Ga naar inhoud

bart

Lid
 Bekijk profiel  Bekijk hun activiteit

  • Items

    8

  • Registratiedatum

  • Laatst bezocht

 Inhoudstype 

Alles dat geplaatst werd door bart

  1. bart
    het is nog steeds alles behalve goed, als ik opstart krijg ik weer dat ding van: C:windows/msn.com ofzo en daarna steeds van THREAT DETACTED enzo... ***** virussen.
  2. bart
    Malwarebytes' Anti-Malware 1.10 Database versie: 598 Scan type: Snelle Scan Objecten gescand: 29598 Verstreken tijd: 2 minute(s), 54 second(s) Geheugenprocessen geïnfecteerd: 0 Geheugenmodulen geïnfecteerd: 0 Registersleutels geïnfecteerd: 1 Registerwaarden geïnfecteerd: 0 Registerdata bestanden geïnfecteerd: 0 Mappen geïnfecteerd: 0 Bestanden geïnfecteerd: 0 Geheugenprocessen geïnfecteerd: (Geen kwaadaardige items gevonden) Geheugenmodulen geïnfecteerd: (Geen kwaadaardige items gevonden) Registersleutels geïnfecteerd: HKEY_CLASSES_ROOT\Typelib\{d761645b-6b20-4698-aee8-729981152a82} (Rogue.PCSecureSystem) -> Quarantined and deleted successfully. Registerwaarden geïnfecteerd: (Geen kwaadaardige items gevonden) Registerdata bestanden geïnfecteerd: (Geen kwaadaardige items gevonden) Mappen geïnfecteerd: (Geen kwaadaardige items gevonden) Bestanden geïnfecteerd: (Geen kwaadaardige items gevonden) hij vroeg niet of ik hem opnieuw op wilde starten enzo, ook dat msn.com ding heb ik nergens kunnen vinden dus ik denk dat die al weg is.
  3. bart
    en ziet het er al beter uit ?
  4. bart
    ComboFix 08-04-06.1 - guildman 2008-04-07 21:39:18.3 - NTFSx86 Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1043.18.1284 [GMT 2:00] Gestart vanuit: C:\Users\guildman\Desktop\combofix\combofix.exe . (((((((((((((((((((( Bestanden Gemaakt van 2008-03-07 to 2008-04-07 )))))))))))))))))))))))))))))) . Geen nieuwe bestanden aangemaakt in deze periode . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-04-07 19:40 --------- d-----w C:\Users\guildman\AppData\Roaming\uTorrent 2008-04-07 16:47 --------- d-----w C:\Users\guildman\AppData\Roaming\AVG7 2008-04-06 18:12 --------- d-----w C:\Program Files\Trend Micro 2008-04-06 17:00 --------- d-----w C:\Users\guildman\AppData\Roaming\Xfire 2008-04-06 17:00 --------- d-----w C:\Users\guildman\AppData\Roaming\Hamachi 2008-04-06 15:42 --------- d-----w C:\ProgramData\Xfire 2008-04-06 11:28 39,424 --sh--r C:\Windows\msn.com 2008-04-06 09:46 --------- d-----w C:\Program Files\Maxis 2008-04-04 07:50 --------- d-----w C:\Users\guildman\AppData\Roaming\vlc 2008-04-04 07:15 --------- d-----w C:\Program Files\VideoLAN 2008-04-03 17:54 --------- d-----w C:\Program Files\Common Files\Logitech 2008-04-03 17:54 --------- d-----w C:\Program Files\Common Files\logishrd 2008-03-28 08:38 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-03-28 08:38 --------- d-----w C:\Users\guildman\AppData\Roaming\InstallShield 2008-03-28 08:32 --------- d-----w C:\Program Files\Java 2008-03-27 14:18 22,328 ----a-w C:\Windows\system32\drivers\PnkBstrK.sys 2008-03-27 14:18 107,832 ----a-w C:\Windows\System32\PnkBstrB.exe 2008-03-27 12:53 --------- d-----w C:\ProgramData\Test Drive Unlimited 2008-03-26 20:58 --------- d-----w C:\ProgramData\Logishrd 2008-03-26 19:21 --------- d-----w C:\ProgramData\Logitech 2008-03-22 07:33 53,768 ----a-w C:\Windows\system32\drivers\avgwfp.sys 2008-03-22 01:06 --------- d-----w C:\ProgramData\Ubisoft 2008-03-22 00:55 --------- d-----w C:\Program Files\Ubisoft 2008-03-21 17:02 108,144 ----a-w C:\Windows\System32\CmdLineExt.dll 2008-03-21 15:26 --------- d-----w C:\Program Files\EA Games 2008-03-21 14:10 --------- d-----w C:\Program Files\Atari 2008-03-21 13:37 --------- d-----w C:\Program Files\Xfire 2008-03-20 15:39 --------- d-----w C:\Users\guildman\AppData\Roaming\Ubisoft 2008-03-17 19:56 --------- d-----w C:\Program Files\Windows Mail 2008-03-13 23:06 41,296 ----a-w C:\Windows\System32\xfcodec.dll 2008-03-12 16:39 163,644 ----a-w C:\Windows\system32\drivers\SECDRV.SYS 2008-03-12 16:33 --------- d-----w C:\Program Files\Electronic Arts 2008-03-12 13:34 --------- d-----w C:\Program Files\CCleaner 2008-02-18 14:14 --------- d-----w C:\Program Files\Hamachi 2008-02-18 14:13 25,280 ----a-w C:\Windows\system32\drivers\hamachi.sys 2008-02-17 04:10 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard 2008-02-17 04:10 --------- d-----w C:\Program Files\AGEIA Technologies 2008-02-16 22:08 66,872 ----a-w C:\Windows\System32\PnkBstrA.exe 2008-02-16 21:45 22,328 ----a-w C:\Users\guildman\AppData\Roaming\PnkBstrK.sys 2008-02-16 21:32 --------- d-----w C:\Program Files\Activision 2008-02-14 11:55 --------- d-----w C:\ProgramData\Media Center Programs 2008-02-13 16:12 194,560 ----a-w C:\Windows\System32\WebClnt.dll 2008-02-13 16:12 110,080 ----a-w C:\Windows\system32\drivers\mrxdav.sys 2008-02-13 16:10 943,800 ----a-w C:\Windows\System32\winload.exe 2008-02-13 16:09 45,112 ----a-w C:\Windows\system32\drivers\pciidex.sys 2008-02-13 16:09 3,504,696 ----a-w C:\Windows\System32\ntkrnlpa.exe 2008-02-13 16:09 3,470,392 ----a-w C:\Windows\System32\ntoskrnl.exe 2008-02-13 16:09 21,560 ----a-w C:\Windows\system32\drivers\atapi.sys 2008-02-13 16:09 17,464 ----a-w C:\Windows\system32\drivers\intelide.sys 2008-02-13 16:09 154,624 ----a-w C:\Windows\system32\drivers\nwifi.sys 2008-02-13 16:09 109,624 ----a-w C:\Windows\system32\drivers\ataport.sys 2008-02-13 16:08 803,328 ----a-w C:\Windows\system32\drivers\tcpip.sys 2008-02-13 16:08 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll 2008-02-13 16:08 449,536 ----a-w C:\Windows\AppPatch\AcSpecfc.dll 2008-02-13 16:08 4,247,552 ----a-w C:\Windows\System32\GameUXLegacyGDFs.dll 2008-02-13 16:08 24,064 ----a-w C:\Windows\System32\netcfg.exe 2008-02-13 16:08 22,016 ----a-w C:\Windows\System32\netiougc.exe 2008-02-13 16:08 216,632 ----a-w C:\Windows\system32\drivers\netio.sys 2008-02-13 16:08 2,144,256 ----a-w C:\Windows\AppPatch\AcGenral.dll 2008-02-13 16:08 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll 2008-02-13 16:08 167,424 ----a-w C:\Windows\System32\tcpipcfg.dll 2008-02-13 16:08 1,686,528 ----a-w C:\Windows\System32\gameux.dll 2008-02-13 16:06 824,832 ----a-w C:\Windows\System32\wininet.dll 2008-02-13 16:06 56,320 ----a-w C:\Windows\System32\iesetup.dll 2008-02-13 16:06 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll 2008-02-13 16:06 26,624 ----a-w C:\Windows\System32\ieUnatt.exe 2008-01-30 21:51 1,957,672 ----a-w C:\Windows\System32\pbsvc.exe 2008-01-10 05:50 1,244,672 ----a-w C:\Windows\System32\mcmde.dll 2008-01-09 02:01 11,776 ----a-w C:\Windows\System32\sbunattend.exe 2007-09-01 08:17 174 --sha-w C:\Program Files\desktop.ini . ((((((((((((((((((((((((((((( snapshot@2008-04-07_19.06.27.13 ))))))))))))))))))))))))))))))))))))))))) . - 2008-04-07 17:03:48 67,584 --s-a-w C:\Windows\bootstat.dat + 2008-04-07 18:09:09 67,584 --s-a-w C:\Windows\bootstat.dat + 2005-10-20 18:02:28 163,328 ----a-w C:\Windows\erdnt\subs\ERDNT.EXE - 2008-04-07 17:05:00 262,144 ----a-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\usrclass.dat + 2008-04-07 19:24:14 262,144 ----a-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\usrclass.dat - 2008-04-07 17:04:54 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT + 2008-04-07 18:10:15 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT + 2008-04-07 18:10:15 262,144 ---ha-w C:\Windows\ServiceProfiles\LocalService\ntuser.dat.LOG1 - 2008-04-07 17:04:58 262,144 ----a-w C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\usrclass.dat + 2008-04-07 19:39:21 262,144 ----a-w C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\usrclass.dat - 2008-04-07 17:04:54 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT + 2008-04-07 19:38:01 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT + 2008-04-07 19:38:01 262,144 ---ha-w C:\Windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1 - 2008-04-07 16:58:14 262,144 ----a-w C:\Windows\System32\config\systemprofile\ntuser.dat + 2008-04-07 19:39:17 262,144 ----a-w C:\Windows\System32\config\systemprofile\ntuser.dat - 2008-04-07 16:52:15 108,260 ----a-w C:\Windows\System32\perfc009.dat + 2008-04-07 18:14:17 108,260 ----a-w C:\Windows\System32\perfc009.dat - 2008-04-07 16:52:15 128,256 ----a-w C:\Windows\System32\perfc013.dat + 2008-04-07 18:14:17 128,256 ----a-w C:\Windows\System32\perfc013.dat - 2008-04-07 16:52:15 621,176 ----a-w C:\Windows\System32\perfh009.dat + 2008-04-07 18:14:17 621,176 ----a-w C:\Windows\System32\perfh009.dat - 2008-04-07 16:52:15 701,994 ----a-w C:\Windows\System32\perfh013.dat + 2008-04-07 18:14:17 701,994 ----a-w C:\Windows\System32\perfh013.dat - 2008-04-07 16:49:19 9,252 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1782276545-2530281447-14400948-1001_UserData.bin + 2008-04-07 18:11:45 9,664 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1782276545-2530281447-14400948-1001_UserData.bin - 2008-04-07 16:49:19 70,986 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin + 2008-04-07 18:11:44 71,298 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin - 2008-04-07 16:49:18 38,790 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin + 2008-04-07 17:06:16 39,358 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 17:45 313472] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2007-12-09 18:35 171448] "ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 14:35 125440] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2007-08-06 16:10 1006264] "RtHDVCpl"="RtHDVCpl.exe" [2007-04-10 16:01 4431872 C:\Windows\RtHDVCpl.exe] "JMB36X IDE Setup"="C:\Windows\JM\JMInsIDE.exe" [2006-10-30 20:44 36864 C:\Windows\JM\JMInsIDE.exe] "NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-07-06 13:15 86016] "NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-07-06 13:15 8466432] "NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-07-06 13:15 81920] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784] "AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-01-11 14:19 579072] "NeroFilterCheck"="C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 16:57 153136] "NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-08-08 10:25 1828136] "LVCOMSX"="C:\Windows\system32\LVCOMSX.EXE" [2005-12-09 15:32 225280] "SBI"="C:\Users\guildman\Downloads\install_sbd_nl VIRUS SCANNER.exe" [2008-04-07 18:07 1172768] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2007-10-30 16:04 219136] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks] "{8E1BFC0E-8AD2-424D-AC8A-06038481516E}"= C:\Windows\system32\vtUlKCsS.dll [ ] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgwlntf] avgwlntf.dll 2007-08-07 09:19 9216 C:\Windows\System32\avgwlntf.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "VIDC.I420"= lvcodec2.dll "VIDC.XFR1"= xfcodec.dll "msacm.lhacm"= lhacm.acm "MSVideo8"= VfWWDM32.dll "MSVideo"= vfwwdm32.dll [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 "AntivirusOverride"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules] "{85CA479A-4F4A-4F9F-819D-E9E8E38D6CA0}"= C:\Program Files\Electronic Arts\Command & Conquer 3\RetailExe\1.0\cnc3game.dat:Command & Conquer 3 Tiberium Wars "{3748C267-0686-4C2C-83C1-76835F020E45}"= UDP:C:\Program Files\Electronic Arts\The Battle for Middle-earth II\game.dat:The Battle for Middle-earth™ II "{179F0B0D-787B-4566-8B9E-923D87C105D4}"= TCP:C:\Program Files\Electronic Arts\The Battle for Middle-earth II\game.dat:The Battle for Middle-earth™ II "{8F1615E1-2389-4F72-A731-63E8B669766D}"= UDP:C:\Program Files\Electronic Arts\The Rise of the Witch-king\game.dat:The Lord of the Rings, The Rise of the Witch-king "{10FF37FD-361C-44FA-BF39-16811D766F1A}"= TCP:C:\Program Files\Electronic Arts\The Rise of the Witch-king\game.dat:The Lord of the Rings, The Rise of the Witch-king "TCP Query User{32869293-0DAC-462C-A829-59EDD36C7D4C}C:\\program files\\electronic arts\\command & conquer 3\\retailexe\\1.0\\cnc3game.dat"= UDP:C:\program files\electronic arts\command & conquer 3\retailexe\1.0\cnc3game.dat:Command and Conquer 3 Tiberium Wars™ "UDP Query User{6DD765EC-DA2F-4BE7-833B-0553EB6CD0BF}C:\\program files\\electronic arts\\command & conquer 3\\retailexe\\1.0\\cnc3game.dat"= TCP:C:\program files\electronic arts\command & conquer 3\retailexe\1.0\cnc3game.dat:Command and Conquer 3 Tiberium Wars™ "{065DE9A0-188F-4AE0-B5EB-D002CCBA17AE}"= UDP:C:\Program Files\Electronic Arts\The Rise of the Witch-king\game.dat:The Lord of the Rings, The Rise of the Witch-king "{13CDB5E4-42D0-4799-9A15-A51A0F71FB64}"= TCP:C:\Program Files\Electronic Arts\The Rise of the Witch-king\game.dat:The Lord of the Rings, The Rise of the Witch-king "TCP Query User{1442EF57-1796-44EA-A25A-10AC04BD653F}C:\\program files\\hamachi\\hamachi.exe"= UDP:C:\program files\hamachi\hamachi.exe:Hamachi Client "UDP Query User{6E08A576-76C0-45FB-A4BD-970390D4CFD5}C:\\program files\\hamachi\\hamachi.exe"= TCP:C:\program files\hamachi\hamachi.exe:Hamachi Client "TCP Query User{CAE9F192-B5E0-46C1-B1F3-4D8A48810023}C:\\users\\guildman\\appdata\\local\\temp\\electronicarts_patcher_000.exe"= UDP:C:\users\guildman\appdata\local\temp\electronicarts_patcher_000.exe:electronicarts_patcher_000.exe "UDP Query User{52194791-5C0A-493B-B369-5F89512E2855}C:\\users\\guildman\\appdata\\local\\temp\\electronicarts_patcher_000.exe"= TCP:C:\users\guildman\appdata\local\temp\electronicarts_patcher_000.exe:electronicarts_patcher_000.exe "{4D627931-2F6E-4BAE-AD9A-68ED089C7FC4}"= C:\Program Files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone) "TCP Query User{FE7F86CE-B485-43F9-993A-AF9A79367568}C:\\program files\\gamespy\\comrade\\comrade.exe"= UDP:C:\program files\gamespy\comrade\comrade.exe:Comrade "UDP Query User{7E57F462-4649-4F46-A850-F99D3B599B42}C:\\program files\\gamespy\\comrade\\comrade.exe"= TCP:C:\program files\gamespy\comrade\comrade.exe:Comrade "{9F6C932E-0DAA-410F-BF1C-B1299AFB46D2}"= UDP:C:\Program Files\Electronic Arts\Battlefield 2142\BF2142.exe:Battlefield 2 "{E8267A96-A928-4AD3-8B4A-6E511DB1E034}"= TCP:C:\Program Files\Electronic Arts\Battlefield 2142\BF2142.exe:Battlefield 2 "{FC7A86DD-32BE-4133-A3C2-FC268F64F3E9}"= UDP:C:\Windows\System32\PnkBstrA.exe:PnkBstrA "{E956B76F-D336-42EC-95F3-26EB61780B19}"= TCP:C:\Windows\System32\PnkBstrA.exe:PnkBstrA "{A9107380-EBC1-4709-9667-47EC4C28A84A}"= UDP:C:\Windows\System32\PnkBstrB.exe:PnkBstrB "{7C1B81AD-860E-44E7-8665-14B527097911}"= TCP:C:\Windows\System32\PnkBstrB.exe:PnkBstrB "{D0CA9787-5862-4862-B4EA-A139CA03673F}"= UDP:C:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\Crysis.exe:Crysis_32 "{5AF83993-6195-42E4-8F39-BFC02E00073C}"= TCP:C:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\Crysis.exe:Crysis_32 "{C6B999D9-DB95-4C50-9DE2-08349930CF13}"= UDP:C:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\CrysisDedicatedServer.exe:CrysisDedicatedServer_32 "{5354D629-136F-4720-91A7-C9EFB6892A05}"= TCP:C:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\CrysisDedicatedServer.exe:CrysisDedicatedServer_32 "{81AAF909-ABF6-4964-8FC9-3925AF8AB6DE}"= UDP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent "{65A1C5CE-E140-46AD-91AB-10B72F739331}"= TCP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent "{F0165FCF-DD28-4EC7-9B40-695A2231CE77}"= UDP:C:\Program Files\Ubisoft\THE SETTLERS - Rise of an Empire\base\bin\Settlers6.exe:THE SETTLERS - Rise of an Empire "{7335FB89-CE03-44BD-BAE4-984428974DDB}"= TCP:C:\Program Files\Ubisoft\THE SETTLERS - Rise of an Empire\base\bin\Settlers6.exe:THE SETTLERS - Rise of an Empire "{B1BF99A2-982A-4FE0-AE99-D468D7441E29}"= UDP:C:\Program Files\Ubisoft\Assassin's Creed\AssassinsCreed_Dx9.exe:Assassin's Creed Dx9 "{04AFF9BF-8A65-4733-BCA2-30C5FF484232}"= TCP:C:\Program Files\Ubisoft\Assassin's Creed\AssassinsCreed_Dx9.exe:Assassin's Creed Dx9 "{0480B2BE-B4E6-472B-9532-C18C9818A0A8}"= UDP:C:\Program Files\Ubisoft\Assassin's Creed\AssassinsCreed_Dx10.exe:Assassin's Creed Dx10 "{263B9FD8-A680-479D-BF4D-F3FA8B03DEA7}"= TCP:C:\Program Files\Ubisoft\Assassin's Creed\AssassinsCreed_Dx10.exe:Assassin's Creed Dx10 "{35FA6214-19D4-44E5-837A-9422209DBB40}"= UDP:C:\Program Files\Ubisoft\Assassin's Creed\AssassinsCreed_Launcher.exe:Assassin's Creed Update "{E851150A-3E16-4358-951B-58518D241568}"= TCP:C:\Program Files\Ubisoft\Assassin's Creed\AssassinsCreed_Launcher.exe:Assassin's Creed Update "TCP Query User{0A1C39A0-538E-4DEB-B7A4-627F7314B374}C:\\program files\\xfire\\xfire.exe"= UDP:C:\program files\xfire\xfire.exe:Xfire "UDP Query User{321076CB-96BE-432B-8B84-6E02C9CACEB9}C:\\program files\\xfire\\xfire.exe"= TCP:C:\program files\xfire\xfire.exe:Xfire "TCP Query User{9329639A-0BC2-4D3A-A003-CEA6422C9F97}C:\\program files\\unreal tournament 3\\binaries\\ut3.exe"= UDP:C:\program files\unreal tournament 3\binaries\ut3.exe:UT3 "UDP Query User{0A45FD69-E612-40B7-A28F-897952807A00}C:\\program files\\unreal tournament 3\\binaries\\ut3.exe"= TCP:C:\program files\unreal tournament 3\binaries\ut3.exe:UT3 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System] "DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic| R3 AvgWFP;AVG7 Firewall Driver x86;C:\Windows\system32\Drivers\avgwfp.sys [2008-03-22 09:33] R3 LVPrcMon;Logitech LVPrcMon Driver;C:\Windows\system32\drivers\LVPrcMon.sys [2005-12-09 15:37] R3 yukonwlh;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk60x86.sys [2006-11-22 09:12] S3 FXDrv32;FXDrv32;C:\Program Files\FOXCONN\FOX LiveUpdate\FXDrv32.sys [2005-12-20 19:23] S3 MRV6X32P;Met Vista geleverd 32-bits-stuurprogramma;C:\Windows\system32\DRIVERS\MRVW13B.sys [2006-11-02 09:30] S3 odysseyIM4;Odyssey Network Agent Miniport;C:\Windows\system32\DRIVERS\odysseyIM4.sys [2004-09-24 23:36] S3 RTL85n86;Belkin Wireless G Notebook Card Service v8;C:\Windows\system32\DRIVERS\RTL85n86.sys [2007-03-12 17:49] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] bthsvcs REG_MULTI_SZ BthServ [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a58094c4-5000-11dc-b82a-001a7036ebf4}] \shell\AutoRun\command - K:\autorun.exe . ************************************************************************** catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-04-07 21:40:50 Windows 6.0.6000 NTFS scannen van verborgen processen ... scannen van verborgen autostart items ... scannen van verborgen bestanden ... Scan succesvol afgerond verborgen bestanden: 0 ************************************************************************** . Voltooingstijd: 2008-04-07 21:41:26 ComboFix-quarantined-files.txt 2008-04-07 19:41:24 ComboFix2.txt 2008-04-07 18:12:06 ComboFix3.txt 2008-04-07 17:07:08 Kan het bericht voor berichtnummer 0x2379 niet vinden in berichtenbestand voor Application. Kan het bericht voor berichtnummer 0x2379 niet vinden in berichtenbestand voor Application. . 2008-04-06 09:41:17 --- E O F ---
  5. bart
    uhm ja ik heb het nu wel gewoon op mijn pc staan denk ik, ik zal er even op klikken en kijken wat het doet. ok?
  6. bart
    ComboFix 08-04-06.1 - guildman 2008-04-07 20:04:41.2 - NTFSx86 Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1043.18.1310 [GMT 2:00] Gestart vanuit: C:\Users\guildman\Desktop\combofix\combofix.exe . (((((((((((((((((((( Bestanden Gemaakt van 2008-03-07 to 2008-04-07 )))))))))))))))))))))))))))))) . Geen nieuwe bestanden aangemaakt in deze periode . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-04-07 16:47 --------- d-----w C:\Users\guildman\AppData\Roaming\AVG7 2008-04-06 20:27 --------- d-----w C:\Users\guildman\AppData\Roaming\uTorrent 2008-04-06 18:12 --------- d-----w C:\Program Files\Trend Micro 2008-04-06 17:00 --------- d-----w C:\Users\guildman\AppData\Roaming\Xfire 2008-04-06 17:00 --------- d-----w C:\Users\guildman\AppData\Roaming\Hamachi 2008-04-06 15:42 --------- d-----w C:\ProgramData\Xfire 2008-04-06 11:28 39,424 --sh--r C:\Windows\msn.com 2008-04-06 09:46 --------- d-----w C:\Program Files\Maxis 2008-04-04 07:50 --------- d-----w C:\Users\guildman\AppData\Roaming\vlc 2008-04-04 07:15 --------- d-----w C:\Program Files\VideoLAN 2008-04-03 17:54 --------- d-----w C:\Program Files\Common Files\Logitech 2008-04-03 17:54 --------- d-----w C:\Program Files\Common Files\logishrd 2008-03-28 08:38 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-03-28 08:38 --------- d-----w C:\Users\guildman\AppData\Roaming\InstallShield 2008-03-28 08:32 --------- d-----w C:\Program Files\Java 2008-03-27 14:18 22,328 ----a-w C:\Windows\system32\drivers\PnkBstrK.sys 2008-03-27 12:53 --------- d-----w C:\ProgramData\Test Drive Unlimited 2008-03-26 20:58 --------- d-----w C:\ProgramData\Logishrd 2008-03-26 19:21 --------- d-----w C:\ProgramData\Logitech 2008-03-22 07:33 53,768 ----a-w C:\Windows\system32\drivers\avgwfp.sys 2008-03-22 01:06 --------- d-----w C:\ProgramData\Ubisoft 2008-03-22 00:55 --------- d-----w C:\Program Files\Ubisoft 2008-03-21 15:26 --------- d-----w C:\Program Files\EA Games 2008-03-21 14:10 --------- d-----w C:\Program Files\Atari 2008-03-21 13:37 --------- d-----w C:\Program Files\Xfire 2008-03-20 15:39 --------- d-----w C:\Users\guildman\AppData\Roaming\Ubisoft 2008-03-17 19:56 --------- d-----w C:\Program Files\Windows Mail 2008-03-12 16:39 163,644 ----a-w C:\Windows\system32\drivers\SECDRV.SYS 2008-03-12 16:33 --------- d-----w C:\Program Files\Electronic Arts 2008-03-12 13:34 --------- d-----w C:\Program Files\CCleaner 2008-02-18 14:14 --------- d-----w C:\Program Files\Hamachi 2008-02-18 14:13 25,280 ----a-w C:\Windows\system32\drivers\hamachi.sys 2008-02-17 04:30 --------- d-----w C:\Users\guildman\AppData\Roaming\InstallShield Installation Information 2008-02-17 04:11 --------- d-----w C:\Program Files\Unreal Tournament 3 2008-02-17 04:10 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard 2008-02-17 04:10 --------- d-----w C:\Program Files\AGEIA Technologies 2008-02-16 21:45 22,328 ----a-w C:\Users\guildman\AppData\Roaming\PnkBstrK.sys 2008-02-16 21:32 --------- d-----w C:\Program Files\Activision 2008-02-14 11:55 --------- d-----w C:\ProgramData\Media Center Programs 2008-02-13 16:12 110,080 ----a-w C:\Windows\system32\drivers\mrxdav.sys 2008-02-13 16:11 495,160 ----a-w C:\Windows\system32\drivers\Wdf01000.sys 2008-02-13 16:11 35,384 ----a-w C:\Windows\system32\drivers\WdfLdr.sys 2008-02-13 16:10 54,784 ----a-w C:\Windows\system32\drivers\i8042prt.sys 2008-02-13 16:10 35,384 ----a-w C:\Windows\system32\drivers\kbdclass.sys 2008-02-13 16:10 34,360 ----a-w C:\Windows\system32\drivers\mouclass.sys 2008-02-13 16:10 19,968 ----a-w C:\Windows\system32\drivers\sermouse.sys 2008-02-13 16:10 15,872 ----a-w C:\Windows\system32\drivers\mouhid.sys 2008-02-13 16:10 15,872 ----a-w C:\Windows\system32\drivers\kbdhid.sys 2008-02-13 16:09 45,112 ----a-w C:\Windows\system32\drivers\pciidex.sys 2008-02-13 16:09 21,560 ----a-w C:\Windows\system32\drivers\atapi.sys 2008-02-13 16:09 17,464 ----a-w C:\Windows\system32\drivers\intelide.sys 2008-02-13 16:09 154,624 ----a-w C:\Windows\system32\drivers\nwifi.sys 2008-02-13 16:09 109,624 ----a-w C:\Windows\system32\drivers\ataport.sys 2008-02-13 16:08 803,328 ----a-w C:\Windows\system32\drivers\tcpip.sys 2008-02-13 16:08 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll 2008-02-13 16:08 449,536 ----a-w C:\Windows\AppPatch\AcSpecfc.dll 2008-02-13 16:08 216,632 ----a-w C:\Windows\system32\drivers\netio.sys 2008-02-13 16:08 2,144,256 ----a-w C:\Windows\AppPatch\AcGenral.dll 2008-02-13 16:08 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll 2008-02-13 16:06 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll 2007-09-01 08:17 174 --sha-w C:\Program Files\desktop.ini . ((((((((((((((((((((((((((((( snapshot@2008-04-07_19.06.27.13 ))))))))))))))))))))))))))))))))))))))))) . - 2008-04-07 17:03:48 67,584 --s-a-w C:\Windows\bootstat.dat + 2008-04-07 18:09:09 67,584 --s-a-w C:\Windows\bootstat.dat + 2005-10-20 18:02:28 163,328 ----a-w C:\Windows\erdnt\subs\ERDNT.EXE - 2008-04-07 17:05:00 262,144 ----a-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\usrclass.dat + 2008-04-07 18:10:26 262,144 ----a-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\usrclass.dat - 2008-04-07 17:04:54 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT + 2008-04-07 18:10:15 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT + 2008-04-07 18:10:15 262,144 ---ha-w C:\Windows\ServiceProfiles\LocalService\ntuser.dat.LOG1 - 2008-04-07 17:04:58 262,144 ----a-w C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\usrclass.dat + 2008-04-07 18:10:25 262,144 ----a-w C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\usrclass.dat - 2008-04-07 17:04:54 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT + 2008-04-07 18:10:15 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT + 2008-04-07 18:10:15 262,144 ---ha-w C:\Windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1 - 2008-04-07 16:52:15 108,260 ----a-w C:\Windows\System32\perfc009.dat + 2008-04-07 17:43:49 108,260 ----a-w C:\Windows\System32\perfc009.dat - 2008-04-07 16:52:15 128,256 ----a-w C:\Windows\System32\perfc013.dat + 2008-04-07 17:43:49 128,256 ----a-w C:\Windows\System32\perfc013.dat - 2008-04-07 16:52:15 621,176 ----a-w C:\Windows\System32\perfh009.dat + 2008-04-07 17:43:49 621,176 ----a-w C:\Windows\System32\perfh009.dat - 2008-04-07 16:52:15 701,994 ----a-w C:\Windows\System32\perfh013.dat + 2008-04-07 17:43:49 701,994 ----a-w C:\Windows\System32\perfh013.dat - 2008-04-07 16:49:19 9,252 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1782276545-2530281447-14400948-1001_UserData.bin + 2008-04-07 17:06:20 9,498 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1782276545-2530281447-14400948-1001_UserData.bin - 2008-04-07 16:49:19 70,986 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin + 2008-04-07 17:06:20 71,204 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin - 2008-04-07 16:49:18 38,790 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin + 2008-04-07 17:06:16 39,358 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 17:45 313472] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2007-12-09 18:35 171448] "ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 14:35 125440] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2007-08-06 16:10 1006264] "RtHDVCpl"="RtHDVCpl.exe" [2007-04-10 16:01 4431872 C:\Windows\RtHDVCpl.exe] "JMB36X IDE Setup"="C:\Windows\JM\JMInsIDE.exe" [2006-10-30 20:44 36864] "NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-07-06 13:15 86016] "NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-07-06 13:15 8466432] "NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-07-06 13:15 81920] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784 C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe] "AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-01-11 14:19 579072] "NeroFilterCheck"="C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 16:57 153136] "NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-08-08 10:25 1828136] "LVCOMSX"="C:\Windows\system32\LVCOMSX.EXE" [2005-12-09 15:32 225280] "Windows live Messenger"="msn.com" [2008-04-06 13:28 39424 C:\Windows\msn.com] "SBI"="C:\Users\guildman\Downloads\install_sbd_nl VIRUS SCANNER.exe" [2008-04-07 18:07 1172768] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2007-10-30 16:04 219136] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks] "{8E1BFC0E-8AD2-424D-AC8A-06038481516E}"= C:\Windows\system32\vtUlKCsS.dll [ ] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgwlntf] avgwlntf.dll 2007-08-07 09:19 9216 C:\Windows\System32\avgwlntf.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "VIDC.I420"= lvcodec2.dll "VIDC.XFR1"= xfcodec.dll "msacm.lhacm"= lhacm.acm "MSVideo8"= VfWWDM32.dll "MSVideo"= vfwwdm32.dll [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 "AntivirusOverride"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules] "{85CA479A-4F4A-4F9F-819D-E9E8E38D6CA0}"= C:\Program Files\Electronic Arts\Command & Conquer 3\RetailExe\1.0\cnc3game.dat:Command & Conquer 3 Tiberium Wars "{3748C267-0686-4C2C-83C1-76835F020E45}"= UDP:C:\Program Files\Electronic Arts\The Battle for Middle-earth II\game.dat:The Battle for Middle-earth™ II "{179F0B0D-787B-4566-8B9E-923D87C105D4}"= TCP:C:\Program Files\Electronic Arts\The Battle for Middle-earth II\game.dat:The Battle for Middle-earth™ II "{8F1615E1-2389-4F72-A731-63E8B669766D}"= UDP:C:\Program Files\Electronic Arts\The Rise of the Witch-king\game.dat:The Lord of the Rings, The Rise of the Witch-king "{10FF37FD-361C-44FA-BF39-16811D766F1A}"= TCP:C:\Program Files\Electronic Arts\The Rise of the Witch-king\game.dat:The Lord of the Rings, The Rise of the Witch-king "TCP Query User{32869293-0DAC-462C-A829-59EDD36C7D4C}C:\\program files\\electronic arts\\command & conquer 3\\retailexe\\1.0\\cnc3game.dat"= UDP:C:\program files\electronic arts\command & conquer 3\retailexe\1.0\cnc3game.dat:Command and Conquer 3 Tiberium Wars™ "UDP Query User{6DD765EC-DA2F-4BE7-833B-0553EB6CD0BF}C:\\program files\\electronic arts\\command & conquer 3\\retailexe\\1.0\\cnc3game.dat"= TCP:C:\program files\electronic arts\command & conquer 3\retailexe\1.0\cnc3game.dat:Command and Conquer 3 Tiberium Wars™ "{065DE9A0-188F-4AE0-B5EB-D002CCBA17AE}"= UDP:C:\Program Files\Electronic Arts\The Rise of the Witch-king\game.dat:The Lord of the Rings, The Rise of the Witch-king "{13CDB5E4-42D0-4799-9A15-A51A0F71FB64}"= TCP:C:\Program Files\Electronic Arts\The Rise of the Witch-king\game.dat:The Lord of the Rings, The Rise of the Witch-king "TCP Query User{1442EF57-1796-44EA-A25A-10AC04BD653F}C:\\program files\\hamachi\\hamachi.exe"= UDP:C:\program files\hamachi\hamachi.exe:Hamachi Client "UDP Query User{6E08A576-76C0-45FB-A4BD-970390D4CFD5}C:\\program files\\hamachi\\hamachi.exe"= TCP:C:\program files\hamachi\hamachi.exe:Hamachi Client "TCP Query User{CAE9F192-B5E0-46C1-B1F3-4D8A48810023}C:\\users\\guildman\\appdata\\local\\temp\\electronicarts_patcher_000.exe"= UDP:C:\users\guildman\appdata\local\temp\electronicarts_patcher_000.exe:electronicarts_patcher_000.exe "UDP Query User{52194791-5C0A-493B-B369-5F89512E2855}C:\\users\\guildman\\appdata\\local\\temp\\electronicarts_patcher_000.exe"= TCP:C:\users\guildman\appdata\local\temp\electronicarts_patcher_000.exe:electronicarts_patcher_000.exe "{4D627931-2F6E-4BAE-AD9A-68ED089C7FC4}"= C:\Program Files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone) "TCP Query User{FE7F86CE-B485-43F9-993A-AF9A79367568}C:\\program files\\gamespy\\comrade\\comrade.exe"= UDP:C:\program files\gamespy\comrade\comrade.exe:Comrade "UDP Query User{7E57F462-4649-4F46-A850-F99D3B599B42}C:\\program files\\gamespy\\comrade\\comrade.exe"= TCP:C:\program files\gamespy\comrade\comrade.exe:Comrade "{9F6C932E-0DAA-410F-BF1C-B1299AFB46D2}"= UDP:C:\Program Files\Electronic Arts\Battlefield 2142\BF2142.exe:Battlefield 2 "{E8267A96-A928-4AD3-8B4A-6E511DB1E034}"= TCP:C:\Program Files\Electronic Arts\Battlefield 2142\BF2142.exe:Battlefield 2 "{FC7A86DD-32BE-4133-A3C2-FC268F64F3E9}"= UDP:C:\Windows\System32\PnkBstrA.exe:PnkBstrA "{E956B76F-D336-42EC-95F3-26EB61780B19}"= TCP:C:\Windows\System32\PnkBstrA.exe:PnkBstrA "{A9107380-EBC1-4709-9667-47EC4C28A84A}"= UDP:C:\Windows\System32\PnkBstrB.exe:PnkBstrB "{7C1B81AD-860E-44E7-8665-14B527097911}"= TCP:C:\Windows\System32\PnkBstrB.exe:PnkBstrB "{D0CA9787-5862-4862-B4EA-A139CA03673F}"= UDP:C:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\Crysis.exe:Crysis_32 "{5AF83993-6195-42E4-8F39-BFC02E00073C}"= TCP:C:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\Crysis.exe:Crysis_32 "{C6B999D9-DB95-4C50-9DE2-08349930CF13}"= UDP:C:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\CrysisDedicatedServer.exe:CrysisDedicatedServer_32 "{5354D629-136F-4720-91A7-C9EFB6892A05}"= TCP:C:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\CrysisDedicatedServer.exe:CrysisDedicatedServer_32 "{81AAF909-ABF6-4964-8FC9-3925AF8AB6DE}"= UDP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent "{65A1C5CE-E140-46AD-91AB-10B72F739331}"= TCP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent "{F0165FCF-DD28-4EC7-9B40-695A2231CE77}"= UDP:C:\Program Files\Ubisoft\THE SETTLERS - Rise of an Empire\base\bin\Settlers6.exe:THE SETTLERS - Rise of an Empire "{7335FB89-CE03-44BD-BAE4-984428974DDB}"= TCP:C:\Program Files\Ubisoft\THE SETTLERS - Rise of an Empire\base\bin\Settlers6.exe:THE SETTLERS - Rise of an Empire "{84E14DBE-4249-466C-BA04-69BB18B70C02}"= UDP:C:\Program Files\Unreal Tournament 3\Binaries\UT3.exe:Unreal Tournament 3 "{F992460F-79E7-4A16-BF5E-CD5F2BDE515E}"= TCP:C:\Program Files\Unreal Tournament 3\Binaries\UT3.exe:Unreal Tournament 3 "{B1BF99A2-982A-4FE0-AE99-D468D7441E29}"= UDP:C:\Program Files\Ubisoft\Assassin's Creed\AssassinsCreed_Dx9.exe:Assassin's Creed Dx9 "{04AFF9BF-8A65-4733-BCA2-30C5FF484232}"= TCP:C:\Program Files\Ubisoft\Assassin's Creed\AssassinsCreed_Dx9.exe:Assassin's Creed Dx9 "{0480B2BE-B4E6-472B-9532-C18C9818A0A8}"= UDP:C:\Program Files\Ubisoft\Assassin's Creed\AssassinsCreed_Dx10.exe:Assassin's Creed Dx10 "{263B9FD8-A680-479D-BF4D-F3FA8B03DEA7}"= TCP:C:\Program Files\Ubisoft\Assassin's Creed\AssassinsCreed_Dx10.exe:Assassin's Creed Dx10 "{35FA6214-19D4-44E5-837A-9422209DBB40}"= UDP:C:\Program Files\Ubisoft\Assassin's Creed\AssassinsCreed_Launcher.exe:Assassin's Creed Update "{E851150A-3E16-4358-951B-58518D241568}"= TCP:C:\Program Files\Ubisoft\Assassin's Creed\AssassinsCreed_Launcher.exe:Assassin's Creed Update "TCP Query User{0A1C39A0-538E-4DEB-B7A4-627F7314B374}C:\\program files\\xfire\\xfire.exe"= UDP:C:\program files\xfire\xfire.exe:Xfire "UDP Query User{321076CB-96BE-432B-8B84-6E02C9CACEB9}C:\\program files\\xfire\\xfire.exe"= TCP:C:\program files\xfire\xfire.exe:Xfire [HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System] "DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic| R3 AvgWFP;AVG7 Firewall Driver x86;C:\Windows\system32\Drivers\avgwfp.sys [2008-03-22 09:33] R3 LVPrcMon;Logitech LVPrcMon Driver;C:\Windows\system32\drivers\LVPrcMon.sys [2005-12-09 15:37] R3 yukonwlh;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk60x86.sys [2006-11-22 09:12] S3 FXDrv32;FXDrv32;C:\Program Files\FOXCONN\FOX LiveUpdate\FXDrv32.sys [2005-12-20 19:23] S3 MRV6X32P;Met Vista geleverd 32-bits-stuurprogramma;C:\Windows\system32\DRIVERS\MRVW13B.sys [2006-11-02 09:30] S3 odysseyIM4;Odyssey Network Agent Miniport;C:\Windows\system32\DRIVERS\odysseyIM4.sys [2004-09-24 23:36] S3 RTL85n86;Belkin Wireless G Notebook Card Service v8;C:\Windows\system32\DRIVERS\RTL85n86.sys [2007-03-12 17:49] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] bthsvcs REG_MULTI_SZ BthServ [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a58094c4-5000-11dc-b82a-001a7036ebf4}] \shell\AutoRun\command - K:\autorun.exe . ************************************************************************** catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-04-07 20:10:24 Windows 6.0.6000 NTFS scannen van verborgen processen ... scannen van verborgen autostart items ... scannen van verborgen bestanden ... Scan succesvol afgerond verborgen bestanden: 0 ************************************************************************** . ------------------------ Other Running Processes ------------------------ . c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe C:\PROGRA~1\Grisoft\AVG7\avgemc.exe C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe C:\Windows\system32\PnkBstrA.exe C:\Windows\system32\WUDFHost.exe C:\Windows\system32\conime.exe C:\Windows\System32\rundll32.exe C:\Windows\System32\rundll32.exe C:\Program Files\Grisoft\AVG7\avgcc.exe C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe C:\Windows\ehome\ehmsas.exe C:\Windows\system32\DllHost.exe . ************************************************************************** . Voltooingstijd: 2008-04-07 20:12:05 - machine was rebooted ComboFix-quarantined-files.txt 2008-04-07 18:12:02 ComboFix2.txt 2008-04-07 17:07:08 Kan het bericht voor berichtnummer 0x2379 niet vinden in berichtenbestand voor Application. Kan het bericht voor berichtnummer 0x2379 niet vinden in berichtenbestand voor Application. . 2008-04-06 09:41:17 --- E O F --- hier heb ik weer een log van combofix, Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 20:18:48, on 7-4-2008 Platform: Windows Vista (WinNT 6.00.1904) MSIE: Internet Explorer v7.00 (7.00.6000.16609) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\conime.exe C:\Program Files\Windows Defender\MSASCui.exe C:\Windows\RtHDVCpl.exe C:\Windows\System32\rundll32.exe C:\Windows\System32\rundll32.exe C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe C:\Program Files\Grisoft\AVG7\avgcc.exe C:\Windows\System32\LVCOMSX.EXE C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe C:\Windows\ehome\ehtray.exe C:\Windows\ehome\ehmsas.exe C:\Windows\Explorer.exe C:\Windows\system32\notepad.exe C:\Program Files\Internet Explorer\ieuser.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\Windows\JM\JMInsIDE.exe O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" O4 - HKLM\..\Run: [LVCOMSX] C:\Windows\system32\LVCOMSX.EXE O4 - HKLM\..\Run: [sBI] C:\Users\guildman\Downloads\install_sbd_nl VIRUS SCANNER.exe O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9 O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEEM') O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user') O4 - Global Startup: Adobe Reader Snelle start.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL O13 - Gopher Prefix: O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O20 - Winlogon Notify: avgwlntf - C:\Windows\SYSTEM32\avgwlntf.dll O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe O23 - Service: AVG7 Resident Shield Service (AvgCoreSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe -- End of file - 6029 bytes en hier de log van hijack this, ik hoop dat het de juiste informatie is. gr bart
  7. bart
    dit is de log van combo fix. ComboFix 08-04-06.1 - guildman 2008-04-07 18:58:24.1 - NTFSx86 Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1043.18.1284 [GMT 2:00] Gestart vanuit: C:\Users\guildman\Downloads\ComboFix.exe * Nieuw herstelpunt werd aangemaakt . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Windows\system32\awtsSihI.dll C:\Windows\system32\ddcYpoOi.dll C:\Windows\system32\fccaXPgF.dll C:\Windows\system32\nnnlmJYS.dll C:\Windows\system32\pmnmklLf.dll C:\Windows\System32\PVxyxyay.ini C:\Windows\System32\PVxyxyay.ini2 C:\Windows\system32\swsystem.dll C:\Windows\system32\vtUlKCsS.dll C:\Windows\system32\xxywVmnL.dll C:\Windows\system32\yayaXPhF.dll C:\Windows\system32\yayxyxVP.dll . (((((((((((((((((((( Bestanden Gemaakt van 2008-03-07 to 2008-04-07 )))))))))))))))))))))))))))))) . Geen nieuwe bestanden aangemaakt in deze periode . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-04-07 16:47 --------- d-----w C:\Users\guildman\AppData\Roaming\AVG7 2008-04-06 20:27 --------- d-----w C:\Users\guildman\AppData\Roaming\uTorrent 2008-04-06 18:12 --------- d-----w C:\Program Files\Trend Micro 2008-04-06 17:00 --------- d-----w C:\Users\guildman\AppData\Roaming\Xfire 2008-04-06 17:00 --------- d-----w C:\Users\guildman\AppData\Roaming\Hamachi 2008-04-06 15:42 --------- d-----w C:\ProgramData\Xfire 2008-04-06 11:28 39,424 --sh--r C:\Windows\msn.com 2008-04-06 09:46 --------- d-----w C:\Program Files\Maxis 2008-04-04 07:50 --------- d-----w C:\Users\guildman\AppData\Roaming\vlc 2008-04-04 07:15 --------- d-----w C:\Program Files\VideoLAN 2008-04-03 17:54 --------- d-----w C:\Program Files\Common Files\Logitech 2008-04-03 17:54 --------- d-----w C:\Program Files\Common Files\logishrd 2008-03-28 08:38 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-03-28 08:38 --------- d-----w C:\Users\guildman\AppData\Roaming\InstallShield 2008-03-28 08:32 --------- d-----w C:\Program Files\Java 2008-03-27 14:18 22,328 ----a-w C:\Windows\system32\drivers\PnkBstrK.sys 2008-03-27 12:53 --------- d-----w C:\ProgramData\Test Drive Unlimited 2008-03-26 20:58 --------- d-----w C:\ProgramData\Logishrd 2008-03-26 19:21 --------- d-----w C:\ProgramData\Logitech 2008-03-22 07:33 53,768 ----a-w C:\Windows\system32\drivers\avgwfp.sys 2008-03-22 01:06 --------- d-----w C:\ProgramData\Ubisoft 2008-03-22 00:55 --------- d-----w C:\Program Files\Ubisoft 2008-03-21 15:26 --------- d-----w C:\Program Files\EA Games 2008-03-21 14:10 --------- d-----w C:\Program Files\Atari 2008-03-21 13:37 --------- d-----w C:\Program Files\Xfire 2008-03-20 15:39 --------- d-----w C:\Users\guildman\AppData\Roaming\Ubisoft 2008-03-17 19:56 --------- d-----w C:\Program Files\Windows Mail 2008-03-12 16:39 163,644 ----a-w C:\Windows\system32\drivers\SECDRV.SYS 2008-03-12 16:33 --------- d-----w C:\Program Files\Electronic Arts 2008-03-12 13:34 --------- d-----w C:\Program Files\CCleaner 2008-02-18 14:14 --------- d-----w C:\Program Files\Hamachi 2008-02-18 14:13 25,280 ----a-w C:\Windows\system32\drivers\hamachi.sys 2008-02-17 04:30 --------- d-----w C:\Users\guildman\AppData\Roaming\InstallShield Installation Information 2008-02-17 04:11 --------- d-----w C:\Program Files\Unreal Tournament 3 2008-02-17 04:10 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard 2008-02-17 04:10 --------- d-----w C:\Program Files\AGEIA Technologies 2008-02-16 21:45 22,328 ----a-w C:\Users\guildman\AppData\Roaming\PnkBstrK.sys 2008-02-16 21:32 --------- d-----w C:\Program Files\Activision 2008-02-14 11:55 --------- d-----w C:\ProgramData\Media Center Programs 2008-02-13 16:12 110,080 ----a-w C:\Windows\system32\drivers\mrxdav.sys 2008-02-13 16:11 495,160 ----a-w C:\Windows\system32\drivers\Wdf01000.sys 2008-02-13 16:11 35,384 ----a-w C:\Windows\system32\drivers\WdfLdr.sys 2008-02-13 16:10 54,784 ----a-w C:\Windows\system32\drivers\i8042prt.sys 2008-02-13 16:10 35,384 ----a-w C:\Windows\system32\drivers\kbdclass.sys 2008-02-13 16:10 34,360 ----a-w C:\Windows\system32\drivers\mouclass.sys 2008-02-13 16:10 19,968 ----a-w C:\Windows\system32\drivers\sermouse.sys 2008-02-13 16:10 15,872 ----a-w C:\Windows\system32\drivers\mouhid.sys 2008-02-13 16:10 15,872 ----a-w C:\Windows\system32\drivers\kbdhid.sys 2008-02-13 16:09 45,112 ----a-w C:\Windows\system32\drivers\pciidex.sys 2008-02-13 16:09 21,560 ----a-w C:\Windows\system32\drivers\atapi.sys 2008-02-13 16:09 17,464 ----a-w C:\Windows\system32\drivers\intelide.sys 2008-02-13 16:09 154,624 ----a-w C:\Windows\system32\drivers\nwifi.sys 2008-02-13 16:09 109,624 ----a-w C:\Windows\system32\drivers\ataport.sys 2008-02-13 16:08 803,328 ----a-w C:\Windows\system32\drivers\tcpip.sys 2008-02-13 16:08 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll 2008-02-13 16:08 449,536 ----a-w C:\Windows\AppPatch\AcSpecfc.dll 2008-02-13 16:08 216,632 ----a-w C:\Windows\system32\drivers\netio.sys 2008-02-13 16:08 2,144,256 ----a-w C:\Windows\AppPatch\AcGenral.dll 2008-02-13 16:08 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll 2008-02-13 16:06 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll 2007-09-01 08:17 174 --sha-w C:\Program Files\desktop.ini . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 17:45 313472] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2007-12-09 18:35 171448] "ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 14:35 125440] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2007-08-06 16:10 1006264] "RtHDVCpl"="RtHDVCpl.exe" [2007-04-10 16:01 4431872 C:\Windows\RtHDVCpl.exe] "JMB36X IDE Setup"="C:\Windows\JM\JMInsIDE.exe" [2006-10-30 20:44 36864] "NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-07-06 13:15 86016] "NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-07-06 13:15 8466432] "NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-07-06 13:15 81920] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784 C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe] "AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-01-11 14:19 579072] "NeroFilterCheck"="C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 16:57 153136] "NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-08-08 10:25 1828136] "LVCOMSX"="C:\Windows\system32\LVCOMSX.EXE" [2005-12-09 15:32 225280] "Windows live Messenger"="msn.com" [2008-04-06 13:28 39424 C:\Windows\msn.com] "SBI"="C:\Users\guildman\Downloads\install_sbd_nl VIRUS SCANNER.exe" [2008-04-07 18:07 1172768] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2007-10-30 16:04 219136] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks] "{8E1BFC0E-8AD2-424D-AC8A-06038481516E}"= C:\Windows\system32\vtUlKCsS.dll [ ] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgwlntf] avgwlntf.dll 2007-08-07 09:19 9216 C:\Windows\System32\avgwlntf.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "VIDC.I420"= lvcodec2.dll "VIDC.XFR1"= xfcodec.dll "msacm.lhacm"= lhacm.acm "MSVideo8"= VfWWDM32.dll "MSVideo"= vfwwdm32.dll [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Authentication Packages REG_MULTI_SZ msv1_0 C:\Windows\system32\yayxyxVP [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 "AntivirusOverride"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules] "{85CA479A-4F4A-4F9F-819D-E9E8E38D6CA0}"= C:\Program Files\Electronic Arts\Command & Conquer 3\RetailExe\1.0\cnc3game.dat:Command & Conquer 3 Tiberium Wars "{3748C267-0686-4C2C-83C1-76835F020E45}"= UDP:C:\Program Files\Electronic Arts\The Battle for Middle-earth II\game.dat:The Battle for Middle-earth™ II "{179F0B0D-787B-4566-8B9E-923D87C105D4}"= TCP:C:\Program Files\Electronic Arts\The Battle for Middle-earth II\game.dat:The Battle for Middle-earth™ II "{8F1615E1-2389-4F72-A731-63E8B669766D}"= UDP:C:\Program Files\Electronic Arts\The Rise of the Witch-king\game.dat:The Lord of the Rings, The Rise of the Witch-king "{10FF37FD-361C-44FA-BF39-16811D766F1A}"= TCP:C:\Program Files\Electronic Arts\The Rise of the Witch-king\game.dat:The Lord of the Rings, The Rise of the Witch-king "TCP Query User{32869293-0DAC-462C-A829-59EDD36C7D4C}C:\\program files\\electronic arts\\command & conquer 3\\retailexe\\1.0\\cnc3game.dat"= UDP:C:\program files\electronic arts\command & conquer 3\retailexe\1.0\cnc3game.dat:Command and Conquer 3 Tiberium Wars™ "UDP Query User{6DD765EC-DA2F-4BE7-833B-0553EB6CD0BF}C:\\program files\\electronic arts\\command & conquer 3\\retailexe\\1.0\\cnc3game.dat"= TCP:C:\program files\electronic arts\command & conquer 3\retailexe\1.0\cnc3game.dat:Command and Conquer 3 Tiberium Wars™ "{065DE9A0-188F-4AE0-B5EB-D002CCBA17AE}"= UDP:C:\Program Files\Electronic Arts\The Rise of the Witch-king\game.dat:The Lord of the Rings, The Rise of the Witch-king "{13CDB5E4-42D0-4799-9A15-A51A0F71FB64}"= TCP:C:\Program Files\Electronic Arts\The Rise of the Witch-king\game.dat:The Lord of the Rings, The Rise of the Witch-king "TCP Query User{1442EF57-1796-44EA-A25A-10AC04BD653F}C:\\program files\\hamachi\\hamachi.exe"= UDP:C:\program files\hamachi\hamachi.exe:Hamachi Client "UDP Query User{6E08A576-76C0-45FB-A4BD-970390D4CFD5}C:\\program files\\hamachi\\hamachi.exe"= TCP:C:\program files\hamachi\hamachi.exe:Hamachi Client "TCP Query User{CAE9F192-B5E0-46C1-B1F3-4D8A48810023}C:\\users\\guildman\\appdata\\local\\temp\\electronicarts_patcher_000.exe"= UDP:C:\users\guildman\appdata\local\temp\electronicarts_patcher_000.exe:electronicarts_patcher_000.exe "UDP Query User{52194791-5C0A-493B-B369-5F89512E2855}C:\\users\\guildman\\appdata\\local\\temp\\electronicarts_patcher_000.exe"= TCP:C:\users\guildman\appdata\local\temp\electronicarts_patcher_000.exe:electronicarts_patcher_000.exe "{4D627931-2F6E-4BAE-AD9A-68ED089C7FC4}"= C:\Program Files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone) "TCP Query User{FE7F86CE-B485-43F9-993A-AF9A79367568}C:\\program files\\gamespy\\comrade\\comrade.exe"= UDP:C:\program files\gamespy\comrade\comrade.exe:Comrade "UDP Query User{7E57F462-4649-4F46-A850-F99D3B599B42}C:\\program files\\gamespy\\comrade\\comrade.exe"= TCP:C:\program files\gamespy\comrade\comrade.exe:Comrade "{9F6C932E-0DAA-410F-BF1C-B1299AFB46D2}"= UDP:C:\Program Files\Electronic Arts\Battlefield 2142\BF2142.exe:Battlefield 2 "{E8267A96-A928-4AD3-8B4A-6E511DB1E034}"= TCP:C:\Program Files\Electronic Arts\Battlefield 2142\BF2142.exe:Battlefield 2 "{FC7A86DD-32BE-4133-A3C2-FC268F64F3E9}"= UDP:C:\Windows\System32\PnkBstrA.exe:PnkBstrA "{E956B76F-D336-42EC-95F3-26EB61780B19}"= TCP:C:\Windows\System32\PnkBstrA.exe:PnkBstrA "{A9107380-EBC1-4709-9667-47EC4C28A84A}"= UDP:C:\Windows\System32\PnkBstrB.exe:PnkBstrB "{7C1B81AD-860E-44E7-8665-14B527097911}"= TCP:C:\Windows\System32\PnkBstrB.exe:PnkBstrB "{D0CA9787-5862-4862-B4EA-A139CA03673F}"= UDP:C:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\Crysis.exe:Crysis_32 "{5AF83993-6195-42E4-8F39-BFC02E00073C}"= TCP:C:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\Crysis.exe:Crysis_32 "{C6B999D9-DB95-4C50-9DE2-08349930CF13}"= UDP:C:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\CrysisDedicatedServer.exe:CrysisDedicatedServer_32 "{5354D629-136F-4720-91A7-C9EFB6892A05}"= TCP:C:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\CrysisDedicatedServer.exe:CrysisDedicatedServer_32 "{81AAF909-ABF6-4964-8FC9-3925AF8AB6DE}"= UDP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent "{65A1C5CE-E140-46AD-91AB-10B72F739331}"= TCP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent "{F0165FCF-DD28-4EC7-9B40-695A2231CE77}"= UDP:C:\Program Files\Ubisoft\THE SETTLERS - Rise of an Empire\base\bin\Settlers6.exe:THE SETTLERS - Rise of an Empire "{7335FB89-CE03-44BD-BAE4-984428974DDB}"= TCP:C:\Program Files\Ubisoft\THE SETTLERS - Rise of an Empire\base\bin\Settlers6.exe:THE SETTLERS - Rise of an Empire "{84E14DBE-4249-466C-BA04-69BB18B70C02}"= UDP:C:\Program Files\Unreal Tournament 3\Binaries\UT3.exe:Unreal Tournament 3 "{F992460F-79E7-4A16-BF5E-CD5F2BDE515E}"= TCP:C:\Program Files\Unreal Tournament 3\Binaries\UT3.exe:Unreal Tournament 3 "{B1BF99A2-982A-4FE0-AE99-D468D7441E29}"= UDP:C:\Program Files\Ubisoft\Assassin's Creed\AssassinsCreed_Dx9.exe:Assassin's Creed Dx9 "{04AFF9BF-8A65-4733-BCA2-30C5FF484232}"= TCP:C:\Program Files\Ubisoft\Assassin's Creed\AssassinsCreed_Dx9.exe:Assassin's Creed Dx9 "{0480B2BE-B4E6-472B-9532-C18C9818A0A8}"= UDP:C:\Program Files\Ubisoft\Assassin's Creed\AssassinsCreed_Dx10.exe:Assassin's Creed Dx10 "{263B9FD8-A680-479D-BF4D-F3FA8B03DEA7}"= TCP:C:\Program Files\Ubisoft\Assassin's Creed\AssassinsCreed_Dx10.exe:Assassin's Creed Dx10 "{35FA6214-19D4-44E5-837A-9422209DBB40}"= UDP:C:\Program Files\Ubisoft\Assassin's Creed\AssassinsCreed_Launcher.exe:Assassin's Creed Update "{E851150A-3E16-4358-951B-58518D241568}"= TCP:C:\Program Files\Ubisoft\Assassin's Creed\AssassinsCreed_Launcher.exe:Assassin's Creed Update "TCP Query User{0A1C39A0-538E-4DEB-B7A4-627F7314B374}C:\\program files\\xfire\\xfire.exe"= UDP:C:\program files\xfire\xfire.exe:Xfire "UDP Query User{321076CB-96BE-432B-8B84-6E02C9CACEB9}C:\\program files\\xfire\\xfire.exe"= TCP:C:\program files\xfire\xfire.exe:Xfire [HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System] "DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic| R3 AvgWFP;AVG7 Firewall Driver x86;C:\Windows\system32\Drivers\avgwfp.sys [2008-03-22 09:33] R3 LVPrcMon;Logitech LVPrcMon Driver;C:\Windows\system32\drivers\LVPrcMon.sys [2005-12-09 15:37] R3 yukonwlh;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk60x86.sys [2006-11-22 09:12] S3 FXDrv32;FXDrv32;C:\Program Files\FOXCONN\FOX LiveUpdate\FXDrv32.sys [2005-12-20 19:23] S3 MRV6X32P;Met Vista geleverd 32-bits-stuurprogramma;C:\Windows\system32\DRIVERS\MRVW13B.sys [2006-11-02 09:30] S3 odysseyIM4;Odyssey Network Agent Miniport;C:\Windows\system32\DRIVERS\odysseyIM4.sys [2004-09-24 23:36] S3 RTL85n86;Belkin Wireless G Notebook Card Service v8;C:\Windows\system32\DRIVERS\RTL85n86.sys [2007-03-12 17:49] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] bthsvcs REG_MULTI_SZ BthServ [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a58094c4-5000-11dc-b82a-001a7036ebf4}] \shell\AutoRun\command - K:\autorun.exe . ************************************************************************** catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-04-07 19:04:59 Windows 6.0.6000 NTFS scannen van verborgen processen ... scannen van verborgen autostart items ... scannen van verborgen bestanden ... Scan succesvol afgerond verborgen bestanden: 0 ************************************************************************** . ------------------------ Other Running Processes ------------------------ . c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe C:\PROGRA~1\Grisoft\AVG7\avgemc.exe C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe C:\Windows\system32\PnkBstrA.exe C:\Windows\system32\WUDFHost.exe C:\Windows\system32\conime.exe C:\Windows\System32\rundll32.exe C:\Windows\System32\rundll32.exe C:\Program Files\Grisoft\AVG7\avgcc.exe C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe C:\Windows\ehome\ehmsas.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Windows\system32\DllHost.exe . ************************************************************************** . Voltooingstijd: 2008-04-07 19:07:07 - machine was rebooted ComboFix-quarantined-files.txt 2008-04-07 17:07:02 Kan het bericht voor berichtnummer 0x2379 niet vinden in berichtenbestand voor Application. Kan het bericht voor berichtnummer 0x2379 niet vinden in berichtenbestand voor Application. . 2008-04-06 09:41:17 --- E O F --- het log bestand van hijack ging niet zo als gewenst. hij gaf een fout melding, mischien kunt u met de bovenstaande gegevens genoeg. met vriendelijke groet bart
  8. bart
    toen ik op msn zat vandaag keeg ik allmaal berichten : hey, is this really you :S .... en dan een link van een site. hier heb ik de uitslagen van hijackthis; Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 20:14:16, on 6-4-2008 Platform: Windows Vista (WinNT 6.00.1904) MSIE: Internet Explorer v7.00 (7.00.6000.16609) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\system32\taskeng.exe C:\Windows\Explorer.EXE C:\Program Files\Windows Defender\MSASCui.exe C:\Windows\RtHDVCpl.exe C:\Windows\System32\rundll32.exe C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe C:\Windows\System32\rundll32.exe C:\Program Files\Grisoft\AVG7\avgcc.exe C:\Windows\System32\LVCOMSX.EXE C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe C:\Windows\ehome\ehtray.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Windows\ehome\ehmsas.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\Program Files\Windows Media Player\wmplayer.exe C:\Program Files\Xfire\xfire.exe C:\Program Files\Xfire\xfire.exe C:\Program Files\Internet Explorer\ieuser.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Windows\system32\Macromed\Flash\FlashUtil9e.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ::1 localhost O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {68FE9A58-5DE4-4128-9BBE-40891FFAA88A} - C:\Windows\system32\yayxyxVP.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\Windows\JM\JMInsIDE.exe O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" O4 - HKLM\..\Run: [LVCOMSX] C:\Windows\system32\LVCOMSX.EXE O4 - HKLM\..\Run: [Windows live Messenger] msn.com O4 - HKLM\..\Run: [MSServer] rundll32.exe C:\Windows\system32\vtUlKCsS.dll,#1 O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9 O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKCU\..\Run: [MSServer] rundll32.exe C:\Users\guildman\AppData\Local\Temp\iifebARJ.dll,#1 O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEEM') O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user') O4 - Global Startup: Adobe Reader Snelle start.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL O13 - Gopher Prefix: O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O20 - Winlogon Notify: avgwlntf - C:\Windows\SYSTEM32\avgwlntf.dll O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe O23 - Service: AVG7 Resident Shield Service (AvgCoreSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe -- End of file - 6875 bytes zou iemand mij kunnen helpen met dit probleem? met vriendelijke groet, bart
Logo

OVER ONS

PC Helpforum helpt GRATIS computergebruikers sinds juli 2006. Ons team geeft via het forum professioneel antwoord op uw vragen en probeert uw pc problemen zo snel mogelijk op te lossen. Word lid vandaag, plaats je vraag online en het PC Helpforum-team helpt u graag verder!

SITEMAP

×
×
  • Nieuwe aanmaken...

Belangrijke informatie

We hebben cookies geplaatst op je toestel om deze website voor jou beter te kunnen maken. Je kunt de cookie instellingen aanpassen, anders gaan we er van uit dat het goed is om verder te gaan.