Ga naar inhoud

Elitejuser

Lid
 Bekijk profiel  Bekijk hun activiteit

  • Items

    97

  • Registratiedatum

  • Laatst bezocht

 Inhoudstype 

Alles dat geplaatst werd door Elitejuser

  1. Elitejuser
    In AuthorizedApplications zit bij mij geen Services :S
  2. Elitejuser
    Hoe doorzoek ik het register snel, is nogal een lange lijst (en zag AuthorizedApplications niet bij de A's, dus het zit in een van de mapjes die daar staan)
  3. Elitejuser
    "Kan services niet verwijderen. Het is door iemand anders of door een programma in gebruik. Sluit alle programma's die het bestand mogelijk in gebruik kunnen hebben en probeer het opnieuw."
  4. Elitejuser
    Hoe haal ik die daar juist weg?
  5. Elitejuser
    En Download Java Runtime Environment (JRE) 6u4. Scroll omlaag naar : "Java Runtime Environment (JRE) 6u4". Klik op de "Download" knop aan de rechterkant. In het uitklapmenu rechts naast Platform, selecteer “Windows”. Vink aan: "I agree to the Java SE Runtime Environment 6 License Agreement", en klik op “Continue”. De pagina zal herladen. Klik op de jre-6u4-windows-i586-p.exe link ONDER Windows Offline Installation en bewaar het naar je Bureaublad. Sluit alle programma's die eventueel open zijn, zeker je webbrowser. Ga dan naar Start -> Configuratiescherm -> Software en verwijder alle oudere versies van Java uit de Softwarelijst. Vink alles aan met Java Runtime Environment (JRE of J2SE) in de naam. Klik dan op “Verwijderen” of op de “Wijzig/Verwijder” knop. Herhaal dit tot alle oudere versies verdwenen zijn. Na het verwijderen van alle oudere versies, herstart je pc. Dubbelklik vervolgens op jre-6u4-windows-i586-p.exe op je Bureaublad om de nieuwste versie van Java te installeren. is een beetje outdated geloof ik (er is al een 6u5 onder andere)
  6. Elitejuser
    Ben bezig met CCleaner, maar AVG blijft Trojans oppikken :S
  7. Elitejuser
    Die Trojans blijven nogtans komen :S Er zitten ook (ik merk het nu pas op) 2 rare bestanden in "Mijn afbeeldingen" Maar ik zal eerst even je "plannetje" volgen (zie je vorige post) en dan zullen ze waarschijnlijk weg zijn?
  8. Elitejuser
    Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 17:53:14, on 8-3-2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16608) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe C:\WINDOWS\RTHDCPL.EXE C:\WINDOWS\system32\LVCOMSX.EXE C:\Program Files\iTunes\iTunesHelper.exe C:\program files\valve\steam\steam.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\iPod\bin\iPodService.exe C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe C:\PROGRA~1\Grisoft\AVG7\avgemc.exe C:\PROGRA~1\Grisoft\AVG7\avgcc.exe C:\WINDOWS\explorer.exe C:\WINDOWS\system32\notepad.exe C:\Documents and Settings\Maarten\Mijn documenten\HJT\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = Live Search: R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\DOCUME~1\Maarten\LOCALS~1\Temp\services.exe O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [skyTel] SkyTel.EXE O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [AVG7_CC] "C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" /STARTUP O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKCU\..\Run: [steam] "c:\program files\valve\steam\steam.exe" -silent O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service') O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Lokale service') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm O8 - Extra context menu item: Add to Windows &Live Favorites - Add to Windows Live Favorites O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O16 - DPF: RaptisoftGameLoader - http://www.miniclip.com/games/hamsterball/en/raptisoftgameloader.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {2DA3C4AB-E6B6-47A6-B0F3-1BD81524B51B} (ActiveWorldsDownload Control) - http://www.activeworlds.com/products/ActiveWorldsDownload.cab O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v5.cab O16 - DPF: {BD08A9D5-0E5C-4F42-99A3-C0CB5E860557} (CSolidBrowserObj Object) - http://cdn1.acclaimdownloads.com/solidstateion.cab O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe -- End of file - 6634 bytes ComboFix 08-03-05.1 - Maarten 2008-03-08 17:50:51.6 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.2.1252.32.1043.18.514 [GMT 1:00] Gestart vanuit: C:\Documents and Settings\Maarten\Bureaublad\ComboFix.exe WAARSCHUWING - DE RECOVERY CONSOLE IS NIET OP DIT SYSTEEM GEINSTALLEERD !! . (((((((((((((((((((( Bestanden Gemaakt van 2008-02-08 to 2008-03-08 )))))))))))))))))))))))))))))) . 2008-03-08 16:35 . 2008-03-08 17:31 <DIR> dr-h----- C:\Documents and Settings\Maarten\Onlangs geopend 2008-03-08 15:28 . 2008-03-08 15:28 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\McAfee 2008-03-07 20:40 . 2008-03-07 20:40 <DIR> d-------- C:\Program Files\CCleaner 2008-03-06 10:21 . 2008-03-06 10:21 <DIR> d-------- C:\Documents and Settings\NetworkService\Application Data\Webroot 2008-03-05 18:30 . 2008-03-05 18:30 <DIR> d--h----- C:\WINDOWS\PIF 2008-03-05 16:27 . 2008-03-07 23:06 <DIR> d-------- C:\Program Files\Trend Micro 2008-02-20 15:35 . 2007-10-12 15:14 3,734,536 --a------ C:\WINDOWS\system32\d3dx9_36.dll 2008-02-20 15:34 . 2006-11-29 13:06 3,426,072 --a------ C:\WINDOWS\system32\d3dx9_32.dll 2008-02-20 15:33 . 2008-02-20 15:34 <DIR> d--h----- C:\WINDOWS\msdownld.tmp 2008-02-13 21:32 . 2008-02-13 21:32 <DIR> d-------- C:\Program Files\Rockstar Games 2008-02-13 21:32 . 2008-02-13 21:32 <DIR> d-------- C:\Program Files\directx 2008-02-13 14:08 . 2008-02-13 14:08 <DIR> d-------- C:\Documents and Settings\Maarten\Application Data\fizzy 2008-02-13 14:07 . 2008-02-13 14:07 <DIR> d--hs---- C:\WINDOWS\ftpcache 2008-02-13 14:07 . 2008-02-13 14:07 <DIR> d-------- C:\Program Files\Fizzy . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-03-08 16:25 --------- d-----w C:\Documents and Settings\Maarten\Application Data\AVG7 2008-03-08 15:25 --------- d-----w C:\Program Files\Windows Live Toolbar 2008-03-08 11:28 --------- d-----w C:\Program Files\Freeciv-2.0.9-gtk2 2008-03-07 21:41 --------- d-----w C:\Program Files\Yahoo! 2008-03-07 19:42 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2008-03-05 15:30 --------- d-----w C:\Program Files\Xvid 2008-03-05 15:30 --------- d-----w C:\Program Files\Windows Media Connect 2 2008-03-05 15:30 --------- d-----w C:\Program Files\Lux 2008-03-05 15:30 --------- d-----w C:\Program Files\LimeWire 2008-03-05 15:30 --------- d-----w C:\Program Files\DivX 2008-03-01 12:09 --------- d-----w C:\Documents and Settings\Maarten\Application Data\LimeWire 2008-02-25 17:01 --------- d-----w C:\Program Files\iTunes 2008-02-25 17:01 --------- d-----w C:\Program Files\iPod 2008-02-25 17:00 --------- d-----w C:\Program Files\QuickTime 2008-02-13 20:32 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-02-09 15:42 --------- d-----w C:\Program Files\Hitman Pro 2008-02-09 12:33 --------- d-----w C:\Program Files\Freeciv-2.1.3-gtk2 . ((((((((((((((((((((((((((((( snapshot@2008-03-05_17.13.22,89 ))))))))))))))))))))))))))))))))))))))))) . - 2007-07-05 10:22:57 16,384 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat + 2008-03-06 21:12:07 16,384 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat - 2007-07-05 10:22:57 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Geschiedenis\History.IE5\index.dat + 2008-03-06 21:12:07 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Geschiedenis\History.IE5\index.dat - 2007-07-05 10:22:57 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat + 2008-03-06 21:12:07 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat - 2007-12-25 13:29:03 58,732 ----a-w C:\WINDOWS\system32\perfc009.dat + 2008-03-07 21:47:50 58,732 ----a-w C:\WINDOWS\system32\perfc009.dat - 2007-12-25 13:29:03 76,786 ----a-w C:\WINDOWS\system32\perfc013.dat + 2008-03-07 21:47:50 76,786 ----a-w C:\WINDOWS\system32\perfc013.dat - 2007-12-25 13:29:03 392,432 ----a-w C:\WINDOWS\system32\perfh009.dat + 2008-03-07 21:47:50 392,432 ----a-w C:\WINDOWS\system32\perfh009.dat - 2007-12-25 13:29:03 455,944 ----a-w C:\WINDOWS\system32\perfh013.dat + 2008-03-07 21:47:50 455,944 ----a-w C:\WINDOWS\system32\perfh013.dat - 2000-08-31 07:00:00 49,152 ----a-w C:\WINDOWS\system32\VFind.exe + 2008-01-03 18:47:58 49,152 ----a-w C:\WINDOWS\system32\VFind.exe . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Steam"="c:\program files\valve\steam\steam.exe" [2007-11-30 15:54 1266936] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2006-03-02 13:00 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RTHDCPL"="RTHDCPL.EXE" [2006-11-14 10:21 16270848 C:\WINDOWS\RTHDCPL.exe] "SkyTel"="SkyTel.EXE" [2006-05-16 11:04 2879488 C:\WINDOWS\SkyTel.exe] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-05 01:41 8523776] "nwiz"="nwiz.exe" [2007-12-05 01:41 1626112 C:\WINDOWS\system32\nwiz.exe] "AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-12-21 12:18 579072] "LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2004-10-08 10:52 221184] "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-12-05 01:41 81920] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-02-19 13:10 267048] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2006-03-02 13:00 15360] "AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2007-10-25 14:56 219136] "msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [ ] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck] C:\WINDOWS\system32\dumprep 0 -k [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoRepair] --a------ 2004-10-08 11:31 458752 C:\Program Files\Logitech\Video\ISStart.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoTray] --a------ 2004-10-08 11:24 217088 C:\Program Files\Logitech\Video\LogiTray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] --a------ 2008-01-31 23:13 385024 C:\Program Files\QuickTime\QTTask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SDTray] --a------ 2007-11-02 17:24 1065800 C:\Program Files\Spyware Doctor\SDTrayApp.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] --a------ 2007-09-25 00:11 132496 C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SW20] -ra------ 2006-01-03 03:58 208896 C:\WINDOWS\system32\sw20.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SW24] -ra------ 2006-01-03 03:59 69632 C:\WINDOWS\system32\sw24.exe [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"= "C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"= "C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"= "C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe"= "C:\\Program Files\\Freeciv-2.0.9-gtk2\\civserver.exe"= "C:\\Program Files\\Valve\\Steam\\SteamApps\\stin0o\\counter-strike\\hl.exe"= "C:\\Program Files\\Valve\\Steam\\SteamApps\\elite_juser\\counter-strike\\hl.exe"= "C:\\Program Files\\SwiftSwitch\\SwiftSwitch.exe"= "C:\\Program Files\\LimeWire\\LimeWire.exe"= "C:\\Program Files\\Valve\\Steam\\SteamApps\\elite_juser\\day of defeat\\hl.exe"= "C:\\Program Files\\Valve\\Steam\\SteamApps\\elite_juser\\ricochet\\hl.exe"= "C:\\Program Files\\Valve\\Steam\\SteamApps\\elite_juser\\deathmatch classic\\hl.exe"= "C:\\Program Files\\The Creative Assembly\\Rome - Total War\\RomeTW.exe"= "C:\\Program Files\\Microsoft Games\\Age of Empires II\\age2_x1\\age2_x1.icd"= "C:\\Program Files\\Valve\\Steam\\Steam.exe"= "C:\\Program Files\\mIRC\\mirc.exe"= "C:\\Program Files\\Valve\\Steam\\SteamApps\\elite_juser\\condition zero\\hl.exe"= "C:\\Program Files\\Valve\\Steam\\SteamApps\\elite_juser\\condition zero deleted scenes\\hl.exe"= "C:\\Program Files\\MAIET\\Gunz\\GunzLauncher.exe"= "C:\\WINDOWS\\system32\\dpnsvr.exe"= "C:\\WINDOWS\\system32\\dxdiag.exe"= "C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE"= "C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"= "C:\\Program Files\\Freeciv-2.1.0-gtk2\\civserver.exe"= "C:\\WINDOWS\\system32\\dplaysvr.exe"= "C:\\Program Files\\Microsoft Games\\Age of Empires II\\age2_x1\\age2_x1.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "C:\\Program Files\\Valve\\Steam\\SteamApps\\elite_juser\\counter-strike source\\hl2.exe"= "C:\\Program Files\\Valve\\Steam\\SteamApps\\elite_juser\\half-life 2 deathmatch\\hl2.exe"= "C:\\Program Files\\Valve\\Steam\\SteamApps\\elite_juser\\day of defeat source\\hl2.exe"= "C:\\Program Files\\Freeciv-2.1.3-gtk2\\civserver.exe"= "C:\\Program Files\\Freeciv-2.0.9-gtk2\\civclient.exe"= "C:\\Program Files\\iTunes\\iTunes.exe"= "C:\\Program Files\\Mozilla Firefox\\firefox.exe"= "C:\\DOCUME~1\\Maarten\\LOCALS~1\\Temp\\services.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "9842:TCP"= 9842:TCP:*:Disabled:SolidNetworkManager "9842:UDP"= 9842:UDP:*:Disabled:SolidNetworkManager R0 videX32;videX32;C:\WINDOWS\system32\DRIVERS\videX32.sys [2006-10-17 13:22] R0 xfilt;VIA SATA IDE Hot-plug Driver;C:\WINDOWS\system32\DRIVERS\xfilt.sys [2006-10-18 10:39] R3 W8100PCI;PLANET WL-8313;C:\WINDOWS\system32\DRIVERS\mrv8k51.sys [2004-01-19 04:09] S3 CrystalSysInfo;CrystalSysInfo;C:\WINDOWS\system32\SysInfo.sys [2005-02-02 18:30] . Inhoud van de 'Gedeelde Taken' map "2008-02-27 11:38:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job" - C:\Program Files\Apple Software Update\SoftwareUpdate.exe "2008-03-08 16:28:01 C:\WINDOWS\Tasks\Controleren op updates voor Windows Live Toolbar.job" - C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE . ************************************************************************** catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-03-08 17:52:30 Windows 5.1.2600 Service Pack 2 NTFS scannen van verborgen processen ... ? [2744] scannen van verborgen autostart items ... scannen van verborgen bestanden ... Scan succesvol afgerond verborgen bestanden: 0 ************************************************************************** . Voltooingstijd: 2008-03-08 17:52:54 ComboFix-quarantined-files.txt 2008-03-08 16:52:52 ComboFix2.txt 2008-03-08 15:30:54 ComboFix3.txt 2008-03-07 22:15:22 ComboFix4.txt 2008-03-05 17:57:35 ComboFix5.txt 2008-03-05 16:42:24 . 2008-02-13 20:56:39 --- E O F ---
  9. Elitejuser
    (Die Trojan Horses zijn tegelijk begonnen met de infectie) Logs komen eraan Voor ComboFix: weer dat kladblok bestand op Combofix gebruiken, of gewoon ineens ComboFix opstarten?
  10. Elitejuser
    Hier is het.
  11. Elitejuser
    Ik maak een nieuwe post + bijlage na het scannen, AVG heeft nog meer gevonden. Ik weet dat wijzigingen zijn; maar ik heb ze niet gemaakt :S
  12. Elitejuser
    Dit vond AVG bij het scannen al na een paar seconden (zie bijlage)
  13. Elitejuser
    Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 16:38:50, on 8-3-2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16608) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe C:\WINDOWS\RTHDCPL.EXE C:\WINDOWS\system32\LVCOMSX.EXE C:\Program Files\iTunes\iTunesHelper.exe C:\program files\valve\steam\steam.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\iPod\bin\iPodService.exe C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe C:\PROGRA~1\Grisoft\AVG7\avgemc.exe C:\PROGRA~1\Grisoft\AVG7\avgcc.exe C:\WINDOWS\system32\notepad.exe C:\WINDOWS\explorer.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Documents and Settings\Maarten\Mijn documenten\HJT\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = Live Search: R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\DOCUME~1\Maarten\LOCALS~1\Temp\services.exe O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [skyTel] SkyTel.EXE O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [AVG7_CC] "C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" /STARTUP O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKCU\..\Run: [steam] "c:\program files\valve\steam\steam.exe" -silent O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service') O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Lokale service') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm O8 - Extra context menu item: Add to Windows &Live Favorites - Add to Windows Live Favorites O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O16 - DPF: RaptisoftGameLoader - http://www.miniclip.com/games/hamsterball/en/raptisoftgameloader.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {2DA3C4AB-E6B6-47A6-B0F3-1BD81524B51B} (ActiveWorldsDownload Control) - http://www.activeworlds.com/products/ActiveWorldsDownload.cab O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v5.cab O16 - DPF: {BD08A9D5-0E5C-4F42-99A3-C0CB5E860557} (CSolidBrowserObj Object) - http://cdn1.acclaimdownloads.com/solidstateion.cab O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe -- End of file - 6680 bytes ComboFix 08-03-05.1 - Maarten 2008-03-08 16:28:43.5 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.2.1252.32.1043.18.545 [GMT 1:00] Gestart vanuit: C:\Documents and Settings\Maarten\Bureaublad\ComboFix.exe Command switches used :: C:\Documents and Settings\Maarten\Bureaublad\CFScript.txt * Nieuw herstelpunt werd aangemaakt WAARSCHUWING - DE RECOVERY CONSOLE IS NIET OP DIT SYSTEEM GEINSTALLEERD !! FILE :: C:\Documents and Settings\Maarten\psulve.exe C:\Documents and Settings\Maarten\pvyufs.exe C:\Documents and Settings\Maarten\xowsmq.exe C:\install.dat C:\WINDOWS\msdownld.tmp C:\WINDOWS\system32\remove.exe C:\WINDOWS\system32\Restart.exe C:\WINDOWS\system32\RVAXO.bat . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Documents and Settings\Maarten\psulve.exe C:\Documents and Settings\Maarten\pvyufs.exe C:\Documents and Settings\Maarten\xowsmq.exe C:\install.dat C:\RVAXO C:\RVAXO\results.log C:\WINDOWS\system32\remove.exe C:\WINDOWS\system32\Restart.exe C:\WINDOWS\system32\RVAXO.bat . (((((((((((((((((((( Bestanden Gemaakt van 2008-02-08 to 2008-03-08 )))))))))))))))))))))))))))))) . 2008-03-08 15:28 . 2008-03-08 15:28 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\McAfee 2008-03-07 20:42 . 2008-03-08 16:27 <DIR> dr-h----- C:\Documents and Settings\Maarten\Onlangs geopend 2008-03-07 20:40 . 2008-03-07 20:40 <DIR> d-------- C:\Program Files\CCleaner 2008-03-06 10:21 . 2008-03-06 10:21 <DIR> d-------- C:\Documents and Settings\NetworkService\Application Data\Webroot 2008-03-05 18:30 . 2008-03-05 18:30 <DIR> d--h----- C:\WINDOWS\PIF 2008-03-05 16:27 . 2008-03-07 23:06 <DIR> d-------- C:\Program Files\Trend Micro 2008-02-20 15:35 . 2007-10-12 15:14 3,734,536 --a------ C:\WINDOWS\system32\d3dx9_36.dll 2008-02-20 15:34 . 2006-11-29 13:06 3,426,072 --a------ C:\WINDOWS\system32\d3dx9_32.dll 2008-02-20 15:33 . 2008-02-20 15:34 <DIR> d--h----- C:\WINDOWS\msdownld.tmp 2008-02-13 21:32 . 2008-02-13 21:32 <DIR> d-------- C:\Program Files\Rockstar Games 2008-02-13 21:32 . 2008-02-13 21:32 <DIR> d-------- C:\Program Files\directx 2008-02-13 14:08 . 2008-02-13 14:08 <DIR> d-------- C:\Documents and Settings\Maarten\Application Data\fizzy 2008-02-13 14:07 . 2008-02-13 14:07 <DIR> d--hs---- C:\WINDOWS\ftpcache 2008-02-13 14:07 . 2008-02-13 14:07 <DIR> d-------- C:\Program Files\Fizzy . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-03-08 15:25 --------- d-----w C:\Program Files\Windows Live Toolbar 2008-03-08 11:28 --------- d-----w C:\Program Files\Freeciv-2.0.9-gtk2 2008-03-08 10:58 --------- d-----w C:\Documents and Settings\Maarten\Application Data\AVG7 2008-03-07 21:41 --------- d-----w C:\Program Files\Yahoo! 2008-03-07 19:42 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2008-03-05 15:30 --------- d-----w C:\Program Files\Xvid 2008-03-05 15:30 --------- d-----w C:\Program Files\Windows Media Connect 2 2008-03-05 15:30 --------- d-----w C:\Program Files\Lux 2008-03-05 15:30 --------- d-----w C:\Program Files\LimeWire 2008-03-05 15:30 --------- d-----w C:\Program Files\DivX 2008-03-01 12:09 --------- d-----w C:\Documents and Settings\Maarten\Application Data\LimeWire 2008-02-25 17:01 --------- d-----w C:\Program Files\iTunes 2008-02-25 17:01 --------- d-----w C:\Program Files\iPod 2008-02-25 17:00 --------- d-----w C:\Program Files\QuickTime 2008-02-13 20:32 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-02-09 15:42 --------- d-----w C:\Program Files\Hitman Pro 2008-02-09 12:33 --------- d-----w C:\Program Files\Freeciv-2.1.3-gtk2 . ((((((((((((((((((((((((((((( snapshot@2008-03-05_17.13.22,89 ))))))))))))))))))))))))))))))))))))))))) . - 2007-07-05 10:22:57 16,384 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat + 2008-03-06 21:12:07 16,384 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat - 2007-07-05 10:22:57 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Geschiedenis\History.IE5\index.dat + 2008-03-06 21:12:07 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Geschiedenis\History.IE5\index.dat - 2007-07-05 10:22:57 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat + 2008-03-06 21:12:07 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat - 2007-12-25 13:29:03 58,732 ----a-w C:\WINDOWS\system32\perfc009.dat + 2008-03-07 21:47:50 58,732 ----a-w C:\WINDOWS\system32\perfc009.dat - 2007-12-25 13:29:03 76,786 ----a-w C:\WINDOWS\system32\perfc013.dat + 2008-03-07 21:47:50 76,786 ----a-w C:\WINDOWS\system32\perfc013.dat - 2007-12-25 13:29:03 392,432 ----a-w C:\WINDOWS\system32\perfh009.dat + 2008-03-07 21:47:50 392,432 ----a-w C:\WINDOWS\system32\perfh009.dat - 2007-12-25 13:29:03 455,944 ----a-w C:\WINDOWS\system32\perfh013.dat + 2008-03-07 21:47:50 455,944 ----a-w C:\WINDOWS\system32\perfh013.dat - 2000-08-31 07:00:00 49,152 ----a-w C:\WINDOWS\system32\VFind.exe + 2008-01-03 18:47:58 49,152 ----a-w C:\WINDOWS\system32\VFind.exe . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Steam"="c:\program files\valve\steam\steam.exe" [2007-11-30 15:54 1266936] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2006-03-02 13:00 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RTHDCPL"="RTHDCPL.EXE" [2006-11-14 10:21 16270848 C:\WINDOWS\RTHDCPL.exe] "SkyTel"="SkyTel.EXE" [2006-05-16 11:04 2879488 C:\WINDOWS\SkyTel.exe] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-05 01:41 8523776] "nwiz"="nwiz.exe" [2007-12-05 01:41 1626112 C:\WINDOWS\system32\nwiz.exe] "AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-12-21 12:18 579072] "LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2004-10-08 10:52 221184] "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-12-05 01:41 81920] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-02-19 13:10 267048] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2006-03-02 13:00 15360] "AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2007-10-25 14:56 219136] "msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [ ] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck] C:\WINDOWS\system32\dumprep 0 -k [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoRepair] --a------ 2004-10-08 11:31 458752 C:\Program Files\Logitech\Video\ISStart.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoTray] --a------ 2004-10-08 11:24 217088 C:\Program Files\Logitech\Video\LogiTray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] --a------ 2008-01-31 23:13 385024 C:\Program Files\QuickTime\QTTask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SDTray] --a------ 2007-11-02 17:24 1065800 C:\Program Files\Spyware Doctor\SDTrayApp.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] --a------ 2007-09-25 00:11 132496 C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SW20] -ra------ 2006-01-03 03:58 208896 C:\WINDOWS\system32\sw20.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SW24] -ra------ 2006-01-03 03:59 69632 C:\WINDOWS\system32\sw24.exe [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"= "C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"= "C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"= "C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe"= "C:\\Program Files\\Freeciv-2.0.9-gtk2\\civserver.exe"= "C:\\Program Files\\Valve\\Steam\\SteamApps\\stin0o\\counter-strike\\hl.exe"= "C:\\Program Files\\Valve\\Steam\\SteamApps\\elite_juser\\counter-strike\\hl.exe"= "C:\\Program Files\\SwiftSwitch\\SwiftSwitch.exe"= "C:\\Program Files\\LimeWire\\LimeWire.exe"= "C:\\Program Files\\Valve\\Steam\\SteamApps\\elite_juser\\day of defeat\\hl.exe"= "C:\\Program Files\\Valve\\Steam\\SteamApps\\elite_juser\\ricochet\\hl.exe"= "C:\\Program Files\\Valve\\Steam\\SteamApps\\elite_juser\\deathmatch classic\\hl.exe"= "C:\\Program Files\\The Creative Assembly\\Rome - Total War\\RomeTW.exe"= "C:\\Program Files\\Microsoft Games\\Age of Empires II\\age2_x1\\age2_x1.icd"= "C:\\Program Files\\Valve\\Steam\\Steam.exe"= "C:\\Program Files\\mIRC\\mirc.exe"= "C:\\Program Files\\Valve\\Steam\\SteamApps\\elite_juser\\condition zero\\hl.exe"= "C:\\Program Files\\Valve\\Steam\\SteamApps\\elite_juser\\condition zero deleted scenes\\hl.exe"= "C:\\Program Files\\MAIET\\Gunz\\GunzLauncher.exe"= "C:\\WINDOWS\\system32\\dpnsvr.exe"= "C:\\WINDOWS\\system32\\dxdiag.exe"= "C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE"= "C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"= "C:\\Program Files\\Freeciv-2.1.0-gtk2\\civserver.exe"= "C:\\WINDOWS\\system32\\dplaysvr.exe"= "C:\\Program Files\\Microsoft Games\\Age of Empires II\\age2_x1\\age2_x1.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "C:\\Program Files\\Valve\\Steam\\SteamApps\\elite_juser\\counter-strike source\\hl2.exe"= "C:\\Program Files\\Valve\\Steam\\SteamApps\\elite_juser\\half-life 2 deathmatch\\hl2.exe"= "C:\\Program Files\\Valve\\Steam\\SteamApps\\elite_juser\\day of defeat source\\hl2.exe"= "C:\\Program Files\\Freeciv-2.1.3-gtk2\\civserver.exe"= "C:\\Program Files\\Freeciv-2.0.9-gtk2\\civclient.exe"= "C:\\Program Files\\iTunes\\iTunes.exe"= "C:\\Program Files\\Mozilla Firefox\\firefox.exe"= "C:\\DOCUME~1\\Maarten\\LOCALS~1\\Temp\\services.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "9842:TCP"= 9842:TCP:*:Disabled:SolidNetworkManager "9842:UDP"= 9842:UDP:*:Disabled:SolidNetworkManager R0 videX32;videX32;C:\WINDOWS\system32\DRIVERS\videX32.sys [2006-10-17 13:22] R0 xfilt;VIA SATA IDE Hot-plug Driver;C:\WINDOWS\system32\DRIVERS\xfilt.sys [2006-10-18 10:39] R3 W8100PCI;PLANET WL-8313;C:\WINDOWS\system32\DRIVERS\mrv8k51.sys [2004-01-19 04:09] S3 CrystalSysInfo;CrystalSysInfo;C:\WINDOWS\system32\SysInfo.sys [2005-02-02 18:30] . Inhoud van de 'Gedeelde Taken' map "2008-02-27 11:38:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job" - C:\Program Files\Apple Software Update\SoftwareUpdate.exe "2008-03-08 15:28:00 C:\WINDOWS\Tasks\Controleren op updates voor Windows Live Toolbar.job" - C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE . ************************************************************************** catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-03-08 16:30:29 Windows 5.1.2600 Service Pack 2 NTFS scannen van verborgen processen ... ? [2744] scannen van verborgen autostart items ... scannen van verborgen bestanden ... Scan succesvol afgerond verborgen bestanden: 0 ************************************************************************** . Voltooingstijd: 2008-03-08 16:30:53 ComboFix-quarantined-files.txt 2008-03-08 15:30:51 ComboFix2.txt 2008-03-07 22:15:22 ComboFix3.txt 2008-03-05 17:57:35 ComboFix4.txt 2008-03-05 16:42:24 ComboFix5.txt 2008-03-05 16:13:35 . 2008-02-13 20:56:39 --- E O F --- Ik start nu een AVG scan.
  14. Elitejuser
    Ik heb opgevangen (leesde wat op het forum hier) dat McAffee goed zou zijn? Het jammere daaraan is wel dat ik dan AVG van mijn computer moet verwijderen :S
  15. Elitejuser
    Logfile of HijackThis v1.99.1 Scan saved at 12:30:34, on 8-3-2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16608) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\RTHDCPL.EXE C:\WINDOWS\system32\LVCOMSX.EXE C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\iTunes\iTunesHelper.exe C:\program files\valve\steam\steam.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\iPod\bin\iPodService.exe C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe C:\PROGRA~1\Grisoft\AVG7\avgemc.exe C:\PROGRA~1\Grisoft\AVG7\avgcc.exe C:\PROGRA~1\Grisoft\AVG7\avgwb.dat C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Documents and Settings\Maarten\Mijn documenten\HJT\Scan.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = Live Search: R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\DOCUME~1\Maarten\LOCALS~1\Temp\services.exe O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [skyTel] SkyTel.EXE O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [AVG7_CC] "C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" /STARTUP O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [Flash Media] C:\DOCUME~1\Maarten\LOCALS~1\Temp\services.exe O4 - HKCU\..\Run: [steam] "c:\program files\valve\steam\steam.exe" -silent O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm O8 - Extra context menu item: Add to Windows &Live Favorites - Add to Windows Live Favorites O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file) O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing) O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing) O11 - Options group: [iNTERNATIONAL] International* O16 - DPF: RaptisoftGameLoader - http://www.miniclip.com/games/hamsterball/en/raptisoftgameloader.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab O16 - DPF: {2DA3C4AB-E6B6-47A6-B0F3-1BD81524B51B} (ActiveWorldsDownload Control) - http://www.activeworlds.com/products/ActiveWorldsDownload.cab O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v5.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab O16 - DPF: {BD08A9D5-0E5C-4F42-99A3-C0CB5E860557} (CSolidBrowserObj Object) - http://cdn1.acclaimdownloads.com/solidstateion.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
  16. Elitejuser
    Ik kan MSN Gaming Zone niet verwijderen; "Kan MSN Gaming Zone niet verwijderen. De toegang is geweigerd. Controlleer of de schijf vol of tegen schijven is beveiligd of dat het bestand momenteel in gebruik is"
  17. Elitejuser
    Ik heb het volledige stappenplan gevolgd, ik heb op mijn weten alle messengers die ik had (Msn, windows, Yahoo) van deze computer verwijderd :S
  18. Elitejuser
    Aangezien ik die melding van die Trojan Horse downloader weer kreeg (zie persoonlijk bericht dat ik je stuurde) vermoed ik dat het virus nog steeds actief is, en die worm steeds download wanneer ik hem verwijder.
  19. Elitejuser
    [hjt] Logfile of HijackThis v1.99.1 Scan saved at 23:09:10, on 7-3-2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16608) Running processes: c:\windows\system32\smss.exe c:\windows\system32\winlogon.exe c:\windows\system32\services.exe c:\windows\system32\lsass.exe c:\windows\system32\svchost.exe c:\windows\system32\svchost.exe c:\windows\system32\spoolsv.exe c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe c:\progra~1\grisoft\avg7\avgamsvr.exe c:\progra~1\grisoft\avg7\avgupsvc.exe c:\progra~1\grisoft\avg7\avgemc.exe c:\windows\system32\nvsvc32.exe c:\windows\system32\svchost.exe c:\program files\webroot\spy sweeper\spysweeper.exe c:\windows\explorer.exe c:\windows\rthdcpl.exe c:\progra~1\grisoft\avg7\avgcc.exe c:\windows\system32\lvcomsx.exe c:\windows\system32\rundll32.exe c:\program files\itunes\ituneshelper.exe c:\program files\valve\steam\steam.exe c:\windows\system32\ctfmon.exe c:\program files\ipod\bin\ipodservice.exe c:\documents and settings\maarten\bureaublad\hijackthis.exe c:\program files\internet explorer\iexplore.exe c:\documents and settings\maarten\mijn documenten\hjt\scan.exe r1 - hklm\software\microsoft\internet explorer\main,default_page_url = [noparse]http://go.microsoft.com/fwlink/?linkid=69157[/noparse] r1 - hklm\software\microsoft\internet explorer\main,default_search_url = [noparse]http://go.microsoft.com/fwlink/?linkid=54896[/noparse] r1 - hklm\software\microsoft\internet explorer\main,search page = [noparse]http://go.microsoft.com/fwlink/?linkid=54896[/noparse] r0 - hklm\software\microsoft\internet explorer\main,start page = [noparse]http://go.microsoft.com/fwlink/?linkid=69157[/noparse] r1 - hkcu\software\microsoft\internet explorer\searchurl,(default) = [noparse]http://g.msn.nl/0senlnl/saos01?form=toolbr[/noparse] r1 - hkcu\software\microsoft\windows\currentversion\internet settings,proxyoverride = localhost r0 - hkcu\software\microsoft\internet explorer\toolbar,linksfoldername = koppelingen f2 - reg:system.ini: userinit=c:\windows\system32\userinit.exe,c:\docume~1\maarten\locals~1\temp\services.exe o2 - bho: acroiehlprobj class - {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\acroiehelper.dll o2 - bho: (no name) - {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\sdhelper.dll o2 - bho: ssvhelper class - {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_03\bin\ssv.dll o2 - bho: windows live toolbar helper - {bdbd1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\windows live toolbar\msntb.dll o3 - toolbar: windows live toolbar - {bdad1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\windows live toolbar\msntb.dll o4 - hklm\..\run: [rthdcpl] rthdcpl.exe o4 - hklm\..\run: [skytel] skytel.exe o4 - hklm\..\run: [nvcpldaemon] rundll32.exe c:\windows\system32\nvcpl.dll,nvstartup o4 - hklm\..\run: [nwiz] nwiz.exe /install o4 - hklm\..\run: [avg7_cc] c:\progra~1\grisoft\avg7\avgcc.exe /startup o4 - hklm\..\run: [lvcomsx] c:\windows\system32\lvcomsx.exe o4 - hklm\..\run: [nvmediacenter] rundll32.exe c:\windows\system32\nvmctray.dll,nvtaskbarinit o4 - hklm\..\run: [ituneshelper] c:\program files\itunes\ituneshelper.exe o4 - hklm\..\run: [flash media] c:\docume~1\maarten\locals~1\temp\services.exe o4 - hkcu\..\run: [steam] c:\program files\valve\steam\steam.exe -silent o4 - hkcu\..\run: [ctfmon.exe] c:\windows\system32\ctfmon.exe o8 - extra context menu item: &windows live search - res://c:\program files\windows live toolbar\msntb.dll/search.htm o8 - extra context menu item: add to windows &live favorites - [noparse]http://favorites.live.com/quickadd.aspx[/noparse] o8 - extra context menu item: e&xporteren naar microsoft excel - res://c:\progra~1\micros~3\office11\excel.exe/3000 o9 - extra button: (no name) - {08b0e5c0-4fcb-11cf-aaa5-00401c608501} - c:\program files\java\jre1.6.0_03\bin\ssv.dll o9 - extra 'tools' menuitem: sun java console - {08b0e5c0-4fcb-11cf-aaa5-00401c608501} - c:\program files\java\jre1.6.0_03\bin\ssv.dll o9 - extra button: (no name) - {2d663d1a-8670-49d9-a1a5-4c56b4e14e84} - (no file) o9 - extra button: onderzoek - {92780b25-18cc-41c8-b9be-3c9c571a8263} - c:\progra~1\micros~3\office11\refiebar.dll o9 - extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\network diagnostic\xpnetdiag.exe (file missing) o9 - extra 'tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\network diagnostic\xpnetdiag.exe (file missing) o9 - extra button: messenger - {fb5f1910-f110-11d2-bb9e-00c04f795683} - c:\program files\messenger\msmsgs.exe (file missing) o9 - extra 'tools' menuitem: windows messenger - {fb5f1910-f110-11d2-bb9e-00c04f795683} - c:\program files\messenger\msmsgs.exe (file missing) o11 - options group: [international] international* o16 - dpf: raptisoftgameloader - [noparse]http://www.miniclip.com/games/hamsterball/en/raptisoftgameloader.cab[/noparse] o16 - dpf: {17492023-c23a-453e-a040-c7c580bbf700} (windows genuine advantage validation tool) - [noparse]http://go.microsoft.com/fwlink/?linkid=39204[/noparse] o16 - dpf: {20a60f0d-9afa-4515-a0fd-83bd84642501} (checkers class) - [noparse]http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab[/noparse] o16 - dpf: {2da3c4ab-e6b6-47a6-b0f3-1bd81524b51b} (activeworldsdownload control) - [noparse]http://www.activeworlds.com/products/activeworldsdownload.cab[/noparse] o16 - dpf: {67dabfbf-d0ab-41fa-9c46-cc0f21721616} (divxbrowserplugin object) - [noparse]http://go.divx.com/plugin/divxbrowserplugin.cab[/noparse] o16 - dpf: {69ef49e5-fe46-4b92-b5fa-2193ab7a6b8a} (gamelauncher control) - [noparse]http://www.acclaim.com/cabs/acclaim_v5.cab[/noparse] o16 - dpf: {b8be5e93-a60c-4d26-a2dc-220313175592} (msn games - installer) - [noparse]http://messenger.zone.msn.com/binary/zintro.cab56649.cab[/noparse] o16 - dpf: {bd08a9d5-0e5c-4f42-99a3-c0cb5e860557} (csolidbrowserobj object) - [noparse]http://cdn1.acclaimdownloads.com/solidstateion.cab[/noparse] o16 - dpf: {c3f79a2b-b9b4-4a66-b012-3ee46475b072} (messengerstatsclient class) - [noparse]http://messenger.zone.msn.com/binary/messengerstatspaclient.cab56907.cab[/noparse] o16 - dpf: {f5a7706b-b9c0-4c89-a715-7a0c6b05dd48} (minesweeper flags class) - [noparse]http://messenger.zone.msn.com/binary/minesweeper.cab56986.cab[/noparse] o18 - protocol: bwfile-8876480 - {9462a756-7b47-47bc-8c80-c34b9b80b32b} - c:\program files\logitech\desktop messenger\8876480\program\gaplugprotocol-8876480.dll o20 - winlogon notify: wgalogon - c:\windows\system32\wgalogon.dll o20 - winlogon notify: wrnotifier - c:\windows\system32\wrlogonntf.dll o21 - ssodl: wpdshserviceobj - {aaa288ba-9a4c-45b0-95d7-94d524869db5} - c:\windows\system32\wpdshserviceobj.dll o23 - service: apple mobile device - apple, inc. - c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe o23 - service: avg7 alert manager server (avg7alrt) - grisoft, s.r.o. - c:\progra~1\grisoft\avg7\avgamsvr.exe o23 - service: avg7 update service (avg7updsvc) - grisoft, s.r.o. - c:\progra~1\grisoft\avg7\avgupsvc.exe o23 - service: avg e-mail scanner (avgems) - grisoft, s.r.o. - c:\progra~1\grisoft\avg7\avgemc.exe o23 - service: installdriver table manager (idrivert) - macrovision corporation - c:\program files\common files\installshield\driver\11\intel 32\idrivert.exe o23 - service: ipod-service (ipod service) - apple inc. - c:\program files\ipod\bin\ipodservice.exe o23 - service: nvidia display driver service (nvsvc) - nvidia corporation - c:\windows\system32\nvsvc32.exe o23 - service: pc tools auxiliary service (sdauxservice) - pc tools - c:\program files\spyware doctor\svcntaux.exe o23 - service: pc tools security service (sdcoreservice) - pc tools - c:\program files\spyware doctor\swdsvc.exe o23 - service: webroot spy sweeper engine (webrootspysweeperservice) - webroot software, inc. - c:\program files\webroot\spy sweeper\spysweeper.exe [/hjt] ComboFix 08-03-05.1 - Maarten 2008-03-07 23:13:39.4 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.2.1252.32.1043.18.602 [GMT 1:00] Gestart vanuit: C:\Documents and Settings\Maarten\Bureaublad\ComboFix.exe WAARSCHUWING - DE RECOVERY CONSOLE IS NIET OP DIT SYSTEEM GEINSTALLEERD !! . (((((((((((((((((((( Bestanden Gemaakt van 2008-02-07 to 2008-03-07 )))))))))))))))))))))))))))))) . 2008-03-07 22:53 . 2008-03-07 22:53 9,296 --a------ C:\Documents and Settings\Maarten\xowsmq.exe 2008-03-07 20:54 . 2008-03-07 20:54 9,296 --a------ C:\Documents and Settings\Maarten\pvyufs.exe 2008-03-07 20:48 . 2008-03-07 20:48 <DIR> d-------- C:\RVAXO 2008-03-07 20:44 . 2008-03-07 18:11 726,670 --a------ C:\WINDOWS\system32\RVAXO.bat 2008-03-07 20:44 . 2001-10-01 14:51 69,632 --a------ C:\WINDOWS\system32\remove.exe 2008-03-07 20:44 . 2007-07-04 20:32 16,384 --a------ C:\WINDOWS\system32\Restart.exe 2008-03-07 20:42 . 2008-03-07 23:12 <DIR> dr-h----- C:\Documents and Settings\Maarten\Onlangs geopend 2008-03-07 20:40 . 2008-03-07 20:40 <DIR> d-------- C:\Program Files\CCleaner 2008-03-06 10:34 . 2008-03-06 10:34 17,486 --a------ C:\Documents and Settings\Maarten\psulve.exe 2008-03-06 10:21 . 2008-03-06 10:21 <DIR> d-------- C:\Documents and Settings\NetworkService\Application Data\Webroot 2008-03-05 18:30 . 2008-03-05 18:30 <DIR> d--h----- C:\WINDOWS\PIF 2008-03-05 16:27 . 2008-03-07 23:06 <DIR> d-------- C:\Program Files\Trend Micro 2008-02-20 15:35 . 2007-10-12 15:14 3,734,536 --a------ C:\WINDOWS\system32\d3dx9_36.dll 2008-02-20 15:34 . 2006-11-29 13:06 3,426,072 --a------ C:\WINDOWS\system32\d3dx9_32.dll 2008-02-20 15:33 . 2008-02-20 15:34 <DIR> d--h----- C:\WINDOWS\msdownld.tmp 2008-02-13 21:32 . 2008-02-13 21:32 <DIR> d-------- C:\Program Files\Rockstar Games 2008-02-13 21:32 . 2008-02-13 21:32 <DIR> d-------- C:\Program Files\directx 2008-02-13 14:08 . 2008-02-13 14:08 <DIR> d-------- C:\Documents and Settings\Maarten\Application Data\fizzy 2008-02-13 14:07 . 2008-02-13 14:07 <DIR> d--hs---- C:\WINDOWS\ftpcache 2008-02-13 14:07 . 2008-02-13 14:07 <DIR> d-------- C:\Program Files\Fizzy . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-03-07 21:41 --------- d-----w C:\Program Files\Yahoo! 2008-03-07 20:37 --------- d-----w C:\Program Files\Freeciv-2.0.9-gtk2 2008-03-07 19:42 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2008-03-07 16:02 --------- d-----w C:\Documents and Settings\Maarten\Application Data\AVG7 2008-03-05 15:30 --------- d-----w C:\Program Files\Xvid 2008-03-05 15:30 --------- d-----w C:\Program Files\Windows Media Connect 2 2008-03-05 15:30 --------- d-----w C:\Program Files\Windows Live Toolbar 2008-03-05 15:30 --------- d-----w C:\Program Files\Lux 2008-03-05 15:30 --------- d-----w C:\Program Files\LimeWire 2008-03-05 15:30 --------- d-----w C:\Program Files\DivX 2008-03-01 12:09 --------- d-----w C:\Documents and Settings\Maarten\Application Data\LimeWire 2008-02-25 17:01 --------- d-----w C:\Program Files\iTunes 2008-02-25 17:01 --------- d-----w C:\Program Files\iPod 2008-02-25 17:00 --------- d-----w C:\Program Files\QuickTime 2008-02-13 20:32 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-02-09 15:42 --------- d-----w C:\Program Files\Hitman Pro 2008-02-09 12:33 --------- d-----w C:\Program Files\Freeciv-2.1.3-gtk2 2007-12-25 13:26 164 ----a-w C:\install.dat 2007-12-07 02:18 824,832 ----a-w C:\WINDOWS\system32\wininet.dll . ((((((((((((((((((((((((((((( snapshot@2008-03-05_17.13.22,89 ))))))))))))))))))))))))))))))))))))))))) . - 2007-07-05 10:22:57 16,384 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat + 2008-03-06 21:12:07 16,384 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat - 2007-07-05 10:22:57 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Geschiedenis\History.IE5\index.dat + 2008-03-06 21:12:07 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Geschiedenis\History.IE5\index.dat - 2007-07-05 10:22:57 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat + 2008-03-06 21:12:07 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat - 2007-12-25 13:29:03 58,732 ----a-w C:\WINDOWS\system32\perfc009.dat + 2008-03-07 21:47:50 58,732 ----a-w C:\WINDOWS\system32\perfc009.dat - 2007-12-25 13:29:03 76,786 ----a-w C:\WINDOWS\system32\perfc013.dat + 2008-03-07 21:47:50 76,786 ----a-w C:\WINDOWS\system32\perfc013.dat - 2007-12-25 13:29:03 392,432 ----a-w C:\WINDOWS\system32\perfh009.dat + 2008-03-07 21:47:50 392,432 ----a-w C:\WINDOWS\system32\perfh009.dat - 2007-12-25 13:29:03 455,944 ----a-w C:\WINDOWS\system32\perfh013.dat + 2008-03-07 21:47:50 455,944 ----a-w C:\WINDOWS\system32\perfh013.dat - 2000-08-31 07:00:00 49,152 ----a-w C:\WINDOWS\system32\VFind.exe + 2008-01-03 18:47:58 49,152 ----a-w C:\WINDOWS\system32\VFind.exe . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Steam"="c:\program files\valve\steam\steam.exe" [2007-11-30 15:54 1266936] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2006-03-02 13:00 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RTHDCPL"="RTHDCPL.EXE" [2006-11-14 10:21 16270848 C:\WINDOWS\RTHDCPL.exe] "SkyTel"="SkyTel.EXE" [2006-05-16 11:04 2879488 C:\WINDOWS\SkyTel.exe] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-05 01:41 8523776] "nwiz"="nwiz.exe" [2007-12-05 01:41 1626112 C:\WINDOWS\system32\nwiz.exe] "AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-12-21 12:18 579072] "LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2004-10-08 10:52 221184] "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-12-05 01:41 81920] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-02-19 13:10 267048] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2006-03-02 13:00 15360] "AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2007-10-25 14:56 219136] "msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [ ] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck] C:\WINDOWS\system32\dumprep 0 -k [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoRepair] --a------ 2004-10-08 11:31 458752 C:\Program Files\Logitech\Video\ISStart.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoTray] --a------ 2004-10-08 11:24 217088 C:\Program Files\Logitech\Video\LogiTray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] --a------ 2008-01-31 23:13 385024 C:\Program Files\QuickTime\QTTask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SDTray] --a------ 2007-11-02 17:24 1065800 C:\Program Files\Spyware Doctor\SDTrayApp.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] --a------ 2007-09-25 00:11 132496 C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SW20] -ra------ 2006-01-03 03:58 208896 C:\WINDOWS\system32\sw20.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SW24] -ra------ 2006-01-03 03:59 69632 C:\WINDOWS\system32\sw24.exe [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"= "C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"= "C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"= "C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe"= "C:\\Program Files\\Freeciv-2.0.9-gtk2\\civserver.exe"= "C:\\Program Files\\Valve\\Steam\\SteamApps\\stin0o\\counter-strike\\hl.exe"= "C:\\Program Files\\Valve\\Steam\\SteamApps\\elite_juser\\counter-strike\\hl.exe"= "C:\\Program Files\\SwiftSwitch\\SwiftSwitch.exe"= "C:\\Program Files\\LimeWire\\LimeWire.exe"= "C:\\Program Files\\Valve\\Steam\\SteamApps\\elite_juser\\day of defeat\\hl.exe"= "C:\\Program Files\\Valve\\Steam\\SteamApps\\elite_juser\\ricochet\\hl.exe"= "C:\\Program Files\\Valve\\Steam\\SteamApps\\elite_juser\\deathmatch classic\\hl.exe"= "C:\\Program Files\\The Creative Assembly\\Rome - Total War\\RomeTW.exe"= "C:\\Program Files\\Microsoft Games\\Age of Empires II\\age2_x1\\age2_x1.icd"= "C:\\Program Files\\Valve\\Steam\\Steam.exe"= "C:\\Program Files\\mIRC\\mirc.exe"= "C:\\Program Files\\Valve\\Steam\\SteamApps\\elite_juser\\condition zero\\hl.exe"= "C:\\Program Files\\Valve\\Steam\\SteamApps\\elite_juser\\condition zero deleted scenes\\hl.exe"= "C:\\Program Files\\MAIET\\Gunz\\GunzLauncher.exe"= "C:\\WINDOWS\\system32\\dpnsvr.exe"= "C:\\WINDOWS\\system32\\dxdiag.exe"= "C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE"= "C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"= "C:\\Program Files\\Freeciv-2.1.0-gtk2\\civserver.exe"= "C:\\WINDOWS\\system32\\dplaysvr.exe"= "C:\\Program Files\\Microsoft Games\\Age of Empires II\\age2_x1\\age2_x1.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "C:\\Program Files\\Valve\\Steam\\SteamApps\\elite_juser\\counter-strike source\\hl2.exe"= "C:\\Program Files\\Valve\\Steam\\SteamApps\\elite_juser\\half-life 2 deathmatch\\hl2.exe"= "C:\\Program Files\\Valve\\Steam\\SteamApps\\elite_juser\\day of defeat source\\hl2.exe"= "C:\\Program Files\\Freeciv-2.1.3-gtk2\\civserver.exe"= "C:\\Program Files\\Freeciv-2.0.9-gtk2\\civclient.exe"= "C:\\Program Files\\iTunes\\iTunes.exe"= "C:\\Program Files\\Mozilla Firefox\\firefox.exe"= "C:\\DOCUME~1\\Maarten\\LOCALS~1\\Temp\\services.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "9842:TCP"= 9842:TCP:*:Disabled:SolidNetworkManager "9842:UDP"= 9842:UDP:*:Disabled:SolidNetworkManager R0 videX32;videX32;C:\WINDOWS\system32\DRIVERS\videX32.sys [2006-10-17 13:22] R0 xfilt;VIA SATA IDE Hot-plug Driver;C:\WINDOWS\system32\DRIVERS\xfilt.sys [2006-10-18 10:39] R3 W8100PCI;PLANET WL-8313;C:\WINDOWS\system32\DRIVERS\mrv8k51.sys [2004-01-19 04:09] S3 CrystalSysInfo;CrystalSysInfo;C:\WINDOWS\system32\SysInfo.sys [2005-02-02 18:30] . Inhoud van de 'Gedeelde Taken' map "2008-02-27 11:38:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job" - C:\Program Files\Apple Software Update\SoftwareUpdate.exe "2008-03-07 21:28:00 C:\WINDOWS\Tasks\Controleren op updates voor Windows Live Toolbar.job" - C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE . ************************************************************************** catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-03-07 23:14:53 Windows 5.1.2600 Service Pack 2 NTFS scannen van verborgen processen ... ? [1556] scannen van verborgen autostart items ... scannen van verborgen bestanden ... C:\WINDOWS\system32\snyqvp.exe 9296 bytes executable Scan succesvol afgerond verborgen bestanden: 1 ************************************************************************** . Voltooingstijd: 2008-03-07 23:15:21 ComboFix-quarantined-files.txt 2008-03-07 22:15:18 ComboFix2.txt 2008-03-05 17:57:35 ComboFix3.txt 2008-03-05 16:42:24 ComboFix4.txt 2008-03-05 16:13:35 . 2008-02-13 20:56:39 --- E O F --- TW++ Active Worlds Ad-Aware SE Personal Adobe Flash Player ActiveX Adobe Flash Player Plugin Adobe Reader 7.0 Adobe Shockwave Player ANNO 1503 Apple Mobile Device Support Apple Software Update AVG 7.5 Beveiligingsupdate for Windows XP (KB923689) Beveiligingsupdate for Windows XP (KB941569) Beveiligingsupdate voor Windows Internet Explorer 7 (KB938127) Beveiligingsupdate voor Windows Internet Explorer 7 (KB939653) Beveiligingsupdate voor Windows Internet Explorer 7 (KB942615) Beveiligingsupdate voor Windows Internet Explorer 7 (KB944533) Beveiligingsupdate voor Windows Media Player (KB911564) Beveiligingsupdate voor Windows Media Player 11 (KB936782) Beveiligingsupdate voor Windows Media Player 6.4 (KB925398) Beveiligingsupdate voor Windows Media Player 9 (KB917734) Beveiligingsupdate voor Windows Media Player 9 (KB936782) Beveiligingsupdate voor Windows XP (KB890046) Beveiligingsupdate voor Windows XP (KB893756) Beveiligingsupdate voor Windows XP (KB896358) Beveiligingsupdate voor Windows XP (KB896423) Beveiligingsupdate voor Windows XP (KB896428) Beveiligingsupdate voor Windows XP (KB899587) Beveiligingsupdate voor Windows XP (KB899591) Beveiligingsupdate voor Windows XP (KB900725) Beveiligingsupdate voor Windows XP (KB901017) Beveiligingsupdate voor Windows XP (KB901214) Beveiligingsupdate voor Windows XP (KB902400) Beveiligingsupdate voor Windows XP (KB904706) Beveiligingsupdate voor Windows XP (KB905414) Beveiligingsupdate voor Windows XP (KB905749) Beveiligingsupdate voor Windows XP (KB908519) Beveiligingsupdate voor Windows XP (KB911562) Beveiligingsupdate voor Windows XP (KB911927) Beveiligingsupdate voor Windows XP (KB912919) Beveiligingsupdate voor Windows XP (KB913580) Beveiligingsupdate voor Windows XP (KB914388) Beveiligingsupdate voor Windows XP (KB914389) Beveiligingsupdate voor Windows XP (KB917344) Beveiligingsupdate voor Windows XP (KB917953) Beveiligingsupdate voor Windows XP (KB918118) Beveiligingsupdate voor Windows XP (KB918439) Beveiligingsupdate voor Windows XP (KB919007) Beveiligingsupdate voor Windows XP (KB920213) Beveiligingsupdate voor Windows XP (KB920670) Beveiligingsupdate voor Windows XP (KB920683) Beveiligingsupdate voor Windows XP (KB920685) Beveiligingsupdate voor Windows XP (KB921503) Beveiligingsupdate voor Windows XP (KB922819) Beveiligingsupdate voor Windows XP (KB923191) Beveiligingsupdate voor Windows XP (KB923414) Beveiligingsupdate voor Windows XP (KB923789) Beveiligingsupdate voor Windows XP (KB923980) Beveiligingsupdate voor Windows XP (KB924191) Beveiligingsupdate voor Windows XP (KB924270) Beveiligingsupdate voor Windows XP (KB924496) Beveiligingsupdate voor Windows XP (KB924667) Beveiligingsupdate voor Windows XP (KB925902) Beveiligingsupdate voor Windows XP (KB926255) Beveiligingsupdate voor Windows XP (KB926436) Beveiligingsupdate voor Windows XP (KB927779) Beveiligingsupdate voor Windows XP (KB927802) Beveiligingsupdate voor Windows XP (KB928255) Beveiligingsupdate voor Windows XP (KB928843) Beveiligingsupdate voor Windows XP (KB929123) Beveiligingsupdate voor Windows XP (KB929969) Beveiligingsupdate voor Windows XP (KB930178) Beveiligingsupdate voor Windows XP (KB931261) Beveiligingsupdate voor Windows XP (KB931784) Beveiligingsupdate voor Windows XP (KB932168) Beveiligingsupdate voor Windows XP (KB933566) Beveiligingsupdate voor Windows XP (KB933729) Beveiligingsupdate voor Windows XP (KB935839) Beveiligingsupdate voor Windows XP (KB935840) Beveiligingsupdate voor Windows XP (KB936021) Beveiligingsupdate voor Windows XP (KB937143) Beveiligingsupdate voor Windows XP (KB938127) Beveiligingsupdate voor Windows XP (KB938829) Beveiligingsupdate voor Windows XP (KB939653) Beveiligingsupdate voor Windows XP (KB941202) Beveiligingsupdate voor Windows XP (KB941568) Beveiligingsupdate voor Windows XP (KB941644) Beveiligingsupdate voor Windows XP (KB943055) Beveiligingsupdate voor Windows XP (KB943460) Beveiligingsupdate voor Windows XP (KB943485) Beveiligingsupdate voor Windows XP (KB944653) Beveiligingsupdate voor Windows XP (KB946026) CCleaner (remove only) Counter-Strike Counter-Strike: Source Counter-Strike: Source Day of Defeat: Source Decal Converter Derivator 2.4 DivX Content Uploader DivX Web Player Extensie voor Windows Live Toolbar (Windows Live Toolbar) Freeciv 2.0.9 (GTK+ client) Freeciv 2.1.0 (GTK+ client) Freeciv 2.1.3 (GTK+ client) GIMP 2.4.0 GTA2 Half-Life 2: Deathmatch Half-Life 2: Lost Coast Hamachi 1.0.2.4 High Definition Audio Driver Package - KB888111 HijackThis 1.99.1 Hitman Pro Hotfix for Windows Media Format 11 SDK (KB929399) Hotfix for Windows XP (KB915865) Hotfix for Windows XP (KB926239) Hotfix voor Windows Media Player 11 (KB939683) Hotfix voor Windows XP (KB914440) Hotfix voor Windows XP (KB935448) HyperCam 2 iPod for Windows 2006-06-28 iTunes J2SE Runtime Environment 5.0 Update 11 Java 6 Update 2 Java 6 Update 3 Java SE Runtime Environment 6 Update 1 LimeWire 4.16.6 Logitech Desktop Messenger Logitech QuickCam-software Logitech® Camera-stuurprogramma Lux Delux 5.64 MAIET entertainment - Gunz Maple Microsoft .NET Framework 2.0 Microsoft Age of Empires II Microsoft Age of Empires II: The Conquerors Expansion Microsoft Compression Client Pack 1.0 for Windows XP Microsoft Internationalized Domain Names Mitigation APIs Microsoft National Language Support Downlevel APIs Microsoft Office PowerPoint Viewer 2007 (Dutch) Microsoft Office PowerPoint Viewer 2007 (English) Microsoft Office Standard Editie 2003 Microsoft User-Mode Driver Framework Feature Pack 1.0 Microsoft Windows Journal Viewer mIRC Mozilla Firefox (2.0.0.12) Netlog Music Tool NVIDIA Drivers OneCare Advisor (Windows Live Toolbar) QuickTime Realtek High Definition Audio Driver Rome - Total War Security Update for CAPICOM (KB931906) Security Update for CAPICOM (KB931906) Security Update voor Microsoft .NET Framework 2.0 (KB928365) Solid State ION Internet Explorer Plugin Spy Sweeper Spybot - Search & Destroy 1.4 Spyware Doctor 5.1 SpywareBlaster v3.5.1 Steam SwiftSwitch Swords and Sandals 2 2.0 System Requirements Lab Update voor Windows XP (KB894391) Update voor Windows XP (KB898461) Update voor Windows XP (KB900485) Update voor Windows XP (KB904942) Update voor Windows XP (KB908531) Update voor Windows XP (KB910437) Update voor Windows XP (KB911280) Update voor Windows XP (KB916595) Update voor Windows XP (KB920872) Update voor Windows XP (KB922582) Update voor Windows XP (KB927891) Update voor Windows XP (KB930916) Update voor Windows XP (KB931836) Update voor Windows XP (KB933360) Update voor Windows XP (KB936357) Update voor Windows XP (KB938828) Update voor Windows XP (KB942763) VIA Platform apparaatbeheer Windows Installer 3.1 (KB893803) Windows Internet Explorer 7 Windows Live Favorites voor Windows Live Toolbar Windows Live Outlook Toolbar (Windows Live Toolbar) Windows Live Toolbar Windows Live Toolbar Windows Media Format 11 runtime Windows Media Format 11 runtime Windows Media Player 11 Windows Media Player 11 Windows XP Hotfix - KB873339 Windows XP Hotfix - KB885835 Windows XP Hotfix - KB885836 Windows XP Hotfix - KB886185 Windows XP Hotfix - KB887472 Windows XP Hotfix - KB888302 Windows XP Hotfix - KB890859 Windows XP Hotfix - KB891781 WinRAR archiver Xfire (remove only) Xvid 1.1.3 final uninstall Hierboven dus even alle vernoemde logs (uit het stappenplan) op een rijtje.
  20. Elitejuser
    Ik verwijder de bestanden dan maar manueel via de zoekfunctie.
  21. Elitejuser
    Geen van bovenvernoemde bestanden vind ik terug in de lijst bij Windows verkenner :S
  22. Elitejuser
    Het virus is er nog altijd, net weer bij MSN stuurde het zich door naar anderen :S
  23. Elitejuser
    ---RVAXO.exe Updated: 2008-03-07---first run--- Uninstallers: Files found: C:\WINDOWS\system32\netlogun.exe Folders Found: C:\Program Files\Common Files\SchijfBewaker C:\Documents and Settings\All Users\Application Data\SchijfBewaker Hosts-file was reset, If you use a custom hosts file please replace it... --------------RVAXO.exe last run--------------- Not deleted items: C:\WINDOWS\system32\netlogun.exe C:\Program Files\Common Files\SchijfBewaker C:\Documents and Settings\All Users\Application Data\SchijfBewaker --------------RVAXO.exe finished----------------
  24. Elitejuser
    Ok. Net weer gewoon, niet eens tijdens scan merkte mijn pc weer een virus of van dezelfde soort.
  25. Elitejuser
    Het verontrust me alleen dat AVG (en ikzelf) Services.exe niet kunnen openen?
Logo

OVER ONS

PC Helpforum helpt GRATIS computergebruikers sinds juli 2006. Ons team geeft via het forum professioneel antwoord op uw vragen en probeert uw pc problemen zo snel mogelijk op te lossen. Word lid vandaag, plaats je vraag online en het PC Helpforum-team helpt u graag verder!

SITEMAP

×
×
  • Nieuwe aanmaken...

Belangrijke informatie

We hebben cookies geplaatst op je toestel om deze website voor jou beter te kunnen maken. Je kunt de cookie instellingen aanpassen, anders gaan we er van uit dat het goed is om verder te gaan.