Trojan BackDoor.Generic11.ZNE

maatje

03-07-2009 17:17

ik heb sinds een aantal dagen constant de volgende melding van AVG:
Bestand: C:\windows\system32\hjgruiufqeqblt.dll
Infectie: Trojaans paard BackDoor.Generic11.ZNE
ik heb alle stappen doorlopen (spybot, adaware, cleanup, anti-malware etc.) maar blijf de foutmeldingen contant krijgen. Het enige wat mij opvalt is dat bij adaware en anti-malware deze vastlopen bij c:\windows\system32\config\software.
please help me!
hierbij de hijackthis logfile:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:52:13, on 3-7-2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Program Files\AVG\AVG8\avgrsx.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_a7e996cd\STacSV.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\Hpservice.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Windows\system32\taskeng.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\mobsync.exe
C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_030ac640\aestsrv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\FTD Watchdog\FtdMonitor.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Windows\system32\svchost.exe
C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe
C:\Windows\SMINST\BLService.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\vmnat.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\SearchIndexer.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\VMware\VMware Player\vmware-authd.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Windows\system32\vmnetdhcp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Google\Google Toolbar\GoogleToolbarUser.exe
C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\SearchProtocolHost.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=nl_nl&c=83&bd=Pavilion&pf=cnnb
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.nu.nl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=nl_nl&c=83&bd=Pavilion&pf=cnnb
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=nl_nl&c=83&bd=Pavilion&pf=cnnb
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=C:\Windows\system32\userinit.exe
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: Google Gears Helper - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.23.0\gears.dll
O2 - BHO: Cooliris Plug-In for Internet Explorer - {EAEE5C74-6D0D-4aca-9232-0DA4A7B866BA} - C:\Program Files\PicLensIE\cooliris.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKCU\..\Run: C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: “C:\Program Files\FTD Watchdog\FtdMonitor.exe”
O4 - HKUS\S-1-5-19\..\Run: %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User ‘LOCAL SERVICE’)
O4 - HKUS\S-1-5-19\..\Run: rundll32.exe oobefldr.dll,ShowWelcomeCenter (User ‘LOCAL SERVICE’)
O4 - HKUS\S-1-5-20\..\Run: %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User ‘NETWORK SERVICE’)
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.23.0\gears.dll
O9 - Extra ‘Tools’ menuitem: &Instellingen voor Gears - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.23.0\gears.dll
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra ‘Tools’ menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: Launch Cooliris - {3437D640-C91A-458f-89F5-B9095EA4C28B} - C:\Program Files\PicLensIE\cooliris.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra ‘Tools’ menuitem: Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\program files\vmware\vmware player\vsocklib.dll
O10 - Unknown file in Winsock LSP: c:\program files\vmware\vmware player\vsocklib.dll
O13 - Gopher Prefix:
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} (GMNRev Class) - http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://www.fctwente.nl/twenteradio/AxisCamControl.cab
O16 - DPF: {EAC139A9-D22D-4C29-8D1C-252BE63750F9} - http://www.cooliris.com/shared/plinstll.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_030ac640\aestsrv.exe
O23 - Service: Mobiel Apple apparaat (Apple Mobile Device) - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe
O23 - Service: Google Update Service (gupdate1c9bd3a575faa90) (gupdate1c9bd3a575faa90) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: HP Service (hpsrv) - Hewlett-Packard Corporation - C:\Windows\system32\Hpservice.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: QuickPlay Background Capture Service (QBCS) (QPCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
O23 - Service: QuickPlay Task Scheduler (QTS) (QPSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe
O23 - Service: Recovery Service for Windows - Unknown owner - C:\Windows\SMINST\BLService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_a7e996cd\STacSV.exe
O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software GmbH - C:\Windows\System32\TuneUpDefragService.exe
O23 - Service: VMware Agent Service (ufad-ws60) - VMware, Inc. - C:\Program Files\VMware\VMware Player\vmware-ufad.exe
O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Program Files\VMware\VMware Player\vmware-authd.exe
O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\Windows\system32\vmnetdhcp.exe
O23 - Service: VMware NAT Service - VMware, Inc. - C:\Windows\system32\vmnat.exe
–
End of file - 12925 bytes
Jos H

03-07-2009 20:48

Waar is dan het Mbam logje van stap 7.?
maatje

04-07-2009 11:01

Mbam heb ik verschillende keren gedraait, maar deze loopt (net als adaware) vast. Heb dus geen logfile van Mbam.
maatje

04-07-2009 15:24

ik vond op een duits forum iemand met hetzelfde probleem…
hier werd door iemand doorverwezen naar het programma: Combofix. Na het draaien hier van stond mijn PC helemaal vast. Na het opniewu opstarten van de pc was het probleem verdwenen !!!
Piet

04-07-2009 16:43

Combo fix kan je op weg helpen maar niet alle problemen oplossen.
Plaats nog een logje van Combofix en van HJT ter controle
maatje

05-07-2009 17:59

bij deze de logfile van Combofix:
ComboFix 09-07-04.05 - Maatje 05-07-2009 16:40.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.31.1043.18.3068.2279
Gestart vanuit: c:\users\Maatje\Desktop\ComboFix.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.
(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\Installer\189bb.msi
c:\windows\system32\drivers\hjgruiweqxybon.sys
c:\windows\system32\hjgruicvnjppee.dat
c:\windows\system32\hjgruipljvpvvb.dat
c:\windows\system32\hjgruiqsdxeogr.dll
c:\windows\system32\hjgruiufqeqblt.dll
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
——-\Service_hjgruiyrpnirkx
——-\Service_hjgruiyrpnirkx
(((((((((((((((((((( Bestanden Gemaakt van 2009-06-05 to 2009-07-05 ))))))))))))))))))))))))))))))
.
2009-07-05 14:49 . 2009-07-05 14:52 ——– d—–w- c:\users\Maatje\AppData\Local\temp
2009-07-05 14:24 . 2009-07-05 14:24 ——– d—–w- c:\program files\ExplorerView
2009-07-03 15:39 . 2009-07-04 16:39 ——– d—–w- c:\program files\Panda Security
2009-07-03 14:51 . 2009-07-03 14:51 ——– d—–w- c:\program files\Trend Micro
2009-07-02 19:08 . 2009-07-04 12:18 ——– d—–w- c:\programdata\Lavasoft
2009-07-02 19:08 . 2009-07-04 12:18 ——– d—–w- c:\program files\Lavasoft
2009-07-02 18:40 . 2009-07-04 16:40 ——– d—–w- c:\program files\Spybot - Search & Destroy
2009-07-02 18:40 . 2009-07-04 16:40 ——– d—–w- c:\programdata\Spybot - Search & Destroy
2009-07-02 07:05 . 2009-07-02 07:05 2118144 —-a-w- c:\users\Maatje\AppData\Local\cooliris-win-ie-release-1.11.0.26762.en-US.msi
2009-07-02 07:03 . 2009-07-02 07:12 ——– d—–w- c:\windows\BDOSCAN8
2009-07-02 06:39 . 2009-07-02 06:39 ——– d—–w- c:\users\Maatje\AppData\Roaming\Malwarebytes
2009-07-02 06:39 . 2009-07-02 06:39 ——– d—–w- c:\programdata\Malwarebytes
2009-07-02 06:20 . 2009-07-02 06:20 602112 —-a-w- c:\users\Maatje\AppData\Roaming\Thinstall\PTGui Pro 8.2.1\400000c100002i\PicasaUpdater.exe
2009-07-02 06:19 . 2009-07-02 06:19 602112 —-a-w- c:\users\Maatje\AppData\Roaming\Thinstall\PTGui Pro 8.2.1\4000003d100002i\PicasaPhotoViewer.exe
2009-07-02 06:17 . 2009-07-01 12:18 327688 —-a-w- c:\programdata\avg8\update\backup\avgldx86.sys
2009-07-02 06:17 . 2009-07-02 06:17 602112 —-a-w- c:\users\Maatje\AppData\Roaming\Thinstall\PTGui Pro 8.2.1\4000008000002i\Splash Screen.exe
2009-07-02 06:17 . 2009-07-02 06:17 ——– d—–w- c:\users\Maatje\AppData\Local\Thinstall
2009-07-02 06:17 . 2009-07-01 12:18 829208 —-a-w- c:\programdata\avg8\update\backup\avgcfgx.dll
2009-07-02 06:16 . 2009-07-01 12:17 1085208 —-a-w- c:\programdata\avg8\update\backup\avgupd.exe
2009-07-02 06:16 . 2009-07-01 12:17 1454360 —-a-w- c:\programdata\avg8\update\backup\avgupd.dll
2009-07-02 05:58 . 2009-07-02 05:58 ——– d—–w- c:\program files\Smoky City Design
2009-06-14 10:24 . 2009-04-30 12:37 293376 —-a-w- c:\windows\system32\psisdecd.dll
2009-06-14 10:24 . 2009-04-30 12:37 428544 —-a-w- c:\windows\system32\EncDec.dll
2009-06-07 13:48 . 2009-06-07 13:48 ——– d—–w- c:\program files\GarTrax
2009-06-07 09:10 . 2009-06-07 20:21 ——– d—–w- C:\OziExplorer
2009-06-07 08:40 . 2009-06-07 08:40 456304 —-a-w- c:\programdata\Google\Google Toolbar\Update\gtbE08.tmp.exe
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-05 14:51 . 2009-02-21 18:26 42654 —-a-w- c:\programdata\nvModes.dat
2009-07-05 14:51 . 2009-02-24 18:14 ——– d—–w- c:\programdata\VMware
2009-07-05 14:49 . 2009-03-14 11:42 12 —-a-w- c:\windows\bthservsdp.dat
2009-07-05 10:39 . 2008-07-07 10:06 670036 —-a-w- c:\windows\system32\perfh013.dat
2009-07-05 10:39 . 2008-07-07 10:06 128064 —-a-w- c:\windows\system32\perfc013.dat
2009-07-03 14:22 . 2009-02-21 20:17 ——– d—–w- c:\programdata\avg8
2009-07-02 06:17 . 2009-03-08 15:36 ——– d—–w- c:\users\Maatje\AppData\Roaming\Thinstall
2009-07-02 06:16 . 2009-02-21 20:18 335752 —-a-w- c:\windows\system32\drivers\avgldx86.sys
2009-07-01 18:05 . 2009-02-22 10:09 ——– d—–w- c:\program files\Google
2009-07-01 12:18 . 2009-02-21 20:18 11952 —-a-w- c:\windows\system32\avgrsstx.dll
2009-07-01 12:18 . 2009-02-21 20:18 27784 —-a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-06-08 17:22 . 2009-04-02 18:20 ——– d—–w- c:\users\Maatje\AppData\Roaming\FileZilla
2009-06-08 17:20 . 2009-04-02 18:20 ——– d—–w- c:\program files\FileZilla FTP Client
2009-05-27 07:21 . 2009-05-27 07:21 ——– d—–w- c:\program files\Aerofoil
2009-05-27 07:15 . 2009-05-27 07:14 ——– d—–w- c:\users\Maatje\AppData\Roaming\BatteryBar
2009-05-27 07:14 . 2009-05-27 07:14 ——– d—–w- c:\program files\BatteryBar
2009-05-15 20:09 . 2009-05-15 20:09 ——– d—–w- c:\users\Maatje\AppData\Roaming\Nero
2009-05-15 18:53 . 2009-05-15 18:52 ——– d—–w- c:\program files\TLKGAMES
2009-05-13 18:30 . 2006-11-02 11:18 ——– d—–w- c:\program files\Windows Mail
2009-05-13 06:18 . 2009-05-13 06:18 ——– d—–w- c:\program files\mp3DirectCut
2009-05-09 05:50 . 2009-06-12 07:08 915456 —-a-w- c:\windows\system32\wininet.dll
2009-05-09 05:34 . 2009-06-12 07:08 71680 —-a-w- c:\windows\system32\iesetup.dll
2009-05-03 06:56 . 2009-02-21 20:18 108552 —-a-w- c:\windows\system32\drivers\avgtdix.sys
2009-05-01 18:38 . 2009-05-01 18:38 767480 —-a-w- c:\users\Maatje\AppData\Roaming\Thinstall\PTGui Pro 8.2.1\%ProgramFilesDir%\Google\Picasa3\PicasaUpdater.exe
2009-05-01 18:30 . 2009-05-01 18:30 3366912 —-a-w- c:\windows\system32\GPhotos.scr
2009-04-23 12:43 . 2009-06-12 07:08 784896 —-a-w- c:\windows\system32\rpcrt4.dll
2009-04-23 12:42 . 2009-06-12 07:08 636928 —-a-w- c:\windows\system32\localspl.dll
2009-04-21 11:55 . 2009-06-12 07:08 2033152 —-a-w- c:\windows\system32\win32k.sys
2009-03-08 12:09 . 2009-03-08 12:09 22 –sha-w- c:\windows\SMINST\HPCD.sys
2008-07-07 10:08 . 2008-07-07 10:08 8192 –sha-w- c:\windows\Users\Default\NTUSER.DAT
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
“FTD Watchdog Monitor”=“c:\program files\FTD Watchdog\FtdMonitor.exe”
“Sidebar”=“c:\program files\Windows Sidebar\sidebar.exe”
“swg”=“c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe”
“Windows Mobile Device Center”=“c:\windows\WindowsMobile\wmdc.exe”
“SynTPEnh”=“c:\program files\Synaptics\SynTP\SynTPEnh.exe”
“NvMediaCenter”=“c:\windows\system32\NvMcTray.dll”
“NvCplDaemon”=“c:\windows\system32\NvCpl.dll”
“AVG8_TRAY”=“c:\progra~1\AVG\AVG8\avgtray.exe”
c:\users\Maatje\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Windows Live Mail.lnk - c:\program files\Windows Live\Mail\wlmail.exe
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Aerofoil.lnk - c:\program files\Aerofoil\Aerofoil.exe
“ConsentPromptBehaviorAdmin”= 0 (0x0)
“EnableUIADesktopToggle”= 0 (0x0)
“AppInit_DLLs”=c:\windows\System32\avgrsstx.dll
@=“Driver”
@=“Service”
“Adobe Reader Speed Launcher”=“c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe”
“QuickTime Task”=“c:\program files\QuickTime\QTTask.exe” -atboottime
“SunJavaUpdateSched”=“c:\program files\Java\jre1.6.0_05\bin\jusched.exe”
“VMware hqtray”=“c:\program files\VMware\VMware Player\hqtray.exe”
“DisableMonitoring”=dword:00000001
“DisableMonitoring”=dword:00000001
“DisableMonitoring”=dword:00000001
“{6733A3D4-50C7-4750-BAC9-B26CD3322292}”= c:\program files\HP\QuickPlay\QP.exe:Quick Play
“{32AC8CC7-3D3B-4A3D-8A26-B6F66F946A42}”= c:\program files\HP\QuickPlay\QPService.exe:Quick Play Resident Program
“{7A98DD8F-ED72-4A8A-9ECD-FF0E59C2BB9D}”= c:\program files\Cyberlink\PowerDirector\PDR.EXE:CyberLink PowerDirector
“{A868DEBE-5A1E-44E4-A9FF-E765F2B70E3D}”= UDP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader
“{C1E539A2-56F8-4CD5-A146-73ACD55BBBB9}”= TCP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader
“{7C6CB097-E992-45E3-80BF-F10E1FD577EC}”= c:\program files\AVG\AVG8\avgemc.exe:avgemc.exe
“{4FD9A039-DB25-45E8-810B-960A71800A0C}”= c:\program files\AVG\AVG8\avgupd.exe:avgupd.exe
“{3EF0BC4A-DCCF-47D0-B98E-A1EA66E50A9D}”= c:\program files\AVG\AVG8\avgnsx.exe:avgnsx.exe
“{6B42923E-196B-43BE-922F-0717D0821E35}”= UDP:c:\program files\VMware\VMware Player\vmware-authd.exe:VMware Authd
“{5820238D-026D-4816-A012-C2D9CA96ED19}”= TCP:c:\program files\VMware\VMware Player\vmware-authd.exe:VMware Authd
“TCP Query User{F2D4EB2E-2DB1-4CBC-91DF-8206EC7143CF}c:\\program files\\sopcast\\sopcast.exe”= UDP:c:\program files\sopcast\sopcast.exe:SopCast Main Application
“UDP Query User{764F8288-4D59-42DD-AA52-0D8D3EF8649A}c:\\program files\\sopcast\\sopcast.exe”= TCP:c:\program files\sopcast\sopcast.exe:SopCast Main Application
“TCP Query User{4810D587-E803-4379-9F8C-EA049AD79970}c:\\program files\\sopcast\\adv\\sopadver.exe”= UDP:c:\program files\sopcast\adv\sopadver.exe:SopCast Adver
“UDP Query User{BC6FB71F-447A-4712-A00C-B2FD9A97CDBA}c:\\program files\\sopcast\\adv\\sopadver.exe”= TCP:c:\program files\sopcast\adv\sopadver.exe:SopCast Adver
“{56152D52-040A-4A9B-BE95-FDD8FB19DF7C}”= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
“{7E81D2F6-4EA4-4A79-9ECD-D28AB44A333E}”= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
“{9D9746C2-4413-4A97-9DB2-352C03C27E81}”= UDP:c:\program files\iTunes\iTunes.exe:iTunes
“{C2ABB5F1-62C7-4A04-9118-91DF04B2EE98}”= TCP:c:\program files\iTunes\iTunes.exe:iTunes
“TCP Query User{74D022AF-7B03-4512-A18A-6B9BAB1B5DE7}c:\\users\\maatje\\desktop\\player.exe”= UDP:c:\users\maatje\desktop\player.exe:player.exe
“UDP Query User{5E56C2C4-72EC-4AC7-BBC1-766CC01970CF}c:\\users\\maatje\\desktop\\player.exe”= TCP:c:\users\maatje\desktop\player.exe:player.exe
“TCP Query User{3B390E6B-7232-4ED1-B9E6-50CCD40EE334}c:\\users\\maatje\\desktop\\gremoteserver.exe”= UDP:c:\users\maatje\desktop\gremoteserver.exe:gremoteserver.exe
“UDP Query User{093519A5-BAE6-4DBD-8423-2608AE3A43B5}c:\\users\\maatje\\desktop\\gremoteserver.exe”= TCP:c:\users\maatje\desktop\gremoteserver.exe:gremoteserver.exe
“TCP Query User{DABAFECC-6AC5-4882-B820-ED74DDC9F1D0}c:\\users\\maatje\\desktop\\my mobile\\mymobiler\\mymobiler.exe”= UDP:c:\users\maatje\desktop\my mobile\mymobiler\mymobiler.exe:mymobiler.exe
“UDP Query User{D1E409FA-1608-4B80-879C-8CE22AD4D421}c:\\users\\maatje\\desktop\\my mobile\\mymobiler\\mymobiler.exe”= TCP:c:\users\maatje\desktop\my mobile\mymobiler\mymobiler.exe:mymobiler.exe
“{2CA97709-2309-4C89-9F40-24C922A512EB}”= TCP:5656:GRemoteServer
“{575EF096-9484-40B5-A9D4-6D62CFD7039C}”= UDP:c:\program files\Ubisoft\Demo\Tom Clancy's H.A.W.X\HAWX.exe:Tom Clancy's H.A.W.X
“{F6F2F56F-777D-4332-91D1-68CB719326CE}”= TCP:c:\program files\Ubisoft\Demo\Tom Clancy's H.A.W.X\HAWX.exe:Tom Clancy's H.A.W.X
“{5376D3F7-2646-46D6-A819-08AA8BF3AE7B}”= UDP:c:\program files\Ubisoft\Demo\Tom Clancy's H.A.W.X\HAWX_dx10.exe:Tom Clancy's H.A.W.X
“{CEEA0EED-2E52-4F6A-B09E-13CC4500AF23}”= TCP:c:\program files\Ubisoft\Demo\Tom Clancy's H.A.W.X\HAWX_dx10.exe:Tom Clancy's H.A.W.X
“TCP Query User{AEC2899E-E90C-4F36-B9F9-0547D27FD791}c:\\program files\\mozilla firefox\\firefox.exe”= UDP:c:\program files\mozilla firefox\firefox.exe:Firefox
“UDP Query User{888DF8D9-F063-4BC2-97EC-E30FAEE348D5}c:\\program files\\mozilla firefox\\firefox.exe”= TCP:c:\program files\mozilla firefox\firefox.exe:Firefox
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\drivers\avgldx86.sys
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\System32\drivers\avgtdix.sys
R2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_030ac640\AEstSrv.exe
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe
R2 ezSharedSvc;Easybits Shared Services for Windows;c:\windows\system32\svchost.exe -k netsvcs
R2 hpsrv;HP Service;c:\windows\System32\hpservice.exe
R2 Recovery Service for Windows;Recovery Service for Windows;c:\windows\SMINST\BLService.exe
R2 vmci;VMware vmci;c:\windows\System32\drivers\vmci.sys
R3 enecir;ENE CIR Receiver;c:\windows\System32\drivers\enecir.sys
R3 JMCR;JMCR;c:\windows\System32\drivers\jmcr.sys
R3 NETw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\System32\drivers\NETw5v32.sys
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\System32\drivers\nvhda32v.sys
S2 gupdate1c9bd3a575faa90;Google Update Service (gupdate1c9bd3a575faa90);c:\program files\Google\Update\GoogleUpdate.exe
S3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
bthsvcs REG_MULTI_SZ BthServ
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
ezSharedSvc
“c:\windows\System32\rundll32.exe” “c:\windows\System32\iedkcs32.dll”,BrandIEActiveSetup SIGNUP
“c:\program files\Common Files\LightScribe\LSRunOnce.exe”
.
Inhoud van de ‘Gedeelde Taken’ map
2009-07-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe
2009-07-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe
.
.
——- Bijkomende Scan ——-
.
uStart Page = hxxp://www.nu.nl/
uDefault_Search_URL = hxxp://www.google.com/ie
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=nl_nl&c=83&bd=Pavilion&pf=cnnb
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
LSP: c:\program files\VMware\VMware Player\vsocklib.dll
DPF: {EAC139A9-D22D-4C29-8D1C-252BE63750F9} - hxxp://www.cooliris.com/shared/plinstll.cab
FF - ProfilePath - c:\users\Maatje\AppData\Roaming\Mozilla\Firefox\Profiles\g1fsin17.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.nu.nl/
FF - component: c:\program files\Google\Google Gears\Firefox\components\gears.dll
FF - plugin: c:\program files\Google\Google Earth Plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Google\Update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-05 16:52
Windows 6.0.6001 Service Pack 1 NTFS
scannen van verborgen processen …
scannen van verborgen autostart items …
scannen van verborgen bestanden …
Scan succesvol afgerond
verborgen bestanden: 0
**************************************************************************
.
——————— VERGRENDELDE REGISTER SLEUTELS ———————
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
“BlindDial”=dword:00000000
.
——————— DLLs Geladen Onder Lopende Processen ———————
- - - - - - - > ‘Explorer.exe’(5428)
c:\windows\system32\NetworkExplorer.dll
c:\program files\Bonjour\mdnsNSP.dll
c:\windows\System32\netshell.dll
.
———————— Andere Aktieve Processen ————————
.
c:\windows\System32\nvvsvc.exe
c:\windows\System32\DriverStore\FileRepository\stwrt.inf_a7e996cd\stacsv.exe
c:\windows\System32\audiodg.exe
c:\windows\System32\rundll32.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
c:\program files\HP\QuickPlay\Kernel\TV\QPSched.exe
c:\progra~1\AVG\AVG8\avgrsx.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
c:\program files\CyberLink\Shared Files\RichVideo.exe
c:\windows\System32\vmnat.exe
c:\program files\VMware\VMware Player\vmware-authd.exe
c:\program files\AVG\AVG8\avgcsrvx.exe
c:\windows\System32\vmnetdhcp.exe
c:\windows\servicing\TrustedInstaller.exe
c:\windows\System32\rundll32.exe
c:\program files\AVG\AVG8\avgtray.exe
c:\program files\Windows Media Player\wmpnscfg.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\System32\wbem\unsecapp.exe
c:\program files\Hewlett-Packard\HP Health Check\HPHC_Service.exe
c:\program files\Synaptics\SynTP\SynTPHelper.exe
.
**************************************************************************
.
Voltooingstijd: 2009-07-05 16:57 - machine werd herstart
ComboFix-quarantined-files.txt 2009-07-05 14:56
Pre-Run: 210.136.928.256 bytes beschikbaar
Post-Run: 209.993.449.472 bytes beschikbaar
264 — E O F — 2009-07-03 13:49
maatje

05-07-2009 18:00

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:58:23, on 5-7-2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\FTD Watchdog\FtdMonitor.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Aerofoil\Aerofoil.exe
C:\Program Files\Windows Live\Mail\wlmail.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Maatje\Desktop\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.nu.nl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=nl_nl&c=83&bd=Pavilion&pf=cnnb
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: Google Gears Helper - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.23.0\gears.dll
O2 - BHO: Cooliris Plug-In for Internet Explorer - {EAEE5C74-6D0D-4aca-9232-0DA4A7B866BA} - C:\Program Files\PicLensIE\cooliris.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: %windir%\WindowsMobile\wmdc.exe
O4 - HKLM\..\Run: C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: “C:\Program Files\HP\QuickPlay\QPService.exe”
O4 - HKLM\..\Run: C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKCU\..\Run: “C:\Program Files\FTD Watchdog\FtdMonitor.exe”
O4 - HKCU\..\Run: C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - Startup: Windows Live Mail.lnk = C:\Program Files\Windows Live\Mail\wlmail.exe
O4 - Global Startup: Aerofoil.lnk = C:\Program Files\Aerofoil\Aerofoil.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.23.0\gears.dll
O9 - Extra ‘Tools’ menuitem: &Instellingen voor Gears - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.23.0\gears.dll
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra ‘Tools’ menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: Launch Cooliris - {3437D640-C91A-458f-89F5-B9095EA4C28B} - C:\Program Files\PicLensIE\cooliris.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra ‘Tools’ menuitem: Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\program files\vmware\vmware player\vsocklib.dll
O10 - Unknown file in Winsock LSP: c:\program files\vmware\vmware player\vsocklib.dll
O13 - Gopher Prefix:
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} (GMNRev Class) - http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://www.fctwente.nl/twenteradio/AxisCamControl.cab
O16 - DPF: {EAC139A9-D22D-4C29-8D1C-252BE63750F9} - http://www.cooliris.com/shared/plinstll.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O20 - AppInit_DLLs: C:\WINDOWS\System32\avgrsstx.dll
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_030ac640\aestsrv.exe
O23 - Service: Mobiel Apple apparaat (Apple Mobile Device) - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe
O23 - Service: Google Update Service (gupdate1c9bd3a575faa90) (gupdate1c9bd3a575faa90) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: HP Service (hpsrv) - Hewlett-Packard Corporation - C:\Windows\system32\Hpservice.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: QuickPlay Background Capture Service (QBCS) (QPCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
O23 - Service: QuickPlay Task Scheduler (QTS) (QPSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe
O23 - Service: Recovery Service for Windows - Unknown owner - C:\Windows\SMINST\BLService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_a7e996cd\STacSV.exe
O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software GmbH - C:\Windows\System32\TuneUpDefragService.exe
O23 - Service: VMware Agent Service (ufad-ws60) - VMware, Inc. - C:\Program Files\VMware\VMware Player\vmware-ufad.exe
O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Program Files\VMware\VMware Player\vmware-authd.exe
O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\Windows\system32\vmnetdhcp.exe
O23 - Service: VMware NAT Service - VMware, Inc. - C:\Windows\system32\vmnat.exe
–
End of file - 11121 bytes
Simon

18-07-2009 01:14

Download gewoon Trojan Remover!!!
type in google: Trojan Remover en je krijgt vanzelf de trailversie die gelijk na het instaleren het virus detect en verwijderd.

Trojan BackDoor.Generic11.ZNE

maatje

Jos H

maatje

maatje

Piet

maatje

maatje

Simon