Ga naar inhoud

Virus? Security Tool

The Lis 1
 Delen

Aanbevolen berichten

The Lis 1 Bijdrager

The Lis 1

Geplaatst:
Geplaatst:

Heren,

Op mijn andere computer (Windows XP) heb ik problemen met de Security Tool zoals ook hier:

http://www.pc-helpforum.be/f167/xp-security-tool-2010-virus-malware-22966/

Bij mij heet het XP Antimalware (of iets dergelijks).

Ik wil best HijackThis draaien, maar hoe krijg ik die daar aan de gang, er wordt al e.e.a. geblokkeerd.

Iemand goede ideeën?

Groeten,

Thelis

Link naar reactie
Delen op andere sites
The Lis 1 Bijdrager

The Lis 1

Geplaatst:
  • Auteur
Geplaatst:

Ik heb na f8 'veilige modus' gekozen en 'xp home edition gekozen'.

Na een hele set paden en bestanden die langs scrollen stopt de computer en start opnieuw op. Daarna geeft hij aan dat Windows niet goed kan starten.

De computer/windows adviseert echter de laatst bekende juiste configuratie te kiezen ( bij onverwachts nieuw opstarten) of windows normaal starten (bij mislukken eerdere poging).

Ik heb gewoon weer 'Veilige modus' gekozen (geen netwerkmogelijkheden of met opdrachtprompt.

Ik krijg weer dezelfde advies. Ik heb niet zo'n goed gevoel bij windows opnieuw opstarten.

Vraag hoe nu verder?

Link naar reactie
Delen op andere sites
kape Grootmeester

kape

Geplaatst:
Geplaatst:

Download Combofix naar je Bureaublad. Wijzig de naam van het bestand combofix.exe bij het downloaden naar 12345.exe.

Lees hier meer over correct gebruik van Combofix.

OPMERKING: indien je, tijdens of na het downloaden van Combofix of tijdens het gebruik van Combofix een melding krijgt van je Antivirus- of een andere realtime scanner, schakel dan deze scanner uit en download Combofix opnieuw.

Sommige scanners zien bepaalde componenten die Combofix gebruikt als verdacht en gaan deze blokkeren of verwijderen!


  • Dubbelklik op 12345.exe om het te starten.
    Indien je Combofix al eerder hebt gebruikt, kan je een waarschuwing krijgen dat een update beschikbaar is. Sta toe dat ComboFix wordt geupdate.
    Volg de instructies, aanvaard de disclaimer door op Ja te klikken.
    Indien de Recovery Console niet geïnstalleerd is, wordt je gevraagd om dit alsnog te doen door op JA te klikken in het "Query - Recovery Console" venster (enkel voor XP, niet voor VISTA).
    Klik op OK en Ja om automatisch de Recovery Console te laten installeren.
    Klik na afloop terug op Ja om het scannen op malware te starten.
    Tijdens het runnen van de fix, NIET in het venster klikken, want dit zal je pc doen vasthangen.

Wanneer de fix voltooid is en na herstart, zal de log Combofix.txt openen.

Post dit logje in je volgende antwoord.

Link naar reactie
Delen op andere sites
The Lis 1 Bijdrager

The Lis 1

Geplaatst:
  • Auteur
Geplaatst:

Heren,

Ik ben nog niet veel opgeschoten.

Ik heb met veel moeite (via mijn schone computer 1 een cd gebrand) HiJackThis op mijn andere (besmette) computer 2 gekregen. En ook 12345.exe (Combofix). Dit in veilige modus en als administrator.

Ik heb HJT gedraaid en een logbestand staat op mijn (besmette) computer 2.

12345.exe (combofix) draaien lukt tot net na het punt waar om de Recovery Console wordt gevraagd. Dan het ik een openstaande internetverbinding nodig. Maar heb ik op dat moment niet. txtx of log bestand daarvan heb ik dus nog niet.

Aangezien ik internet onder veilige modus niet gestart krijg, krijg ik het logbestand niet onder jullie ogen.

CD branden op mijn (besmette) computer 2 lijkt mij listig voor mijn schone computer 1.

Iemand een idee? Overtikken kan altijd nog!

Link naar reactie
Delen op andere sites
The Lis 1 Bijdrager

The Lis 1

Geplaatst:
  • Auteur
Geplaatst:

Heren,

Hierbij het Combofix log-file:

ComboFix 10-03-19.08 - Administrator 20-03-2010 12:50:13.1.2 - x86 NETWORK

Microsoft Windows XP Home Edition 5.1.2600.3.1252.31.1043.18.1023.665 [GMT 1:00]

Gestart vanuit: c:\documents and settings\Administrator\Bureaublad\12345.exe.exe

.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\documents and settings\Administrator\Local Settings\Application Data\ave.exe

c:\documents and settings\All Users\Application Data\38344830

c:\documents and settings\All Users\Application Data\38344830\38344830.exe

c:\documents and settings\All Users\Application Data\av.exe

c:\documents and settings\All Users\Application Data\ave.exe

c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\MSASCui.exe

c:\documents and settings\All Users\Application Data\vma.exe

c:\documents and settings\Lissenberg\Application Data\avdrn.dat

c:\documents and settings\Lissenberg\Application Data\wiaserva.log

c:\documents and settings\Lissenberg\Bureaublad\Security Tool.lnk

c:\documents and settings\Lissenberg\Local Settings\Application Data\av.exe

c:\documents and settings\Lissenberg\Local Settings\Application Data\ave.exe

c:\documents and settings\Lissenberg\Local Settings\Application Data\MSASCui.exe

c:\documents and settings\Lissenberg\Local Settings\Application Data\vma.exe

c:\documents and settings\Lissenberg\Menu Start\Programma's\Opstarten\monnwb32.exe

c:\documents and settings\Lissenberg\Menu Start\Programma's\Security Tool.lnk

c:\documents and settings\Lissenberg\Mijn documenten\ZbThumbnail.info

c:\documents and settings\LocalService\Local Settings\Application Data\av.exe

c:\documents and settings\LocalService\Local Settings\Application Data\ave.exe

c:\documents and settings\LocalService\oashdihasidhasuidhiasdhiashdiuasdhasd

c:\program files\Internet Explorer\SET42.tmp

c:\program files\Internet Explorer\SET43.tmp

c:\program files\Internet Explorer\SET45.tmp

c:\recycler\S-1-5-21-2805775813-253940755-3319840395-1003

c:\recycler\S-1-5-21-3371718181-4216010733-3099023915-1003

c:\windows\Downloaded Program Files\poPCaploader.dll

c:\windows\Downloaded Program Files\popcaploader.inf

c:\windows\system32\config\systemprofile\oashdihasidhasuidhiasdhiashdiuasdhasd

c:\windows\system32\drivers\str.sys

Besmet exemplaar van c:\windows\system32\drivers\cdrom.sys werd aangetroffen en gedesinfecteerd

Hersteld exemplaar van - c:\windows\ServicePackFiles\i386\cdrom.sys

c:\windows\system32\grpconv.exe was verdwenen

Hersteld exemplaar van - c:\windows\ServicePackFiles\i386\grpconv.exe

.

(((((((((((((((((((( Bestanden Gemaakt van 2010-02-20 to 2010-03-20 ))))))))))))))))))))))))))))))

.

2010-03-20 12:04 . 2008-04-14 17:02 39424 ----a-w- c:\windows\system32\grpconv.exe

2010-03-19 17:48 . 2010-03-19 17:48 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Mozilla

2010-03-19 17:45 . 2010-03-19 17:45 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache

2010-03-17 18:09 . 2010-03-17 19:24 200192 --sha-w- c:\documents and settings\Lissenberg\Local Settings\Application Data\2303671498.dll

2010-03-17 13:50 . 2010-03-17 13:50 200192 --sha-w- c:\documents and settings\All Users\Application Data\avG\vma.exe

2010-03-17 13:50 . 2010-03-17 13:50 200192 --sha-w- c:\documents and settings\All Users\Application Data\avG\av.exe

2010-03-17 13:50 . 2010-03-17 13:50 -------- d-----w- c:\documents and settings\All Users\Application Data\avG

2010-03-17 13:50 . 2010-03-17 13:50 200192 --sha-w- c:\documents and settings\All Users\Application Data\avG\MSASCui.exe

2010-03-17 13:50 . 2010-03-17 13:50 200192 --sha-w- c:\documents and settings\All Users\Application Data\avG\ave.exe

2010-03-17 13:50 . 2010-03-17 13:50 200192 --sha-w- c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\vma.exe

2010-03-17 13:50 . 2010-03-17 13:50 200192 --sha-w- c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\ave.exe

2010-03-17 13:50 . 2010-03-17 13:50 200192 --sha-w- c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\av.exe

2010-03-17 13:50 . 2010-03-17 13:50 200192 --sha-w- c:\documents and settings\All Users\Application Data\MSASCui.exe

2010-03-17 13:48 . 2010-03-17 13:50 -------- d-----w- c:\documents and settings\Lissenberg\Local Settings\Application Data\avG

2010-03-15 21:19 . 2010-02-02 20:37 52224 ----a-w- c:\documents and settings\Lissenberg\Application Data\Mozilla\Firefox\Profiles\xhfzk791.standarduser\extensions\{93641d63-13a2-4a6e-aa0d-6c604ab4a948}\components\FFExternalAlert.dll

2010-03-15 21:19 . 2010-02-02 20:37 101376 ----a-w- c:\documents and settings\Lissenberg\Application Data\Mozilla\Firefox\Profiles\xhfzk791.standarduser\extensions\{93641d63-13a2-4a6e-aa0d-6c604ab4a948}\components\RadioWMPCore.dll

2010-03-15 21:19 . 2010-02-02 20:37 52224 ----a-w- c:\documents and settings\Lissenberg\Application Data\Mozilla\Firefox\Profiles\xhfzk791.standarduser\extensions\{c75c1584-beb4-466e-9971-a2266feb52b9}\components\FFExternalAlert.dll

2010-03-15 21:19 . 2010-02-02 20:37 52224 ----a-w- c:\documents and settings\Lissenberg\Application Data\Mozilla\Firefox\Profiles\xhfzk791.standarduser\extensions\{ddbcc41d-01ea-43cd-ad46-9783464b46a6}\components\FFExternalAlert.dll

2010-03-15 21:19 . 2010-02-02 20:37 101376 ----a-w- c:\documents and settings\Lissenberg\Application Data\Mozilla\Firefox\Profiles\xhfzk791.standarduser\extensions\{ddbcc41d-01ea-43cd-ad46-9783464b46a6}\components\RadioWMPCore.dll

2010-03-15 21:19 . 2010-02-02 20:37 101376 ----a-w- c:\documents and settings\Lissenberg\Application Data\Mozilla\Firefox\Profiles\xhfzk791.standarduser\extensions\{c75c1584-beb4-466e-9971-a2266feb52b9}\components\RadioWMPCore.dll

2010-03-15 21:19 . 2010-02-02 20:37 52224 ----a-w- c:\documents and settings\Lissenberg\Application Data\Mozilla\Firefox\Profiles\xhfzk791.standarduser\extensions\{9b5f30d5-4624-4a54-a751-251e9a376f85}\components\FFExternalAlert.dll

2010-03-15 21:19 . 2010-02-02 20:37 101376 ----a-w- c:\documents and settings\Lissenberg\Application Data\Mozilla\Firefox\Profiles\xhfzk791.standarduser\extensions\{9b5f30d5-4624-4a54-a751-251e9a376f85}\components\RadioWMPCore.dll

2010-03-12 21:40 . 2009-12-16 13:42 872960 ----a-w- c:\documents and settings\Lissenberg\Application Data\Mozilla\Firefox\Profiles\xhfzk791.standarduser\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll

2010-03-12 21:40 . 2009-12-16 13:42 43008 ----a-w- c:\documents and settings\Lissenberg\Application Data\Mozilla\Firefox\Profiles\xhfzk791.standarduser\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbarloader.dll

2010-03-12 21:40 . 2009-12-16 13:42 340480 ----a-w- c:\documents and settings\Lissenberg\Application Data\Mozilla\Firefox\Profiles\xhfzk791.standarduser\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff2.dll

2010-03-12 21:40 . 2009-12-16 13:41 346624 ----a-w- c:\documents and settings\Lissenberg\Application Data\Mozilla\Firefox\Profiles\xhfzk791.standarduser\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff3.dll

2010-03-12 14:40 . 2009-10-23 15:28 3558912 -c----w- c:\windows\system32\dllcache\moviemk.exe

2010-03-10 17:54 . 2010-02-12 10:03 293376 ------w- c:\windows\system32\browserchoice.exe

2010-03-07 22:58 . 2010-03-07 22:58 -------- d-----w- c:\documents and settings\Lissenberg\Application Data\Likno Software

2010-03-07 11:25 . 2010-03-07 11:25 -------- d-----w- c:\program files\CoffeeCup Software

2010-03-05 16:09 . 2010-03-05 16:11 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Temp

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-03-20 12:07 . 2008-02-06 19:46 -------- d-----w- c:\documents and settings\Lissenberg\Application Data\WTablet

2010-03-20 10:39 . 2006-10-14 10:34 12 ----a-w- c:\windows\bthservsdp.dat

2010-03-19 18:22 . 2008-05-17 15:45 -------- d-----w- c:\program files\Panda Security

2010-03-19 17:56 . 2008-05-05 20:18 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater

2010-03-19 17:55 . 2009-06-04 17:35 -------- d-----w- c:\documents and settings\LocalService\Application Data\WTablet

2010-03-19 17:53 . 2010-03-19 17:44 96264 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

2010-03-17 17:59 . 2010-03-17 17:59 12 ----a-w- c:\documents and settings\LocalService\Application Data\zxcdyt.dat

2010-03-17 16:48 . 2009-07-24 20:22 -------- d-----w- c:\program files\Mozilla Thunderbird

2010-03-15 20:01 . 2008-11-21 12:46 -------- d-----w- c:\documents and settings\Lissenberg\Application Data\Belastingdienst

2010-03-14 18:35 . 2008-02-03 11:12 -------- d-----w- c:\program files\Hema Album Software Advanced

2010-03-05 21:53 . 2006-02-25 16:20 96264 ----a-w- c:\documents and settings\Lissenberg\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

2010-02-04 18:23 . 2010-02-04 18:23 -------- d-----w- c:\program files\RadioXpi

2010-02-03 20:28 . 2008-03-23 18:57 -------- d-----w- c:\program files\e frontier

2010-02-01 12:05 . 2004-08-04 19:00 69614 ----a-w- c:\windows\system32\perfc013.dat

2010-02-01 12:05 . 2004-08-04 19:00 442318 ----a-w- c:\windows\system32\perfh013.dat

2010-01-29 16:01 . 2010-01-29 16:01 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard

2010-01-29 13:59 . 2010-01-29 13:59 61440 ----a-w- c:\documents and settings\Lissenberg\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-52f976af-n\decora-sse.dll

2010-01-29 13:59 . 2010-01-29 13:59 503808 ----a-w- c:\documents and settings\Lissenberg\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-14ecc3ba-n\msvcp71.dll

2010-01-29 13:59 . 2010-01-29 13:59 499712 ----a-w- c:\documents and settings\Lissenberg\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-14ecc3ba-n\jmc.dll

2010-01-29 13:59 . 2010-01-29 13:59 348160 ----a-w- c:\documents and settings\Lissenberg\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-14ecc3ba-n\msvcr71.dll

2010-01-29 13:59 . 2010-01-29 13:59 12800 ----a-w- c:\documents and settings\Lissenberg\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-52f976af-n\decora-d3d.dll

2010-01-20 18:23 . 2006-03-01 20:10 -------- d-----w- c:\program files\Common Files\Java

2010-01-20 18:11 . 2010-01-20 18:11 61440 ----a-w- c:\documents and settings\Lissenberg\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\759e98ee-1036899a-n\decora-sse.dll

2010-01-20 18:11 . 2010-01-20 18:11 503808 ----a-w- c:\documents and settings\Lissenberg\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\759e98ee-1036899a-n\msvcp71.dll

2010-01-20 18:11 . 2010-01-20 18:11 499712 ----a-w- c:\documents and settings\Lissenberg\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\759e98ee-1036899a-n\jmc.dll

2010-01-20 18:11 . 2010-01-20 18:11 348160 ----a-w- c:\documents and settings\Lissenberg\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\759e98ee-1036899a-n\msvcr71.dll

2010-01-20 18:11 . 2010-01-20 18:11 12800 ----a-w- c:\documents and settings\Lissenberg\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\759e98ee-1036899a-n\decora-d3d.dll

2010-01-20 18:11 . 2010-01-20 18:11 315392 ----a-w- c:\documents and settings\Lissenberg\Application Data\Sun\Java\Deployment\SystemCache\6.0\62\6baea4fe-69b74a07-n\jogl.dll

2010-01-20 18:11 . 2010-01-20 18:11 20480 ----a-w- c:\documents and settings\Lissenberg\Application Data\Sun\Java\Deployment\SystemCache\6.0\62\6baea4fe-69b74a07-n\jogl_awt.dll

2010-01-20 18:11 . 2010-01-20 18:11 114688 ----a-w- c:\documents and settings\Lissenberg\Application Data\Sun\Java\Deployment\SystemCache\6.0\62\6baea4fe-69b74a07-n\jogl_cg.dll

2010-01-20 18:11 . 2010-01-20 18:11 20480 ----a-w- c:\documents and settings\Lissenberg\Application Data\Sun\Java\Deployment\SystemCache\6.0\45\4f710eed-1b11edc1-n\gluegen-rt.dll

2010-01-20 18:11 . 2006-03-01 20:11 -------- d-----w- c:\program files\Java

2009-12-31 16:50 . 2004-08-04 12:00 353792 ----a-w- c:\windows\system32\drivers\srv.sys

2009-12-30 01:03 . 2010-01-05 18:22 52224 ----a-w- c:\documents and settings\Lissenberg\Application Data\Mozilla\Firefox\Profiles\xhfzk791.standarduser\extensions\{40dc9053-cbc0-471e-858b-33dd24acad76}\components\FFExternalAlert.dll

2009-12-30 01:03 . 2010-01-05 18:22 101376 ----a-w- c:\documents and settings\Lissenberg\Application Data\Mozilla\Firefox\Profiles\xhfzk791.standarduser\extensions\{40dc9053-cbc0-471e-858b-33dd24acad76}\components\RadioWMPCore.dll

2009-12-21 19:10 . 2004-08-04 19:00 916480 ----a-w- c:\windows\system32\wininet.dll

2006-09-27 14:15 . 2006-09-27 14:18 774144 ----a-w- c:\program files\RngInterstitial.dll

2006-12-31 18:16 . 2006-12-31 17:36 80 --sh--r- c:\windows\system32\2913CD5CC8.dll

.

------- Sigcheck -------

[7] 2008-04-13 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\atapi.sys

[-] 2008-04-13 18:40 . 285003E01743C396AFB7B481F495DD04 . 96512 . . [------] . . c:\windows\system32\drivers\atapi.sys

[7] 2004-08-03 . CDFE4411A69C224BD1D11B2DA92DAC51 . 95360 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\atapi.sys

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-20 68856]

"TomTomHOME.exe"="c:\program files\TomTom HOME 2\TomTomHOMERunner.exe" [2009-04-08 251240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-11-11 7311360]

"nwiz"="nwiz.exe" [2005-11-11 1519616]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2005-11-11 86016]

"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]

"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 32768]

"RTHDCPL"="RTHDCPL.EXE" [2005-10-14 14864384]

"EPSON Stylus Photo R220 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIAIE.EXE" [2005-03-09 98304]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2006-06-14 278528]

"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]

"EPSON Stylus Photo R220 Netwerk"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIAIE.EXE" [2005-03-09 98304]

"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-09-28 185896]

"OpwareSE4"="c:\program files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" [2006-10-11 75304]

"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Elements 5.0\apdproxy.exe" [2006-09-14 61440]

"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2007-03-29 624248]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-05-27 413696]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]

"EPSON Stylus Photo R220 Netwerkprinter"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIAIE.EXE" [2005-03-09 98304]

"EPSON Stylus Photo R220 via netwerk"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIAIE.EXE" [2005-03-09 98304]

"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-09-10 198160]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-01-11 246504]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\

AutoCAD Startup Accelerator.lnk - c:\program files\Common Files\Autodesk Shared\acstart16.exe [2004-2-25 10872]

BTTray.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-1-5 618557]

Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

"EditLevel"= 0 (0x0)

"NoCommonGroups"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

"DisableNotifications"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\Common Files\\Adobe\\Adobe Version Cue CS3\\Server\\bin\\VersionCueCS3.exe"=

"c:\\Program Files\\Real\\realplayer\\realplay.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"3703:TCP"= 3703:TCP:Adobe Version Cue CS3 Server

"3704:TCP"= 3704:TCP:Adobe Version Cue CS3 Server

"50900:TCP"= 50900:TCP:Adobe Version Cue CS3 Server

"50901:TCP"= 50901:TCP:Adobe Version Cue CS3 Server

R2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [8-4-2009 11:38 92008]

S2 gupdate1c9863d304d7c22;Google Update Service (gupdate1c9863d304d7c22);c:\program files\Google\Update\GoogleUpdate.exe [3-2-2009 21:22 133104]

S2 kceoarvta;kceoarvta;\??\c:\windows\system32\drivers\qfeytu.sys --> c:\windows\system32\drivers\qfeytu.sys [?]

S3 {DEF85C80-216A-43ab-AF70-1665EDBE2780};{DEF85C80-216A-43ab-AF70-1665EDBE2780};\??\c:\windows\TEMP\6D1.tmp --> c:\windows\TEMP\6D1.tmp [?]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\Z]

\Shell\AutoRun\command - Z:\Info.exe folder.htt 480 480

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cbd3a02c-614f-11dd-a86c-000cf6191d85}]

\Shell\AutoRun\command - I:\InstallTomTomHOME.exe

.

Inhoud van de 'Gedeelde Taken' map

2009-12-22 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

2010-03-20 c:\windows\Tasks\Google Software Updater.job

- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-07-26 09:45]

2010-03-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-03 20:22]

2010-03-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-03 20:22]

.

.

------- Bijkomende Scan -------

.

uStart Page = hxxp://www.spelletjes.nl/index.html

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

uInternet Settings,ProxyOverride = *.local

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000

IE: Verzenden naar &Bluetooth-apparaat... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

DPF: {2E28242B-A689-11D4-80F2-0040266CBB8D} - hxxp://85.144.61.15:8052/kxhcm10.ocx

DPF: {4A026B12-94F3-4D2F-A468-96AA55DE20A5} - hxxp://80.60.206.28:9269/img/NetCamPlayerWeb11g.ocx

DPF: {6E718D87-6909-4FCE-92D4-EDCB2F725727} - hxxp://www.navigram.com/engine/v902/Navigram.cab

DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://game01.zylom.com/activex/zylomgamesplayer.cab

FF - ProfilePath - c:\documents and settings\Lissenberg\Application Data\Mozilla\Firefox\Profiles\xhfzk791.standarduser\

FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1458729&SearchSource=3&q=

FF - prefs.js: browser.startup.homepage - hxxp://www.autoscoops.eu/

FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1715039&SearchSource=2&q=

FF - prefs.js: network.proxy.type - 4

FF - component: c:\documents and settings\Lissenberg\Application Data\Mozilla\Firefox\Profiles\xhfzk791.standarduser\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll

FF - component: c:\documents and settings\Lissenberg\Application Data\Mozilla\Firefox\Profiles\xhfzk791.standarduser\extensions\{93641d63-13a2-4a6e-aa0d-6c604ab4a948}\components\FFExternalAlert.dll

FF - component: c:\documents and settings\Lissenberg\Application Data\Mozilla\Firefox\Profiles\xhfzk791.standarduser\extensions\{93641d63-13a2-4a6e-aa0d-6c604ab4a948}\components\RadioWMPCore.dll

FF - component: c:\documents and settings\Lissenberg\Application Data\Mozilla\Firefox\Profiles\xhfzk791.standarduser\extensions\{9b5f30d5-4624-4a54-a751-251e9a376f85}\components\FFExternalAlert.dll

FF - component: c:\documents and settings\Lissenberg\Application Data\Mozilla\Firefox\Profiles\xhfzk791.standarduser\extensions\{9b5f30d5-4624-4a54-a751-251e9a376f85}\components\RadioWMPCore.dll

FF - component: c:\documents and settings\Lissenberg\Application Data\Mozilla\Firefox\Profiles\xhfzk791.standarduser\extensions\{c75c1584-beb4-466e-9971-a2266feb52b9}\components\FFExternalAlert.dll

FF - component: c:\documents and settings\Lissenberg\Application Data\Mozilla\Firefox\Profiles\xhfzk791.standarduser\extensions\{c75c1584-beb4-466e-9971-a2266feb52b9}\components\RadioWMPCore.dll

FF - component: c:\documents and settings\Lissenberg\Application Data\Mozilla\Firefox\Profiles\xhfzk791.standarduser\extensions\{ddbcc41d-01ea-43cd-ad46-9783464b46a6}\components\FFExternalAlert.dll

FF - component: c:\documents and settings\Lissenberg\Application Data\Mozilla\Firefox\Profiles\xhfzk791.standarduser\extensions\{ddbcc41d-01ea-43cd-ad46-9783464b46a6}\components\RadioWMPCore.dll

FF - component: c:\program files\real\realplayer\browserrecord\firefox\ext\components\nprpffbrowserrecordext.dll

FF - plugin: c:\docume~1\LISSEN~1\APPLIC~1\POWERC~1\nppowerloader.dll

FF - plugin: c:\documents and settings\All Users\Application Data\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll

FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll

FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll

FF - plugin: c:\program files\Google\Update\1.2.183.17\npGoogleOneClick8.dll

FF - plugin: c:\program files\Microsoft Silverlight\2.0.31005.0\npctrl.1.0.21115.0.dll

FF - plugin: c:\program files\Picasa2\npPicasa2.dll

FF - plugin: c:\program files\Picasa2\npPicasa3.dll

FF - plugin: c:\program files\Real\RealArcade\Plugins\Mozilla\npracplug.dll

---- FIREFOX POLICIES ----

c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);

c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");

c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

.

.

------- Bestandsassociaties -------

.

.scr=AutoCADScriptFile

.

- - - - ORPHANS VERWIJDERD - - - -

HKCU-Run-updateMgr - c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe

HKLM-Run-Recguard - c:\windows\SMINST\RECGUARD.EXE

HKLM-Run-NWEReboot - (no file)

Notify-__c002D0F9 - c:\windows\system32\__c002D0F9.dat

AddRemove-Aangifte inkomstenbelasting 2007 - c:\documents and settings\Lissenberg\Mijn documenten\Gerda\Belasting pa\2007\ib2007u.exe

AddRemove-Aangifte inkomstenbelasting 2008 - c:\documents and settings\Lissenberg\Mijn documenten\Gerda\Belasting pa\2008 belasting\2008\ib2008u.exe

AddRemove-Huur- en zorgtoeslag 2008 - c:\documents and settings\Lissenberg\Mijn documenten\Gerda\Belasting pa\2008 huurtoeslag\2008\hz2008u.exe

AddRemove-Huur- en zorgtoeslag 2009 - c:\documents and settings\Lissenberg\Mijn documenten\Gerda\Belasting pa\2009 huurtoeslag\2009\hz2009u.exe

AddRemove-Kinderopvangtoeslag 2008 - c:\documents and settings\Lissenberg\Mijn documenten\Gerda\Kinderopvang\2008\ko2008u.exe

AddRemove-Kinderopvangtoeslag 2009 - c:\documents and settings\Lissenberg\Mijn documenten\Gerda\Kinderopvang\2009\ko2009u.exe

AddRemove-Kinderopvangtoeslag 2010 - c:\documents and settings\Lissenberg\Mijn documenten\Gerda\Kinderopvang\2010\ko2010u.exe

AddRemove-Kindertoeslag 2008 - c:\documents and settings\Lissenberg\Mijn documenten\Gerda\Kinderopvang\2008\kt2008u.exe

AddRemove-LocTypeGMv2-1 - c:\program files\Microsoft Games\Train Simulator\TRAINS\Uninstal.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-03-20 13:08

Windows 5.1.2600 Service Pack 3 NTFS

scannen van verborgen processen ...

scannen van verborgen autostart items ...

scannen van verborgen bestanden ...

Scan succesvol afgerond

verborgen bestanden: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully

user: MBR read successfully

called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x86F6946E]<<

kernel: MBR read successfully

detected MBR rootkit hooks:

\Driver\Disk -> CLASSPNP.SYS @ 0xf755ff28

\Driver\ACPI -> ACPI.sys @ 0xf7371cb8

\Driver\atapi -> atapi.sys @ 0xf7311852

IoDeviceObjectType -> ParseProcedure -> ntkrnlpa.exe @ 0x805827e8

\Device\Harddisk0\DR0 -> ParseProcedure -> ntkrnlpa.exe @ 0x805827e8

NDIS: Sitecom Wireless Network PCI Adapter 54G WL-115v2 -> SendCompleteHandler -> NDIS.sys @ 0xf71dab0a

PacketIndicateHandler -> NDIS.sys @ 0xf71e5a21

SendHandler -> NDIS.sys @ 0xf71da949

user & kernel MBR OK

malicious code @ sector 0x1d383773 size 0x1b5 !

copy of MBR has been found in sector 62 !

PE file found in sector at 0x01D383773 !

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{DEF85C80-216A-43ab-AF70-1665EDBE2780}]

"ImagePath"="\??\c:\windows\TEMP\6D1.tmp"

.

--------------------- DLLs Geladen Onder Lopende Processen ---------------------

- - - - - - - > 'explorer.exe'(3912)

c:\program files\ScanSoft\OmniPageSE4.0\OpHookSE4.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\btncopy.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

------------------------ Andere Aktieve Processen ------------------------

.

c:\program files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe

c:\program files\Bonjour\mDNSResponder.exe

c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe

c:\program files\Java\jre6\bin\jqs.exe

c:\windows\system32\nvsvc32.exe

c:\windows\system32\Tablet.exe

c:\program files\Canon\CAL\CALMAIN.exe

c:\windows\system32\Tablet.exe

c:\windows\system32\RUNDLL32.EXE

c:\windows\RTHDCPL.EXE

c:\windows\system32\rundll32.exe

c:\program files\iPod\bin\iPodService.exe

c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

.

**************************************************************************

.

Voltooingstijd: 2010-03-20 13:19:36 - machine werd herstart

ComboFix-quarantined-files.txt 2010-03-20 12:19

Pre-Run: 140.127.064.064 bytes beschikbaar

Post-Run: 181.810.556.928 bytes beschikbaar

WindowsXP-KB310994-SP2-Home-BootDisk-NLD.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn

- - End Of File - - 508A4078A7C699BEEE422AB2DC10C02F

Voorzover alvast bedankt!:adore:

Wat moet ik verder nog doen?

Link naar reactie
Delen op andere sites
kape Grootmeester

kape

Geplaatst:
Geplaatst:

Combofix heeft al een behoorlijke berg rotzooi opgeruimd. Dit mag je nu nog doen :

Open een kladblokbestand.

Kopieer en plak daarin de onderstaande vetgedrukte tekst.

File::

c:\windows\TEMP\6D1.tmp

c:\windows\system32\drivers\qfeytu.sys

c:\documents and settings\Lissenberg\Local Settings\Application Data\2303671498.dll

c:\documents and settings\All Users\Application Data\avG\vma.exe

c:\documents and settings\All Users\Application Data\avG\av.exe

c:\documents and settings\All Users\Application Data\avG

c:\documents and settings\All Users\Application Data\avG\MSASCui.exe

c:\documents and settings\All Users\Application Data\avG\ave.exe

c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\vma.exe

c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\ave.exe

c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\av.exe

c:\documents and settings\All Users\Application Data\MSASCui.exe

c:\documents and settings\Lissenberg\Local Settings\Application Data\avG

Driver::

kceoarvta

{DEF85C80-216A-43ab-AF70-1665EDBE2780}

Registry::

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\Z]

Sla dit bestand op je bureaublad op als CFScript.txt.

Sleep CFScript.txt in ComboFix.exe

Dit zal ComboFix doen herstarten. Start opnieuw op als dat gevraagd wordt.

Post na herstart de inhoud van de Combofix.txt in je volgende bericht samen met een nieuw logje van HijackThis.

Link naar reactie
Delen op andere sites
The Lis 1 Bijdrager

The Lis 1

Geplaatst:
  • Auteur
Geplaatst: (aangepast)

Heren,

Hierbij het Combofix-logbestand

ComboFix 10-03-20.01 - Lissenberg 20-03-2010 23:24:59.3.2 - x86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.31.1043.18.1023.654 [GMT 1:00]

Gestart vanuit: c:\documents and settings\Lissenberg\Bureaublad\123456.exe

gebruikte Opdracht switches :: c:\documents and settings\Lissenberg\Bureaublad\CFScript.txt

FILE ::

"c:\documents and settings\All Users\Application Data\avG"

"c:\documents and settings\All Users\Application Data\avG\av.exe"

"c:\documents and settings\All Users\Application Data\avG\ave.exe"

"c:\documents and settings\All Users\Application Data\avG\MSASCui.exe"

"c:\documents and settings\All Users\Application Data\avG\vma.exe"

"c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\av.exe"

"c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\ave.exe"

"c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\vma.exe"

"c:\documents and settings\All Users\Application Data\MSASCui.exe"

"c:\documents and settings\Lissenberg\Local Settings\Application Data\2303671498.dll"

"c:\documents and settings\Lissenberg\Local Settings\Application Data\avG"

"c:\windows\system32\drivers\qfeytu.sys"

"c:\windows\TEMP\6D1.tmp"

.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\documents and settings\All Users\Application Data\avG\av.exe

c:\documents and settings\All Users\Application Data\avG\ave.exe

c:\documents and settings\All Users\Application Data\avG\MSASCui.exe

c:\documents and settings\All Users\Application Data\avG\vma.exe

c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\av.exe

c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\ave.exe

c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\vma.exe

c:\documents and settings\All Users\Application Data\MSASCui.exe

c:\documents and settings\Lissenberg\Local Settings\Application Data\2303671498.dll

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

-------\Legacy_KCEOARVTA

-------\Legacy_{DEF85C80-216A-43AB-AF70-1665EDBE2780}

-------\Service_{DEF85C80-216A-43ab-AF70-1665EDBE2780}

-------\Service_kceoarvta

(((((((((((((((((((( Bestanden Gemaakt van 2010-02-20 to 2010-03-20 ))))))))))))))))))))))))))))))

.

2010-03-20 12:04 . 2008-04-14 17:02 39424 ----a-w- c:\windows\system32\grpconv.exe

2010-03-19 17:48 . 2010-03-19 17:48 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Mozilla

2010-03-19 17:45 . 2010-03-19 17:45 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache

2010-03-17 13:50 . 2010-03-20 22:37 -------- d-----w- c:\documents and settings\All Users\Application Data\avG

2010-03-17 13:48 . 2010-03-17 13:50 -------- d-----w- c:\documents and settings\Lissenberg\Local Settings\Application Data\avG

2010-03-15 21:19 . 2010-02-02 20:37 52224 ----a-w- c:\documents and settings\Lissenberg\Application Data\Mozilla\Firefox\Profiles\xhfzk791.standarduser\extensions\{93641d63-13a2-4a6e-aa0d-6c604ab4a948}\components\FFExternalAlert.dll

2010-03-15 21:19 . 2010-02-02 20:37 101376 ----a-w- c:\documents and settings\Lissenberg\Application Data\Mozilla\Firefox\Profiles\xhfzk791.standarduser\extensions\{93641d63-13a2-4a6e-aa0d-6c604ab4a948}\components\RadioWMPCore.dll

2010-03-15 21:19 . 2010-02-02 20:37 52224 ----a-w- c:\documents and settings\Lissenberg\Application Data\Mozilla\Firefox\Profiles\xhfzk791.standarduser\extensions\{c75c1584-beb4-466e-9971-a2266feb52b9}\components\FFExternalAlert.dll

2010-03-15 21:19 . 2010-02-02 20:37 52224 ----a-w- c:\documents and settings\Lissenberg\Application Data\Mozilla\Firefox\Profiles\xhfzk791.standarduser\extensions\{ddbcc41d-01ea-43cd-ad46-9783464b46a6}\components\FFExternalAlert.dll

2010-03-15 21:19 . 2010-02-02 20:37 101376 ----a-w- c:\documents and settings\Lissenberg\Application Data\Mozilla\Firefox\Profiles\xhfzk791.standarduser\extensions\{ddbcc41d-01ea-43cd-ad46-9783464b46a6}\components\RadioWMPCore.dll

2010-03-15 21:19 . 2010-02-02 20:37 101376 ----a-w- c:\documents and settings\Lissenberg\Application Data\Mozilla\Firefox\Profiles\xhfzk791.standarduser\extensions\{c75c1584-beb4-466e-9971-a2266feb52b9}\components\RadioWMPCore.dll

2010-03-15 21:19 . 2010-02-02 20:37 52224 ----a-w- c:\documents and settings\Lissenberg\Application Data\Mozilla\Firefox\Profiles\xhfzk791.standarduser\extensions\{9b5f30d5-4624-4a54-a751-251e9a376f85}\components\FFExternalAlert.dll

2010-03-15 21:19 . 2010-02-02 20:37 101376 ----a-w- c:\documents and settings\Lissenberg\Application Data\Mozilla\Firefox\Profiles\xhfzk791.standarduser\extensions\{9b5f30d5-4624-4a54-a751-251e9a376f85}\components\RadioWMPCore.dll

2010-03-12 21:40 . 2009-12-16 13:42 872960 ----a-w- c:\documents and settings\Lissenberg\Application Data\Mozilla\Firefox\Profiles\xhfzk791.standarduser\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll

2010-03-12 21:40 . 2009-12-16 13:42 43008 ----a-w- c:\documents and settings\Lissenberg\Application Data\Mozilla\Firefox\Profiles\xhfzk791.standarduser\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbarloader.dll

2010-03-12 21:40 . 2009-12-16 13:42 340480 ----a-w- c:\documents and settings\Lissenberg\Application Data\Mozilla\Firefox\Profiles\xhfzk791.standarduser\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff2.dll

2010-03-12 21:40 . 2009-12-16 13:41 346624 ----a-w- c:\documents and settings\Lissenberg\Application Data\Mozilla\Firefox\Profiles\xhfzk791.standarduser\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff3.dll

2010-03-12 14:40 . 2009-10-23 15:28 3558912 -c----w- c:\windows\system32\dllcache\moviemk.exe

2010-03-10 17:54 . 2010-02-12 10:03 293376 ------w- c:\windows\system32\browserchoice.exe

2010-03-07 22:58 . 2010-03-07 22:58 -------- d-----w- c:\documents and settings\Lissenberg\Application Data\Likno Software

2010-03-07 11:25 . 2010-03-07 11:25 -------- d-----w- c:\program files\CoffeeCup Software

2010-03-05 16:09 . 2010-03-05 16:11 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Temp

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-03-20 22:14 . 2008-02-06 19:46 -------- d-----w- c:\documents and settings\Lissenberg\Application Data\WTablet

2010-03-20 22:14 . 2008-05-17 15:45 -------- d-----w- c:\program files\Panda Security

2010-03-20 22:13 . 2006-10-14 10:34 12 ----a-w- c:\windows\bthservsdp.dat

2010-03-20 22:08 . 2004-08-04 19:00 69614 ----a-w- c:\windows\system32\perfc013.dat

2010-03-20 22:08 . 2004-08-04 19:00 442318 ----a-w- c:\windows\system32\perfh013.dat

2010-03-20 22:04 . 2009-06-04 17:35 -------- d-----w- c:\documents and settings\LocalService\Application Data\WTablet

2010-03-20 19:56 . 2008-05-05 20:18 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater

2010-03-20 14:36 . 2009-07-24 20:22 -------- d-----w- c:\program files\Mozilla Thunderbird

2010-03-19 17:53 . 2010-03-19 17:44 96264 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

2010-03-17 17:59 . 2010-03-17 17:59 12 ----a-w- c:\documents and settings\LocalService\Application Data\zxcdyt.dat

2010-03-17 13:08 . 2010-03-17 13:07 16 ----a-w- c:\windows\system32\config\systemprofile\Application Data\zxcdyt.dat

2010-03-15 20:01 . 2008-11-21 12:46 -------- d-----w- c:\documents and settings\Lissenberg\Application Data\Belastingdienst

2010-03-14 18:35 . 2008-02-03 11:12 -------- d-----w- c:\program files\Hema Album Software Advanced

2010-03-05 21:53 . 2006-02-25 16:20 96264 ----a-w- c:\documents and settings\Lissenberg\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

2010-02-04 18:23 . 2010-02-04 18:23 -------- d-----w- c:\program files\RadioXpi

2010-02-03 20:28 . 2008-03-23 18:57 -------- d-----w- c:\program files\e frontier

2010-01-29 16:01 . 2010-01-29 16:01 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard

2010-01-29 13:59 . 2010-01-29 13:59 61440 ----a-w- c:\documents and settings\Lissenberg\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-52f976af-n\decora-sse.dll

2010-01-29 13:59 . 2010-01-29 13:59 503808 ----a-w- c:\documents and settings\Lissenberg\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-14ecc3ba-n\msvcp71.dll

2010-01-29 13:59 . 2010-01-29 13:59 499712 ----a-w- c:\documents and settings\Lissenberg\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-14ecc3ba-n\jmc.dll

2010-01-29 13:59 . 2010-01-29 13:59 348160 ----a-w- c:\documents and settings\Lissenberg\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-14ecc3ba-n\msvcr71.dll

2010-01-29 13:59 . 2010-01-29 13:59 12800 ----a-w- c:\documents and settings\Lissenberg\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-52f976af-n\decora-d3d.dll

2010-01-20 18:23 . 2006-03-01 20:10 -------- d-----w- c:\program files\Common Files\Java

2010-01-20 18:11 . 2010-01-20 18:11 61440 ----a-w- c:\documents and settings\Lissenberg\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\759e98ee-1036899a-n\decora-sse.dll

2010-01-20 18:11 . 2010-01-20 18:11 503808 ----a-w- c:\documents and settings\Lissenberg\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\759e98ee-1036899a-n\msvcp71.dll

2010-01-20 18:11 . 2010-01-20 18:11 499712 ----a-w- c:\documents and settings\Lissenberg\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\759e98ee-1036899a-n\jmc.dll

2010-01-20 18:11 . 2010-01-20 18:11 348160 ----a-w- c:\documents and settings\Lissenberg\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\759e98ee-1036899a-n\msvcr71.dll

2010-01-20 18:11 . 2010-01-20 18:11 12800 ----a-w- c:\documents and settings\Lissenberg\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\759e98ee-1036899a-n\decora-d3d.dll

2010-01-20 18:11 . 2010-01-20 18:11 315392 ----a-w- c:\documents and settings\Lissenberg\Application Data\Sun\Java\Deployment\SystemCache\6.0\62\6baea4fe-69b74a07-n\jogl.dll

2010-01-20 18:11 . 2010-01-20 18:11 20480 ----a-w- c:\documents and settings\Lissenberg\Application Data\Sun\Java\Deployment\SystemCache\6.0\62\6baea4fe-69b74a07-n\jogl_awt.dll

2010-01-20 18:11 . 2010-01-20 18:11 114688 ----a-w- c:\documents and settings\Lissenberg\Application Data\Sun\Java\Deployment\SystemCache\6.0\62\6baea4fe-69b74a07-n\jogl_cg.dll

2010-01-20 18:11 . 2010-01-20 18:11 20480 ----a-w- c:\documents and settings\Lissenberg\Application Data\Sun\Java\Deployment\SystemCache\6.0\45\4f710eed-1b11edc1-n\gluegen-rt.dll

2010-01-20 18:11 . 2006-03-01 20:11 -------- d-----w- c:\program files\Java

2009-12-31 16:50 . 2004-08-04 12:00 353792 ----a-w- c:\windows\system32\drivers\srv.sys

2009-12-30 01:03 . 2010-01-05 18:22 52224 ----a-w- c:\documents and settings\Lissenberg\Application Data\Mozilla\Firefox\Profiles\xhfzk791.standarduser\extensions\{40dc9053-cbc0-471e-858b-33dd24acad76}\components\FFExternalAlert.dll

2009-12-30 01:03 . 2010-01-05 18:22 101376 ----a-w- c:\documents and settings\Lissenberg\Application Data\Mozilla\Firefox\Profiles\xhfzk791.standarduser\extensions\{40dc9053-cbc0-471e-858b-33dd24acad76}\components\RadioWMPCore.dll

2009-12-21 19:10 . 2004-08-04 19:00 916480 ------w- c:\windows\system32\wininet.dll

2006-09-27 14:15 . 2006-09-27 14:18 774144 ----a-w- c:\program files\RngInterstitial.dll

2006-12-31 18:16 . 2006-12-31 17:36 80 --sh--r- c:\windows\system32\2913CD5CC8.dll

.

------- Sigcheck -------

[7] 2008-04-13 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\atapi.sys

[-] 2008-04-13 18:40 . DCA09858A68034ACF2885CC7DB072D3F . 96512 . . [------] . . c:\windows\system32\drivers\atapi.sys

[7] 2004-08-03 . CDFE4411A69C224BD1D11B2DA92DAC51 . 95360 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\atapi.sys

.

((((((((((((((((((((((((((((( SnapShot@2010-03-20_12.09.08 )))))))))))))))))))))))))))))))))))))))))

.

+ 2010-03-20 22:14 . 2010-03-20 22:14 16384 c:\windows\temp\Perflib_Perfdata_18c.dat

+ 2004-08-04 19:00 . 2010-03-20 22:08 52900 c:\windows\system32\perfc009.dat

- 2004-08-04 19:00 . 2010-02-01 12:05 52900 c:\windows\system32\perfc009.dat

+ 2004-08-04 19:00 . 2010-03-20 22:08 380486 c:\windows\system32\perfh009.dat

- 2004-08-04 19:00 . 2010-02-01 12:05 380486 c:\windows\system32\perfh009.dat

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-20 68856]

"TomTomHOME.exe"="c:\program files\TomTom HOME 2\TomTomHOMERunner.exe" [2009-04-08 251240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-11-11 7311360]

"nwiz"="nwiz.exe" [2005-11-11 1519616]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2005-11-11 86016]

"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]

"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 32768]

"RTHDCPL"="RTHDCPL.EXE" [2005-10-14 14864384]

"EPSON Stylus Photo R220 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIAIE.EXE" [2005-03-09 98304]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2006-06-14 278528]

"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]

"EPSON Stylus Photo R220 Netwerk"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIAIE.EXE" [2005-03-09 98304]

"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-09-28 185896]

"OpwareSE4"="c:\program files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" [2006-10-11 75304]

"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Elements 5.0\apdproxy.exe" [2006-09-14 61440]

"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2007-03-29 624248]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-05-27 413696]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]

"EPSON Stylus Photo R220 Netwerkprinter"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIAIE.EXE" [2005-03-09 98304]

"EPSON Stylus Photo R220 via netwerk"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIAIE.EXE" [2005-03-09 98304]

"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-09-10 198160]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-01-11 246504]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\

AutoCAD Startup Accelerator.lnk - c:\program files\Common Files\Autodesk Shared\acstart16.exe [2004-2-25 10872]

BTTray.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-1-5 618557]

Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

"EditLevel"= 0 (0x0)

"NoCommonGroups"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

"DisableNotifications"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\Common Files\\Adobe\\Adobe Version Cue CS3\\Server\\bin\\VersionCueCS3.exe"=

"c:\\Program Files\\Real\\realplayer\\realplay.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"3703:TCP"= 3703:TCP:Adobe Version Cue CS3 Server

"3704:TCP"= 3704:TCP:Adobe Version Cue CS3 Server

"50900:TCP"= 50900:TCP:Adobe Version Cue CS3 Server

"50901:TCP"= 50901:TCP:Adobe Version Cue CS3 Server

R2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [8-4-2009 11:38 92008]

S2 gupdate1c9863d304d7c22;Google Update Service (gupdate1c9863d304d7c22);c:\program files\Google\Update\GoogleUpdate.exe [3-2-2009 21:22 133104]

.

Inhoud van de 'Gedeelde Taken' map

2009-12-22 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

2010-03-20 c:\windows\Tasks\Google Software Updater.job

- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-07-26 09:45]

2010-03-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-03 20:22]

2010-03-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-03 20:22]

.

.

------- Bijkomende Scan -------

.

uStart Page = hxxp://www.spelletjes.nl/index.html

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

uInternet Settings,ProxyOverride = *.local

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000

IE: Verzenden naar &Bluetooth-apparaat... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

DPF: {2E28242B-A689-11D4-80F2-0040266CBB8D} - hxxp://85.144.61.15:8052/kxhcm10.ocx

DPF: {4A026B12-94F3-4D2F-A468-96AA55DE20A5} - hxxp://80.60.206.28:9269/img/NetCamPlayerWeb11g.ocx

DPF: {6E718D87-6909-4FCE-92D4-EDCB2F725727} - hxxp://www.navigram.com/engine/v902/Navigram.cab

DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://game01.zylom.com/activex/zylomgamesplayer.cab

FF - ProfilePath - c:\documents and settings\Lissenberg\Application Data\Mozilla\Firefox\Profiles\xhfzk791.standarduser\

FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1458729&SearchSource=3&q=

FF - prefs.js: browser.startup.homepage - hxxp://www.autoscoops.eu/

FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1715039&SearchSource=2&q=

FF - prefs.js: network.proxy.type - 4

FF - component: c:\documents and settings\Lissenberg\Application Data\Mozilla\Firefox\Profiles\xhfzk791.standarduser\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll

FF - component: c:\documents and settings\Lissenberg\Application Data\Mozilla\Firefox\Profiles\xhfzk791.standarduser\extensions\{93641d63-13a2-4a6e-aa0d-6c604ab4a948}\components\FFExternalAlert.dll

FF - component: c:\documents and settings\Lissenberg\Application Data\Mozilla\Firefox\Profiles\xhfzk791.standarduser\extensions\{93641d63-13a2-4a6e-aa0d-6c604ab4a948}\components\RadioWMPCore.dll

FF - component: c:\documents and settings\Lissenberg\Application Data\Mozilla\Firefox\Profiles\xhfzk791.standarduser\extensions\{9b5f30d5-4624-4a54-a751-251e9a376f85}\components\FFExternalAlert.dll

FF - component: c:\documents and settings\Lissenberg\Application Data\Mozilla\Firefox\Profiles\xhfzk791.standarduser\extensions\{9b5f30d5-4624-4a54-a751-251e9a376f85}\components\RadioWMPCore.dll

FF - component: c:\documents and settings\Lissenberg\Application Data\Mozilla\Firefox\Profiles\xhfzk791.standarduser\extensions\{c75c1584-beb4-466e-9971-a2266feb52b9}\components\FFExternalAlert.dll

FF - component: c:\documents and settings\Lissenberg\Application Data\Mozilla\Firefox\Profiles\xhfzk791.standarduser\extensions\{c75c1584-beb4-466e-9971-a2266feb52b9}\components\RadioWMPCore.dll

FF - component: c:\documents and settings\Lissenberg\Application Data\Mozilla\Firefox\Profiles\xhfzk791.standarduser\extensions\{ddbcc41d-01ea-43cd-ad46-9783464b46a6}\components\FFExternalAlert.dll

FF - component: c:\documents and settings\Lissenberg\Application Data\Mozilla\Firefox\Profiles\xhfzk791.standarduser\extensions\{ddbcc41d-01ea-43cd-ad46-9783464b46a6}\components\RadioWMPCore.dll

FF - component: c:\program files\real\realplayer\browserrecord\firefox\ext\components\nprpffbrowserrecordext.dll

FF - plugin: c:\docume~1\LISSEN~1\APPLIC~1\POWERC~1\nppowerloader.dll

FF - plugin: c:\documents and settings\All Users\Application Data\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll

FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll

FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll

FF - plugin: c:\program files\Google\Update\1.2.183.17\npGoogleOneClick8.dll

FF - plugin: c:\program files\Microsoft Silverlight\2.0.31005.0\npctrl.1.0.21115.0.dll

FF - plugin: c:\program files\Picasa2\npPicasa2.dll

FF - plugin: c:\program files\Picasa2\npPicasa3.dll

FF - plugin: c:\program files\Real\RealArcade\Plugins\Mozilla\npracplug.dll

---- FIREFOX POLICIES ----

c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);

c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");

c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover

Rootkit scan 2010-03-20 23:38

Windows 5.1.2600 Service Pack 3 NTFS

scannen van verborgen processen ...

scannen van verborgen autostart items ...

scannen van verborgen bestanden ...

Scan succesvol afgerond

verborgen bestanden: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, GMER - Rootkit Detector and Remover

device: opened successfully

user: MBR read successfully

called modules: ntkrnlpa.exe catchme.sys CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x86F4746E]<<

kernel: MBR read successfully

detected MBR rootkit hooks:

\Driver\Disk -> CLASSPNP.SYS @ 0xf755ff28

\Driver\ACPI -> ACPI.sys @ 0xf7371cb8

\Driver\atapi -> atapi.sys @ 0xf7311852

IoDeviceObjectType -> ParseProcedure -> ntkrnlpa.exe @ 0x805827e8

\Device\Harddisk0\DR0 -> ParseProcedure -> ntkrnlpa.exe @ 0x805827e8

NDIS: Sitecom Wireless Network PCI Adapter 54G WL-115v2 -> SendCompleteHandler -> NDIS.sys @ 0xf71dab0a

PacketIndicateHandler -> NDIS.sys @ 0xf71e5a21

SendHandler -> NDIS.sys @ 0xf71da949

user & kernel MBR OK

malicious code @ sector 0x1d383773 size 0x1b5 !

copy of MBR has been found in sector 62 !

PE file found in sector at 0x01D383773 !

**************************************************************************

.

Voltooingstijd: 2010-03-20 23:44:38

ComboFix-quarantined-files.txt 2010-03-20 22:44

ComboFix2.txt 2010-03-20 12:19

Pre-Run: 181.523.402.752 bytes beschikbaar

Post-Run: 181.494.177.792 bytes beschikbaar

- - End Of File - - 2DBD20DC9A6188538676844DC82FB418

---------- Post toegevoegd om 00:23 ---------- Vorige post was om 00:12 ----------

En daarna ook het HijackThis-logbestand (heb ik moeten knippen):
Logfile of Trend Micro HijackThis v2.0.3 (BETA)

Scan saved at 23:50:06, on 20-3-2010

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\SYSTEM32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\Tablet.exe

C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe

C:\Program Files\Canon\CAL\CALMAIN.exe

C:\WINDOWS\system32\WTablet\TabUserW.exe

C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe

C:\WINDOWS\RTHDCPL.EXE

C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAIE.EXE

C:\Program Files\iTunes\iTunesHelper.exe

C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAIE.EXE

C:\WINDOWS\system32\Tablet.exe

C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe

C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe

C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAIE.EXE

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe

C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\explorer.exe

C:\WINDOWS\system32\msiexec.exe

C:\Program Files\TrendMicro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.spelletjes.nl/index.html

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen

O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll

O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll

O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll

O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll

O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [EPSON Stylus Photo R220 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAIE.EXE /P30 "EPSON Stylus Photo R220 Series" /O6 "USB001" /M "Stylus Photo R220"

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent

O4 - HKLM\..\Run: [EPSON Stylus Photo R220 Netwerk] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAIE.EXE /P31 "EPSON Stylus Photo R220 Netwerk" /O6 "USB001" /M "Stylus Photo R220"

O4 - HKLM\..\Run: [sSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot

O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe"

O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Elements 5.0\apdproxy.exe"

O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"

O4 - HKLM\..\Run: [Adobe_ID0EYTHM] C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [EPSON Stylus Photo R220 Netwerkprinter] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAIE.EXE /P38 "EPSON Stylus Photo R220 Netwerkprinter" /O5 "LPT1:" /M "Stylus Photo R220"

O4 - HKLM\..\Run: [EPSON Stylus Photo R220 via netwerk] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAIE.EXE /P35 "EPSON Stylus Photo R220 via netwerk" /O5 "LPT1:" /M "Stylus Photo R220"

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe"

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart16.exe

O4 - Global Startup: BTTray.lnk = ?

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200

O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

O8 - Extra context menu item: Verzenden naar &Bluetooth-apparaat... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

Heren, ik krijg op een of andere manier het restant van het HJT-logbestand niet niet verstuurd via een nieuw antwoord of een nieuwe discussie. Iemand een idee?
aangepast door Thelis
even quote van gemaakt! & opmerking onderaan toegevoegd!
Link naar reactie
Delen op andere sites
Gast
Dit topic is nu gesloten voor nieuwe reacties.
 Delen
Ga naar topic overzicht
Logo

OVER ONS

PC Helpforum helpt GRATIS computergebruikers sinds juli 2006. Ons team geeft via het forum professioneel antwoord op uw vragen en probeert uw pc problemen zo snel mogelijk op te lossen. Word lid vandaag, plaats je vraag online en het PC Helpforum-team helpt u graag verder!

SITEMAP

×
×
  • Nieuwe aanmaken...

Belangrijke informatie

We hebben cookies geplaatst op je toestel om deze website voor jou beter te kunnen maken. Je kunt de cookie instellingen aanpassen, anders gaan we er van uit dat het goed is om verder te gaan.