Rookit.Agent

Paula46 · 4 juli 2010

hallo,

Ik krijg steeds de melding dat ik een trojan heb. Ik heb al Malware geinstalleerd en gescand. opnieuw opgestart, weer gescand en krijg toch nog steeds de melding. Ik plak dit hieronder. Ik heb een beetje verstand van computers, maar niet zo heel veel. Hoe krijg ik dit nu toch weg?

Ik heb al het forum gezocht, maar kom deze rookit nergens tegen.

Kunnen jullie helpen?

Alvast dank,

Paula

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org

Databaseversie: 4275

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

4-7-2010 22:31:41

mbam-log-2010-07-04 (22-31-41).txt

Scantype: Snelle scan

Objecten gescand: 128227

Verstreken tijd: 11 minuut/minuten, 59 seconde(n)

Geheugenprocessen geïnfecteerd: 0

Geheugenmodulen geïnfecteerd: 0

Registersleutels geïnfecteerd: 0

Registerwaarden geïnfecteerd: 0

Registerdata geïnfecteerd: 0

Mappen geïnfecteerd: 0

Bestanden geïnfecteerd: 1

Geheugenprocessen geïnfecteerd:

(Geen kwaadaardige objecten gedetecteerd)

Geheugenmodulen geïnfecteerd:

(Geen kwaadaardige objecten gedetecteerd)

Registersleutels geïnfecteerd:

(Geen kwaadaardige objecten gedetecteerd)

Registerwaarden geïnfecteerd:

(Geen kwaadaardige objecten gedetecteerd)

Registerdata geïnfecteerd:

(Geen kwaadaardige objecten gedetecteerd)

Mappen geïnfecteerd:

(Geen kwaadaardige objecten gedetecteerd)

Bestanden geïnfecteerd:

C:\WINDOWS\system32\drivers\sehat.sys (Rootkit.Agent) -> Delete on reboot.

misteragga · 4 juli 2010

Download HiJackThis

Dubbelklik op HJTInstall.exe

Hijackthis wordt nu op je PC geïnstalleerd, een snelkoppeling wordt op je bureaublad geplaatst.

HijackThis zal openen na het installeren.

Klik op "Do a systemscan and save a logfile".

Er opent een kladblokvenster, hou gelijktijdig de CTRL en A-toets ingedrukt, nu is alles geselecteerd. Hou gelijktijdig de CTRL en C-toets ingedrukt, nu is alles gekopieerd. Plak nu het HJT logje in je bericht door CTRL en V-toets.

N.B. : gebruikers van Windows Vista en Windows 7 zullen eerst moeten rechtsklikken op HijackThis.exe en dan kiezen voor "Run as Administrator".

Paula46 · 5 juli 2010

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 19:40:46, on 5-7-2010

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe

C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\AVG\AVG9\avgchsvx.exe

C:\Program Files\AVG\AVG9\avgrsx.exe

C:\Program Files\AVG\AVG9\avgcsrvx.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

C:\PROGRA~1\AVG\AVG9\avgtray.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe

C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\BitTorrent\bittorrent.exe

C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

C:\Program Files\BitDefender\BitDefender 2009\seccenter.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\AVG\AVG9\avgwdsvc.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\AVG\AVG9\avgnsx.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\System32\svchost.exe

C:\Program Files\CyberLink\Shared files\RichVideo.exe

C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe

C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe

C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Windows Live\Mail\wlmail.exe

C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe

C:\Program Files\Windows Live\Contacts\wlcomm.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\WINDOWS\system32\msiexec.exe

C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen

O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll

O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe

O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [Google Quick Search Box] "C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe" /autorun

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [bDAgent] "C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [bitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe"

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html

O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe

O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe

O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Toon of verberg HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab

O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} (Windows Live Hotmail Photo Upload Tool) - http://gfx1.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab

O16 - DPF: {EDFCB7CB-942C-4822-AF14-F0B687409848} (Image Uploader Control) - http://cache.hyves-static.net/statics/Aurigma/ImageUploader4.cab

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll

O20 - Winlogon Notify: avgrsstarter - avgrsstx.dll (file missing)

O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll

O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll

O23 - Service: Mobiel Apple apparaat (Apple Mobile Device) - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe

O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe

O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

O23 - Service: TomTomHOMEService - TomTom - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe

O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S. R. L. - C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe

--

End of file - 10481 bytes

---------- Post toegevoegd om 19:44 ---------- Vorige post was om 19:41 ----------

De AVG scan geeft overigens het volgende:

"C:\WINDOWS\System32\svchost.exe (252):\memory_00400000";"Trojaans paard Generic17.BEMO";"Object is niet toegankelijk."

"C:\WINDOWS\System32\svchost.exe (252)";"Trojaans paard Generic17.BEMO";""

kape · 5 juli 2010

Logje HijackThis levert geen merkbare problemen op. We gaan even dieper kijken ...

Download ComboFix van één van deze locaties:

Link 1

Link 2

* BELANGRIJK !!! Sla ComboFix.exe op je Bureaublad op

Lees hier meer over correct gebruik van Combofix.

Schakel alle antivirus- en antispywareprogramma's uit, want anders kunnen ze misschien conflicteren met ComboFix. Hier is een handleiding over hoe je ze kan uitschakelen: Klik hier Als het je niet lukt om ze uit te schakelen, ga dan gewoon door naar de volgende stap.

Dubbeklik op ComboFix.exe en volg de meldingen op het scherm.
ComboFix zal controleren of dat de Microsoft Windows Recovery Console reeds is geïnstalleerd. Als deze Recovery Console al is geïnstalleerd zal ComboFix automatisch verder gaan met het scannen naar malware
Volg anders de meldingen op het scherm om ComboFix de Microsoft Windows Recovery Console te laten downloaden en installeren. Wanneer de Recovery Console succesvol is geïnstalleerd, klik je op “JA” om verder te gaan met het scannen naar malware.

NOTA: Wanneer ComboFix start, kan het zijn dat je een foutmelding krijgt dat “De inhoud van het ComboFix pakket werd gewijzigd”. Ga dan niet verder met de instructies, maar download ComboFix opnieuw. Deze melding kan verschijnen wanneer een file-infector (Virut) actief is op de computer. Blijf je die melding krijgen dan meld je dit.

Wanneer ComboFix klaar is, zal het het een logbestand voor je maken. Post de inhoud van dit logbestand (te vinden als C:\ComboFix.txt) in je volgende bericht.

Paula46 · 6 juli 2010

Knap als je hier wijs uit wordt: Ik kreeg wel allemaal rare meldingen van .dll kon niet geladen worden ofzoiets. Daarna werd de computer opnieuw opgestart en ging het pas echt lopen. Ik kreeg onderstaande log:

ComboFix 10-07-05.03 - Rene 06-07-2010 17:27:49.2.2 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.31.1043.18.1278.751 [GMT 2:00]

Gestart vanuit: c:\documents and settings\Rene\Bureaublad\ComboFix.exe

AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\windows\system32\driVERs\sehat.sys

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

-------\Legacy_sehat

-------\Service_sehat

(((((((((((((((((((( Bestanden Gemaakt van 2010-06-06 to 2010-07-06 ))))))))))))))))))))))))))))))

.

2010-07-05 17:40 . 2010-07-05 17:40 388096 ----a-r- c:\documents and settings\Rene\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2010-07-05 17:40 . 2010-07-05 17:40 -------- d-----w- c:\program files\Trend Micro

2010-07-03 14:54 . 2010-07-03 15:33 -------- d-----w- C:\gekeken films

2010-06-30 15:35 . 2010-06-30 15:35 -------- d-----w- c:\documents and settings\Rene\Saved Games

2010-06-30 15:35 . 2010-06-30 15:35 -------- d-----w- c:\documents and settings\Rene\Application Data\Floodlight Games

2010-06-30 15:35 . 2010-06-30 15:35 -------- d-----w- c:\documents and settings\All Users\Application Data\Floodlight Games

2010-06-30 15:29 . 2010-06-30 15:29 -------- d-----w- c:\documents and settings\All Users\Application Data\Intenium

2010-06-28 20:30 . 2010-06-28 20:30 -------- d-----w- c:\program files\Sophos

2010-06-28 19:10 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-06-28 19:10 . 2010-06-28 19:10 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-06-28 19:10 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-06-26 16:28 . 2010-06-26 16:28 -------- d-----w- c:\documents and settings\Rene\Local Settings\Application Data\LostKing

2010-06-23 10:45 . 2010-06-23 10:45 501936 ----a-w- c:\documents and settings\All Users\Application Data\Google\Google Toolbar\Update\gtbEC.tmp.exe

2010-06-21 19:29 . 2010-06-21 19:29 -------- d-----w- c:\program files\iPod

2010-06-21 19:29 . 2010-06-21 19:30 -------- d-----w- c:\program files\iTunes

2010-06-21 19:03 . 2010-06-21 19:03 -------- d-----w- c:\program files\Bonjour

2010-06-21 18:58 . 2010-06-21 18:58 72504 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.2.0.61\SetupAdmin.exe

2010-06-21 18:57 . 2010-06-21 18:57 -------- d-----w- c:\program files\Safari

2010-06-21 18:50 . 2010-06-21 18:50 71992 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\Safari 5.33.16.0\SetupAdmin.exe

2010-06-20 18:10 . 2010-06-20 18:10 -------- d-----w- c:\documents and settings\Rene\Application Data\Malwarebytes

2010-06-20 18:10 . 2010-06-20 18:10 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2010-06-20 17:53 . 2010-06-20 17:53 798720 ---ha-w- C:\SZKGFS.dat

2010-06-20 17:36 . 2010-06-21 19:05 -------- d-----w- c:\documents and settings\All Users\Application Data\SITEguard

2010-06-20 17:35 . 2010-06-20 17:35 -------- d-----w- c:\program files\Common Files\iS3

2010-06-18 22:12 . 2010-06-18 22:12 -------- d-----w- c:\program files\Ballistik

2010-06-18 22:12 . 2010-06-18 22:12 -------- d-----w- c:\program files\Common Files\Sandlot Shared

2010-06-14 19:48 . 2010-06-14 19:48 -------- d-----w- c:\documents and settings\Rene\Application Data\Nokia Ovi Suite

2010-06-14 19:41 . 2010-06-14 19:48 -------- d-----w- c:\documents and settings\Rene\Local Settings\Application Data\Nokia

2010-06-14 19:40 . 2010-06-14 19:40 -------- d-----w- c:\documents and settings\Rene\Local Settings\Application Data\NokiaAccount

2010-06-14 19:19 . 2008-08-26 07:26 18816 ----a-w- c:\windows\system32\drivers\pccsmcfd.sys

2010-06-14 19:18 . 2010-06-14 19:18 -------- d-----w- c:\program files\PC Connectivity Solution

2010-06-14 19:17 . 2009-12-30 09:30 7936 ----a-w- c:\windows\system32\drivers\usbser_lowerfltj.sys

2010-06-14 19:17 . 2009-12-30 09:30 7936 ----a-w- c:\windows\system32\drivers\usbser_lowerflt.sys

2010-06-14 19:17 . 2009-12-30 09:30 22016 ----a-w- c:\windows\system32\drivers\ccdcmbo.sys

2010-06-14 19:17 . 2010-01-21 12:53 18048 ----a-w- c:\windows\system32\drivers\ccdcmb.sys

2010-06-14 19:17 . 2009-12-30 09:30 660480 ----a-w- c:\windows\system32\nmwcdcocls.dll

2010-06-14 19:17 . 2009-10-06 09:55 1112288 ----a-w- c:\windows\system32\wdfcoinstaller01007.dll

2010-06-14 19:14 . 2010-06-14 19:14 12212040 ----a-w- c:\documents and settings\All Users\Application Data\OviInstallerCache\{DEE1E2E5-B553-4F88-9DE7-23CBEA5D739C}\Installer\CommonCustomActions\WMFDist11-WindowsXP-X86-ENU.exe

2010-06-14 19:14 . 2010-06-14 19:14 13930312 ----a-w- c:\documents and settings\All Users\Application Data\OviInstallerCache\{DEE1E2E5-B553-4F88-9DE7-23CBEA5D739C}\Installer\CommonCustomActions\WMFDist11-WindowsXP-X64-ENU.exe

2010-06-14 19:14 . 2010-06-14 19:14 61440 ----a-w- c:\documents and settings\All Users\Application Data\OviInstallerCache\{DEE1E2E5-B553-4F88-9DE7-23CBEA5D739C}\Installer\CommonCustomActions\WMF11Runx86.exe

2010-06-14 19:14 . 2010-06-14 19:14 58880 ----a-w- c:\documents and settings\All Users\Application Data\OviInstallerCache\{DEE1E2E5-B553-4F88-9DE7-23CBEA5D739C}\Installer\CommonCustomActions\WMF11Runx64.exe

2010-06-14 19:14 . 2010-06-14 19:14 77824 ----a-w- c:\documents and settings\All Users\Application Data\OviInstallerCache\{DEE1E2E5-B553-4F88-9DE7-23CBEA5D739C}\Installer\CommonCustomActions\Run_XML6_SP1.exe

2010-06-14 19:14 . 2010-06-14 19:14 50000 ----a-w- c:\documents and settings\All Users\Application Data\OviInstallerCache\{DEE1E2E5-B553-4F88-9DE7-23CBEA5D739C}\Installer\CommonCustomActions\pcswpc.exe

2010-06-14 19:13 . 2010-06-14 19:10 98366952 ----a-w- c:\documents and settings\All Users\Application Data\OviInstallerCache\{DEE1E2E5-B553-4F88-9DE7-23CBEA5D739C}\Nokia_Ovi_Suite_PCS_Update.exe

2010-06-14 19:13 . 2010-06-14 19:13 -------- d-----w- c:\documents and settings\All Users\Application Data\OviInstallerCache

2010-06-11 16:11 . 2010-05-06 10:36 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-07-06 15:42 . 2009-05-14 20:03 -------- d-----w- c:\documents and settings\Rene\Application Data\BitTorrent

2010-07-06 15:37 . 2010-05-09 15:38 81984 ----a-w- c:\windows\system32\bdod.bin

2010-07-06 15:17 . 2010-03-06 18:39 -------- d-----w- c:\documents and settings\Rene\Application Data\HPAppData

2010-07-04 18:09 . 2010-05-10 17:00 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\HPAppData

2010-07-04 17:23 . 2009-11-21 11:41 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP

2010-07-04 13:04 . 2010-05-14 21:11 -------- d-----w- c:\documents and settings\Rene\Application Data\vlc

2010-07-03 14:51 . 2009-05-14 20:02 -------- d-----w- c:\program files\BitTorrent

2010-07-03 09:33 . 2001-09-07 14:00 91688 ----a-w- c:\windows\system32\perfc013.dat

2010-07-03 09:33 . 2001-09-07 14:00 511526 ----a-w- c:\windows\system32\perfh013.dat

2010-06-28 18:12 . 2010-03-06 18:31 -------- d-----w- c:\program files\HP

2010-06-28 17:36 . 2010-06-28 17:34 1016 ----a-w- c:\windows\system32\drivers\kgpcpy.cfg

2010-06-22 14:02 . 2009-05-14 20:53 -------- d-----w- c:\documents and settings\Rene\Application Data\Apple Computer

2010-06-21 19:29 . 2009-05-14 20:51 -------- d-----w- c:\program files\Common Files\Apple

2010-06-18 22:12 . 2010-04-02 14:38 -------- d-----w- c:\documents and settings\All Users\Application Data\Sandlot Games

2010-06-14 19:48 . 2010-03-13 15:16 -------- d-----w- c:\documents and settings\Rene\Application Data\Nokia

2010-06-14 19:48 . 2010-03-13 15:16 -------- d-----w- c:\documents and settings\Rene\Application Data\PC Suite

2010-06-14 19:21 . 2010-03-17 21:20 -------- d-----w- c:\program files\Common Files\Nokia

2010-06-14 19:19 . 2010-03-13 15:15 -------- d-----w- c:\program files\Nokia

2010-06-10 14:07 . 2010-02-27 12:40 -------- d-----w- c:\program files\Messenger Plus! Live

2010-06-09 21:18 . 2009-05-14 20:02 -------- d-----w- c:\documents and settings\Rene\Application Data\DNA

2010-06-09 12:25 . 2009-05-14 20:02 -------- d-----w- c:\program files\DNA

2010-06-03 16:17 . 2009-05-12 20:32 242896 ----a-w- c:\windows\system32\drivers\avgtdix.sys

2010-06-03 16:17 . 2009-05-12 20:32 29584 ----a-w- c:\windows\system32\drivers\avgmfx86.sys

2010-06-03 16:11 . 2010-06-03 16:11 -------- d-----w- c:\documents and settings\All Users\Application Data\Opwekking 2010

2010-06-03 16:11 . 2010-06-03 16:11 -------- d-----w- c:\program files\Opwekking 2010

2010-05-30 12:42 . 2010-03-14 16:54 -------- d-----w- c:\documents and settings\All Users\Application Data\AlawarWrapper

2010-05-21 08:16 . 2009-07-11 22:32 -------- d-----w- c:\program files\Common Files\Adobe

2010-05-18 14:35 . 2010-05-18 14:35 91424 ----a-w- c:\windows\system32\dnssd.dll

2010-05-18 14:35 . 2010-05-18 14:35 107808 ----a-w- c:\windows\system32\dns-sd.exe

2010-05-10 20:23 . 2010-05-10 20:23 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\PC Suite

2010-05-10 17:00 . 2010-05-10 17:00 -------- d-----w- c:\documents and settings\LocalService\Application Data\HPAppData

2010-05-09 15:38 . 2009-04-15 13:13 146312 ----a-w- c:\windows\system32\drivers\bdfm.sys

2010-05-09 15:33 . 2010-05-09 15:25 -------- d-----w- c:\documents and settings\All Users\Application Data\BitDefender

2010-05-09 15:26 . 2010-05-09 15:26 -------- d-----w- c:\documents and settings\Rene\Application Data\BitDefender

2010-05-09 15:25 . 2010-05-09 15:24 -------- d-----w- c:\program files\Common Files\BitDefender

2010-05-09 15:25 . 2010-05-09 15:25 -------- d-----w- c:\program files\BitDefender

2010-05-08 18:55 . 2010-05-08 17:14 -------- d-----w- c:\documents and settings\Rene\Application Data\QuickScan

2010-05-06 22:39 . 2010-05-08 17:14 701608 ----a-w- c:\documents and settings\Rene\Application Data\Mozilla\Firefox\Profiles\pc9ap6gs.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\components\qscanff.dll

2010-05-06 22:39 . 2010-05-08 17:14 865896 ----a-w- c:\documents and settings\Rene\Application Data\Mozilla\Firefox\Profiles\pc9ap6gs.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll

2010-05-06 10:37 . 2008-05-05 20:32 916480 ----a-w- c:\windows\system32\wininet.dll

2010-05-02 08:10 . 2008-04-14 20:05 1851392 ----a-w- c:\windows\system32\win32k.sys

2010-04-21 17:26 . 2009-05-12 20:32 216200 ----a-w- c:\windows\system32\drivers\avgldx86.sys

2010-04-21 17:26 . 2009-05-12 20:32 12464 ----a-w- c:\windows\system32\avgrsstx.dll

2010-04-20 05:35 . 2008-04-14 20:30 285696 ----a-w- c:\windows\system32\atmfd.dll

2010-04-16 06:33 . 2010-05-03 18:48 41472 ----a-w- c:\windows\system32\drivers\usbaapl.sys

2010-04-16 06:33 . 2009-05-14 20:51 3003680 ----a-w- c:\windows\system32\usbaaplrc.dll

2010-04-07 22:29 . 2010-04-07 22:29 1924976 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\install_flash_player.exe

2009-11-18 20:37 . 2009-11-18 20:37 50688 --sha-r- c:\windows\system32\itlvk.dll

2010-02-25 21:56 . 2009-11-21 14:24 1666592 --sha-w- c:\windows\system32\drivers\fidbox.dat

2010-02-25 21:56 . 2009-11-21 14:24 68640 --sha-w- c:\windows\system32\drivers\fidbox2.dat

.

------- Sigcheck -------

[-] 2008-05-05 . 497BEF5C5FAD126CA16437C1682F64EA . 1571840 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll

.

((((((((((((((((((((((((((((( SnapShot@2010-06-28_19.35.02 )))))))))))))))))))))))))))))))))))))))))

.

+ 2010-07-06 15:39 . 2010-07-06 15:39 16384 c:\windows\Temp\Perflib_Perfdata_a40.dat

+ 2001-09-07 14:00 . 2010-07-03 09:33 71846 c:\windows\system32\perfc009.dat

- 2001-09-07 14:00 . 2010-06-24 07:19 71846 c:\windows\system32\perfc009.dat

+ 2001-09-07 14:00 . 2010-07-03 09:33 443588 c:\windows\system32\perfh009.dat

- 2001-09-07 14:00 . 2010-06-24 07:19 443588 c:\windows\system32\perfh009.dat

+ 2008-03-20 16:06 . 2008-03-20 16:06 1480232 c:\windows\system32\LegitCheckControl.dll

+ 2010-07-05 17:40 . 2010-07-05 17:40 1094656 c:\windows\Installer\c6569.msi

+ 2010-06-20 08:01 . 2010-06-20 08:01 8040960 c:\windows\Installer\22871fc.msp

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-05-14 39408]

"BitTorrent"="c:\program files\BitTorrent\bittorrent.exe" [2010-03-05 654648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RTHDCPL"="RTHDCPL.EXE" [2006-01-11 15961088]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]

"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]

"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2010-06-03 2065248]

"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-04-13 47392]

"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]

"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2006-04-13 49152]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-06-15 141624]

"Google Quick Search Box"="c:\program files\Google\Quick Search Box\GoogleQuickSearchBox.exe" [2010-06-23 126976]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-03-17 421888]

"BDAgent"="c:\program files\BitDefender\BitDefender 2009\bdagent.exe" [2010-05-09 782336]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"nltide_2"="shell32" [X]

c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\

HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2009-5-21 275768]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]

2010-04-21 17:26 12464 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]

c:\windows\system32\dumprep 0 -k [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent]

2010-05-30 12:54 654648 ----a-w- d:\documents and settings\Downloads\BitTorrent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent DNA]

2009-11-16 18:22 323392 ----a-w- c:\program files\DNA\btdna.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]

2005-12-07 20:57 30208 -c----w- c:\program files\CyberLink\PowerDVD\PDVDServ.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=

"c:\\Program Files\\DNA\\btdna.exe"=

"d:\\serious\\Bin\\SeriousSam.exe"=

"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=

"c:\\Program Files\\ATI Technologies\\ATI.ACE\\CLI.exe"=

"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqcopy2.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfcCopy.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=

"c:\\Program Files\\Common Files\\HP\\Digital Imaging\\Bin\\hpqPhotoCrm.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgplgtupl.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgpc01.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgm.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgh.exe"=

"c:\\Program Files\\HP\\HP Software Update\\HPWUCli.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\smart web printing\\SmartWebPrintExe.exe"=

"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=

"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=

"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=

"d:\\Documents and Settings\\Downloads\\BitTorrent.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

"c:\\Program Files\\BitTorrent\\bittorrent.exe"=

R0 Vax347s;Vax347s;c:\windows\system32\drivers\Vax347s.sys [12-5-2009 22:22 5248]

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [12-5-2009 22:32 216200]

R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [12-5-2009 22:32 242896]

R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [21-4-2010 19:25 308064]

R2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [13-11-2009 13:31 92008]

R3 bdfm;BDFM;c:\windows\system32\drivers\bdfm.sys [15-4-2009 15:13 146312]

S0 kluygp;kluygp; [x]

S0 krspv;krspv; [x]

S0 kvtdbb;kvtdbb; [x]

S0 yczxh;yczxh; [x]

S0 yqcjuqkq;yqcjuqkq; [x]

S2 gupdate;Google Updateservice (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [25-2-2010 17:35 135664]

S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\4B.tmp --> c:\windows\system32\4B.tmp [?]

S4 Vax347b;Vax347b;c:\windows\system32\drivers\Vax347b.sys [12-5-2009 22:22 159616]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

bdx REG_MULTI_SZ scan

.

Inhoud van de 'Gedeelde Taken' map

2010-07-05 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]

2010-07-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-25 15:35]

2010-07-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-25 15:35]

2010-05-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1960408961-776561741-1177238915-1004UA.job

- c:\documents and settings\Rene\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-03-02 18:40]

2010-07-06 c:\windows\Tasks\OGALogon.job

- c:\windows\system32\OGAEXEC.exe [2009-08-03 14:07]

2010-07-05 c:\windows\Tasks\User_Feed_Synchronization-{7FDB7BDA-C03F-4FB5-A107-266548A7C145}.job

- c:\windows\system32\msfeedssync.exe [2008-05-05 03:31]

.

------- Bijkomende Scan -------

.

uStart Page = hxxp://www.google.nl/

uInternet Connection Wizard,ShellNext = iexplore

uInternet Settings,ProxyOverride = *.local

IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html

FF - ProfilePath - c:\documents and settings\Rene\Application Data\Mozilla\Firefox\Profiles\pc9ap6gs.default\

FF - prefs.js: browser.search.selectedEngine - Ask.com

FF - prefs.js: browser.startup.homepage - hxxp://www.google.nl/

FF - component: c:\documents and settings\Rene\Application Data\Mozilla\Firefox\Profiles\pc9ap6gs.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\FFExternalAlert.dll

FF - component: c:\documents and settings\Rene\Application Data\Mozilla\Firefox\Profiles\pc9ap6gs.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\RadioWMPCore.dll

FF - component: c:\documents and settings\Rene\Application Data\Mozilla\Firefox\Profiles\pc9ap6gs.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\components\qscanff.dll

FF - component: c:\program files\AVG\AVG9\Firefox\components\avgssff.dll

FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpClipBook.dll

FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpClipBookDB.dll

FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpNeoLogger.dll

FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSaturn.dll

FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSeymour.dll

FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSmartSelect.dll

FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSmartWebPrinting.dll

FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSWPOperation.dll

FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXPLogging.dll

FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXPMTC.dll

FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXPMTL.dll

FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXREStub.dll

FF - component: c:\program files\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension\components\FirefoxExtension.dll

FF - plugin: c:\documents and settings\Rene\Application Data\Mozilla\Firefox\Profiles\pc9ap6gs.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll

FF - plugin: c:\documents and settings\Rene\Local Settings\Application Data\Google\Update\1.2.183.23\npGoogleOneClick8.dll

FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll

FF - plugin: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\plugins\nphpclipbook.dll

FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----

c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);

c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);

c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");

c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);

c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);

.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover

Rootkit scan 2010-07-06 17:40

Windows 5.1.2600 Service Pack 3 NTFS

scannen van verborgen processen ...

scannen van verborgen autostart items ...

scannen van verborgen bestanden ...

Scan succesvol afgerond

verborgen bestanden: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MEMSWEEP2]

"ImagePath"="\??\c:\windows\system32\4B.tmp"

.

--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]

@Denied: (2) (LocalSystem)

"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,f4,0b,22,e8,1e,4c,be,4c,b7,da,37,\

"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,f4,0b,22,e8,1e,4c,be,4c,b7,da,37,\

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\€–}|ÿÿÿÿÀ•}|ù•9~*]

"3140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"

.

--------------------- DLLs Geladen Onder Lopende Processen ---------------------

- - - - - - - > 'winlogon.exe'(560)

c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(916)

c:\program files\Google\Quick Search Box\bin\1.2.1151.245\qsb.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\wpdshserviceobj.dll

c:\program files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll

c:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL

c:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_dut.nlr

c:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr

c:\windows\system32\portabledevicetypes.dll

c:\windows\system32\portabledeviceapi.dll

.

------------------------ Andere Aktieve Processen ------------------------

.

c:\windows\system32\Ati2evxx.exe

c:\program files\AVG\AVG9\avgchsvx.exe

c:\program files\AVG\AVG9\avgrsx.exe

c:\program files\AVG\AVG9\avgcsrvx.exe

c:\windows\system32\Ati2evxx.exe

c:\windows\RTHDCPL.EXE

c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\program files\Bonjour\mDNSResponder.exe

c:\program files\Java\jre6\bin\jqs.exe

c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

c:\program files\AVG\AVG9\avgnsx.exe

c:\program files\CyberLink\Shared files\RichVideo.exe

c:\program files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

c:\windows\system32\wscntfy.exe

c:\program files\iPod\bin\iPodService.exe

c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe

c:\program files\HP\Digital Imaging\bin\hpqbam08.exe

c:\program files\HP\Digital Imaging\bin\hpqgpc01.exe

.

**************************************************************************

.

Voltooingstijd: 2010-07-06 17:46:15 - machine werd herstart

ComboFix-quarantined-files.txt 2010-07-06 15:46

ComboFix2.txt 2010-06-28 19:39

Pre-Run: 8.471.236.608 bytes beschikbaar

Post-Run: 8.697.110.528 bytes beschikbaar

- - End Of File - - E84205885C95DC2897EC3B328B3AF795

kape · 6 juli 2010

Open een kladblokbestand.

Kopieer en plak daarin de onderstaande vetgedrukte tekst.

File::

c:\windows\system32\4B.tmp

c:\windows\system32\drivers\kgpcpy.cfg

C:\SZKGFS.dat

Driver::

kluygp

kgpcpy

kvtdbb

yczxh

yqcjuqkq

MEMSWEEP2

Registry::

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]

FireFox::

FF - ProfilePath - c:\documents and settings\Rene\Application Data\Mozilla\Firefox\Profiles\pc9ap6gs.default\

FF - prefs.js: browser.search.selectedEngine -

Sla dit bestand op je bureaublad op als CFScript.txt.

Sleep CFScript.txt in ComboFix.exe

Dit zal ComboFix doen herstarten. Start opnieuw op als dat gevraagd wordt.

Post na herstart de inhoud van de Combofix.txt in je volgende bericht samen met een nieuw logje van HijackThis.

Paula46 · 6 juli 2010

ComboFix 10-07-06.01 - Rene 06-07-2010 19:27:58.3.2 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.31.1043.18.1278.682 [GMT 2:00]

Gestart vanuit: c:\documents and settings\Rene\Bureaublad\ComboFix.exe

gebruikte Opdracht switches :: c:\documents and settings\Rene\Bureaublad\CFScript.txt

AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

FILE ::

"C:\SZKGFS.dat"

"c:\windows\system32\4B.tmp"

"c:\windows\system32\drivers\kgpcpy.cfg"

.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\SZKGFS.dat

c:\windows\system32\drivers\kgpcpy.cfg

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

-------\Legacy_MEMSWEEP2

-------\Service_kluygp

-------\Service_kvtdbb

-------\Service_MEMSWEEP2

-------\Service_yczxh

-------\Service_yqcjuqkq