Ga naar inhoud

GerdadH

Lid
 Bekijk profiel  Bekijk hun activiteit

  • Items

    12

  • Registratiedatum

  • Laatst bezocht

Over GerdadH

  • Verjaardag 19-03-1959

GerdadH's prestaties

Groentje

Groentje (2/14)

  • Eerste post
  • Actief
  • Gespreksstarter
  • Week één klaar
  • Een maand later

Recente badges

0

Reputatie

  1. GerdadH
    Ben er zojuist weer uitgegooid in het blauwe scherm stond onder meer: STOP:0x00000005, 0xF8503ABA, 0xBODBCAE4, 0x00000000 (NB alle eerste 0's kunnen ook O's zijn) fltmgr.sys-adress F8503ABA base at F84FE000 Datestamp 480251da
  2. GerdadH
    En bij het opstarten krijg ik meldingen van virusscannen bij toegang, over bufferloop in Windows\Explorer.EXE.KERNEL32CreateProcessA (in allerlei varianten). En dat ze nu geblokkeerd zijn door bufferoverloop. Maar die mededeling blijft steeds opnieuw op puppen. Ik ben er dus meerdere keren uitgegooid, waarbij je een blauw scherm krijgt met witte letters, waarop gewaarschuwd wordt dat je opnieuw op moet starten als dit de eerste keer is dat je die melding krijgt, en bij volgende keren technische steun moet vragen. Maar dat valt niet te printen of kopièren
  3. GerdadH
    Ik stuur ze stukje bij beetje, want ik heb al een paar keer gehad, dat ik een heleboel had opgeschreven en dat windows werd afgesloten; Dan krijg ik de volgende mededeling: Computer is hersteld van een ernstige fout in microsoft windows (was ook afgesloten bij vorige poging op te starten. En dit is de inhoud van foutenrapport dat voor microsoft is opgesteld: C:\DOCUME~1\GERDAD~1\LOCALS~1\Temp\WERca0e.dir00\Mini011409-01.dmp C:\DOCUME~1\GERDAD~1\LOCALS~1\Temp\WERca0e.dir00\sysdata.xml
  4. GerdadH
    help allerlei dingen die ik opstuur lijken niet aan te komen. Na vorige noodkreet nog 1 x combofix gedaan. hier log ComboFix 09-01-13.04 - Gerda den Hollander 2009-01-14 16:29:27.4 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.31.1043.18.511.209 [GMT 1:00] Gestart vanuit: c:\documents and settings\Gerda den Hollander\Bureaublad\ComboFix.exe AV: McAfee VirusScan Enterprise *On-access scanning disabled* (Outdated) * Resident AV is active . (((((((((((((((((((( Bestanden Gemaakt van 2008-12-14 to 2009-01-14 )))))))))))))))))))))))))))))) . 2009-01-14 12:43 . 2009-01-14 12:43 <DIR> dr-h----- c:\documents and settings\Gerda den Hollander\Onlangs geopend 2009-01-14 12:34 . 2009-01-14 12:34 <DIR> d-------- c:\program files\CCleaner 2009-01-13 13:20 . 2009-01-13 13:20 <DIR> d-------- c:\documents and settings\Gerda den Hollander\Application Data\Malwarebytes 2009-01-13 13:19 . 2009-01-13 13:20 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware 2009-01-13 13:19 . 2009-01-13 13:19 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes 2009-01-13 13:19 . 2009-01-04 18:38 38,496 --a------ c:\windows\SYSTEM32\DRIVERS\mbamswissarmy.sys 2009-01-13 13:19 . 2009-01-04 18:38 15,504 --a------ c:\windows\SYSTEM32\DRIVERS\mbam.sys 2009-01-13 12:12 . 2009-01-14 11:53 <DIR> d-------- c:\program files\Spyware Doctor 2009-01-13 12:12 . 2009-01-13 12:12 <DIR> d-------- c:\documents and settings\Gerda den Hollander\Application Data\PC Tools 2009-01-13 12:12 . 2009-01-14 16:14 <DIR> d-a------ c:\documents and settings\All Users\Application Data\TEMP 2009-01-13 12:12 . 2008-08-25 12:36 81,288 --a------ c:\windows\SYSTEM32\DRIVERS\iksyssec.sys 2009-01-13 12:12 . 2008-08-25 12:36 66,952 --a------ c:\windows\SYSTEM32\DRIVERS\iksysflt.sys 2009-01-13 12:12 . 2008-08-25 12:36 40,840 --a------ c:\windows\SYSTEM32\DRIVERS\ikfilesec.sys 2009-01-13 12:12 . 2008-06-02 16:19 29,576 --a------ c:\windows\SYSTEM32\DRIVERS\kcom.sys 2009-01-05 23:22 . 2009-01-08 21:42 <DIR> d-------- c:\program files\Fighters 2009-01-05 23:22 . 2009-01-05 23:22 <DIR> d-------- c:\documents and settings\All Users\Application Data\Fighters 2009-01-05 23:10 . 2009-01-05 23:10 <DIR> d-------- c:\program files\Trend Micro 2008-12-17 10:49 . 2008-12-17 10:48 410,984 --a------ c:\windows\SYSTEM32\deploytk.dll . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-01-14 15:14 --------- d-----w c:\program files\SPAMfighter 2009-01-13 23:21 --------- d-----w c:\program files\Google 2009-01-08 20:42 --------- d-----w c:\program files\Common Files\Symantec Shared 2009-01-05 22:15 12,288 ----a-w c:\program files\hijackthis logboek.txt 2008-12-17 09:48 --------- d-----w c:\program files\Java 2008-12-12 17:03 3,088,896 ------w c:\windows\SYSTEM32\DLLCACHE\mshtml.dll 2008-12-11 10:57 333,952 ----a-w c:\windows\system32\drivers\srv.sys 2008-12-11 10:57 333,952 ------w c:\windows\SYSTEM32\DLLCACHE\srv.sys 2008-12-09 20:28 --------- d-----w c:\program files\Ricochet 2008-12-01 11:40 --------- d-----w c:\documents and settings\Gerda den Hollander\Application Data\Apple Computer 2008-12-01 08:47 --------- d-----w c:\program files\iTunes 2008-12-01 08:47 --------- d-----w c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6} 2008-12-01 08:46 --------- d-----w c:\program files\iPod 2008-12-01 08:46 --------- d-----w c:\program files\Common Files\Apple 2008-12-01 08:42 --------- d-----w c:\program files\QuickTime 2008-12-01 08:29 --------- d-----w c:\program files\Safari 2008-11-30 12:11 --------- d-----w c:\program files\Adobe Media Player 2008-11-30 12:10 --------- d-----w c:\program files\Common Files\Adobe AIR 2008-11-18 10:01 15,496 ----a-w c:\windows\system32\drivers\vffilter.sys 2008-11-16 12:20 --------- d-----w c:\documents and settings\Gerda den Hollander\Application Data\MSN6 2008-10-24 11:21 455,296 ------w c:\windows\SYSTEM32\DLLCACHE\mrxsmb.sys 2008-10-23 12:43 286,720 ----a-w c:\windows\SYSTEM32\gdi32.dll 2008-10-23 12:43 286,720 ------w c:\windows\SYSTEM32\DLLCACHE\gdi32.dll 2008-10-16 13:13 202,776 ----a-w c:\windows\SYSTEM32\wuweb.dll 2008-10-16 13:13 202,776 ----a-w c:\windows\SYSTEM32\DLLCACHE\wuweb.dll 2008-10-16 13:13 1,809,944 ----a-w c:\windows\SYSTEM32\wuaueng.dll 2008-10-16 13:13 1,809,944 ----a-w c:\windows\SYSTEM32\DLLCACHE\wuaueng.dll 2008-10-16 13:12 561,688 ----a-w c:\windows\SYSTEM32\wuapi.dll 2008-10-16 13:12 561,688 ----a-w c:\windows\SYSTEM32\DLLCACHE\wuapi.dll 2008-10-16 13:12 323,608 ----a-w c:\windows\SYSTEM32\wucltui.dll 2008-10-16 13:12 323,608 ----a-w c:\windows\SYSTEM32\DLLCACHE\wucltui.dll 2008-10-16 13:09 92,696 ----a-w c:\windows\SYSTEM32\DLLCACHE\cdm.dll 2008-10-16 13:09 92,696 ----a-w c:\windows\SYSTEM32\cdm.dll 2008-10-16 13:09 51,224 ----a-w c:\windows\SYSTEM32\wuauclt.exe 2008-10-16 13:09 51,224 ----a-w c:\windows\SYSTEM32\DLLCACHE\wuauclt.exe 2008-10-16 13:09 43,544 ----a-w c:\windows\SYSTEM32\wups2.dll 2008-10-16 13:08 34,328 ----a-w c:\windows\SYSTEM32\wups.dll 2008-10-16 13:08 34,328 ----a-w c:\windows\SYSTEM32\DLLCACHE\wups.dll 2008-10-16 13:06 268,648 ----a-w c:\windows\SYSTEM32\mucltui.dll 2008-10-16 13:06 208,744 ----a-w c:\windows\SYSTEM32\muweb.dll 2008-10-16 01:02 669,184 ----a-w c:\windows\SYSTEM32\wininet.dll 2008-10-16 01:02 669,184 ------w c:\windows\SYSTEM32\DLLCACHE\wininet.dll 2008-10-16 01:02 620,032 ------w c:\windows\SYSTEM32\DLLCACHE\urlmon.dll 2008-10-16 01:02 1,499,136 ------w c:\windows\SYSTEM32\DLLCACHE\shdocvw.dll 2008-10-15 16:37 337,408 ------w c:\windows\SYSTEM32\DLLCACHE\netapi32.dll 2008-04-17 19:54 32,768 ----a-w c:\documents and settings\Gerda den Hollander\WebVpnRegKey6-pintix-rnw-nl.dll 2005-09-25 15:16 0 ---ha-w c:\documents and settings\Gerda den Hollander\Application Data\hpothb07.dat . ((((((((((((((((((((((((((((( snapshot@2009-01-13_23.50.50,90 ))))))))))))))))))))))))))))))))))))))))) . - 2008-12-10 20:37:06 12,288 ----a-r c:\windows\Installer\{91130413-6000-11D3-8CFE-0150048383C9}\cagicon.exe + 2009-01-14 12:01:20 12,288 ----a-r c:\windows\Installer\{91130413-6000-11D3-8CFE-0150048383C9}\cagicon.exe - 2008-12-10 20:37:06 135,168 ----a-r c:\windows\Installer\{91130413-6000-11D3-8CFE-0150048383C9}\misc.exe + 2009-01-14 12:01:20 135,168 ----a-r c:\windows\Installer\{91130413-6000-11D3-8CFE-0150048383C9}\misc.exe - 2008-12-10 20:37:06 11,264 ----a-r c:\windows\Installer\{91130413-6000-11D3-8CFE-0150048383C9}\mspicons.exe + 2009-01-14 12:01:21 11,264 ----a-r c:\windows\Installer\{91130413-6000-11D3-8CFE-0150048383C9}\mspicons.exe - 2008-12-10 20:37:06 27,136 ----a-r c:\windows\Installer\{91130413-6000-11D3-8CFE-0150048383C9}\oisicon.exe + 2009-01-14 12:01:21 27,136 ----a-r c:\windows\Installer\{91130413-6000-11D3-8CFE-0150048383C9}\oisicon.exe - 2008-12-10 20:37:06 4,096 ----a-r c:\windows\Installer\{91130413-6000-11D3-8CFE-0150048383C9}\opwicon.exe + 2009-01-14 12:01:22 4,096 ----a-r c:\windows\Installer\{91130413-6000-11D3-8CFE-0150048383C9}\opwicon.exe - 2008-12-10 20:37:06 794,624 ----a-r c:\windows\Installer\{91130413-6000-11D3-8CFE-0150048383C9}\outicon.exe + 2009-01-14 12:01:22 794,624 ----a-r c:\windows\Installer\{91130413-6000-11D3-8CFE-0150048383C9}\outicon.exe - 2008-12-10 20:37:06 23,040 ----a-r c:\windows\Installer\{91130413-6000-11D3-8CFE-0150048383C9}\unbndico.exe + 2009-01-14 12:01:23 23,040 ----a-r c:\windows\Installer\{91130413-6000-11D3-8CFE-0150048383C9}\unbndico.exe - 2008-12-10 20:37:06 286,720 ----a-r c:\windows\Installer\{91130413-6000-11D3-8CFE-0150048383C9}\wordicon.exe + 2009-01-14 12:01:19 286,720 ----a-r c:\windows\Installer\{91130413-6000-11D3-8CFE-0150048383C9}\wordicon.exe - 2008-12-10 20:37:06 409,600 ----a-r c:\windows\Installer\{91130413-6000-11D3-8CFE-0150048383C9}\xlicons.exe + 2009-01-14 12:01:19 409,600 ----a-r c:\windows\Installer\{91130413-6000-11D3-8CFE-0150048383C9}\xlicons.exe - 2008-12-09 23:24:37 17,593,280 ----a-w c:\windows\SYSTEM32\MRT.exe + 2009-01-10 01:35:28 20,853,704 ----a-w c:\windows\SYSTEM32\MRT.exe + 2009-01-14 13:33:28 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_71c.dat . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] "TomTomHOME.exe"="c:\program files\TomTom HOME 2\HOMERunner.exe" [2008-11-25 234856] "MsnMsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2003-08-24 335872] "diagent"="c:\program files\Creative\SBLive\Diagnostics\diagent.exe" [2002-04-03 135264] "UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112] "dla"="c:\windows\system32\dla\tfswctrl.exe" [2003-08-06 114741] "StorageGuard"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-02-13 155648] "PCMService"="c:\program files\Dell\Media Experience\PCMService.exe" [2003-08-26 204800] "DVDSentry"="c:\windows\System32\DSentry.exe" [2003-08-13 28672] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-17 136600] "McAfeeUpdaterUI"="c:\program files\McAfee\Common Framework\UdaterUI.exe" [2006-12-19 136768] "ShStatEXE"="c:\program files\McAfee\VirusScan Enterprise\SHSTAT.EXE" [2007-02-22 112216] "SPAMfighter Agent"="c:\program files\SPAMfighter\SFAgent.exe" [2008-07-29 321672] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672] "AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-11-07 111936] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-11-04 413696] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088] "spywarefighterguard"="c:\program files\Fighters\spywarefighter\SpywarefighterUser.exe" [2008-11-18 180872] "ISTray"="c:\program files\Spyware Doctor\pctsTray.exe" [2008-08-25 1168264] "ATIModeChange"="Ati2mdxx.exe" [2001-09-04 c:\windows\SYSTEM32\Ati2mdxx.exe] "PD0630 STISvc"="P0630Pin.dll" [2005-06-05 c:\windows\SYSTEM32\P0630Pin.dll] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "RunNarrator"="Narrator.exe" [2008-04-14 c:\windows\SYSTEM32\narrator.exe] c:\documents and settings\Gerda den Hollander\Menu Start\Programma's\Opstarten\ Mediacontrole Cyber-shot Viewer.lnk - c:\program files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe [2007-08-11 155648] c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\ hpoddt01.exe.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [2004-06-16 28672] officejet 6100.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hposol08.exe [2004-06-16 147456] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "msacm.ctmp3"= c:\windows\System32\ctmp3.acm [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\SightSpeed\\SightSpeed.exe"= "c:\\Program Files\\McAfee\\Common Framework\\FrameworkService.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= R3 Vfscan;Vfscan;c:\windows\SYSTEM32\DRIVERS\vffilter.sys [2008-11-18 15496] R3 wlags51b;Agere Wireless USB Driver;c:\windows\SYSTEM32\DRIVERS\WLAGS51B.sys [2004-11-07 178688] R4 PTK License-FIGHTERS-297811811;PTK License-FIGHTERS-297811811;c:\program files\Fighters\LicenseService.exe [2008-11-18 283272] R4 PTK Live Update-FIGHTERS-297811811;PTK Live Update-FIGHTERS-297811811;c:\program files\Fighters\UpdateService.exe [2008-11-18 307848] R4 PTK Scanner-FIGHTERS-297811811;PTK Scanner-FIGHTERS-297811811;c:\program files\Fighters\ScannerService.exe [2008-11-18 311944] R4 PTK SharedAccess-FIGHTERS-297811811;PTK SharedAccess-FIGHTERS-297811811;c:\program files\Fighters\ConfigService.exe [2008-11-18 139912] R4 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [2009-01-13 356920] R4 SPAMfighter Update Service;SPAMfighter Update Service;c:\program files\SPAMfighter\sfus.exe [2008-07-29 184968] S3 getPlus® Helper;getPlus® Helper;c:\program files\NOS\bin\getPlus_HelperSvc.exe [2008-09-30 33752] S3 P0630VID;Creative WebCam Live!;c:\windows\SYSTEM32\DRIVERS\P0630Vid.sys [2007-01-23 91841] --- Andere Services/Drivers In Geheugen --- *Deregistered* - mchInjDrv . Inhoud van de 'Gedeelde Taken' map 2009-01-10 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34] 2009-01-14 c:\windows\Tasks\Controleren op updates voor Windows Live Toolbar.job - c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 11:20] 2005-09-16 c:\windows\Tasks\FRU Task #Hewlett-Packard#hp officejet 6100 series#1106417417.job - c:\program files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe [2004-06-16 18:06] 2009-01-14 c:\windows\Tasks\Schijfopruiming.job - c:\windows\SYSTEM32\cleanmgr.exe [2008-04-14 18:02] . . ------- Bijkomende Scan ------- . uStart Page = hxxp://www.omroep.nl/ uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 mStart Page = hxxp://www.euro.dell.com/ uInternet Settings,ProxyOverride = *.local uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm IE: Add to Windows &Live Favorites - Add to Windows Live Favorites IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 c:\windows\Downloaded Program Files\InstallerControl.dll - O16 -: CabBuilder hxxp://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab c:\windows\Downloaded Program Files\OSDED4D.OSD c:\windows\Downloaded Program Files\AddrBookATL.dll - O16 -: {426784E5-24B2-4708-820D-117342FAD009} hxxp://hyves.nl/cab/outlookaddressbook.cab c:\windows\Downloaded Program Files\imglib.dll - c:\windows\Downloaded Program Files\screenshot.ocx O16 -: {558714D6-8AC5-11D2-BCB7-00A024A866A5} hxxp://www.ob.gouda.nl/Components/screenshot.cab c:\windows\Downloaded Program Files\screenshot.inf O16 -: {745395C8-D0E1-4227-8586-624CA9A10A8D} - hxxp://internethuis.rnw.nl/activex/AMC.cab c:\windows\Downloaded Program Files\setup.inf FF - ProfilePath - c:\documents and settings\Gerda den Hollander\Application Data\Mozilla\Firefox\Profiles\kzg9xpfx.default\ FF - plugin: c:\documents and settings\All Users\Application Data\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-01-14 16:36:09 Windows 5.1.2600 Service Pack 3 NTFS detected NTDLL code modification: ZwClose scannen van verborgen processen ... scannen van verborgen autostart items ... scannen van verborgen bestanden ... c:\windows\system32\e6e943de6d2e2d8c33d5130c1ccdd3ac.sys 39936 bytes executable c:\windows\system32\_e6e943de6d2e2d8c33d5130c1ccdd3ac.sys_.vir 39936 bytes executable Scan succesvol afgerond verborgen bestanden: 2 ************************************************************************** [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\e6e943de6d2e2d8c33d5130c1ccdd3ac] "ImagePath"="system32\e6e943de6d2e2d8c33d5130c1ccdd3ac.sys" . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|ù•9~*] "3140311900063D11C8EF10054038389C"="C?\\WINDOWS\\System32\\FM20ENU.DLL" . --------------------- DLLs Geladen Onder Lopende Processen --------------------- - - - - - - - > 'explorer.exe'(236) c:\program files\SPAMfighter\Clients\Outlook Express\SFOE0001.dll c:\progra~1\WINDOW~2\wmpband.dll . Voltooingstijd: 2009-01-14 16:42:18 ComboFix-quarantined-files.txt 2009-01-14 15:42:10 ComboFix2.txt 2009-01-14 11:09:13 ComboFix3.txt 2009-01-13 23:12:12 ComboFix4.txt 2009-01-13 22:53:08 Pre-Run: 88.231.084.032 bytes beschikbaar Post-Run: 88,210,739,200 bytes beschikbaar 233 --- E O F --- 2009-01-14 12:01:28
  5. GerdadH
    Na vorige noodkreet is het gelukt nog 1 keer combofix te draaien. Hier is de log ComboFix 09-01-13.04 - Gerda den Hollander 2009-01-14 16:29:27.4 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.31.1043.18.511.209 [GMT 1:00] Gestart vanuit: c:\documents and settings\Gerda den Hollander\Bureaublad\ComboFix.exe AV: McAfee VirusScan Enterprise *On-access scanning disabled* (Outdated) * Resident AV is active . (((((((((((((((((((( Bestanden Gemaakt van 2008-12-14 to 2009-01-14 )))))))))))))))))))))))))))))) . 2009-01-14 12:43 . 2009-01-14 12:43 <DIR> dr-h----- c:\documents and settings\Gerda den Hollander\Onlangs geopend 2009-01-14 12:34 . 2009-01-14 12:34 <DIR> d-------- c:\program files\CCleaner 2009-01-13 13:20 . 2009-01-13 13:20 <DIR> d-------- c:\documents and settings\Gerda den Hollander\Application Data\Malwarebytes 2009-01-13 13:19 . 2009-01-13 13:20 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware 2009-01-13 13:19 . 2009-01-13 13:19 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes 2009-01-13 13:19 . 2009-01-04 18:38 38,496 --a------ c:\windows\SYSTEM32\DRIVERS\mbamswissarmy.sys 2009-01-13 13:19 . 2009-01-04 18:38 15,504 --a------ c:\windows\SYSTEM32\DRIVERS\mbam.sys 2009-01-13 12:12 . 2009-01-14 11:53 <DIR> d-------- c:\program files\Spyware Doctor 2009-01-13 12:12 . 2009-01-13 12:12 <DIR> d-------- c:\documents and settings\Gerda den Hollander\Application Data\PC Tools 2009-01-13 12:12 . 2009-01-14 16:14 <DIR> d-a------ c:\documents and settings\All Users\Application Data\TEMP 2009-01-13 12:12 . 2008-08-25 12:36 81,288 --a------ c:\windows\SYSTEM32\DRIVERS\iksyssec.sys 2009-01-13 12:12 . 2008-08-25 12:36 66,952 --a------ c:\windows\SYSTEM32\DRIVERS\iksysflt.sys 2009-01-13 12:12 . 2008-08-25 12:36 40,840 --a------ c:\windows\SYSTEM32\DRIVERS\ikfilesec.sys 2009-01-13 12:12 . 2008-06-02 16:19 29,576 --a------ c:\windows\SYSTEM32\DRIVERS\kcom.sys 2009-01-05 23:22 . 2009-01-08 21:42 <DIR> d-------- c:\program files\Fighters 2009-01-05 23:22 . 2009-01-05 23:22 <DIR> d-------- c:\documents and settings\All Users\Application Data\Fighters 2009-01-05 23:10 . 2009-01-05 23:10 <DIR> d-------- c:\program files\Trend Micro 2008-12-17 10:49 . 2008-12-17 10:48 410,984 --a------ c:\windows\SYSTEM32\deploytk.dll . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-01-14 15:14 --------- d-----w c:\program files\SPAMfighter 2009-01-13 23:21 --------- d-----w c:\program files\Google 2009-01-08 20:42 --------- d-----w c:\program files\Common Files\Symantec Shared 2009-01-05 22:15 12,288 ----a-w c:\program files\hijackthis logboek.txt 2008-12-17 09:48 --------- d-----w c:\program files\Java 2008-12-12 17:03 3,088,896 ------w c:\windows\SYSTEM32\DLLCACHE\mshtml.dll 2008-12-11 10:57 333,952 ----a-w c:\windows\system32\drivers\srv.sys 2008-12-11 10:57 333,952 ------w c:\windows\SYSTEM32\DLLCACHE\srv.sys 2008-12-09 20:28 --------- d-----w c:\program files\Ricochet 2008-12-01 11:40 --------- d-----w c:\documents and settings\Gerda den Hollander\Application Data\Apple Computer 2008-12-01 08:47 --------- d-----w c:\program files\iTunes 2008-12-01 08:47 --------- d-----w c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6} 2008-12-01 08:46 --------- d-----w c:\program files\iPod 2008-12-01 08:46 --------- d-----w c:\program files\Common Files\Apple 2008-12-01 08:42 --------- d-----w c:\program files\QuickTime 2008-12-01 08:29 --------- d-----w c:\program files\Safari 2008-11-30 12:11 --------- d-----w c:\program files\Adobe Media Player 2008-11-30 12:10 --------- d-----w c:\program files\Common Files\Adobe AIR 2008-11-18 10:01 15,496 ----a-w c:\windows\system32\drivers\vffilter.sys 2008-11-16 12:20 --------- d-----w c:\documents and settings\Gerda den Hollander\Application Data\MSN6 2008-10-24 11:21 455,296 ------w c:\windows\SYSTEM32\DLLCACHE\mrxsmb.sys 2008-10-23 12:43 286,720 ----a-w c:\windows\SYSTEM32\gdi32.dll 2008-10-23 12:43 286,720 ------w c:\windows\SYSTEM32\DLLCACHE\gdi32.dll 2008-10-16 13:13 202,776 ----a-w c:\windows\SYSTEM32\wuweb.dll 2008-10-16 13:13 202,776 ----a-w c:\windows\SYSTEM32\DLLCACHE\wuweb.dll 2008-10-16 13:13 1,809,944 ----a-w c:\windows\SYSTEM32\wuaueng.dll 2008-10-16 13:13 1,809,944 ----a-w c:\windows\SYSTEM32\DLLCACHE\wuaueng.dll 2008-10-16 13:12 561,688 ----a-w c:\windows\SYSTEM32\wuapi.dll 2008-10-16 13:12 561,688 ----a-w c:\windows\SYSTEM32\DLLCACHE\wuapi.dll 2008-10-16 13:12 323,608 ----a-w c:\windows\SYSTEM32\wucltui.dll 2008-10-16 13:12 323,608 ----a-w c:\windows\SYSTEM32\DLLCACHE\wucltui.dll 2008-10-16 13:09 92,696 ----a-w c:\windows\SYSTEM32\DLLCACHE\cdm.dll 2008-10-16 13:09 92,696 ----a-w c:\windows\SYSTEM32\cdm.dll 2008-10-16 13:09 51,224 ----a-w c:\windows\SYSTEM32\wuauclt.exe 2008-10-16 13:09 51,224 ----a-w c:\windows\SYSTEM32\DLLCACHE\wuauclt.exe 2008-10-16 13:09 43,544 ----a-w c:\windows\SYSTEM32\wups2.dll 2008-10-16 13:08 34,328 ----a-w c:\windows\SYSTEM32\wups.dll 2008-10-16 13:08 34,328 ----a-w c:\windows\SYSTEM32\DLLCACHE\wups.dll 2008-10-16 13:06 268,648 ----a-w c:\windows\SYSTEM32\mucltui.dll 2008-10-16 13:06 208,744 ----a-w c:\windows\SYSTEM32\muweb.dll 2008-10-16 01:02 669,184 ----a-w c:\windows\SYSTEM32\wininet.dll 2008-10-16 01:02 669,184 ------w c:\windows\SYSTEM32\DLLCACHE\wininet.dll 2008-10-16 01:02 620,032 ------w c:\windows\SYSTEM32\DLLCACHE\urlmon.dll 2008-10-16 01:02 1,499,136 ------w c:\windows\SYSTEM32\DLLCACHE\shdocvw.dll 2008-10-15 16:37 337,408 ------w c:\windows\SYSTEM32\DLLCACHE\netapi32.dll 2008-04-17 19:54 32,768 ----a-w c:\documents and settings\Gerda den Hollander\WebVpnRegKey6-pintix-rnw-nl.dll 2005-09-25 15:16 0 ---ha-w c:\documents and settings\Gerda den Hollander\Application Data\hpothb07.dat . ((((((((((((((((((((((((((((( snapshot@2009-01-13_23.50.50,90 ))))))))))))))))))))))))))))))))))))))))) . - 2008-12-10 20:37:06 12,288 ----a-r c:\windows\Installer\{91130413-6000-11D3-8CFE-0150048383C9}\cagicon.exe + 2009-01-14 12:01:20 12,288 ----a-r c:\windows\Installer\{91130413-6000-11D3-8CFE-0150048383C9}\cagicon.exe - 2008-12-10 20:37:06 135,168 ----a-r c:\windows\Installer\{91130413-6000-11D3-8CFE-0150048383C9}\misc.exe + 2009-01-14 12:01:20 135,168 ----a-r c:\windows\Installer\{91130413-6000-11D3-8CFE-0150048383C9}\misc.exe - 2008-12-10 20:37:06 11,264 ----a-r c:\windows\Installer\{91130413-6000-11D3-8CFE-0150048383C9}\mspicons.exe + 2009-01-14 12:01:21 11,264 ----a-r c:\windows\Installer\{91130413-6000-11D3-8CFE-0150048383C9}\mspicons.exe - 2008-12-10 20:37:06 27,136 ----a-r c:\windows\Installer\{91130413-6000-11D3-8CFE-0150048383C9}\oisicon.exe + 2009-01-14 12:01:21 27,136 ----a-r c:\windows\Installer\{91130413-6000-11D3-8CFE-0150048383C9}\oisicon.exe - 2008-12-10 20:37:06 4,096 ----a-r c:\windows\Installer\{91130413-6000-11D3-8CFE-0150048383C9}\opwicon.exe + 2009-01-14 12:01:22 4,096 ----a-r c:\windows\Installer\{91130413-6000-11D3-8CFE-0150048383C9}\opwicon.exe - 2008-12-10 20:37:06 794,624 ----a-r c:\windows\Installer\{91130413-6000-11D3-8CFE-0150048383C9}\outicon.exe + 2009-01-14 12:01:22 794,624 ----a-r c:\windows\Installer\{91130413-6000-11D3-8CFE-0150048383C9}\outicon.exe - 2008-12-10 20:37:06 23,040 ----a-r c:\windows\Installer\{91130413-6000-11D3-8CFE-0150048383C9}\unbndico.exe + 2009-01-14 12:01:23 23,040 ----a-r c:\windows\Installer\{91130413-6000-11D3-8CFE-0150048383C9}\unbndico.exe - 2008-12-10 20:37:06 286,720 ----a-r c:\windows\Installer\{91130413-6000-11D3-8CFE-0150048383C9}\wordicon.exe + 2009-01-14 12:01:19 286,720 ----a-r c:\windows\Installer\{91130413-6000-11D3-8CFE-0150048383C9}\wordicon.exe - 2008-12-10 20:37:06 409,600 ----a-r c:\windows\Installer\{91130413-6000-11D3-8CFE-0150048383C9}\xlicons.exe + 2009-01-14 12:01:19 409,600 ----a-r c:\windows\Installer\{91130413-6000-11D3-8CFE-0150048383C9}\xlicons.exe - 2008-12-09 23:24:37 17,593,280 ----a-w c:\windows\SYSTEM32\MRT.exe + 2009-01-10 01:35:28 20,853,704 ----a-w c:\windows\SYSTEM32\MRT.exe + 2009-01-14 13:33:28 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_71c.dat . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] "TomTomHOME.exe"="c:\program files\TomTom HOME 2\HOMERunner.exe" [2008-11-25 234856] "MsnMsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2003-08-24 335872] "diagent"="c:\program files\Creative\SBLive\Diagnostics\diagent.exe" [2002-04-03 135264] "UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112] "dla"="c:\windows\system32\dla\tfswctrl.exe" [2003-08-06 114741] "StorageGuard"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-02-13 155648] "PCMService"="c:\program files\Dell\Media Experience\PCMService.exe" [2003-08-26 204800] "DVDSentry"="c:\windows\System32\DSentry.exe" [2003-08-13 28672] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-17 136600] "McAfeeUpdaterUI"="c:\program files\McAfee\Common Framework\UdaterUI.exe" [2006-12-19 136768] "ShStatEXE"="c:\program files\McAfee\VirusScan Enterprise\SHSTAT.EXE" [2007-02-22 112216] "SPAMfighter Agent"="c:\program files\SPAMfighter\SFAgent.exe" [2008-07-29 321672] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672] "AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-11-07 111936] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-11-04 413696] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088] "spywarefighterguard"="c:\program files\Fighters\spywarefighter\SpywarefighterUser.exe" [2008-11-18 180872] "ISTray"="c:\program files\Spyware Doctor\pctsTray.exe" [2008-08-25 1168264] "ATIModeChange"="Ati2mdxx.exe" [2001-09-04 c:\windows\SYSTEM32\Ati2mdxx.exe] "PD0630 STISvc"="P0630Pin.dll" [2005-06-05 c:\windows\SYSTEM32\P0630Pin.dll] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "RunNarrator"="Narrator.exe" [2008-04-14 c:\windows\SYSTEM32\narrator.exe] c:\documents and settings\Gerda den Hollander\Menu Start\Programma's\Opstarten\ Mediacontrole Cyber-shot Viewer.lnk - c:\program files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe [2007-08-11 155648] c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\ hpoddt01.exe.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [2004-06-16 28672] officejet 6100.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hposol08.exe [2004-06-16 147456] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "msacm.ctmp3"= c:\windows\System32\ctmp3.acm [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\SightSpeed\\SightSpeed.exe"= "c:\\Program Files\\McAfee\\Common Framework\\FrameworkService.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= R3 Vfscan;Vfscan;c:\windows\SYSTEM32\DRIVERS\vffilter.sys [2008-11-18 15496] R3 wlags51b;Agere Wireless USB Driver;c:\windows\SYSTEM32\DRIVERS\WLAGS51B.sys [2004-11-07 178688] R4 PTK License-FIGHTERS-297811811;PTK License-FIGHTERS-297811811;c:\program files\Fighters\LicenseService.exe [2008-11-18 283272] R4 PTK Live Update-FIGHTERS-297811811;PTK Live Update-FIGHTERS-297811811;c:\program files\Fighters\UpdateService.exe [2008-11-18 307848] R4 PTK Scanner-FIGHTERS-297811811;PTK Scanner-FIGHTERS-297811811;c:\program files\Fighters\ScannerService.exe [2008-11-18 311944] R4 PTK SharedAccess-FIGHTERS-297811811;PTK SharedAccess-FIGHTERS-297811811;c:\program files\Fighters\ConfigService.exe [2008-11-18 139912] R4 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [2009-01-13 356920] R4 SPAMfighter Update Service;SPAMfighter Update Service;c:\program files\SPAMfighter\sfus.exe [2008-07-29 184968] S3 getPlus® Helper;getPlus® Helper;c:\program files\NOS\bin\getPlus_HelperSvc.exe [2008-09-30 33752] S3 P0630VID;Creative WebCam Live!;c:\windows\SYSTEM32\DRIVERS\P0630Vid.sys [2007-01-23 91841] --- Andere Services/Drivers In Geheugen --- *Deregistered* - mchInjDrv . Inhoud van de 'Gedeelde Taken' map 2009-01-10 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34] 2009-01-14 c:\windows\Tasks\Controleren op updates voor Windows Live Toolbar.job - c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 11:20] 2005-09-16 c:\windows\Tasks\FRU Task #Hewlett-Packard#hp officejet 6100 series#1106417417.job - c:\program files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe [2004-06-16 18:06] 2009-01-14 c:\windows\Tasks\Schijfopruiming.job - c:\windows\SYSTEM32\cleanmgr.exe [2008-04-14 18:02] . . ------- Bijkomende Scan ------- . uStart Page = hxxp://www.omroep.nl/ uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 mStart Page = hxxp://www.euro.dell.com/ uInternet Settings,ProxyOverride = *.local uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm IE: Add to Windows &Live Favorites - Add to Windows Live Favorites IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 c:\windows\Downloaded Program Files\InstallerControl.dll - O16 -: CabBuilder hxxp://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab c:\windows\Downloaded Program Files\OSDED4D.OSD c:\windows\Downloaded Program Files\AddrBookATL.dll - O16 -: {426784E5-24B2-4708-820D-117342FAD009} hxxp://hyves.nl/cab/outlookaddressbook.cab c:\windows\Downloaded Program Files\imglib.dll - c:\windows\Downloaded Program Files\screenshot.ocx O16 -: {558714D6-8AC5-11D2-BCB7-00A024A866A5} hxxp://www.ob.gouda.nl/Components/screenshot.cab c:\windows\Downloaded Program Files\screenshot.inf O16 -: {745395C8-D0E1-4227-8586-624CA9A10A8D} - hxxp://internethuis.rnw.nl/activex/AMC.cab c:\windows\Downloaded Program Files\setup.inf FF - ProfilePath - c:\documents and settings\Gerda den Hollander\Application Data\Mozilla\Firefox\Profiles\kzg9xpfx.default\ FF - plugin: c:\documents and settings\All Users\Application Data\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-01-14 16:36:09 Windows 5.1.2600 Service Pack 3 NTFS detected NTDLL code modification: ZwClose scannen van verborgen processen ... scannen van verborgen autostart items ... scannen van verborgen bestanden ... c:\windows\system32\e6e943de6d2e2d8c33d5130c1ccdd3ac.sys 39936 bytes executable c:\windows\system32\_e6e943de6d2e2d8c33d5130c1ccdd3ac.sys_.vir 39936 bytes executable Scan succesvol afgerond verborgen bestanden: 2 ************************************************************************** [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\e6e943de6d2e2d8c33d5130c1ccdd3ac] "ImagePath"="system32\e6e943de6d2e2d8c33d5130c1ccdd3ac.sys" . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|ù•9~*] "3140311900063D11C8EF10054038389C"="C?\\WINDOWS\\System32\\FM20ENU.DLL" . --------------------- DLLs Geladen Onder Lopende Processen --------------------- - - - - - - - > 'explorer.exe'(236) c:\program files\SPAMfighter\Clients\Outlook Express\SFOE0001.dll c:\progra~1\WINDOW~2\wmpband.dll . Voltooingstijd: 2009-01-14 16:42:18 ComboFix-quarantined-files.txt 2009-01-14 15:42:10 ComboFix2.txt 2009-01-14 11:09:13 ComboFix3.txt 2009-01-13 23:12:12 ComboFix4.txt 2009-01-13 22:53:08 Pre-Run: 88.231.084.032 bytes beschikbaar Post-Run: 88,210,739,200 bytes beschikbaar 233 --- E O F --- 2009-01-14 12:01:28
  6. GerdadH
    er gaat van alles mis nu, nadat ik combo fix (zie boven) en CCleaner had gedaan. krijg steeds stopfout windows, wordt eruit gegooid kan amper opstarten. krijg steeds meldingen van virusscanner bij start. Kortom, komt dit ooit nog goed
  7. GerdadH
    Zo daar ben ik weer met een nieuwe combofix.txt. (overigens kreeg in na het herstarten drie waarschuwingen van de virusscan, herstel inmiddels vier, 1 van een verwijderd Paard van Troje en drie van bufferoverloop- en microsoft outlook start erg traag op). En zodra ik dit verzonden heb ik ga met CCleaner aan de slag ComboFix 09-01-13.04 - Gerda den Hollander 2009-01-14 11:59:58.3 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.31.1043.18.511.104 [GMT 1:00] Gestart vanuit: c:\documents and settings\Gerda den Hollander\Bureaublad\ComboFix.exe gebruikte Opdracht switches :: c:\documents and settings\Gerda den Hollander\Bureaublad\CFScript.txt AV: McAfee VirusScan Enterprise *On-access scanning disabled* (Outdated) * Nieuw herstelpunt werd aangemaakt * Resident AV is active FILE :: C:\HijackThis.exe c:\program files\HijackThis.zip . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\HijackThis.exe c:\program files\HijackThis.zip . (((((((((((((((((((( Bestanden Gemaakt van 2008-12-14 to 2009-01-14 )))))))))))))))))))))))))))))) . 2009-01-13 13:20 . 2009-01-13 13:20 <DIR> d-------- c:\documents and settings\Gerda den Hollander\Application Data\Malwarebytes 2009-01-13 13:19 . 2009-01-13 13:20 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware 2009-01-13 13:19 . 2009-01-13 13:19 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes 2009-01-13 13:19 . 2009-01-04 18:38 38,496 --a------ c:\windows\SYSTEM32\DRIVERS\mbamswissarmy.sys 2009-01-13 13:19 . 2009-01-04 18:38 15,504 --a------ c:\windows\SYSTEM32\DRIVERS\mbam.sys 2009-01-13 12:12 . 2009-01-14 11:53 <DIR> d-------- c:\program files\Spyware Doctor 2009-01-13 12:12 . 2009-01-13 12:12 <DIR> d-------- c:\documents and settings\Gerda den Hollander\Application Data\PC Tools 2009-01-13 12:12 . 2009-01-14 11:49 <DIR> d-a------ c:\documents and settings\All Users\Application Data\TEMP 2009-01-13 12:12 . 2008-08-25 12:36 81,288 --a------ c:\windows\SYSTEM32\DRIVERS\iksyssec.sys 2009-01-13 12:12 . 2008-08-25 12:36 66,952 --a------ c:\windows\SYSTEM32\DRIVERS\iksysflt.sys 2009-01-13 12:12 . 2008-08-25 12:36 40,840 --a------ c:\windows\SYSTEM32\DRIVERS\ikfilesec.sys 2009-01-13 12:12 . 2008-06-02 16:19 29,576 --a------ c:\windows\SYSTEM32\DRIVERS\kcom.sys 2009-01-05 23:22 . 2009-01-08 21:42 <DIR> d-------- c:\program files\Fighters 2009-01-05 23:22 . 2009-01-05 23:22 <DIR> d-------- c:\documents and settings\All Users\Application Data\Fighters 2009-01-05 23:10 . 2009-01-05 23:10 <DIR> d-------- c:\program files\Trend Micro 2008-12-17 10:49 . 2008-12-17 10:48 410,984 --a------ c:\windows\SYSTEM32\deploytk.dll . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-01-14 10:35 --------- d-----w c:\program files\SPAMfighter 2009-01-13 23:21 --------- d-----w c:\program files\Google 2009-01-08 20:42 --------- d-----w c:\program files\Common Files\Symantec Shared 2009-01-05 22:15 12,288 ----a-w c:\program files\hijackthis logboek.txt 2008-12-17 09:48 --------- d-----w c:\program files\Java 2008-12-12 17:03 3,088,896 ------w c:\windows\SYSTEM32\DLLCACHE\mshtml.dll 2008-12-09 20:28 --------- d-----w c:\program files\Ricochet 2008-12-01 11:40 --------- d-----w c:\documents and settings\Gerda den Hollander\Application Data\Apple Computer 2008-12-01 08:47 --------- d-----w c:\program files\iTunes 2008-12-01 08:47 --------- d-----w c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6} 2008-12-01 08:46 --------- d-----w c:\program files\iPod 2008-12-01 08:46 --------- d-----w c:\program files\Common Files\Apple 2008-12-01 08:42 --------- d-----w c:\program files\QuickTime 2008-12-01 08:29 --------- d-----w c:\program files\Safari 2008-11-30 12:11 --------- d-----w c:\program files\Adobe Media Player 2008-11-30 12:10 --------- d-----w c:\program files\Common Files\Adobe AIR 2008-11-18 10:01 15,496 ----a-w c:\windows\system32\drivers\vffilter.sys 2008-11-16 12:20 --------- d-----w c:\documents and settings\Gerda den Hollander\Application Data\MSN6 2008-10-24 11:21 455,296 ------w c:\windows\SYSTEM32\DLLCACHE\mrxsmb.sys 2008-10-23 12:43 286,720 ----a-w c:\windows\SYSTEM32\gdi32.dll 2008-10-23 12:43 286,720 ------w c:\windows\SYSTEM32\DLLCACHE\gdi32.dll 2008-10-16 13:13 202,776 ----a-w c:\windows\SYSTEM32\wuweb.dll 2008-10-16 13:13 202,776 ----a-w c:\windows\SYSTEM32\DLLCACHE\wuweb.dll 2008-10-16 13:13 1,809,944 ----a-w c:\windows\SYSTEM32\wuaueng.dll 2008-10-16 13:13 1,809,944 ----a-w c:\windows\SYSTEM32\DLLCACHE\wuaueng.dll 2008-10-16 13:12 561,688 ----a-w c:\windows\SYSTEM32\wuapi.dll 2008-10-16 13:12 561,688 ----a-w c:\windows\SYSTEM32\DLLCACHE\wuapi.dll 2008-10-16 13:12 323,608 ----a-w c:\windows\SYSTEM32\wucltui.dll 2008-10-16 13:12 323,608 ----a-w c:\windows\SYSTEM32\DLLCACHE\wucltui.dll 2008-10-16 13:09 92,696 ----a-w c:\windows\SYSTEM32\DLLCACHE\cdm.dll 2008-10-16 13:09 92,696 ----a-w c:\windows\SYSTEM32\cdm.dll 2008-10-16 13:09 51,224 ----a-w c:\windows\SYSTEM32\wuauclt.exe 2008-10-16 13:09 51,224 ----a-w c:\windows\SYSTEM32\DLLCACHE\wuauclt.exe 2008-10-16 13:09 43,544 ----a-w c:\windows\SYSTEM32\wups2.dll 2008-10-16 13:08 34,328 ----a-w c:\windows\SYSTEM32\wups.dll 2008-10-16 13:08 34,328 ----a-w c:\windows\SYSTEM32\DLLCACHE\wups.dll 2008-10-16 13:06 268,648 ----a-w c:\windows\SYSTEM32\mucltui.dll 2008-10-16 13:06 208,744 ----a-w c:\windows\SYSTEM32\muweb.dll 2008-10-16 01:02 669,184 ----a-w c:\windows\SYSTEM32\wininet.dll 2008-10-16 01:02 669,184 ------w c:\windows\SYSTEM32\DLLCACHE\wininet.dll 2008-10-16 01:02 620,032 ------w c:\windows\SYSTEM32\DLLCACHE\urlmon.dll 2008-10-16 01:02 1,499,136 ------w c:\windows\SYSTEM32\DLLCACHE\shdocvw.dll 2008-10-15 16:37 337,408 ------w c:\windows\SYSTEM32\DLLCACHE\netapi32.dll 2008-04-17 19:54 32,768 ----a-w c:\documents and settings\Gerda den Hollander\WebVpnRegKey6-pintix-rnw-nl.dll 2005-09-25 15:16 0 ---ha-w c:\documents and settings\Gerda den Hollander\Application Data\hpothb07.dat . ((((((((((((((((((((((((((((( snapshot@2009-01-13_23.50.50,90 ))))))))))))))))))))))))))))))))))))))))) . + 2009-01-14 10:29:14 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_71c.dat . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] "TomTomHOME.exe"="c:\program files\TomTom HOME 2\HOMERunner.exe" [2008-11-25 234856] "MsnMsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2003-08-24 335872] "diagent"="c:\program files\Creative\SBLive\Diagnostics\diagent.exe" [2002-04-03 135264] "UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112] "dla"="c:\windows\system32\dla\tfswctrl.exe" [2003-08-06 114741] "StorageGuard"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-02-13 155648] "PCMService"="c:\program files\Dell\Media Experience\PCMService.exe" [2003-08-26 204800] "DVDSentry"="c:\windows\System32\DSentry.exe" [2003-08-13 28672] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-17 136600] "McAfeeUpdaterUI"="c:\program files\McAfee\Common Framework\UdaterUI.exe" [2006-12-19 136768] "ShStatEXE"="c:\program files\McAfee\VirusScan Enterprise\SHSTAT.EXE" [2007-02-22 112216] "SPAMfighter Agent"="c:\program files\SPAMfighter\SFAgent.exe" [2008-07-29 321672] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672] "AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-11-07 111936] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-11-04 413696] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088] "spywarefighterguard"="c:\program files\Fighters\spywarefighter\SpywarefighterUser.exe" [2008-11-18 180872] "ISTray"="c:\program files\Spyware Doctor\pctsTray.exe" [2008-08-25 1168264] "ATIModeChange"="Ati2mdxx.exe" [2001-09-04 c:\windows\SYSTEM32\Ati2mdxx.exe] "PD0630 STISvc"="P0630Pin.dll" [2005-06-05 c:\windows\SYSTEM32\P0630Pin.dll] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "RunNarrator"="Narrator.exe" [2008-04-14 c:\windows\SYSTEM32\narrator.exe] c:\documents and settings\Gerda den Hollander\Menu Start\Programma's\Opstarten\ Mediacontrole Cyber-shot Viewer.lnk - c:\program files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe [2007-08-11 155648] c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\ hpoddt01.exe.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [2004-06-16 28672] officejet 6100.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hposol08.exe [2004-06-16 147456] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "msacm.ctmp3"= c:\windows\System32\ctmp3.acm [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\SightSpeed\\SightSpeed.exe"= "c:\\Program Files\\McAfee\\Common Framework\\FrameworkService.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= R3 Vfscan;Vfscan;c:\windows\SYSTEM32\DRIVERS\vffilter.sys [2008-11-18 15496] R3 wlags51b;Agere Wireless USB Driver;c:\windows\SYSTEM32\DRIVERS\WLAGS51B.sys [2004-11-07 178688] R4 PTK License-FIGHTERS-297811811;PTK License-FIGHTERS-297811811;c:\program files\Fighters\LicenseService.exe [2008-11-18 283272] R4 PTK Live Update-FIGHTERS-297811811;PTK Live Update-FIGHTERS-297811811;c:\program files\Fighters\UpdateService.exe [2008-11-18 307848] R4 PTK Scanner-FIGHTERS-297811811;PTK Scanner-FIGHTERS-297811811;c:\program files\Fighters\ScannerService.exe [2008-11-18 311944] R4 PTK SharedAccess-FIGHTERS-297811811;PTK SharedAccess-FIGHTERS-297811811;c:\program files\Fighters\ConfigService.exe [2008-11-18 139912] R4 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [2009-01-13 356920] R4 SPAMfighter Update Service;SPAMfighter Update Service;c:\program files\SPAMfighter\sfus.exe [2008-07-29 184968] S3 getPlus® Helper;getPlus® Helper;c:\program files\NOS\bin\getPlus_HelperSvc.exe [2008-09-30 33752] S3 P0630VID;Creative WebCam Live!;c:\windows\SYSTEM32\DRIVERS\P0630Vid.sys [2007-01-23 91841] --- Andere Services/Drivers In Geheugen --- *Deregistered* - mchInjDrv . Inhoud van de 'Gedeelde Taken' map 2009-01-10 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34] 2009-01-13 c:\windows\Tasks\Controleren op updates voor Windows Live Toolbar.job - c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 11:20] 2005-09-16 c:\windows\Tasks\FRU Task #Hewlett-Packard#hp officejet 6100 series#1106417417.job - c:\program files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe [2004-06-16 18:06] 2009-01-14 c:\windows\Tasks\Schijfopruiming.job - c:\windows\SYSTEM32\cleanmgr.exe [2008-04-14 18:02] . - - - - ORPHANS VERWIJDERD - - - - HKCU-Run-swg - c:\program files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe . ------- Bijkomende Scan ------- . uStart Page = hxxp://www.omroep.nl/ uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 mStart Page = hxxp://www.euro.dell.com/ uInternet Settings,ProxyOverride = *.local uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm IE: Add to Windows &Live Favorites - Add to Windows Live Favorites IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 c:\windows\Downloaded Program Files\InstallerControl.dll - O16 -: CabBuilder hxxp://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab c:\windows\Downloaded Program Files\OSDED4D.OSD c:\windows\Downloaded Program Files\AddrBookATL.dll - O16 -: {426784E5-24B2-4708-820D-117342FAD009} hxxp://hyves.nl/cab/outlookaddressbook.cab c:\windows\Downloaded Program Files\imglib.dll - c:\windows\Downloaded Program Files\screenshot.ocx O16 -: {558714D6-8AC5-11D2-BCB7-00A024A866A5} hxxp://www.ob.gouda.nl/Components/screenshot.cab c:\windows\Downloaded Program Files\screenshot.inf O16 -: {745395C8-D0E1-4227-8586-624CA9A10A8D} - hxxp://internethuis.rnw.nl/activex/AMC.cab c:\windows\Downloaded Program Files\setup.inf FF - ProfilePath - c:\documents and settings\Gerda den Hollander\Application Data\Mozilla\Firefox\Profiles\kzg9xpfx.default\ FF - plugin: c:\documents and settings\All Users\Application Data\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-01-14 12:05:51 Windows 5.1.2600 Service Pack 3 NTFS detected NTDLL code modification: ZwClose scannen van verborgen processen ... scannen van verborgen autostart items ... scannen van verborgen bestanden ... c:\windows\system32\e6e943de6d2e2d8c33d5130c1ccdd3ac.sys 39936 bytes executable c:\windows\system32\_e6e943de6d2e2d8c33d5130c1ccdd3ac.sys_.vir 39936 bytes executable Scan succesvol afgerond verborgen bestanden: 2 ************************************************************************** [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\e6e943de6d2e2d8c33d5130c1ccdd3ac] "ImagePath"="system32\e6e943de6d2e2d8c33d5130c1ccdd3ac.sys" . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|ù•9~*] "3140311900063D11C8EF10054038389C"="C?\\WINDOWS\\System32\\FM20ENU.DLL" . Voltooingstijd: 2009-01-14 12:09:09 ComboFix-quarantined-files.txt 2009-01-14 11:09:03 ComboFix2.txt 2009-01-13 23:12:12 ComboFix3.txt 2009-01-13 22:53:08 Pre-Run: 88.003.657.728 bytes beschikbaar Post-Run: 87,986,098,176 bytes beschikbaar 215 --- E O F --- 2008-12-18 14:18:28
  8. GerdadH
    Goed, comboFix ook uitgevoerd, en hier is de log. Het CCLeaner verhaal zal ik morgen uitvoeren, tenzij ik andere instructies krijg. Ik ben erg blij met je hulp & ongetwijfeld tot later. ComboFix 09-01-13.03 - Gerda den Hollander 2009-01-13 23:59:26.2 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.31.1043.18.511.148 [GMT 1:00] Gestart vanuit: c:\documents and settings\Gerda den Hollander\Bureaublad\ComboFix.exe AV: McAfee VirusScan Enterprise *On-access scanning disabled* (Outdated) * Resident AV is active . (((((((((((((((((((( Bestanden Gemaakt van 2008-12-13 to 2009-01-13 )))))))))))))))))))))))))))))) . 2009-01-13 22:10 . 2009-01-13 22:10 <DIR> d-------- c:\program files\Peer2Peer-NE 2009-01-13 22:10 . 2009-01-13 22:10 <DIR> d-------- c:\program files\Conduit 2009-01-13 13:20 . 2009-01-13 13:20 <DIR> d-------- c:\documents and settings\Gerda den Hollander\Application Data\Malwarebytes 2009-01-13 13:19 . 2009-01-13 13:20 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware 2009-01-13 13:19 . 2009-01-13 13:19 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes 2009-01-13 13:19 . 2009-01-04 18:38 38,496 --a------ c:\windows\SYSTEM32\DRIVERS\mbamswissarmy.sys 2009-01-13 13:19 . 2009-01-04 18:38 15,504 --a------ c:\windows\SYSTEM32\DRIVERS\mbam.sys 2009-01-13 12:25 . 2009-01-13 12:25 314,054 --a------ c:\program files\HijackThis.zip 2009-01-13 12:12 . 2009-01-13 12:14 <DIR> d-------- c:\program files\Spyware Doctor 2009-01-13 12:12 . 2009-01-13 12:12 <DIR> d-------- c:\documents and settings\Gerda den Hollander\Application Data\PC Tools 2009-01-13 12:12 . 2009-01-13 22:06 <DIR> d-a------ c:\documents and settings\All Users\Application Data\TEMP 2009-01-13 12:12 . 2008-08-25 12:36 81,288 --a------ c:\windows\SYSTEM32\DRIVERS\iksyssec.sys 2009-01-13 12:12 . 2008-08-25 12:36 66,952 --a------ c:\windows\SYSTEM32\DRIVERS\iksysflt.sys 2009-01-13 12:12 . 2008-08-25 12:36 40,840 --a------ c:\windows\SYSTEM32\DRIVERS\ikfilesec.sys 2009-01-13 12:12 . 2008-06-02 16:19 29,576 --a------ c:\windows\SYSTEM32\DRIVERS\kcom.sys 2009-01-13 12:08 . 2009-01-13 12:08 396,288 --a------ C:\HijackThis.exe 2009-01-05 23:22 . 2009-01-08 21:42 <DIR> d-------- c:\program files\Fighters 2009-01-05 23:22 . 2009-01-05 23:22 <DIR> d-------- c:\documents and settings\All Users\Application Data\Fighters 2009-01-05 23:10 . 2009-01-05 23:10 <DIR> d-------- c:\program files\Trend Micro 2008-12-17 10:49 . 2008-12-17 10:48 410,984 --a------ c:\windows\SYSTEM32\deploytk.dll . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-01-13 20:25 --------- d-----w c:\program files\SPAMfighter 2009-01-08 20:42 --------- d-----w c:\program files\Common Files\Symantec Shared 2009-01-05 22:15 12,288 ----a-w c:\program files\hijackthis logboek.txt 2008-12-17 09:48 --------- d-----w c:\program files\Java 2008-12-12 17:03 3,088,896 ------w c:\windows\SYSTEM32\DLLCACHE\mshtml.dll 2008-12-09 20:28 --------- d-----w c:\program files\Ricochet 2008-12-01 11:40 --------- d-----w c:\documents and settings\Gerda den Hollander\Application Data\Apple Computer 2008-12-01 08:47 --------- d-----w c:\program files\iTunes 2008-12-01 08:47 --------- d-----w c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6} 2008-12-01 08:46 --------- d-----w c:\program files\iPod 2008-12-01 08:46 --------- d-----w c:\program files\Common Files\Apple 2008-12-01 08:42 --------- d-----w c:\program files\QuickTime 2008-12-01 08:29 --------- d-----w c:\program files\Safari 2008-11-30 12:11 --------- d-----w c:\program files\Adobe Media Player 2008-11-30 12:10 --------- d-----w c:\program files\Common Files\Adobe AIR 2008-11-18 10:01 15,496 ----a-w c:\windows\system32\drivers\vffilter.sys 2008-11-16 12:20 --------- d-----w c:\documents and settings\Gerda den Hollander\Application Data\MSN6 2008-10-24 11:21 455,296 ------w c:\windows\SYSTEM32\DLLCACHE\mrxsmb.sys 2008-10-23 12:43 286,720 ----a-w c:\windows\SYSTEM32\gdi32.dll 2008-10-23 12:43 286,720 ------w c:\windows\SYSTEM32\DLLCACHE\gdi32.dll 2008-10-16 13:13 202,776 ----a-w c:\windows\SYSTEM32\wuweb.dll 2008-10-16 13:13 202,776 ----a-w c:\windows\SYSTEM32\DLLCACHE\wuweb.dll 2008-10-16 13:13 1,809,944 ----a-w c:\windows\SYSTEM32\wuaueng.dll 2008-10-16 13:13 1,809,944 ----a-w c:\windows\SYSTEM32\DLLCACHE\wuaueng.dll 2008-10-16 13:12 561,688 ----a-w c:\windows\SYSTEM32\wuapi.dll 2008-10-16 13:12 561,688 ----a-w c:\windows\SYSTEM32\DLLCACHE\wuapi.dll 2008-10-16 13:12 323,608 ----a-w c:\windows\SYSTEM32\wucltui.dll 2008-10-16 13:12 323,608 ----a-w c:\windows\SYSTEM32\DLLCACHE\wucltui.dll 2008-10-16 13:09 92,696 ----a-w c:\windows\SYSTEM32\DLLCACHE\cdm.dll 2008-10-16 13:09 92,696 ----a-w c:\windows\SYSTEM32\cdm.dll 2008-10-16 13:09 51,224 ----a-w c:\windows\SYSTEM32\wuauclt.exe 2008-10-16 13:09 51,224 ----a-w c:\windows\SYSTEM32\DLLCACHE\wuauclt.exe 2008-10-16 13:09 43,544 ----a-w c:\windows\SYSTEM32\wups2.dll 2008-10-16 13:08 34,328 ----a-w c:\windows\SYSTEM32\wups.dll 2008-10-16 13:08 34,328 ----a-w c:\windows\SYSTEM32\DLLCACHE\wups.dll 2008-10-16 13:06 268,648 ----a-w c:\windows\SYSTEM32\mucltui.dll 2008-10-16 13:06 208,744 ----a-w c:\windows\SYSTEM32\muweb.dll 2008-10-16 01:02 669,184 ----a-w c:\windows\SYSTEM32\wininet.dll 2008-10-16 01:02 669,184 ------w c:\windows\SYSTEM32\DLLCACHE\wininet.dll 2008-10-16 01:02 620,032 ------w c:\windows\SYSTEM32\DLLCACHE\urlmon.dll 2008-10-16 01:02 1,499,136 ------w c:\windows\SYSTEM32\DLLCACHE\shdocvw.dll 2008-10-15 16:37 337,408 ------w c:\windows\SYSTEM32\DLLCACHE\netapi32.dll 2008-04-17 19:54 32,768 ----a-w c:\documents and settings\Gerda den Hollander\WebVpnRegKey6-pintix-rnw-nl.dll 2005-09-25 15:16 0 ---ha-w c:\documents and settings\Gerda den Hollander\Application Data\hpothb07.dat . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{c0d70ed8-d984-40c3-9666-8939ce76ea13}"= "c:\program files\Peer2Peer-NE\tbPeer.dll" [2008-09-15 1784856] [HKEY_CLASSES_ROOT\clsid\{c0d70ed8-d984-40c3-9666-8939ce76ea13}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{c0d70ed8-d984-40c3-9666-8939ce76ea13}] 2008-09-15 06:47 1784856 --a------ c:\program files\Peer2Peer-NE\tbPeer.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{c0d70ed8-d984-40c3-9666-8939ce76ea13}"= "c:\program files\Peer2Peer-NE\tbPeer.dll" [2008-09-15 1784856] [HKEY_CLASSES_ROOT\clsid\{c0d70ed8-d984-40c3-9666-8939ce76ea13}] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] "TomTomHOME.exe"="c:\program files\TomTom HOME 2\HOMERunner.exe" [2008-11-25 234856] "MsnMsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184] "swg"="c:\program files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2008-09-05 171448] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2003-08-24 335872] "diagent"="c:\program files\Creative\SBLive\Diagnostics\diagent.exe" [2002-04-03 135264] "UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112] "dla"="c:\windows\system32\dla\tfswctrl.exe" [2003-08-06 114741] "StorageGuard"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-02-13 155648] "PCMService"="c:\program files\Dell\Media Experience\PCMService.exe" [2003-08-26 204800] "DVDSentry"="c:\windows\System32\DSentry.exe" [2003-08-13 28672] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-17 136600] "McAfeeUpdaterUI"="c:\program files\McAfee\Common Framework\UdaterUI.exe" [2006-12-19 136768] "ShStatEXE"="c:\program files\McAfee\VirusScan Enterprise\SHSTAT.EXE" [2007-02-22 112216] "SPAMfighter Agent"="c:\program files\SPAMfighter\SFAgent.exe" [2008-07-29 321672] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672] "AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-11-07 111936] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-11-04 413696] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088] "spywarefighterguard"="c:\program files\Fighters\spywarefighter\SpywarefighterUser.exe" [2008-11-18 180872] "ISTray"="c:\program files\Spyware Doctor\pctsTray.exe" [2008-08-25 1168264] "ATIModeChange"="Ati2mdxx.exe" [2001-09-04 c:\windows\SYSTEM32\Ati2mdxx.exe] "PD0630 STISvc"="P0630Pin.dll" [2005-06-05 c:\windows\SYSTEM32\P0630Pin.dll] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "RunNarrator"="Narrator.exe" [2008-04-14 c:\windows\SYSTEM32\narrator.exe] c:\documents and settings\Gerda den Hollander\Menu Start\Programma's\Opstarten\ Mediacontrole Cyber-shot Viewer.lnk - c:\program files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe [2007-08-11 155648] c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\ hpoddt01.exe.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [2004-06-16 28672] officejet 6100.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hposol08.exe [2004-06-16 147456] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "msacm.ctmp3"= c:\windows\System32\ctmp3.acm [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\SightSpeed\\SightSpeed.exe"= "c:\\Program Files\\McAfee\\Common Framework\\FrameworkService.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= R3 Vfscan;Vfscan;c:\windows\SYSTEM32\DRIVERS\vffilter.sys [2008-11-18 15496] R3 wlags51b;Agere Wireless USB Driver;c:\windows\SYSTEM32\DRIVERS\WLAGS51B.sys [2004-11-07 178688] R4 PTK License-FIGHTERS-297811811;PTK License-FIGHTERS-297811811;c:\program files\Fighters\LicenseService.exe [2008-11-18 283272] R4 PTK Live Update-FIGHTERS-297811811;PTK Live Update-FIGHTERS-297811811;c:\program files\Fighters\UpdateService.exe [2008-11-18 307848] R4 PTK Scanner-FIGHTERS-297811811;PTK Scanner-FIGHTERS-297811811;c:\program files\Fighters\ScannerService.exe [2008-11-18 311944] R4 PTK SharedAccess-FIGHTERS-297811811;PTK SharedAccess-FIGHTERS-297811811;c:\program files\Fighters\ConfigService.exe [2008-11-18 139912] R4 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [2009-01-13 356920] R4 SPAMfighter Update Service;SPAMfighter Update Service;c:\program files\SPAMfighter\sfus.exe [2008-07-29 184968] S3 getPlus® Helper;getPlus® Helper;c:\program files\NOS\bin\getPlus_HelperSvc.exe [2008-09-30 33752] S3 P0630VID;Creative WebCam Live!;c:\windows\SYSTEM32\DRIVERS\P0630Vid.sys [2007-01-23 91841] --- Andere Services/Drivers In Geheugen --- *Deregistered* - mchInjDrv . Inhoud van de 'Gedeelde Taken' map 2009-01-10 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34] 2009-01-13 c:\windows\Tasks\Controleren op updates voor Windows Live Toolbar.job - c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 11:20] 2005-09-16 c:\windows\Tasks\FRU Task #Hewlett-Packard#hp officejet 6100 series#1106417417.job - c:\program files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe [2004-06-16 18:06] 2009-01-13 c:\windows\Tasks\Schijfopruiming.job - c:\windows\SYSTEM32\cleanmgr.exe [2008-04-14 18:02] . . ------- Bijkomende Scan ------- . uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2046702 uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 mStart Page = hxxp://www.euro.dell.com/ uInternet Settings,ProxyOverride = *.local uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm IE: Add to Windows &Live Favorites - Add to Windows Live Favorites IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 c:\windows\Downloaded Program Files\InstallerControl.dll - O16 -: CabBuilder hxxp://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab c:\windows\Downloaded Program Files\OSDED4D.OSD c:\windows\Downloaded Program Files\AddrBookATL.dll - O16 -: {426784E5-24B2-4708-820D-117342FAD009} hxxp://hyves.nl/cab/outlookaddressbook.cab c:\windows\Downloaded Program Files\imglib.dll - c:\windows\Downloaded Program Files\screenshot.ocx O16 -: {558714D6-8AC5-11D2-BCB7-00A024A866A5} hxxp://www.ob.gouda.nl/Components/screenshot.cab c:\windows\Downloaded Program Files\screenshot.inf O16 -: {745395C8-D0E1-4227-8586-624CA9A10A8D} - hxxp://internethuis.rnw.nl/activex/AMC.cab c:\windows\Downloaded Program Files\setup.inf FF - ProfilePath - c:\documents and settings\Gerda den Hollander\Application Data\Mozilla\Firefox\Profiles\kzg9xpfx.default\ FF - plugin: c:\documents and settings\All Users\Application Data\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-01-14 00:06:51 Windows 5.1.2600 Service Pack 3 NTFS detected NTDLL code modification: ZwClose scannen van verborgen processen ... scannen van verborgen autostart items ... scannen van verborgen bestanden ... c:\windows\system32\e6e943de6d2e2d8c33d5130c1ccdd3ac.sys 39936 bytes executable c:\windows\system32\_e6e943de6d2e2d8c33d5130c1ccdd3ac.sys_.vir 39936 bytes executable Scan succesvol afgerond verborgen bestanden: 2 ************************************************************************** [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\e6e943de6d2e2d8c33d5130c1ccdd3ac] "ImagePath"="system32\e6e943de6d2e2d8c33d5130c1ccdd3ac.sys" . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|ù•9~*] "3140311900063D11C8EF10054038389C"="C?\\WINDOWS\\System32\\FM20ENU.DLL" . --------------------- DLLs Geladen Onder Lopende Processen --------------------- - - - - - - - > 'explorer.exe'(1592) c:\progra~1\WINDOW~2\wmpband.dll . Voltooingstijd: 2009-01-14 0:12:03 ComboFix-quarantined-files.txt 2009-01-13 23:11:48 ComboFix2.txt 2009-01-13 22:53:08 Pre-Run: 88.040.964.096 bytes beschikbaar Post-Run: 88,021,233,664 bytes beschikbaar WindowsXP-KB310994-SP2-Home-BootDisk-NLD.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn 221 --- E O F --- 2008-12-18 14:18:28
  9. GerdadH
    Ik ben blij dat jij zo optimistisch bent: eerder op de avond liep alles vast, kon ik geen programma meer normaal afsluiten. Wat die CCleaner betreft: Er staan een heleboel downloads op die link. Welke bedoel je: Driver cleaner de CCleaner Slim (no toolbar) of de CCleaner download de nieuwe en laatste versie 2009, En als ik die laatste neem, moet ik dan de toolbar wel of niet aanvinken?
  10. GerdadH
    Wil ik graag doen, maar elke keer als ik HiJack via de snelkoppeling open krijg ik een mededeling die begint met: Hijjack This appears to have been started from a temporary folder. Since temp folders tend to be emptied regurlarly, it is wise to copy HihackThis.exe to a folder of its own, for instance C:\ProgramFiles\HijackThis\ (en zo verder) Ik heb hem nu in ProgramFiles in een gecomprimeerde map en als ik hem daar uitpak en open krijg ik de mededeling niet meer. Daarna heb ik de volgende scanlog gemaakt. Ik hoop dat hij nu wel volledig is. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 16:36:45, on 13-1-2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\System32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\brsvc01a.exe C:\WINDOWS\system32\brss01a.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\WINDOWS\system32\cisvc.exe C:\WINDOWS\System32\CTsvcCDA.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\McAfee\Common Framework\FrameworkService.exe C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\McAfee\Common Framework\naPrdMgr.exe C:\Program Files\Fighters\configservice.exe C:\Program Files\Spyware Doctor\pctsAuxs.exe C:\Program Files\Spyware Doctor\pctsSvc.exe C:\Program Files\SPAMfighter\sfus.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\MsPMSPSv.exe C:\Program Files\Fighters\licenseservice.exe C:\Program Files\Fighters\updateservice.exe C:\Program Files\Fighters\ScannerService.exe C:\WINDOWS\System32\wbem\wmiprvse.exe C:\WINDOWS\System32\alg.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE C:\WINDOWS\system32\dla\tfswctrl.exe C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe C:\Program Files\Dell\Media Experience\PCMService.exe C:\WINDOWS\System32\DSentry.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\McAfee\Common Framework\UdaterUI.exe C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE C:\WINDOWS\system32\RunDLL32.exe C:\Program Files\SPAMfighter\SFAgent.exe C:\Program Files\McAfee\Common Framework\McTray.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Fighters\spywarefighter\SpywarefighterUser.exe C:\Program Files\Spyware Doctor\pctsTray.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\TomTom HOME 2\HOMERunner.exe c:\program files\fighters\spywarefighter\SPYWAREfighterTray.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposol08.exe C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe C:\WINDOWS\system32\HPZipm12.exe C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE C:\WINDOWS\system32\cidaemon.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\DOCUME~1\GERDAD~1\LOCALS~1\Temp\Tijdelijke map 1 voor HijackThis.zip\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Dell Nederland -startpagina - Computers, computerapparatuur, electronics en services. R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Omroep.nl R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Dell Nederland -startpagina - Computers, computerapparatuur, electronics en services. R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\scriptcl.dll O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [diagent] "C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe" startup O4 - HKLM\..\Run: [updReg] C:\WINDOWS\UpdReg.EXE O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe O4 - HKLM\..\Run: [storageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe" O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey O4 - HKLM\..\Run: [shStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE O4 - HKLM\..\Run: [CostAware] C:\Program Files\NetInternals\CostAware\niIPCApp.exe O4 - HKLM\..\Run: [PD0630 STISvc] RunDLL32.exe P0630Pin.dll,RunDLL32EP 513 O4 - HKLM\..\Run: [sPAMfighter Agent] "C:\Program Files\SPAMfighter\SFAgent.exe" update delay 60 O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [spywarefighterguard] C:\Program Files\Fighters\spywarefighter\SpywarefighterUser.exe O4 - HKLM\..\Run: [iSTray] "C:\Program Files\Spyware Doctor\pctsTray.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\HOMERunner.exe" O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user') O4 - Startup: Mediacontrole Cyber-shot Viewer.lnk = C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe O4 - Global Startup: hpoddt01.exe.lnk = ? O4 - Global Startup: officejet 6100.lnk = ? O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm O8 - Extra context menu item: Add to Windows &Live Favorites - Add to Windows Live Favorites O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: CabBuilder - http://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab O16 - DPF: {426784E5-24B2-4708-820D-117342FAD009} (Cimporter Object) - http://hyves.nl/cab/outlookaddressbook.cab O16 - DPF: {558714D6-8AC5-11D2-BCB7-00A024A866A5} (ScreenShot Control) - http://www.ob.gouda.nl/Components/screenshot.cab O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase8300.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1150318829140 O16 - DPF: {745395C8-D0E1-4227-8586-624CA9A10A8D} (AxisMediaControl Class) - http://internethuis.rnw.nl/activex/AMC.cab O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://wwwimages.adobe.com/www.adobe.com/products/acrobat/nos/gp.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O23 - Service: Mobiel Apple apparaat (Apple Mobile Device) - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe O23 - Service: getPlus® Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: PTK License-FIGHTERS-297811811 - SPAMfighter - C:\Program Files\Fighters\licenseservice.exe O23 - Service: PTK Live Update-FIGHTERS-297811811 - SPAMfighter - C:\Program Files\Fighters\updateservice.exe O23 - Service: PTK Scanner-FIGHTERS-297811811 - SPAMfighter - C:\Program Files\Fighters\ScannerService.exe O23 - Service: PTK SharedAccess-FIGHTERS-297811811 - SPAMfighter - C:\Program Files\Fighters\configservice.exe O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe O23 - Service: SPAMfighter Update Service - SPAMfighter ApS - C:\Program Files\SPAMfighter\sfus.exe -- End of file - 12842 bytes
  11. GerdadH
    Dank Kape voor je snelle reactie. Ik ben er meteen mee aan de slag gegaan. Hier eerst de MBAB log: Malwarebytes' Anti-Malware 1.32 Database versie: 1648 Windows 5.1.2600 Service Pack 3 13-1-2009 13:44:13 mbam-log-2009-01-13 (13-44-13).txt Scan type: Snelle Scan Objecten gescand: 74770 Verstreken tijd: 21 minute(s), 47 second(s) Geheugenprocessen geïnfecteerd: 0 Geheugenmodulen geïnfecteerd: 0 Registersleutels geïnfecteerd: 18 Registerwaarden geïnfecteerd: 1 Registerdata bestanden geïnfecteerd: 0 Mappen geïnfecteerd: 2 Bestanden geïnfecteerd: 4 Geheugenprocessen geïnfecteerd: (Geen kwaadaardige items gevonden) Geheugenmodulen geïnfecteerd: (Geen kwaadaardige items gevonden) Registersleutels geïnfecteerd: HKEY_CLASSES_ROOT\orb.ta (Trojan.BHO) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\orb.ta.1 (Trojan.BHO) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{21eeb010-57f3-11dd-b116-dad055d89593} (Trojan.BHO) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{b33de756-deee-4d7a-87db-1d905ba2aa21} (Rogue.Multiple) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Typelib\{1b7f9329-aaf9-4e34-8ecf-c363fd3c60cf} (Trojan.BHO) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{ada8c222-95d2-47b5-950b-aebc0a508839} (Trojan.BHO) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\.exe\shellex\ContextMenuHandlers\secure_del (Rogue.SecurePCCleaner) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\.lnk\ShellEx\ContextMenuHandlers\secure_del (Rogue.SecurePCCleaner) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\Shell\Secure Delete (Rogue.SecurePCCleaner) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Directory\Background\shellex\ContextMenuHandlers\secure_del (Rogue.SecurePCCleaner) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Directory\shellex\ContextMenuHandlers\secure_del (Rogue.SecurePCCleaner) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Drive\shellex\ContextMenuHandlers\secure_del (Rogue.SecurePCCleaner) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\exefile\shellex\ContextMenuHandlers\secure_del (Rogue.SecurePCCleaner) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Folder\shellex\ContextMenuHandlers\secure_del (Rogue.SecurePCCleaner) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\lnkfile\shellex\ContextMenuHandlers\secure_del (Rogue.SecurePCCleaner) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\SystemFileAssociations\Directory.Audio\shellex\ContextMenuHandlers\secure_del (Rogue.SecurePCCleaner) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\SystemFileAssociations\Directory.Image\shellex\ContextMenuHandlers\secure_del (Rogue.SecurePCCleaner) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\SystemFileAssociations\Directory.Video\shellex\ContextMenuHandlers\secure_del (Rogue.SecurePCCleaner) -> Quarantined and deleted successfully. Registerwaarden geïnfecteerd: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{b33de756-deee-4d7a-87db-1d905ba2aa21} (Rogue.Multiple) -> Quarantined and deleted successfully. Registerdata bestanden geïnfecteerd: (Geen kwaadaardige items gevonden) Mappen geïnfecteerd: C:\Documents and Settings\All Users\Application Data\SalesMonitor (Rogue.Multiple) -> Quarantined and deleted successfully. C:\Documents and Settings\All Users\Application Data\SalesMonitor\Data (Rogue.Multiple) -> Quarantined and deleted successfully. Bestanden geïnfecteerd: C:\Documents and Settings\Rens den Hollander\Local Settings\Temporary Internet Files\Content.IE5\0TIBWTUB\u927[1].msg (Trojan.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Rens den Hollander\Local Settings\Temporary Internet Files\Content.IE5\8PM705IF\g584[1].msg (Trojan.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Rens den Hollander\Local Settings\Temporary Internet Files\Content.IE5\A3IMHV5Z\u406[1].msg (Trojan.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Rens den Hollander\Bureaublad\System Security.lnk (Rogue.SystemSecurity) -> Quarantined and deleted successfully. en de daarna uitgevoerde HijackThis log volgt hieronder Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 14:16:36, on 13-1-2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\System32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\brsvc01a.exe C:\WINDOWS\system32\brss01a.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\WINDOWS\system32\cisvc.exe C:\WINDOWS\System32\CTsvcCDA.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\McAfee\Common Framework\FrameworkService.exe C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\McAfee\Common Framework\naPrdMgr.exe C:\Program Files\Fighters\configservice.exe C:\Program Files\Spyware Doctor\pctsAuxs.exe C:\Program Files\Spyware Doctor\pctsSvc.exe C:\Program Files\SPAMfighter\sfus.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\MsPMSPSv.exe C:\Program Files\Fighters\licenseservice.exe C:\Program Files\Fighters\updateservice.exe C:\Program Files\Fighters\ScannerService.exe C:\WINDOWS\System32\wbem\wmiprvse.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Spyware Doctor\pctsTray.exe C:\WINDOWS\System32\alg.exe C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe C:\WINDOWS\system32\dla\tfswctrl.exe C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE C:\Program Files\Dell\Media Experience\PCMService.exe C:\WINDOWS\System32\DSentry.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\McAfee\Common Framework\UdaterUI.exe C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE C:\WINDOWS\system32\RunDLL32.exe C:\Program Files\SPAMfighter\SFAgent.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Fighters\spywarefighter\SpywarefighterUser.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\TomTom HOME 2\HOMERunner.exe C:\Program Files\McAfee\Common Framework\McTray.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposol08.exe c:\program files\fighters\spywarefighter\SPYWAREfighterTray.exe C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe C:\WINDOWS\system32\HPZipm12.exe C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZSTC07.EXE C:\Program Files\Mozilla Firefox\firefox.exe C:\WINDOWS\system32\cidaemon.exe C:\Program Files\HijackThis\HijackThis.exe O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe O23 - Service: SPAMfighter Update Service - SPAMfighter ApS - C:\Program Files\SPAMfighter\sfus.exe -- End of file - 3591 bytes
  12. GerdadH
    Beste mensen, Hier weer een gevalletje System security, op een Dell computer met Windows XP. Schrale troost dat ik niet de enige ben. Ik heb Hijack al gedownload en de log hierbij gedaan. Daarnaast geeft mijn spywarefighter een aan dat ik een geinfecteerd bestand heb, Not-A-Virus.Downloader.Win32.WinFixer.ax En het zou zich bevinden in C:\Program Files\Common Files\TrashEraser\mc.exe (die ik ook in het log aantref). Heb geen idee wat ik verder moet doen, kan dus elke hulp gebruiken. Wel graag in duidelijke woorden-stappen want ik ben behoorlijk digibeet. Alvast bedankt voor alle moeite, Gerda den Hollander Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 23:36:43, on 12-1-2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\System32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\brsvc01a.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\brss01a.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\WINDOWS\system32\cisvc.exe C:\WINDOWS\System32\CTsvcCDA.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\McAfee\Common Framework\FrameworkService.exe C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Fighters\configservice.exe C:\Program Files\SPAMfighter\sfus.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\MsPMSPSv.exe C:\Program Files\Fighters\licenseservice.exe C:\Program Files\Fighters\updateservice.exe C:\Program Files\Fighters\ScannerService.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe C:\WINDOWS\system32\dla\tfswctrl.exe C:\Program Files\Dell\Media Experience\PCMService.exe C:\WINDOWS\System32\DSentry.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\McAfee\Common Framework\UdaterUI.exe C:\Program Files\Common Files\TrashEraser\mc.exe C:\WINDOWS\system32\RunDLL32.exe C:\Program Files\SPAMfighter\SFAgent.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Fighters\spywarefighter\SpywarefighterUser.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\TomTom HOME 2\HOMERunner.exe C:\Program Files\McAfee\Common Framework\McTray.exe c:\program files\fighters\spywarefighter\SPYWAREfighterTray.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposol08.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe C:\WINDOWS\system32\HPZipm12.exe C:\WINDOWS\system32\cidaemon.exe C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Dell Nederland -startpagina - Computers, computerapparatuur, electronics en services. R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Omroep.nl R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Dell Nederland -startpagina - Computers, computerapparatuur, electronics en services. R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O2 - BHO: (no name) - {086F0D71-B8A5-69FD-D3EE-045D0C3089DC} - (no file) O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\scriptcl.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO: ORBta - {ADA8C222-95D2-47B5-950B-AEBC0A508839} - C:\WINDOWS\system32\spria.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [diagent] "C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe" startup O4 - HKLM\..\Run: [updReg] C:\WINDOWS\UpdReg.EXE O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe O4 - HKLM\..\Run: [storageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe" O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [userFaultCheck] %systemroot%\system32\dumprep 0 -u O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey O4 - HKLM\..\Run: [shStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE O4 - HKLM\..\Run: [salestart] "C:\Program Files\Common Files\TrashEraser\mc.exe" dm=http://trasheraser.com; ad=http://trasheraser.com O4 - HKLM\..\Run: [CostAware] C:\Program Files\NetInternals\CostAware\niIPCApp.exe O4 - HKLM\..\Run: [PD0630 STISvc] RunDLL32.exe P0630Pin.dll,RunDLL32EP 513 O4 - HKLM\..\Run: [sPAMfighter Agent] "C:\Program Files\SPAMfighter\SFAgent.exe" update delay 60 O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [spywarefighterguard] C:\Program Files\Fighters\spywarefighter\SpywarefighterUser.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\HOMERunner.exe" O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user') O4 - Startup: Mediacontrole Cyber-shot Viewer.lnk = C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe O4 - Global Startup: hpoddt01.exe.lnk = ? O4 - Global Startup: officejet 6100.lnk = ? O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm O8 - Extra context menu item: Add to Windows &Live Favorites - Add to Windows Live Favorites O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: CabBuilder - http://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab O16 - DPF: {426784E5-24B2-4708-820D-117342FAD009} (Cimporter Object) - http://hyves.nl/cab/outlookaddressbook.cab O16 - DPF: {558714D6-8AC5-11D2-BCB7-00A024A866A5} (ScreenShot Control) - http://www.ob.gouda.nl/Components/screenshot.cab O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase8300.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1150318829140 O16 - DPF: {745395C8-D0E1-4227-8586-624CA9A10A8D} (AxisMediaControl Class) - http://internethuis.rnw.nl/activex/AMC.cab O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://wwwimages.adobe.com/www.adobe.com/products/acrobat/nos/gp.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O20 - Winlogon Notify: bececcfdafabf - C:\WINDOWS\system32\bececcfdafabf.dll (file missing) O23 - Service: Mobiel Apple apparaat (Apple Mobile Device) - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe O23 - Service: getPlus® Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: PTK License-FIGHTERS-297811811 - SPAMfighter - C:\Program Files\Fighters\licenseservice.exe O23 - Service: PTK Live Update-FIGHTERS-297811811 - SPAMfighter - C:\Program Files\Fighters\updateservice.exe O23 - Service: PTK Scanner-FIGHTERS-297811811 - SPAMfighter - C:\Program Files\Fighters\ScannerService.exe O23 - Service: PTK SharedAccess-FIGHTERS-297811811 - SPAMfighter - C:\Program Files\Fighters\configservice.exe O23 - Service: SPAMfighter Update Service - SPAMfighter ApS - C:\Program Files\SPAMfighter\sfus.exe -- End of file - 12644 bytes
Logo

OVER ONS

PC Helpforum helpt GRATIS computergebruikers sinds juli 2006. Ons team geeft via het forum professioneel antwoord op uw vragen en probeert uw pc problemen zo snel mogelijk op te lossen. Word lid vandaag, plaats je vraag online en het PC Helpforum-team helpt u graag verder!

SITEMAP

×
×
  • Nieuwe aanmaken...

Belangrijke informatie

We hebben cookies geplaatst op je toestel om deze website voor jou beter te kunnen maken. Je kunt de cookie instellingen aanpassen, anders gaan we er van uit dat het goed is om verder te gaan.