bart

het is nog steeds alles behalve goed, als ik opstart krijg ik weer dat ding van: C:windows/msn.com ofzo en daarna steeds van THREAT DETACTED enzo...

***** virussen.

Malwarebytes' Anti-Malware 1.10

Database versie: 598

Scan type: Snelle Scan

Objecten gescand: 29598

Verstreken tijd: 2 minute(s), 54 second(s)

Geheugenprocessen geïnfecteerd: 0

Geheugenmodulen geïnfecteerd: 0

Registersleutels geïnfecteerd: 1

Registerwaarden geïnfecteerd: 0

Registerdata bestanden geïnfecteerd: 0

Mappen geïnfecteerd: 0

Bestanden geïnfecteerd: 0

Geheugenprocessen geïnfecteerd:

(Geen kwaadaardige items gevonden)

Geheugenmodulen geïnfecteerd:

(Geen kwaadaardige items gevonden)

Registersleutels geïnfecteerd:

HKEY_CLASSES_ROOT\Typelib\{d761645b-6b20-4698-aee8-729981152a82} (Rogue.PCSecureSystem) -> Quarantined and deleted successfully.

Registerwaarden geïnfecteerd:

(Geen kwaadaardige items gevonden)

Registerdata bestanden geïnfecteerd:

(Geen kwaadaardige items gevonden)

Mappen geïnfecteerd:

(Geen kwaadaardige items gevonden)

Bestanden geïnfecteerd:

(Geen kwaadaardige items gevonden)

hij vroeg niet of ik hem opnieuw op wilde starten enzo, ook dat msn.com ding heb ik nergens kunnen vinden dus ik denk dat die al weg is.

en ziet het er al beter uit ?

ComboFix 08-04-06.1 - guildman 2008-04-07 21:39:18.3 - NTFSx86

Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1043.18.1284 [GMT 2:00]

Gestart vanuit: C:\Users\guildman\Desktop\combofix\combofix.exe

.

(((((((((((((((((((( Bestanden Gemaakt van 2008-03-07 to 2008-04-07 ))))))))))))))))))))))))))))))

.

Geen nieuwe bestanden aangemaakt in deze periode

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-04-07 19:40 --------- d-----w C:\Users\guildman\AppData\Roaming\uTorrent

2008-04-07 16:47 --------- d-----w C:\Users\guildman\AppData\Roaming\AVG7

2008-04-06 18:12 --------- d-----w C:\Program Files\Trend Micro

2008-04-06 17:00 --------- d-----w C:\Users\guildman\AppData\Roaming\Xfire

2008-04-06 17:00 --------- d-----w C:\Users\guildman\AppData\Roaming\Hamachi

2008-04-06 15:42 --------- d-----w C:\ProgramData\Xfire

2008-04-06 11:28 39,424 --sh--r C:\Windows\msn.com

2008-04-06 09:46 --------- d-----w C:\Program Files\Maxis

2008-04-04 07:50 --------- d-----w C:\Users\guildman\AppData\Roaming\vlc

2008-04-04 07:15 --------- d-----w C:\Program Files\VideoLAN

2008-04-03 17:54 --------- d-----w C:\Program Files\Common Files\Logitech

2008-04-03 17:54 --------- d-----w C:\Program Files\Common Files\logishrd

2008-03-28 08:38 --------- d--h--w C:\Program Files\InstallShield Installation Information

2008-03-28 08:38 --------- d-----w C:\Users\guildman\AppData\Roaming\InstallShield

2008-03-28 08:32 --------- d-----w C:\Program Files\Java

2008-03-27 14:18 22,328 ----a-w C:\Windows\system32\drivers\PnkBstrK.sys

2008-03-27 14:18 107,832 ----a-w C:\Windows\System32\PnkBstrB.exe

2008-03-27 12:53 --------- d-----w C:\ProgramData\Test Drive Unlimited

2008-03-26 20:58 --------- d-----w C:\ProgramData\Logishrd

2008-03-26 19:21 --------- d-----w C:\ProgramData\Logitech

2008-03-22 07:33 53,768 ----a-w C:\Windows\system32\drivers\avgwfp.sys

2008-03-22 01:06 --------- d-----w C:\ProgramData\Ubisoft

2008-03-22 00:55 --------- d-----w C:\Program Files\Ubisoft

2008-03-21 17:02 108,144 ----a-w C:\Windows\System32\CmdLineExt.dll

2008-03-21 15:26 --------- d-----w C:\Program Files\EA Games

2008-03-21 14:10 --------- d-----w C:\Program Files\Atari

2008-03-21 13:37 --------- d-----w C:\Program Files\Xfire

2008-03-20 15:39 --------- d-----w C:\Users\guildman\AppData\Roaming\Ubisoft

2008-03-17 19:56 --------- d-----w C:\Program Files\Windows Mail

2008-03-13 23:06 41,296 ----a-w C:\Windows\System32\xfcodec.dll

2008-03-12 16:39 163,644 ----a-w C:\Windows\system32\drivers\SECDRV.SYS

2008-03-12 16:33 --------- d-----w C:\Program Files\Electronic Arts

2008-03-12 13:34 --------- d-----w C:\Program Files\CCleaner

2008-02-18 14:14 --------- d-----w C:\Program Files\Hamachi

2008-02-18 14:13 25,280 ----a-w C:\Windows\system32\drivers\hamachi.sys

2008-02-17 04:10 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard

2008-02-17 04:10 --------- d-----w C:\Program Files\AGEIA Technologies

2008-02-16 22:08 66,872 ----a-w C:\Windows\System32\PnkBstrA.exe

2008-02-16 21:45 22,328 ----a-w C:\Users\guildman\AppData\Roaming\PnkBstrK.sys

2008-02-16 21:32 --------- d-----w C:\Program Files\Activision

2008-02-14 11:55 --------- d-----w C:\ProgramData\Media Center Programs

2008-02-13 16:12 194,560 ----a-w C:\Windows\System32\WebClnt.dll

2008-02-13 16:12 110,080 ----a-w C:\Windows\system32\drivers\mrxdav.sys

2008-02-13 16:10 943,800 ----a-w C:\Windows\System32\winload.exe

2008-02-13 16:09 45,112 ----a-w C:\Windows\system32\drivers\pciidex.sys

2008-02-13 16:09 3,504,696 ----a-w C:\Windows\System32\ntkrnlpa.exe

2008-02-13 16:09 3,470,392 ----a-w C:\Windows\System32\ntoskrnl.exe

2008-02-13 16:09 21,560 ----a-w C:\Windows\system32\drivers\atapi.sys

2008-02-13 16:09 17,464 ----a-w C:\Windows\system32\drivers\intelide.sys

2008-02-13 16:09 154,624 ----a-w C:\Windows\system32\drivers\nwifi.sys

2008-02-13 16:09 109,624 ----a-w C:\Windows\system32\drivers\ataport.sys

2008-02-13 16:08 803,328 ----a-w C:\Windows\system32\drivers\tcpip.sys

2008-02-13 16:08 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll

2008-02-13 16:08 449,536 ----a-w C:\Windows\AppPatch\AcSpecfc.dll

2008-02-13 16:08 4,247,552 ----a-w C:\Windows\System32\GameUXLegacyGDFs.dll

2008-02-13 16:08 24,064 ----a-w C:\Windows\System32\netcfg.exe

2008-02-13 16:08 22,016 ----a-w C:\Windows\System32\netiougc.exe

2008-02-13 16:08 216,632 ----a-w C:\Windows\system32\drivers\netio.sys

2008-02-13 16:08 2,144,256 ----a-w C:\Windows\AppPatch\AcGenral.dll

2008-02-13 16:08 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll

2008-02-13 16:08 167,424 ----a-w C:\Windows\System32\tcpipcfg.dll

2008-02-13 16:08 1,686,528 ----a-w C:\Windows\System32\gameux.dll

2008-02-13 16:06 824,832 ----a-w C:\Windows\System32\wininet.dll

2008-02-13 16:06 56,320 ----a-w C:\Windows\System32\iesetup.dll

2008-02-13 16:06 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll

2008-02-13 16:06 26,624 ----a-w C:\Windows\System32\ieUnatt.exe

2008-01-30 21:51 1,957,672 ----a-w C:\Windows\System32\pbsvc.exe

2008-01-10 05:50 1,244,672 ----a-w C:\Windows\System32\mcmde.dll

2008-01-09 02:01 11,776 ----a-w C:\Windows\System32\sbunattend.exe

2007-09-01 08:17 174 --sha-w C:\Program Files\desktop.ini

.

((((((((((((((((((((((((((((( snapshot@2008-04-07_19.06.27.13 )))))))))))))))))))))))))))))))))))))))))

.

- 2008-04-07 17:03:48 67,584 --s-a-w C:\Windows\bootstat.dat

+ 2008-04-07 18:09:09 67,584 --s-a-w C:\Windows\bootstat.dat

+ 2005-10-20 18:02:28 163,328 ----a-w C:\Windows\erdnt\subs\ERDNT.EXE

- 2008-04-07 17:05:00 262,144 ----a-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\usrclass.dat

+ 2008-04-07 19:24:14 262,144 ----a-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\usrclass.dat

- 2008-04-07 17:04:54 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT

+ 2008-04-07 18:10:15 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT

+ 2008-04-07 18:10:15 262,144 ---ha-w C:\Windows\ServiceProfiles\LocalService\ntuser.dat.LOG1

- 2008-04-07 17:04:58 262,144 ----a-w C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\usrclass.dat

+ 2008-04-07 19:39:21 262,144 ----a-w C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\usrclass.dat

- 2008-04-07 17:04:54 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT

+ 2008-04-07 19:38:01 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT

+ 2008-04-07 19:38:01 262,144 ---ha-w C:\Windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1

- 2008-04-07 16:58:14 262,144 ----a-w C:\Windows\System32\config\systemprofile\ntuser.dat

+ 2008-04-07 19:39:17 262,144 ----a-w C:\Windows\System32\config\systemprofile\ntuser.dat

- 2008-04-07 16:52:15 108,260 ----a-w C:\Windows\System32\perfc009.dat

+ 2008-04-07 18:14:17 108,260 ----a-w C:\Windows\System32\perfc009.dat

- 2008-04-07 16:52:15 128,256 ----a-w C:\Windows\System32\perfc013.dat

+ 2008-04-07 18:14:17 128,256 ----a-w C:\Windows\System32\perfc013.dat

- 2008-04-07 16:52:15 621,176 ----a-w C:\Windows\System32\perfh009.dat

+ 2008-04-07 18:14:17 621,176 ----a-w C:\Windows\System32\perfh009.dat

- 2008-04-07 16:52:15 701,994 ----a-w C:\Windows\System32\perfh013.dat

+ 2008-04-07 18:14:17 701,994 ----a-w C:\Windows\System32\perfh013.dat

- 2008-04-07 16:49:19 9,252 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1782276545-2530281447-14400948-1001_UserData.bin

+ 2008-04-07 18:11:45 9,664 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1782276545-2530281447-14400948-1001_UserData.bin

- 2008-04-07 16:49:19 70,986 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin

+ 2008-04-07 18:11:44 71,298 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin

- 2008-04-07 16:49:18 38,790 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin

+ 2008-04-07 17:06:16 39,358 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

REGEDIT4

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 17:45 313472]

"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2007-12-09 18:35 171448]

"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 14:35 125440]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2007-08-06 16:10 1006264]

"RtHDVCpl"="RtHDVCpl.exe" [2007-04-10 16:01 4431872 C:\Windows\RtHDVCpl.exe]

"JMB36X IDE Setup"="C:\Windows\JM\JMInsIDE.exe" [2006-10-30 20:44 36864 C:\Windows\JM\JMInsIDE.exe]

"NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-07-06 13:15 86016]

"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-07-06 13:15 8466432]

"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-07-06 13:15 81920]

"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784]

"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-01-11 14:19 579072]

"NeroFilterCheck"="C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 16:57 153136]

"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-08-08 10:25 1828136]

"LVCOMSX"="C:\Windows\system32\LVCOMSX.EXE" [2005-12-09 15:32 225280]

"SBI"="C:\Users\guildman\Downloads\install_sbd_nl VIRUS SCANNER.exe" [2008-04-07 18:07 1172768]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2007-10-30 16:04 219136]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]

"{8E1BFC0E-8AD2-424D-AC8A-06038481516E}"= C:\Windows\system32\vtUlKCsS.dll [ ]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgwlntf]

avgwlntf.dll 2007-08-07 09:19 9216 C:\Windows\System32\avgwlntf.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"VIDC.I420"= lvcodec2.dll

"VIDC.XFR1"= xfcodec.dll

"msacm.lhacm"= lhacm.acm

"MSVideo8"= VfWWDM32.dll

"MSVideo"= vfwwdm32.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusDisableNotify"=dword:00000001

"AntivirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]

"{85CA479A-4F4A-4F9F-819D-E9E8E38D6CA0}"= C:\Program Files\Electronic Arts\Command & Conquer 3\RetailExe\1.0\cnc3game.dat:Command & Conquer 3 Tiberium Wars

"{3748C267-0686-4C2C-83C1-76835F020E45}"= UDP:C:\Program Files\Electronic Arts\The Battle for Middle-earth II\game.dat:The Battle for Middle-earth™ II

"{179F0B0D-787B-4566-8B9E-923D87C105D4}"= TCP:C:\Program Files\Electronic Arts\The Battle for Middle-earth II\game.dat:The Battle for Middle-earth™ II

"{8F1615E1-2389-4F72-A731-63E8B669766D}"= UDP:C:\Program Files\Electronic Arts\The Rise of the Witch-king\game.dat:The Lord of the Rings, The Rise of the Witch-king

"{10FF37FD-361C-44FA-BF39-16811D766F1A}"= TCP:C:\Program Files\Electronic Arts\The Rise of the Witch-king\game.dat:The Lord of the Rings, The Rise of the Witch-king

"TCP Query User{32869293-0DAC-462C-A829-59EDD36C7D4C}C:\\program files\\electronic arts\\command & conquer 3\\retailexe\\1.0\\cnc3game.dat"= UDP:C:\program files\electronic arts\command & conquer 3\retailexe\1.0\cnc3game.dat:Command and Conquer 3 Tiberium Wars™

"UDP Query User{6DD765EC-DA2F-4BE7-833B-0553EB6CD0BF}C:\\program files\\electronic arts\\command & conquer 3\\retailexe\\1.0\\cnc3game.dat"= TCP:C:\program files\electronic arts\command & conquer 3\retailexe\1.0\cnc3game.dat:Command and Conquer 3 Tiberium Wars™

"{065DE9A0-188F-4AE0-B5EB-D002CCBA17AE}"= UDP:C:\Program Files\Electronic Arts\The Rise of the Witch-king\game.dat:The Lord of the Rings, The Rise of the Witch-king

"{13CDB5E4-42D0-4799-9A15-A51A0F71FB64}"= TCP:C:\Program Files\Electronic Arts\The Rise of the Witch-king\game.dat:The Lord of the Rings, The Rise of the Witch-king

"TCP Query User{1442EF57-1796-44EA-A25A-10AC04BD653F}C:\\program files\\hamachi\\hamachi.exe"= UDP:C:\program files\hamachi\hamachi.exe:Hamachi Client

"UDP Query User{6E08A576-76C0-45FB-A4BD-970390D4CFD5}C:\\program files\\hamachi\\hamachi.exe"= TCP:C:\program files\hamachi\hamachi.exe:Hamachi Client

"TCP Query User{CAE9F192-B5E0-46C1-B1F3-4D8A48810023}C:\\users\\guildman\\appdata\\local\\temp\\electronicarts_patcher_000.exe"= UDP:C:\users\guildman\appdata\local\temp\electronicarts_patcher_000.exe:electronicarts_patcher_000.exe

"UDP Query User{52194791-5C0A-493B-B369-5F89512E2855}C:\\users\\guildman\\appdata\\local\\temp\\electronicarts_patcher_000.exe"= TCP:C:\users\guildman\appdata\local\temp\electronicarts_patcher_000.exe:electronicarts_patcher_000.exe

"{4D627931-2F6E-4BAE-AD9A-68ED089C7FC4}"= C:\Program Files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)

"TCP Query User{FE7F86CE-B485-43F9-993A-AF9A79367568}C:\\program files\\gamespy\\comrade\\comrade.exe"= UDP:C:\program files\gamespy\comrade\comrade.exe:Comrade

"UDP Query User{7E57F462-4649-4F46-A850-F99D3B599B42}C:\\program files\\gamespy\\comrade\\comrade.exe"= TCP:C:\program files\gamespy\comrade\comrade.exe:Comrade

"{9F6C932E-0DAA-410F-BF1C-B1299AFB46D2}"= UDP:C:\Program Files\Electronic Arts\Battlefield 2142\BF2142.exe:Battlefield 2

"{E8267A96-A928-4AD3-8B4A-6E511DB1E034}"= TCP:C:\Program Files\Electronic Arts\Battlefield 2142\BF2142.exe:Battlefield 2

"{FC7A86DD-32BE-4133-A3C2-FC268F64F3E9}"= UDP:C:\Windows\System32\PnkBstrA.exe:PnkBstrA

"{E956B76F-D336-42EC-95F3-26EB61780B19}"= TCP:C:\Windows\System32\PnkBstrA.exe:PnkBstrA

"{A9107380-EBC1-4709-9667-47EC4C28A84A}"= UDP:C:\Windows\System32\PnkBstrB.exe:PnkBstrB

"{7C1B81AD-860E-44E7-8665-14B527097911}"= TCP:C:\Windows\System32\PnkBstrB.exe:PnkBstrB

"{D0CA9787-5862-4862-B4EA-A139CA03673F}"= UDP:C:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\Crysis.exe:Crysis_32

"{5AF83993-6195-42E4-8F39-BFC02E00073C}"= TCP:C:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\Crysis.exe:Crysis_32

"{C6B999D9-DB95-4C50-9DE2-08349930CF13}"= UDP:C:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\CrysisDedicatedServer.exe:CrysisDedicatedServer_32

"{5354D629-136F-4720-91A7-C9EFB6892A05}"= TCP:C:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\CrysisDedicatedServer.exe:CrysisDedicatedServer_32

"{81AAF909-ABF6-4964-8FC9-3925AF8AB6DE}"= UDP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent

"{65A1C5CE-E140-46AD-91AB-10B72F739331}"= TCP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent

"{F0165FCF-DD28-4EC7-9B40-695A2231CE77}"= UDP:C:\Program Files\Ubisoft\THE SETTLERS - Rise of an Empire\base\bin\Settlers6.exe:THE SETTLERS - Rise of an Empire

"{7335FB89-CE03-44BD-BAE4-984428974DDB}"= TCP:C:\Program Files\Ubisoft\THE SETTLERS - Rise of an Empire\base\bin\Settlers6.exe:THE SETTLERS - Rise of an Empire

"{B1BF99A2-982A-4FE0-AE99-D468D7441E29}"= UDP:C:\Program Files\Ubisoft\Assassin's Creed\AssassinsCreed_Dx9.exe:Assassin's Creed Dx9

"{04AFF9BF-8A65-4733-BCA2-30C5FF484232}"= TCP:C:\Program Files\Ubisoft\Assassin's Creed\AssassinsCreed_Dx9.exe:Assassin's Creed Dx9

"{0480B2BE-B4E6-472B-9532-C18C9818A0A8}"= UDP:C:\Program Files\Ubisoft\Assassin's Creed\AssassinsCreed_Dx10.exe:Assassin's Creed Dx10

"{263B9FD8-A680-479D-BF4D-F3FA8B03DEA7}"= TCP:C:\Program Files\Ubisoft\Assassin's Creed\AssassinsCreed_Dx10.exe:Assassin's Creed Dx10

"{35FA6214-19D4-44E5-837A-9422209DBB40}"= UDP:C:\Program Files\Ubisoft\Assassin's Creed\AssassinsCreed_Launcher.exe:Assassin's Creed Update

"{E851150A-3E16-4358-951B-58518D241568}"= TCP:C:\Program Files\Ubisoft\Assassin's Creed\AssassinsCreed_Launcher.exe:Assassin's Creed Update

"TCP Query User{0A1C39A0-538E-4DEB-B7A4-627F7314B374}C:\\program files\\xfire\\xfire.exe"= UDP:C:\program files\xfire\xfire.exe:Xfire

"UDP Query User{321076CB-96BE-432B-8B84-6E02C9CACEB9}C:\\program files\\xfire\\xfire.exe"= TCP:C:\program files\xfire\xfire.exe:Xfire

"TCP Query User{9329639A-0BC2-4D3A-A003-CEA6422C9F97}C:\\program files\\unreal tournament 3\\binaries\\ut3.exe"= UDP:C:\program files\unreal tournament 3\binaries\ut3.exe:UT3

"UDP Query User{0A45FD69-E612-40B7-A28F-897952807A00}C:\\program files\\unreal tournament 3\\binaries\\ut3.exe"= TCP:C:\program files\unreal tournament 3\binaries\ut3.exe:UT3

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]

"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

R3 AvgWFP;AVG7 Firewall Driver x86;C:\Windows\system32\Drivers\avgwfp.sys [2008-03-22 09:33]

R3 LVPrcMon;Logitech LVPrcMon Driver;C:\Windows\system32\drivers\LVPrcMon.sys [2005-12-09 15:37]

R3 yukonwlh;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk60x86.sys [2006-11-22 09:12]

S3 FXDrv32;FXDrv32;C:\Program Files\FOXCONN\FOX LiveUpdate\FXDrv32.sys [2005-12-20 19:23]

S3 MRV6X32P;Met Vista geleverd 32-bits-stuurprogramma;C:\Windows\system32\DRIVERS\MRVW13B.sys [2006-11-02 09:30]

S3 odysseyIM4;Odyssey Network Agent Miniport;C:\Windows\system32\DRIVERS\odysseyIM4.sys [2004-09-24 23:36]

S3 RTL85n86;Belkin Wireless G Notebook Card Service v8;C:\Windows\system32\DRIVERS\RTL85n86.sys [2007-03-12 17:49]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

bthsvcs REG_MULTI_SZ BthServ

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a58094c4-5000-11dc-b82a-001a7036ebf4}]

\shell\AutoRun\command - K:\autorun.exe

.

**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-04-07 21:40:50

Windows 6.0.6000 NTFS

scannen van verborgen processen ...

scannen van verborgen autostart items ...

scannen van verborgen bestanden ...

Scan succesvol afgerond

verborgen bestanden: 0

**************************************************************************

.

Voltooingstijd: 2008-04-07 21:41:26

ComboFix-quarantined-files.txt 2008-04-07 19:41:24

ComboFix2.txt 2008-04-07 18:12:06

ComboFix3.txt 2008-04-07 17:07:08

Kan het bericht voor berichtnummer 0x2379 niet vinden in berichtenbestand voor Application.

Kan het bericht voor berichtnummer 0x2379 niet vinden in berichtenbestand voor Application.

.

2008-04-06 09:41:17 --- E O F ---

uhm ja ik heb het nu wel gewoon op mijn pc staan denk ik, ik zal er even op klikken en kijken wat het doet. ok?

ComboFix 08-04-06.1 - guildman 2008-04-07 20:04:41.2 - NTFSx86

Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1043.18.1310 [GMT 2:00]

Gestart vanuit: C:\Users\guildman\Desktop\combofix\combofix.exe

.

(((((((((((((((((((( Bestanden Gemaakt van 2008-03-07 to 2008-04-07 ))))))))))))))))))))))))))))))

.

Geen nieuwe bestanden aangemaakt in deze periode

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-04-07 16:47 --------- d-----w C:\Users\guildman\AppData\Roaming\AVG7

2008-04-06 20:27 --------- d-----w C:\Users\guildman\AppData\Roaming\uTorrent

2008-04-06 18:12 --------- d-----w C:\Program Files\Trend Micro

2008-04-06 17:00 --------- d-----w C:\Users\guildman\AppData\Roaming\Xfire

2008-04-06 17:00 --------- d-----w C:\Users\guildman\AppData\Roaming\Hamachi

2008-04-06 15:42 --------- d-----w C:\ProgramData\Xfire

2008-04-06 11:28 39,424 --sh--r C:\Windows\msn.com

2008-04-06 09:46 --------- d-----w C:\Program Files\Maxis

2008-04-04 07:50 --------- d-----w C:\Users\guildman\AppData\Roaming\vlc

2008-04-04 07:15 --------- d-----w C:\Program Files\VideoLAN

2008-04-03 17:54 --------- d-----w C:\Program Files\Common Files\Logitech

2008-04-03 17:54 --------- d-----w C:\Program Files\Common Files\logishrd

2008-03-28 08:38 --------- d--h--w C:\Program Files\InstallShield Installation Information

2008-03-28 08:38 --------- d-----w C:\Users\guildman\AppData\Roaming\InstallShield

2008-03-28 08:32 --------- d-----w C:\Program Files\Java

2008-03-27 14:18 22,328 ----a-w C:\Windows\system32\drivers\PnkBstrK.sys

2008-03-27 12:53 --------- d-----w C:\ProgramData\Test Drive Unlimited

2008-03-26 20:58 --------- d-----w C:\ProgramData\Logishrd

2008-03-26 19:21 --------- d-----w C:\ProgramData\Logitech

2008-03-22 07:33 53,768 ----a-w C:\Windows\system32\drivers\avgwfp.sys

2008-03-22 01:06 --------- d-----w C:\ProgramData\Ubisoft

2008-03-22 00:55 --------- d-----w C:\Program Files\Ubisoft

2008-03-21 15:26 --------- d-----w C:\Program Files\EA Games

2008-03-21 14:10 --------- d-----w C:\Program Files\Atari

2008-03-21 13:37 --------- d-----w C:\Program Files\Xfire

2008-03-20 15:39 --------- d-----w C:\Users\guildman\AppData\Roaming\Ubisoft

2008-03-17 19:56 --------- d-----w C:\Program Files\Windows Mail

2008-03-12 16:39 163,644 ----a-w C:\Windows\system32\drivers\SECDRV.SYS

2008-03-12 16:33 --------- d-----w C:\Program Files\Electronic Arts

2008-03-12 13:34 --------- d-----w C:\Program Files\CCleaner

2008-02-18 14:14 --------- d-----w C:\Program Files\Hamachi

2008-02-18 14:13 25,280 ----a-w C:\Windows\system32\drivers\hamachi.sys

2008-02-17 04:30 --------- d-----w C:\Users\guildman\AppData\Roaming\InstallShield Installation Information

2008-02-17 04:11 --------- d-----w C:\Program Files\Unreal Tournament 3

2008-02-17 04:10 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard

2008-02-17 04:10 --------- d-----w C:\Program Files\AGEIA Technologies

2008-02-16 21:45 22,328 ----a-w C:\Users\guildman\AppData\Roaming\PnkBstrK.sys

2008-02-16 21:32 --------- d-----w C:\Program Files\Activision

2008-02-14 11:55 --------- d-----w C:\ProgramData\Media Center Programs

2008-02-13 16:12 110,080 ----a-w C:\Windows\system32\drivers\mrxdav.sys

2008-02-13 16:11 495,160 ----a-w C:\Windows\system32\drivers\Wdf01000.sys

2008-02-13 16:11 35,384 ----a-w C:\Windows\system32\drivers\WdfLdr.sys

2008-02-13 16:10 54,784 ----a-w C:\Windows\system32\drivers\i8042prt.sys

2008-02-13 16:10 35,384 ----a-w C:\Windows\system32\drivers\kbdclass.sys

2008-02-13 16:10 34,360 ----a-w C:\Windows\system32\drivers\mouclass.sys

2008-02-13 16:10 19,968 ----a-w C:\Windows\system32\drivers\sermouse.sys

2008-02-13 16:10 15,872 ----a-w C:\Windows\system32\drivers\mouhid.sys

2008-02-13 16:10 15,872 ----a-w C:\Windows\system32\drivers\kbdhid.sys

2008-02-13 16:09 45,112 ----a-w C:\Windows\system32\drivers\pciidex.sys

2008-02-13 16:09 21,560 ----a-w C:\Windows\system32\drivers\atapi.sys

2008-02-13 16:09 17,464 ----a-w C:\Windows\system32\drivers\intelide.sys

2008-02-13 16:09 154,624 ----a-w C:\Windows\system32\drivers\nwifi.sys

2008-02-13 16:09 109,624 ----a-w C:\Windows\system32\drivers\ataport.sys

2008-02-13 16:08 803,328 ----a-w C:\Windows\system32\drivers\tcpip.sys

2008-02-13 16:08 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll

2008-02-13 16:08 449,536 ----a-w C:\Windows\AppPatch\AcSpecfc.dll

2008-02-13 16:08 216,632 ----a-w C:\Windows\system32\drivers\netio.sys

2008-02-13 16:08 2,144,256 ----a-w C:\Windows\AppPatch\AcGenral.dll

2008-02-13 16:08 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll

2008-02-13 16:06 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll

2007-09-01 08:17 174 --sha-w C:\Program Files\desktop.ini

.

((((((((((((((((((((((((((((( snapshot@2008-04-07_19.06.27.13 )))))))))))))))))))))))))))))))))))))))))

.

- 2008-04-07 17:03:48 67,584 --s-a-w C:\Windows\bootstat.dat

+ 2008-04-07 18:09:09 67,584 --s-a-w C:\Windows\bootstat.dat

+ 2005-10-20 18:02:28 163,328 ----a-w C:\Windows\erdnt\subs\ERDNT.EXE

- 2008-04-07 17:05:00 262,144 ----a-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\usrclass.dat

+ 2008-04-07 18:10:26 262,144 ----a-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\usrclass.dat

- 2008-04-07 17:04:54 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT

+ 2008-04-07 18:10:15 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT

+ 2008-04-07 18:10:15 262,144 ---ha-w C:\Windows\ServiceProfiles\LocalService\ntuser.dat.LOG1

- 2008-04-07 17:04:58 262,144 ----a-w C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\usrclass.dat

+ 2008-04-07 18:10:25 262,144 ----a-w C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\usrclass.dat

- 2008-04-07 17:04:54 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT

+ 2008-04-07 18:10:15 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT

+ 2008-04-07 18:10:15 262,144 ---ha-w C:\Windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1

- 2008-04-07 16:52:15 108,260 ----a-w C:\Windows\System32\perfc009.dat

+ 2008-04-07 17:43:49 108,260 ----a-w C:\Windows\System32\perfc009.dat

- 2008-04-07 16:52:15 128,256 ----a-w C:\Windows\System32\perfc013.dat

+ 2008-04-07 17:43:49 128,256 ----a-w C:\Windows\System32\perfc013.dat

- 2008-04-07 16:52:15 621,176 ----a-w C:\Windows\System32\perfh009.dat

+ 2008-04-07 17:43:49 621,176 ----a-w C:\Windows\System32\perfh009.dat

- 2008-04-07 16:52:15 701,994 ----a-w C:\Windows\System32\perfh013.dat

+ 2008-04-07 17:43:49 701,994 ----a-w C:\Windows\System32\perfh013.dat

- 2008-04-07 16:49:19 9,252 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1782276545-2530281447-14400948-1001_UserData.bin

+ 2008-04-07 17:06:20 9,498 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1782276545-2530281447-14400948-1001_UserData.bin

- 2008-04-07 16:49:19 70,986 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin

+ 2008-04-07 17:06:20 71,204 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin

- 2008-04-07 16:49:18 38,790 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin

+ 2008-04-07 17:06:16 39,358 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

REGEDIT4

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 17:45 313472]

"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2007-12-09 18:35 171448]

"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 14:35 125440]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2007-08-06 16:10 1006264]

"RtHDVCpl"="RtHDVCpl.exe" [2007-04-10 16:01 4431872 C:\Windows\RtHDVCpl.exe]

"JMB36X IDE Setup"="C:\Windows\JM\JMInsIDE.exe" [2006-10-30 20:44 36864]

"NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-07-06 13:15 86016]

"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-07-06 13:15 8466432]

"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-07-06 13:15 81920]

"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784 C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe]

"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-01-11 14:19 579072]

"NeroFilterCheck"="C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 16:57 153136]

"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-08-08 10:25 1828136]

"LVCOMSX"="C:\Windows\system32\LVCOMSX.EXE" [2005-12-09 15:32 225280]

"Windows live Messenger"="msn.com" [2008-04-06 13:28 39424 C:\Windows\msn.com]

"SBI"="C:\Users\guildman\Downloads\install_sbd_nl VIRUS SCANNER.exe" [2008-04-07 18:07 1172768]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2007-10-30 16:04 219136]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]

"{8E1BFC0E-8AD2-424D-AC8A-06038481516E}"= C:\Windows\system32\vtUlKCsS.dll [ ]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgwlntf]

avgwlntf.dll 2007-08-07 09:19 9216 C:\Windows\System32\avgwlntf.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"VIDC.I420"= lvcodec2.dll

"VIDC.XFR1"= xfcodec.dll

"msacm.lhacm"= lhacm.acm

"MSVideo8"= VfWWDM32.dll

"MSVideo"= vfwwdm32.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusDisableNotify"=dword:00000001

"AntivirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]

"{85CA479A-4F4A-4F9F-819D-E9E8E38D6CA0}"= C:\Program Files\Electronic Arts\Command & Conquer 3\RetailExe\1.0\cnc3game.dat:Command & Conquer 3 Tiberium Wars

"{3748C267-0686-4C2C-83C1-76835F020E45}"= UDP:C:\Program Files\Electronic Arts\The Battle for Middle-earth II\game.dat:The Battle for Middle-earth™ II

"{179F0B0D-787B-4566-8B9E-923D87C105D4}"= TCP:C:\Program Files\Electronic Arts\The Battle for Middle-earth II\game.dat:The Battle for Middle-earth™ II

"{8F1615E1-2389-4F72-A731-63E8B669766D}"= UDP:C:\Program Files\Electronic Arts\The Rise of the Witch-king\game.dat:The Lord of the Rings, The Rise of the Witch-king

"{10FF37FD-361C-44FA-BF39-16811D766F1A}"= TCP:C:\Program Files\Electronic Arts\The Rise of the Witch-king\game.dat:The Lord of the Rings, The Rise of the Witch-king

"TCP Query User{32869293-0DAC-462C-A829-59EDD36C7D4C}C:\\program files\\electronic arts\\command & conquer 3\\retailexe\\1.0\\cnc3game.dat"= UDP:C:\program files\electronic arts\command & conquer 3\retailexe\1.0\cnc3game.dat:Command and Conquer 3 Tiberium Wars™

"UDP Query User{6DD765EC-DA2F-4BE7-833B-0553EB6CD0BF}C:\\program files\\electronic arts\\command & conquer 3\\retailexe\\1.0\\cnc3game.dat"= TCP:C:\program files\electronic arts\command & conquer 3\retailexe\1.0\cnc3game.dat:Command and Conquer 3 Tiberium Wars™

"{065DE9A0-188F-4AE0-B5EB-D002CCBA17AE}"= UDP:C:\Program Files\Electronic Arts\The Rise of the Witch-king\game.dat:The Lord of the Rings, The Rise of the Witch-king

"{13CDB5E4-42D0-4799-9A15-A51A0F71FB64}"= TCP:C:\Program Files\Electronic Arts\The Rise of the Witch-king\game.dat:The Lord of the Rings, The Rise of the Witch-king

"TCP Query User{1442EF57-1796-44EA-A25A-10AC04BD653F}C:\\program files\\hamachi\\hamachi.exe"= UDP:C:\program files\hamachi\hamachi.exe:Hamachi Client

"UDP Query User{6E08A576-76C0-45FB-A4BD-970390D4CFD5}C:\\program files\\hamachi\\hamachi.exe"= TCP:C:\program files\hamachi\hamachi.exe:Hamachi Client

"TCP Query User{CAE9F192-B5E0-46C1-B1F3-4D8A48810023}C:\\users\\guildman\\appdata\\local\\temp\\electronicarts_patcher_000.exe"= UDP:C:\users\guildman\appdata\local\temp\electronicarts_patcher_000.exe:electronicarts_patcher_000.exe

"UDP Query User{52194791-5C0A-493B-B369-5F89512E2855}C:\\users\\guildman\\appdata\\local\\temp\\electronicarts_patcher_000.exe"= TCP:C:\users\guildman\appdata\local\temp\electronicarts_patcher_000.exe:electronicarts_patcher_000.exe

"{4D627931-2F6E-4BAE-AD9A-68ED089C7FC4}"= C:\Program Files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)

"TCP Query User{FE7F86CE-B485-43F9-993A-AF9A79367568}C:\\program files\\gamespy\\comrade\\comrade.exe"= UDP:C:\program files\gamespy\comrade\comrade.exe:Comrade

"UDP Query User{7E57F462-4649-4F46-A850-F99D3B599B42}C:\\program files\\gamespy\\comrade\\comrade.exe"= TCP:C:\program files\gamespy\comrade\comrade.exe:Comrade

"{9F6C932E-0DAA-410F-BF1C-B1299AFB46D2}"= UDP:C:\Program Files\Electronic Arts\Battlefield 2142\BF2142.exe:Battlefield 2

"{E8267A96-A928-4AD3-8B4A-6E511DB1E034}"= TCP:C:\Program Files\Electronic Arts\Battlefield 2142\BF2142.exe:Battlefield 2

"{FC7A86DD-32BE-4133-A3C2-FC268F64F3E9}"= UDP:C:\Windows\System32\PnkBstrA.exe:PnkBstrA

"{E956B76F-D336-42EC-95F3-26EB61780B19}"= TCP:C:\Windows\System32\PnkBstrA.exe:PnkBstrA

"{A9107380-EBC1-4709-9667-47EC4C28A84A}"= UDP:C:\Windows\System32\PnkBstrB.exe:PnkBstrB

"{7C1B81AD-860E-44E7-8665-14B527097911}"= TCP:C:\Windows\System32\PnkBstrB.exe:PnkBstrB

"{D0CA9787-5862-4862-B4EA-A139CA03673F}"= UDP:C:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\Crysis.exe:Crysis_32

"{5AF83993-6195-42E4-8F39-BFC02E00073C}"= TCP:C:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\Crysis.exe:Crysis_32

"{C6B999D9-DB95-4C50-9DE2-08349930CF13}"= UDP:C:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\CrysisDedicatedServer.exe:CrysisDedicatedServer_32

"{5354D629-136F-4720-91A7-C9EFB6892A05}"= TCP:C:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\CrysisDedicatedServer.exe:CrysisDedicatedServer_32

"{81AAF909-ABF6-4964-8FC9-3925AF8AB6DE}"= UDP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent

"{65A1C5CE-E140-46AD-91AB-10B72F739331}"= TCP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent

"{F0165FCF-DD28-4EC7-9B40-695A2231CE77}"= UDP:C:\Program Files\Ubisoft\THE SETTLERS - Rise of an Empire\base\bin\Settlers6.exe:THE SETTLERS - Rise of an Empire

"{7335FB89-CE03-44BD-BAE4-984428974DDB}"= TCP:C:\Program Files\Ubisoft\THE SETTLERS - Rise of an Empire\base\bin\Settlers6.exe:THE SETTLERS - Rise of an Empire

"{84E14DBE-4249-466C-BA04-69BB18B70C02}"= UDP:C:\Program Files\Unreal Tournament 3\Binaries\UT3.exe:Unreal Tournament 3

"{F992460F-79E7-4A16-BF5E-CD5F2BDE515E}"= TCP:C:\Program Files\Unreal Tournament 3\Binaries\UT3.exe:Unreal Tournament 3

"{B1BF99A2-982A-4FE0-AE99-D468D7441E29}"= UDP:C:\Program Files\Ubisoft\Assassin's Creed\AssassinsCreed_Dx9.exe:Assassin's Creed Dx9

"{04AFF9BF-8A65-4733-BCA2-30C5FF484232}"= TCP:C:\Program Files\Ubisoft\Assassin's Creed\AssassinsCreed_Dx9.exe:Assassin's Creed Dx9

"{0480B2BE-B4E6-472B-9532-C18C9818A0A8}"= UDP:C:\Program Files\Ubisoft\Assassin's Creed\AssassinsCreed_Dx10.exe:Assassin's Creed Dx10

"{263B9FD8-A680-479D-BF4D-F3FA8B03DEA7}"= TCP:C:\Program Files\Ubisoft\Assassin's Creed\AssassinsCreed_Dx10.exe:Assassin's Creed Dx10

"{35FA6214-19D4-44E5-837A-9422209DBB40}"= UDP:C:\Program Files\Ubisoft\Assassin's Creed\AssassinsCreed_Launcher.exe:Assassin's Creed Update

"{E851150A-3E16-4358-951B-58518D241568}"= TCP:C:\Program Files\Ubisoft\Assassin's Creed\AssassinsCreed_Launcher.exe:Assassin's Creed Update

"TCP Query User{0A1C39A0-538E-4DEB-B7A4-627F7314B374}C:\\program files\\xfire\\xfire.exe"= UDP:C:\program files\xfire\xfire.exe:Xfire

"UDP Query User{321076CB-96BE-432B-8B84-6E02C9CACEB9}C:\\program files\\xfire\\xfire.exe"= TCP:C:\program files\xfire\xfire.exe:Xfire

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]

"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

R3 AvgWFP;AVG7 Firewall Driver x86;C:\Windows\system32\Drivers\avgwfp.sys [2008-03-22 09:33]

R3 LVPrcMon;Logitech LVPrcMon Driver;C:\Windows\system32\drivers\LVPrcMon.sys [2005-12-09 15:37]

R3 yukonwlh;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk60x86.sys [2006-11-22 09:12]

S3 FXDrv32;FXDrv32;C:\Program Files\FOXCONN\FOX LiveUpdate\FXDrv32.sys [2005-12-20 19:23]

S3 MRV6X32P;Met Vista geleverd 32-bits-stuurprogramma;C:\Windows\system32\DRIVERS\MRVW13B.sys [2006-11-02 09:30]

S3 odysseyIM4;Odyssey Network Agent Miniport;C:\Windows\system32\DRIVERS\odysseyIM4.sys [2004-09-24 23:36]

S3 RTL85n86;Belkin Wireless G Notebook Card Service v8;C:\Windows\system32\DRIVERS\RTL85n86.sys [2007-03-12 17:49]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

bthsvcs REG_MULTI_SZ BthServ

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a58094c4-5000-11dc-b82a-001a7036ebf4}]

\shell\AutoRun\command - K:\autorun.exe

.

**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-04-07 20:10:24

Windows 6.0.6000 NTFS

scannen van verborgen processen ...

scannen van verborgen autostart items ...

scannen van verborgen bestanden ...

Scan succesvol afgerond

verborgen bestanden: 0

**************************************************************************

.

------------------------ Other Running Processes ------------------------

.

c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe

C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe

C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe

C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe

C:\PROGRA~1\Grisoft\AVG7\avgemc.exe

C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe

C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe

C:\Windows\system32\PnkBstrA.exe

C:\Windows\system32\WUDFHost.exe

C:\Windows\system32\conime.exe

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe

C:\Program Files\Grisoft\AVG7\avgcc.exe

C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

C:\Windows\ehome\ehmsas.exe

C:\Windows\system32\DllHost.exe

.

**************************************************************************

.

Voltooingstijd: 2008-04-07 20:12:05 - machine was rebooted

ComboFix-quarantined-files.txt 2008-04-07 18:12:02

ComboFix2.txt 2008-04-07 17:07:08

Kan het bericht voor berichtnummer 0x2379 niet vinden in berichtenbestand voor Application.

Kan het bericht voor berichtnummer 0x2379 niet vinden in berichtenbestand voor Application.

.

2008-04-06 09:41:17 --- E O F ---

hier heb ik weer een log van combofix,

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 20:18:48, on 7-4-2008

Platform: Windows Vista (WinNT 6.00.1904)

MSIE: Internet Explorer v7.00 (7.00.6000.16609)

Boot mode: Normal

Running processes:

C:\Windows\system32\Dwm.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\conime.exe

C:\Program Files\Windows Defender\MSASCui.exe

C:\Windows\RtHDVCpl.exe

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe

C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe

C:\Program Files\Grisoft\AVG7\avgcc.exe

C:\Windows\System32\LVCOMSX.EXE

C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

C:\Windows\ehome\ehtray.exe

C:\Windows\ehome\ehmsas.exe

C:\Windows\Explorer.exe

C:\Windows\system32\notepad.exe

C:\Program Files\Internet Explorer\ieuser.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll

O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe

O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\Windows\JM\JMInsIDE.exe

O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"

O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"

O4 - HKLM\..\Run: [LVCOMSX] C:\Windows\system32\LVCOMSX.EXE

O4 - HKLM\..\Run: [sBI] C:\Users\guildman\Downloads\install_sbd_nl VIRUS SCANNER.exe

O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEEM')

O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')

O4 - Global Startup: Adobe Reader Snelle start.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL

O13 - Gopher Prefix:

O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O20 - Winlogon Notify: avgwlntf - C:\Windows\SYSTEM32\avgwlntf.dll

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe

O23 - Service: AVG7 Resident Shield Service (AvgCoreSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe

O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe

O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe

O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe

--

End of file - 6029 bytes

en hier de log van hijack this, ik hoop dat het de juiste informatie is.

gr bart

dit is de log van combo fix.

ComboFix 08-04-06.1 - guildman 2008-04-07 18:58:24.1 - NTFSx86

Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1043.18.1284 [GMT 2:00]

Gestart vanuit: C:\Users\guildman\Downloads\ComboFix.exe

* Nieuw herstelpunt werd aangemaakt

.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\Windows\system32\awtsSihI.dll

C:\Windows\system32\ddcYpoOi.dll

C:\Windows\system32\fccaXPgF.dll

C:\Windows\system32\nnnlmJYS.dll

C:\Windows\system32\pmnmklLf.dll

C:\Windows\System32\PVxyxyay.ini

C:\Windows\System32\PVxyxyay.ini2

C:\Windows\system32\swsystem.dll

C:\Windows\system32\vtUlKCsS.dll

C:\Windows\system32\xxywVmnL.dll

C:\Windows\system32\yayaXPhF.dll

C:\Windows\system32\yayxyxVP.dll

.

(((((((((((((((((((( Bestanden Gemaakt van 2008-03-07 to 2008-04-07 ))))))))))))))))))))))))))))))

.

Geen nieuwe bestanden aangemaakt in deze periode

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-04-07 16:47 --------- d-----w C:\Users\guildman\AppData\Roaming\AVG7

2008-04-06 20:27 --------- d-----w C:\Users\guildman\AppData\Roaming\uTorrent

2008-04-06 18:12 --------- d-----w C:\Program Files\Trend Micro

2008-04-06 17:00 --------- d-----w C:\Users\guildman\AppData\Roaming\Xfire

2008-04-06 17:00 --------- d-----w C:\Users\guildman\AppData\Roaming\Hamachi

2008-04-06 15:42 --------- d-----w C:\ProgramData\Xfire

2008-04-06 11:28 39,424 --sh--r C:\Windows\msn.com

2008-04-06 09:46 --------- d-----w C:\Program Files\Maxis

2008-04-04 07:50 --------- d-----w C:\Users\guildman\AppData\Roaming\vlc

2008-04-04 07:15 --------- d-----w C:\Program Files\VideoLAN

2008-04-03 17:54 --------- d-----w C:\Program Files\Common Files\Logitech

2008-04-03 17:54 --------- d-----w C:\Program Files\Common Files\logishrd

2008-03-28 08:38 --------- d--h--w C:\Program Files\InstallShield Installation Information

2008-03-28 08:38 --------- d-----w C:\Users\guildman\AppData\Roaming\InstallShield

2008-03-28 08:32 --------- d-----w C:\Program Files\Java

2008-03-27 14:18 22,328 ----a-w C:\Windows\system32\drivers\PnkBstrK.sys

2008-03-27 12:53 --------- d-----w C:\ProgramData\Test Drive Unlimited

2008-03-26 20:58 --------- d-----w C:\ProgramData\Logishrd

2008-03-26 19:21 --------- d-----w C:\ProgramData\Logitech

2008-03-22 07:33 53,768 ----a-w C:\Windows\system32\drivers\avgwfp.sys

2008-03-22 01:06 --------- d-----w C:\ProgramData\Ubisoft

2008-03-22 00:55 --------- d-----w C:\Program Files\Ubisoft

2008-03-21 15:26 --------- d-----w C:\Program Files\EA Games

2008-03-21 14:10 --------- d-----w C:\Program Files\Atari

2008-03-21 13:37 --------- d-----w C:\Program Files\Xfire

2008-03-20 15:39 --------- d-----w C:\Users\guildman\AppData\Roaming\Ubisoft

2008-03-17 19:56 --------- d-----w C:\Program Files\Windows Mail

2008-03-12 16:39 163,644 ----a-w C:\Windows\system32\drivers\SECDRV.SYS

2008-03-12 16:33 --------- d-----w C:\Program Files\Electronic Arts

2008-03-12 13:34 --------- d-----w C:\Program Files\CCleaner

2008-02-18 14:14 --------- d-----w C:\Program Files\Hamachi

2008-02-18 14:13 25,280 ----a-w C:\Windows\system32\drivers\hamachi.sys

2008-02-17 04:30 --------- d-----w C:\Users\guildman\AppData\Roaming\InstallShield Installation Information

2008-02-17 04:11 --------- d-----w C:\Program Files\Unreal Tournament 3

2008-02-17 04:10 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard

2008-02-17 04:10 --------- d-----w C:\Program Files\AGEIA Technologies

2008-02-16 21:45 22,328 ----a-w C:\Users\guildman\AppData\Roaming\PnkBstrK.sys

2008-02-16 21:32 --------- d-----w C:\Program Files\Activision

2008-02-14 11:55 --------- d-----w C:\ProgramData\Media Center Programs

2008-02-13 16:12 110,080 ----a-w C:\Windows\system32\drivers\mrxdav.sys

2008-02-13 16:11 495,160 ----a-w C:\Windows\system32\drivers\Wdf01000.sys

2008-02-13 16:11 35,384 ----a-w C:\Windows\system32\drivers\WdfLdr.sys

2008-02-13 16:10 54,784 ----a-w C:\Windows\system32\drivers\i8042prt.sys

2008-02-13 16:10 35,384 ----a-w C:\Windows\system32\drivers\kbdclass.sys

2008-02-13 16:10 34,360 ----a-w C:\Windows\system32\drivers\mouclass.sys

2008-02-13 16:10 19,968 ----a-w C:\Windows\system32\drivers\sermouse.sys

2008-02-13 16:10 15,872 ----a-w C:\Windows\system32\drivers\mouhid.sys

2008-02-13 16:10 15,872 ----a-w C:\Windows\system32\drivers\kbdhid.sys

2008-02-13 16:09 45,112 ----a-w C:\Windows\system32\drivers\pciidex.sys

2008-02-13 16:09 21,560 ----a-w C:\Windows\system32\drivers\atapi.sys

2008-02-13 16:09 17,464 ----a-w C:\Windows\system32\drivers\intelide.sys

2008-02-13 16:09 154,624 ----a-w C:\Windows\system32\drivers\nwifi.sys

2008-02-13 16:09 109,624 ----a-w C:\Windows\system32\drivers\ataport.sys

2008-02-13 16:08 803,328 ----a-w C:\Windows\system32\drivers\tcpip.sys

2008-02-13 16:08 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll

2008-02-13 16:08 449,536 ----a-w C:\Windows\AppPatch\AcSpecfc.dll

2008-02-13 16:08 216,632 ----a-w C:\Windows\system32\drivers\netio.sys

2008-02-13 16:08 2,144,256 ----a-w C:\Windows\AppPatch\AcGenral.dll

2008-02-13 16:08 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll

2008-02-13 16:06 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll

2007-09-01 08:17 174 --sha-w C:\Program Files\desktop.ini

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

REGEDIT4

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 17:45 313472]

"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2007-12-09 18:35 171448]

"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 14:35 125440]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2007-08-06 16:10 1006264]

"RtHDVCpl"="RtHDVCpl.exe" [2007-04-10 16:01 4431872 C:\Windows\RtHDVCpl.exe]

"JMB36X IDE Setup"="C:\Windows\JM\JMInsIDE.exe" [2006-10-30 20:44 36864]

"NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-07-06 13:15 86016]

"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-07-06 13:15 8466432]

"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-07-06 13:15 81920]

"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784 C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe]

"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-01-11 14:19 579072]

"NeroFilterCheck"="C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 16:57 153136]

"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-08-08 10:25 1828136]

"LVCOMSX"="C:\Windows\system32\LVCOMSX.EXE" [2005-12-09 15:32 225280]

"Windows live Messenger"="msn.com" [2008-04-06 13:28 39424 C:\Windows\msn.com]

"SBI"="C:\Users\guildman\Downloads\install_sbd_nl VIRUS SCANNER.exe" [2008-04-07 18:07 1172768]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2007-10-30 16:04 219136]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]

"{8E1BFC0E-8AD2-424D-AC8A-06038481516E}"= C:\Windows\system32\vtUlKCsS.dll [ ]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgwlntf]

avgwlntf.dll 2007-08-07 09:19 9216 C:\Windows\System32\avgwlntf.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"VIDC.I420"= lvcodec2.dll

"VIDC.XFR1"= xfcodec.dll

"msacm.lhacm"= lhacm.acm

"MSVideo8"= VfWWDM32.dll

"MSVideo"= vfwwdm32.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Authentication Packages REG_MULTI_SZ msv1_0 C:\Windows\system32\yayxyxVP

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusDisableNotify"=dword:00000001

"AntivirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]

"{85CA479A-4F4A-4F9F-819D-E9E8E38D6CA0}"= C:\Program Files\Electronic Arts\Command & Conquer 3\RetailExe\1.0\cnc3game.dat:Command & Conquer 3 Tiberium Wars

"{3748C267-0686-4C2C-83C1-76835F020E45}"= UDP:C:\Program Files\Electronic Arts\The Battle for Middle-earth II\game.dat:The Battle for Middle-earth™ II

"{179F0B0D-787B-4566-8B9E-923D87C105D4}"= TCP:C:\Program Files\Electronic Arts\The Battle for Middle-earth II\game.dat:The Battle for Middle-earth™ II

"{8F1615E1-2389-4F72-A731-63E8B669766D}"= UDP:C:\Program Files\Electronic Arts\The Rise of the Witch-king\game.dat:The Lord of the Rings, The Rise of the Witch-king

"{10FF37FD-361C-44FA-BF39-16811D766F1A}"= TCP:C:\Program Files\Electronic Arts\The Rise of the Witch-king\game.dat:The Lord of the Rings, The Rise of the Witch-king

"TCP Query User{32869293-0DAC-462C-A829-59EDD36C7D4C}C:\\program files\\electronic arts\\command & conquer 3\\retailexe\\1.0\\cnc3game.dat"= UDP:C:\program files\electronic arts\command & conquer 3\retailexe\1.0\cnc3game.dat:Command and Conquer 3 Tiberium Wars™

"UDP Query User{6DD765EC-DA2F-4BE7-833B-0553EB6CD0BF}C:\\program files\\electronic arts\\command & conquer 3\\retailexe\\1.0\\cnc3game.dat"= TCP:C:\program files\electronic arts\command & conquer 3\retailexe\1.0\cnc3game.dat:Command and Conquer 3 Tiberium Wars™

"{065DE9A0-188F-4AE0-B5EB-D002CCBA17AE}"= UDP:C:\Program Files\Electronic Arts\The Rise of the Witch-king\game.dat:The Lord of the Rings, The Rise of the Witch-king

"{13CDB5E4-42D0-4799-9A15-A51A0F71FB64}"= TCP:C:\Program Files\Electronic Arts\The Rise of the Witch-king\game.dat:The Lord of the Rings, The Rise of the Witch-king

"TCP Query User{1442EF57-1796-44EA-A25A-10AC04BD653F}C:\\program files\\hamachi\\hamachi.exe"= UDP:C:\program files\hamachi\hamachi.exe:Hamachi Client

"UDP Query User{6E08A576-76C0-45FB-A4BD-970390D4CFD5}C:\\program files\\hamachi\\hamachi.exe"= TCP:C:\program files\hamachi\hamachi.exe:Hamachi Client

"TCP Query User{CAE9F192-B5E0-46C1-B1F3-4D8A48810023}C:\\users\\guildman\\appdata\\local\\temp\\electronicarts_patcher_000.exe"= UDP:C:\users\guildman\appdata\local\temp\electronicarts_patcher_000.exe:electronicarts_patcher_000.exe

"UDP Query User{52194791-5C0A-493B-B369-5F89512E2855}C:\\users\\guildman\\appdata\\local\\temp\\electronicarts_patcher_000.exe"= TCP:C:\users\guildman\appdata\local\temp\electronicarts_patcher_000.exe:electronicarts_patcher_000.exe

"{4D627931-2F6E-4BAE-AD9A-68ED089C7FC4}"= C:\Program Files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)

"TCP Query User{FE7F86CE-B485-43F9-993A-AF9A79367568}C:\\program files\\gamespy\\comrade\\comrade.exe"= UDP:C:\program files\gamespy\comrade\comrade.exe:Comrade

"UDP Query User{7E57F462-4649-4F46-A850-F99D3B599B42}C:\\program files\\gamespy\\comrade\\comrade.exe"= TCP:C:\program files\gamespy\comrade\comrade.exe:Comrade

"{9F6C932E-0DAA-410F-BF1C-B1299AFB46D2}"= UDP:C:\Program Files\Electronic Arts\Battlefield 2142\BF2142.exe:Battlefield 2

"{E8267A96-A928-4AD3-8B4A-6E511DB1E034}"= TCP:C:\Program Files\Electronic Arts\Battlefield 2142\BF2142.exe:Battlefield 2

"{FC7A86DD-32BE-4133-A3C2-FC268F64F3E9}"= UDP:C:\Windows\System32\PnkBstrA.exe:PnkBstrA

"{E956B76F-D336-42EC-95F3-26EB61780B19}"= TCP:C:\Windows\System32\PnkBstrA.exe:PnkBstrA

"{A9107380-EBC1-4709-9667-47EC4C28A84A}"= UDP:C:\Windows\System32\PnkBstrB.exe:PnkBstrB

"{7C1B81AD-860E-44E7-8665-14B527097911}"= TCP:C:\Windows\System32\PnkBstrB.exe:PnkBstrB

"{D0CA9787-5862-4862-B4EA-A139CA03673F}"= UDP:C:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\Crysis.exe:Crysis_32

"{5AF83993-6195-42E4-8F39-BFC02E00073C}"= TCP:C:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\Crysis.exe:Crysis_32

"{C6B999D9-DB95-4C50-9DE2-08349930CF13}"= UDP:C:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\CrysisDedicatedServer.exe:CrysisDedicatedServer_32

"{5354D629-136F-4720-91A7-C9EFB6892A05}"= TCP:C:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\CrysisDedicatedServer.exe:CrysisDedicatedServer_32

"{81AAF909-ABF6-4964-8FC9-3925AF8AB6DE}"= UDP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent

"{65A1C5CE-E140-46AD-91AB-10B72F739331}"= TCP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent

"{F0165FCF-DD28-4EC7-9B40-695A2231CE77}"= UDP:C:\Program Files\Ubisoft\THE SETTLERS - Rise of an Empire\base\bin\Settlers6.exe:THE SETTLERS - Rise of an Empire

"{7335FB89-CE03-44BD-BAE4-984428974DDB}"= TCP:C:\Program Files\Ubisoft\THE SETTLERS - Rise of an Empire\base\bin\Settlers6.exe:THE SETTLERS - Rise of an Empire

"{84E14DBE-4249-466C-BA04-69BB18B70C02}"= UDP:C:\Program Files\Unreal Tournament 3\Binaries\UT3.exe:Unreal Tournament 3

"{F992460F-79E7-4A16-BF5E-CD5F2BDE515E}"= TCP:C:\Program Files\Unreal Tournament 3\Binaries\UT3.exe:Unreal Tournament 3

"{B1BF99A2-982A-4FE0-AE99-D468D7441E29}"= UDP:C:\Program Files\Ubisoft\Assassin's Creed\AssassinsCreed_Dx9.exe:Assassin's Creed Dx9

"{04AFF9BF-8A65-4733-BCA2-30C5FF484232}"= TCP:C:\Program Files\Ubisoft\Assassin's Creed\AssassinsCreed_Dx9.exe:Assassin's Creed Dx9

"{0480B2BE-B4E6-472B-9532-C18C9818A0A8}"= UDP:C:\Program Files\Ubisoft\Assassin's Creed\AssassinsCreed_Dx10.exe:Assassin's Creed Dx10

"{263B9FD8-A680-479D-BF4D-F3FA8B03DEA7}"= TCP:C:\Program Files\Ubisoft\Assassin's Creed\AssassinsCreed_Dx10.exe:Assassin's Creed Dx10

"{35FA6214-19D4-44E5-837A-9422209DBB40}"= UDP:C:\Program Files\Ubisoft\Assassin's Creed\AssassinsCreed_Launcher.exe:Assassin's Creed Update

"{E851150A-3E16-4358-951B-58518D241568}"= TCP:C:\Program Files\Ubisoft\Assassin's Creed\AssassinsCreed_Launcher.exe:Assassin's Creed Update

"TCP Query User{0A1C39A0-538E-4DEB-B7A4-627F7314B374}C:\\program files\\xfire\\xfire.exe"= UDP:C:\program files\xfire\xfire.exe:Xfire

"UDP Query User{321076CB-96BE-432B-8B84-6E02C9CACEB9}C:\\program files\\xfire\\xfire.exe"= TCP:C:\program files\xfire\xfire.exe:Xfire

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]

"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

R3 AvgWFP;AVG7 Firewall Driver x86;C:\Windows\system32\Drivers\avgwfp.sys [2008-03-22 09:33]

R3 LVPrcMon;Logitech LVPrcMon Driver;C:\Windows\system32\drivers\LVPrcMon.sys [2005-12-09 15:37]

R3 yukonwlh;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk60x86.sys [2006-11-22 09:12]

S3 FXDrv32;FXDrv32;C:\Program Files\FOXCONN\FOX LiveUpdate\FXDrv32.sys [2005-12-20 19:23]

S3 MRV6X32P;Met Vista geleverd 32-bits-stuurprogramma;C:\Windows\system32\DRIVERS\MRVW13B.sys [2006-11-02 09:30]

S3 odysseyIM4;Odyssey Network Agent Miniport;C:\Windows\system32\DRIVERS\odysseyIM4.sys [2004-09-24 23:36]

S3 RTL85n86;Belkin Wireless G Notebook Card Service v8;C:\Windows\system32\DRIVERS\RTL85n86.sys [2007-03-12 17:49]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

bthsvcs REG_MULTI_SZ BthServ

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a58094c4-5000-11dc-b82a-001a7036ebf4}]

\shell\AutoRun\command - K:\autorun.exe

.

**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-04-07 19:04:59

Windows 6.0.6000 NTFS

scannen van verborgen processen ...

scannen van verborgen autostart items ...

scannen van verborgen bestanden ...

Scan succesvol afgerond

verborgen bestanden: 0

**************************************************************************

.

------------------------ Other Running Processes ------------------------

.

c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe

C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe

C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe

C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe

C:\PROGRA~1\Grisoft\AVG7\avgemc.exe

C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe

C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe

C:\Windows\system32\PnkBstrA.exe

C:\Windows\system32\WUDFHost.exe

C:\Windows\system32\conime.exe

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe

C:\Program Files\Grisoft\AVG7\avgcc.exe

C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

C:\Windows\ehome\ehmsas.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\system32\DllHost.exe

.

**************************************************************************

.

Voltooingstijd: 2008-04-07 19:07:07 - machine was rebooted

ComboFix-quarantined-files.txt 2008-04-07 17:07:02

Kan het bericht voor berichtnummer 0x2379 niet vinden in berichtenbestand voor Application.

Kan het bericht voor berichtnummer 0x2379 niet vinden in berichtenbestand voor Application.

.

2008-04-06 09:41:17 --- E O F ---

het log bestand van hijack ging niet zo als gewenst. hij gaf een fout melding, mischien kunt u met de bovenstaande gegevens genoeg.

met vriendelijke groet

bart

toen ik op msn zat vandaag keeg ik allmaal berichten : hey, is this really you :S .... en dan een link van een site.

hier heb ik de uitslagen van hijackthis;

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 20:14:16, on 6-4-2008

Platform: Windows Vista (WinNT 6.00.1904)

MSIE: Internet Explorer v7.00 (7.00.6000.16609)

Boot mode: Normal

Running processes:

C:\Windows\system32\Dwm.exe

C:\Windows\system32\taskeng.exe

C:\Windows\Explorer.EXE

C:\Program Files\Windows Defender\MSASCui.exe

C:\Windows\RtHDVCpl.exe

C:\Windows\System32\rundll32.exe

C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe

C:\Windows\System32\rundll32.exe

C:\Program Files\Grisoft\AVG7\avgcc.exe

C:\Windows\System32\LVCOMSX.EXE

C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

C:\Windows\ehome\ehtray.exe

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\Windows\ehome\ehmsas.exe

C:\Program Files\MSN Messenger\msnmsgr.exe

C:\Program Files\Windows Media Player\wmplayer.exe

C:\Program Files\Xfire\xfire.exe

C:\Program Files\Xfire\xfire.exe

C:\Program Files\Internet Explorer\ieuser.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Windows\system32\Macromed\Flash\FlashUtil9e.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O1 - Hosts: ::1 localhost

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {68FE9A58-5DE4-4128-9BBE-40891FFAA88A} - C:\Windows\system32\yayxyxVP.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll

O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe

O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\Windows\JM\JMInsIDE.exe

O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"

O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"

O4 - HKLM\..\Run: [LVCOMSX] C:\Windows\system32\LVCOMSX.EXE

O4 - HKLM\..\Run: [Windows live Messenger] msn.com

O4 - HKLM\..\Run: [MSServer] rundll32.exe C:\Windows\system32\vtUlKCsS.dll,#1

O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe

O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe

O4 - HKCU\..\Run: [MSServer] rundll32.exe C:\Users\guildman\AppData\Local\Temp\iifebARJ.dll,#1

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEEM')

O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')

O4 - Global Startup: Adobe Reader Snelle start.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL

O13 - Gopher Prefix:

O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O20 - Winlogon Notify: avgwlntf - C:\Windows\SYSTEM32\avgwlntf.dll

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe

O23 - Service: AVG7 Resident Shield Service (AvgCoreSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe

O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe

O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe

O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe

--

End of file - 6875 bytes

zou iemand mij kunnen helpen met dit probleem?

met vriendelijke groet,

bart