Ga naar inhoud

[OPGELOST] Spyware

Samuel_Belgium
 Delen

Aanbevolen berichten

Samuel_Belgium Bijdrager

Samuel_Belgium

Geplaatst:
Geplaatst:

Nu dat ik net dacht dat ik verlost was van spyware, heb ik het weer zitten. Hier enkele screenshots.

foutrv9.jpg

fout2aj0.jpg

fout4un1.jpg

Hier de hijackthis log:

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 22:17:27, on 29/11/2008

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\a-squared Free\a2service.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\WINDOWS\ATKKBService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\WINDOWS\system32\CTsvcCDA.exe

C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe

C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe

C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Program Files\Spyware Terminator\sp_rsser.exe

C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe

C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe

C:\WINDOWS\system32\uesiuqcr.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\wscntfy.exe

C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe

C:\Program Files\Analog Devices\Core\smax4pnp.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Program Files\ASUS\WLAN Card Utilities\Center.exe

C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

C:\Program Files\Windows Live\Family Safety\fssui.exe

C:\Program Files\Winamp\winampa.exe

C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe

C:\Program Files\Unlocker\UnlockerAssistant.exe

C:\Program Files\Ad Muncher\AdMunch.exe

C:\WINDOWS\system32\lphcehkj0eeap.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Nokia\Nokia PC Suite 7\PCSync2.exe

C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe

C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe

C:\Program Files\DAEMON Tools Lite\daemon.exe

C:\Program Files\Eraser\Eraser.exe

C:\Program Files\Advanced System Optimizer\wallpaper.exe

C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe

C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe

C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe

C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe

C:\Program Files\PC Connectivity Solution\Transports\NclToBTSrv.exe

C:\Program Files\Common Files\Nokia\MPAPI\MPAPI3s.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

C:\WINDOWS\system32\wuauclt.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen

F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\uesiuqcr.exe,

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O2 - BHO: getfn32.msiets - {80173D25-82E3-43FF-BED9-2593ACD63284} - C:\WINDOWS\system32\getfn32.dll

O2 - BHO: D - {E71F5184-35A9-3C29-99D1-B72C4506A596} - C:\WINDOWS\system32\mws77814.dll

O4 - HKLM\..\Run: [nTrayFw] C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe

O4 - HKLM\..\Run: [soundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [Control Center] C:\Program Files\ASUS\WLAN Card Utilities\Center.exe

O4 - HKLM\..\Run: [GrooveMonitor] C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

O4 - HKLM\..\Run: [fssui] "C:\Program Files\Windows Live\Family Safety\fssui.exe" -autorun

O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe

O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe

O4 - HKLM\..\Run: [unlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"

O4 - HKLM\..\Run: [Ad Muncher] "C:\Program Files\Ad Muncher\AdMunch.exe" /bt

O4 - HKLM\..\Run: [lphcehkj0eeap] C:\WINDOWS\system32\lphcehkj0eeap.exe

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSync2.exe" /NoDialog

O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray

O4 - HKCU\..\Run: [CTSyncU.exe] C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe

O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun

O4 - HKCU\..\Run: [Eraser] C:\Program Files\Eraser\Eraser.exe -hide

O4 - HKCU\..\Run: [systweak Wallpaper Changer] C:\Program Files\Advanced System Optimizer\wallpaper.exe -minimize

O4 - HKCU\..\Run: [AdobeUpdater] "C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe"

O4 - HKCU\..\Run: [startup Manager] "C:\Program Files\Advanced System Optimizer\startUp manager.exe"

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Startup: OneNote 2007 Schermopname en Snel starten.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE

O4 - Global Startup: Bluetooth Manager.lnk = C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng1.exe

O8 - Extra context menu item: Block frame with Ad Muncher - Ad Muncher

O8 - Extra context menu item: Block image with Ad Muncher - Ad Muncher

O8 - Extra context menu item: Block link with Ad Muncher - Ad Muncher

O8 - Extra context menu item: Don't filter page with Ad Muncher - Ad Muncher

O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: Report page to the Ad Muncher developers - Ad Muncher

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1220188919921

O16 - DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} (Creative Software AutoUpdate) - http://www.creative.com/softwareupdate/su/ocx/15101/CTSUEng.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1220203462546

O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/softwareupdate/su/ocx/15106/CTPID.cab

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll

O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe

O23 - Service: Mobiel Apple apparaat (Apple Mobile Device) - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe

O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe

O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe

O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe

O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe

O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe

O23 - Service: wampapache - Apache Software Foundation - c:\wamp\bin\apache\apache2.2.8\bin\httpd.exe

O23 - Service: wampmysqld - Unknown owner - c:\wamp\bin\mysql\mysql5.0.51b\bin\mysqld-nt.exe

--

End of file - 12325 bytes

Link naar reactie
Delen op andere sites
kape Grootmeester

kape

Geplaatst:
Geplaatst:

Start Hijackthis op en kies voor 'Do a system scan only'. Selecteer alleen de items hieronder genoemd:

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

F2 - REGystem.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\uesiuqcr.exe,

O2 - BHO: getfn32.msiets - {80173D25-82E3-43FF-BED9-2593ACD63284} - C:\WINDOWS\system32\getfn32.dll

O2 - BHO: D - {E71F5184-35A9-3C29-99D1-B72C4506A596} - C:\WINDOWS\system32\mws77814.dll

O4 - HKLM\..\Run: [lphcehkj0eeap] C:\WINDOWS\system32\lphcehkj0eeap.exe

Klik op 'Fix checked' om de items te verwijderen.

Download Combofix naar je Bureaublad.

OPMERKING: indien je, tijdens of na het downloaden van Combofix of tijdens het gebruik van Combofix een melding krijgt van je Antivirus- of een andere realtime scanner, schakel dan deze scanner uit en download Combofix opnieuw.

Sommige scanners zien bepaalde componenten die Combofix gebruikt als verdacht en gaan deze blokkeren of verwijderen!

  • Dubbelklik op Combofix.exe om het te starten.
    Indien je Combofix al eerder hebt gebruikt, kan je een waarschuwing krijgen dat een update beschikbaar is. Sta toe dat ComboFix wordt geupdate.
    Volg de instructies, aanvaard de disclaimer door op Ja te klikken.
    Indien de Recovery Console niet geïnstalleerd is, wordt je gevraagd om dit alsnog te doen door op JA te klikken in het "Query - Recovery Console" venster.
    Klik op OK en Ja om automatisch de Recovery Console te laten installeren.
    Klik na afloop terug op Ja om het scannen op malware te starten.
    Tijdens het runnen van de fix, NIET in het venster klikken, want dit zal je pc doen vasthangen.

Wanneer de fix voltooid is en na herstart, zal de log Combofix.txt openen.

Post dit logje in je volgende antwoord, samen met een nieuw HijackThis log.

Link naar reactie
Delen op andere sites
Samuel_Belgium Bijdrager

Samuel_Belgium

Geplaatst:
  • Auteur
Geplaatst:

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 21:51:53, on 30/11/2008

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\a-squared Free\a2service.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\WINDOWS\ATKKBService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\WINDOWS\system32\CTsvcCDA.exe

C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe

C:\Program Files\Windows Live\Family Safety\fsssvc.exe

C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe

C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Program Files\Spyware Doctor\pctsAuxs.exe

C:\Program Files\Spyware Doctor\pctsSvc.exe

C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe

C:\Program Files\Spyware Terminator\sp_rsser.exe

C:\WINDOWS\system32\wdfmgr.exe

C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe

C:\WINDOWS\System32\alg.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe

C:\Program Files\Analog Devices\Core\smax4pnp.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Program Files\ASUS\WLAN Card Utilities\Center.exe

C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

C:\Program Files\Windows Live\Family Safety\fssui.exe

C:\Program Files\Winamp\winampa.exe

C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Unlocker\UnlockerAssistant.exe

C:\Program Files\Ad Muncher\AdMunch.exe

C:\Program Files\Spyware Doctor\pctsTray.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Nokia\Nokia PC Suite 7\PCSync2.exe

C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe

C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe

C:\Program Files\DAEMON Tools Lite\daemon.exe

C:\Program Files\Eraser\Eraser.exe

C:\Program Files\Advanced System Optimizer\wallpaper.exe

C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe

C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe

C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe

C:\Program Files\PC Connectivity Solution\Transports\NclToBTSrv.exe

C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe

C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe

C:\Program Files\Common Files\Nokia\MPAPI\MPAPI3s.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Windows Live\Messenger\usnsvc.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

C:\WINDOWS\system32\NOTEPAD.EXE

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O4 - HKLM\..\Run: [nTrayFw] C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe

O4 - HKLM\..\Run: [soundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [Control Center] C:\Program Files\ASUS\WLAN Card Utilities\Center.exe

O4 - HKLM\..\Run: [GrooveMonitor] C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

O4 - HKLM\..\Run: [fssui] "C:\Program Files\Windows Live\Family Safety\fssui.exe" -autorun

O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe

O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe

O4 - HKLM\..\Run: [unlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"

O4 - HKLM\..\Run: [Ad Muncher] "C:\Program Files\Ad Muncher\AdMunch.exe" /bt

O4 - HKLM\..\Run: [iSTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSync2.exe" /NoDialog

O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray

O4 - HKCU\..\Run: [CTSyncU.exe] C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe

O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun

O4 - HKCU\..\Run: [Eraser] C:\Program Files\Eraser\Eraser.exe -hide

O4 - HKCU\..\Run: [systweak Wallpaper Changer] C:\Program Files\Advanced System Optimizer\wallpaper.exe -minimize

O4 - HKCU\..\Run: [AdobeUpdater] "C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe"

O4 - HKCU\..\Run: [startup Manager] "C:\Program Files\Advanced System Optimizer\startUp manager.exe"

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Startup: OneNote 2007 Schermopname en Snel starten.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE

O4 - Global Startup: Bluetooth Manager.lnk = C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng1.exe

O8 - Extra context menu item: Block frame with Ad Muncher - Ad Muncher

O8 - Extra context menu item: Block image with Ad Muncher - Ad Muncher

O8 - Extra context menu item: Block link with Ad Muncher - Ad Muncher

O8 - Extra context menu item: Don't filter page with Ad Muncher - Ad Muncher

O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: Report page to the Ad Muncher developers - Ad Muncher

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1220188919921

O16 - DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} (Creative Software AutoUpdate) - http://www.creative.com/softwareupdate/su/ocx/15101/CTSUEng.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1220203462546

O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/softwareupdate/su/ocx/15106/CTPID.cab

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll

O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe

O23 - Service: Mobiel Apple apparaat (Apple Mobile Device) - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe

O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe

O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe

O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe

O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe

O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe

O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe

O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe

O23 - Service: wampapache - Apache Software Foundation - c:\wamp\bin\apache\apache2.2.8\bin\httpd.exe

O23 - Service: wampmysqld - Unknown owner - c:\wamp\bin\mysql\mysql5.0.51b\bin\mysqld-nt.exe

--

End of file - 12721 bytes

ComboFix 08-11-29.03 - Samuel 2008-11-30 14:30:49.4 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1043.18.485 [GMT 1:00]

Gestart vanuit: c:\documents and settings\Samuel\Mijn documenten\Spyware\CombosFix.exe

gebruikte Opdracht switches :: c:\documents and settings\Samuel\Mijn documenten\Spyware\CFScript.txt

* Nieuw herstelpunt werd aangemaakt

FILE ::

c:\windows\ashampoo_clipfisher_117_sm.exe

c:\windows\system32\comdlg32.OCX

c:\windows\system32\eaeabefeef7_d.ocx

c:\windows\system32\MSWINSCK.ocx

c:\windows\system32\mws77814.dll

c:\windows\system32\richtx32.OCX

c:\windows\system32\SBFC.dat

c:\windows\system32\SBRC.dat

c:\windows\system32\wertyu.dll

c:\windows\system32\ws77814.dll

.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\windows\ashampoo_clipfisher_117_sm.exe

c:\windows\system32\comdlg32.OCX

c:\windows\system32\eaeabefeef7_d.ocx

c:\windows\system32\MSWINSCK.ocx

c:\windows\system32\mws77814.dll

c:\windows\system32\richtx32.OCX

c:\windows\system32\SBFC.dat

c:\windows\system32\SBRC.dat

c:\windows\system32\wertyu.dll

c:\windows\system32\ws77814.dll

.

(((((((((((((((((((( Bestanden Gemaakt van 2008-10-28 to 2008-11-30 ))))))))))))))))))))))))))))))

.

2008-11-30 14:02 . 2008-11-30 14:11 <DIR> d-------- C:\SDFix

2008-11-30 13:24 . 2008-11-30 13:24 <DIR> d-------- c:\program files\JGoodies

2008-11-30 13:24 . 2008-11-30 13:24 <DIR> d-------- c:\documents and settings\Samuel\Application Data\JGoodies

2008-11-30 13:22 . 2008-11-30 13:23 <DIR> d-------- c:\program files\Disk Cleaner

2008-11-30 11:35 . 2008-11-30 11:35 <DIR> d-------- C:\VundoFix Backups

2008-11-30 11:23 . 2008-11-30 14:01 <DIR> d-------- c:\program files\Spyware Doctor

2008-11-30 11:23 . 2008-11-30 11:23 <DIR> d-------- c:\program files\Common Files\PC Tools

2008-11-30 11:23 . 2008-11-30 11:23 <DIR> d-------- c:\documents and settings\Samuel\Application Data\PC Tools

2008-11-30 11:23 . 2008-11-30 11:23 <DIR> d-------- c:\documents and settings\All Users\Application Data\PC Tools

2008-11-30 11:23 . 2008-07-28 12:29 160,792 --a------ c:\windows\system32\drivers\pctfw2.sys

2008-11-30 11:23 . 2008-08-25 12:36 81,288 --a------ c:\windows\system32\drivers\iksyssec.sys

2008-11-30 11:23 . 2008-08-25 12:36 66,952 --a------ c:\windows\system32\drivers\iksysflt.sys

2008-11-30 11:23 . 2008-08-25 12:36 40,840 --a------ c:\windows\system32\drivers\ikfilesec.sys

2008-11-30 11:23 . 2008-06-02 16:19 29,576 --a------ c:\windows\system32\drivers\kcom.sys

2008-11-29 21:43 . 2008-11-29 21:43 252 --a------ c:\windows\mgutil_reg.ini

2008-11-29 21:42 . 2008-11-29 21:42 <DIR> d-------- c:\program files\Mgutil

2008-11-29 21:42 . 2008-11-29 21:42 55 --a------ c:\windows\mgutil_win.ini

2008-11-29 19:45 . 2008-11-29 19:53 <DIR> d-------- C:\4DiskcleanG

2008-11-29 18:54 . 2008-11-29 19:45 341 --a------ c:\windows\mgreg.ini

2008-11-29 18:54 . 2008-11-29 19:45 30 --a------ c:\windows\mgwin.ini

2008-11-29 18:52 . 2008-11-29 19:45 <DIR> d-------- c:\program files\Mgtweak

2008-11-28 17:19 . 2008-11-28 17:19 <DIR> d-------- c:\program files\Common Files\Adobe AIR

2008-11-28 17:19 . 2008-11-28 17:19 <DIR> d-------- c:\program files\Adobe Media Player

2008-11-26 18:55 . 2008-11-26 18:56 <DIR> d-------- c:\program files\Exifer

2008-11-24 21:06 . 2008-11-24 21:06 <DIR> d-------- c:\program files\GrabIt

2008-11-24 17:45 . 2008-11-24 17:45 <DIR> d-------- c:\program files\Spybot - Search & Destroy

2008-11-24 17:45 . 2008-11-24 17:46 <DIR> d-------- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy

2008-11-23 21:19 . 2008-11-23 21:19 <DIR> d-------- c:\program files\UnH Solutions

2008-11-23 21:03 . 2008-11-30 14:26 <DIR> d-------- c:\documents and settings\Samuel\Application Data\SiteAdvisor

2008-11-23 21:03 . 2008-11-23 21:03 <DIR> d-------- c:\documents and settings\All Users\Application Data\SiteAdvisor

2008-11-23 21:03 . 2008-11-23 21:03 <DIR> d-------- c:\documents and settings\All Users\Application Data\McAfee

2008-11-23 21:02 . 2008-11-23 21:13 <DIR> d-------- c:\program files\RegistryFix7

2008-11-23 20:56 . 2008-11-23 20:58 <DIR> d-------- c:\program files\Mp3 My Mp3 2.0

2008-11-23 20:55 . 2008-11-23 20:55 <DIR> d-------- c:\program files\NCH Swift Sound

2008-11-23 20:55 . 2008-11-23 20:55 <DIR> d-------- c:\documents and settings\Samuel\Application Data\NCH Swift Sound

2008-11-23 20:55 . 2008-11-23 20:55 <DIR> d-------- c:\documents and settings\All Users\Application Data\NCH Swift Sound

2008-11-23 20:52 . 2008-11-24 16:58 <DIR> d-------- c:\program files\Ad Muncher

2008-11-23 20:48 . 2008-11-23 20:48 <DIR> d-------- c:\program files\Unlocker

2008-11-23 20:43 . 2008-11-27 18:51 <DIR> d-------- c:\program files\a-squared Free

2008-11-23 14:23 . 2008-11-23 14:23 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware

2008-11-23 14:23 . 2008-10-22 16:10 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys

2008-11-23 14:23 . 2008-10-22 16:10 15,504 --a------ c:\windows\system32\drivers\mbam.sys

2008-11-22 19:20 . 2008-11-22 19:20 <DIR> d-------- c:\program files\Lavasoft

2008-11-22 19:20 . 2008-11-23 21:16 <DIR> d-------- c:\documents and settings\All Users\Application Data\Lavasoft

2008-11-22 19:09 . 2008-11-22 19:10 <DIR> d-------- c:\program files\CleanUp!

2008-11-22 17:57 . 2008-11-27 19:11 <DIR> d-------- c:\program files\Enigma Software Group

2008-11-22 17:02 . 2008-11-22 17:02 <DIR> d-------- c:\program files\Common Files\Download Manager

2008-11-22 17:02 . 2008-11-22 17:02 1,152 --a------ c:\windows\system32\windrv.sys

2008-11-22 15:58 . 2008-11-22 15:58 <DIR> d-------- c:\program files\ClamWinPortable

2008-11-21 21:27 . 2008-11-22 17:37 <DIR> d-------- C:\!KillBox

2008-11-21 21:22 . 2008-11-30 14:16 <DIR> d-------- c:\windows\system32\CatRoot2

2008-11-21 18:48 . 2008-11-21 18:48 <DIR> d-------- c:\program files\Trend Micro

2008-11-21 17:34 . 2008-11-21 17:34 <DIR> d-------- c:\windows\ERUNT

2008-11-20 22:21 . 2008-11-21 16:44 <DIR> d-------- c:\program files\Spyware Terminator

2008-11-20 22:21 . 2008-11-21 21:30 <DIR> d-------- c:\documents and settings\Samuel\Application Data\Spyware Terminator

2008-11-20 22:21 . 2008-11-21 21:32 <DIR> d-------- c:\documents and settings\All Users\Application Data\Spyware Terminator

2008-11-20 22:21 . 2008-11-20 22:21 141,312 --a------ c:\windows\system32\drivers\sp_rsdrv2.sys

2008-11-20 21:05 . 2008-11-20 21:05 <DIR> d-------- c:\documents and settings\Samuel\Application Data\Sunbelt Software

2008-11-15 21:48 . 2008-11-30 14:28 <DIR> dr-h----- c:\documents and settings\Samuel\Onlangs geopend

2008-11-15 14:16 . 2008-11-15 19:08 <DIR> d-------- c:\program files\Album Cover Art Downloader

2008-11-15 14:16 . 2008-11-15 14:37 <DIR> d-------- c:\documents and settings\Samuel\Application Data\albumart

2008-11-14 19:57 . 2008-11-14 19:57 <DIR> d-------- c:\program files\CopyRightLeft

2008-11-12 14:21 . 2008-11-12 16:08 <DIR> d-------- c:\program files\IObit

2008-11-11 18:38 . 2008-11-11 18:38 <DIR> d-------- c:\program files\Mp3tag

2008-11-11 18:38 . 2008-11-29 19:25 <DIR> d-------- c:\documents and settings\Samuel\Application Data\Mp3tag

2008-11-11 15:42 . 2008-11-15 15:36 <DIR> d-------- c:\program files\MP3Gain

2008-11-11 14:28 . 2008-11-11 14:28 <DIR> d-------- c:\program files\Google

2008-11-11 14:26 . 2008-11-11 14:26 <DIR> d-------- c:\windows\system32\URTTemp

2008-11-10 21:52 . 2008-11-10 21:58 <DIR> d-------- c:\documents and settings\Samuel\Application Data\gtk-2.0

2008-11-10 21:52 . 2008-11-10 21:52 <DIR> d-------- c:\documents and settings\Samuel\.thumbnails

2008-11-10 21:15 . 2008-11-10 21:15 <DIR> d-------- c:\program files\DivX

2008-11-10 16:06 . 2008-11-11 11:46 <DIR> d-------- c:\program files\TagRename

2008-11-09 20:05 . 2008-11-11 12:07 <DIR> d-------- c:\documents and settings\Samuel\.gimp-2.6

2008-11-09 20:05 . 2008-11-09 20:05 <DIR> d-------- c:\documents and settings\Samuel\.gegl-0.0

2008-11-09 20:03 . 2008-11-09 20:03 <DIR> d-------- c:\program files\Gimp-2.0

2008-11-09 19:13 . 2008-11-09 19:13 <DIR> d-------- c:\program files\Symantec

2008-11-09 16:54 . 2008-11-09 16:54 <DIR> d-------- c:\program files\Nattyware

2008-11-08 15:09 . 2008-11-08 15:15 <DIR> d-------- c:\documents and settings\Samuel\Application Data\PowerChallenge

2008-11-03 19:03 . 2008-11-09 21:42 <DIR> d-------- c:\program files\CoreFTP

2008-11-03 19:03 . 2008-11-25 19:48 <DIR> d-------- c:\documents and settings\Samuel\Application Data\CoreFTP

2008-11-01 14:58 . 2008-11-01 15:02 <DIR> d-------- c:\windows\system32\Adobe

2008-10-28 19:15 . 2008-10-28 19:15 <DIR> d-------- c:\documents and settings\Samuel\Application Data\JGsoft

2008-10-18 15:16 . 2008-10-18 15:17 <DIR> d-------- C:\wamp

2008-10-17 19:20 . 2008-10-17 19:20 <DIR> d-------- c:\documents and settings\Samuel\Application Data\SmartFTP

2008-10-17 19:01 . 2008-10-19 15:20 <DIR> d-------- c:\documents and settings\Samuel\Application Data\FileZilla

2008-10-14 16:32 . 2008-11-09 21:42 <DIR> d-------- c:\program files\Eraser

2008-10-14 16:32 . 2008-10-14 16:32 <DIR> d--h----- c:\documents and settings\All Users\Application Data\{A25FEDC1-F6D7-440C-BCE2-B71F595F6646}

2008-10-11 18:48 . 2008-10-11 18:48 <DIR> d--h----- c:\windows\PIF

2008-10-10 17:53 . 2008-11-08 16:03 <DIR> d-------- c:\program files\MessengerDiscovery

2008-10-09 16:26 . 2008-10-09 16:29 <DIR> d-------- c:\program files\RegSupreme Pro

2008-10-06 12:55 . 2008-10-06 12:55 <DIR> d-------- c:\program files\Microsoft Silverlight

2008-10-06 12:47 . 2008-10-06 12:47 <DIR> d-------- c:\program files\DAEMON Tools Toolbar

2008-10-06 12:46 . 2008-10-07 15:17 <DIR> d-------- c:\program files\DAEMON Tools Lite

2008-10-06 12:45 . 2008-10-06 12:45 <DIR> d-------- c:\documents and settings\Samuel\Application Data\DAEMON Tools

2008-10-06 12:45 . 2008-10-06 12:45 717,296 --a------ c:\windows\system32\drivers\sptd.sys

2008-10-04 20:12 . 2008-10-04 20:12 2,289,152 --a------ c:\windows\system32\TUKernel.exe

2008-10-04 19:46 . 2008-10-04 19:46 <DIR> d-------- c:\program files\TuneUp Utilities 2008

2008-10-04 19:46 . 2008-11-23 21:16 <DIR> d-------- c:\program files\Common Files\Wise Installation Wizard

2008-10-04 19:46 . 2008-10-04 19:46 <DIR> d-------- c:\documents and settings\Samuel\Application Data\TuneUp Software

2008-10-04 19:46 . 2008-10-04 19:46 <DIR> d-------- c:\documents and settings\All Users\Application Data\TuneUp Software

2008-10-04 19:46 . 2008-10-04 19:46 355,584 --a------ c:\windows\system32\TuneUpDefragService.exe

2008-10-04 19:46 . 2008-05-29 08:28 28,416 --a------ c:\windows\system32\uxtuneup.dll

2008-10-04 15:27 . 2008-10-04 15:27 <DIR> d-------- c:\program files\NKProds

2008-10-04 15:27 . 2008-10-04 15:27 <DIR> d-------- c:\documents and settings\Samuel\Application Data\nCleaner

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-11-30 13:12 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP

2008-11-27 17:59 --------- d-----w c:\program files\Advanced System Optimizer

2008-11-26 20:42 30 ----a-w c:\program files\Exiferupdate.ini

2008-11-22 16:36 --------- d-----w c:\documents and settings\Samuel\Application Data\uTorrent

2008-11-22 10:26 --------- d-----w c:\documents and settings\Samuel\Application Data\Creative

2008-11-11 13:29 --------- d--h--w c:\program files\InstallShield Installation Information

2008-11-10 17:52 --------- d-----w c:\program files\Common Files\Real

2008-11-09 20:42 --------- d-----w c:\documents and settings\All Users\Application Data\FLEXnet

2008-11-01 13:00 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help

2008-10-27 21:24 --------- d-----w c:\program files\Common Files\Adobe

2008-10-07 17:57 --------- d-----w c:\program files\Prisma

2008-09-29 19:36 --------- d-----w c:\program files\Creative

2008-09-29 19:35 --------- d--h--w c:\program files\Creative Installation Information

2008-09-29 19:35 --------- d-----w c:\program files\Common Files\Creative

2008-09-29 19:34 --------- d-----w c:\documents and settings\All Users\Application Data\Creative

2008-09-19 21:55 200,704 ----a-w c:\windows\system32\ssldivx.dll

2008-09-19 21:55 1,044,480 ----a-w c:\windows\system32\libdivx.dll

2008-08-30 19:51 499,712 ----a-w c:\windows\system32\msvcp71.dll

2008-08-30 19:51 348,160 ----a-w c:\windows\system32\msvcr71.dll

2008-08-30 19:29 107,888 ----a-w c:\windows\system32\CmdLineExt.dll

2008-08-30 11:17 606,848 ----a-w c:\windows\flashax.exe

2008-08-30 11:17 12,288 ----a-w c:\windows\impborl.dll

2008-08-29 08:18 87,336 ----a-w c:\windows\system32\dns-sd.exe

2008-08-29 07:53 61,440 ----a-w c:\windows\system32\dnssd.dll

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-15 15360]

"Nokia.PCSync"="c:\program files\Nokia\Nokia PC Suite 7\PCSync2.exe" [2008-06-17 1249280]

"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2008-08-11 1124352]

"CTSyncU.exe"="c:\program files\Creative\Sync Manager Unicode\CTSyncU.exe" [2006-06-12 700416]

"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-08-08 490952]

"Eraser"="c:\program files\Eraser\Eraser.exe" [2007-12-23 916240]

"Systweak Wallpaper Changer"="c:\program files\Advanced System Optimizer\wallpaper.exe" [2007-06-22 151280]

"AdobeUpdater"="c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [2008-11-13 2356088]

"Startup Manager"="c:\program files\Advanced System Optimizer\startUp manager.exe" [2007-06-22 919280]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"nTrayFw"="c:\program files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe" [2006-02-17 270336]

"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2005-05-20 925696]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-02-13 7557120]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-02-13 86016]

"Control Center"="c:\program files\ASUS\WLAN Card Utilities\Center.exe" [2004-11-04 1569280]

"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]

"fssui"="c:\program files\Windows Live\Family Safety\fssui.exe" [2007-12-17 243240]

"WinampAgent"="c:\program files\Winamp\winampa.exe" [2008-08-04 36352]

"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-09-06 413696]

"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-09-03 111936]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-09-10 289576]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]

"UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe" [2008-05-02 15872]

"Ad Muncher"="c:\program files\Ad Muncher\AdMunch.exe" [2007-11-03 779776]

"ISTray"="c:\program files\Spyware Doctor\pctsTray.exe" [2008-08-25 1168264]

"nwiz"="nwiz.exe" [2006-02-13 c:\windows\system32\nwiz.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-15 15360]

c:\documents and settings\Samuel\Menu Start\Programma's\Opstarten\

OneNote 2007 Schermopname en Snel starten.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2007-08-24 101784]

c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\

Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng1.exe [2004-12-21 45056]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\RegCompact]

2008-04-16 13:24 165368 c:\windows\system32\RegCompact.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"vidc.ffds"= c:\progra~1\COMBIN~1\Filters\FFDShow\ff_vfw.dll

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]

"Registry Cleaner Scheduler"="c:\program files\CleanMyPC\Registry Cleaner\RCHelper.exe" /startup

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\NVIDIA Corporation\\NetworkAccessManager\\Apache Group\\Apache2\\bin\\Apache.exe"=

"c:\\Program Files\\uTorrent\\uTorrent.exe"=

"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=

"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=

"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

R1 pctfw2;pctfw2;\??\c:\windows\system32\drivers\pctfw2.sys [2008-11-30 160792]

R2 fssfltr;FssFltr;c:\windows\system32\DRIVERS\fssfltr.sys [2008-08-31 43816]

R2 fsssvc;Windows Live OneCare Family Safety;"c:\program files\Windows Live\Family Safety\fsssvc.exe" [2007-12-17 523816]

R3 ASNDIS5;ASNDIS5 Protocol Driver;\??\c:\windows\system32\ASNDIS5.SYS [2008-08-30 16269]

S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys [2008-11-23 38496]

S3 wampapache;wampapache;"c:\wamp\bin\apache\apache2.2.8\bin\httpd.exe" -k runservice [2008-10-18 24635]

S3 wampmysqld;wampmysqld;c:\wamp\bin\mysql\mysql5.0.51b\bin\mysqld-nt.exe wampmysqld []

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs

UxTuneUp

.

Inhoud van de 'Gedeelde Taken' map

2008-11-30 c:\windows\Tasks\1-Click Maintenance.job

- c:\program files\TuneUp Utilities 2008\OneClickStarter.exe [2008-06-20 08:09]

2008-11-26 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

.

- - - - ORPHANS VERWIJDERD - - - -

BHO-{E71F5184-35A9-3C29-99D1-B72C4506A596} - c:\windows\system32\mws77814.dll

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-11-30 14:31:44

Windows 5.1.2600 Service Pack 3 NTFS

scannen van verborgen processen ...

scannen van verborgen autostart items ...

scannen van verborgen bestanden ...

Scan succesvol afgerond

verborgen bestanden: 0

**************************************************************************

.

--------------------- DLLs Geladen Onder Lopende Processen ---------------------

- - - - - - - > 'winlogon.exe'(904)

c:\windows\system32\RegCompact.dll

- - - - - - - > 'lsass.exe'(964)

c:\program files\Common Files\PC Tools\LSP\PCTLsp.dll

c:\windows\system32\nvappfilter.dll

.

Voltooingstijd: 2008-11-30 14:32:21

ComboFix-quarantined-files.txt 2008-11-30 13:32:19

ComboFix2.txt 2008-11-30 13:19:09

ComboFix3.txt 2008-11-23 13:19:46

Pre-Run: 3.297.099.776 bytes beschikbaar

Post-Run: 3,273,654,272 bytes beschikbaar

265

Link naar reactie
Delen op andere sites
Samuel_Belgium Bijdrager

Samuel_Belgium

Geplaatst:
  • Auteur
Geplaatst:

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 21:51:53, on 30/11/2008

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\a-squared Free\a2service.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\WINDOWS\ATKKBService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\WINDOWS\system32\CTsvcCDA.exe

C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe

C:\Program Files\Windows Live\Family Safety\fsssvc.exe

C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe

C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Program Files\Spyware Doctor\pctsAuxs.exe

C:\Program Files\Spyware Doctor\pctsSvc.exe

C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe

C:\Program Files\Spyware Terminator\sp_rsser.exe

C:\WINDOWS\system32\wdfmgr.exe

C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe

C:\WINDOWS\System32\alg.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe

C:\Program Files\Analog Devices\Core\smax4pnp.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Program Files\ASUS\WLAN Card Utilities\Center.exe

C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

C:\Program Files\Windows Live\Family Safety\fssui.exe

C:\Program Files\Winamp\winampa.exe

C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Unlocker\UnlockerAssistant.exe

C:\Program Files\Ad Muncher\AdMunch.exe

C:\Program Files\Spyware Doctor\pctsTray.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Nokia\Nokia PC Suite 7\PCSync2.exe

C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe

C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe

C:\Program Files\DAEMON Tools Lite\daemon.exe

C:\Program Files\Eraser\Eraser.exe

C:\Program Files\Advanced System Optimizer\wallpaper.exe

C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe

C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe

C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe

C:\Program Files\PC Connectivity Solution\Transports\NclToBTSrv.exe

C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe

C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe

C:\Program Files\Common Files\Nokia\MPAPI\MPAPI3s.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Windows Live\Messenger\usnsvc.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

C:\WINDOWS\system32\NOTEPAD.EXE

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O4 - HKLM\..\Run: [nTrayFw] C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe

O4 - HKLM\..\Run: [soundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [Control Center] C:\Program Files\ASUS\WLAN Card Utilities\Center.exe

O4 - HKLM\..\Run: [GrooveMonitor] C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

O4 - HKLM\..\Run: [fssui] "C:\Program Files\Windows Live\Family Safety\fssui.exe" -autorun

O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe

O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe

O4 - HKLM\..\Run: [unlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"

O4 - HKLM\..\Run: [Ad Muncher] "C:\Program Files\Ad Muncher\AdMunch.exe" /bt

O4 - HKLM\..\Run: [iSTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSync2.exe" /NoDialog

O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray

O4 - HKCU\..\Run: [CTSyncU.exe] C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe

O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun

O4 - HKCU\..\Run: [Eraser] C:\Program Files\Eraser\Eraser.exe -hide

O4 - HKCU\..\Run: [systweak Wallpaper Changer] C:\Program Files\Advanced System Optimizer\wallpaper.exe -minimize

O4 - HKCU\..\Run: [AdobeUpdater] "C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe"

O4 - HKCU\..\Run: [startup Manager] "C:\Program Files\Advanced System Optimizer\startUp manager.exe"

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Startup: OneNote 2007 Schermopname en Snel starten.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE

O4 - Global Startup: Bluetooth Manager.lnk = C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng1.exe

O8 - Extra context menu item: Block frame with Ad Muncher - Ad Muncher

O8 - Extra context menu item: Block image with Ad Muncher - Ad Muncher

O8 - Extra context menu item: Block link with Ad Muncher - Ad Muncher

O8 - Extra context menu item: Don't filter page with Ad Muncher - Ad Muncher

O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: Report page to the Ad Muncher developers - Ad Muncher

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1220188919921

O16 - DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} (Creative Software AutoUpdate) - http://www.creative.com/softwareupdate/su/ocx/15101/CTSUEng.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1220203462546

O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/softwareupdate/su/ocx/15106/CTPID.cab

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll

O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe

O23 - Service: Mobiel Apple apparaat (Apple Mobile Device) - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe

O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe

O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe

O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe

O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe

O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe

O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe

O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe

O23 - Service: wampapache - Apache Software Foundation - c:\wamp\bin\apache\apache2.2.8\bin\httpd.exe

O23 - Service: wampmysqld - Unknown owner - c:\wamp\bin\mysql\mysql5.0.51b\bin\mysqld-nt.exe

--

End of file - 12721 bytes

ComboFix 08-11-29.03 - Samuel 2008-11-30 14:30:49.4 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1043.18.485 [GMT 1:00]

Gestart vanuit: c:\documents and settings\Samuel\Mijn documenten\Spyware\CombosFix.exe

gebruikte Opdracht switches :: c:\documents and settings\Samuel\Mijn documenten\Spyware\CFScript.txt

* Nieuw herstelpunt werd aangemaakt

FILE ::

c:\windows\ashampoo_clipfisher_117_sm.exe

c:\windows\system32\comdlg32.OCX

c:\windows\system32\eaeabefeef7_d.ocx

c:\windows\system32\MSWINSCK.ocx

c:\windows\system32\mws77814.dll

c:\windows\system32\richtx32.OCX

c:\windows\system32\SBFC.dat

c:\windows\system32\SBRC.dat

c:\windows\system32\wertyu.dll

c:\windows\system32\ws77814.dll

.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\windows\ashampoo_clipfisher_117_sm.exe

c:\windows\system32\comdlg32.OCX

c:\windows\system32\eaeabefeef7_d.ocx

c:\windows\system32\MSWINSCK.ocx

c:\windows\system32\mws77814.dll

c:\windows\system32\richtx32.OCX

c:\windows\system32\SBFC.dat

c:\windows\system32\SBRC.dat

c:\windows\system32\wertyu.dll

c:\windows\system32\ws77814.dll

.

(((((((((((((((((((( Bestanden Gemaakt van 2008-10-28 to 2008-11-30 ))))))))))))))))))))))))))))))

.

2008-11-30 14:02 . 2008-11-30 14:11 <DIR> d-------- C:\SDFix

2008-11-30 13:24 . 2008-11-30 13:24 <DIR> d-------- c:\program files\JGoodies

2008-11-30 13:24 . 2008-11-30 13:24 <DIR> d-------- c:\documents and settings\Samuel\Application Data\JGoodies

2008-11-30 13:22 . 2008-11-30 13:23 <DIR> d-------- c:\program files\Disk Cleaner

2008-11-30 11:35 . 2008-11-30 11:35 <DIR> d-------- C:\VundoFix Backups

2008-11-30 11:23 . 2008-11-30 14:01 <DIR> d-------- c:\program files\Spyware Doctor

2008-11-30 11:23 . 2008-11-30 11:23 <DIR> d-------- c:\program files\Common Files\PC Tools

2008-11-30 11:23 . 2008-11-30 11:23 <DIR> d-------- c:\documents and settings\Samuel\Application Data\PC Tools

2008-11-30 11:23 . 2008-11-30 11:23 <DIR> d-------- c:\documents and settings\All Users\Application Data\PC Tools

2008-11-30 11:23 . 2008-07-28 12:29 160,792 --a------ c:\windows\system32\drivers\pctfw2.sys

2008-11-30 11:23 . 2008-08-25 12:36 81,288 --a------ c:\windows\system32\drivers\iksyssec.sys

2008-11-30 11:23 . 2008-08-25 12:36 66,952 --a------ c:\windows\system32\drivers\iksysflt.sys

2008-11-30 11:23 . 2008-08-25 12:36 40,840 --a------ c:\windows\system32\drivers\ikfilesec.sys

2008-11-30 11:23 . 2008-06-02 16:19 29,576 --a------ c:\windows\system32\drivers\kcom.sys

2008-11-29 21:43 . 2008-11-29 21:43 252 --a------ c:\windows\mgutil_reg.ini

2008-11-29 21:42 . 2008-11-29 21:42 <DIR> d-------- c:\program files\Mgutil

2008-11-29 21:42 . 2008-11-29 21:42 55 --a------ c:\windows\mgutil_win.ini

2008-11-29 19:45 . 2008-11-29 19:53 <DIR> d-------- C:\4DiskcleanG

2008-11-29 18:54 . 2008-11-29 19:45 341 --a------ c:\windows\mgreg.ini

2008-11-29 18:54 . 2008-11-29 19:45 30 --a------ c:\windows\mgwin.ini

2008-11-29 18:52 . 2008-11-29 19:45 <DIR> d-------- c:\program files\Mgtweak

2008-11-28 17:19 . 2008-11-28 17:19 <DIR> d-------- c:\program files\Common Files\Adobe AIR

2008-11-28 17:19 . 2008-11-28 17:19 <DIR> d-------- c:\program files\Adobe Media Player

2008-11-26 18:55 . 2008-11-26 18:56 <DIR> d-------- c:\program files\Exifer

2008-11-24 21:06 . 2008-11-24 21:06 <DIR> d-------- c:\program files\GrabIt

2008-11-24 17:45 . 2008-11-24 17:45 <DIR> d-------- c:\program files\Spybot - Search & Destroy

2008-11-24 17:45 . 2008-11-24 17:46 <DIR> d-------- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy

2008-11-23 21:19 . 2008-11-23 21:19 <DIR> d-------- c:\program files\UnH Solutions

2008-11-23 21:03 . 2008-11-30 14:26 <DIR> d-------- c:\documents and settings\Samuel\Application Data\SiteAdvisor

2008-11-23 21:03 . 2008-11-23 21:03 <DIR> d-------- c:\documents and settings\All Users\Application Data\SiteAdvisor

2008-11-23 21:03 . 2008-11-23 21:03 <DIR> d-------- c:\documents and settings\All Users\Application Data\McAfee

2008-11-23 21:02 . 2008-11-23 21:13 <DIR> d-------- c:\program files\RegistryFix7

2008-11-23 20:56 . 2008-11-23 20:58 <DIR> d-------- c:\program files\Mp3 My Mp3 2.0

2008-11-23 20:55 . 2008-11-23 20:55 <DIR> d-------- c:\program files\NCH Swift Sound

2008-11-23 20:55 . 2008-11-23 20:55 <DIR> d-------- c:\documents and settings\Samuel\Application Data\NCH Swift Sound

2008-11-23 20:55 . 2008-11-23 20:55 <DIR> d-------- c:\documents and settings\All Users\Application Data\NCH Swift Sound

2008-11-23 20:52 . 2008-11-24 16:58 <DIR> d-------- c:\program files\Ad Muncher

2008-11-23 20:48 . 2008-11-23 20:48 <DIR> d-------- c:\program files\Unlocker

2008-11-23 20:43 . 2008-11-27 18:51 <DIR> d-------- c:\program files\a-squared Free

2008-11-23 14:23 . 2008-11-23 14:23 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware

2008-11-23 14:23 . 2008-10-22 16:10 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys

2008-11-23 14:23 . 2008-10-22 16:10 15,504 --a------ c:\windows\system32\drivers\mbam.sys

2008-11-22 19:20 . 2008-11-22 19:20 <DIR> d-------- c:\program files\Lavasoft

2008-11-22 19:20 . 2008-11-23 21:16 <DIR> d-------- c:\documents and settings\All Users\Application Data\Lavasoft

2008-11-22 19:09 . 2008-11-22 19:10 <DIR> d-------- c:\program files\CleanUp!

2008-11-22 17:57 . 2008-11-27 19:11 <DIR> d-------- c:\program files\Enigma Software Group

2008-11-22 17:02 . 2008-11-22 17:02 <DIR> d-------- c:\program files\Common Files\Download Manager

2008-11-22 17:02 . 2008-11-22 17:02 1,152 --a------ c:\windows\system32\windrv.sys

2008-11-22 15:58 . 2008-11-22 15:58 <DIR> d-------- c:\program files\ClamWinPortable

2008-11-21 21:27 . 2008-11-22 17:37 <DIR> d-------- C:\!KillBox

2008-11-21 21:22 . 2008-11-30 14:16 <DIR> d-------- c:\windows\system32\CatRoot2

2008-11-21 18:48 . 2008-11-21 18:48 <DIR> d-------- c:\program files\Trend Micro

2008-11-21 17:34 . 2008-11-21 17:34 <DIR> d-------- c:\windows\ERUNT

2008-11-20 22:21 . 2008-11-21 16:44 <DIR> d-------- c:\program files\Spyware Terminator

2008-11-20 22:21 . 2008-11-21 21:30 <DIR> d-------- c:\documents and settings\Samuel\Application Data\Spyware Terminator

2008-11-20 22:21 . 2008-11-21 21:32 <DIR> d-------- c:\documents and settings\All Users\Application Data\Spyware Terminator

2008-11-20 22:21 . 2008-11-20 22:21 141,312 --a------ c:\windows\system32\drivers\sp_rsdrv2.sys

2008-11-20 21:05 . 2008-11-20 21:05 <DIR> d-------- c:\documents and settings\Samuel\Application Data\Sunbelt Software

2008-11-15 21:48 . 2008-11-30 14:28 <DIR> dr-h----- c:\documents and settings\Samuel\Onlangs geopend

2008-11-15 14:16 . 2008-11-15 19:08 <DIR> d-------- c:\program files\Album Cover Art Downloader

2008-11-15 14:16 . 2008-11-15 14:37 <DIR> d-------- c:\documents and settings\Samuel\Application Data\albumart

2008-11-14 19:57 . 2008-11-14 19:57 <DIR> d-------- c:\program files\CopyRightLeft

2008-11-12 14:21 . 2008-11-12 16:08 <DIR> d-------- c:\program files\IObit

2008-11-11 18:38 . 2008-11-11 18:38 <DIR> d-------- c:\program files\Mp3tag

2008-11-11 18:38 . 2008-11-29 19:25 <DIR> d-------- c:\documents and settings\Samuel\Application Data\Mp3tag

2008-11-11 15:42 . 2008-11-15 15:36 <DIR> d-------- c:\program files\MP3Gain

2008-11-11 14:28 . 2008-11-11 14:28 <DIR> d-------- c:\program files\Google

2008-11-11 14:26 . 2008-11-11 14:26 <DIR> d-------- c:\windows\system32\URTTemp

2008-11-10 21:52 . 2008-11-10 21:58 <DIR> d-------- c:\documents and settings\Samuel\Application Data\gtk-2.0

2008-11-10 21:52 . 2008-11-10 21:52 <DIR> d-------- c:\documents and settings\Samuel\.thumbnails

2008-11-10 21:15 . 2008-11-10 21:15 <DIR> d-------- c:\program files\DivX

2008-11-10 16:06 . 2008-11-11 11:46 <DIR> d-------- c:\program files\TagRename

2008-11-09 20:05 . 2008-11-11 12:07 <DIR> d-------- c:\documents and settings\Samuel\.gimp-2.6

2008-11-09 20:05 . 2008-11-09 20:05 <DIR> d-------- c:\documents and settings\Samuel\.gegl-0.0

2008-11-09 20:03 . 2008-11-09 20:03 <DIR> d-------- c:\program files\Gimp-2.0

2008-11-09 19:13 . 2008-11-09 19:13 <DIR> d-------- c:\program files\Symantec

2008-11-09 16:54 . 2008-11-09 16:54 <DIR> d-------- c:\program files\Nattyware

2008-11-08 15:09 . 2008-11-08 15:15 <DIR> d-------- c:\documents and settings\Samuel\Application Data\PowerChallenge

2008-11-03 19:03 . 2008-11-09 21:42 <DIR> d-------- c:\program files\CoreFTP

2008-11-03 19:03 . 2008-11-25 19:48 <DIR> d-------- c:\documents and settings\Samuel\Application Data\CoreFTP

2008-11-01 14:58 . 2008-11-01 15:02 <DIR> d-------- c:\windows\system32\Adobe

2008-10-28 19:15 . 2008-10-28 19:15 <DIR> d-------- c:\documents and settings\Samuel\Application Data\JGsoft

2008-10-18 15:16 . 2008-10-18 15:17 <DIR> d-------- C:\wamp

2008-10-17 19:20 . 2008-10-17 19:20 <DIR> d-------- c:\documents and settings\Samuel\Application Data\SmartFTP

2008-10-17 19:01 . 2008-10-19 15:20 <DIR> d-------- c:\documents and settings\Samuel\Application Data\FileZilla

2008-10-14 16:32 . 2008-11-09 21:42 <DIR> d-------- c:\program files\Eraser

2008-10-14 16:32 . 2008-10-14 16:32 <DIR> d--h----- c:\documents and settings\All Users\Application Data\{A25FEDC1-F6D7-440C-BCE2-B71F595F6646}

2008-10-11 18:48 . 2008-10-11 18:48 <DIR> d--h----- c:\windows\PIF

2008-10-10 17:53 . 2008-11-08 16:03 <DIR> d-------- c:\program files\MessengerDiscovery

2008-10-09 16:26 . 2008-10-09 16:29 <DIR> d-------- c:\program files\RegSupreme Pro

2008-10-06 12:55 . 2008-10-06 12:55 <DIR> d-------- c:\program files\Microsoft Silverlight

2008-10-06 12:47 . 2008-10-06 12:47 <DIR> d-------- c:\program files\DAEMON Tools Toolbar

2008-10-06 12:46 . 2008-10-07 15:17 <DIR> d-------- c:\program files\DAEMON Tools Lite

2008-10-06 12:45 . 2008-10-06 12:45 <DIR> d-------- c:\documents and settings\Samuel\Application Data\DAEMON Tools

2008-10-06 12:45 . 2008-10-06 12:45 717,296 --a------ c:\windows\system32\drivers\sptd.sys

2008-10-04 20:12 . 2008-10-04 20:12 2,289,152 --a------ c:\windows\system32\TUKernel.exe

2008-10-04 19:46 . 2008-10-04 19:46 <DIR> d-------- c:\program files\TuneUp Utilities 2008

2008-10-04 19:46 . 2008-11-23 21:16 <DIR> d-------- c:\program files\Common Files\Wise Installation Wizard

2008-10-04 19:46 . 2008-10-04 19:46 <DIR> d-------- c:\documents and settings\Samuel\Application Data\TuneUp Software

2008-10-04 19:46 . 2008-10-04 19:46 <DIR> d-------- c:\documents and settings\All Users\Application Data\TuneUp Software

2008-10-04 19:46 . 2008-10-04 19:46 355,584 --a------ c:\windows\system32\TuneUpDefragService.exe

2008-10-04 19:46 . 2008-05-29 08:28 28,416 --a------ c:\windows\system32\uxtuneup.dll

2008-10-04 15:27 . 2008-10-04 15:27 <DIR> d-------- c:\program files\NKProds

2008-10-04 15:27 . 2008-10-04 15:27 <DIR> d-------- c:\documents and settings\Samuel\Application Data\nCleaner

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-11-30 13:12 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP

2008-11-27 17:59 --------- d-----w c:\program files\Advanced System Optimizer

2008-11-26 20:42 30 ----a-w c:\program files\Exiferupdate.ini

2008-11-22 16:36 --------- d-----w c:\documents and settings\Samuel\Application Data\uTorrent

2008-11-22 10:26 --------- d-----w c:\documents and settings\Samuel\Application Data\Creative

2008-11-11 13:29 --------- d--h--w c:\program files\InstallShield Installation Information

2008-11-10 17:52 --------- d-----w c:\program files\Common Files\Real

2008-11-09 20:42 --------- d-----w c:\documents and settings\All Users\Application Data\FLEXnet

2008-11-01 13:00 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help

2008-10-27 21:24 --------- d-----w c:\program files\Common Files\Adobe

2008-10-07 17:57 --------- d-----w c:\program files\Prisma

2008-09-29 19:36 --------- d-----w c:\program files\Creative

2008-09-29 19:35 --------- d--h--w c:\program files\Creative Installation Information

2008-09-29 19:35 --------- d-----w c:\program files\Common Files\Creative

2008-09-29 19:34 --------- d-----w c:\documents and settings\All Users\Application Data\Creative

2008-09-19 21:55 200,704 ----a-w c:\windows\system32\ssldivx.dll

2008-09-19 21:55 1,044,480 ----a-w c:\windows\system32\libdivx.dll

2008-08-30 19:51 499,712 ----a-w c:\windows\system32\msvcp71.dll

2008-08-30 19:51 348,160 ----a-w c:\windows\system32\msvcr71.dll

2008-08-30 19:29 107,888 ----a-w c:\windows\system32\CmdLineExt.dll

2008-08-30 11:17 606,848 ----a-w c:\windows\flashax.exe

2008-08-30 11:17 12,288 ----a-w c:\windows\impborl.dll

2008-08-29 08:18 87,336 ----a-w c:\windows\system32\dns-sd.exe

2008-08-29 07:53 61,440 ----a-w c:\windows\system32\dnssd.dll

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-15 15360]

"Nokia.PCSync"="c:\program files\Nokia\Nokia PC Suite 7\PCSync2.exe" [2008-06-17 1249280]

"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2008-08-11 1124352]

"CTSyncU.exe"="c:\program files\Creative\Sync Manager Unicode\CTSyncU.exe" [2006-06-12 700416]

"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-08-08 490952]

"Eraser"="c:\program files\Eraser\Eraser.exe" [2007-12-23 916240]

"Systweak Wallpaper Changer"="c:\program files\Advanced System Optimizer\wallpaper.exe" [2007-06-22 151280]

"AdobeUpdater"="c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [2008-11-13 2356088]

"Startup Manager"="c:\program files\Advanced System Optimizer\startUp manager.exe" [2007-06-22 919280]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"nTrayFw"="c:\program files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe" [2006-02-17 270336]

"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2005-05-20 925696]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-02-13 7557120]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-02-13 86016]

"Control Center"="c:\program files\ASUS\WLAN Card Utilities\Center.exe" [2004-11-04 1569280]

"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]

"fssui"="c:\program files\Windows Live\Family Safety\fssui.exe" [2007-12-17 243240]

"WinampAgent"="c:\program files\Winamp\winampa.exe" [2008-08-04 36352]

"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-09-06 413696]

"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-09-03 111936]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-09-10 289576]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]

"UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe" [2008-05-02 15872]

"Ad Muncher"="c:\program files\Ad Muncher\AdMunch.exe" [2007-11-03 779776]

"ISTray"="c:\program files\Spyware Doctor\pctsTray.exe" [2008-08-25 1168264]

"nwiz"="nwiz.exe" [2006-02-13 c:\windows\system32\nwiz.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-15 15360]

c:\documents and settings\Samuel\Menu Start\Programma's\Opstarten\

OneNote 2007 Schermopname en Snel starten.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2007-08-24 101784]

c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\

Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng1.exe [2004-12-21 45056]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\RegCompact]

2008-04-16 13:24 165368 c:\windows\system32\RegCompact.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"vidc.ffds"= c:\progra~1\COMBIN~1\Filters\FFDShow\ff_vfw.dll

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]

"Registry Cleaner Scheduler"="c:\program files\CleanMyPC\Registry Cleaner\RCHelper.exe" /startup

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\NVIDIA Corporation\\NetworkAccessManager\\Apache Group\\Apache2\\bin\\Apache.exe"=

"c:\\Program Files\\uTorrent\\uTorrent.exe"=

"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=

"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=

"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

R1 pctfw2;pctfw2;\??\c:\windows\system32\drivers\pctfw2.sys [2008-11-30 160792]

R2 fssfltr;FssFltr;c:\windows\system32\DRIVERS\fssfltr.sys [2008-08-31 43816]

R2 fsssvc;Windows Live OneCare Family Safety;"c:\program files\Windows Live\Family Safety\fsssvc.exe" [2007-12-17 523816]

R3 ASNDIS5;ASNDIS5 Protocol Driver;\??\c:\windows\system32\ASNDIS5.SYS [2008-08-30 16269]

S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys [2008-11-23 38496]

S3 wampapache;wampapache;"c:\wamp\bin\apache\apache2.2.8\bin\httpd.exe" -k runservice [2008-10-18 24635]

S3 wampmysqld;wampmysqld;c:\wamp\bin\mysql\mysql5.0.51b\bin\mysqld-nt.exe wampmysqld []

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs

UxTuneUp

.

Inhoud van de 'Gedeelde Taken' map

2008-11-30 c:\windows\Tasks\1-Click Maintenance.job

- c:\program files\TuneUp Utilities 2008\OneClickStarter.exe [2008-06-20 08:09]

2008-11-26 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

.

- - - - ORPHANS VERWIJDERD - - - -

BHO-{E71F5184-35A9-3C29-99D1-B72C4506A596} - c:\windows\system32\mws77814.dll

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-11-30 14:31:44

Windows 5.1.2600 Service Pack 3 NTFS

scannen van verborgen processen ...

scannen van verborgen autostart items ...

scannen van verborgen bestanden ...

Scan succesvol afgerond

verborgen bestanden: 0

**************************************************************************

.

--------------------- DLLs Geladen Onder Lopende Processen ---------------------

- - - - - - - > 'winlogon.exe'(904)

c:\windows\system32\RegCompact.dll

- - - - - - - > 'lsass.exe'(964)

c:\program files\Common Files\PC Tools\LSP\PCTLsp.dll

c:\windows\system32\nvappfilter.dll

.

Voltooingstijd: 2008-11-30 14:32:21

ComboFix-quarantined-files.txt 2008-11-30 13:32:19

ComboFix2.txt 2008-11-30 13:19:09

ComboFix3.txt 2008-11-23 13:19:46

Pre-Run: 3.297.099.776 bytes beschikbaar

Post-Run: 3,273,654,272 bytes beschikbaar

265

Link naar reactie
Delen op andere sites
kape Grootmeester

kape

Geplaatst:
Geplaatst:

Combofix heeft al behoorlijk wat opgeruimd, maar vóór we aan het uitpluizen van deze logjes beginnen, twee vraagjes :

1. hoe staat het nu met de pop-ups ?

2. klopt het dat je geen actief antivirusprogramma op je PC hebt ?

Daarna kijken we wel even verder.

Link naar reactie
Delen op andere sites
kape Grootmeester

kape

Geplaatst:
Geplaatst:
Nee ik heb geen actief antivirusprogramma maar wel non-actief :-)
En dan verbaasd dat er opnieuw spyware op je pC opduikt, tja ... :s

Pop-ups verdwenen, dan is het tijd voor de “grote schoonmaak” : verwijderen van gebruikte programma’s, een cleaning en het verwijderen van de besmette herstelpunten. En je JAVA kan een update gebruiken.

Verwijder Combofix: Start -> Uitvoeren en typ: combofix /u

Dit zal Combofix verwijderen + gerelateerde mappen en bestanden, herstelt de klokinstellingen opnieuw, verbergt de bestandsextensies, gaat verborgen bestanden en systeembestanden terug verbergen en maakt een nieuw herstelpunt.

Download CCleaner.

Installeer het en start CCleaner op. Klik in de linkse kolom op “Cleaner”. Klik achtereenvolgens op ‘Analyseren’ en 'Opschonen'. Klik vervolgens in de linkse kolom op “Register” en klik op ‘Scan naar problemen”. Als er fouten gevonden worden klik je op ”Herstel geselecteerde problemen” en ”OK”. Dan krijg je de vraag om een back-up te maken. Klik op “JA”. Kies dan “Herstel alle geselecteerde fouten”. Sluit hierna CCleaner terug af.

Het is aangewezen om de bestaande herstelpunten te verwijderen (daar zitten besmette herstelpunten tussen die je eventueel zou kunnen terugzetten) door systeemherstel tijdelijk uit te schakelen. Doe dit via Start -> Configuratiescherm -> Systeem -> Systeemherstel -> "Systeemherstel op alle stations uitschakelen" aanvinken. Toepassen en OK. PC herstarten en het vinkje terug weg halen.

Je Java software is verouderd.

Oudere versies hebben lekken die malware de kans geeft om zich te installeren op je systeem.

Doe eerst deze stappen om Java te de-installeren en de nieuwere versie te installeren:

Download Java Runtime Environment (JRE) 6u10 .

[*]Scroll omlaag naar : "Java SE Runtime Environment (JRE) 6 Update 10".

[*]Klik op de "Download" knop aan de rechterkant.

[*]Vink aan: "Accept License Agreement".

[*]De pagina zal herladen.

[*]Klik op de link om Windows Offline Installation te downloaden met Meerdere-talen, en bewaar het naar je Bureaublad.

[*]Sluit alle programma's die eventueel open zijn - Zeker je web browser!

[*]Ga dan naar Start > Configuratiescherm > Software en verwijder alle oudere versies van Java uit de Softwarelijst.

[*]Vink alles aan met Java Runtime Environment (JRE of J2SE of Java™ 6 update 1 t.e.m.7) in de naam.

[*]Klik dan op Verwijderen of op de Wijzig/Verwijder knop.

[*]Herhaal dit tot alle oudere versies verdwenen zijn.

[*]Na het verwijderen van alle oudere versies, herstart je pc.

[*]Dubbelklik vervolgens op jre-6u10-windows-i586-p.exe op je Bureaublad om de nieuwste versie van Java te installeren.

That’s it !

Link naar reactie
Delen op andere sites
  • 3 weken later...
Gast
Dit topic is nu gesloten voor nieuwe reacties.
 Delen
Ga naar topic overzicht
Logo

OVER ONS

PC Helpforum helpt GRATIS computergebruikers sinds juli 2006. Ons team geeft via het forum professioneel antwoord op uw vragen en probeert uw pc problemen zo snel mogelijk op te lossen. Word lid vandaag, plaats je vraag online en het PC Helpforum-team helpt u graag verder!

SITEMAP

×
×
  • Nieuwe aanmaken...

Belangrijke informatie

We hebben cookies geplaatst op je toestel om deze website voor jou beter te kunnen maken. Je kunt de cookie instellingen aanpassen, anders gaan we er van uit dat het goed is om verder te gaan.