Daann
-
Items
6 -
Registratiedatum
-
Laatst bezocht
Inhoudstype
Profielen
Forums
Store
Berichten die geplaatst zijn door Daann
-
-
heey Kape
moet dit nog gebeuren want ik heb nergens last meer van je hebt mij in ieder geval super geholpen BEDANKT!
-
ComboFix 10-07-21.04 - Daan 22-07-2010 18:31:19.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.31.1043.18.3837.2849 [GMT 2:00]
Gestart vanuit: c:\users\Daan\Desktop\ComboFix.exe
SP: Spybot - Search and Destroy *disabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
* Aanwezig AV is actief
.
(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\system volume information\SystemRestore
c:\users\Daan\AppData\Roaming\inst.exe
c:\windows\Hgadoa.exe
c:\windows\system32\AutoRun.inf
c:\windows\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
.
(((((((((((((((((((( Bestanden Gemaakt van 2010-06-22 to 2010-07-22 ))))))))))))))))))))))))))))))
.
2010-07-22 16:42 . 2010-07-22 16:44 -------- dc----w- c:\users\Daan\AppData\Local\temp
2010-07-22 16:42 . 2010-07-22 16:42 -------- dc----w- c:\users\Default\AppData\Local\temp
2010-07-22 12:37 . 2010-07-22 12:37 53248 -c--a-r- c:\users\Daan\AppData\Roaming\Microsoft\Installer\{3360D505-B0AA-4284-92DF-F872AF90A448}\ARPPRODUCTICON.exe
2010-07-22 10:58 . 2010-07-22 14:41 -------- dc----w- c:\programdata\Kaspersky Lab
2010-07-22 10:57 . 2009-10-22 11:54 37392 -c--a-w- c:\windows\system32\drivers\40753002.sys
2010-07-22 10:57 . 2009-10-09 21:31 311312 -c--a-w- c:\windows\system32\drivers\4075300.sys
2010-07-22 10:57 . 2009-09-25 15:59 128016 -c--a-w- c:\windows\system32\drivers\40753001.sys
2010-07-22 10:27 . 2010-07-22 10:30 -------- dc----w- c:\programdata\Spybot - Search & Destroy
2010-07-22 10:27 . 2010-07-22 10:27 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-07-22 10:01 . 2010-07-22 10:01 388096 -c--a-r- c:\users\Daan\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-07-21 14:33 . 2010-07-21 14:33 -------- d-----w- c:\program files\Miro
2010-07-21 11:24 . 2010-07-21 11:24 970504 -c--a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2010-07-20 10:35 . 2010-07-20 13:31 -------- d-----w- c:\program files\iPod(3)
2010-07-20 10:35 . 2010-07-20 10:37 -------- d-----w- c:\program files\iTunes(4)
2010-07-20 10:25 . 2010-07-20 19:19 -------- d-----w- c:\program files\Bonjour
2010-07-19 18:52 . 2010-07-19 18:52 -------- dc----w- c:\users\Daan\AppData\Roaming\.BitTornado
2010-07-19 16:50 . 2010-07-20 18:22 -------- dc----w- c:\users\Daan\AppData\Roaming\Vso
2010-07-19 16:50 . 2010-07-20 18:22 47360 -c--a-w- c:\users\Daan\AppData\Roaming\pcouffin.sys
2010-07-19 16:50 . 2010-07-19 16:50 47360 -c--a-w- c:\windows\system32\drivers\pcouffin.sys
2010-07-19 16:50 . 2010-02-09 14:37 65602 -c--a-w- c:\windows\system32\cook3260.dll
2010-07-19 16:50 . 2010-02-09 14:37 217127 -c--a-w- c:\windows\system32\drv43260.dll
2010-07-19 16:50 . 2010-02-09 14:37 208935 -c--a-w- c:\windows\system32\drv33260.dll
2010-07-19 16:50 . 2010-02-09 14:37 176165 -c--a-w- c:\windows\system32\drv23260.dll
2010-07-19 16:50 . 2010-02-09 14:37 102439 -c--a-w- c:\windows\system32\sipr3260.dll
2010-07-19 16:50 . 2010-02-09 14:37 626688 -c--a-w- c:\windows\system32\vp7vfw.dll
2010-07-19 16:50 . 2010-02-09 14:37 1184984 -c--a-w- c:\windows\system32\wvc1dmod.dll
2010-07-19 16:50 . 2010-07-20 18:23 -------- d-----w- c:\program files\VSO
2010-07-16 19:46 . 2010-07-16 19:46 -------- dc----w- c:\users\Daan\AppData\Roaming\Canneverbe Limited
2010-07-16 19:46 . 2010-07-16 19:46 -------- dc----w- c:\programdata\Canneverbe Limited
2010-07-16 19:46 . 2010-07-16 19:46 -------- d-----w- c:\program files\CDBurnerXP
2010-07-16 19:22 . 2010-07-16 19:22 715248 -c--a-w- c:\windows\system32\drivers\sptd.sys
2010-07-16 17:37 . 2010-07-16 17:46 -------- dc----w- c:\users\Daan\AppData\Local\Ahead
2010-07-16 17:32 . 2010-07-16 18:08 -------- dc----w- c:\users\Daan\AppData\Roaming\Ahead
2010-07-16 17:31 . 2010-07-16 17:31 -------- dc----w- c:\programdata\Ahead
2010-07-16 16:29 . 2010-07-16 16:29 -------- dc----w- c:\programdata\NCH Software
2010-07-16 12:07 . 2010-07-16 12:07 -------- dc----w- c:\users\Daan\AppData\Roaming\gtk-2.0
2010-06-30 14:46 . 2010-07-20 19:23 -------- d-----w- c:\program files\iPod
2010-06-30 14:46 . 2010-07-22 15:36 -------- d-----w- c:\program files\iTunes
2010-06-30 14:38 . 2010-06-30 14:38 72504 -c--a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 9.2.0.61\SetupAdmin.exe
2010-06-24 14:41 . 2009-11-08 08:55 99176 -c--a-w- c:\windows\system32\PresentationHostProxy.dll
2010-06-24 14:41 . 2009-11-08 08:55 49472 -c--a-w- c:\windows\system32\netfxperf.dll
2010-06-24 14:41 . 2009-11-08 08:55 297808 -c--a-w- c:\windows\system32\mscoree.dll
2010-06-24 14:41 . 2009-11-08 08:55 295264 -c--a-w- c:\windows\system32\PresentationHost.exe
2010-06-24 14:41 . 2009-11-08 08:55 1130824 -c--a-w- c:\windows\system32\dfshim.dll
2010-06-24 13:23 . 2010-04-16 16:43 28672 -c--a-w- c:\windows\system32\Apphlpdm.dll
2010-06-24 13:23 . 2010-04-16 14:39 4240384 -c--a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2010-06-23 12:23 . 2010-06-23 12:23 501936 -c--a-w- c:\programdata\Google\Google Toolbar\Update\gtb975.tmp.exe
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-22 16:25 . 2009-09-11 05:37 31776 -c--a-w- c:\programdata\nvModes.dat
2010-07-22 16:23 . 2010-01-25 15:09 -------- dc----w- c:\users\Daan\AppData\Roaming\DNA
2010-07-22 14:42 . 2009-12-15 19:44 -------- dc----w- c:\users\Daan\AppData\Roaming\LimeWire
2010-07-22 14:39 . 2010-01-25 15:09 -------- d-----w- c:\program files\DNA
2010-07-22 12:45 . 2010-06-01 17:08 256 -c--a-w- c:\windows\system32\pool.bin
2010-07-22 12:30 . 2006-11-02 16:11 670308 -c--a-w- c:\windows\system32\perfh013.dat
2010-07-22 12:30 . 2006-11-02 16:11 127900 -c--a-w- c:\windows\system32\perfc013.dat
2010-07-22 12:17 . 2008-02-17 18:44 -------- dc----w- c:\programdata\Google Updater
2010-07-21 14:38 . 2010-05-26 19:25 -------- dc----w- c:\users\Daan\AppData\Roaming\PCF-VLC
2010-07-20 20:21 . 2009-08-27 16:03 104408 -c--a-w- c:\users\Daan\AppData\Local\GDIPFONTCACHEV1.DAT
2010-07-20 19:32 . 2009-09-01 14:20 -------- dc----w- c:\users\Daan\AppData\Roaming\Nero
2010-07-20 19:32 . 2009-08-27 16:03 -------- dc----w- c:\users\Daan\AppData\Roaming\Roxio
2010-07-20 19:32 . 2009-09-13 19:20 -------- dc----w- c:\users\Daan\AppData\Roaming\HpUpdate
2010-07-20 19:30 . 2009-08-28 17:18 -------- d-----w- c:\program files\vlc-0.8.5
2010-07-20 19:29 . 2008-11-07 15:28 -------- dc----w- c:\program files\TuneUp Utilities 2008
2010-07-20 19:28 . 2010-03-31 15:05 -------- d-----w- c:\program files\QuickTime
2010-07-20 19:27 . 2008-02-08 16:09 -------- dc----w- c:\program files\Microsoft Works
2010-07-20 19:24 . 2008-02-11 15:39 -------- dc----w- c:\program files\Messenger Plus! Live
2010-07-20 19:24 . 2009-07-04 16:23 -------- dc----w- c:\program files\Malwarebytes' Anti-Malware
2010-07-20 19:21 . 2008-02-08 17:26 -------- d-----w- c:\program files\HP
2010-07-20 19:21 . 2008-04-24 18:29 -------- d-----w- c:\program files\Euroglot Professional 4.5
2010-07-20 19:19 . 2008-02-08 17:50 -------- d-----w- c:\program files\CCleaner
2010-07-20 19:19 . 2009-09-11 05:34 -------- d-----w- c:\program files\AGEIA Technologies
2010-07-20 19:17 . 2009-08-15 19:25 -------- dc----w- c:\program files\Microsoft Silverlight
2010-07-20 19:17 . 2008-02-17 19:45 -------- d-----w- c:\program files\Java
2010-07-20 19:17 . 2008-02-17 18:44 -------- d-----w- c:\program files\Google
2010-07-20 13:30 . 2010-03-31 14:49 -------- dc----w- c:\programdata\PMB Files
2010-07-20 13:30 . 2009-08-27 19:55 -------- dc----w- c:\programdata\HP Product Assistant
2010-07-20 13:30 . 2008-02-11 15:09 -------- d-----w- c:\program files\Common Files\Apple
2010-07-20 12:19 . 2009-12-15 19:42 -------- d-----w- c:\program files\LimeWire
2010-07-16 20:34 . 2009-09-01 14:14 -------- d-----w- c:\program files\Nero
2010-07-16 20:33 . 2009-09-01 14:14 -------- dc----w- c:\programdata\Nero
2010-07-16 10:24 . 2008-02-08 16:00 -------- dc----w- c:\programdata\Roxio
2010-07-16 10:24 . 2008-02-08 15:58 -------- d-----w- c:\program files\Common Files\Sonic Shared
2010-07-16 10:24 . 2008-02-08 15:57 -------- d-----w- c:\program files\Common Files\Roxio Shared
2010-07-16 10:24 . 2009-10-04 10:01 -------- d-----w- c:\program files\Common Files\PX Storage Engine
2010-07-16 10:08 . 2010-06-01 17:05 -------- dc----w- c:\programdata\Research In Motion
2010-07-14 18:04 . 2006-11-02 11:18 -------- dc----w- c:\program files\Windows Mail
2010-07-14 18:02 . 2009-12-09 16:06 -------- dc----w- c:\programdata\Microsoft Help
2010-06-15 17:54 . 2009-08-28 18:57 -------- d-----w- c:\program files\Microsoft
2010-06-03 02:41 . 2010-06-03 02:41 3600384 -c--a-w- c:\windows\system32\GPhotos.scr
2010-06-02 15:05 . 2010-06-02 15:05 -------- dc----w- c:\users\Daan\AppData\Roaming\InstallShield
2010-06-01 17:40 . 2010-06-01 17:08 -------- dc----w- c:\users\Daan\AppData\Roaming\Research In Motion
2010-06-01 17:07 . 2010-06-01 17:05 -------- d-----w- c:\program files\Research In Motion
2010-06-01 17:05 . 2010-06-01 17:05 -------- d-----w- c:\program files\Common Files\Research In Motion
2010-05-26 17:06 . 2010-06-10 13:26 34304 -c--a-w- c:\windows\system32\atmlib.dll
2010-05-26 15:03 . 2010-05-26 15:03 -------- dc----w- c:\users\Daan\AppData\Roaming\Participatory Culture Foundation
2010-05-26 14:47 . 2010-06-10 13:26 289792 -c--a-w- c:\windows\system32\atmfd.dll
2010-05-21 12:14 . 2009-10-02 17:51 221568 -c----w- c:\windows\system32\MpSigStub.exe
2010-05-19 19:43 . 2010-05-19 19:43 680 -c--a-w- c:\users\Daan\AppData\Local\d3d9caps.dat
2010-05-11 18:34 . 2010-05-11 18:34 149132 -c-ha-w- c:\windows\system32\mlfcache.dat
2010-05-04 05:59 . 2010-06-10 13:25 916480 -c--a-w- c:\windows\system32\wininet.dll
2010-05-04 05:55 . 2010-06-10 13:25 71680 -c--a-w- c:\windows\system32\iesetup.dll
2010-05-04 05:55 . 2010-06-10 13:25 109056 -c--a-w- c:\windows\system32\iesysprep.dll
2010-05-04 04:31 . 2010-06-10 13:25 133632 -c--a-w- c:\windows\system32\ieUnatt.exe
2010-05-01 14:13 . 2010-06-10 13:25 2037248 -c--a-w- c:\windows\system32\win32k.sys
2008-02-08 16:16 . 2008-02-08 16:16 76 -csh--r- c:\windows\CT4CET.bin
2007-02-26 18:59 . 2007-02-26 18:59 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-02-17 68856]
"BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2010-01-25 323392]
"DELL Webcam Manager"="c:\program files\Dell\DELL Webcam Manager\DellWMgr.exe" [2007-06-07 118784]
"Pando Media Booster"="c:\program files\Pando Networks\Media Booster\PMB.exe" [2010-03-31 2937528]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2008-10-24 206112]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]
"OEM02Mon.exe"="c:\windows\OEM02Mon.exe" [2007-05-10 36864]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2007-07-02 159744]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2008-10-24 206112]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2008-10-24 79136]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-11 49152]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-08-19 13793824]
"NVHotkey"="c:\windows\system32\nvHotkey.dll" [2009-08-19 92704]
"Windows Mobile-based device management"="c:\windows\WindowsMobile\wmdSync.exe" [2006-11-02 215552]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2009-10-29 1218008]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-17 421888]
"BlackBerryAutoUpdate"="c:\program files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe" [2010-03-10 648536]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-06-15 141624]
c:\users\Daan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
LimeWire On Startup.lnk - c:\program files\LimeWire\LimeWire.exe [2009-9-30 503808]
setup_9.0.0.722_22.07.2010_13-32[1].lnk - c:\users\Daan\Desktop\Virus Removal Tool\setup_9.0.0.722_22.07.2010_13-32[1]\startup.exe [2010-7-22 72208]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-3-11 210520]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ PDBoot.exe\0autocheck autochk *
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(
:c8,87,7e,69,a0,30,ca,01[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-2189767671-939685220-2883698749-1000]
"EnableNotificationsRef"=dword:00000001
R2 gupdate;Google Updateservice (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-02-05 135664]
R3 XDva288;XDva288;c:\windows\system32\XDva288.sys [x]
R4 sptd;sptd;c:\windows\system32\Drivers\sptd.sys [2010-07-16 715248]
S0 40753002;40753002 Boot Guard Driver;c:\windows\system32\DRIVERS\40753002.sys [2009-10-22 37392]
S1 40753001;40753001;c:\windows\system32\DRIVERS\40753001.sys [2009-09-25 128016]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [2009-01-23 203280]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
HPService REG_MULTI_SZ HPSLPSVC
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Inhoud van de 'Gedeelde Taken' map
2010-07-16 c:\windows\Tasks\Easy Onderhoud.job
- c:\program files\TuneUp Utilities 2008\OneClick.exe [2008-02-04 14:09]
2010-07-22 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-02-17 21:33]
2010-07-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-05 17:19]
2010-07-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-05 17:19]
2010-07-15 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-12-04 11:22]
2010-06-01 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-12-04 11:22]
2010-07-22 c:\windows\Tasks\User_Feed_Synchronization-{3D68FD34-7637-4E82-939B-057DD3EE896D}.job
- c:\windows\system32\msfeedssync.exe [2010-06-10 04:30]
2010-07-22 c:\windows\Tasks\User_Feed_Synchronization-{FAE1C805-3CB6-4169-B1D7-65CBDD1C5620}.job
- c:\windows\system32\msfeedssync.exe [2010-06-10 04:30]
.
.
------- Bijkomende Scan -------
.
mStart Page = hxxp://www.yahoo.com
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
.
- - - - ORPHANS VERWIJDERD - - - -
Notify-WgaLogon - (no file)
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2010-07-22 18:44
Windows 6.0.6002 Service Pack 2 NTFS
scannen van verborgen processen ...
scannen van verborgen autostart items ...
scannen van verborgen bestanden ...
Scan succesvol afgerond
verborgen bestanden: 0
**************************************************************************
.
--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------
[HKEY_USERS\S-1-5-21-2189767671-939685220-2883698749-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*%%*+*]
@Class="Shell"
[HKEY_USERS\S-1-5-21-2189767671-939685220-2883698749-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*%%*+*\OpenWithList]
@Class="Shell"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Voltooingstijd: 2010-07-22 18:48:18
ComboFix-quarantined-files.txt 2010-07-22 16:48
Pre-Run: 87.819.395.072 bytes beschikbaar
Post-Run: 91.303.493.632 bytes beschikbaar
- - End Of File - - BBDABEF715DBB204E7EF68FAEE23F995
-
nee gelukkig niet, maar krijg nu allemaal pop-ups van sites:bawling:
hoop dat je me hieer ook mee kan helpen bij voorbaat dank:-)
-
Malwarebytes' Anti-Malware 1.38
Database version: 2373
Windows 6.0.6002 Service Pack 2
22-7-2010 15:36:41
mbam-log-2010-07-22 (15-36-41).txt
Scan type: Quick Scan
Objects scanned: 86172
Time elapsed: 6 minute(s), 21 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 15:38:38, on 22-7-2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18928)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\OEM02Mon.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Windows\WindowsMobile\wmdSync.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe
C:\Program Files\Raxco\PerfectDisk10\PDAgentS1.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\Dell\DELL Webcam Manager\DellWMgr.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Windows\system32\conime.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Users\Daan\Desktop\Virus Removal Tool\setup_9.0.0.722_22.07.2010_13-32[1]\setup_9.0.0.722_22.07.2010_13-32[1].exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\HijackThis\Trend Micro\HiJackThis\HiJackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Yahoo!
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Yahoo!
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [OEM02Mon.exe] C:\Windows\OEM02Mon.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
O4 - HKLM\..\Run: [iSUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NVHotkey] rundll32.exe C:\Windows\system32\nvHotkey.dll,Start
O4 - HKLM\..\Run: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdSync.exe
O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [blackBerryAutoUpdate] C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe /background
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [bitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [DELL Webcam Manager] "C:\Program Files\Dell\DELL Webcam Manager\DellWMgr.exe" /s
O4 - HKCU\..\Run: [Pando Media Booster] C:\Program Files\Pando Networks\Media Booster\PMB.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [iSUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
O4 - Startup: setup_9.0.0.722_22.07.2010_13-32[1].lnk = C:\Users\Daan\Desktop\Virus Removal Tool\setup_9.0.0.722_22.07.2010_13-32[1]\startup.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
O9 - Extra button: In weblog opnemen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &In weblog opnemen met Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: HP Slim selecteren - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Mobiel Apple apparaat (Apple Mobile Device) - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (file missing)
O23 - Service: NMSAccess - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk10\PDAgent.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk10\PDEngine.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software GmbH - C:\Windows\System32\TuneUpDefragService.exe
--
End of file - 11235 bytes
-
Hallo,
Ik heb deze week een film gedownload, toen kreeg ik meldingen van er is een TrojanDowloader op uw computer.
Meteeen verwijderd maar het kwaad was al geschied.een TrojanDownloader op mijn laptop. Hij heet TrojanDownloader:Win32/Renos.MQ
Ik krijg het met geen mogelijkheid weg windows defender komt met een mededeling ervan en als ik dan zeg alles verwijderen komt die over ong. 30 minuten weer met die mededeling
Heb wel een hijacklog gemaakt. Zal hem hieronder plakken.
Kan iemand mij alsjeblieft helpen om het eraf te krijgen????
Gr. Daan
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 13:12:21, on 22-7-2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18928)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\OEM02Mon.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Windows\System32\rundll32.exe
C:\Windows\WindowsMobile\wmdSync.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe
C:\Program Files\Raxco\PerfectDisk10\PDAgentS1.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\Dell\DELL Webcam Manager\DellWMgr.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\conime.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Users\Daan\Desktop\Virus Removal Tool\setup_9.0.0.722_22.07.2010_13-32[1]\setup_9.0.0.722_22.07.2010_13-32[1].exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\HijackThis\Trend Micro\HiJackThis\HiJackThis.exe
C:\Program Files\Internet Explorer\iexplore.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Yahoo!
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Yahoo!
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [OEM02Mon.exe] C:\Windows\OEM02Mon.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
O4 - HKLM\..\Run: [iSUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NVHotkey] rundll32.exe C:\Windows\system32\nvHotkey.dll,Start
O4 - HKLM\..\Run: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdSync.exe
O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [blackBerryAutoUpdate] C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe /background
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [bitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [DELL Webcam Manager] "C:\Program Files\Dell\DELL Webcam Manager\DellWMgr.exe" /s
O4 - HKCU\..\Run: [Pando Media Booster] C:\Program Files\Pando Networks\Media Booster\PMB.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [iSUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [Halo2] rundll32.exe C:\Windows\system32\sshnas21.dll,GetMainWnd
O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
O4 - Startup: setup_9.0.0.722_22.07.2010_13-32[1].lnk = C:\Users\Daan\Desktop\Virus Removal Tool\setup_9.0.0.722_22.07.2010_13-32[1]\startup.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
O9 - Extra button: In weblog opnemen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &In weblog opnemen met Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: HP Slim selecteren - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Programs\PartyGaming.Net\PartyPokerNet\RunPF.exe
O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Programs\PartyGaming.Net\PartyPokerNet\RunPF.exe
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Mobiel Apple apparaat (Apple Mobile Device) - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (file missing)
O23 - Service: NMSAccess - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk10\PDAgent.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk10\PDEngine.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software GmbH - C:\Windows\System32\TuneUpDefragService.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (file missing)
O23 - Service: NMSAccess - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk10\PDAgent.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk10\PDEngine.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software GmbH - C:\Windows\System32\TuneUpDefragService.exe
--
End of file - 13341 bytes
:c8,87,7e,69,a0,30,ca,01
Trojan Downloader HELP
in Archief Bestrijding malware & virussen
Geplaatst:
ComboFix 10-07-22.01 - Daan 23-07-2010 14:20:51.2.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.31.1043.18.3837.2909 [GMT 2:00]
Gestart vanuit: c:\users\Daan\Desktop\ComboFix.exe
gebruikte Opdracht switches :: c:\users\Daan\Desktop\CFScript.txt
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
* Aanwezig AV is actief
FILE ::
"c:\windows\system32\drivers\4075300.sys"
"c:\windows\system32\drivers\40753001.sys"
"c:\windows\system32\drivers\40753002.sys"
.
(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_40753001
-------\Legacy_40753002
(((((((((((((((((((( Bestanden Gemaakt van 2010-06-23 to 2010-07-23 ))))))))))))))))))))))))))))))
.
2010-07-23 12:28 . 2010-07-23 12:31 -------- dc----w- c:\users\Daan\AppData\Local\temp
2010-07-23 12:28 . 2010-07-23 12:28 -------- dc----w- c:\users\Public\AppData\Local\temp
2010-07-23 12:28 . 2010-07-23 12:28 -------- dc----w- c:\users\Myca\AppData\Local\temp
2010-07-23 12:28 . 2010-07-23 12:28 -------- dc----w- c:\users\Default\AppData\Local\temp
2010-07-22 19:12 . 2010-07-22 19:12 0 -c--a-w- c:\windows\nsreg.dat
2010-07-22 19:12 . 2010-07-22 19:12 -------- dc----w- c:\users\Daan\AppData\Local\Mozilla
2010-07-22 10:58 . 2010-07-22 16:58 -------- dc----w- c:\programdata\Kaspersky Lab
2010-07-22 10:27 . 2010-07-22 17:01 -------- dc----w- c:\programdata\Spybot - Search & Destroy
2010-07-21 14:33 . 2010-07-21 14:33 -------- d-----w- c:\program files\Miro
2010-07-20 10:35 . 2010-07-20 13:31 -------- d-----w- c:\program files\iPod(3)
2010-07-20 10:35 . 2010-07-20 10:37 -------- d-----w- c:\program files\iTunes(4)
2010-07-20 10:25 . 2010-07-20 19:19 -------- d-----w- c:\program files\Bonjour
2010-07-19 18:52 . 2010-07-19 18:52 -------- dc----w- c:\users\Daan\AppData\Roaming\.BitTornado
2010-07-19 16:50 . 2010-07-20 18:22 -------- dc----w- c:\users\Daan\AppData\Roaming\Vso
2010-07-19 16:50 . 2010-07-19 16:50 47360 -c--a-w- c:\windows\system32\drivers\pcouffin.sys
2010-07-19 16:50 . 2010-02-09 14:37 65602 -c--a-w- c:\windows\system32\cook3260.dll
2010-07-19 16:50 . 2010-02-09 14:37 217127 -c--a-w- c:\windows\system32\drv43260.dll
2010-07-19 16:50 . 2010-02-09 14:37 208935 -c--a-w- c:\windows\system32\drv33260.dll
2010-07-19 16:50 . 2010-02-09 14:37 176165 -c--a-w- c:\windows\system32\drv23260.dll
2010-07-19 16:50 . 2010-02-09 14:37 102439 -c--a-w- c:\windows\system32\sipr3260.dll
2010-07-19 16:50 . 2010-02-09 14:37 626688 -c--a-w- c:\windows\system32\vp7vfw.dll
2010-07-19 16:50 . 2010-02-09 14:37 1184984 -c--a-w- c:\windows\system32\wvc1dmod.dll
2010-07-19 16:50 . 2010-07-20 18:23 -------- d-----w- c:\program files\VSO
2010-07-16 19:46 . 2010-07-16 19:46 -------- dc----w- c:\users\Daan\AppData\Roaming\Canneverbe Limited
2010-07-16 19:46 . 2010-07-16 19:46 -------- dc----w- c:\programdata\Canneverbe Limited
2010-07-16 19:46 . 2010-07-16 19:46 -------- d-----w- c:\program files\CDBurnerXP
2010-07-16 19:22 . 2010-07-16 19:22 715248 -c--a-w- c:\windows\system32\drivers\sptd.sys
2010-07-16 17:37 . 2010-07-16 17:46 -------- dc----w- c:\users\Daan\AppData\Local\Ahead
2010-07-16 17:32 . 2010-07-16 18:08 -------- dc----w- c:\users\Daan\AppData\Roaming\Ahead
2010-07-16 17:31 . 2010-07-16 17:31 -------- dc----w- c:\programdata\Ahead
2010-07-16 16:29 . 2010-07-16 16:29 -------- dc----w- c:\programdata\NCH Software
2010-07-16 12:07 . 2010-07-16 12:07 -------- dc----w- c:\users\Daan\AppData\Roaming\gtk-2.0
2010-06-30 14:46 . 2010-07-20 19:23 -------- d-----w- c:\program files\iPod
2010-06-30 14:46 . 2010-07-22 15:36 -------- d-----w- c:\program files\iTunes
2010-06-24 14:41 . 2009-11-08 08:55 99176 -c--a-w- c:\windows\system32\PresentationHostProxy.dll
2010-06-24 14:41 . 2009-11-08 08:55 49472 -c--a-w- c:\windows\system32\netfxperf.dll
2010-06-24 14:41 . 2009-11-08 08:55 297808 -c--a-w- c:\windows\system32\mscoree.dll
2010-06-24 14:41 . 2009-11-08 08:55 295264 -c--a-w- c:\windows\system32\PresentationHost.exe
2010-06-24 14:41 . 2009-11-08 08:55 1130824 -c--a-w- c:\windows\system32\dfshim.dll
2010-06-24 13:23 . 2010-04-16 16:43 28672 -c--a-w- c:\windows\system32\Apphlpdm.dll
2010-06-24 13:23 . 2010-04-16 14:39 4240384 -c--a-w- c:\windows\system32\GameUXLegacyGDFs.dll
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-23 12:33 . 2009-12-15 19:44 -------- dc----w- c:\users\Daan\AppData\Roaming\LimeWire
2010-07-23 12:32 . 2010-01-25 15:09 -------- dc----w- c:\users\Daan\AppData\Roaming\DNA
2010-07-23 12:32 . 2010-01-25 15:09 -------- d-----w- c:\program files\DNA
2010-07-23 12:30 . 2009-09-11 05:37 31776 -c--a-w- c:\programdata\nvModes.dat
2010-07-23 05:46 . 2010-05-26 19:25 -------- dc----w- c:\users\Daan\AppData\Roaming\PCF-VLC
2010-07-22 19:15 . 2010-06-01 17:08 256 -c--a-w- c:\windows\system32\pool.bin
2010-07-22 19:07 . 2006-11-02 16:11 670308 -c--a-w- c:\windows\system32\perfh013.dat
2010-07-22 19:07 . 2006-11-02 16:11 127900 -c--a-w- c:\windows\system32\perfc013.dat
2010-07-22 12:37 . 2010-07-22 12:37 53248 -c--a-r- c:\users\Daan\AppData\Roaming\Microsoft\Installer\{3360D505-B0AA-4284-92DF-F872AF90A448}\ARPPRODUCTICON.exe
2010-07-22 12:17 . 2008-02-17 18:44 -------- dc----w- c:\programdata\Google Updater
2010-07-21 11:24 . 2010-07-21 11:24 970504 -c--a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2010-07-20 20:21 . 2009-08-27 16:03 104408 -c--a-w- c:\users\Daan\AppData\Local\GDIPFONTCACHEV1.DAT
2010-07-20 19:32 . 2009-09-01 14:20 -------- dc----w- c:\users\Daan\AppData\Roaming\Nero
2010-07-20 19:32 . 2009-08-27 16:03 -------- dc----w- c:\users\Daan\AppData\Roaming\Roxio
2010-07-20 19:32 . 2009-09-13 19:20 -------- dc----w- c:\users\Daan\AppData\Roaming\HpUpdate
2010-07-20 19:30 . 2009-08-28 17:18 -------- d-----w- c:\program files\vlc-0.8.5
2010-07-20 19:29 . 2008-11-07 15:28 -------- dc----w- c:\program files\TuneUp Utilities 2008
2010-07-20 19:28 . 2010-03-31 15:05 -------- d-----w- c:\program files\QuickTime
2010-07-20 19:27 . 2008-02-08 16:09 -------- dc----w- c:\program files\Microsoft Works
2010-07-20 19:24 . 2008-02-11 15:39 -------- dc----w- c:\program files\Messenger Plus! Live
2010-07-20 19:24 . 2009-07-04 16:23 -------- dc----w- c:\program files\Malwarebytes' Anti-Malware
2010-07-20 19:21 . 2008-02-08 17:26 -------- d-----w- c:\program files\HP
2010-07-20 19:21 . 2008-04-24 18:29 -------- d-----w- c:\program files\Euroglot Professional 4.5
2010-07-20 19:19 . 2008-02-08 17:50 -------- d-----w- c:\program files\CCleaner
2010-07-20 19:19 . 2009-09-11 05:34 -------- d-----w- c:\program files\AGEIA Technologies
2010-07-20 19:17 . 2009-08-15 19:25 -------- dc----w- c:\program files\Microsoft Silverlight
2010-07-20 19:17 . 2008-02-17 19:45 -------- d-----w- c:\program files\Java
2010-07-20 19:17 . 2008-02-17 18:44 -------- d-----w- c:\program files\Google
2010-07-20 18:22 . 2010-07-19 16:50 47360 -c--a-w- c:\users\Daan\AppData\Roaming\pcouffin.sys
2010-07-20 18:22 . 2010-07-19 16:50 47360 -c--a-w- c:\users\Daan\AppData\Roaming\pcouffin.sys
2010-07-20 13:30 . 2010-03-31 14:49 -------- dc----w- c:\programdata\PMB Files
2010-07-20 13:30 . 2009-08-27 19:55 -------- dc----w- c:\programdata\HP Product Assistant
2010-07-20 13:30 . 2008-02-11 15:09 -------- d-----w- c:\program files\Common Files\Apple
2010-07-20 12:19 . 2009-12-15 19:42 -------- d-----w- c:\program files\LimeWire
2010-07-16 20:34 . 2009-09-01 14:14 -------- d-----w- c:\program files\Nero
2010-07-16 20:33 . 2009-09-01 14:14 -------- dc----w- c:\programdata\Nero
2010-07-16 10:24 . 2008-02-08 16:00 -------- dc----w- c:\programdata\Roxio
2010-07-16 10:24 . 2008-02-08 15:58 -------- d-----w- c:\program files\Common Files\Sonic Shared
2010-07-16 10:24 . 2008-02-08 15:57 -------- d-----w- c:\program files\Common Files\Roxio Shared
2010-07-16 10:24 . 2009-10-04 10:01 -------- d-----w- c:\program files\Common Files\PX Storage Engine
2010-07-16 10:08 . 2010-06-01 17:05 -------- dc----w- c:\programdata\Research In Motion
2010-07-14 18:04 . 2006-11-02 11:18 -------- dc----w- c:\program files\Windows Mail
2010-07-14 18:02 . 2009-12-09 16:06 -------- dc----w- c:\programdata\Microsoft Help
2010-06-30 14:38 . 2010-06-30 14:38 72504 -c--a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 9.2.0.61\SetupAdmin.exe
2010-06-23 12:23 . 2010-06-23 12:23 501936 -c--a-w- c:\programdata\Google\Google Toolbar\Update\gtb975.tmp.exe
2010-06-15 17:54 . 2009-08-28 18:57 -------- d-----w- c:\program files\Microsoft
2010-06-03 02:41 . 2010-06-03 02:41 3600384 -c--a-w- c:\windows\system32\GPhotos.scr
2010-06-02 15:05 . 2010-06-02 15:05 -------- dc----w- c:\users\Daan\AppData\Roaming\InstallShield
2010-06-01 17:40 . 2010-06-01 17:08 -------- dc----w- c:\users\Daan\AppData\Roaming\Research In Motion
2010-06-01 17:07 . 2010-06-01 17:05 -------- d-----w- c:\program files\Research In Motion
2010-06-01 17:05 . 2010-06-01 17:05 -------- d-----w- c:\program files\Common Files\Research In Motion
2010-05-26 17:06 . 2010-06-10 13:26 34304 -c--a-w- c:\windows\system32\atmlib.dll
2010-05-26 15:03 . 2010-05-26 15:03 -------- dc----w- c:\users\Daan\AppData\Roaming\Participatory Culture Foundation
2010-05-26 14:47 . 2010-06-10 13:26 289792 -c--a-w- c:\windows\system32\atmfd.dll
2010-05-21 12:14 . 2009-10-02 17:51 221568 -c----w- c:\windows\system32\MpSigStub.exe
2010-05-19 19:43 . 2010-05-19 19:43 680 -c--a-w- c:\users\Daan\AppData\Local\d3d9caps.dat
2010-05-11 18:34 . 2010-05-11 18:34 149132 -c-ha-w- c:\windows\system32\mlfcache.dat
2010-05-04 05:59 . 2010-06-10 13:25 916480 -c--a-w- c:\windows\system32\wininet.dll
2010-05-04 05:55 . 2010-06-10 13:25 71680 -c--a-w- c:\windows\system32\iesetup.dll
2010-05-04 05:55 . 2010-06-10 13:25 109056 -c--a-w- c:\windows\system32\iesysprep.dll
2010-05-04 04:31 . 2010-06-10 13:25 133632 -c--a-w- c:\windows\system32\ieUnatt.exe
2010-05-01 14:13 . 2010-06-10 13:25 2037248 -c--a-w- c:\windows\system32\win32k.sys
2008-02-08 16:16 . 2008-02-08 16:16 76 -csh--r- c:\windows\CT4CET.bin
2007-02-26 18:59 . 2007-02-26 18:59 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-02-17 68856]
"BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2010-01-25 323392]
"DELL Webcam Manager"="c:\program files\Dell\DELL Webcam Manager\DellWMgr.exe" [2007-06-07 118784]
"Pando Media Booster"="c:\program files\Pando Networks\Media Booster\PMB.exe" [2010-03-31 2937528]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2008-10-24 206112]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]
"OEM02Mon.exe"="c:\windows\OEM02Mon.exe" [2007-05-10 36864]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2007-07-02 159744]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2008-10-24 206112]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2008-10-24 79136]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-11 49152]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-08-19 13793824]
"NVHotkey"="c:\windows\system32\nvHotkey.dll" [2009-08-19 92704]
"Windows Mobile-based device management"="c:\windows\WindowsMobile\wmdSync.exe" [2006-11-02 215552]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2009-10-29 1218008]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-17 421888]
"BlackBerryAutoUpdate"="c:\program files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe" [2010-03-10 648536]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-06-15 141624]
c:\users\Daan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
LimeWire On Startup.lnk - c:\program files\LimeWire\LimeWire.exe [2009-9-30 503808]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-3-11 210520]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ PDBoot.exe\0autocheck autochk *
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(
:c8,87,7e,69,a0,30,ca,01
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-2189767671-939685220-2883698749-1000]
"EnableNotificationsRef"=dword:00000001
R2 gupdate;Google Updateservice (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-02-05 135664]
R3 XDva288;XDva288;c:\windows\system32\XDva288.sys [x]
R4 sptd;sptd;c:\windows\system32\Drivers\sptd.sys [2010-07-16 715248]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [2009-01-23 203280]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
HPService REG_MULTI_SZ HPSLPSVC
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Inhoud van de 'Gedeelde Taken' map
2010-07-16 c:\windows\Tasks\Easy Onderhoud.job
- c:\program files\TuneUp Utilities 2008\OneClick.exe [2008-02-04 14:09]
2010-07-23 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-02-17 21:33]
2010-07-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-05 17:19]
2010-07-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-05 17:19]
2010-07-15 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-12-04 11:22]
2010-06-01 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-12-04 11:22]
2010-07-23 c:\windows\Tasks\User_Feed_Synchronization-{3D68FD34-7637-4E82-939B-057DD3EE896D}.job
- c:\windows\system32\msfeedssync.exe [2010-06-10 04:30]
2010-07-23 c:\windows\Tasks\User_Feed_Synchronization-{FAE1C805-3CB6-4169-B1D7-65CBDD1C5620}.job
- c:\windows\system32\msfeedssync.exe [2010-06-10 04:30]
.
.
------- Bijkomende Scan -------
.
mStart Page = hxxp://www.yahoo.com
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
FF - ProfilePath - c:\users\Daan\AppData\Roaming\Mozilla\Firefox\Profiles\5h9e251d.default\
FF - prefs.js: browser.startup.homepage - hxxp://go.microsoft.com/fwlink/?LinkId=69157
FF - prefs.js: network.proxy.type - 0
FF - component: c:\program files\McAfee\SiteAdvisor\components\McFFPlg.dll
FF - plugin: c:\program files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: c:\programdata\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
**************************************************************************
scannen van verborgen processen ...
scannen van verborgen autostart items ...
scannen van verborgen bestanden ...
Scan succesvol afgerond
verborgen bestanden:
**************************************************************************
.
--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------
[HKEY_USERS\S-1-5-21-2189767671-939685220-2883698749-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*%%*+*]
@Class="Shell"
[HKEY_USERS\S-1-5-21-2189767671-939685220-2883698749-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*%%*+*\OpenWithList]
@Class="Shell"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Geladen Onder Lopende Processen ---------------------
- - - - - - - > 'Explorer.exe'(2612)
c:\program files\McAfee\SiteAdvisor\saHook.dll
c:\program files\Roxio\Drag-to-Disc\Shellex.dll
c:\windows\system32\DLAAPI_W.DLL
c:\program files\Roxio\Drag-to-Disc\ShellRes.dll
.
------------------------ Andere Aktieve Processen ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\windows\system32\nvvsvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\windows\system32\rundll32.exe
c:\progra~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
c:\progra~1\McAfee\VIRUSS~1\mcshield.exe
c:\program files\McAfee\MPF\MPFSrv.exe
c:\program files\Common Files\Nero\Nero BackItUp 4\NBService.exe
c:\program files\CDBurnerXP\NMSAccessU.exe
c:\program files\Raxco\PerfectDisk10\PDAgent.exe
c:\windows\system32\conime.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\System32\rundll32.exe
c:\program files\DellTPad\ApMsgFwd.exe
c:\program files\DellTPad\HidFind.exe
c:\program files\DellTPad\Apntex.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\progra~1\McAfee\MSC\mcmscsvc.exe
c:\progra~1\McAfee\VIRUSS~1\mcsysmon.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe
c:\progra~1\COMMON~1\mcafee\mna\mcnasvc.exe
.
**************************************************************************
.
Voltooingstijd: 2010-07-23 14:39:41 - machine werd herstart
ComboFix-quarantined-files.txt 2010-07-23 12:39
Pre-Run: 89.005.019.136 bytes beschikbaar
Post-Run: 88.566.059.008 bytes beschikbaar
- - End Of File - - 1BB8D9E9EF94FD59524B85A74F6B16CB