Ga naar inhoud

furio

Lid
  • Items

    9
  • Registratiedatum

  • Laatst bezocht

Over furio

  • Verjaardag 11-11-1974

furio's prestaties

  1. McAfee eraf gehaald en AVG geïnstalleerd, lijkt mij stukken beter nu. bedankt
  2. sleutel gevonden maar zonder de vraagtekens e.d. erachter combofix verwijdert... bij restart bleef windows zitten bij "afsluiten", maar deed verder niks. ik kreeg wel een foutmelding die ik wel al eens eerder heb gehad: MCshield.exe de instructie op 0x00410bfc verwijst naar geheugen op 0x000000000 de lees en schrijfbewerking ("read") op het geheugen is mislukt... pc zeer traag opgestart...
  3. opgezocht met freecommander...niks gevonden na uitvoering combofix, staat er lekens een shortcut naa IE op m'n bureaublad en is IE terug m'n standaar browser, is dit de bedoeling? ComboFix 08-12-07.04 - tom 2008-12-09 20:56:40.3 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1043.18.294 [GMT 1:00] Gestart vanuit: c:\documents and settings\tom\Bureaublad\ComboFix.exe gebruikte Opdracht switches :: c:\documents and settings\tom\Bureaublad\CFScript.txt * Nieuw herstelpunt werd aangemaakt * Resident AV is active . (((((((((((((((((((( Bestanden Gemaakt van 2008-11-09 to 2008-12-09 )))))))))))))))))))))))))))))) . 2008-12-09 16:56 . 2008-12-09 16:55 410,984 --a------ c:\windows\system32\deploytk.dll 2008-12-09 16:56 . 2008-12-09 16:55 73,728 --a------ c:\windows\system32\javacpl.cpl 2008-12-09 16:55 . 2008-12-09 16:55 <DIR> d-------- c:\program files\Java 2008-12-06 15:43 . 2008-12-06 15:43 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware 2008-12-06 15:43 . 2008-12-06 15:43 <DIR> d-------- c:\documents and settings\tom\Application Data\Malwarebytes 2008-12-06 15:43 . 2008-12-06 15:43 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes 2008-12-06 15:43 . 2008-12-03 19:52 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys 2008-12-06 15:43 . 2008-12-03 19:52 15,504 --a------ c:\windows\system32\drivers\mbam.sys 2008-12-03 20:00 . 2008-12-03 20:00 <DIR> d-------- c:\program files\CodeStuff 2008-11-28 14:50 . 2008-11-28 14:50 <DIR> d-------- c:\program files\ffdshow 2008-11-28 14:39 . 2008-12-09 17:06 <DIR> d-------- c:\program files\TacxFortius 2008-11-28 13:58 . 2008-11-28 13:58 <DIR> d-------- C:\tom 2008-11-26 18:58 . 2008-11-26 18:58 <DIR> d-------- c:\documents and settings\tom\Application Data\Uniblue 2008-11-26 18:34 . 2008-11-26 18:34 <DIR> d-------- c:\documents and settings\All Users\Application Data\nView_Profiles 2008-11-23 22:22 . 2006-03-09 17:59 180,224 --a------ c:\windows\system32\NVUNINST.EXE 2008-11-23 22:21 . 2006-03-09 15:29 573,440 --a------ c:\windows\system32\nvhwvid.dll 2008-11-23 22:21 . 2006-03-09 15:29 286,720 --a------ c:\windows\system32\nvnt4cpl.dll 2008-11-23 22:21 . 2006-03-09 15:29 229,376 --a------ c:\windows\system32\nvmccs.dll 2008-11-23 22:21 . 2006-03-09 15:29 98,304 --a------ c:\windows\system32\nvapi.dll 2008-11-23 22:21 . 2006-03-09 15:29 81,920 --a------ c:\windows\system32\nvwddi.dll 2008-11-23 22:21 . 2006-03-09 15:29 35,840 --a------ c:\windows\system32\nvcodins.dll 2008-11-23 22:21 . 2006-03-09 15:29 35,840 --a------ c:\windows\system32\nvcod.dll 2008-11-23 18:15 . 2008-11-23 18:15 <DIR> d-------- c:\windows\system32\XPSViewer 2008-11-23 18:15 . 2008-11-23 18:15 <DIR> d-------- c:\program files\Reference Assemblies 2008-11-23 18:15 . 2008-11-23 18:15 <DIR> d-------- c:\program files\MSBuild 2008-11-23 18:14 . 2008-07-06 13:06 1,676,288 --------- c:\windows\system32\xpssvcs.dll 2008-11-23 18:14 . 2008-07-06 13:06 1,676,288 -----c--- c:\windows\system32\dllcache\xpssvcs.dll 2008-11-23 18:14 . 2008-07-06 11:50 597,504 -----c--- c:\windows\system32\dllcache\printfilterpipelinesvc.exe 2008-11-23 18:14 . 2008-07-06 13:06 575,488 --------- c:\windows\system32\xpsshhdr.dll 2008-11-23 18:14 . 2008-07-06 13:06 575,488 -----c--- c:\windows\system32\dllcache\xpsshhdr.dll 2008-11-23 18:14 . 2008-07-06 13:06 117,760 --------- c:\windows\system32\prntvpt.dll 2008-11-23 18:14 . 2008-07-06 13:06 89,088 -----c--- c:\windows\system32\dllcache\filterpipelineprintproc.dll 2008-11-13 17:33 . 2008-10-24 12:21 455,296 -----c--- c:\windows\system32\dllcache\mrxsmb.sys . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-12-09 19:51 --------- d-----w c:\program files\FreeCommander 2008-11-28 13:41 --------- d--h--w c:\program files\InstallShield Installation Information 2008-11-28 13:07 --------- d---a-w c:\program files\Medion Power Cinema 2008-11-28 12:58 --------- d---a-w c:\program files\Common Files\Adobe 2008-10-27 21:53 --------- d-----w c:\documents and settings\All Users\Application Data\Ulead Systems 2008-10-27 21:52 --------- d-----w c:\program files\Common Files\Ulead Systems 2008-10-27 21:52 --------- d-----w c:\documents and settings\tom\Application Data\Ulead Systems 2008-10-27 21:48 --------- d-----w c:\documents and settings\tom\Application Data\LG Electronics 2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys 2008-10-16 13:13 202,776 ----a-w c:\windows\system32\wuweb.dll 2008-10-16 13:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll 2008-10-16 13:12 561,688 ----a-w c:\windows\system32\wuapi.dll 2008-10-16 13:12 323,608 ----a-w c:\windows\system32\wucltui.dll 2008-10-16 13:09 92,696 ----a-w c:\windows\system32\cdm.dll 2008-10-16 13:09 51,224 ----a-w c:\windows\system32\wuauclt.exe 2008-10-16 13:09 43,544 ----a-w c:\windows\system32\wups2.dll 2008-10-16 13:08 34,328 ----a-w c:\windows\system32\wups.dll 2008-09-30 15:43 1,286,152 ----a-w c:\windows\system32\msxml4.dll 2008-09-15 15:28 1,846,528 ----a-w c:\windows\system32\win32k.sys 2008-09-10 01:16 1,307,648 ------w c:\windows\system32\msxml6.dll 2008-08-29 15:53 19,984 -c--a-w c:\documents and settings\tom\Application Data\mdbu.bin 2007-06-23 15:32 3,125,040 -c--a-w c:\documents and settings\tom\LimeWireWin.exe 2007-05-26 09:39 1,532,144 -c--a-w c:\documents and settings\tom\TelenetFotoUploader.exe 2005-08-21 17:40 59,304 -c--a-w c:\documents and settings\tom\Application Data\GDIPFONTCACHEV1.DAT 2003-08-12 18:28 40,960 -c--a-w c:\program files\Uninstall_PCM.exe 2005-03-01 15:21 417,792 -csh--r c:\windows\system32\w?nword.exe . ((((((((((((((((((((((((((((( snapshot@2008-12-07_17.42.15.29 ))))))))))))))))))))))))))))))))))))))))) . - 2008-06-09 23:21:01 135,168 ----a-w c:\windows\system32\java.exe + 2008-12-09 15:55:52 144,792 ----a-w c:\windows\system32\java.exe - 2008-06-09 23:21:04 135,168 ----a-w c:\windows\system32\javaw.exe + 2008-12-09 15:55:52 144,792 ----a-w c:\windows\system32\javaw.exe - 2008-06-10 00:32:34 139,264 ----a-w c:\windows\system32\javaws.exe + 2008-12-09 15:55:53 148,888 ----a-w c:\windows\system32\javaws.exe - 2008-12-06 09:54:57 71,288 ----a-w c:\windows\system32\perfc009.dat + 2008-12-09 15:32:19 71,288 ----a-w c:\windows\system32\perfc009.dat - 2008-12-06 09:54:57 90,626 ----a-w c:\windows\system32\perfc013.dat + 2008-12-09 15:32:19 90,626 ----a-w c:\windows\system32\perfc013.dat - 2008-12-06 09:54:57 440,028 ----a-w c:\windows\system32\perfh009.dat + 2008-12-09 15:32:19 440,028 ----a-w c:\windows\system32\perfh009.dat - 2008-12-06 09:54:57 507,812 ----a-w c:\windows\system32\perfh013.dat + 2008-12-09 15:32:19 507,812 ----a-w c:\windows\system32\perfh013.dat + 2008-12-09 15:56:28 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_ed8.dat . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "PopUpStopperFreeEdition"="c:\progra~1\PANICW~1\POP-UP~1\PSFree.exe" [2003-04-29 524288] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "LaunchAp"="c:\program files\Launch Manager\LaunchAp.exe" [2003-05-12 32768] "CtrlVol"="c:\program files\Launch Manager\CtrlVol.exe" [2003-05-08 20480] "McAfeeUpdaterUI"="c:\program files\Network Associates\Common Framework\UpdaterUI.exe" [2003-02-25 139347] "Motive SmartBridge"="c:\progra~1\TELENE~1\SMARTB~1\MotiveSB.exe" [2004-04-07 385024] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672] "FinePrint Dispatcher v4"="c:\windows\System32\spool\DRIVERS\W32X86\2\fpdisp4.exe" [2002-06-24 352256] "HotkeyApp"="c:\program files\Launch Manager\HotkeyApp.exe" [2003-06-30 40960] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-03-09 7561216] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-03-09 86016] "OSD"="c:\program files\Launch Manager\OSD.exe" [2003-06-25 204800] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2004-04-05 98304] "ShStatEXE"="c:\program files\Network Associates\VirusScan\SHSTAT.EXE" [2003-03-06 90182] "VOBRegCheck"="c:\windows\System32\VOBREGCheck.exe" [2003-01-08 153088] "Wbutton"="c:\program files\Launch Manager\Wbutton.exe" [2003-06-18 61440] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-09 136600] "SoundMan"="SOUNDMAN.EXE" [2003-04-24 c:\windows\SOUNDMAN.EXE] "PRISMSTA.EXE"="PRISMSTA.EXE" [2003-08-04 c:\windows\system32\PRISMSTA.exe] "nwiz"="nwiz.exe" [2006-03-09 c:\windows\system32\nwiz.exe] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "vidc.ffds"= c:\progra~1\ffdshow\ffdshow.ax [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\WINDOWS\\system32\\dpvsetup.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= R1 Hotkey;Hotkey;c:\windows\system32\drivers\Hotkey.sys [2003-08-22 9867] R1 Wbutton;Wbutton;c:\windows\system32\drivers\Wbutton.sys [2003-08-22 2920] R2 LogWatch;Event Log Watch;c:\program files\CA\SharedComponents\CA_LIC\LogWatNT.exe [2002-09-20 53248] R3 PRISM_A00;PRISM 802.11g Driver;c:\windows\system32\DRIVERS\PRISMA00.sys [2004-02-27 364320] S1 mailKmd;mailKmd; [] S3 aaudstum;aaudstum;\??\c:\docume~1\tom\LOCALS~1\Temp\aaudstum.sys [] S3 CA_LIC_CLNT;CA License Client;c:\program files\CA\SharedComponents\CA_LIC\lic98rmt.exe [2002-09-20 77824] S3 CA_LIC_SRVR;CA License Server;c:\program files\CA\SharedComponents\CA_LIC\lic98rmtd.exe [2002-09-20 77824] *Newly Created Service* - JAVAQUICKSTARTERSERVICE . Inhoud van de 'Gedeelde Taken' map . . ------- Bijkomende Scan ------- . uInternet Settings,ProxyServer = hxxp://pac.pandora.be:8080 uInternet Settings,ProxyOverride = 127.0.0.1 IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000 O16 -: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab c:\windows\Downloaded Program Files\DirectAnimation Java Classes.osd O16 -: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab c:\windows\Downloaded Program Files\Microsoft XML Parser for Java.osd FireFox -: Profile - c:\documents and settings\tom\Application Data\Mozilla\Firefox\Profiles\yd6qs2ci.default\ FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.rouesartisanales.com/ FF -: plugin - c:\program files\Java\jre6\bin\new_plugin\npdeploytk.dll FF -: plugin - c:\program files\Java\jre6\bin\new_plugin\npjp2.dll FF -: plugin - c:\program files\Mozilla Firefox\plugins\npdeploytk.dll . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-12-09 20:58:31 Windows 5.1.2600 Service Pack 3 NTFS scannen van verborgen processen ... scannen van verborgen autostart items ... HKLM\Software\Microsoft\Windows\CurrentVersion\Run CtrlVol = c:\program files\Launch Manager\CtrlVol.exe???????@??n?w???????????w???w?n?w???????? ???0V?w|??????w????0???????y??w?????????????3?????? ???????0???????I??s???s@????????????a?wx??sx???????B-?s???????????????s???s?????n?w????Y??sD???D??s??@??=@?P?????????? scannen van verborgen bestanden ... Scan succesvol afgerond verborgen bestanden: 0 ************************************************************************** . Voltooingstijd: 2008-12-09 21:00:19 ComboFix-quarantined-files.txt 2008-12-09 19:59:48 ComboFix2.txt 2008-12-08 21:06:42 ComboFix3.txt 2008-12-07 16:43:10 Pre-Run: 7.267.987.456 bytes beschikbaar Post-Run: 7,258,927,104 bytes beschikbaar 173 --- E O F --- 2008-11-30 02:02:53
  4. bovenstaande bestanden vindt ik nergens terug... de 1e geen bestand met die naam onder temp 2e geen directory open bike na update java is de opstartsnelheid van zowel outlook en firefox (meest gebruikt) zowat 20 à 30sec... nog steeds traag dus. excel, word, acces... is normaal tacx fortius zeer traag...
  5. ik heb enkel IE nodig voor een programma van telenet(easy care) ComboFix 08-12-07.01 - tom 2008-12-08 22:02:58.2 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1043.18.137 [GMT 1:00] Gestart vanuit: c:\documents and settings\tom\Bureaublad\ComboFix.exe gebruikte Opdracht switches :: c:\documents and settings\tom\Bureaublad\CFScript.txt * Nieuw herstelpunt werd aangemaakt * Resident AV is active FILE :: c:\docume~1\tom\applic~1\openbike\rdr less frag.exe c:\docume~1\tom\LOCALS~1\Temp\aaudstum.sys c:\windows\Tasks\B9AC3D799C7BB785.job . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\Tasks\B9AC3D799C7BB785.job . (((((((((((((((((((( Bestanden Gemaakt van 2008-11-08 to 2008-12-08 )))))))))))))))))))))))))))))) . 2008-12-06 15:43 . 2008-12-06 15:43 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware 2008-12-06 15:43 . 2008-12-06 15:43 <DIR> d-------- c:\documents and settings\tom\Application Data\Malwarebytes 2008-12-06 15:43 . 2008-12-06 15:43 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes 2008-12-06 15:43 . 2008-12-03 19:52 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys 2008-12-06 15:43 . 2008-12-03 19:52 15,504 --a------ c:\windows\system32\drivers\mbam.sys 2008-12-03 20:00 . 2008-12-03 20:00 <DIR> d-------- c:\program files\CodeStuff 2008-11-28 14:50 . 2008-11-28 14:50 <DIR> d-------- c:\program files\ffdshow 2008-11-28 14:39 . 2008-12-06 19:20 <DIR> d-------- c:\program files\TacxFortius 2008-11-28 13:58 . 2008-11-28 13:58 <DIR> d-------- C:\tom 2008-11-26 18:58 . 2008-11-26 18:58 <DIR> d-------- c:\documents and settings\tom\Application Data\Uniblue 2008-11-26 18:34 . 2008-11-26 18:34 <DIR> d-------- c:\documents and settings\All Users\Application Data\nView_Profiles 2008-11-23 22:22 . 2006-03-09 17:59 180,224 --a------ c:\windows\system32\NVUNINST.EXE 2008-11-23 22:21 . 2006-03-09 15:29 573,440 --a------ c:\windows\system32\nvhwvid.dll 2008-11-23 22:21 . 2006-03-09 15:29 286,720 --a------ c:\windows\system32\nvnt4cpl.dll 2008-11-23 22:21 . 2006-03-09 15:29 229,376 --a------ c:\windows\system32\nvmccs.dll 2008-11-23 22:21 . 2006-03-09 15:29 98,304 --a------ c:\windows\system32\nvapi.dll 2008-11-23 22:21 . 2006-03-09 15:29 81,920 --a------ c:\windows\system32\nvwddi.dll 2008-11-23 22:21 . 2006-03-09 15:29 35,840 --a------ c:\windows\system32\nvcodins.dll 2008-11-23 22:21 . 2006-03-09 15:29 35,840 --a------ c:\windows\system32\nvcod.dll 2008-11-23 18:15 . 2008-11-23 18:15 <DIR> d-------- c:\windows\system32\XPSViewer 2008-11-23 18:15 . 2008-11-23 18:15 <DIR> d-------- c:\program files\Reference Assemblies 2008-11-23 18:15 . 2008-11-23 18:15 <DIR> d-------- c:\program files\MSBuild 2008-11-23 18:14 . 2008-07-06 13:06 1,676,288 --------- c:\windows\system32\xpssvcs.dll 2008-11-23 18:14 . 2008-07-06 13:06 1,676,288 -----c--- c:\windows\system32\dllcache\xpssvcs.dll 2008-11-23 18:14 . 2008-07-06 11:50 597,504 -----c--- c:\windows\system32\dllcache\printfilterpipelinesvc.exe 2008-11-23 18:14 . 2008-07-06 13:06 575,488 --------- c:\windows\system32\xpsshhdr.dll 2008-11-23 18:14 . 2008-07-06 13:06 575,488 -----c--- c:\windows\system32\dllcache\xpsshhdr.dll 2008-11-23 18:14 . 2008-07-06 13:06 117,760 --------- c:\windows\system32\prntvpt.dll 2008-11-23 18:14 . 2008-07-06 13:06 89,088 -----c--- c:\windows\system32\dllcache\filterpipelineprintproc.dll 2008-11-13 17:33 . 2008-10-24 12:21 455,296 -----c--- c:\windows\system32\dllcache\mrxsmb.sys . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-12-01 19:33 --------- d-----w c:\program files\FreeCommander 2008-11-28 13:41 --------- d--h--w c:\program files\InstallShield Installation Information 2008-11-28 13:07 --------- d---a-w c:\program files\Medion Power Cinema 2008-11-28 12:58 --------- d---a-w c:\program files\Common Files\Adobe 2008-10-27 21:53 --------- d-----w c:\documents and settings\All Users\Application Data\Ulead Systems 2008-10-27 21:52 --------- d-----w c:\program files\Common Files\Ulead Systems 2008-10-27 21:52 --------- d-----w c:\documents and settings\tom\Application Data\Ulead Systems 2008-10-27 21:48 --------- d-----w c:\documents and settings\tom\Application Data\LG Electronics 2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys 2008-10-16 13:13 202,776 ----a-w c:\windows\system32\wuweb.dll 2008-10-16 13:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll 2008-10-16 13:12 561,688 ----a-w c:\windows\system32\wuapi.dll 2008-10-16 13:12 323,608 ----a-w c:\windows\system32\wucltui.dll 2008-10-16 13:09 92,696 ----a-w c:\windows\system32\cdm.dll 2008-10-16 13:09 51,224 ----a-w c:\windows\system32\wuauclt.exe 2008-10-16 13:09 43,544 ----a-w c:\windows\system32\wups2.dll 2008-10-16 13:08 34,328 ----a-w c:\windows\system32\wups.dll 2008-09-30 15:43 1,286,152 ----a-w c:\windows\system32\msxml4.dll 2008-09-15 15:28 1,846,528 ----a-w c:\windows\system32\win32k.sys 2008-09-10 01:16 1,307,648 ------w c:\windows\system32\msxml6.dll 2008-08-29 15:53 19,984 -c--a-w c:\documents and settings\tom\Application Data\mdbu.bin 2007-06-23 15:32 3,125,040 -c--a-w c:\documents and settings\tom\LimeWireWin.exe 2007-05-26 09:39 1,532,144 -c--a-w c:\documents and settings\tom\TelenetFotoUploader.exe 2005-08-21 17:40 59,304 -c--a-w c:\documents and settings\tom\Application Data\GDIPFONTCACHEV1.DAT 2003-08-12 18:28 40,960 -c--a-w c:\program files\Uninstall_PCM.exe 2005-03-01 15:21 417,792 -csh--r c:\windows\system32\w?nword.exe . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "PopUpStopperFreeEdition"="c:\progra~1\PANICW~1\POP-UP~1\PSFree.exe" [2003-04-29 524288] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "LaunchAp"="c:\program files\Launch Manager\LaunchAp.exe" [2003-05-12 32768] "CtrlVol"="c:\program files\Launch Manager\CtrlVol.exe" [2003-05-08 20480] "McAfeeUpdaterUI"="c:\program files\Network Associates\Common Framework\UpdaterUI.exe" [2003-02-25 139347] "SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784] "Motive SmartBridge"="c:\progra~1\TELENE~1\SMARTB~1\MotiveSB.exe" [2004-04-07 385024] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672] "FinePrint Dispatcher v4"="c:\windows\System32\spool\DRIVERS\W32X86\2\fpdisp4.exe" [2002-06-24 352256] "HotkeyApp"="c:\program files\Launch Manager\HotkeyApp.exe" [2003-06-30 40960] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-03-09 7561216] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-03-09 86016] "OSD"="c:\program files\Launch Manager\OSD.exe" [2003-06-25 204800] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2004-04-05 98304] "ShStatEXE"="c:\program files\Network Associates\VirusScan\SHSTAT.EXE" [2003-03-06 90182] "VOBRegCheck"="c:\windows\System32\VOBREGCheck.exe" [2003-01-08 153088] "Wbutton"="c:\program files\Launch Manager\Wbutton.exe" [2003-06-18 61440] "SoundMan"="SOUNDMAN.EXE" [2003-04-24 c:\windows\SOUNDMAN.EXE] "PRISMSTA.EXE"="PRISMSTA.EXE" [2003-08-04 c:\windows\system32\PRISMSTA.exe] "nwiz"="nwiz.exe" [2006-03-09 c:\windows\system32\nwiz.exe] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "vidc.ffds"= c:\progra~1\ffdshow\ffdshow.ax [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\WINDOWS\\system32\\dpvsetup.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= R1 Hotkey;Hotkey;c:\windows\system32\drivers\Hotkey.sys [2003-08-22 9867] R1 Wbutton;Wbutton;c:\windows\system32\drivers\Wbutton.sys [2003-08-22 2920] R2 LogWatch;Event Log Watch;c:\program files\CA\SharedComponents\CA_LIC\LogWatNT.exe [2002-09-20 53248] R3 PRISM_A00;PRISM 802.11g Driver;c:\windows\system32\DRIVERS\PRISMA00.sys [2004-02-27 364320] S1 mailKmd;mailKmd; [] S3 aaudstum;aaudstum;\??\c:\docume~1\tom\LOCALS~1\Temp\aaudstum.sys [] S3 CA_LIC_CLNT;CA License Client;c:\program files\CA\SharedComponents\CA_LIC\lic98rmt.exe [2002-09-20 77824] S3 CA_LIC_SRVR;CA License Server;c:\program files\CA\SharedComponents\CA_LIC\lic98rmtd.exe [2002-09-20 77824] *Newly Created Service* - CATCHME . Inhoud van de 'Gedeelde Taken' map . . ------- Bijkomende Scan ------- . uInternet Settings,ProxyServer = hxxp://pac.pandora.be:8080 uInternet Settings,ProxyOverride = 127.0.0.1 IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000 O16 -: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab c:\windows\Downloaded Program Files\DirectAnimation Java Classes.osd O16 -: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab c:\windows\Downloaded Program Files\Microsoft XML Parser for Java.osd FireFox -: Profile - c:\documents and settings\tom\Application Data\Mozilla\Firefox\Profiles\yd6qs2ci.default\ FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.rouesartisanales.com/ . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-12-08 22:05:03 Windows 5.1.2600 Service Pack 3 NTFS scannen van verborgen processen ... scannen van verborgen autostart items ... HKLM\Software\Microsoft\Windows\CurrentVersion\Run CtrlVol = c:\program files\Launch Manager\CtrlVol.exe???????@??n?w???????????w???w?n?w???????? ???0V?w|??????w????0???????y??w?????????????3?????? ???????0???????I??s???s@????????????a?wx??sx???????B-?s???????????????s???s?????n?w????Y??sD???D??s??@??=@?P?????????? scannen van verborgen bestanden ... Scan succesvol afgerond verborgen bestanden: 0 ************************************************************************** . Voltooingstijd: 2008-12-08 22:06:40 ComboFix-quarantined-files.txt 2008-12-08 21:06:07 ComboFix2.txt 2008-12-07 16:43:10 Pre-Run: 7.033.159.680 bytes beschikbaar Post-Run: 7,021,346,816 bytes beschikbaar 156 --- E O F --- 2008-11-30 02:02:53 Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 22:12:40, on 8/12/2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe C:\Program Files\Network Associates\Common Framework\FrameworkService.exe C:\Program Files\Network Associates\VirusScan\Mcshield.exe C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Launch Manager\LaunchAp.exe C:\WINDOWS\SOUNDMAN.EXE C:\WINDOWS\system32\PRISMSTA.EXE C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe C:\PROGRA~1\TELENE~1\SMARTB~1\MotiveSB.exe C:\WINDOWS\System32\spool\DRIVERS\W32X86\2\fpdisp4.exe C:\Program Files\Launch Manager\HotkeyApp.exe C:\Program Files\Launch Manager\OSD.exe C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE C:\Program Files\Launch Manager\Wbutton.exe C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\WinRAR\WinRAR.exe C:\DOCUME~1\tom\LOCALS~1\Temp\Rar$EX00.390\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http://pac.pandora.be:8080 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O4 - HKLM\..\Run: [LaunchAp] C:\Program Files\Launch Manager\LaunchAp.exe O4 - HKLM\..\Run: [CtrlVol] C:\Program Files\Launch Manager\CtrlVol.exe O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [PRISMSTA.EXE] PRISMSTA.EXE START O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\TELENE~1\SMARTB~1\MotiveSB.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [FinePrint Dispatcher v4] C:\WINDOWS\System32\spool\DRIVERS\W32X86\2\fpdisp4.exe O4 - HKLM\..\Run: [HotkeyApp] C:\Program Files\Launch Manager\HotkeyApp.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [OSD] C:\Program Files\Launch Manager\OSD.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [shStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE O4 - HKLM\..\Run: [VOBRegCheck] C:\WINDOWS\System32\VOBREGCheck.exe -CheckReg O4 - HKLM\..\Run: [Wbutton] "C:\Program Files\Launch Manager\Wbutton.exe" O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http://www.aldi.com O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://virusscanner.telenet.be/fscax.cab O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe O23 - Service: CA License Client (CA_LIC_CLNT) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmt.exe O23 - Service: CA License Server (CA_LIC_SRVR) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmtd.exe O23 - Service: Event Log Watch (LogWatch) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe -- End of file - 6420 bytes
  6. in stand by gaan en pc normaal afsluiten lukt ook niet, de opstartsnelheid van de programma's blijft hetzelfde. ComboFix 08-12-06.06 - tom 07/12/2008 14:18:18.1 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.32.1043.18.138 [GMT 1:00] Gestart vanuit: c:\documents and settings\tom\Bureaublad\ComboFix.exe * Nieuw herstelpunt werd aangemaakt * Resident AV is active . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\program files\Common Files\companion wizard c:\program files\Common Files\companion wizard\compwiz.exe c:\program files\Common Files\companion wizard\WapCHK.dll c:\windows\IE4 Error Log.txt c:\windows\NDNuninstall4_85.exe c:\windows\NDNuninstall5_48.exe c:\windows\NDNuninstall5_64.exe c:\windows\NDNuninstall6_10.exe c:\windows\NDNuninstall6_22.exe c:\windows\NDNuninstall6_30.exe c:\windows\NDNuninstall6_38.exe c:\windows\NDNuninstall6_98.exe c:\windows\NDNuninstall7_14.exe c:\windows\NDNuninstall7_22.exe c:\windows\NDNuninstall7_48.exe c:\windows\system32\stera.log . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_FOPN -------\Legacy_VSPF -------\Legacy_VSPF_HK -------\Legacy_XXXCODEC_ACCELERATION_SERVICE -------\Service_vspf -------\Service_vspf_hk -------\Service_XXXCodec Acceleration Service (((((((((((((((((((( Bestanden Gemaakt van 2008-11-07 to 2008-12-07 )))))))))))))))))))))))))))))) . 2008-12-06 15:43 . 2008-12-06 15:43 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware 2008-12-06 15:43 . 2008-12-06 15:43 <DIR> d-------- c:\documents and settings\tom\Application Data\Malwarebytes 2008-12-06 15:43 . 2008-12-06 15:43 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes 2008-12-06 15:43 . 2008-12-03 19:52 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys 2008-12-06 15:43 . 2008-12-03 19:52 15,504 --a------ c:\windows\system32\drivers\mbam.sys 2008-12-03 20:00 . 2008-12-03 20:00 <DIR> d-------- c:\program files\CodeStuff 2008-11-28 14:50 . 2008-11-28 14:50 <DIR> d-------- c:\program files\ffdshow 2008-11-28 14:39 . 2008-12-06 19:20 <DIR> d-------- c:\program files\TacxFortius 2008-11-28 13:58 . 2008-11-28 13:58 <DIR> d-------- C:\tom 2008-11-26 18:58 . 2008-11-26 18:58 <DIR> d-------- c:\documents and settings\tom\Application Data\Uniblue 2008-11-26 18:34 . 2008-11-26 18:34 <DIR> d-------- c:\documents and settings\All Users\Application Data\nView_Profiles 2008-11-23 22:22 . 2006-03-09 17:59 180,224 --a------ c:\windows\system32\NVUNINST.EXE 2008-11-23 22:21 . 2006-03-09 15:29 573,440 --a------ c:\windows\system32\nvhwvid.dll 2008-11-23 22:21 . 2006-03-09 15:29 286,720 --a------ c:\windows\system32\nvnt4cpl.dll 2008-11-23 22:21 . 2006-03-09 15:29 229,376 --a------ c:\windows\system32\nvmccs.dll 2008-11-23 22:21 . 2006-03-09 15:29 98,304 --a------ c:\windows\system32\nvapi.dll 2008-11-23 22:21 . 2006-03-09 15:29 81,920 --a------ c:\windows\system32\nvwddi.dll 2008-11-23 22:21 . 2006-03-09 15:29 35,840 --a------ c:\windows\system32\nvcodins.dll 2008-11-23 22:21 . 2006-03-09 15:29 35,840 --a------ c:\windows\system32\nvcod.dll 2008-11-23 18:15 . 2008-11-23 18:15 <DIR> d-------- c:\windows\system32\XPSViewer 2008-11-23 18:15 . 2008-11-23 18:15 <DIR> d-------- c:\program files\Reference Assemblies 2008-11-23 18:15 . 2008-11-23 18:15 <DIR> d-------- c:\program files\MSBuild 2008-11-23 18:14 . 2008-07-06 13:06 1,676,288 --------- c:\windows\system32\xpssvcs.dll 2008-11-23 18:14 . 2008-07-06 13:06 1,676,288 -----c--- c:\windows\system32\dllcache\xpssvcs.dll 2008-11-23 18:14 . 2008-07-06 11:50 597,504 -----c--- c:\windows\system32\dllcache\printfilterpipelinesvc.exe 2008-11-23 18:14 . 2008-07-06 13:06 575,488 --------- c:\windows\system32\xpsshhdr.dll 2008-11-23 18:14 . 2008-07-06 13:06 575,488 -----c--- c:\windows\system32\dllcache\xpsshhdr.dll 2008-11-23 18:14 . 2008-07-06 13:06 117,760 --------- c:\windows\system32\prntvpt.dll 2008-11-23 18:14 . 2008-07-06 13:06 89,088 -----c--- c:\windows\system32\dllcache\filterpipelineprintproc.dll 2008-11-13 17:33 . 2008-10-24 12:21 455,296 -----c--- c:\windows\system32\dllcache\mrxsmb.sys . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-12-01 19:33 --------- d-----w c:\program files\FreeCommander 2008-11-28 13:41 --------- d--h--w c:\program files\InstallShield Installation Information 2008-11-28 13:07 --------- d---a-w c:\program files\Medion Power Cinema 2008-11-28 12:58 --------- d---a-w c:\program files\Common Files\Adobe 2008-10-27 21:53 --------- d-----w c:\documents and settings\All Users\Application Data\Ulead Systems 2008-10-27 21:52 --------- d-----w c:\program files\Common Files\Ulead Systems 2008-10-27 21:52 --------- d-----w c:\documents and settings\tom\Application Data\Ulead Systems 2008-10-27 21:48 --------- d-----w c:\documents and settings\tom\Application Data\LG Electronics 2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys 2008-08-29 15:53 19,984 -c--a-w c:\documents and settings\tom\Application Data\mdbu.bin 2007-06-23 15:32 3,125,040 -c--a-w c:\documents and settings\tom\LimeWireWin.exe 2007-05-26 09:39 1,532,144 -c--a-w c:\documents and settings\tom\TelenetFotoUploader.exe 2005-08-21 17:40 59,304 -c--a-w c:\documents and settings\tom\Application Data\GDIPFONTCACHEV1.DAT 2003-08-12 18:28 40,960 -c--a-w c:\program files\Uninstall_PCM.exe 2005-03-01 15:21 417,792 -csh--r c:\windows\system32\w?nword.exe . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "PopUpStopperFreeEdition"="c:\progra~1\PANICW~1\POP-UP~1\PSFree.exe" [2003-04-29 524288] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "LaunchAp"="c:\program files\Launch Manager\LaunchAp.exe" [2003-05-12 32768] "CtrlVol"="c:\program files\Launch Manager\CtrlVol.exe" [2003-05-08 20480] "McAfeeUpdaterUI"="c:\program files\Network Associates\Common Framework\UpdaterUI.exe" [2003-02-25 139347] "SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784] "Motive SmartBridge"="c:\progra~1\TELENE~1\SMARTB~1\MotiveSB.exe" [2004-04-07 385024] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672] "FinePrint Dispatcher v4"="c:\windows\System32\spool\DRIVERS\W32X86\2\fpdisp4.exe" [2002-06-24 352256] "HotkeyApp"="c:\program files\Launch Manager\HotkeyApp.exe" [2003-06-30 40960] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-03-09 7561216] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-03-09 86016] "OSD"="c:\program files\Launch Manager\OSD.exe" [2003-06-25 204800] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2004-04-05 98304] "ShStatEXE"="c:\program files\Network Associates\VirusScan\SHSTAT.EXE" [2003-03-06 90182] "VOBRegCheck"="c:\windows\System32\VOBREGCheck.exe" [2003-01-08 153088] "Wbutton"="c:\program files\Launch Manager\Wbutton.exe" [2003-06-18 61440] "SoundMan"="SOUNDMAN.EXE" [2003-04-24 c:\windows\SOUNDMAN.EXE] "PRISMSTA.EXE"="PRISMSTA.EXE" [2003-08-04 c:\windows\system32\PRISMSTA.exe] "nwiz"="nwiz.exe" [2006-03-09 c:\windows\system32\nwiz.exe] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "vidc.ffds"= c:\progra~1\ffdshow\ffdshow.ax [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\WINDOWS\\system32\\dpvsetup.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= R1 Hotkey;Hotkey;c:\windows\system32\drivers\Hotkey.sys [2003-08-22 9867] R1 Wbutton;Wbutton;c:\windows\system32\drivers\Wbutton.sys [2003-08-22 2920] R2 LogWatch;Event Log Watch;c:\program files\CA\SharedComponents\CA_LIC\LogWatNT.exe [2002-09-20 53248] R3 PRISM_A00;PRISM 802.11g Driver;c:\windows\system32\DRIVERS\PRISMA00.sys [2004-02-27 364320] S1 mailKmd;mailKmd; [] S3 aaudstum;aaudstum;\??\c:\docume~1\tom\LOCALS~1\Temp\aaudstum.sys [] S3 CA_LIC_CLNT;CA License Client;c:\program files\CA\SharedComponents\CA_LIC\lic98rmt.exe [2002-09-20 77824] S3 CA_LIC_SRVR;CA License Server;c:\program files\CA\SharedComponents\CA_LIC\lic98rmtd.exe [2002-09-20 77824] . Inhoud van de 'Gedeelde Taken' map 2008-12-07 c:\windows\Tasks\B9AC3D799C7BB785.job - c:\docume~1\tom\applic~1\openbike\rdr less frag.exe [] . - - - - ORPHANS VERWIJDERD - - - - HKCU-Run-Uniblue RegistryBooster 2009 - c:\program files\Uniblue\RegistryBooster\RegistryBooster.exe . ------- Bijkomende Scan ------- . uStart Page = about:blank uInternet Settings,ProxyServer = hxxp://pac.pandora.be:8080 uInternet Settings,ProxyOverride = 127.0.0.1 IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000 O16 -: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab c:\windows\Downloaded Program Files\DirectAnimation Java Classes.osd O16 -: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab c:\windows\Downloaded Program Files\Microsoft XML Parser for Java.osd FireFox -: Profile - c:\documents and settings\tom\Application Data\Mozilla\Firefox\Profiles\yd6qs2ci.default\ FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.rouesartisanales.com/ . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-12-07 17:38:38 Windows 5.1.2600 Service Pack 3 NTFS scannen van verborgen processen ... scannen van verborgen autostart items ... HKLM\Software\Microsoft\Windows\CurrentVersion\Run CtrlVol = c:\program files\Launch Manager\CtrlVol.exe???????@??n?w???????????w???w?n?w???????? ???0V?w|??????w????0???????y??w?????????????3?????? ???????0???????I??s???s@????????????a?wx??sx???????B-?s???????????????s???s?????n?w????Y??sD???D??s??@??=@?P?????????? scannen van verborgen bestanden ... Scan succesvol afgerond verborgen bestanden: 0 ************************************************************************** . ------------------------ Andere Aktieve Processen ------------------------ . c:\program files\Lavasoft\Ad-Aware\aawservice.exe c:\program files\Network Associates\Common Framework\FrameworkService.exe c:\program files\Network Associates\VirusScan\Mcshield.exe c:\program files\Network Associates\VirusScan\VsTskMgr.exe c:\program files\Common Files\Microsoft Shared\VS7Debug\MDM.EXE c:\progra~1\NETWOR~1\COMMON~1\naPrdMgr.exe . ************************************************************************** . Voltooingstijd: 2008-12-07 17:43:06 - machine werd herstart ComboFix-quarantined-files.txt 2008-12-07 16:42:57 Pre-Run: 7.045.226.496 bytes beschikbaar Post-Run: 7,044,726,784 bytes beschikbaar WindowsXP-KB310994-SP2-Home-BootDisk-NLD.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn 185 --- E O F --- 2008-11-30 02:02:53
  7. de map is verwijderd de opstartsnelheid blijft dezelfde, traag maw. ik gebruik vooral outlook en firefox
  8. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 15:58:15, on 6/12/2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe C:\Program Files\Network Associates\Common Framework\FrameworkService.exe C:\Program Files\Network Associates\VirusScan\Mcshield.exe C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Launch Manager\LaunchAp.exe C:\WINDOWS\SOUNDMAN.EXE C:\WINDOWS\system32\PRISMSTA.EXE C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe C:\PROGRA~1\TELENE~1\SMARTB~1\MotiveSB.exe C:\WINDOWS\System32\spool\DRIVERS\W32X86\2\fpdisp4.exe C:\Program Files\Launch Manager\HotkeyApp.exe C:\Program Files\Launch Manager\OSD.exe C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE C:\Program Files\Launch Manager\Wbutton.exe C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE C:\Program Files\Mozilla Firefox\firefox.exe C:\DOCUME~1\tom\LOCALS~1\Temp\Rar$EX00.594\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Welcome to ALDI R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http://pac.pandora.be:8080 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O4 - HKLM\..\Run: [LaunchAp] C:\Program Files\Launch Manager\LaunchAp.exe O4 - HKLM\..\Run: [CtrlVol] C:\Program Files\Launch Manager\CtrlVol.exe O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [PRISMSTA.EXE] PRISMSTA.EXE START O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\TELENE~1\SMARTB~1\MotiveSB.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [FinePrint Dispatcher v4] C:\WINDOWS\System32\spool\DRIVERS\W32X86\2\fpdisp4.exe O4 - HKLM\..\Run: [HotkeyApp] C:\Program Files\Launch Manager\HotkeyApp.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [OSD] C:\Program Files\Launch Manager\OSD.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [shStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE O4 - HKLM\..\Run: [VOBRegCheck] C:\WINDOWS\System32\VOBREGCheck.exe -CheckReg O4 - HKLM\..\Run: [Wbutton] "C:\Program Files\Launch Manager\Wbutton.exe" O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [uniblue RegistryBooster 2009] C:\Program Files\Uniblue\RegistryBooster\RegistryBooster.exe /S O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http://www.aldi.com O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://virusscanner.telenet.be/fscax.cab O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe O23 - Service: CA License Client (CA_LIC_CLNT) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmt.exe O23 - Service: CA License Server (CA_LIC_SRVR) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmtd.exe O23 - Service: Event Log Watch (LogWatch) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe O23 - Service: XXXCodec Service (XXXCodec Acceleration Service) - Unknown owner - C:\Program Files\XXXCodec\casrv.exe (file missing) -- End of file - 6804 bytes Malwarebytes' Anti-Malware 1.31 Database versie: 1466 Windows 5.1.2600 Service Pack 3 6/12/2008 15:52:22 mbam-log-2008-12-06 (15-52-22).txt Scan type: Snelle Scan Objecten gescand: 48192 Verstreken tijd: 6 minute(s), 23 second(s) Geheugenprocessen geïnfecteerd: 0 Geheugenmodulen geïnfecteerd: 0 Registersleutels geïnfecteerd: 3 Registerwaarden geïnfecteerd: 8 Registerdata bestanden geïnfecteerd: 0 Mappen geïnfecteerd: 6 Bestanden geïnfecteerd: 11 Geheugenprocessen geïnfecteerd: (Geen kwaadaardige items gevonden) Geheugenmodulen geïnfecteerd: (Geen kwaadaardige items gevonden) Registersleutels geïnfecteerd: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{f10587e9-0e47-4cbe-84ae-7dd20b8684bb} (Trojan.BHO) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{efaf6ea3-615d-4f83-8748-2f7a576fcea6} (Trojan.Zlob) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{e8249e69-a809-4544-832f-64eb65747a92} (Trojan.Zlob) -> Quarantined and deleted successfully. Registerwaarden geïnfecteerd: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{efaf6ea3-615d-4f83-8748-2f7a576fcea6} (Trojan.Zlob) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\CmdMapping\{10e42047-deb9-4535-a118-b3f6ec39b807} (Adware.ISTBar) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\CmdMapping\{9034a523-d068-4be8-a284-9df278be776e} (Trojan.Zlob) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow\netsearchsoft.com (Malware.Trace) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow\Home Page (Malware.Trace) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow\*.securewebinfo.com (Trojan.Zlob) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow\*.safetyincludes.com (Trojan.Zlob) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\BootStera (Rogue.WinAntivirus) -> Quarantined and deleted successfully. Registerdata bestanden geïnfecteerd: (Geen kwaadaardige items gevonden) Mappen geïnfecteerd: C:\Documents and Settings\All Users\Application Data\WinAntiVirus Pro 2006 (Rogue.WinAntivirus) -> Quarantined and deleted successfully. C:\Program Files\MyWay (Adware.MyWay) -> Quarantined and deleted successfully. C:\Documents and Settings\LocalService\Application Data\WinAntiVirus Pro 2006 (Rogue.WinAntivirus) -> Quarantined and deleted successfully. C:\Documents and Settings\LocalService\Application Data\WinAntiVirus Pro 2006\Logs (Rogue.WinAntivirus) -> Quarantined and deleted successfully. C:\Documents and Settings\LocalService\Application Data\SystemDoctor 2006 Free (Rogue.SystemDoctor) -> Quarantined and deleted successfully. C:\Documents and Settings\LocalService\Application Data\SystemDoctor 2006 Free\Logs (Rogue.SystemDoctor) -> Quarantined and deleted successfully. Bestanden geïnfecteerd: C:\Documents and Settings\LocalService\Application Data\WinAntiVirus Pro 2006\PGE.dat (Rogue.WinAntivirus) -> Quarantined and deleted successfully. C:\Documents and Settings\LocalService\Application Data\WinAntiVirus Pro 2006\Logs\update.log (Rogue.WinAntivirus) -> Quarantined and deleted successfully. C:\Documents and Settings\LocalService\Application Data\WinAntiVirus Pro 2006\Logs\wa6Support.log (Rogue.WinAntivirus) -> Quarantined and deleted successfully. C:\Documents and Settings\LocalService\Application Data\WinAntiVirus Pro 2006\Logs\winav.log (Rogue.WinAntivirus) -> Quarantined and deleted successfully. C:\Documents and Settings\LocalService\Application Data\SystemDoctor 2006 Free\Logs\update.log (Rogue.SystemDoctor) -> Quarantined and deleted successfully. C:\WINDOWS\system32\stera.job (Rogue.WinAntivirus) -> Quarantined and deleted successfully. C:\WINDOWS\tmlpcert2005 (Adware.EGDAccess) -> Quarantined and deleted successfully. C:\Documents and Settings\tom\FR_AlpineClassic.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\Documents and Settings\tom\install_flash_player.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\Documents and Settings\tom\settlers_catan.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\Documents and Settings\tom\Favorieten\Online Security Test.url (Rogue.Link) -> Quarantined and deleted successfully.
  9. kan iemand onderstaande eens nazien, mijn programma's starten zeer traag op: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 11:07:29, on 6/12/2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Launch Manager\LaunchAp.exe C:\WINDOWS\SOUNDMAN.EXE C:\WINDOWS\system32\PRISMSTA.EXE C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe C:\Program Files\Network Associates\Common Framework\FrameworkService.exe C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe C:\PROGRA~1\TELENE~1\SMARTB~1\MotiveSB.exe C:\Program Files\Network Associates\VirusScan\Mcshield.exe C:\WINDOWS\System32\spool\DRIVERS\W32X86\2\fpdisp4.exe C:\Program Files\Launch Manager\HotkeyApp.exe C:\Program Files\Launch Manager\OSD.exe C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE C:\Program Files\Launch Manager\Wbutton.exe C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe C:\PROGRA~1\NETWOR~1\COMMON~1\naPrdMgr.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\alg.exe C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE C:\Program Files\CodeStuff\Starter\Starter.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\WinRAR\WinRAR.exe C:\DOCUME~1\tom\LOCALS~1\Temp\Rar$EX00.125\HijackThis.exe C:\WINDOWS\System32\wbem\wmiprvse.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Welcome to ALDI R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http://pac.pandora.be:8080 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O1 - Hosts: 216.40.230.4 desktop.kazaa.com O1 - Hosts: 216.40.230.4 alpha.kazaa.com O1 - Hosts: 216.40.230.4 shop.kazaa.com O2 - BHO: HTML Source Editor - {0E1B2879-88FF-11D2-8D96-D7ACAC95951F} - C:\WINDOWS\system32\adjhdf.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: C:\WINDOWS\lbbho.dll - {616A4167-A009-466C-B193-4EB32861606E} - C:\WINDOWS\lbbho.dll O2 - BHO: (no name) - {6281F9A5-72A6-0FE3-3019-7F65F2698D5D} - (no file) O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O3 - Toolbar: (no name) - {EFAF6EA3-615D-4F83-8748-2F7A576FCEA6} - (no file) O4 - HKLM\..\Run: [LaunchAp] C:\Program Files\Launch Manager\LaunchAp.exe O4 - HKLM\..\Run: [CtrlVol] C:\Program Files\Launch Manager\CtrlVol.exe O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [PRISMSTA.EXE] PRISMSTA.EXE START O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\TELENE~1\SMARTB~1\MotiveSB.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [FinePrint Dispatcher v4] C:\WINDOWS\System32\spool\DRIVERS\W32X86\2\fpdisp4.exe O4 - HKLM\..\Run: [HotkeyApp] C:\Program Files\Launch Manager\HotkeyApp.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [OSD] C:\Program Files\Launch Manager\OSD.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [shStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE O4 - HKLM\..\Run: [VOBRegCheck] C:\WINDOWS\System32\VOBREGCheck.exe -CheckReg O4 - HKLM\..\Run: [Wbutton] "C:\Program Files\Launch Manager\Wbutton.exe" O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [uniblue RegistryBooster 2009] C:\Program Files\Uniblue\RegistryBooster\RegistryBooster.exe /S O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http://www.aldi.com O16 - DPF: {134F7664-943D-3BB9-65F5-70B91DF46C86} - http://www.xxxcodec.com/xxxcodec-v3.508.exe O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://virusscanner.telenet.be/fscax.cab O21 - SSODL: hydrodictyon - {b166be07-30a4-4d38-b781-44528a630706} - (no file) O22 - SharedTaskScheduler: hydrodictyon - {b166be07-30a4-4d38-b781-44528a630706} - (no file) O22 - SharedTaskScheduler: eaton - {d8b937a4-cdad-497b-a872-8da7c4c3ef6f} - (no file) O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe O23 - Service: CA License Client (CA_LIC_CLNT) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmt.exe O23 - Service: CA License Server (CA_LIC_SRVR) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmtd.exe O23 - Service: Event Log Watch (LogWatch) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe O23 - Service: XXXCodec Service (XXXCodec Acceleration Service) - Unknown owner - C:\Program Files\XXXCodec\casrv.exe (file missing) -- End of file - 7934 bytes
×
×
  • Nieuwe aanmaken...

Belangrijke informatie

We hebben cookies geplaatst op je toestel om deze website voor jou beter te kunnen maken. Je kunt de cookie instellingen aanpassen, anders gaan we er van uit dat het goed is om verder te gaan.