled | Stopped])
DRV - [2006/11/02 11:50:11 | 00,071,272 | -H-- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx [Disabled | Stopped])
DRV - [2006/11/02 11:49:20 | 00,014,952 | -H-- | M] (Acer Laboratories Inc.) -- C:\Windows\system32\drivers\aliide.sys -- (aliide [Disabled | Stopped])
DRV - [2006/11/02 11:50:09 | 00,067,688 | -H-- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\arc.sys -- (arc [Disabled | Stopped])
DRV - [2006/11/02 11:50:10 | 00,067,688 | -H-- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas [Disabled | Stopped])
DRV - [2009/04/13 18:25:54 | 00,023,832 | -H-- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\system32\DRIVERS\avgfwd6x.sys -- (Avgfwfd [System | Running])
DRV - [2009/04/13 18:25:55 | 00,325,640 | -H-- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\Drivers\avgldx86.sys -- (AvgLdx86 [System | Running])
DRV - [2009/04/13 18:25:55 | 00,027,656 | -H-- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\Drivers\avgmfx86.sys -- (AvgMfx86 [System | Running])
DRV - [2009/04/13 18:25:29 | 00,012,552 | -H-- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\Drivers\avgrkx86.sys -- (AvgRkx86 [Boot | Running])
DRV - [2009/04/13 18:25:54 | 00,108,552 | -H-- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\Drivers\avgtdix.sys -- (AvgTdiX [System | Running])
DRV - [2006/11/02 10:24:45 | 00,013,568 | -H-- | M] (Brother Industries, Ltd.) -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo [On_Demand | Stopped])
DRV - [2006/11/02 10:24:46 | 00,005,248 | -H-- | M] (Brother Industries, Ltd.) -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp [On_Demand | Stopped])
DRV - [2006/11/02 10:25:24 | 00,071,808 | -H-- | M] (Brother Industries Ltd.) -- C:\Windows\system32\drivers\brserid.sys -- (Brserid [Disabled | Stopped])
DRV - [2006/11/02 10:24:44 | 00,062,336 | -H-- | M] (Brother Industries Ltd.) -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm [Disabled | Stopped])
DRV - [2006/11/02 10:24:44 | 00,012,160 | -H-- | M] (Brother Industries Ltd.) -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm [Disabled | Stopped])
DRV - [2006/11/02 10:24:47 | 00,011,904 | -H-- | M] (Brother Industries Ltd.) -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer [On_Demand | Stopped])
DRV - [2006/11/02 11:49:28 | 00,016,488 | -H-- | M] (CMD Technology, Inc.) -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide [Disabled | Stopped])
DRV - [2007/06/19 11:37:58 | 00,229,248 | -H-- | M] (Intel Corporation) -- C:\Windows\system32\DRIVERS\e1e6032.sys -- (e1express [On_Demand | Running])
DRV - [2006/11/02 09:30:54 | 00,117,760 | -H-- | M] (Intel Corporation) -- C:\Windows\system32\DRIVERS\E1G60I32.sys -- (E1G60 [On_Demand | Stopped])
DRV - [2006/11/02 11:51:34 | 00,316,520 | -H-- | M] (Emulex) -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor [Disabled | Stopped])
DRV - [2006/11/02 09:30:56 | 00,045,568 | -H-- | M] (VIA Technologies, Inc. ) -- C:\Windows\system32\DRIVERS\fetnd5.sys -- (FETNDIS [On_Demand | Stopped])
DRV - [2008/12/08 18:01:52 | 00,055,264 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\DRIVERS\fssfltr.sys -- (fssfltr [Auto | Running])
DRV - [2006/11/02 11:50:10 | 00,037,480 | -H-- | M] (Hewlett-Packard Company) -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs [Disabled | Stopped])
DRV - [2007/10/09 00:18:44 | 00,306,200 | -H-- | M] (Intel Corporation) -- C:\Windows\system32\DRIVERS\iaStor.sys -- (iaStor [Boot | Running])
DRV - [2006/11/02 11:51:25 | 00,232,040 | -H-- | M] (Intel Corporation) -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV [Disabled | Stopped])
DRV - [2006/11/02 11:50:17 | 00,041,576 | -H-- | M] (Intel Corp./ICP vortex GmbH) -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp [Disabled | Stopped])
DRV - [2007/11/14 18:13:00 | 02,016,920 | -H-- | M] (Realtek Semiconductor Corp.) -- C:\Windows\system32\drivers\RTKVHDA.sys -- (IntcAzAudAddService [On_Demand | Running])
DRV - [2007/10/30 14:58:43 | 00,005,632 | -H-- | M] (Intel Corporation) -- C:\Windows\System32\Drivers\IntelDH.sys -- (IntelDH [On_Demand | Running])
DRV - [2006/11/02 11:50:07 | 00,035,944 | -H-- | M] (Integrated Technology Express, Inc.) -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi [Disabled | Stopped])
DRV - [2006/11/02 11:50:09 | 00,035,944 | -H-- | M] (Integrated Technology Express, Inc.) -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid [Disabled | Stopped])
DRV - [2009/04/26 17:29:07 | 00,064,160 | ---- | M] (Lavasoft AB) -- C:\Windows\system32\DRIVERS\Lbd.sys -- (Lbd [Boot | Running])
DRV - [2006/11/02 11:50:04 | 00,065,640 | -H-- | M] (LSI Logic) -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC [Disabled | Stopped])
DRV - [2006/11/02 11:50:05 | 00,065,640 | -H-- | M] (LSI Logic) -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS [Disabled | Stopped])
DRV - [2006/11/02 11:50:10 | 00,065,640 | -H-- | M] (LSI Logic) -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI [Disabled | Stopped])
DRV - [2006/11/02 11:49:53 | 00,028,776 | -H-- | M] (LSI Logic Corporation) -- C:\Windows\system32\drivers\megasas.sys -- (megasas [Disabled | Stopped])
DRV - [2006/11/02 11:49:59 | 00,033,384 | -H-- | M] (LSI Logic Corporation) -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x [Disabled | Stopped])
DRV - [2007/09/21 10:38:22 | 00,554,496 | -H-- | M] (Ralink Technology Corp.) -- C:\Windows\system32\DRIVERS\netr28u.sys -- (netr28u [On_Demand | Running])
DRV - [2006/11/02 11:50:19 | 00,045,160 | -H-- | M] (IBM Corporation) -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960 [Disabled | Stopped])
DRV - [2007/02/18 21:34:50 | 00,005,376 | --S- | M] (Gteko Ltd.) -- C:\Windows\system32\DRIVERS\nmsunidr.sys -- (nmsunidr [Auto | Running])
DRV - [2003/06/13 14:06:32 | 00,030,336 | -H-- | M] (Politecnico di Torino) -- C:\Windows\system32\drivers\npf.sys -- (NPF [On_Demand | Stopped])
DRV - [2006/11/02 09:36:50 | 00,020,608 | -H-- | M] (N-trig Innovative Technologies) -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi [Disabled | Stopped])
DRV - [2008/12/26 01:08:00 | 07,740,416 | -H-- | M] (NVIDIA Corporation) -- C:\Windows\system32\DRIVERS\nvlddmkm.sys -- (nvlddmkm [On_Demand | Running])
DRV - [2006/11/02 11:50:24 | 00,088,680 | -H-- | M] (NVIDIA Corporation) -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid [Disabled | Stopped])
DRV - [2006/11/02 11:50:13 | 00,040,040 | -H-- | M] (NVIDIA Corporation) -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor [Disabled | Stopped])
DRV - [2006/11/02 11:51:45 | 00,900,712 | -H-- | M] (QLogic Corporation) -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300 [Disabled | Stopped])
DRV - [2006/11/02 11:50:35 | 00,106,088 | -H-- | M] (QLogic Corporation) -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx [Disabled | Stopped])
DRV - [2006/11/02 09:36:43 | 02,028,032 | -H-- | M] (ATI Technologies Inc.) -- C:\Windows\system32\DRIVERS\atikmdag.sys -- (R300 [On_Demand | Stopped])
DRV - [2006/11/02 08:37:21 | 00,020,480 | -H-- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\Windows\System32\drivers\secdrv.sys -- (secdrv [Auto | Running])
DRV - [2005/03/03 19:53:57 | 00,048,640 | -H-- | M] (Protection Technology) -- C:\Windows\System32\drivers\sfdrv01.sys -- (sfdrv01 [Boot | Stopped])
DRV - [2005/02/23 17:59:54 | 00,006,656 | -H-- | M] (Protection Technology) -- C:\Windows\System32\drivers\sfhlp02.sys -- (sfhlp02 [Boot | Running])
DRV - [2004/12/03 12:20:41 | 00,020,544 | -H-- | M] (Protection Technology) -- C:\Windows\System32\drivers\sfsync02.sys -- (sfsync02 [Boot | Running])
DRV - [2006/11/02 11:50:10 | 00,038,504 | -H-- | M] (Silicon Integrated Systems Corp.) -- C:\Windows\system32\drivers\sisraid2.sys -- (SiSRaid2 [Disabled | Stopped])
DRV - [2006/11/02 11:50:16 | 00,071,784 | -H-- | M] (Silicon Integrated Systems) -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4 [Disabled | Stopped])
DRV - [2008/03/26 19:43:22 | 00,717,296 | -H-- | M] () -- C:\Windows\System32\Drivers\sptd.sys -- (sptd [Boot | Running])
DRV - [2006/11/02 11:50:05 | 00,035,944 | -H-- | M] (LSI Logic) -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx [Disabled | Stopped])
DRV - [2006/11/02 11:49:56 | 00,031,848 | -H-- | M] (LSI Logic) -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi [Disabled | Stopped])
DRV - [2006/11/02 11:50:03 | 00,034,920 | -H-- | M] (LSI Logic) -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3 [Disabled | Stopped])
DRV - [2007/06/27 11:17:46 | 00,014,552 | ---- | M] () -- C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\TSHWMDTCP.sys -- (TSHWMDTCP [On_Demand | Stopped])
DRV - [2006/11/02 11:51:25 | 00,235,112 | -H-- | M] (ULi Electronics Inc.) -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci [Disabled | Stopped])
DRV - [2006/11/02 11:50:35 | 00,098,408 | -H-- | M] (Promise Technology, Inc.) -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata [Disabled | Stopped])
DRV - [2006/11/02 11:50:45 | 00,115,816 | -H-- | M] (Promise Technology, Inc.) -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2 [Disabled | Stopped])
DRV - [2008/01/19 07:53:39 | 00,007,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\DRIVERS\umpass.sys -- (UMPass [On_Demand | Stopped])
DRV - [2006/11/02 11:49:30 | 00,017,512 | -H-- | M] (VIA Technologies, Inc.) -- C:\Windows\system32\drivers\viaide.sys -- (viaide [Disabled | Stopped])
DRV - [2006/11/02 11:50:41 | 00,112,232 | -H-- | M] (VIA Technologies Inc.,Ltd) -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid [Disabled | Stopped])
DRV - [2006/11/17 10:31:04 | 00,013,976 | -H-- | M] (X10 Wireless Technology, Inc.) -- C:\Windows\System32\Drivers\x10hid.sys -- (X10Hid [On_Demand | Running])
DRV - [2006/11/30 15:18:18 | 00,027,416 | -H-- | M] (X10 Wireless Technology, Inc.) -- C:\Windows\System32\Drivers\x10ufx2.sys -- (XUIF [On_Demand | Running])
DRV - [2009/04/06 15:32:54 | 00,038,496 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy [On_Demand | Running])

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.aldi.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.bearshare.com/be/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.nukezone.nu/"
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:8.0
FF - prefs.js..extensions.enabledItems: {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A}:2.0.0.54356
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}:6.0.07
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}:6.0.11
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}:6.0.13
FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.0
FF - prefs.js..extensions.enabledItems: {6DF9952D-B50A-4C32-B08E-B105FD77F1FF}:1.0
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.10

FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION\ [2009/02/24 23:30:38 | 00,000,000 | -H-D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\PROGRAM FILES\AVG\AVG8\FIREFOX [2009/04/13 19:41:31 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.10\extensions\\Components: C:\PROGRAM FILES\MOZILLA FIREFOX\COMPONENTS [2009/04/28 14:46:08 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.10\extensions\\Plugins: C:\PROGRAM FILES\MOZILLA FIREFOX\PLUGINS [2009/04/28 14:46:08 | 00,000,000 | ---D | M]

[2009/04/12 00:10:54 | 00,000,000 | ---D | M] -- C:\Users\kweeki\AppData\Roaming\mozilla\Extensions
[2008/12/07 21:02:58 | 00,000,000 | ---D | M] -- C:\Users\kweeki\AppData\Roaming\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/04/12 00:10:54 | 00,000,000 | ---D | M] -- C:\Users\kweeki\AppData\Roaming\mozilla\Extensions\mozswing@mozswing.org
[2009/04/06 13:09:35 | 00,000,000 | ---D | M] -- C:\Users\kweeki\AppData\Roaming\mozilla\Firefox\Profiles\4p0ebzhp.default\extensions
[2009/04/12 08:34:29 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/04/12 01:08:49 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{6DF9952D-B50A-4C32-B08E-B105FD77F1FF}
[2009/04/28 14:46:08 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2008/07/15 13:27:33 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
[2008/12/17 19:56:48 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
[2009/03/26 15:59:32 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
[2009/04/12 08:34:29 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A}
[2008/12/07 21:02:56 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\talkback@mozilla.org
[2009/04/28 14:46:06 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/04/28 14:46:06 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2009/03/30 14:39:23 | 00,001,890 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bolcom-nl.xml
[2009/03/30 14:39:23 | 00,001,706 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2009/03/30 14:39:23 | 00,004,558 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\marktplaats-nl.xml
[2009/03/30 14:39:23 | 00,001,111 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\vandale-nl.xml
[2009/03/30 14:39:23 | 00,001,049 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-nl.xml
[2009/03/30 14:39:23 | 00,000,802 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-nl.xml

O1 HOSTS File: (761 bytes) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Windows Live Family Safety Browser Helper Class) - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll (Microsoft Corporation)
O2 - BHO: (Click-to-Call BHO) - {5C255C8A-E604-49b4-9D64-90988571CECB} - C:\Program Files\Windows Live\Messenger\wlchtc.dll (Microsoft Corporation)
O2 - BHO: (no name) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - Reg Error: Key error. File not found
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (UrlHelper Class) - {74322BF9-DF26-493f-B0DA-6D2FC5E6429E} - C:\Program Files\BearShare Applications\BearShare MediaBar\BearShareIEHelper.dll ()
O2 - BHO: (Windows Live Aanmelden - Help) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - Reg Error: Key error. File not found
O3 - HKLM\..\Toolbar: (BearShare MediaBar) - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - C:\Program Files\BearShare Applications\BearShare MediaBar\BearShareMediaBar.dll (BearShare)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - Reg Error: Key error. File not found
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - Reg Error: Key error. File not found
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - Reg Error: Key error. File not found
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - C:\Program Files\BearShare Applications\BearShare MediaBar\BearShareMediaBar.dll (BearShare)
O4 - HKLM..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft)
O4 - HKLM..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [fssui] "C:\Program Files\Windows Live\Family Safety\fsui.exe" -autorun (Microsoft Corporation)
O4 - HKLM..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" (Microsoft Corporation)
O4 - HKLM..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit (NVIDIA Corporation)
O4 - HKLM..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe" (Nuance Communications, Inc.)
O4 - HKLM..\Run: [RegistryMechanic] C:\Program Files\Registry Mechanic\rmtray.exe /S (PC Tools)
O4 - HKLM..\Run: [RtHDVCpl] RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Skytel] Skytel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe /boot (Simply Super Software)
O4 - HKLM..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide (Microsoft Corporation)
O4 - HKCU..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Sidebar] "C:\Program Files\Windows Sidebar\sidebar.exe" /autoRun (Microsoft Corporation)
O4 - HKCU..\Run: [softidol] "C:\ProgramData\Support Download Download.m1fdkco" File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 (Microsoft Corporation)
O9 - Extra Button: In weblog opnemen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &In weblog opnemen met Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: Party** Game for big ones **.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - Reg Error: Value error. File not found
O9 - Extra 'Tools' menuitem : Party** Game for big ones **.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - Reg Error: Value error. File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [@%SystemRoot%\system32\nlasvc.dll,-1000] - C:\Windows\system32\NLAapi.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [@%SystemRoot%\system32\napinsp.dll,-1000] - C:\Windows\system32\napinsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [@%SystemRoot%\system32\pnrpnsp.dll,-1000] - C:\Windows\system32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [@%SystemRoot%\system32\pnrpnsp.dll,-1001] - C:\Windows\system32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [Bluetooth-naamruimte] - C:\Windows\system32\wshbth.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: nukezone.nu ([www] * in Trusted sites)
O15 - HKCU\..Trusted Domains: 12 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} file:///C:/Program%20Files/Virtual%20Villagers%20-%20The%20Secret%20City/Images/stg_drm.ocx (SpinTop DRM Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} file:///C:/Program%20Files/Virtual%20Villagers%20-%20The%20Secret%20City/Images/armhelper.ocx (ArmHelper Control)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444563540000} http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab (Reg Error: Key error.)
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (avgrsstx.dll) - C:\Windows\SYSTEM32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\Explorer.exe (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 23:43:36 | 00,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2009/03/17 15:50:40 | 00,000,071 | ---- | M] () - D:\AUTORUN.INF -- [ FAT32 ]
O32 - AutoRun File - [2005/01/14 15:28:36 | 00,671,744 | R--- | M] () - E:\autorun.exe -- [ CDFS ]
O32 - AutoRun File - [2005/01/05 12:31:29 | 00,000,055 | R--- | M] () - E:\autorun.inf -- [ CDFS ]
O33 - MountPoints2\{950f3d33-5892-11dd-a971-001d9272aafb}\Shell - "" = Autorun
O33 - MountPoints2\{950f3d33-5892-11dd-a971-001d9272aafb}\Shell\Open\command - "" = K:\resycled\boot.com -- File not found
O33 - MountPoints2\{b617a25e-b345-11dd-a981-001d9272aafb}\Shell - "" = Autorun
O33 - MountPoints2\{b617a25e-b345-11dd-a981-001d9272aafb}\Shell\Open\command - "" = K:\resycled\boot.com -- File not found
O33 - MountPoints2\{e543cabf-f780-11dc-950c-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{e543cabf-f780-11dc-950c-806e6f6e6963}\Shell\AutoRun\command - "" = E:\autorun.exe -- [2005/01/14 15:28:36 | 00,671,744 | R--- | M] ()
O33 - MountPoints2\{f3cf4105-9d35-11dd-979e-001d9272aafb}\Shell - "" = AutoRun
O33 - MountPoints2\{f3cf4105-9d35-11dd-979e-001d9272aafb}\Shell\AutoRun\command - "" = I:\Autorun.exe -- File not found
O33 - MountPoints2\K\Shell - "" = Autorun
O33 - MountPoints2\K\Shell\Open\command - "" = K:\resycled\boot.com -- File not found
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\Windows\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\Windows\System32\lsdelete.exe ()

========== Files/Folders - Created Within 30 Days ==========

[2009/04/28 15:50:01 | 00,012,192 | ---- | C] () -- C:\Users\kweeki\Documents\scan 28-04.csv
[2009/04/28 15:28:35 | 00,001,878 | ---- | C] () -- C:\Users\kweeki\Desktop\HijackThis.lnk
[2009/04/28 15:28:34 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2009/04/27 14:31:08 | 00,015,504 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2009/04/27 14:31:08 | 00,000,822 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/04/27 14:31:06 | 00,038,496 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2009/04/26 19:40:11 | 00,000,926 | ---- | C] () -- C:\Users\Public\Desktop\Trojan Remover.lnk
[2009/04/26 19:40:02 | 00,162,304 | ---- | C] () -- C:\Windows\System32\ztvunrar36.dll
[2009/04/26 19:40:02 | 00,077,312 | ---- | C] () -- C:\Windows\System32\ztvunace26.dll
[2009/04/26 19:40:02 | 00,069,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ztvcabinet.dll
[2009/04/26 19:40:01 | 00,153,088 | ---- | C] () -- C:\Windows\System32\UNRAR3.dll
[2009/04/26 19:40:01 | 00,075,264 | ---- | C] () -- C:\Windows\System32\unacev2.dll
[2009/04/26 19:40:00 | 00,000,000 | ---D | C] -- C:\Users\kweeki\Documents\Simply Super Software
[2009/04/26 19:40:00 | 00,000,000 | ---D | C] -- C:\Users\kweeki\AppData\Roaming\Simply Super Software
[2009/04/26 19:40:00 | 00,000,000 | ---D | C] -- C:\ProgramData\Simply Super Software
[2009/04/26 19:40:00 | 00,000,000 | ---D | C] -- C:\Program Files\Trojan Remover
[2009/04/26 17:29:40 | 00,064,160 | ---- | C] (Lavasoft AB) -- C:\Windows\System32\drivers\Lbd.sys
[2009/04/25 23:22:35 | 00,000,000 | ---D | C] -- C:\ProgramData\239F
[2009/04/19 00:08:34 | 00,000,000 | ---D | C] -- C:\Users\kweeki\Documents\Ten Thumbs Students
[2009/04/19 00:07:46 | 00,000,000 | ---D | C] -- C:\ProgramData\Ten Thumbs Typing Tutor
[2009/04/19 00:07:11 | 00,000,953 | ---- | C] () -- C:\Users\Public\Desktop\Ten Thumbs.lnk
[2009/04/19 00:07:08 | 00,000,000 | ---D | C] -- C:\Program Files\Ten Thumbs Typing Tutor 4.7
[2009/04/17 05:42:42 | 00,000,000 | ---D | C] -- C:\Users\kweeki\Documents\My Received Files
[2009/04/17 05:42:42 | 00,000,000 | ---D | C] -- C:\Users\kweeki\Documents\BearShare
[2009/04/17 03:15:07 | 03,580,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.dll
[2009/04/17 03:15:06 | 06,068,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieframe.dll
[2009/04/17 03:15:05 | 01,166,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\urlmon.dll
[2009/04/17 03:15:05 | 00,389,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2009/04/17 03:15:05 | 00,270,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iertutil.dll
[2009/04/17 03:15:04 | 00,827,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wininet.dll
[2009/04/17 03:15:04 | 00,458,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2009/04/17 03:15:03 | 00,230,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll
[2009/04/17 03:15:02 | 00,102,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\occache.dll
[2009/04/17 03:15:01 | 00,389,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2009/04/17 03:15:01 | 00,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieencode.dll
[2009/04/17 03:15:01 | 00,026,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2009/04/17 03:14:59 | 00,671,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2009/04/17 03:14:56 | 00,028,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2009/04/17 03:14:55 | 01,383,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2009/04/16 18:11:44 | 00,376,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winhttp.dll
[2009/04/16 18:11:43 | 00,562,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdtcprx.dll
[2009/04/16 18:11:43 | 00,038,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xolehlp.dll
[2009/04/16 18:11:40 | 03,599,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2009/04/16 18:11:40 | 03,547,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2009/04/16 18:11:40 | 00,551,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rpcss.dll
[2009/04/16 18:11:39 | 00,666,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelinesvc.exe
[2009/04/16 18:11:39 | 00,183,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sdohlp.dll
[2009/04/16 18:11:39 | 00,098,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iasrecst.dll
[2009/04/16 18:11:39 | 00,054,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iasads.dll
[2009/04/16 18:11:39 | 00,044,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iasdatastore.dll
[2009/04/16 18:11:39 | 00,026,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelineprxy.dll
[2009/04/16 18:11:39 | 00,017,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iashost.exe
[2009/04/16 18:11:37 | 01,255,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\lsasrv.dll
[2009/04/16 18:11:37 | 00,888,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\kernel32.dll
[2009/04/16 18:11:37 | 00,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secur32.dll
[2009/04/16 18:11:37 | 00,024,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\amxread.dll
[2009/04/16 18:11:37 | 00,013,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\apilogen.dll
[2009/04/15 11:38:21 | 00,000,000 | ---D | C] -- C:\Program Files\Playboy - The Mansion
[2009/04/13 18:25:54 | 00,108,552 | -H-- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgtdix.sys
[2009/04/13 18:25:54 | 00,023,832 | -H-- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgfwd6x.sys
[2009/04/13 16:48:29 | 00,000,000 | -H-D | C] -- C:\$AVG8.VAULT$
[2009/04/13 16:43:20 | 35,437,904 | ---- | C] () -- C:\Windows\System32\drivers\Avg\incavi.avm
[2009/04/13 16:43:20 | 00,032,111 | -H-- | C] () -- C:\Windows\System32\drivers\Avg\microavi.avg
[2009/04/13 16:43:20 | 00,001,651 | ---- | C] () -- C:\Users\Public\Desktop\AVG 8.5.lnk
[2009/04/13 16:43:18 | 06,061,540 | -H-- | C] () -- C:\Windows\System32\drivers\Avg\avi7.avg
[2009/04/13 16:43:18 | 00,434,673 | -H-- | C] () -- C:\Windows\System32\drivers\Avg\miniavi.avg
[2009/04/13 16:43:18 | 00,325,640 | -H-- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgldx86.sys
[2009/04/13 16:43:18 | 00,027,656 | -H-- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgmfx86.sys
[2009/04/13 16:43:18 | 00,012,552 | -H-- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgrkx86.sys
[2009/04/13 16:43:18 | 00,010,520 | -H-- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\avgrsstx.dll
[2009/04/13 16:43:18 | 00,000,000 | -H-D | C] -- C:\Windows\System32\drivers\Avg
[2009/04/13 16:43:17 | 00,000,000 | ---D | C] -- C:\Program Files\AVG
[2009/04/13 08:05:08 | 00,000,474 | ---- | C] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2009/04/12 08:42:53 | 00,000,000 | ---D | C] -- C:\ProgramData\352BF
[2009/04/12 08:34:57 | 00,000,000 | ---D | C] -- C:\ProgramData\38366
[2009/04/12 08:34:51 | 00,076,407 | ---- | C] () -- C:\Users\kweeki\AppData\Roaming\Smiley.ico
[2009/04/12 08:34:51 | 00,000,945 | ---- | C] () -- C:\Users\Public\Desktop\BearShare.lnk
[2009/04/12 08:33:43 | 00,000,000 | ---D | C] -- C:\Users\kweeki\AppData\Local\BearShare
[2009/04/12 08:33:42 | 00,483,328 | -H-- | C] (SoftShape Development) -- C:\Windows\System32\actskn45.ocx
[2009/04/12 08:33:37 | 00,000,000 | ---D | C] -- C:\Program Files\BearShare Applications
[2009/04/12 08:20:59 | 00,000,000 | ---D | C] -- C:\ProgramData\WindowsSearch
[2009/04/12 08:13:09 | 00,015,688 | -H-- | C] () -- C:\Windows\System32\lsdelete.exe
[2009/04/12 08:09:26 | 00,000,000 | ---D | C] -- C:\Users\kweeki\Desktop\Lavasoft AdAware Anniversary Edition Pro 2009
[2009/04/12 08:05:45 | 02,733,781 | -H-- | C] () -- C:\Users\kweeki\AppData\Local\IconCache.db
[2009/04/12 08:03:50 | 00,000,000 | -H-D | C] -- C:\ProgramData\{83C91755-2546-441D-AC40-9A6B4B860800}
[2009/04/12 08:03:47 | 00,001,021 | ---- | C] () -- C:\Users\Public\Desktop\Ad-Aware.lnk
[2009/04/12 07:30:06 | 00,000,000 | ---D | C] -- C:\ProgramData\Lavasoft
[2009/04/12 07:30:06 | 00,000,000 | ---D | C] -- C:\Program Files\Lavasoft
[2009/04/12 01:21:20 | 00,000,155 | -H-- | C] () -- C:\Windows\System32\SelfDel.bat
[2009/04/12 00:10:15 | 00,062,464 | ---- | C] (Lime Wire LLC) -- C:\Users\kweeki\AppData\Roaming\setup.exe
[2009/04/11 23:16:56 | 00,000,573 | ---- | C] () -- C:\Users\Public\Desktop\Singles.lnk
[2009/04/11 23:16:56 | 00,000,000 | ---D | C] -- C:\Program Files\Singles
[2009/04/11 23:13:29 | 00,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_ccdcmb_01005.Wdf
[2009/04/11 04:36:35 | 00,002,177 | ---- | C] () -- C:\Users\Public\Desktop\De Sims™ 2 Villa en Tuin Accessoires.lnk
[2009/04/11 03:49:24 | 00,000,000 | ---D | C] -- C:\Users\kweeki\AppData\Roaming\Ludia
[2009/04/11 03:49:24 | 00,000,000 | ---D | C] -- C:\ProgramData\Ludia
[2009/04/11 03:48:15 | 00,000,000 | ---D | C] -- C:\games
[2009/04/01 13:44:11 | 00,013,824 | ---- | C] () -- C:\Users\kweeki\Documents\Naam van de werkgever.docx
[2009/03/17 17:02:20 | 00,005,224 | -H-- | C] () -- C:\Windows\System32\ucuiinfo.ini
[2009/02/11 04:03:39 | 00,000,539 | -H-- | C] () -- C:\Windows\System32\MRT.INI
[2008/12/31 18:04:42 | 00,691,560 | -H-- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2008/12/18 22:50:16 | 00,001,025 | -H-- | C] () -- C:\Windows\System32\clauth2.dll
[2008/12/18 22:50:16 | 00,001,025 | -H-- | C] () -- C:\Windows\System32\clauth1.dll
[2008/11/03 21:42:16 | 00,129,024 | -H-- | C] () -- C:\Windows\System32\AVERM.dll
[2008/10/02 22:32:04 | 00,000,894 | -H-- | C] () -- C:\Windows\disney.ini
[2008/09/17 19:10:44 | 00,110,592 | -H-- | C] () -- C:\Windows\System32\usbr38.dll
[2008/08/21 15:42:50 | 00,007,168 | -H-- | C] () -- C:\Windows\System32\Dtctrace.dll
[2008/05/27 23:50:16 | 00,000,073 | -H-- | C] () -- C:\Windows\System32\ssprs.dll
[2008/05/27 23:50:15 | 00,001,025 | -H-- | C] () -- C:\Windows\System32\sysprs7.dll
[2008/05/27 23:50:15 | 00,000,205 | -H-- | C] () -- C:\Windows\System32\lsprst7.dll
[2008/05/02 23:21:47 | 00,765,952 | -H-- | C] () -- C:\Windows\System32\xvidcore.dll
[2008/05/02 23:21:47 | 00,654,848 | -H-- | C] () -- C:\Windows\System32\x264vfw.dll
[2008/05/02 23:21:47 | 00,180,224 | -H-- | C] () -- C:\Windows\System32\xvidvfw.dll
[2008/05/02 23:21:46 | 00,010,752 | -H-- | C] () -- C:\Windows\System32\ff_vfw.dll
[2008/05/02 23:21:46 | 00,000,547 | -H-- | C] () -- C:\Windows\System32\ff_vfw.dll.manifest
[2008/05/01 15:18:40 | 00,000,281 | -H-- | C] () -- C:\Windows\AvDetected.ini
[2008/03/26 19:43:22 | 00,717,296 | -H-- | C] () -- C:\Windows\System32\drivers\sptd.sys
[2008/02/13 11:20:15 | 00,009,824 | -H-- | C] () -- C:\Windows\System32\34CoInstaller.dll
[2007/11/30 00:30:28 | 03,596,288 | -H-- | C] () -- C:\Windows\System32\qt-dx331.dll
[2007/11/28 23:52:32 | 00,012,288 | -H-- | C] () -- C:\Windows\System32\DivXWMPExtType.dll
[2007/10/30 11:46:40 | 00,000,069 | -H-- | C] () -- C:\Windows\NeroDigital.ini
[2006/11/02 14:35:32 | 00,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 12:25:44 | 00,159,744 | -H-- | C] () -- C:\Windows\System32\atitmmxx.dll
[2006/11/02 12:23:31 | 00,000,388 | -H-- | C] () -- C:\Windows\win.ini
[2006/11/02 12:23:31 | 00,000,219 | -H-- | C] () -- C:\Windows\system.ini
[2006/11/02 09:40:29 | 00,013,750 | -H-- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/06/23 11:09:34 | 00,019,968 | RH-- | C] () -- C:\Windows\System32\cpuinf32.dll

========== Files - Modified Within 30 Days ==========

[1 C:\Windows\*.tmp files]
[2009/04/28 15:52:54 | 00,003,296 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2009/04/28 15:52:54 | 00,003,296 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2009/04/28 15:52:50 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2009/04/28 15:51:46 | 00,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2009/04/28 15:51:41 | 02,733,781 | -H-- | M] () -- C:\Users\kweeki\AppData\Local\IconCache.db
[2009/04/28 15:50:02 | 00,012,192 | ---- | M] () -- C:\Users\kweeki\Documents\scan 28-04.csv
[2009/04/28 15:28:35 | 00,001,878 | ---- | M] () -- C:\Users\kweeki\Desktop\HijackThis.lnk
[2009/04/27 14:31:08 | 00,000,822 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/04/26 19:40:11 | 00,000,926 | ---- | M] () -- C:\Users\Public\Desktop\Trojan Remover.lnk
[2009/04/26 18:47:12 | 35,437,904 | ---- | M] () -- C:\Windows\System32\drivers\Avg\incavi.avm
[2009/04/26 17:29:07 | 00,064,160 | ---- | M] (Lavasoft AB) -- C:\Windows\System32\drivers\Lbd.sys
[2009/04/24 13:45:05 | 00,032,111 | -H-- | M] () -- C:\Windows\System32\drivers\Avg\microavi.avg
[2009/04/20 12:44:15 | 00,434,673 | -H-- | M] () -- C:\Windows\System32\drivers\Avg\miniavi.avg
[2009/04/19 00:07:11 | 00,000,953 | ---- | M] () -- C:\Users\Public\Desktop\Ten Thumbs.lnk
[2009/04/17 05:07:39 | 00,137,216 | ---- | M] () -- C:\Users\kweeki\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/04/17 03:04:10 | 00,000,539 | -H-- | M] () -- C:\Windows\System32\MRT.INI
[2009/04/13 18:25:55 | 00,325,640 | -H-- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgldx86.sys
[2009/04/13 18:25:55 | 00,027,656 | -H-- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgmfx86.sys
[2009/04/13 18:25:55 | 00,010,520 | -H-- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\avgrsstx.dll
[2009/04/13 18:25:54 | 00,108,552 | -H-- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgtdix.sys
[2009/04/13 18:25:54 | 00,023,832 | -H-- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgfwd6x.sys
[2009/04/13 18:25:29 | 00,012,552 | -H-- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgrkx86.sys
[2009/04/13 17:48:38 | 00,062,464 | ---- | M] (Lime Wire LLC) -- C:\Users\kweeki\AppData\Roaming\setup.exe
[2009/04/13 17:02:07 | 00,000,224 | ---- | M] () -- C:\Windows\tasks\OGALogon.job
[2009/04/13 17:01:45 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2009/04/13 16:43:20 | 00,001,651 | ---- | M] () -- C:\Users\Public\Desktop\AVG 8.5.lnk
[2009/04/13 16:43:18 | 06,061,540 | -H-- | M] () -- C:\Windows\System32\drivers\Avg\avi7.avg
[2009/04/13 12:50:02 | 00,000,474 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2009/04/13 00:00:00 | 00,000,224 | ---- | M] () -- C:\Windows\tasks\OGADaily.job
[2009/04/12 08:34:51 | 00,000,945 | ---- | M] () -- C:\Users\Public\Desktop\BearShare.lnk
[2009/04/12 08:04:22 | 00,015,688 | -H-- | M] () -- C:\Windows\System32\lsdelete.exe
[2009/04/12 08:03:47 | 00,001,021 | ---- | M] () -- C:\Users\Public\Desktop\Ad-Aware.lnk
[2009/04/12 01:21:20 | 00,000,155 | -H-- | M] () -- C:\Windows\System32\SelfDel.bat
[2009/04/11 23:55:56 | 01,495,038 | -H-- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2009/04/11 23:55:56 | 00,675,574 | -H-- | M] () -- C:\Windows\System32\perfh013.dat
[2009/04/11 23:55:56 | 00,595,422 | -H-- | M] () -- C:\Windows\System32\perfh009.dat
[2009/04/11 23:55:56 | 00,130,260 | -H-- | M] () -- C:\Windows\System32\perfc013.dat
[2009/04/11 23:55:56 | 00,104,630 | -H-- | M] () -- C:\Windows\System32\perfc009.dat
[2009/04/11 23:20:48 | 00,000,573 | ---- | M] () -- C:\Users\Public\Desktop\Singles.lnk
[2009/04/11 23:13:29 | 00,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_ccdcmb_01005.Wdf
[2009/04/11 04:36:35 | 00,002,177 | ---- | M] () -- C:\Users\Public\Desktop\De Sims™ 2 Villa en Tuin Accessoires.lnk
[2009/04/08 23:18:13 | 00,013,824 | ---- | M] () -- C:\Users\kweeki\Documents\Naam van de werkgever.docx
[2009/04/06 18:30:55 | 00,007,700 | ---- | M] () -- C:\Users\kweeki\AppData\Local\d3d9caps.dat
[2009/04/06 16:57:24 | 24,921,544 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\mrt.exe
[2009/04/06 15:32:54 | 00,038,496 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2009/04/06 15:32:46 | 00,015,504 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys

========== LOP Check ==========

[2009/04/13 12:50:02 | 00,000,474 | ---- | M] () -- C:\Windows\Tasks\Ad-Aware Update (Weekly).job
[2009/04/13 00:00:00 | 00,000,224 | ---- | M] () -- C:\Windows\Tasks\OGADaily.job
[2009/04/13 17:02:07 | 00,000,224 | ---- | M] () -- C:\Windows\Tasks\OGALogon.job
[2009/04/13 17:01:45 | 00,000,006 | -H-- | M] () -- C:\Windows\Tasks\SA.DAT
[2009/04/13 16:49:46 | 00,032,546 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========


========== Alternate Data Streams ==========

@Alternate Data Stream - 153 bytes -> C:\ProgramData\TEMP:DFC5A2B2
@Alternate Data Stream - 153 bytes -> C:\ProgramData\TEMP:430C6D84
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:CB0AACC9
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:1CA73D29
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:E8435752
< End of report >

Extras.Txt
OTListIt Extras logfile created on: 28/04/2009 16:39:49 - Run 1
OTListIt2 by OldTimer - Version 2.0.14.0 Folder = C:\Users\kweeki\Downloads
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000813 | Country: België | Language: NLB | Date Format: d/MM/yyyy

2,00 Gb Total Physical Memory | 1,51 Gb Available Physical Memory | 75,52% Memory free
4,00 Gb Paging File | 4,00 Gb Available in Paging File | 100,00% Paging File free
Paging file location(s): ?:\pagefile.sys;

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 435,76 Gb Total Space | 272,12 Gb Free Space | 62,45% Space Free | Partition Type: NTFS
Drive D: | 29,98 Gb Total Space | 21,41 Gb Free Space | 71,41% Space Free | Partition Type: FAT32
Drive E: | 639,30 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: SVEN
Current User Name: kweeki
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Output = Standard
File Age = 30 Days
Company Name Whitelist: On

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = SlimBrowserHtml] -- Reg Error: Key error. File not found

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 0
"InternetSettingsDisableNotify" = 0
"AutoUpdateDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"UpdatesDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" =
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
"DisableNotifications" = 0
"EnableFirewall" = 0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01521746-02A6-4A72-00BD-A285DF6B80C6}" = De Sims 2 Studentenleven
"{101738D7-D805-37A9-BB91-1F2C351782BF}" = Microsoft .NET Framework 3.5 Language Pack SP1 - nld
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP140_series" = Canon MP140 series
"{11AFE21E-B193-430D-B57A-DFF7815BB962}" = Ulead PhotoImpact 12
"{120831D2-E9AD-4383-AC40-01FE658E11D6}" = Windows Live Sync
"{1838C5A2-AB32-4145-85C1-BB9B8DFA24CD}" = QuickTime
"{1A2A15C2-6780-49c1-B296-503230E9DE00}" = De Sims™ 2 Villa en Tuin Accessoires
"{1A38EBE5-08BD-4E0D-AAB9-0DFECACE108B}" = Windows Live Messenger
"{1BD6AE96-4742-4498-9D03-9451C7E5A214}" = Windows Live aanmeldhulp
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live - Hulpprogramma voor uploaden
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java™ 6 Update 13
"{2A8F82E8-7B86-4AFD-BFBC-2BA4C2CF52DB}" = Windows Live Call
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java™ 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3CB5AB8B-BD97-4ACC-90B8-5858EDCDCCD3}" = Windows Live Family Safety
"{3CDAFDF9-A993-4B64-8D9B-36253D9C0DC9}" = Windows Live Essentials
"{4817189D-1785-4627-A33C-39FD90919300}" = De Sims™ 2 Huisdieren
"{4DE3E3D9-AE81-45DE-9195-3015F7B1DBF3}" = Junk Mail filter update
"{5158F1F5-FA1B-4D49-B546-55A5004B89BD}" = Microsoft Works
"{5628829F-3318-4DDA-988D-D301832F1611}" = Singles
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3
"{5BB977A4-E843-4E31-9859-745F442B1043}" = Nero 8 Essentials
"{5C648FDB-0138-4619-B66E-230EF53E8E2C}" = De Sims™ 2 Tiener Accessoires
"{6522C636-B04C-4333-9BEB-9E0C0B6350D6}" = De Sims™ 2 Keuken & Bad Accessoires
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6BDD9CE6-D0A6-478A-BAD3-BA6945E89EB0}" = The Sims 2 Family Fun Stuff
"{6E17F9751-F056-4335-B718-8AF1B1092AFB}" = De Sims™ 2 IKEA® Woon Accessoires
"{6E7DD182-9FC6-4651-0095-2E666CC6AF35}" = De Sims 2
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7655E113-C306-11D9-A373-0050BAE317E1}" = MCE Software Encoder 1.1
"{7B3577F5-1D82-4C9B-008B-69D026FD8BCA}" = De Sims 2 Gaan het Maken
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{84DDE556-43EF-43ed-B2DF-37AF9E5DDD75}" = De Sims™ 2 H&M® Fashion - Accessoires
"{87F6C83D-F949-4d14-B5CB-DC8C75F8932D}" = De Sims™ 2 Vrije Tijd
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A5F34E2-37CF-4AD4-808C-2D413786E31A}" = Microsoft Visual C Runtime
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0016-0413-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Dutch) 2007
"{90120000-0016-0413-0000-0000000FF1CE}_HOMESTUDENTR_{4059772C-68BA-4FE4-9B6E-3EC37C0C4624}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0018-0413-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Dutch) 2007
"{90120000-0018-0413-0000-0000000FF1CE}_HOMESTUDENTR_{4059772C-68BA-4FE4-9B6E-3EC37C0C4624}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001B-0413-0000-0000000FF1CE}" = Microsoft Office Word MUI (Dutch) 2007
"{90120000-001B-0413-0000-0000000FF1CE}_HOMESTUDENTR_{4059772C-68BA-4FE4-9B6E-3EC37C0C4624}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{2AB528A5-BB1B-4EBE-8E51-AD0C4CD33CA9}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{3EC77D26-799B-4CD8-914F-C1565E796173}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{430971B1-C31E-45DA-81E0-72C095BAB72C}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0413-0000-0000000FF1CE}" = Microsoft Office Proof (Dutch) 2007
"{90120000-001F-0413-0000-0000000FF1CE}_HOMESTUDENTR_{B3F4DC34-7F60-4B7C-A79F-1C13012D99D4}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{F7A31780-33C4-4E39-951A-5EC9B91D7BF1}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0020-0413-0000-0000000FF1CE}" = Compatibiliteitspakket voor het 2007 Microsoft Office system
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-002C-0413-0000-0000000FF1CE}" = Microsoft Office Proofing (Dutch) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{BEE75E01-DD3F-4D5F-B96C-609E6538D419}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{FAD8A83E-9BAC-4179-9268-A35948034D85}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-006E-0413-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Dutch) 2007
"{90120000-006E-0413-0000-0000000FF1CE}_HOMESTUDENTR_{1120A001-69F4-43D2-83CE-716B2DC4366F}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-00A1-0413-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Dutch) 2007
"{90120000-00A1-0413-0000-0000000FF1CE}_HOMESTUDENTR_{4059772C-68BA-4FE4-9B6E-3EC37C0C4624}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{FAD8A83E-9BAC-4179-9268-A35948034D85}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{BEE75E01-DD3F-4D5F-B96C-609E6538D419}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{95120000-00AF-0413-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (Dutch)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95120000-0120-0413-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{9CDBC303-3EED-40b0-8E41-A7C65AA96C26}" = De Sims 2 Glamour - Accessoires
"{A7472CEE-6E85-4D43-9C71-BDFC0D471F70}" = Intel® Viiv™ software
"{AC76BA86-7AD7-1043-7B44-A91000000001}" = Adobe Reader 9.1 - Nederlands
"{AC76BA86-7AD7-5464-3428-800000000004}" = Spelling Dictionaries Support For Adobe Reader 8
"{ADE14C1E-AA43-45D3-88E5-00767D31B0E8}" = OGA Notifier 1.7.0105.35.0
"{AFAE2B15-89A0-4215-A030-F7B5B478886B}" = Call of Duty® - World at War™ 1.1 Patch
"{B145EC69-66F5-11D8-9D75-000129760D75}" = MakeDisc
"{B38B1F86-8202-482F-A289-A4806DFA498D}" = Windows Live Mail
"{B6F5B704-06D3-4687-90F3-6195304AD755}" = De Sims™ 2 Appartementsleven
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = PowerProducer
"{BBBF4CFE-9D26-4D93-A869-B2B021B3CA85}" = Intel® PRO Network Connections 12.2.41.0
"{C8114985-F9C5-4A4A-885D-C6BA4AE8F231}" = Windows Live Writer
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D36DD326-7280-11D8-97C8-000129760CBE}" = PhotoNow!
"{D5A9B7C0-8751-11D8-9D75-000129760D75}" = MediaShow
"{DE9DF561-0332-42A5-AF28-4AF028B7029D}" = Windows Live Photo Gallery
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{DEE88727-779B-47A9-ACEF-F87CA5F92A65}" = ScanSoft OmniPage SE 4
"{DFEF49D9-FC95-4301-99B9-2FB91C6ABA06}" = De Sims™ 2 Seizoenen
"{E438A4DC-8A39-4F8C-9C93-07635784016D}" = Windows Live Movie Maker Beta
"{E4C891D6-6844-41B8-86E8-633CACCC644F}" = TV Enhance
"{EAA38532-7AD0-4f78-918A-4F4F02096ECE}" = De Sims™ 2 Feest! Accessoires
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F248ADFA-64E0-4b03-8A83-059078BED6A0}" = De Sims™ 2 Op Reis
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F3759A9F-7AFA-4FB4-8DF1-53F26B979DEE}" = Belkin 54Mbps Wireless Network Adapter
"{F7529650-B9DB-481B-0089-A2AC3C2821C1}" = De Sims 2 Nachtleven
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Ad-Aware" = Ad-Aware
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player
"AVG8Uninstall" = AVG 8.5
"BearShare" = BearShare
"BearShare MediaBar" = MediaBar 2.0
"CANONIJPLM100" = PIXMA Extended Survey Program
"CCleaner" = CCleaner (remove only)
"Easy-LayoutPrint" = Canon Utilities Easy-LayoutPrint
"Easy-PhotoPrint" = Canon Utilities Easy-PhotoPrint
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Gebruikersregistratie voor Canon MP140 series" = Gebruikersregistratie voor Canon MP140 series
"HijackThis" = HijackThis 2.0.2
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{AFAE2B15-89A0-4215-A030-F7B5B478886B}" = Call of Duty® - World at War™ 1.1 Patch
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"Intel® Configuration Center" = Intel® Viiv™ software
"KLiteCodecPack_is1" = K-Lite Codec Pack 3.01 Full
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 Language Pack SP1 - nld" = Taalpakket voor Microsoft .NET Framework 3.5 SP1 - NL
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.0.10)" = Mozilla Firefox (3.0.10)
"MP Navigator 3.1" = Canon MP Navigator 3.1
"NVIDIA Drivers" = NVIDIA Drivers
"Off-linediensten van Home'Bank_is1" = Off-linediensten van Home'Bank 4.51
"PROSetDX" = Intel® PRO Network Connections 12.2.41.0
"PsuedoLiveUpdate" = LiveUpdate (Symantec Corporation)
"Registry Mechanic_is1" = Registry Mechanic 7.0
"SystemRequirementsLab" = System Requirements Lab
"Ten Thumbs_is1" = Ten Thumbs 4.7
"Trojan Remover_is1" = Trojan Remover 6.7.8
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"X10Hardware" = X10 Hardware™

========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >

checkup.txt
Results of screen317's Security Check version 0.98.3
Windows Vista Service Pack 1
``````````````````````````````
Antivirus/Firewall Check:
``````````````````````````````
AVG8.5
Antivirus up to date! (On Access scanning disabled!)
``````````````````````````````
Anti-malware/Other Utilities Check:
``````````````````````````````
Ad-Aware
Malwarebytes' Anti-Malware
HijackThis 2.0.2
CCleaner (remove only)
Java™ 6 Update 13
Java™ 6 Update 5
Java™ 6 Update 7
Out of date Java installed!
``````````````````````````````
Process Check:
objlist.exe by Laurent
``````````````````````````````
Ad-Aware AAWService.exe
Ad-Aware AAWTray.exe
AVG avgwdsvc.exe
AVG avgtray.exe
AVG avgrsx.exe
AVG avgnsx.exe
AVG avgemc.exe
``````````````````````````````
DNS Vulnerability Check:
``````````````````````````````
GREAT! (Very random)

Scan took 22 seconds.
`````````End of Log```````````
LoPhatPhuud
Apr 28 2009, 04:51 PM
What is AVG reporting as a trojan? (name and full path please, eg: C:\some folder\some other folder\the actual file)
kweeki
Apr 28 2009, 08:22 PM
file name:
C:\Windows\System32\drivers\ovfsthsreeyqctpppoxptmqptvoihkwpvevdsq.sys

The file doen't excist on my pc.
And if i run a scan my whole pc stops working and then i have to restart it.
LoPhatPhuud
Apr 30 2009, 04:20 PM
Download ComboFix from one of these locations:

Link 1
Link 2
Link 3

* IMPORTANT !!! Save ComboFix.exe to your Desktop


  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

  • Double click on ComboFix.exe & follow the prompts.

  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.



**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.




Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:



Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

Notes:

1.Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
3. Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.
4. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

Give it at least 20-30 minutes to finish if needed.
kweeki
May 2 2009, 01:23 AM
ComboFix 09-05-02.4 - kweeki 02/05/2009 3:07.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.32.1043.18.3069.1818 [GMT 2:00]
Gestart vanuit: c:\users\kweeki\Downloads\ComboFix.exe
AV: AVG Internet Security *On-access scanning enabled* (Updated)
AV: Lavasoft Ad-Watch Live! Antivirus *On-access scanning disabled* (Updated)
FW: AVG Firewall *disabled*
FW: Panda Antivirus 2008 Personal Firewall *disabled*
.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\drivers\npf.sys
c:\windows\system32\Packet.dll
c:\windows\system32\wpcap.dll
D:\Autorun.inf

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_NPF


(((((((((((((((((((( Bestanden Gemaakt van 2009-04-02 to 2009-05-02 ))))))))))))))))))))))))))))))
.

2009-04-28 20:52 . 2009-04-30 12:18 -------- dc----w c:\users\kweeki\Tracing
2009-04-28 20:47 . 2009-05-01 18:46 34 -c--a-w c:\users\kweeki\jagex_runescape_preferences.dat
2009-04-28 15:09 . 2009-04-28 20:16 -------- dc----w c:\users\kweeki\AppData\Roaming\Red Alert 3
2009-04-28 14:58 . 2009-04-28 14:59 -------- dc----w c:\users\kweeki\logs
2009-04-28 13:28 . 2009-04-28 13:28 -------- dc----w c:\program files\Trend Micro
2009-04-26 17:40 . 2005-08-25 23:50 77312 -c--a-w c:\windows\system32\ztvunace26.dll
2009-04-26 17:40 . 2006-05-25 13:52 162304 -c--a-w c:\windows\system32\ztvunrar36.dll
2009-04-26 17:40 . 2006-06-19 11:01 69632 -c--a-w c:\windows\system32\ztvcabinet.dll
2009-04-26 17:40 . 2002-03-05 23:00 75264 -c--a-w c:\windows\system32\unacev2.dll
2009-04-26 17:40 . 2003-02-02 18:06 153088 -c--a-w c:\windows\system32\UNRAR3.dll
2009-04-26 17:40 . 2009-04-26 17:40 -------- dc----w c:\programdata\Simply Super Software
2009-04-26 17:40 . 2009-04-26 17:40 -------- dc----w c:\users\All Users\Simply Super Software
2009-04-26 17:40 . 2009-04-26 17:40 -------- dc----w c:\users\kweeki\AppData\Roaming\Simply Super Software
2009-04-26 17:40 . 2009-04-26 17:41 -------- dc----w c:\program files\Trojan Remover
2009-04-26 15:29 . 2009-04-26 15:29 64160 -c--a-w c:\windows\system32\drivers\Lbd.sys
2009-04-25 21:22 . 2009-04-25 21:22 -------- dc----w c:\programdata\239F
2009-04-25 21:22 . 2009-04-25 21:22 -------- dc----w c:\users\All Users\239F
2009-04-18 22:07 . 2009-04-18 22:08 -------- dc----w c:\programdata\Ten Thumbs Typing Tutor
2009-04-18 22:07 . 2009-04-18 22:08 -------- dc----w c:\users\All Users\Ten Thumbs Typing Tutor
2009-04-18 22:07 . 2009-04-18 22:07 -------- dc----w c:\program files\Ten Thumbs Typing Tutor 4.7
2009-04-17 01:15 . 2009-03-03 04:40 827392 ----a-w c:\windows\system32\wininet.dll
2009-04-17 01:15 . 2009-03-03 02:28 26624 ----a-w c:\windows\system32\ieUnatt.exe
2009-04-17 01:15 . 2009-03-03 04:37 78336 ----a-w c:\windows\system32\ieencode.dll
2009-04-15 09:38 . 2009-04-27 15:15 -------- dc----w c:\program files\Playboy - The Mansion
2009-04-13 16:25 . 2009-04-13 16:25 108552 -c-ha-w c:\windows\system32\drivers\avgtdix.sys
2009-04-13 16:25 . 2009-04-13 16:25 23832 -c-ha-w c:\windows\system32\drivers\avgfwd6x.sys
2009-04-13 14:48 . 2009-05-01 19:20 -------- dc-h--w C:\$AVG8.VAULT$
2009-04-13 14:43 . 2009-04-13 16:25 10520 ---ha-w c:\windows\system32\avgrsstx.dll
2009-04-13 14:43 . 2009-04-13 16:25 12552 -c-ha-w c:\windows\system32\drivers\avgrkx86.sys
2009-04-13 14:43 . 2009-04-13 16:25 325640 -c-ha-w c:\windows\system32\drivers\avgldx86.sys
2009-04-13 14:43 . 2009-04-30 10:49 -------- dc-ha-w c:\windows\system32\drivers\Avg
2009-04-13 14:43 . 2009-04-13 14:43 -------- dc----w c:\program files\AVG
2009-04-12 06:42 . 2009-04-12 06:42 -------- dc----w c:\programdata\352BF
2009-04-12 06:42 . 2009-04-12 06:42 -------- dc----w c:\users\All Users\352BF
2009-04-12 06:34 . 2009-04-12 06:34 -------- dc----w c:\programdata\38366
2009-04-12 06:34 . 2009-04-12 06:34 -------- dc----w c:\users\All Users\38366
2009-04-12 06:33 . 2009-04-17 03:47 -------- dc----w c:\users\kweeki\AppData\Local\BearShare
2009-04-12 06:33 . 2009-04-12 06:34 -------- dc----w c:\program files\BearShare Applications
2009-04-12 06:20 . 2009-04-12 06:20 -------- dc----w c:\programdata\WindowsSearch
2009-04-12 06:20 . 2009-04-12 06:20 -------- dc----w c:\users\All Users\WindowsSearch
2009-04-12 06:13 . 2009-04-12 06:04 15688 -c-ha-w c:\windows\system32\lsdelete.exe
2009-04-12 06:03 . 2009-04-12 06:03 -------- dc-h--w c:\programdata\{83C91755-2546-441D-AC40-9A6B4B860800}
2009-04-12 06:03 . 2009-04-12 06:03 -------- dc-h--w c:\users\All Users\{83C91755-2546-441D-AC40-9A6B4B860800}
2009-04-12 05:30 . 2009-04-12 06:03 -------- dc----w c:\program files\Lavasoft
2009-04-12 05:30 . 2009-04-12 06:03 -------- dc----w c:\programdata\Lavasoft
2009-04-12 05:30 . 2009-04-12 06:03 -------- dc----w c:\users\All Users\Lavasoft
2009-04-11 23:21 . 2009-04-11 23:21 155 -c-ha-w c:\windows\system32\SelfDel.bat
2009-04-11 22:10 . 2009-04-13 15:48 62464 -c--a-w c:\users\kweeki\AppData\Roaming\setup.exe
2009-04-11 21:16 . 2009-04-11 21:20 -------- dc----w c:\program files\Singles
2009-04-11 01:49 . 2009-04-11 01:49 -------- dc----w c:\users\kweeki\AppData\Roaming\Ludia
2009-04-11 01:49 . 2009-04-11 01:49 -------- dc----w c:\programdata\Ludia
2009-04-11 01:49 . 2009-04-11 01:49 -------- dc----w c:\users\All Users\Ludia
2009-04-11 01:48 . 2009-04-11 23:49 -------- dc----w C:\games
2009-04-05 20:07 . 2009-04-13 15:23 -------- dc----w c:\users\kweeki\Installatieprogramma Adobe Reader 9

.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-02 01:14 . 2008-08-24 15:26 12 ----a-w c:\windows\bthservsdp.dat
2009-04-28 21:15 . 2009-01-19 21:34 -------- dc----w c:\program files\Malwarebytes' Anti-Malware
2009-04-27 15:15 . 2007-10-12 10:57 -------- dc-h--w c:\program files\InstallShield Installation Information
2009-04-17 01:09 . 2006-11-02 11:18 -------- dc----w c:\program files\Windows Mail
2009-04-13 16:26 . 2006-11-02 10:25 51200 ----a-w c:\windows\inf\infpub.dat
2009-04-13 16:26 . 2006-11-02 10:25 86016 ----a-w c:\windows\inf\infstor.dat
2009-04-13 16:26 . 2006-11-02 10:25 143360 ----a-w c:\windows\inf\infstrng.dat
2009-04-13 15:02 . 2009-02-24 21:32 224 ----a-w c:\windows\Tasks\OGALogon.job
2009-04-13 15:01 . 2006-11-02 13:01 6 ---ha-w c:\windows\Tasks\SA.DAT
2009-04-13 15:01 . 2008-11-17 15:38 -------- dc----w c:\program files\PC Tools Internet Security
2009-04-13 10:50 . 2009-04-13 06:05 474 ----a-w c:\windows\Tasks\Ad-Aware Update (Weekly).job
2009-04-12 22:00 . 2009-02-24 21:32 224 ----a-w c:\windows\Tasks\OGADaily.job
2009-04-11 23:12 . 2009-03-17 18:27 -------- dc----w c:\program files\SwiftKit
2009-04-11 21:55 . 2006-11-02 16:11 675574 -c-ha-w c:\windows\system32\perfh013.dat
2009-04-11 21:55 . 2006-11-02 16:11 130260 -c-ha-w c:\windows\system32\perfc013.dat
2009-04-11 21:13 . 2009-04-11 21:13 0 -c-ha-w c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01005.Wdf
2009-04-11 02:33 . 2009-01-23 00:35 -------- dc----w c:\program files\EA GAMES
2009-04-06 16:30 . 2008-03-22 19:00 7700 -c--a-w c:\users\kweeki\AppData\Local\d3d9caps.dat
2009-04-05 20:08 . 2008-02-13 11:07 -------- dc----w c:\program files\Common Files\Adobe
2009-03-26 13:59 . 2008-05-17 18:26 -------- dc----w c:\program files\Java
2009-03-17 15:02 . 2009-03-17 15:02 -------- dc----w c:\program files\Belkin
2009-03-17 03:38 . 2009-04-16 16:11 40960 ----a-w c:\windows\AppPatch\apihex86.dll
2009-03-17 03:38 . 2009-04-16 16:11 13824 ----a-w c:\windows\system32\apilogen.dll
2009-03-17 03:38 . 2009-04-16 16:11 24064 ----a-w c:\windows\system32\amxread.dll
2009-03-09 04:19 . 2008-12-17 17:56 410984 -c-ha-w c:\windows\system32\deploytk.dll
2009-03-03 04:46 . 2009-04-16 16:11 3599328 ----a-w c:\windows\system32\ntkrnlpa.exe
2009-03-03 04:46 . 2009-04-16 16:11 3547632 ----a-w c:\windows\system32\ntoskrnl.exe
2009-03-03 04:39 . 2009-04-16 16:11 183296 ----a-w c:\windows\system32\sdohlp.dll
2009-03-03 04:39 . 2009-04-16 16:11 551424 ----a-w c:\windows\system32\rpcss.dll
2009-03-03 04:39 . 2009-04-16 16:11 26112 ----a-w c:\windows\system32\printfilterpipelineprxy.dll
2009-03-03 04:37 . 2009-04-16 16:11 98304 ----a-w c:\windows\system32\iasrecst.dll
2009-03-03 04:37 . 2009-04-16 16:11 54784 ----a-w c:\windows\system32\iasads.dll
2009-03-03 04:37 . 2009-04-16 16:11 44032 ----a-w c:\windows\system32\iasdatastore.dll
2009-03-03 03:04 . 2009-04-16 16:11 666624 ----a-w c:\windows\system32\printfilterpipelinesvc.exe
2009-03-03 02:38 . 2009-04-16 16:11 17408 ----a-w c:\windows\system32\iashost.exe
2009-02-13 08:49 . 2009-04-16 16:11 72704 ----a-w c:\windows\system32\secur32.dll
2009-02-13 08:49 . 2009-04-16 16:11 1255936 ----a-w c:\windows\system32\lsasrv.dll
2009-02-09 03:10 . 2009-03-11 09:14 2033152 ----a-w c:\windows\system32\win32k.sys
2009-02-06 18:55 . 2009-02-06 18:55 308616 -c-ha-w c:\windows\WLXPGSS.SCR
2009-02-06 17:52 . 2009-02-06 17:52 49504 -c-ha-w c:\windows\system32\sirenacm.dll
2008-06-19 10:33 . 2006-11-02 12:50 174 --sha-w c:\program files\desktop.ini
.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{74322BF9-DF26-493f-B0DA-6D2FC5E6429E}]
2008-09-02 14:05 398776 -c--a-w c:\program files\BearShare Applications\BearShare MediaBar\BearShareIEHelper.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"softidol"="c:\programdata\Support Download Download.m1fdkco" [X]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"fssui"="c:\program files\Windows Live\Family Safety\fsui.exe" [2009-02-06 454000]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
"RegistryMechanic"="c:\program files\Registry Mechanic\rmtray.exe" [2007-08-20 701736]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-12-25 13683232]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-12-25 92704]
"OpwareSE4"="c:\program files\ScanSoft\OmniPageSE4\OpwareSE4.exe" [2007-02-04 79400]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-04-26 516440]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-04-13 1932568]
"TrojanScanner"="c:\program files\Trojan Remover\Trjscan.exe" [2009-03-30 1213320]
"RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2007-11-14 4706304]
"Skytel"="Skytel.exe" - c:\windows\SkyTel.exe [2007-10-11 1826816]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{7D4572D2-8784-406B-A5F8-4D2D5959C3C3}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{FFADDC61-246B-4985-9A66-50351C78F6D6}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{31767E90-F446-4E00-812E-84AA42CC264D}"= UDP:Profile=Private|Profile=Public:LocalSubnet:LocalSubnet|c:\program files\Intel\IntelDH\Intel Media Server\Media Server\bin\TSHWMDTCP.exe:SPCM
"{750444E4-9977-4204-98A1-6D956B2E46DC}"= TCP:Profile=Private|Profile=Public:LocalSubnet:LocalSubnet|c:\program files\Intel\IntelDH\Intel Media Server\Media Server\bin\TSHWMDTCP.exe:SPCM
"{AEDD3BB0-38BB-4736-9DB4-96BF96EAE3F1}"= UDP:Profile=Private|Profile=Public:LocalSubnet:LocalSubnet|c:\program files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe:Intel® Remoting Service
"{B07A6A26-92B7-4FCE-B8C3-EAE549466843}"= TCP:Profile=Private|Profile=Public:LocalSubnet:LocalSubnet|c:\program files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe:Intel® Remoting Service
"{3C6AF1D9-ACF3-4195-9602-5EF8FAC65380}"= UDP:Profile=Private|Profile=Public:LocalSubnet:LocalSubnet|c:\program files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe:Intel® Viiv™ Media Server
"{1FED2666-923C-4A82-B741-A7FC4EE1D9F6}"= TCP:Profile=Private|Profile=Public:LocalSubnet:LocalSubnet|c:\program files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe:Intel® Viiv™ Media Server
"{C06E1107-89C0-4DAF-978F-9DD588D3FC36}"= TCP:Profile=Private|Profile=Public|9442:127.0.0.1:Intel® Viiv™ Media Server Discovery
"{11297E20-CFAF-45CB-89E6-465AA8EA2C4E}"= TCP:Profile=Private|Profile=Public|1900:LocalSubnet:LocalSubnet:Intel® Viiv™ Media Server UPnP Discovery
"{4A72BF13-1DD4-484F-8692-152511D4C267}"= c:\program files\HomeCinema\TV Enhance\TVEnhance.exe:CyberLink TVEnhance
"{D72B71F6-74BE-4417-98C6-370B0F1B93FE}"= c:\program files\HomeCinema\TV Enhance\TVEService.exe:CyberLink TVEnhance Resident Program
"{0957244D-6AE3-404A-9F9F-20549BB40341}"= c:\program files\HomeCinema\MakeDisc\MakeDisc.exe:CyberLink MakeDisc
"{B3CA7FFE-CC21-47A4-AFC3-C66C42F4E449}"= c:\program files\HomeCinema\PowerDirector\PDR.EXE:CyberLink PowerDirector
"{60F06109-F1C7-4580-85F1-025D1A64AD15}"= c:\program files\HomeCinema\PowerDVD\PowerDVD.EXE:CyberLink PowerDVD
"{67D7168D-AC07-4917-BF19-70080530DEA9}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{5034EBAC-115D-438B-BF80-84CC1A42302B}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"TCP Query User{D8D81F95-2E9E-4BE7-8622-9EC61E10AC70}c:\\program files\\steam\\steamapps\\darksystema\\team fortress 2\\hl2.exe"= UDP:c:\program files\steam\steamapps\darksystema\team fortress 2\hl2.exe:hl2
"UDP Query User{F7A56D2E-7C4F-4EA0-8AD7-61E61E22DA33}c:\\program files\\steam\\steamapps\\darksystema\\team fortress 2\\hl2.exe"= TCP:c:\program files\steam\steamapps\darksystema\team fortress 2\hl2.exe:hl2
"{D5B39124-C27A-4ADA-A46E-A08B45678661}"= UDP:c:\program files\LimeWire\LimeWire.exe:LimeWire
"{A10165B9-4431-40FC-86FD-9A9E16C2F406}"= TCP:c:\program files\LimeWire\LimeWire.exe:LimeWire
"{1C276426-3E0A-49F2-A44C-0B702685FD1E}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{A48BD698-7342-4B08-AA9A-8FC0BB464900}"= UDP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{FF1A46FE-5F22-484C-9980-88FD1DE26044}"= TCP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{DC571E76-780B-4C5B-B992-65B4AD792427}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{93D4C91D-B082-4E2B-90BA-07DA217ADA4F}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"TCP Query User{1B6B6512-526D-465B-9F28-F9E3E3A24B5C}c:\\program files\\limewire\\limewire.exe"= UDP:c:\program files\limewire\limewire.exe:LimeWire
"UDP Query User{911BF803-A6DF-427F-8162-31A4EA4A4364}c:\\program files\\limewire\\limewire.exe"= TCP:c:\program files\limewire\limewire.exe:LimeWire
"{26244023-8351-48E7-8660-15606D8901C2}"= UDP:c:\windows\System32\migwiz\migwiz.exe:Windows Easy Transfer
"{C626BCB3-9536-4193-92F6-E58C6AC9E29F}"= TCP:c:\windows\System32\migwiz\migwiz.exe:Windows Easy Transfer
"TCP Query User{FBF87916-76D1-4204-92A5-8D5B9E854322}c:\\program files\\common files\\nero\\nero web\\setupx.exe"= UDP:c:\program files\common files\nero\nero web\setupx.exe:Nero Installer
"UDP Query User{0F6013E5-EE9C-448C-B7C3-0150D0F29583}c:\\program files\\common files\\nero\\nero web\\setupx.exe"= TCP:c:\program files\common files\nero\nero web\setupx.exe:Nero Installer
"TCP Query User{533D09F5-9C4D-4F2D-AB6A-259E0E5CE279}c:\\users\\kweeki\\appdata\\local\\temp\\onlineupdate8\\setupxu.exe"= UDP:c:\users\kweeki\appdata\local\temp\onlineupdate8\setupxu.exe:setupxu.exe
"UDP Query User{CE2DB105-29A7-4D92-94F0-C9D41F654ADD}c:\\users\\kweeki\\appdata\\local\\temp\\onlineupdate8\\setupxu.exe"= TCP:c:\users\kweeki\appdata\local\temp\onlineupdate8\setupxu.exe:setupxu.exe
"{D1710FAD-45DC-4AF5-8556-59B79AC4642A}"= UDP:c:\windows\ehome\ehshell.exe:Windows Media Center
"{CBC7FCE5-7382-48BB-9375-853679CDB2BF}"= TCP:c:\windows\ehome\ehshell.exe:Windows Media Center
"{0EB01817-0A19-47BD-9921-E64ACEA22933}"= UDP:2869:UPnP Framework
"{5B8A6027-4BC3-44AB-9F3F-F3DA68AAA978}"= TCP:10284:Windows Media Connect
"{9CE2B8E6-32B8-41C7-A8AC-A76D931718D1}"= TCP:10283:Windows Media Connect
"{D3540E4E-6D94-48EB-8A14-371E81719ABF}"= TCP:10282:Windows Media Connect
"{A7130908-5539-4B35-A879-8929F7557E3C}"= TCP:10281:Windows Media Connect
"{ADDF568C-C718-4682-A971-430154C32BE1}"= TCP:10280:Windows Media Connect
"{51E19B25-A5BA-496A-B950-84DC7635DE07}"= UDP:10243:Windows Media Connect
"{87C1BBA6-7BAF-4736-8A6E-F11A9D454BF8}"= UDP:c:\program files\DNA\btdna.exe:DNA
"{63184DCA-BA10-46BB-810A-14CBCA590BBA}"= TCP:c:\program files\DNA\btdna.exe:DNA
"TCP Query User{2EB306C5-AA2C-408E-8619-736CE3ECC58C}c:\\program files\\softnyx\\gunboundwc\\gunbound.gme"= UDP:c:\program files\softnyx\gunboundwc\gunbound.gme:GunBound
"UDP Query User{0F13F303-C515-4EC7-A1D7-721B2ADBA35D}c:\\program files\\softnyx\\gunboundwc\\gunbound.gme"= TCP:c:\program files\softnyx\gunboundwc\gunbound.gme:GunBound
"TCP Query User{0C18A1C9-EAE6-4820-97CD-A30853292A50}c:\\program files\\mozilla firefox\\firefox.exe"= UDP:c:\program files\mozilla firefox\firefox.exe:Firefox
"UDP Query User{AA48C35D-DB0E-4CAB-85D9-C2CF258BA6D4}c:\\program files\\mozilla firefox\\firefox.exe"= TCP:c:\program files\mozilla firefox\firefox.exe:Firefox
"{52A3D0F4-B091-4FAE-A125-802609123075}"= UDP:c:\program files\Team JPN\Call of Duty - World at War\CoDWaW.exe:Call of Duty® - World at War™
"{9020D9F3-673A-4851-84A2-450E642B1382}"= TCP:c:\program files\Team JPN\Call of Duty - World at War\CoDWaW.exe:Call of Duty® - World at War™
"{517DB211-65AC-43E6-BEE0-6DB5047F00E2}"= UDP:c:\program files\Team JPN\Call of Duty - World at War\CoDWaWmp.exe:Call of Duty® - World at War™
"{FD49C54E-9351-4935-9043-16F3FB23FE85}"= TCP:c:\program files\Team JPN\Call of Duty - World at War\CoDWaWmp.exe:Call of Duty® - World at War™
"TCP Query User{8B1C145E-54F5-4FA6-9102-BE27AEC95FC1}c:\\program files\\activision\\call of duty - world at war\\codwaw.exe"= UDP:c:\program files\activision\call of duty - world at war\codwaw.exe:Call of Duty®: World at War Campaign/Coop
"UDP Query User{A4135BC9-187A-45C9-8062-038AE8C6DF31}c:\\program files\\activision\\call of duty - world at war\\codwaw.exe"= TCP:c:\program files\activision\call of duty - world at war\codwaw.exe:Call of Duty®: World at War Campaign/Coop
"TCP Query User{BFA87C4D-12F6-4BC6-95C6-DB677332CD4D}c:\\program files\\activision\\call of duty - world at war\\codwawmp.exe"= UDP:c:\program files\activision\call of duty - world at war\codwawmp.exe:Call of Duty®: World at War Multiplayer
"UDP Query User{3CCE4C74-A518-485E-93FE-3371C9D62FD6}c:\\program files\\activision\\call of duty - world at war\\codwawmp.exe"= TCP:c:\program files\activision\call of duty - world at war\codwawmp.exe:Call of Duty®: World at War Multiplayer
"TCP Query User{B53E4E52-68BA-4A7F-AEE3-5FFF84ED5676}c:\\program files\\mirc\\mirc.exe"= UDP:c:\program files\mirc\mirc.exe:mIRC
"UDP Query User{3D15643D-618D-40E1-A627-1A1874E07427}c:\\program files\\mirc\\mirc.exe"= TCP:c:\program files\mirc\mirc.exe:mIRC
"TCP Query User{31A98D9A-73BD-4B96-8B6B-7C3D4987EA9B}c:\\windows\\explorer.exe"= UDP:c:\windows\explorer.exe:Windows Verkenner
"UDP Query User{BF65F7E0-D4A1-4998-889F-834A8B016BAE}c:\\windows\\explorer.exe"= TCP:c:\windows\explorer.exe:Windows Verkenner
"{B552A455-EFDB-41E1-A7D6-A4D96C6ECC19}"= c:\program files\Windows Live\Sync\WindowsLiveSync.exe:Windows Live Sync
"{3EC3AC2F-63B5-43A5-8C1B-13A36DBAB4EB}"= UDP:c:\windows\System32\ftp.exe:UDP
"{DABA1797-72EA-4FD2-9C74-E47EA12CBCF3}"= UDP:c:\windows\explorer.exe:TCP
"{7B15EF3A-BFEE-42CE-B702-2BD45A9DB19F}"= TCP:c:\windows\explorer.exe:TCP
"{BABBB47F-5F02-45F8-A50B-FE16E9872199}"= TCP:c:\windows\System32\ftp.exe:UDP
"TCP Query User{376CAF52-ACFA-4B59-93BC-325C191196BB}c:\\program files\\bearshare applications\\bearshare\\bearshare.exe"= UDP:c:\program files\bearshare applications\bearshare\bearshare.exe:BearShare
"UDP Query User{D6D08D2B-B389-46BC-A100-55F8CD2B6AF4}c:\\program files\\bearshare applications\\bearshare\\bearshare.exe"= TCP:c:\program files\bearshare applications\bearshare\bearshare.exe:BearShare
"{09FE4D5E-81ED-43A9-AF13-0BBFB29228CC}"= c:\program files\AVG\AVG8\avgnsx.exe:avgnsx.exe
"{FCC203BB-3467-4C89-A3A1-63854905AAF1}"= c:\program files\AVG\AVG8\avgupd.exe:avgupd.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

R2 DQLWinService;DQLWinService; [x]
R2 NMSCore;Intel® NMSCore; [x]
R2 QualityManager;Intel® Quality Manager; [x]
R3 ACSSCR;ACR38 Smart Card Reader;c:\windows\system32\DRIVERS\a38usb.sys [2007-01-12 35712]
R3 MBAMSwissArmy;MBAMSwissArmy; [x]
S0 AvgRkx86;avgrkx86.sys;c:\windows\System32\Drivers\avgrkx86.sys [2009-04-13 12552]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2009-04-26 64160]
S1 Avgfwfd;AVG network filter service;c:\windows\system32\DRIVERS\avgfwd6x.sys [2009-04-13 23832]
S1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\System32\Drivers\avgldx86.sys [2009-04-13 325640]
S1 AvgTdiX;AVG8 Network Redirector;c:\windows\System32\Drivers\avgtdix.sys [2009-04-13 108552]
S2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-04-13 298264]
S2 avgfws8;AVG8 Firewall;c:\progra~1\AVG\AVG8\avgfws8.exe [2009-04-13 1356616]
S2 fssfltr;fssfltr;c:\windows\system32\DRIVERS\fssfltr.sys [2008-12-08 55264]
S2 fsssvc;Windows Live Family Safety;c:\program files\Windows Live\Family Safety\fsssvc.exe [2009-02-06 533360]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2009-04-26 953168]
S2 nmsunidr;UniDriver for NMS;c:\windows\system32\DRIVERS\nmsunidr.sys [2007-02-18 5376]
S2 TVECapSvc;TVEnhance Background Capture Service (TBCS);c:\program files\HomeCinema\TV Enhance\Kernel\TV\TVECapSvc.exe [2009-04-12 294912]
S2 TVESched;TVEnhance Task Scheduler (TTS));c:\program files\HomeCinema\TV Enhance\Kernel\TV\TVESched.exe [2009-04-12 118784]
S3 3xHybrid;Philips SAA713x PCI Card;c:\windows\system32\DRIVERS\3xHybrid.sys [2008-01-08 1302368]
S3 IntelDH;IntelDH Driver;c:\windows\system32\Drivers\IntelDH.sys [2007-10-30 5632]
S3 netr28u;RT2870 USB Wireless LAN Card Driver for Vista;c:\windows\system32\DRIVERS\netr28u.sys [2007-09-21 554496]
S3 X10Hid;X10 Hid Device;c:\windows\system32\Drivers\x10hid.sys [2006-11-17 13976]


--- Andere Services/Drivers In Geheugen ---

*Deregistered* - sptd

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\K]
\shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL k:\resycled\boot.com l:
\shell\Open\command - k:\resycled\boot.com l:

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{950f3d33-5892-11dd-a971-001d9272aafb}]
\shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL k:\resycled\boot.com l:
\shell\Open\command - k:\resycled\boot.com l:

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b617a25e-b345-11dd-a981-001d9272aafb}]
\shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL k:\resycled\boot.com k:
\shell\Open\command - k:\resycled\boot.com k:

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e543cabf-f780-11dc-950c-806e6f6e6963}]
\shell\AutoRun\command - E:\autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f3cf4105-9d35-11dd-979e-001d9272aafb}]
\shell\AutoRun\command - I:\Autorun.exe
.
Inhoud van de 'Gedeelde Taken' map

2009-04-13 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-01-18 15:29]

2009-04-12 c:\windows\Tasks\OGADaily.job
- c:\windows\system32\OGAVerify.exe [2008-12-31 16:04]

2009-04-13 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAVerify.exe [2008-12-31 16:04]
.
- - - - ORPHANS VERWIJDERD - - - -

WebBrowser-{32099AAC-C132-4136-9E9A-4E364A424E17} - (no file)


.
------- Bijkomende Scan -------
.
uStart Page = hxxp://www.hotmail.com/
mSearch Bar = hxxp://www.google.com/ie
IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
Trusted Zone: nukezone.nu\www
FF - ProfilePath - c:\users\kweeki\AppData\Roaming\Mozilla\Firefox\Profiles\4p0ebzhp.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.nukezone.nu/
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npOGAPlugin.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-02 03:16
Windows 6.0.6001 Service Pack 1 NTFS

scannen van verborgen processen ...

scannen van verborgen autostart items ...

scannen van verborgen bestanden ...


c:\windows\system32\drivers\ovfsthsreeyqctpppoxptmqptvoihkwpvevdsq.sys 83968 bytes executable
c:\windows\system32\drivers\ovfsthsreeyqctpppoxptmqptvoihkwpvevdsq.sys.vir 83968 bytes executable
c:\windows\system32\ovfstheuqwxbthfwvbyrjroeepcebmqiysipiq.dat 1598 bytes
c:\windows\system32\ovfsthfpqlvttfrpxymflcxxrqmncssbgtousm.dll 17920 bytes executable
c:\windows\system32\ovfsthhhasedpkjwopctldwnqkjjdrgofbuqmq.dll 61440 bytes executable
c:\windows\system32\ovfsthipstoivbiqfdgvuvyvmvekqbtuvuhrvk.dll.vir 18432 bytes executable
c:\windows\system32\ovfsthlog.dat 691 bytes
c:\windows\system32\ovfsthmtdfqlvxvqipivcacvkgumodqtddjvqd.dat 43 bytes
c:\windows\system32\ovfsthrrhrsncgexxtyovrfddjxwotikrqtxwb.dll.vir 17920 bytes executable
c:\windows\system32\ovfsthruenxtxgybroippibrqwktlofavvceje.dll 19456 bytes executable
c:\users\kweeki\AppData\Local\Temp\ovfsthx000 0 bytes
c:\windows\TEMP\ovfsthxvmrrtphbo.tmp 49152 bytes executable

Scan succesvol afgerond
verborgen bestanden: 12

**************************************************************************
.
--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------

[HKEY_USERS\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_USERS\SYSTEM\ControlSet002\Services\ovfsthcrdorxqiwfbmiyxueqivtmuoenxdvsso]
@DACL=(02 0000)
"start"=dword:00000001
"type"=dword:00000001
"group"="file system"
"imagepath"=expand:"\\systemroot\\system32\\drivers\\ovfsthsreeyqctpppoxptmqptvoihkwpvevdsq.sys"
"inst"=dword:00000000

[HKEY_USERS\SYSTEM\ControlSet003\Services\ovfsthcrdorxqiwfbmiyxueqivtmuoenxdvsso]
@DACL=(02 0000)
"start"=dword:00000001
"type"=dword:00000001
"group"="file system"
"imagepath"=expand:"\\systemroot\\system32\\drivers\\ovfsthsreeyqctpppoxptmqptvoihkwpvevdsq.sys"

[HKEY_USERS\SYSTEM\ControlSet004\Services\ovfsthcrdorxqiwfbmiyxueqivtmuoenxdvsso]
@DACL=(02 0000)
"start"=dword:00000001
"type"=dword:00000001
"group"="file system"
"imagepath"=expand:"\\systemroot\\system32\\drivers\\ovfsthsreeyqctpppoxptmqptvoihkwpvevdsq.sys"

[HKEY_USERS\SYSTEM\ControlSet005\Services\ovfsthcrdorxqiwfbmiyxueqivtmuoenxdvsso]
@DACL=(02 0000)
"start"=dword:00000001
"type"=dword:00000001
"group"="file system"
"imagepath"=expand:"\\systemroot\\system32\\drivers\\ovfsthsreeyqctpppoxptmqptvoihkwpvevdsq.sys"

[HKEY_USERS\SYSTEM\ControlSet006\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
------------------------ Andere Aktieve Processen ------------------------
.
c:\windows\System32\nvvsvc.exe
c:\windows\System32\audiodg.exe
c:\windows\System32\rundll32.exe
c:\progra~1\AVG\AVG8\avgam.exe
c:\progra~1\AVG\AVG8\avgrsx.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
c:\program files\Nero\Nero8\Nero BackItUp\NBService.exe
c:\progra~1\COMMON~1\X10\Common\X10nets.exe
c:\program files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe
c:\program files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe
c:\windows\System32\wbem\unsecapp.exe
c:\windows\System32\rundll32.exe
c:\program files\Windows Media Player\wmpnscfg.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\System32\wbem\unsecapp.exe
c:\windows\ehome\ehmsas.exe
c:\windows\ehome\ehsched.exe
c:\windows\ehome\ehrecvr.exe
.
**************************************************************************
.
Voltooingstijd: 2009-05-02 3:21 - machine werd herstart
ComboFix-quarantined-files.txt 2009-05-02 01:21

Pre-Run: 291.938.668.544 bytes beschikbaar
Post-Run: 291.624.361.984 bytes beschikbaar

Current=1 Default=1 Failed=0 LastKnownGood=6 Sets=1,2,3,4,5,6
385 --- E O F --- 2009-04-17 03:02
LoPhatPhuud
May 2 2009, 04:33 PM
1. Close any open browsers.

2. Open notepad and copy/paste the text in the quotebox below into it:

QUOTE
KillAll::

File::
c:\windows\system32\drivers\ovfsthsreeyqctpppoxptmqptvoihkwpvevdsq.sys
c:\windows\system32\drivers\ovfsthsreeyqctpppoxptmqptvoihkwpvevdsq.sys.vir
c:\windows\system32\ovfstheuqwxbthfwvbyrjroeepcebmqiysipiq.dat
c:\windows\system32\ovfsthfpqlvttfrpxymflcxxrqmncssbgtousm.dll
c:\windows\system32\ovfsthhhasedpkjwopctldwnqkjjdrgofbuqmq.dll
c:\windows\system32\ovfsthipstoivbiqfdgvuvyvmvekqbtuvuhrvk.dll.vir
c:\windows\system32\ovfsthlog.dat
c:\windows\system32\ovfsthmtdfqlvxvqipivcacvkgumodqtddjvqd.dat
c:\windows\system32\ovfsthrrhrsncgexxtyovrfddjxwotikrqtxwb.dll.vir
c:\windows\system32\ovfsthruenxtxgybroippibrqwktlofavvceje.dll
c:\users\kweeki\AppData\Local\Temp\ovfsthx000
c:\windows\TEMP\ovfsthxvmrrtphbo.tmp

Registry::
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\K]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{950f3d33-5892-11dd-a971-001d9272aafb}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b617a25e-b345-11dd-a981-001d9272aafb}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e543cabf-f780-11dc-950c-806e6f6e6963}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f3cf4105-9d35-11dd-979e-001d9272aafb}]


Save this as CFScript.txt, in the same location as ComboFix.exe




Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at "C:\ComboFix.txt"

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall
kweeki
May 2 2009, 09:03 PM
ComboFix 09-05-02.4 - kweeki 02/05/2009 22:48.2 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.32.1043.18.3069.1783 [GMT 2:00]
Gestart vanuit: c:\users\kweeki\Downloads\ComboFix.exe
gebruikte Opdracht switches :: c:\users\kweeki\Desktop\CFScript.txt
AV: AVG Internet Security *On-access scanning enabled* (Updated)
AV: Lavasoft Ad-Watch Live! Antivirus *On-access scanning disabled* (Updated)
FW: AVG Firewall *disabled*
FW: Panda Antivirus 2008 Personal Firewall *disabled*

FILE ::
c:\users\kweeki\AppData\Local\Temp\ovfsthx000
c:\windows\system32\drivers\ovfsthsreeyqctpppoxptmqptvoihkwpvevdsq.sys
c:\windows\system32\drivers\ovfsthsreeyqctpppoxptmqptvoihkwpvevdsq.sys.vir
c:\windows\system32\ovfstheuqwxbthfwvbyrjroeepcebmqiysipiq.dat
c:\windows\system32\ovfsthfpqlvttfrpxymflcxxrqmncssbgtousm.dll
c:\windows\system32\ovfsthhhasedpkjwopctldwnqkjjdrgofbuqmq.dll
c:\windows\system32\ovfsthipstoivbiqfdgvuvyvmvekqbtuvuhrvk.dll.vir
c:\windows\system32\ovfsthlog.dat
c:\windows\system32\ovfsthmtdfqlvxvqipivcacvkgumodqtddjvqd.dat
c:\windows\system32\ovfsthrrhrsncgexxtyovrfddjxwotikrqtxwb.dll.vir
c:\windows\system32\ovfsthruenxtxgybroippibrqwktlofavvceje.dll
c:\windows\TEMP\ovfsthxvmrrtphbo.tmp
.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\users\kweeki\AppData\Local\Temp\ovfsthx000
c:\windows\system32\drivers\ovfsthsreeyqctpppoxptmqptvoihkwpvevdsq.sys
c:\windows\system32\drivers\ovfsthsreeyqctpppoxptmqptvoihkwpvevdsq.sys.vir
c:\windows\system32\ovfstheuqwxbthfwvbyrjroeepcebmqiysipiq.dat
c:\windows\system32\ovfsthhhasedpkjwopctldwnqkjjdrgofbuqmq.dll
c:\windows\system32\ovfsthipstoivbiqfdgvuvyvmvekqbtuvuhrvk.dll.vir
c:\windows\system32\ovfsthlog.dat
c:\windows\system32\ovfsthmtdfqlvxvqipivcacvkgumodqtddjvqd.dat
c:\windows\system32\ovfsthrrhrsncgexxtyovrfddjxwotikrqtxwb.dll.vir
c:\windows\system32\winglsetup.exe
c:\windows\TEMP\ovfsthxvmrrtphbo.tmp

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_ovfsthcrdorxqiwfbmiyxueqivtmuoenxdvsso


(((((((((((((((((((( Bestanden Gemaakt van 2009-04-02 to 2009-05-02 ))))))))))))))))))))))))))))))
.

2009-04-28 20:52 . 2009-05-02 20:34 -------- dc----w c:\users\kweeki\Tracing
2009-04-28 20:47 . 2009-05-02 10:38 34 -c--a-w c:\users\kweeki\jagex_runescape_preferences.dat
2009-04-28 15:09 . 2009-04-28 20:16 -------- dc----w c:\users\kweeki\AppData\Roaming\Red Alert 3
2009-04-28 14:58 . 2009-04-28 14:59 -------- dc----w c:\users\kweeki\logs
2009-04-28 13:28 . 2009-04-28 13:28 -------- dc----w c:\program files\Trend Micro
2009-04-26 17:40 . 2005-08-25 23:50 77312 -c--a-w c:\windows\system32\ztvunace26.dll
2009-04-26 17:40 . 2006-05-25 13:52 162304 -c--a-w c:\windows\system32\ztvunrar36.dll
2009-04-26 17:40 . 2006-06-19 11:01 69632 -c--a-w c:\windows\system32\ztvcabinet.dll
2009-04-26 17:40 . 2002-03-05 23:00 75264 -c--a-w c:\windows\system32\unacev2.dll
2009-04-26 17:40 . 2003-02-02 18:06 153088 -c--a-w c:\windows\system32\UNRAR3.dll
2009-04-26 17:40 . 2009-04-26 17:40 -------- dc----w c:\programdata\Simply Super Software
2009-04-26 17:40 . 2009-04-26 17:40 -------- dc----w c:\users\All Users\Simply Super Software
2009-04-26 17:40 . 2009-04-26 17:40 -------- dc----w c:\users\kweeki\AppData\Roaming\Simply Super Software
2009-04-26 17:40 . 2009-04-26 17:41 -------- dc----w c:\program files\Trojan Remover
2009-04-26 15:29 . 2009-04-26 15:29 64160 -c--a-w c:\windows\system32\drivers\Lbd.sys
2009-04-25 21:22 . 2009-04-25 21:22 -------- dc----w c:\programdata\239F
2009-04-25 21:22 . 2009-04-25 21:22 -------- dc----w c:\users\All Users\239F
2009-04-18 22:07 . 2009-04-18 22:08 -------- dc----w c:\programdata\Ten Thumbs Typing Tutor
2009-04-18 22:07 . 2009-04-18 22:08 -------- dc----w c:\users\All Users\Ten Thumbs Typing Tutor
2009-04-18 22:07 . 2009-04-18 22:07 -------- dc----w c:\program files\Ten Thumbs Typing Tutor 4.7
2009-04-17 01:15 . 2009-03-03 04:40 827392 ----a-w c:\windows\system32\wininet.dll
2009-04-17 01:15 . 2009-03-03 02:28 26624 ----a-w c:\windows\system32\ieUnatt.exe
2009-04-17 01:15 . 2009-03-03 04:37 78336 ----a-w c:\windows\system32\ieencode.dll
2009-04-15 09:38 . 2009-04-27 15:15 -------- dc----w c:\program files\Playboy - The Mansion
2009-04-13 16:25 . 2009-04-13 16:25 108552 -c-ha-w c:\windows\system32\drivers\avgtdix.sys
2009-04-13 16:25 . 2009-04-13 16:25 23832 -c-ha-w c:\windows\system32\drivers\avgfwd6x.sys
2009-04-13 14:48 . 2009-05-02 11:11 -------- dc-h--w C:\$AVG8.VAULT$
2009-04-13 14:43 . 2009-04-13 16:25 10520 ---ha-w c:\windows\system32\avgrsstx.dll
2009-04-13 14:43 . 2009-04-13 16:25 12552 -c-ha-w c:\windows\system32\drivers\avgrkx86.sys
2009-04-13 14:43 . 2009-04-13 16:25 325640 -c-ha-w c:\windows\system32\drivers\avgldx86.sys
2009-04-13 14:43 . 2009-05-02 10:42 -------- dc-ha-w c:\windows\system32\drivers\Avg
2009-04-13 14:43 . 2009-04-13 14:43 -------- dc----w c:\program files\AVG
2009-04-12 06:42 . 2009-04-12 06:42 -------- dc----w c:\programdata\352BF
2009-04-12 06:42 . 2009-04-12 06:42 -------- dc----w c:\users\All Users\352BF
2009-04-12 06:34 . 2009-04-12 06:34 -------- dc----w c:\programdata\38366
2009-04-12 06:34 . 2009-04-12 06:34 -------- dc----w c:\users\All Users\38366
2009-04-12 06:33 . 2009-04-17 03:47 -------- dc----w c:\users\kweeki\AppData\Local\BearShare
2009-04-12 06:33 . 2009-04-12 06:34 -------- dc----w c:\program files\BearShare Applications
2009-04-12 06:20 . 2009-04-12 06:20 -------- dc----w c:\programdata\WindowsSearch
2009-04-12 06:20 . 2009-04-12 06:20 -------- dc----w c:\users\All Users\WindowsSearch
2009-04-12 06:13 . 2009-04-12 06:04 15688 -c-ha-w c:\windows\system32\lsdelete.exe
2009-04-12 06:03 . 2009-04-12 06:03 -------- dc-h--w c:\programdata\{83C91755-2546-441D-AC40-9A6B4B860800}
2009-04-12 06:03 . 2009-04-12 06:03 -------- dc-h--w c:\users\All Users\{83C91755-2546-441D-AC40-9A6B4B860800}
2009-04-12 05:30 . 2009-04-12 06:03 -------- dc----w c:\program files\Lavasoft
2009-04-12 05:30 . 2009-04-12 06:03 -------- dc----w c:\programdata\Lavasoft
2009-04-12 05:30 . 2009-04-12 06:03 -------- dc----w c:\users\All Users\Lavasoft
2009-04-11 23:21 . 2009-04-11 23:21 155 -c-ha-w c:\windows\system32\SelfDel.bat
2009-04-11 22:10 . 2009-04-13 15:48 62464 -c--a-w c:\users\kweeki\AppData\Roaming\setup.exe
2009-04-11 21:16 . 2009-04-11 21:20 -------- dc----w c:\program files\Singles
2009-04-11 01:49 . 2009-04-11 01:49 -------- dc----w c:\users\kweeki\AppData\Roaming\Ludia
2009-04-11 01:49 . 2009-04-11 01:49 -------- dc----w c:\programdata\Ludia
2009-04-11 01:49 . 2009-04-11 01:49 -------- dc----w c:\users\All Users\Ludia
2009-04-11 01:48 . 2009-04-11 23:49 -------- dc----w C:\games
2009-04-05 20:07 . 2009-04-13 15:23 -------- dc----w c:\users\kweeki\Installatieprogramma Adobe Reader 9

.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-02 20:53 . 2008-08-24 15:26 12 ----a-w c:\windows\bthservsdp.dat
2009-05-02 20:48 . 2009-05-02 01:19 1525964 -c--a-w c:\windows\system32\PerfStringBackup.TMP
2009-04-28 21:15 . 2009-01-19 21:34 -------- dc----w c:\program files\Malwarebytes' Anti-Malware
2009-04-27 15:15 . 2007-10-12 10:57 -------- dc-h--w c:\program files\InstallShield Installation Information
2009-04-17 01:09 . 2006-11-02 11:18 -------- dc----w c:\program files\Windows Mail
2009-04-13 16:26 . 2006-11-02 10:25 51200 ----a-w c:\windows\inf\infpub.dat
2009-04-13 16:26 . 2006-11-02 10:25 86016 ----a-w c:\windows\inf\infstor.dat
2009-04-13 16:26 . 2006-11-02 10:25 143360 ----a-w c:\windows\inf\infstrng.dat
2009-04-13 15:02 . 2009-02-24 21:32 224 ----a-w c:\windows\Tasks\OGALogon.job
2009-04-13 15:01 . 2006-11-02 13:01 6 ---ha-w c:\windows\Tasks\SA.DAT
2009-04-13 15:01 . 2008-11-17 15:38 -------- dc----w c:\program files\PC Tools Internet Security
2009-04-13 10:50 . 2009-04-13 06:05 474 ----a-w c:\windows\Tasks\Ad-Aware Update (Weekly).job
2009-04-12 22:00 . 2009-02-24 21:32 224 ----a-w c:\windows\Tasks\OGADaily.job
2009-04-11 23:12 . 2009-03-17 18:27 -------- dc----w c:\program files\SwiftKit
2009-04-11 21:55 . 2006-11-02 16:11 675574 -c-ha-w c:\windows\system32\perfh013.dat
2009-04-11 21:55 . 2006-11-02 16:11 130260 -c-ha-w c:\windows\system32\perfc013.dat
2009-04-11 21:13 . 2009-04-11 21:13 0 -c-ha-w c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01005.Wdf
2009-04-11 02:33 . 2009-01-23 00:35 -------- dc----w c:\program files\EA GAMES
2009-04-06 16:30 . 2008-03-22 19:00 7700 -c--a-w c:\users\kweeki\AppData\Local\d3d9caps.dat
2009-04-05 20:08 . 2008-02-13 11:07 -------- dc----w c:\program files\Common Files\Adobe
2009-03-26 13:59 . 2008-05-17 18:26 -------- dc----w c:\program files\Java
2009-03-17 15:02 . 2009-03-17 15:02 -------- dc----w c:\program files\Belkin
2009-03-17 03:38 . 2009-04-16 16:11 40960 ----a-w c:\windows\AppPatch\apihex86.dll
2009-03-17 03:38 . 2009-04-16 16:11 13824 ----a-w c:\windows\system32\apilogen.dll
2009-03-17 03:38 . 2009-04-16 16:11 24064 ----a-w c:\windows\system32\amxread.dll
2009-03-09 04:19 . 2008-12-17 17:56 410984 -c-ha-w c:\windows\system32\deploytk.dll
2009-03-03 04:46 . 2009-04-16 16:11 3599328 ----a-w c:\windows\system32\ntkrnlpa.exe
2009-03-03 04:46 . 2009-04-16 16:11 3547632 ----a-w c:\windows\system32\ntoskrnl.exe
2009-03-03 04:39 . 2009-04-16 16:11 183296 ----a-w c:\windows\system32\sdohlp.dll
2009-03-03 04:39 . 2009-04-16 16:11 551424 ----a-w c:\windows\system32\rpcss.dll
2009-03-03 04:39 . 2009-04-16 16:11 26112 ----a-w c:\windows\system32\printfilterpipelineprxy.dll
2009-03-03 04:37 . 2009-04-16 16:11 98304 ----a-w c:\windows\system32\iasrecst.dll
2009-03-03 04:37 . 2009-04-16 16:11 54784 ----a-w c:\windows\system32\iasads.dll
2009-03-03 04:37 . 2009-04-16 16:11 44032 ----a-w c:\windows\system32\iasdatastore.dll
2009-03-03 03:04 . 2009-04-16 16:11 666624 ----a-w c:\windows\system32\printfilterpipelinesvc.exe
2009-03-03 02:38 . 2009-04-16 16:11 17408 ----a-w c:\windows\system32\iashost.exe
2009-02-13 08:49 . 2009-04-16 16:11 72704 ----a-w c:\windows\system32\secur32.dll
2009-02-13 08:49 . 2009-04-16 16:11 1255936 ----a-w c:\windows\system32\lsasrv.dll
2009-02-09 03:10 . 2009-03-11 09:14 2033152 ----a-w c:\windows\system32\win32k.sys
2009-02-06 18:55 . 2009-02-06 18:55 308616 -c-ha-w c:\windows\WLXPGSS.SCR
2009-02-06 17:52 . 2009-02-06 17:52 49504 -c-ha-w c:\windows\system32\sirenacm.dll
2008-06-19 10:33 . 2006-11-02 12:50 174 --sha-w c:\program files\desktop.ini
.

((((((((((((((((((((((((((((( SnapShot@2009-05-02_01.16.53 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-10-12 10:23 . 2009-05-02 20:46 82648 c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2008-03-21 20:17 . 2009-05-02 20:56 21508 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1774793631-3268767737-1350337627-1001_UserData.bin
+ 2008-03-21 20:04 . 2009-05-02 20:54 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2008-03-21 20:04 . 2009-05-02 01:15 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2008-03-21 20:04 . 2009-05-02 01:15 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-03-21 20:04 . 2009-05-02 20:54 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-05-02 01:15 . 2009-05-02 01:15 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2009-05-02 20:54 . 2009-05-02 20:54 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2009-05-02 01:15 . 2009-05-02 01:15 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-05-02 20:54 . 2009-05-02 20:54 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2006-11-02 13:05 . 2009-05-02 20:56 144048 c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2008-03-21 20:04 . 2009-05-02 01:15 311296 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-03-21 20:04 . 2009-05-02 20:54 311296 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{74322BF9-DF26-493f-B0DA-6D2FC5E6429E}]
2008-09-02 14:05 398776 -c--a-w c:\program files\BearShare Applications\BearShare MediaBar\BearShareIEHelper.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"softidol"="c:\programdata\Support Download Download.m1fdkco" [X]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"fssui"="c:\program files\Windows Live\Family Safety\fsui.exe" [2009-02-06 454000]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
"RegistryMechanic"="c:\program files\Registry Mechanic\rmtray.exe" [2007-08-20 701736]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-12-25 13683232]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-12-25 92704]
"OpwareSE4"="c:\program files\ScanSoft\OmniPageSE4\OpwareSE4.exe" [2007-02-04 79400]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-04-26 516440]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-04-13 1932568]
"TrojanScanner"="c:\program files\Trojan Remover\Trjscan.exe" [2009-03-30 1213320]
"RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2007-11-14 4706304]
"Skytel"="Skytel.exe" - c:\windows\SkyTel.exe [2007-10-11 1826816]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{7D4572D2-8784-406B-A5F8-4D2D5959C3C3}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{FFADDC61-246B-4985-9A66-50351C78F6D6}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{31767E90-F446-4E00-812E-84AA42CC264D}"= UDP:Profile=Private|Profile=Public:LocalSubnet:LocalSubnet|c:\program files\Intel\IntelDH\Intel Media Server\Media Server\bin\TSHWMDTCP.exe:SPCM
"{750444E4-9977-4204-98A1-6D956B2E46DC}"= TCP:Profile=Private|Profile=Public:LocalSubnet:LocalSubnet|c:\program files\Intel\IntelDH\Intel Media Server\Media Server\bin\TSHWMDTCP.exe:SPCM
"{AEDD3BB0-38BB-4736-9DB4-96BF96EAE3F1}"= UDP:Profile=Private|Profile=Public:LocalSubnet:LocalSubnet|c:\program files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe:Intel® Remoting Service
"{B07A6A26-92B7-4FCE-B8C3-EAE549466843}"= TCP:Profile=Private|Profile=Public:LocalSubnet:LocalSubnet|c:\program files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe:Intel® Remoting Service
"{3C6AF1D9-ACF3-4195-9602-5EF8FAC65380}"= UDP:Profile=Private|Profile=Public:LocalSubnet:LocalSubnet|c:\program files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe:Intel® Viiv™ Media Server
"{1FED2666-923C-4A82-B741-A7FC4EE1D9F6}"= TCP:Profile=Private|Profile=Public:LocalSubnet:LocalSubnet|c:\program files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe:Intel® Viiv™ Media Server
"{C06E1107-89C0-4DAF-978F-9DD588D3FC36}"= TCP:Profile=Private|Profile=Public|9442:127.0.0.1:Intel® Viiv™ Media Server Discovery
"{11297E20-CFAF-45CB-89E6-465AA8EA2C4E}"= TCP:Profile=Private|Profile=Public|1900:LocalSubnet:LocalSubnet:Intel® Viiv™ Media Server UPnP Discovery
"{4A72BF13-1DD4-484F-8692-152511D4C267}"= c:\program files\HomeCinema\TV Enhance\TVEnhance.exe:CyberLink TVEnhance
"{D72B71F6-74BE-4417-98C6-370B0F1B93FE}"= c:\program files\HomeCinema\TV Enhance\TVEService.exe:CyberLink TVEnhance Resident Program
"{0957244D-6AE3-404A-9F9F-20549BB40341}"= c:\program files\HomeCinema\MakeDisc\MakeDisc.exe:CyberLink MakeDisc
"{B3CA7FFE-CC21-47A4-AFC3-C66C42F4E449}"= c:\program files\HomeCinema\PowerDirector\PDR.EXE:CyberLink PowerDirector
"{60F06109-F1C7-4580-85F1-025D1A64AD15}"= c:\program files\HomeCinema\PowerDVD\PowerDVD.EXE:CyberLink PowerDVD
"{67D7168D-AC07-4917-BF19-70080530DEA9}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{5034EBAC-115D-438B-BF80-84CC1A42302B}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"TCP Query User{D8D81F95-2E9E-4BE7-8622-9EC61E10AC70}c:\\program files\\steam\\steamapps\\darksystema\\team fortress 2\\hl2.exe"= UDP:c:\program files\steam\steamapps\darksystema\team fortress 2\hl2.exe:hl2
"UDP Query User{F7A56D2E-7C4F-4EA0-8AD7-61E61E22DA33}c:\\program files\\steam\\steamapps\\darksystema\\team fortress 2\\hl2.exe"= TCP:c:\program files\steam\steamapps\darksystema\team fortress 2\hl2.exe:hl2
"{D5B39124-C27A-4ADA-A46E-A08B45678661}"= UDP:c:\program files\LimeWire\LimeWire.exe:LimeWire
"{A10165B9-4431-40FC-86FD-9A9E16C2F406}"= TCP:c:\program files\LimeWire\LimeWire.exe:LimeWire
"{1C276426-3E0A-49F2-A44C-0B702685FD1E}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{A48BD698-7342-4B08-AA9A-8FC0BB464900}"= UDP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{FF1A46FE-5F22-484C-9980-88FD1DE26044}"= TCP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{DC571E76-780B-4C5B-B992-65B4AD792427}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{93D4C91D-B082-4E2B-90BA-07DA217ADA4F}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"TCP Query User{1B6B6512-526D-465B-9F28-F9E3E3A24B5C}c:\\program files\\limewire\\limewire.exe"= UDP:c:\program files\limewire\limewire.exe:LimeWire
"UDP Query User{911BF803-A6DF-427F-8162-31A4EA4A4364}c:\\program files\\limewire\\limewire.exe"= TCP:c:\program files\limewire\limewire.exe:LimeWire
"{26244023-8351-48E7-8660-15606D8901C2}"= UDP:c:\windows\System32\migwiz\migwiz.exe:Windows Easy Transfer
"{C626BCB3-9536-4193-92F6-E58C6AC9E29F}"= TCP:c:\windows\System32\migwiz\migwiz.exe:Windows Easy Transfer
"TCP Query User{FBF87916-76D1-4204-92A5-8D5B9E854322}c:\\program files\\common files\\nero\\nero web\\setupx.exe"= UDP:c:\program files\common files\nero\nero web\setupx.exe:Nero Installer
"UDP Query User{0F6013E5-EE9C-448C-B7C3-0150D0F29583}c:\\program files\\common files\\nero\\nero web\\setupx.exe"= TCP:c:\program files\common files\nero\nero web\setupx.exe:Nero Installer
"TCP Query User{533D09F5-9C4D-4F2D-AB6A-259E0E5CE279}c:\\users\\kweeki\\appdata\\local\\temp\\onlineupdate8\\setupxu.exe"= UDP:c:\users\kweeki\appdata\local\temp\onlineupdate8\setupxu.exe:setupxu.exe
"UDP Query User{CE2DB105-29A7-4D92-94F0-C9D41F654ADD}c:\\users\\kweeki\\appdata\\local\\temp\\onlineupdate8\\setupxu.exe"= TCP:c:\users\kweeki\appdata\local\temp\onlineupdate8\setupxu.exe:setupxu.exe
"{D1710FAD-45DC-4AF5-8556-59B79AC4642A}"= UDP:c:\windows\ehome\ehshell.exe:Windows Media Center
"{CBC7FCE5-7382-48BB-9375-853679CDB2BF}"= TCP:c:\windows\ehome\ehshell.exe:Windows Media Center
"{0EB01817-0A19-47BD-9921-E64ACEA22933}"= UDP:2869:UPnP Framework
"{5B8A6027-4BC3-44AB-9F3F-F3DA68AAA978}"= TCP:10284:Windows Media Connect
"{9CE2B8E6-32B8-41C7-A8AC-A76D931718D1}"= TCP:10283:Windows Media Connect
"{D3540E4E-6D94-48EB-8A14-371E81719ABF}"= TCP:10282:Windows Media Connect
"{A7130908-5539-4B35-A879-8929F7557E3C}"= TCP:10281:Windows Media Connect
"{ADDF568C-C718-4682-A971-430154C32BE1}"= TCP:10280:Windows Media Connect
"{51E19B25-A5BA-496A-B950-84DC7635DE07}"= UDP:10243:Windows Media Connect
"{87C1BBA6-7BAF-4736-8A6E-F11A9D454BF8}"= UDP:c:\program files\DNA\btdna.exe:DNA
"{63184DCA-BA10-46BB-810A-14CBCA590BBA}"= TCP:c:\program files\DNA\btdna.exe:DNA
"TCP Query User{2EB306C5-AA2C-408E-8619-736CE3ECC58C}c:\\program files\\softnyx\\gunboundwc\\gunbound.gme"= UDP:c:\program files\softnyx\gunboundwc\gunbound.gme:GunBound
"UDP Query User{0F13F303-C515-4EC7-A1D7-721B2ADBA35D}c:\\program files\\softnyx\\gunboundwc\\gunbound.gme"= TCP:c:\program files\softnyx\gunboundwc\gunbound.gme:GunBound
"TCP Query User{0C18A1C9-EAE6-4820-97CD-A30853292A50}c:\\program files\\mozilla firefox\\firefox.exe"= UDP:c:\program files\mozilla firefox\firefox.exe:Firefox
"UDP Query User{AA48C35D-DB0E-4CAB-85D9-C2CF258BA6D4}c:\\program files\\mozilla firefox\\firefox.exe"= TCP:c:\program files\mozilla firefox\firefox.exe:Firefox
"{52A3D0F4-B091-4FAE-A125-802609123075}"= UDP:c:\program files\Team JPN\Call of Duty - World at War\CoDWaW.exe:Call of Duty® - World at War™
"{9020D9F3-673A-4851-84A2-450E642B1382}"= TCP:c:\program files\Team JPN\Call of Duty - World at War\CoDWaW.exe:Call of Duty® - World at War™
"{517DB211-65AC-43E6-BEE0-6DB5047F00E2}"= UDP:c:\program files\Team JPN\Call of Duty - World at War\CoDWaWmp.exe:Call of Duty® - World at War™
"{FD49C54E-9351-4935-9043-16F3FB23FE85}"= TCP:c:\program files\Team JPN\Call of Duty - World at War\CoDWaWmp.exe:Call of Duty® - World at War™
"TCP Query User{8B1C145E-54F5-4FA6-9102-BE27AEC95FC1}c:\\program files\\activision\\call of duty - world at war\\codwaw.exe"= UDP:c:\program files\activision\call of duty - world at war\codwaw.exe:Call of Duty®: World at War Campaign/Coop
"UDP Query User{A4135BC9-187A-45C9-8062-038AE8C6DF31}c:\\program files\\activision\\call of duty - world at war\\codwaw.exe"= TCP:c:\program files\activision\call of duty - world at war\codwaw.exe:Call of Duty®: World at War Campaign/Coop
"TCP Query User{BFA87C4D-12F6-4BC6-95C6-DB677332CD4D}c:\\program files\\activision\\call of duty - world at war\\codwawmp.exe"= UDP:c:\program files\activision\call of duty - world at war\codwawmp.exe:Call of Duty®: World at War Multiplayer
"UDP Query User{3CCE4C74-A518-485E-93FE-3371C9D62FD6}c:\\program files\\activision\\call of duty - world at war\\codwawmp.exe"= TCP:c:\program files\activision\call of duty - world at war\codwawmp.exe:Call of Duty®: World at War Multiplayer
"TCP Query User{B53E4E52-68BA-4A7F-AEE3-5FFF84ED5676}c:\\program files\\mirc\\mirc.exe"= UDP:c:\program files\mirc\mirc.exe:mIRC
"UDP Query User{3D15643D-618D-40E1-A627-1A1874E07427}c:\\program files\\mirc\\mirc.exe"= TCP:c:\program files\mirc\mirc.exe:mIRC
"TCP Query User{31A98D9A-73BD-4B96-8B6B-7C3D4987EA9B}c:\\windows\\explorer.exe"= UDP:c:\windows\explorer.exe:Windows Verkenner
"UDP Query User{BF65F7E0-D4A1-4998-889F-834A8B016BAE}c:\\windows\\explorer.exe"= TCP:c:\windows\explorer.exe:Windows Verkenner
"{B552A455-EFDB-41E1-A7D6-A4D96C6ECC19}"= c:\program files\Windows Live\Sync\WindowsLiveSync.exe:Windows Live Sync
"{3EC3AC2F-63B5-43A5-8C1B-13A36DBAB4EB}"= UDP:c:\windows\System32\ftp.exe:UDP
"{DABA1797-72EA-4FD2-9C74-E47EA12CBCF3}"= UDP:c:\windows\explorer.exe:TCP
"{7B15EF3A-BFEE-42CE-B702-2BD45A9DB19F}"= TCP:c:\windows\explorer.exe:TCP
"{BABBB47F-5F02-45F8-A50B-FE16E9872199}"= TCP:c:\windows\System32\ftp.exe:UDP
"TCP Query User{376CAF52-ACFA-4B59-93BC-325C191196BB}c:\\program files\\bearshare applications\\bearshare\\bearshare.exe"= UDP:c:\program files\bearshare applications\bearshare\bearshare.exe:BearShare
"UDP Query User{D6D08D2B-B389-46BC-A100-55F8CD2B6AF4}c:\\program files\\bearshare applications\\bearshare\\bearshare.exe"= TCP:c:\program files\bearshare applications\bearshare\bearshare.exe:BearShare
"{09FE4D5E-81ED-43A9-AF13-0BBFB29228CC}"= c:\program files\AVG\AVG8\avgnsx.exe:avgnsx.exe
"{FCC203BB-3467-4C89-A3A1-63854905AAF1}"= c:\program files\AVG\AVG8\avgupd.exe:avgupd.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

R2 DQLWinService;DQLWinService; [x]
R2 NMSCore;Intel® NMSCore; [x]
R2 QualityManager;Intel® Quality Manager; [x]
R3 ACSSCR;ACR38 Smart Card Reader;c:\windows\system32\DRIVERS\a38usb.sys [2007-01-12 35712]
R3 MBAMSwissArmy;MBAMSwissArmy; [x]
S0 AvgRkx86;avgrkx86.sys;c:\windows\System32\Drivers\avgrkx86.sys [2009-04-13 12552]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2009-04-26 64160]
S1 Avgfwfd;AVG network filter service;c:\windows\system32\DRIVERS\avgfwd6x.sys [2009-04-13 23832]
S1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\System32\Drivers\avgldx86.sys [2009-04-13 325640]
S1 AvgTdiX;AVG8 Network Redirector;c:\windows\System32\Drivers\avgtdix.sys [2009-04-13 108552]
S2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-04-13 298264]
S2 avgfws8;AVG8 Firewall;c:\progra~1\AVG\AVG8\avgfws8.exe [2009-04-13 1356616]
S2 fssfltr;fssfltr;c:\windows\system32\DRIVERS\fssfltr.sys [2008-12-08 55264]
S2 fsssvc;Windows Live Family Safety;c:\program files\Windows Live\Family Safety\fsssvc.exe [2009-02-06 533360]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2009-04-26 953168]
S2 nmsunidr;UniDriver for NMS;c:\windows\system32\DRIVERS\nmsunidr.sys [2007-02-18 5376]
S2 TVECapSvc;TVEnhance Background Capture Service (TBCS);c:\program files\HomeCinema\TV Enhance\Kernel\TV\TVECapSvc.exe [2009-04-12 294912]
S2 TVESched;TVEnhance Task Scheduler (TTS));c:\program files\HomeCinema\TV Enhance\Kernel\TV\TVESched.exe [2009-04-12 118784]
S3 3xHybrid;Philips SAA713x PCI Card;c:\windows\system32\DRIVERS\3xHybrid.sys [2008-01-08 1302368]
S3 IntelDH;IntelDH Driver;c:\windows\system32\Drivers\IntelDH.sys [2007-10-30 5632]
S3 netr28u;RT2870 USB Wireless LAN Card Driver for Vista;c:\windows\system32\DRIVERS\netr28u.sys [2007-09-21 554496]
S3 X10Hid;X10 Hid Device;c:\windows\system32\Drivers\x10hid.sys [2006-11-17 13976]


--- Andere Services/Drivers In Geheugen ---

*Deregistered* - sptd

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
.
Inhoud van de 'Gedeelde Taken' map

2009-04-13 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-01-18 15:29]

2009-04-12 c:\windows\Tasks\OGADaily.job
- c:\windows\system32\OGAVerify.exe [2008-12-31 16:04]

2009-04-13 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAVerify.exe [2008-12-31 16:04]
.
.
------- Bijkomende Scan -------
.
uStart Page = hxxp://www.hotmail.com/
mSearch Bar = hxxp://www.google.com/ie
IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
Trusted Zone: nukezone.nu\www
FF - ProfilePath - c:\users\kweeki\AppData\Roaming\Mozilla\Firefox\Profiles\4p0ebzhp.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.nukezone.nu/
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npOGAPlugin.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-02 22:55
Windows 6.0.6001 Service Pack 1 NTFS

scannen van verborgen processen ...

scannen van verborgen autostart items ...

scannen van verborgen bestanden ...


c:\windows\system32\drivers\ovfsthsreeyqctpppoxptmqptvoihkwpvevdsq.sys 83968 bytes executable
c:\windows\system32\ovfsthfpqlvttfrpxymflcxxrqmncssbgtousm.dll 17920 bytes executable
c:\windows\system32\ovfsthiiedymkmwngoqdofpkjyctsbnhbbjnkv.dat 267 bytes
c:\windows\system32\ovfsthqjryeipispruuwsqhyvefpapywgsoted.dll 61440 bytes executable
c:\windows\system32\ovfsthruenxtxgybroippibrqwktlofavvceje.dll 19456 bytes executable
c:\windows\system32\ovfsthxrbwggvlgnorctlicrmcnlmjcfpycjwd.dll 17920 bytes executable
c:\windows\system32\ovfsthxvwjypoegevvrvlsprquxfucbmgwxpxo.dll 19456 bytes executable

Scan succesvol afgerond
verborgen bestanden: 7

**************************************************************************
.
--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------

[HKEY_USERS\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_USERS\SYSTEM\ControlSet001\Services\ovfsthcrdorxqiwfbmiyxueqivtmuoenxdvsso]
@DACL=(02 0000)
"start"=dword:00000001
"type"=dword:00000001
"group"="file system"
"imagepath"=expand:"\\systemroot\\system32\\drivers\\ovfsthsreeyqctpppoxptmqptvoihkwpvevdsq.sys"
"inst"=dword:00000000

[HKEY_USERS\SYSTEM\ControlSet002\Services\ovfsthcrdorxqiwfbmiyxueqivtmuoenxdvsso]
@DACL=(02 0000)
"start"=dword:00000001
"type"=dword:00000001
"group"="file system"
"imagepath"=expand:"\\systemroot\\system32\\drivers\\ovfsthsreeyqctpppoxptmqptvoihkwpvevdsq.sys"
"inst"=dword:00000000

[HKEY_USERS\SYSTEM\ControlSet003\Services\ovfsthcrdorxqiwfbmiyxueqivtmuoenxdvsso]
@DACL=(02 0000)
"start"=dword:00000001
"type"=dword:00000001
"group"="file system"
"imagepath"=expand:"\\systemroot\\system32\\drivers\\ovfsthsreeyqctpppoxptmqptvoihkwpvevdsq.sys"

[HKEY_USERS\SYSTEM\ControlSet004\Services\ovfsthcrdorxqiwfbmiyxueqivtmuoenxdvsso]
@DACL=(02 0000)
"start"=dword:00000001
"type"=dword:00000001
"group"="file system"
"imagepath"=expand:"\\systemroot\\system32\\drivers\\ovfsthsreeyqctpppoxptmqptvoihkwpvevdsq.sys"

[HKEY_USERS\SYSTEM\ControlSet005\Services\ovfsthcrdorxqiwfbmiyxueqivtmuoenxdvsso]
@DACL=(02 0000)
"start"=dword:00000001
"type"=dword:00000001
"group"="file system"
"imagepath"=expand:"\\systemroot\\system32\\drivers\\ovfsthsreeyqctpppoxptmqptvoihkwpvevdsq.sys"

[HKEY_USERS\SYSTEM\ControlSet006\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_USERS\SYSTEM\ControlSet006\Services\ovfsthcrdorxqiwfbmiyxueqivtmuoenxdvsso]
@DACL=(02 0000)
"start"=dword:00000001
"type"=dword:00000001
"group"="file system"
"imagepath"=expand:"\\systemroot\\system32\\drivers\\ovfsthsreeyqctpppoxptmqptvoihkwpvevdsq.sys"
"inst"=dword:00000000
.
------------------------ Andere Aktieve Processen ------------------------
.
c:\windows\System32\nvvsvc.exe
c:\windows\System32\audiodg.exe
c:\windows\System32\rundll32.exe
c:\progra~1\AVG\AVG8\avgam.exe
c:\progra~1\AVG\AVG8\avgrsx.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
c:\program files\Nero\Nero8\Nero BackItUp\NBService.exe
c:\progra~1\COMMON~1\X10\Common\X10nets.exe
c:\program files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe
c:\program files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe
c:\windows\System32\wbem\unsecapp.exe
c:\windows\System32\rundll32.exe
c:\program files\Windows Media Player\wmpnscfg.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\System32\wbem\unsecapp.exe
c:\windows\ehome\ehmsas.exe
c:\windows\ehome\ehsched.exe
c:\windows\ehome\ehrecvr.exe
c:\windows\System32\wbem\WMIADAP.exe
.
**************************************************************************
.
Voltooingstijd: 2009-05-02 23:01 - machine werd herstart
ComboFix-quarantined-files.txt 2009-05-02 21:01
ComboFix2.txt 2009-05-02 01:21

Pre-Run: 292.246.421.504 bytes beschikbaar
Post-Run: 291.571.933.184 bytes beschikbaar

Current=1 Default=1 Failed=0 LastKnownGood=6 Sets=1,2,3,4,5,6
419 --- E O F --- 2009-04-17 03:02
LoPhatPhuud
May 3 2009, 05:13 PM
1. Close any open browsers.

2. Open notepad and copy/paste the text in the quotebox below into it:

QUOTE
KillAll::

File::
c:\windows\system32\drivers\ovfsthsreeyqctpppoxptmqptvoihkwpvevdsq.sys
c:\windows\system32\ovfsthfpqlvttfrpxymflcxxrqmncssbgtousm.dll
c:\windows\system32\ovfsthiiedymkmwngoqdofpkjyctsbnhbbjnkv.dat
c:\windows\system32\ovfsthqjryeipispruuwsqhyvefpapywgsoted.dll
c:\windows\system32\ovfsthruenxtxgybroippibrqwktlofavvceje.dll
c:\windows\system32\ovfsthxrbwggvlgnorctlicrmcnlmjcfpycjwd.dll
c:\windows\system32\ovfsthxvwjypoegevvrvlsprquxfucbmgwxpxo.dll

RegLockDel::
[HKEY_USERS\SYSTEM\ControlSet001\Services\ovfsthcrdorxqiwfbmiyxueqivtmuoenxdvsso]
[HKEY_USERS\SYSTEM\ControlSet002\Services\ovfsthcrdorxqiwfbmiyxueqivtmuoenxdvsso]
[HKEY_USERS\SYSTEM\ControlSet003\Services\ovfsthcrdorxqiwfbmiyxueqivtmuoenxdvsso]
[HKEY_USERS\SYSTEM\ControlSet004\Services\ovfsthcrdorxqiwfbmiyxueqivtmuoenxdvsso]
[HKEY_USERS\SYSTEM\ControlSet005\Services\ovfsthcrdorxqiwfbmiyxueqivtmuoenxdvsso]
[HKEY_USERS\SYSTEM\ControlSet006\Services\ovfsthcrdorxqiwfbmiyxueqivtmuoenxdvsso]


Save this as CFScript.txt, in the same location as ComboFix.exe




Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at "C:\ComboFix.txt"

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall
kweeki
May 3 2009, 08:07 PM
ComboFix 09-05-02.4 - kweeki 03/05/2009 21:49.3 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.32.1043.18.3069.1746 [GMT 2:00]
Gestart vanuit: c:\users\kweeki\Downloads\ComboFix.exe
gebruikte Opdracht switches :: c:\users\kweeki\Desktop\CFScript.txt
AV: AVG Internet Security *On-access scanning enabled* (Updated)
FW: AVG Firewall *disabled*
FW: Panda Antivirus 2008 Personal Firewall *disabled*

FILE ::
c:\windows\system32\drivers\ovfsthsreeyqctpppoxptmqptvoihkwpvevdsq.sys
c:\windows\system32\ovfsthfpqlvttfrpxymflcxxrqmncssbgtousm.dll
c:\windows\system32\ovfsthiiedymkmwngoqdofpkjyctsbnhbbjnkv.dat
c:\windows\system32\ovfsthqjryeipispruuwsqhyvefpapywgsoted.dll
c:\windows\system32\ovfsthruenxtxgybroippibrqwktlofavvceje.dll
c:\windows\system32\ovfsthxrbwggvlgnorctlicrmcnlmjcfpycjwd.dll
c:\windows\system32\ovfsthxvwjypoegevvrvlsprquxfucbmgwxpxo.dll
.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\drivers\ovfsthsreeyqctpppoxptmqptvoihkwpvevdsq.sys
c:\windows\system32\ovfsthfpqlvttfrpxymflcxxrqmncssbgtousm.dll
c:\windows\system32\ovfsthiiedymkmwngoqdofpkjyctsbnhbbjnkv.dat
c:\windows\system32\ovfsthqjryeipispruuwsqhyvefpapywgsoted.dll
c:\windows\system32\ovfsthruenxtxgybroippibrqwktlofavvceje.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_ovfsthcrdorxqiwfbmiyxueqivtmuoenxdvsso


(((((((((((((((((((( Bestanden Gemaakt van 2009-04-03 to 2009-05-03 ))))))))))))))))))))))))))))))
.

2009-04-28 20:52 . 2009-05-02 20:34 -------- dc----w c:\users\kweeki\Tracing
2009-04-28 20:47 . 2009-05-02 10:38 34 -c--a-w c:\users\kweeki\jagex_runescape_preferences.dat
2009-04-28 15:09 . 2009-04-28 20:16 -------- dc----w c:\users\kweeki\AppData\Roaming\Red Alert 3
2009-04-28 14:58 . 2009-04-28 14:59 -------- dc----w c:\users\kweeki\logs
2009-04-28 13:28 . 2009-04-28 13:28 -------- dc----w c:\program files\Trend Micro
2009-04-26 17:40 . 2005-08-25 23:50 77312 -c--a-w c:\windows\system32\ztvunace26.dll
2009-04-26 17:40 . 2006-05-25 13:52 162304 -c--a-w c:\windows\system32\ztvunrar36.dll
2009-04-26 17:40 . 2006-06-19 11:01 69632 -c--a-w c:\windows\system32\ztvcabinet.dll
2009-04-26 17:40 . 2002-03-05 23:00 75264 -c--a-w c:\windows\system32\unacev2.dll
2009-04-26 17:40 . 2003-02-02 18:06 153088 -c--a-w c:\windows\system32\UNRAR3.dll
2009-04-26 17:40 . 2009-04-26 17:40 -------- dc----w c:\programdata\Simply Super Software
2009-04-26 17:40 . 2009-04-26 17:40 -------- dc----w c:\users\All Users\Simply Super Software
2009-04-26 17:40 . 2009-04-26 17:40 -------- dc----w c:\users\kweeki\AppData\Roaming\Simply Super Software
2009-04-26 17:40 . 2009-04-26 17:41 -------- dc----w c:\program files\Trojan Remover
2009-04-26 15:29 . 2009-04-26 15:29 64160 -c--a-w c:\windows\system32\drivers\Lbd.sys
2009-04-25 21:22 . 2009-04-25 21:22 -------- dc----w c:\programdata\239F
2009-04-25 21:22 . 2009-04-25 21:22 -------- dc----w c:\users\All Users\239F
2009-04-18 22:07 . 2009-04-18 22:08 -------- dc----w c:\programdata\Ten Thumbs Typing Tutor
2009-04-18 22:07 . 2009-04-18 22:08 -------- dc----w c:\users\All Users\Ten Thumbs Typing Tutor
2009-04-18 22:07 . 2009-04-18 22:07 -------- dc----w c:\program files\Ten Thumbs Typing Tutor 4.7
2009-04-17 01:15 . 2009-03-03 04:40 827392 ----a-w c:\windows\system32\wininet.dll
2009-04-17 01:15 . 2009-03-03 02:28 26624 ----a-w c:\windows\system32\ieUnatt.exe
2009-04-17 01:15 . 2009-03-03 04:37 78336 ----a-w c:\windows\system32\ieencode.dll
2009-04-15 09:38 . 2009-04-27 15:15 -------- dc----w c:\program files\Playboy - The Mansion
2009-04-13 16:25 . 2009-04-13 16:25 108552 -c-ha-w c:\windows\system32\drivers\avgtdix.sys
2009-04-13 16:25 . 2009-04-13 16:25 23832 -c-ha-w c:\windows\system32\drivers\avgfwd6x.sys
2009-04-13 14:48 . 2009-05-02 11:11 -------- dc-h--w C:\$AVG8.VAULT$
2009-04-13 14:43 . 2009-04-13 16:25 10520 ---ha-w c:\windows\system32\avgrsstx.dll
2009-04-13 14:43 . 2009-04-13 16:25 12552 -c-ha-w c:\windows\system32\drivers\avgrkx86.sys
2009-04-13 14:43 . 2009-04-13 16:25 325640 -c-ha-w c:\windows\system32\drivers\avgldx86.sys
2009-04-13 14:43 . 2009-05-02 10:42 -------- dc-ha-w c:\windows\system32\drivers\Avg
2009-04-13 14:43 . 2009-04-13 14:43 -------- dc----w c:\program files\AVG
2009-04-12 06:42 . 2009-04-12 06:42 -------- dc----w c:\programdata\352BF
2009-04-12 06:42 . 2009-04-12 06:42 -------- dc----w c:\users\All Users\352BF
2009-04-12 06:34 . 2009-04-12 06:34 -------- dc----w c:\programdata\38366
2009-04-12 06:34 . 2009-04-12 06:34 -------- dc----w c:\users\All Users\38366
2009-04-12 06:33 . 2009-04-17 03:47 -------- dc----w c:\users\kweeki\AppData\Local\BearShare
2009-04-12 06:33 . 2009-04-12 06:34 -------- dc----w c:\program files\BearShare Applications
2009-04-12 06:20 . 2009-04-12 06:20 -------- dc----w c:\programdata\WindowsSearch
2009-04-12 06:20 . 2009-04-12 06:20 -------- dc----w c:\users\All Users\WindowsSearch
2009-04-12 06:13 . 2009-04-12 06:04 15688 -c-ha-w c:\windows\system32\lsdelete.exe
2009-04-12 06:03 . 2009-04-12 06:03 -------- dc-h--w c:\programdata\{83C91755-2546-441D-AC40-9A6B4B860800}
2009-04-12 06:03 . 2009-04-12 06:03 -------- dc-h--w c:\users\All Users\{83C91755-2546-441D-AC40-9A6B4B860800}
2009-04-12 05:30 . 2009-04-12 06:03 -------- dc----w c:\program files\Lavasoft
2009-04-12 05:30 . 2009-04-12 06:03 -------- dc----w c:\programdata\Lavasoft
2009-04-12 05:30 . 2009-04-12 06:03 -------- dc----w c:\users\All Users\Lavasoft
2009-04-11 23:21 . 2009-04-11 23:21 155 -c-ha-w c:\windows\system32\SelfDel.bat
2009-04-11 22:10 . 2009-04-13 15:48 62464 -c--a-w c:\users\kweeki\AppData\Roaming\setup.exe
2009-04-11 21:16 . 2009-04-11 21:20 -------- dc----w c:\program files\Singles
2009-04-11 01:49 . 2009-04-11 01:49 -------- dc----w c:\users\kweeki\AppData\Roaming\Ludia
2009-04-11 01:49 . 2009-04-11 01:49 -------- dc----w c:\programdata\Ludia
2009-04-11 01:49 . 2009-04-11 01:49 -------- dc----w c:\users\All Users\Ludia
2009-04-11 01:48 . 2009-04-11 23:49 -------- dc----w C:\games
2009-04-05 20:07 . 2009-04-13 15:23 -------- dc----w c:\users\kweeki\Installatieprogramma Adobe Reader 9

.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-03 20:01 . 2009-05-02 01:19 1525964 -c--a-w c:\windows\system32\PerfStringBackup.TMP
2009-05-03 19:54 . 2008-08-24 15:26 12 ----a-w c:\windows\bthservsdp.dat
2009-04-28 21:15 . 2009-01-19 21:34 -------- dc----w c:\program files\Malwarebytes' Anti-Malware
2009-04-27 15:15 . 2007-10-12 10:57 -------- dc-h--w c:\program files\InstallShield Installation Information
2009-04-17 01:09 . 2006-11-02 11:18 -------- dc----w c:\program files\Windows Mail
2009-04-13 16:26 . 2006-11-02 10:25 51200 ----a-w c:\windows\inf\infpub.dat
2009-04-13 16:26 . 2006-11-02 10:25 86016 ----a-w c:\windows\inf\infstor.dat
2009-04-13 16:26 . 2006-11-02 10:25 143360 ----a-w c:\windows\inf\infstrng.dat
2009-04-13 15:02 . 2009-02-24 21:32 224 ----a-w c:\windows\Tasks\OGALogon.job
2009-04-13 15:01 . 2006-11-02 13:01 6 ---ha-w c:\windows\Tasks\SA.DAT
2009-04-13 15:01 . 2008-11-17 15:38 -------- dc----w c:\program files\PC Tools Internet Security
2009-04-13 10:50 . 2009-04-13 06:05 474 ----a-w c:\windows\Tasks\Ad-Aware Update (Weekly).job
2009-04-12 22:00 . 2009-02-24 21:32 224 ----a-w c:\windows\Tasks\OGADaily.job
2009-04-11 23:12 . 2009-03-17 18:27 -------- dc----w c:\program files\SwiftKit
2009-04-11 21:55 . 2006-11-02 16:11 675574 -c-ha-w c:\windows\system32\perfh013.dat
2009-04-11 21:55 . 2006-11-02 16:11 130260 -c-ha-w c:\windows\system32\perfc013.dat
2009-04-11 21:13 . 2009-04-11 21:13 0 -c-ha-w c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01005.Wdf
2009-04-11 02:33 . 2009-01-23 00:35 -------- dc----w c:\program files\EA GAMES
2009-04-06 16:30 . 2008-03-22 19:00 7700 -c--a-w c:\users\kweeki\AppData\Local\d3d9caps.dat
2009-04-05 20:08 . 2008-02-13 11:07 -------- dc----w c:\program files\Common Files\Adobe
2009-03-26 13:59 . 2008-05-17 18:26 -------- dc----w c:\program files\Java
2009-03-17 15:02 . 2009-03-17 15:02 -------- dc----w c:\program files\Belkin
2009-03-17 03:38 . 2009-04-16 16:11 40960 ----a-w c:\windows\AppPatch\apihex86.dll
2009-03-17 03:38 . 2009-04-16 16:11 13824 ----a-w c:\windows\system32\apilogen.dll
2009-03-17 03:38 . 2009-04-16 16:11 24064 ----a-w c:\windows\system32\amxread.dll
2009-03-09 04:19 . 2008-12-17 17:56 410984 -c-ha-w c:\windows\system32\deploytk.dll
2009-03-03 04:46 . 2009-04-16 16:11 3599328 ----a-w c:\windows\system32\ntkrnlpa.exe
2009-03-03 04:46 . 2009-04-16 16:11 3547632 ----a-w c:\windows\system32\ntoskrnl.exe
2009-03-03 04:39 . 2009-04-16 16:11 183296 ----a-w c:\windows\system32\sdohlp.dll
2009-03-03 04:39 . 2009-04-16 16:11 551424 ----a-w c:\windows\system32\rpcss.dll
2009-03-03 04:39 . 2009-04-16 16:11 26112 ----a-w c:\windows\system32\printfilterpipelineprxy.dll
2009-03-03 04:37 . 2009-04-16 16:11 98304 ----a-w c:\windows\system32\iasrecst.dll
2009-03-03 04:37 . 2009-04-16 16:11 54784 ----a-w c:\windows\system32\iasads.dll
2009-03-03 04:37 . 2009-04-16 16:11 44032 ----a-w c:\windows\system32\iasdatastore.dll
2009-03-03 03:04 . 2009-04-16 16:11 666624 ----a-w c:\windows\system32\printfilterpipelinesvc.exe
2009-03-03 02:38 . 2009-04-16 16:11 17408 ----a-w c:\windows\system32\iashost.exe
2009-02-13 08:49 . 2009-04-16 16:11 72704 ----a-w c:\windows\system32\secur32.dll
2009-02-13 08:49 . 2009-04-16 16:11 1255936 ----a-w c:\windows\system32\lsasrv.dll
2009-02-09 03:10 . 2009-03-11 09:14 2033152 ----a-w c:\windows\system32\win32k.sys
2009-02-06 18:55 . 2009-02-06 18:55 308616 -c-ha-w c:\windows\WLXPGSS.SCR
2009-02-06 17:52 . 2009-02-06 17:52 49504 -c-ha-w c:\windows\system32\sirenacm.dll
2008-06-19 10:33 . 2006-11-02 12:50 174 --sha-w c:\program files\desktop.ini
.

((((((((((((((((((((((((((((( SnapShot@2009-05-02_01.16.53 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-10-12 10:23 . 2009-05-03 19:48 82934 c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2008-03-21 20:17 . 2009-05-03 19:48 21752 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1774793631-3268767737-1350337627-1001_UserData.bin
+ 2008-03-21 20:04 . 2009-05-03 19:55 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2008-03-21 20:04 . 2009-05-02 01:15 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2008-03-21 20:04 . 2009-05-02 01:15 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-03-21 20:04 . 2009-05-03 19:55 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-05-02 01:15 . 2009-05-02 01:15 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2009-05-03 19:55 . 2009-05-03 19:55 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2009-05-02 01:15 . 2009-05-02 01:15 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-05-03 19:55 . 2009-05-03 19:55 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2006-11-02 13:05 . 2009-05-03 19:48 144156 c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2008-03-21 20:04 . 2009-05-02 01:15 311296 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-03-21 20:04 . 2009-05-03 19:55 311296 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{74322BF9-DF26-493f-B0DA-6D2FC5E6429E}]
2008-09-02 14:05 398776 -c--a-w c:\program files\BearShare Applications\BearShare MediaBar\BearShareIEHelper.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"softidol"="c:\programdata\Support Download Download.m1fdkco" [X]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"fssui"="c:\program files\Windows Live\Family Safety\fsui.exe" [2009-02-06 454000]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
"RegistryMechanic"="c:\program files\Registry Mechanic\rmtray.exe" [2007-08-20 701736]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-12-25 13683232]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-12-25 92704]
"OpwareSE4"="c:\program files\ScanSoft\OmniPageSE4\OpwareSE4.exe" [2007-02-04 79400]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-04-26 516440]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-04-13 1932568]
"TrojanScanner"="c:\program files\Trojan Remover\Trjscan.exe" [2009-03-30 1213320]
"RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2007-11-14 4706304]
"Skytel"="Skytel.exe" - c:\windows\SkyTel.exe [2007-10-11 1826816]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{7D4572D2-8784-406B-A5F8-4D2D5959C3C3}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{FFADDC61-246B-4985-9A66-50351C78F6D6}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{31767E90-F446-4E00-812E-84AA42CC264D}"= UDP:Profile=Private|Profile=Public:LocalSubnet:LocalSubnet|c:\program files\Intel\IntelDH\Intel Media Server\Media Server\bin\TSHWMDTCP.exe:SPCM
"{750444E4-9977-4204-98A1-6D956B2E46DC}"= TCP:Profile=Private|Profile=Public:LocalSubnet:LocalSubnet|c:\program files\Intel\IntelDH\Intel Media Server\Media Server\bin\TSHWMDTCP.exe:SPCM
"{AEDD3BB0-38BB-4736-9DB4-96BF96EAE3F1}"= UDP:Profile=Private|Profile=Public:LocalSubnet:LocalSubnet|c:\program files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe:Intel® Remoting Service
"{B07A6A26-92B7-4FCE-B8C3-EAE549466843}"= TCP:Profile=Private|Profile=Public:LocalSubnet:LocalSubnet|c:\program files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe:Intel® Remoting Service
"{3C6AF1D9-ACF3-4195-9602-5EF8FAC65380}"= UDP:Profile=Private|Profile=Public:LocalSubnet:LocalSubnet|c:\program files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe:Intel® Viiv™ Media Server
"{1FED2666-923C-4A82-B741-A7FC4EE1D9F6}"= TCP:Profile=Private|Profile=Public:LocalSubnet:LocalSubnet|c:\program files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe:Intel® Viiv™ Media Server
"{C06E1107-89C0-4DAF-978F-9DD588D3FC36}"= TCP:Profile=Private|Profile=Public|9442:127.0.0.1:Intel® Viiv™ Media Server Discovery
"{11297E20-CFAF-45CB-89E6-465AA8EA2C4E}"= TCP:Profile=Private|Profile=Public|1900:LocalSubnet:LocalSubnet:Intel® Viiv™ Media Server UPnP Discovery
"{4A72BF13-1DD4-484F-8692-152511D4C267}"= c:\program files\HomeCinema\TV Enhance\TVEnhance.exe:CyberLink TVEnhance
"{D72B71F6-74BE-4417-98C6-370B0F1B93FE}"= c:\program files\HomeCinema\TV Enhance\TVEService.exe:CyberLink TVEnhance Resident Program
"{0957244D-6AE3-404A-9F9F-20549BB40341}"= c:\program files\HomeCinema\MakeDisc\MakeDisc.exe:CyberLink MakeDisc
"{B3CA7FFE-CC21-47A4-AFC3-C66C42F4E449}"= c:\program files\HomeCinema\PowerDirector\PDR.EXE:CyberLink PowerDirector
"{60F06109-F1C7-4580-85F1-025D1A64AD15}"= c:\program files\HomeCinema\PowerDVD\PowerDVD.EXE:CyberLink PowerDVD
"{67D7168D-AC07-4917-BF19-70080530DEA9}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{5034EBAC-115D-438B-BF80-84CC1A42302B}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"TCP Query User{D8D81F95-2E9E-4BE7-8622-9EC61E10AC70}c:\\program files\\steam\\steamapps\\darksystema\\team fortress 2\\hl2.exe"= UDP:c:\program files\steam\steamapps\darksystema\team fortress 2\hl2.exe:hl2
"UDP Query User{F7A56D2E-7C4F-4EA0-8AD7-61E61E22DA33}c:\\program files\\steam\\steamapps\\darksystema\\team fortress 2\\hl2.exe"= TCP:c:\program files\steam\steamapps\darksystema\team fortress 2\hl2.exe:hl2
"{D5B39124-C27A-4ADA-A46E-A08B45678661}"= UDP:c:\program files\LimeWire\LimeWire.exe:LimeWire
"{A10165B9-4431-40FC-86FD-9A9E16C2F406}"= TCP:c:\program files\LimeWire\LimeWire.exe:LimeWire
"{1C276426-3E0A-49F2-A44C-0B702685FD1E}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{A48BD698-7342-4B08-AA9A-8FC0BB464900}"= UDP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{FF1A46FE-5F22-484C-9980-88FD1DE26044}"= TCP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{DC571E76-780B-4C5B-B992-65B4AD792427}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{93D4C91D-B082-4E2B-90BA-07DA217ADA4F}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"TCP Query User{1B6B6512-526D-465B-9F28-F9E3E3A24B5C}c:\\program files\\limewire\\limewire.exe"= UDP:c:\program files\limewire\limewire.exe:LimeWire
"UDP Query User{911BF803-A6DF-427F-8162-31A4EA4A4364}c:\\program files\\limewire\\limewire.exe"= TCP:c:\program files\limewire\limewire.exe:LimeWire
"{26244023-8351-48E7-8660-15606D8901C2}"= UDP:c:\windows\System32\migwiz\migwiz.exe:Windows Easy Transfer
"{C626BCB3-9536-4193-92F6-E58C6AC9E29F}"= TCP:c:\windows\System32\migwiz\migwiz.exe:Windows Easy Transfer
"TCP Query User{FBF87916-76D1-4204-92A5-8D5B9E854322}c:\\program files\\common files\\nero\\nero web\\setupx.exe"= UDP:c:\program files\common files\nero\nero web\setupx.exe:Nero Installer
"UDP Query User{0F6013E5-EE9C-448C-B7C3-0150D0F29583}c:\\program files\\common files\\nero\\nero web\\setupx.exe"= TCP:c:\program files\common files\nero\nero web\setupx.exe:Nero Installer
"TCP Query User{533D09F5-9C4D-4F2D-AB6A-259E0E5CE279}c:\\users\\kweeki\\appdata\\local\\temp\\onlineupdate8\\setupxu.exe"= UDP:c:\users\kweeki\appdata\local\temp\onlineupdate8\setupxu.exe:setupxu.exe
"UDP Query User{CE2DB105-29A7-4D92-94F0-C9D41F654ADD}c:\\users\\kweeki\\appdata\\local\\temp\\onlineupdate8\\setupxu.exe"= TCP:c:\users\kweeki\appdata\local\temp\onlineupdate8\setupxu.exe:setupxu.exe
"{D1710FAD-45DC-4AF5-8556-59B79AC4642A}"= UDP:c:\windows\ehome\ehshell.exe:Windows Media Center
"{CBC7FCE5-7382-48BB-9375-853679CDB2BF}"= TCP:c:\windows\ehome\ehshell.exe:Windows Media Center
"{0EB01817-0A19-47BD-9921-E64ACEA22933}"= UDP:2869:UPnP Framework
"{5B8A6027-4BC3-44AB-9F3F-F3DA68AAA978}"= TCP:10284:Windows Media Connect
"{9CE2B8E6-32B8-41C7-A8AC-A76D931718D1}"= TCP:10283:Windows Media Connect
"{D3540E4E-6D94-48EB-8A14-371E81719ABF}"= TCP:10282:Windows Media Connect
"{A7130908-5539-4B35-A879-8929F7557E3C}"= TCP:10281:Windows Media Connect
"{ADDF568C-C718-4682-A971-430154C32BE1}"= TCP:10280:Windows Media Connect
"{51E19B25-A5BA-496A-B950-84DC7635DE07}"= UDP:10243:Windows Media Connect
"{87C1BBA6-7BAF-4736-8A6E-F11A9D454BF8}"= UDP:c:\program files\DNA\btdna.exe:DNA
"{63184DCA-BA10-46BB-810A-14CBCA590BBA}"= TCP:c:\program files\DNA\btdna.exe:DNA
"TCP Query User{2EB306C5-AA2C-408E-8619-736CE3ECC58C}c:\\program files\\softnyx\\gunboundwc\\gunbound.gme"= UDP:c:\program files\softnyx\gunboundwc\gunbound.gme:GunBound
"UDP Query User{0F13F303-C515-4EC7-A1D7-721B2ADBA35D}c:\\program files\\softnyx\\gunboundwc\\gunbound.gme"= TCP:c:\program files\softnyx\gunboundwc\gunbound.gme:GunBound
"TCP Query User{0C18A1C9-EAE6-4820-97CD-A30853292A50}c:\\program files\\mozilla firefox\\firefox.exe"= UDP:c:\program files\mozilla firefox\firefox.exe:Firefox
"UDP Query User{AA48C35D-DB0E-4CAB-85D9-C2CF258BA6D4}c:\\program files\\mozilla firefox\\firefox.exe"= TCP:c:\program files\mozilla firefox\firefox.exe:Firefox
"{52A3D0F4-B091-4FAE-A125-802609123075}"= UDP:c:\program files\Team JPN\Call of Duty - World at War\CoDWaW.exe:Call of Duty® - World at War™
"{9020D9F3-673A-4851-84A2-450E642B1382}"= TCP:c:\program files\Team JPN\Call of Duty - World at War\CoDWaW.exe:Call of Duty® - World at War™
"{517DB211-65AC-43E6-BEE0-6DB5047F00E2}"= UDP:c:\program files\Team JPN\Call of Duty - World at War\CoDWaWmp.exe:Call of Duty® - World at War™
"{FD49C54E-9351-4935-9043-16F3FB23FE85}"= TCP:c:\program files\Team JPN\Call of Duty - World at War\CoDWaWmp.exe:Call of Duty® - World at War™
"TCP Query User{8B1C145E-54F5-4FA6-9102-BE27AEC95FC1}c:\\program files\\activision\\call of duty - world at war\\codwaw.exe"= UDP:c:\program files\activision\call of duty - world at war\codwaw.exe:Call of Duty®: World at War Campaign/Coop
"UDP Query User{A4135BC9-187A-45C9-8062-038AE8C6DF31}c:\\program files\\activision\\call of duty - world at war\\codwaw.exe"= TCP:c:\program files\activision\call of duty - world at war\codwaw.exe:Call of Duty®: World at War Campaign/Coop
"TCP Query User{BFA87C4D-12F6-4BC6-95C6-DB677332CD4D}c:\\program files\\activision\\call of duty - world at war\\codwawmp.exe"= UDP:c:\program files\activision\call of duty - world at war\codwawmp.exe:Call of Duty®: World at War Multiplayer
"UDP Query User{3CCE4C74-A518-485E-93FE-3371C9D62FD6}c:\\program files\\activision\\call of duty - world at war\\codwawmp.exe"= TCP:c:\program files\activision\call of duty - world at war\codwawmp.exe:Call of Duty®: World at War Multiplayer
"TCP Query User{B53E4E52-68BA-4A7F-AEE3-5FFF84ED5676}c:\\program files\\mirc\\mirc.exe"= UDP:c:\program files\mirc\mirc.exe:mIRC
"UDP Query User{3D15643D-618D-40E1-A627-1A1874E07427}c:\\program files\\mirc\\mirc.exe"= TCP:c:\program files\mirc\mirc.exe:mIRC
"TCP Query User{31A98D9A-73BD-4B96-8B6B-7C3D4987EA9B}c:\\windows\\explorer.exe"= UDP:c:\windows\explorer.exe:Windows Verkenner
"UDP Query User{BF65F7E0-D4A1-4998-889F-834A8B016BAE}c:\\windows\\explorer.exe"= TCP:c:\windows\explorer.exe:Windows Verkenner
"{B552A455-EFDB-41E1-A7D6-A4D96C6ECC19}"= c:\program files\Windows Live\Sync\WindowsLiveSync.exe:Windows Live Sync
"{3EC3AC2F-63B5-43A5-8C1B-13A36DBAB4EB}"= UDP:c:\windows\System32\ftp.exe:UDP
"{DABA1797-72EA-4FD2-9C74-E47EA12CBCF3}"= UDP:c:\windows\explorer.exe:TCP
"{7B15EF3A-BFEE-42CE-B702-2BD45A9DB19F}"= TCP:c:\windows\explorer.exe:TCP
"{BABBB47F-5F02-45F8-A50B-FE16E9872199}"= TCP:c:\windows\System32\ftp.exe:UDP
"TCP Query User{376CAF52-ACFA-4B59-93BC-325C191196BB}c:\\program files\\bearshare applications\\bearshare\\bearshare.exe"= UDP:c:\program files\bearshare applications\bearshare\bearshare.exe:BearShare
"UDP Query User{D6D08D2B-B389-46BC-A100-55F8CD2B6AF4}c:\\program files\\bearshare applications\\bearshare\\bearshare.exe"= TCP:c:\program files\bearshare applications\bearshare\bearshare.exe:BearShare
"{09FE4D5E-81ED-43A9-AF13-0BBFB29228CC}"= c:\program files\AVG\AVG8\avgnsx.exe:avgnsx.exe
"{FCC203BB-3467-4C89-A3A1-63854905AAF1}"= c:\program files\AVG\AVG8\avgupd.exe:avgupd.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

R2 DQLWinService;DQLWinService; [x]
R2 NMSCore;Intel® NMSCore; [x]
R2 QualityManager;Intel® Quality Manager; [x]
R3 ACSSCR;ACR38 Smart Card Reader;c:\windows\system32\DRIVERS\a38usb.sys [2007-01-12 35712]
R3 MBAMSwissArmy;MBAMSwissArmy; [x]
S0 AvgRkx86;avgrkx86.sys;c:\windows\System32\Drivers\avgrkx86.sys [2009-04-13 12552]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2009-04-26 64160]
S1 Avgfwfd;AVG network filter service;c:\windows\system32\DRIVERS\avgfwd6x.sys [2009-04-13 23832]
S1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\System32\Drivers\avgldx86.sys [2009-04-13 325640]
S1 AvgTdiX;AVG8 Network Redirector;c:\windows\System32\Drivers\avgtdix.sys [2009-04-13 108552]
S2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-04-13 298264]
S2 avgfws8;AVG8 Firewall;c:\progra~1\AVG\AVG8\avgfws8.exe [2009-04-13 1356616]
S2 fssfltr;fssfltr;c:\windows\system32\DRIVERS\fssfltr.sys [2008-12-08 55264]
S2 fsssvc;Windows Live Family Safety;c:\program files\Windows Live\Family Safety\fsssvc.exe [2009-02-06 533360]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2009-04-26 953168]
S2 nmsunidr;UniDriver for NMS;c:\windows\system32\DRIVERS\nmsunidr.sys [2007-02-18 5376]
S2 TVECapSvc;TVEnhance Background Capture Service (TBCS);c:\program files\HomeCinema\TV Enhance\Kernel\TV\TVECapSvc.exe [2009-04-12 294912]
S2 TVESched;TVEnhance Task Scheduler (TTS));c:\program files\HomeCinema\TV Enhance\Kernel\TV\TVESched.exe [2009-04-12 118784]
S3 3xHybrid;Philips SAA713x PCI Card;c:\windows\system32\DRIVERS\3xHybrid.sys [2008-01-08 1302368]
S3 IntelDH;IntelDH Driver;c:\windows\system32\Drivers\IntelDH.sys [2007-10-30 5632]
S3 netr28u;RT2870 USB Wireless LAN Card Driver for Vista;c:\windows\system32\DRIVERS\netr28u.sys [2007-09-21 554496]
S3 X10Hid;X10 Hid Device;c:\windows\system32\Drivers\x10hid.sys [2006-11-17 13976]


--- Andere Services/Drivers In Geheugen ---

*Deregistered* - sptd

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
.
Inhoud van de 'Gedeelde Taken' map

2009-04-13 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-01-18 15:29]

2009-04-12 c:\windows\Tasks\OGADaily.job
- c:\windows\system32\OGAVerify.exe [2008-12-31 16:04]

2009-04-13 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAVerify.exe [2008-12-31 16:04]
.
.
------- Bijkomende Scan -------
.
uStart Page = hxxp://www.hotmail.com/
mSearch Bar = hxxp://www.google.com/ie
IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
Trusted Zone: nukezone.nu\www
FF - ProfilePath - c:\users\kweeki\AppData\Roaming\Mozilla\Firefox\Profiles\4p0ebzhp.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.nukezone.nu/
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npOGAPlugin.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-03 22:04
Windows 6.0.6001 Service Pack 1 NTFS

scannen van verborgen processen ...

scannen van verborgen autostart items ...

scannen van verborgen bestanden ...


c:\windows\system32\drivers\ovfsthsreeyqctpppoxptmqptvoihkwpvevdsq.sys 83968 bytes executable
c:\windows\system32\ovfsthainrnoxpbndqrrodxkmmamwpxetphmau.dat 43 bytes
c:\windows\system32\ovfsthatsmamkpbbngmovewbwtvcxbqyxtmxfm.dll 17920 bytes executable
c:\windows\system32\ovfsthhdxkntpeukclcbrlxtyhipufxrkijpen.dll 19456 bytes executable
c:\windows\system32\ovfsthlnppowoyrweqmefduswmtnugesxixiqg.dat 1634 bytes
c:\windows\system32\ovfsthvesxnpocylxqercirnttcipxxbbfscrv.dat 43 bytes
c:\windows\system32\ovfsthvisdqjbipiwarbctkcenppvruxdoibwe.dll 61440 bytes executable
c:\windows\system32\ovfsthxrbwggvlgnorctlicrmcnlmjcfpycjwd.dll 17920 bytes executable
c:\windows\system32\ovfsthxvwjypoegevvrvlsprquxfucbmgwxpxo.dll 19456 bytes executable
c:\users\kweeki\AppData\Local\Temp\ovfsthx000 0 bytes

Scan succesvol afgerond
verborgen bestanden: 10

**************************************************************************
.
--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------

[HKEY_USERS\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_USERS\SYSTEM\ControlSet001\Services\ovfsthcrdorxqiwfbmiyxueqivtmuoenxdvsso]
@DACL=(02 0000)
"start"=dword:00000001
"type"=dword:00000001
"group"="file system"
"imagepath"=expand:"\\systemroot\\system32\\drivers\\ovfsthsreeyqctpppoxptmqptvoihkwpvevdsq.sys"
"inst"=dword:00000000

[HKEY_USERS\SYSTEM\ControlSet002\Services\ovfsthcrdorxqiwfbmiyxueqivtmuoenxdvsso]
@DACL=(02 0000)
"start"=dword:00000001
"type"=dword:00000001
"group"="file system"
"imagepath"=expand:"\\systemroot\\system32\\drivers\\ovfsthsreeyqctpppoxptmqptvoihkwpvevdsq.sys"
"inst"=dword:00000000

[HKEY_USERS\SYSTEM\ControlSet003\Services\ovfsthcrdorxqiwfbmiyxueqivtmuoenxdvsso]
@DACL=(02 0000)
"start"=dword:00000001
"type"=dword:00000001
"group"="file system"
"imagepath"=expand:"\\systemroot\\system32\\drivers\\ovfsthsreeyqctpppoxptmqptvoihkwpvevdsq.sys"

[HKEY_USERS\SYSTEM\ControlSet004\Services\ovfsthcrdorxqiwfbmiyxueqivtmuoenxdvsso]
@DACL=(02 0000)
"start"=dword:00000001
"type"=dword:00000001
"group"="file system"
"imagepath"=expand:"\\systemroot\\system32\\drivers\\ovfsthsreeyqctpppoxptmqptvoihkwpvevdsq.sys"

[HKEY_USERS\SYSTEM\ControlSet005\Services\ovfsthcrdorxqiwfbmiyxueqivtmuoenxdvsso]
@DACL=(02 0000)
"start"=dword:00000001
"type"=dword:00000001
"group"="file system"
"imagepath"=expand:"\\systemroot\\system32\\drivers\\ovfsthsreeyqctpppoxptmqptvoihkwpvevdsq.sys"

[HKEY_USERS\SYSTEM\ControlSet006\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_USERS\SYSTEM\ControlSet006\Services\ovfsthcrdorxqiwfbmiyxueqivtmuoenxdvsso]
@DACL=(02 0000)
"start"=dword:00000001
"type"=dword:00000001
"group"="file system"
"imagepath"=expand:"\\systemroot\\system32\\drivers\\ovfsthsreeyqctpppoxptmqptvoihkwpvevdsq.sys"
"inst"=dword:00000000
.
------------------------ Andere Aktieve Processen ------------------------
.
c:\windows\System32\nvvsvc.exe
c:\windows\System32\audiodg.exe
c:\windows\System32\rundll32.exe
c:\progra~1\AVG\AVG8\avgam.exe
c:\progra~1\AVG\AVG8\avgrsx.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
c:\program files\Nero\Nero8\Nero BackItUp\NBService.exe
c:\progra~1\COMMON~1\X10\Common\X10nets.exe
c:\program files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe
c:\program files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe
c:\windows\System32\wbem\unsecapp.exe
c:\windows\ehome\ehsched.exe
c:\windows\ehome\ehrecvr.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\System32\rundll32.exe
c:\program files\Windows Media Player\wmpnscfg.exe
c:\windows\System32\wbem\unsecapp.exe
c:\windows\ehome\ehmsas.exe
.
**************************************************************************
.
Voltooingstijd: 2009-05-03 22:06 - machine werd herstart
ComboFix-quarantined-files.txt 2009-05-03 20:06
ComboFix2.txt 2009-05-02 21:01
ComboFix3.txt 2009-05-02 01:21

Pre-Run: 291.610.320.896 bytes beschikbaar
Post-Run: 291.493.191.680 bytes beschikbaar

Current=1 Default=1 Failed=0 LastKnownGood=6 Sets=1,2,3,4,5,6
410 --- E O F --- 2009-04-17 03:02
LoPhatPhuud
May 4 2009, 05:40 PM
You have a rookit that keeps reinstlling the files I delete. The last ComboFix run indicated that it remvoed the locked resgistry keys and hte offending files, yet the are back again.

This infectoin is apparently a lot deeper than I have tools to effectively deal with. The only siggestion I can make at this time is to back up any valuable data, then reformat the hard disk (low level) and reload Windows and your programs.

This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.
Invision Power Board © 2001-2009 Invision Power Services, Inc.