kevkeds
-
Items
56 -
Registratiedatum
-
Laatst bezocht
Inhoudstype
Profielen
Forums
Store
Berichten die geplaatst zijn door kevkeds
-
-
ComboFix 08-04-03.5 - kevin deswarte 2008-04-04 21:54:55.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.31.1043.18.475 [GMT 2:00]
Gestart vanuit: C:\Documents and Settings\kevin deswarte\Bureaublad\ComboFix.exe
Command switches used :: C:\Documents and Settings\kevin deswarte\Bureaublad\CFScript.txt
* Nieuw herstelpunt werd aangemaakt
WAARSCHUWING - DE RECOVERY CONSOLE IS NIET OP DIT SYSTEEM GEINSTALLEERD !!
FILE ::
C:\WINDOWS\system32\kxcdansr.exe
C:\WINDOWS\system32\tifyxefm.exe
.
(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\All Users\Application Data\Malwarebytes
C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\news.txt
C:\Documents and Settings\kevin deswarte\Application Data\Malwarebytes
C:\Documents and Settings\kevin deswarte\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-4-1-2008 (19-11-42).txt
C:\SDFix
C:\SDFix\apps\assosfix.reg
C:\SDFix\apps\cliptext.exe
C:\SDFix\apps\download.exe
C:\SDFix\apps\dummy.sys
C:\SDFix\apps\Enable_Command_Prompt.reg
C:\SDFix\apps\ERDNT.E_E
C:\SDFix\apps\ERDNTDOS.LOC
C:\SDFix\apps\ERDNTWIN.LOC
C:\SDFix\apps\ERUNT.EXE
C:\SDFix\apps\ERUNT.LOC
C:\SDFix\apps\fix.reg
C:\SDFix\apps\FixBH.reg
C:\SDFix\apps\FixComponents.reg
C:\SDFix\apps\FIXCU.reg
C:\SDFix\apps\FIXLM.reg
C:\SDFix\apps\FixPath.exe
C:\SDFix\apps\FixRedir.reg
C:\SDFix\apps\FixSchedule.reg
C:\SDFix\apps\FixWebCheck.reg
C:\SDFix\apps\fixXP.reg
C:\SDFix\apps\FixXPsp2.reg
C:\SDFix\apps\grep.exe
C:\SDFix\apps\HPFix.reg
C:\SDFix\apps\HPFix2.reg
C:\SDFix\apps\HPFix3.reg
C:\SDFix\apps\HPFix4.reg
C:\SDFix\apps\HPFix5.reg
C:\SDFix\apps\HPFix6.reg
C:\SDFix\apps\HPFix7.reg
C:\SDFix\apps\isadmin.exe
C:\SDFix\apps\leg2.txt
C:\SDFix\apps\legacy.txt
C:\SDFix\apps\legacybk.txt
C:\SDFix\apps\locate.com
C:\SDFix\apps\LS.exe
C:\SDFix\apps\MD5File.exe
C:\SDFix\apps\MyGcpvFix.reg
C:\SDFix\apps\MyGkFix2.reg
C:\SDFix\apps\Process.exe
C:\SDFix\apps\procs.exe
C:\SDFix\apps\psservice.exe
C:\SDFix\apps\Rem.txt
C:\SDFix\apps\Rem2.txt
C:\SDFix\apps\Replace\regedit.exe
C:\SDFix\apps\Replace\W2K.exe
C:\SDFix\apps\Replace\w2k\beep.sys
C:\SDFix\apps\Replace\w2k\null.sys
C:\SDFix\apps\Replace\XP.exe
C:\SDFix\apps\Replace\xp\beep.sys
C:\SDFix\apps\Replace\xp\null.sys
C:\SDFix\apps\Reset_AppInit_DLLs.reg
C:\SDFix\apps\RestartIt!.exe
C:\SDFix\apps\Restore_SecurityCenter.reg
C:\SDFix\apps\Restore_SharedAccess.reg
C:\SDFix\apps\sc.exe
C:\SDFix\apps\sed.exe
C:\SDFix\apps\SF.exe
C:\SDFix\apps\shutdown.exe
C:\SDFix\apps\srv2.txt
C:\SDFix\apps\srv2bk.txt
C:\SDFix\apps\svc.txt
C:\SDFix\apps\svcbk.txt
C:\SDFix\apps\swreg.exe
C:\SDFix\apps\swsc.exe
C:\SDFix\apps\unzip.exe
C:\SDFix\apps\vfind.exe
C:\SDFix\apps\WINMSG.EXE
C:\SDFix\apps\winsec.reg
C:\SDFix\apps\zip.exe
C:\SDFix\backups\backupreg.zip
C:\SDFix\backups\backups.zip
C:\SDFix\backups\HOSTS
C:\SDFix\catchme.exe
C:\SDFix\dummy.sys
C:\SDFix\Report.txt
C:\SDFix\RunThis.bat
C:\SDFix\SDFIX_ReadMe_Online.url
C:\WINDOWS\system32\kxcdansr.exe
C:\WINDOWS\system32\tifyxefm.exe
.
(((((((((((((((((((( Bestanden Gemaakt van 2008-03-04 to 2008-04-04 ))))))))))))))))))))))))))))))
.
2008-04-04 16:07 . 2008-04-04 16:08 <DIR> d-------- C:\Program Files\querta
2008-04-03 20:53 . 2008-04-03 20:53 <DIR> d-------- C:\WINDOWS\ERUNT
2008-04-03 20:49 . 2006-07-27 15:58 <DIR> d--h----- C:\Documents and Settings\Administrator\Sjablonen
2008-04-03 20:49 . 2008-04-03 20:52 <DIR> dr-h----- C:\Documents and Settings\Administrator\Onlangs geopend
2008-04-03 20:49 . 2006-07-27 17:53 <DIR> d--h----- C:\Documents and Settings\Administrator\Netwerkprinteromgeving
2008-04-03 20:49 . 2006-07-27 16:05 <DIR> dr------- C:\Documents and Settings\Administrator\Mijn documenten
2008-04-03 20:49 . 2006-07-27 17:53 <DIR> dr------- C:\Documents and Settings\Administrator\Menu Start
2008-04-03 20:49 . 2006-07-27 16:05 <DIR> dr------- C:\Documents and Settings\Administrator\Favorieten
2008-04-03 20:49 . 2008-04-04 18:27 <DIR> d-------- C:\Documents and Settings\Administrator\Bureaublad
2008-04-03 20:49 . 2006-08-08 20:53 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Intel
2008-04-03 13:34 . 2008-04-03 14:19 <DIR> d-------- C:\Program Files\a-squared Anti-Malware
2008-04-02 19:37 . 2008-04-02 19:37 <DIR> d-------- C:\Program Files\PC-Cleaner
2008-04-02 19:05 . 2008-02-27 13:15 28,416 --a------ C:\WINDOWS\system32\uxtuneup.dll
2008-04-02 19:03 . 2008-04-02 19:03 307,968 --a------ C:\WINDOWS\system32\TuneUpDefragService.exe
2008-04-01 20:03 . 2008-04-01 20:03 91,700 --a------ C:\WINDOWS\system32\drivers\klin.dat
2008-04-01 20:03 . 2008-04-01 20:03 85,860 --a------ C:\WINDOWS\system32\drivers\klick.dat
2008-04-01 20:01 . 2008-04-01 20:01 <DIR> d-------- C:\Program Files\Kaspersky Lab
2008-04-01 20:01 . 2008-04-04 21:12 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-04-01 20:01 . 2008-04-04 19:29 3,584,032 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-04-01 20:01 . 2008-04-03 21:29 119,072 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
2008-04-01 20:01 . 2008-04-03 21:29 42,236 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2008-04-01 20:01 . 2008-04-03 21:29 4,076 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.idx
2008-04-01 19:59 . 2008-04-01 19:59 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
2008-04-01 17:50 . 2008-04-01 17:50 <DIR> d-------- C:\Program Files\Enigma Software Group
2008-04-01 16:31 . 2008-04-01 16:31 <DIR> d-------- C:\Documents and Settings\kevin deswarte\Application Data\Ufasoft
2008-04-01 14:04 . 2008-04-01 14:06 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-04-01 14:04 . 2008-04-01 14:04 <DIR> d-------- C:\Documents and Settings\kevin deswarte\Application Data\SUPERAntiSpyware.com
2008-04-01 14:04 . 2008-04-01 14:04 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-03-31 21:39 . 2008-04-01 13:56 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-03-31 15:08 . 2008-03-31 15:08 <DIR> d-------- C:\Program Files\Ufasoft
2008-03-31 15:01 . 2008-03-31 15:01 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\vonuzsbi
2008-03-29 12:55 . 2008-03-29 12:55 <DIR> d--h----- C:\WINDOWS\PIF
2008-03-28 22:15 . 2008-03-29 19:45 <DIR> d-------- C:\Program Files\World of Warcraft
2008-03-28 22:05 . 2008-03-28 22:05 <DIR> d-------- C:\Program Files\WinISO
2008-03-28 21:27 . 2008-03-28 21:27 <DIR> d-------- C:\Documents and Settings\kevin deswarte\Application Data\DAEMON Tools Pro
2008-03-28 21:27 . 2008-03-28 21:28 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Pro
2008-03-28 21:21 . 2008-03-28 21:31 <DIR> d-------- C:\Program Files\DAEMON Tools Pro
2008-03-28 21:15 . 2008-03-28 21:15 685,816 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2008-03-28 20:23 . 2008-03-28 22:15 <DIR> d-------- C:\Program Files\Common Files\Blizzard Entertainment
2008-03-28 20:20 . 2008-03-29 18:55 145 --a------ C:\WINDOWS\wowCP.ini
2008-03-24 18:01 . 2008-03-24 18:01 552 --a------ C:\WINDOWS\system32\d3d8caps.dat
2008-03-24 16:13 . 2008-04-04 19:27 116 --a------ C:\WINDOWS\NeroDigital.ini
2008-03-24 15:27 . 2008-03-24 17:16 <DIR> d-------- C:\Documents and Settings\kevin deswarte\Application Data\Ahead
2008-03-24 15:25 . 2008-03-24 15:25 <DIR> d-------- C:\Program Files\Nero
2008-03-24 15:25 . 2008-03-24 15:28 <DIR> d-------- C:\Program Files\Common Files\Ahead
2008-03-24 15:25 . 2008-03-24 15:25 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Nero
2008-03-24 00:07 . 2008-03-24 00:07 <DIR> d-------- C:\Documents and Settings\kevin deswarte\Application Data\DivX
2008-03-24 00:06 . 2008-03-24 00:06 <DIR> d-------- C:\Program Files\DivX
2008-03-23 11:16 . 2008-03-23 11:16 <DIR> d-------- C:\Program Files\TopDesk
2008-03-23 11:05 . 2008-03-23 11:06 <DIR> d-------- C:\Documents and Settings\kevin deswarte.LAPTOP\Application Data\BitTorrent
2008-03-23 11:01 . 2008-03-23 11:07 <DIR> d-------- C:\Documents and Settings\kevin deswarte.LAPTOP\Sjablonen
2008-03-23 11:01 . 2008-03-23 11:07 <DIR> d-------- C:\Documents and Settings\kevin deswarte.LAPTOP\Favorieten
2008-03-23 11:01 . 2006-08-08 20:53 <DIR> d-------- C:\Documents and Settings\kevin deswarte.LAPTOP\Application Data\Intel
2008-03-23 10:59 . 2008-03-23 10:59 3,072,054 --a------ C:\WINDOWS\BricoPack Wallpaper.bmp
2008-03-23 10:56 . 2008-03-23 11:08 <DIR> d-------- C:\WINDOWS\BricoPacks
2008-03-22 21:09 . 2008-04-02 19:03 <DIR> d-------- C:\Program Files\TuneUp Utilities 2008
2008-03-22 21:09 . 2008-03-22 21:09 <DIR> d-------- C:\Documents and Settings\kevin deswarte\Application Data\TuneUp Software
2008-03-22 21:09 . 2008-03-22 21:09 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\TuneUp Software
2008-03-22 21:07 . 2008-04-01 14:03 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-03-22 20:07 . 2008-03-22 20:07 <DIR> d-------- C:\Program Files\DNA
2008-03-22 20:07 . 2008-03-22 20:07 <DIR> d-------- C:\Program Files\BitTorrent
2008-03-22 20:07 . 2008-04-04 22:04 <DIR> d-------- C:\Documents and Settings\kevin deswarte\Application Data\DNA
2008-03-22 20:07 . 2008-04-04 20:34 <DIR> d-------- C:\Documents and Settings\kevin deswarte\Application Data\BitTorrent
2008-03-21 23:22 . 2008-03-21 23:22 <DIR> d-------- C:\Program Files\MSXML 4.0
2008-03-21 21:12 . 2008-03-21 21:12 <DIR> d-------- C:\Program Files\Alwil Software
2008-03-21 21:12 . 2003-03-18 22:20 1,060,864 --a------ C:\WINDOWS\system32\MFC71.dll
2008-03-21 21:09 . 2008-03-21 21:09 <DIR> d-------- C:\Program Files\Common Files\Adobe
2008-03-21 21:02 . 2008-03-21 21:02 <DIR> d-------- C:\Documents and Settings\kevin deswarte\Application Data\AdobeUM
2008-03-21 15:36 . 2008-03-21 16:02 <DIR> d-------- C:\Program Files\Conquer 2.0
2008-03-21 15:36 . 2008-03-21 15:36 <DIR> d-------- C:\Documents and Settings\kevin deswarte\Application Data\InstallShield
2008-03-21 14:50 . 2007-07-30 20:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2008-03-21 14:50 . 2007-07-30 20:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll
2008-03-21 14:50 . 2007-07-30 20:18 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-03-21 14:41 . 2008-04-01 19:57 <DIR> d-------- C:\Downloads
2008-03-21 14:37 . 2008-04-04 21:52 <DIR> d-------- C:\Program Files\FlashGet
2008-03-20 20:06 . 2008-03-20 20:08 <DIR> d-------- C:\Documents and Settings\kevin deswarte\Application Data\DMCache
2008-03-20 20:03 . 2008-03-20 20:03 1,158 --a------ C:\WINDOWS\mozver.dat
2008-03-20 18:28 . 2008-03-20 18:28 <DIR> d-------- C:\Documents and Settings\kevin deswarte\Application Data\3M
2008-03-20 18:11 . 2008-03-20 18:11 <DIR> d---s---- C:\Documents and Settings\kevin deswarte\UserData
2008-03-20 18:06 . 2008-03-20 18:06 0 --a------ C:\WINDOWS\nsreg.dat
2008-03-20 17:58 . 2008-03-20 17:58 <DIR> d-------- C:\Documents and Settings\kevin deswarte\Contacts
2008-03-20 17:57 . 2006-11-29 14:06 3,426,072 --a------ C:\WINDOWS\system32\d3dx9_32.dll
2008-03-20 17:56 . 2008-03-20 17:56 <DIR> d-------- C:\Program Files\Windows Live Toolbar
2008-03-20 17:53 . 2008-03-20 17:55 <DIR> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller
2008-03-20 17:52 . 2008-03-22 15:26 <DIR> d-------- C:\Program Files\Windows Live
2008-03-20 17:52 . 2008-03-20 17:52 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-03-20 15:52 . 2006-07-27 15:58 <DIR> d--h----- C:\Documents and Settings\kevin deswarte\Sjablonen
2008-03-20 15:52 . 2008-04-04 21:52 <DIR> dr-h----- C:\Documents and Settings\kevin deswarte\Onlangs geopend
2008-03-20 15:52 . 2006-07-27 17:53 <DIR> d--h----- C:\Documents and Settings\kevin deswarte\Netwerkprinteromgeving
2008-03-20 15:52 . 2008-04-03 21:06 <DIR> dr------- C:\Documents and Settings\kevin deswarte\Mijn documenten
2008-03-20 15:52 . 2006-07-27 17:53 <DIR> dr------- C:\Documents and Settings\kevin deswarte\Menu Start
2008-03-20 15:52 . 2008-03-26 23:49 <DIR> dr------- C:\Documents and Settings\kevin deswarte\Favorieten
2008-03-20 15:52 . 2008-04-04 21:54 <DIR> d-------- C:\Documents and Settings\kevin deswarte\Bureaublad
2008-03-20 15:52 . 2006-08-08 20:53 <DIR> d-------- C:\Documents and Settings\kevin deswarte\Application Data\Intel
2008-03-20 15:47 . 2008-03-20 15:47 8,192 --a------ C:\WINDOWS\REGLOCS.OLD
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-21 13:36 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-02-08 16:37 219,664 ----a-w C:\WINDOWS\system32\klogon.dll
2008-02-08 16:35 23,604 ----a-w C:\WINDOWS\system32\drivers\klopp.dat
2008-02-01 10:17 587,264 ----a-w C:\WINDOWS\WLXPGSS.SCR
.
((((((((((((((((((((((((((((( snapshot@2008-04-04_18.48.08,84 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-04-04 12:53:15 16,384 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
+ 2008-04-04 19:12:32 16,384 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
- 2008-04-04 12:53:15 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Geschiedenis\History.IE5\index.dat
+ 2008-04-04 19:12:32 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Geschiedenis\History.IE5\index.dat
- 2008-04-04 12:53:15 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2008-04-04 19:12:32 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 12:34 5724184]
"BitTorrent DNA"="C:\Program Files\DNA\btdna.exe" [2008-03-26 16:42 288576]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-11-16 20:04 139264]
"DAEMON Tools Pro Agent"="C:\Program Files\DAEMON Tools Pro\DTProAgent.exe" [2007-09-06 15:08 136136]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-04-01 14:07 1470464]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2006-02-07 02:39 94208]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2006-02-07 02:36 77824]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2006-02-07 02:40 118784]
"RTHDCPL"="RTHDCPL.EXE" [2006-06-13 14:05 16239616 C:\WINDOWS\RTHDCPL.exe]
"SkyTel"="SkyTel.EXE" [2006-05-16 12:04 2879488 C:\WINDOWS\SkyTel.exe]
"IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [2006-04-14 11:51 667718]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2006-04-14 11:52 602182]
"EOUApp"="C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe" [2006-04-14 11:56 569413]
"AGRSMMSG"="AGRSMMSG.exe" [2005-09-09 05:20 88203 C:\WINDOWS\AGRSMMSG.exe]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-03 22:00 110592 C:\WINDOWS\system32\bthprops.cpl]
"tsnp2std"="C:\WINDOWS\tsnp2std.exe" [2006-05-15 14:44 266240]
"snp2std"="C:\WINDOWS\vsnp2std.exe" [2006-05-15 15:52 675840]
"MGSysCtrl"="C:\Program Files\System Control Manager\MGSysCtrl.exe" [2006-08-03 15:24 178688]
"LiveMonitor"="C:\Program Files\MSI\Live Update 3\LMonitor.exe" [2006-06-07 14:22 484352]
"Flashget"="C:\Program Files\FlashGet\FlashGet.exe" [2007-06-29 13:44 1990704]
"TopDesk"="C:\Program Files\TopDesk\topdesk.exe" [2006-03-01 19:03 201216]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 16:40 155648]
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe" [2008-02-08 18:36 227856]
"a-squared"="C:\Program Files\a-squared Anti-Malware\a2guard.exe" [2008-01-07 17:56 1816208]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-03 22:00 15360]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 12:34 5724184]
C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 23:05:26 29696]
Ralink Wireless Utility.lnk - C:\Program Files\RALINK\Common\RaUI.exe [2006-08-08 21:02:19 593920]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 12:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"MSVideo8"= VfWWDM32.dll
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\FlashGet\\flashget.exe"=
"C:\\Program Files\\DNA\\btdna.exe"=
"C:\\Program Files\\BitTorrent\\bittorrent.exe"=
"C:\\Program Files\\World of Warcraft\\WoW-1.12.0-enUS-downloader.exe"=
"C:\\Program Files\\World of Warcraft\\WoW-1.12.x-to-2.0.1-enUS-patch-downloader.exe"=
"C:\\Documents and Settings\\All Users\\Application Data\\Kaspersky Lab Setup Files\\Kaspersky Anti-Virus 7.0.1.325\\English\\setup.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
R0 O2MDRDR;O2MDRDR;C:\WINDOWS\system32\DRIVERS\o2media.sys [2006-02-27 09:00]
R0 O2SDRDR;O2SDRDR;C:\WINDOWS\system32\DRIVERS\o2sd.sys [2006-06-21 11:09]
R2 NishService;SCM Driver Daemon;C:\Program Files\System Control Manager\edd.exe [2006-03-22 11:07]
R2 UxTuneUp;TuneUp Thema-uitbreiding;C:\WINDOWS\System32\svchost.exe [2004-08-03 22:00]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [2007-12-13 13:28]
R3 MGHwCtrl;MGHwCtrl;C:\WINDOWS\system32\drivers\MGHwCtrl.sys [2006-07-03 10:31]
S3 SNP2STD;USB2.0 PC Camera (SNP2STD);C:\WINDOWS\system32\DRIVERS\snp2sxp.sys [2006-05-03 20:36]
S3 TuneUp.Defrag;TuneUp Drive Defrag Service;C:\WINDOWS\System32\TuneUpDefragService.exe [2008-04-02 19:03]
S3 UfasoftSnifDriver4;Ufasoft Snif Driver v4;C:\Program Files\Ufasoft\Sniffer\usft_sn4.sys [2008-01-17 05:22]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Inhoud van de 'Gedeelde Taken' map
"2008-04-04 20:01:15 C:\WINDOWS\Tasks\1-Click Maintenance.job"
- C:\Program Files\TuneUp Utilities 2008\OneClickStarter.exe
"2008-04-04 19:14:05 C:\WINDOWS\Tasks\Controleren op updates voor Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-04 22:05:39
Windows 5.1.2600 Service Pack 2 NTFS
scannen van verborgen processen ...
scannen van verborgen autostart items ...
scannen van verborgen bestanden ...
Scan succesvol afgerond
verborgen bestanden: 0
**************************************************************************
.
Voltooingstijd: 2008-04-04 22:07:17
ComboFix-quarantined-files.txt 2008-04-04 20:07:12
ComboFix2.txt 2008-04-04 16:49:37
Pre-Run: 67,384,758,272 bytes beschikbaar
Post-Run: 67,394,953,216 bytes beschikbaar
.
2008-03-22 13:26:51 --- E O F ---
voila , voorlopig geen meldinge gekregen maar khou men hart vast
nogmaals becankt voo je tyd en inspaningen !
-
combofix :
ComboFix 08-04-03.5 - kevin deswarte 2008-04-04 18:11:00.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.31.1043.18.235 [GMT 2:00]
Gestart vanuit: C:\Documents and Settings\kevin deswarte\Bureaublad\ComboFix.exe
* Nieuw herstelpunt werd aangemaakt
WAARSCHUWING - DE RECOVERY CONSOLE IS NIET OP DIT SYSTEEM GEINSTALLEERD !!
.
(((((((((((((((((((( Bestanden Gemaakt van 2008-03-04 to 2008-04-04 ))))))))))))))))))))))))))))))
.
2008-04-04 18:25 . 2008-04-04 18:25 6,736 --a------ C:\WINDOWS\system32\drivers\PROCEXP90.SYS
2008-04-04 16:07 . 2008-04-04 16:08 <DIR> d-------- C:\Program Files\querta
2008-04-03 20:53 . 2008-04-03 20:53 <DIR> d-------- C:\WINDOWS\ERUNT
2008-04-03 20:49 . 2006-07-27 15:58 <DIR> d--h----- C:\Documents and Settings\Administrator\Sjablonen
2008-04-03 20:49 . 2008-04-03 20:52 <DIR> dr-h----- C:\Documents and Settings\Administrator\Onlangs geopend
2008-04-03 20:49 . 2006-07-27 17:53 <DIR> d--h----- C:\Documents and Settings\Administrator\Netwerkprinteromgeving
2008-04-03 20:49 . 2006-07-27 16:05 <DIR> dr------- C:\Documents and Settings\Administrator\Mijn documenten
2008-04-03 20:49 . 2006-07-27 17:53 <DIR> dr------- C:\Documents and Settings\Administrator\Menu Start
2008-04-03 20:49 . 2006-07-27 16:05 <DIR> dr------- C:\Documents and Settings\Administrator\Favorieten
2008-04-03 20:49 . 2008-04-04 18:27 <DIR> d-------- C:\Documents and Settings\Administrator\Bureaublad
2008-04-03 20:49 . 2006-08-08 20:53 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Intel
2008-04-03 20:38 . 2008-04-03 21:02 <DIR> d-------- C:\SDFix
2008-04-03 13:34 . 2008-04-03 14:19 <DIR> d-------- C:\Program Files\a-squared Anti-Malware
2008-04-02 19:37 . 2008-04-02 19:37 <DIR> d-------- C:\Program Files\PC-Cleaner
2008-04-02 19:05 . 2008-02-27 13:15 28,416 --a------ C:\WINDOWS\system32\uxtuneup.dll
2008-04-02 19:03 . 2008-04-02 19:03 307,968 --a------ C:\WINDOWS\system32\TuneUpDefragService.exe
2008-04-01 20:11 . 2008-04-01 20:11 90,112 --a------ C:\WINDOWS\system32\kxcdansr.exe
2008-04-01 20:03 . 2008-04-01 20:03 91,700 --a------ C:\WINDOWS\system32\drivers\klin.dat
2008-04-01 20:03 . 2008-04-01 20:03 85,860 --a------ C:\WINDOWS\system32\drivers\klick.dat
2008-04-01 20:01 . 2008-04-01 20:01 <DIR> d-------- C:\Program Files\Kaspersky Lab
2008-04-01 20:01 . 2008-04-04 14:53 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-04-01 20:01 . 2008-04-04 18:47 3,471,136 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-04-01 20:01 . 2008-04-03 21:29 119,072 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
2008-04-01 20:01 . 2008-04-03 21:29 42,236 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2008-04-01 20:01 . 2008-04-03 21:29 4,076 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.idx
2008-04-01 19:59 . 2008-04-01 19:59 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
2008-04-01 18:54 . 2008-04-01 18:54 <DIR> d-------- C:\Documents and Settings\kevin deswarte\Application Data\Malwarebytes
2008-04-01 18:54 . 2008-04-01 18:54 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-04-01 17:50 . 2008-04-01 17:50 <DIR> d-------- C:\Program Files\Enigma Software Group
2008-04-01 16:31 . 2008-04-01 16:31 <DIR> d-------- C:\Documents and Settings\kevin deswarte\Application Data\Ufasoft
2008-04-01 14:04 . 2008-04-01 14:06 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-04-01 14:04 . 2008-04-01 14:04 <DIR> d-------- C:\Documents and Settings\kevin deswarte\Application Data\SUPERAntiSpyware.com
2008-04-01 14:04 . 2008-04-01 14:04 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-03-31 21:39 . 2008-04-01 13:56 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-03-31 15:08 . 2008-03-31 15:08 <DIR> d-------- C:\Program Files\Ufasoft
2008-03-31 15:01 . 2008-03-31 15:01 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\vonuzsbi
2008-03-31 15:01 . 2008-03-31 15:01 90,112 --a------ C:\WINDOWS\system32\tifyxefm.exe
2008-03-29 12:55 . 2008-03-29 12:55 <DIR> d--h----- C:\WINDOWS\PIF
2008-03-28 22:15 . 2008-03-29 19:45 <DIR> d-------- C:\Program Files\World of Warcraft
2008-03-28 22:05 . 2008-03-28 22:05 <DIR> d-------- C:\Program Files\WinISO
2008-03-28 21:27 . 2008-03-28 21:27 <DIR> d-------- C:\Documents and Settings\kevin deswarte\Application Data\DAEMON Tools Pro
2008-03-28 21:27 . 2008-03-28 21:28 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Pro
2008-03-28 21:21 . 2008-03-28 21:31 <DIR> d-------- C:\Program Files\DAEMON Tools Pro
2008-03-28 21:15 . 2008-03-28 21:15 685,816 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2008-03-28 20:23 . 2008-03-28 22:15 <DIR> d-------- C:\Program Files\Common Files\Blizzard Entertainment
2008-03-28 20:20 . 2008-03-29 18:55 145 --a------ C:\WINDOWS\wowCP.ini
2008-03-24 18:01 . 2008-03-24 18:01 552 --a------ C:\WINDOWS\system32\d3d8caps.dat
2008-03-24 16:13 . 2008-04-04 15:15 116 --a------ C:\WINDOWS\NeroDigital.ini
2008-03-24 15:27 . 2008-03-24 17:16 <DIR> d-------- C:\Documents and Settings\kevin deswarte\Application Data\Ahead
2008-03-24 15:25 . 2008-03-24 15:25 <DIR> d-------- C:\Program Files\Nero
2008-03-24 15:25 . 2008-03-24 15:28 <DIR> d-------- C:\Program Files\Common Files\Ahead
2008-03-24 15:25 . 2008-03-24 15:25 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Nero
2008-03-24 00:07 . 2008-03-24 00:07 <DIR> d-------- C:\Documents and Settings\kevin deswarte\Application Data\DivX
2008-03-24 00:06 . 2008-03-24 00:06 <DIR> d-------- C:\Program Files\DivX
2008-03-23 11:16 . 2008-03-23 11:16 <DIR> d-------- C:\Program Files\TopDesk
2008-03-23 11:05 . 2008-03-23 11:06 <DIR> d-------- C:\Documents and Settings\kevin deswarte.LAPTOP\Application Data\BitTorrent
2008-03-23 11:01 . 2008-03-23 11:07 <DIR> d-------- C:\Documents and Settings\kevin deswarte.LAPTOP\Sjablonen
2008-03-23 11:01 . 2008-03-23 11:07 <DIR> d-------- C:\Documents and Settings\kevin deswarte.LAPTOP\Favorieten
2008-03-23 11:01 . 2006-08-08 20:53 <DIR> d-------- C:\Documents and Settings\kevin deswarte.LAPTOP\Application Data\Intel
2008-03-23 10:59 . 2008-03-23 10:59 3,072,054 --a------ C:\WINDOWS\BricoPack Wallpaper.bmp
2008-03-23 10:56 . 2008-03-23 11:08 <DIR> d-------- C:\WINDOWS\BricoPacks
2008-03-22 21:09 . 2008-04-02 19:03 <DIR> d-------- C:\Program Files\TuneUp Utilities 2008
2008-03-22 21:09 . 2008-03-22 21:09 <DIR> d-------- C:\Documents and Settings\kevin deswarte\Application Data\TuneUp Software
2008-03-22 21:09 . 2008-03-22 21:09 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\TuneUp Software
2008-03-22 21:07 . 2008-04-01 14:03 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-03-22 20:07 . 2008-03-22 20:07 <DIR> d-------- C:\Program Files\DNA
2008-03-22 20:07 . 2008-03-22 20:07 <DIR> d-------- C:\Program Files\BitTorrent
2008-03-22 20:07 . 2008-04-04 18:44 <DIR> d-------- C:\Documents and Settings\kevin deswarte\Application Data\DNA
2008-03-22 20:07 . 2008-04-04 14:51 <DIR> d-------- C:\Documents and Settings\kevin deswarte\Application Data\BitTorrent
2008-03-21 23:22 . 2008-03-21 23:22 <DIR> d-------- C:\Program Files\MSXML 4.0
2008-03-21 21:12 . 2008-03-21 21:12 <DIR> d-------- C:\Program Files\Alwil Software
2008-03-21 21:12 . 2003-03-18 22:20 1,060,864 --a------ C:\WINDOWS\system32\MFC71.dll
2008-03-21 21:09 . 2008-03-21 21:09 <DIR> d-------- C:\Program Files\Common Files\Adobe
2008-03-21 21:02 . 2008-03-21 21:02 <DIR> d-------- C:\Documents and Settings\kevin deswarte\Application Data\AdobeUM
2008-03-21 15:36 . 2008-03-21 16:02 <DIR> d-------- C:\Program Files\Conquer 2.0
2008-03-21 15:36 . 2008-03-21 15:36 <DIR> d-------- C:\Documents and Settings\kevin deswarte\Application Data\InstallShield
2008-03-21 14:50 . 2007-07-30 20:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2008-03-21 14:50 . 2007-07-30 20:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll
2008-03-21 14:50 . 2007-07-30 20:18 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-03-21 14:41 . 2008-04-01 19:57 <DIR> d-------- C:\Downloads
2008-03-21 14:37 . 2008-04-04 18:39 <DIR> d-------- C:\Program Files\FlashGet
2008-03-20 20:06 . 2008-03-20 20:08 <DIR> d-------- C:\Documents and Settings\kevin deswarte\Application Data\DMCache
2008-03-20 20:03 . 2008-03-20 20:03 1,158 --a------ C:\WINDOWS\mozver.dat
2008-03-20 18:28 . 2008-03-20 18:28 <DIR> d-------- C:\Documents and Settings\kevin deswarte\Application Data\3M
2008-03-20 18:11 . 2008-03-20 18:11 <DIR> d---s---- C:\Documents and Settings\kevin deswarte\UserData
2008-03-20 18:06 . 2008-03-20 18:06 0 --a------ C:\WINDOWS\nsreg.dat
2008-03-20 17:58 . 2008-03-20 17:58 <DIR> d-------- C:\Documents and Settings\kevin deswarte\Contacts
2008-03-20 17:57 . 2006-11-29 14:06 3,426,072 --a------ C:\WINDOWS\system32\d3dx9_32.dll
2008-03-20 17:56 . 2008-03-20 17:56 <DIR> d-------- C:\Program Files\Windows Live Toolbar
2008-03-20 17:53 . 2008-03-20 17:55 <DIR> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller
2008-03-20 17:52 . 2008-03-22 15:26 <DIR> d-------- C:\Program Files\Windows Live
2008-03-20 17:52 . 2008-03-20 17:52 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-03-20 15:52 . 2006-07-27 15:58 <DIR> d--h----- C:\Documents and Settings\kevin deswarte\Sjablonen
2008-03-20 15:52 . 2008-04-04 17:16 <DIR> dr-h----- C:\Documents and Settings\kevin deswarte\Onlangs geopend
2008-03-20 15:52 . 2006-07-27 17:53 <DIR> d--h----- C:\Documents and Settings\kevin deswarte\Netwerkprinteromgeving
2008-03-20 15:52 . 2008-04-03 21:06 <DIR> dr------- C:\Documents and Settings\kevin deswarte\Mijn documenten
2008-03-20 15:52 . 2006-07-27 17:53 <DIR> dr------- C:\Documents and Settings\kevin deswarte\Menu Start
2008-03-20 15:52 . 2008-03-26 23:49 <DIR> dr------- C:\Documents and Settings\kevin deswarte\Favorieten
2008-03-20 15:52 . 2008-04-04 18:27 <DIR> d-------- C:\Documents and Settings\kevin deswarte\Bureaublad
2008-03-20 15:52 . 2006-08-08 20:53 <DIR> d-------- C:\Documents and Settings\kevin deswarte\Application Data\Intel
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-21 13:36 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-02-08 16:37 219,664 ----a-w C:\WINDOWS\system32\klogon.dll
2008-02-08 16:35 23,604 ----a-w C:\WINDOWS\system32\drivers\klopp.dat
2008-02-01 10:17 587,264 ----a-w C:\WINDOWS\WLXPGSS.SCR
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 12:34 5724184]
"BitTorrent DNA"="C:\Program Files\DNA\btdna.exe" [2008-03-26 16:42 288576]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-11-16 20:04 139264]
"DAEMON Tools Pro Agent"="C:\Program Files\DAEMON Tools Pro\DTProAgent.exe" [2007-09-06 15:08 136136]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-04-01 14:07 1470464]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2006-02-07 02:39 94208]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2006-02-07 02:36 77824]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2006-02-07 02:40 118784]
"RTHDCPL"="RTHDCPL.EXE" [2006-06-13 14:05 16239616 C:\WINDOWS\RTHDCPL.exe]
"SkyTel"="SkyTel.EXE" [2006-05-16 12:04 2879488 C:\WINDOWS\SkyTel.exe]
"IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [2006-04-14 11:51 667718]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2006-04-14 11:52 602182]
"EOUApp"="C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe" [2006-04-14 11:56 569413]
"AGRSMMSG"="AGRSMMSG.exe" [2005-09-09 05:20 88203 C:\WINDOWS\AGRSMMSG.exe]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-03 22:00 110592 C:\WINDOWS\system32\bthprops.cpl]
"tsnp2std"="C:\WINDOWS\tsnp2std.exe" [2006-05-15 14:44 266240]
"snp2std"="C:\WINDOWS\vsnp2std.exe" [2006-05-15 15:52 675840]
"MGSysCtrl"="C:\Program Files\System Control Manager\MGSysCtrl.exe" [2006-08-03 15:24 178688]
"LiveMonitor"="C:\Program Files\MSI\Live Update 3\LMonitor.exe" [2006-06-07 14:22 484352]
"Flashget"="C:\Program Files\FlashGet\FlashGet.exe" [2007-06-29 13:44 1990704]
"TopDesk"="C:\Program Files\TopDesk\topdesk.exe" [2006-03-01 19:03 201216]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 16:40 155648]
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe" [2008-02-08 18:36 227856]
"a-squared"="C:\Program Files\a-squared Anti-Malware\a2guard.exe" [2008-01-07 17:56 1816208]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-03 22:00 15360]
C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 23:05:26 29696]
Ralink Wireless Utility.lnk - C:\Program Files\RALINK\Common\RaUI.exe [2006-08-08 21:02:19 593920]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 12:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"MSVideo8"= VfWWDM32.dll
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\FlashGet\\flashget.exe"=
"C:\\Program Files\\DNA\\btdna.exe"=
"C:\\Program Files\\BitTorrent\\bittorrent.exe"=
"C:\\Program Files\\World of Warcraft\\WoW-1.12.0-enUS-downloader.exe"=
"C:\\Program Files\\World of Warcraft\\WoW-1.12.x-to-2.0.1-enUS-patch-downloader.exe"=
"C:\\Documents and Settings\\All Users\\Application Data\\Kaspersky Lab Setup Files\\Kaspersky Anti-Virus 7.0.1.325\\English\\setup.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
R0 O2MDRDR;O2MDRDR;C:\WINDOWS\system32\DRIVERS\o2media.sys [2006-02-27 09:00]
R0 O2SDRDR;O2SDRDR;C:\WINDOWS\system32\DRIVERS\o2sd.sys [2006-06-21 11:09]
R2 NishService;SCM Driver Daemon;C:\Program Files\System Control Manager\edd.exe [2006-03-22 11:07]
R2 UxTuneUp;TuneUp Thema-uitbreiding;C:\WINDOWS\System32\svchost.exe [2004-08-03 22:00]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [2007-12-13 13:28]
R3 MGHwCtrl;MGHwCtrl;C:\WINDOWS\system32\drivers\MGHwCtrl.sys [2006-07-03 10:31]
R3 TuneUp.Defrag;TuneUp Drive Defrag Service;C:\WINDOWS\System32\TuneUpDefragService.exe [2008-04-02 19:03]
S3 SNP2STD;USB2.0 PC Camera (SNP2STD);C:\WINDOWS\system32\DRIVERS\snp2sxp.sys [2006-05-03 20:36]
S3 UfasoftSnifDriver4;Ufasoft Snif Driver v4;C:\Program Files\Ufasoft\Sniffer\usft_sn4.sys [2008-01-17 05:22]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Inhoud van de 'Gedeelde Taken' map
"2008-04-04 16:00:01 C:\WINDOWS\Tasks\1-Click Maintenance.job"
- C:\Program Files\TuneUp Utilities 2008\OneClickStarter.exe
"2008-04-04 16:14:03 C:\WINDOWS\Tasks\Controleren op updates voor Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
.
**************************************************************************
scannen van verborgen processen ...
scannen van verborgen autostart items ...
scannen van verborgen bestanden ...
**************************************************************************
.
Voltooingstijd: 2008-04-04 18:49:35
ComboFix-quarantined-files.txt 2008-04-04 16:48:37
Pre-Run: 66,071,535,616 bytes beschikbaar
Post-Run: 66,042,667,008 bytes beschikbaar
.
2008-03-22 13:26:51 --- E O F ---
hjt :
Logfile of HijackThis v1.99.1
Scan saved at 18:55:01, on 4/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\a-squared Anti-Malware\a2service.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\Program Files\System Control Manager\edd.exe
C:\WINDOWS\system32\o2flash.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\tsnp2std.exe
C:\WINDOWS\vsnp2std.exe
C:\Program Files\System Control Manager\MGSysCtrl.exe
C:\Program Files\MSI\Live Update 3\LMonitor.exe
C:\Program Files\FlashGet\FlashGet.exe
C:\Program Files\TopDesk\topdesk.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\DAEMON Tools Pro\DTProAgent.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\RALINK\Common\RaUI.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\system32\drwtsn32.exe
C:\WINDOWS\system32\drwtsn32.exe
C:\WINDOWS\system32\drwtsn32.exe
C:\WINDOWS\System32\TuneUpDefragService.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [skyTel] SkyTel.EXE
O4 - HKLM\..\Run: [intelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [intelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [EOUApp] "C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe"
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [tsnp2std] C:\WINDOWS\tsnp2std.exe
O4 - HKLM\..\Run: [snp2std] C:\WINDOWS\vsnp2std.exe
O4 - HKLM\..\Run: [MGSysCtrl] C:\Program Files\System Control Manager\MGSysCtrl.exe
O4 - HKLM\..\Run: [LiveMonitor] C:\Program Files\MSI\Live Update 3\LMonitor.exe
O4 - HKLM\..\Run: [Flashget] "C:\Program Files\FlashGet\FlashGet.exe" /min
O4 - HKLM\..\Run: [TopDesk] C:\Program Files\TopDesk\topdesk.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe"
O4 - HKLM\..\Run: [a-squared] "C:\Program Files\a-squared Anti-Malware\a2guard.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [bitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [DAEMON Tools Pro Agent] "C:\Program Files\DAEMON Tools Pro\DTProAgent.exe"
O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Ralink Wireless Utility.lnk = C:\Program Files\RALINK\Common\RaUI.exe
O8 - Extra context menu item: &Ontvang alles met FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Ontvang met FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.msi.com.tw
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/NL-BE/a-UNO1/GAME_UNO1.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
O23 - Service: a-squared Anti-Malware Service (a2AntiMalware) - Emsi Software GmbH - C:\Program Files\a-squared Anti-Malware\a2service.exe
O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe" -r (file missing)
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: SCM Driver Daemon (NishService) - Unknown owner - C:\Program Files\System Control Manager\edd.exe
O23 - Service: O2Micro Flash Memory (O2Flash) - Unknown owner - C:\WINDOWS\system32\o2flash.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
allesinds al bedeankt dat je wil helpen en voor je tyd
mvg
-
SDFix: Version 1.165
Run by Administrator on do 03/04/2008 at 20:55
Microsoft Windows XP [versie 5.1.2600]
Running From: C:\SDFix
Checking Services :
Restoring Windows Registry Values
Restoring Windows Default Hosts File
Rebooting
Checking Files :
No Trojan Files Found
Removing Temp Files
ADS Check :
Final Check :
catchme 0.3.1344.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-03 20:59:56
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden services & system hive ...
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\000df01f436d]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\000df0259ae5]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\000df02d1bf4]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
"s1"=dword:2df9c43f
"s2"=dword:110480d0
"h0"=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC]
"p0"="C:\Program Files\DAEMON Tools Pro\"
"h0"=dword:00000000
"hdf12"=hex:8c,47,28,8f,bf,fc,c8,74,aa,0f,55,16,46,82,ce,11,42,ec,49,31,b9,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001]
"a0"=hex:20,01,00,00,e4,f4,68,60,bf,df,e0,d0,84,e2,6e,7d,d8,14,76,d6,aa,..
"hdf12"=hex:b2,08,28,f2,16,e3,58,79,1b,97,54,91,d2,03,8f,e5,8c,2f,0f,53,d8,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0]
"hdf12"=hex:69,33,f3,3e,d1,d2,7a,fc,83,fd,c1,33,ba,b2,b5,14,1b,45,3a,ae,a4,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1]
"hdf12"=hex:37,c5,a0,e4,e8,eb,cd,b1,4e,03,91,d1,5c,e0,23,8c,06,0b,e2,01,16,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002]
"a0"=hex:20,01,00,00,cb,67,52,60,60,bc,7b,ec,47,42,ef,58,0c,da,5e,26,de,..
"hdf12"=hex:53,50,01,e1,9a,6a,44,2d,57,60,8a,8d,99,fe,67,1d,27,0e,22,a3,80,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002\gdq0]
"hdf12"=hex:40,a3,c6,3d,56,38,9a,59,c4,e1,10,a9,93,b8,2f,5e,14,99,02,08,95,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\000df01f436d]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\000df0259ae5]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\000df02d1bf4]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC]
"p0"="C:\Program Files\DAEMON Tools Pro\"
"h0"=dword:00000000
"hdf12"=hex:8c,47,28,8f,bf,fc,c8,74,aa,0f,55,16,46,82,ce,11,42,ec,49,31,b9,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001]
"a0"=hex:20,01,00,00,e4,f4,68,60,bf,df,e0,d0,84,e2,6e,7d,d8,14,76,d6,aa,..
"hdf12"=hex:b2,08,28,f2,16,e3,58,79,1b,97,54,91,d2,03,8f,e5,8c,2f,0f,53,d8,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0]
"hdf12"=hex:69,33,f3,3e,d1,d2,7a,fc,83,fd,c1,33,ba,b2,b5,14,1b,45,3a,ae,a4,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1]
"hdf12"=hex:37,c5,a0,e4,e8,eb,cd,b1,4e,03,91,d1,5c,e0,23,8c,06,0b,e2,01,16,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002]
"a0"=hex:20,01,00,00,cb,67,52,60,60,bc,7b,ec,47,42,ef,58,0c,da,5e,26,de,..
"hdf12"=hex:53,50,01,e1,9a,6a,44,2d,57,60,8a,8d,99,fe,67,1d,27,0e,22,a3,80,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002\gdq0]
"hdf12"=hex:40,a3,c6,3d,56,38,9a,59,c4,e1,10,a9,93,b8,2f,5e,14,99,02,08,95,..
scanning hidden registry entries ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 84
Remaining Services :
Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\FlashGet\\flashget.exe"="C:\\Program Files\\FlashGet\\flashget.exe:*:Enabled:Flashget"
"C:\\Program Files\\DNA\\btdna.exe"="C:\\Program Files\\DNA\\btdna.exe:*:Enabled:DNA"
"C:\\Program Files\\BitTorrent\\bittorrent.exe"="C:\\Program Files\\BitTorrent\\bittorrent.exe:*:Enabled:BitTorrent"
"C:\\Program Files\\World of Warcraft\\WoW-1.12.0-enUS-downloader.exe"="C:\\Program Files\\World of Warcraft\\WoW-1.12.0-enUS-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\\Program Files\\World of Warcraft\\WoW-1.12.x-to-2.0.1-enUS-patch-downloader.exe"="C:\\Program Files\\World of Warcraft\\WoW-1.12.x-to-2.0.1-enUS-patch-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\\Documents and Settings\\All Users\\Application Data\\Kaspersky Lab Setup Files\\Kaspersky Anti-Virus 7.0.1.325\\English\\setup.exe"="C:\\Documents and Settings\\All Users\\Application Data\\Kaspersky Lab Setup Files\\Kaspersky Anti-Virus 7.0.1.325\\English\\setup.exe:*:Enabled:Kaspersky Anti-Virus 7.0 Setup"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
Remaining Files :
File Backups: - C:\SDFix\backups\backups.zip
Files with Hidden Attributes :
Fri 21 Mar 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\585dc2612ebcefc90e7dee4c276ee95e\BITDD.tmp"
Finished!
-
Logfile of HijackThis v1.99.1
Scan saved at 20:03:14, on 3/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\a-squared Anti-Malware\a2service.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\Program Files\System Control Manager\edd.exe
C:\WINDOWS\system32\o2flash.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\All Users\Application Data\vonuzsbi\zabebybi.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\tsnp2std.exe
C:\WINDOWS\vsnp2std.exe
C:\Program Files\System Control Manager\MGSysCtrl.exe
C:\Program Files\MSI\Live Update 3\LMonitor.exe
C:\Program Files\FlashGet\FlashGet.exe
C:\Program Files\TopDesk\topdesk.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\DAEMON Tools Pro\DTProAgent.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\system32\kxcdansr.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\RALINK\Common\RaUI.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\TuneUp Utilities 2008\Integrator.exe
C:\Program Files\TuneUp Utilities 2008\MemOptimizer.exe
C:\Program Files\TuneUp Utilities 2008\WinStyler.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\Program Files\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSI -- MICRO-STAR INT'L CO.,LTD.
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = MSI -- MICRO-STAR INT'L CO.,LTD.
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [skyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [intelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [intelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [EOUApp] "C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe"
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [tsnp2std] C:\WINDOWS\tsnp2std.exe
O4 - HKLM\..\Run: [snp2std] C:\WINDOWS\vsnp2std.exe
O4 - HKLM\..\Run: [MGSysCtrl] C:\Program Files\System Control Manager\MGSysCtrl.exe
O4 - HKLM\..\Run: [LiveMonitor] C:\Program Files\MSI\Live Update 3\LMonitor.exe
O4 - HKLM\..\Run: [Flashget] "C:\Program Files\FlashGet\FlashGet.exe" /min
O4 - HKLM\..\Run: [TopDesk] C:\Program Files\TopDesk\topdesk.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe"
O4 - HKLM\..\Run: [a-squared] "C:\Program Files\a-squared Anti-Malware\a2guard.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [bitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [DAEMON Tools Pro Agent] "C:\Program Files\DAEMON Tools Pro\DTProAgent.exe"
O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [zdausejt] C:\WINDOWS\system32\kxcdansr.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Ralink Wireless Utility.lnk = C:\Program Files\RALINK\Common\RaUI.exe
O8 - Extra context menu item: &Ontvang alles met FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Ontvang met FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.msi.com.tw
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/NL-BE/a-UNO1/GAME_UNO1.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
O23 - Service: a-squared Anti-Malware Service (a2AntiMalware) - Emsi Software GmbH - C:\Program Files\a-squared Anti-Malware\a2service.exe
O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe" -r (file missing)
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: SCM Driver Daemon (NishService) - Unknown owner - C:\Program Files\System Control Manager\edd.exe
O23 - Service: O2Micro Flash Memory (O2Flash) - Unknown owner - C:\WINDOWS\system32\o2flash.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
-
hallo ,
ik zit al paar dagen met ik denk deze trojan ? "antispyware reviews.biz"
kheb al hopeloos gezocht op internet en niets gevonde dat me kan helpen.
Of er zijn programmas , maar die zijn dan weer betalend ...
Is de enige optie dan formateren ?
ik heb als anti virus kaspersky 7.0 , eigenaardig genoeg vint die niks en het probleem blijft .
Als antis spyware heb ik super antispyware maar dit helpt ook niet . Tot slot heb ik a squared anti male geinstaleerd maar dit helpt dan ook weer niet , ben ten einde raad kan iemand helpe ?
bootable usb
in Archief Windows Algemeen
Geplaatst:
halo ,
ik heb windows xp op mn pc staan maar zou graag vista instaleren via mijn usb maar krijg men usb niet bootable ik heb al op google naar oplossingen gezocht ma er zijn zoveel verschillende wijzen om het te doen ma de meeste leggen het uit vanuit vista wat hier dan niet lukt heb het al is geprobeert maar bij het opstarten krijg ik dan foutmelding van de usb.Ik heb alle bestanden ook eens zo op mijn usb gezet maar na de instalatie loopt hij vast ik dnek dat dat komt omdat hij niet kan opstarten via de usb. Kan iemand mij helpen ?