TrojanProxy:Win32/Sefbov.B

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

mjb85

Thread Starter
Joined
Apr 17, 2010
Messages
3
Hi All,

Yesterday I noticed I had loads of spyware on my computer (all of a sudden). I managed to get rid of a lot of them using various tools. However, one of these is detected by Microsoft Security Essentials (MSE) as 'TrojanProxy:Win32/Sefbov.B' but is unable to remove it. The trojan creates a folder in Windows/system32/temp which is empty by the time MSE wants to remove it. If I click on details in SME, the file is recognised as 'svchost.exe'.

Below you'll find details of the Hijack report. Please, if you could have a look at this that'd be much appreciated.

Logfile of Trend Micro HijackThis v2.0.3 (BETA)
Scan saved at 10:04:14, on 18-4-2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\PROGRA~1\Enigma Software Group\SpyHunter\SH4Service.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Creative\Shared Files\CTAudSvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\DU Meter\DUMeter.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\RunDll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Matthijs\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Documents and Settings\Matthijs\Local Settings\Application Data\Google\Update\1.2.183.23\GoogleCrashHandler.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Google\Update\1.2.183.23\GoogleCrashHandler.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Documents and Settings\Matthijs\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Documents and Settings\Matthijs\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Matthijs\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\SNDVOL32.EXE
C:\Documents and Settings\Matthijs\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Matthijs\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Matthijs\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Matthijs\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Matthijs\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Matthijs\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\TrendMicro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.nu.nl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {A6984C00-C6EB-11D4-B4A4-080000180323} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray
O4 - HKLM\..\Run: [DU Meter] C:\Program Files\DU Meter\DUMeter.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [VolPanel] "C:\Program Files\Creative\Sound Blaster X-Fi Surround 5.1\Volume Panel\VolPanlu.exe" /r
O4 - HKLM\..\Run: [Module Loader] C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe -StartUpRun
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [Creative KSRun Persistence Module] RunDll32 KSRun.dll,RunDLLEntry
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [SpyHunter Security Suite] C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [NoteZilla] C:\Program Files\Conceptworld\NoteZilla\NoteZilla.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SRS Audio Sandbox] "C:\Program Files\SRS Labs\Audio Sandbox\SRSSSC.exe" /hideme
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Matthijs\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: BTTray.lnk = ?
O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Baixar com o Rapidown... - C:\Program Files\Rapidown\RapidownGet.htm
O8 - Extra context menu item: Baixar tudo com o Rapidown... - C:\Program Files\Rapidown\RapidownGetAll.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Verzenden naar &Bluetooth-apparaat... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: IE7Pro Grab and Drag - {000002a3-84fe-43f1-b958-f2c3ca804f1a} - C:\Program Files\IEPro\iepro.dll
O9 - Extra 'Tools' menuitem: IE7Pro Grab and Drag - {000002a3-84fe-43f1-b958-f2c3ca804f1a} - C:\Program Files\IEPro\iepro.dll
O9 - Extra button: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll
O9 - Extra 'Tools' menuitem: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra button: Rapidown - {57E91B47-F40A-11D1-B792-444553540011} - C:\Program Files\Rapidown\Rapidown.exe (file missing)
O9 - Extra 'Tools' menuitem: Rapidown - {57E91B47-F40A-11D1-B792-444553540011} - C:\Program Files\Rapidown\Rapidown.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.google.com
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/FacebookPhotoUploader5.cab
O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} (Image Uploader Control) - http://express.foto.com/ImageUploader5.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
O16 - DPF: {D6E0B119-DCF2-4CD6-8DFB-7CFF1B70F7FF} (TeamOn Import Object) - https://bis.eu.blackberry.com/html/web/client_tools/TOImport.cab
O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} (Persits Software XUpload) - http://www.hema.nl/xupload/XUpload.ocx
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/softwareupdate/su2/ocx/15106/CTPID.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\Skype4COM.dll
O20 - Winlogon Notify: avgrsstarter - avgrsstx.dll (file missing)
O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Creative Media Toolbox 6 Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\MT6Licensing.exe
O23 - Service: Creative Audio Service (CTAudSvcService) - Creative Technology Ltd - C:\Program Files\Creative\Shared Files\CTAudSvc.exe
O23 - Service: Google Updateservice (gupdate1c9ae5bd0290158) (gupdate1c9ae5bd0290158) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: SpyHunter 4 Service - Enigma Software Group USA, LLC. - C:\PROGRA~1\Enigma Software Group\SpyHunter\SH4Service.exe

--
End of file - 13279 bytes
 

mjb85

Thread Starter
Joined
Apr 17, 2010
Messages
3
By the way, I just noticed that if I perform a search on Google and click on any result, it often redirects my to a random website instead of the one I clicked on (always a different website).

Any ideas?
 

dvk01

Derek
Retired Moderator Retired Malware Specialist
Joined
Dec 14, 2002
Messages
56,452
Delete any existing version of ComboFix you have sitting on your desktop
Please read and follow all these instructions very carefully

Download ComboFix from Here to your Desktop.

**Note: It is important that it is saved directly to your desktop and run from the desktop and not any other folder on your computer**
--------------------------------------------------------------------
1. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

  • Very Important! Temporarily disable your anti-virus and anti-malware real-time protection and any script blocking components of them or your firewall before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results" or stop combofix running at all
  • Click on THIS LINK to see instructions on how to temporarily disable many security programs while running combofix. The list does not cover every program. If yours is not listed and you don't know how to disable it, please ask.
  • Remember to re enable the protection again after combofix has finished
--------------------------------------------------------------------
2. Close any open browsers and any other programs you might have running
Double click on combofix.exe & follow the prompts.​
If you are using windows XP It might display a pop up saying that "Recovery console is not installed, do you want to install?"
Please select yes & let it download the files it needs to do this
When finished, it will produce a report for you.
Please post the "C:\ComboFix.txt" for further review


****Note: Do not mouseclick combofix's window while it's running. That may cause it to stall or freeze ****

Note: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.
Note: Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell us when you reply. Read HERE why we disable autoruns

Please do not install any new programs or update anything (always allow your antivirus/antispyware to update) unless told to do so while we are fixing your problem. If combofix alerts to a new version and offers to update, please let it. It is essential we always use the latest version.
 

mjb85

Thread Starter
Joined
Apr 17, 2010
Messages
3
Thanks for your quick reply dvk01. Below you will find the log produced by Combofix. Apologies, I didn't mean to run this in Dutch but Combofix just did that automatically...If there's anything you'd like me to translate, please let me know.

What to do next?

ComboFix 10-04-17.05 - Matthijs 18-04-2010 13:04:03.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.31.1043.18.3071.2220 [GMT 1:00]
Gestart vanuit: c:\documents and settings\Matthijs\Bureaublad\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Documenten\Settings
c:\documents and settings\Matthijs\Local Settings\Temporary Internet Files\3LxyjP.jpg
c:\documents and settings\Matthijs\Local Settings\Temporary Internet Files\g0D4D0.jpg
c:\documents and settings\Matthijs\Local Settings\Temporary Internet Files\nrpF3b.jpg
c:\documents and settings\Matthijs\Local Settings\Temporary Internet Files\SNxfT15.jpg
c:\windows\system32\drivers\RKHit.sys
c:\windows\system32\pthreadVC.dll
D:\Autorun.inf

Besmet exemplaar van c:\windows\system32\drivers\ipsec.sys werd aangetroffen en gedesinfecteerd
Hersteld exemplaar van - Kitty had a snack :p
c:\windows\system32\dbghlp.dll . . . is geïnfecteerd!!

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_NPF
-------\Legacy_RKHIT


(((((((((((((((((((( Bestanden Gemaakt van 2010-03-18 to 2010-04-18 ))))))))))))))))))))))))))))))
.

2010-04-18 11:48 . 2010-04-18 11:48 -------- d--h--r- c:\documents and settings\Matthijs\Onlangs geopend
2010-04-17 22:05 . 2010-04-17 22:05 -------- d-----w- c:\documents and settings\Matthijs\Application Data\Fit3DLive
2010-04-17 21:57 . 2010-04-17 21:57 -------- d-----w- c:\documents and settings\Matthijs\Application Data\Seeing Machines
2010-04-17 21:56 . 2010-04-17 22:06 -------- d-----w- c:\documents and settings\All Users\Application Data\Seeing Machines
2010-04-17 16:50 . 2010-04-17 16:50 -------- d-----w- C:\sh4ldr
2010-04-17 16:50 . 2010-04-17 16:50 -------- d-----w- c:\program files\Enigma Software Group
2010-04-17 16:49 . 2010-04-17 16:50 -------- d-----w- c:\windows\61D3AAE1D5214CD7939B37813DE8F955.TMP
2010-04-17 16:49 . 2010-04-17 16:49 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-04-17 15:49 . 2010-04-17 15:49 -------- d-----w- c:\program files\TrendMicro
2010-04-17 14:54 . 2010-03-29 23:46 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-17 14:54 . 2010-03-29 23:45 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-17 14:29 . 2010-04-17 18:23 41504 --sha-w- c:\windows\system32\drivers\fidbox2.dat
2010-04-17 14:29 . 2010-04-17 16:18 1421088 --sha-w- c:\windows\system32\drivers\fidbox.dat
2010-04-17 14:24 . 2010-04-17 14:13 15880 ----a-w- c:\windows\system32\lsdelete.exe
2010-04-17 14:23 . 2010-04-17 14:23 -------- d-----w- c:\documents and settings\LocalService\Bureaublad
2010-04-17 14:15 . 2010-04-17 16:33 -------- d-----w- c:\program files\Common Files\ParetoLogic
2010-04-17 14:15 . 2010-04-17 16:33 -------- d-----w- c:\documents and settings\All Users\Application Data\ParetoLogic
2010-04-17 14:15 . 2010-04-17 14:15 -------- d-----w- c:\documents and settings\All Users\Application Data\ParetoLogic Anti-Virus PLUS
2010-04-17 14:13 . 2010-02-04 15:53 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2010-04-17 14:13 . 2010-04-17 14:13 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-04-17 14:08 . 2010-04-17 14:08 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}
2010-04-17 14:07 . 2010-04-17 14:08 -------- d-----w- c:\program files\Lavasoft
2010-04-17 09:41 . 2010-04-17 09:42 -------- d-----w- c:\program files\AdAwarePortable
2010-04-17 09:28 . 2010-04-17 09:28 -------- d-----w- c:\documents and settings\Matthijs\Local Settings\Application Data\PCHealth
2010-04-17 09:28 . 2010-04-17 09:28 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Adobe
2010-04-17 09:28 . 2010-04-17 14:55 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-04-17 00:12 . 2010-04-17 00:13 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
2010-04-16 23:16 . 2010-02-24 09:16 181632 ------w- c:\windows\system32\MpSigStub.exe
2010-04-16 22:33 . 2010-04-12 16:29 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-04-16 22:27 . 2010-04-16 22:27 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2010-04-16 19:44 . 2010-04-16 19:44 -------- d-----w- c:\documents and settings\Matthijs\Application Data\Malwarebytes
2010-04-16 19:44 . 2010-04-16 19:44 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-03-31 22:51 . 2010-03-31 22:51 -------- d-----w- c:\program files\Common Files\Skype
2010-03-30 19:37 . 2010-03-30 19:37 -------- d-----w- c:\program files\Veetle
2010-03-25 18:56 . 2010-02-12 10:03 293376 ------w- c:\windows\system32\browserchoice.exe

.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-18 12:21 . 2008-08-31 03:23 -------- d-----w- c:\documents and settings\Matthijs\Application Data\Skype
2010-04-18 09:39 . 2009-09-19 19:17 -------- d-----w- c:\documents and settings\Matthijs\Application Data\vlc
2010-04-17 23:04 . 2009-03-20 14:14 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
2010-04-17 22:18 . 2008-08-31 02:20 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-04-17 21:55 . 2010-04-17 21:55 10134 ----a-r- c:\documents and settings\Matthijs\Application Data\Microsoft\Installer\{754854DC-2E0A-49D8-A1A1-426C1F9B1459}\ARPPRODUCTICON.exe
2010-04-17 19:46 . 2008-11-14 12:32 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-04-17 18:23 . 2009-02-27 19:47 -------- d-----w- c:\program files\AVG
2010-04-17 18:21 . 2009-02-27 17:47 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8
2010-04-17 16:50 . 2010-04-17 16:50 110080 ----a-r- c:\documents and settings\Matthijs\Application Data\Microsoft\Installer\{61D3AAE1-D521-4CD7-939B-37813DE8F955}\IconF7A21AF7.exe
2010-04-17 16:50 . 2010-04-17 16:50 110080 ----a-r- c:\documents and settings\Matthijs\Application Data\Microsoft\Installer\{61D3AAE1-D521-4CD7-939B-37813DE8F955}\IconD7F16134.exe
2010-04-17 16:34 . 2008-08-31 14:55 -------- d-----w- c:\program files\Java
2010-04-17 16:34 . 2008-08-31 14:55 -------- d-----w- c:\program files\Common Files\Java
2010-04-17 16:08 . 2010-04-17 16:08 79488 ----a-w- c:\documents and settings\Matthijs\Application Data\Sun\Java\jre1.6.0_20\gtapi.dll
2010-04-17 16:08 . 2010-04-17 16:08 152576 ----a-w- c:\documents and settings\Matthijs\Application Data\Sun\Java\jre1.6.0_20\lzma.dll
2010-04-17 15:49 . 2010-04-17 15:49 388096 ----a-r- c:\documents and settings\Matthijs\Application Data\Microsoft\Installer\{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}\HiJackThis.exe
2010-04-17 14:30 . 2010-04-17 14:30 125952 ----a-w- c:\documents and settings\All Users\Application Data\ParetoLogic\UUS2\Temp\Update.exe
2010-04-17 14:29 . 2010-04-17 14:29 32 --sha-w- c:\windows\system32\drivers\fidbox2.idx
2010-04-17 14:29 . 2010-04-17 14:29 32 --sha-w- c:\windows\system32\drivers\fidbox.idx
2010-04-17 14:24 . 2008-08-31 12:11 -------- d-----w- c:\program files\FlashFXP
2010-04-17 14:13 . 2010-04-17 14:13 95024 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\Drivers\SBREDrv.sys
2010-04-17 14:13 . 2010-04-17 14:13 598368 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\EmailScanner.dll
2010-04-17 14:13 . 2010-04-17 14:13 885736 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\threatwork.exe
2010-04-17 14:13 . 2010-04-17 14:13 566608 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\sbap.dll
2010-04-17 14:13 . 2010-04-17 14:13 15880 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\lsdelete.exe
2010-04-17 14:13 . 2010-04-17 14:13 210552 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\lavamessage.dll
2010-04-17 14:13 . 2010-04-17 14:13 393896 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\lavalicense.dll
2010-04-17 14:13 . 2010-04-17 14:12 565392 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\aawapi.dll
2010-04-17 09:37 . 2008-12-23 20:38 -------- d-----w- c:\program files\RegClean
2010-04-17 09:28 . 2009-10-19 19:26 -------- d-----w- c:\program files\DVD Region+CSS Free
2010-04-17 09:26 . 2009-02-14 20:35 -------- d-----w- c:\program files\Unlocker
2010-04-17 09:25 . 2010-01-02 21:08 -------- d-----w- c:\program files\DVD Genie
2010-04-16 22:34 . 2010-04-16 22:34 503808 ----a-w- c:\documents and settings\Matthijs\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-41d27edd-n\msvcp71.dll
2010-04-16 22:34 . 2010-04-16 22:34 499712 ----a-w- c:\documents and settings\Matthijs\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-41d27edd-n\jmc.dll
2010-04-16 22:34 . 2010-04-16 22:34 348160 ----a-w- c:\documents and settings\Matthijs\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-41d27edd-n\msvcr71.dll
2010-04-16 22:34 . 2010-04-16 22:34 61440 ----a-w- c:\documents and settings\Matthijs\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-3f31a141-n\decora-sse.dll
2010-04-16 22:34 . 2010-04-16 22:34 12800 ----a-w- c:\documents and settings\Matthijs\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-3f31a141-n\decora-d3d.dll
2010-04-16 19:59 . 2009-02-14 18:46 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-04-16 19:54 . 2001-09-07 11:00 94642 ----a-w- c:\windows\system32\perfc013.dat
2010-04-16 19:54 . 2001-09-07 11:00 520198 ----a-w- c:\windows\system32\perfh013.dat
2010-04-15 22:34 . 2010-04-15 22:34 16 ----a-w- c:\windows\system32\config\systemprofile\Application Data\egodnu.dat
2010-04-15 11:07 . 2009-05-14 10:31 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-04-12 17:49 . 2008-08-31 11:24 -------- d-----w- c:\program files\Google
2010-03-31 22:50 . 2008-08-31 03:23 -------- d-----w- c:\documents and settings\Matthijs\Application Data\skypePM
2010-03-24 18:17 . 2010-03-24 08:04 952768 ----a-w- c:\documents and settings\All Users\Application Data\Adobe\Reader\9.3\ARM\15695\AdobeARM.exe
2010-03-24 18:17 . 2010-03-24 08:04 70584 ----a-w- c:\documents and settings\All Users\Application Data\Adobe\Reader\9.3\ARM\15695\AdobeExtractFiles.dll
2010-03-24 18:17 . 2010-03-24 08:04 326056 ----a-w- c:\documents and settings\All Users\Application Data\Adobe\Reader\9.3\ARM\15695\ReaderUpdater.exe
2010-03-24 18:17 . 2010-03-24 08:04 326056 ----a-w- c:\documents and settings\All Users\Application Data\Adobe\Reader\9.3\ARM\15695\AcrobatUpdater.exe
2010-03-14 21:16 . 2010-03-14 21:16 737280 ----a-w- c:\windows\iun6002.exe
2010-03-10 06:17 . 2004-08-03 23:03 420352 ----a-w- c:\windows\system32\vbscript.dll
2010-02-27 18:55 . 2008-09-01 13:29 -------- d-----w- c:\program files\Common Files\Adobe
2010-02-27 11:16 . 2009-01-21 00:17 -------- d-----w- c:\documents and settings\Matthijs\Application Data\Belastingdienst
2010-02-25 06:20 . 2004-08-03 23:03 916480 ----a-w- c:\windows\system32\wininet.dll
2010-02-24 12:31 . 2004-08-03 21:15 454016 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-02-16 19:27 . 2004-08-03 22:58 2148352 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-02-16 19:26 . 2004-08-04 00:58 2026496 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-02-12 04:47 . 2004-08-03 23:03 100864 ----a-w- c:\windows\system32\6to4svc.dll
2010-02-11 12:01 . 2004-08-03 21:07 226880 ----a-w- c:\windows\system32\drivers\tcpip6.sys
2010-02-04 15:53 . 2010-04-17 14:08 2954656 -c--a-w- c:\documents and settings\All Users\Application Data\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}\Ad-AwareInstaller.exe
.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-09-18 68856]
"Skype"="c:\program files\Skype\\Phone\Skype.exe" [2010-04-06 26102056]
"Google Update"="c:\documents and settings\Matthijs\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2010-03-18 136176]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-01-18 1028096]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2007-01-05 872448]
"DU Meter"="c:\program files\DU Meter\DUMeter.exe" [2005-02-01 1469952]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2009-01-10 1945600]
"VolPanel"="c:\program files\Creative\Sound Blaster X-Fi Surround 5.1\Volume Panel\VolPanlu.exe" [2007-12-19 217192]
"Module Loader"="c:\program files\Creative\Shared Files\Module Loader\DLLML.exe" [2007-07-23 57344]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2010-03-24 2046816]
"Creative KSRun Persistence Module"="KSRun.dll" [2008-02-12 16896]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 110592]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-04-04 36272]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]
"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="c:\program files\Google\Gmail Notifier\gnotify.exe" [2005-07-15 479232]
"SpyHunter Security Suite"="c:\program files\Enigma Software Group\SpyHunter\SpyHunter4.exe" [2010-04-08 3021208]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-03 15360]

c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\
BTTray.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-2-6 561213]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-08-18 10:31 11952 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Desktop Manager.lnk]
path=c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\Desktop Manager.lnk
backup=c:\windows\pss\Desktop Manager.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Service Manager.lnk]
path=c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\Service Manager.lnk
backup=c:\windows\pss\Service Manager.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Matthijs^Menu Start^Programma's^Opstarten^Adobe Gamma.lnk]
path=c:\documents and settings\Matthijs\Menu Start\Programma's\Opstarten\Adobe Gamma.lnk
backup=c:\windows\pss\Adobe Gamma.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Matthijs^Menu Start^Programma's^Opstarten^Dropbox.lnk]
path=c:\documents and settings\Matthijs\Menu Start\Programma's\Opstarten\Dropbox.lnk
backup=c:\windows\pss\Dropbox.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Matthijs^Menu Start^Programma's^Opstarten^GetValidID V2 by DenniZ.vbs]
path=c:\documents and settings\Matthijs\Menu Start\Programma's\Opstarten\GetValidID V2 by DenniZ.vbs
backup=c:\windows\pss\GetValidID V2 by DenniZ.vbsStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Matthijs^Menu Start^Programma's^Opstarten^Logitech . Productregistratie.lnk]
path=c:\documents and settings\Matthijs\Menu Start\Programma's\Opstarten\Logitech . Productregistratie.lnk
backup=c:\windows\pss\Logitech . Productregistratie.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Matthijs^Menu Start^Programma's^Opstarten^Rapidown.lnk]
path=c:\documents and settings\Matthijs\Menu Start\Programma's\Opstarten\Rapidown.lnk
backup=c:\windows\pss\Rapidown.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-04-04 05:42 36272 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Creative KSRun Persistence Module]
2008-02-12 08:56 16896 ----a-r- c:\windows\system32\KSRun.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2010-03-18 19:55 136176 ----atw- c:\documents and settings\Matthijs\Local Settings\Application Data\Google\Update\GoogleUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpWirelessAssistant]
2007-05-11 11:21 472632 ----a-w- c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMSCMig]
2007-04-02 20:42 17248 ----a-w- c:\progra~1\COMMON~1\MICROS~1\IME\IMSC40A\IMSCMIG.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Livestation]
2009-03-30 22:58 2027520 ----a-w- c:\program files\Livestation\Livestation.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QlbCtrl.exe]
2008-06-03 15:40 177456 ----a-w- c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Recguard]
2005-12-20 15:51 1187840 ------w- c:\windows\SMINST\Recguard.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Reminder]
2006-03-09 16:38 806912 ------w- c:\windows\CREATOR\Remind_XP.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Scheduler]
2006-10-09 10:23 697976 ------w- c:\windows\SMINST\Scheduler.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VX3000]
2006-12-05 14:39 707360 ----a-w- c:\windows\vVX3000.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Nero BackItUp Scheduler 4.0"=2 (0x2)
"HotspotShieldService"=2 (0x2)
"FLEXnet Licensing Service"=3 (0x3)
"RichVideo"=2 (0x2)
"SentinelProtectionServer"=2 (0x2)
"S24EventMonitor"=2 (0x2)
"EvtEng"=2 (0x2)
"RegSrvc"=2 (0x2)
"PCA"=2 (0x2)
"wltrysvc"=2 (0x2)
"idsvc"=3 (0x3)
"Creative Service for CDROM Access"=2 (0x2)
"Creative Audio Engine Licensing Service"=3 (0x3)
"Pml Driver HPZ12"=2 (0x2)
"HP Status Server"=3 (0x3)
"HP Port Resolver"=3 (0x3)
"aawservice"=3 (0x3)
"HDD & SSD access service"=2 (0x2)
"ACDaemon"=2 (0x2)
"rpcapd"=2 (0x2)
"AffinegyService"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [17-4-2010 15:13 64288]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [27-2-2009 20:48 335240]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [27-2-2009 20:47 297752]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [4-2-2010 16:52 1265264]
R2 SpyHunter 4 Service;SpyHunter 4 Service;c:\progra~1\Enigma Software Group\SpyHunter\SH4Service.exe [24-3-2010 18:48 323992]
S0 oefrl;oefrl; [x]
S0 qbufpbm;qbufpbm; [x]
S1 MpKsl9f536932;MpKsl9f536932;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{D46CED96-FCAF-4507-BB3B-B80CEB66BE95}\MpKsl9f536932.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{D46CED96-FCAF-4507-BB3B-B80CEB66BE95}\MpKsl9f536932.sys [?]
S2 gupdate1c9ae5bd0290158;Google Updateservice (gupdate1c9ae5bd0290158);c:\program files\Google\Update\GoogleUpdate.exe [26-3-2009 22:42 133104]
S3 audiobridge;Virtual Audio Bridge;c:\windows\system32\drivers\aubridge.sys [23-7-2007 16:04 22528]
S3 Creative Media Toolbox 6 Licensing Service;Creative Media Toolbox 6 Licensing Service;c:\program files\Common Files\Creative Labs Shared\Service\MT6Licensing.exe [3-2-2009 11:08 79360]
S3 DNINDIS5;DNINDIS5 NDIS Protocol Driver;c:\windows\system32\DNINDIS5.sys [31-7-2009 19:58 17149]
S3 ksaud;Creative USB Audio Driver;c:\windows\system32\drivers\ksaud.sys [3-2-2009 11:02 414464]
S3 ksaudfl;ksaudfl;c:\windows\system32\drivers\ksaudfl.sys [3-2-2009 11:02 1669760]
S4 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [3-2-2009 11:22 79360]
S4 HDD & SSD access service;HDD & SSD access service;"c:\program files\Common Files\BinarySense\disksvc.exe" --> c:\program files\Common Files\BinarySense\disksvc.exe [?]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [31-8-2008 4:11 611064]
.
Inhoud van de 'Gedeelde Taken' map

2010-04-18 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-02-04 14:12]

2010-04-18 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-08-31 14:14]

2010-03-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore1cac6d5cb56f52.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-26 21:42]

2009-11-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-26 21:42]

2010-04-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-220523388-651377827-839522115-1003Core.job
- c:\documents and settings\Matthijs\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-04-17 19:55]

2009-11-08 c:\windows\Tasks\User_Feed_Synchronization-{C4D65033-9DD6-4B1D-BCC0-D8C3628E2257}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 03:31]
.
.
------- Bijkomende Scan -------
.
uStart Page = hxxp://www.nu.nl/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Baixar com o Rapidown... - c:\program files\Rapidown\RapidownGet.htm
IE: Baixar tudo com o Rapidown... - c:\program files\Rapidown\RapidownGetAll.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Verzenden naar &Bluetooth-apparaat... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: {{57E91B47-F40A-11D1-B792-444553540011} - c:\program files\Rapidown\Rapidown.exe
FF - ProfilePath - c:\documents and settings\Matthijs\Application Data\Mozilla\Firefox\Profiles\jeqpxxi6.default\
FF - prefs.js: network.proxy.http - localhost
FF - prefs.js: network.proxy.http_port - 9666
FF - prefs.js: network.proxy.socks - localhost
FF - prefs.js: network.proxy.socks_port - 9050
FF - prefs.js: network.proxy.ssl - localhost
FF - prefs.js: network.proxy.ssl_port - 9666
FF - prefs.js: network.proxy.type - 1
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Virtual Earth 3D\npVE3D.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
- - - - ORPHANS VERWIJDERD - - - -

WebBrowser-{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - (no file)
HKCU-Run-NoteZilla - c:\program files\Conceptworld\NoteZilla\NoteZilla.exe
HKCU-Run-SRS Audio Sandbox - c:\program files\SRS Labs\Audio Sandbox\SRSSSC.exe
HKLM-Run-SunJavaUpdateSched - c:\program files\Java\jre6\bin\jusched.exe
MSConfigStartUp-ArcSoft Connection Service - c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
MSConfigStartUp-CanonSolutionMenu - c:\program files\Canon\SolutionMenu\CNSLMAIN.exe
MSConfigStartUp-egui - c:\program files\ESET\ESET Smart Security\egui.exe
MSConfigStartUp-IntelWireless - c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
MSConfigStartUp-IntelZeroConfig - c:\program files\Intel\WiFi\bin\ZCfgSvc.exe
MSConfigStartUp-LifeCam - c:\program files\Microsoft LifeCam\LifeExp.exe
MSConfigStartUp-MMReminderService - c:\program files\Mindjet\MindManager 8\MMReminderService.exe
MSConfigStartUp-msnmsgr - c:\program files\Windows Live\Messenger\msnmsgr.exe
MSConfigStartUp-NodLogin - c:\program files\ESET\ESET Smart Security\nodlogin.exe
MSConfigStartUp-NoteZilla - c:\program files\Conceptworld\NoteZilla\NoteZilla.exe
MSConfigStartUp-TrialReset - c:\windows\regx32.exe
MSConfigStartUp-Vidalia - c:\program files\Vidalia Bundle\Vidalia\vidalia.exe
AddRemove-ActiveTouchMeetingClient - c:\docume~1\Matthijs\LOCALS~1\APPLIC~1\Google\Chrome\APPLIC~1\plugins\atcliun.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-04-18 13:17
Windows 5.1.2600 Service Pack 2 NTFS

scannen van verborgen processen ...

scannen van verborgen autostart items ...

HKCU\Software\Microsoft\Windows\CurrentVersion\Run
NoteZilla = c:\program files\Conceptworld\NoteZilla\NoteZilla.exe????? ?(???d?"|-???T???????SOFTWARE\Microsoft\Windows\C

scannen van verborgen bestanden ...

Scan succesvol afgerond
verborgen bestanden: 0

**************************************************************************
.
--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------

[HKEY_USERS\S-1-5-21-220523388-651377827-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{00FA8592-A8E2-0558-9948-CB65E79F1867}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"abcikldgebcagikcpjmppoifiejbfkbnci"=hex:70,61,61,69,65,6c,65,67,70,62,69,68,
69,67,63,66,6d,62,67,68,67,66,6a,66,64,67,66,70,69,6b,6d,68,00,00
"madilmjmlinhfapapillalbakk"=hex:6f,61,63,6b,62,61,62,70,64,6c,66,66,6d,67,6c,
61,64,6c,70,62,6e,69,6c,63,62,6c,6c,6f,6f,6d,00,68
.
--------------------- DLLs Geladen Onder Lopende Processen ---------------------

- - - - - - - > 'winlogon.exe'(736)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(2808)
c:\windows\system32\btmmhook.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\btncopy.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Andere Aktieve Processen ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Creative\Shared Files\CTAudSvc.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\progra~1\AVG\AVG8\avgrsx.exe
c:\program files\Google\Update\1.2.183.23\GoogleCrashHandler.exe
c:\program files\AVG\AVG8\avgcsrvx.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
c:\windows\system32\RunDll32.exe
c:\windows\system32\rundll32.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
c:\program files\Skype\Phone\Skype.exe
c:\progra~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
c:\documents and settings\Matthijs\Local Settings\Application Data\Google\Update\1.2.183.23\GoogleCrashHandler.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\program files\Lavasoft\Ad-Aware\AAWTray.exe
.
**************************************************************************
.
Voltooingstijd: 2010-04-18 13:27:29 - machine werd herstart
ComboFix-quarantined-files.txt 2010-04-18 12:27

Pre-Run: 15.950.684.160 bytes beschikbaar
Post-Run: 16.376.987.648 bytes beschikbaar

WindowsXP-KB310994-SP2-Pro-BootDisk-NLD.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - 17EA16D4D6D2507CABD6BAF414DEEE22
 

dvk01

Derek
Retired Moderator Retired Malware Specialist
Joined
Dec 14, 2002
Messages
56,452
how is it now, looks like there might be a bit more to do

download gmer rootkit detector from http://gmer.net

unzip it & double click the gmer.exe file

It will do a quick scan automatically, when that finishes if it says "rootkit activity detected" then Stop there & press copy & post back the log it makes.
Do NOT allow it to perform a full scan at this time

If there is No warning of rootkit activity then select the rootkit tab & press scan. When it finishes press copy & post back the log it makes
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Staff online

Members online

Top