harm-jan
-
Items
4 -
Registratiedatum
-
Laatst bezocht
harm-jan's prestaties
-
ComboFix 12-02-03.02 - Administrator 04-02-2012 0:59.1.1 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.31.1043.18.767.362 [GMT 1:00] Gestart vanuit: d:\documents and settings\Administrator\Mijn documenten\Downloads\ComboFix.exe AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095} . . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . . d:\documents and settings\Administrator\Application Data\Desktopicon d:\documents and settings\Default User\Application Data\Desktopicon . . (((((((((((((((((((( Bestanden Gemaakt van 2012-01-04 to 2012-02-04 )))))))))))))))))))))))))))))) . . 2012-02-03 23:53 . 2012-02-03 23:53 29904 ----a-w- d:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{03561F96-8B48-4776-81CF-3ADEA8FE0826}\MpKsl4ead5bd5.sys 2012-02-03 11:14 . 2012-02-03 11:14 -------- d-----w- d:\documents and settings\Administrator\Application Data\Malwarebytes 2012-02-03 11:14 . 2012-02-03 11:14 -------- d-----w- d:\documents and settings\All Users\Application Data\Malwarebytes 2012-02-03 11:14 . 2011-12-10 14:24 20464 ----a-w- d:\windows\system32\drivers\mbam.sys 2012-02-03 11:14 . 2012-02-03 11:14 -------- d-----w- d:\program files\Malwarebytes' Anti-Malware 2012-02-03 11:10 . 2012-01-06 04:19 6557240 ----a-w- d:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{03561F96-8B48-4776-81CF-3ADEA8FE0826}\mpengine.dll 2012-02-02 22:01 . 2012-02-02 22:01 388096 ----a-r- d:\documents and settings\Administrator\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe 2012-02-02 22:01 . 2012-02-02 22:01 -------- d-----w- d:\program files\Trend Micro 2012-02-02 13:03 . 2012-02-02 14:12 -------- d-----w- d:\windows\system32\NtmsData 2012-01-30 22:54 . 2012-01-30 22:54 -------- d-----w- d:\documents and settings\Administrator\Local Settings\Application Data\Adobe 2012-01-25 00:49 . 2012-01-25 00:49 -------- d-----w- d:\program files\Common Files\Java 2012-01-25 00:49 . 2012-01-25 00:49 73728 ----a-w- d:\windows\system32\javacpl.cpl 2012-01-25 00:49 . 2012-01-25 00:49 -------- d-----w- d:\program files\Java 2012-01-24 21:50 . 2012-01-24 21:50 -------- d-----w- d:\documents and settings\All Users\Application Data\PC Drivers HeadQuarters Inc 2012-01-24 21:49 . 2012-01-24 21:49 -------- d-----w- d:\documents and settings\Administrator\Application Data\GetRightToGo 2012-01-23 21:14 . 2012-01-23 21:14 -------- d-----w- d:\documents and settings\Administrator\Local Settings\Application Data\Babylon 2012-01-23 21:14 . 2012-01-23 21:14 -------- d-----w- d:\documents and settings\All Users\Application Data\Babylon 2012-01-23 21:14 . 2012-01-23 21:14 -------- d-----w- d:\documents and settings\Administrator\Application Data\Babylon 2012-01-23 21:14 . 2012-01-23 21:14 -------- d-----w- d:\program files\PricePeep 2012-01-19 20:19 . 2012-01-19 20:23 -------- d-----w- d:\documents and settings\Administrator\Local Settings\Application Data\ManyCam 2012-01-18 15:57 . 2012-02-01 16:19 -------- d-----w- d:\documents and settings\All Users\Application Data\firebird 2012-01-18 15:57 . 2012-02-01 16:20 -------- d-----w- d:\documents and settings\Administrator\Local Settings\Application Data\SpacialAudio 2012-01-18 15:56 . 2010-09-17 10:13 548864 ----a-w- d:\windows\system32\GDS32.DLL 2012-01-18 15:56 . 2012-01-18 15:56 -------- d-----w- d:\program files\Firebird 2012-01-18 15:56 . 2012-01-18 15:56 -------- d-----w- d:\program files\SpacialAudio 2012-01-18 15:39 . 2012-01-18 15:39 -------- d-----w- d:\documents and settings\All Users\Application Data\NCH Software 2012-01-18 15:38 . 2012-01-18 15:38 -------- d-----w- d:\documents and settings\All Users\Application Data\NCH Swift Sound 2012-01-18 15:38 . 2012-01-18 15:51 -------- d-----w- d:\program files\NCH Software 2012-01-18 15:38 . 2012-01-18 15:38 -------- d-----w- d:\documents and settings\Administrator\Application Data\NCH Swift Sound 2012-01-17 16:14 . 2008-04-13 22:15 60032 ----a-w- d:\windows\system32\drivers\USBAUDIO.sys 2012-01-16 11:15 . 2012-01-25 00:49 472808 ----a-w- d:\windows\system32\deployJava1.dll 2012-01-16 01:26 . 2012-01-16 01:26 -------- d-----w- d:\documents and settings\All Users\Application Data\Easy Driver Pro 2012-01-15 21:14 . 2012-01-15 21:14 -------- d-----w- d:\documents and settings\Administrator\Local Settings\Application Data\Identities 2012-01-14 06:15 . 2012-01-15 21:08 -------- d-----w- d:\program files\Common Files\Native Instruments 2012-01-14 06:11 . 2012-01-14 06:17 -------- d-----w- d:\documents and settings\All Users\Application Data\Native Instruments 2012-01-14 00:59 . 2012-01-06 04:19 6557240 ----a-w- d:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2012-01-12 21:39 . 2012-01-12 21:39 -------- d-----w- d:\documents and settings\Administrator\Local Settings\Application Data\uTorrent 2012-01-12 21:39 . 2012-02-03 23:49 -------- d-----w- d:\documents and settings\Administrator\Application Data\uTorrent 2012-01-12 17:27 . 2012-01-31 12:44 237072 ------w- d:\windows\system32\MpSigStub.exe 2012-01-12 17:21 . 2012-01-12 17:22 -------- d-----w- d:\program files\Microsoft Security Client 2012-01-11 18:05 . 2012-01-11 18:05 -------- d-----w- d:\program files\Maxis 2012-01-11 12:21 . 2012-01-11 12:21 -------- d-----w- d:\windows\system32\LogFiles 2012-01-11 11:40 . 2012-01-12 17:15 -------- d-----w- d:\documents and settings\Administrator\Application Data\BitComet 2012-01-11 09:37 . 2011-11-03 15:29 386560 ------w- d:\windows\system32\dllcache\qdvd.dll 2012-01-11 09:36 . 2011-10-14 14:47 23040 ------w- d:\windows\system32\dllcache\mciseq.dll 2012-01-11 09:36 . 2011-10-14 14:47 179200 ------w- d:\windows\system32\dllcache\winmm.dll 2012-01-11 09:36 . 2011-11-20 06:12 60928 ------w- d:\windows\system32\dllcache\packager.exe 2012-01-10 19:45 . 2012-01-10 19:45 -------- d-----w- d:\documents and settings\Administrator\Local Settings\Application Data\APN 2012-01-10 19:45 . 2012-01-19 20:20 -------- d-----w- d:\documents and settings\Administrator\Application Data\ManyCam 2012-01-10 19:45 . 2012-01-19 20:20 -------- d-----w- d:\program files\ManyCam 2012-01-09 19:58 . 2012-01-09 19:58 -------- d-----w- d:\program files\EA GAMES 2012-01-09 17:05 . 2012-01-09 17:05 -------- d-----w- d:\documents and settings\Administrator\Local Settings\Application Data\Google 2012-01-09 17:04 . 2012-01-09 17:05 -------- d-----w- d:\documents and settings\Administrator\Local Settings\Application Data\Deployment 2012-01-06 20:34 . 2008-12-03 12:32 1519424 ----a-r- d:\windows\system32\drivers\cmudax3.sys 2012-01-06 20:34 . 2007-02-26 18:30 36864 ----a-r- d:\windows\system32\cmudax3.DLL 2012-01-06 20:33 . 2012-01-06 20:33 -------- d-----w- d:\program files\Common Files\InstallShield 2012-01-06 20:33 . 2012-01-06 20:33 -------- d-----w- d:\program files\Common Files\Adobe AIR 2012-01-06 20:32 . 2012-01-06 20:32 -------- d-----w- d:\program files\Common Files\Adobe 2012-01-06 20:23 . 2008-04-13 20:05 20992 ----a-w- d:\windows\system32\drivers\RTL8139.sys . . . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-01-04 22:30 . 2012-01-04 22:07 414368 ----a-w- d:\windows\system32\FlashPlayerCPLApp.cpl 2011-11-25 21:57 . 2008-09-23 12:00 293888 ----a-w- d:\windows\system32\winsrv.dll 2011-11-23 14:39 . 2008-09-23 12:00 1868672 ----a-w- d:\windows\system32\win32k.sys 2011-11-20 06:12 . 2008-09-23 12:00 60928 ----a-w- d:\windows\system32\packager.exe 2011-11-16 14:20 . 2008-09-23 12:00 354816 ----a-w- d:\windows\system32\winhttp.dll 2011-11-16 14:20 . 2008-09-23 12:00 152064 ----a-w- d:\windows\system32\schannel.dll . . ------- Sigcheck ------- Note: Unsigned files aren't necessarily malware. . . [-] 2008-09-23 12:00 . 753C7C72C1F462A009C877B41730F3EC . 1475072 . . [2001.12.4414.700] . . d:\windows\system32\comres.dll . [-] 2008-09-23 . F7A21A4461BEF6414D9AF587C7D69E7D . 591872 . . [5.1.2600.5512] . . d:\windows\system32\winlogon.exe . [-] 2008-09-23 . 15414691C4C039FF03377DC2A27AF592 . 518144 . . [5.1.2600.5512] . . d:\windows\system32\user32.dll . [-] 2008-09-23 . C55B10AB1C2C8ED9F913BAFB3E296B4A . 1701888 . . [6.00.2900.5634] . . d:\windows\explorer.exe . [-] 2008-09-23 . A09F1B50133C856DA9AED1782FD9A64D . 218112 . . [5.1.2600.5512] . . d:\windows\regedit.exe . [-] 2008-09-23 . 6C4E087200E46977DFE54147A5B1FDD8 . 37376 . . [5.1.2600.5512] . . d:\windows\system32\ctfmon.exe . d:\windows\System32\drivers\beep.sys ... is niet aanwezig !! . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SkinClock"="d:\program files\Desktop Tray Clock\DTClock.exe" [2007-10-22 563519] "Sidebar"="d:\program files\Windows Sidebar\sidebar.exe" [2008-06-16 1281536] "uTorrent"="C:\uTorrent.exe" [2012-01-13 642424] "ManyCam"="d:\program files\ManyCam\Bin\ManyCam.exe" [2011-12-12 1760328] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="d:\windows\system32\NvCpl.dll" [2008-09-17 13574144] "nwiz"="nwiz.exe" [2008-09-17 1657376] "NvMediaCenter"="d:\windows\system32\NvMcTray.dll" [2008-09-17 86016] "VistaDrive"="d:\windows\VistaDrive\VistaDrive.exe" [2006-10-05 280779] "ehTray"="d:\windows\ehome\ehtray.exe" [2005-08-17 64512] "SkinClock"="d:\program files\Desktop Tray Clock\DTClock.exe" [2007-10-22 563519] "Adobe Reader Speed Launcher"="d:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696] "MSC"="d:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920] "SunJavaUpdateSched"="d:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] "Malwarebytes Anti-Malware"="d:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="d:\windows\system32\CTFMON.EXE" [2008-09-23 37376] "SkinClock"="d:\program files\Desktop Tray Clock\DTClock.exe" [2007-10-22 563519] . d:\documents and settings\All Users\Menu Start\Programma's\Opstarten\ RocketDock.lnk - d:\program files\RocketDock\RocketDock.exe [2002-1-1 630784] . [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer] "ForceClassicControlPanel"= 1 (0x1) . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk *\0pgdfgsvc D 1 . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] @="Service" . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "d:\\Program Files\\IEPro\\MiniDM.exe"= "d:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"= "d:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "d:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"= "d:\\Documents and Settings\\Administrator\\Local Settings\\Application Data\\Google\\Chrome\\Application\\chrome.exe"= "d:\\WINDOWS\\system32\\dpvsetup.exe"= "c:\\uTorrent.exe"= "d:\\Program Files\\SpacialAudio\\SAMBC\\SAMBC.exe"= . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "8199:TCP"= 8199:TCP:BitComet 8199 TCP "8199:UDP"= 8199:UDP:BitComet 8199 UDP "4100:UDP"= 4100:UDP:uPNP Router Control Port "94:TCP"= 94:TCP:VRS Recording System Web Control Panel . R0 sptd;sptd;d:\windows\system32\drivers\sptd.sys [1-1-2002 0:50 717296] R1 MpKsl4ead5bd5;MpKsl4ead5bd5;d:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{03561F96-8B48-4776-81CF-3ADEA8FE0826}\MpKsl4ead5bd5.sys [4-2-2012 0:53 29904] R2 FirebirdGuardianDefaultInstance;Firebird Guardian - DefaultInstance;d:\program files\Firebird\Firebird_2_5\bin\fbguard.exe [18-1-2012 16:56 98304] R3 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance;d:\program files\Firebird\Firebird_2_5\bin\fbserver.exe [18-1-2012 16:56 3735552] R3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;d:\windows\system32\drivers\ManyCam.sys [29-9-2011 8:04 21632] . --- Andere Services/Drivers In Geheugen --- . *NewlyCreated* - MPKSL4EAD5BD5 *Deregistered* - uphcleanhlp . [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{D58F39FF-953E-4F45-898F-59F243B9A523}] 2009-03-08 03:32 128512 ----a-w- d:\windows\system32\advpack.dll . Inhoud van de 'Gedeelde Taken' map . 2012-02-03 d:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1993962763-790525478-1417001333-500Core.job - d:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-01-09 17:05] . 2012-02-03 d:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1993962763-790525478-1417001333-500UA.job - d:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-01-09 17:05] . 2012-02-03 d:\windows\Tasks\MP Scheduled Scan.job - d:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2011-04-27 14:39] . . ------- Bijkomende Scan ------- . uStart Page = hxxp://google.atcomet.com/b/ uDefault_Search_URL = hxxp://www.google.nl uSearchURL,(Default) = hxxp://www.google.com/search?q=%s TCP: DhcpNameServer = 212.54.40.25 212.54.35.25 DPF: {A672558F-A878-4D5A-A921-627C091CEB6A} - hxxp://download.flatcast.net/objects/NpFp530.dll DPF: {E55FD215-A32E-43FE-A777-A7E8F165F560} - hxxp://download.flatcast.net/objects/NpFv522.dll . - - - - ORPHANS VERWIJDERD - - - - . HKCU-Run-BitComet - d:\program files\BitComet\BitComet.exe . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover Rootkit scan 2012-02-04 01:08 Windows 5.1.2600 Service Pack 3 NTFS . scannen van verborgen processen ... . scannen van verborgen autostart items ... . scannen van verborgen bestanden ... . Scan succesvol afgerond verborgen bestanden: 0 . ************************************************************************** . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- . [HKEY_USERS\S-1-5-21-1993962763-790525478-1417001333-500\Software\Microsoft\Internet Explorer\User Preferences] @Denied: (2) (Administrator) "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,85,93,13,e2,48,7d,43,43,8b,2d,db,\ "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,85,93,13,e2,48,7d,43,43,8b,2d,db,\ "6256FFB019F8FDFBD36745B06F4540E9AEAF222A25"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,85,93,13,e2,48,7d,43,43,8b,2d,db,\ . [HKEY_USERS\S-1-5-21-1993962763-790525478-1417001333-500\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{23A0C378-81C0-94B2-236C-4F1A5A9B6D49}*] @Allowed: (Read) (RestrictedCode) @Allowed: (Read) (RestrictedCode) "iadneeoihgklhkgapo"=hex:6a,61,6f,64,6e,6c,6c,70,65,65,63,6b,68,67,6d,6a,68,63, 67,67,00,0e "hajnoenknbccagjk"=hex:69,61,6f,64,6c,6b,62,62,6f,67,6d,61,66,65,66,6d,67,6b, 00,00 "iapneiopkbllnhdjbk"=hex:63,61,63,6f,6d,6c,00,7c "dbbobmhefemgmmefjicdoakiibmibmanfljfdbdd"=hex:68,61,67,70,6b,6a,6f,64,69,70, 66,65,64,6d,62,6c,00,00 "jbbobmhefemgmmefjicdnpgogdgficnhjakmdcgekadgjjjnbhef"=hex:68,61,67,70,6b,6a, 6f,64,69,70,66,65,64,6d,62,6c,00,00 "dbbobmhefemgmmefjicdhadooaaghgfddlbgknpd"=hex:6a,62,6a,64,63,6b,70,6c,65,61, 6d,70,67,6a,65,63,6b,68,65,62,62,6e,66,63,66,6c,69,6b,66,6b,62,63,66,67,66,\ . --------------------- DLLs Geladen Onder Lopende Processen --------------------- . - - - - - - - > 'winlogon.exe'(716) d:\windows\system32\SETUPAPI.dll d:\windows\system32\COMRes.dll d:\windows\system32\cscui.dll . - - - - - - - > 'lsass.exe'(772) d:\windows\system32\SETUPAPI.dll . - - - - - - - > 'explorer.exe'(2560) d:\windows\system32\SHDOCVW.dll d:\windows\system32\COMRes.dll d:\windows\System32\cscui.dll d:\windows\system32\LINKINFO.dll d:\windows\system32\ntshrui.dll d:\windows\system32\msi.dll d:\windows\system32\SETUPAPI.dll d:\windows\system32\wpdshserviceobj.dll d:\windows\system32\webcheck.dll d:\windows\system32\portabledevicetypes.dll d:\windows\system32\portabledeviceapi.dll d:\windows\system32\NETSHELL.dll d:\windows\system32\credui.dll d:\windows\system32\MSVCP60.dll . Voltooingstijd: 2012-02-04 01:12:43 ComboFix-quarantined-files.txt 2012-02-04 00:12 . Pre-Run: 24.835.837.952 bytes beschikbaar Post-Run: 25.100.275.712 bytes beschikbaar . WindowsXP-KB310994-SP2-Pro-BootDisk-NLD.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons UnsupportedDebug="do not select this" /debug multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect . - - End Of File - - 88924D642354EFE8E191426A538D7D73 dit is het dan weer hoop dat je hier wat mee kan
-
Malwarebytes Anti-Malware 1.60.1.1000 Malwarebytes : Free anti-malware, anti-virus and spyware removal download Databaseversie: v2012.02.03.04 Windows XP Service Pack 3 x86 NTFS Internet Explorer 8.0.6001.18702 Administrator :: UNATTEND-EF955D [administrator] 3-2-2012 12:27:01 mbam-log-2012-02-03 (12-27-01).txt Scantype: Volledige scan Ingeschakelde scanopties: Geheugen | Opstartitems | Register | Bestanden en mappen | Heuristiek/Extra | Heuristiek/Shuriken | PUP | PUM Uitgeschakelde scanopties: P2P Objecten gescand: 212510 Verstreken tijd: 1 uur/uren, 18 minuut/minuten, 1 seconde(n) Geheugenprocessen gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Geheugenmodulen gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Registersleutels gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Registerwaarden gedetecteerd: 1 HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer|ForceClassicControlPanel (Hijack.ControlPanelStyle) -> Data: 1 -> Succesvol in quarantaine geplaatst en verwijderd. Registerdata gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Mappen gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Bestanden gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) (einde) Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 14:02:52, on 3-2-2012 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: D:\WINDOWS\System32\smss.exe D:\WINDOWS\system32\winlogon.exe D:\WINDOWS\system32\services.exe D:\WINDOWS\system32\lsass.exe D:\WINDOWS\system32\svchost.exe D:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe D:\WINDOWS\System32\svchost.exe D:\WINDOWS\Explorer.EXE D:\WINDOWS\system32\spoolsv.exe D:\WINDOWS\system32\RUNDLL32.EXE D:\WINDOWS\VistaDrive\VistaDrive.exe D:\WINDOWS\eHome\ehRecvr.exe D:\WINDOWS\eHome\ehSched.exe D:\Program Files\Firebird\Firebird_2_5\bin\fbguard.exe D:\Program Files\Java\jre6\bin\jqs.exe D:\WINDOWS\system32\nvsvc32.exe D:\WINDOWS\ehome\ehtray.exe D:\WINDOWS\system32\svchost.exe D:\Program Files\Desktop Tray Clock\DTClock.exe D:\Program Files\Microsoft Security Client\msseces.exe D:\Program Files\Common Files\Java\Java Update\jusched.exe D:\WINDOWS\system32\ctfmon.exe D:\Program Files\Windows Live\Messenger\msnmsgr.exe D:\Program Files\UPHClean\uphclean.exe C:\uTorrent.exe D:\Program Files\ManyCam\Bin\ManyCam.exe D:\Program Files\RocketDock\RocketDock.exe D:\Program Files\Firebird\Firebird_2_5\bin\fbserver.exe D:\WINDOWS\system32\dllhost.exe D:\WINDOWS\eHome\ehmsas.exe D:\WINDOWS\System32\svchost.exe D:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe D:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe D:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe D:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe D:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe D:\Program Files\Malwarebytes' Anti-Malware\mbam.exe D:\WINDOWS\notepad.exe D:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about: R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Google R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Google R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Search R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = Google O2 - BHO: IE7Pro - {00011268-E188-40DF-A514-835FCD78B1BF} - D:\Program Files\IEPro\iepro.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - D:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - D:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - D:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE D:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [VistaDrive] D:\WINDOWS\VistaDrive\VistaDrive.exe O4 - HKLM\..\Run: [ehTray] D:\WINDOWS\ehome\ehtray.exe O4 - HKLM\..\Run: [skinClock] D:\Program Files\Desktop Tray Clock\DTClock.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "D:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [MSC] "D:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey O4 - HKLM\..\Run: [sunJavaUpdateSched] "D:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware] D:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [skinClock] D:\Program Files\Desktop Tray Clock\DTClock.exe O4 - HKCU\..\Run: [sidebar] D:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [msnmsgr] "D:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [Google Update] "D:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c O4 - HKCU\..\Run: [bitComet] "D:\Program Files\BitComet\BitComet.exe" /tray O4 - HKCU\..\Run: [uTorrent] "C:\uTorrent.exe" /MINIMIZED O4 - HKCU\..\Run: [ManyCam] "D:\Program Files\ManyCam\Bin\ManyCam.exe" /silent O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service') O4 - HKUS\S-1-5-19\..\Run: [skinClock] D:\Program Files\Desktop Tray Clock\DTClock.exe (User 'Lokale service') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe O9 - Extra button: IE7Pro Grab and Drag - {000002a3-84fe-43f1-b958-f2c3ca804f1a} - D:\Program Files\IEPro\iepro.dll O9 - Extra 'Tools' menuitem: IE7Pro Grab and Drag - {000002a3-84fe-43f1-b958-f2c3ca804f1a} - D:\Program Files\IEPro\iepro.dll O9 - Extra button: In weblog opnemen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - D:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &In weblog opnemen met Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - D:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe O16 - DPF: {A672558F-A878-4D5A-A921-627C091CEB6A} (Flatcast Producer 5.3) - http://download.flatcast.net/objects/NpFp530.dll O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O16 - DPF: {E55FD215-A32E-43FE-A777-A7E8F165F560} (Flatcast Viewer 5.2) - http://download.flatcast.net/objects/NpFv522.dll O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - D:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - D:\WINDOWS\system32\browseui.dll O23 - Service: Firebird Guardian - DefaultInstance (FirebirdGuardianDefaultInstance) - Firebird Project - D:\Program Files\Firebird\Firebird_2_5\bin\fbguard.exe O23 - Service: Firebird Server - DefaultInstance (FirebirdServerDefaultInstance) - Firebird Project - D:\Program Files\Firebird\Firebird_2_5\bin\fbserver.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - D:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\system32\nvsvc32.exe -- End of file - 7882 bytes dit is het geworden
-
dit is er wat er in dat kladblok stond dusja zeg het maar hier snap ik egt helemaal niks van Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 23:01:54, on 2-2-2012 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: D:\WINDOWS\System32\smss.exe D:\WINDOWS\system32\winlogon.exe D:\WINDOWS\system32\services.exe D:\WINDOWS\system32\lsass.exe D:\WINDOWS\system32\svchost.exe D:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe D:\WINDOWS\System32\svchost.exe D:\WINDOWS\system32\spoolsv.exe D:\WINDOWS\Explorer.EXE D:\WINDOWS\eHome\ehRecvr.exe D:\WINDOWS\eHome\ehSched.exe D:\Program Files\Firebird\Firebird_2_5\bin\fbguard.exe D:\Program Files\Java\jre6\bin\jqs.exe D:\WINDOWS\system32\nvsvc32.exe D:\WINDOWS\system32\svchost.exe D:\Program Files\UPHClean\uphclean.exe D:\WINDOWS\system32\RUNDLL32.EXE D:\WINDOWS\VistaDrive\VistaDrive.exe D:\WINDOWS\ehome\ehtray.exe D:\Program Files\Firebird\Firebird_2_5\bin\fbserver.exe D:\WINDOWS\eHome\ehmsas.exe D:\Program Files\Microsoft Security Client\msseces.exe D:\Program Files\Common Files\Java\Java Update\jusched.exe D:\WINDOWS\system32\ctfmon.exe D:\Program Files\Desktop Tray Clock\DTClock.exe C:\uTorrent.exe D:\WINDOWS\system32\dllhost.exe D:\Program Files\ManyCam\Bin\ManyCam.exe D:\Program Files\RocketDock\RocketDock.exe D:\WINDOWS\System32\svchost.exe D:\Program Files\Windows Live\Messenger\msnmsgr.exe D:\Program Files\Windows Live\Contacts\wlcomm.exe D:\Program Files\Windows Media Player\wmplayer.exe D:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe D:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe D:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe D:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe D:\WINDOWS\system32\msiexec.exe D:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about: R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Google R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Google R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Search R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = Google R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: IE7Pro - {00011268-E188-40DF-A514-835FCD78B1BF} - D:\Program Files\IEPro\iepro.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - D:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - D:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - D:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE D:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [VistaDrive] D:\WINDOWS\VistaDrive\VistaDrive.exe O4 - HKLM\..\Run: [ehTray] D:\WINDOWS\ehome\ehtray.exe O4 - HKLM\..\Run: [skinClock] D:\Program Files\Desktop Tray Clock\DTClock.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "D:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [MSC] "D:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [sunJavaUpdateSched] "D:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [skinClock] D:\Program Files\Desktop Tray Clock\DTClock.exe O4 - HKCU\..\Run: [sidebar] D:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [msnmsgr] "D:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [Google Update] "D:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c O4 - HKCU\..\Run: [bitComet] "D:\Program Files\BitComet\BitComet.exe" /tray O4 - HKCU\..\Run: [uTorrent] "C:\uTorrent.exe" /MINIMIZED O4 - HKCU\..\Run: [ManyCam] "D:\Program Files\ManyCam\Bin\ManyCam.exe" /silent O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service') O4 - HKUS\S-1-5-19\..\Run: [skinClock] D:\Program Files\Desktop Tray Clock\DTClock.exe (User 'Lokale service') O4 - HKUS\S-1-5-19\..\RunOnce: [showDeskFix] regsvr32 /s /n /i:u shell32 (User 'Lokale service') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice') O4 - HKUS\S-1-5-20\..\RunOnce: [showDeskFix] regsvr32 /s /n /i:u shell32 (User 'Netwerkservice') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\RunOnce: [showDeskFix] regsvr32 /s /n /i:u shell32 (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - HKUS\.DEFAULT\..\RunOnce: [showDeskFix] regsvr32 /s /n /i:u shell32 (User 'Default user') O4 - Global Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe O9 - Extra button: IE7Pro Grab and Drag - {000002a3-84fe-43f1-b958-f2c3ca804f1a} - D:\Program Files\IEPro\iepro.dll O9 - Extra 'Tools' menuitem: IE7Pro Grab and Drag - {000002a3-84fe-43f1-b958-f2c3ca804f1a} - D:\Program Files\IEPro\iepro.dll O9 - Extra button: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - D:\Program Files\IEPro\iepro.dll O9 - Extra 'Tools' menuitem: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - D:\Program Files\IEPro\iepro.dll O9 - Extra button: In weblog opnemen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - D:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &In weblog opnemen met Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - D:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: MS-KB - {8b2d996f-b7d1-4961-a929-414d9cf5ba7b} - http://support.microsoft.com/default.aspx?scid=FH;EN-US;KBHOWTO (file missing) O9 - Extra 'Tools' menuitem: MS-KB - {8b2d996f-b7d1-4961-a929-414d9cf5ba7b} - http://support.microsoft.com/default.aspx?scid=FH;EN-US;KBHOWTO (file missing) O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe O16 - DPF: {A672558F-A878-4D5A-A921-627C091CEB6A} (Flatcast Producer 5.3) - http://download.flatcast.net/objects/NpFp530.dll O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O16 - DPF: {E55FD215-A32E-43FE-A777-A7E8F165F560} (Flatcast Viewer 5.2) - http://download.flatcast.net/objects/NpFv522.dll O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - D:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - D:\WINDOWS\system32\browseui.dll O23 - Service: Firebird Guardian - DefaultInstance (FirebirdGuardianDefaultInstance) - Firebird Project - D:\Program Files\Firebird\Firebird_2_5\bin\fbguard.exe O23 - Service: Firebird Server - DefaultInstance (FirebirdServerDefaultInstance) - Firebird Project - D:\Program Files\Firebird\Firebird_2_5\bin\fbserver.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - D:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\system32\nvsvc32.exe -- End of file - 8967 bytes
-
heey mensen ik zal me eerst even voorstellen ik ben harm-jan de graaf uit nagele 21 jaar en heb een probleem met me pc ik kan op zich normaal draaien met mijn pc maar op een gegeven moment gooit hij de muis ,toetsenbord en het beeldscherm eruit maar me pc zelf draait nog wel wat zou dit kunnen zijn vriendelijke groet harm-jan
