Sweeky
-
Items
11 -
Registratiedatum
-
Laatst bezocht
Inhoudstype
Profielen
Forums
Store
Berichten die geplaatst zijn door Sweeky
-
-
Kijk eens bij je netwerkverbindingen.
Daar staan normaal 2 netwerkapparaten, een voor je kabel en een voor je draadloze verbinding.
Ik vermoed dat er bij je draadloze kaart een rood kruis gaat staan en de vermelding "uitgeschakeld". Dan moet je daarop klikken met de rechter muisknop en dan klikken op "inschakelen".
Nee dat is het niet.
-
XP of Vista?
Xp en het word echt een probleem.
-
Sinds maandag kan ik niet meer verbinden met draadloze netwerkverbinding.
Ik heb bij Windows Taakbeheer per ongeluk iets uitgeschakeld maar ik weet niet meer wat. Nu kan ik alleen verbinden via een kabel.
Kan iemand mij alsjeblieft helpen?
-
Dit ziet er niet slecht uit. Krijg je nog virusmeldingen ?
Nee al een tijd niet meer. In mijn menu Start zie ik terug Alle programma's en mijn VIRUS ALERT! na mijnt ijd is ook weg. Dus ik denk dat het virus eindelijk weg is.
Bedankt voor alles.
Groeten,
Mickaël
-
Start de computer op in “veilige modus”.
Start Hijackthis op. Ben je gebruiker van Vista kies dan voor “Run as administrator" of "Uitvoeren als administrator". Selecteer “Do a system scan only”. Selecteer alleen de items die hieronder zijn genoemd:
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Mickael Meynckens\Menu Start\Programma's\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O16 - DPF: {70ba88c8-dae8-4ce9-92bb-979c4a75f53b} (GSDACtl Class) - http://launch.gamespyarcade.com/soft...ch/alaunch.cab
O24 - Desktop Component 0: Privacy Protection - (no file)
Klik op 'Fix checked' om de items te verwijderen.
Open een kladblokbestand.
Kopieer en plak daarin de onderstaande vetgedrukte tekst.
File::
c:\windows\system32\nsq303.dll
c:\windows\system32\8.tmp
c:\windows\system32\drivers\ec23213a.sys
Driver::
ec23213a.sys
Registry::
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
Sla dit bestand op je bureaublad op als CFScript.txt.
Sleep CFScript.txt in ComboFix.exe
Dit zal ComboFix doen herstarten.
Start opnieuw op in gewone modus.
Post na herstart de inhoud van de Combofix.txt in je volgende bericht samen met een nieuw logje van HijackThis.
HijackThis log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:04, on 10/03/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\DVDRAMSV.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\Program Files\TOSHIBA\Tvs\TvsTray.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
C:\Program Files\TOSHIBA\TOSHIBA-zoomutility\SmoothView.exe
C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\CreativeEMI\MediaSource\Detector\CTDetect.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [synTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [THotkey] C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
O4 - HKLM\..\Run: [Tvs] C:\Program Files\TOSHIBA\Tvs\TvsTray.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [smoothView] C:\Program Files\TOSHIBA\TOSHIBA-zoomutility\SmoothView.exe
O4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Creative Detector] C:\Program Files\CreativeEMI\MediaSource\Detector\CTDetect.exe /R
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O8 - Extra context menu item: Add to Windows &Live Favorites - Add to Windows Live Favorites
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O23 - Service: Atheros-clienthulpprogramma (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Autodesk Licensing Service - Unknown owner - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: PnkBstrA (pnkbstra) - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: Spooler - Unknown owner - C:\WINDOWS\system32\spoolsv.exe (file missing)
O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
O24 - Desktop Component 0: Privacy Protection - (no file)
--
End of file - 7376 bytes
ComboFix log:
ComboFix 09-03-06.02 - Mickael Meynckens 2009-03-10 16:56:04.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.31.1043.18.478.74 [GMT 1:00]
Gestart vanuit: c:\documents and settings\Mickael Meynckens\Bureaublad\ComboFix.exe
gebruikte Opdracht switches :: c:\documents and settings\Mickael Meynckens\Bureaublad\CFScript.txt
AV: avast! antivirus 4.8.1335 [VPS 090309-0] *On-access scanning enabled* (Updated)
* Nieuw herstelpunt werd aangemaakt
FILE ::
c:\windows\system32\8.tmp
c:\windows\system32\drivers\ec23213a.sys
c:\windows\system32\nsq303.dll
.
(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\drivers\ec23213a.sys
c:\windows\system32\nsq303.dll
.
(((((((((((((((((((( Bestanden Gemaakt van 2009-02-10 to 2009-03-10 ))))))))))))))))))))))))))))))
.
2009-03-09 20:15 . 2009-03-09 20:15 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-03-09 20:15 . 2009-03-09 20:15 <DIR> d-------- c:\documents and settings\Mickael Meynckens\Application Data\Malwarebytes
2009-03-09 20:15 . 2009-03-09 20:15 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-03-09 20:15 . 2009-02-11 10:19 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-03-09 20:15 . 2009-02-11 10:19 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-03-09 17:07 . 2009-03-09 17:07 <DIR> d-------- c:\program files\Trend Micro
2009-03-02 09:30 . 2009-03-02 09:30 <DIR> d-------- c:\program files\TI Education
2009-03-01 22:31 . 2009-03-01 22:31 7,680 --ahs---- c:\windows\Thumbs.db
2009-02-27 11:49 . 2009-03-07 19:36 <DIR> d-------- c:\program files\Cheat Engine
2009-02-27 11:49 . 2006-09-04 19:16 1,970,176 --a------ c:\windows\system32\d3dx9.dll
2009-02-27 11:49 . 2006-09-04 19:16 679,936 --a------ c:\windows\system32\D3DX81ab.dll
2009-02-26 15:01 . 2003-07-19 16:17 5,174 --a------ c:\windows\system32\nppt9x.vxd
2009-02-26 15:01 . 2005-01-03 07:43 4,682 --a------ c:\windows\system32\npptNT2.sys
2009-02-26 15:00 . 2009-02-26 15:00 <DIR> d-------- c:\program files\Common Files\INCA Shared
2009-02-26 14:36 . 2009-02-26 21:07 <DIR> d-------- C:\AeriaGames
2009-02-26 14:34 . 2009-02-26 14:34 <DIR> d-------- c:\documents and settings\Mickael Meynckens\Application Data\InstallShield
2009-02-25 12:00 . 2009-01-09 20:18 1,089,891 -----c--- c:\windows\system32\dllcache\ntprint.cat
2009-02-24 21:13 . 2009-02-24 21:13 <DIR> d-------- c:\documents and settings\All Users\MAYN Games
2009-02-20 22:55 . 2009-02-20 22:55 <DIR> d-------- c:\program files\Ubisoft
2009-02-17 17:57 . 2009-02-17 17:57 <DIR> d-------- c:\documents and settings\Mickael Meynckens\Application Data\MySpace
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-07 23:47 --------- d--h--w c:\program files\InstallShield Installation Information
2009-03-07 19:06 --------- d-----w c:\program files\LimeWire
2009-03-01 23:01 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-03-01 17:13 --------- d-----w c:\documents and settings\Mickael Meynckens\Application Data\DNA
2009-02-26 09:46 --------- d-----w c:\program files\DNA
2009-02-21 12:42 2,864 ----a-w c:\windows\system32\winsock.dll
2009-02-05 12:16 --------- d-----w c:\program files\Reference Assemblies
2009-02-05 12:16 --------- d-----w c:\program files\MSBuild
2009-02-05 12:05 --------- d-----w c:\program files\MSXML 6.0
2008-12-28 13:53 31 ----a-w c:\documents and settings\Mickael Meynckens\jagex_runescape_preferences.dat
2008-12-24 11:53 201,352 ----a-w c:\windows\system32\PnkBstrB.exe
2008-12-20 23:03 826,368 ----a-w c:\windows\system32\wininet.dll
2008-09-12 18:47 22,328 ----a-w c:\documents and settings\Mickael Meynckens\Application Data\PnkBstrK.sys
2006-12-18 23:03 507,904 ----a-w c:\program files\ie-spyad.exe
2006-12-18 23:00 125,388 ----a-w c:\program files\hosts.zip
2006-12-18 22:51 670 ----a-w c:\program files\SpywareGuard LiveUpdate.lnk
2006-12-18 22:51 638 ----a-w c:\program files\SpywareGuard.lnk
2006-12-18 22:41 690 ----a-w c:\program files\SpywareBlaster.lnk
2006-12-17 21:57 381,390 ----a-w c:\program files\combofix.exe
2006-12-17 20:34 5,426,588 ----a-w c:\program files\drweb-cureit.exe
2006-12-17 13:16 849 ----a-w c:\program files\AVG Anti-Spyware.lnk
2006-12-17 12:54 99,622 ----a-w c:\program files\sedebugfix.exe
2006-12-17 12:26 1,182,183 ----a-w c:\program files\sarsfx.exe
2006-08-01 19:38 10,973,128 ----a-w c:\program files\setupdutALVAST.exe
2008-09-05 18:42 32,768 -csha-w c:\windows\system32\config\systemprofile\Local Settings\Geschiedenis\History.IE5\MSHist012008081820080825\index.dat
2008-09-12 18:34 32,768 -csha-w c:\windows\system32\config\systemprofile\Local Settings\Geschiedenis\History.IE5\MSHist012008090120080908\index.dat
2008-09-12 19:51 32,768 -csha-w c:\windows\system32\config\systemprofile\Local Settings\Geschiedenis\History.IE5\MSHist012008091220080913\index.dat
2008-09-13 09:34 32,768 -csha-w c:\windows\system32\config\systemprofile\Local Settings\Geschiedenis\History.IE5\MSHist012008091320080914\index.dat
2008-09-13 21:32 49,152 -csha-w c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
.
((((((((((((((((((((((((((((( SnapShot@2009-03-09_22.27.04.87 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-03-10 15:49:30 16,384 --sha-w c:\windows\Temp\Cookies\index.dat
+ 2009-03-10 15:49:30 16,384 --sha-w c:\windows\Temp\History\History.IE5\index.dat
+ 2009-03-10 15:49:30 32,768 --sha-w c:\windows\Temp\Temporary Internet Files\Content.IE5\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"Creative Detector"="c:\program files\CreativeEMI\MediaSource\Detector\CTDetect.exe" [2004-12-02 102400]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-05 344064]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2004-10-14 98394]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2004-10-14 688218]
"THotkey"="c:\program files\Toshiba\Toshiba Applet\thotkey.exe" [2005-12-08 352256]
"Tvs"="c:\program files\TOSHIBA\Tvs\TvsTray.exe" [2005-11-30 73728]
"SmoothView"="c:\program files\TOSHIBA\TOSHIBA-zoomutility\SmoothView.exe" [2005-05-12 118784]
"PadTouch"="c:\program files\TOSHIBA\Touch and Launch\PadExe.exe" [2005-08-30 1077327]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-08-01 122940]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]
"RTHDCPL"="RTHDCPL.EXE" [2005-11-10 c:\windows\RTHDCPL.exe]
"AGRSMMSG"="AGRSMMSG.exe" [2005-10-15 c:\windows\agrsmmsg.exe]
"TPSMain"="TPSMain.exe" [2005-08-03 c:\windows\system32\TPSMain.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-22 39264]
c:\documents and settings\Mickael Meynckens\Menu Start\Programma's\Opstarten\
Microsoft Office OneNote 2003 Quick Launch.lnk - c:\program files\Microsoft Office\OFFICE11\ONENOTEM.EXE [2007-04-19 64864]
SpywareGuard.lnk - c:\program files\SpywareGuard\sgmain.exe [2003-08-29 360448]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0stera
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Adobe Reader Snelle start.lnk]
path=c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\Adobe Reader Snelle start.lnk
backup=c:\windows\pss\Adobe Reader Snelle start.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^RAMASST.lnk]
path=c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\RAMASST.lnk
backup=c:\windows\pss\RAMASST.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent DNA]
--a------ 2008-12-19 12:11 342848 c:\program files\DNA\btdna.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-09-06 15:09 413696 c:\program files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2008-02-22 04:25 144784 c:\program files\Java\jre1.6.0_05\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TOSCDSPD]
--a------ 2005-04-12 10:47 65536 c:\program files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\EA GAMES\\Battlefield 2\\bf2_w32ded.exe"=
"c:\\Program Files\\Sony\\Media Manager for PSP\\MediaManager.exe"=
"c:\\Program Files\\Ubisoft\\Crytek\\Far Cry\\Bin32\\FarCry.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\NexonUS\\NGM\\NGM.exe"=
"c:\\Program Files\\EA GAMES\\Battlefield 2\\BF2.exe"=
"c:\\AeriaGames\\12Sky\\TwelveSky.exe"=
"c:\\Program Files\\Ubisoft\\Crytek\\Far Cry\\Bin32\\Editor.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"43594:TCP"= 43594:TCP:Myfirstserver
"45383:TCP"= 45383:TCP:limewire
"45383:UDP"= 45383:UDP:limewire
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-04-05 114768]
R1 prodrv04;Star Force copy protection driver v4;c:\windows\system32\drivers\prodrv04.sys [2006-05-14 114496]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2008-04-05 20560]
S1 ec23213a;ec23213a;c:\windows\system32\drivers\ec23213a.sys --> c:\windows\system32\drivers\ec23213a.sys [?]
S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\8.tmp --> c:\windows\system32\8.tmp [?]
.
Inhoud van de 'Gedeelde Taken' map
2009-03-09 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe []
2006-05-10 c:\windows\Tasks\Herinnering voor registratie 1.job
- c:\windows\system32\OOBE\oobebaln.exe [2004-08-04 12:00]
2006-05-24 c:\windows\Tasks\Herinnering voor registratie 2.job
- c:\windows\system32\OOBE\oobebaln.exe [2004-08-04 12:00]
2006-05-31 c:\windows\Tasks\Herinnering voor registratie 3.job
- c:\windows\system32\OOBE\oobebaln.exe [2004-08-04 12:00]
.
- - - - ORPHANS VERWIJDERD - - - -
Notify-= - (no file)
.
------- Bijkomende Scan -------
.
uStart Page = hxxp://www.google.com/
IE: &Search
IE: Add to Windows &Live Favorites - Add to Windows Live Favorites
IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Mickael Meynckens\Application Data\Mozilla\Firefox\Profiles\bfkpphmo.default\
FF - prefs.js: browser.startup.homepage - about:blank
FF - prefs.js: keyword.URL - hxxp://www.ffsearch.net/s/?ref=adr&q=
FF - plugin: c:\documents and settings\All Users\Application Data\NexonUS\NGM\npNxGameUS.dll
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-10 16:58:30
Windows 5.1.2600 Service Pack 2 NTFS
scannen van verborgen processen ...
scannen van verborgen autostart items ...
scannen van verborgen bestanden ...
Scan succesvol afgerond
verborgen bestanden: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MEMSWEEP2]
"ImagePath"="\??\c:\windows\system32\8.tmp"
.
--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------
[HKEY_USERS\S-1-5-21-2956754000-462173396-3950971921-1006\Software\Sony Creative Software\M*e*d*i*a* *M*a*n*a*g*e*r* *f*o*r* *P*S*P*"!\3.0]
"Percents"="0 0.1008 0.3473 0.4454 0.5322 0.7675 0.7731 "
"Increment"=".013699"
"FRT"="EGh+TeIAiR50DFrPFWXO+gbsT7AFtC8XHTkOrYDzdj7utoZe+rsZNA=="
"PLCK"="nv1OGMTGkLBXhXOBtKWWRC0j5DMTc6at"
"PHSH"=""
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|ù•9~*]
"3140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
.
Voltooingstijd: 2009-03-10 17:01:33
ComboFix-quarantined-files.txt 2009-03-10 16:01:13
ComboFix2.txt 2009-03-09 21:28:54
Pre-Run: 6.154.141.696 bytes beschikbaar
Post-Run: 6,148,042,752 bytes beschikbaar
198 --- E O F --- 2009-02-25 16:33:33
-
Combofix log:
ComboFix 09-03-06.02 - Mickael Meynckens 2009-03-09 22:15:27.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.31.1043.18.478.74 [GMT 1:00]
Gestart vanuit: c:\documents and settings\Mickael Meynckens\Bureaublad\ComboFix.exe
AV: avast! antivirus 4.8.1335 [VPS 090308-0] *On-access scanning enabled* (Updated)
* Nieuw herstelpunt werd aangemaakt
.
(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\Administrator\Local Settings\Temporary Internet Files\Dxc.log
c:\documents and settings\Mickael Meynckens\Local Settings\Temporary Internet Files\80C83654-E5B8-4c11-9CF8-944A3B1BE815-btnclk
c:\documents and settings\Mickael Meynckens\Local Settings\Temporary Internet Files\80C83654-E5B8-4c11-9CF8-944A3B1BE815-btnnrm
c:\documents and settings\Mickael Meynckens\Local Settings\Temporary Internet Files\80C83654-E5B8-4c11-9CF8-944A3B1BE815-btnovr
c:\documents and settings\Mickael Meynckens\Local Settings\Temporary Internet Files\80C83654-E5B8-4c11-9CF8-944A3B1BE815-index.html
c:\documents and settings\Mickael Meynckens\Local Settings\Temporary Internet Files\Dxc.log
C:\install.exe
c:\program files\Common Files\companion wizard
c:\program files\Mozilla Firefox\components\edf24c64-7b12-154b-2014-657ad2a5ef9a.dll
c:\windows\system32\_000006_.tmp.dll
c:\windows\system32\28463
c:\windows\system32\28463\CNAE.001
c:\windows\system32\cpmsky-uninst.exe
c:\windows\system32\gzmrot-uninst.exe
D:\Autorun.inf
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_SYSREST.SYS
-------\Legacy_TDSSSERV
-------\Service_tdssserv
(((((((((((((((((((( Bestanden Gemaakt van 2009-02-09 to 2009-03-09 ))))))))))))))))))))))))))))))
.
2009-03-09 20:15 . 2009-03-09 20:15 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-03-09 20:15 . 2009-03-09 20:15 <DIR> d-------- c:\documents and settings\Mickael Meynckens\Application Data\Malwarebytes
2009-03-09 20:15 . 2009-03-09 20:15 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-03-09 20:15 . 2009-02-11 10:19 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-03-09 20:15 . 2009-02-11 10:19 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-03-09 17:07 . 2009-03-09 17:07 <DIR> d-------- c:\program files\Trend Micro
2009-03-02 09:30 . 2009-03-02 09:30 <DIR> d-------- c:\program files\TI Education
2009-03-01 22:31 . 2009-03-01 22:31 7,680 --ahs---- c:\windows\Thumbs.db
2009-02-27 11:49 . 2009-03-07 19:36 <DIR> d-------- c:\program files\Cheat Engine
2009-02-27 11:49 . 2006-09-04 19:16 1,970,176 --a------ c:\windows\system32\d3dx9.dll
2009-02-27 11:49 . 2006-09-04 19:16 679,936 --a------ c:\windows\system32\D3DX81ab.dll
2009-02-26 15:01 . 2003-07-19 16:17 5,174 --a------ c:\windows\system32\nppt9x.vxd
2009-02-26 15:01 . 2005-01-03 07:43 4,682 --a------ c:\windows\system32\npptNT2.sys
2009-02-26 15:00 . 2009-02-26 15:00 <DIR> d-------- c:\program files\Common Files\INCA Shared
2009-02-26 14:36 . 2009-02-26 21:07 <DIR> d-------- C:\AeriaGames
2009-02-26 14:34 . 2009-02-26 14:34 <DIR> d-------- c:\documents and settings\Mickael Meynckens\Application Data\InstallShield
2009-02-26 11:32 . 2009-02-26 11:32 621,568 --a------ c:\windows\system32\nsq303.dll
2009-02-25 12:00 . 2009-01-09 20:18 1,089,891 -----c--- c:\windows\system32\dllcache\ntprint.cat
2009-02-24 21:13 . 2009-02-24 21:13 <DIR> d-------- c:\documents and settings\All Users\MAYN Games
2009-02-20 22:55 . 2009-02-20 22:55 <DIR> d-------- c:\program files\Ubisoft
2009-02-17 17:57 . 2009-02-17 17:57 <DIR> d-------- c:\documents and settings\Mickael Meynckens\Application Data\MySpace
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-07 23:47 --------- d--h--w c:\program files\InstallShield Installation Information
2009-03-07 19:06 --------- d-----w c:\program files\LimeWire
2009-03-01 23:01 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-03-01 17:13 --------- d-----w c:\documents and settings\Mickael Meynckens\Application Data\DNA
2009-02-26 09:46 --------- d-----w c:\program files\DNA
2009-02-05 12:16 --------- d-----w c:\program files\Reference Assemblies
2009-02-05 12:16 --------- d-----w c:\program files\MSBuild
2009-02-05 12:05 --------- d-----w c:\program files\MSXML 6.0
2008-12-28 13:53 31 ----a-w c:\documents and settings\Mickael Meynckens\jagex_runescape_preferences.dat
2008-09-12 18:47 22,328 ----a-w c:\documents and settings\Mickael Meynckens\Application Data\PnkBstrK.sys
2006-12-18 23:03 507,904 ----a-w c:\program files\ie-spyad.exe
2006-12-18 23:00 125,388 ----a-w c:\program files\hosts.zip
2006-12-18 22:51 670 ----a-w c:\program files\SpywareGuard LiveUpdate.lnk
2006-12-18 22:51 638 ----a-w c:\program files\SpywareGuard.lnk
2006-12-18 22:41 690 ----a-w c:\program files\SpywareBlaster.lnk
2006-12-17 21:57 381,390 ----a-w c:\program files\combofix.exe
2006-12-17 20:34 5,426,588 ----a-w c:\program files\drweb-cureit.exe
2006-12-17 13:16 849 ----a-w c:\program files\AVG Anti-Spyware.lnk
2006-12-17 12:54 99,622 ----a-w c:\program files\sedebugfix.exe
2006-12-17 12:26 1,182,183 ----a-w c:\program files\sarsfx.exe
2006-08-01 19:38 10,973,128 ----a-w c:\program files\setupdutALVAST.exe
2008-09-05 18:42 32,768 -csha-w c:\windows\system32\config\systemprofile\Local Settings\Geschiedenis\History.IE5\MSHist012008081820080825\index.dat
2008-09-12 18:34 32,768 -csha-w c:\windows\system32\config\systemprofile\Local Settings\Geschiedenis\History.IE5\MSHist012008090120080908\index.dat
2008-09-12 19:51 32,768 -csha-w c:\windows\system32\config\systemprofile\Local Settings\Geschiedenis\History.IE5\MSHist012008091220080913\index.dat
2008-09-13 09:34 32,768 -csha-w c:\windows\system32\config\systemprofile\Local Settings\Geschiedenis\History.IE5\MSHist012008091320080914\index.dat
2008-09-13 21:32 49,152 -csha-w c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"Creative Detector"="c:\program files\CreativeEMI\MediaSource\Detector\CTDetect.exe" [2004-12-02 102400]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-05 344064]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2004-10-14 98394]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2004-10-14 688218]
"THotkey"="c:\program files\Toshiba\Toshiba Applet\thotkey.exe" [2005-12-08 352256]
"Tvs"="c:\program files\TOSHIBA\Tvs\TvsTray.exe" [2005-11-30 73728]
"SmoothView"="c:\program files\TOSHIBA\TOSHIBA-zoomutility\SmoothView.exe" [2005-05-12 118784]
"PadTouch"="c:\program files\TOSHIBA\Touch and Launch\PadExe.exe" [2005-08-30 1077327]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-08-01 122940]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]
"RTHDCPL"="RTHDCPL.EXE" [2005-11-10 c:\windows\RTHDCPL.exe]
"AGRSMMSG"="AGRSMMSG.exe" [2005-10-15 c:\windows\agrsmmsg.exe]
"TPSMain"="TPSMain.exe" [2005-08-03 c:\windows\system32\TPSMain.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-22 39264]
c:\documents and settings\Mickael Meynckens\Menu Start\Programma's\Opstarten\
Microsoft Office OneNote 2003 Quick Launch.lnk - c:\program files\Microsoft Office\OFFICE11\ONENOTEM.EXE [2007-04-19 64864]
SpywareGuard.lnk - c:\program files\SpywareGuard\sgmain.exe [2003-08-29 360448]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0stera
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Adobe Reader Snelle start.lnk]
path=c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\Adobe Reader Snelle start.lnk
backup=c:\windows\pss\Adobe Reader Snelle start.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^RAMASST.lnk]
path=c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\RAMASST.lnk
backup=c:\windows\pss\RAMASST.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent DNA]
--a------ 2008-12-19 12:11 342848 c:\program files\DNA\btdna.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-09-06 15:09 413696 c:\program files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2008-02-22 04:25 144784 c:\program files\Java\jre1.6.0_05\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TOSCDSPD]
--a------ 2005-04-12 10:47 65536 c:\program files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\EA GAMES\\Battlefield 2\\bf2_w32ded.exe"=
"c:\\Program Files\\Sony\\Media Manager for PSP\\MediaManager.exe"=
"c:\\Program Files\\Ubisoft\\Crytek\\Far Cry\\Bin32\\FarCry.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\NexonUS\\NGM\\NGM.exe"=
"c:\\Program Files\\EA GAMES\\Battlefield 2\\BF2.exe"=
"c:\\AeriaGames\\12Sky\\TwelveSky.exe"=
"c:\\Program Files\\Ubisoft\\Crytek\\Far Cry\\Bin32\\Editor.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"43594:TCP"= 43594:TCP:Myfirstserver
"45383:TCP"= 45383:TCP:limewire
"45383:UDP"= 45383:UDP:limewire
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-04-05 114768]
R1 prodrv04;Star Force copy protection driver v4;c:\windows\system32\drivers\prodrv04.sys [2006-05-14 114496]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2008-04-05 20560]
S1 ec23213a;ec23213a;c:\windows\system32\drivers\ec23213a.sys [2008-08-26 0]
S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\8.tmp --> c:\windows\system32\8.tmp [?]
--- Andere Services/Drivers In Geheugen ---
*Deregistered* - ALG
*Deregistered* - Apple Mobile Device
*Deregistered* - aswUpdSv
*Deregistered* - Ati HotKey Poller
*Deregistered* - AudioSrv
*Deregistered* - Autodesk Licensing Service
*Deregistered* - avast! Antivirus
*Deregistered* - avast! Mail Scanner
*Deregistered* - avast! Web Scanner
*Deregistered* - AVG Anti-Spyware Guard
*Deregistered* - BITS
*Deregistered* - Browser
*Deregistered* - CFSvcs
*Deregistered* - Creative Service for CDROM Access
*Deregistered* - CryptSvc
*Deregistered* - DcomLaunch
*Deregistered* - Dhcp
*Deregistered* - Dnscache
*Deregistered* - DVD-RAM_Service
*Deregistered* - ERSvc
*Deregistered* - EventSystem
*Deregistered* - FastUserSwitchingCompatibility
*Deregistered* - helpsvc
*Deregistered* - lanmanserver
*Deregistered* - lanmanworkstation
*Deregistered* - LmHosts
*Deregistered* - MSIServer
*Deregistered* - Netman
*Deregistered* - Nla
*Deregistered* - pnkbstra
*Deregistered* - PnkBstrB
*Deregistered* - PolicyAgent
*Deregistered* - ProtectedStorage
*Deregistered* - RasMan
*Deregistered* - RpcSs
*Deregistered* - SamSs
*Deregistered* - Schedule
*Deregistered* - seclogon
*Deregistered* - SENS
*Deregistered* - SharedAccess
*Deregistered* - ShellHWDetection
*Deregistered* - srservice
*Deregistered* - SSDPSRV
*Deregistered* - stisvc
*Deregistered* - TapiSrv
*Deregistered* - TAPPSRV
*Deregistered* - TermService
*Deregistered* - Themes
*Deregistered* - TrkWks
*Deregistered* - W32Time
*Deregistered* - WebClient
*Deregistered* - winmgmt
*Deregistered* - wscsvc
*Deregistered* - wuauserv
*Deregistered* - WZCSVC
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
\Shell\AutoRun\command - D:\setupSNK.exe
.
Inhoud van de 'Gedeelde Taken' map
2009-03-09 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe []
2006-05-10 c:\windows\Tasks\Herinnering voor registratie 1.job
- c:\windows\system32\OOBE\oobebaln.exe [2004-08-04 12:00]
2006-05-24 c:\windows\Tasks\Herinnering voor registratie 2.job
- c:\windows\system32\OOBE\oobebaln.exe [2004-08-04 12:00]
2006-05-31 c:\windows\Tasks\Herinnering voor registratie 3.job
- c:\windows\system32\OOBE\oobebaln.exe [2004-08-04 12:00]
.
- - - - ORPHANS VERWIJDERD - - - -
HKU-Default-Run-MySpaceIM - c:\program files\MySpace\IM\MySpaceIM.exe
SSODL-JSXjIh-{D4B64AF6-7E1C-E05C-FC43-69CCB3F1284D} - c:\windows\system32\vm.dll
Notify-= - (no file)
MSConfigStartUp-FIVE OBJ - c:\docume~1\MICKAE~1\APPLIC~1\Flagbows\16 atom spam.exe
MSConfigStartUp-MySpaceIM - c:\program files\MySpace\IM\MySpaceIM.exe
MSConfigStartUp-spa_start - c:\windows\system32\{b518d6d3-d584-d859-7b26-e530cd057801}.dll
MSConfigStartUp-yammk - c:\documents and settings\mickael meynckens\local settings\application data\yammk.exe
.
------- Bijkomende Scan -------
.
uStart Page = hxxp://www.google.com/
IE: &Search
IE: Add to Windows &Live Favorites - Add to Windows Live Favorites
IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\Mickael Meynckens\Menu Start\Programma's\IMVU\Run IMVU.lnk
FF - ProfilePath - c:\documents and settings\Mickael Meynckens\Application Data\Mozilla\Firefox\Profiles\bfkpphmo.default\
FF - prefs.js: browser.startup.homepage - about:blank
FF - prefs.js: keyword.URL - hxxp://www.ffsearch.net/s/?ref=adr&q=
FF - plugin: c:\documents and settings\All Users\Application Data\NexonUS\NGM\npNxGameUS.dll
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-09 22:21:35
Windows 5.1.2600 Service Pack 2 NTFS
scannen van verborgen processen ...
scannen van verborgen autostart items ...
scannen van verborgen bestanden ...
Scan succesvol afgerond
verborgen bestanden: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MEMSWEEP2]
"ImagePath"="\??\c:\windows\system32\8.tmp"
.
--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------
[HKEY_USERS\S-1-5-21-2956754000-462173396-3950971921-1006\Software\Sony Creative Software\M*e*d*i*a* *M*a*n*a*g*e*r* *f*o*r* *P*S*P*"!\3.0]
"Percents"="0 0.1008 0.3473 0.4454 0.5322 0.7675 0.7731 "
"Increment"=".013699"
"FRT"="EGh+TeIAiR50DFrPFWXO+gbsT7AFtC8XHTkOrYDzdj7utoZe+rsZNA=="
"PLCK"="nv1OGMTGkLBXhXOBtKWWRC0j5DMTc6at"
"PHSH"=""
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|ù•9~*]
"3140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
.
------------------------ Andere Aktieve Processen ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
c:\program files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe
c:\windows\system32\CTSVCCDA.EXE
c:\windows\system32\DVDRAMSV.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\PnkBstrB.exe
c:\program files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
c:\windows\system32\TPSBattM.exe
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
c:\windows\system32\msiexec.exe
c:\program files\SpywareGuard\sgbhp.exe
.
**************************************************************************
.
Voltooingstijd: 2009-03-09 22:28:51 - machine werd herstart
ComboFix-quarantined-files.txt 2009-03-09 21:28:46
Pre-Run: 6.215.155.712 bytes beschikbaar
Post-Run: 6,167,453,696 bytes beschikbaar
WindowsXP-KB310994-SP2-Home-BootDisk-NLD.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
296 --- E O F --- 2009-02-25 16:33:33
HijackThis log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:32, on 9/03/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\DVDRAMSV.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\Program Files\TOSHIBA\Tvs\TvsTray.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
C:\Program Files\TOSHIBA\TOSHIBA-zoomutility\SmoothView.exe
C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\CreativeEMI\MediaSource\Detector\CTDetect.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [synTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [THotkey] C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
O4 - HKLM\..\Run: [Tvs] C:\Program Files\TOSHIBA\Tvs\TvsTray.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [smoothView] C:\Program Files\TOSHIBA\TOSHIBA-zoomutility\SmoothView.exe
O4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Creative Detector] C:\Program Files\CreativeEMI\MediaSource\Detector\CTDetect.exe /R
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O8 - Extra context menu item: Add to Windows &Live Favorites - Add to Windows Live Favorites
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Mickael Meynckens\Menu Start\Programma's\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O16 - DPF: {70ba88c8-dae8-4ce9-92bb-979c4a75f53b} (GSDACtl Class) - http://launch.gamespyarcade.com/software/launch/alaunch.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O23 - Service: Atheros-clienthulpprogramma (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Autodesk Licensing Service - Unknown owner - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: PnkBstrA (pnkbstra) - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: Spooler - Unknown owner - C:\WINDOWS\system32\spoolsv.exe (file missing)
O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
O24 - Desktop Component 0: Privacy Protection - (no file)
--
End of file - 7987 bytes
Bedankt voor al wat je al gedaan hebt en die VIRUS ALERT! is nu toch wel weg gegaan.
-
HijackThis log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:46: VIRUS ALERT!, on 9/03/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\WINDOWS\system32\DVDRAMSV.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
C:\Program Files\TOSHIBA\Tvs\TvsTray.exe
C:\Program Files\TOSHIBA\TOSHIBA-zoomutility\SmoothView.exe
C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\CreativeEMI\MediaSource\Detector\CTDetect.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [synTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [THotkey] C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
O4 - HKLM\..\Run: [Tvs] C:\Program Files\TOSHIBA\Tvs\TvsTray.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [smoothView] C:\Program Files\TOSHIBA\TOSHIBA-zoomutility\SmoothView.exe
O4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Creative Detector] C:\Program Files\CreativeEMI\MediaSource\Detector\CTDetect.exe /R
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: Add to Windows &Live Favorites - Add to Windows Live Favorites
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Mickael Meynckens\Menu Start\Programma's\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O16 - DPF: {70ba88c8-dae8-4ce9-92bb-979c4a75f53b} (GSDACtl Class) - http://launch.gamespyarcade.com/software/launch/alaunch.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O21 - SSODL: JSXjIh - {D4B64AF6-7E1C-E05C-FC43-69CCB3F1284D} - C:\WINDOWS\system32\vm.dll (file missing)
O23 - Service: Atheros-clienthulpprogramma (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Autodesk Licensing Service - Unknown owner - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: PnkBstrA (pnkbstra) - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
O24 - Desktop Component 0: Privacy Protection - (no file)
--
End of file - 8318 bytes
MBAM log:
Malwarebytes' Anti-Malware 1.34
Database versie: 1828
Windows 5.1.2600 Service Pack 2
9/03/2009 20:35:12
mbam-log-2009-03-09 (20-35-12).txt
Scan type: Snelle Scan
Objecten gescand: 69618
Verstreken tijd: 17 minute(s), 31 second(s)
Geheugenprocessen geïnfecteerd: 0
Geheugenmodulen geïnfecteerd: 1
Registersleutels geïnfecteerd: 57
Registerwaarden geïnfecteerd: 9
Registerdata bestanden geïnfecteerd: 8
Mappen geïnfecteerd: 0
Bestanden geïnfecteerd: 19
Geheugenprocessen geïnfecteerd:
(Geen kwaadaardige items gevonden)
Geheugenmodulen geïnfecteerd:
C:\Program Files\Mozilla Firefox\components\nsBrowserGal.dll (Adware.Agent) -> Delete on reboot.
Registersleutels geïnfecteerd:
HKEY_CLASSES_ROOT\adssite.ad (Adware.AdRotator) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\adssite.ad.1 (Adware.AdRotator) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\adzgalore.optimizer (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\adzgalore.optimizer.1 (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\bhonew.bho (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\bhonew.bho.1 (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{1e404d48-670a-4085-a6a0-d195793ddd33} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{4cde7971-1026-41ae-9818-31a9e5779441} (Adware.AdRotator) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{81b7f2df-3427-4704-b441-f74a4de94ce1} (Adware.Rightonadz) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{9f593aac-ca4c-4a41-a7ff-a00812192d61} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{bd219b90-626b-40f4-bfdd-420240dfca2c} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{caf9d798-c659-4b9b-8e19-ee27c3d04ee7} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{6d0386b3-fd72-488e-9740-90355ae21735} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{994b5fb4-0103-44a6-b6b3-c73572b362bc} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{9506910a-0f94-4ea1-b567-7070428b8b2b} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{faba076a-478a-4c32-a0a5-c774607901c2} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{1e404d48-670a-4085-a6a0-d195793ddd33} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{f31b3634-12aa-41ca-b021-0685c3b3e4ca} (Adware.AdRotator) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{49bcc77a-79eb-4d50-a6db-04e8202921c4} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{749ec66f-a838-4b38-b8e5-e65d905fff74} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{15c7d7ad-a87a-4c0d-9d8b-637fcd3488ef} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{5dbd13bc-c3f8-4846-ad3e-ba3479a5d3f1} (Adware.AdRotator) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\{8d71eeb8-a1a7-4733-8fa2-1cac015c967d} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6d0386b3-fd72-488e-9740-90355ae21735} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{df780f87-ff2b-4df8-92d0-73db16a1543a} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{36a91cec-6c71-4758-b492-397bfc8e96a2} (Adware.Rightonadz) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{ab71e94e-3dc4-41eb-bbd5-31e82c9fd1d4} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{ed8525ea-2bfc-4440-bd8a-20efb9d5e541} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18ea1-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18eab-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{deceaaa2-370a-49bb-9362-68c3a58ddc62} (Adware.180Solutions) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\391c2021-e6f2-bfb8-7fe1-35c45e67815b (Adware.Adrotator) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\adzgalore (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\ToolbarInst.DLL (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\adssite (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\adzgalore (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\tdssdata (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\tdss (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\IEAntiVirus (Rogue.IEAntiVirus) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\Sidebar.DLL (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\rightonadz (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\HID_Layer (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Software Notifier (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\VSPlugin (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\fqbewlna.bdql (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\fqbewlna.toolbar.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NETWORK_MONITOR (Trojan.DNSChanger) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CMDSERVICE (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\MicroAV (Rogue.MicroAntivirus) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Bind (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{10578b14-2d4c-a176-27c8-bf80c202b94d} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{10578b14-2d4c-a176-27c8-bf80c202b94d} (Adware.BHO) -> Quarantined and deleted successfully.
Registerwaarden geïnfecteerd:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components\0\source (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\antispy (Rogue.IEAntiVirus) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\bf (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\bk (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\iu (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\mu (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow\host-domain-lookup.com (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow\www.host-domain-lookup.com (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\MenuExt\&Search\ (Adware.Hotbar) -> Quarantined and deleted successfully.
Registerdata bestanden geïnfecteerd:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search\Local Page (Hijack.Search) -> Bad: (IESearch Start) Good: (Google) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page (Hijack.Homepage) -> Bad: (softwarereferral.com) Good: (Google) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProductId (Trojan.FakeAlert) -> Bad: (VIRUS ALERT!) Good: (76395-OEM-0011903-00111) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoStartMenuMorePrograms (Hijack.StartMenu) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\StartMenuLogOff (Hijack.StartMenu) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDrives (Hijack.Drives) -> Bad: (12) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoToolbarCustomize (Hijack.Explorer) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools (Hijack.Regedit) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
Mappen geïnfecteerd:
(Geen kwaadaardige items gevonden)
Bestanden geïnfecteerd:
C:\Documents and Settings\Mickael Meynckens\Local Settings\Application Data\yammk_navps.dat (Adware.Navipromo.H) -> Quarantined and deleted successfully.
C:\Documents and Settings\Mickael Meynckens\Local Settings\Application Data\yammk_nav.dat (Adware.Navipromo.H) -> Quarantined and deleted successfully.
C:\Documents and Settings\Mickael Meynckens\Local Settings\Application Data\yammk.dat (Adware.Navipromo.H) -> Quarantined and deleted successfully.
C:\Documents and Settings\Mickael Meynckens\Local Settings\Application Data\yammk.exe (Adware.Navipromo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\391c2021-e6f2-bfb8-7fe1-35c45e67815b.exe (Adware.Adrotator) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\adzgalore-remove.exe (Adware.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\WhoisCL.exe (Adware.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\Mickael Meynckens\Application Data\TmpRecentIcons\Micro Antivirus 2009.lnk (Rogue.Link) -> Quarantined and deleted successfully.
C:\Program Files\Mozilla Firefox\components\nsBrowserGal.dll (Adware.Agent) -> Delete on reboot.
C:\WINDOWS\system32\tdssinit.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\tdssservers.dat (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\rightonadz-uninst.exe (Adware.BHO) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\phc9f6j0ecba.bmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ClickToFindandFixErrorsIntl.ico (Malware.Trace) -> Quarantined and deleted successfully.
C:\Documents and Settings\Mickael Meynckens\Favorieten\Error Cleaner.url (Rogue.Link) -> Quarantined and deleted successfully.
C:\Documents and Settings\Mickael Meynckens\Favorieten\Privacy Protector.url (Rogue.Link) -> Quarantined and deleted successfully.
C:\Documents and Settings\Mickael Meynckens\Favorieten\Spyware&Malware Protection.url (Rogue.Link) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\nvs2.inf (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\nsr84.dll (Adware.BHO) -> Quarantined and deleted successfully.
Ik vind AEAntiVirus niet ik heb er een aantal keer voor gezocht maar mijn computer vind het echt niet.
-
Download HiJackThis
Dubbelklik op HJTInstall.exe
Hijackthis wordt nu op je PC geïnstalleerd, een snelkoppeling wordt op je bureaublad geplaatst. Klik op "Do a systemscan and save a logfile". en hang dit logje aan je volgende bericht.
NB. Ben je een gebruiker van Windows Vista dan moet je eerst rechtsklikken op HijackThis.exe en dan kiezen voor "Run as Administrator".
En vertel ook eens welk virus je op de PC hebt of welk programma dat ontdekt heeft ?
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:08: VIRUS ALERT!, on 9/03/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
C:\Program Files\TOSHIBA\Tvs\TvsTray.exe
C:\Program Files\TOSHIBA\TOSHIBA-zoomutility\SmoothView.exe
C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\CreativeEMI\MediaSource\Detector\CTDetect.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\WINDOWS\system32\DVDRAMSV.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = softwarereferral.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: adzgalore - {10578b14-2d4c-a176-27c8-bf80c202b94d} - C:\WINDOWS\system32\nsc2F.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [synTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [THotkey] C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
O4 - HKLM\..\Run: [Tvs] C:\Program Files\TOSHIBA\Tvs\TvsTray.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [smoothView] C:\Program Files\TOSHIBA\TOSHIBA-zoomutility\SmoothView.exe
O4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Creative Detector] C:\Program Files\CreativeEMI\MediaSource\Detector\CTDetect.exe /R
O4 - HKCU\..\Run: [antispy] C:\Program Files\IEAntiVirus\ANTIVIR.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZCfox000
O8 - Extra context menu item: Add to Windows &Live Favorites - Add to Windows Live Favorites
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Mickael Meynckens\Menu Start\Programma's\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O16 - DPF: {70ba88c8-dae8-4ce9-92bb-979c4a75f53b} (GSDACtl Class) - http://launch.gamespyarcade.com/software/launch/alaunch.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O21 - SSODL: JSXjIh - {D4B64AF6-7E1C-E05C-FC43-69CCB3F1284D} - C:\WINDOWS\system32\vm.dll (file missing)
O23 - Service: Atheros-clienthulpprogramma (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Autodesk Licensing Service - Unknown owner - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: PnkBstrA (pnkbstra) - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
O24 - Desktop Component 0: Privacy Protection - file:///C:\WINDOWS\privacy_danger\index.htm
--
End of file - 9021 bytes
Dit is van Hijack. En na mijn tijd staat er 'VIRUS ALERT!' dit komt door een virus van vroeger maar ik krijg het niet weg. Recht vanonder is het nu; 17:14: VIRUS ALERT!.
-
Download HiJackThis
Dubbelklik op HJTInstall.exe
Hijackthis wordt nu op je PC geïnstalleerd, een snelkoppeling wordt op je bureaublad geplaatst. Klik op "Do a systemscan and save a logfile". en hang dit logje aan je volgende bericht.
NB. Ben je een gebruiker van Windows Vista dan moet je eerst rechtsklikken op HijackThis.exe en dan kiezen voor "Run as Administrator".
En vertel ook eens welk virus je op de PC hebt of welk programma dat ontdekt heeft ?
Ik weet niet welk virus het is maar Avast en AVG hebben het gevonden.
-
Ik heb een virusinfectie op mijn computer die veel bestanden infecteren maar ik vind het virus zelf niet.
Ik gebruik Mozilla Firefox.
HELP!! Ik kan geen draadloze verbinding meer maken!!
in Archief Internet & Netwerk
Geplaatst:
Waar vind ik da?