bart
-
Items
8 -
Registratiedatum
-
Laatst bezocht
Inhoudstype
Profielen
Forums
Store
Berichten die geplaatst zijn door bart
-
-
Malwarebytes' Anti-Malware 1.10
Database versie: 598
Scan type: Snelle Scan
Objecten gescand: 29598
Verstreken tijd: 2 minute(s), 54 second(s)
Geheugenprocessen geïnfecteerd: 0
Geheugenmodulen geïnfecteerd: 0
Registersleutels geïnfecteerd: 1
Registerwaarden geïnfecteerd: 0
Registerdata bestanden geïnfecteerd: 0
Mappen geïnfecteerd: 0
Bestanden geïnfecteerd: 0
Geheugenprocessen geïnfecteerd:
(Geen kwaadaardige items gevonden)
Geheugenmodulen geïnfecteerd:
(Geen kwaadaardige items gevonden)
Registersleutels geïnfecteerd:
HKEY_CLASSES_ROOT\Typelib\{d761645b-6b20-4698-aee8-729981152a82} (Rogue.PCSecureSystem) -> Quarantined and deleted successfully.
Registerwaarden geïnfecteerd:
(Geen kwaadaardige items gevonden)
Registerdata bestanden geïnfecteerd:
(Geen kwaadaardige items gevonden)
Mappen geïnfecteerd:
(Geen kwaadaardige items gevonden)
Bestanden geïnfecteerd:
(Geen kwaadaardige items gevonden)
hij vroeg niet of ik hem opnieuw op wilde starten enzo, ook dat msn.com ding heb ik nergens kunnen vinden dus ik denk dat die al weg is.
-
en ziet het er al beter uit ?
-
ComboFix 08-04-06.1 - guildman 2008-04-07 21:39:18.3 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1043.18.1284 [GMT 2:00]
Gestart vanuit: C:\Users\guildman\Desktop\combofix\combofix.exe
.
(((((((((((((((((((( Bestanden Gemaakt van 2008-03-07 to 2008-04-07 ))))))))))))))))))))))))))))))
.
Geen nieuwe bestanden aangemaakt in deze periode
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-07 19:40 --------- d-----w C:\Users\guildman\AppData\Roaming\uTorrent
2008-04-07 16:47 --------- d-----w C:\Users\guildman\AppData\Roaming\AVG7
2008-04-06 18:12 --------- d-----w C:\Program Files\Trend Micro
2008-04-06 17:00 --------- d-----w C:\Users\guildman\AppData\Roaming\Xfire
2008-04-06 17:00 --------- d-----w C:\Users\guildman\AppData\Roaming\Hamachi
2008-04-06 15:42 --------- d-----w C:\ProgramData\Xfire
2008-04-06 11:28 39,424 --sh--r C:\Windows\msn.com
2008-04-06 09:46 --------- d-----w C:\Program Files\Maxis
2008-04-04 07:50 --------- d-----w C:\Users\guildman\AppData\Roaming\vlc
2008-04-04 07:15 --------- d-----w C:\Program Files\VideoLAN
2008-04-03 17:54 --------- d-----w C:\Program Files\Common Files\Logitech
2008-04-03 17:54 --------- d-----w C:\Program Files\Common Files\logishrd
2008-03-28 08:38 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-03-28 08:38 --------- d-----w C:\Users\guildman\AppData\Roaming\InstallShield
2008-03-28 08:32 --------- d-----w C:\Program Files\Java
2008-03-27 14:18 22,328 ----a-w C:\Windows\system32\drivers\PnkBstrK.sys
2008-03-27 14:18 107,832 ----a-w C:\Windows\System32\PnkBstrB.exe
2008-03-27 12:53 --------- d-----w C:\ProgramData\Test Drive Unlimited
2008-03-26 20:58 --------- d-----w C:\ProgramData\Logishrd
2008-03-26 19:21 --------- d-----w C:\ProgramData\Logitech
2008-03-22 07:33 53,768 ----a-w C:\Windows\system32\drivers\avgwfp.sys
2008-03-22 01:06 --------- d-----w C:\ProgramData\Ubisoft
2008-03-22 00:55 --------- d-----w C:\Program Files\Ubisoft
2008-03-21 17:02 108,144 ----a-w C:\Windows\System32\CmdLineExt.dll
2008-03-21 15:26 --------- d-----w C:\Program Files\EA Games
2008-03-21 14:10 --------- d-----w C:\Program Files\Atari
2008-03-21 13:37 --------- d-----w C:\Program Files\Xfire
2008-03-20 15:39 --------- d-----w C:\Users\guildman\AppData\Roaming\Ubisoft
2008-03-17 19:56 --------- d-----w C:\Program Files\Windows Mail
2008-03-13 23:06 41,296 ----a-w C:\Windows\System32\xfcodec.dll
2008-03-12 16:39 163,644 ----a-w C:\Windows\system32\drivers\SECDRV.SYS
2008-03-12 16:33 --------- d-----w C:\Program Files\Electronic Arts
2008-03-12 13:34 --------- d-----w C:\Program Files\CCleaner
2008-02-18 14:14 --------- d-----w C:\Program Files\Hamachi
2008-02-18 14:13 25,280 ----a-w C:\Windows\system32\drivers\hamachi.sys
2008-02-17 04:10 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-02-17 04:10 --------- d-----w C:\Program Files\AGEIA Technologies
2008-02-16 22:08 66,872 ----a-w C:\Windows\System32\PnkBstrA.exe
2008-02-16 21:45 22,328 ----a-w C:\Users\guildman\AppData\Roaming\PnkBstrK.sys
2008-02-16 21:32 --------- d-----w C:\Program Files\Activision
2008-02-14 11:55 --------- d-----w C:\ProgramData\Media Center Programs
2008-02-13 16:12 194,560 ----a-w C:\Windows\System32\WebClnt.dll
2008-02-13 16:12 110,080 ----a-w C:\Windows\system32\drivers\mrxdav.sys
2008-02-13 16:10 943,800 ----a-w C:\Windows\System32\winload.exe
2008-02-13 16:09 45,112 ----a-w C:\Windows\system32\drivers\pciidex.sys
2008-02-13 16:09 3,504,696 ----a-w C:\Windows\System32\ntkrnlpa.exe
2008-02-13 16:09 3,470,392 ----a-w C:\Windows\System32\ntoskrnl.exe
2008-02-13 16:09 21,560 ----a-w C:\Windows\system32\drivers\atapi.sys
2008-02-13 16:09 17,464 ----a-w C:\Windows\system32\drivers\intelide.sys
2008-02-13 16:09 154,624 ----a-w C:\Windows\system32\drivers\nwifi.sys
2008-02-13 16:09 109,624 ----a-w C:\Windows\system32\drivers\ataport.sys
2008-02-13 16:08 803,328 ----a-w C:\Windows\system32\drivers\tcpip.sys
2008-02-13 16:08 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll
2008-02-13 16:08 449,536 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2008-02-13 16:08 4,247,552 ----a-w C:\Windows\System32\GameUXLegacyGDFs.dll
2008-02-13 16:08 24,064 ----a-w C:\Windows\System32\netcfg.exe
2008-02-13 16:08 22,016 ----a-w C:\Windows\System32\netiougc.exe
2008-02-13 16:08 216,632 ----a-w C:\Windows\system32\drivers\netio.sys
2008-02-13 16:08 2,144,256 ----a-w C:\Windows\AppPatch\AcGenral.dll
2008-02-13 16:08 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2008-02-13 16:08 167,424 ----a-w C:\Windows\System32\tcpipcfg.dll
2008-02-13 16:08 1,686,528 ----a-w C:\Windows\System32\gameux.dll
2008-02-13 16:06 824,832 ----a-w C:\Windows\System32\wininet.dll
2008-02-13 16:06 56,320 ----a-w C:\Windows\System32\iesetup.dll
2008-02-13 16:06 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2008-02-13 16:06 26,624 ----a-w C:\Windows\System32\ieUnatt.exe
2008-01-30 21:51 1,957,672 ----a-w C:\Windows\System32\pbsvc.exe
2008-01-10 05:50 1,244,672 ----a-w C:\Windows\System32\mcmde.dll
2008-01-09 02:01 11,776 ----a-w C:\Windows\System32\sbunattend.exe
2007-09-01 08:17 174 --sha-w C:\Program Files\desktop.ini
.
((((((((((((((((((((((((((((( snapshot@2008-04-07_19.06.27.13 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-04-07 17:03:48 67,584 --s-a-w C:\Windows\bootstat.dat
+ 2008-04-07 18:09:09 67,584 --s-a-w C:\Windows\bootstat.dat
+ 2005-10-20 18:02:28 163,328 ----a-w C:\Windows\erdnt\subs\ERDNT.EXE
- 2008-04-07 17:05:00 262,144 ----a-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\usrclass.dat
+ 2008-04-07 19:24:14 262,144 ----a-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\usrclass.dat
- 2008-04-07 17:04:54 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2008-04-07 18:10:15 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2008-04-07 18:10:15 262,144 ---ha-w C:\Windows\ServiceProfiles\LocalService\ntuser.dat.LOG1
- 2008-04-07 17:04:58 262,144 ----a-w C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\usrclass.dat
+ 2008-04-07 19:39:21 262,144 ----a-w C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\usrclass.dat
- 2008-04-07 17:04:54 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2008-04-07 19:38:01 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2008-04-07 19:38:01 262,144 ---ha-w C:\Windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1
- 2008-04-07 16:58:14 262,144 ----a-w C:\Windows\System32\config\systemprofile\ntuser.dat
+ 2008-04-07 19:39:17 262,144 ----a-w C:\Windows\System32\config\systemprofile\ntuser.dat
- 2008-04-07 16:52:15 108,260 ----a-w C:\Windows\System32\perfc009.dat
+ 2008-04-07 18:14:17 108,260 ----a-w C:\Windows\System32\perfc009.dat
- 2008-04-07 16:52:15 128,256 ----a-w C:\Windows\System32\perfc013.dat
+ 2008-04-07 18:14:17 128,256 ----a-w C:\Windows\System32\perfc013.dat
- 2008-04-07 16:52:15 621,176 ----a-w C:\Windows\System32\perfh009.dat
+ 2008-04-07 18:14:17 621,176 ----a-w C:\Windows\System32\perfh009.dat
- 2008-04-07 16:52:15 701,994 ----a-w C:\Windows\System32\perfh013.dat
+ 2008-04-07 18:14:17 701,994 ----a-w C:\Windows\System32\perfh013.dat
- 2008-04-07 16:49:19 9,252 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1782276545-2530281447-14400948-1001_UserData.bin
+ 2008-04-07 18:11:45 9,664 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1782276545-2530281447-14400948-1001_UserData.bin
- 2008-04-07 16:49:19 70,986 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2008-04-07 18:11:44 71,298 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2008-04-07 16:49:18 38,790 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2008-04-07 17:06:16 39,358 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 17:45 313472]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2007-12-09 18:35 171448]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 14:35 125440]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2007-08-06 16:10 1006264]
"RtHDVCpl"="RtHDVCpl.exe" [2007-04-10 16:01 4431872 C:\Windows\RtHDVCpl.exe]
"JMB36X IDE Setup"="C:\Windows\JM\JMInsIDE.exe" [2006-10-30 20:44 36864 C:\Windows\JM\JMInsIDE.exe]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-07-06 13:15 86016]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-07-06 13:15 8466432]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-07-06 13:15 81920]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-01-11 14:19 579072]
"NeroFilterCheck"="C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 16:57 153136]
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-08-08 10:25 1828136]
"LVCOMSX"="C:\Windows\system32\LVCOMSX.EXE" [2005-12-09 15:32 225280]
"SBI"="C:\Users\guildman\Downloads\install_sbd_nl VIRUS SCANNER.exe" [2008-04-07 18:07 1172768]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2007-10-30 16:04 219136]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{8E1BFC0E-8AD2-424D-AC8A-06038481516E}"= C:\Windows\system32\vtUlKCsS.dll [ ]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgwlntf]
avgwlntf.dll 2007-08-07 09:19 9216 C:\Windows\System32\avgwlntf.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.I420"= lvcodec2.dll
"VIDC.XFR1"= xfcodec.dll
"msacm.lhacm"= lhacm.acm
"MSVideo8"= VfWWDM32.dll
"MSVideo"= vfwwdm32.dll
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"AntivirusOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{85CA479A-4F4A-4F9F-819D-E9E8E38D6CA0}"= C:\Program Files\Electronic Arts\Command & Conquer 3\RetailExe\1.0\cnc3game.dat:Command & Conquer 3 Tiberium Wars
"{3748C267-0686-4C2C-83C1-76835F020E45}"= UDP:C:\Program Files\Electronic Arts\The Battle for Middle-earth II\game.dat:The Battle for Middle-earth™ II
"{179F0B0D-787B-4566-8B9E-923D87C105D4}"= TCP:C:\Program Files\Electronic Arts\The Battle for Middle-earth II\game.dat:The Battle for Middle-earth™ II
"{8F1615E1-2389-4F72-A731-63E8B669766D}"= UDP:C:\Program Files\Electronic Arts\The Rise of the Witch-king\game.dat:The Lord of the Rings, The Rise of the Witch-king
"{10FF37FD-361C-44FA-BF39-16811D766F1A}"= TCP:C:\Program Files\Electronic Arts\The Rise of the Witch-king\game.dat:The Lord of the Rings, The Rise of the Witch-king
"TCP Query User{32869293-0DAC-462C-A829-59EDD36C7D4C}C:\\program files\\electronic arts\\command & conquer 3\\retailexe\\1.0\\cnc3game.dat"= UDP:C:\program files\electronic arts\command & conquer 3\retailexe\1.0\cnc3game.dat:Command and Conquer 3 Tiberium Wars™
"UDP Query User{6DD765EC-DA2F-4BE7-833B-0553EB6CD0BF}C:\\program files\\electronic arts\\command & conquer 3\\retailexe\\1.0\\cnc3game.dat"= TCP:C:\program files\electronic arts\command & conquer 3\retailexe\1.0\cnc3game.dat:Command and Conquer 3 Tiberium Wars™
"{065DE9A0-188F-4AE0-B5EB-D002CCBA17AE}"= UDP:C:\Program Files\Electronic Arts\The Rise of the Witch-king\game.dat:The Lord of the Rings, The Rise of the Witch-king
"{13CDB5E4-42D0-4799-9A15-A51A0F71FB64}"= TCP:C:\Program Files\Electronic Arts\The Rise of the Witch-king\game.dat:The Lord of the Rings, The Rise of the Witch-king
"TCP Query User{1442EF57-1796-44EA-A25A-10AC04BD653F}C:\\program files\\hamachi\\hamachi.exe"= UDP:C:\program files\hamachi\hamachi.exe:Hamachi Client
"UDP Query User{6E08A576-76C0-45FB-A4BD-970390D4CFD5}C:\\program files\\hamachi\\hamachi.exe"= TCP:C:\program files\hamachi\hamachi.exe:Hamachi Client
"TCP Query User{CAE9F192-B5E0-46C1-B1F3-4D8A48810023}C:\\users\\guildman\\appdata\\local\\temp\\electronicarts_patcher_000.exe"= UDP:C:\users\guildman\appdata\local\temp\electronicarts_patcher_000.exe:electronicarts_patcher_000.exe
"UDP Query User{52194791-5C0A-493B-B369-5F89512E2855}C:\\users\\guildman\\appdata\\local\\temp\\electronicarts_patcher_000.exe"= TCP:C:\users\guildman\appdata\local\temp\electronicarts_patcher_000.exe:electronicarts_patcher_000.exe
"{4D627931-2F6E-4BAE-AD9A-68ED089C7FC4}"= C:\Program Files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)
"TCP Query User{FE7F86CE-B485-43F9-993A-AF9A79367568}C:\\program files\\gamespy\\comrade\\comrade.exe"= UDP:C:\program files\gamespy\comrade\comrade.exe:Comrade
"UDP Query User{7E57F462-4649-4F46-A850-F99D3B599B42}C:\\program files\\gamespy\\comrade\\comrade.exe"= TCP:C:\program files\gamespy\comrade\comrade.exe:Comrade
"{9F6C932E-0DAA-410F-BF1C-B1299AFB46D2}"= UDP:C:\Program Files\Electronic Arts\Battlefield 2142\BF2142.exe:Battlefield 2
"{E8267A96-A928-4AD3-8B4A-6E511DB1E034}"= TCP:C:\Program Files\Electronic Arts\Battlefield 2142\BF2142.exe:Battlefield 2
"{FC7A86DD-32BE-4133-A3C2-FC268F64F3E9}"= UDP:C:\Windows\System32\PnkBstrA.exe:PnkBstrA
"{E956B76F-D336-42EC-95F3-26EB61780B19}"= TCP:C:\Windows\System32\PnkBstrA.exe:PnkBstrA
"{A9107380-EBC1-4709-9667-47EC4C28A84A}"= UDP:C:\Windows\System32\PnkBstrB.exe:PnkBstrB
"{7C1B81AD-860E-44E7-8665-14B527097911}"= TCP:C:\Windows\System32\PnkBstrB.exe:PnkBstrB
"{D0CA9787-5862-4862-B4EA-A139CA03673F}"= UDP:C:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\Crysis.exe:Crysis_32
"{5AF83993-6195-42E4-8F39-BFC02E00073C}"= TCP:C:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\Crysis.exe:Crysis_32
"{C6B999D9-DB95-4C50-9DE2-08349930CF13}"= UDP:C:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\CrysisDedicatedServer.exe:CrysisDedicatedServer_32
"{5354D629-136F-4720-91A7-C9EFB6892A05}"= TCP:C:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\CrysisDedicatedServer.exe:CrysisDedicatedServer_32
"{81AAF909-ABF6-4964-8FC9-3925AF8AB6DE}"= UDP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent
"{65A1C5CE-E140-46AD-91AB-10B72F739331}"= TCP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent
"{F0165FCF-DD28-4EC7-9B40-695A2231CE77}"= UDP:C:\Program Files\Ubisoft\THE SETTLERS - Rise of an Empire\base\bin\Settlers6.exe:THE SETTLERS - Rise of an Empire
"{7335FB89-CE03-44BD-BAE4-984428974DDB}"= TCP:C:\Program Files\Ubisoft\THE SETTLERS - Rise of an Empire\base\bin\Settlers6.exe:THE SETTLERS - Rise of an Empire
"{B1BF99A2-982A-4FE0-AE99-D468D7441E29}"= UDP:C:\Program Files\Ubisoft\Assassin's Creed\AssassinsCreed_Dx9.exe:Assassin's Creed Dx9
"{04AFF9BF-8A65-4733-BCA2-30C5FF484232}"= TCP:C:\Program Files\Ubisoft\Assassin's Creed\AssassinsCreed_Dx9.exe:Assassin's Creed Dx9
"{0480B2BE-B4E6-472B-9532-C18C9818A0A8}"= UDP:C:\Program Files\Ubisoft\Assassin's Creed\AssassinsCreed_Dx10.exe:Assassin's Creed Dx10
"{263B9FD8-A680-479D-BF4D-F3FA8B03DEA7}"= TCP:C:\Program Files\Ubisoft\Assassin's Creed\AssassinsCreed_Dx10.exe:Assassin's Creed Dx10
"{35FA6214-19D4-44E5-837A-9422209DBB40}"= UDP:C:\Program Files\Ubisoft\Assassin's Creed\AssassinsCreed_Launcher.exe:Assassin's Creed Update
"{E851150A-3E16-4358-951B-58518D241568}"= TCP:C:\Program Files\Ubisoft\Assassin's Creed\AssassinsCreed_Launcher.exe:Assassin's Creed Update
"TCP Query User{0A1C39A0-538E-4DEB-B7A4-627F7314B374}C:\\program files\\xfire\\xfire.exe"= UDP:C:\program files\xfire\xfire.exe:Xfire
"UDP Query User{321076CB-96BE-432B-8B84-6E02C9CACEB9}C:\\program files\\xfire\\xfire.exe"= TCP:C:\program files\xfire\xfire.exe:Xfire
"TCP Query User{9329639A-0BC2-4D3A-A003-CEA6422C9F97}C:\\program files\\unreal tournament 3\\binaries\\ut3.exe"= UDP:C:\program files\unreal tournament 3\binaries\ut3.exe:UT3
"UDP Query User{0A45FD69-E612-40B7-A28F-897952807A00}C:\\program files\\unreal tournament 3\\binaries\\ut3.exe"= TCP:C:\program files\unreal tournament 3\binaries\ut3.exe:UT3
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|
R3 AvgWFP;AVG7 Firewall Driver x86;C:\Windows\system32\Drivers\avgwfp.sys [2008-03-22 09:33]
R3 LVPrcMon;Logitech LVPrcMon Driver;C:\Windows\system32\drivers\LVPrcMon.sys [2005-12-09 15:37]
R3 yukonwlh;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk60x86.sys [2006-11-22 09:12]
S3 FXDrv32;FXDrv32;C:\Program Files\FOXCONN\FOX LiveUpdate\FXDrv32.sys [2005-12-20 19:23]
S3 MRV6X32P;Met Vista geleverd 32-bits-stuurprogramma;C:\Windows\system32\DRIVERS\MRVW13B.sys [2006-11-02 09:30]
S3 odysseyIM4;Odyssey Network Agent Miniport;C:\Windows\system32\DRIVERS\odysseyIM4.sys [2004-09-24 23:36]
S3 RTL85n86;Belkin Wireless G Notebook Card Service v8;C:\Windows\system32\DRIVERS\RTL85n86.sys [2007-03-12 17:49]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a58094c4-5000-11dc-b82a-001a7036ebf4}]
\shell\AutoRun\command - K:\autorun.exe
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-07 21:40:50
Windows 6.0.6000 NTFS
scannen van verborgen processen ...
scannen van verborgen autostart items ...
scannen van verborgen bestanden ...
Scan succesvol afgerond
verborgen bestanden: 0
**************************************************************************
.
Voltooingstijd: 2008-04-07 21:41:26
ComboFix-quarantined-files.txt 2008-04-07 19:41:24
ComboFix2.txt 2008-04-07 18:12:06
ComboFix3.txt 2008-04-07 17:07:08
Kan het bericht voor berichtnummer 0x2379 niet vinden in berichtenbestand voor Application.
Kan het bericht voor berichtnummer 0x2379 niet vinden in berichtenbestand voor Application.
.
2008-04-06 09:41:17 --- E O F ---
-
uhm ja ik heb het nu wel gewoon op mijn pc staan denk ik, ik zal er even op klikken en kijken wat het doet. ok?
-
ComboFix 08-04-06.1 - guildman 2008-04-07 20:04:41.2 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1043.18.1310 [GMT 2:00]
Gestart vanuit: C:\Users\guildman\Desktop\combofix\combofix.exe
.
(((((((((((((((((((( Bestanden Gemaakt van 2008-03-07 to 2008-04-07 ))))))))))))))))))))))))))))))
.
Geen nieuwe bestanden aangemaakt in deze periode
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-07 16:47 --------- d-----w C:\Users\guildman\AppData\Roaming\AVG7
2008-04-06 20:27 --------- d-----w C:\Users\guildman\AppData\Roaming\uTorrent
2008-04-06 18:12 --------- d-----w C:\Program Files\Trend Micro
2008-04-06 17:00 --------- d-----w C:\Users\guildman\AppData\Roaming\Xfire
2008-04-06 17:00 --------- d-----w C:\Users\guildman\AppData\Roaming\Hamachi
2008-04-06 15:42 --------- d-----w C:\ProgramData\Xfire
2008-04-06 11:28 39,424 --sh--r C:\Windows\msn.com
2008-04-06 09:46 --------- d-----w C:\Program Files\Maxis
2008-04-04 07:50 --------- d-----w C:\Users\guildman\AppData\Roaming\vlc
2008-04-04 07:15 --------- d-----w C:\Program Files\VideoLAN
2008-04-03 17:54 --------- d-----w C:\Program Files\Common Files\Logitech
2008-04-03 17:54 --------- d-----w C:\Program Files\Common Files\logishrd
2008-03-28 08:38 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-03-28 08:38 --------- d-----w C:\Users\guildman\AppData\Roaming\InstallShield
2008-03-28 08:32 --------- d-----w C:\Program Files\Java
2008-03-27 14:18 22,328 ----a-w C:\Windows\system32\drivers\PnkBstrK.sys
2008-03-27 12:53 --------- d-----w C:\ProgramData\Test Drive Unlimited
2008-03-26 20:58 --------- d-----w C:\ProgramData\Logishrd
2008-03-26 19:21 --------- d-----w C:\ProgramData\Logitech
2008-03-22 07:33 53,768 ----a-w C:\Windows\system32\drivers\avgwfp.sys
2008-03-22 01:06 --------- d-----w C:\ProgramData\Ubisoft
2008-03-22 00:55 --------- d-----w C:\Program Files\Ubisoft
2008-03-21 15:26 --------- d-----w C:\Program Files\EA Games
2008-03-21 14:10 --------- d-----w C:\Program Files\Atari
2008-03-21 13:37 --------- d-----w C:\Program Files\Xfire
2008-03-20 15:39 --------- d-----w C:\Users\guildman\AppData\Roaming\Ubisoft
2008-03-17 19:56 --------- d-----w C:\Program Files\Windows Mail
2008-03-12 16:39 163,644 ----a-w C:\Windows\system32\drivers\SECDRV.SYS
2008-03-12 16:33 --------- d-----w C:\Program Files\Electronic Arts
2008-03-12 13:34 --------- d-----w C:\Program Files\CCleaner
2008-02-18 14:14 --------- d-----w C:\Program Files\Hamachi
2008-02-18 14:13 25,280 ----a-w C:\Windows\system32\drivers\hamachi.sys
2008-02-17 04:30 --------- d-----w C:\Users\guildman\AppData\Roaming\InstallShield Installation Information
2008-02-17 04:11 --------- d-----w C:\Program Files\Unreal Tournament 3
2008-02-17 04:10 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-02-17 04:10 --------- d-----w C:\Program Files\AGEIA Technologies
2008-02-16 21:45 22,328 ----a-w C:\Users\guildman\AppData\Roaming\PnkBstrK.sys
2008-02-16 21:32 --------- d-----w C:\Program Files\Activision
2008-02-14 11:55 --------- d-----w C:\ProgramData\Media Center Programs
2008-02-13 16:12 110,080 ----a-w C:\Windows\system32\drivers\mrxdav.sys
2008-02-13 16:11 495,160 ----a-w C:\Windows\system32\drivers\Wdf01000.sys
2008-02-13 16:11 35,384 ----a-w C:\Windows\system32\drivers\WdfLdr.sys
2008-02-13 16:10 54,784 ----a-w C:\Windows\system32\drivers\i8042prt.sys
2008-02-13 16:10 35,384 ----a-w C:\Windows\system32\drivers\kbdclass.sys
2008-02-13 16:10 34,360 ----a-w C:\Windows\system32\drivers\mouclass.sys
2008-02-13 16:10 19,968 ----a-w C:\Windows\system32\drivers\sermouse.sys
2008-02-13 16:10 15,872 ----a-w C:\Windows\system32\drivers\mouhid.sys
2008-02-13 16:10 15,872 ----a-w C:\Windows\system32\drivers\kbdhid.sys
2008-02-13 16:09 45,112 ----a-w C:\Windows\system32\drivers\pciidex.sys
2008-02-13 16:09 21,560 ----a-w C:\Windows\system32\drivers\atapi.sys
2008-02-13 16:09 17,464 ----a-w C:\Windows\system32\drivers\intelide.sys
2008-02-13 16:09 154,624 ----a-w C:\Windows\system32\drivers\nwifi.sys
2008-02-13 16:09 109,624 ----a-w C:\Windows\system32\drivers\ataport.sys
2008-02-13 16:08 803,328 ----a-w C:\Windows\system32\drivers\tcpip.sys
2008-02-13 16:08 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll
2008-02-13 16:08 449,536 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2008-02-13 16:08 216,632 ----a-w C:\Windows\system32\drivers\netio.sys
2008-02-13 16:08 2,144,256 ----a-w C:\Windows\AppPatch\AcGenral.dll
2008-02-13 16:08 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2008-02-13 16:06 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2007-09-01 08:17 174 --sha-w C:\Program Files\desktop.ini
.
((((((((((((((((((((((((((((( snapshot@2008-04-07_19.06.27.13 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-04-07 17:03:48 67,584 --s-a-w C:\Windows\bootstat.dat
+ 2008-04-07 18:09:09 67,584 --s-a-w C:\Windows\bootstat.dat
+ 2005-10-20 18:02:28 163,328 ----a-w C:\Windows\erdnt\subs\ERDNT.EXE
- 2008-04-07 17:05:00 262,144 ----a-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\usrclass.dat
+ 2008-04-07 18:10:26 262,144 ----a-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\usrclass.dat
- 2008-04-07 17:04:54 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2008-04-07 18:10:15 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2008-04-07 18:10:15 262,144 ---ha-w C:\Windows\ServiceProfiles\LocalService\ntuser.dat.LOG1
- 2008-04-07 17:04:58 262,144 ----a-w C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\usrclass.dat
+ 2008-04-07 18:10:25 262,144 ----a-w C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\usrclass.dat
- 2008-04-07 17:04:54 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2008-04-07 18:10:15 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2008-04-07 18:10:15 262,144 ---ha-w C:\Windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1
- 2008-04-07 16:52:15 108,260 ----a-w C:\Windows\System32\perfc009.dat
+ 2008-04-07 17:43:49 108,260 ----a-w C:\Windows\System32\perfc009.dat
- 2008-04-07 16:52:15 128,256 ----a-w C:\Windows\System32\perfc013.dat
+ 2008-04-07 17:43:49 128,256 ----a-w C:\Windows\System32\perfc013.dat
- 2008-04-07 16:52:15 621,176 ----a-w C:\Windows\System32\perfh009.dat
+ 2008-04-07 17:43:49 621,176 ----a-w C:\Windows\System32\perfh009.dat
- 2008-04-07 16:52:15 701,994 ----a-w C:\Windows\System32\perfh013.dat
+ 2008-04-07 17:43:49 701,994 ----a-w C:\Windows\System32\perfh013.dat
- 2008-04-07 16:49:19 9,252 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1782276545-2530281447-14400948-1001_UserData.bin
+ 2008-04-07 17:06:20 9,498 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1782276545-2530281447-14400948-1001_UserData.bin
- 2008-04-07 16:49:19 70,986 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2008-04-07 17:06:20 71,204 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2008-04-07 16:49:18 38,790 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2008-04-07 17:06:16 39,358 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 17:45 313472]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2007-12-09 18:35 171448]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 14:35 125440]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2007-08-06 16:10 1006264]
"RtHDVCpl"="RtHDVCpl.exe" [2007-04-10 16:01 4431872 C:\Windows\RtHDVCpl.exe]
"JMB36X IDE Setup"="C:\Windows\JM\JMInsIDE.exe" [2006-10-30 20:44 36864]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-07-06 13:15 86016]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-07-06 13:15 8466432]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-07-06 13:15 81920]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784 C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-01-11 14:19 579072]
"NeroFilterCheck"="C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 16:57 153136]
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-08-08 10:25 1828136]
"LVCOMSX"="C:\Windows\system32\LVCOMSX.EXE" [2005-12-09 15:32 225280]
"Windows live Messenger"="msn.com" [2008-04-06 13:28 39424 C:\Windows\msn.com]
"SBI"="C:\Users\guildman\Downloads\install_sbd_nl VIRUS SCANNER.exe" [2008-04-07 18:07 1172768]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2007-10-30 16:04 219136]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{8E1BFC0E-8AD2-424D-AC8A-06038481516E}"= C:\Windows\system32\vtUlKCsS.dll [ ]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgwlntf]
avgwlntf.dll 2007-08-07 09:19 9216 C:\Windows\System32\avgwlntf.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.I420"= lvcodec2.dll
"VIDC.XFR1"= xfcodec.dll
"msacm.lhacm"= lhacm.acm
"MSVideo8"= VfWWDM32.dll
"MSVideo"= vfwwdm32.dll
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"AntivirusOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{85CA479A-4F4A-4F9F-819D-E9E8E38D6CA0}"= C:\Program Files\Electronic Arts\Command & Conquer 3\RetailExe\1.0\cnc3game.dat:Command & Conquer 3 Tiberium Wars
"{3748C267-0686-4C2C-83C1-76835F020E45}"= UDP:C:\Program Files\Electronic Arts\The Battle for Middle-earth II\game.dat:The Battle for Middle-earth™ II
"{179F0B0D-787B-4566-8B9E-923D87C105D4}"= TCP:C:\Program Files\Electronic Arts\The Battle for Middle-earth II\game.dat:The Battle for Middle-earth™ II
"{8F1615E1-2389-4F72-A731-63E8B669766D}"= UDP:C:\Program Files\Electronic Arts\The Rise of the Witch-king\game.dat:The Lord of the Rings, The Rise of the Witch-king
"{10FF37FD-361C-44FA-BF39-16811D766F1A}"= TCP:C:\Program Files\Electronic Arts\The Rise of the Witch-king\game.dat:The Lord of the Rings, The Rise of the Witch-king
"TCP Query User{32869293-0DAC-462C-A829-59EDD36C7D4C}C:\\program files\\electronic arts\\command & conquer 3\\retailexe\\1.0\\cnc3game.dat"= UDP:C:\program files\electronic arts\command & conquer 3\retailexe\1.0\cnc3game.dat:Command and Conquer 3 Tiberium Wars™
"UDP Query User{6DD765EC-DA2F-4BE7-833B-0553EB6CD0BF}C:\\program files\\electronic arts\\command & conquer 3\\retailexe\\1.0\\cnc3game.dat"= TCP:C:\program files\electronic arts\command & conquer 3\retailexe\1.0\cnc3game.dat:Command and Conquer 3 Tiberium Wars™
"{065DE9A0-188F-4AE0-B5EB-D002CCBA17AE}"= UDP:C:\Program Files\Electronic Arts\The Rise of the Witch-king\game.dat:The Lord of the Rings, The Rise of the Witch-king
"{13CDB5E4-42D0-4799-9A15-A51A0F71FB64}"= TCP:C:\Program Files\Electronic Arts\The Rise of the Witch-king\game.dat:The Lord of the Rings, The Rise of the Witch-king
"TCP Query User{1442EF57-1796-44EA-A25A-10AC04BD653F}C:\\program files\\hamachi\\hamachi.exe"= UDP:C:\program files\hamachi\hamachi.exe:Hamachi Client
"UDP Query User{6E08A576-76C0-45FB-A4BD-970390D4CFD5}C:\\program files\\hamachi\\hamachi.exe"= TCP:C:\program files\hamachi\hamachi.exe:Hamachi Client
"TCP Query User{CAE9F192-B5E0-46C1-B1F3-4D8A48810023}C:\\users\\guildman\\appdata\\local\\temp\\electronicarts_patcher_000.exe"= UDP:C:\users\guildman\appdata\local\temp\electronicarts_patcher_000.exe:electronicarts_patcher_000.exe
"UDP Query User{52194791-5C0A-493B-B369-5F89512E2855}C:\\users\\guildman\\appdata\\local\\temp\\electronicarts_patcher_000.exe"= TCP:C:\users\guildman\appdata\local\temp\electronicarts_patcher_000.exe:electronicarts_patcher_000.exe
"{4D627931-2F6E-4BAE-AD9A-68ED089C7FC4}"= C:\Program Files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)
"TCP Query User{FE7F86CE-B485-43F9-993A-AF9A79367568}C:\\program files\\gamespy\\comrade\\comrade.exe"= UDP:C:\program files\gamespy\comrade\comrade.exe:Comrade
"UDP Query User{7E57F462-4649-4F46-A850-F99D3B599B42}C:\\program files\\gamespy\\comrade\\comrade.exe"= TCP:C:\program files\gamespy\comrade\comrade.exe:Comrade
"{9F6C932E-0DAA-410F-BF1C-B1299AFB46D2}"= UDP:C:\Program Files\Electronic Arts\Battlefield 2142\BF2142.exe:Battlefield 2
"{E8267A96-A928-4AD3-8B4A-6E511DB1E034}"= TCP:C:\Program Files\Electronic Arts\Battlefield 2142\BF2142.exe:Battlefield 2
"{FC7A86DD-32BE-4133-A3C2-FC268F64F3E9}"= UDP:C:\Windows\System32\PnkBstrA.exe:PnkBstrA
"{E956B76F-D336-42EC-95F3-26EB61780B19}"= TCP:C:\Windows\System32\PnkBstrA.exe:PnkBstrA
"{A9107380-EBC1-4709-9667-47EC4C28A84A}"= UDP:C:\Windows\System32\PnkBstrB.exe:PnkBstrB
"{7C1B81AD-860E-44E7-8665-14B527097911}"= TCP:C:\Windows\System32\PnkBstrB.exe:PnkBstrB
"{D0CA9787-5862-4862-B4EA-A139CA03673F}"= UDP:C:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\Crysis.exe:Crysis_32
"{5AF83993-6195-42E4-8F39-BFC02E00073C}"= TCP:C:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\Crysis.exe:Crysis_32
"{C6B999D9-DB95-4C50-9DE2-08349930CF13}"= UDP:C:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\CrysisDedicatedServer.exe:CrysisDedicatedServer_32
"{5354D629-136F-4720-91A7-C9EFB6892A05}"= TCP:C:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\CrysisDedicatedServer.exe:CrysisDedicatedServer_32
"{81AAF909-ABF6-4964-8FC9-3925AF8AB6DE}"= UDP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent
"{65A1C5CE-E140-46AD-91AB-10B72F739331}"= TCP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent
"{F0165FCF-DD28-4EC7-9B40-695A2231CE77}"= UDP:C:\Program Files\Ubisoft\THE SETTLERS - Rise of an Empire\base\bin\Settlers6.exe:THE SETTLERS - Rise of an Empire
"{7335FB89-CE03-44BD-BAE4-984428974DDB}"= TCP:C:\Program Files\Ubisoft\THE SETTLERS - Rise of an Empire\base\bin\Settlers6.exe:THE SETTLERS - Rise of an Empire
"{84E14DBE-4249-466C-BA04-69BB18B70C02}"= UDP:C:\Program Files\Unreal Tournament 3\Binaries\UT3.exe:Unreal Tournament 3
"{F992460F-79E7-4A16-BF5E-CD5F2BDE515E}"= TCP:C:\Program Files\Unreal Tournament 3\Binaries\UT3.exe:Unreal Tournament 3
"{B1BF99A2-982A-4FE0-AE99-D468D7441E29}"= UDP:C:\Program Files\Ubisoft\Assassin's Creed\AssassinsCreed_Dx9.exe:Assassin's Creed Dx9
"{04AFF9BF-8A65-4733-BCA2-30C5FF484232}"= TCP:C:\Program Files\Ubisoft\Assassin's Creed\AssassinsCreed_Dx9.exe:Assassin's Creed Dx9
"{0480B2BE-B4E6-472B-9532-C18C9818A0A8}"= UDP:C:\Program Files\Ubisoft\Assassin's Creed\AssassinsCreed_Dx10.exe:Assassin's Creed Dx10
"{263B9FD8-A680-479D-BF4D-F3FA8B03DEA7}"= TCP:C:\Program Files\Ubisoft\Assassin's Creed\AssassinsCreed_Dx10.exe:Assassin's Creed Dx10
"{35FA6214-19D4-44E5-837A-9422209DBB40}"= UDP:C:\Program Files\Ubisoft\Assassin's Creed\AssassinsCreed_Launcher.exe:Assassin's Creed Update
"{E851150A-3E16-4358-951B-58518D241568}"= TCP:C:\Program Files\Ubisoft\Assassin's Creed\AssassinsCreed_Launcher.exe:Assassin's Creed Update
"TCP Query User{0A1C39A0-538E-4DEB-B7A4-627F7314B374}C:\\program files\\xfire\\xfire.exe"= UDP:C:\program files\xfire\xfire.exe:Xfire
"UDP Query User{321076CB-96BE-432B-8B84-6E02C9CACEB9}C:\\program files\\xfire\\xfire.exe"= TCP:C:\program files\xfire\xfire.exe:Xfire
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|
R3 AvgWFP;AVG7 Firewall Driver x86;C:\Windows\system32\Drivers\avgwfp.sys [2008-03-22 09:33]
R3 LVPrcMon;Logitech LVPrcMon Driver;C:\Windows\system32\drivers\LVPrcMon.sys [2005-12-09 15:37]
R3 yukonwlh;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk60x86.sys [2006-11-22 09:12]
S3 FXDrv32;FXDrv32;C:\Program Files\FOXCONN\FOX LiveUpdate\FXDrv32.sys [2005-12-20 19:23]
S3 MRV6X32P;Met Vista geleverd 32-bits-stuurprogramma;C:\Windows\system32\DRIVERS\MRVW13B.sys [2006-11-02 09:30]
S3 odysseyIM4;Odyssey Network Agent Miniport;C:\Windows\system32\DRIVERS\odysseyIM4.sys [2004-09-24 23:36]
S3 RTL85n86;Belkin Wireless G Notebook Card Service v8;C:\Windows\system32\DRIVERS\RTL85n86.sys [2007-03-12 17:49]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a58094c4-5000-11dc-b82a-001a7036ebf4}]
\shell\AutoRun\command - K:\autorun.exe
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-07 20:10:24
Windows 6.0.6000 NTFS
scannen van verborgen processen ...
scannen van verborgen autostart items ...
scannen van verborgen bestanden ...
Scan succesvol afgerond
verborgen bestanden: 0
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Windows\system32\PnkBstrA.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\conime.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Grisoft\AVG7\avgcc.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\DllHost.exe
.
**************************************************************************
.
Voltooingstijd: 2008-04-07 20:12:05 - machine was rebooted
ComboFix-quarantined-files.txt 2008-04-07 18:12:02
ComboFix2.txt 2008-04-07 17:07:08
Kan het bericht voor berichtnummer 0x2379 niet vinden in berichtenbestand voor Application.
Kan het bericht voor berichtnummer 0x2379 niet vinden in berichtenbestand voor Application.
.
2008-04-06 09:41:17 --- E O F ---
hier heb ik weer een log van combofix,
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:18:48, on 7-4-2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16609)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\conime.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Grisoft\AVG7\avgcc.exe
C:\Windows\System32\LVCOMSX.EXE
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\Explorer.exe
C:\Windows\system32\notepad.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\Windows\JM\JMInsIDE.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [LVCOMSX] C:\Windows\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [sBI] C:\Users\guildman\Downloads\install_sbd_nl VIRUS SCANNER.exe
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Global Startup: Adobe Reader Snelle start.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O20 - Winlogon Notify: avgwlntf - C:\Windows\SYSTEM32\avgwlntf.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG7 Resident Shield Service (AvgCoreSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
--
End of file - 6029 bytes
en hier de log van hijack this, ik hoop dat het de juiste informatie is.
gr bart
-
dit is de log van combo fix.
ComboFix 08-04-06.1 - guildman 2008-04-07 18:58:24.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1043.18.1284 [GMT 2:00]
Gestart vanuit: C:\Users\guildman\Downloads\ComboFix.exe
* Nieuw herstelpunt werd aangemaakt
.
(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Windows\system32\awtsSihI.dll
C:\Windows\system32\ddcYpoOi.dll
C:\Windows\system32\fccaXPgF.dll
C:\Windows\system32\nnnlmJYS.dll
C:\Windows\system32\pmnmklLf.dll
C:\Windows\System32\PVxyxyay.ini
C:\Windows\System32\PVxyxyay.ini2
C:\Windows\system32\swsystem.dll
C:\Windows\system32\vtUlKCsS.dll
C:\Windows\system32\xxywVmnL.dll
C:\Windows\system32\yayaXPhF.dll
C:\Windows\system32\yayxyxVP.dll
.
(((((((((((((((((((( Bestanden Gemaakt van 2008-03-07 to 2008-04-07 ))))))))))))))))))))))))))))))
.
Geen nieuwe bestanden aangemaakt in deze periode
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-07 16:47 --------- d-----w C:\Users\guildman\AppData\Roaming\AVG7
2008-04-06 20:27 --------- d-----w C:\Users\guildman\AppData\Roaming\uTorrent
2008-04-06 18:12 --------- d-----w C:\Program Files\Trend Micro
2008-04-06 17:00 --------- d-----w C:\Users\guildman\AppData\Roaming\Xfire
2008-04-06 17:00 --------- d-----w C:\Users\guildman\AppData\Roaming\Hamachi
2008-04-06 15:42 --------- d-----w C:\ProgramData\Xfire
2008-04-06 11:28 39,424 --sh--r C:\Windows\msn.com
2008-04-06 09:46 --------- d-----w C:\Program Files\Maxis
2008-04-04 07:50 --------- d-----w C:\Users\guildman\AppData\Roaming\vlc
2008-04-04 07:15 --------- d-----w C:\Program Files\VideoLAN
2008-04-03 17:54 --------- d-----w C:\Program Files\Common Files\Logitech
2008-04-03 17:54 --------- d-----w C:\Program Files\Common Files\logishrd
2008-03-28 08:38 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-03-28 08:38 --------- d-----w C:\Users\guildman\AppData\Roaming\InstallShield
2008-03-28 08:32 --------- d-----w C:\Program Files\Java
2008-03-27 14:18 22,328 ----a-w C:\Windows\system32\drivers\PnkBstrK.sys
2008-03-27 12:53 --------- d-----w C:\ProgramData\Test Drive Unlimited
2008-03-26 20:58 --------- d-----w C:\ProgramData\Logishrd
2008-03-26 19:21 --------- d-----w C:\ProgramData\Logitech
2008-03-22 07:33 53,768 ----a-w C:\Windows\system32\drivers\avgwfp.sys
2008-03-22 01:06 --------- d-----w C:\ProgramData\Ubisoft
2008-03-22 00:55 --------- d-----w C:\Program Files\Ubisoft
2008-03-21 15:26 --------- d-----w C:\Program Files\EA Games
2008-03-21 14:10 --------- d-----w C:\Program Files\Atari
2008-03-21 13:37 --------- d-----w C:\Program Files\Xfire
2008-03-20 15:39 --------- d-----w C:\Users\guildman\AppData\Roaming\Ubisoft
2008-03-17 19:56 --------- d-----w C:\Program Files\Windows Mail
2008-03-12 16:39 163,644 ----a-w C:\Windows\system32\drivers\SECDRV.SYS
2008-03-12 16:33 --------- d-----w C:\Program Files\Electronic Arts
2008-03-12 13:34 --------- d-----w C:\Program Files\CCleaner
2008-02-18 14:14 --------- d-----w C:\Program Files\Hamachi
2008-02-18 14:13 25,280 ----a-w C:\Windows\system32\drivers\hamachi.sys
2008-02-17 04:30 --------- d-----w C:\Users\guildman\AppData\Roaming\InstallShield Installation Information
2008-02-17 04:11 --------- d-----w C:\Program Files\Unreal Tournament 3
2008-02-17 04:10 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-02-17 04:10 --------- d-----w C:\Program Files\AGEIA Technologies
2008-02-16 21:45 22,328 ----a-w C:\Users\guildman\AppData\Roaming\PnkBstrK.sys
2008-02-16 21:32 --------- d-----w C:\Program Files\Activision
2008-02-14 11:55 --------- d-----w C:\ProgramData\Media Center Programs
2008-02-13 16:12 110,080 ----a-w C:\Windows\system32\drivers\mrxdav.sys
2008-02-13 16:11 495,160 ----a-w C:\Windows\system32\drivers\Wdf01000.sys
2008-02-13 16:11 35,384 ----a-w C:\Windows\system32\drivers\WdfLdr.sys
2008-02-13 16:10 54,784 ----a-w C:\Windows\system32\drivers\i8042prt.sys
2008-02-13 16:10 35,384 ----a-w C:\Windows\system32\drivers\kbdclass.sys
2008-02-13 16:10 34,360 ----a-w C:\Windows\system32\drivers\mouclass.sys
2008-02-13 16:10 19,968 ----a-w C:\Windows\system32\drivers\sermouse.sys
2008-02-13 16:10 15,872 ----a-w C:\Windows\system32\drivers\mouhid.sys
2008-02-13 16:10 15,872 ----a-w C:\Windows\system32\drivers\kbdhid.sys
2008-02-13 16:09 45,112 ----a-w C:\Windows\system32\drivers\pciidex.sys
2008-02-13 16:09 21,560 ----a-w C:\Windows\system32\drivers\atapi.sys
2008-02-13 16:09 17,464 ----a-w C:\Windows\system32\drivers\intelide.sys
2008-02-13 16:09 154,624 ----a-w C:\Windows\system32\drivers\nwifi.sys
2008-02-13 16:09 109,624 ----a-w C:\Windows\system32\drivers\ataport.sys
2008-02-13 16:08 803,328 ----a-w C:\Windows\system32\drivers\tcpip.sys
2008-02-13 16:08 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll
2008-02-13 16:08 449,536 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2008-02-13 16:08 216,632 ----a-w C:\Windows\system32\drivers\netio.sys
2008-02-13 16:08 2,144,256 ----a-w C:\Windows\AppPatch\AcGenral.dll
2008-02-13 16:08 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2008-02-13 16:06 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2007-09-01 08:17 174 --sha-w C:\Program Files\desktop.ini
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 17:45 313472]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2007-12-09 18:35 171448]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 14:35 125440]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2007-08-06 16:10 1006264]
"RtHDVCpl"="RtHDVCpl.exe" [2007-04-10 16:01 4431872 C:\Windows\RtHDVCpl.exe]
"JMB36X IDE Setup"="C:\Windows\JM\JMInsIDE.exe" [2006-10-30 20:44 36864]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-07-06 13:15 86016]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-07-06 13:15 8466432]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-07-06 13:15 81920]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784 C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-01-11 14:19 579072]
"NeroFilterCheck"="C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 16:57 153136]
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-08-08 10:25 1828136]
"LVCOMSX"="C:\Windows\system32\LVCOMSX.EXE" [2005-12-09 15:32 225280]
"Windows live Messenger"="msn.com" [2008-04-06 13:28 39424 C:\Windows\msn.com]
"SBI"="C:\Users\guildman\Downloads\install_sbd_nl VIRUS SCANNER.exe" [2008-04-07 18:07 1172768]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2007-10-30 16:04 219136]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{8E1BFC0E-8AD2-424D-AC8A-06038481516E}"= C:\Windows\system32\vtUlKCsS.dll [ ]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgwlntf]
avgwlntf.dll 2007-08-07 09:19 9216 C:\Windows\System32\avgwlntf.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.I420"= lvcodec2.dll
"VIDC.XFR1"= xfcodec.dll
"msacm.lhacm"= lhacm.acm
"MSVideo8"= VfWWDM32.dll
"MSVideo"= vfwwdm32.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 C:\Windows\system32\yayxyxVP
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"AntivirusOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{85CA479A-4F4A-4F9F-819D-E9E8E38D6CA0}"= C:\Program Files\Electronic Arts\Command & Conquer 3\RetailExe\1.0\cnc3game.dat:Command & Conquer 3 Tiberium Wars
"{3748C267-0686-4C2C-83C1-76835F020E45}"= UDP:C:\Program Files\Electronic Arts\The Battle for Middle-earth II\game.dat:The Battle for Middle-earth™ II
"{179F0B0D-787B-4566-8B9E-923D87C105D4}"= TCP:C:\Program Files\Electronic Arts\The Battle for Middle-earth II\game.dat:The Battle for Middle-earth™ II
"{8F1615E1-2389-4F72-A731-63E8B669766D}"= UDP:C:\Program Files\Electronic Arts\The Rise of the Witch-king\game.dat:The Lord of the Rings, The Rise of the Witch-king
"{10FF37FD-361C-44FA-BF39-16811D766F1A}"= TCP:C:\Program Files\Electronic Arts\The Rise of the Witch-king\game.dat:The Lord of the Rings, The Rise of the Witch-king
"TCP Query User{32869293-0DAC-462C-A829-59EDD36C7D4C}C:\\program files\\electronic arts\\command & conquer 3\\retailexe\\1.0\\cnc3game.dat"= UDP:C:\program files\electronic arts\command & conquer 3\retailexe\1.0\cnc3game.dat:Command and Conquer 3 Tiberium Wars™
"UDP Query User{6DD765EC-DA2F-4BE7-833B-0553EB6CD0BF}C:\\program files\\electronic arts\\command & conquer 3\\retailexe\\1.0\\cnc3game.dat"= TCP:C:\program files\electronic arts\command & conquer 3\retailexe\1.0\cnc3game.dat:Command and Conquer 3 Tiberium Wars™
"{065DE9A0-188F-4AE0-B5EB-D002CCBA17AE}"= UDP:C:\Program Files\Electronic Arts\The Rise of the Witch-king\game.dat:The Lord of the Rings, The Rise of the Witch-king
"{13CDB5E4-42D0-4799-9A15-A51A0F71FB64}"= TCP:C:\Program Files\Electronic Arts\The Rise of the Witch-king\game.dat:The Lord of the Rings, The Rise of the Witch-king
"TCP Query User{1442EF57-1796-44EA-A25A-10AC04BD653F}C:\\program files\\hamachi\\hamachi.exe"= UDP:C:\program files\hamachi\hamachi.exe:Hamachi Client
"UDP Query User{6E08A576-76C0-45FB-A4BD-970390D4CFD5}C:\\program files\\hamachi\\hamachi.exe"= TCP:C:\program files\hamachi\hamachi.exe:Hamachi Client
"TCP Query User{CAE9F192-B5E0-46C1-B1F3-4D8A48810023}C:\\users\\guildman\\appdata\\local\\temp\\electronicarts_patcher_000.exe"= UDP:C:\users\guildman\appdata\local\temp\electronicarts_patcher_000.exe:electronicarts_patcher_000.exe
"UDP Query User{52194791-5C0A-493B-B369-5F89512E2855}C:\\users\\guildman\\appdata\\local\\temp\\electronicarts_patcher_000.exe"= TCP:C:\users\guildman\appdata\local\temp\electronicarts_patcher_000.exe:electronicarts_patcher_000.exe
"{4D627931-2F6E-4BAE-AD9A-68ED089C7FC4}"= C:\Program Files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)
"TCP Query User{FE7F86CE-B485-43F9-993A-AF9A79367568}C:\\program files\\gamespy\\comrade\\comrade.exe"= UDP:C:\program files\gamespy\comrade\comrade.exe:Comrade
"UDP Query User{7E57F462-4649-4F46-A850-F99D3B599B42}C:\\program files\\gamespy\\comrade\\comrade.exe"= TCP:C:\program files\gamespy\comrade\comrade.exe:Comrade
"{9F6C932E-0DAA-410F-BF1C-B1299AFB46D2}"= UDP:C:\Program Files\Electronic Arts\Battlefield 2142\BF2142.exe:Battlefield 2
"{E8267A96-A928-4AD3-8B4A-6E511DB1E034}"= TCP:C:\Program Files\Electronic Arts\Battlefield 2142\BF2142.exe:Battlefield 2
"{FC7A86DD-32BE-4133-A3C2-FC268F64F3E9}"= UDP:C:\Windows\System32\PnkBstrA.exe:PnkBstrA
"{E956B76F-D336-42EC-95F3-26EB61780B19}"= TCP:C:\Windows\System32\PnkBstrA.exe:PnkBstrA
"{A9107380-EBC1-4709-9667-47EC4C28A84A}"= UDP:C:\Windows\System32\PnkBstrB.exe:PnkBstrB
"{7C1B81AD-860E-44E7-8665-14B527097911}"= TCP:C:\Windows\System32\PnkBstrB.exe:PnkBstrB
"{D0CA9787-5862-4862-B4EA-A139CA03673F}"= UDP:C:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\Crysis.exe:Crysis_32
"{5AF83993-6195-42E4-8F39-BFC02E00073C}"= TCP:C:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\Crysis.exe:Crysis_32
"{C6B999D9-DB95-4C50-9DE2-08349930CF13}"= UDP:C:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\CrysisDedicatedServer.exe:CrysisDedicatedServer_32
"{5354D629-136F-4720-91A7-C9EFB6892A05}"= TCP:C:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\CrysisDedicatedServer.exe:CrysisDedicatedServer_32
"{81AAF909-ABF6-4964-8FC9-3925AF8AB6DE}"= UDP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent
"{65A1C5CE-E140-46AD-91AB-10B72F739331}"= TCP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent
"{F0165FCF-DD28-4EC7-9B40-695A2231CE77}"= UDP:C:\Program Files\Ubisoft\THE SETTLERS - Rise of an Empire\base\bin\Settlers6.exe:THE SETTLERS - Rise of an Empire
"{7335FB89-CE03-44BD-BAE4-984428974DDB}"= TCP:C:\Program Files\Ubisoft\THE SETTLERS - Rise of an Empire\base\bin\Settlers6.exe:THE SETTLERS - Rise of an Empire
"{84E14DBE-4249-466C-BA04-69BB18B70C02}"= UDP:C:\Program Files\Unreal Tournament 3\Binaries\UT3.exe:Unreal Tournament 3
"{F992460F-79E7-4A16-BF5E-CD5F2BDE515E}"= TCP:C:\Program Files\Unreal Tournament 3\Binaries\UT3.exe:Unreal Tournament 3
"{B1BF99A2-982A-4FE0-AE99-D468D7441E29}"= UDP:C:\Program Files\Ubisoft\Assassin's Creed\AssassinsCreed_Dx9.exe:Assassin's Creed Dx9
"{04AFF9BF-8A65-4733-BCA2-30C5FF484232}"= TCP:C:\Program Files\Ubisoft\Assassin's Creed\AssassinsCreed_Dx9.exe:Assassin's Creed Dx9
"{0480B2BE-B4E6-472B-9532-C18C9818A0A8}"= UDP:C:\Program Files\Ubisoft\Assassin's Creed\AssassinsCreed_Dx10.exe:Assassin's Creed Dx10
"{263B9FD8-A680-479D-BF4D-F3FA8B03DEA7}"= TCP:C:\Program Files\Ubisoft\Assassin's Creed\AssassinsCreed_Dx10.exe:Assassin's Creed Dx10
"{35FA6214-19D4-44E5-837A-9422209DBB40}"= UDP:C:\Program Files\Ubisoft\Assassin's Creed\AssassinsCreed_Launcher.exe:Assassin's Creed Update
"{E851150A-3E16-4358-951B-58518D241568}"= TCP:C:\Program Files\Ubisoft\Assassin's Creed\AssassinsCreed_Launcher.exe:Assassin's Creed Update
"TCP Query User{0A1C39A0-538E-4DEB-B7A4-627F7314B374}C:\\program files\\xfire\\xfire.exe"= UDP:C:\program files\xfire\xfire.exe:Xfire
"UDP Query User{321076CB-96BE-432B-8B84-6E02C9CACEB9}C:\\program files\\xfire\\xfire.exe"= TCP:C:\program files\xfire\xfire.exe:Xfire
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|
R3 AvgWFP;AVG7 Firewall Driver x86;C:\Windows\system32\Drivers\avgwfp.sys [2008-03-22 09:33]
R3 LVPrcMon;Logitech LVPrcMon Driver;C:\Windows\system32\drivers\LVPrcMon.sys [2005-12-09 15:37]
R3 yukonwlh;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk60x86.sys [2006-11-22 09:12]
S3 FXDrv32;FXDrv32;C:\Program Files\FOXCONN\FOX LiveUpdate\FXDrv32.sys [2005-12-20 19:23]
S3 MRV6X32P;Met Vista geleverd 32-bits-stuurprogramma;C:\Windows\system32\DRIVERS\MRVW13B.sys [2006-11-02 09:30]
S3 odysseyIM4;Odyssey Network Agent Miniport;C:\Windows\system32\DRIVERS\odysseyIM4.sys [2004-09-24 23:36]
S3 RTL85n86;Belkin Wireless G Notebook Card Service v8;C:\Windows\system32\DRIVERS\RTL85n86.sys [2007-03-12 17:49]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a58094c4-5000-11dc-b82a-001a7036ebf4}]
\shell\AutoRun\command - K:\autorun.exe
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-07 19:04:59
Windows 6.0.6000 NTFS
scannen van verborgen processen ...
scannen van verborgen autostart items ...
scannen van verborgen bestanden ...
Scan succesvol afgerond
verborgen bestanden: 0
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Windows\system32\PnkBstrA.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\conime.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Grisoft\AVG7\avgcc.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\DllHost.exe
.
**************************************************************************
.
Voltooingstijd: 2008-04-07 19:07:07 - machine was rebooted
ComboFix-quarantined-files.txt 2008-04-07 17:07:02
Kan het bericht voor berichtnummer 0x2379 niet vinden in berichtenbestand voor Application.
Kan het bericht voor berichtnummer 0x2379 niet vinden in berichtenbestand voor Application.
.
2008-04-06 09:41:17 --- E O F ---
het log bestand van hijack ging niet zo als gewenst. hij gaf een fout melding, mischien kunt u met de bovenstaande gegevens genoeg.
met vriendelijke groet
bart
-
toen ik op msn zat vandaag keeg ik allmaal berichten : hey, is this really you :S .... en dan een link van een site.
hier heb ik de uitslagen van hijackthis;
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:14:16, on 6-4-2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16609)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Grisoft\AVG7\avgcc.exe
C:\Windows\System32\LVCOMSX.EXE
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Xfire\xfire.exe
C:\Program Files\Xfire\xfire.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil9e.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {68FE9A58-5DE4-4128-9BBE-40891FFAA88A} - C:\Windows\system32\yayxyxVP.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\Windows\JM\JMInsIDE.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [LVCOMSX] C:\Windows\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [Windows live Messenger] msn.com
O4 - HKLM\..\Run: [MSServer] rundll32.exe C:\Windows\system32\vtUlKCsS.dll,#1
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [MSServer] rundll32.exe C:\Users\guildman\AppData\Local\Temp\iifebARJ.dll,#1
O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Global Startup: Adobe Reader Snelle start.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O20 - Winlogon Notify: avgwlntf - C:\Windows\SYSTEM32\avgwlntf.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG7 Resident Shield Service (AvgCoreSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
--
End of file - 6875 bytes
zou iemand mij kunnen helpen met dit probleem?
met vriendelijke groet,
bart
msn virus
in Archief Bestrijding malware & virussen
Geplaatst:
het is nog steeds alles behalve goed, als ik opstart krijg ik weer dat ding van: C:windows/msn.com ofzo en daarna steeds van THREAT DETACTED enzo...
***** virussen.