Nona
Lid-
Items
13 -
Registratiedatum
-
Laatst bezocht
Nona's prestaties
-
Hier het logje. Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 14:11:53, on 20-7-2012 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\WTouch\WTouchService.exe C:\WINDOWS\system32\spoolsv.exe c:\program files\idt\intelxpv_v100\wdm\STacSV.exe C:\Program Files\WTouch\WTouchUser.exe C:\WINDOWS\Explorer.EXE C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\DivX\DivX Update\DivXUpdate.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\Epson Software\Event Manager\EEventManager.exe C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIGGE.EXE C:\Program Files\4Sync\4Sync.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\McAfee Security Scan\3.0.229\SSScheduler.exe C:\Program Files\WiFiConnector\NintendoWFCReg.exe C:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\Pen_Tablet.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\msiexec.exe C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Welcome to Secundi! R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, het laatste nieuws en entertainment | MSN.NL R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, Messenger, het laatste nieuws en entertainment | MSN.NL R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe /installquiet O4 - HKLM\..\Run: [EEventManager] "C:\Program Files\Epson Software\Event Manager\EEventManager.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart O4 - HKCU\..\Run: [EPSON SX125 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIGGE.EXE /FU "C:\DOCUME~1\BEHEER~1\LOCALS~1\Temp\E_S243F.tmp" /EF "HKCU" O4 - HKCU\..\Run: [4Sync] "C:\Program Files\4Sync\4Sync.exe" -startup O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [] C:\DOCUME~1\BEHEER~1\LOCALS~1\Temp\mtokusimispg.exe O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user') O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: McAfee Security Scan Plus.lnk = C:\Program Files\McAfee Security Scan\3.0.229\SSScheduler.exe O4 - Global Startup: Registratiesoftware starten.lnk = C:\Program Files\WiFiConnector\NintendoWFCReg.exe O8 - Extra context menu item: &4shared Search - res://C:\Program Files\4shared Toolbar\4sharedbar32.dll/MENUSEARCH.HTM O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\beheerder\Menu Start\Programma's\IMVU\Run IMVU.lnk O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab O16 - DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} (Bitdefender QuickScan Control) - http://quickscan.bitdefender.com/qsax/qsax.cab O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/NL-NL/a-UNO1/GAME_UNO1.cab O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6770.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1238063933656 O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab O16 - DPF: {A4150320-98EC-4DB6-9BFB-EBF4B6FBEB16} (DVM_IPCam2 Control) - http://46.129.32.33/codebase/DVM_IPCam2.ocx O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://3dlifeplayer.dl.3dvia.com/player/install/3DVIA_player_installer.exe O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O16 - DPF: {EDFCB7CB-942C-4822-AF14-F0B687409848} (Image Uploader Control) - http://cache.hyves-static.net/statics/Aurigma/ImageUploader4.cab O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: ABBYY FineReader 9.0 Sprint Licensing Service (ABBYY.Licensing.FineReader.Sprint.9.0) - ABBYY - C:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: Mobiel Apple apparaat (Apple Mobile Device) - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files\McAfee Security Scan\3.0.229\McCHSvc.exe O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: Audio Service (STacSV) - IDT, Inc. - c:\program files\idt\intelxpv_v100\wdm\STacSV.exe O23 - Service: StarWind AE Service (StarWindServiceAE) - Unknown owner - D:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe (file missing) O23 - Service: TabletServicePen - Wacom Technology, Corp. - C:\WINDOWS\system32\Pen_Tablet.exe O23 - Service: WTouch Service (WTouchService) - Wacom Technology, Corp. - C:\Program Files\WTouch\WTouchService.exe -- End of file - 12131 bytes
-
Heb ik gedaan, de pc staat nu in normale modus aan, zonder virusscherm, yay! Wat nu, want ik neem aan dat er nog stappen genomen moeten worden om te zorgen dat het niet terug komt en echt volledig weg is?
-
Helaas, de software staat op de CDROM en doet ook het ook in een andere pc, mijn pc staat ook goed ingesteld zodat cdroms meteen opstarten maar het virus scherm komt omhoog en de cd rom laad niet. Ik heb de BIOS instellingen gecontroleerd en booth first staat gewoon op enabled voor cdroms dus hij zou het gewoon moeten doen, maar niet dus..
-
Ik heb geen beschikking tot een andere pc voor in ieder geval een paar dagen, dit kan dus best een tijd duren. Raak ik hiermee ook bestanden kwijt?
-
Dat gaat niet, de pc start niet op, ook niet via veilige modus, nadat ik veilige modus kies start ie zichzelf opnieuw op en dat blijft zich herhalen, ik kom niet voorbij het zwarte beginscherm waarbij je kan kiezen tussen veilige modus met en zonder netwerk (beide geven trouwens hetzelfde resultaat) (ik ben nu trouwens online via mijn iPod)
-
Alles was weg en nu zit er weer één, argh. BUMA STEMRA politie virus ipv ukash politie virus dit keer.
-
CombiFix startte de pc automatisch opnieuw op in normale modus, dus daar zit ik nu in ipv veilige modus. Betekent dat dat het opgelost is? =D Hierbij het log: ComboFix 12-06-26.02 - Administrator 27-06-2012 14:26:44.2.4 - x86 NETWORK Microsoft Windows XP Home Edition 5.1.2600.3.1252.31.1043.18.3323.2975 [GMT 2:00] Gestart vanuit: c:\documents and settings\Administrator\Bureaublad\ComboFix.exe gebruikte Opdracht switches :: c:\documents and settings\Administrator\Bureaublad\CFScript.txt AV: ESET NOD32 Antivirus 4.0 *Enabled/Outdated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0} . FILE :: "c:\windows\system32\drivers\numchq.sys" . . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\documents and settings\All Users\Application Data\B7E85889008624A056477F04D151FC84 c:\documents and settings\All Users\Application Data\B7E85889008624A056477F04D151FC84\B7E85889008624A056477F04D151FC84 c:\program files\iWin Games c:\program files\iWin Games\AdminWorker.exe c:\program files\iWin Games\firefox\chrome.manifest c:\program files\iWin Games\firefox\chrome\iwinarcade.jar c:\program files\iWin Games\firefox\install.rdf c:\program files\iWin Games\firefox\iWinArcadeLauncher.exe c:\program files\iWin Games\firefox\version c:\program files\iWin Games\ftdownload.dat c:\program files\iWin Games\gamepage\buynow.html c:\program files\iWin Games\gamepage\common.js c:\program files\iWin Games\gamepage\css\offline.css c:\program files\iWin Games\gamepage\disconnected-upsell.html c:\program files\iWin Games\gamepage\end.html c:\program files\iWin Games\gamepage\expired.html c:\program files\iWin Games\gamepage\images\alert32x32.gif c:\program files\iWin Games\gamepage\images\bg_header.gif c:\program files\iWin Games\gamepage\images\buttons\close-blue-28.gif c:\program files\iWin Games\gamepage\images\buttons\continue-orange-132.gif c:\program files\iWin Games\gamepage\images\buttons\yesiwantabackupcd-orange-197.gif c:\program files\iWin Games\gamepage\images\common\header-bg.gif c:\program files\iWin Games\gamepage\images\common\header-small-bg.gif c:\program files\iWin Games\gamepage\images\common\loading.gif c:\program files\iWin Games\gamepage\images\continuefreetrial-32.gif c:\program files\iWin Games\gamepage\images\global\logo-invis.gif c:\program files\iWin Games\gamepage\images\global\logo.gif c:\program files\iWin Games\gamepage\images\global\page-bg-swirly.gif c:\program files\iWin Games\gamepage\images\global\page-bg.gif c:\program files\iWin Games\gamepage\images\global\page-header-small-bg.jpg c:\program files\iWin Games\gamepage\images\logo.jpg c:\program files\iWin Games\gamepage\images\misc\blue-bottom-triangle.gif c:\program files\iWin Games\gamepage\images\misc\information.gif c:\program files\iWin Games\gamepage\images\ous\divider.gif c:\program files\iWin Games\gamepage\images\ous\eus.jpg c:\program files\iWin Games\gamepage\images\ous\hotel-bg.gif c:\program files\iWin Games\gamepage\images\ous\hotel-iwin.gif c:\program files\iWin Games\gamepage\images\ous\opal.gif c:\program files\iWin Games\gamepage\images\ous\opalbox.jpg c:\program files\iWin Games\gamepage\images\ous\ous-promo-banner.jpg c:\program files\iWin Games\gamepage\images\plans\plan1.gif c:\program files\iWin Games\gamepage\images\plans\plan2.gif c:\program files\iWin Games\gamepage\images\plans\plan3.gif c:\program files\iWin Games\gamepage\images\product\feature.jpg c:\program files\iWin Games\gamepage\open.html c:\program files\iWin Games\gamepage\operationfailed.html c:\program files\iWin Games\gamepage\scripts\disconnected-upsell.js c:\program files\iWin Games\gamepage\scripts\popups.js c:\program files\iWin Games\gamepage\scripts\prototype-1.6.js c:\program files\iWin Games\gamepage\styles\base.css c:\program files\iWin Games\gamepage\styles\disconnected-upsell.css c:\program files\iWin Games\gamepage\styles\shoppingcart.css c:\program files\iWin Games\gamepage\success.html c:\program files\iWin Games\host.cfg c:\program files\iWin Games\iWinGames.exe c:\program files\iWin Games\iWinInfo.dll c:\program files\iWin Games\iWinTrusted.exe c:\program files\iWin Games\pages\alert32x32.gif c:\program files\iWin Games\pages\arcadeCheck.js c:\program files\iWin Games\pages\blank.html c:\program files\iWin Games\pages\blank2.html c:\program files\iWin Games\pages\error.html c:\program files\iWin Games\pages\error404.css c:\program files\iWin Games\pages\iwin_logo.gif c:\program files\iWin Games\pages\login.html c:\program files\iWin Games\pages\maintenance.html c:\program files\iWin Games\pages\offline.css c:\program files\iWin Games\pages\offline.html c:\program files\iWin Games\pages\offline.jpg c:\program files\iWin Games\pages\offline_tag.gif c:\program files\iWin Games\pages\offlineBg.gif c:\program files\iWin Games\pages\orange-im-connected-60.gif c:\program files\iWin Games\pages\terrie404.gif c:\program files\iWin Games\pages\test.html c:\program files\iWin Games\sounds\animation.wav c:\program files\iWin Games\sounds\animationBack.wav c:\program files\iWin Games\sounds\button_click.wav c:\program files\iWin Games\sounds\coins.wav c:\program files\iWin Games\sounds\download_completed.wav c:\program files\iWin Games\sounds\slidebackin.wav c:\program files\iWin Games\sounds\slideout.wav c:\program files\iWin Games\sounds\start.wav c:\program files\iWin Games\Uninstall.exe c:\program files\iWin Games\WebInstaller.exe c:\program files\iWin Games\WebUpdater.bmp c:\program files\iWin Games\WebUpdater.exe . . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . . -------\Legacy_IWINTRUSTED -------\Service_iWinTrusted -------\Service_sxymyk . . (((((((((((((((((((( Bestanden Gemaakt van 2012-05-27 to 2012-06-27 )))))))))))))))))))))))))))))) . . 2012-06-26 17:21 . 2012-06-26 17:21 -------- d-----w- C:\backups 2012-06-26 13:03 . 2012-06-26 13:03 388608 ----a-w- C:\HijackThis.exe 2012-06-26 12:35 . 2012-06-26 12:38 -------- d-----w- c:\documents and settings\Administrator 2012-06-26 10:06 . 2012-06-26 10:06 -------- d-----w- c:\documents and settings\All Users\Application Data\kklagndhrueoame 2012-06-24 10:14 . 2012-06-24 10:16 -------- d-----w- c:\documents and settings\beheerder\Application Data\4Sync 2012-06-24 10:14 . 2012-06-24 10:14 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee Security Scan 2012-06-24 10:14 . 2012-06-24 10:14 -------- d-----w- c:\program files\McAfee Security Scan 2012-06-24 10:14 . 2012-06-24 10:14 -------- d-----w- c:\program files\4shared Toolbar 2012-06-24 10:14 . 2012-06-24 10:14 -------- d-----w- c:\documents and settings\beheerder\LocalLow 2012-06-24 10:13 . 2012-06-24 10:13 -------- d-----w- c:\documents and settings\All Users\Application Data\4Sync 2012-06-24 10:13 . 2012-06-24 10:13 -------- d-----w- c:\program files\4Sync 2012-06-24 07:50 . 2012-06-24 07:50 -------- d-----w- c:\documents and settings\beheerder\Application Data\SYSTEMAX Software Development 2012-06-24 07:50 . 2012-06-24 07:50 -------- d-----w- c:\documents and settings\All Users\Application Data\SYSTEMAX Software Development 2012-06-22 20:01 . 2012-06-22 20:01 -------- d-----w- c:\program files\HobbyWare 2012-06-14 14:13 . 2012-05-11 14:44 521728 -c----w- c:\windows\system32\dllcache\jsdbgui.dll 2012-05-28 19:53 . 2012-05-28 19:53 -------- d-----w- c:\program files\Google . . . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-06-22 20:01 . 2011-12-31 01:39 17408 ----a-w- C:\psapi.dll 2012-06-02 13:19 . 2008-10-16 13:07 18456 ----a-w- c:\windows\system32\wuaueng.dll.mui 2012-06-02 13:19 . 2009-03-26 08:57 329240 ----a-w- c:\windows\system32\wucltui.dll 2012-06-02 13:19 . 2009-03-26 08:57 219160 ----a-w- c:\windows\system32\wuaucpl.cpl 2012-06-02 13:19 . 2009-03-26 08:57 210968 ----a-w- c:\windows\system32\wuweb.dll 2012-06-02 13:19 . 2009-03-26 08:57 53784 ----a-w- c:\windows\system32\wuauclt.exe 2012-06-02 13:19 . 2009-03-26 08:57 35864 ----a-w- c:\windows\system32\wups.dll 2012-06-02 13:19 . 2008-10-16 13:09 45080 ----a-w- c:\windows\system32\wups2.dll 2012-06-02 13:19 . 2008-04-15 12:00 97304 ----a-w- c:\windows\system32\cdm.dll 2012-06-02 13:19 . 2008-10-16 13:08 15896 ----a-w- c:\windows\system32\wuapi.dll.mui 2012-06-02 13:19 . 2009-03-26 08:57 577048 ----a-w- c:\windows\system32\wuapi.dll 2012-06-02 13:19 . 2008-10-16 13:08 15896 ----a-w- c:\windows\system32\wuaucpl.cpl.mui 2012-06-02 13:19 . 2009-03-26 08:57 1933848 ----a-w- c:\windows\system32\wuaueng.dll 2012-06-02 13:19 . 2008-10-16 13:09 24088 ----a-w- c:\windows\system32\wucltui.dll.mui 2012-06-02 13:19 . 2009-03-26 15:24 18160 ----a-w- c:\windows\system32\mucltui.dll.mui 2012-06-02 13:18 . 2009-03-26 15:24 275696 ----a-w- c:\windows\system32\mucltui.dll 2012-06-02 13:18 . 2008-10-16 13:07 214256 ----a-w- c:\windows\system32\muweb.dll 2012-05-31 13:22 . 2008-04-15 12:00 602624 ----a-w- c:\windows\system32\crypt32.dll 2012-05-16 15:09 . 2008-04-15 12:00 916992 ----a-w- c:\windows\system32\wininet.dll 2012-05-15 13:55 . 2008-04-15 12:00 1863296 ------w- c:\windows\system32\win32k.sys 2012-05-11 14:44 . 2008-04-15 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll 2012-05-11 14:44 . 2008-04-15 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl 2012-05-11 11:39 . 2008-04-15 12:00 385024 ----a-w- c:\windows\system32\html.iec 2012-05-05 06:25 . 2012-04-02 22:33 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-05-05 06:25 . 2012-04-02 22:33 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-05-05 03:15 . 2008-04-15 12:00 2152960 ------w- c:\windows\system32\ntoskrnl.exe 2012-05-05 03:14 . 2008-04-14 22:11 2031104 ------w- c:\windows\system32\ntkrnlpa.exe 2012-05-02 13:47 . 2009-03-26 08:55 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys 2012-04-04 13:56 . 2009-12-17 15:48 22344 ----a-w- c:\windows\system32\drivers\mbam.sys . . ------- Sigcheck ------- Note: Unsigned files aren't necessarily malware. . [-] 2008-08-25 . 497BEF5C5FAD126CA16437C1682F64EA . 1571840 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll . ((((((((((((((((((((((((((((( SnapShot@2012-06-27_11.11.56 ))))))))))))))))))))))))))))))))))))))))) . + 2012-06-27 12:34 . 2012-06-27 12:34 16384 c:\windows\temp\Perflib_Perfdata_13c.dat . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 . [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser] "{95080B13-AA71-4EE8-B951-7E98221E1ED5}"= "c:\program files\4shared Toolbar\4sharedbar32.dll" [2012-03-07 214016] . [HKEY_CLASSES_ROOT\clsid\{95080b13-aa71-4ee8-b951-7e98221e1ed5}] [HKEY_CLASSES_ROOT\4sharedBar.4sharedBarObj.1] [HKEY_CLASSES_ROOT\TypeLib\{50F22041-08AC-484B-BB6F-4DDB2CF8B693}] [HKEY_CLASSES_ROOT\4sharedBar.4sharedBarObj] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4SyncOverlay1] @="{2012DE06-50C0-48BD-ACDE-88F95D4CAD1F}" [HKEY_CLASSES_ROOT\CLSID\{2012DE06-50C0-48BD-ACDE-88F95D4CAD1F}] 2012-05-25 13:32 1338880 ----a-w- c:\program files\4Sync\ShellExt.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4SyncOverlay2] @="{C72C6188-BEF2-46E5-A89A-52F0ED75219E}" [HKEY_CLASSES_ROOT\CLSID\{C72C6188-BEF2-46E5-A89A-52F0ED75219E}] 2012-05-25 13:32 1338880 ----a-w- c:\program files\4Sync\ShellExt.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4SyncOverlay3] @="{C92F6BC2-AF61-4C0E-80E0-939B8282DDB7}" [HKEY_CLASSES_ROOT\CLSID\{C92F6BC2-AF61-4C0E-80E0-939B8282DDB7}] 2012-05-25 13:32 1338880 ----a-w- c:\program files\4Sync\ShellExt.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4SyncOverlay4] @="{CB1EFEF8-D5E0-49D1-B768-41B48B1D7803}" [HKEY_CLASSES_ROOT\CLSID\{CB1EFEF8-D5E0-49D1-B768-41B48B1D7803}] 2012-05-25 13:32 1338880 ----a-w- c:\program files\4Sync\ShellExt.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "EPSON SX125 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIGGE.EXE" [2009-09-14 200704] "4Sync"="c:\program files\4Sync\4Sync.exe" [2012-06-06 10821664] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-04-09 2029640] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064] "DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-06-03 1144104] "AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2011-02-22 111208] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2011-02-22 13880424] "nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2010-11-04 1753192] "EEventManager"="c:\program files\Epson Software\Event Manager\EEventManager.exe" [2009-12-03 976320] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-03-27 37296] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712] "googletalk"="c:\program files\Google\Google Talk\googletalk.exe" [2007-01-01 3739648] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-15 15360] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "nltide_3"="advpack.dll" [2009-03-08 128512] . c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\ Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2010-10-21 113664] McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\3.0.229\SSScheduler.exe [2011-9-20 272528] Registratiesoftware starten.lnk - c:\program files\WiFiConnector\NintendoWFCReg.exe [2011-2-8 1175552] . [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer] "ForceClassicControlPanel"= 1 (0x1) . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Kodak EasyShare software.lnk] path=c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\Kodak EasyShare software.lnk backup=c:\windows\pss\Kodak EasyShare software.lnkCommon Startup . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck] c:\windows\system32\dumprep 0 -k [X] . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] 2012-03-27 12:41 37296 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] 2007-06-27 17:03 152872 ----a-w- c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE] 2008-04-15 12:00 15360 ------w- c:\windows\system32\ctfmon.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DXM6Patch_981116] 1998-11-30 16:04 497376 ----a-w- c:\windows\p_981116.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel] 2008-01-24 11:32 2289664 ----a-w- c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] 2007-03-01 13:57 153136 ----a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SysTrayApp] 2008-06-20 00:40 442433 ----a-w- c:\program files\IDT\WDM\sttray.exe . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= "c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"= "c:\\WINDOWS\\system32\\dpvsetup.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\WiFiConnector\\NintendoWFCReg.exe"= "c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\Epson Software\\Event Manager\\EEventManager.exe"= "c:\\Program Files\\Google\\Google Talk\\googletalk.exe"= . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "24941:TCP"= 24941:TCP:BitComet 24941 TCP "24941:UDP"= 24941:UDP:BitComet 24941 UDP "5353:TCP"= 5353:TCP:Adobe CSI CS4 "5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management . R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [18-5-2010 14:14 715248] R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [9-4-2009 16:18 107256] R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [9-4-2009 16:21 94360] R2 ABBYY.Licensing.FineReader.Sprint.9.0;ABBYY FineReader 9.0 Sprint Licensing Service;c:\program files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [14-5-2009 17:07 759048] R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [9-4-2009 16:19 731840] R2 TabletServicePen;TabletServicePen;c:\windows\system32\Pen_Tablet.exe [5-10-2010 11:27 4497704] R2 WTouchService;WTouch Service;c:\program files\WTouch\WTouchService.exe [5-10-2010 11:28 113448] R3 e1yexpress;Intel® Gigabit Network Connections Driver;c:\windows\system32\drivers\e1y5132.sys [25-8-2008 13:11 244368] S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [3-4-2012 0:33 257696] S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\3.0.229\McCHSvc.exe [20-9-2011 22:15 237008] S3 UXDCMN;UXDCMN;\??\f:\winstress\UXDCMN.SYS --> f:\winstress\UXDCMN.SYS [?] S3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\drivers\wacmoumonitor.sys [5-10-2010 11:28 16168] . --- Andere Services/Drivers In Geheugen --- . *NewlyCreated* - WS2IFSL . [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}] 2008-01-24 11:30 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe . Inhoud van de 'Gedeelde Taken' map . 2012-06-26 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-02 06:25] . 2012-06-25 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 09:50] . . ------- Bijkomende Scan ------- . uStart Page = hxxp://www.secundi.net/ mSearch Bar = hxxp://www.google.com uInternet Settings,ProxyOverride = *.local IE: &4shared Search - c:\program files\4shared Toolbar\4sharedbar32.dll/MENUSEARCH.HTM IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\beheerder\Menu Start\Programma's\IMVU\Run IMVU.lnk TCP: DhcpNameServer = 192.168.1.254 195.241.77.51 195.241.77.52 DPF: {A4150320-98EC-4DB6-9BFB-EBF4B6FBEB16} - hxxp://46.129.32.33/codebase/DVM_IPCam2.ocx . - - - - ORPHANS VERWIJDERD - - - - . HKCU-Run-AdobeBridge - (no file) HKCU-Run-dhtowfucwzldule - c:\documents and settings\All Users\Application Data\dhtowfuc.exe AddRemove-iWinArcade - c:\program files\iWin Games\Uninstall.exe AddRemove-Binqy.com - d:\program files\Binqy.com\uninstall.exe . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover Rootkit scan 2012-06-27 14:36 Windows 5.1.2600 Service Pack 3 NTFS . scannen van verborgen processen ... . scannen van verborgen autostart items ... . scannen van verborgen bestanden ... . Scan succesvol afgerond verborgen bestanden: 0 . ************************************************************************** . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- . [HKEY_USERS\S-1-5-21-796845957-583907252-1801674531-1004\Software\SecuROM\License information*] "datasecu"=hex:c2,5b,83,43,51,b1,19,e6,16,73,1d,ec,78,fe,ee,5d,62,1a,2c,61,fc, c1,5e,fa,b1,92,88,3d,98,70,8d,37,bf,be,b0,90,98,0f,c8,c7,f5,09,02,4d,5c,a0,\ "rkeysecu"=hex:09,a8,17,d7,9e,a2,39,7f,c1,2d,fe,3d,9c,9a,02,90 . --------------------- DLLs Geladen Onder Lopende Processen --------------------- . - - - - - - - > 'winlogon.exe'(748) c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll . - - - - - - - > 'explorer.exe'(1312) c:\program files\4Sync\ShellExt.dll c:\progra~1\WINDOW~2\wmpband.dll c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\program files\4Sync\ShellCp.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Andere Aktieve Processen ------------------------ . c:\windows\system32\nvsvc32.exe c:\program files\idt\intelxpv_v100\wdm\STacSV.exe c:\program files\WTouch\WTouchUser.exe c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe c:\program files\Bonjour\mDNSResponder.exe c:\program files\Java\jre6\bin\jqs.exe c:\program files\Common Files\LightScribe\LSSrvc.exe c:\windows\system32\RUNDLL32.EXE c:\windows\system32\wscntfy.exe . ************************************************************************** . Voltooingstijd: 2012-06-27 14:43:21 - machine werd herstart ComboFix-quarantined-files.txt 2012-06-27 12:43 ComboFix2.txt 2012-06-27 11:13 . Pre-Run: 228.499.468.288 bytes beschikbaar Post-Run: 228.409.294.848 bytes beschikbaar . - - End Of File - - 5A184765EA95683979CD41F9B82D2C9C
-
Mijn virusscanner kon niet opgestart in veilige modus dus ik kon hem niet uitschakelen en dacht dat ie gewoon uit was, maar ComboFix gaf wel een melding om hem uit te schakelen. Dit is dus niet gelukt. Daarna heb ik gewoon de scan gedaan zoals aangeraden en dit is het log: ComboFix 12-06-26.02 - Administrator 27-06-2012 13:04:31.1.4 - x86 NETWORK Microsoft Windows XP Home Edition 5.1.2600.3.1252.31.1043.18.3323.2992 [GMT 2:00] Gestart vanuit: c:\documents and settings\Administrator\Bureaublad\ComboFix.exe AV: ESET NOD32 Antivirus 4.0 *Enabled/Outdated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0} . . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\documents and settings\All Users\Application Data\dhtowfuc.exe c:\documents and settings\All Users\Application Data\loyjzhta.exe c:\documents and settings\All Users\Application Data\nkuhlvvo.exe c:\documents and settings\All Users\Application Data\qaphhnaydeqtqws c:\documents and settings\All Users\Application Data\TEMP c:\documents and settings\All Users\Application Data\TEMP\1C678466.TMP c:\documents and settings\All Users\Application Data\TEMP\94F0FAE0.TMP c:\documents and settings\All Users\Application Data\TEMP\AF2F4B57.TMP c:\documents and settings\All Users\Application Data\TEMP\B58DB468.TMP c:\documents and settings\All Users\Application Data\TEMP\BF3D0EA3.TMP c:\documents and settings\All Users\Application Data\TEMP\C1B5E244.TMP c:\documents and settings\All Users\Application Data\TEMP\C81E3C9C.TMP c:\documents and settings\All Users\Application Data\TEMP\C9EC3958.TMP c:\documents and settings\All Users\Application Data\vzcbtjmj.exe c:\documents and settings\beheerder\Application Data\.# c:\documents and settings\beheerder\Application Data\vso_ts_preview.xml c:\windows\IsUn0413.exe c:\windows\system32\drivers\etc\hosts.ics . . (((((((((((((((((((( Bestanden Gemaakt van 2012-05-27 to 2012-06-27 )))))))))))))))))))))))))))))) . . 2012-06-26 17:21 . 2012-06-26 17:21 -------- d-----w- C:\backups 2012-06-26 13:03 . 2012-06-26 13:03 388608 ----a-w- C:\HijackThis.exe 2012-06-26 12:35 . 2012-06-26 12:38 -------- d-----w- c:\documents and settings\Administrator 2012-06-26 10:06 . 2012-06-26 10:06 -------- d-----w- c:\documents and settings\All Users\Application Data\kklagndhrueoame 2012-06-24 10:14 . 2012-06-24 10:16 -------- d-----w- c:\documents and settings\beheerder\Application Data\4Sync 2012-06-24 10:14 . 2012-06-24 10:14 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee Security Scan 2012-06-24 10:14 . 2012-06-24 10:14 -------- d-----w- c:\program files\McAfee Security Scan 2012-06-24 10:14 . 2012-06-24 10:14 -------- d-----w- c:\program files\4shared Toolbar 2012-06-24 10:14 . 2012-06-24 10:14 -------- d-----w- c:\documents and settings\beheerder\LocalLow 2012-06-24 10:13 . 2012-06-24 10:13 -------- d-----w- c:\documents and settings\All Users\Application Data\4Sync 2012-06-24 10:13 . 2012-06-24 10:13 -------- d-----w- c:\program files\4Sync 2012-06-24 07:50 . 2012-06-24 07:50 -------- d-----w- c:\documents and settings\beheerder\Application Data\SYSTEMAX Software Development 2012-06-24 07:50 . 2012-06-24 07:50 -------- d-----w- c:\documents and settings\All Users\Application Data\SYSTEMAX Software Development 2012-06-22 20:01 . 2012-06-22 20:01 -------- d-----w- c:\program files\HobbyWare 2012-06-15 18:15 . 2012-06-15 18:25 -------- d-----w- c:\documents and settings\All Users\Application Data\B7E85889008624A056477F04D151FC84 2012-06-14 14:13 . 2012-05-11 14:44 521728 -c----w- c:\windows\system32\dllcache\jsdbgui.dll 2012-05-28 19:53 . 2012-05-28 19:53 -------- d-----w- c:\program files\Google . . . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-06-22 20:01 . 2011-12-31 01:39 17408 ----a-w- C:\psapi.dll 2012-06-02 13:19 . 2008-10-16 13:07 18456 ----a-w- c:\windows\system32\wuaueng.dll.mui 2012-06-02 13:19 . 2009-03-26 08:57 329240 ----a-w- c:\windows\system32\wucltui.dll 2012-06-02 13:19 . 2009-03-26 08:57 219160 ----a-w- c:\windows\system32\wuaucpl.cpl 2012-06-02 13:19 . 2009-03-26 08:57 210968 ----a-w- c:\windows\system32\wuweb.dll 2012-06-02 13:19 . 2009-03-26 08:57 53784 ----a-w- c:\windows\system32\wuauclt.exe 2012-06-02 13:19 . 2009-03-26 08:57 35864 ----a-w- c:\windows\system32\wups.dll 2012-06-02 13:19 . 2008-10-16 13:09 45080 ----a-w- c:\windows\system32\wups2.dll 2012-06-02 13:19 . 2008-04-15 12:00 97304 ----a-w- c:\windows\system32\cdm.dll 2012-06-02 13:19 . 2008-10-16 13:08 15896 ----a-w- c:\windows\system32\wuapi.dll.mui 2012-06-02 13:19 . 2009-03-26 08:57 577048 ----a-w- c:\windows\system32\wuapi.dll 2012-06-02 13:19 . 2008-10-16 13:08 15896 ----a-w- c:\windows\system32\wuaucpl.cpl.mui 2012-06-02 13:19 . 2009-03-26 08:57 1933848 ----a-w- c:\windows\system32\wuaueng.dll 2012-06-02 13:19 . 2008-10-16 13:09 24088 ----a-w- c:\windows\system32\wucltui.dll.mui 2012-06-02 13:19 . 2009-03-26 15:24 18160 ----a-w- c:\windows\system32\mucltui.dll.mui 2012-06-02 13:18 . 2009-03-26 15:24 275696 ----a-w- c:\windows\system32\mucltui.dll 2012-06-02 13:18 . 2008-10-16 13:07 214256 ----a-w- c:\windows\system32\muweb.dll 2012-05-31 13:22 . 2008-04-15 12:00 602624 ----a-w- c:\windows\system32\crypt32.dll 2012-05-16 15:09 . 2008-04-15 12:00 916992 ----a-w- c:\windows\system32\wininet.dll 2012-05-15 13:55 . 2008-04-15 12:00 1863296 ------w- c:\windows\system32\win32k.sys 2012-05-11 14:44 . 2008-04-15 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll 2012-05-11 14:44 . 2008-04-15 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl 2012-05-11 11:39 . 2008-04-15 12:00 385024 ----a-w- c:\windows\system32\html.iec 2012-05-05 06:25 . 2012-04-02 22:33 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-05-05 06:25 . 2012-04-02 22:33 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-05-05 03:15 . 2008-04-15 12:00 2152960 ------w- c:\windows\system32\ntoskrnl.exe 2012-05-05 03:14 . 2008-04-14 22:11 2031104 ------w- c:\windows\system32\ntkrnlpa.exe 2012-05-02 13:47 . 2009-03-26 08:55 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys 2012-04-04 13:56 . 2009-12-17 15:48 22344 ----a-w- c:\windows\system32\drivers\mbam.sys . . ------- Sigcheck ------- Note: Unsigned files aren't necessarily malware. . [-] 2008-08-25 . 497BEF5C5FAD126CA16437C1682F64EA . 1571840 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4SyncOverlay1] @="{2012DE06-50C0-48BD-ACDE-88F95D4CAD1F}" [HKEY_CLASSES_ROOT\CLSID\{2012DE06-50C0-48BD-ACDE-88F95D4CAD1F}] 2012-05-25 13:32 1338880 ----a-w- c:\program files\4Sync\ShellExt.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4SyncOverlay2] @="{C72C6188-BEF2-46E5-A89A-52F0ED75219E}" [HKEY_CLASSES_ROOT\CLSID\{C72C6188-BEF2-46E5-A89A-52F0ED75219E}] 2012-05-25 13:32 1338880 ----a-w- c:\program files\4Sync\ShellExt.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4SyncOverlay3] @="{C92F6BC2-AF61-4C0E-80E0-939B8282DDB7}" [HKEY_CLASSES_ROOT\CLSID\{C92F6BC2-AF61-4C0E-80E0-939B8282DDB7}] 2012-05-25 13:32 1338880 ----a-w- c:\program files\4Sync\ShellExt.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4SyncOverlay4] @="{CB1EFEF8-D5E0-49D1-B768-41B48B1D7803}" [HKEY_CLASSES_ROOT\CLSID\{CB1EFEF8-D5E0-49D1-B768-41B48B1D7803}] 2012-05-25 13:32 1338880 ----a-w- c:\program files\4Sync\ShellExt.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-04-09 2029640] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064] "DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-06-03 1144104] "AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2011-02-22 111208] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2011-02-22 13880424] "nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2010-11-04 1753192] "EEventManager"="c:\program files\Epson Software\Event Manager\EEventManager.exe" [2009-12-03 976320] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-03-27 37296] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712] "googletalk"="c:\program files\Google\Google Talk\googletalk.exe" [2007-01-01 3739648] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-15 15360] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "nltide_3"="advpack.dll" [2009-03-08 128512] . c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\ Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2010-10-21 113664] McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\3.0.229\SSScheduler.exe [2011-9-20 272528] Registratiesoftware starten.lnk - c:\program files\WiFiConnector\NintendoWFCReg.exe [2011-2-8 1175552] . [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer] "ForceClassicControlPanel"= 1 (0x1) . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Kodak EasyShare software.lnk] path=c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\Kodak EasyShare software.lnk backup=c:\windows\pss\Kodak EasyShare software.lnkCommon Startup . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck] c:\windows\system32\dumprep 0 -k [X] . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] 2012-03-27 12:41 37296 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] 2007-06-27 17:03 152872 ----a-w- c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE] 2008-04-15 12:00 15360 ------w- c:\windows\system32\ctfmon.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DXM6Patch_981116] 1998-11-30 16:04 497376 ----a-w- c:\windows\p_981116.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel] 2008-01-24 11:32 2289664 ----a-w- c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] 2007-03-01 13:57 153136 ----a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SysTrayApp] 2008-06-20 00:40 442433 ----a-w- c:\program files\IDT\WDM\sttray.exe . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= "c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"= "c:\\WINDOWS\\system32\\dpvsetup.exe"= "c:\\Program Files\\iWin Games\\iWinGames.exe"= "c:\\Program Files\\iWin Games\\WebUpdater.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\WiFiConnector\\NintendoWFCReg.exe"= "c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\Epson Software\\Event Manager\\EEventManager.exe"= "c:\\Program Files\\Google\\Google Talk\\googletalk.exe"= . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "24941:TCP"= 24941:TCP:BitComet 24941 TCP "24941:UDP"= 24941:UDP:BitComet 24941 UDP "5353:TCP"= 5353:TCP:Adobe CSI CS4 "5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management . R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [18-5-2010 14:14 715248] R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [9-4-2009 16:21 94360] R3 e1yexpress;Intel® Gigabit Network Connections Driver;c:\windows\system32\drivers\e1y5132.sys [25-8-2008 13:11 244368] S0 sxymyk;sxymyk;c:\windows\system32\drivers\numchq.sys --> c:\windows\system32\drivers\numchq.sys [?] S1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [9-4-2009 16:18 107256] S2 ABBYY.Licensing.FineReader.Sprint.9.0;ABBYY FineReader 9.0 Sprint Licensing Service;c:\program files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [14-5-2009 17:07 759048] S2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [9-4-2009 16:19 731840] S2 iWinTrusted;iWinTrusted;c:\program files\iWin Games\iWinTrusted.exe [8-4-2011 17:17 176848] S2 TabletServicePen;TabletServicePen;c:\windows\system32\Pen_Tablet.exe [5-10-2010 11:27 4497704] S2 WTouchService;WTouch Service;c:\program files\WTouch\WTouchService.exe [5-10-2010 11:28 113448] S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [3-4-2012 0:33 257696] S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\3.0.229\McCHSvc.exe [20-9-2011 22:15 237008] S3 UXDCMN;UXDCMN;\??\f:\winstress\UXDCMN.SYS --> f:\winstress\UXDCMN.SYS [?] S3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\drivers\wacmoumonitor.sys [5-10-2010 11:28 16168] . --- Andere Services/Drivers In Geheugen --- . *NewlyCreated* - DCFS2K . [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}] 2008-01-24 11:30 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe . Inhoud van de 'Gedeelde Taken' map . 2012-06-26 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-02 06:25] . 2012-06-25 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 09:50] . . ------- Bijkomende Scan ------- . mSearch Bar = hxxp://www.google.com IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\beheerder\Menu Start\Programma's\IMVU\Run IMVU.lnk TCP: DhcpNameServer = 192.168.1.254 195.241.77.51 195.241.77.52 DPF: {A4150320-98EC-4DB6-9BFB-EBF4B6FBEB16} - hxxp://46.129.32.33/codebase/DVM_IPCam2.ocx . - - - - ORPHANS VERWIJDERD - - - - . HKLM-Run-QuickTime Task - d:\program files\QuickTime\qttask.exe HKLM-Run-iTunesHelper - d:\program files\iTunes\iTunesHelper.exe MSConfigStartUp-iTunesHelper - d:\program files\iTunes\iTunesHelper.exe MSConfigStartUp-QuickTime Task - d:\program files\QuickTime\qttask.exe AddRemove-3 Days: Amulet Secret - d:\program files\iWin.com\3 Days Amulet Secret\Uninstall.exe AddRemove-4shared Toolbar - c:\program files\4shared Toolbar\uninstall.exe AddRemove-Aboo - d:\program files\iWin.com\Aboo\Uninstall.exe AddRemove-Adobe Photoshop 7.0 - d:\program files\Adobe\Photoshop 7.0\Uninst.isu AddRemove-Adventures of Mary Ann - d:\program files\iWin.com\Adventures of Mary Ann\Uninstall.exe AddRemove-Aladdin and the Enchanted Lamp -- Extended Edition - d:\program files\iWin.com\Aladdin and the Enchanted Lamp -- Extended Edition\Uninstall.exe AddRemove-Alice in Wonderland - d:\program files\iWin.com\Alice in Wonderland\Uninstall.exe AddRemove-Anka - d:\program files\iWin.com\Anka\Uninstall.exe AddRemove-Art of Murder FBI Confidential - d:\program files\iWin.com\Art of Murder FBI Confidential\Uninstall.exe AddRemove-Artist Colony - d:\program files\iWin.com\Artist Colony\Uninstall.exe AddRemove-Avalon - d:\program files\iWin.com\Avalon\Uninstall.exe AddRemove-Avalon Legends Solitaire - d:\program files\iWin.com\Avalon Legends Solitaire\Uninstall.exe AddRemove-Avenue Flo: Special Delivery - d:\program files\iWin.com\Avenue Flo Special Delivery\Uninstall.exe AddRemove-Aveyond Lord of Twilight - d:\program files\iWin.com\Aveyond Lord of Twilight\Uninstall.exe AddRemove-Aveyond: Gates of Night - d:\program files\iWin.com\Aveyond Gates of Night\Uninstall.exe AddRemove-Awakening: The Dreamless Castle - d:\program files\iWin.com\Awakening The Dreamless Castle\Uninstall.exe AddRemove-Banana Bugs - d:\program files\iWin.com\Banana Bugs\Uninstall.exe AddRemove-BitComet - d:\program files\BitComet\uninst.exe AddRemove-Broken Hearts: A Soldier's Duty - d:\program files\iWin.com\Broken Hearts A Soldier's Duty\Uninstall.exe AddRemove-BumbleBee Jewel - d:\program files\iWin.com\BumbleBee Jewel\Uninstall.exe AddRemove-Cassandra's Journey 2: The Fifth Sun of Nostradamus - d:\program files\iWin.com\Cassandra's Journey 2 The Fifth Sun of Nostradamus\Uninstall.exe AddRemove-Catan - c:\windows\IsUn0413.exe AddRemove-Catan Online Welt - d:\program files\Catan GmbH\Catan Online World 2\uninst.exe AddRemove-City Style - d:\program files\iWin.com\City Style\Uninstall.exe AddRemove-Coconut Queen Beta - d:\program files\iWin.com\Coconut Queen Beta\Uninstall.exe AddRemove-Coffee Break - d:\program files\iWin.com\Coffee Break\Uninstall.exe AddRemove-Cookie Domination - d:\program files\iWin.com\Cookie Domination\Uninstall.exe AddRemove-Core FTP LE 2.1 - d:\progra~1\CoreFTP\UNWISE.EXE AddRemove-Deadtime Stories - d:\program files\iWin.com\Deadtime Stories\Uninstall.exe AddRemove-Deep Blue Sea 2 - d:\program files\iWin.com\Deep Blue Sea 2\Uninstall.exe AddRemove-Destination Treasure Island - d:\program files\iWin.com\Destination Treasure Island\Uninstall.exe AddRemove-Detective Agency - d:\program files\iWin.com\Detective Agency\Uninstall.exe AddRemove-Dolphins Dice Slots - d:\program files\iWin.com\Dolphins Dice Slots\Uninstall.exe AddRemove-Dr. Despicable's Dastardly Deeds - d:\program files\iWin.com\Dr. Despicable's Dastardly Deeds\Uninstall.exe AddRemove-Drawn: The Painted Tower - d:\program files\iWin.com\Drawn The Painted Tower\Uninstall.exe AddRemove-Dream Chronicles The Chosen Child - d:\program files\iWin.com\Dream Chronicles The Chosen Child\Uninstall.exe AddRemove-Dream Chronicles: The Book of Air - d:\program files\iWin.com\Dream Chronicles The Book of Air\Uninstall.exe AddRemove-Elixir of Immortality - d:\program files\iWin.com\Elixir of Immortality\Uninstall.exe AddRemove-Enchanted Katya - d:\program files\iWin.com\Enchanted Katya\Uninstall.exe AddRemove-Escape from Paradise 2 - d:\program files\iWin.com\Escape from Paradise 2\Uninstall.exe AddRemove-Eternity - d:\program files\iWin.com\Eternity\Uninstall.exe AddRemove-Evoly - d:\program files\iWin.com\Evoly\Uninstall.exe AddRemove-Faerie Solitaire - d:\program files\iWin.com\Faerie Solitaire\Uninstall.exe AddRemove-Family Feud: Battle of the Sexes - d:\program files\iWin.com\Family Feud Battle of the Sexes\Uninstall.exe AddRemove-Fashionallia - d:\program files\iWin.com\Fashionallia\Uninstall.exe AddRemove-Fiction Fixers: The Curse of Oz - d:\program files\iWin.com\Fiction Fixers The Curse of Oz\Uninstall.exe AddRemove-Fiction Fixers: Adventures in Wonderland - d:\program files\iWin.com\Fiction Fixers Adventures in Wonderland\Uninstall.exe AddRemove-Fiona Finch and the Finest Flowers - d:\program files\iWin.com\Fiona Finch and the Finest Flowers\Uninstall.exe AddRemove-Fishdom - d:\program files\iWin.com\Fishdom\Uninstall.exe AddRemove-Fishdom 2: Premium Edition - d:\program files\iWin.com\Fishdom 2 Premium Edition\Uninstall.exe AddRemove-Fishdom: Frosty Splash - d:\program files\iWin.com\Fishdom Frosty Splash\Uninstall.exe AddRemove-Fishdom: Spooky Splash - d:\program files\iWin.com\Fishdom Spooky Splash\Uninstall.exe AddRemove-Flower Paradise - d:\program files\iWin.com\Flower Paradise\Uninstall.exe AddRemove-Free WMA to MP3 Converter_is1 - d:\muziek\Dad\Opa\unins000.exe AddRemove-FreeCell Wonderland - d:\program files\iWin.com\FreeCell Wonderland\Uninstall.exe AddRemove-Girls Inc. TeamUp - d:\program files\iWin.com\Girls Inc. TeamUp\Uninstall.exe AddRemove-Globey On the Roll - d:\program files\iWin.com\Globey On the Roll\Uninstall.exe AddRemove-Governor of Poker 2 - d:\program files\iWin.com\Governor of Poker 2\Uninstall.exe AddRemove-Great Adventures: Xmas Edition - d:\program files\iWin.com\Great Adventures Xmas Edition\Uninstall.exe AddRemove-Grimms Hatchery_is1 - d:\program files\Grimms Hatchery\ReflexiveArcade\unins000.exe AddRemove-Gwen the Magic Nanny - d:\program files\iWin.com\Gwen the Magic Nanny\Uninstall.exe AddRemove-Habitat Rescue: Lion's Pride - d:\program files\iWin.com\Habitat Rescue Lion's Pride\Uninstall.exe AddRemove-Heartwild Solitaire: Book Two - d:\program files\iWin.com\Heartwild Solitaire Book Two\Uninstall.exe AddRemove-Heroes of Hellas 2: Olympia - d:\program files\iWin.com\Heroes of Hellas 2 Olympia\Uninstall.exe AddRemove-Heroes of Kalevala - d:\program files\iWin.com\Heroes of Kalevala\Uninstall.exe AddRemove-Home Sweet Home - d:\program files\iWin.com\Home Sweet Home\Uninstall.exe AddRemove-Home Sweet Home 2: Kitchens and Baths - d:\program files\iWin.com\Home Sweet Home 2 Kitchens and Baths\Uninstall.exe AddRemove-Home Sweet Home Christmas Edition - d:\program files\iWin.com\Home Sweet Home Christmas Edition\Uninstall.exe AddRemove-Hotel: Collector's Edition - d:\program files\iWin.com\Hotel Collector's Edition\Uninstall.exe AddRemove-Hoyle Solitaire - d:\program files\iWin.com\Hoyle Solitaire\Uninstall.exe AddRemove-HP PSC 1200 Series - d:\program files\Hewlett-Packard\Digital Imaging\{7C8BB31C-E09E-4c7d-BBF1-45E33B467FE1}\Setup\hpzscr01.exe AddRemove-Huru Beach Party - d:\program files\iWin.com\Huru Beach Party\Uninstall.exe AddRemove-Inkscape - d:\program files\Inkscape\Uninstall.exe AddRemove-Insaniquarium - d:\program files\iWin.com\Insaniquarium\Uninstall.exe AddRemove-Island Realms - d:\program files\iWin.com\Island Realms\Uninstall.exe AddRemove-Jane's Zoo - d:\program files\iWin.com\Jane's Zoo\Uninstall.exe AddRemove-Jojos Fashion Show: World Tour - d:\program files\iWin.com\Jojos Fashion Show World Tour\Uninstall.exe AddRemove-King's Smith - d:\program files\iWin.com\King's Smith\Uninstall.exe AddRemove-Kitten Sanctuary - d:\program files\iWin.com\Kitten Sanctuary\Uninstall.exe AddRemove-LimeWire - d:\program files\LimeWire\uninstall.exe AddRemove-Little Folk of Faery - d:\program files\iWin.com\Little Folk of Faery\Uninstall.exe AddRemove-Love & Death: Bitten - d:\program files\iWin.com\Love & Death Bitten\Uninstall.exe AddRemove-LyricsSeeker plugins - d:\program files\LyricsSeeker\uninst.exe AddRemove-Magic Farm - d:\program files\iWin.com\Magic Farm\Uninstall.exe AddRemove-Magic Farm Ultimate Flower - d:\program files\iWin.com\Magic Farm Ultimate Flower\Uninstall.exe AddRemove-Magic Life - d:\program files\iWin.com\Magic Life\Uninstall.exe AddRemove-Magicville: Art of Magic - d:\program files\iWin.com\Magicville Art of Magic\Uninstall.exe AddRemove-Mahjong Memoirs - d:\program files\iWin.com\Mahjong Memoirs\Uninstall.exe AddRemove-Memory Wiz - d:\program files\iWin.com\Memory Wiz\Uninstall.exe AddRemove-Monopoly 3 - d:\program files\iWin.com\Monopoly 3\Uninstall.exe AddRemove-Monopoly voor Windows_is1 - d:\program files\Parkeerbonnen Monopoly\unins000.exe AddRemove-My Life Story - d:\program files\iWin.com\My Life Story\Uninstall.exe AddRemove-My Tribe - d:\program files\iWin.com\My Tribe\Uninstall.exe AddRemove-Mystery P.I. Stolen in SF - d:\program files\iWin.com\Mystery P.I. Stolen in SF\Uninstall.exe AddRemove-Namco All-Stars -- Pac-Man - d:\program files\iWin.com\Namco All-Stars -- Pac-Man\Uninstall.exe AddRemove-Nertz Solitaire - d:\program files\iWin.com\Nertz Solitaire\Uninstall.exe AddRemove-Origin - d:\program files\Origin\OriginUninstall.exe AddRemove-Pahelika Secret Legends - d:\program files\iWin.com\Pahelika Secret Legends\Uninstall.exe AddRemove-Pakoombo - d:\program files\iWin.com\Pakoombo\Uninstall.exe AddRemove-Pet Playground - d:\program files\iWin.com\Pet Playground\Uninstall.exe AddRemove-Picket Fences - d:\program files\iWin.com\Picket Fences\Uninstall.exe AddRemove-Plants Vs Zombies - d:\program files\iWin.com\Plants Vs Zombies\Uninstall.exe AddRemove-Plumeboom Park - d:\program files\iWin.com\Plumeboom Park\Uninstall.exe AddRemove-Plumeboom: The First Chapter - d:\program files\iWin.com\Plumeboom The First Chapter\Uninstall.exe AddRemove-Pretty Good Solitaire_is1 - d:\program files\goodsol\unins000.exe AddRemove-3D V6 TRIAL - d:\progra~1\PUNCH!~1\VIACAD~1\UNWISE.EXE AddRemove-Purrfect Pet Shop - d:\program files\iWin.com\Purrfect Pet Shop\Uninstall.exe AddRemove-Puzzle Solitaire - d:\program files\iWin.com\Puzzle Solitaire\Uninstall.exe AddRemove-Quilting Time - d:\program files\iWin.com\Quilting Time\Uninstall.exe AddRemove-Rachel's Retreat - d:\program files\iWin.com\Rachel's Retreat\Uninstall.exe AddRemove-Real Detectives: Murder in Miami - d:\program files\iWin.com\Real Detectives Murder in Miami\Uninstall.exe AddRemove-Risk - d:\program files\iWin.com\Risk\Uninstall.exe AddRemove-Roads of Rome - d:\program files\iWin.com\Roads of Rome\Uninstall.exe AddRemove-Sally's Studio Premium Edition - d:\program files\iWin.com\Sally's Studio Premium Edition\Uninstall.exe AddRemove-Shopping Blocks - d:\program files\iWin.com\Shopping Blocks\Uninstall.exe AddRemove-SKIP¯BO Castaway Caper - d:\program files\iWin.com\SKIP¯BO Castaway Caper\Uninstall.exe AddRemove-Sky Taxi - d:\program files\iWin.com\Sky Taxi\Uninstall.exe AddRemove-Slingo Mystery 2: The Golden Escape - d:\program files\iWin.com\Slingo Mystery 2 The Golden Escape\Uninstall.exe AddRemove-Slingo Quest Amazon - d:\program files\iWin.com\Slingo Quest Amazon\Uninstall.exe AddRemove-Slingo Quest Egypt - d:\program files\iWin.com\Slingo Quest Egypt\Uninstall.exe AddRemove-Snapshot Adventures - d:\program files\iWin.com\Snapshot Adventures\Uninstall.exe AddRemove-Snark Busters Welcome to Club - d:\program files\iWin.com\Snark Busters Welcome to Club\Uninstall.exe AddRemove-Solitaire for Dummies - d:\program files\iWin.com\Solitaire for Dummies\Uninstall.exe AddRemove-Sprouts Adventure - d:\program files\iWin.com\Sprouts Adventure\Uninstall.exe AddRemove-Sprouts Adventure_is1 - d:\program files\Sprouts Adventure\ReflexiveArcade\unins000.exe AddRemove-Still Life - d:\program files\iWin.com\Still Life\Uninstall.exe AddRemove-Super Granny 5 - d:\program files\iWin.com\Super Granny 5\Uninstall.exe AddRemove-Super Smasher - d:\program files\iWin.com\Super Smasher\Uninstall.exe AddRemove-Supple: Episode 2 - d:\program files\iWin.com\Supple Episode 2\Uninstall.exe AddRemove-The Enchanted Kingdom: Elisa's Adventure - d:\program files\iWin.com\The Enchanted Kingdom Elisa's Adventure\Uninstall.exe AddRemove-The Game of Life - d:\program files\iWin.com\The Game of Life\Uninstall.exe AddRemove-Tic A Tac Royale - d:\program files\iWin.com\Tic A Tac Royale\Uninstall.exe AddRemove-Tradewinds Odyssey - d:\program files\iWin.com\Tradewinds Odyssey\Uninstall.exe AddRemove-Tropix 2: The Quest for the Golden Banana - d:\program files\iWin.com\Tropix 2 The Quest for the Golden Banana\Uninstall.exe AddRemove-Twistingo - d:\program files\iWin.com\Twistingo\Uninstall.exe AddRemove-Virtual Villagers 4: The Tree of Life - d:\program files\iWin.com\Virtual Villagers 4 The Tree of Life\Uninstall.exe AddRemove-Virtual Villagers 4: The Tree of Life - Premium Edition - d:\program files\iWin.com\Virtual Villagers 4 The Tree of Life - Premium Edition\Uninstall.exe AddRemove-Westward - d:\program files\iWin.com\Westward\Uninstall.exe AddRemove-Winemaker Extraordinaire - d:\program files\iWin.com\Winemaker Extraordinaire\Uninstall.exe AddRemove-Wizard's Hat - d:\program files\iWin.com\Wizard's Hat\Uninstall.exe AddRemove-World Mosaics - d:\program files\iWin.com\World Mosaics\Uninstall.exe AddRemove-World Mosaics 2 - d:\program files\iWin.com\World Mosaics 2\Uninstall.exe AddRemove-World Mosaics 3: Fairy Tales - d:\program files\iWin.com\World Mosaics 3 Fairy Tales\Uninstall.exe AddRemove-Youda Sushi Chef - d:\program files\iWin.com\Youda Sushi Chef\Uninstall.exe AddRemove-{314AD191-596F-40C0-ACED-3AD78C9649F1}_is1 - d:\muziek\Dad\Opa\WMA MP3 Converter 4\unins000.exe AddRemove-{BFFD3331-0B0B-4703-947B-264C4315DEFB}_is1 - d:\program files\Download Manager\unins000.exe AddRemove-{DB6AB705-C9BD-40E3-8929-2EA57F36A4FF}_is1 - d:\program files\VSO\ConvertX\4\unins000.exe . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover Rootkit scan 2012-06-27 13:11 Windows 5.1.2600 Service Pack 3 NTFS . scannen van verborgen processen ... . scannen van verborgen autostart items ... . scannen van verborgen bestanden ... . Scan succesvol afgerond verborgen bestanden: 0 . ************************************************************************** . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- . [HKEY_USERS\S-1-5-21-796845957-583907252-1801674531-500\Software\Microsoft\Internet Explorer\User Preferences] @Denied: (2) (Administrator) "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,f2,af,9d,c6,5d,37,e7,41,ab,b8,2d,\ "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,f2,af,9d,c6,5d,37,e7,41,ab,b8,2d,\ . --------------------- DLLs Geladen Onder Lopende Processen --------------------- . - - - - - - - > 'winlogon.exe'(616) c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll . Voltooingstijd: 2012-06-27 13:13:47 ComboFix-quarantined-files.txt 2012-06-27 11:13 . Pre-Run: 226.142.982.144 bytes beschikbaar Post-Run: 228.525.051.904 bytes beschikbaar . WindowsXP-KB310994-SP2-Home-BootDisk-NLD.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons UnsupportedDebug="do not select this" /debug multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect . - - End Of File - - 9E79B78338760CA0B1F3E02253501875
-
Ik heb het nee geprobeerd, maar nee, ik heb nog steeds hetzelfde venster in normale modus =(
-
Logje MBAM: Malwarebytes Anti-Malware 1.61.0.1400 www.malwarebytes.org Databaseversie: v2012.06.26.04 Windows XP Service Pack 3 x86 NTFS (Veilige modus/netwerkmogelijkheden) Internet Explorer 8.0.6001.18702 Administrator :: BEHEERDE-5492E2 [administrator] 26-6-2012 19:23:28 mbam-log-2012-06-26 (19-23-28).txt Scantype: Snelle scan Ingeschakelde scanopties: Geheugen | Opstartitems | Register | Bestanden en mappen | Heuristiek/Extra | Heuristiek/Shuriken | PUP | PUM Uitgeschakelde scanopties: P2P Objecten gescand: 278172 Verstreken tijd: 27 minuut/minuten, 28 seconde(n) Geheugenprocessen gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Geheugenmodulen gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Registersleutels gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Registerwaarden gedetecteerd: 1 HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer|ForceClassicControlPanel (Hijack.ControlPanelStyle) -> Data: 1 -> Succesvol in quarantaine geplaatst en verwijderd. Registerdata gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Mappen gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Bestanden gedetecteerd: 3 C:\Documents and Settings\beheerder\Local Settings\Temp\832.tmp (Rootkit.0Access) -> Succesvol in quarantaine geplaatst en verwijderd. C:\Documents and Settings\beheerder\Local Settings\Temporary Internet Files\Content.IE5\05DWA419\4Sync-1.0.54m[1].exe (PUP.BundleInstaller.4S) -> Succesvol in quarantaine geplaatst en verwijderd. C:\Documents and Settings\beheerder\0.8555908320354261.exe (Trojan.Agent.Gen) -> Succesvol in quarantaine geplaatst en verwijderd. (einde) En nieuw logje HijackThis: Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 20:47:52, on 26-6-2012 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Safe mode with network support Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\WINDOWS\system32\ctfmon.exe C:\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, het laatste nieuws en entertainment | MSN.NL R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, Messenger, het laatste nieuws en entertainment | MSN.NL R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - Default URLSearchHook is missing O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "D:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe /installquiet O4 - HKLM\..\Run: [EEventManager] "C:\Program Files\Epson Software\Event Manager\EEventManager.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware (cleanup)] rundll32.exe "C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll",ProcessCleanupScript O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N O4 - HKCU\..\RunOnce: [NeroHomeFirstStart] "C:\Program Files\Common Files\Ahead\Lib\NMFirstStart.exe" O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service') O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Lokale service') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice') O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Netwerkservice') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user') O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: McAfee Security Scan Plus.lnk = C:\Program Files\McAfee Security Scan\3.0.229\SSScheduler.exe O4 - Global Startup: Registratiesoftware starten.lnk = C:\Program Files\WiFiConnector\NintendoWFCReg.exe O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\beheerder\Menu Start\Programma's\IMVU\Run IMVU.lnk O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab O16 - DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} (Bitdefender QuickScan Control) - http://quickscan.bitdefender.com/qsax/qsax.cab O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/NL-NL/a-UNO1/GAME_UNO1.cab O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6770.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1238063933656 O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab O16 - DPF: {A4150320-98EC-4DB6-9BFB-EBF4B6FBEB16} (DVM_IPCam2 Control) - http://46.129.32.33/codebase/DVM_IPCam2.ocx O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://3dlifeplayer.dl.3dvia.com/player/install/3DVIA_player_installer.exe O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O16 - DPF: {EDFCB7CB-942C-4822-AF14-F0B687409848} (Image Uploader Control) - http://cache.hyves-static.net/statics/Aurigma/ImageUploader4.cab O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: ABBYY FineReader 9.0 Sprint Licensing Service (ABBYY.Licensing.FineReader.Sprint.9.0) - ABBYY - C:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: Mobiel Apple apparaat (Apple Mobile Device) - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: iWinTrusted - iWin Inc. - C:\Program Files\iWin Games\iWinTrusted.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files\McAfee Security Scan\3.0.229\McCHSvc.exe O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: Audio Service (STacSV) - IDT, Inc. - c:\program files\idt\intelxpv_v100\wdm\STacSV.exe O23 - Service: StarWind AE Service (StarWindServiceAE) - Unknown owner - D:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe (file missing) O23 - Service: TabletServicePen - Wacom Technology, Corp. - C:\WINDOWS\system32\Pen_Tablet.exe O23 - Service: WTouch Service (WTouchService) - Wacom Technology, Corp. - C:\Program Files\WTouch\WTouchService.exe -- End of file - 10979 bytes Is het nu opgelost?
-
Is goed! Ik hou het topic in de gaten =)
-
Ah, ik had stukje van de .exe file gemist omdat iedereen het steeds over het .msi bestand had. Via de .exe lukt het wel! Hier is het log: Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 15:03:52, on 26-6-2012 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Safe mode with network support Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\WINDOWS\explorer.exe C:\Program Files\Internet Explorer\iexplore.exe C:\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, het laatste nieuws en entertainment | MSN.NL R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, Messenger, het laatste nieuws en entertainment | MSN.NL R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - Default URLSearchHook is missing O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: IEHlprObj Class - {8CA5ED52-F3FB-4414-A105-2E3491156990} - C:\Program Files\iWin Games\iWinGamesHookIE.dll O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll O2 - BHO: 4sharedExt - {95525BD9-6136-4A26-8263-9CEE295D442D} - C:\Program Files\4shared Toolbar\4sharedExt32.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll O3 - Toolbar: 4shared Toolbar - {95080B13-AA71-4EE8-B951-7E98221E1ED5} - C:\Program Files\4shared Toolbar\4sharedbar32.dll O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "D:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe /installquiet O4 - HKLM\..\Run: [EEventManager] "C:\Program Files\Epson Software\Event Manager\EEventManager.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart O4 - HKLM\..\Run: [dhtowfucwzldule] C:\Documents and Settings\All Users\Application Data\dhtowfuc.exe O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N O4 - HKCU\..\RunOnce: [NeroHomeFirstStart] "C:\Program Files\Common Files\Ahead\Lib\NMFirstStart.exe" O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service') O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Lokale service') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice') O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Netwerkservice') O4 - HKUS\S-1-5-21-796845957-583907252-1801674531-1004\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'beheerder') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user') O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: hp psc 1000 series.lnk = ? O4 - Global Startup: hpoddt01.exe.lnk = ? O4 - Global Startup: McAfee Security Scan Plus.lnk = C:\Program Files\McAfee Security Scan\3.0.229\SSScheduler.exe O4 - Global Startup: Registratiesoftware starten.lnk = C:\Program Files\WiFiConnector\NintendoWFCReg.exe O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\beheerder\Menu Start\Programma's\IMVU\Run IMVU.lnk O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file:///C:/Program%20Files/Monopoly/Images/stg_drm.ocx O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab O16 - DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} (Bitdefender QuickScan Control) - http://quickscan.bitdefender.com/qsax/qsax.cab O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/NL-NL/a-UNO1/GAME_UNO1.cab O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6770.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1238063933656 O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab O16 - DPF: {A4150320-98EC-4DB6-9BFB-EBF4B6FBEB16} (DVM_IPCam2 Control) - http://46.129.32.33/codebase/DVM_IPCam2.ocx O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file:///C:/Program%20Files/Monopoly/Images/armhelper.ocx O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://3dlifeplayer.dl.3dvia.com/player/install/3DVIA_player_installer.exe O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O16 - DPF: {EDFCB7CB-942C-4822-AF14-F0B687409848} (Image Uploader Control) - http://cache.hyves-static.net/statics/Aurigma/ImageUploader4.cab O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: ABBYY FineReader 9.0 Sprint Licensing Service (ABBYY.Licensing.FineReader.Sprint.9.0) - ABBYY - C:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: Mobiel Apple apparaat (Apple Mobile Device) - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: iWinTrusted - iWin Inc. - C:\Program Files\iWin Games\iWinTrusted.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files\McAfee Security Scan\3.0.229\McCHSvc.exe O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: Audio Service (STacSV) - IDT, Inc. - c:\program files\idt\intelxpv_v100\wdm\STacSV.exe O23 - Service: StarWind AE Service (StarWindServiceAE) - Unknown owner - D:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe (file missing) O23 - Service: TabletServicePen - Wacom Technology, Corp. - C:\WINDOWS\system32\Pen_Tablet.exe O23 - Service: WTouch Service (WTouchService) - Wacom Technology, Corp. - C:\Program Files\WTouch\WTouchService.exe -- End of file - 11922 bytes
-
Hier nog een slachtoffer van het politie ukash virus, alleen krijg ik het niet opgelost zoals hier word aanbevolen. De PC is enkel in veilige modus op te starten (nou ja, hij is ook normaal op te starten maar dan krijg ik dus alleen het Ukash venster en kan ik niks), wel met netwerkverbinding. Wanneer ik HijackThis wil downloaden kan ik het echter niet installeren, dus ik kan ook geen logje posten. Ik zit dus nu in veilige modus met netwerkverbinding en ik ben naar de link gegaan die hier op het forum staat, daar HijackThis.msi gekozen en opgeslagen op mijn pc, maar wanneer ik dan op Uitvoeren klik krijg ik de melding 'De systembeheerder heeft het systeem zodanig ingesteld dat deze installatie niet kan worden uitgevoerd' Wat nu?? Edit: Ik kan MBAM wel installeren zonder problemen, dus dat heb ik vast gedaan omdat ik al las dat ik dat ook nodig ga hebben, maar HijackThis lukt dus niet..
OVER ONS
PC Helpforum helpt GRATIS computergebruikers sinds juli 2006. Ons team geeft via het forum professioneel antwoord op uw vragen en probeert uw pc problemen zo snel mogelijk op te lossen. Word lid vandaag, plaats je vraag online en het PC Helpforum-team helpt u graag verder!