Stefert
-
Items
20 -
Registratiedatum
-
Laatst bezocht
Inhoudstype
Profielen
Forums
Store
Berichten die geplaatst zijn door Stefert
-
-
Hallo
Al een hele tijd werkt mijn computer heel traag. Hoe kan ik dit oplossen zodanig dat mijn pc weer wat rapper gaat? (ook internet gaat traag)
Hopelijk kunnen jullie mij helpen.
Alvast bedankt
Stefert
-
Heel erg bedankt
Voor mij te helpen.
-
ik kan Avi bestanden niet openen. En zou dit graag willen omzetten naar Wmv zodanig dat ik het wel kan afspelen.
-
Sorry
Maar toch bedankt
-
Hallo,
Ik zou graag een programma willen downloaden dat films van AVI naar WMV converteert kunt u mij iets aanraden. Alvast bedankt
Steven
-
Op deze website kan ik niet veranderen van foto
-
Hallo,
Ik heb een probleem met het openen van foto's op website.
Telkens wanneer ik naar een volgende foto wil gaan komt er onderaan een uittroepingsteken met het volgende "Fout op de pagina". En als ik met mijn muisaanwijzer op de foto sta dan staat er "javascript:jumpToImage(replace character...). Zou er iemand mij kunnen helpen dit op te lossen. Zodanig dat ik deze foto's wel kan zien.
Alvast Bedankt.
-
Hallo,
hier is het logje.
ComboFix 09-02-25.02 - Steven Scherrens 2009-02-26 13:17:00.3 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.31.1043.18.2029.1414 [GMT 1:00]
Gestart vanuit: c:\documents and settings\Steven Scherrens\Bureaublad\ComboFix.exe
gebruikte Opdracht switches :: c:\documents and settings\Steven Scherrens\Bureaublad\CFScript.txt..txt
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated)
* Nieuw herstelpunt werd aangemaakt
.
(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\All Users\Application Data\101B5
c:\documents and settings\All Users\Application Data\101B5\{10AAE29A-BE01-462E-8DAC-D1E7FBC21E12}.swf
c:\documents and settings\All Users\Application Data\11217
c:\documents and settings\All Users\Application Data\11217\{70526D7D-DF16-4B1B-9553-78A945EE4425}.swf
c:\documents and settings\All Users\Application Data\11F
c:\documents and settings\All Users\Application Data\11F\{5E26A8E0-1158-43C2-AEA1-462B47E6E4D0}.swf
c:\documents and settings\All Users\Application Data\13DA
c:\documents and settings\All Users\Application Data\13DA\{495A7678-1529-420F-B8B3-B7ACEDA72605}.swf
c:\documents and settings\All Users\Application Data\193AF
c:\documents and settings\All Users\Application Data\193AF\{7CE4A82F-3439-4DC7-9B78-EF26A7CD2ACE}.swf
c:\documents and settings\All Users\Application Data\1B35B
c:\documents and settings\All Users\Application Data\1B35B\{307D83B0-3FFD-4281-B7DD-9C2DBCC61A3B}.swf
c:\documents and settings\All Users\Application Data\1C29F
c:\documents and settings\All Users\Application Data\1C29F\{97CA273E-68E7-490E-A972-85BB772596AF}.swf
c:\documents and settings\All Users\Application Data\1D157
c:\documents and settings\All Users\Application Data\1D157\{802E8E2F-578A-4979-9BA0-8132BC9A10C4}.swf
c:\documents and settings\All Users\Application Data\2090410918
c:\documents and settings\All Users\Application Data\2090410918\config.udb
c:\documents and settings\All Users\Application Data\2090410918\init.udb
c:\documents and settings\All Users\Application Data\2090410918\Langs.udb
c:\documents and settings\All Users\Application Data\2213
c:\documents and settings\All Users\Application Data\2213\{EECCD9C5-AF2C-403A-A9D3-9B7E8FD4EC41}.swf
c:\documents and settings\All Users\Application Data\244E
c:\documents and settings\All Users\Application Data\244E\{56EA3B97-DFD5-48D6-8262-17522F30834D}.swf
c:\documents and settings\All Users\Application Data\25138
c:\documents and settings\All Users\Application Data\25138\{73235BBB-0A1C-4B51-AB71-5032CC97D369}.swf
c:\documents and settings\All Users\Application Data\251F
c:\documents and settings\All Users\Application Data\251F\{29C81F89-C056-44BE-9436-FD0F315D0DD8}.swf
c:\documents and settings\All Users\Application Data\272E
c:\documents and settings\All Users\Application Data\272E\{AD67C444-C257-4793-9F31-618650858315}.swf
c:\documents and settings\All Users\Application Data\2A109
c:\documents and settings\All Users\Application Data\2A109\{AC1BE271-0DE3-4D10-8959-5364EC204D09}.swf
c:\documents and settings\All Users\Application Data\2A213
c:\documents and settings\All Users\Application Data\2A213\{F2A16F65-6EA8-4BBF-A21A-FE926623C609}.swf
c:\documents and settings\All Users\Application Data\2C138
c:\documents and settings\All Users\Application Data\2C138\{7E7AF30D-474C-4EC3-8ED6-53918DF5AAC4}.swf
c:\documents and settings\All Users\Application Data\2D3B9
c:\documents and settings\All Users\Application Data\2D3B9\{6B0D67B8-DF42-4326-859E-F655C64A4C44}.swf
c:\documents and settings\All Users\Application Data\2F3A9
c:\documents and settings\All Users\Application Data\2F3A9\{1557B21C-907A-4D9F-B818-A9D8CCBDBE10}.swf
c:\documents and settings\All Users\Application Data\31F9
c:\documents and settings\All Users\Application Data\31F9\{D2F1B923-1B05-4BCD-A7A6-0318A14E0FA5}.swf
c:\documents and settings\All Users\Application Data\3238A
c:\documents and settings\All Users\Application Data\3238A\{465740B1-DE2C-45F1-AB1D-9EF297C2F7B0}.swf
c:\documents and settings\All Users\Application Data\33242
c:\documents and settings\All Users\Application Data\33242\{377AA634-AA5C-4640-B404-2B4A4251899B}.swf
c:\documents and settings\All Users\Application Data\341F
c:\documents and settings\All Users\Application Data\341F\{B1BD81B5-672C-44CF-8554-79E657104D94}.swf
c:\documents and settings\All Users\Application Data\349C
c:\documents and settings\All Users\Application Data\349C\{3950FFE2-B7F9-432F-9BEE-6FDE12D461CF}.swf
c:\documents and settings\All Users\Application Data\35232
c:\documents and settings\All Users\Application Data\35232\{2C793C24-B52D-4620-8737-D9DFBDB35AF8}.swf
c:\documents and settings\All Users\Application Data\3ADA
c:\documents and settings\All Users\Application Data\3ADA\{E7254E29-D96E-484C-91AB-BCA246413798}.swf
c:\documents and settings\All Users\Application Data\536B
c:\documents and settings\All Users\Application Data\536B\{C40B55FF-9846-4F33-AE65-D5C7B38B6995}.swf
c:\documents and settings\All Users\Application Data\634B
c:\documents and settings\All Users\Application Data\634B\{1617AB90-E44A-4467-A4FE-0D0CC5410E0A}.swf
c:\documents and settings\All Users\Application Data\63E
c:\documents and settings\All Users\Application Data\63E\{99482D56-65C1-4261-8313-96E4808A119F}.swf
c:\documents and settings\All Users\Application Data\73B9
c:\documents and settings\All Users\Application Data\73B9\{77FA9950-D4FB-4DFB-A877-69B38A2915CD}.swf
c:\documents and settings\All Users\Application Data\81A5
c:\documents and settings\All Users\Application Data\81A5\{3B1D813A-E122-473F-843D-9F1A3433D32C}.swf
c:\documents and settings\All Users\Application Data\D2AF
c:\documents and settings\All Users\Application Data\D2AF\{505921AA-F93F-4519-B44E-1CE23F79D82B}.swf
c:\documents and settings\All Users\Application Data\ECB
c:\documents and settings\All Users\Application Data\ECB\{4E22389C-A7DF-49DA-94F9-76126A096E9C}.swf
c:\documents and settings\All Users\Application Data\F38A
c:\documents and settings\All Users\Application Data\F38A\{92A62392-8927-4A7A-AC68-2F86DB88629A}.swf
.
(((((((((((((((((((( Bestanden Gemaakt van 2009-01-26 to 2009-02-26 ))))))))))))))))))))))))))))))
.
2009-02-26 10:20 . 2009-02-26 10:20 <DIR> d-------- c:\documents and settings\All Users\Application Data\EFA
2009-02-24 16:32 . 2009-02-24 16:32 0 --ah----- c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01007.Wdf
2009-02-24 16:31 . 2008-03-21 13:57 14,640 --------- c:\windows\system32\spmsgXP_2k3.dll
2009-02-24 16:31 . 2009-02-24 16:31 1,374 --a------ c:\windows\imsins.BAK
2009-02-24 16:31 . 2009-02-24 16:31 0 --ah----- c:\windows\system32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
2009-02-24 15:37 . 2009-02-26 13:15 <DIR> dr-h----- c:\documents and settings\Steven Scherrens\Onlangs geopend
2009-02-24 15:32 . 2009-02-24 15:32 <DIR> d-------- c:\program files\CCleaner
2009-02-24 14:27 . 2009-02-24 14:27 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-02-24 14:27 . 2009-02-11 10:19 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-02-24 14:27 . 2009-02-11 10:19 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-02-24 13:10 . 2009-02-24 13:10 <DIR> d-------- c:\program files\Common Files\PCSuite
2009-02-24 13:10 . 2009-02-24 13:10 <DIR> d-------- c:\program files\Common Files\Nokia
2009-02-24 13:09 . 2009-02-24 13:09 <DIR> d-------- c:\program files\PC Connectivity Solution
2009-02-24 13:08 . 2008-09-15 07:29 1,112,288 --a------ c:\windows\system32\wdfcoinstaller01007.dll
2009-02-24 13:08 . 2008-09-15 07:56 659,968 --a------ c:\windows\system32\nmwcdcocls.dll
2009-02-24 13:08 . 2008-09-15 07:56 22,016 --a------ c:\windows\system32\drivers\ccdcmbo.sys
2009-02-24 13:08 . 2008-09-15 07:56 17,664 --a------ c:\windows\system32\drivers\ccdcmb.sys
2009-02-24 13:08 . 2008-09-15 07:56 8,064 --a------ c:\windows\system32\drivers\usbser_lowerfltj.sys
2009-02-24 13:08 . 2008-09-15 07:56 8,064 --a------ c:\windows\system32\drivers\usbser_lowerflt.sys
2009-02-14 17:00 . 2001-06-18 09:41 282,624 --a------ c:\windows\system32\ActiveSkin.ocx
2009-02-14 17:00 . 2001-01-10 12:23 162,304 --a------ C:\UNWISE.EXE
2009-02-14 17:00 . 2001-06-18 09:41 112 --a------ c:\windows\ActiveSkin.INI
2009-02-14 14:57 . 2009-02-14 14:57 <DIR> d-------- c:\documents and settings\All Users\Application Data\262FD
2009-02-11 18:19 . 2008-04-14 18:02 219,136 --a--c--- c:\windows\system32\dllcache\uxtheme.dll
2009-02-11 18:16 . 2009-02-11 18:16 <DIR> d-------- c:\program files\Microsoft Plus! Digital Media Edition
2009-02-11 18:12 . 2009-02-11 18:12 <DIR> d-------- c:\windows\Performance
2009-02-11 18:12 . 2009-02-11 18:12 <DIR> d-------- c:\documents and settings\All Users\Application Data\Microsoft Corporation
2009-02-11 18:07 . 2009-02-11 18:27 <DIR> d-------- c:\windows\Icons
2009-02-10 20:04 . 2007-08-01 11:03 93,184 --a------ c:\windows\system32\UnPoker.exe
2009-02-06 19:55 . 2009-02-06 19:55 308,616 --a------ c:\windows\WLXPGSS.SCR
2009-02-06 18:52 . 2009-02-06 18:52 49,504 --a------ c:\windows\system32\sirenacm.dll
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-26 12:11 --------- d-----w c:\program files\Steam
2009-02-25 19:27 201,352 ----a-w c:\windows\system32\PnkBstrB.exe
2009-02-25 19:27 140,216 ----a-w c:\windows\system32\drivers\PnkBstrK.sys
2009-02-25 16:19 --------- d-----w c:\documents and settings\All Users\Application Data\avg8
2009-02-24 15:44 --------- d-----w c:\documents and settings\Steven Scherrens\Application Data\Nokia
2009-02-24 12:10 --------- d-----w c:\program files\Nokia
2009-02-24 12:08 --------- d-----w c:\documents and settings\All Users\Application Data\Installations
2009-02-21 10:01 --------- d-----w c:\program files\Windows Live
2009-02-18 15:53 --------- d-----w c:\documents and settings\Steven Scherrens\Application Data\U3
2009-02-12 17:41 --------- d-----w c:\documents and settings\All Users\Application Data\Skype
2009-02-12 17:25 --------- d-----w c:\documents and settings\Steven Scherrens\Application Data\skypePM
2009-02-11 15:57 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2009-02-06 18:46 325,128 ----a-w c:\windows\system32\drivers\avgldx86.sys
2009-02-06 18:46 107,272 ----a-w c:\windows\system32\drivers\avgtdix.sys
2009-02-06 18:46 10,520 ----a-w c:\windows\system32\avgrsstx.dll
2009-01-24 15:20 --------- d-----w c:\documents and settings\All Users\Application Data\Electronic Arts
2009-01-12 16:45 --------- d-----w c:\program files\Google
2009-01-03 13:29 --------- d-----w c:\documents and settings\Steven Scherrens\Application Data\Malwarebytes
2009-01-03 13:29 --------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes
2009-01-03 11:43 --------- d-----w c:\program files\Trend Micro
2009-01-02 13:42 1,700,352 ----a-w c:\windows\system32\gdiplus.dll
2009-01-02 12:52 410,984 ----a-w c:\windows\system32\deploytk.dll
2009-01-02 12:52 --------- d-----w c:\program files\Java
2008-12-25 13:05 107,888 ----a-w c:\windows\system32\CmdLineExt.dll
2008-12-20 23:03 826,368 ------w c:\windows\system32\wininet.dll
.
((((((((((((((((((((((((((((( SnapShot@2009-02-25_17.55.08.89 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-06-17 19:03:19 8,508,416 -c----w c:\windows\system32\dllcache\shell32.dll
- 2008-04-14 17:02:39 8,508,416 ----a-w c:\windows\system32\shell32.dll
+ 2008-06-17 19:03:19 8,508,416 ----a-w c:\windows\system32\shell32.dll
+ 2009-02-26 12:10:56 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_1ec.dat
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2007-08-23 455968]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-27 152872]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-10-07 68856]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2009-02-06 3885408]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"EA Core"="c:\program files\Electronic Arts\EADM\Core.exe" [2009-01-09 3321856]
"Steam"="c:\program files\Steam\Steam.exe" [2008-11-22 1410296]
"RGSC"="c:\program files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe" [2008-12-18 306088]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 204288]
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2008-12-03 1205760]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-03-24 13524992]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-03-24 86016]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
"SecurDisc"="c:\program files\Nero\Nero 7\InCD\NBHGui.exe" [2007-06-25 1629480]
"InCD"="c:\program files\Nero\Nero 7\InCD\InCD.exe" [2007-06-25 1057064]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-02-06 1601304]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-01-02 136600]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
"SigmatelSysTrayApp"="sttray.exe" [2008-02-01 c:\windows\sttray.exe]
"nwiz"="nwiz.exe" [2008-03-24 c:\windows\system32\nwiz.exe]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-04-11 c:\windows\KHALMNPR.Exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"FlashPlayerUpdate"="c:\windows\system32\Macromed\Flash\FlashUtil9f.exe" [2008-03-25 218496]
c:\documents and settings\Steven Scherrens\Menu Start\Programma's\Opstarten\
OneNote 2007 Schermopname en Snel starten.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2007-12-07 101440]
c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2008-07-09 692224]
Wireless Connection Manager.lnk - c:\program files\D-Link\D-Link DWA-111 Wireless G USB Adapter\wirelesscm.exe [2008-07-09 19357696]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-02-06 19:46 10520 c:\windows\system32\avgrsstx.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Steam\\SteamApps\\stefert1993\\counter-strike source\\hl2.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Electronic Arts\\EADM\\Core.exe"=
"c:\\Program Files\\Call of Duty\\CoDMP.exe"=
"c:\\Program Files\\Steam\\SteamApps\\stefert1993\\insurgency\\hl2.exe"=
"c:\\Program Files\\Rockstar Games\\Rockstar Games Social Club\\RGSCLauncher.exe"=
"c:\\Program Files\\iMesh Applications\\iMesh\\iMesh.exe"=
"c:\\Program Files\\EA GAMES\\Battlefield 2\\BF2.exe"=
"c:\\Program Files\\Rockstar Games\\Grand Theft Auto IV\\GTAIV.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-07-09 325128]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2008-07-09 107272]
R2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2008-07-11 903960]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2008-07-11 298264]
S3 aaudstum;aaudstum;\??\c:\docume~1\STEVEN~1\LOCALS~1\Temp\aaudstum.sys --> c:\docume~1\STEVEN~1\LOCALS~1\Temp\aaudstum.sys [?]
S3 ACSSCR;ACR38 Smart Card Reader;c:\windows\system32\drivers\a38usb.sys [2006-03-24 33536]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\MAGIX\Common\Database\bin\fbserver.exe [2008-07-26 1527900]
S3 UPnPService;UPnPService;c:\program files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe [2008-07-26 544768]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ddea745a-4f4e-11dd-b557-001cc056ac9f}]
\Shell\AutoRun\command - I:\LaunchU3.exe -a
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"c:\program files\Common Files\LightScribe\LSRunOnce.exe"
.
.
------- Bijkomende Scan -------
.
uStart Page = hxxp://www.google.be/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mStart Page = hxxp://www.google.com
uInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-26 13:19:19
Windows 5.1.2600 Service Pack 3 NTFS
scannen van verborgen processen ...
scannen van verborgen autostart items ...
scannen van verborgen bestanden ...
Scan succesvol afgerond
verborgen bestanden: 0
**************************************************************************
.
--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------
[HKEY_USERS\S-1-5-21-292133596-1602540513-1142094642-1006\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:71,6d,64,e3,38,e4,24,e1,f2,cb,88,4a,46,40,03,f9,14,9d,90,2d,89,7d,b3,
ad,cc,4e,19,30,e4,35,d4,fc,f4,8e,5f,8d,fd,93,d0,32,5a,83,02,46,53,1b,04,d2,\
"??"=hex:26,1d,53,4c,c2,af,ac,5b,8a,b6,ba,0c,2c,fa,b3,09
[HKEY_USERS\S-1-5-21-292133596-1602540513-1142094642-1006\Software\SecuROM\License information*]
"datasecu"=hex:ca,6d,78,3f,76,f2,a4,f3,4e,79,f5,22,22,13,bc,69,84,42,53,64,a8,
66,4b,4d,4a,92,be,28,d0,0d,7c,ed,a2,15,6d,2c,52,b5,4c,c4,c9,cf,04,77,0d,94,\
"rkeysecu"=hex:2f,0f,d5,3e,02,2b,06,63,b1,0b,dd,b6,71,e2,54,98
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|ù•9~*]
"3140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
.
Voltooingstijd: 2009-02-26 13:20:09
ComboFix-quarantined-files.txt 2009-02-26 12:20:07
ComboFix2.txt 2009-02-25 17:46:16
ComboFix3.txt 2009-02-25 16:55:44
Pre-Run: 185.917.206.528 bytes beschikbaar
Post-Run: 186,029,486,080 bytes beschikbaar
264 --- E O F --- 2009-02-25 19:45:00
En alles is opgelost.
Merci, echt merci
-
ComboFix 09-02-24.02 - Steven Scherrens 2009-02-25 18:44:22.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.31.1043.18.2029.1376 [GMT 1:00]
Gestart vanuit: c:\documents and settings\Steven Scherrens\Bureaublad\ComboFix.exe
gebruikte Opdracht switches :: c:\documents and settings\Steven Scherrens\Bureaublad\CFScript.txt..txt
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated)
* Nieuw herstelpunt werd aangemaakt
FILE ::
c:\documents and settings\All Users\Application Data\101B5
c:\documents and settings\All Users\Application Data\11217
c:\documents and settings\All Users\Application Data\11F
c:\documents and settings\All Users\Application Data\13DA
c:\documents and settings\All Users\Application Data\193AF
c:\documents and settings\All Users\Application Data\1B35B
c:\documents and settings\All Users\Application Data\1C29F
c:\documents and settings\All Users\Application Data\1D157
c:\documents and settings\All Users\Application Data\2090410918
c:\documents and settings\All Users\Application Data\2213
c:\documents and settings\All Users\Application Data\244E
c:\documents and settings\All Users\Application Data\25138
c:\documents and settings\All Users\Application Data\251F
c:\documents and settings\All Users\Application Data\272E
c:\documents and settings\All Users\Application Data\2A109
c:\documents and settings\All Users\Application Data\2A213
c:\documents and settings\All Users\Application Data\2C138
c:\documents and settings\All Users\Application Data\2D3B9
c:\documents and settings\All Users\Application Data\2F3A9
c:\documents and settings\All Users\Application Data\31F9
c:\documents and settings\All Users\Application Data\3238A
c:\documents and settings\All Users\Application Data\33242
c:\documents and settings\All Users\Application Data\341F
c:\documents and settings\All Users\Application Data\349C
c:\documents and settings\All Users\Application Data\35232
c:\documents and settings\All Users\Application Data\3ADA
c:\documents and settings\All Users\Application Data\536B
c:\documents and settings\All Users\Application Data\634B
c:\documents and settings\All Users\Application Data\63E
c:\documents and settings\All Users\Application Data\73B9
c:\documents and settings\All Users\Application Data\81A5
c:\documents and settings\All Users\Application Data\D2AF
c:\documents and settings\All Users\Application Data\ECB
c:\documents and settings\All Users\Application Data\F38A
c:\windows\system32\71AL3dmP.exe
.
(((((((((((((((((((( Bestanden Gemaakt van 2009-01-25 to 2009-02-25 ))))))))))))))))))))))))))))))
.
2009-02-24 16:32 . 2009-02-24 16:32 0 --ah----- c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01007.Wdf
2009-02-24 16:31 . 2008-03-21 13:57 14,640 --------- c:\windows\system32\spmsgXP_2k3.dll
2009-02-24 16:31 . 2009-02-24 16:31 0 --ah----- c:\windows\system32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
2009-02-24 15:37 . 2009-02-25 18:42 <DIR> dr-h----- c:\documents and settings\Steven Scherrens\Onlangs geopend
2009-02-24 15:32 . 2009-02-24 15:32 <DIR> d-------- c:\program files\CCleaner
2009-02-24 14:27 . 2009-02-24 14:27 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-02-24 14:27 . 2009-02-11 10:19 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-02-24 14:27 . 2009-02-11 10:19 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-02-24 13:10 . 2009-02-24 13:10 <DIR> d-------- c:\program files\Common Files\PCSuite
2009-02-24 13:10 . 2009-02-24 13:10 <DIR> d-------- c:\program files\Common Files\Nokia
2009-02-24 13:09 . 2009-02-24 13:09 <DIR> d-------- c:\program files\PC Connectivity Solution
2009-02-24 13:08 . 2008-09-15 07:29 1,112,288 --a------ c:\windows\system32\wdfcoinstaller01007.dll
2009-02-24 13:08 . 2008-09-15 07:56 659,968 --a------ c:\windows\system32\nmwcdcocls.dll
2009-02-24 13:08 . 2008-09-15 07:56 22,016 --a------ c:\windows\system32\drivers\ccdcmbo.sys
2009-02-24 13:08 . 2008-09-15 07:56 17,664 --a------ c:\windows\system32\drivers\ccdcmb.sys
2009-02-24 13:08 . 2008-09-15 07:56 8,064 --a------ c:\windows\system32\drivers\usbser_lowerfltj.sys
2009-02-24 13:08 . 2008-09-15 07:56 8,064 --a------ c:\windows\system32\drivers\usbser_lowerflt.sys
2009-02-22 10:58 . 2009-02-22 10:58 <DIR> d-------- c:\documents and settings\All Users\Application Data\81A5
2009-02-18 13:35 . 2009-02-18 13:35 <DIR> d-------- c:\documents and settings\All Users\Application Data\2213
2009-02-17 20:41 . 2009-02-17 20:41 <DIR> d-------- c:\documents and settings\All Users\Application Data\349C
2009-02-15 16:48 . 2009-02-15 16:48 <DIR> d-------- c:\documents and settings\All Users\Application Data\536B
2009-02-15 13:07 . 2009-02-15 13:07 <DIR> d-------- c:\documents and settings\All Users\Application Data\341F
2009-02-14 17:00 . 2001-06-18 09:41 282,624 --a------ c:\windows\system32\ActiveSkin.ocx
2009-02-14 17:00 . 2001-01-10 12:23 162,304 --a------ C:\UNWISE.EXE
2009-02-14 17:00 . 2001-06-18 09:41 112 --a------ c:\windows\ActiveSkin.INI
2009-02-14 14:57 . 2009-02-14 14:57 <DIR> d-------- c:\documents and settings\All Users\Application Data\262FD
2009-02-11 18:19 . 2008-04-14 18:02 219,136 --a--c--- c:\windows\system32\dllcache\uxtheme.dll
2009-02-11 18:16 . 2009-02-11 18:16 <DIR> d-------- c:\program files\Microsoft Plus! Digital Media Edition
2009-02-11 18:12 . 2009-02-11 18:12 <DIR> d-------- c:\windows\Performance
2009-02-11 18:12 . 2009-02-11 18:12 <DIR> d-------- c:\documents and settings\All Users\Application Data\Microsoft Corporation
2009-02-11 18:07 . 2009-02-11 18:27 <DIR> d-------- c:\windows\Icons
2009-02-11 14:39 . 2009-02-11 14:39 <DIR> d-------- c:\documents and settings\All Users\Application Data\35232
2009-02-10 20:04 . 2007-08-01 11:03 93,184 --a------ c:\windows\system32\UnPoker.exe
2009-02-10 18:54 . 2009-02-10 18:54 <DIR> d-------- c:\documents and settings\All Users\Application Data\63E
2009-02-09 21:00 . 2009-02-09 21:00 <DIR> d-------- c:\documents and settings\All Users\Application Data\31F9
2009-02-06 19:55 . 2009-02-06 19:55 308,616 --a------ c:\windows\WLXPGSS.SCR
2009-02-06 18:52 . 2009-02-06 18:52 49,504 --a------ c:\windows\system32\sirenacm.dll
2009-02-04 13:30 . 2009-02-04 13:30 <DIR> d-------- c:\documents and settings\All Users\Application Data\2D3B9
2009-02-01 10:29 . 2009-02-01 10:29 <DIR> d-------- c:\documents and settings\All Users\Application Data\25138
2009-01-31 19:39 . 2009-01-31 19:39 <DIR> d-------- c:\documents and settings\All Users\Application Data\634B
2009-01-31 16:04 . 2009-01-31 16:04 <DIR> d-------- c:\documents and settings\All Users\Application Data\1B35B
2009-01-30 19:34 . 2009-01-30 19:34 <DIR> d-------- c:\documents and settings\All Users\Application Data\3ADA
2009-01-29 20:16 . 2009-01-29 20:16 <DIR> d-------- c:\documents and settings\All Users\Application Data\3238A
2009-01-28 14:07 . 2009-01-28 14:07 <DIR> d-------- c:\documents and settings\All Users\Application Data\2A109
2009-01-27 17:48 . 2009-01-27 17:48 <DIR> d-------- c:\documents and settings\All Users\Application Data\251F
2009-01-26 22:15 . 2009-01-26 22:15 <DIR> d-------- c:\documents and settings\All Users\Application Data\193AF
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-25 16:51 --------- d-----w c:\program files\Steam
2009-02-25 16:19 --------- d-----w c:\documents and settings\All Users\Application Data\avg8
2009-02-24 15:44 --------- d-----w c:\documents and settings\Steven Scherrens\Application Data\Nokia
2009-02-24 12:52 201,352 ----a-w c:\windows\system32\PnkBstrB.exe
2009-02-24 12:52 140,216 ----a-w c:\windows\system32\drivers\PnkBstrK.sys
2009-02-24 12:10 --------- d-----w c:\program files\Nokia
2009-02-24 12:08 --------- d-----w c:\documents and settings\All Users\Application Data\Installations
2009-02-21 10:01 --------- d-----w c:\program files\Windows Live
2009-02-18 15:53 --------- d-----w c:\documents and settings\Steven Scherrens\Application Data\U3
2009-02-12 17:41 --------- d-----w c:\documents and settings\All Users\Application Data\Skype
2009-02-12 17:25 --------- d-----w c:\documents and settings\Steven Scherrens\Application Data\skypePM
2009-02-11 15:57 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2009-02-06 18:46 325,128 ----a-w c:\windows\system32\drivers\avgldx86.sys
2009-02-06 18:46 107,272 ----a-w c:\windows\system32\drivers\avgtdix.sys
2009-02-06 18:46 10,520 ----a-w c:\windows\system32\avgrsstx.dll
2009-01-24 15:20 --------- d-----w c:\documents and settings\All Users\Application Data\Electronic Arts
2009-01-22 18:16 --------- d-----w c:\documents and settings\All Users\Application Data\244E
2009-01-21 16:34 --------- d-----w c:\documents and settings\All Users\Application Data\73B9
2009-01-20 18:15 --------- d-----w c:\documents and settings\All Users\Application Data\272E
2009-01-19 17:33 --------- d-----w c:\documents and settings\All Users\Application Data\11217
2009-01-17 12:34 --------- d-----w c:\documents and settings\All Users\Application Data\D2AF
2009-01-15 17:21 --------- d-----w c:\documents and settings\All Users\Application Data\13DA
2009-01-12 16:45 --------- d-----w c:\program files\Google
2009-01-11 19:08 --------- d-----w c:\documents and settings\All Users\Application Data\2F3A9
2009-01-09 17:14 --------- d-----w c:\documents and settings\All Users\Application Data\2A213
2009-01-08 17:12 --------- d-----w c:\documents and settings\All Users\Application Data\33242
2009-01-03 13:42 --------- d-----w c:\documents and settings\All Users\Application Data\2090410918
2009-01-03 13:29 --------- d-----w c:\documents and settings\Steven Scherrens\Application Data\Malwarebytes
2009-01-03 13:29 --------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes
2009-01-03 11:43 --------- d-----w c:\program files\Trend Micro
2009-01-02 13:42 1,700,352 ----a-w c:\windows\system32\gdiplus.dll
2009-01-02 12:52 410,984 ----a-w c:\windows\system32\deploytk.dll
2009-01-02 12:52 --------- d-----w c:\program files\Java
2009-01-02 11:31 --------- d-----w c:\documents and settings\All Users\Application Data\ECB
2008-12-31 10:37 --------- d-----w c:\documents and settings\All Users\Application Data\2C138
2008-12-30 16:56 --------- d-----w c:\documents and settings\All Users\Application Data\F38A
2008-12-30 10:37 --------- d-----w c:\documents and settings\All Users\Application Data\1D157
2008-12-28 18:39 --------- d-----w c:\documents and settings\All Users\Application Data\11F
2008-12-27 09:35 --------- d-----w c:\documents and settings\All Users\Application Data\101B5
2008-12-25 13:05 107,888 ----a-w c:\windows\system32\CmdLineExt.dll
2008-12-25 12:36 --------- d--h--w c:\program files\InstallShield Installation Information
2008-12-25 12:24 --------- d-----w c:\program files\EA GAMES
2008-12-25 10:31 --------- d-----w c:\documents and settings\All Users\Application Data\1C29F
2008-12-20 23:03 826,368 ------w c:\windows\system32\wininet.dll
.
((((((((((((((((((((((((((((( SnapShot@2009-02-25_17.55.08.89 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-02-25 16:51:03 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_1b0.dat
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2007-08-23 455968]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-27 152872]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-10-07 68856]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2009-02-06 3885408]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"EA Core"="c:\program files\Electronic Arts\EADM\Core.exe" [2009-01-09 3321856]
"Steam"="c:\program files\Steam\Steam.exe" [2008-11-22 1410296]
"RGSC"="c:\program files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe" [2008-12-18 306088]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 204288]
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2008-12-03 1205760]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-03-24 13524992]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-03-24 86016]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
"SecurDisc"="c:\program files\Nero\Nero 7\InCD\NBHGui.exe" [2007-06-25 1629480]
"InCD"="c:\program files\Nero\Nero 7\InCD\InCD.exe" [2007-06-25 1057064]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-02-06 1601304]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-01-02 136600]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
"SigmatelSysTrayApp"="sttray.exe" [2008-02-01 c:\windows\sttray.exe]
"nwiz"="nwiz.exe" [2008-03-24 c:\windows\system32\nwiz.exe]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-04-11 c:\windows\KHALMNPR.Exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"FlashPlayerUpdate"="c:\windows\system32\Macromed\Flash\FlashUtil9f.exe" [2008-03-25 218496]
c:\documents and settings\Steven Scherrens\Menu Start\Programma's\Opstarten\
OneNote 2007 Schermopname en Snel starten.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2007-12-07 101440]
c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2008-07-09 692224]
Wireless Connection Manager.lnk - c:\program files\D-Link\D-Link DWA-111 Wireless G USB Adapter\wirelesscm.exe [2008-07-09 19357696]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-02-06 19:46 10520 c:\windows\system32\avgrsstx.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Steam\\SteamApps\\stefert1993\\counter-strike source\\hl2.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Electronic Arts\\EADM\\Core.exe"=
"c:\\Program Files\\Call of Duty\\CoDMP.exe"=
"c:\\Program Files\\Steam\\SteamApps\\stefert1993\\insurgency\\hl2.exe"=
"c:\\Program Files\\Rockstar Games\\Rockstar Games Social Club\\RGSCLauncher.exe"=
"c:\\Program Files\\iMesh Applications\\iMesh\\iMesh.exe"=
"c:\\Program Files\\EA GAMES\\Battlefield 2\\BF2.exe"=
"c:\\Program Files\\Rockstar Games\\Grand Theft Auto IV\\GTAIV.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-07-09 325128]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2008-07-09 107272]
R2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2008-07-11 903960]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2008-07-11 298264]
S3 aaudstum;aaudstum;\??\c:\docume~1\STEVEN~1\LOCALS~1\Temp\aaudstum.sys --> c:\docume~1\STEVEN~1\LOCALS~1\Temp\aaudstum.sys [?]
S3 ACSSCR;ACR38 Smart Card Reader;c:\windows\system32\drivers\a38usb.sys [2006-03-24 33536]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\MAGIX\Common\Database\bin\fbserver.exe [2008-07-26 1527900]
S3 UPnPService;UPnPService;c:\program files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe [2008-07-26 544768]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ddea745a-4f4e-11dd-b557-001cc056ac9f}]
\Shell\AutoRun\command - I:\LaunchU3.exe -a
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"c:\program files\Common Files\LightScribe\LSRunOnce.exe"
.
.
------- Bijkomende Scan -------
.
uStart Page = hxxp://www.google.be/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mStart Page = hxxp://www.google.com
uInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-25 18:45:26
Windows 5.1.2600 Service Pack 3 NTFS
scannen van verborgen processen ...
scannen van verborgen autostart items ...
scannen van verborgen bestanden ...
Scan succesvol afgerond
verborgen bestanden: 0
**************************************************************************
.
--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------
[HKEY_USERS\S-1-5-21-292133596-1602540513-1142094642-1006\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:71,6d,64,e3,38,e4,24,e1,f2,cb,88,4a,46,40,03,f9,14,9d,90,2d,89,7d,b3,
ad,cc,4e,19,30,e4,35,d4,fc,f4,8e,5f,8d,fd,93,d0,32,5a,83,02,46,53,1b,04,d2,\
"??"=hex:26,1d,53,4c,c2,af,ac,5b,8a,b6,ba,0c,2c,fa,b3,09
[HKEY_USERS\S-1-5-21-292133596-1602540513-1142094642-1006\Software\SecuROM\License information*]
"datasecu"=hex:ca,6d,78,3f,76,f2,a4,f3,4e,79,f5,22,22,13,bc,69,84,42,53,64,a8,
66,4b,4d,4a,92,be,28,d0,0d,7c,ed,a2,15,6d,2c,52,b5,4c,c4,c9,cf,04,77,0d,94,\
"rkeysecu"=hex:2f,0f,d5,3e,02,2b,06,63,b1,0b,dd,b6,71,e2,54,98
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|ù•9~*]
"3140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
.
Voltooingstijd: 2009-02-25 18:46:14
ComboFix-quarantined-files.txt 2009-02-25 17:46:12
ComboFix2.txt 2009-02-25 16:55:44
Pre-Run: 186.160.291.840 bytes beschikbaar
Post-Run: 186,190,893,056 bytes beschikbaar
257 --- E O F --- 2009-02-11 15:58:48
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:49:31, on 25/02/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\STacSV.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\WINDOWS\sttray.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe
C:\Program Files\Nero\Nero 7\InCD\InCD.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Steam\Steam.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\D-Link\D-Link DWA-111 Wireless G USB Adapter\wirelesscm.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Click-to-Call BHO - {5C255C8A-E604-49b4-9D64-90988571CECB} - C:\Program Files\Windows Live\Messenger\wlchtc.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [sigmatelSysTrayApp] sttray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [securDisc] C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe
O4 - HKLM\..\Run: [inCD] C:\Program Files\Nero\Nero 7\InCD\InCD.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [EA Core] "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent
O4 - HKCU\..\Run: [steam] "C:\Program Files\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [RGSC] C:\Program Files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe /silent
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
O4 - HKUS\S-1-5-18\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil9f.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil9f.exe (User 'Default user')
O4 - Startup: OneNote 2007 Schermopname en Snel starten.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Wireless Connection Manager.lnk = ?
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: In weblog opnemen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &In weblog opnemen met Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://3dlifeplayer.dl.3dvia.com/player/install/3DVIA_player_installer.exe
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Program Files\SigmaTel\C-Major Audio\WDM\STacSV.exe
O23 - Service: UPnPService - Magix AG - C:\Program Files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe
--
End of file - 10970 bytes
-
Hallo,
Dit is het logje.
ComboFix 09-02-24.02 - Steven Scherrens 2009-02-25 17:48:16.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.31.1043.18.2029.1423 [GMT 1:00]
Gestart vanuit: c:\documents and settings\Steven Scherrens\Bureaublad\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated)
* Nieuw herstelpunt werd aangemaakt
.
(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\Steven Scherrens\Application Data\MBSMainPlugin1635.dll
c:\windows\system32\init32.exe
Besmet exemplaar van c:\windows\system32\userinit.exe werd aangetroffen en gedesinfecteerd
Hersteld exemplaar van - c:\qoobox\Quarantine\C\WINDOWS\system32\userinit.exe.vir
.
(((((((((((((((((((( Bestanden Gemaakt van 2009-01-25 to 2009-02-25 ))))))))))))))))))))))))))))))
.
2009-02-24 16:32 . 2009-02-24 16:32 0 --ah----- c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01007.Wdf
2009-02-24 16:31 . 2008-03-21 13:57 14,640 --------- c:\windows\system32\spmsgXP_2k3.dll
2009-02-24 16:31 . 2009-02-24 16:31 0 --ah----- c:\windows\system32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
2009-02-24 15:37 . 2009-02-24 16:46 <DIR> dr-h----- c:\documents and settings\Steven Scherrens\Onlangs geopend
2009-02-24 15:32 . 2009-02-24 15:32 <DIR> d-------- c:\program files\CCleaner
2009-02-24 14:27 . 2009-02-24 14:27 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-02-24 14:27 . 2009-02-11 10:19 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-02-24 14:27 . 2009-02-11 10:19 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-02-24 13:10 . 2009-02-24 13:10 <DIR> d-------- c:\program files\Common Files\PCSuite
2009-02-24 13:10 . 2009-02-24 13:10 <DIR> d-------- c:\program files\Common Files\Nokia
2009-02-24 13:09 . 2009-02-24 13:09 <DIR> d-------- c:\program files\PC Connectivity Solution
2009-02-24 13:08 . 2008-09-15 07:29 1,112,288 --a------ c:\windows\system32\wdfcoinstaller01007.dll
2009-02-24 13:08 . 2008-09-15 07:56 659,968 --a------ c:\windows\system32\nmwcdcocls.dll
2009-02-24 13:08 . 2008-09-15 07:56 22,016 --a------ c:\windows\system32\drivers\ccdcmbo.sys
2009-02-24 13:08 . 2008-09-15 07:56 17,664 --a------ c:\windows\system32\drivers\ccdcmb.sys
2009-02-24 13:08 . 2008-09-15 07:56 8,064 --a------ c:\windows\system32\drivers\usbser_lowerfltj.sys
2009-02-24 13:08 . 2008-09-15 07:56 8,064 --a------ c:\windows\system32\drivers\usbser_lowerflt.sys
2009-02-22 10:58 . 2009-02-22 10:58 <DIR> d-------- c:\documents and settings\All Users\Application Data\81A5
2009-02-18 13:35 . 2009-02-18 13:35 <DIR> d-------- c:\documents and settings\All Users\Application Data\2213
2009-02-17 20:41 . 2009-02-17 20:41 <DIR> d-------- c:\documents and settings\All Users\Application Data\349C
2009-02-15 16:48 . 2009-02-15 16:48 <DIR> d-------- c:\documents and settings\All Users\Application Data\536B
2009-02-15 13:07 . 2009-02-15 13:07 <DIR> d-------- c:\documents and settings\All Users\Application Data\341F
2009-02-14 17:00 . 2001-06-18 09:41 282,624 --a------ c:\windows\system32\ActiveSkin.ocx
2009-02-14 17:00 . 2001-01-10 12:23 162,304 --a------ C:\UNWISE.EXE
2009-02-14 17:00 . 2001-06-18 09:41 112 --a------ c:\windows\ActiveSkin.INI
2009-02-14 14:57 . 2009-02-14 14:57 <DIR> d-------- c:\documents and settings\All Users\Application Data\262FD
2009-02-11 18:19 . 2008-04-14 18:02 219,136 --a--c--- c:\windows\system32\dllcache\uxtheme.dll
2009-02-11 18:16 . 2009-02-11 18:16 <DIR> d-------- c:\program files\Microsoft Plus! Digital Media Edition
2009-02-11 18:12 . 2009-02-11 18:12 <DIR> d-------- c:\windows\Performance
2009-02-11 18:12 . 2009-02-11 18:12 <DIR> d-------- c:\documents and settings\All Users\Application Data\Microsoft Corporation
2009-02-11 18:07 . 2009-02-11 18:27 <DIR> d-------- c:\windows\Icons
2009-02-11 14:39 . 2009-02-11 14:39 <DIR> d-------- c:\documents and settings\All Users\Application Data\35232
2009-02-10 20:04 . 2007-08-01 11:03 93,184 --a------ c:\windows\system32\UnPoker.exe
2009-02-10 18:54 . 2009-02-10 18:54 <DIR> d-------- c:\documents and settings\All Users\Application Data\63E
2009-02-09 21:00 . 2009-02-09 21:00 <DIR> d-------- c:\documents and settings\All Users\Application Data\31F9
2009-02-06 19:55 . 2009-02-06 19:55 308,616 --a------ c:\windows\WLXPGSS.SCR
2009-02-06 18:52 . 2009-02-06 18:52 49,504 --a------ c:\windows\system32\sirenacm.dll
2009-02-04 13:30 . 2009-02-04 13:30 <DIR> d-------- c:\documents and settings\All Users\Application Data\2D3B9
2009-02-01 10:29 . 2009-02-01 10:29 <DIR> d-------- c:\documents and settings\All Users\Application Data\25138
2009-01-31 19:39 . 2009-01-31 19:39 <DIR> d-------- c:\documents and settings\All Users\Application Data\634B
2009-01-31 16:04 . 2009-01-31 16:04 <DIR> d-------- c:\documents and settings\All Users\Application Data\1B35B
2009-01-30 19:34 . 2009-01-30 19:34 <DIR> d-------- c:\documents and settings\All Users\Application Data\3ADA
2009-01-29 20:16 . 2009-01-29 20:16 <DIR> d-------- c:\documents and settings\All Users\Application Data\3238A
2009-01-28 14:07 . 2009-01-28 14:07 <DIR> d-------- c:\documents and settings\All Users\Application Data\2A109
2009-01-27 17:48 . 2009-01-27 17:48 <DIR> d-------- c:\documents and settings\All Users\Application Data\251F
2009-01-26 22:15 . 2009-01-26 22:15 <DIR> d-------- c:\documents and settings\All Users\Application Data\193AF
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-25 16:51 --------- d-----w c:\program files\Steam
2009-02-25 16:19 --------- d-----w c:\documents and settings\All Users\Application Data\avg8
2009-02-24 15:44 --------- d-----w c:\documents and settings\Steven Scherrens\Application Data\Nokia
2009-02-24 12:52 140,216 ----a-w c:\windows\system32\drivers\PnkBstrK.sys
2009-02-24 12:10 --------- d-----w c:\program files\Nokia
2009-02-24 12:08 --------- d-----w c:\documents and settings\All Users\Application Data\Installations
2009-02-21 10:01 --------- d-----w c:\program files\Windows Live
2009-02-18 15:53 --------- d-----w c:\documents and settings\Steven Scherrens\Application Data\U3
2009-02-12 17:41 --------- d-----w c:\documents and settings\All Users\Application Data\Skype
2009-02-12 17:25 --------- d-----w c:\documents and settings\Steven Scherrens\Application Data\skypePM
2009-02-11 15:57 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2009-02-06 18:46 325,128 ----a-w c:\windows\system32\drivers\avgldx86.sys
2009-02-06 18:46 107,272 ----a-w c:\windows\system32\drivers\avgtdix.sys
2009-01-24 15:20 --------- d-----w c:\documents and settings\All Users\Application Data\Electronic Arts
2009-01-22 18:16 --------- d-----w c:\documents and settings\All Users\Application Data\244E
2009-01-21 16:34 --------- d-----w c:\documents and settings\All Users\Application Data\73B9
2009-01-20 18:15 --------- d-----w c:\documents and settings\All Users\Application Data\272E
2009-01-19 17:33 --------- d-----w c:\documents and settings\All Users\Application Data\11217
2009-01-17 12:34 --------- d-----w c:\documents and settings\All Users\Application Data\D2AF
2009-01-15 17:21 --------- d-----w c:\documents and settings\All Users\Application Data\13DA
2009-01-12 16:45 --------- d-----w c:\program files\Google
2009-01-11 19:08 --------- d-----w c:\documents and settings\All Users\Application Data\2F3A9
2009-01-09 17:14 --------- d-----w c:\documents and settings\All Users\Application Data\2A213
2009-01-08 17:12 --------- d-----w c:\documents and settings\All Users\Application Data\33242
2009-01-03 13:42 --------- d-----w c:\documents and settings\All Users\Application Data\2090410918
2009-01-03 13:29 --------- d-----w c:\documents and settings\Steven Scherrens\Application Data\Malwarebytes
2009-01-03 13:29 --------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes
2009-01-03 11:43 --------- d-----w c:\program files\Trend Micro
2009-01-02 12:52 --------- d-----w c:\program files\Java
2009-01-02 11:31 --------- d-----w c:\documents and settings\All Users\Application Data\ECB
2008-12-31 10:37 --------- d-----w c:\documents and settings\All Users\Application Data\2C138
2008-12-30 16:56 --------- d-----w c:\documents and settings\All Users\Application Data\F38A
2008-12-30 10:37 --------- d-----w c:\documents and settings\All Users\Application Data\1D157
2008-12-28 18:39 --------- d-----w c:\documents and settings\All Users\Application Data\11F
2008-12-27 09:35 --------- d-----w c:\documents and settings\All Users\Application Data\101B5
2008-12-25 12:36 --------- d--h--w c:\program files\InstallShield Installation Information
2008-12-25 12:24 --------- d-----w c:\program files\EA GAMES
2008-12-25 10:31 --------- d-----w c:\documents and settings\All Users\Application Data\1C29F
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2007-08-23 455968]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-27 152872]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-10-07 68856]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2009-02-06 3885408]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"EA Core"="c:\program files\Electronic Arts\EADM\Core.exe" [2009-01-09 3321856]
"Steam"="c:\program files\Steam\Steam.exe" [2008-11-22 1410296]
"RGSC"="c:\program files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe" [2008-12-18 306088]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 204288]
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2008-12-03 1205760]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-03-24 13524992]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-03-24 86016]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
"SecurDisc"="c:\program files\Nero\Nero 7\InCD\NBHGui.exe" [2007-06-25 1629480]
"InCD"="c:\program files\Nero\Nero 7\InCD\InCD.exe" [2007-06-25 1057064]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-02-06 1601304]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-01-02 136600]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
"SigmatelSysTrayApp"="sttray.exe" [2008-02-01 c:\windows\sttray.exe]
"nwiz"="nwiz.exe" [2008-03-24 c:\windows\system32\nwiz.exe]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-04-11 c:\windows\KHALMNPR.Exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"FlashPlayerUpdate"="c:\windows\system32\Macromed\Flash\FlashUtil9f.exe" [2008-03-25 218496]
c:\documents and settings\Steven Scherrens\Menu Start\Programma's\Opstarten\
OneNote 2007 Schermopname en Snel starten.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2007-12-07 101440]
c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2008-07-09 692224]
Wireless Connection Manager.lnk - c:\program files\D-Link\D-Link DWA-111 Wireless G USB Adapter\wirelesscm.exe [2008-07-09 19357696]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-02-06 19:46 10520 c:\windows\system32\avgrsstx.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Steam\\SteamApps\\stefert1993\\counter-strike source\\hl2.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Electronic Arts\\EADM\\Core.exe"=
"c:\\Program Files\\Call of Duty\\CoDMP.exe"=
"c:\\Program Files\\Steam\\SteamApps\\stefert1993\\insurgency\\hl2.exe"=
"c:\\Program Files\\Rockstar Games\\Rockstar Games Social Club\\RGSCLauncher.exe"=
"c:\\Program Files\\iMesh Applications\\iMesh\\iMesh.exe"=
"c:\\Program Files\\EA GAMES\\Battlefield 2\\BF2.exe"=
"c:\\Program Files\\Rockstar Games\\Grand Theft Auto IV\\GTAIV.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-07-09 325128]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2008-07-09 107272]
R2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2008-07-11 903960]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2008-07-11 298264]
S3 aaudstum;aaudstum;\??\c:\docume~1\STEVEN~1\LOCALS~1\Temp\aaudstum.sys --> c:\docume~1\STEVEN~1\LOCALS~1\Temp\aaudstum.sys [?]
S3 ACSSCR;ACR38 Smart Card Reader;c:\windows\system32\drivers\a38usb.sys [2006-03-24 33536]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\MAGIX\Common\Database\bin\fbserver.exe [2008-07-26 1527900]
S3 UPnPService;UPnPService;c:\program files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe [2008-07-26 544768]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{08e5698b-4d33-11dd-b549-806d6172696f}]
\Shell\AutoRun\command - D:\Autorun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ddea745a-4f4e-11dd-b557-001cc056ac9f}]
\Shell\AutoRun\command - I:\LaunchU3.exe -a
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"c:\program files\Common Files\LightScribe\LSRunOnce.exe"
.
Inhoud van de 'Gedeelde Taken' map
2009-01-02 c:\windows\Tasks\At1.job
- c:\windows\system32\71AL3dmP.exe []
2009-01-02 c:\windows\Tasks\At10.job
- c:\windows\system32\71AL3dmP.exe []
2009-01-02 c:\windows\Tasks\At11.job
- c:\windows\system32\71AL3dmP.exe []
2009-02-22 c:\windows\Tasks\At12.job
- c:\windows\system32\71AL3dmP.exe []
2009-02-22 c:\windows\Tasks\At13.job
- c:\windows\system32\71AL3dmP.exe []
2009-02-22 c:\windows\Tasks\At14.job
- c:\windows\system32\71AL3dmP.exe []
2009-02-24 c:\windows\Tasks\At15.job
- c:\windows\system32\71AL3dmP.exe []
2009-02-24 c:\windows\Tasks\At16.job
- c:\windows\system32\71AL3dmP.exe []
2009-02-24 c:\windows\Tasks\At17.job
- c:\windows\system32\71AL3dmP.exe []
2009-02-24 c:\windows\Tasks\At18.job
- c:\windows\system32\71AL3dmP.exe []
2009-02-23 c:\windows\Tasks\At19.job
- c:\windows\system32\71AL3dmP.exe []
2009-01-02 c:\windows\Tasks\At2.job
- c:\windows\system32\71AL3dmP.exe []
2009-02-22 c:\windows\Tasks\At20.job
- c:\windows\system32\71AL3dmP.exe []
2009-02-20 c:\windows\Tasks\At21.job
- c:\windows\system32\71AL3dmP.exe []
2009-02-20 c:\windows\Tasks\At22.job
- c:\windows\system32\71AL3dmP.exe []
2009-02-16 c:\windows\Tasks\At23.job
- c:\windows\system32\71AL3dmP.exe []
2009-01-28 c:\windows\Tasks\At24.job
- c:\windows\system32\71AL3dmP.exe []
2009-01-02 c:\windows\Tasks\At25.job
- c:\windows\system32\71AL3dmP.exe []
2009-01-02 c:\windows\Tasks\At26.job
- c:\windows\system32\71AL3dmP.exe []
2009-01-02 c:\windows\Tasks\At27.job
- c:\windows\system32\71AL3dmP.exe []
2009-01-02 c:\windows\Tasks\At28.job
- c:\windows\system32\71AL3dmP.exe []
2009-01-02 c:\windows\Tasks\At29.job
- c:\windows\system32\71AL3dmP.exe []
2009-01-02 c:\windows\Tasks\At3.job
- c:\windows\system32\71AL3dmP.exe []
2009-01-02 c:\windows\Tasks\At30.job
- c:\windows\system32\71AL3dmP.exe []
2009-01-02 c:\windows\Tasks\At31.job
- c:\windows\system32\71AL3dmP.exe []
2009-01-02 c:\windows\Tasks\At32.job
- c:\windows\system32\71AL3dmP.exe []
2009-01-02 c:\windows\Tasks\At33.job
- c:\windows\system32\71AL3dmP.exe []
2009-01-02 c:\windows\Tasks\At34.job
- c:\windows\system32\71AL3dmP.exe []
2009-01-02 c:\windows\Tasks\At35.job
- c:\windows\system32\71AL3dmP.exe []
2009-02-22 c:\windows\Tasks\At36.job
- c:\windows\system32\71AL3dmP.exe []
2009-02-22 c:\windows\Tasks\At37.job
- c:\windows\system32\71AL3dmP.exe []
2009-02-22 c:\windows\Tasks\At38.job
- c:\windows\system32\71AL3dmP.exe []
2009-02-24 c:\windows\Tasks\At39.job
- c:\windows\system32\71AL3dmP.exe []
2009-01-02 c:\windows\Tasks\At4.job
- c:\windows\system32\71AL3dmP.exe []
2009-02-24 c:\windows\Tasks\At40.job
- c:\windows\system32\71AL3dmP.exe []
2009-02-24 c:\windows\Tasks\At41.job
- c:\windows\system32\71AL3dmP.exe []
2009-02-24 c:\windows\Tasks\At42.job
- c:\windows\system32\71AL3dmP.exe []
2009-02-24 c:\windows\Tasks\At43.job
- c:\windows\system32\71AL3dmP.exe []
2009-02-22 c:\windows\Tasks\At44.job
- c:\windows\system32\71AL3dmP.exe []
2009-02-20 c:\windows\Tasks\At45.job
- c:\windows\system32\71AL3dmP.exe []
2009-02-20 c:\windows\Tasks\At46.job
- c:\windows\system32\71AL3dmP.exe []
2009-02-16 c:\windows\Tasks\At47.job
- c:\windows\system32\71AL3dmP.exe []
2009-01-28 c:\windows\Tasks\At48.job
- c:\windows\system32\71AL3dmP.exe []
2009-01-02 c:\windows\Tasks\At5.job
- c:\windows\system32\71AL3dmP.exe []
2009-01-02 c:\windows\Tasks\At6.job
- c:\windows\system32\71AL3dmP.exe []
2009-01-02 c:\windows\Tasks\At7.job
- c:\windows\system32\71AL3dmP.exe []
2009-01-02 c:\windows\Tasks\At8.job
- c:\windows\system32\71AL3dmP.exe []
2009-01-02 c:\windows\Tasks\At9.job
- c:\windows\system32\71AL3dmP.exe []
.
.
------- Bijkomende Scan -------
.
uStart Page = hxxp://www.google.be/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mStart Page = hxxp://www.google.com
uInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-25 17:53:47
Windows 5.1.2600 Service Pack 3 NTFS
scannen van verborgen processen ...
scannen van verborgen autostart items ...
scannen van verborgen bestanden ...
Scan succesvol afgerond
verborgen bestanden: 0
**************************************************************************
.
--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------
[HKEY_USERS\S-1-5-21-292133596-1602540513-1142094642-1006\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:71,6d,64,e3,38,e4,24,e1,f2,cb,88,4a,46,40,03,f9,14,9d,90,2d,89,7d,b3,
ad,cc,4e,19,30,e4,35,d4,fc,f4,8e,5f,8d,fd,93,d0,32,5a,83,02,46,53,1b,04,d2,\
"??"=hex:26,1d,53,4c,c2,af,ac,5b,8a,b6,ba,0c,2c,fa,b3,09
[HKEY_USERS\S-1-5-21-292133596-1602540513-1142094642-1006\Software\SecuROM\License information*]
"datasecu"=hex:ca,6d,78,3f,76,f2,a4,f3,4e,79,f5,22,22,13,bc,69,84,42,53,64,a8,
66,4b,4d,4a,92,be,28,d0,0d,7c,ed,a2,15,6d,2c,52,b5,4c,c4,c9,cf,04,77,0d,94,\
"rkeysecu"=hex:2f,0f,d5,3e,02,2b,06,63,b1,0b,dd,b6,71,e2,54,98
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|ù•9~*]
"3140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
.
------------------------ Andere Aktieve Processen ------------------------
.
c:\windows\system32\scardsvr.exe
c:\program files\Nero\Nero 7\InCD\InCDsrv.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\nvsvc32.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\PnkBstrB.exe
c:\program files\SigmaTel\C-Major Audio\WDM\stacsv.exe
c:\program files\AVG\AVG8\avgrsx.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\AVG\AVG8\avgcsrvx.exe
c:\windows\system32\rundll32.exe
c:\program files\Common Files\Ahead\Lib\NMIndexingService.exe
c:\program files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
c:\program files\Common Files\Logitech\KhalShared\KHALMNPR.exe
c:\program files\PC Connectivity Solution\ServiceLayer.exe
c:\program files\PC Connectivity Solution\Transports\NclUSBSrv.exe
c:\program files\PC Connectivity Solution\Transports\NclRSSrv.exe
c:\windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
.
**************************************************************************
.
Voltooingstijd: 2009-02-25 17:55:42 - machine werd herstart
ComboFix-quarantined-files.txt 2009-02-25 16:55:39
Pre-Run: 183.201.984.512 bytes beschikbaar
Post-Run: 186,196,271,104 bytes beschikbaar
WindowsXP-KB310994-SP2-Home-BootDisk-NLD.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
349 --- E O F --- 2009-02-11 15:58:48
-
Die ik niet gedownload heb.
(Sorry maar ik heb zojuist mijn computer een keer opnieuw opgestart en wanneer het terug open ging dan kwam er weer WARNING: you have a security problem! ik denk dat het toch nog niet opgelost is. sorry)
-
Ik heb wel nog 1 probleempje. Er komen nu heel de tijd programma's op mijn scherm. Zoals antivirus ..., enz. Hoe krijg ik dit weg???
Anders is alles goed.
Dank U!!!!
Ik ben je heel dankbaar.
-
Hier is het logje.
Malwarebytes' Anti-Malware 1.34
Database versie: 1798
Windows 5.1.2600 Service Pack 3
24/02/2009 14:35:01
mbam-log-2009-02-24 (14-35-01).txt
Scan type: Snelle Scan
Objecten gescand: 73990
Verstreken tijd: 6 minute(s), 44 second(s)
Geheugenprocessen geïnfecteerd: 1
Geheugenmodulen geïnfecteerd: 0
Registersleutels geïnfecteerd: 2
Registerwaarden geïnfecteerd: 0
Registerdata bestanden geïnfecteerd: 2
Mappen geïnfecteerd: 6
Bestanden geïnfecteerd: 6
Geheugenprocessen geïnfecteerd:
C:\WINDOWS\system32\71AL3dmP.exe (Trojan.Dropper) -> Unloaded process successfully.
Geheugenmodulen geïnfecteerd:
(Geen kwaadaardige items gevonden)
Registersleutels geïnfecteerd:
HKEY_CURRENT_USER\SOFTWARE\Cognac (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\CrucialSoft Ltd (Rogue.MSantispyware2009) -> Quarantined and deleted successfully.
Registerwaarden geïnfecteerd:
(Geen kwaadaardige items gevonden)
Registerdata bestanden geïnfecteerd:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.Agent) -> Data: c:\windows\system32\userinit.exe -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.Agent) -> Data: system32\userinit.exe -> Quarantined and deleted successfully.
Mappen geïnfecteerd:
C:\Documents and Settings\All Users\Application Data\CrucialSoft Ltd (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\CrucialSoft Ltd\MS AntiSpyware 2009 (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\CrucialSoft Ltd\MS AntiSpyware 2009\BASE (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\CrucialSoft Ltd\MS AntiSpyware 2009\DELETED (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\CrucialSoft Ltd\MS AntiSpyware 2009\LOG (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\CrucialSoft Ltd\MS AntiSpyware 2009\SAVED (Rogue.Multiple) -> Quarantined and deleted successfully.
Bestanden geïnfecteerd:
C:\WINDOWS\system32\71AL3dmP.exe (Trojan.Dropper) -> Delete on reboot.
C:\Documents and Settings\Steven Scherrens\Local Settings\Temp\6157.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\CrucialSoft Ltd\MS AntiSpyware 2009\20090223163857468.log (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\CrucialSoft Ltd\MS AntiSpyware 2009\msas2009.exe (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\CrucialSoft Ltd\MS AntiSpyware 2009\LOG\20090223162115218.log (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\71AL3dmP.exe.a_a (Trojan.Agent) -> Quarantined and deleted successfully.
Logje HijackThis
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:44:36, on 24/02/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\userinit.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\STacSV.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\sttray.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe
C:\Program Files\Nero\Nero 7\InCD\InCD.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Steam\Steam.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\D-Link\D-Link DWA-111 Wireless G USB Adapter\wirelesscm.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
C:\Program Files\Nokia\Nokia PC Suite 7\PcSync2.exe
C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Program Files\Common Files\Nokia\MPAPI\MPAPI3s.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Click-to-Call BHO - {5C255C8A-E604-49b4-9D64-90988571CECB} - C:\Program Files\Windows Live\Messenger\wlchtc.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [sigmatelSysTrayApp] sttray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [securDisc] C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe
O4 - HKLM\..\Run: [inCD] C:\Program Files\Nero\Nero 7\InCD\InCD.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Netlog 24] "C:\Program Files\Netlog 24\Notifier\Netlog24Notifier.exe"
O4 - HKCU\..\Run: [EA Core] "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent
O4 - HKCU\..\Run: [steam] "C:\Program Files\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [RGSC] C:\Program Files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe /silent
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
O4 - HKUS\S-1-5-18\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil9f.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil9f.exe (User 'Default user')
O4 - Startup: OneNote 2007 Schermopname en Snel starten.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Wireless Connection Manager.lnk = ?
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: In weblog opnemen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &In weblog opnemen met Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://3dlifeplayer.dl.3dvia.com/player/install/3DVIA_player_installer.exe
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Program Files\SigmaTel\C-Major Audio\WDM\STacSV.exe
O23 - Service: UPnPService - Magix AG - C:\Program Files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe
--
End of file - 11152 bytes
-
Hallo,
Het is toch nog niet van mijn computer sorry. Hier heb je een logje.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:21:33, on 24/02/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\userinit.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\STacSV.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\sttray.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe
C:\Program Files\Nero\Nero 7\InCD\InCD.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Steam\Steam.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\D-Link\D-Link DWA-111 Wireless G USB Adapter\wirelesscm.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
C:\Program Files\Microsoft Office\Office12\POWERPNT.EXE
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Click-to-Call BHO - {5C255C8A-E604-49b4-9D64-90988571CECB} - C:\Program Files\Windows Live\Messenger\wlchtc.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [sigmatelSysTrayApp] sttray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [securDisc] C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe
O4 - HKLM\..\Run: [inCD] C:\Program Files\Nero\Nero 7\InCD\InCD.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Netlog 24] "C:\Program Files\Netlog 24\Notifier\Netlog24Notifier.exe"
O4 - HKCU\..\Run: [EA Core] "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent
O4 - HKCU\..\Run: [steam] "C:\Program Files\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [RGSC] C:\Program Files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe /silent
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [Cognac] C:\DOCUME~1\STEVEN~1\LOCALS~1\Temp\5301.exe
O4 - HKCU\..\RunOnce: [PCSuite.exe] C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe -onlytray -install -startgcw
O4 - HKCU\..\RunOnce: [PcSync2.exe] C:\Program Files\Nokia\Nokia PC Suite 7\PcSync2.exe /NoDialog
O4 - Startup: OneNote 2007 Schermopname en Snel starten.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Wireless Connection Manager.lnk = ?
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: In weblog opnemen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &In weblog opnemen met Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files\PokerStars.NET\PokerStarsUpdate.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://3dlifeplayer.dl.3dvia.com/player/install/3DVIA_player_installer.exe
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Keenfinder Service - Unknown owner - C:\Program Files\Keenfinder\keenfinder.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Program Files\SigmaTel\C-Major Audio\WDM\STacSV.exe
O23 - Service: UPnPService - Magix AG - C:\Program Files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe
--
End of file - 11047 bytes
Hopelijk kun je het zo rap mogelijk oplossen.
Dank u!
-
Hallo, bedankt voor jouw hulp. Maar ik denk dat het al van mijn computer is.
Toch bedankt
-
Hallo,
Ik heb een klein probleempje. Ik deed mijn computer open. En opeens verschijnt er heel de tijd WARNING: You have a security problem!
Ik weet niet hoe ik dit iritante melding kan weg krijgen. Hopelijk kunnen jullie mij helpen.
Grtz
-
Het is weg
Merci!
-
Hier zijn de logje
1. MBAM
Malwarebytes' Anti-Malware 1.31
Database versie: 1602
Windows 5.1.2600 Service Pack 3
3/01/2009 14:42:08
mbam-log-2009-01-03 (14-42-08).txt
Scan type: Snelle Scan
Objecten gescand: 60594
Verstreken tijd: 11 minute(s), 3 second(s)
Geheugenprocessen geïnfecteerd: 1
Geheugenmodulen geïnfecteerd: 0
Registersleutels geïnfecteerd: 5
Registerwaarden geïnfecteerd: 1
Registerdata bestanden geïnfecteerd: 0
Mappen geïnfecteerd: 1
Bestanden geïnfecteerd: 10
Geheugenprocessen geïnfecteerd:
C:\Documents and Settings\All Users\Application Data\2090410918\948614148.exe (Rogue.SystemSecurity) -> Unloaded process successfully.
Geheugenmodulen geïnfecteerd:
(Geen kwaadaardige items gevonden)
Registersleutels geïnfecteerd:
HKEY_CLASSES_ROOT\xml.xml (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\xml.xml.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{5d2631e5-8696-7543-50b2-f674cd4308eb} (Trojan.Fakealert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{500bca15-57a7-4eaf-8143-8c619470b13d} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\MSFox (Trojan.Agent) -> Quarantined and deleted successfully.
Registerwaarden geïnfecteerd:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\948614148 (Rogue.SystemSecurity) -> Quarantined and deleted successfully.
Registerdata bestanden geïnfecteerd:
(Geen kwaadaardige items gevonden)
Mappen geïnfecteerd:
C:\Program Files\PCHealthCenter (Trojan.Fakealert) -> Quarantined and deleted successfully.
Bestanden geïnfecteerd:
C:\Documents and Settings\All Users\Application Data\2090410918\948614148.exe (Rogue.SystemSecurity) -> Quarantined and deleted successfully.
C:\Documents and Settings\Steven Scherrens\Local Settings\Temp\~tmpc.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Steven Scherrens\Local Settings\Temp\~tmpd.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Steven Scherrens\Local Settings\Temp\~tmpg.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Program Files\PCHealthCenter\1.ico (Trojan.Fakealert) -> Quarantined and deleted successfully.
C:\Program Files\PCHealthCenter\2.gif (Trojan.Fakealert) -> Quarantined and deleted successfully.
C:\Program Files\PCHealthCenter\2.ico (Trojan.Fakealert) -> Quarantined and deleted successfully.
C:\Program Files\PCHealthCenter\3.gif (Trojan.Fakealert) -> Quarantined and deleted successfully.
C:\Program Files\PCHealthCenter\Thumbs.db (Trojan.Fakealert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\71AL3dmP.exe.a_a (Trojan.Agent) -> Quarantined and deleted successfully.
2. HIJACHTHIS
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:46:04, on 3/01/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\sttray.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Nero\Nero 7\InCD\InCD.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Netlog 24\Notifier\Netlog24Notifier.exe
C:\Program Files\Nokia\Nokia PC Suite 7\PCSync2.exe
C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Electronic Arts\EADM\Core.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Steam\Steam.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\STacSV.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\D-Link\D-Link DWA-111 Wireless G USB Adapter\wirelesscm.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE
C:\Program Files\Common Files\Nokia\MPAPI\MPAPI3s.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Rockstar Games\Rockstar Games Social Club\1_1_3_0\RGSC.exe
C:\Program Files\Rockstar Games\Grand Theft Auto IV\LaunchGTAIV.exe
C:\Program Files\Rockstar Games\Grand Theft Auto IV\GTAIV.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Click-to-Call BHO - {5C255C8A-E604-49b4-9D64-90988571CECB} - C:\Program Files\Windows Live\Messenger\wlchtc.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [sigmatelSysTrayApp] sttray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [securDisc] C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe
O4 - HKLM\..\Run: [inCD] C:\Program Files\Nero\Nero 7\InCD\InCD.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Netlog 24] "C:\Program Files\Netlog 24\Notifier\Netlog24Notifier.exe"
O4 - HKCU\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSync2.exe" /NoDialog
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [EA Core] C:\Program Files\Electronic Arts\EADM\Core.exe -silent
O4 - HKCU\..\Run: [steam] "C:\Program Files\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [RGSC] C:\Program Files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe /silent
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Wireless Connection Manager.lnk = ?
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: In weblog opnemen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &In weblog opnemen met Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://3dlifeplayer.dl.3dvia.com/player/install/3DVIA_player_installer.exe
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Mobiel Apple apparaat (Apple Mobile Device) - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Program Files\SigmaTel\C-Major Audio\WDM\STacSV.exe
O23 - Service: UPnPService - Magix AG - C:\Program Files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe
--
End of file - 11857 bytes
Is het erg als MBAM
niet gevraagd heeft om de computer herop te starten??
-
Hallo,
Ik heb vandaag ineens een heel irritant programma op mijn PC, System Security. Hoe krijg ik dit weer van mijn PC? Ik heb alvast Hijachthis gedownload. En dit is mijn logje.
Hopelijk kunnen jullie mij helpen? Alvast bedankt!
Steven
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:49:53, on 3/01/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\sttray.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Nero\Nero 7\InCD\InCD.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Documents and Settings\All Users\Application Data\2090410918\948614148.exe
C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Netlog 24\Notifier\Netlog24Notifier.exe
C:\Program Files\Nokia\Nokia PC Suite 7\PCSync2.exe
C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Electronic Arts\EADM\Core.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Steam\Steam.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\STacSV.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\D-Link\D-Link DWA-111 Wireless G USB Adapter\wirelesscm.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE
C:\Program Files\Common Files\Nokia\MPAPI\MPAPI3s.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: XML module - {500BCA15-57A7-4eaf-8143-8C619470B13D} - C:\WINDOWS\system32\msxml71.dll (file missing)
O2 - BHO: Click-to-Call BHO - {5C255C8A-E604-49b4-9D64-90988571CECB} - C:\Program Files\Windows Live\Messenger\wlchtc.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [sigmatelSysTrayApp] sttray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [securDisc] C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe
O4 - HKLM\..\Run: [inCD] C:\Program Files\Nero\Nero 7\InCD\InCD.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [948614148] "C:\Documents and Settings\All Users\Application Data\2090410918\948614148.exe"
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Netlog 24] "C:\Program Files\Netlog 24\Notifier\Netlog24Notifier.exe"
O4 - HKCU\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSync2.exe" /NoDialog
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [EA Core] C:\Program Files\Electronic Arts\EADM\Core.exe -silent
O4 - HKCU\..\Run: [steam] "C:\Program Files\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [RGSC] C:\Program Files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe /silent
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [Cognac] C:\DOCUME~1\STEVEN~1\LOCALS~1\Temp\~tmpb.exe
O4 - HKCU\..\Run: [MSFox] C:\DOCUME~1\STEVEN~1\LOCALS~1\Temp\yyy10579.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Wireless Connection Manager.lnk = ?
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: In weblog opnemen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &In weblog opnemen met Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://3dlifeplayer.dl.3dvia.com/player/install/3DVIA_player_installer.exe
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Mobiel Apple apparaat (Apple Mobile Device) - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Program Files\SigmaTel\C-Major Audio\WDM\STacSV.exe
O23 - Service: UPnPService - Magix AG - C:\Program Files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe
O24 - Desktop Component 0: (no name) - file:///C:/DOCUME~1/STEVEN~1/LOCALS~1/Temp/msohtml1/01/clip_image001.jpg
O24 - Desktop Component 1: (no name) - file:///C:/DOCUME~1/STEVEN~1/LOCALS~1/Temp/msohtml1/01/clip_image002.jpg
O24 - Desktop Component 2: (no name) - file:///C:/DOCUME~1/STEVEN~1/LOCALS~1/Temp/msohtmlclip1/01/clip_image002.jpg
O24 - Desktop Component 3: (no name) - file:///C:/DOCUME~1/STEVEN~1/LOCALS~1/Temp/msohtmlclip1/01/clip_image001.jpg
O24 - Desktop Component 4: (no name) - http://nl.netlogstatic.com/p/tt/043/352/43352616.jpg
--
End of file - 12691 bytes
Mijn pc werkt traag.
in Archief Windows Algemeen
Geplaatst:
Hieronder vindt u de log dat u gevraagd hebt.
ComboFix 09-07-28.04 - Steven 29/07/2009 15:29.1.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.31.1043.18.255.115 [GMT 2:00]
Gestart vanuit: c:\documents and settings\Steven\Bureaublad\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\program files\FunWebProducts
c:\program files\FunWebProducts\Installr\1.bin\F3EZSETP.DLL
c:\program files\FunWebProducts\Installr\Cache\000B8C6B.exe
c:\program files\FunWebProducts\Installr\Cache\files.ini
c:\program files\HbTools
c:\program files\HbTools\HbTools.log
c:\program files\Need2Find
c:\program files\Need2Find\bar\1.bin\N2FFXTBR.JAR
c:\program files\Need2Find\bar\1.bin\N2NTSTBR.JAR
c:\program files\Need2Find\bar\1.bin\PARTNER.DAT
c:\program files\Need2Find\bar\Cache\0060A390
c:\program files\Need2Find\bar\Cache\files.ini
c:\program files\Need2Find\bar\History\search
c:\program files\Need2Find\bar\Settings\prevcfg.htm
c:\program files\zango
c:\windows\smdat32a.sys
c:\windows\smdat32m.sys
c:\windows\system32\mdm.exe
.
(((((((((((((((((((( Bestanden Gemaakt van 2009-06-28 to 2009-07-29 ))))))))))))))))))))))))))))))
.
2009-07-18 13:08 . 2009-07-02 12:47 327688 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgldx86.sys
2009-07-18 13:08 . 2009-07-02 12:47 2052376 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgcorex.dll
2009-07-18 13:08 . 2009-07-02 12:47 906520 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgemc.exe
2009-07-18 13:08 . 2009-07-02 12:47 2167576 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgresf.dll
2009-07-18 13:08 . 2009-07-02 12:47 2301208 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avguiadv.dll
2009-07-18 13:07 . 2009-07-02 12:47 3402008 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgui.exe
2009-07-18 13:07 . 2009-07-02 12:47 1204504 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgabout.dll
2009-07-18 13:07 . 2009-07-02 12:47 353048 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgxch32.dll
2009-07-18 13:07 . 2009-07-02 12:46 337176 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avglogx.dll
2009-07-18 13:07 . 2009-07-02 12:46 829208 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgcfgx.dll
2009-07-18 13:07 . 2009-07-02 12:46 3298072 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\setup.exe
2009-07-18 13:02 . 2009-07-02 12:45 1085208 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgupd.exe
2009-07-18 13:02 . 2009-07-02 12:45 1454360 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgupd.dll
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-29 11:52 . 2007-12-06 18:59 -------- d-----w- c:\documents and settings\Steven\Application Data\U3
2009-07-22 16:15 . 2009-06-14 09:28 -------- d-----w- c:\program files\Microsoft Silverlight
2009-07-18 13:04 . 2008-07-09 13:56 335752 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-07-02 12:47 . 2008-07-09 13:56 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-07-02 12:47 . 2008-07-09 13:56 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-06-16 14:55 . 2003-04-08 12:00 82432 ----a-w- c:\windows\system32\fontsub.dll
2009-06-16 14:55 . 2003-04-08 12:00 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-03 19:27 . 2003-04-08 12:00 1294848 ----a-w- c:\windows\system32\quartz.dll
2009-05-08 19:06 . 2008-07-09 13:56 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-05-07 15:44 . 2003-04-08 12:00 345600 ----a-w- c:\windows\system32\localspl.dll
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208]
"Picasa Media Detector"="c:\program files\Picasa2\PicasaMediaDetector.exe" [2008-08-21 443968]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"zBrowser Launcher"="c:\program files\Logitech\iTouch\iTouch.exe" [2002-11-23 631362]
"AdaptecDirectCD"="c:\program files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe" [2005-02-16 684032]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd.exe" [2003-06-25 49152]
"HPpromo psc 2400 series"="c:\program files\HP\Digital Imaging\Promotions\HPpromo.exe" [2003-10-09 126976]
"Creative WebCam Tray"="c:\program files\Creative\Shared Files\CamTray.exe" [2003-06-26 184320]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-28 136600]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-06-29 286720]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-07-02 1948440]
"SoundMan"="SOUNDMAN.EXE" - c:\windows\SOUNDMAN.EXE [2003-06-10 55296]
"Realtime Audio Engine"="mmrtkrnl.exe" - c:\windows\system32\mmrtkrnl.exe [2007-07-18 70144]
c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2003-7-7 233472]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-07-02 12:47 11952 ----a-w- c:\windows\system32\avgrsstx.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\EA GAMES\\Battlefield Vietnam\\bfvietnam.exe"=
"c:\\Program Files\\Illusion Softworks\\Hidden & Dangerous 2\\hd2.exe"=
"c:\\WINDOWS\\system32\\dpnsvr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\StubInstaller.exe"=
"c:\\Program Files\\Windows Media Player\\wmplayer.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
R3 cdiskdun;cdiskdun;c:\docume~1\STEFKE~1\LOCALS~1\Temp\cdiskdun.sys [x]
R3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\MAGIX\Common\Database\bin\fbserver.exe [2005-11-17 1527900]
R3 UPnPService;UPnPService;c:\program files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe [2006-12-14 544768]
S1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\System32\Drivers\avgldx86.sys [2009-07-18 335752]
S1 AvgTdiX;AVG8 Network Redirector;c:\windows\System32\Drivers\avgtdix.sys [2009-05-08 108552]
S2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2009-07-18 907032]
S2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-07-02 298776]
S2 LF30FS;LF30FS;c:\program files\Everstrike Software\Lock Folder XP 3.5\LF30XP.sys [2004-11-19 101488]
.
Inhoud van de 'Gedeelde Taken' map
2009-07-18 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-06-03 11:42]
.
- - - - ORPHANS VERWIJDERD - - - -
BHO-{6F13F0A2-7197-50FB-6031-67289FFF20E4} - c:\docume~1\ronny\APPLIC~1\LITENU~1\Browse Kind.exe
HKCU-Run-ares - c:\program files\Ares\Ares.exe
HKCU-Run-Skype - c:\program files\Skype\Phone\Skype.exe
HKLM-Run-SS1HelperStartUp - c:\progra~1\SEASID~1\SS1HEL~1.EXE
HKLM-Run-DXDllRegExe - dxdllreg.exe
HKLM-Run-LFAgent - (no file)
.
------- Bijkomende Scan -------
.
uStart Page = hxxp://www.google.be/
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &Search - Search
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2009-07-29 15:48
Windows 5.1.2600 Service Pack 2 NTFS
scannen van verborgen processen ...
scannen van verborgen autostart items ...
scannen van verborgen bestanden ...
Scan succesvol afgerond
verborgen bestanden: 0
**************************************************************************
.
Voltooingstijd: 2009-07-29 15:54
ComboFix-quarantined-files.txt 2009-07-29 13:54
Pre-Run: 54.813.212.672 bytes beschikbaar
Post-Run: 62.876.811.264 bytes beschikbaar
WindowsXP-KB310994-SP2-Home-BootDisk-NLD.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn
146 --- E O F --- 2009-07-22 10:02