belom
-
Items
17 -
Registratiedatum
-
Laatst bezocht
Inhoudstype
Profielen
Forums
Store
Berichten die geplaatst zijn door belom
-
-
Ja : je kan dan nog wel eerst je schijf eruit halen, aan een andere computer hangen en er nog af halen wat er af te halen is - maar ik vrees dat dit wel veel van je vraagt... ?
Ik heb nog een oude computer staan die niet meer gebruikt wordt omdat de harde schijf op instorten staat. Dus ik wil dit toch wel graag proberen.
Maar hoe moet ik dit precies doen? Moet die andere computer nog aan bepaalde eisen voldoen of kan dit met elke computer? Moet de harde schijf van die oude computer aangesloten blijven of moet die afgekoppeld worden? En de harde schijf van de defecte computer moet die volledig uit de behuizing gehaald worden of kan ik gewoon de 2 open computers naast elkaar zetten en zo die harde schijf aansluiten?
Veel vragen en in de ogen van een expert wss domme vragen maar ik ben echt een leek en ik zou het met jullie hulp wel graag uitproberen.
-
Ja, ik weet idd niet of me dat zal lukken. Maar moest het me toch lukken. Hoe kan ik dan een clean install doen?
-
Niemand die me verder kan helpen?
-
Ik zie het windows - logo niet meer. Een paar seconden verschijnt het asus-logo en dan komt er een zwart scherm met bovenaan links een flikkerend streepje. Ik krijg ook geen foutmelding en bij mijn weten is er geen blauw scherm verschenen
-
Mijn computer start niet meer op. Het Asuslogo of het postscherm verschijnt nog wel en ik kan ook nog in de BIOS. Maar aangezien ik niet veel van bios ken, durf ik daar niet veel aan veranderen. De dvd speler is een paar weken geleden al uitgevallen dus ik kan geen cd-schijf gebruiken. Ik ben een aantal weken geleden wel overgeschakeld van Windows 7 naar Windows 10. Kan ik hier zelf nog iets aan verhelpen denk je of zou ik hem best naar een hersteller doen
-
ComboFix is nu zonder problemen verwijderd en heb Ccleaner zijn werk laten doen.
Bedankt voor al je hulp
-
ComboFix opnieuw gedownload en laten scannen
ComboFix 10-04-12.01 - XP 12/04/2010 19:28:24.3.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.32.1043.18.512.204 [GMT 2:00]
Gestart vanuit: c:\documents and settings\XP\Bureaublad\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
(((((((((((((((((((( Bestanden Gemaakt van 2010-03-12 to 2010-04-12 ))))))))))))))))))))))))))))))
.
2010-04-11 10:02 . 2010-04-11 10:02 -------- d-----w- c:\program files\CodeStuff
2010-04-09 19:26 . 2010-04-09 19:26 -------- d-----w- C:\$AVG
2010-04-09 19:19 . 2010-04-09 19:20 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9
2010-04-08 08:18 . 2010-04-08 08:18 -------- d-----w- c:\documents and settings\XP\Application Data\Malwarebytes
2010-04-08 08:16 . 2010-03-29 22:46 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-08 08:16 . 2010-04-08 08:16 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-04-08 08:16 . 2010-03-29 22:45 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-08 08:16 . 2010-04-08 08:16 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-04-05 14:14 . 2009-06-30 07:37 28552 ----a-w- c:\windows\system32\drivers\pavboot.sys
2010-04-05 14:14 . 2010-04-05 14:14 -------- d-----w- c:\program files\Panda Security
2010-04-05 12:07 . 2010-04-09 19:29 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-03-28 10:43 . 2010-04-11 10:04 -------- d--h--r- c:\documents and settings\XP\Onlangs geopend
2010-03-28 09:13 . 2010-03-28 09:13 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-03-28 09:07 . 2010-03-28 09:09 -------- d-----w- c:\program files\Lavasoft
2010-03-28 08:33 . 2010-04-05 12:18 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2010-03-23 13:34 . 2010-03-23 13:34 -------- d-----w- c:\documents and settings\All Users\Application Data\Nevosoft
2010-03-22 14:06 . 2010-03-22 14:06 -------- d-----w- c:\documents and settings\XP\Application Data\Friday's games
2010-03-21 21:52 . 2010-03-21 21:52 -------- d-----w- c:\documents and settings\XP\Application Data\SerpentOfIsis
2010-03-17 18:57 . 2010-02-12 10:03 293376 ------w- c:\windows\system32\browserchoice.exe
2010-03-17 07:59 . 2010-03-17 07:59 -------- d-----w- c:\program files\Giggles Computerpret voor Baby
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-12 17:25 . 2005-02-10 00:31 841 --sha-w- c:\windows\system32\mmf.sys
2010-04-12 17:02 . 2007-05-16 07:56 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
2010-04-09 19:25 . 2008-06-06 10:42 242696 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-04-09 19:25 . 2008-06-06 10:42 216200 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-04-09 19:25 . 2007-11-12 14:40 29512 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-04-09 19:25 . 2008-06-06 10:42 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2010-04-09 19:20 . 2008-06-06 10:42 -------- d-----w- c:\program files\AVG
2010-04-09 19:03 . 2006-01-08 08:48 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-04-09 19:01 . 2006-09-09 13:20 -------- d-----w- c:\program files\AIM Productions
2010-03-28 07:14 . 2010-03-28 07:14 4904 ----a-w- c:\windows\system32\PerfStringBackup.TMP
2010-03-28 07:14 . 2003-04-08 12:00 93292 ----a-w- c:\windows\system32\perfc013.dat
2010-03-28 07:14 . 2003-04-08 12:00 515228 ----a-w- c:\windows\system32\perfh013.dat
2010-03-22 11:08 . 2006-01-08 08:33 -------- d-----w- c:\program files\Hitman Pro
2010-03-22 11:07 . 2004-11-12 20:02 -------- d-----w- c:\documents and settings\XP\Application Data\Lavasoft
2010-03-22 10:32 . 2009-10-21 12:37 15944 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2010-03-14 12:58 . 2005-12-19 10:11 -------- d-----w- c:\program files\Google
2010-03-13 18:18 . 2010-03-13 12:18 -------- d-----w- c:\documents and settings\XP\Application Data\SprillRichiEng
2010-03-11 19:14 . 2010-03-11 19:14 -------- d-----w- c:\program files\TrendMicro
2010-03-11 17:44 . 2010-03-11 17:44 -------- d-----w- c:\documents and settings\XP\Application Data\YoudaGames
2010-03-11 12:38 . 2004-02-06 16:09 832512 ------w- c:\windows\system32\wininet.dll
2010-03-11 12:38 . 2009-07-26 09:58 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-03-11 12:38 . 2003-04-08 12:00 17408 ----a-w- c:\windows\system32\corpol.dll
2010-03-05 18:07 . 2003-12-18 12:19 -------- d-----w- c:\program files\Common Files\Adobe
2010-03-01 19:34 . 2010-03-01 19:34 -------- d-----w- c:\program files\Common Files\SWF Studio
2010-02-28 11:56 . 2007-07-29 05:53 -------- d-----w- c:\documents and settings\XP\Application Data\Big Fish Games
2010-02-28 08:24 . 2010-02-23 17:51 -------- d-----w- c:\documents and settings\XP\Application Data\ElementalsTheMagicKey
2010-02-19 23:47 . 2010-02-19 23:47 3604480 ----a-w- c:\windows\system32\GPhotos.scr
2010-01-17 15:00 . 2003-12-21 18:53 53376 -c--a-w- c:\documents and settings\XP\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2008-04-06 07:04 . 2008-04-06 07:04 0 -c--a-w- c:\program files\temp01
2006-08-11 13:21 . 2006-08-11 13:21 774144 -c--a-w- c:\program files\RngInterstitial.dll
2006-03-05 14:37 . 2006-03-05 14:37 4269636 -c--a-w- c:\program files\freaksroomescape.rar
2005-12-19 13:43 . 2005-12-19 13:43 560 -c--a-w- c:\program files\Global.sw
2004-09-20 16:44 . 2004-09-20 16:44 8044544 -c--a-w- c:\program files\virusscan7.exe
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OM2_Monitor"="c:\program files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe" [2009-11-25 95632]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-05-16 68856]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CloseDNF"="c:\windows\System32\Utility.exe \1008" [X]
"AME_CSA"="amecsa.cpl" [2002-10-03 782336]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2003-10-22 114741]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2003-09-24 5033984]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-04-09 19:25 12464 ----a-w- c:\windows\system32\avgrsstx.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0SsiEfr.e
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2009-12-11 14:57 948672 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-12-22 00:57 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
2007-04-03 22:29 165784 -c--a-w- c:\program files\DAEMON Tools\daemon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2008-12-08 13:50 54576 -c--a-w- c:\program files\Hewlett-Packard\HP Software Update\hpwuschd2.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpqSRMon]
2007-08-22 15:31 80896 -c--a-w- c:\program files\HP\Digital Imaging\bin\HpqSRmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2007-11-15 12:11 267048 ----a-w- c:\program files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2003-09-24 11:32 5033984 ----a-r- c:\windows\system32\nvcpl.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
2003-09-24 11:32 741376 ----a-r- c:\windows\system32\nwiz.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2007-11-14 22:43 286720 ----a-w- c:\program files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Smapp]
2002-10-11 17:26 98304 ----a-w- c:\program files\Analog Devices\SoundMAX\SMTray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-09-06 07:34 149280 ----a-w- c:\program files\Java\jre6\bin\jusched.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\StubInstaller.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\WINDOWS\\system32\\dxdiag.exe"=
"c:\\WINDOWS\\system32\\dpnsvr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\ASUS\\AsusUpdate\\Update.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"9420:TCP"= 9420:TCP:RSP
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [5/04/2010 16:14 28552]
R0 sfsync03;StarForce Protection Synchronization Driver (version 3.x);c:\windows\system32\drivers\sfsync03.sys [6/12/2005 17:11 35328]
R1 as6eio;as6eio;c:\windows\system32\drivers\AS6EIO.SYS [14/01/2004 14:32 3616]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [6/06/2008 12:42 216200]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [6/06/2008 12:42 242696]
R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [9/04/2010 21:22 308064]
S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [20/04/2007 19:07 682232]
S2 Ca533av;Icatch(IV) Video Camera Device;c:\windows\system32\Drivers\Ca533av.sys --> c:\windows\system32\Drivers\Ca533av.sys [?]
S2 LicCtrlService;LicCtrl Service;c:\windows\Runservice.exe [10/02/2005 2:31 2560]
S3 AmeAtmPc;AmeAtmPc;c:\windows\system32\drivers\ameatmpc.sys [18/12/2003 21:27 110179]
S3 ASUSHWIO;ASUSHWIO;\??\c:\windows\system32\drivers\ASUSHWIO.sys --> c:\windows\system32\drivers\ASUSHWIO.sys [?]
S3 AtmElan;ATM geëmuleerde LAN;c:\windows\system32\drivers\atmlane.sys [8/04/2003 14:00 55808]
S3 AtmLane;ATM LAN-emulatie;c:\windows\system32\drivers\atmlane.sys [8/04/2003 14:00 55808]
S3 hitmanpro3;Hitman Pro 3 Support Driver;\??\c:\windows\system32\drivers\hitmanpro3.sys --> c:\windows\system32\drivers\hitmanpro3.sys [?]
S3 SetupNTGLM7X;SetupNTGLM7X;\??\d:\ntglm7x.sys --> d:\NTGLM7X.sys [?]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08
.
Inhoud van de 'Gedeelde Taken' map
2010-04-05 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 13:57]
2010-04-12 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-05-16 18:42]
2010-04-10 c:\windows\Tasks\OGADaily.job
- c:\windows\system32\OGAVerify.exe [2008-12-31 16:04]
2010-04-12 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAVerify.exe [2008-12-31 16:04]
2010-04-12 c:\windows\Tasks\User_Feed_Synchronization-{111BC756-D160-42A8-A6EA-C96F9481B73C}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 09:58]
.
.
------- Bijkomende Scan -------
.
uStart Page = hxxp://www.skynet.be/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
Trusted Zone: dexia.be\directnet
Trusted Zone: vlimmerensport.be\www
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://game16.zylomgames.com/activex/zylomgamesplayer.cab
DPF: {CE69F98F-2AF3-4306-BAC6-A79070EDA1B4} - hxxp://game12.zylomgames.com/activex/zylomloader.cab
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2010-04-12 19:41
Windows 5.1.2600 Service Pack 3 NTFS
scannen van verborgen processen ...
scannen van verborgen autostart items ...
scannen van verborgen bestanden ...
Scan succesvol afgerond
verborgen bestanden: 0
**************************************************************************
.
--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------
[HKEY_USERS\S-1-5-21-343818398-884357618-839522115-1004\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
[HKEY_USERS\S-1-5-21-343818398-884357618-839522115-1004\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:ea,1b,a7,57,2b,04,6f,50,0d,93,9a,4b,8a,15,2c,50,82,ea,00,e7,9a,66,33,
64,67,78,b9,07,28,ce,86,3f,dc,db,31,c7,ce,b8,0c,69,f4,5c,a9,f9,df,b5,8a,34,\
"??"=hex:8b,7d,b4,15,54,24,fb,d3,a1,e6,00,24,d0,34,c0,21
[HKEY_USERS\S-1-5-21-343818398-884357618-839522115-1004\Software\SecuROM\License information*]
"datasecu"=hex:b6,d8,e2,e6,96,c8,b0,24,d2,67,5c,f5,cc,7d,f4,fe,ba,c8,7f,de,32,
84,7b,ec,39,8e,fb,e6,55,4f,c3,6f,f3,23,11,76,64,30,68,6f,db,17,cf,7f,88,a7,\
"rkeysecu"=hex:b3,a6,db,3c,87,0c,3e,99,24,5e,0d,1c,06,b7,47,de
[HKEY_USERS\S-1-5-21-343818398-884357618-839522115-1004_Classes\Software\CLASSES\CLSID\{308C9F45-2012-8D0B-DE68-966EB937DACD}*\InprocServer32]
"{308C9F45-2012-8D0B-DE68-966EB937DACD}"=hex:cc,84,9f,40,53,55,2e,2f,25,23,bc,
8f,22,53,1e,1e,b9,0b,e2,ae,89,89,be,eb,cc,84,9f,40,53,55,2e,2f,cc,84,9f,40,\
[HKEY_USERS\S-1-5-21-343818398-884357618-839522115-1004_Classes\Software\CLASSES\CLSID\{51604D3C-DD1A-E3C6-2D49-6AB6591D4A83}*\InprocServer32]
"{51604D3C-DD1A-E3C6-2D49-6AB6591D4A83}"=hex:5f,4b,58,2d,98,ad,2f,88,6b,d5,04,
68,69,6a,fd,30,44,d6,f5,e6,cd,7b,13,46,5f,4b,58,2d,98,ad,2f,88,5f,4b,58,2d,\
[HKEY_USERS\S-1-5-21-343818398-884357618-839522115-1004_Classes\Software\CLASSES\CLSID\{61CBBFD6-B177-3731-1119-E841875EA065}*\InprocServer32]
"{61CBBFD6-B177-3731-1119-E841875EA065}"=hex:05,f5,15,57,ec,e6,c9,b7,2f,eb,40,
60,5b,85,be,e5,43,a8,60,77,e2,48,c8,00,05,f5,15,57,ec,e6,c9,b7,05,f5,15,57,\
[HKEY_USERS\S-1-5-21-343818398-884357618-839522115-1004_Classes\Software\CLASSES\CLSID\{69D5F6E9-AB5E-B704-0A91-0BA78CDAAC8F}*\InprocServer32]
"{69D5F6E9-AB5E-B704-0A91-0BA78CDAAC8F}"=hex:de,b7,77,b3,43,61,c0,5c,33,eb,e9,
f3,61,4a,ad,20,53,da,34,a2,1e,e3,e6,4b,de,b7,77,b3,43,61,c0,5c,de,b7,77,b3,\
[HKEY_USERS\S-1-5-21-343818398-884357618-839522115-1004_Classes\Software\CLASSES\CLSID\{72D1E981-816B-B173-3CF1-2730930EC7EB}*\InprocServer32]
"{72D1E981-816B-B173-3CF1-2730930EC7EB}"=hex:18,63,a9,c1,bd,09,e9,dc,f1,c3,35,
36,44,05,f8,42,1b,af,f3,55,44,52,22,5b,18,63,a9,c1,bd,09,e9,dc,18,63,a9,c1,\
[HKEY_LOCAL_MACHINE\software\LicCtrl\LicCtrl\LicCtrl\LicCtrl*lkzs$i&y@^t! #^$ g9^$&pgb SDB36o \F3F0046F119EFA4F]
"1"=hex:97,5e,49,d3,7c,a0,18,18,10,c9,e3,e3,c1,ae,57,ed,c2,97,86,6a,a5,82,f8,
d5,42,54,3b,7e,24,3e,19,f8
"2"=hex:f1,df,16,de,80,08,0e,2a,d1,38,b5,6f,94,ca,dc,d2,b3,e8,d2,40,6c,6f,61,
5e,d2,5e,7f,21,14,b5,b2,29
"3"=hex:97,5e,49,d3,7c,a0,18,18,10,c9,e3,e3,c1,ae,57,ed,c2,97,86,6a,a5,82,f8,
d5,f2,55,76,c8,bc,53,92,25,3f,d1,b6,bc,00,35,73,43,96,90,79,f6,5b,97,35,47,\
[HKEY_LOCAL_MACHINE\software\LicCtrl\LicCtrl\LicCtrl\LicCtrl*lkzs$i&y@^t! #^$ g9^$&pgb SDB36o \F3F0046F119EFA4F\BB6E5071F4E6B2769BD4E4FACC553A99]
"1"=hex:09,d8,ec,22,15,54,e7,37,3d,5b,59,2d,b7,79,05,2e,dc,0a,71,44,dc,37,80,
ce,24,ad,19,19,d6,bf,9e,2f
"2"=hex:69,46,da,08,bb,5c,f4,0f
"3"=hex:13,3f,04,2c,e8,c9,59,40,25,84,18,cb,a3,2c,48,87,59,7e,10,5d,79,73,18,
75,65,c3,f9,a4,2d,b9,b1,31,a6,9b,78,eb,ab,12,98,21,99,3c,ec,97,2a,00,fd,0c,\
"4"=hex:2f,ad,a2,e7,8a,bf,05,5e
"5"=hex:bf,e5,23,7b,b0,66,d6,fc,b8,e8,6b,a0,96,52,f7,32,80,09,8f,24,b7,b3,55,
1a,98,d1,47,16,02,43,61,1c,b9,d5,8f,2a,7b,81,b1,fb,95,22,f8,b3,2c,53,9d,ae,\
"6"=hex:bf,e5,23,7b,b0,66,d6,fc,bc,64,22,fb,7e,d3,39,3e,a3,00,33,13,c0,21,f4,
51,6c,4e,0c,96,e2,dd,ad,8a,b6,c4,05,e8,5a,bd,9a,e9,d4,1a,3d,68,9d,00,32,20
"7"=hex:85,bb,69,ad,52,49,47,61,50,80,55,ef,fa,b4,14,9a,04,b7,d6,59,f0,23,46,
cc,d3,ec,dd,49,40,98,41,b7,16,93,15,99,41,9a,8d,78,4a,2e,fb,89,b2,3d,70,79,\
"8"=hex:08,da,72,0b,e8,9d,c2,95,b1,24,36,1f,c1,de,94,84,9f,45,57,c4,c7,bc,83,
c4
"9"=hex:81,20,8f,ab,28,6a,52,9c
"18"=hex:70,56,26,33,e3,20,f8,ab
"10"=hex:ef,01,3f,48,b8,d3,ab,86
"11"=hex:81,20,8f,ab,28,6a,52,9c
"12"=hex:81,20,8f,ab,28,6a,52,9c
"13"=hex:81,20,8f,ab,28,6a,52,9c
"14"=hex:81,20,8f,ab,28,6a,52,9c
"24"=hex:81,20,8f,ab,28,6a,52,9c
"26"=hex:81,20,8f,ab,28,6a,52,9c
"27"=hex:81,20,8f,ab,28,6a,52,9c
"19"=hex:81,20,8f,ab,28,6a,52,9c
"22"=hex:81,20,8f,ab,28,6a,52,9c
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\h–€|ÿÿÿÿ¤•€|ù•9~*]
"3140710900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
"3140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
.
Voltooingstijd: 2010-04-12 19:54:47
ComboFix-quarantined-files.txt 2010-04-12 17:54
ComboFix2.txt 2010-04-10 18:00
ComboFix3.txt 2010-04-10 11:49
Pre-Run: 24.727.420.928 bytes beschikbaar
Post-Run: 24.744.816.640 bytes beschikbaar
- - End Of File - - 9DA8887F651F87AA7BA985C7BD34C08D
-
Het was volgens mij een alarm van combofix zelf. Ik zal combofix eens terug installeren en een logje laten maken.
-
Sorry, maar ik blijf je lastig vallen hé
Ik heb ComboFix verwijderd zoals je hebt aangegeven. Maar ik kreeg nog deze melding:
OPGELET! Het is niet veilig om verder te gaan. De inhoud van ComboFix pakket werd gewijzigd.
Nota:Jouw systeem is mogelijk besmet met het polymorfisch "Virut" virus.
-
Hij start al sneller op. Alleen de startpagina openen van internet duurt nog een eeuwigheid. Maar eens die geopend is gaat het redelijk vlot. En als ik de pagina minimaliseer en terug maximaliseer komt de pagina in brokken terug te voorschijn. Je hoort de computer het eerste half uur ook constant draaien, daarom dat ik dacht dat de harde schijf mss wel versleten is, het is dan ook al een oud beestje.
Maar de opstartsnelheid van de pc is zeker verbeterd.
Ik veronderstel dat ik nu combofix moet verwijderen en ccleaner moet laten draaien? Maar zal nog wachten op verder instructies.
Ik wil je alvast bedanken voor de moeite en de tijd die je er hebt ingestoken.
-
logje combofix
ComboFix 10-04-09.06 - XP 10/04/2010 19:34:41.2.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.32.1043.18.512.208 [GMT 2:00]
Gestart vanuit: c:\documents and settings\XP\Bureaublad\ComboFix.exe
gebruikte Opdracht switches :: c:\documents and settings\XP\Bureaublad\CFScript.txt
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FILE ::
"c:\windows\system32\mmf(10)(3).sys"
"c:\windows\system32\mmf(2)(2).sys"
"c:\windows\system32\mmf(2).sys"
"c:\windows\system32\mmf(3).sys"
"c:\windows\system32\mmf(4)(3).sys"
"c:\windows\system32\mmf(4)(4).sys"
"c:\windows\system32\mmf(5)(3).sys"
"c:\windows\system32\mmf(6)(3).sys"
"c:\windows\system32\mmf(7)(3).sys"
"c:\windows\system32\mmf(8)(3).sys"
"c:\windows\system32\mmf(9)(3).sys"
.
(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\program files\Boonty
c:\program files\Boonty\Components\apiprotection_20090720.cab
c:\program files\Boonty\Components\gamepages_616525_20100311.cab
c:\program files\Boonty\Components\sitepages_559_20091216.cab
c:\program files\Boonty\Components\tools\extract.exe
c:\program files\BoontyGames
c:\program files\BoontyGames\616525.ini
c:\program files\BoontyGames\Components\bureau.url
c:\program files\BoontyGames\Components\Joystick.ico
c:\program files\BoontyGames\Components\start.url
c:\program files\BoontyGames\halcyonsun.exe
c:\program files\BoontyGames\moorhuhnkart2.exe
c:\program files\BoontyGames\strategiccommandet.exe
c:\program files\BoontyGames\wildwheels.exe
c:\program files\BoontyGames\youdalegendthegoldenbirdofparadise{616525}.exe.download
c:\windows\system32\mmf(10)(3).sys
c:\windows\system32\mmf(2)(2).sys
c:\windows\system32\mmf(2).sys
c:\windows\system32\mmf(3).sys
c:\windows\system32\mmf(4)(3).sys
c:\windows\system32\mmf(4)(4).sys
c:\windows\system32\mmf(5)(3).sys
c:\windows\system32\mmf(6)(3).sys
c:\windows\system32\mmf(7)(3).sys
c:\windows\system32\mmf(8)(3).sys
c:\windows\system32\mmf(9)(3).sys
.
(((((((((((((((((((( Bestanden Gemaakt van 2010-03-10 to 2010-04-10 ))))))))))))))))))))))))))))))
.
2010-04-09 19:26 . 2010-04-09 19:26 -------- d-----w- C:\$AVG
2010-04-09 19:19 . 2010-04-09 19:20 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9
2010-04-08 08:18 . 2010-04-08 08:18 -------- d-----w- c:\documents and settings\XP\Application Data\Malwarebytes
2010-04-08 08:16 . 2010-03-29 22:46 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-08 08:16 . 2010-04-08 08:16 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-04-08 08:16 . 2010-03-29 22:45 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-08 08:16 . 2010-04-08 08:16 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-04-05 14:14 . 2009-06-30 07:37 28552 ----a-w- c:\windows\system32\drivers\pavboot.sys
2010-04-05 14:14 . 2010-04-05 14:14 -------- d-----w- c:\program files\Panda Security
2010-04-05 12:07 . 2010-04-09 19:29 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-03-28 10:43 . 2010-04-10 17:23 -------- d--h--r- c:\documents and settings\XP\Onlangs geopend
2010-03-28 09:13 . 2010-03-28 09:13 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-03-28 09:07 . 2010-03-28 09:09 -------- d-----w- c:\program files\Lavasoft
2010-03-28 08:33 . 2010-04-05 12:18 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2010-03-23 13:34 . 2010-03-23 13:34 -------- d-----w- c:\documents and settings\All Users\Application Data\Nevosoft
2010-03-22 14:06 . 2010-03-22 14:06 -------- d-----w- c:\documents and settings\XP\Application Data\Friday's games
2010-03-21 21:52 . 2010-03-21 21:52 -------- d-----w- c:\documents and settings\XP\Application Data\SerpentOfIsis
2010-03-17 18:57 . 2010-02-12 10:03 293376 ------w- c:\windows\system32\browserchoice.exe
2010-03-17 07:59 . 2010-03-17 07:59 -------- d-----w- c:\program files\Giggles Computerpret voor Baby
2010-03-13 12:18 . 2010-03-13 18:18 -------- d-----w- c:\documents and settings\XP\Application Data\SprillRichiEng
2010-03-11 19:14 . 2010-03-11 19:14 -------- d-----w- c:\program files\TrendMicro
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-10 17:31 . 2005-02-10 00:31 841 --sha-w- c:\windows\system32\mmf.sys
2010-04-09 19:25 . 2008-06-06 10:42 242696 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-04-09 19:25 . 2008-06-06 10:42 216200 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-04-09 19:25 . 2007-11-12 14:40 29512 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-04-09 19:25 . 2008-06-06 10:42 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2010-04-09 19:20 . 2008-06-06 10:42 -------- d-----w- c:\program files\AVG
2010-04-09 19:03 . 2006-01-08 08:48 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-04-09 19:01 . 2006-09-09 13:20 -------- d-----w- c:\program files\AIM Productions
2010-04-09 10:00 . 2007-05-16 07:56 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
2010-03-28 07:14 . 2010-03-28 07:14 4904 ----a-w- c:\windows\system32\PerfStringBackup.TMP
2010-03-28 07:14 . 2003-04-08 12:00 93292 ----a-w- c:\windows\system32\perfc013.dat
2010-03-28 07:14 . 2003-04-08 12:00 515228 ----a-w- c:\windows\system32\perfh013.dat
2010-03-22 11:08 . 2006-01-08 08:33 -------- d-----w- c:\program files\Hitman Pro
2010-03-22 11:07 . 2004-11-12 20:02 -------- d-----w- c:\documents and settings\XP\Application Data\Lavasoft
2010-03-22 10:32 . 2009-10-21 12:37 15944 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2010-03-14 12:58 . 2005-12-19 10:11 -------- d-----w- c:\program files\Google
2010-03-11 19:14 . 2010-03-11 19:14 388096 ----a-r- c:\documents and settings\XP\Application Data\Microsoft\Installer\{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}\HiJackThis.exe
2010-03-11 17:44 . 2010-03-11 17:44 -------- d-----w- c:\documents and settings\XP\Application Data\YoudaGames
2010-03-11 12:38 . 2004-02-06 16:09 832512 ------w- c:\windows\system32\wininet.dll
2010-03-11 12:38 . 2009-07-26 09:58 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-03-11 12:38 . 2003-04-08 12:00 17408 ----a-w- c:\windows\system32\corpol.dll
2010-03-05 18:07 . 2003-12-18 12:19 -------- d-----w- c:\program files\Common Files\Adobe
2010-03-01 19:34 . 2010-03-01 19:34 -------- d-----w- c:\program files\Common Files\SWF Studio
2010-02-28 11:56 . 2007-07-29 05:53 -------- d-----w- c:\documents and settings\XP\Application Data\Big Fish Games
2010-02-28 08:24 . 2010-02-23 17:51 -------- d-----w- c:\documents and settings\XP\Application Data\ElementalsTheMagicKey
2010-02-19 23:47 . 2010-02-19 23:47 3604480 ----a-w- c:\windows\system32\GPhotos.scr
2010-01-17 15:00 . 2003-12-21 18:53 53376 -c--a-w- c:\documents and settings\XP\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2008-04-06 07:04 . 2008-04-06 07:04 0 -c--a-w- c:\program files\temp01
2006-08-11 13:21 . 2006-08-11 13:21 774144 -c--a-w- c:\program files\RngInterstitial.dll
2006-03-05 14:37 . 2006-03-05 14:37 4269636 -c--a-w- c:\program files\freaksroomescape.rar
2005-12-19 13:43 . 2005-12-19 13:43 560 -c--a-w- c:\program files\Global.sw
2004-09-20 16:44 . 2004-09-20 16:44 8044544 -c--a-w- c:\program files\virusscan7.exe
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvMediaCenter"="c:\windows\System32\NVMCTRAY.DLL" [2003-09-24 49152]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-05-16 68856]
"OM2_Monitor"="c:\program files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe" [2009-11-25 95632]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 204288]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CloseDNF"="c:\windows\System32\Utility.exe \1008" [X]
"AME_CSA"="amecsa.cpl" [2002-10-03 782336]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2003-10-22 114741]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2003-09-24 5033984]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-11-14 286720]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-04-09 19:25 12464 ----a-w- c:\windows\system32\avgrsstx.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0SsiEfr.e
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2009-12-11 14:57 948672 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-12-22 00:57 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
2007-04-03 22:29 165784 -c--a-w- c:\program files\DAEMON Tools\daemon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2008-12-08 13:50 54576 -c--a-w- c:\program files\Hewlett-Packard\HP Software Update\hpwuschd2.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpqSRMon]
2007-08-22 15:31 80896 -c--a-w- c:\program files\HP\Digital Imaging\bin\HpqSRmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2007-11-15 12:11 267048 ----a-w- c:\program files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2003-09-24 11:32 5033984 ----a-r- c:\windows\system32\nvcpl.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
2003-09-24 11:32 741376 ----a-r- c:\windows\system32\nwiz.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2007-11-14 22:43 286720 ----a-w- c:\program files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Smapp]
2002-10-11 17:26 98304 ----a-w- c:\program files\Analog Devices\SoundMAX\SMTray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-09-06 07:34 149280 ----a-w- c:\program files\Java\jre6\bin\jusched.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\StubInstaller.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\WINDOWS\\system32\\dxdiag.exe"=
"c:\\WINDOWS\\system32\\dpnsvr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\ASUS\\AsusUpdate\\Update.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"9420:TCP"= 9420:TCP:RSP
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [5/04/2010 16:14 28552]
R0 sfsync03;StarForce Protection Synchronization Driver (version 3.x);c:\windows\system32\drivers\sfsync03.sys [6/12/2005 17:11 35328]
R1 as6eio;as6eio;c:\windows\system32\drivers\AS6EIO.SYS [14/01/2004 14:32 3616]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [6/06/2008 12:42 216200]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [6/06/2008 12:42 242696]
R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [9/04/2010 21:22 308064]
S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [20/04/2007 19:07 682232]
S2 Ca533av;Icatch(IV) Video Camera Device;c:\windows\system32\Drivers\Ca533av.sys --> c:\windows\system32\Drivers\Ca533av.sys [?]
S2 LicCtrlService;LicCtrl Service;c:\windows\Runservice.exe [10/02/2005 2:31 2560]
S3 AmeAtmPc;AmeAtmPc;c:\windows\system32\drivers\ameatmpc.sys [18/12/2003 21:27 110179]
S3 ASUSHWIO;ASUSHWIO;\??\c:\windows\system32\drivers\ASUSHWIO.sys --> c:\windows\system32\drivers\ASUSHWIO.sys [?]
S3 AtmElan;ATM geëmuleerde LAN;c:\windows\system32\drivers\atmlane.sys [8/04/2003 14:00 55808]
S3 AtmLane;ATM LAN-emulatie;c:\windows\system32\drivers\atmlane.sys [8/04/2003 14:00 55808]
S3 hitmanpro3;Hitman Pro 3 Support Driver;\??\c:\windows\system32\drivers\hitmanpro3.sys --> c:\windows\system32\drivers\hitmanpro3.sys [?]
S3 SetupNTGLM7X;SetupNTGLM7X;\??\d:\ntglm7x.sys --> d:\NTGLM7X.sys [?]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08
.
Inhoud van de 'Gedeelde Taken' map
2010-04-05 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 13:57]
2010-04-10 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-05-16 18:42]
2010-04-07 c:\windows\Tasks\OGADaily.job
- c:\windows\system32\OGAVerify.exe [2008-12-31 16:04]
2010-04-10 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAVerify.exe [2008-12-31 16:04]
2010-04-10 c:\windows\Tasks\User_Feed_Synchronization-{111BC756-D160-42A8-A6EA-C96F9481B73C}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 09:58]
.
.
------- Bijkomende Scan -------
.
uStart Page = hxxp://www.skynet.be/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
Trusted Zone: dexia.be\directnet
Trusted Zone: vlimmerensport.be\www
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://game16.zylomgames.com/activex/zylomgamesplayer.cab
DPF: {CE69F98F-2AF3-4306-BAC6-A79070EDA1B4} - hxxp://game12.zylomgames.com/activex/zylomloader.cab
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2010-04-10 19:50
Windows 5.1.2600 Service Pack 3 NTFS
scannen van verborgen processen ...
scannen van verborgen autostart items ...
scannen van verborgen bestanden ...
Scan succesvol afgerond
verborgen bestanden: 0
**************************************************************************
.
--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------
[HKEY_USERS\S-1-5-21-343818398-884357618-839522115-1004\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
[HKEY_USERS\S-1-5-21-343818398-884357618-839522115-1004\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:ea,1b,a7,57,2b,04,6f,50,0d,93,9a,4b,8a,15,2c,50,82,ea,00,e7,9a,66,33,
64,67,78,b9,07,28,ce,86,3f,dc,db,31,c7,ce,b8,0c,69,f4,5c,a9,f9,df,b5,8a,34,\
"??"=hex:8b,7d,b4,15,54,24,fb,d3,a1,e6,00,24,d0,34,c0,21
[HKEY_USERS\S-1-5-21-343818398-884357618-839522115-1004\Software\SecuROM\License information*]
"datasecu"=hex:b6,d8,e2,e6,96,c8,b0,24,d2,67,5c,f5,cc,7d,f4,fe,ba,c8,7f,de,32,
84,7b,ec,39,8e,fb,e6,55,4f,c3,6f,f3,23,11,76,64,30,68,6f,db,17,cf,7f,88,a7,\
"rkeysecu"=hex:b3,a6,db,3c,87,0c,3e,99,24,5e,0d,1c,06,b7,47,de
[HKEY_USERS\S-1-5-21-343818398-884357618-839522115-1004_Classes\Software\CLASSES\CLSID\{308C9F45-2012-8D0B-DE68-966EB937DACD}*\InprocServer32]
"{308C9F45-2012-8D0B-DE68-966EB937DACD}"=hex:cc,84,9f,40,53,55,2e,2f,25,23,bc,
8f,22,53,1e,1e,b9,0b,e2,ae,89,89,be,eb,cc,84,9f,40,53,55,2e,2f,cc,84,9f,40,\
[HKEY_USERS\S-1-5-21-343818398-884357618-839522115-1004_Classes\Software\CLASSES\CLSID\{51604D3C-DD1A-E3C6-2D49-6AB6591D4A83}*\InprocServer32]
"{51604D3C-DD1A-E3C6-2D49-6AB6591D4A83}"=hex:5f,4b,58,2d,98,ad,2f,88,6b,d5,04,
68,69,6a,fd,30,44,d6,f5,e6,cd,7b,13,46,5f,4b,58,2d,98,ad,2f,88,5f,4b,58,2d,\
[HKEY_USERS\S-1-5-21-343818398-884357618-839522115-1004_Classes\Software\CLASSES\CLSID\{61CBBFD6-B177-3731-1119-E841875EA065}*\InprocServer32]
"{61CBBFD6-B177-3731-1119-E841875EA065}"=hex:05,f5,15,57,ec,e6,c9,b7,2f,eb,40,
60,5b,85,be,e5,43,a8,60,77,e2,48,c8,00,05,f5,15,57,ec,e6,c9,b7,05,f5,15,57,\
[HKEY_USERS\S-1-5-21-343818398-884357618-839522115-1004_Classes\Software\CLASSES\CLSID\{69D5F6E9-AB5E-B704-0A91-0BA78CDAAC8F}*\InprocServer32]
"{69D5F6E9-AB5E-B704-0A91-0BA78CDAAC8F}"=hex:de,b7,77,b3,43,61,c0,5c,33,eb,e9,
f3,61,4a,ad,20,53,da,34,a2,1e,e3,e6,4b,de,b7,77,b3,43,61,c0,5c,de,b7,77,b3,\
[HKEY_USERS\S-1-5-21-343818398-884357618-839522115-1004_Classes\Software\CLASSES\CLSID\{72D1E981-816B-B173-3CF1-2730930EC7EB}*\InprocServer32]
"{72D1E981-816B-B173-3CF1-2730930EC7EB}"=hex:18,63,a9,c1,bd,09,e9,dc,f1,c3,35,
36,44,05,f8,42,1b,af,f3,55,44,52,22,5b,18,63,a9,c1,bd,09,e9,dc,18,63,a9,c1,\
[HKEY_LOCAL_MACHINE\software\LicCtrl\LicCtrl\LicCtrl\LicCtrl*lkzs$i&y@^t! #^$ g9^$&pgb SDB36o \F3F0046F119EFA4F]
"1"=hex:97,5e,49,d3,7c,a0,18,18,10,c9,e3,e3,c1,ae,57,ed,c2,97,86,6a,a5,82,f8,
d5,42,54,3b,7e,24,3e,19,f8
"2"=hex:f1,df,16,de,80,08,0e,2a,d1,38,b5,6f,94,ca,dc,d2,b3,e8,d2,40,6c,6f,61,
5e,d2,5e,7f,21,14,b5,b2,29
"3"=hex:97,5e,49,d3,7c,a0,18,18,10,c9,e3,e3,c1,ae,57,ed,c2,97,86,6a,a5,82,f8,
d5,f2,55,76,c8,bc,53,92,25,3f,d1,b6,bc,00,35,73,43,96,90,79,f6,5b,97,35,47,\
[HKEY_LOCAL_MACHINE\software\LicCtrl\LicCtrl\LicCtrl\LicCtrl*lkzs$i&y@^t! #^$ g9^$&pgb SDB36o \F3F0046F119EFA4F\BB6E5071F4E6B2769BD4E4FACC553A99]
"1"=hex:09,d8,ec,22,15,54,e7,37,3d,5b,59,2d,b7,79,05,2e,dc,0a,71,44,dc,37,80,
ce,24,ad,19,19,d6,bf,9e,2f
"2"=hex:69,46,da,08,bb,5c,f4,0f
"3"=hex:13,3f,04,2c,e8,c9,59,40,25,84,18,cb,a3,2c,48,87,59,7e,10,5d,79,73,18,
75,65,c3,f9,a4,2d,b9,b1,31,a6,9b,78,eb,ab,12,98,21,99,3c,ec,97,2a,00,fd,0c,\
"4"=hex:2f,ad,a2,e7,8a,bf,05,5e
"5"=hex:bf,e5,23,7b,b0,66,d6,fc,b8,e8,6b,a0,96,52,f7,32,80,09,8f,24,b7,b3,55,
1a,98,d1,47,16,02,43,61,1c,b9,d5,8f,2a,7b,81,b1,fb,95,22,f8,b3,2c,53,9d,ae,\
"6"=hex:bf,e5,23,7b,b0,66,d6,fc,bc,64,22,fb,7e,d3,39,3e,a3,00,33,13,c0,21,f4,
51,6c,4e,0c,96,e2,dd,ad,8a,b6,c4,05,e8,5a,bd,9a,e9,d4,1a,3d,68,9d,00,32,20
"7"=hex:85,bb,69,ad,52,49,47,61,50,80,55,ef,fa,b4,14,9a,04,b7,d6,59,f0,23,46,
cc,d3,ec,dd,49,40,98,41,b7,16,93,15,99,41,9a,8d,78,4a,2e,fb,89,b2,3d,70,79,\
"8"=hex:08,da,72,0b,e8,9d,c2,95,b1,24,36,1f,c1,de,94,84,9f,45,57,c4,c7,bc,83,
c4
"9"=hex:81,20,8f,ab,28,6a,52,9c
"18"=hex:70,56,26,33,e3,20,f8,ab
"10"=hex:ef,01,3f,48,b8,d3,ab,86
"11"=hex:81,20,8f,ab,28,6a,52,9c
"12"=hex:81,20,8f,ab,28,6a,52,9c
"13"=hex:81,20,8f,ab,28,6a,52,9c
"14"=hex:81,20,8f,ab,28,6a,52,9c
"24"=hex:81,20,8f,ab,28,6a,52,9c
"26"=hex:81,20,8f,ab,28,6a,52,9c
"27"=hex:81,20,8f,ab,28,6a,52,9c
"19"=hex:81,20,8f,ab,28,6a,52,9c
"22"=hex:81,20,8f,ab,28,6a,52,9c
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\h–€|ÿÿÿÿ¤•€|ù•9~*]
"3140710900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
"3140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
.
Voltooingstijd: 2010-04-10 20:00:54
ComboFix-quarantined-files.txt 2010-04-10 18:00
ComboFix2.txt 2010-04-10 11:49
Pre-Run: 25.107.660.800 bytes beschikbaar
Post-Run: 24.775.417.856 bytes beschikbaar
- - End Of File - - 5C686610F074469E99197101E975D0A2
logje HJT
Logfile of Trend Micro HijackThis v2.0.3 (BETA)
Scan saved at 20:04:49, on 10/04/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.17023)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\explorer.exe
C:\Program Files\internet explorer\iexplore.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\TrendMicro\HiJackThis\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Skynet.be - LE portail belge – DE Belgische portaalsite!
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\Msdxm6.ocx
O4 - HKLM\..\Run: [CloseDNF] C:\WINDOWS\System32\Utility.exe \1008
O4 - HKLM\..\Run: [AME_CSA] rundll32 amecsa.cpl,RUN_DLL
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [OM2_Monitor] "C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe" -NoStart
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: HP Slim selecteren - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: Kon. Vlimmeren Sport | www.vlimmerensport.be | Welkom
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/betapit/PCPitStop.CAB
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} (Image Uploader Control) - http://belgacom.extrafilm.be/ImageUploader5.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1161467017953
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://belgacom.extrafilm.be/ImageUploader4.cab
O16 - DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game16.zylomgames.com/activex/zylomgamesplayer.cab
O16 - DPF: {CE69F98F-2AF3-4306-BAC6-A79070EDA1B4} (Zylom Loader Object) - http://game12.zylomgames.com/activex/zylomloader.cab
O16 - DPF: {DB7BF79A-FC51-4B5A-92BC-A65731174380} (InstantAction Game Launcher) - The New InstantAction - Real PC Gaming in Your Browser
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,5087/mcfscan.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - avgrsstx.dll (file missing)
O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: getPlus® Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LicCtrl Service (LicCtrlService) - Unknown owner - C:\WINDOWS\runservice.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
--
End of file - 8857 bytes
-
Het logje van Combofix
ComboFix 10-04-09.06 - XP 10/04/2010 13:11:58.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.32.1043.18.512.116 [GMT 2:00]
Gestart vanuit: c:\documents and settings\XP\Bureaublad\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\LCACHE00.TMP
c:\windows\system32\ccrpTmr6.dll
c:\windows\system32\fonts
c:\windows\system32\fonts\ACADEMY_.PFB
c:\windows\system32\fonts\ACADEMY_.PFM
c:\windows\system32\fonts\ACADEMY_.TTF
c:\windows\system32\GoogleDesktopSearchSetup.exe
c:\windows\system32\Thumbs.db
c:\windows\system32\winsys.exe
Besmet exemplaar van c:\windows\system32\Drivers\atapi.sys werd aangetroffen en gedesinfecteerd
Hersteld exemplaar van - c:\windows\ServicePackFiles\i386\atapi.sys
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Service_6to4
(((((((((((((((((((( Bestanden Gemaakt van 2010-03-10 to 2010-04-10 ))))))))))))))))))))))))))))))
.
2010-04-09 19:26 . 2010-04-09 19:26 -------- d-----w- C:\$AVG
2010-04-09 19:19 . 2010-04-09 19:20 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9
2010-04-08 08:18 . 2010-04-08 08:18 -------- d-----w- c:\documents and settings\XP\Application Data\Malwarebytes
2010-04-08 08:16 . 2010-03-29 22:46 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-08 08:16 . 2010-04-08 08:16 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-04-08 08:16 . 2010-03-29 22:45 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-08 08:16 . 2010-04-08 08:16 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-04-05 14:14 . 2009-06-30 07:37 28552 ----a-w- c:\windows\system32\drivers\pavboot.sys
2010-04-05 14:14 . 2010-04-05 14:14 -------- d-----w- c:\program files\Panda Security
2010-04-05 12:07 . 2010-04-09 19:29 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-03-28 10:43 . 2010-04-08 16:26 -------- d--h--r- c:\documents and settings\XP\Onlangs geopend
2010-03-28 09:13 . 2010-03-28 09:13 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-03-28 09:07 . 2010-03-28 09:09 -------- d-----w- c:\program files\Lavasoft
2010-03-28 08:33 . 2010-04-05 12:18 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2010-03-23 13:34 . 2010-03-23 13:34 -------- d-----w- c:\documents and settings\All Users\Application Data\Nevosoft
2010-03-22 14:06 . 2010-03-22 14:06 -------- d-----w- c:\documents and settings\XP\Application Data\Friday's games
2010-03-21 21:52 . 2010-03-21 21:52 -------- d-----w- c:\documents and settings\XP\Application Data\SerpentOfIsis
2010-03-17 18:57 . 2010-02-12 10:03 293376 ------w- c:\windows\system32\browserchoice.exe
2010-03-17 07:59 . 2010-03-17 07:59 -------- d-----w- c:\program files\Giggles Computerpret voor Baby
2010-03-13 12:18 . 2010-03-13 18:18 -------- d-----w- c:\documents and settings\XP\Application Data\SprillRichiEng
2010-03-11 19:14 . 2010-03-11 19:14 -------- d-----w- c:\program files\TrendMicro
2010-03-11 17:44 . 2010-03-11 17:44 -------- d-----w- c:\documents and settings\XP\Application Data\YoudaGames
2010-03-11 17:37 . 2010-03-11 17:37 -------- d-----w- c:\program files\Boonty
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-10 11:33 . 2005-02-10 00:31 841 --sha-w- c:\windows\system32\mmf.sys
2010-04-09 19:25 . 2008-06-06 10:42 242696 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-04-09 19:25 . 2008-06-06 10:42 216200 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-04-09 19:25 . 2007-11-12 14:40 29512 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-04-09 19:25 . 2008-06-06 10:42 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2010-04-09 19:20 . 2008-06-06 10:42 -------- d-----w- c:\program files\AVG
2010-04-09 19:03 . 2006-01-08 08:48 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-04-09 19:01 . 2006-09-09 13:20 -------- d-----w- c:\program files\AIM Productions
2010-04-09 10:00 . 2007-05-16 07:56 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
2010-03-28 07:14 . 2010-03-28 07:14 4904 ----a-w- c:\windows\system32\PerfStringBackup.TMP
2010-03-28 07:14 . 2003-04-08 12:00 93292 ----a-w- c:\windows\system32\perfc013.dat
2010-03-28 07:14 . 2003-04-08 12:00 515228 ----a-w- c:\windows\system32\perfh013.dat
2010-03-22 11:08 . 2006-01-08 08:33 -------- d-----w- c:\program files\Hitman Pro
2010-03-22 11:07 . 2004-11-12 20:02 -------- d-----w- c:\documents and settings\XP\Application Data\Lavasoft
2010-03-22 10:32 . 2009-10-21 12:37 15944 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2010-03-14 12:58 . 2005-12-19 10:11 -------- d-----w- c:\program files\Google
2010-03-11 18:50 . 2005-05-04 00:00 -------- d-----w- c:\program files\BoontyGames
2010-03-11 12:38 . 2004-02-06 16:09 832512 ----a-w- c:\windows\system32\wininet.dll
2010-03-11 12:38 . 2009-07-26 09:58 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-03-11 12:38 . 2003-04-08 12:00 17408 ----a-w- c:\windows\system32\corpol.dll
2010-03-05 18:07 . 2003-12-18 12:19 -------- d-----w- c:\program files\Common Files\Adobe
2010-03-01 19:34 . 2010-03-01 19:34 -------- d-----w- c:\program files\Common Files\SWF Studio
2010-02-28 11:56 . 2007-07-29 05:53 -------- d-----w- c:\documents and settings\XP\Application Data\Big Fish Games
2010-02-28 08:24 . 2010-02-23 17:51 -------- d-----w- c:\documents and settings\XP\Application Data\ElementalsTheMagicKey
2010-02-19 23:47 . 2010-02-19 23:47 3604480 ----a-w- c:\windows\system32\GPhotos.scr
2010-01-17 15:00 . 2003-12-21 18:53 53376 -c--a-w- c:\documents and settings\XP\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2008-04-06 07:04 . 2008-04-06 07:04 0 -c--a-w- c:\program files\temp01
2006-08-11 13:21 . 2006-08-11 13:21 774144 -c--a-w- c:\program files\RngInterstitial.dll
2006-03-05 14:37 . 2006-03-05 14:37 4269636 -c--a-w- c:\program files\freaksroomescape.rar
2005-12-19 13:43 . 2005-12-19 13:43 560 -c--a-w- c:\program files\Global.sw
2004-09-20 16:44 . 2004-09-20 16:44 8044544 -c--a-w- c:\program files\virusscan7.exe
2009-07-27 16:03 . 2005-02-10 00:31 841 --sha-w- c:\windows\system32\mmf(10)(3).sys
2006-12-22 15:09 . 2005-02-10 00:31 841 -csha-w- c:\windows\system32\mmf(2)(2).sys
2007-08-26 06:18 . 2005-02-10 00:31 841 --sha-w- c:\windows\system32\mmf(2).sys
2009-05-01 12:07 . 2005-02-10 00:31 841 --sha-w- c:\windows\system32\mmf(3).sys
2009-07-21 12:44 . 2005-02-10 00:31 841 --sha-w- c:\windows\system32\mmf(4)(3).sys
2009-07-29 16:27 . 2005-02-10 00:31 841 --sha-w- c:\windows\system32\mmf(4)(4).sys
2009-07-29 14:08 . 2005-02-10 00:31 841 --sha-w- c:\windows\system32\mmf(5)(3).sys
2009-07-28 16:21 . 2005-02-10 00:31 841 --sha-w- c:\windows\system32\mmf(6)(3).sys
2009-07-28 10:40 . 2005-02-10 00:31 841 --sha-w- c:\windows\system32\mmf(7)(3).sys
2009-07-28 08:57 . 2005-02-10 00:31 841 --sha-w- c:\windows\system32\mmf(8)(3).sys
2009-07-28 07:14 . 2005-02-10 00:31 841 --sha-w- c:\windows\system32\mmf(9)(3).sys
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvMediaCenter"="c:\windows\System32\NVMCTRAY.DLL" [2003-09-24 49152]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-05-16 68856]
"OM2_Monitor"="c:\program files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe" [2009-11-25 95632]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 204288]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CloseDNF"="c:\windows\System32\Utility.exe \1008" [X]
"AME_CSA"="amecsa.cpl" [2002-10-03 782336]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2003-10-22 114741]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2003-09-24 5033984]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-11-14 286720]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-04-09 19:25 12464 ----a-w- c:\windows\system32\avgrsstx.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0SsiEfr.e
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2009-12-11 14:57 948672 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-12-22 00:57 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
2007-04-03 22:29 165784 -c--a-w- c:\program files\DAEMON Tools\daemon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2008-12-08 13:50 54576 -c--a-w- c:\program files\Hewlett-Packard\HP Software Update\hpwuschd2.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpqSRMon]
2007-08-22 15:31 80896 -c--a-w- c:\program files\HP\Digital Imaging\bin\HpqSRmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2007-11-15 12:11 267048 ----a-w- c:\program files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2003-09-24 11:32 5033984 ----a-r- c:\windows\system32\nvcpl.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
2003-09-24 11:32 741376 ----a-r- c:\windows\system32\nwiz.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2007-11-14 22:43 286720 ----a-w- c:\program files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Smapp]
2002-10-11 17:26 98304 ----a-w- c:\program files\Analog Devices\SoundMAX\SMTray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-09-06 07:34 149280 ----a-w- c:\program files\Java\jre6\bin\jusched.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\StubInstaller.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\WINDOWS\\system32\\dxdiag.exe"=
"c:\\WINDOWS\\system32\\dpnsvr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\ASUS\\AsusUpdate\\Update.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"9420:TCP"= 9420:TCP:RSP
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [5/04/2010 16:14 28552]
R0 sfsync03;StarForce Protection Synchronization Driver (version 3.x);c:\windows\system32\drivers\sfsync03.sys [6/12/2005 17:11 35328]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [20/04/2007 19:07 682232]
R1 as6eio;as6eio;c:\windows\system32\drivers\AS6EIO.SYS [14/01/2004 14:32 3616]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [6/06/2008 12:42 216200]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [6/06/2008 12:42 242696]
R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [9/04/2010 21:22 308064]
R2 LicCtrlService;LicCtrl Service;c:\windows\Runservice.exe [10/02/2005 2:31 2560]
S2 Ca533av;Icatch(IV) Video Camera Device;c:\windows\system32\Drivers\Ca533av.sys --> c:\windows\system32\Drivers\Ca533av.sys [?]
S3 AmeAtmPc;AmeAtmPc;c:\windows\system32\drivers\ameatmpc.sys [18/12/2003 21:27 110179]
S3 ASUSHWIO;ASUSHWIO;\??\c:\windows\system32\drivers\ASUSHWIO.sys --> c:\windows\system32\drivers\ASUSHWIO.sys [?]
S3 AtmElan;ATM geëmuleerde LAN;c:\windows\system32\drivers\atmlane.sys [8/04/2003 14:00 55808]
S3 AtmLane;ATM LAN-emulatie;c:\windows\system32\drivers\atmlane.sys [8/04/2003 14:00 55808]
S3 hitmanpro3;Hitman Pro 3 Support Driver;\??\c:\windows\system32\drivers\hitmanpro3.sys --> c:\windows\system32\drivers\hitmanpro3.sys [?]
S3 SetupNTGLM7X;SetupNTGLM7X;\??\d:\ntglm7x.sys --> d:\NTGLM7X.sys [?]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08
.
Inhoud van de 'Gedeelde Taken' map
2010-04-05 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 13:57]
2010-04-10 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-05-16 18:42]
2010-04-07 c:\windows\Tasks\OGADaily.job
- c:\windows\system32\OGAVerify.exe [2008-12-31 16:04]
2010-04-10 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAVerify.exe [2008-12-31 16:04]
2010-04-10 c:\windows\Tasks\User_Feed_Synchronization-{111BC756-D160-42A8-A6EA-C96F9481B73C}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 09:58]
.
.
------- Bijkomende Scan -------
.
uStart Page = hxxp://www.skynet.be/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
Trusted Zone: dexia.be\directnet
Trusted Zone: vlimmerensport.be\www
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://game16.zylomgames.com/activex/zylomgamesplayer.cab
DPF: {CE69F98F-2AF3-4306-BAC6-A79070EDA1B4} - hxxp://game12.zylomgames.com/activex/zylomloader.cab
.
- - - - ORPHANS VERWIJDERD - - - -
AddRemove-Wonderworld - c:\program files\Nexus\Wonderworld\uninstall.exe
AddRemove-Audcntr - c:\windows\system32\audcntr.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2010-04-10 13:34
Windows 5.1.2600 Service Pack 3 NTFS
scannen van verborgen processen ...
scannen van verborgen autostart items ...
scannen van verborgen bestanden ...
Scan succesvol afgerond
verborgen bestanden: 0
**************************************************************************
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, GMER - Rootkit Detector and Remover
device: opened successfully
user: MBR read successfully
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll prosync1.sys sfsync03.sys atapi.sys sptd.sys >>UNKNOWN [0x8238A8A8]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xf8589f28
\Driver\ACPI -> ACPI.sys @ 0xf83ebcb8
\Driver\atapi -> prosync1.sys @ 0xf8a3d661
IoDeviceObjectType -> DeleteProcedure -> ntoskrnl.exe @ 0x805a0598
ParseProcedure -> ntoskrnl.exe @ 0x8056ea15
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntoskrnl.exe @ 0x805a0598
ParseProcedure -> ntoskrnl.exe @ 0x8056ea15
NDIS: -> SendCompleteHandler -> 0x0
PacketIndicateHandler -> 0x0
SendHandler -> 0x0
user & kernel MBR OK
**************************************************************************
.
--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------
[HKEY_USERS\S-1-5-21-343818398-884357618-839522115-1004\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
[HKEY_USERS\S-1-5-21-343818398-884357618-839522115-1004\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:ea,1b,a7,57,2b,04,6f,50,0d,93,9a,4b,8a,15,2c,50,82,ea,00,e7,9a,66,33,
64,67,78,b9,07,28,ce,86,3f,dc,db,31,c7,ce,b8,0c,69,f4,5c,a9,f9,df,b5,8a,34,\
"??"=hex:8b,7d,b4,15,54,24,fb,d3,a1,e6,00,24,d0,34,c0,21
[HKEY_USERS\S-1-5-21-343818398-884357618-839522115-1004\Software\SecuROM\License information*]
"datasecu"=hex:b6,d8,e2,e6,96,c8,b0,24,d2,67,5c,f5,cc,7d,f4,fe,ba,c8,7f,de,32,
84,7b,ec,39,8e,fb,e6,55,4f,c3,6f,f3,23,11,76,64,30,68,6f,db,17,cf,7f,88,a7,\
"rkeysecu"=hex:b3,a6,db,3c,87,0c,3e,99,24,5e,0d,1c,06,b7,47,de
[HKEY_USERS\S-1-5-21-343818398-884357618-839522115-1004_Classes\Software\CLASSES\CLSID\{308C9F45-2012-8D0B-DE68-966EB937DACD}*\InprocServer32]
"{308C9F45-2012-8D0B-DE68-966EB937DACD}"=hex:cc,84,9f,40,53,55,2e,2f,25,23,bc,
8f,22,53,1e,1e,b9,0b,e2,ae,89,89,be,eb,cc,84,9f,40,53,55,2e,2f,cc,84,9f,40,\
[HKEY_USERS\S-1-5-21-343818398-884357618-839522115-1004_Classes\Software\CLASSES\CLSID\{51604D3C-DD1A-E3C6-2D49-6AB6591D4A83}*\InprocServer32]
"{51604D3C-DD1A-E3C6-2D49-6AB6591D4A83}"=hex:5f,4b,58,2d,98,ad,2f,88,6b,d5,04,
68,69,6a,fd,30,44,d6,f5,e6,cd,7b,13,46,5f,4b,58,2d,98,ad,2f,88,5f,4b,58,2d,\
[HKEY_USERS\S-1-5-21-343818398-884357618-839522115-1004_Classes\Software\CLASSES\CLSID\{61CBBFD6-B177-3731-1119-E841875EA065}*\InprocServer32]
"{61CBBFD6-B177-3731-1119-E841875EA065}"=hex:05,f5,15,57,ec,e6,c9,b7,2f,eb,40,
60,5b,85,be,e5,43,a8,60,77,e2,48,c8,00,05,f5,15,57,ec,e6,c9,b7,05,f5,15,57,\
[HKEY_USERS\S-1-5-21-343818398-884357618-839522115-1004_Classes\Software\CLASSES\CLSID\{69D5F6E9-AB5E-B704-0A91-0BA78CDAAC8F}*\InprocServer32]
"{69D5F6E9-AB5E-B704-0A91-0BA78CDAAC8F}"=hex:de,b7,77,b3,43,61,c0,5c,33,eb,e9,
f3,61,4a,ad,20,53,da,34,a2,1e,e3,e6,4b,de,b7,77,b3,43,61,c0,5c,de,b7,77,b3,\
[HKEY_USERS\S-1-5-21-343818398-884357618-839522115-1004_Classes\Software\CLASSES\CLSID\{72D1E981-816B-B173-3CF1-2730930EC7EB}*\InprocServer32]
"{72D1E981-816B-B173-3CF1-2730930EC7EB}"=hex:18,63,a9,c1,bd,09,e9,dc,f1,c3,35,
36,44,05,f8,42,1b,af,f3,55,44,52,22,5b,18,63,a9,c1,bd,09,e9,dc,18,63,a9,c1,\
[HKEY_LOCAL_MACHINE\software\LicCtrl\LicCtrl\LicCtrl\LicCtrl*lkzs$i&y@^t! #^$ g9^$&pgb SDB36o \F3F0046F119EFA4F]
"1"=hex:97,5e,49,d3,7c,a0,18,18,10,c9,e3,e3,c1,ae,57,ed,c2,97,86,6a,a5,82,f8,
d5,42,54,3b,7e,24,3e,19,f8
"2"=hex:f1,df,16,de,80,08,0e,2a,d1,38,b5,6f,94,ca,dc,d2,b3,e8,d2,40,6c,6f,61,
5e,d2,5e,7f,21,14,b5,b2,29
"3"=hex:97,5e,49,d3,7c,a0,18,18,10,c9,e3,e3,c1,ae,57,ed,c2,97,86,6a,a5,82,f8,
d5,f2,55,76,c8,bc,53,92,25,3f,d1,b6,bc,00,35,73,43,96,90,79,f6,5b,97,35,47,\
[HKEY_LOCAL_MACHINE\software\LicCtrl\LicCtrl\LicCtrl\LicCtrl*lkzs$i&y@^t! #^$ g9^$&pgb SDB36o \F3F0046F119EFA4F\BB6E5071F4E6B2769BD4E4FACC553A99]
"1"=hex:09,d8,ec,22,15,54,e7,37,3d,5b,59,2d,b7,79,05,2e,dc,0a,71,44,dc,37,80,
ce,24,ad,19,19,d6,bf,9e,2f
"2"=hex:69,46,da,08,bb,5c,f4,0f
"3"=hex:13,3f,04,2c,e8,c9,59,40,25,84,18,cb,a3,2c,48,87,59,7e,10,5d,79,73,18,
75,65,c3,f9,a4,2d,b9,b1,31,a6,9b,78,eb,ab,12,98,21,99,3c,ec,97,2a,00,fd,0c,\
"4"=hex:2f,ad,a2,e7,8a,bf,05,5e
"5"=hex:bf,e5,23,7b,b0,66,d6,fc,b8,e8,6b,a0,96,52,f7,32,80,09,8f,24,b7,b3,55,
1a,98,d1,47,16,02,43,61,1c,b9,d5,8f,2a,7b,81,b1,fb,95,22,f8,b3,2c,53,9d,ae,\
"6"=hex:bf,e5,23,7b,b0,66,d6,fc,bc,64,22,fb,7e,d3,39,3e,a3,00,33,13,c0,21,f4,
51,6c,4e,0c,96,e2,dd,ad,8a,b6,c4,05,e8,5a,bd,9a,e9,d4,1a,3d,68,9d,00,32,20
"7"=hex:85,bb,69,ad,52,49,47,61,50,80,55,ef,fa,b4,14,9a,04,b7,d6,59,f0,23,46,
cc,d3,ec,dd,49,40,98,41,b7,16,93,15,99,41,9a,8d,78,4a,2e,fb,89,b2,3d,70,79,\
"8"=hex:08,da,72,0b,e8,9d,c2,95,b1,24,36,1f,c1,de,94,84,9f,45,57,c4,c7,bc,83,
c4
"9"=hex:81,20,8f,ab,28,6a,52,9c
"18"=hex:70,56,26,33,e3,20,f8,ab
"10"=hex:ef,01,3f,48,b8,d3,ab,86
"11"=hex:81,20,8f,ab,28,6a,52,9c
"12"=hex:81,20,8f,ab,28,6a,52,9c
"13"=hex:81,20,8f,ab,28,6a,52,9c
"14"=hex:81,20,8f,ab,28,6a,52,9c
"24"=hex:81,20,8f,ab,28,6a,52,9c
"26"=hex:81,20,8f,ab,28,6a,52,9c
"27"=hex:81,20,8f,ab,28,6a,52,9c
"19"=hex:81,20,8f,ab,28,6a,52,9c
"22"=hex:81,20,8f,ab,28,6a,52,9c
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\h–€|ÿÿÿÿ¤•€|ù•9~*]
"3140710900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
"3140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
.
--------------------- DLLs Geladen Onder Lopende Processen ---------------------
- - - - - - - > 'explorer.exe'(1800)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Andere Aktieve Processen ------------------------
.
c:\program files\AVG\AVG9\avgchsvx.exe
c:\program files\AVG\AVG9\avgrsx.exe
c:\program files\AVG\AVG9\avgcsrvx.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
c:\windows\System32\nvsvc32.exe
c:\program files\Analog Devices\SoundMAX\SMAgent.exe
c:\program files\Windows Media Player\WMPNetwk.exe
c:\program files\AVG\AVG9\avgnsx.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\RUNDLL32.EXE
c:\windows\system32\NotifyPhoneBook.exe
c:\windows\system32\WgaTray.exe
.
**************************************************************************
.
Voltooingstijd: 2010-04-10 13:49:41 - machine werd herstart
ComboFix-quarantined-files.txt 2010-04-10 11:49
Pre-Run: 25.019.301.888 bytes beschikbaar
Post-Run: 25.105.698.816 bytes beschikbaar
WindowsXP-KB310994-SP2-Home-BootDisk-NLD.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn
- - End Of File - - B856B5F316BAEC59AA0A4614C3F28AA3
-
Er zat idd heel wat rommel op. AVG laten scannen en niets meer gevonden
De computer start nog altijd wel traag op, maar ik ga nog een paar van je nuttige tips uitproberen(systeemherstel leegmaken, stofvrij maken,...) . Maar het zou ook wel eens een versleten harde schijf kunnen zijn, we zien wel.
Enorm bedankt iig om me te helpen die rotzooi er af te krijgen
-
Malwarebytes' Anti-Malware 1.45www.malwarebytes.orgDatabaseversie: 3967Windows 5.1.2600 Service Pack 3Internet Explorer 7.0.5730.11########mbam-log-2010-04-08 (10-44-11).txtScantype: Snelle scanObjecten gescand: 133878Verstreken tijd: 20 minuut/minuten, 1 seconde(n)Geheugenprocessen geïnfecteerd: 0Geheugenmodulen geïnfecteerd: 0Registersleutels geïnfecteerd: 7Registerwaarden geïnfecteerd: 1Registerdata geïnfecteerd: 0Mappen geïnfecteerd: 1Bestanden geïnfecteerd: 15Geheugenprocessen geïnfecteerd:(Geen kwaadaardige objecten gedetecteerd)Geheugenmodulen geïnfecteerd:(Geen kwaadaardige objecten gedetecteerd)Registersleutels geïnfecteerd:HKEY_CLASSES_ROOT\AppID\{8d71eeb8-a1a7-4733-8fa2-1cac015c967d} (Trojan.BHO) -> Quarantined and deleted successfully.HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6fc3c36d-7635-4d43-ba62-0d9d2f2cd06e} (Adware.Fotomoto) -> Quarantined and deleted successfully.HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{2e4a92ab-f2c0-456a-9935-b715439790d7} (Spyware.MarketScore) -> Quarantined and deleted successfully.HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{a75e294e-c047-4d29-b07e-37b792881bef} (Trojan.BHO) -> Quarantined and deleted successfully.HKEY_CLASSES_ROOT\AppID\Sidebar.dll (Trojan.BHO) -> Quarantined and deleted successfully.HKEY_CURRENT_USER\SOFTWARE\Microsoft\AdvRemoteDbg (Trojan.Agent) -> Quarantined and deleted successfully.HKEY_CURRENT_USER\SOFTWARE\Trymedia Systems (Adware.TryMedia) -> Quarantined and deleted successfully.Registerwaarden geïnfecteerd:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{4e7bd74f-2b8d-469e-86bd-fd60bb9aae3a} (Adware.OneToolBar) -> Quarantined and deleted successfully.Registerdata geïnfecteerd:(Geen kwaadaardige objecten gedetecteerd)Mappen geïnfecteerd:C:\WINDOWS\system32\SystemService32 (Worm.Archive) -> Quarantined and deleted successfully.Bestanden geïnfecteerd:C:\WINDOWS\system32\SystemService32\125.crack.zip.kwd (Worm.Archive) -> Quarantined and deleted successfully.C:\WINDOWS\system32\SystemService32\126.keygen.zip (Worm.Archive) -> Quarantined and deleted successfully.C:\WINDOWS\system32\SystemService32\126.keygen.zip.kwd (Worm.Archive) -> Quarantined and deleted successfully.C:\WINDOWS\system32\SystemService32\127.serial.zip (Worm.Archive) -> Quarantined and deleted successfully.C:\WINDOWS\system32\SystemService32\127.serial.zip.kwd (Worm.Archive) -> Quarantined and deleted successfully.C:\WINDOWS\system32\SystemService32\128.setup.zip (Worm.Archive) -> Quarantined and deleted successfully.C:\WINDOWS\system32\SystemService32\128.setup.zip.kwd (Worm.Archive) -> Quarantined and deleted successfully.C:\WINDOWS\system32\SystemService32\129.music.au (Worm.Archive) -> Quarantined and deleted successfully.C:\WINDOWS\system32\SystemService32\129.music.au.kwd (Worm.Archive) -> Quarantined and deleted successfully.C:\WINDOWS\system32\SystemService32\130.music1.mp3 (Worm.Archive) -> Quarantined and deleted successfully.C:\WINDOWS\system32\SystemService32\130.music1.mp3.kwd (Worm.Archive) -> Quarantined and deleted successfully.C:\WINDOWS\system32\SystemService32\131.music2.mp3 (Worm.Archive) -> Quarantined and deleted successfully.C:\WINDOWS\system32\SystemService32\131.music2.mp3.kwd (Worm.Archive) -> Quarantined and deleted successfully.C:\WINDOWS\system32\SystemService32\132.music.snd (Worm.Archive) -> Quarantined and deleted successfully.C:\WINDOWS\system32\SystemService32\132.music.snd.kwd (Worm.Archive) -> Quarantined and deleted successfully.
Logfile of Trend Micro HijackThis v2.0.3 (BETA)
Scan saved at 11:01:48, on 8/04/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.17023)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\runservice.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\NotifyPhoneBook.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\WgaTray.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\Microsoft\Office Live\OfficeLiveSignIn.exe
C:\WINDOWS\msagent\AgentSvr.exe
C:\Program Files\TrendMicro\HiJackThis\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Skynet.be - LE portail belge – DE Belgische portaalsite!
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\Msdxm6.ocx
O4 - HKLM\..\Run: [CloseDNF] C:\WINDOWS\System32\Utility.exe \1008
O4 - HKLM\..\Run: [AME_CSA] rundll32 amecsa.cpl,RUN_DLL
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [OM2_Monitor] "C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe" -NoStart
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: HP Slim selecteren - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: Kon. Vlimmeren Sport | www.vlimmerensport.be | Welkom
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/betapit/PCPitStop.CAB
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} (Image Uploader Control) - http://belgacom.extrafilm.be/ImageUploader5.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1161467017953
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://belgacom.extrafilm.be/ImageUploader4.cab
O16 - DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game16.zylomgames.com/activex/zylomgamesplayer.cab
O16 - DPF: {CE69F98F-2AF3-4306-BAC6-A79070EDA1B4} (Zylom Loader Object) - http://game12.zylomgames.com/activex/zylomloader.cab
O16 - DPF: {DB7BF79A-FC51-4B5A-92BC-A65731174380} (InstantAction Game Launcher) - The New InstantAction - Real PC Gaming in Your Browser
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,5087/mcfscan.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: getPlus® Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LicCtrl Service (LicCtrlService) - Unknown owner - C:\WINDOWS\runservice.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
--
End of file - 9948 bytes
-
Logfile of Trend Micro HijackThis v2.0.3 (BETA)
Scan saved at 22:39:08, on 7/04/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.17023)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\runservice.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\NotifyPhoneBook.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\WgaTray.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\AVG\AVG8\avgui.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\TrendMicro\HiJackThis\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Skynet.be - LE portail belge – DE Belgische portaalsite!
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - (no file)
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\Msdxm6.ocx
O4 - HKLM\..\Run: [CloseDNF] C:\WINDOWS\System32\Utility.exe \1008
O4 - HKLM\..\Run: [AME_CSA] rundll32 amecsa.cpl,RUN_DLL
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [OM2_Monitor] "C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe" -NoStart
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file)
O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: HP Slim selecteren - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: Kon. Vlimmeren Sport | www.vlimmerensport.be | Welkom
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/betapit/PCPitStop.CAB
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} (Image Uploader Control) - http://belgacom.extrafilm.be/ImageUploader5.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1161467017953
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://belgacom.extrafilm.be/ImageUploader4.cab
O16 - DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game16.zylomgames.com/activex/zylomgamesplayer.cab
O16 - DPF: {CE69F98F-2AF3-4306-BAC6-A79070EDA1B4} (Zylom Loader Object) - http://game12.zylomgames.com/activex/zylomloader.cab
O16 - DPF: {DB7BF79A-FC51-4B5A-92BC-A65731174380} (InstantAction Game Launcher) - The New InstantAction - Real PC Gaming in Your Browser
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,5087/mcfscan.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - avgrsstx.dll (file missing)
O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: getPlus® Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LicCtrl Service (LicCtrlService) - Unknown owner - C:\WINDOWS\runservice.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
--
End of file - 10228 bytes
Bedankt voor je snelle reactie
---------- Post toegevoegd om 21:41 ---------- Vorige post was om 21:40 ----------
Logfile of Trend Micro HijackThis v2.0.3 (BETA)
Scan saved at 22:39:08, on 7/04/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.17023)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\runservice.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\NotifyPhoneBook.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\WgaTray.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\AVG\AVG8\avgui.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\TrendMicro\HiJackThis\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Skynet.be - LE portail belge – DE Belgische portaalsite!
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - (no file)
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\Msdxm6.ocx
O4 - HKLM\..\Run: [CloseDNF] C:\WINDOWS\System32\Utility.exe \1008
O4 - HKLM\..\Run: [AME_CSA] rundll32 amecsa.cpl,RUN_DLL
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [OM2_Monitor] "C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe" -NoStart
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file)
O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: HP Slim selecteren - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: Kon. Vlimmeren Sport | www.vlimmerensport.be | Welkom
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/betapit/PCPitStop.CAB
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} (Image Uploader Control) - http://belgacom.extrafilm.be/ImageUploader5.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1161467017953
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://belgacom.extrafilm.be/ImageUploader4.cab
O16 - DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game16.zylomgames.com/activex/zylomgamesplayer.cab
O16 - DPF: {CE69F98F-2AF3-4306-BAC6-A79070EDA1B4} (Zylom Loader Object) - http://game12.zylomgames.com/activex/zylomloader.cab
O16 - DPF: {DB7BF79A-FC51-4B5A-92BC-A65731174380} (InstantAction Game Launcher) - The New InstantAction - Real PC Gaming in Your Browser
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,5087/mcfscan.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - avgrsstx.dll (file missing)
O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: getPlus® Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LicCtrl Service (LicCtrlService) - Unknown owner - C:\WINDOWS\runservice.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
--
End of file - 10228 bytes
Bedankt voor je snelle reactie
-
Ik heb het AVG-antivirus Free-programma mijn computer laten scannen omdat hij al een tijdje zeer traag opstart. Hij heeft 1 virus en 9 trojan horse (Trojaans paard Downloader.Zlob.ALJB) gedetecteerd. Het virus is verplaatst naar quarantaine maar de trojan horses krijg ik niet vewijderd, dan krijg ik de melding "verplaatst object is groter dan het archief C:\WINDOWS\system32\SystemService32\128.setup.zip". en dit voor alle 9 infecties.
Kan iemand mij helpen om deze trojaanse paarden te verwijderen?
Ik heb windows XP
mijn computer start niet meer op
in Archief Hardware algemeen
Geplaatst:
Opgelost