1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

TrojanProxy:Win32/Sefbov.B

Discussion in 'Virus & Other Malware Removal' started by mjb85, Apr 17, 2010.

Thread Status:
Not open for further replies.
Advertisement
  1. mjb85

    mjb85 Thread Starter

    Joined:
    Apr 17, 2010
    Messages:
    3
    Hi All,

    Yesterday I noticed I had loads of spyware on my computer (all of a sudden). I managed to get rid of a lot of them using various tools. However, one of these is detected by Microsoft Security Essentials (MSE) as 'TrojanProxy:Win32/Sefbov.B' but is unable to remove it. The trojan creates a folder in Windows/system32/temp which is empty by the time MSE wants to remove it. If I click on details in SME, the file is recognised as 'svchost.exe'.

    Below you'll find details of the Hijack report. Please, if you could have a look at this that'd be much appreciated.

    Logfile of Trend Micro HijackThis v2.0.3 (BETA)
    Scan saved at 10:04:14, on 18-4-2010
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\PROGRA~1\Enigma Software Group\SpyHunter\SH4Service.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Creative\Shared Files\CTAudSvc.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\Analog Devices\Core\smax4pnp.exe
    C:\Program Files\DU Meter\DUMeter.exe
    C:\WINDOWS\system32\WLTRAY.exe
    C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
    C:\PROGRA~1\AVG\AVG8\avgtray.exe
    C:\WINDOWS\system32\RunDll32.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Google\Gmail Notifier\gnotify.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\Skype\Phone\Skype.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Documents and Settings\Matthijs\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
    C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
    C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
    C:\Documents and Settings\Matthijs\Local Settings\Application Data\Google\Update\1.2.183.23\GoogleCrashHandler.exe
    C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    C:\PROGRA~1\AVG\AVG8\avgrsx.exe
    C:\Program Files\AVG\AVG8\avgcsrvx.exe
    C:\Program Files\Google\Update\GoogleUpdate.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Google\Update\1.2.183.23\GoogleCrashHandler.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\wbem\wmiapsrv.exe
    C:\Documents and Settings\Matthijs\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
    C:\Documents and Settings\Matthijs\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\Matthijs\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\WINDOWS\system32\SNDVOL32.EXE
    C:\Documents and Settings\Matthijs\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\Matthijs\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\Matthijs\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\Matthijs\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\Matthijs\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\Matthijs\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Program Files\TrendMicro\HiJackThis\HiJackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.nu.nl/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
    O2 - BHO: (no name) - {A6984C00-C6EB-11D4-B4A4-080000180323} - (no file)
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
    O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
    O4 - HKLM\..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray
    O4 - HKLM\..\Run: [DU Meter] C:\Program Files\DU Meter\DUMeter.exe
    O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
    O4 - HKLM\..\Run: [VolPanel] "C:\Program Files\Creative\Sound Blaster X-Fi Surround 5.1\Volume Panel\VolPanlu.exe" /r
    O4 - HKLM\..\Run: [Module Loader] C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe -StartUpRun
    O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
    O4 - HKLM\..\Run: [Creative KSRun Persistence Module] RunDll32 KSRun.dll,RunDLLEntry
    O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
    O4 - HKLM\..\Run: [SpyHunter Security Suite] C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe
    O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
    O4 - HKCU\..\Run: [NoteZilla] C:\Program Files\Conceptworld\NoteZilla\NoteZilla.exe
    O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\\Phone\Skype.exe" /nosplash /minimized
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [SRS Audio Sandbox] "C:\Program Files\SRS Labs\Audio Sandbox\SRSSSC.exe" /hideme
    O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Matthijs\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: BTTray.lnk = ?
    O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    O8 - Extra context menu item: Baixar com o Rapidown... - C:\Program Files\Rapidown\RapidownGet.htm
    O8 - Extra context menu item: Baixar tudo com o Rapidown... - C:\Program Files\Rapidown\RapidownGetAll.htm
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Verzenden naar &Bluetooth-apparaat... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
    O9 - Extra button: IE7Pro Grab and Drag - {000002a3-84fe-43f1-b958-f2c3ca804f1a} - C:\Program Files\IEPro\iepro.dll
    O9 - Extra 'Tools' menuitem: IE7Pro Grab and Drag - {000002a3-84fe-43f1-b958-f2c3ca804f1a} - C:\Program Files\IEPro\iepro.dll
    O9 - Extra button: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll
    O9 - Extra 'Tools' menuitem: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
    O9 - Extra button: Rapidown - {57E91B47-F40A-11D1-B792-444553540011} - C:\Program Files\Rapidown\Rapidown.exe (file missing)
    O9 - Extra 'Tools' menuitem: Rapidown - {57E91B47-F40A-11D1-B792-444553540011} - C:\Program Files\Rapidown\Rapidown.exe (file missing)
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O14 - IERESET.INF: START_PAGE_URL=http://www.google.com
    O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/FacebookPhotoUploader5.cab
    O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} (Image Uploader Control) - http://express.foto.com/ImageUploader5.cab
    O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
    O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
    O16 - DPF: {D6E0B119-DCF2-4CD6-8DFB-7CFF1B70F7FF} (TeamOn Import Object) - https://bis.eu.blackberry.com/html/web/client_tools/TOImport.cab
    O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} (Persits Software XUpload) - http://www.hema.nl/xupload/XUpload.ocx
    O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/softwareupdate/su2/ocx/15106/CTPID.cab
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\Skype4COM.dll
    O20 - Winlogon Notify: avgrsstarter - avgrsstx.dll (file missing)
    O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
    O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorie├źn - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
    O23 - Service: Creative Media Toolbox 6 Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\MT6Licensing.exe
    O23 - Service: Creative Audio Service (CTAudSvcService) - Creative Technology Ltd - C:\Program Files\Creative\Shared Files\CTAudSvc.exe
    O23 - Service: Google Updateservice (gupdate1c9ae5bd0290158) (gupdate1c9ae5bd0290158) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
    O23 - Service: SpyHunter 4 Service - Enigma Software Group USA, LLC. - C:\PROGRA~1\Enigma Software Group\SpyHunter\SH4Service.exe

    --
    End of file - 13279 bytes
     
  2. mjb85

    mjb85 Thread Starter

    Joined:
    Apr 17, 2010
    Messages:
    3
    By the way, I just noticed that if I perform a search on Google and click on any result, it often redirects my to a random website instead of the one I clicked on (always a different website).

    Any ideas?
     
  3. dvk01

    dvk01 Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    56,451
    First Name:
    Derek
    Delete any existing version of ComboFix you have sitting on your desktop
    Please read and follow all these instructions very carefully

    Download ComboFix from Here to your Desktop.

    **Note: It is important that it is saved directly to your desktop and run from the desktop and not any other folder on your computer**
    --------------------------------------------------------------------
    1. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

    • Very Important! Temporarily disable your anti-virus and anti-malware real-time protection and any script blocking components of them or your firewall before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results" or stop combofix running at all
    • Click on THIS LINK to see instructions on how to temporarily disable many security programs while running combofix. The list does not cover every program. If yours is not listed and you don't know how to disable it, please ask.
    • Remember to re enable the protection again after combofix has finished
    --------------------------------------------------------------------
    2. Close any open browsers and any other programs you might have running
    Double click on combofix.exe & follow the prompts.​
    If you are using windows XP It might display a pop up saying that "Recovery console is not installed, do you want to install?"
    Please select yes & let it download the files it needs to do this
    When finished, it will produce a report for you.
    Please post the "C:\ComboFix.txt" for further review


    ****Note: Do not mouseclick combofix's window while it's running. That may cause it to stall or freeze ****

    Note: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.
    Note: Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell us when you reply. Read HERE why we disable autoruns

    Please do not install any new programs or update anything (always allow your antivirus/antispyware to update) unless told to do so while we are fixing your problem. If combofix alerts to a new version and offers to update, please let it. It is essential we always use the latest version.
     
  4. mjb85

    mjb85 Thread Starter

    Joined:
    Apr 17, 2010
    Messages:
    3
    Thanks for your quick reply dvk01. Below you will find the log produced by Combofix. Apologies, I didn't mean to run this in Dutch but Combofix just did that automatically...If there's anything you'd like me to translate, please let me know.

    What to do next?

    ComboFix 10-04-17.05 - Matthijs 18-04-2010 13:04:03.1.2 - x86
    Microsoft Windows XP Professional 5.1.2600.2.1252.31.1043.18.3071.2220 [GMT 1:00]
    Gestart vanuit: c:\documents and settings\Matthijs\Bureaublad\ComboFix.exe
    AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
    .

    (((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\documents and settings\All Users\Documenten\Settings
    c:\documents and settings\Matthijs\Local Settings\Temporary Internet Files\3LxyjP.jpg
    c:\documents and settings\Matthijs\Local Settings\Temporary Internet Files\g0D4D0.jpg
    c:\documents and settings\Matthijs\Local Settings\Temporary Internet Files\nrpF3b.jpg
    c:\documents and settings\Matthijs\Local Settings\Temporary Internet Files\SNxfT15.jpg
    c:\windows\system32\drivers\RKHit.sys
    c:\windows\system32\pthreadVC.dll
    D:\Autorun.inf

    Besmet exemplaar van c:\windows\system32\drivers\ipsec.sys werd aangetroffen en gedesinfecteerd
    Hersteld exemplaar van - Kitty had a snack :p
    c:\windows\system32\dbghlp.dll . . . is geïnfecteerd!!

    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    -------\Legacy_NPF
    -------\Legacy_RKHIT


    (((((((((((((((((((( Bestanden Gemaakt van 2010-03-18 to 2010-04-18 ))))))))))))))))))))))))))))))
    .

    2010-04-18 11:48 . 2010-04-18 11:48 -------- d--h--r- c:\documents and settings\Matthijs\Onlangs geopend
    2010-04-17 22:05 . 2010-04-17 22:05 -------- d-----w- c:\documents and settings\Matthijs\Application Data\Fit3DLive
    2010-04-17 21:57 . 2010-04-17 21:57 -------- d-----w- c:\documents and settings\Matthijs\Application Data\Seeing Machines
    2010-04-17 21:56 . 2010-04-17 22:06 -------- d-----w- c:\documents and settings\All Users\Application Data\Seeing Machines
    2010-04-17 16:50 . 2010-04-17 16:50 -------- d-----w- C:\sh4ldr
    2010-04-17 16:50 . 2010-04-17 16:50 -------- d-----w- c:\program files\Enigma Software Group
    2010-04-17 16:49 . 2010-04-17 16:50 -------- d-----w- c:\windows\61D3AAE1D5214CD7939B37813DE8F955.TMP
    2010-04-17 16:49 . 2010-04-17 16:49 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
    2010-04-17 15:49 . 2010-04-17 15:49 -------- d-----w- c:\program files\TrendMicro
    2010-04-17 14:54 . 2010-03-29 23:46 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2010-04-17 14:54 . 2010-03-29 23:45 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
    2010-04-17 14:29 . 2010-04-17 18:23 41504 --sha-w- c:\windows\system32\drivers\fidbox2.dat
    2010-04-17 14:29 . 2010-04-17 16:18 1421088 --sha-w- c:\windows\system32\drivers\fidbox.dat
    2010-04-17 14:24 . 2010-04-17 14:13 15880 ----a-w- c:\windows\system32\lsdelete.exe
    2010-04-17 14:23 . 2010-04-17 14:23 -------- d-----w- c:\documents and settings\LocalService\Bureaublad
    2010-04-17 14:15 . 2010-04-17 16:33 -------- d-----w- c:\program files\Common Files\ParetoLogic
    2010-04-17 14:15 . 2010-04-17 16:33 -------- d-----w- c:\documents and settings\All Users\Application Data\ParetoLogic
    2010-04-17 14:15 . 2010-04-17 14:15 -------- d-----w- c:\documents and settings\All Users\Application Data\ParetoLogic Anti-Virus PLUS
    2010-04-17 14:13 . 2010-02-04 15:53 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
    2010-04-17 14:13 . 2010-04-17 14:13 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
    2010-04-17 14:08 . 2010-04-17 14:08 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}
    2010-04-17 14:07 . 2010-04-17 14:08 -------- d-----w- c:\program files\Lavasoft
    2010-04-17 09:41 . 2010-04-17 09:42 -------- d-----w- c:\program files\AdAwarePortable
    2010-04-17 09:28 . 2010-04-17 09:28 -------- d-----w- c:\documents and settings\Matthijs\Local Settings\Application Data\PCHealth
    2010-04-17 09:28 . 2010-04-17 09:28 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Adobe
    2010-04-17 09:28 . 2010-04-17 14:55 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2010-04-17 00:12 . 2010-04-17 00:13 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
    2010-04-16 23:16 . 2010-02-24 09:16 181632 ------w- c:\windows\system32\MpSigStub.exe
    2010-04-16 22:33 . 2010-04-12 16:29 411368 ----a-w- c:\windows\system32\deployJava1.dll
    2010-04-16 22:27 . 2010-04-16 22:27 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
    2010-04-16 19:44 . 2010-04-16 19:44 -------- d-----w- c:\documents and settings\Matthijs\Application Data\Malwarebytes
    2010-04-16 19:44 . 2010-04-16 19:44 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
    2010-03-31 22:51 . 2010-03-31 22:51 -------- d-----w- c:\program files\Common Files\Skype
    2010-03-30 19:37 . 2010-03-30 19:37 -------- d-----w- c:\program files\Veetle
    2010-03-25 18:56 . 2010-02-12 10:03 293376 ------w- c:\windows\system32\browserchoice.exe

    .
    ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2010-04-18 12:21 . 2008-08-31 03:23 -------- d-----w- c:\documents and settings\Matthijs\Application Data\Skype
    2010-04-18 09:39 . 2009-09-19 19:17 -------- d-----w- c:\documents and settings\Matthijs\Application Data\vlc
    2010-04-17 23:04 . 2009-03-20 14:14 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
    2010-04-17 22:18 . 2008-08-31 02:20 -------- d--h--w- c:\program files\InstallShield Installation Information
    2010-04-17 21:55 . 2010-04-17 21:55 10134 ----a-r- c:\documents and settings\Matthijs\Application Data\Microsoft\Installer\{754854DC-2E0A-49D8-A1A1-426C1F9B1459}\ARPPRODUCTICON.exe
    2010-04-17 19:46 . 2008-11-14 12:32 664 ----a-w- c:\windows\system32\d3d9caps.dat
    2010-04-17 18:23 . 2009-02-27 19:47 -------- d-----w- c:\program files\AVG
    2010-04-17 18:21 . 2009-02-27 17:47 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8
    2010-04-17 16:50 . 2010-04-17 16:50 110080 ----a-r- c:\documents and settings\Matthijs\Application Data\Microsoft\Installer\{61D3AAE1-D521-4CD7-939B-37813DE8F955}\IconF7A21AF7.exe
    2010-04-17 16:50 . 2010-04-17 16:50 110080 ----a-r- c:\documents and settings\Matthijs\Application Data\Microsoft\Installer\{61D3AAE1-D521-4CD7-939B-37813DE8F955}\IconD7F16134.exe
    2010-04-17 16:34 . 2008-08-31 14:55 -------- d-----w- c:\program files\Java
    2010-04-17 16:34 . 2008-08-31 14:55 -------- d-----w- c:\program files\Common Files\Java
    2010-04-17 16:08 . 2010-04-17 16:08 79488 ----a-w- c:\documents and settings\Matthijs\Application Data\Sun\Java\jre1.6.0_20\gtapi.dll
    2010-04-17 16:08 . 2010-04-17 16:08 152576 ----a-w- c:\documents and settings\Matthijs\Application Data\Sun\Java\jre1.6.0_20\lzma.dll
    2010-04-17 15:49 . 2010-04-17 15:49 388096 ----a-r- c:\documents and settings\Matthijs\Application Data\Microsoft\Installer\{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}\HiJackThis.exe
    2010-04-17 14:30 . 2010-04-17 14:30 125952 ----a-w- c:\documents and settings\All Users\Application Data\ParetoLogic\UUS2\Temp\Update.exe
    2010-04-17 14:29 . 2010-04-17 14:29 32 --sha-w- c:\windows\system32\drivers\fidbox2.idx
    2010-04-17 14:29 . 2010-04-17 14:29 32 --sha-w- c:\windows\system32\drivers\fidbox.idx
    2010-04-17 14:24 . 2008-08-31 12:11 -------- d-----w- c:\program files\FlashFXP
    2010-04-17 14:13 . 2010-04-17 14:13 95024 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\Drivers\SBREDrv.sys
    2010-04-17 14:13 . 2010-04-17 14:13 598368 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\EmailScanner.dll
    2010-04-17 14:13 . 2010-04-17 14:13 885736 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\threatwork.exe
    2010-04-17 14:13 . 2010-04-17 14:13 566608 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\sbap.dll
    2010-04-17 14:13 . 2010-04-17 14:13 15880 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\lsdelete.exe
    2010-04-17 14:13 . 2010-04-17 14:13 210552 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\lavamessage.dll
    2010-04-17 14:13 . 2010-04-17 14:13 393896 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\lavalicense.dll
    2010-04-17 14:13 . 2010-04-17 14:12 565392 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\aawapi.dll
    2010-04-17 09:37 . 2008-12-23 20:38 -------- d-----w- c:\program files\RegClean
    2010-04-17 09:28 . 2009-10-19 19:26 -------- d-----w- c:\program files\DVD Region+CSS Free
    2010-04-17 09:26 . 2009-02-14 20:35 -------- d-----w- c:\program files\Unlocker
    2010-04-17 09:25 . 2010-01-02 21:08 -------- d-----w- c:\program files\DVD Genie
    2010-04-16 22:34 . 2010-04-16 22:34 503808 ----a-w- c:\documents and settings\Matthijs\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-41d27edd-n\msvcp71.dll
    2010-04-16 22:34 . 2010-04-16 22:34 499712 ----a-w- c:\documents and settings\Matthijs\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-41d27edd-n\jmc.dll
    2010-04-16 22:34 . 2010-04-16 22:34 348160 ----a-w- c:\documents and settings\Matthijs\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-41d27edd-n\msvcr71.dll
    2010-04-16 22:34 . 2010-04-16 22:34 61440 ----a-w- c:\documents and settings\Matthijs\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-3f31a141-n\decora-sse.dll
    2010-04-16 22:34 . 2010-04-16 22:34 12800 ----a-w- c:\documents and settings\Matthijs\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-3f31a141-n\decora-d3d.dll
    2010-04-16 19:59 . 2009-02-14 18:46 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
    2010-04-16 19:54 . 2001-09-07 11:00 94642 ----a-w- c:\windows\system32\perfc013.dat
    2010-04-16 19:54 . 2001-09-07 11:00 520198 ----a-w- c:\windows\system32\perfh013.dat
    2010-04-15 22:34 . 2010-04-15 22:34 16 ----a-w- c:\windows\system32\config\systemprofile\Application Data\egodnu.dat
    2010-04-15 11:07 . 2009-05-14 10:31 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
    2010-04-12 17:49 . 2008-08-31 11:24 -------- d-----w- c:\program files\Google
    2010-03-31 22:50 . 2008-08-31 03:23 -------- d-----w- c:\documents and settings\Matthijs\Application Data\skypePM
    2010-03-24 18:17 . 2010-03-24 08:04 952768 ----a-w- c:\documents and settings\All Users\Application Data\Adobe\Reader\9.3\ARM\15695\AdobeARM.exe
    2010-03-24 18:17 . 2010-03-24 08:04 70584 ----a-w- c:\documents and settings\All Users\Application Data\Adobe\Reader\9.3\ARM\15695\AdobeExtractFiles.dll
    2010-03-24 18:17 . 2010-03-24 08:04 326056 ----a-w- c:\documents and settings\All Users\Application Data\Adobe\Reader\9.3\ARM\15695\ReaderUpdater.exe
    2010-03-24 18:17 . 2010-03-24 08:04 326056 ----a-w- c:\documents and settings\All Users\Application Data\Adobe\Reader\9.3\ARM\15695\AcrobatUpdater.exe
    2010-03-14 21:16 . 2010-03-14 21:16 737280 ----a-w- c:\windows\iun6002.exe
    2010-03-10 06:17 . 2004-08-03 23:03 420352 ----a-w- c:\windows\system32\vbscript.dll
    2010-02-27 18:55 . 2008-09-01 13:29 -------- d-----w- c:\program files\Common Files\Adobe
    2010-02-27 11:16 . 2009-01-21 00:17 -------- d-----w- c:\documents and settings\Matthijs\Application Data\Belastingdienst
    2010-02-25 06:20 . 2004-08-03 23:03 916480 ----a-w- c:\windows\system32\wininet.dll
    2010-02-24 12:31 . 2004-08-03 21:15 454016 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
    2010-02-16 19:27 . 2004-08-03 22:58 2148352 ----a-w- c:\windows\system32\ntoskrnl.exe
    2010-02-16 19:26 . 2004-08-04 00:58 2026496 ----a-w- c:\windows\system32\ntkrnlpa.exe
    2010-02-12 04:47 . 2004-08-03 23:03 100864 ----a-w- c:\windows\system32\6to4svc.dll
    2010-02-11 12:01 . 2004-08-03 21:07 226880 ----a-w- c:\windows\system32\drivers\tcpip6.sys
    2010-02-04 15:53 . 2010-04-17 14:08 2954656 -c--a-w- c:\documents and settings\All Users\Application Data\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}\Ad-AwareInstaller.exe
    .

    ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-09-18 68856]
    "Skype"="c:\program files\Skype\\Phone\Skype.exe" [2010-04-06 26102056]
    "Google Update"="c:\documents and settings\Matthijs\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2010-03-18 136176]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-01-18 1028096]
    "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
    "SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2007-01-05 872448]
    "DU Meter"="c:\program files\DU Meter\DUMeter.exe" [2005-02-01 1469952]
    "Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2009-01-10 1945600]
    "VolPanel"="c:\program files\Creative\Sound Blaster X-Fi Surround 5.1\Volume Panel\VolPanlu.exe" [2007-12-19 217192]
    "Module Loader"="c:\program files\Creative\Shared Files\Module Loader\DLLML.exe" [2007-07-23 57344]
    "AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2010-03-24 2046816]
    "Creative KSRun Persistence Module"="KSRun.dll" [2008-02-12 16896]
    "BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 110592]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-04-04 36272]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]
    "{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="c:\program files\Google\Gmail Notifier\gnotify.exe" [2005-07-15 479232]
    "SpyHunter Security Suite"="c:\program files\Enigma Software Group\SpyHunter\SpyHunter4.exe" [2010-04-08 3021208]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-03 15360]

    c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\
    BTTray.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-2-6 561213]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
    "NoResolveTrack"= 1 (0x1)

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
    2009-08-18 10:31 11952 ----a-w- c:\windows\system32\avgrsstx.dll

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
    @="Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
    @="Driver"

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Desktop Manager.lnk]
    path=c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\Desktop Manager.lnk
    backup=c:\windows\pss\Desktop Manager.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Service Manager.lnk]
    path=c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\Service Manager.lnk
    backup=c:\windows\pss\Service Manager.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^Matthijs^Menu Start^Programma's^Opstarten^Adobe Gamma.lnk]
    path=c:\documents and settings\Matthijs\Menu Start\Programma's\Opstarten\Adobe Gamma.lnk
    backup=c:\windows\pss\Adobe Gamma.lnkStartup

    [HKLM\~\startupfolder\C:^Documents and Settings^Matthijs^Menu Start^Programma's^Opstarten^Dropbox.lnk]
    path=c:\documents and settings\Matthijs\Menu Start\Programma's\Opstarten\Dropbox.lnk
    backup=c:\windows\pss\Dropbox.lnkStartup

    [HKLM\~\startupfolder\C:^Documents and Settings^Matthijs^Menu Start^Programma's^Opstarten^GetValidID V2 by DenniZ.vbs]
    path=c:\documents and settings\Matthijs\Menu Start\Programma's\Opstarten\GetValidID V2 by DenniZ.vbs
    backup=c:\windows\pss\GetValidID V2 by DenniZ.vbsStartup

    [HKLM\~\startupfolder\C:^Documents and Settings^Matthijs^Menu Start^Programma's^Opstarten^Logitech . Productregistratie.lnk]
    path=c:\documents and settings\Matthijs\Menu Start\Programma's\Opstarten\Logitech . Productregistratie.lnk
    backup=c:\windows\pss\Logitech . Productregistratie.lnkStartup

    [HKLM\~\startupfolder\C:^Documents and Settings^Matthijs^Menu Start^Programma's^Opstarten^Rapidown.lnk]
    path=c:\documents and settings\Matthijs\Menu Start\Programma's\Opstarten\Rapidown.lnk
    backup=c:\windows\pss\Rapidown.lnkStartup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
    c:\windows\system32\dumprep 0 -k [X]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
    2010-04-04 05:42 36272 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Creative KSRun Persistence Module]
    2008-02-12 08:56 16896 ----a-r- c:\windows\system32\KSRun.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
    2010-03-18 19:55 136176 ----atw- c:\documents and settings\Matthijs\Local Settings\Application Data\Google\Update\GoogleUpdate.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpWirelessAssistant]
    2007-05-11 11:21 472632 ----a-w- c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMSCMig]
    2007-04-02 20:42 17248 ----a-w- c:\progra~1\COMMON~1\MICROS~1\IME\IMSC40A\IMSCMIG.EXE

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Livestation]
    2009-03-30 22:58 2027520 ----a-w- c:\program files\Livestation\Livestation.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QlbCtrl.exe]
    2008-06-03 15:40 177456 ----a-w- c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Recguard]
    2005-12-20 15:51 1187840 ------w- c:\windows\SMINST\Recguard.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Reminder]
    2006-03-09 16:38 806912 ------w- c:\windows\CREATOR\Remind_XP.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Scheduler]
    2006-10-09 10:23 697976 ------w- c:\windows\SMINST\Scheduler.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VX3000]
    2006-12-05 14:39 707360 ----a-w- c:\windows\vVX3000.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
    "Nero BackItUp Scheduler 4.0"=2 (0x2)
    "HotspotShieldService"=2 (0x2)
    "FLEXnet Licensing Service"=3 (0x3)
    "RichVideo"=2 (0x2)
    "SentinelProtectionServer"=2 (0x2)
    "S24EventMonitor"=2 (0x2)
    "EvtEng"=2 (0x2)
    "RegSrvc"=2 (0x2)
    "PCA"=2 (0x2)
    "wltrysvc"=2 (0x2)
    "idsvc"=3 (0x3)
    "Creative Service for CDROM Access"=2 (0x2)
    "Creative Audio Engine Licensing Service"=3 (0x3)
    "Pml Driver HPZ12"=2 (0x2)
    "HP Status Server"=3 (0x3)
    "HP Port Resolver"=3 (0x3)
    "aawservice"=3 (0x3)
    "HDD & SSD access service"=2 (0x2)
    "ACDaemon"=2 (0x2)
    "rpcapd"=2 (0x2)
    "AffinegyService"=2 (0x2)

    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "AntiVirusOverride"=dword:00000001
    "FirewallOverride"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Skype\\Phone\\Skype.exe"=

    R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [17-4-2010 15:13 64288]
    R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [27-2-2009 20:48 335240]
    R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [27-2-2009 20:47 297752]
    R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [4-2-2010 16:52 1265264]
    R2 SpyHunter 4 Service;SpyHunter 4 Service;c:\progra~1\Enigma Software Group\SpyHunter\SH4Service.exe [24-3-2010 18:48 323992]
    S0 oefrl;oefrl; [x]
    S0 qbufpbm;qbufpbm; [x]
    S1 MpKsl9f536932;MpKsl9f536932;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{D46CED96-FCAF-4507-BB3B-B80CEB66BE95}\MpKsl9f536932.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{D46CED96-FCAF-4507-BB3B-B80CEB66BE95}\MpKsl9f536932.sys [?]
    S2 gupdate1c9ae5bd0290158;Google Updateservice (gupdate1c9ae5bd0290158);c:\program files\Google\Update\GoogleUpdate.exe [26-3-2009 22:42 133104]
    S3 audiobridge;Virtual Audio Bridge;c:\windows\system32\drivers\aubridge.sys [23-7-2007 16:04 22528]
    S3 Creative Media Toolbox 6 Licensing Service;Creative Media Toolbox 6 Licensing Service;c:\program files\Common Files\Creative Labs Shared\Service\MT6Licensing.exe [3-2-2009 11:08 79360]
    S3 DNINDIS5;DNINDIS5 NDIS Protocol Driver;c:\windows\system32\DNINDIS5.sys [31-7-2009 19:58 17149]
    S3 ksaud;Creative USB Audio Driver;c:\windows\system32\drivers\ksaud.sys [3-2-2009 11:02 414464]
    S3 ksaudfl;ksaudfl;c:\windows\system32\drivers\ksaudfl.sys [3-2-2009 11:02 1669760]
    S4 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [3-2-2009 11:22 79360]
    S4 HDD & SSD access service;HDD & SSD access service;"c:\program files\Common Files\BinarySense\disksvc.exe" --> c:\program files\Common Files\BinarySense\disksvc.exe [?]
    S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [31-8-2008 4:11 611064]
    .
    Inhoud van de 'Gedeelde Taken' map

    2010-04-18 c:\windows\Tasks\Ad-Aware Update (Weekly).job
    - c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-02-04 14:12]

    2010-04-18 c:\windows\Tasks\Google Software Updater.job
    - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-08-31 14:14]

    2010-03-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore1cac6d5cb56f52.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2009-03-26 21:42]

    2009-11-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2009-03-26 21:42]

    2010-04-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-220523388-651377827-839522115-1003Core.job
    - c:\documents and settings\Matthijs\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-04-17 19:55]

    2009-11-08 c:\windows\Tasks\User_Feed_Synchronization-{C4D65033-9DD6-4B1D-BCC0-D8C3628E2257}.job
    - c:\windows\system32\msfeedssync.exe [2007-08-13 03:31]
    .
    .
    ------- Bijkomende Scan -------
    .
    uStart Page = hxxp://www.nu.nl/
    uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
    uInternet Settings,ProxyOverride = local
    uSearchAssistant = hxxp://www.google.com/ie
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    IE: Baixar com o Rapidown... - c:\program files\Rapidown\RapidownGet.htm
    IE: Baixar tudo com o Rapidown... - c:\program files\Rapidown\RapidownGetAll.htm
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    IE: Verzenden naar &Bluetooth-apparaat... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
    IE: {{57E91B47-F40A-11D1-B792-444553540011} - c:\program files\Rapidown\Rapidown.exe
    FF - ProfilePath - c:\documents and settings\Matthijs\Application Data\Mozilla\Firefox\Profiles\jeqpxxi6.default\
    FF - prefs.js: network.proxy.http - localhost
    FF - prefs.js: network.proxy.http_port - 9666
    FF - prefs.js: network.proxy.socks - localhost
    FF - prefs.js: network.proxy.socks_port - 9050
    FF - prefs.js: network.proxy.ssl - localhost
    FF - prefs.js: network.proxy.ssl_port - 9666
    FF - prefs.js: network.proxy.type - 1
    FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
    FF - plugin: c:\program files\Virtual Earth 3D\npVE3D.dll
    FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
    .
    - - - - ORPHANS VERWIJDERD - - - -

    WebBrowser-{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - (no file)
    HKCU-Run-NoteZilla - c:\program files\Conceptworld\NoteZilla\NoteZilla.exe
    HKCU-Run-SRS Audio Sandbox - c:\program files\SRS Labs\Audio Sandbox\SRSSSC.exe
    HKLM-Run-SunJavaUpdateSched - c:\program files\Java\jre6\bin\jusched.exe
    MSConfigStartUp-ArcSoft Connection Service - c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
    MSConfigStartUp-CanonSolutionMenu - c:\program files\Canon\SolutionMenu\CNSLMAIN.exe
    MSConfigStartUp-egui - c:\program files\ESET\ESET Smart Security\egui.exe
    MSConfigStartUp-IntelWireless - c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
    MSConfigStartUp-IntelZeroConfig - c:\program files\Intel\WiFi\bin\ZCfgSvc.exe
    MSConfigStartUp-LifeCam - c:\program files\Microsoft LifeCam\LifeExp.exe
    MSConfigStartUp-MMReminderService - c:\program files\Mindjet\MindManager 8\MMReminderService.exe
    MSConfigStartUp-msnmsgr - c:\program files\Windows Live\Messenger\msnmsgr.exe
    MSConfigStartUp-NodLogin - c:\program files\ESET\ESET Smart Security\nodlogin.exe
    MSConfigStartUp-NoteZilla - c:\program files\Conceptworld\NoteZilla\NoteZilla.exe
    MSConfigStartUp-TrialReset - c:\windows\regx32.exe
    MSConfigStartUp-Vidalia - c:\program files\Vidalia Bundle\Vidalia\vidalia.exe
    AddRemove-ActiveTouchMeetingClient - c:\docume~1\Matthijs\LOCALS~1\APPLIC~1\Google\Chrome\APPLIC~1\plugins\atcliun.exe



    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2010-04-18 13:17
    Windows 5.1.2600 Service Pack 2 NTFS

    scannen van verborgen processen ...

    scannen van verborgen autostart items ...

    HKCU\Software\Microsoft\Windows\CurrentVersion\Run
    NoteZilla = c:\program files\Conceptworld\NoteZilla\NoteZilla.exe????? ?(???d?"|-???T???????SOFTWARE\Microsoft\Windows\C

    scannen van verborgen bestanden ...

    Scan succesvol afgerond
    verborgen bestanden: 0

    **************************************************************************
    .
    --------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------

    [HKEY_USERS\S-1-5-21-220523388-651377827-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{00FA8592-A8E2-0558-9948-CB65E79F1867}*]
    @Allowed: (Read) (RestrictedCode)
    @Allowed: (Read) (RestrictedCode)
    "abcikldgebcagikcpjmppoifiejbfkbnci"=hex:70,61,61,69,65,6c,65,67,70,62,69,68,
    69,67,63,66,6d,62,67,68,67,66,6a,66,64,67,66,70,69,6b,6d,68,00,00
    "madilmjmlinhfapapillalbakk"=hex:6f,61,63,6b,62,61,62,70,64,6c,66,66,6d,67,6c,
    61,64,6c,70,62,6e,69,6c,63,62,6c,6c,6f,6f,6d,00,68
    .
    --------------------- DLLs Geladen Onder Lopende Processen ---------------------

    - - - - - - - > 'winlogon.exe'(736)
    c:\windows\system32\Ati2evxx.dll

    - - - - - - - > 'explorer.exe'(2808)
    c:\windows\system32\btmmhook.dll
    c:\windows\system32\webcheck.dll
    c:\windows\system32\WPDShServiceObj.dll
    c:\windows\system32\btncopy.dll
    c:\windows\system32\PortableDeviceTypes.dll
    c:\windows\system32\PortableDeviceApi.dll
    .
    ------------------------ Andere Aktieve Processen ------------------------
    .
    c:\windows\system32\Ati2evxx.exe
    c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
    c:\windows\system32\Ati2evxx.exe
    c:\program files\Creative\Shared Files\CTAudSvc.exe
    c:\program files\Java\jre6\bin\jqs.exe
    c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    c:\progra~1\AVG\AVG8\avgrsx.exe
    c:\program files\Google\Update\1.2.183.23\GoogleCrashHandler.exe
    c:\program files\AVG\AVG8\avgcsrvx.exe
    c:\windows\system32\wbem\unsecapp.exe
    c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
    c:\windows\system32\RunDll32.exe
    c:\windows\system32\rundll32.exe
    c:\program files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
    c:\program files\Skype\Phone\Skype.exe
    c:\progra~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
    c:\documents and settings\Matthijs\Local Settings\Application Data\Google\Update\1.2.183.23\GoogleCrashHandler.exe
    c:\windows\system32\wbem\wmiapsrv.exe
    c:\program files\Lavasoft\Ad-Aware\AAWTray.exe
    .
    **************************************************************************
    .
    Voltooingstijd: 2010-04-18 13:27:29 - machine werd herstart
    ComboFix-quarantined-files.txt 2010-04-18 12:27

    Pre-Run: 15.950.684.160 bytes beschikbaar
    Post-Run: 16.376.987.648 bytes beschikbaar

    WindowsXP-KB310994-SP2-Pro-BootDisk-NLD.exe
    [boot loader]
    timeout=2
    default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
    [operating systems]
    c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
    multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

    - - End Of File - - 17EA16D4D6D2507CABD6BAF414DEEE22
     
  5. dvk01

    dvk01 Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    56,451
    First Name:
    Derek
    how is it now, looks like there might be a bit more to do

    download gmer rootkit detector from http://gmer.net

    unzip it & double click the gmer.exe file

    It will do a quick scan automatically, when that finishes if it says "rootkit activity detected" then Stop there & press copy & post back the log it makes.
    Do NOT allow it to perform a full scan at this time

    If there is No warning of rootkit activity then select the rootkit tab & press scan. When it finishes press copy & post back the log it makes
     
  6. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Similar Threads - TrojanProxy Win32 Sefbov
  1. Olddog20
    Replies:
    0
    Views:
    378
  2. Sumfeg
    Replies:
    0
    Views:
    1,249
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/917479

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice