Ga naar inhoud

Trojans: vooral vundo

Gast Naftrox

Door Gast Naftrox
in Archief Bestrijding malware & virussen

 Delen

Aanbevolen berichten

Gast Naftrox

Gast Naftrox

Geplaatst:
Geplaatst:

Combofix log:

ComboFix 08-05-08.1 - Gebruiker 2008-05-11 12:37:20.2 - NTFSx86

Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1043.18.1211 [GMT 2:00]

Gestart vanuit: C:\Users\Gebruiker\Desktop\ComboFix.exe

Command switches used :: C:\Users\Gebruiker\Desktop\CFScript.txt

* Nieuw herstelpunt werd aangemaakt

.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\ProgramData\fgtwrkro

C:\ProgramData\fgtwrkro\dktmbcpe.exe

C:\ProgramData\hjwpkqkn

C:\ProgramData\hjwpkqkn\nqpcvwni.exe

.

(((((((((((((((((((( Bestanden Gemaakt van 2008-04-11 to 2008-05-11 ))))))))))))))))))))))))))))))

.

Geen nieuwe bestanden aangemaakt in deze periode

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-05-11 10:32 --------- d-----w C:\Users\Gebruiker\AppData\Roaming\Skype

2008-05-11 10:31 --------- d-----w C:\Users\Gebruiker\AppData\Roaming\skypePM

2008-05-11 10:30 --------- d-----w C:\Users\Gebruiker\AppData\Roaming\WTablet

2008-05-09 20:24 --------- d-----w C:\Program Files\Trend Micro

2008-05-09 19:48 --------- d-----w C:\Program Files\Exterminate It!

2008-05-09 16:38 --------- d-----w C:\ProgramData\Spybot - Search & Destroy

2008-05-09 16:00 --------- d-----w C:\Program Files\Norton Security Scan

2008-05-09 15:55 --------- d-----w C:\Program Files\Spybot - Search & Destroy

2008-05-07 20:34 --------- d-----w C:\Program Files\CCleaner

2008-05-06 15:28 --------- d-----w C:\Users\Gebruiker\AppData\Roaming\LimeWire

2008-05-05 20:23 --------- d-----w C:\Program Files\Steam

2008-05-03 07:33 --------- d-----w C:\Program Files\Common Files\Symantec Shared

2008-05-02 15:16 --------- d-----w C:\ProgramData\TrackMania

2008-05-02 14:23 --------- d-----w C:\Program Files\Common Files\Steam

2008-04-30 09:29 --------- d-----w C:\Users\Gebruiker\AppData\Roaming\Steinberg

2008-04-30 09:21 --------- d-----w C:\Program Files\Syncrosoft

2008-04-29 18:24 --------- d-----w C:\Program Files\iPod

2008-04-28 19:39 --------- d-----w C:\Program Files\LimeWire

2008-04-26 18:03 --------- d-----w C:\Program Files\PortTrigger

2008-04-25 16:45 --------- d-----w C:\Program Files\Valve

2008-04-25 16:37 --------- d-----w C:\Program Files\PFConfig

2008-04-19 12:50 --------- d-----w C:\ProgramData\Apple Computer

2008-04-19 12:50 --------- d-----w C:\Program Files\QuickTime

2008-04-19 12:46 --------- d-----w C:\Program Files\Common Files\Apple

2008-04-19 12:45 --------- d-----w C:\ProgramData\Apple

2008-04-19 12:45 --------- d-----w C:\Program Files\Apple Software Update

2008-04-14 16:25 --------- d-----w C:\Program Files\Native Instruments

2008-04-10 10:04 --------- d-----w C:\ProgramData\Microsoft Help

2008-04-06 18:26 --------- d-----w C:\Program Files\vixy.net

2008-04-04 16:01 --------- d-----w C:\ProgramData\Symantec

2008-03-29 17:32 50,768 ----a-w C:\Windows\system32\drivers\aswMonFlt.sys

2008-03-29 12:12 --------- d-----w C:\Program Files\VTFEdit

2008-03-28 20:50 --------- d-----w C:\Program Files\Guitar Pro 5

2008-03-27 19:53 --------- d-----w C:\Users\Gebruiker\AppData\Roaming\AccurateRip

2008-03-27 19:53 --------- d-----w C:\Program Files\Illustrate

2008-03-27 19:52 4,230,520 ----a-w C:\Windows\System32\SpoonUninstall.exe

2008-03-25 22:50 --------- d-----w C:\Users\Gebruiker\AppData\Roaming\Xfire

2008-03-25 17:31 --------- d-----w C:\Program Files\GCFScape

2008-03-25 06:24 --------- d-----w C:\Program Files\Java

2008-03-25 06:14 --------- d-----w C:\ProgramData\Xfire

2008-03-24 09:39 --------- d-s---w C:\Program Files\Xfire

2008-03-22 20:28 --------- d--h--w C:\Program Files\InstallShield Installation Information

2008-03-22 20:28 --------- d-----w C:\Program Files\PENDULO Studios

2008-03-22 20:28 --------- d-----w C:\Program Files\Common Files\InstallShield

2008-03-21 22:14 41,296 ----a-w C:\Windows\System32\xfcodec.dll

2008-03-19 20:27 32 ----a-w C:\Users\All Users\ezsid.dat

2008-03-19 20:27 32 ----a-w C:\ProgramData\ezsid.dat

2008-03-19 20:26 --------- d-----w C:\Program Files\Common Files\Skype

2008-03-17 18:34 --------- d-----w C:\ProgramData\OrbNetworks

2008-03-17 18:34 --------- d-----w C:\Program Files\Winamp Remote

2008-03-17 18:34 --------- d-----w C:\Program Files\Winamp

2008-02-29 06:51 19,000 ----a-w C:\Windows\System32\kd1394.dll

2008-02-29 06:39 40,960 ----a-w C:\Windows\System32\srclient.dll

2008-02-29 06:39 371,712 ----a-w C:\Windows\System32\srcore.dll

2008-02-29 06:38 313,856 ----a-w C:\Windows\System32\rstrui.exe

2008-02-29 06:38 16,384 ----a-w C:\Windows\System32\srdelayed.exe

2008-02-29 06:35 6,656 ----a-w C:\Windows\System32\kbd106n.dll

2008-02-29 06:34 7,168 ----a-w C:\Windows\System32\f3ahvoas.dll

2008-02-29 04:16 2,027,008 ----a-w C:\Windows\System32\win32k.sys

2008-02-21 04:43 826,368 ----a-w C:\Windows\System32\wininet.dll

2008-02-21 04:43 56,320 ----a-w C:\Windows\System32\iesetup.dll

2008-02-21 04:43 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll

2008-02-21 04:43 296,448 ----a-w C:\Windows\System32\gdi32.dll

2008-02-21 04:43 26,624 ----a-w C:\Windows\System32\ieUnatt.exe

2008-02-19 05:10 620,088 ----a-w C:\Windows\System32\ci.dll

2008-02-14 23:19 944,184 ----a-w C:\Windows\System32\winload.exe

2008-02-13 11:20 194,560 ----a-w C:\Windows\System32\WebClnt.dll

2008-02-13 11:17 24,064 ----a-w C:\Windows\System32\netcfg.exe

2008-02-13 11:17 22,016 ----a-w C:\Windows\System32\netiougc.exe

2008-02-13 11:17 167,424 ----a-w C:\Windows\System32\tcpipcfg.dll

2007-12-01 21:10 32 ----a-r C:\Users\All Users\hash.dat

2007-12-01 21:10 32 ----a-r C:\ProgramData\hash.dat

2007-11-14 13:16 22,328 ----a-w C:\Users\Gebruiker\AppData\Roaming\PnkBstrK.sys

2007-09-24 16:09 174 --sha-w C:\Program Files\desktop.ini

2007-02-14 12:44 16,384 --sha-w C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

2007-02-14 12:44 32,768 --sha-w C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

2007-02-14 12:44 16,384 --sha-w C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

.

------- Sigcheck -------

.

((((((((((((((((((((((((((((( snapshot@2008-05-11_ 0.24.42.56 )))))))))))))))))))))))))))))))))))))))))

.

- 2008-05-10 22:14:48 67,584 --s-a-w C:\Windows\bootstat.dat

+ 2008-05-11 10:30:30 67,584 --s-a-w C:\Windows\bootstat.dat

- 2008-05-10 22:14:49 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

+ 2008-05-11 10:30:31 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

- 2008-05-10 22:14:49 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

+ 2008-05-11 10:30:31 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

- 2008-05-10 22:17:18 262,144 ----a-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\usrclass.dat

+ 2008-05-11 10:32:25 262,144 ----a-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\usrclass.dat

- 2008-05-10 22:16:24 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT

+ 2008-05-11 10:32:16 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT

+ 2008-05-11 10:32:16 262,144 ---ha-w C:\Windows\ServiceProfiles\LocalService\ntuser.dat.LOG1

- 2008-05-10 22:18:07 262,144 ----a-w C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\usrclass.dat

+ 2008-05-11 10:36:59 262,144 ----a-w C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\usrclass.dat

- 2008-05-10 22:16:19 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT

+ 2008-05-11 10:32:01 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT

+ 2008-05-11 10:32:01 262,144 ---ha-w C:\Windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1

- 2008-05-10 22:16:17 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2008-05-11 10:33:17 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

- 2008-05-10 22:16:17 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

+ 2008-05-11 10:33:17 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

- 2008-05-10 22:16:17 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2008-05-11 10:33:17 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

- 2008-05-10 22:16:49 10,602 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2831126360-3067595735-2219411047-1000_UserData.bin

+ 2008-05-11 10:32:20 10,602 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2831126360-3067595735-2219411047-1000_UserData.bin

- 2008-05-10 22:16:49 63,544 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin

+ 2008-05-11 10:32:20 63,544 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin

- 2008-05-10 22:16:48 48,362 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin

+ 2008-05-11 10:32:18 48,370 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

REGEDIT4

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{03AB0955-35A4-4460-85F5-D22136FEFA04}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{097EA6AB-BD49-4F9B-9158-D66C8112F291}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6D32261F-5293-4225-B49F-262A31523A41}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{94BCDF34-583C-4DB4-A8DD-BFC884161EBF}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D70C192A-1617-48F8-A3CA-F41157BC2E3C}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-09 13:01 1232896]

"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 12:34 5724184]

"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 14:35 125440]

"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2008-02-01 18:22 21898024]

"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2007-10-18 10:42 171448]

"Orb"="C:\Program Files\Winamp Remote\bin\OrbTray.exe" [2008-01-07 22:02 495616]

"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]

"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 14:36 201728]

"MSServer"="C:\Users\GEBRUI~1\AppData\Local\Temp\xxywXOhF.dll" [ ]

"cmds"="C:\Users\GEBRUI~1\AppData\Local\Temp\byXPHaBU.dll" [2008-05-08 20:28 274944]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2007-09-24 17:59 1006264]

"NeroFilterCheck"="C:\Windows\system32\NeroCheck.exe" [2001-07-09 11:50 155648]

"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-01-23 16:44 101136 C:\Windows\KHALMNPR.Exe]

"LogitechCommunicationsManager"="C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-01-12 04:09 488984]

"LVCOMSX"="C:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exe" [2007-01-12 04:12 244512]

"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-01-23 16:44 101136 C:\Windows\KHALMNPR.Exe]

"AGEIA PhysX SysTray"="C:\Program Files\AGEIA Technologies\TrayIcon.exe" [2006-03-20 21:43 331776]

"IntelAudioStudio"="C:\Program Files\Intel Audio Studio\IntelAudioStudio.exe" [2006-06-07 18:11 9129984]

"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784]

"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-03-29 19:37 79224]

"Launch LGDCore"="C:\Program Files\Logitech\G-series Software\LGDCore.exe" [2006-03-06 17:31 1122304]

"Launch LCDMon"="C:\Program Files\Logitech\G-series Software\LCDMon.exe" [2006-03-06 17:14 497152]

"NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-12-11 18:06 86016]

"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-12-11 18:06 8530464]

"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-12-11 18:06 81920]

"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]

"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-03-28 23:37 413696]

"H2O"="C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe" [2005-10-23 00:00 385024]

"MSConfig"="C:\Windows\system32\msconfig.exe" [2006-11-02 11:45 222208]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"IETI"="C:\Program Files\Skype\Phone\IEPlugin\unins000.exe" [ ]

C:\Users\Gebruiker\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 20:16:50 113664]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\

hpoddt01.exe.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [2003-04-06 02:06:58 28672]

Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2007-02-07 11:09:12 688128]

WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK.EXE [2007-11-30 12:10:00 394856]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"VIDC.XFR1"= xfcodec.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]

"{1A8D36FA-8CE3-4FEC-B69B-C912C7999EAA}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote

"{C87DB5E4-2227-4CAE-B52C-2483E4D773C6}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote

"TCP Query User{8572DDA9-F6B4-4473-8A6A-279D472979B6}C:\\program files\\ubisoft\\ghost recon advanced warfighter\\graw.exe"= UDP:C:\program files\ubisoft\ghost recon advanced warfighter\graw.exe:GRAW

"UDP Query User{5EC14AB4-C99E-487D-BEC5-622B873195B1}C:\\program files\\ubisoft\\ghost recon advanced warfighter\\graw.exe"= TCP:C:\program files\ubisoft\ghost recon advanced warfighter\graw.exe:GRAW

"TCP Query User{4396441A-4E94-4741-8FF4-12E6363B6A0B}C:\\program files\\steam\\steamapps\\nick666666\\counter-strike source\\hl2.exe"= UDP:C:\program files\steam\steamapps\nick666666\counter-strike source\hl2.exe:hl2

"UDP Query User{E4BBC0E5-76EA-41CB-87DF-E5DECD5DF687}C:\\program files\\steam\\steamapps\\nick666666\\counter-strike source\\hl2.exe"= TCP:C:\program files\steam\steamapps\nick666666\counter-strike source\hl2.exe:hl2

"TCP Query User{AA7CDB95-BEBF-40C0-A08C-1862FB4857D5}C:\\program files\\xfire\\xfire.exe"= UDP:C:\program files\xfire\xfire.exe:Xfire

"UDP Query User{70A9E81E-DADC-4499-87B8-078C5939137F}C:\\program files\\xfire\\xfire.exe"= TCP:C:\program files\xfire\xfire.exe:Xfire

"TCP Query User{17D16367-047A-40D4-BCAE-1E14A0E7A1B6}C:\\program files\\xfire\\xfire.exe"= UDP:C:\program files\xfire\xfire.exe:Xfire

"UDP Query User{20A171BA-C8CF-4CA4-B82C-FD91FAC173EB}C:\\program files\\xfire\\xfire.exe"= TCP:C:\program files\xfire\xfire.exe:Xfire

"TCP Query User{5E09A163-55AD-4E65-A05A-7A8F872D4360}C:\\program files\\soulseek\\slsk.exe"= UDP:C:\program files\soulseek\slsk.exe:SoulSeek

"UDP Query User{D730F156-2745-4213-8E92-6CFB92EDBCFF}C:\\program files\\soulseek\\slsk.exe"= TCP:C:\program files\soulseek\slsk.exe:SoulSeek

"TCP Query User{87E64911-8D47-4514-971E-7965FB85BEF7}C:\\program files\\itunes\\itunes.exe"= UDP:C:\program files\itunes\itunes.exe:iTunes

"UDP Query User{47F59B95-484C-4389-BA16-1A32D5161B23}C:\\program files\\itunes\\itunes.exe"= TCP:C:\program files\itunes\itunes.exe:iTunes

"TCP Query User{52AC91C3-AA89-4179-934A-56807B6E75EC}C:\\program files\\skype\\phone\\skype.exe"= UDP:C:\program files\skype\phone\skype.exe:Skype. Take a deep breath

"UDP Query User{950A01E9-40D4-4B7C-8E41-9973E89A63F5}C:\\program files\\skype\\phone\\skype.exe"= TCP:C:\program files\skype\phone\skype.exe:Skype. Take a deep breath

"{EBEECBFF-02BF-417E-A65A-C6E01A96A74B}"= UDP:C:\Program Files\EA GAMES\Battlefield 2\BF2.exe:Battlefield 2

"{64F8D304-B67D-4DF8-8B1D-2361EC0D0331}"= TCP:C:\Program Files\EA GAMES\Battlefield 2\BF2.exe:Battlefield 2

"TCP Query User{35257F3B-9EFB-42D6-9F61-DE389F7E3D35}C:\\program files\\gadu-gadu\\gg.exe"= UDP:C:\program files\gadu-gadu\gg.exe:Gadu-Gadu - program glówny

"UDP Query User{AC6090B9-26DE-4462-9E4F-0F51F8CE3183}C:\\program files\\gadu-gadu\\gg.exe"= TCP:C:\program files\gadu-gadu\gg.exe:Gadu-Gadu - program glówny

"TCP Query User{B3008EE7-A7BA-470A-9BAB-191DF84E5BCD}C:\\program files\\mozilla firefox\\firefox.exe"= UDP:C:\program files\mozilla firefox\firefox.exe:Firefox

"UDP Query User{43B5EE16-D133-4E29-8B06-91FC329128F2}C:\\program files\\mozilla firefox\\firefox.exe"= TCP:C:\program files\mozilla firefox\firefox.exe:Firefox

"TCP Query User{EDBE7D4E-ABD8-4978-AD55-BB22E0AC19DA}C:\\program files\\steam\\steamapps\\nick666666\\the ship\\ship.exe"= UDP:C:\program files\steam\steamapps\nick666666\the ship\ship.exe:ship

"UDP Query User{A9AE29FD-9BED-4695-BC21-73CAE93896F5}C:\\program files\\steam\\steamapps\\nick666666\\the ship\\ship.exe"= TCP:C:\program files\steam\steamapps\nick666666\the ship\ship.exe:ship

"{5E181511-B339-4D52-93EF-9AA75297CE79}"= UDP:C:\Program Files\Steam\Steam.exe:Steam

"{042AD0FA-8595-4F8C-BE6A-9EFFFD94C43F}"= TCP:C:\Program Files\Steam\Steam.exe:Steam

"TCP Query User{4B39252F-D558-41EC-A47D-2B8000E0045F}C:\\program files\\steam\\steamapps\\nick666666\\counter-strike source\\hl2.exe"= UDP:C:\program files\steam\steamapps\nick666666\counter-strike source\hl2.exe:hl2

"UDP Query User{7C80BD88-7A40-430F-B688-4515BE0DCCEA}C:\\program files\\steam\\steamapps\\nick666666\\counter-strike source\\hl2.exe"= TCP:C:\program files\steam\steamapps\nick666666\counter-strike source\hl2.exe:hl2

"{B5DF3C23-6FAE-4A24-BBC1-73789BCECF9D}"= UDP:C:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\Crysis.exe:Crysis_32

"{940BE13C-B67D-4128-9BF7-A54B3FD9F880}"= TCP:C:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\Crysis.exe:Crysis_32

"{F5B2E5CA-FD8D-4BB5-B7E4-1B95D9EB2534}"= UDP:C:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\CrysisDedicatedServer.exe:CrysisDedicatedServer_32

"{ECE2F229-2FF8-46C7-9FBB-23809E484BF0}"= TCP:C:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\CrysisDedicatedServer.exe:CrysisDedicatedServer_32

"{31227CFE-36D7-47B2-998C-059520D40630}"= UDP:C:\Windows\System32\PnkBstrA.exe:PnkBstrA

"{6C550B3C-1822-44D0-8C72-F8AE4216118A}"= TCP:C:\Windows\System32\PnkBstrA.exe:PnkBstrA

"{D17637C9-F640-4C8C-B672-5D6DA93043F5}"= UDP:C:\Windows\System32\PnkBstrB.exe:PnkBstrB

"{1D77289A-F01A-491E-B30D-3734FD81298C}"= TCP:C:\Windows\System32\PnkBstrB.exe:PnkBstrB

"{BB403085-076C-45B0-AE3C-633A5DD2DBB9}"= UDP:C:\Program Files\Frets on Fire\FretsOnFire.exe:Frets on Fire

"{D9262D7A-275E-4233-98B4-9EF6C4C55D04}"= TCP:C:\Program Files\Frets on Fire\FretsOnFire.exe:Frets on Fire

"TCP Query User{5AA0A669-391C-4A0D-80FF-93A3BF81FDD4}C:\\program files\\steam\\steamapps\\nick666666\\counter-strike\\hl.exe"= UDP:C:\program files\steam\steamapps\nick666666\counter-strike\hl.exe:Half-Life Launcher

"UDP Query User{FB44FEF9-F046-4AF6-B67F-A332825C0377}C:\\program files\\steam\\steamapps\\nick666666\\counter-strike\\hl.exe"= TCP:C:\program files\steam\steamapps\nick666666\counter-strike\hl.exe:Half-Life Launcher

"{43F8661C-8EDA-4BF1-8430-6C3B423B17C1}"= UDP:C:\Program Files\Sports Interactive\Football Manager 2008\fm.exe:Football Manager 2008

"{536B068E-C8AD-4555-B800-80B1520253ED}"= TCP:C:\Program Files\Sports Interactive\Football Manager 2008\fm.exe:Football Manager 2008

"TCP Query User{316CB0B9-1D77-462A-94F0-6305A72D73D4}C:\\softimage\\xsi_6_mod_tool\\application\\bin\\xsi.exe"= UDP:C:\softimage\xsi_6_mod_tool\application\bin\xsi.exe:XSI

"UDP Query User{1E2169F9-8345-4395-B2C7-9DC3AB8BA376}C:\\softimage\\xsi_6_mod_tool\\application\\bin\\xsi.exe"= TCP:C:\softimage\xsi_6_mod_tool\application\bin\xsi.exe:XSI

"TCP Query User{063545B5-9374-44D2-90C1-AF7D12B03D30}C:\\program files\\steam\\steamapps\\yamayamauchiman\\counter-strike source\\hl2.exe"= UDP:C:\program files\steam\steamapps\yamayamauchiman\counter-strike source\hl2.exe:hl2

"UDP Query User{01DE6D03-69DB-4B5C-BA88-8667C30FB5E8}C:\\program files\\steam\\steamapps\\yamayamauchiman\\counter-strike source\\hl2.exe"= TCP:C:\program files\steam\steamapps\yamayamauchiman\counter-strike source\hl2.exe:hl2

"TCP Query User{602A9105-9282-414A-86AA-B457BBFA8ED0}C:\\program files\\steam\\steamapps\\nick666666\\half-life 2 deathmatch\\hl2.exe"= UDP:C:\program files\steam\steamapps\nick666666\half-life 2 deathmatch\hl2.exe:hl2

"UDP Query User{FA60463A-960E-4F7B-832C-1C8714B33535}C:\\program files\\steam\\steamapps\\nick666666\\half-life 2 deathmatch\\hl2.exe"= TCP:C:\program files\steam\steamapps\nick666666\half-life 2 deathmatch\hl2.exe:hl2

"TCP Query User{211CB6D8-6FF8-40FA-903B-34552DD904C1}C:\\program files\\steam\\steamapps\\nick666666\\source sdk base\\hl2.exe"= UDP:C:\program files\steam\steamapps\nick666666\source sdk base\hl2.exe:hl2

"UDP Query User{F5791B61-4601-4B09-8723-FB82216AD45A}C:\\program files\\steam\\steamapps\\nick666666\\source sdk base\\hl2.exe"= TCP:C:\program files\steam\steamapps\nick666666\source sdk base\hl2.exe:hl2

"TCP Query User{5DBF91F7-AEA9-4908-BF5D-3812EB10FCB4}C:\\program files\\steam\\steamapps\\nick666666\\condition zero deleted scenes\\hl.exe"= UDP:C:\program files\steam\steamapps\nick666666\condition zero deleted scenes\hl.exe:Half-Life Launcher

"UDP Query User{C6E4164D-C1D4-4005-A040-FDA0E91ACB17}C:\\program files\\steam\\steamapps\\nick666666\\condition zero deleted scenes\\hl.exe"= TCP:C:\program files\steam\steamapps\nick666666\condition zero deleted scenes\hl.exe:Half-Life Launcher

"{EAC02982-0D55-4960-A77E-B7F972B22110}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)

"TCP Query User{C2B77459-6683-43B5-89D3-727092769F60}C:\\program files\\soulseek\\slsk.exe"= UDP:C:\program files\soulseek\slsk.exe:SoulSeek

"UDP Query User{0466222E-E6D0-4E99-B246-D90F12A2D333}C:\\program files\\soulseek\\slsk.exe"= TCP:C:\program files\soulseek\slsk.exe:SoulSeek

"{F36D4ADC-A766-456C-B68A-56ECB8D1EF1D}"= UDP:C:\Program Files\Winamp Remote\bin\Orb.exe:Orb

"{9B3A8E2C-63A8-40FD-B9FF-CDFDB1AD3278}"= TCP:C:\Program Files\Winamp Remote\bin\Orb.exe:Orb

"{ACB9517D-C069-4378-B746-F619EA2ACF55}"= UDP:C:\Program Files\Winamp Remote\bin\OrbTray.exe:OrbTray

"{0496D2C2-AE75-43AE-8749-3B2234D83776}"= TCP:C:\Program Files\Winamp Remote\bin\OrbTray.exe:OrbTray

"{FA999F59-A181-4ED7-88F1-78C293850EBA}"= UDP:C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe:Orb Stream Client

"{C4E7A534-7389-49F4-929F-FFD4FA930610}"= TCP:C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe:Orb Stream Client

"TCP Query User{07AF5DB2-E500-45E0-9CBD-7C69FAA103AD}C:\\program files\\steam\\steamapps\\common\\trackmania nations forever\\tmforever.exe"= UDP:C:\program files\steam\steamapps\common\trackmania nations forever\tmforever.exe:TmForever

"UDP Query User{59CD94CA-FF0C-4814-858B-128524C435B5}C:\\program files\\steam\\steamapps\\common\\trackmania nations forever\\tmforever.exe"= TCP:C:\program files\steam\steamapps\common\trackmania nations forever\tmforever.exe:TmForever

"TCP Query User{059158A1-EBC1-4E9B-8E0D-E948990C2502}C:\\program files\\limewire\\limewire.exe"= UDP:C:\program files\limewire\limewire.exe:LimeWire

"UDP Query User{9D39BD15-C186-4E5D-A72D-910D16A19CB6}C:\\program files\\limewire\\limewire.exe"= TCP:C:\program files\limewire\limewire.exe:LimeWire

"TCP Query User{C38A28B5-1507-442F-9CFE-CCB61FD607F2}C:\\program files\\steam\\steamapps\\nick666666\\source dedicated server\\srcds.exe"= UDP:C:\program files\steam\steamapps\nick666666\source dedicated server\srcds.exe:srcds

"UDP Query User{D3674341-A844-4496-84A2-4BE10D301BB8}C:\\program files\\steam\\steamapps\\nick666666\\source dedicated server\\srcds.exe"= TCP:C:\program files\steam\steamapps\nick666666\source dedicated server\srcds.exe:srcds

"TCP Query User{E6A315A5-E35C-4FC0-A399-1B8B990E5B2F}C:\\srcds\\srcds.exe"= UDP:C:\srcds\srcds.exe:srcds

"UDP Query User{F0F87535-65E4-4C5D-98A2-B8F216169B29}C:\\srcds\\srcds.exe"= TCP:C:\srcds\srcds.exe:srcds

"{489AC6C2-6CE3-4A31-9362-5BF756451D06}"= TCP:27015:CSS1

"{ED9011AB-1AEA-438E-A23C-F34246F7C76A}"= UDP:27015:CSS2

"TCP Query User{D31A81D2-6311-4159-B2A7-E7D84E5686D9}C:\\program files\\steam\\steamapps\\nick666666\\team fortress 2\\hl2.exe"= UDP:C:\program files\steam\steamapps\nick666666\team fortress 2\hl2.exe:hl2

"UDP Query User{87F324CC-58FE-409A-BAF0-011F7CE2B57A}C:\\program files\\steam\\steamapps\\nick666666\\team fortress 2\\hl2.exe"= TCP:C:\program files\steam\steamapps\nick666666\team fortress 2\hl2.exe:hl2

"{6FFFC489-F3C8-4BDC-9131-B048C8707EEA}"= UDP:C:\Program Files\Winamp Remote\bin\OrbIR.exe:OrbIR

"{A41A6806-8362-480D-B437-D025CC41A71A}"= TCP:C:\Program Files\Winamp Remote\bin\OrbIR.exe:OrbIR

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]

"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

R0 AFS;AFS;C:\Windows\system32\drivers\AFS.sys [2007-02-13 13:03]

R1 aswSP;avast! Self Protection;C:\Windows\system32\drivers\aswSP.sys [2008-03-29 19:31]

R2 aswFsBlk;aswFsBlk;C:\Windows\system32\DRIVERS\aswFsBlk.sys [2008-03-29 19:35]

R2 aswMonFlt;aswMonFlt;C:\Windows\system32\DRIVERS\aswMonFlt.sys [2008-03-29 19:32]

R3 CLEDX;Team H2O CLEDX service;C:\Windows\system32\DRIVERS\cledx.sys [2005-05-09 20:08]

R3 wacommousefilter;Wacom Mouse Filter Driver;C:\Windows\system32\DRIVERS\wacommousefilter.sys [2007-02-16 11:12]

R3 wacomvhid;Wacom Virtual Hid Driver;C:\Windows\system32\DRIVERS\wacomvhid.sys [2007-02-16 10:30]

R3 WacomVKHid;Virtual Keyboard Driver;C:\Windows\system32\DRIVERS\WacomVKHid.sys [2007-02-15 16:11]

S3 Steam Client Service;Steam Client Service;C:\Program Files\Common Files\Steam\SteamService.exe [2008-05-02 11:54]

.

Inhoud van de 'Gedeelde Taken' map

"2008-05-09 16:00:14 C:\Windows\Tasks\Norton Security Scan.job"

- C:\Program Files\Norton Security Scan\Nss.exe

.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-05-11 12:40:15

Windows 6.0.6000 NTFS

scannen van verborgen processen ...

scannen van verborgen autostart items ...

scannen van verborgen bestanden ...

Scan succesvol afgerond

verborgen bestanden: 0

**************************************************************************

.

Voltooingstijd: 2008-05-11 12:41:29

ComboFix-quarantined-files.txt 2008-05-11 10:41:04

ComboFix2.txt 2008-05-10 22:25:22

Kan het bericht voor berichtnummer 0x2379 niet vinden in berichtenbestand voor Application.

Kan het bericht voor berichtnummer 0x2379 niet vinden in berichtenbestand voor Application.

289 --- E O F --- 2008-05-09 07:26:35

Hijackthis log:

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 12:43:15, on 11/05/2008

Platform: Windows Vista (WinNT 6.00.1904)

MSIE: Internet Explorer v7.00 (7.00.6000.16643)

Boot mode: Normal

Running processes:

C:\Windows\system32\taskeng.exe

C:\Windows\SYSTEM32\WISPTIS.EXE

C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe

C:\Windows\system32\Dwm.exe

C:\Program Files\Windows Defender\MSASCui.exe

C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe

C:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exe

C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe

C:\Program Files\Alwil Software\Avast4\ashDisp.exe

C:\Program Files\Logitech\G-series Software\LGDCore.exe

C:\Program Files\Logitech\G-series Software\LCDMon.exe

C:\Program Files\Syncrosoft\POS\H2O\cledx.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\Windows\ehome\ehtray.exe

C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\Program Files\Logitech\SetPoint\SetPoint.exe

C:\Program Files\WinZip\WZQKPICK.EXE

C:\Windows\ehome\ehmsas.exe

C:\Windows\system32\WTablet\TabUserW.exe

C:\Program Files\Logitech\G-series Software\Applets\LCDPop3\LCDPOP3.exe

C:\Program Files\Logitech\G-series Software\Applets\LCDClock.exe

C:\Program Files\Logitech\G-series Software\Applets\LCDMedia.exe

C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE

C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe

C:\Windows\system32\conime.exe

C:\Windows\Explorer.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com

O1 - Hosts: ::1 localhost

O2 - BHO: (no name) - {03AB0955-35A4-4460-85F5-D22136FEFA04} - (no file)

O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {097EA6AB-BD49-4F9B-9158-D66C8112F291} - (no file)

O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: (no name) - {6D32261F-5293-4225-B49F-262A31523A41} - (no file)

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: (no name) - {94BCDF34-583C-4DB4-A8DD-BFC884161EBF} - (no file)

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll

O2 - BHO: (no name) - {D70C192A-1617-48F8-A3CA-F41157BC2E3C} - (no file)

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll

O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Windows\system32\NeroCheck.exe

O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE

O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"

O4 - HKLM\..\Run: [LVCOMSX] "C:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exe"

O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE

O4 - HKLM\..\Run: [AGEIA PhysX SysTray] C:\Program Files\AGEIA Technologies\TrayIcon.exe

O4 - HKLM\..\Run: [intelAudioStudio] "C:\Program Files\Intel Audio Studio\IntelAudioStudio.exe" TRAY

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"

O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [Launch LGDCore] "C:\Program Files\Logitech\G-series Software\LGDCore.exe" /SHOWHIDE

O4 - HKLM\..\Run: [Launch LCDMon] "C:\Program Files\Logitech\G-series Software\LCDMon.exe"

O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [H2O] C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe

O4 - HKLM\..\Run: [MSConfig] "C:\Windows\system32\msconfig.exe" /auto

O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe

O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [Orb] "C:\Program Files\Winamp Remote\bin\OrbTray.exe" /background

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe

O4 - HKCU\..\Run: [MSServer] rundll32.exe C:\Users\GEBRUI~1\AppData\Local\Temp\xxywXOhF.dll,#1

O4 - HKCU\..\Run: [cmds] rundll32.exe C:\Users\GEBRUI~1\AppData\Local\Temp\byXPHaBU.dll,c

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\RunOnce: [iETI] C:\Program Files\Skype\Phone\IEPlugin\unins000.exe /VERYSILENT /SUPPRESSMSGBOXES /NORESTART (User 'SYSTEEM')

O4 - HKUS\.DEFAULT\..\RunOnce: [iETI] C:\Program Files\Skype\Phone\IEPlugin\unins000.exe /VERYSILENT /SUPPRESSMSGBOXES /NORESTART (User 'Default user')

O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: hpoddt01.exe.lnk = ?

O4 - Global Startup: Logitech SetPoint.lnk = ?

O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE

O8 - Extra context menu item: Download All Files by HiDownload - C:\Program Files\HiDownload\HDGetAll.htm

O8 - Extra context menu item: Download by HiDownload - C:\Program Files\HiDownload\HDGet.htm

O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: HiDownload - {F4FBA929-A891-492C-A0F6-5C79CC4F1742} - C:\Program Files\HiDownload\hidownload.exe

O13 - Gopher Prefix:

O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/pr02/resources/VistaMSNPUpldnl-be.cab

O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab

O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab

O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab

O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/win/ActiveXPlugin.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O16 - DPF: {FDDBE2B8-6602-4AD8-946D-94C5A32FA6C1} (GameDesire Pool 8) - http://67.15.101.3/g_bin/eng/billard8_2_0_0_31.cab

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe

O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Windows\system32\STacSV.exe

O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe

O23 - Service: TabletService - Wacom Technology, Corp. - C:\Windows\system32\Tablet.exe

--

End of file - 11388 bytes

Bedankt, Naftrox

Link naar reactie
Delen op andere sites
  • Reacties 25
  • Aangemaakt
  • Laatste reactie

Beste reacties in dit topic

Populaire dagen

Beste reacties in dit topic

Populaire dagen

kape Grootmeester

kape

Geplaatst:
Geplaatst:

Combofix heeft slechts ten dele gewerkt, even hetzelfde proberen met een ander programma :

Download The Avenger en plaats het op je bureaublad. Unzip het.

Start het programma door op avenger.exe te klikken.

In het venster "Input Script here", plak je het volgende (vetgedrukte):

Registry keys to delete:

HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{03AB0955-35A4-4460-85F5-D22136FEFA04}

HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{097EA6AB-BD49-4F9B-9158-D66C8112F291}

HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6D32261F-5293-4225-B49F-262A31523A41}

HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{94BCDF34-583C-4DB4-A8DD-BFC884161EBF}

HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D70C192A-1617-48F8-A3CA-F41157BC2E3C}

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

"cmds"=-

Klik daarna op de knop "Execute".

Avenger zal aangeven dat de computer gaat herstarten, sta dit toe.

Na nieuwe opstart opent een logfile (avenger.txt).

Start Hijackthis op en kies voor 'Do a system scan only'. Selecteer alleen de items hieronder genoemd:

O2 - BHO: (no name) - {03AB0955-35A4-4460-85F5-D22136FEFA04} - (no file)

O2 - BHO: (no name) - {097EA6AB-BD49-4F9B-9158-D66C8112F291} - (no file)

O2 - BHO: (no name) - {6D32261F-5293-4225-B49F-262A31523A41} - (no file)

O2 - BHO: (no name) - {94BCDF34-583C-4DB4-A8DD-BFC884161EBF} - (no file)

O2 - BHO: (no name) - {D70C192A-1617-48F8-A3CA-F41157BC2E3C} - (no file)

O4 - HKCU\..\Run: [MSServer] rundll32.exe C:\Users\GEBRUI~1\AppData\Local\Temp\xxywXOhF.dll,#1

O4 - HKCU\..\Run: [cmds] rundll32.exe C:\Users\GEBRUI~1\AppData\Local\Temp\byXPHaBU.dll,c

Klik op 'Fix checked' om de items te verwijderen.

Download Deckard's System Scanner naar je Bureaublad.

  • Sluit alle toepassingen en vensters.
  • Dubbelklik op dss.exe om het te activeren, en volg de aanwijzingen.
  • Wanneer de scan volledig is, zal een tekstbestand - main.txt - openen.
  • Kopiëer (Ctrl+A gevolgd door Ctrl+C) en plak (Ctrl+V) de inhoud van main.txt in je volgende antwoord.

Veel werk aan de winkel : hang daarna het log van The Avenger, een nieuw log van HiJackThis en van Deckard in je volgende bericht.

Link naar reactie
Delen op andere sites
Gast Naftrox

Gast Naftrox

Geplaatst:
Geplaatst:

The Avenger log:

//////////////////////////////////////////

Avenger Pre-Processor log

//////////////////////////////////////////

Platform: Windows NT 6.0 (build 6000)

Sun May 11 15:57:46 2008

15:57:10: Error: Invalid registry syntax in command:

"HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run"

Only registry keys under the HKEY_LOCAL_MACHINE hive are accessible to this program.

Skipping line. (Registry key deletion mode)

15:57:14: Error: Invalid registry syntax in command:

""cmds"=-"

Only registry keys under the HKEY_LOCAL_MACHINE hive are accessible to this program.

Skipping line. (Registry key deletion mode)

//////////////////////////////////////////

Logfile of The Avenger Version 2.0, © by Swandog46

Swandog46's Public Anti-Malware Tools

Platform: Windows Vista

*******************

Script file opened successfully.

Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.

No rootkits found!

Error: registry key "HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{03AB0955-35A4-4460-85F5-D22136FEFA04}" not found!

Deletion of registry key "HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{03AB0955-35A4-4460-85F5-D22136FEFA04}" failed!

Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)

--> the object does not exist

Error: registry key "HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{097EA6AB-BD49-4F9B-9158-D66C8112F291}" not found!

Deletion of registry key "HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{097EA6AB-BD49-4F9B-9158-D66C8112F291}" failed!

Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)

--> the object does not exist

Error: registry key "HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6D32261F-5293-4225-B49F-262A31523A41}" not found!

Deletion of registry key "HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6D32261F-5293-4225-B49F-262A31523A41}" failed!

Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)

--> the object does not exist

Error: registry key "HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{94BCDF34-583C-4DB4-A8DD-BFC884161EBF}" not found!

Deletion of registry key "HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{94BCDF34-583C-4DB4-A8DD-BFC884161EBF}" failed!

Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)

--> the object does not exist

Error: registry key "HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D70C192A-1617-48F8-A3CA-F41157BC2E3C}" not found!

Deletion of registry key "HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D70C192A-1617-48F8-A3CA-F41157BC2E3C}" failed!

Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)

--> the object does not exist

Completed script processing.

*******************

Finished! Terminate.

Hijackthis log:

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 16:14:42, on 11/05/2008

Platform: Windows Vista (WinNT 6.00.1904)

MSIE: Internet Explorer v7.00 (7.00.6000.16643)

Boot mode: Normal

Running processes:

C:\Windows\SYSTEM32\WISPTIS.EXE

C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\WTablet\TabUserW.exe

C:\Windows\system32\conime.exe

C:\Program Files\Windows Defender\MSASCui.exe

C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe

C:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exe

C:\Program Files\AGEIA Technologies\TrayIcon.exe

C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe

C:\Program Files\Alwil Software\Avast4\ashDisp.exe

C:\Program Files\Logitech\G-series Software\LGDCore.exe

C:\Program Files\Logitech\G-series Software\LCDMon.exe

C:\Program Files\Syncrosoft\POS\H2O\cledx.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\Windows\ehome\ehtray.exe

C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\Windows\System32\rundll32.exe

C:\Program Files\Logitech\SetPoint\SetPoint.exe

C:\Program Files\WinZip\WZQKPICK.EXE

C:\Windows\ehome\ehmsas.exe

C:\Program Files\Logitech\G-series Software\Applets\LCDPop3\LCDPOP3.exe

C:\Program Files\Logitech\G-series Software\Applets\LCDClock.exe

C:\Program Files\Logitech\G-series Software\Applets\LCDMedia.exe

C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE

C:\Windows\System32\mobsync.exe

C:\Windows\system32\rundll32.exe

C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com

O1 - Hosts: ::1 localhost

O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll

O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Windows\system32\NeroCheck.exe

O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE

O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"

O4 - HKLM\..\Run: [LVCOMSX] "C:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exe"

O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE

O4 - HKLM\..\Run: [AGEIA PhysX SysTray] C:\Program Files\AGEIA Technologies\TrayIcon.exe

O4 - HKLM\..\Run: [intelAudioStudio] "C:\Program Files\Intel Audio Studio\IntelAudioStudio.exe" TRAY

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"

O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [Launch LGDCore] "C:\Program Files\Logitech\G-series Software\LGDCore.exe" /SHOWHIDE

O4 - HKLM\..\Run: [Launch LCDMon] "C:\Program Files\Logitech\G-series Software\LCDMon.exe"

O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [H2O] C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe

O4 - HKLM\..\Run: [MSConfig] "C:\Windows\system32\msconfig.exe" /auto

O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe

O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [Orb] "C:\Program Files\Winamp Remote\bin\OrbTray.exe" /background

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe

O4 - HKCU\..\Run: [cmds] rundll32.exe C:\Users\GEBRUI~1\AppData\Local\Temp\byXPHaBU.dll,c

O4 - HKCU\..\Run: [MSServer] rundll32.exe C:\Users\GEBRUI~1\AppData\Local\Temp\xxywXOhF.dll,#1

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\RunOnce: [iETI] C:\Program Files\Skype\Phone\IEPlugin\unins000.exe /VERYSILENT /SUPPRESSMSGBOXES /NORESTART (User 'SYSTEEM')

O4 - HKUS\.DEFAULT\..\RunOnce: [iETI] C:\Program Files\Skype\Phone\IEPlugin\unins000.exe /VERYSILENT /SUPPRESSMSGBOXES /NORESTART (User 'Default user')

O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: hpoddt01.exe.lnk = ?

O4 - Global Startup: Logitech SetPoint.lnk = ?

O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE

O8 - Extra context menu item: Download All Files by HiDownload - C:\Program Files\HiDownload\HDGetAll.htm

O8 - Extra context menu item: Download by HiDownload - C:\Program Files\HiDownload\HDGet.htm

O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: HiDownload - {F4FBA929-A891-492C-A0F6-5C79CC4F1742} - C:\Program Files\HiDownload\hidownload.exe

O13 - Gopher Prefix:

O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/pr02/resources/VistaMSNPUpldnl-be.cab

O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab

O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab

O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab

O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/win/ActiveXPlugin.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O16 - DPF: {FDDBE2B8-6602-4AD8-946D-94C5A32FA6C1} (GameDesire Pool 8) - http://67.15.101.3/g_bin/eng/billard8_2_0_0_31.cab

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe

O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Windows\system32\STacSV.exe

O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe

O23 - Service: TabletService - Wacom Technology, Corp. - C:\Windows\system32\Tablet.exe

--

End of file - 11211 bytes

Deckard log:

Deckard's System Scanner v20071014.68

Run by Gebruiker on 2008-05-11 16:03:46

Computer is in Normal Mode.

--------------------------------------------------------------------------------

-- Last 5 Restore Point(s) --

12: 2008-05-11 10:36:47 UTC - RP597 - ComboFix created restore point

11: 2008-05-10 22:19:35 UTC - RP596 - ComboFix created restore point

10: 2008-05-09 18:52:40 UTC - RP595 - Herstelbewerking

9: 2008-05-09 18:41:57 UTC - RP594 - Herstelbewerking

8: 2008-05-09 18:30:48 UTC - RP593 - Windows Defender Checkpoint

-- First Restore Point --

1: 2008-05-03 10:47:30 UTC - RP585 - Gepland herstelpunt

Backed up registry hives.

Performed disk cleanup.

-- HijackThis (run as Gebruiker.exe) -------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 16:07:51, on 11/05/2008

Platform: Windows Vista (WinNT 6.00.1904)

MSIE: Internet Explorer v7.00 (7.00.6000.16643)

Boot mode: Normal

Running processes:

C:\Windows\SYSTEM32\WISPTIS.EXE

C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\WTablet\TabUserW.exe

C:\Windows\system32\conime.exe

C:\Program Files\Windows Defender\MSASCui.exe

C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe

C:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exe

C:\Program Files\AGEIA Technologies\TrayIcon.exe

C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe

C:\Program Files\Alwil Software\Avast4\ashDisp.exe

C:\Program Files\Logitech\G-series Software\LGDCore.exe

C:\Program Files\Logitech\G-series Software\LCDMon.exe

C:\Program Files\Syncrosoft\POS\H2O\cledx.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\Windows\ehome\ehtray.exe

C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\Windows\System32\rundll32.exe

C:\Program Files\Logitech\SetPoint\SetPoint.exe

C:\Program Files\WinZip\WZQKPICK.EXE

C:\Windows\ehome\ehmsas.exe

C:\Program Files\Logitech\G-series Software\Applets\LCDPop3\LCDPOP3.exe

C:\Program Files\Logitech\G-series Software\Applets\LCDClock.exe

C:\Program Files\Logitech\G-series Software\Applets\LCDMedia.exe

C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE

C:\Windows\System32\mobsync.exe

C:\Windows\system32\rundll32.exe

C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe

C:\Users\Gebruiker\Desktop\dss.exe

C:\Windows\system32\SearchFilterHost.exe

C:\PROGRA~1\TRENDM~1\HIJACK~1\Gebruiker.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com

O1 - Hosts: ::1 localhost

O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll

O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Windows\system32\NeroCheck.exe

O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE

O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"

O4 - HKLM\..\Run: [LVCOMSX] "C:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exe"

O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE

O4 - HKLM\..\Run: [AGEIA PhysX SysTray] C:\Program Files\AGEIA Technologies\TrayIcon.exe

O4 - HKLM\..\Run: [intelAudioStudio] "C:\Program Files\Intel Audio Studio\IntelAudioStudio.exe" TRAY

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"

O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [Launch LGDCore] "C:\Program Files\Logitech\G-series Software\LGDCore.exe" /SHOWHIDE

O4 - HKLM\..\Run: [Launch LCDMon] "C:\Program Files\Logitech\G-series Software\LCDMon.exe"

O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [H2O] C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe

O4 - HKLM\..\Run: [MSConfig] "C:\Windows\system32\msconfig.exe" /auto

O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe

O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [Orb] "C:\Program Files\Winamp Remote\bin\OrbTray.exe" /background

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe

O4 - HKCU\..\Run: [cmds] rundll32.exe C:\Users\GEBRUI~1\AppData\Local\Temp\byXPHaBU.dll,c

O4 - HKCU\..\Run: [MSServer] rundll32.exe C:\Users\GEBRUI~1\AppData\Local\Temp\xxywXOhF.dll,#1

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\RunOnce: [iETI] C:\Program Files\Skype\Phone\IEPlugin\unins000.exe /VERYSILENT /SUPPRESSMSGBOXES /NORESTART (User 'SYSTEEM')

O4 - HKUS\.DEFAULT\..\RunOnce: [iETI] C:\Program Files\Skype\Phone\IEPlugin\unins000.exe /VERYSILENT /SUPPRESSMSGBOXES /NORESTART (User 'Default user')

O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: hpoddt01.exe.lnk = ?

O4 - Global Startup: Logitech SetPoint.lnk = ?

O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE

O8 - Extra context menu item: Download All Files by HiDownload - C:\Program Files\HiDownload\HDGetAll.htm

O8 - Extra context menu item: Download by HiDownload - C:\Program Files\HiDownload\HDGet.htm

O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: HiDownload - {F4FBA929-A891-492C-A0F6-5C79CC4F1742} - C:\Program Files\HiDownload\hidownload.exe

O13 - Gopher Prefix:

O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/pr02/resources/VistaMSNPUpldnl-be.cab

O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab

O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab

O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab

O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/win/ActiveXPlugin.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O16 - DPF: {FDDBE2B8-6602-4AD8-946D-94C5A32FA6C1} (GameDesire Pool 8) - http://67.15.101.3/g_bin/eng/billard8_2_0_0_31.cab

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe

O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Windows\system32\STacSV.exe

O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe

O23 - Service: TabletService - Wacom Technology, Corp. - C:\Windows\system32\Tablet.exe

--

End of file - 11190 bytes

-- HijackThis Fixed Entries (C:\PROGRA~1\TRENDM~1\HIJACK~1\backups\) -----------

backup-20080510-113927-240 O4 - HKCU\..\Run: [CollaborationHost] C:\Windows\system32\p2phost.exe -s

backup-20080510-113927-250 O2 - BHO: (no name) - {ADB586E4-21B4-4FB9-88EF-BF8B3B18A072} - (no file)

backup-20080510-113927-376 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

backup-20080510-113927-413 O2 - BHO: (no name) - {12F7DFF0-EF69-4B61-A1BB-EF66874F0713} - (no file)

backup-20080510-113927-419 O4 - HKCU\..\Run: [ec1d01d5] rundll32.exe "C:\Users\GEBRUI~1\AppData\Local\Temp\gxmkbvpm.dll",b

backup-20080510-113927-421 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

backup-20080510-113927-466 O4 - HKCU\..\Run: [hjwpkqkn] C:\ProgramData\hjwpkqkn\nqpcvwni.exe

backup-20080510-113927-729 O4 - HKCU\..\Run: [MSServer] rundll32.exe C:\Users\GEBRUI~1\AppData\Local\Temp\fccaBQIb.dll,#1

backup-20080510-113927-784 O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

backup-20080510-113927-865 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

backup-20080510-113927-919 O2 - BHO: (no name) - {AF35C1BC-406D-4347-A252-68E1932F0333} - (no file)

backup-20080510-113927-962 O2 - BHO: (no name) - {25E782D5-B311-451F-8AAD-3A0728D7EBE5} - (no file)

backup-20080510-113927-989 O4 - HKCU\..\Run: [cmds] rundll32.exe C:\Users\GEBRUI~1\AppData\Local\Temp\byXPHaBU.dll,c

backup-20080510-114036-363 O16 - DPF: {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} (DownloadManager Control) - http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.1.6.cab

backup-20080510-151318-228 O2 - BHO: (no name) - {0C8BCF66-880A-4669-9668-6D05FB337802} - (no file)

backup-20080510-151318-253 O4 - HKCU\..\Run: [cmds] rundll32.exe C:\Users\GEBRUI~1\AppData\Local\Temp\byXPHaBU.dll,c

backup-20080510-151318-473 O4 - HKCU\..\Run: [MSServer] rundll32.exe C:\Users\GEBRUI~1\AppData\Local\Temp\cbxwULEw.dll,#1

backup-20080511-160252-186 O4 - HKCU\..\Run: [cmds] rundll32.exe C:\Users\GEBRUI~1\AppData\Local\Temp\byXPHaBU.dll,c

backup-20080511-160252-626 O2 - BHO: (no name) - {6D32261F-5293-4225-B49F-262A31523A41} - (no file)

backup-20080511-160252-658 O2 - BHO: (no name) - {D70C192A-1617-48F8-A3CA-F41157BC2E3C} - (no file)

backup-20080511-160252-835 O2 - BHO: (no name) - {94BCDF34-583C-4DB4-A8DD-BFC884161EBF} - (no file)

backup-20080511-160252-846 O2 - BHO: (no name) - {097EA6AB-BD49-4F9B-9158-D66C8112F291} - (no file)

backup-20080511-160252-866 O2 - BHO: (no name) - {03AB0955-35A4-4460-85F5-D22136FEFA04} - (no file)

backup-20080511-160252-987 O4 - HKCU\..\Run: [MSServer] rundll32.exe C:\Users\GEBRUI~1\AppData\Local\Temp\xxywXOhF.dll,#1

-- File Associations -----------------------------------------------------------

.cpl - cplfile - shell\cplopen\command - rundll32.exe shell32.dll,Control_RunDLL "%1",%*

-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 AFS - c:\windows\system32\drivers\afs.sys <Not Verified; Oak Technology Inc.; AFS>

R2 EIO - \??\c:\windows\system32\drivers\eio.sys

R3 CLEDX (Team H2O CLEDX service) - c:\windows\system32\drivers\cledx.sys <Not Verified; Team H2O; CLEDX>

-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>

R2 STacSV (SigmaTel Audio Service) - c:\windows\system32\stacsv.exe <Not Verified; SigmaTel, Inc.; C-Major Audio>

-- Device Manager: Disabled ----------------------------------------------------

Class GUID:

Description:

Device ID: PCI\VEN_8086&DEV_2997&SUBSYS_4F438086&REV_02\3&18D45AA6&0&1B

Manufacturer:

Name: COM3

PNP Device ID: PCI\VEN_8086&DEV_2997&SUBSYS_4F438086&REV_02\3&18D45AA6&0&1B

Service:

-- Scheduled Tasks -------------------------------------------------------------

2008-05-09 18:00:14 416 --a------ C:\Windows\Tasks\Norton Security Scan.job

-- Files created between 2008-04-11 and 2008-05-11 -----------------------------

2008-05-11 12:40:10 53248 --a------ C:\Windows\PSEXESVC.EXE <Not Verified; Sysinternals; Sysinternals PsExec>

2008-05-10 15:22:26 0 d-------- C:\Windows\pss

2008-05-09 22:24:17 0 d-------- C:\Program Files\Trend Micro

2008-05-09 22:19:42 68096 --a------ C:\Windows\zip.exe

2008-05-09 22:19:42 49152 --a------ C:\Windows\VFind.exe

2008-05-09 22:19:42 212480 --a------ C:\Windows\swxcacls.exe <Not Verified; SteelWerX; SteelWerX Extended Configurator ACLists>

2008-05-09 22:19:42 136704 --a------ C:\Windows\swsc.exe <Not Verified; SteelWerX; SteelWerX Service Controller>

2008-05-09 22:19:42 161792 --a------ C:\Windows\swreg.exe <Not Verified; SteelWerX; SteelWerX Registry Editor>

2008-05-09 22:19:42 98816 --a------ C:\Windows\sed.exe

2008-05-09 22:19:42 80412 --a------ C:\Windows\grep.exe

2008-05-09 22:19:42 73728 --a------ C:\Windows\fdsv.exe <Not Verified; Smallfrogs Studio; >

2008-05-09 22:19:25 0 d-------- C:\327882R2FWJFW

2008-05-09 21:30:30 0 d-------- C:\Program Files\Exterminate It!

2008-05-09 21:25:07 0 d-------- C:\VundoFix Backups

2008-05-09 17:55:06 0 d-------- C:\Users\All Users\Spybot - Search & Destroy

2008-05-07 22:34:10 0 d-------- C:\Program Files\CCleaner

2008-04-30 11:24:03 487936 --a------ C:\Windows\system32\rmbe3260.dll <Not Verified; RealNetworks, Inc.; RealNetworks RealProducer Build Engine (32-bit)>

2008-04-30 11:24:03 87040 --a------ C:\Windows\system32\ra32sipr.dll <Not Verified; RealNetworks, Inc.; RealMedia Shared Component (32-bit)>

2008-04-30 11:24:03 21504 --a------ C:\Windows\system32\ra32dnet.dll <Not Verified; RealNetworks, Inc.; RealAudio Shared Component (32-bit)>

2008-04-30 11:24:03 72704 --a------ C:\Windows\system32\ra3228_8.dll <Not Verified; RealNetworks, Inc.; 28.8 Audio Codec for RealAudio (32-bit) RealVideo Encoder SDK 5.0>

2008-04-30 11:24:03 81920 --a------ C:\Windows\system32\ra3214_4.dll <Not Verified; RealNetworks, Inc.; 14.4 Audio Codec for RealAudio (32-bit) RealVideo Encoder SDK 5.0>

2008-04-30 11:24:03 352768 --a------ C:\Windows\system32\pngu3263.dll <Not Verified; RealNetworks, Inc.; RealPlayer (32-bit)>

2008-04-30 11:24:03 131072 --a------ C:\Windows\system32\pneng50.dll <Not Verified; RealNetworks, Inc.; RealNetworks RealVideo Encoder Engine (32-bit)>

2008-04-30 11:24:03 130560 --a------ C:\Windows\system32\pnc3250.dll <Not Verified; RealNetworks, Inc.; Low-Level API for RealAudio Encoder (32-bit)>

2008-04-30 11:24:03 85504 --a------ C:\Windows\system32\encdnet.dll <Not Verified; RealNetworks, Inc.; RealAudio Shared Component (32-bit)>

2008-04-30 11:24:03 61952 --a------ C:\Windows\system32\decdnet.dll <Not Verified; RealNetworks, Inc.; RealAudio Shared Component (32-bit)>

2008-04-30 11:21:51 33792 --a------ C:\Windows\system32\drivers\cledx.sys <Not Verified; Team H2O; CLEDX>

2008-04-30 11:21:36 16896 --a------ C:\Windows\system32\drivers\synasUSB.sys <Not Verified; Syncrosoft GmbH; USB protection device>

2008-04-30 11:21:35 45056 --a------ C:\Windows\system32\Synsopos.exe <Not Verified; Syncrosoft Hard- und Software GmbH; Syncrosoft Synsopos>

2008-04-30 11:21:35 147456 --a------ C:\Windows\system32\SynsoLChk.dll <Not Verified; Syncrosoft Hard- und Software GmbH; >

2008-04-30 11:21:35 704512 --a------ C:\Windows\system32\SYNSOACC.dll <Not Verified; Syncrosoft Hard- und Software GmbH; SYNCROSOFT SYNSOACC>

2008-04-30 11:21:35 0 d-------- C:\Program Files\Syncrosoft

2008-04-29 18:40:44 0 d-------- C:\srcds

2008-04-28 21:39:11 0 d-------- C:\Program Files\LimeWire

2008-04-26 19:56:15 0 d-------- C:\Windows\vbSkinner

2008-04-26 19:56:11 0 d-------- C:\Program Files\PortTrigger

2008-04-25 18:45:57 0 d-------- C:\Program Files\Valve

2008-04-25 18:37:11 0 d-------- C:\Program Files\PFConfig

2008-04-20 20:22:08 0 d-------- C:\Users\All Users\TrackMania

2008-04-19 14:50:05 0 d-------- C:\Program Files\QuickTime

2008-04-19 14:46:32 0 d-------- C:\Program Files\Common Files\Apple

2008-04-19 14:45:02 0 d-------- C:\Users\All Users\Apple

2008-04-16 18:01:36 0 d-------- C:\Program Files\Common Files\Symantec Shared

2008-04-14 18:24:45 0 d-------- C:\Program Files\Native Instruments

-- Find3M Report ---------------------------------------------------------------

2008-05-11 16:01:12 0 d-------- C:\Users\Gebruiker\AppData\Roaming\Skype

2008-05-11 16:00:36 0 d-------- C:\Users\Gebruiker\AppData\Roaming\skypePM

2008-05-11 15:59:53 0 d-------- C:\Users\Gebruiker\AppData\Roaming\WTablet

2008-05-09 18:00:05 0 d-------- C:\Program Files\Norton Security Scan

2008-05-06 17:28:15 0 d-------- C:\Users\Gebruiker\AppData\Roaming\LimeWire

2008-05-05 22:25:14 699038 --a------ C:\Windows\system32\perfh013.dat

2008-05-05 22:25:14 127210 --a------ C:\Windows\system32\perfc013.dat

2008-05-05 22:23:08 0 d-------- C:\Program Files\Steam

2008-05-02 16:23:06 0 d-------- C:\Program Files\Common Files\Steam

2008-04-30 11:29:24 0 d-------- C:\Users\Gebruiker\AppData\Roaming\Steinberg

2008-04-29 20:24:28 0 d-------- C:\Program Files\iPod

2008-04-19 14:46:32 0 d-------- C:\Program Files\Common Files

2008-04-19 14:45:02 0 d-------- C:\Program Files\Apple Software Update

2008-04-06 20:26:33 0 d-------- C:\Program Files\vixy.net

2008-03-29 14:12:53 0 d-------- C:\Program Files\VTFEdit

2008-03-28 22:50:45 0 d-------- C:\Program Files\Guitar Pro 5

2008-03-27 21:53:25 0 d-------- C:\Users\Gebruiker\AppData\Roaming\AccurateRip

2008-03-27 21:53:24 12896 --a------ C:\Windows\system32\SpoonUninstall-dBpoweramp Music Converter.dat

2008-03-27 21:53:18 0 d-------- C:\Program Files\Illustrate

2008-03-26 00:50:34 0 d-------- C:\Users\Gebruiker\AppData\Roaming\Xfire

2008-03-25 19:31:51 0 d-------- C:\Program Files\GCFScape

2008-03-25 08:24:39 0 d-------- C:\Program Files\Java

2008-03-24 11:39:59 0 d---s---- C:\Program Files\Xfire

2008-03-22 22:28:50 0 d-------- C:\Program Files\PENDULO Studios

2008-03-22 22:28:49 0 d--h----- C:\Program Files\InstallShield Installation Information

2008-03-22 22:28:22 0 d-------- C:\Program Files\Common Files\InstallShield

2008-03-19 22:26:21 0 d-------- C:\Program Files\Common Files\Skype

2008-03-17 20:34:59 0 d-------- C:\Program Files\Winamp

2008-03-17 20:34:44 0 d-------- C:\Program Files\Winamp Remote

-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [24/09/2007 17:59]

"NeroFilterCheck"="C:\Windows\system32\NeroCheck.exe" [09/07/2001 11:50]

"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [23/01/2007 16:44 C:\Windows\KHALMNPR.Exe]

"LogitechCommunicationsManager"="C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [12/01/2007 04:09]

"LVCOMSX"="C:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exe" [12/01/2007 04:12]

"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [23/01/2007 16:44 C:\Windows\KHALMNPR.Exe]

"AGEIA PhysX SysTray"="C:\Program Files\AGEIA Technologies\TrayIcon.exe" [20/03/2006 21:43]

"IntelAudioStudio"="C:\Program Files\Intel Audio Studio\IntelAudioStudio.exe" [07/06/2006 18:11]

"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [22/02/2008 05:25]

"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [29/03/2008 19:37]

"Launch LGDCore"="C:\Program Files\Logitech\G-series Software\LGDCore.exe" [06/03/2006 17:31]

"Launch LCDMon"="C:\Program Files\Logitech\G-series Software\LCDMon.exe" [06/03/2006 17:14]

"NvSvc"="C:\Windows\system32\nvsvc.dll" [11/12/2007 18:06]

"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [11/12/2007 18:06]

"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [11/12/2007 18:06]

"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [11/01/2008 23:16]

"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [28/03/2008 23:37]

"H2O"="C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe" [23/10/2005 00:00]

"MSConfig"="C:\Windows\system32\msconfig.exe" [02/11/2006 11:45]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [09/01/2008 13:01]

"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [18/10/2007 12:34]

"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [02/11/2006 14:35]

"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [01/02/2008 18:22]

"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [18/10/2007 10:42]

"Orb"="C:\Program Files\Winamp Remote\bin\OrbTray.exe" [07/01/2008 22:02]

"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [28/01/2008 11:43]

"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [02/11/2006 14:36]

"cmds"="C:\Users\GEBRUI~1\AppData\Local\Temp\byXPHaBU.dll,c" []

"MSServer"="C:\Users\GEBRUI~1\AppData\Local\Temp\xxywXOhF.dll,#1" []

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]

"IETI"=C:\Program Files\Skype\Phone\IEPlugin\unins000.exe /VERYSILENT /SUPPRESSMSGBOXES /NORESTART

C:\Users\Gebruiker\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [16/03/2005 20:16:50]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\

hpoddt01.exe.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [6/04/2003 2:06:58]

Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [7/02/2007 11:09:12]

WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK.EXE [30/11/2007 12:10:00]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"=2 (0x2)

"DisableRegistryTools"=0 (0x0)

"HideLegacyLogonScripts"=0 (0x0)

"HideLogoffScripts"=0 (0x0)

"RunLogonScriptSync"=1 (0x1)

"RunStartupScriptSync"=1 (0x1)

"HideStartupScripts"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]

"HideLegacyLogonScripts"=0 (0x0)

"HideLogoffScripts"=0 (0x0)

"RunLogonScriptSync"=1 (0x1)

"RunStartupScriptSync"=1 (0x1)

"HideStartupScripts"=0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo]

@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso]

@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS]

@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]

@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PSEXESVC]

@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr]

@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV]

@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService]

@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS]

@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller]

@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS]

@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys]

@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys]

@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]

@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]

@="IEEE 1394 Bus host controllers"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]

@="SBP2 IEEE 1394 Devices"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]

@="SecurityDevices"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

LocalSystemNetworkRestricted hidserv UxSms WdiSystemHost Netman trkwks AudioEndpointBuilder WUDFSvc irmon sysmain IPBusEnum dot3svc PcaSvc EMDMgmt TabletInputService wlansvc WPDBusEnum

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]

C:\Windows\system32\unregmp2.exe /ShowWMP

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]

%SystemRoot%\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI

-- End of Deckard's System Scanner: finished at 2008-05-11 16:10:23 ------------

Bedankt, Naftrox

Link naar reactie
Delen op andere sites
kape Grootmeester

kape

Geplaatst:
Geplaatst:

Maak je backups van HiJackThis in deze map C:\Program Files\Trendmicro\HijackThis\backups even leeg (niet dat dit een ernstig probleem is, maar dan ben je meteen van een boel rommel verlost). Net als deze map : C:\Users\GEBRUI~1\AppData\Local\Temp. En bekijk deze map C:\327882R2FWJFW eens : zit daar iets zinvol in ? Zo niet, mag je deze verwijderen.

Open een kladblokbestand.

Kopieer en plak daarin de onderstaande vetgedrukte tekst.

File::

C:\Windows\PSEXESVC.EXE

Folder::

C:\VundoFix Backups

Registry::

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"cmds"=-

"MSServer"=-

Sla dit bestand op je bureaublad op als CFScript.txt.

Sleep CFScript.txt in ComboFix.exe

Dit zal ComboFix doen herstarten. Start opnieuw op als dat gevraagd wordt.

Post na herstart de inhoud van de Combofix.txt in je volgende bericht.

Link naar reactie
Delen op andere sites
Gast Naftrox

Gast Naftrox

Geplaatst:
Geplaatst:

Ik heb een klein probleem, als ik CFScript.txt er in heb gesleept start Combofix wel op, maar doet daarna niks meer.

+ uit mijn temp-map heb ik alles kunnen verwijderen behalve 1 bestand, namelijk byXPHaBU.dll.

Link naar reactie
Delen op andere sites
Xeno Enthousiasteling

Xeno

Geplaatst:
Geplaatst:

Hoi Naftrox,

Bij VISTA gebruik je best deze eens:

Download Malwarebytes' Anti-Malware via hier of hier.

Dubbelklik mbam-setup.exe om het programma te installeren.

  • Zorg ervoor dat er een vinkje geplaatst is voor Update Malwarebytes' Anti-Malware' en Start Malwarebytes' Anti-Malware' Klik daarna op Voltooien.
  • Kies in het hoofdscherm voor de tab Scanner en selecteer het keuzerondje Snelle Scan.
  • Druk op de knop Scan.
  • Het scannen kan een tijdje duren, dus wees geduldig.
  • Wanneer de scan voltooid is, klik OK, daarna Bekijk Resultaten om de resultaten te zien.
  • Zorg ervoor dat daar alles aangevinkt is daarna klik: Verwijder Selectie.
  • Na het verwijderen zal een log openen en zal er gevraagd worden om de computer opnieuw op te starten. (Zie extra nota onderaan)
  • De log wordt automatisch bewaard door MBAM die je kan zien door de 'Logs tab' te klikken in MBAM.
  • Kopieer en plak de resultaten van de log in je volgend antwoord, samen met een nieuw HijackThislog.

Extra Nota:

Indien MBAM moeilijkheden heeft met het verwijderen van bepaalde bestanden zal het enkele meldingen geven waar je OK moet klikken. Daarna zal het vragen om de Computer opnieuw op te starten... dus sta toe dat MBAM de computer opnieuw opstart.

Groetjes,

Xeno :)

Link naar reactie
Delen op andere sites
Gast Naftrox

Gast Naftrox

Geplaatst:
Geplaatst:

Malwarebytes log:

Malwarebytes' Anti-Malware 1.12

Database versie: 743

Scan type: Snelle Scan

Objecten gescand: 34254

Verstreken tijd: 2 minute(s), 32 second(s)

Geheugenprocessen geïnfecteerd: 0

Geheugenmodulen geïnfecteerd: 0

Registersleutels geïnfecteerd: 1

Registerwaarden geïnfecteerd: 3

Registerdata bestanden geïnfecteerd: 0

Mappen geïnfecteerd: 0

Bestanden geïnfecteerd: 0

Geheugenprocessen geïnfecteerd:

(Geen kwaadaardige items gevonden)

Geheugenmodulen geïnfecteerd:

(Geen kwaadaardige items gevonden)

Registersleutels geïnfecteerd:

HKEY_CURRENT_USER\Software\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.

Registerwaarden geïnfecteerd:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{0e1230f8-ea50-42a9-983c-d22abc2eeb4c} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MSServer (Trojan.Agent) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\cmds (Trojan.Agent) -> Quarantined and deleted successfully.

Registerdata bestanden geïnfecteerd:

(Geen kwaadaardige items gevonden)

Mappen geïnfecteerd:

(Geen kwaadaardige items gevonden)

Bestanden geïnfecteerd:

(Geen kwaadaardige items gevonden)

Hijackthis log:

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 20:45:43, on 12/05/2008

Platform: Windows Vista (WinNT 6.00.1904)

MSIE: Internet Explorer v7.00 (7.00.6000.16643)

Boot mode: Normal

Running processes:

C:\Windows\SYSTEM32\WISPTIS.EXE

C:\Windows\system32\Dwm.exe

C:\Windows\system32\taskeng.exe

C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe

C:\Windows\Explorer.EXE

C:\Program Files\Windows Defender\MSASCui.exe

C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe

C:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exe

C:\Program Files\AGEIA Technologies\TrayIcon.exe

C:\Windows\system32\WTablet\TabUserW.exe

C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe

C:\Program Files\Alwil Software\Avast4\ashDisp.exe

C:\Program Files\Logitech\G-series Software\LGDCore.exe

C:\Program Files\Logitech\G-series Software\LCDMon.exe

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe

C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe

C:\Program Files\Syncrosoft\POS\H2O\cledx.exe

C:\Windows\System32\mobsync.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\Windows\ehome\ehtray.exe

C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\Program Files\Logitech\SetPoint\SetPoint.exe

C:\Windows\ehome\ehmsas.exe

C:\Program Files\Logitech\G-series Software\Applets\LCDPop3\LCDPOP3.exe

C:\Program Files\WinZip\WZQKPICK.EXE

C:\Program Files\Logitech\G-series Software\Applets\LCDClock.exe

C:\Program Files\Logitech\G-series Software\Applets\LCDMedia.exe

C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE

C:\Windows\system32\SearchFilterHost.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com

O1 - Hosts: ::1 localhost

O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll

O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Windows\system32\NeroCheck.exe

O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE

O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"

O4 - HKLM\..\Run: [LVCOMSX] "C:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exe"

O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE

O4 - HKLM\..\Run: [AGEIA PhysX SysTray] C:\Program Files\AGEIA Technologies\TrayIcon.exe

O4 - HKLM\..\Run: [intelAudioStudio] "C:\Program Files\Intel Audio Studio\IntelAudioStudio.exe" TRAY

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"

O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [Launch LGDCore] "C:\Program Files\Logitech\G-series Software\LGDCore.exe" /SHOWHIDE

O4 - HKLM\..\Run: [Launch LCDMon] "C:\Program Files\Logitech\G-series Software\LCDMon.exe"

O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [H2O] C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe

O4 - HKLM\..\Run: [MSConfig] "C:\Windows\system32\msconfig.exe" /auto

O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe

O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [Orb] "C:\Program Files\Winamp Remote\bin\OrbTray.exe" /background

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe

O4 - HKCU\..\Run: [MSServer] rundll32.exe C:\Users\GEBRUI~1\AppData\Local\Temp\xxywXOhF.dll,#1

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\RunOnce: [iETI] C:\Program Files\Skype\Phone\IEPlugin\unins000.exe /VERYSILENT /SUPPRESSMSGBOXES /NORESTART (User 'SYSTEEM')

O4 - HKUS\.DEFAULT\..\RunOnce: [iETI] C:\Program Files\Skype\Phone\IEPlugin\unins000.exe /VERYSILENT /SUPPRESSMSGBOXES /NORESTART (User 'Default user')

O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: hpoddt01.exe.lnk = ?

O4 - Global Startup: Logitech SetPoint.lnk = ?

O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE

O8 - Extra context menu item: Download All Files by HiDownload - C:\Program Files\HiDownload\HDGetAll.htm

O8 - Extra context menu item: Download by HiDownload - C:\Program Files\HiDownload\HDGet.htm

O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: HiDownload - {F4FBA929-A891-492C-A0F6-5C79CC4F1742} - C:\Program Files\HiDownload\hidownload.exe

O13 - Gopher Prefix:

O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/pr02/resources/VistaMSNPUpldnl-be.cab

O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab

O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab

O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab

O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/win/ActiveXPlugin.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O16 - DPF: {FDDBE2B8-6602-4AD8-946D-94C5A32FA6C1} (GameDesire Pool 8) - http://67.15.101.3/g_bin/eng/billard8_2_0_0_31.cab

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe

O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Windows\system32\STacSV.exe

O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe

O23 - Service: TabletService - Wacom Technology, Corp. - C:\Windows\system32\Tablet.exe

--

End of file - 11067 bytes

Bedankt, Naftrox

Link naar reactie
Delen op andere sites
Gast
Dit topic is nu gesloten voor nieuwe reacties.
 Delen
Ga naar topic overzicht
Logo

OVER ONS

PC Helpforum helpt GRATIS computergebruikers sinds juli 2006. Ons team geeft via het forum professioneel antwoord op uw vragen en probeert uw pc problemen zo snel mogelijk op te lossen. Word lid vandaag, plaats je vraag online en het PC Helpforum-team helpt u graag verder!

SITEMAP

×
×
  • Nieuwe aanmaken...

Belangrijke informatie

We hebben cookies geplaatst op je toestel om deze website voor jou beter te kunnen maken. Je kunt de cookie instellingen aanpassen, anders gaan we er van uit dat het goed is om verder te gaan.