smalle
-
Items
3 -
Registratiedatum
-
Laatst bezocht
Inhoudstype
Profielen
Forums
Store
Alles dat geplaatst werd door smalle
-
ComboFix 09-03-03.01 - Stephen 2009-03-04 16:03:00.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3327.2876 [GMT 1:00] Running from: c:\documents and settings\Stephen\Desktop\ComboFix.exe AV: Symantec AntiVirus Corporate Edition *On-access scanning disabled* (Updated) * Created a new restore point . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\install.exe c:\windows\esellerateengine.dll c:\windows\jestertb.dll . ((((((((((((((((((((((((( Files Created from 2009-02-04 to 2009-03-04 ))))))))))))))))))))))))))))))) . 2009-03-03 22:04 . 2009-03-03 22:04 <DIR> d-------- c:\documents and settings\Stephen\Application Data\Malwarebytes 2009-03-03 17:56 . 2009-03-03 17:56 <DIR> d-------- c:\documents and settings\Stephen\Application Data\DAEMON Tools 2009-03-03 17:55 . 2009-03-03 17:57 <DIR> d-------- c:\documents and settings\Stephen\Application Data\DAEMON Tools Lite 2009-03-03 17:50 . 2009-03-03 17:56 <DIR> d-------- c:\documents and settings\Stephen\Application Data\DAEMON Tools Pro 2009-02-27 23:37 . 2009-02-27 23:43 <DIR> d-------- c:\documents and settings\Stephen\Application Data\Azureus 2009-02-24 23:33 . 2009-02-24 23:33 <DIR> d-------- c:\documents and settings\Stephen\Application Data\Power Sound Editor Free 2009-02-24 22:02 . 2009-02-24 22:02 <DIR> d-------- c:\documents and settings\Stephen\Application Data\Ace 2009-02-16 00:53 . 2009-02-17 19:37 <DIR> d-------- c:\documents and settings\Stephen\Application Data\Media Player Classic 2009-02-10 19:21 . 2009-02-10 19:21 <DIR> d-------- c:\documents and settings\Stephen\Application Data\Apple Computer 2009-02-10 19:01 . 2009-02-27 23:00 <DIR> d-------- c:\documents and settings\Stephen\Application Data\LimeWire 2009-02-09 21:34 . 2009-02-09 21:34 <DIR> d-------- c:\documents and settings\Stephen\Application Data\GlobalSCAPE 2009-02-09 16:54 . 2009-02-09 16:54 <DIR> d-------- c:\documents and settings\Stephen\Application Data\InstallShield 2009-02-09 09:19 . 2009-02-09 09:34 <DIR> d-------- c:\documents and settings\Stephen\Application Data\nHancer 2009-02-08 23:02 . 2009-03-04 16:01 <DIR> d-------- c:\documents and settings\Stephen\Application Data\DNA 2009-02-08 23:02 . 2009-03-03 04:05 <DIR> d-------- c:\documents and settings\Stephen\Application Data\BitTorrent 2009-02-08 22:55 . 2009-02-08 22:55 <DIR> d---s---- c:\documents and settings\Stephen\UserData 2009-02-08 21:54 . 2009-03-03 18:02 <DIR> d-------- c:\documents and settings\Stephen\Application Data\teamspeak2 2009-02-08 21:21 . 2009-03-04 15:45 <DIR> d-------- c:\documents and settings\Stephen\Tracing 2009-02-08 21:09 . 2009-03-04 13:13 <DIR> d-------- c:\documents and settings\Stephen\Application Data\skypePM 2009-02-08 21:09 . 2009-03-04 15:29 <DIR> d-------- c:\documents and settings\Stephen\Application Data\Skype . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-03-04 14:58 --------- d-----w c:\program files\Symantec AntiVirus 2009-03-04 12:11 --------- d-----w c:\program files\DNA 2009-03-03 21:04 --------- d-----w c:\program files\Malwarebytes' Anti-Malware 2009-03-03 21:04 --------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes 2009-03-03 17:47 --------- d-----w c:\program files\Trend Micro 2009-03-03 16:59 --------- d--h--w c:\program files\InstallShield Installation Information 2009-03-03 16:59 --------- d-----w c:\program files\EA GAMES 2009-03-03 16:55 --------- d-----w c:\program files\DAEMON Tools Lite 2009-03-03 16:55 --------- d-----w c:\documents and settings\All Users\Application Data\DAEMON Tools Lite 2009-03-03 16:53 --------- d-----w c:\program files\DAEMON Tools Pro 2009-03-03 16:52 --------- d-----w c:\documents and settings\All Users\Application Data\DAEMON Tools Pro 2009-03-03 16:50 717,296 ----a-w c:\windows\system32\drivers\sptd.sys 2009-03-02 18:02 --------- d-----w c:\program files\Eidos 2009-02-28 09:14 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy 2009-02-28 09:03 --------- d-----w c:\program files\Microsoft CAPICOM 2.1.0.2 2009-02-28 09:00 --------- d-----w c:\program files\MSXML 4.0 2009-02-28 08:47 --------- d-----w c:\program files\Spybot - Search & Destroy 2009-02-27 22:37 --------- d-----w c:\documents and settings\All Users\Application Data\Azureus 2009-02-27 19:28 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP 2009-02-27 13:17 --------- d-----w c:\documents and settings\All Users\Application Data\Hitman Pro 3 2009-02-27 10:45 --------- d-----w c:\documents and settings\All Users\Application Data\Hitman Pro 2009-02-27 10:35 --------- d-----w c:\program files\Hitman Pro 3 2009-02-25 18:43 286,720 ----a-w c:\windows\iun506.exe 2009-02-24 22:43 --------- d-----w c:\program files\TSS Fokker 100 RR-Tay 2009-02-24 21:02 107,888 ----a-w c:\windows\system32\CmdLineExt.dll 2009-02-24 10:53 --------- d-----w c:\documents and settings\All Users\Application Data\nHancer 2009-02-24 10:51 --------- d-----w c:\program files\Common Files\Wise Installation Wizard 2009-02-24 10:51 --------- d-----w c:\program files\AGEIA Technologies 2009-02-24 00:25 --------- d-----w c:\program files\Logitech 2009-02-24 00:25 --------- d-----w c:\documents and settings\All Users\Application Data\Logitech 2009-02-22 18:10 --------- d-----w c:\program files\Common Files\Adobe 2009-02-20 14:51 --------- d-----w c:\program files\Windows Media Connect 2 2009-02-20 09:26 360,580 ----a-w c:\windows\system32\eSellerateEngine.dll 2009-02-15 23:53 --------- d-----w c:\program files\K-Lite Codec Pack 2009-02-13 11:58 1,328 ----a-w C:\FSUIPC_reg.bin 2009-02-12 17:31 --------- d-----w c:\documents and settings\All Users\Application Data\Office Genuine Advantage 2009-02-12 13:14 --------- d-----w c:\program files\Real Environment Pro 2009-02-11 18:38 --------- d-----w c:\program files\Aerosoft 2009-02-11 13:28 737,280 ----a-w c:\windows\iun6002.exe 2009-02-11 09:19 38,496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys 2009-02-11 09:19 15,504 ----a-w c:\windows\system32\drivers\mbam.sys 2009-02-10 19:04 --------- d-----w c:\program files\Microsoft.NET 2009-02-10 18:21 --------- d-----w c:\program files\QuickTime 2009-02-10 18:21 --------- d-----w c:\program files\iTunes 2009-02-10 18:21 --------- d-----w c:\program files\iPod 2009-02-10 18:21 --------- d-----w c:\program files\Common Files\Apple 2009-02-10 18:21 --------- d-----w c:\program files\Bonjour 2009-02-10 18:21 --------- d-----w c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6} 2009-02-10 18:20 --------- d-----w c:\program files\Apple Software Update 2009-02-10 18:20 --------- d-----w c:\documents and settings\All Users\Application Data\Apple Computer 2009-02-10 18:20 --------- d-----w c:\documents and settings\All Users\Application Data\Apple 2009-02-10 18:00 --------- d-----w c:\program files\LimeWire 2009-02-10 17:46 --------- d-----w c:\documents and settings\All Users\Application Data\NOS 2009-02-09 20:34 --------- d-----w c:\program files\GlobalSCAPE 2009-02-09 19:51 410,984 ----a-w c:\windows\system32\deploytk.dll 2009-02-09 19:51 --------- d-----w c:\program files\Java 2009-02-09 18:56 67,584 ----a-w c:\windows\system32\ff_vfw.dll 2009-02-09 15:09 --------- d-----w c:\program files\Teamspeak2_RC2 2009-02-09 14:23 --------- d-----w c:\program files\NOS 2009-02-09 09:23 --------- d-----w c:\program files\IVAO 2009-02-09 08:33 --------- d-----w c:\program files\nHancer 2009-02-09 08:27 --------- d-----w c:\documents and settings\All Users\Application Data\NVIDIA 2009-02-09 08:13 --------- d-----w c:\program files\Reference Assemblies 2009-02-09 08:13 --------- d-----w c:\program files\MSBuild 2009-02-08 22:02 --------- d-----w c:\program files\BitTorrent 2009-02-08 20:58 --------- d-----w c:\program files\Microsoft Games 2009-02-08 20:20 --------- d-----w c:\program files\Windows Live SkyDrive 2009-02-08 20:20 --------- d-----w c:\program files\Windows Live 2009-02-08 20:20 --------- d-----w c:\program files\Microsoft 2009-02-08 20:14 --------- d-----w c:\program files\Common Files\Windows Live 2009-02-08 20:09 --------- d-----w c:\program files\Common Files\Skype 2009-02-08 20:09 --------- d-----w c:\documents and settings\All Users\Application Data\Skype 2009-02-08 20:09 --------- d-----r c:\program files\Skype 2009-02-08 20:02 --------- d-----w c:\program files\Common Files\Symantec Shared 2009-02-08 19:53 --------- d-----w c:\program files\Symantec 2009-02-08 19:53 --------- d-----w c:\documents and settings\All Users\Application Data\Symantec 2009-02-08 06:27 --------- d-----w c:\program files\Common Files\InstallShield 2009-02-08 06:27 --------- d-----w c:\program files\ASUS 2009-02-08 06:24 315,392 ----a-w c:\windows\HideWin.exe 2009-02-08 06:24 --------- d-----w c:\program files\Realtek 2009-02-08 06:17 --------- d-----w c:\program files\Intel 2009-02-07 23:22 --------- d-----w c:\program files\microsoft frontpage 2009-02-06 17:52 49,504 ----a-w c:\windows\system32\sirenacm.dll 2009-02-05 09:54 453,152 ----a-w c:\windows\system32\NVUNINST.EXE 2009-01-16 17:24 70,936 ----a-w c:\windows\system32\PhysXLoader.dll 2008-12-11 00:33 86,016 ----a-w c:\windows\system32\dpl100.dll 2008-12-07 18:08 795,648 ----a-w c:\windows\system32\xvidcore.dll 2008-12-07 18:08 130,048 ----a-w c:\windows\system32\xvidvfw.dll 2008-12-04 08:28 24,344 ----a-w c:\windows\system32\PhysXDevice.dll 2006-06-24 22:48 32,768 ----a-r c:\windows\inf\UpdateUSB.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] "MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232] "BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2009-02-08 342848] "nHancer"="c:\program files\nHancer\nHancer.exe" [2009-01-26 1295872] "SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Six Engine"="c:\program files\ASUS\EPU-6 Engine\SixEngine.exe" [2008-07-04 5968384] "JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2007-03-20 36864] "36X Raid Configurer"="c:\windows\system32\xRaidSetup.exe" [2007-11-19 1970176] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-02-09 13680640] "ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2005-06-02 48752] "vptray"="c:\progra~1\SYMANT~1\VPTray.exe" [2005-06-23 85696] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-02-09 148888] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-01-06 290088] "Launch LgDevAgt"="c:\program files\Logitech\GamePanel Software\LgDevAgt.exe" [2008-11-06 358920] "Launch LCDMon"="c:\program files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe" [2008-11-06 1548296] "Launch LGDCore"="c:\program files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" [2008-11-06 2816520] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-02-09 86016] "RTHDCPL"="RTHDCPL.EXE" [2008-07-16 c:\windows\RTHDCPL.exe] "nwiz"="nwiz.exe" [2009-02-09 c:\windows\system32\nwiz.exe] [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\DNA\\btdna.exe"= "c:\\Program Files\\BitTorrent\\bittorrent.exe"= "c:\\Program Files\\Microsoft Games\\Flight Simulator 9\\fs9.exe"= "c:\\WINDOWS\\system32\\dpnsvr.exe"= "c:\\Program Files\\IVAO\\IvAp\\ivapnetint.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\EA GAMES\\Battlefield 2\\BF2.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "23456:UDP"= 23456:UDP:MP fs 9 "6073:UDP"= 6073:UDP:MP FS2004 R3 L1e;Miniport Driver for Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller;c:\windows\system32\drivers\l1e51x86.sys [2009-02-08 36864] S3 hitmanpro3;Hitman Pro 3 Support Driver;\??\c:\windows\system32\drivers\hitmanpro3.sys --> c:\windows\system32\drivers\hitmanpro3.sys [?] S3 SavRoam;SAVRoam;c:\program files\Symantec AntiVirus\SavRoam.exe [2005-06-23 124608] --- Other Services/Drivers In Memory --- *Deregistered* - EraserUtilDrv10910 . . ------- Supplementary Scan ------- . IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000 FF - ProfilePath - c:\documents and settings\Stephen\Application Data\Mozilla\Firefox\Profiles\p0w31i6k.default\ FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-03-04 16:03:47 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\h–€|ÿÿÿÿ¤•€|ù•A~*] "3140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL" . Completion time: 2009-03-04 16:04:20 ComboFix-quarantined-files.txt 2009-03-04 15:04:18 Pre-Run: 586.811.170.816 bytes free Post-Run: 586,853,261,312 bytes free WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect 213 --- E O F --- 2009-02-28 09:04:15
-
Hallo kape, Hieronder vind je de log van malware bytes en hijack this. Malwarebytes' Anti-Malware 1.34 Database versie: 1815 Windows 5.1.2600 Service Pack 3 4/03/2009 0:41:57 mbam-log-2009-03-04 (00-41-57).txt Scan type: Snelle Scan Objecten gescand: 61591 Verstreken tijd: 1 minute(s), 40 second(s) Geheugenprocessen geïnfecteerd: 0 Geheugenmodulen geïnfecteerd: 0 Registersleutels geïnfecteerd: 0 Registerwaarden geïnfecteerd: 0 Registerdata bestanden geïnfecteerd: 0 Mappen geïnfecteerd: 0 Bestanden geïnfecteerd: 0 Geheugenprocessen geïnfecteerd: (Geen kwaadaardige items gevonden) Geheugenmodulen geïnfecteerd: (Geen kwaadaardige items gevonden) Registersleutels geïnfecteerd: (Geen kwaadaardige items gevonden) Registerwaarden geïnfecteerd: (Geen kwaadaardige items gevonden) Registerdata bestanden geïnfecteerd: (Geen kwaadaardige items gevonden) Mappen geïnfecteerd: (Geen kwaadaardige items gevonden) Bestanden geïnfecteerd: (Geen kwaadaardige items gevonden) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 7:42:38, on 4/03/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\RTHDCPL.EXE C:\Program Files\ASUS\EPU-6 Engine\SixEngine.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Symantec AntiVirus\DefWatch.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\nHancer\nHancerService.exe C:\PROGRA~1\SYMANT~1\VPTray.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\DNA\btdna.exe C:\Program Files\nHancer\nHancer.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDClock.exe C:\Program Files\Logitech\GamePanel Software\Applets\LCDMedia.exe C:\Program Files\Symantec AntiVirus\Rtvscan.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe C:\WINDOWS\system32\NOTEPAD.EXE O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [six Engine] "C:\Program Files\ASUS\EPU-6 Engine\SixEngine.exe" -r O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\WINDOWS\RaidTool\xInsIDE.exe O4 - HKLM\..\Run: [36X Raid Configurer] C:\WINDOWS\system32\xRaidSetup.exe boot O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [Launch LgDevAgt] "C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe" O4 - HKLM\..\Run: [Launch LCDMon] "C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe" O4 - HKLM\..\Run: [Launch LGDCore] "C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" /SHOWHIDE O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [bitTorrent DNA] "C:\Program Files\DNA\btdna.exe" O4 - HKCU\..\Run: [nHancer] "C:\Program Files\nHancer\nHancer.exe" /tray O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: Mobiel Apple apparaat (Apple Mobile Device) - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: nHancer Support (nHancer) - KSE - Korndörfer Software Engineering - C:\Program Files\nHancer\nHancerService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe -- End of file - 7341 bytes
-
Hallo allemaal, Ik heb sinds een week een probleempje waneer ik iets instaleer en de instalatie is gedaan dan crasht explorer.exe en neemt drwatson.exe met zich mee ik heb een hijack this logje gemaakt misschien kunnen jullie mij helpen. Groetjes Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 18:48:02, on 3/03/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\RTHDCPL.EXE C:\Program Files\ASUS\EPU-6 Engine\SixEngine.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\PROGRA~1\SYMANT~1\VPTray.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe C:\Program Files\Logitech\GamePanel Software\LCD Manager\lcdmon.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\DNA\btdna.exe C:\Program Files\nHancer\nHancer.exe C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDClock.exe C:\Program Files\Logitech\GamePanel Software\Applets\LCDMedia.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Symantec AntiVirus\DefWatch.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\nHancer\nHancerService.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Symantec AntiVirus\Rtvscan.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\explorer.exe C:\Program Files\Skype\Phone\Skype.exe C:\Program Files\Skype\Plugin Manager\skypePM.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\Windows Live\Contacts\wlcomm.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Windows Media Player\wmplayer.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [six Engine] "C:\Program Files\ASUS\EPU-6 Engine\SixEngine.exe" -r O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\WINDOWS\RaidTool\xInsIDE.exe O4 - HKLM\..\Run: [36X Raid Configurer] C:\WINDOWS\system32\xRaidSetup.exe boot O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [Launch LgDevAgt] "C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe" O4 - HKLM\..\Run: [Launch LCDMon] "C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe" O4 - HKLM\..\Run: [Launch LGDCore] "C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" /SHOWHIDE O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [bitTorrent DNA] "C:\Program Files\DNA\btdna.exe" O4 - HKCU\..\Run: [nHancer] "C:\Program Files\nHancer\nHancer.exe" /tray O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: Mobiel Apple apparaat (Apple Mobile Device) - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: nHancer Support (nHancer) - KSE - Korndörfer Software Engineering - C:\Program Files\nHancer\nHancerService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe -- End of file - 7536 bytes
