ankar
-
Items
17 -
Registratiedatum
-
Laatst bezocht
Inhoudstype
Profielen
Forums
Store
Berichten die geplaatst zijn door ankar
-
-
ComboFix 10-09-04.06 - annelies 06-09-2010 16:59:22.3.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.31.1043.18.895.487 [GMT 2:00]
Gestart vanuit: c:\documents and settings\annelies\Mijn documenten\Downloads\ComboFix.exe
gebruikte Opdracht switches :: c:\documents and settings\annelies\Bureaublad\CFScript.txt
AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FILE ::
"c:\documents and settings\All Users\Application Data\AeGlBX1.dat"
"c:\windows\explorer.PIF"
"c:\windows\system32\drivers\zrvwducabgjp7.sys"
"c:\windows\system32\stu2.exe"
.
(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\All Users\Application Data\AeGlBX1.dat
c:\documents and settings\annelies\Local Settings\Application Data\AskToolbar
c:\documents and settings\annelies\Local Settings\Application Data\AskToolbar\cache.dat
c:\documents and settings\annelies\Local Settings\Application Data\AskToolbar\config.xml
c:\documents and settings\annelies\Local Settings\Application Data\AskToolbar\Downloaded Program Files\xaddon.dll
c:\documents and settings\annelies\Local Settings\Application Data\AskToolbar\Downloaded Program Files\xaddon.inf
c:\documents and settings\annelies\Local Settings\Application Data\AskToolbar\setup.exe
c:\documents and settings\annelies\Local Settings\Application Data\AskToolbar\xaddon.cab
c:\documents and settings\picture project\Local Settings\Application Data\Conduit
c:\documents and settings\picture project\Local Settings\Application Data\Conduit\Community Alerts\Feeds\http___alerts_conduit-services_com__aid=800208&fid=796027.xml
c:\documents and settings\picture project\Local Settings\Application Data\Conduit\Community Alerts\LanguagePacks\en.xml
c:\documents and settings\picture project\Local Settings\Application Data\Radio_Bar_1
c:\documents and settings\picture project\Local Settings\Application Data\Radio_Bar_1\CacheIcons\http___freetvbar_com_icons_dice_gif.gif
c:\documents and settings\picture project\Local Settings\Application Data\Radio_Bar_1\CacheIcons\http___freetvbar_com_icons_drifting_games_png.png
c:\documents and settings\picture project\Local Settings\Application Data\Radio_Bar_1\CacheIcons\http___oryte_com_content_games_icons_alien16_png.png
c:\documents and settings\picture project\Local Settings\Application Data\Radio_Bar_1\CacheIcons\http___oryte_com_content_games_icons_dice_gif.gif
c:\documents and settings\picture project\Local Settings\Application Data\Radio_Bar_1\CacheIcons\http___oryte_com_content_games_icons_mario_gif.gif
c:\documents and settings\picture project\Local Settings\Application Data\Radio_Bar_1\CacheIcons\http___oryte_com_content_games_icons_poker_png.png
c:\documents and settings\picture project\Local Settings\Application Data\Radio_Bar_1\CacheIcons\http___oryte_com_content_games_icons_solitaire_gif.gif
c:\documents and settings\picture project\Local Settings\Application Data\Radio_Bar_1\CacheIcons\http___oryte_com_content_games_icons_sonic_gif.gif
c:\documents and settings\picture project\Local Settings\Application Data\Radio_Bar_1\CacheIcons\http___oryte_com_content_games_icons_sudoku_gif.gif
c:\documents and settings\picture project\Local Settings\Application Data\Radio_Bar_1\CacheIcons\http___oryte_com_content_games_icons_tetris_gif.gif
c:\documents and settings\picture project\Local Settings\Application Data\Radio_Bar_1\CacheIcons\http___oryte_com_content_icons_calculator_gif.gif
c:\documents and settings\picture project\Local Settings\Application Data\Radio_Bar_1\CacheIcons\http___oryte_com_content_icons_calendar_png.png
c:\documents and settings\picture project\Local Settings\Application Data\Radio_Bar_1\CacheIcons\http___oryte_com_content_icons_calories_png.png
c:\documents and settings\picture project\Local Settings\Application Data\Radio_Bar_1\CacheIcons\http___oryte_com_content_icons_clock_ico.ico
c:\documents and settings\picture project\Local Settings\Application Data\Radio_Bar_1\CacheIcons\http___oryte_com_content_icons_clothes_ico.ico
c:\documents and settings\picture project\Local Settings\Application Data\Radio_Bar_1\CacheIcons\http___oryte_com_content_icons_coins_png.png
c:\documents and settings\picture project\Local Settings\Application Data\Radio_Bar_1\CacheIcons\http___oryte_com_content_icons_datecalc_ico.ico
c:\documents and settings\picture project\Local Settings\Application Data\Radio_Bar_1\CacheIcons\http___oryte_com_content_icons_fileconverter_png.png
c:\documents and settings\picture project\Local Settings\Application Data\Radio_Bar_1\CacheIcons\http___oryte_com_content_icons_map_gif.gif
c:\documents and settings\picture project\Local Settings\Application Data\Radio_Bar_1\CacheIcons\http___oryte_com_content_icons_spellchecker_png.png
c:\documents and settings\picture project\Local Settings\Application Data\Radio_Bar_1\CacheIcons\http___oryte_com_content_icons_star_gif.gif
c:\documents and settings\picture project\Local Settings\Application Data\Radio_Bar_1\CacheIcons\http___oryte_com_content_icons_stopwatch_ico.ico
c:\documents and settings\picture project\Local Settings\Application Data\Radio_Bar_1\CacheIcons\http___oryte_com_content_icons_translator_png.png
c:\documents and settings\picture project\Local Settings\Application Data\Radio_Bar_1\CacheIcons\http___oryte_com_content_icons_unitconverter_gif.gif
c:\documents and settings\picture project\Local Settings\Application Data\Radio_Bar_1\CacheIcons\http___oryte_com_content_icons_widget_png.png
c:\documents and settings\picture project\Local Settings\Application Data\Radio_Bar_1\CacheIcons\http___oryte_com_content_icons_worddef_png.png
c:\documents and settings\picture project\Local Settings\Application Data\Radio_Bar_1\CacheIcons\http___oryte_com_content_todo_img_favicon_ico.ico
c:\documents and settings\picture project\Local Settings\Application Data\Radio_Bar_1\CacheIcons\http___storage_conduit_com_25_240_CT2405725_Images_633590753577643750_gif.gif
c:\documents and settings\picture project\Local Settings\Application Data\Radio_Bar_1\CacheIcons\http___storage_conduit_com_25_240_CT2405725_Images_633629754211018750_gif.gif
c:\documents and settings\picture project\Local Settings\Application Data\Radio_Bar_1\CacheIcons\http___storage_conduit_com_25_240_CT2405725_Images_634085821719851250_png.png
c:\documents and settings\picture project\Local Settings\Application Data\Radio_Bar_1\CacheIcons\http___storage_conduit_com_25_240_CT2405725_Images_634146209956322500_png.png
c:\documents and settings\picture project\Local Settings\Application Data\Radio_Bar_1\CacheIcons\http___storage_conduit_com_25_240_CT2405725_Images_634150506686742500_png.png
c:\documents and settings\picture project\Local Settings\Application Data\Radio_Bar_1\CacheIcons\http___storage_conduit_com_25_240_CT2405725_Images_Email_xml-10-Classic-633439771938243750_gif.gif
c:\documents and settings\picture project\Local Settings\Application Data\Radio_Bar_1\CacheIcons\http___storage_conduit_com_25_240_CT2405725_Images_SearchActivationButton-go_but01_gif-General-633629754908675000_gif.gif
c:\documents and settings\picture project\Local Settings\Application Data\Radio_Bar_1\CacheIcons\http___storage_conduit_com_BankImages_RadioSkins_StarFleet_chevron_menu_gif.gif
c:\documents and settings\picture project\Local Settings\Application Data\Radio_Bar_1\CacheIcons\http___storage_conduit_com_BankImages_RadioSkins_StarFleet_display_gif.gif
c:\documents and settings\picture project\Local Settings\Application Data\Radio_Bar_1\CacheIcons\http___storage_conduit_com_BankImages_RadioSkins_StarFleet_equalizer_dead_gif.gif
c:\documents and settings\picture project\Local Settings\Application Data\Radio_Bar_1\CacheIcons\http___storage_conduit_com_BankImages_RadioSkins_StarFleet_Equalizer_GIF.GIF
c:\documents and settings\picture project\Local Settings\Application Data\Radio_Bar_1\CacheIcons\http___storage_conduit_com_BankImages_RadioSkins_StarFleet_Error_GIF.GIF
c:\documents and settings\picture project\Local Settings\Application Data\Radio_Bar_1\CacheIcons\http___storage_conduit_com_BankImages_RadioSkins_StarFleet_Loading_gif.gif
c:\documents and settings\picture project\Local Settings\Application Data\Radio_Bar_1\CacheIcons\http___storage_conduit_com_BankImages_RadioSkins_StarFleet_maxi_dn_gif.gif
c:\documents and settings\picture project\Local Settings\Application Data\Radio_Bar_1\CacheIcons\http___storage_conduit_com_BankImages_RadioSkins_StarFleet_maxi_gif.gif
c:\documents and settings\picture project\Local Settings\Application Data\Radio_Bar_1\CacheIcons\http___storage_conduit_com_BankImages_RadioSkins_StarFleet_maxi_over_gif.gif
c:\documents and settings\picture project\Local Settings\Application Data\Radio_Bar_1\CacheIcons\http___storage_conduit_com_BankImages_RadioSkins_StarFleet_minimize_dn_gif.gif
c:\documents and settings\picture project\Local Settings\Application Data\Radio_Bar_1\CacheIcons\http___storage_conduit_com_BankImages_RadioSkins_StarFleet_minimize_gif.gif
c:\documents and settings\picture project\Local Settings\Application Data\Radio_Bar_1\CacheIcons\http___storage_conduit_com_BankImages_RadioSkins_StarFleet_minimize_over_gif.gif
c:\documents and settings\picture project\Local Settings\Application Data\Radio_Bar_1\CacheIcons\http___storage_conduit_com_BankImages_RadioSkins_StarFleet_pause_dn_gif.gif
c:\documents and settings\picture project\Local Settings\Application Data\Radio_Bar_1\CacheIcons\http___storage_conduit_com_BankImages_RadioSkins_StarFleet_pause_dn_mini_gif.gif
c:\documents and settings\picture project\Local Settings\Application Data\Radio_Bar_1\CacheIcons\http___storage_conduit_com_BankImages_RadioSkins_StarFleet_pause_gif.gif
c:\documents and settings\picture project\Local Settings\Application Data\Radio_Bar_1\CacheIcons\http___storage_conduit_com_BankImages_RadioSkins_StarFleet_pause_mini_gif.gif
c:\documents and settings\picture project\Local Settings\Application Data\Radio_Bar_1\CacheIcons\http___storage_conduit_com_BankImages_RadioSkins_StarFleet_pause_over_gif.gif
c:\documents and settings\picture project\Local Settings\Application Data\Radio_Bar_1\CacheIcons\http___storage_conduit_com_BankImages_RadioSkins_StarFleet_pause_over_mini_gif.gif
c:\documents and settings\picture project\Local Settings\Application Data\Radio_Bar_1\CacheIcons\http___storage_conduit_com_BankImages_RadioSkins_StarFleet_play_chevron_gif.gif
c:\documents and settings\picture project\Local Settings\Application Data\Radio_Bar_1\CacheIcons\http___storage_conduit_com_BankImages_RadioSkins_StarFleet_play_dn_gif.gif
c:\documents and settings\picture project\Local Settings\Application Data\Radio_Bar_1\CacheIcons\http___storage_conduit_com_BankImages_RadioSkins_StarFleet_play_dn_mini_gif.gif
c:\documents and settings\picture project\Local Settings\Application Data\Radio_Bar_1\CacheIcons\http___storage_conduit_com_BankImages_RadioSkins_StarFleet_play_gif.gif
c:\documents and settings\picture project\Local Settings\Application Data\Radio_Bar_1\CacheIcons\http___storage_conduit_com_BankImages_RadioSkins_StarFleet_play_mini_gif.gif
c:\documents and settings\picture project\Local Settings\Application Data\Radio_Bar_1\CacheIcons\http___storage_conduit_com_BankImages_RadioSkins_StarFleet_play_over_gif.gif
c:\documents and settings\picture project\Local Settings\Application Data\Radio_Bar_1\CacheIcons\http___storage_conduit_com_BankImages_RadioSkins_StarFleet_play_over_mini_gif.gif
c:\documents and settings\picture project\Local Settings\Application Data\Radio_Bar_1\CacheIcons\http___storage_conduit_com_BankImages_RadioSkins_StarFleet_slider_bg_gif.gif
c:\documents and settings\picture project\Local Settings\Application Data\Radio_Bar_1\CacheIcons\http___storage_conduit_com_BankImages_RadioSkins_StarFleet_slider_dn_gif.gif
c:\documents and settings\picture project\Local Settings\Application Data\Radio_Bar_1\CacheIcons\http___storage_conduit_com_BankImages_RadioSkins_StarFleet_slider_gif.gif
c:\documents and settings\picture project\Local Settings\Application Data\Radio_Bar_1\CacheIcons\http___storage_conduit_com_BankImages_RadioSkins_StarFleet_slider_over_gif.gif
c:\documents and settings\picture project\Local Settings\Application Data\Radio_Bar_1\CacheIcons\http___storage_conduit_com_BankImages_RadioSkins_StarFleet_stop_chevron_gif.gif
c:\documents and settings\picture project\Local Settings\Application Data\Radio_Bar_1\CacheIcons\http___storage_conduit_com_BankImages_RadioSkins_StarFleet_stop_dn_gif.gif
c:\documents and settings\picture project\Local Settings\Application Data\Radio_Bar_1\CacheIcons\http___storage_conduit_com_BankImages_RadioSkins_StarFleet_stop_gif.gif
c:\documents and settings\picture project\Local Settings\Application Data\Radio_Bar_1\CacheIcons\http___storage_conduit_com_BankImages_RadioSkins_StarFleet_stop_over_gif.gif
c:\documents and settings\picture project\Local Settings\Application Data\Radio_Bar_1\CacheIcons\http___storage_conduit_com_BankImages_RadioSkins_StarFleet_vol_dn_gif.gif
c:\documents and settings\picture project\Local Settings\Application Data\Radio_Bar_1\CacheIcons\http___storage_conduit_com_BankImages_RadioSkins_StarFleet_vol_gif.gif
c:\documents and settings\picture project\Local Settings\Application Data\Radio_Bar_1\CacheIcons\http___storage_conduit_com_BankImages_RadioSkins_StarFleet_vol_over_gif.gif
c:\documents and settings\picture project\Local Settings\Application Data\Radio_Bar_1\CacheIcons\http___storage_conduit_com_images_ClientImages_radio_gif.gif
c:\documents and settings\picture project\Local Settings\Application Data\Radio_Bar_1\CacheIcons\http___storage_conduit_com_images_main_menu_about_gif.gif
c:\documents and settings\picture project\Local Settings\Application Data\Radio_Bar_1\CacheIcons\http___storage_conduit_com_images_main_menu_clear_history_gif.gif
c:\documents and settings\picture project\Local Settings\Application Data\Radio_Bar_1\CacheIcons\http___storage_conduit_com_images_main_menu_contact_gif.gif
c:\documents and settings\picture project\Local Settings\Application Data\Radio_Bar_1\CacheIcons\http___storage_conduit_com_images_main_menu_help_gif.gif
c:\documents and settings\picture project\Local Settings\Application Data\Radio_Bar_1\CacheIcons\http___storage_conduit_com_images_main_menu_home_page_gif.gif
c:\documents and settings\picture project\Local Settings\Application Data\Radio_Bar_1\CacheIcons\http___storage_conduit_com_images_main_menu_options_gif.gif
c:\documents and settings\picture project\Local Settings\Application Data\Radio_Bar_1\CacheIcons\http___storage_conduit_com_images_main_menu_privacy_gif.gif
c:\documents and settings\picture project\Local Settings\Application Data\Radio_Bar_1\CacheIcons\http___storage_conduit_com_images_main_menu_refresh_gif.gif
c:\documents and settings\picture project\Local Settings\Application Data\Radio_Bar_1\CacheIcons\http___storage_conduit_com_images_main_menu_shrink_gif.gif
c:\documents and settings\picture project\Local Settings\Application Data\Radio_Bar_1\CacheIcons\http___storage_conduit_com_images_main_menu_tell_a_friend_gif.gif
c:\documents and settings\picture project\Local Settings\Application Data\Radio_Bar_1\CacheIcons\http___storage_conduit_com_images_main_menu_upgrade_gif.gif
c:\documents and settings\picture project\Local Settings\Application Data\Radio_Bar_1\CacheIcons\http___storage_conduit_com_images_SearchEngines_dictionary_search_gif.gif
c:\documents and settings\picture project\Local Settings\Application Data\Radio_Bar_1\CacheIcons\http___storage_conduit_com_images_SearchEngines_ebay_search_gif.gif
c:\documents and settings\picture project\Local Settings\Application Data\Radio_Bar_1\CacheIcons\http___storage_conduit_com_images_SearchEngines_encyc_search_gif.gif
c:\documents and settings\picture project\Local Settings\Application Data\Radio_Bar_1\CacheIcons\http___storage_conduit_com_images_SearchEngines_images_search_gif.gif
c:\documents and settings\picture project\Local Settings\Application Data\Radio_Bar_1\CacheIcons\http___storage_conduit_com_images_SearchEngines_news_icon_gif.gif
c:\documents and settings\picture project\Local Settings\Application Data\Radio_Bar_1\CacheIcons\http___storage_conduit_com_images_searchengines_search_icon_gif.gif
c:\documents and settings\picture project\Local Settings\Application Data\Radio_Bar_1\CacheIcons\http___storage_conduit_com_images_SearchEngines_shopping_search_gif.gif
c:\documents and settings\picture project\Local Settings\Application Data\Radio_Bar_1\CacheIcons\http___storage_conduit_com_images_SearchEngines_site_search_gif.gif
c:\documents and settings\picture project\Local Settings\Application Data\Radio_Bar_1\CacheIcons\http___storage_conduit_com_images_SearchEngines_weather_icon_gif.gif
c:\documents and settings\picture project\Local Settings\Application Data\Radio_Bar_1\CacheIcons\http___weather_conduit_com_images_weather_Default_partly_cloudy_gif.gif
c:\documents and settings\picture project\Local Settings\Application Data\Radio_Bar_1\EmailNotifier\AccountTypes.xml
c:\documents and settings\picture project\Local Settings\Application Data\Radio_Bar_1\EmailNotifier\aol.com.xml
c:\documents and settings\picture project\Local Settings\Application Data\Radio_Bar_1\EmailNotifier\comcast.net.xml
c:\documents and settings\picture project\Local Settings\Application Data\Radio_Bar_1\EmailNotifier\google.com.xml
c:\documents and settings\picture project\Local Settings\Application Data\Radio_Bar_1\EmailNotifier\hotmail.com.xml
c:\documents and settings\picture project\Local Settings\Application Data\Radio_Bar_1\EmailNotifier\yahoo.com.xml
c:\documents and settings\picture project\Local Settings\Application Data\Radio_Bar_1\ExternalComponent\http___oryte_com_content_translate_xml_tools_xml.xml
c:\documents and settings\picture project\Local Settings\Application Data\Radio_Bar_1\ExternalComponent\http___oryte_com_content_tv_xml_games_xml.xml
c:\documents and settings\picture project\Local Settings\Application Data\Radio_Bar_1\LanguagePack\en\LanguagePack.xml
c:\documents and settings\picture project\Local Settings\Application Data\Radio_Bar_1\plugins\{5E1360DC-8FA8-40df-A8CD-FC3831B3634B}\3.1.1\bin\PriceGong_16.png
c:\documents and settings\picture project\Local Settings\Application Data\Radio_Bar_1\plugins\{5E1360DC-8FA8-40df-A8CD-FC3831B3634B}\3.1.1\bin\PriceGongIE.dll
c:\documents and settings\picture project\Local Settings\Application Data\Radio_Bar_1\plugins\{5E1360DC-8FA8-40df-A8CD-FC3831B3634B}\manifest.xml
c:\documents and settings\picture project\Local Settings\Application Data\Radio_Bar_1\RadioPlayer\IP_Stations_Media_List.xml
c:\documents and settings\picture project\Local Settings\Application Data\Radio_Bar_1\RadioPlayer\Predefined_Media_List.xml
c:\documents and settings\picture project\Local Settings\Application Data\Radio_Bar_1\RadioPlayer\Skins\http___storage_conduit_com_BankImages_RadioSkins_StarFleet_display_xml.xml
c:\documents and settings\picture project\Local Settings\Application Data\Radio_Bar_1\Repository\conduit_CT2405725_CT2405725\ToolbarLogin\data.txt
c:\documents and settings\picture project\Local Settings\Application Data\Radio_Bar_1\Repository\conduit_CT2405725_CT2405725\ToolbarSettings\data.txt
c:\documents and settings\picture project\Local Settings\Application Data\Radio_Bar_1\SearchInNewTab\SearchInNewTabContent.xml
c:\documents and settings\picture project\Local Settings\Application Data\Radio_Bar_1\ThirdPartyComponents.xml
c:\program files\Radio_Bar_1
c:\program files\Radio_Bar_1\INSTALL.LOG
c:\program files\Radio_Bar_1\Radio_Bar_1ToolbarHelper.exe
c:\program files\Radio_Bar_1\tbRadi.dll
c:\program files\Radio_Bar_1\toolbar.cfg
c:\program files\Radio_Bar_1\UNWISE.EXE
c:\windows\explorer.PIF
c:\windows\system32\stu2.exe
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Service_zrvwducabgjp7
(((((((((((((((((((( Bestanden Gemaakt van 2010-08-06 to 2010-09-06 ))))))))))))))))))))))))))))))
.
2010-09-06 11:19 . 2010-09-06 11:19 -------- d-----w- c:\documents and settings\annelies\Local Settings\Application Data\PCHealth
2010-09-06 10:21 . 2010-09-06 10:21 -------- d-----w- c:\windows\system32\KB905474
2010-09-05 10:31 . 2010-06-14 14:31 744448 -c----w- c:\windows\system32\dllcache\helpsvc.exe
2010-09-05 09:34 . 2010-09-05 09:34 -------- d-----w- c:\documents and settings\annelies\Application Data\Rabbit's Magic Adventures
2010-09-02 18:09 . 2010-09-02 18:09 -------- d-----w- c:\windows\system32\wbem\Repository
2010-09-02 16:36 . 2010-09-02 17:12 -------- d-----w- c:\documents and settings\All Users\Application Data\Farm Fishes
2010-09-02 13:48 . 2010-09-02 13:49 -------- d-----w- c:\documents and settings\annelies\mail inge
2010-08-31 17:35 . 2010-09-06 14:50 -------- d--h--r- c:\documents and settings\annelies\Onlangs geopend
2010-08-31 13:37 . 2010-08-31 13:38 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Adobe
2010-08-30 09:36 . 2010-08-30 09:36 -------- d--h--w- c:\windows\system32\GroupPolicy
2010-08-30 08:04 . 2010-08-30 08:04 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Pando_Temp
2010-08-30 08:04 . 2010-08-30 08:04 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\GamersFirst LIVE!
2010-08-30 07:45 . 2010-08-30 07:45 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2010-08-30 07:11 . 2010-08-30 07:11 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE
2010-08-30 07:10 . 2010-08-30 07:10 74312 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-08-30 05:38 . 2010-08-30 05:38 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2010-08-27 08:41 . 2010-08-29 10:00 -------- d-----w- c:\program files\Mystery Stories - Berlin Nights
2010-08-26 13:04 . 2010-08-26 13:04 -------- d-----w- c:\documents and settings\All Users\Application Data\Veronica&BoD
2010-08-24 18:36 . 2010-08-27 09:58 -------- d-----w- c:\documents and settings\annelies\Application Data\Roads Of Rome
2010-08-23 08:01 . 2010-08-23 08:01 -------- d-----r- c:\documents and settings\NetworkService\Favorieten
2010-08-21 14:43 . 2010-08-21 14:43 -------- d-----w- c:\documents and settings\annelies\Local Settings\Application Data\Pando_Temp
2010-08-21 14:43 . 2010-08-21 14:43 -------- d-----w- c:\documents and settings\annelies\Local Settings\Application Data\GamersFirst LIVE!
2010-08-21 14:42 . 2007-07-19 16:14 444776 ----a-w- c:\windows\system32\d3dx10_35.dll
2010-08-21 14:42 . 2007-07-19 16:14 1358192 ----a-w- c:\windows\system32\D3DCompiler_35.dll
2010-08-21 14:42 . 2007-07-19 16:14 3727720 ----a-w- c:\windows\system32\d3dx9_35.dll
2010-08-21 14:42 . 2007-04-04 16:53 81768 ----a-w- c:\windows\system32\xinput1_3.dll
2010-08-21 14:42 . 2010-08-21 14:42 -------- d-----w- c:\windows\Logs
2010-08-21 14:26 . 2010-08-21 14:35 -------- d-----w- c:\documents and settings\annelies\Local Settings\Application Data\Download-DU
2010-08-21 14:26 . 2010-09-03 19:22 -------- d-----w- c:\program files\Download-DU
2010-08-20 16:39 . 2010-08-23 16:40 -------- d-----w- c:\documents and settings\All Users\Application Data\FarmFrenzy3_Madagascar
2010-08-20 06:55 . 2010-08-20 06:55 -------- d-----w- c:\documents and settings\All Users\Application Data\2DBoy
2010-08-20 06:50 . 2010-08-20 06:50 -------- d-----w- c:\program files\WorldOfGoo
2010-08-19 14:18 . 2010-08-19 14:19 -------- d-----w- c:\program files\BejeweledTwist
2010-08-19 07:18 . 2010-08-19 07:18 -------- d-----w- c:\program files\4 Elements - NL
2010-08-17 17:17 . 2010-08-17 17:17 -------- d-----w- c:\documents and settings\annelies\Local Settings\Application Data\TheLostKingdomProphecy
2010-08-16 12:24 . 2010-08-16 14:24 -------- d-----w- c:\documents and settings\All Users\Application Data\VirtualFarm
2010-08-15 15:16 . 2010-08-21 12:23 -------- d-----w- c:\documents and settings\picture project\Tracing
2010-08-13 11:27 . 2010-09-06 15:09 -------- d-----w- c:\documents and settings\annelies\Tracing
2010-08-13 11:23 . 2010-08-13 11:23 -------- d-----w- c:\program files\Microsoft Office Outlook Connector
2010-08-13 11:23 . 2010-04-28 05:44 54760 ----a-w- c:\windows\system32\drivers\fssfltr_tdi.sys
2010-08-13 11:22 . 2010-08-13 11:22 -------- d-----w- c:\program files\Microsoft Sync Framework
2010-08-13 11:21 . 2006-11-29 11:06 3426072 ----a-w- c:\windows\system32\d3dx9_32.dll
2010-08-13 11:21 . 2010-08-13 11:21 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2010-08-08 07:29 . 2010-09-04 07:17 1324 ----a-w- c:\windows\system32\d3d9caps.dat
2010-08-08 07:28 . 2010-08-09 10:43 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-06 15:11 . 2008-11-02 11:14 -------- d-----w- c:\documents and settings\annelies\Application Data\BitTorrent
2010-09-06 14:59 . 2008-11-02 11:14 -------- d-----w- c:\program files\DNA
2010-09-06 14:39 . 2008-08-24 10:14 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-09-06 11:16 . 2001-09-07 12:00 92480 ----a-w- c:\windows\system32\perfc013.dat
2010-09-06 11:16 . 2001-09-07 12:00 512302 ----a-w- c:\windows\system32\perfh013.dat
2010-09-06 10:14 . 2010-03-10 12:36 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-09-03 20:43 . 2009-09-22 17:53 -------- d-----w- c:\program files\Games
2010-09-03 19:27 . 2009-02-14 18:14 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-09-03 13:31 . 2009-11-17 17:10 -------- d-----w- c:\program files\BitTorrent
2010-08-30 06:43 . 2007-11-13 21:13 20 ---h--w- c:\documents and settings\All Users\Application Data\PKP_DLec.DAT
2010-08-30 06:43 . 2007-11-13 21:09 20 ---h--w- c:\documents and settings\All Users\Application Data\PKP_DLds.DAT
2010-08-29 10:00 . 2009-04-24 15:06 -------- d-----w- c:\documents and settings\annelies\Application Data\cerasus.media
2010-08-21 14:43 . 2010-06-27 11:26 -------- d-----w- c:\program files\GamersFirst
2010-08-21 12:40 . 2007-11-13 21:21 74312 -c--a-w- c:\documents and settings\picture project\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-08-20 17:29 . 2010-05-21 11:10 -------- d-----w- c:\documents and settings\annelies\Application Data\CannyGames
2010-08-16 15:01 . 2010-02-24 20:46 -------- d-----w- c:\program files\Denda Games
2010-08-16 12:24 . 2009-05-17 14:15 -------- d-----w- c:\documents and settings\annelies\Application Data\Zylom
2010-08-16 12:22 . 2009-05-17 14:15 -------- d-----w- c:\program files\Zylom Games
2010-08-15 09:32 . 2009-11-18 19:25 -------- d-----w- c:\documents and settings\annelies\Application Data\uTorrent
2010-08-13 11:23 . 2009-11-10 10:46 -------- d-----w- c:\program files\Microsoft
2010-08-13 11:23 . 2008-03-13 06:23 -------- d-----w- c:\program files\Windows Live
2010-07-22 08:42 . 2009-11-02 17:28 -------- d-----w- c:\documents and settings\All Users\Application Data\AlawarWrapper
2010-07-17 22:35 . 2007-12-14 15:16 -------- d-----w- c:\documents and settings\annelies\Application Data\LimeWire
2010-07-17 10:49 . 2009-03-12 14:16 -------- d-----w- c:\program files\QuickTime
2010-07-17 07:41 . 2008-11-02 11:14 -------- d-----w- c:\documents and settings\annelies\Application Data\DNA
2010-07-17 07:40 . 2010-07-13 14:37 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9
2010-07-16 04:36 . 2010-07-16 04:36 -------- d-----w- c:\documents and settings\annelies\Application Data\AVG9
2010-07-13 20:42 . 2007-11-17 14:51 -------- d-----w- c:\program files\WarRock
2010-07-13 20:42 . 2007-10-28 20:06 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-07-13 19:26 . 2008-11-05 17:31 -------- d-----w- c:\program files\Vuze
2010-07-13 18:39 . 2010-04-09 17:11 -------- d-----w- c:\program files\OXXOGames
2010-07-13 17:30 . 2010-04-09 17:13 -------- d-----w- c:\program files\GAMESVOORIEDEREEN.NL
2010-07-13 17:21 . 2010-02-28 10:17 -------- d-----w- c:\program files\Brickshooter Egypt
2010-07-13 14:38 . 2008-05-25 09:03 -------- d-----w- c:\program files\AVG
2010-07-13 07:43 . 2007-11-01 20:30 74312 -c--a-w- c:\documents and settings\annelies\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-07-12 08:31 . 2007-12-28 14:16 -------- d-----w- c:\program files\Google
2010-07-12 08:03 . 2009-11-02 17:28 -------- d-----w- c:\program files\Alawar
2010-07-12 08:00 . 2008-08-27 09:40 -------- d-----w- c:\program files\Disney Interactive
2010-07-12 04:39 . 2010-06-27 11:26 -------- d-----w- c:\documents and settings\All Users\Application Data\PMB Files
2010-06-30 12:33 . 2004-08-03 23:03 149504 ----a-w- c:\windows\system32\schannel.dll
2010-06-28 20:57 . 2010-07-17 07:39 38848 ----a-w- c:\windows\avastSS.scr
2010-06-28 20:57 . 2010-07-17 07:39 165032 ----a-w- c:\windows\system32\aswBoot.exe
2010-06-28 20:37 . 2010-07-17 07:39 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-06-28 20:37 . 2010-07-17 07:39 165456 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-06-28 20:33 . 2010-07-17 07:39 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-06-28 20:32 . 2010-07-17 07:39 100176 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-06-28 20:32 . 2010-07-17 07:39 94544 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-06-28 20:32 . 2010-07-17 07:39 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-06-28 20:32 . 2010-07-17 07:39 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-06-24 12:27 . 2004-08-03 23:03 916480 ----a-w- c:\windows\system32\wininet.dll
2010-06-24 09:02 . 2004-08-03 22:56 1852032 ----a-w- c:\windows\system32\win32k.sys
2010-06-21 15:27 . 2004-08-03 21:14 354304 ----a-w- c:\windows\system32\drivers\srv.sys
2010-06-17 14:03 . 2004-08-03 23:03 80384 ----a-w- c:\windows\system32\iccvid.dll
2010-06-14 14:31 . 2007-10-28 18:45 744448 ----a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe
2010-06-14 07:43 . 2004-08-03 23:03 1172480 ----a-w- c:\windows\system32\msxml3.dll
.
<pre> c:\program files\Adobe\Reader 9.0\Reader\Reader_sl .exe c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM .exe c:\program files\QuickTime\qttask .exe </pre>
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2010-04-16 3872080]
"BitTorrent"="c:\program files\BitTorrent\BitTorrent.exe" [2010-09-03 689016]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-10-01 7634944]
"nwiz"="nwiz.exe" [2007-10-01 1622016]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-10-01 86016]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-06-28 2837864]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^GamersFirst LIVE!.lnk]
path=c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\GamersFirst LIVE!.lnk
backup=c:\windows\pss\GamersFirst LIVE!.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-06-09 08:06 976832 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-06-20 02:04 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent]
2010-09-03 11:05 689016 ----a-w- c:\program files\BitTorrent\BitTorrent.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Bonjour Service"=2 (0x2)
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Nero\\Nero 7\\Nero Home\\NeroHome.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"d:\\limewire\\LimeWire.exe"=
"c:\\Program Files\\Logitech\\Logitech Harmony Remote Software 7\\HarmonyRemote.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"56881:TCP"= 56881:TCP:Pando Media Booster
"56881:UDP"= 56881:UDP:Pando Media Booster
"57213:TCP"= 57213:TCP:Pando Media Booster
"57213:UDP"= 57213:UDP:Pando Media Booster
"57709:TCP"= 57709:TCP:Pando Media Booster
"57709:UDP"= 57709:UDP:Pando Media Booster
R1 archlp;archlp;c:\windows\system32\drivers\archlp.sys [27-5-2009 20:46 11392]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [17-7-2010 9:39 165456]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [17-7-2010 9:39 17744]
S2 gupdate1ca051781944026;Google Updateservice (gupdate1ca051781944026);c:\program files\Google\Update\GoogleUpdate.exe [15-7-2009 8:43 133104]
S3 ADM8511;ADMtek ADM8511/AN986 USB To Fast Ethernet Converter;c:\windows\system32\drivers\ADM8511.SYS [28-10-2007 20:53 20160]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [13-11-2008 17:23 721904]
.
Inhoud van de 'Gedeelde Taken' map
2010-07-03 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]
2010-09-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-15 06:43]
2010-09-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-15 06:43]
2010-09-06 c:\windows\Tasks\User_Feed_Synchronization-{5F9B21F2-C498-4B1E-86D8-424A9D80C29C}.job
- c:\windows\system32\msfeedssync.exe [2007-10-28 02:31]
2010-09-06 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2010-09-06 20:18]
.
.
------- Bijkomende Scan -------
.
uDefault_Search_URL = hxxp://www.google.com/ie
uStart Page = hxxp://www.google.com
mStart Page = hxxp://www.shareware-ne.com/nl/index.php?rvs=hompag
mSearch Bar = hxxp://www.google.com
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://game01.zylom.com/activex/zylomgamesplayer.cab
.
- - - - ORPHANS VERWIJDERD - - - -
AddRemove-Radio_Bar_1 Toolbar - c:\progra~1\RADIO_~1\UNWISE.EXE
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2010-09-06 17:08
Windows 5.1.2600 Service Pack 3 NTFS
scannen van verborgen processen ...
scannen van verborgen autostart items ...
scannen van verborgen bestanden ...
Scan succesvol afgerond
verborgen bestanden: 0
**************************************************************************
.
--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------
[HKEY_LOCAL_MACHINE\software\Classes\X «S*I*D*\{040CAC3F-C5B9-4F74-864D-278BFE103668}\InprocServer32]
@="c:\\WINDOWS\\System32\\dx8vb32.dll"
"ThreadingModel"="Both"
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|ù•9~*]
"3140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
.
--------------------- DLLs Geladen Onder Lopende Processen ---------------------
- - - - - - - > 'explorer.exe'(1932)
c:\windows\system32\webcheck.dll
.
------------------------ Andere Aktieve Processen ------------------------
.
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\nvsvc32.exe
c:\windows\system32\HPZipm12.exe
c:\windows\system32\PnkBstrA.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\windows\system32\rundll32.exe
.
**************************************************************************
.
Voltooingstijd: 2010-09-06 17:14:33 - machine werd herstart
ComboFix-quarantined-files.txt 2010-09-06 15:14
ComboFix2.txt 2010-09-06 11:39
Pre-Run: 96.725.037.056 bytes beschikbaar
Post-Run: 96.703.463.424 bytes beschikbaar
Current=3 Default=3 Failed=1 LastKnownGood=4 Sets=1,2,3,4
- - End Of File - - E0312B8EE807A6A89A20F663F79C86EF
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:15:29, on 6-9-2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\BitTorrent\BitTorrent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.shareware-ne.com/nl/index.php?rvs=hompag
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [avast5] C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [bitTorrent] "C:\Program Files\BitTorrent\BitTorrent.exe"
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: In weblog opnemen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &In weblog opnemen met Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game01.zylom.com/activex/zylomgamesplayer.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} (CRLDownloadWrapper Class) - http://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Google Updateservice (gupdate1ca051781944026) (gupdate1ca051781944026) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
--
End of file - 7819 bytes
-
Yes gelukt!!!! Hier komt ie:
ComboFix 10-09-04.06 - annelies 06-09-2010 13:19:15.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.31.1043.18.895.535 [GMT 2:00]
Gestart vanuit: c:\documents and settings\annelies\Mijn documenten\Downloads\ComboFix.exe
AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Voorgaande Run -------
.
c:\documents and settings\All Users\Application Data\Caelum
c:\documents and settings\All Users\Application Data\Caelum\hs.cpf
c:\documents and settings\All Users\Application Data\Caelum\save.cpf
c:\documents and settings\annelies\Application Data\020000009668dea8705C.manifest
c:\documents and settings\annelies\Application Data\020000009668dea8705O.manifest
c:\documents and settings\annelies\Application Data\020000009668dea8705P.manifest
c:\documents and settings\annelies\Application Data\020000009668dea8705S.manifest
c:\documents and settings\annelies\Application Data\A44C0DDB49747E2AAF1E548EFCB78D58
c:\documents and settings\annelies\Application Data\A44C0DDB49747E2AAF1E548EFCB78D58\enemies-names.txt
c:\documents and settings\annelies\Application Data\A44C0DDB49747E2AAF1E548EFCB78D58\local.ini
c:\documents and settings\annelies\Application Data\GrabIt
c:\documents and settings\annelies\Application Data\GrabIt\Batch.gba
c:\documents and settings\annelies\Application Data\inst.exe
c:\documents and settings\annelies\Application Data\PriceGong
c:\documents and settings\annelies\Application Data\PriceGong\Data\1.xml
c:\documents and settings\annelies\Application Data\PriceGong\Data\a.xml
c:\documents and settings\annelies\Application Data\PriceGong\Data\b.xml
c:\documents and settings\annelies\Application Data\PriceGong\Data\c.xml
c:\documents and settings\annelies\Application Data\PriceGong\Data\d.xml
c:\documents and settings\annelies\Application Data\PriceGong\Data\e.xml
c:\documents and settings\annelies\Application Data\PriceGong\Data\f.xml
c:\documents and settings\annelies\Application Data\PriceGong\Data\g.xml
c:\documents and settings\annelies\Application Data\PriceGong\Data\h.xml
c:\documents and settings\annelies\Application Data\PriceGong\Data\i.xml
c:\documents and settings\annelies\Application Data\PriceGong\Data\J.xml
c:\documents and settings\annelies\Application Data\PriceGong\Data\k.xml
c:\documents and settings\annelies\Application Data\PriceGong\Data\l.xml
c:\documents and settings\annelies\Application Data\PriceGong\Data\m.xml
c:\documents and settings\annelies\Application Data\PriceGong\Data\mru.xml
c:\documents and settings\annelies\Application Data\PriceGong\Data\n.xml
c:\documents and settings\annelies\Application Data\PriceGong\Data\o.xml
c:\documents and settings\annelies\Application Data\PriceGong\Data\p.xml
c:\documents and settings\annelies\Application Data\PriceGong\Data\q.xml
c:\documents and settings\annelies\Application Data\PriceGong\Data\r.xml
c:\documents and settings\annelies\Application Data\PriceGong\Data\s.xml
c:\documents and settings\annelies\Application Data\PriceGong\Data\t.xml
c:\documents and settings\annelies\Application Data\PriceGong\Data\u.xml
c:\documents and settings\annelies\Application Data\PriceGong\Data\v.xml
c:\documents and settings\annelies\Application Data\PriceGong\Data\w.xml
c:\documents and settings\annelies\Application Data\PriceGong\Data\x.xml
c:\documents and settings\annelies\Application Data\PriceGong\Data\y.xml
c:\documents and settings\annelies\Application Data\PriceGong\Data\z.xml
c:\documents and settings\annelies\Favorieten\Videos.url
c:\documents and settings\annelies\Local Settings\Application Data\Carta
c:\documents and settings\annelies\Local Settings\Application Data\Carta\Carta.ini
c:\documents and settings\annelies\Menu Start\Programma's\Videos.url
c:\documents and settings\NetworkService\Local Settings\Application Data\Windows Server
c:\documents and settings\NetworkService\Local Settings\Application Data\Windows Server\server.dat
c:\documents and settings\picture project\Application Data\PriceGong
c:\documents and settings\picture project\Application Data\PriceGong\Data\1.xml
c:\documents and settings\picture project\Application Data\PriceGong\Data\a.xml
c:\documents and settings\picture project\Application Data\PriceGong\Data\b.xml
c:\documents and settings\picture project\Application Data\PriceGong\Data\c.xml
c:\documents and settings\picture project\Application Data\PriceGong\Data\d.xml
c:\documents and settings\picture project\Application Data\PriceGong\Data\e.xml
c:\documents and settings\picture project\Application Data\PriceGong\Data\f.xml
c:\documents and settings\picture project\Application Data\PriceGong\Data\g.xml
c:\documents and settings\picture project\Application Data\PriceGong\Data\h.xml
c:\documents and settings\picture project\Application Data\PriceGong\Data\i.xml
c:\documents and settings\picture project\Application Data\PriceGong\Data\J.xml
c:\documents and settings\picture project\Application Data\PriceGong\Data\k.xml
c:\documents and settings\picture project\Application Data\PriceGong\Data\l.xml
c:\documents and settings\picture project\Application Data\PriceGong\Data\m.xml
c:\documents and settings\picture project\Application Data\PriceGong\Data\mru.xml
c:\documents and settings\picture project\Application Data\PriceGong\Data\n.xml
c:\documents and settings\picture project\Application Data\PriceGong\Data\o.xml
c:\documents and settings\picture project\Application Data\PriceGong\Data\p.xml
c:\documents and settings\picture project\Application Data\PriceGong\Data\q.xml
c:\documents and settings\picture project\Application Data\PriceGong\Data\r.xml
c:\documents and settings\picture project\Application Data\PriceGong\Data\s.xml
c:\documents and settings\picture project\Application Data\PriceGong\Data\t.xml
c:\documents and settings\picture project\Application Data\PriceGong\Data\u.xml
c:\documents and settings\picture project\Application Data\PriceGong\Data\v.xml
c:\documents and settings\picture project\Application Data\PriceGong\Data\w.xml
c:\documents and settings\picture project\Application Data\PriceGong\Data\x.xml
c:\documents and settings\picture project\Application Data\PriceGong\Data\y.xml
c:\documents and settings\picture project\Application Data\PriceGong\Data\z.xml
C:\Install.exe
c:\temp\vtmp2
c:\windows\system32\ca2bde06-be91-ee0e-1afb-cec70a86abd7.exe
C:\xcrashdump.dat
Besmet exemplaar van c:\windows\system32\winlogon.exe werd aangetroffen en gedesinfecteerd
Hersteld exemplaar van - c:\windows\ServicePackFiles\i386\winlogon.exe
Besmet exemplaar van c:\windows\explorer.exe werd aangetroffen en gedesinfecteerd
Hersteld exemplaar van - c:\system volume information\_restore{0CA45D97-5522-4CD1-9A68-1352F337E61E}\RP6\A0005542.exe
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_KWANZY_SERVICE
(((((((((((((((((((( Bestanden Gemaakt van 2010-08-06 to 2010-09-06 ))))))))))))))))))))))))))))))
.
2010-09-06 11:19 . 2010-09-06 11:19 -------- d-----w- c:\documents and settings\annelies\Local Settings\Application Data\PCHealth
2010-09-06 10:21 . 2010-09-06 10:21 -------- d-----w- c:\windows\system32\KB905474
2010-09-05 10:31 . 2010-06-14 14:31 744448 -c----w- c:\windows\system32\dllcache\helpsvc.exe
2010-09-05 09:34 . 2010-09-05 09:34 -------- d-----w- c:\documents and settings\annelies\Application Data\Rabbit's Magic Adventures
2010-09-03 14:13 . 2010-09-03 14:13 2855 ----a-w- c:\windows\explorer.PIF
2010-09-02 18:09 . 2010-09-02 18:09 -------- d-----w- c:\windows\system32\wbem\Repository
2010-09-02 16:36 . 2010-09-02 17:12 -------- d-----w- c:\documents and settings\All Users\Application Data\Farm Fishes
2010-09-02 13:48 . 2010-09-02 13:49 -------- d-----w- c:\documents and settings\annelies\mail inge
2010-08-31 17:35 . 2010-09-06 09:22 -------- d--h--r- c:\documents and settings\annelies\Onlangs geopend
2010-08-31 13:37 . 2010-08-31 13:38 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Adobe
2010-08-30 09:36 . 2010-08-30 09:36 -------- d--h--w- c:\windows\system32\GroupPolicy
2010-08-30 08:04 . 2010-08-30 08:04 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Pando_Temp
2010-08-30 08:04 . 2010-08-30 08:04 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\GamersFirst LIVE!
2010-08-30 07:45 . 2010-08-30 07:45 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2010-08-30 07:11 . 2010-08-30 07:11 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE
2010-08-30 07:10 . 2010-08-30 07:10 74312 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-08-30 05:38 . 2010-08-30 05:38 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2010-08-29 21:18 . 2008-04-14 17:03 26112 ----a-w- c:\windows\system32\stu2.exe
2010-08-27 08:41 . 2010-08-29 10:00 -------- d-----w- c:\program files\Mystery Stories - Berlin Nights
2010-08-26 13:04 . 2010-08-26 13:04 -------- d-----w- c:\documents and settings\All Users\Application Data\Veronica&BoD
2010-08-24 18:36 . 2010-08-27 09:58 -------- d-----w- c:\documents and settings\annelies\Application Data\Roads Of Rome
2010-08-23 08:01 . 2010-08-23 08:01 -------- d-----r- c:\documents and settings\NetworkService\Favorieten
2010-08-21 14:43 . 2010-08-21 14:43 -------- d-----w- c:\documents and settings\annelies\Local Settings\Application Data\Pando_Temp
2010-08-21 14:43 . 2010-08-21 14:43 -------- d-----w- c:\documents and settings\annelies\Local Settings\Application Data\GamersFirst LIVE!
2010-08-21 14:42 . 2007-07-19 16:14 444776 ----a-w- c:\windows\system32\d3dx10_35.dll
2010-08-21 14:42 . 2007-07-19 16:14 1358192 ----a-w- c:\windows\system32\D3DCompiler_35.dll
2010-08-21 14:42 . 2007-07-19 16:14 3727720 ----a-w- c:\windows\system32\d3dx9_35.dll
2010-08-21 14:42 . 2007-04-04 16:53 81768 ----a-w- c:\windows\system32\xinput1_3.dll
2010-08-21 14:42 . 2010-08-21 14:42 -------- d-----w- c:\windows\Logs
2010-08-21 14:26 . 2010-08-21 14:35 -------- d-----w- c:\documents and settings\annelies\Local Settings\Application Data\Download-DU
2010-08-21 14:26 . 2010-09-03 19:22 -------- d-----w- c:\program files\Download-DU
2010-08-20 16:39 . 2010-08-23 16:40 -------- d-----w- c:\documents and settings\All Users\Application Data\FarmFrenzy3_Madagascar
2010-08-20 06:55 . 2010-08-20 06:55 -------- d-----w- c:\documents and settings\All Users\Application Data\2DBoy
2010-08-20 06:50 . 2010-08-20 06:50 -------- d-----w- c:\program files\WorldOfGoo
2010-08-19 14:18 . 2010-08-19 14:19 -------- d-----w- c:\program files\BejeweledTwist
2010-08-19 07:18 . 2010-08-19 07:18 -------- d-----w- c:\program files\4 Elements - NL
2010-08-17 17:17 . 2010-08-17 17:17 -------- d-----w- c:\documents and settings\annelies\Local Settings\Application Data\TheLostKingdomProphecy
2010-08-17 14:29 . 2010-09-02 18:30 -------- d-----w- c:\documents and settings\annelies\Local Settings\Application Data\AskToolbar
2010-08-16 12:24 . 2010-08-16 14:24 -------- d-----w- c:\documents and settings\All Users\Application Data\VirtualFarm
2010-08-15 15:24 . 2010-08-15 15:24 -------- d-----w- c:\documents and settings\picture project\Local Settings\Application Data\Conduit
2010-08-15 15:24 . 2010-08-15 15:24 -------- d-----w- c:\documents and settings\picture project\Local Settings\Application Data\Radio_Bar_1
2010-08-15 15:16 . 2010-08-21 12:23 -------- d-----w- c:\documents and settings\picture project\Tracing
2010-08-13 11:27 . 2010-09-06 11:33 -------- d-----w- c:\documents and settings\annelies\Tracing
2010-08-13 11:23 . 2010-08-13 11:23 -------- d-----w- c:\program files\Microsoft Office Outlook Connector
2010-08-13 11:23 . 2010-04-28 05:44 54760 ----a-w- c:\windows\system32\drivers\fssfltr_tdi.sys
2010-08-13 11:22 . 2010-08-13 11:22 -------- d-----w- c:\program files\Microsoft Sync Framework
2010-08-13 11:21 . 2006-11-29 11:06 3426072 ----a-w- c:\windows\system32\d3dx9_32.dll
2010-08-13 11:21 . 2010-08-13 11:21 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2010-08-08 07:29 . 2010-09-04 07:17 1324 ----a-w- c:\windows\system32\d3d9caps.dat
2010-08-08 07:28 . 2010-08-09 10:43 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-06 11:33 . 2008-11-02 11:14 -------- d-----w- c:\documents and settings\annelies\Application Data\BitTorrent
2010-09-06 11:16 . 2001-09-07 12:00 92480 ----a-w- c:\windows\system32\perfc013.dat
2010-09-06 11:16 . 2001-09-07 12:00 512302 ----a-w- c:\windows\system32\perfh013.dat
2010-09-06 11:14 . 2008-08-24 10:14 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-09-06 10:14 . 2010-03-10 12:36 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-09-03 20:43 . 2009-09-22 17:53 -------- d-----w- c:\program files\Games
2010-09-03 19:27 . 2009-02-14 18:14 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-09-03 19:22 . 2010-05-02 12:36 -------- d-----w- c:\program files\Radio_Bar_1
2010-09-03 13:31 . 2009-11-17 17:10 -------- d-----w- c:\program files\BitTorrent
2010-08-30 06:43 . 2007-11-13 21:13 20 ---h--w- c:\documents and settings\All Users\Application Data\PKP_DLec.DAT
2010-08-30 06:43 . 2007-11-13 21:09 20 ---h--w- c:\documents and settings\All Users\Application Data\PKP_DLds.DAT
2010-08-29 10:00 . 2009-04-24 15:06 -------- d-----w- c:\documents and settings\annelies\Application Data\cerasus.media
2010-08-21 14:43 . 2010-06-27 11:26 -------- d-----w- c:\program files\GamersFirst
2010-08-21 12:40 . 2007-11-13 21:21 74312 -c--a-w- c:\documents and settings\picture project\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-08-20 17:29 . 2010-05-21 11:10 -------- d-----w- c:\documents and settings\annelies\Application Data\CannyGames
2010-08-16 15:01 . 2010-02-24 20:46 -------- d-----w- c:\program files\Denda Games
2010-08-16 12:24 . 2009-05-17 14:15 -------- d-----w- c:\documents and settings\annelies\Application Data\Zylom
2010-08-16 12:22 . 2009-05-17 14:15 -------- d-----w- c:\program files\Zylom Games
2010-08-15 09:32 . 2009-11-18 19:25 -------- d-----w- c:\documents and settings\annelies\Application Data\uTorrent
2010-08-13 11:23 . 2009-11-10 10:46 -------- d-----w- c:\program files\Microsoft
2010-08-13 11:23 . 2008-03-13 06:23 -------- d-----w- c:\program files\Windows Live
2010-07-22 08:42 . 2009-11-02 17:28 -------- d-----w- c:\documents and settings\All Users\Application Data\AlawarWrapper
2010-07-17 22:35 . 2007-12-14 15:16 -------- d-----w- c:\documents and settings\annelies\Application Data\LimeWire
2010-07-17 10:49 . 2009-03-12 14:16 -------- d-----w- c:\program files\QuickTime
2010-07-17 07:45 . 2008-11-02 11:14 -------- d-----w- c:\program files\DNA
2010-07-17 07:41 . 2008-11-02 11:14 -------- d-----w- c:\documents and settings\annelies\Application Data\DNA
2010-07-17 07:41 . 2010-07-17 07:10 112 ----a-w- c:\documents and settings\All Users\Application Data\AeGlBX1.dat
2010-07-17 07:40 . 2010-07-13 14:37 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9
2010-07-16 04:36 . 2010-07-16 04:36 -------- d-----w- c:\documents and settings\annelies\Application Data\AVG9
2010-07-13 20:42 . 2007-11-17 14:51 -------- d-----w- c:\program files\WarRock
2010-07-13 20:42 . 2007-10-28 20:06 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-07-13 19:26 . 2008-11-05 17:31 -------- d-----w- c:\program files\Vuze
2010-07-13 18:39 . 2010-04-09 17:11 -------- d-----w- c:\program files\OXXOGames
2010-07-13 17:30 . 2010-04-09 17:13 -------- d-----w- c:\program files\GAMESVOORIEDEREEN.NL
2010-07-13 17:21 . 2010-02-28 10:17 -------- d-----w- c:\program files\Brickshooter Egypt
2010-07-13 14:38 . 2008-05-25 09:03 -------- d-----w- c:\program files\AVG
2010-07-13 07:43 . 2007-11-01 20:30 74312 -c--a-w- c:\documents and settings\annelies\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-07-12 08:31 . 2007-12-28 14:16 -------- d-----w- c:\program files\Google
2010-07-12 08:03 . 2009-11-02 17:28 -------- d-----w- c:\program files\Alawar
2010-07-12 08:00 . 2008-08-27 09:40 -------- d-----w- c:\program files\Disney Interactive
2010-07-12 04:39 . 2010-06-27 11:26 -------- d-----w- c:\documents and settings\All Users\Application Data\PMB Files
2010-06-30 12:33 . 2004-08-03 23:03 149504 ----a-w- c:\windows\system32\schannel.dll
2010-06-28 20:57 . 2010-07-17 07:39 38848 ----a-w- c:\windows\avastSS.scr
2010-06-28 20:57 . 2010-07-17 07:39 165032 ----a-w- c:\windows\system32\aswBoot.exe
2010-06-28 20:37 . 2010-07-17 07:39 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-06-28 20:37 . 2010-07-17 07:39 165456 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-06-28 20:33 . 2010-07-17 07:39 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-06-28 20:32 . 2010-07-17 07:39 100176 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-06-28 20:32 . 2010-07-17 07:39 94544 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-06-28 20:32 . 2010-07-17 07:39 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-06-28 20:32 . 2010-07-17 07:39 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-06-24 12:27 . 2004-08-03 23:03 916480 ----a-w- c:\windows\system32\wininet.dll
2010-06-24 09:02 . 2004-08-03 22:56 1852032 ----a-w- c:\windows\system32\win32k.sys
2010-06-21 15:27 . 2004-08-03 21:14 354304 ----a-w- c:\windows\system32\drivers\srv.sys
2010-06-17 14:03 . 2004-08-03 23:03 80384 ----a-w- c:\windows\system32\iccvid.dll
2010-06-14 14:31 . 2007-10-28 18:45 744448 ----a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe
2010-06-14 07:43 . 2004-08-03 23:03 1172480 ----a-w- c:\windows\system32\msxml3.dll
.
<pre> c:\program files\Adobe\Reader 9.0\Reader\Reader_sl .exe c:\program files\AVG\AVG9\avgtray .exe c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM .exe c:\program files\Common Files\Ahead\Lib\NeroCheck .exe c:\program files\Common Files\Ahead\Lib\NMBgMonitor .exe c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon .exe c:\program files\DNA\btdna .exe c:\program files\HP\HP Software Update\HPWuSchd2 .exe c:\program files\Java\jre6\bin\jusched .exe c:\program files\Microsoft Office\Office12\GrooveMonitor .exe c:\program files\Pando Networks\Media Booster\PMB .exe c:\program files\QuickTime\qttask .exe </pre>
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2010-04-16 3872080]
"BitTorrent"="c:\program files\BitTorrent\BitTorrent.exe" [2010-09-03 689016]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-10-01 7634944]
"nwiz"="nwiz.exe" [2007-10-01 1622016]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-10-01 86016]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-06-28 2837864]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^GamersFirst LIVE!.lnk]
path=c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\GamersFirst LIVE!.lnk
backup=c:\windows\pss\GamersFirst LIVE!.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-06-09 08:06 976832 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-06-20 02:04 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent]
2010-09-03 11:05 689016 ----a-w- c:\program files\BitTorrent\BitTorrent.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Bonjour Service"=2 (0x2)
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Nero\\Nero 7\\Nero Home\\NeroHome.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"d:\\limewire\\LimeWire.exe"=
"c:\\Program Files\\Logitech\\Logitech Harmony Remote Software 7\\HarmonyRemote.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"56881:TCP"= 56881:TCP:Pando Media Booster
"56881:UDP"= 56881:UDP:Pando Media Booster
"57213:TCP"= 57213:TCP:Pando Media Booster
"57213:UDP"= 57213:UDP:Pando Media Booster
"57709:TCP"= 57709:TCP:Pando Media Booster
"57709:UDP"= 57709:UDP:Pando Media Booster
R1 archlp;archlp;c:\windows\system32\drivers\archlp.sys [27-5-2009 20:46 11392]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [17-7-2010 9:39 165456]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [17-7-2010 9:39 17744]
S1 zrvwducabgjp7;zrvwducabgjp7;c:\windows\system32\drivers\zrvwducabgjp7.sys --> c:\windows\system32\drivers\zrvwducabgjp7.sys [?]
S2 gupdate1ca051781944026;Google Updateservice (gupdate1ca051781944026);c:\program files\Google\Update\GoogleUpdate.exe [15-7-2009 8:43 133104]
S3 ADM8511;ADMtek ADM8511/AN986 USB To Fast Ethernet Converter;c:\windows\system32\drivers\ADM8511.SYS [28-10-2007 20:53 20160]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [13-11-2008 17:23 721904]
.
Inhoud van de 'Gedeelde Taken' map
2010-07-03 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]
2010-09-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-15 06:43]
2010-09-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-15 06:43]
2010-09-06 c:\windows\Tasks\User_Feed_Synchronization-{5F9B21F2-C498-4B1E-86D8-424A9D80C29C}.job
- c:\windows\system32\msfeedssync.exe [2007-10-28 02:31]
2010-09-06 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2010-09-06 20:18]
.
.
------- Bijkomende Scan -------
.
uDefault_Search_URL = hxxp://www.google.com/ie
uStart Page = hxxp://www.google.com
mStart Page = hxxp://www.shareware-ne.com/nl/index.php?rvs=hompag
mSearch Bar = hxxp://www.google.com
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://game01.zylom.com/activex/zylomgamesplayer.cab
.
- - - - ORPHANS VERWIJDERD - - - -
WebBrowser-{5B6BCEFC-3466-4ED3-8853-8266BA4D1AD1} - (no file)
WebBrowser-{0FC85F5D-6207-4515-A490-45A549D285C0} - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{E21F584C-5746-4AA1-84FD-ADE09EDBC0BD} - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
WebBrowser-{46CF08E6-2E94-478C-94FD-8B2140C6FF10} - (no file)
AddRemove-ca2bde06-be91-ee0e-1afb-cec70a86abd7 - c:\windows\system32\ca2bde06-be91-ee0e-1afb-cec70a86abd7.exe
AddRemove-BitTorrent DNA - c:\program files\DNA\btdna.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2010-09-06 13:32
Windows 5.1.2600 Service Pack 3 NTFS
scannen van verborgen processen ...
scannen van verborgen autostart items ...
scannen van verborgen bestanden ...
Scan succesvol afgerond
verborgen bestanden: 0
**************************************************************************
.
--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------
[HKEY_LOCAL_MACHINE\software\Classes\X «S*I*D*\{040CAC3F-C5B9-4F74-864D-278BFE103668}\InprocServer32]
@="c:\\WINDOWS\\System32\\dx8vb32.dll"
"ThreadingModel"="Both"
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|ù•9~*]
"3140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
.
--------------------- DLLs Geladen Onder Lopende Processen ---------------------
- - - - - - - > 'explorer.exe'(3908)
c:\windows\system32\webcheck.dll
.
------------------------ Andere Aktieve Processen ------------------------
.
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\nvsvc32.exe
c:\windows\system32\HPZipm12.exe
c:\windows\system32\PnkBstrA.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\windows\system32\rundll32.exe
.
**************************************************************************
.
Voltooingstijd: 2010-09-06 13:39:26 - machine werd herstart
ComboFix-quarantined-files.txt 2010-09-06 11:39
Pre-Run: 96.720.969.728 bytes beschikbaar
Post-Run: 96.749.903.872 bytes beschikbaar
Current=3 Default=3 Failed=1 LastKnownGood=4 Sets=1,2,3,4
- - End Of File - - 74C64E8B948E76566ECF7F06B42708FB
-
Sorry dit bestand is niet aanwezig wat nu te doen?
-
IK krijg het niet voor elkaar ik doe dit bovenstaande verhaal in de veilige modus, als combofix de pc zelf herstart komt ie in de normale modus en maakt combofis geen log bestand. Wat moet ik nu??
-
Malwarebytes' Anti-Malware 1.46
Databaseversie: 4537
Windows 5.1.2600 Service Pack 3 (Safe Mode)
Internet Explorer 8.0.6001.18702
3-9-2010 21:39:35
mbam-log-2010-09-03 (21-39-35).txt
Scantype: Snelle scan
Objecten gescand: 178249
Verstreken tijd: 8 minuut/minuten, 48 seconde(n)
Geheugenprocessen geïnfecteerd: 0
Geheugenmodulen geïnfecteerd: 0
Registersleutels geïnfecteerd: 18
Registerwaarden geïnfecteerd: 0
Registerdata geïnfecteerd: 3
Mappen geïnfecteerd: 2
Bestanden geïnfecteerd: 8
Geheugenprocessen geïnfecteerd:
(Geen kwaadaardige objecten gedetecteerd)
Geheugenmodulen geïnfecteerd:
(Geen kwaadaardige objecten gedetecteerd)
Registersleutels geïnfecteerd:
HKEY_CLASSES_ROOT\ca.cab (Trojan.SearchRedir.M) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ca.cab.1 (Trojan.SearchRedir.M) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{8b2c7c9d-716d-4e9e-9358-b9c80a81b7ed} (Adware.Adparatus) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{c6a91056-83e0-4c6e-8dcc-43fc0dfe7a0a} (Trojan.SearchRedir.M) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{8b2c7c9d-716d-4e9e-9358-b9c80a81b7ed} (Adware.Adparatus) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{5cbf8c22-e9a6-11d7-90fe-000ae4012db4} (Switch.Dialer) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{c6a91056-83e0-4c6e-8dcc-43fc0dfe7a0a} (Trojan.SearchRedir.M) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\resultdns (Adware.ResultDns) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\{NSINAME} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Antimalware Doctor Inc (Rogue.AntimalwareDoctor) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\AppDataLow\HavingFunOnline (Adware.BHO.FL) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\IEBarProperties (Adware.Mirar) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\MarketPrecision\Adparatus (Adware.Adparatus) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\MarketPrecision\DuhikiToolbar (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WhereSphere (Adware.WhereSphere) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\WhereSphere (Adware.WhereSphere) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ESENT\Process\Adparatus (Adware.Adparatus) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\ResultDns (Adware.ResultDns) -> Quarantined and deleted successfully.
Registerwaarden geïnfecteerd:
(Geen kwaadaardige objecten gedetecteerd)
Registerdata geïnfecteerd:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Search Bar (Hijack.SearchPage) -> Bad: (Removing Tango Search / Tango Toolbar - WebAnswers.com) Good: (Google) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\Search Bar (Hijack.SearchPage) -> Bad: (Removing Tango Search / Tango Toolbar - WebAnswers.com) Good: (Google) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page (Hijack.StartPage) -> Bad: (searchdirectnow.com) Good: (Google) -> Quarantined and deleted successfully.
Mappen geïnfecteerd:
C:\Documents and Settings\All Users\Application Data\ResultDns (Adware.ResultDns) -> Quarantined and deleted successfully.
C:\Program Files\ResultDns (Adware.ResultDns) -> Quarantined and deleted successfully.
Bestanden geïnfecteerd:
C:\WINDOWS\system32\0.3010747025815207.exe (Trojan.PWS) -> Quarantined and deleted successfully.
C:\Documents and Settings\annelies\Local Settings\Temp\ie15.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\ResultDns\resultdns111.exe (Adware.ResultDns) -> Quarantined and deleted successfully.
C:\Program Files\ResultDns\resultdns.exe (Adware.ResultDns) -> Quarantined and deleted successfully.
C:\Program Files\ResultDns\uninstall.exe (Adware.ResultDns) -> Quarantined and deleted successfully.
C:\Documents and Settings\annelies\Application Data\usernt.dat (Malware.Trace) -> Quarantined and deleted successfully.
C:\Documents and Settings\annelies\Local Settings\Temp\in1A.tmp (Malware.Trace) -> Quarantined and deleted successfully.
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Windows Server\admin.txt (Malware.Trace) -> Quarantined and deleted successfully.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:50:02, on 3-9-2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Safe mode with network support
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\annelies\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\annelies\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\annelies\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hyves.nl: always in touch with your friends
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.shareware-ne.com/nl/index.php?rvs=hompag
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer wordt aangeboden door Hyves
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [avast5] C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: In weblog opnemen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &In weblog opnemen met Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file:///C:/Program%20Files/Jigsaw%20Puzzle%20Platinum/Images/stg_drm.ocx
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game01.zylom.com/activex/zylomgamesplayer.cab
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file:///C:/Program%20Files/Jigsaw%20Puzzle%20Platinum/Images/armhelper.ocx
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} (CRLDownloadWrapper Class) - http://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Google Updateservice (gupdate1ca051781944026) (gupdate1ca051781944026) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
--
End of file - 8518 bytes
Ok ik heb alles gedaan wat u vroeg kon alleen 04 global startup gamesfirst live niet wegdoen omdat dit er niet bijstond.
Wat is er toch aan de hand??
In ieder geval alvast bedankt dat u me wil helpen
-
ok wie is de expert?
-
Sorry ik kreeg het even niet voor elkaar maar volgens mij is dit nu gelukt???
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:31:34, on 3-9-2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Safe mode with network support
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\winlogon.exe
C:\Documents and Settings\annelies\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\annelies\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\annelies\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hyves.nl: always in touch with your friends
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Removing Tango Search / Tango Toolbar - WebAnswers.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = searchdirectnow.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = Removing Tango Search / Tango Toolbar - WebAnswers.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.shareware-ne.com/nl/index.php?rvs=hompag
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer wordt aangeboden door Hyves
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
R3 - URLSearchHook: Radio Bar 1 Toolbar - {0fc85f5d-6207-4515-a490-45a549d285c0} - C:\Program Files\Radio_Bar_1\tbRad1.dll
R3 - URLSearchHook: Download-DU Toolbar - {46cf08e6-2e94-478c-94fd-8b2140c6ff10} - C:\Program Files\Download-DU\tbDown.dll
O2 - BHO: Radio Bar 1 Toolbar - {0fc85f5d-6207-4515-a490-45a549d285c0} - C:\Program Files\Radio_Bar_1\tbRad1.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Download-DU Toolbar - {46cf08e6-2e94-478c-94fd-8b2140c6ff10} - C:\Program Files\Download-DU\tbDown.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: CCAB - {C6A91056-83E0-4C6E-8DCC-43FC0DFE7A0A} - C:\WINDOWS\system32\EjMS70s5.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O3 - Toolbar: Radio Bar 1 Toolbar - {0fc85f5d-6207-4515-a490-45a549d285c0} - C:\Program Files\Radio_Bar_1\tbRad1.dll
O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O3 - Toolbar: Download-DU Toolbar - {46cf08e6-2e94-478c-94fd-8b2140c6ff10} - C:\Program Files\Download-DU\tbDown.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [avast5] C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [bitTorrent] "C:\Program Files\BitTorrent\BitTorrent.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
O4 - HKUS\S-1-5-21-1078081533-1637723038-682003330-500\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Administrator')
O4 - HKUS\S-1-5-21-1078081533-1637723038-682003330-500\..\RunOnce: [NeroHomeFirstStart] "C:\Program Files\Common Files\Ahead\Lib\NMFirstStart.exe" (User 'Administrator')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: syscron.exe
O4 - Global Startup: GamersFirst LIVE!.lnk = C:\Program Files\GamersFirst\LIVE!\Live.exe
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: In weblog opnemen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &In weblog opnemen met Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file:///C:/Program%20Files/Jigsaw%20Puzzle%20Platinum/Images/stg_drm.ocx
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game01.zylom.com/activex/zylomgamesplayer.cab
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file:///C:/Program%20Files/Jigsaw%20Puzzle%20Platinum/Images/armhelper.ocx
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} (CRLDownloadWrapper Class) - http://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O20 - AppInit_DLLs: C:\WINDOWS\System32\duser32.dll
O20 - Winlogon Notify: a852a5eb705 - C:\WINDOWS\System32\duser32.dll (file missing)
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Remote Connections Service (FlexService) - Unknown owner - C:\Program Files\RapidBIT\cisvc.exe (file missing)
O23 - Service: Google Updateservice (gupdate1ca051781944026) (gupdate1ca051781944026) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: ResultDns Service - Unknown owner - C:\Documents and Settings\All Users\Application Data\ResultDns\resultdns111.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
--
End of file - 10819 bytes
-
ja in de beveiligde modus heb ik wel bureaublad alleen de iconen/symbolen zijn wat groter dan normaal
-
bovenstaande ook geprobeerd maar krijg dezelfde melding dat ik geen toegang kan krijgen
-
Heb het bovenstaande ook geprobeert ik krijg dan als melding: kan geen toegang krijgen tot bestand/pad
-
Hallo, ik heb xp maar niet de originele schijf. Ik heb dat al geprobeert met explorer.exe maar dat geeft ie aan niet te kennen of niet te kunnen vinden, wat nu??? Iemand een idee
-
Hallo allemaal ik heb een probleem, mijn bureaublad is verdwenen. Alle iconen zijn weg en de balk van start en zo. Ik kan wel opstarten in de beveiligde modus maar geen nieuw herstelpunt maken. Met Ctrl/Alt/del kan ik wel opstarten, maar hoe krijg ik de boel weer terug en wat is er aan de hand. Gisteren deed alles weer normaal en vanmorgen weer alles weg. Heb ik een virus en wat moet ik doen. Ik ben een leek
-
Geen problemen meer!!!! Heel erg bedankt voor uw hulp!!!
-
Iedereen kan wat over het hoofd zien, maar ik dacht dat ik een niet te verhelpen probleem heb of had. Ik heb uw instructies opgevolgd en hier volgt de log:
Malwarebytes' Anti-Malware 1.34
Database versie: 1749
Windows 5.1.2600 Service Pack 2
14-2-2009 19:20:43
mbam-log-2009-02-14 (19-20-43).txt
Scan type: Snelle Scan
Objecten gescand: 78654
Verstreken tijd: 3 minute(s), 57 second(s)
Geheugenprocessen geïnfecteerd: 0
Geheugenmodulen geïnfecteerd: 0
Registersleutels geïnfecteerd: 16
Registerwaarden geïnfecteerd: 1
Registerdata bestanden geïnfecteerd: 5
Mappen geïnfecteerd: 0
Bestanden geïnfecteerd: 10
Geheugenprocessen geïnfecteerd:
(Geen kwaadaardige items gevonden)
Geheugenmodulen geïnfecteerd:
(Geen kwaadaardige items gevonden)
Registersleutels geïnfecteerd:
HKEY_CLASSES_ROOT\Interface\{1601d447-7424-4866-8dcc-acf98a2a41e1} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{ceb9c60d-f0ad-4b73-a3ab-4fc822e38d66} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{c3c0ec2c-2c1c-495c-9ad0-1f0ef833d7b5} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\{8d71eeb8-a1a7-4733-8fa2-1cac015c967d} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6156a32a-c512-4e23-aa9a-2315f4265681} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{733716e1-76d2-4003-ac39-845281c0ef85} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6fc3c36d-7635-4d43-ba62-0d9d2f2cd06e} (Adware.Fotomoto) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{bd4f7a6d-0107-4bdf-b72b-021b717b06ce} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{c17e102b-bd29-4e92-b699-1a21d2cb8e6c} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{964bf54a-a147-4b3f-9540-6c40cc6b9d8c} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\coolplay (Trojan.DNSChanger) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\Sidebar.DLL (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\superiorads (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\AdvRemoteDbg (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\MediaHoldings (Adware.PlayMP3Z) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Software Notifier (Rogue.Multiple) -> Quarantined and deleted successfully.
Registerwaarden geïnfecteerd:
HKEY_CURRENT_USER\Control Panel\Desktop\scrnsave.exe (Hijack.Wallpaper) -> Quarantined and deleted successfully.
Registerdata bestanden geïnfecteerd:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\NoDispBackgroundPage (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\NoDispScrSavPage (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{859ddeb4-4dbd-491b-99df-5ffd88afaa23}\NameServer (Trojan.DNSChanger) -> Data: 85.255.115.18,85.255.112.61 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{859ddeb4-4dbd-491b-99df-5ffd88afaa23}\NameServer (Trojan.DNSChanger) -> Data: 85.255.115.18,85.255.112.61 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Tcpip\Parameters\Interfaces\{859ddeb4-4dbd-491b-99df-5ffd88afaa23}\NameServer (Trojan.DNSChanger) -> Data: 85.255.115.18,85.255.112.61 -> Quarantined and deleted successfully.
Mappen geïnfecteerd:
(Geen kwaadaardige items gevonden)
Bestanden geïnfecteerd:
C:\WINDOWS\system32\myss_sb_uninstall.exe (Adware.BHO) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\{f0357839-093f-6152-71cb-8187fa29836c}.dll-uninst.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\superiorads-uninst.exe (Adware.BHO) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\pac.txt (Malware.Trace) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Protect\track.sys (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\gaopdxefyxeyxj.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\gaopdxftheepxm.sys (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\gaopdxmlhosdpp.sys (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\gaopdxpepxexma.sys (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\gaopdxvclboxnv.sys (Trojan.Agent) -> Quarantined and deleted successfully.
Moet ik verder nog iets doen???
Groeten Ankar
En hier de nieuwe hijack log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:29:45, on 14-2-2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.buienradar.nl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [sNM] C:\Program Files\SpyNoMore\SNM.exe /startup
O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [bitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {928626A3-6B98-11CF-90B4-00AA00A4011F} (SurroundVideoCtrl Object) - http://www.kindl.at/plugin/mssurvid.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game01.zylom.com/activex/zylomgamesplayer.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {D71F9A27-723E-4B8B-B428-B725E47CBA3E} (Imikimi_activex_plugin Control) - http://imikimi.com/download/imikimi_plugin_0.5.1.cab
O16 - DPF: {DEB21AD3-FDA4-42F6-B57D-EE696A675EE8} (IPSUploader Control) - http://asp07.photoprintit.de/microsite/12247/defaults/activex/IPSUploader.cab
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
--
End of file - 7957 bytes
-
Is er nu echt niemand die mij hiermee kan helpen of heb ik op een verkeerde plaats gepost???:s
-
Ik ben helemaal niet thuis in het computerwereldje en ik hoop dat iemand me op een simpele manier kan uitleggen wat er aan de hand is.
Mijn pc start normaal op maar loopt na verloop van tijd vast ik kan dan niets anders meer dan handmatig uitschakelen, wat niet goed schijnt te zijn. Ik heb een logje? gemaakt:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:40:47, on 11-2-2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Buienradar.nl - Weer - Actuele neerslag, sneeuw, weerbericht, satellietbeelden
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SWEETIE - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - C:\PROGRA~1\MACROG~1\SWEETI~1\toolbar.dll (file missing)
O2 - BHO: (no name) - {733716E1-76D2-4003-AC39-845281C0EF85} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {865e6aa9-deac-ff0d-b079-300c8f16ca2f} - (no file)
O2 - BHO: mysidesearch search enhancer - {8B917FA2-E66D-58BF-EC09-CB5F0D2CE893} - C:\WINDOWS\system32\qbgljetjvzf.dll (file missing)
O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [sNM] C:\Program Files\SpyNoMore\SNM.exe /startup
O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [bitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [WindowsUpdate] C:\RECYCLER\S-1-5-21-5670733064-4128181056-535903271-3530\windowsupdate.exe
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKCU\..\RunOnce: [shockwave Updater] C:\WINDOWS\system32\Adobe\SHOCKW~1\SWHELP~1.EXE -Update -1100465 -"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; SIMBAR={6DCEE3C1-14C2-4001-9FA5-B15C45969A4D}; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30; .NET CLR 1.1.4322; InfoPath.1)" -"Pipe Down"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {928626A3-6B98-11CF-90B4-00AA00A4011F} (SurroundVideoCtrl Object) - http://www.kindl.at/plugin/mssurvid.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game01.zylom.com/activex/zylomgamesplayer.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {D71F9A27-723E-4B8B-B428-B725E47CBA3E} (Imikimi_activex_plugin Control) - http://imikimi.com/download/imikimi_plugin_0.5.1.cab
O16 - DPF: {DEB21AD3-FDA4-42F6-B57D-EE696A675EE8} (IPSUploader Control) - http://asp07.photoprintit.de/microsite/12247/defaults/activex/IPSUploader.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{859DDEB4-4DBD-491B-99DF-5FFD88AFAA23}: NameServer = 85.255.115.18,85.255.112.61
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.115.18,85.255.112.61
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.115.18,85.255.112.61
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.115.18,85.255.112.61
O20 - Winlogon Notify: __c00EF229 - C:\WINDOWS\system32\__c00EF229.dat (file missing)
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
--
End of file - 9878 bytes
Wie kan mij helpen??
bureaublad weg
in Archief Website Hulp & Scripts
Geplaatst:
Volgens mij is nu alles ok de pc is weer supersnel en mijn bureaublad is terug Pfff gelukkig hier was ik nooit alleen uitgekomen.
Bedankt voor alles!!!