jantje02
-
Items
8 -
Registratiedatum
-
Laatst bezocht
Inhoudstype
Profielen
Forums
Store
Alles dat geplaatst werd door jantje02
-
Deze bestand: ---------- Post added at 16:42 ---------- Previous post was at 16:39 ---------- Hijackthis logje nodig?
-
Niks aan de hand, dankjewel! Kan het zo zijn dat mijn passwords van computer zijn 'gestolen'?
-
ComboFix 09-07-01.01 - Administrator 02-07-2009 11:00.11 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.31.1043.18.503.296 [GMT 2:00] Gestart vanuit: c:\documents and settings\Administrator\Bureaublad\ComboFix.exe gebruikte Opdracht switches :: c:\documents and settings\Administrator\Bureaublad\CFScript.txt AV: Kaspersky Internet Security *On-access scanning disabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0} FW: Kaspersky Internet Security *disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0} . (((((((((((((((((((( Bestanden Gemaakt van 2009-06-02 to 2009-07-02 )))))))))))))))))))))))))))))) . 2009-07-02 09:05 . 2009-07-02 09:05 -------- d--h--r- c:\documents and settings\Administrator\Onlangs geopend 2009-06-27 09:53 . 2009-06-27 09:53 -------- d-----w- c:\documents and settings\Administrator\.jagex_cache_32 2009-06-27 08:03 . 2009-06-27 08:03 -------- d-----w- C:\.jagex_cache_32 2009-06-26 12:40 . 2009-06-26 12:40 34 ----a-w- c:\documents and settings\Naam\jagex_runescape_preferences.dat 2009-06-26 12:14 . 2009-02-13 08:13 -------- d--h--w- c:\documents and settings\Naam\Netwerkprinteromgeving 2009-06-26 12:14 . 2009-02-13 08:13 -------- d-----r- c:\documents and settings\Naam\Menu Start 2009-06-26 12:14 . 2009-02-13 07:17 -------- d--h--w- c:\documents and settings\Naam\Sjablonen 2009-06-24 11:08 . 2009-06-24 11:08 -------- d-----w- c:\documents and settings\All Users\Application Data\SwiftKit 2009-06-24 11:08 . 2009-06-27 08:43 -------- d-----w- c:\program files\SwiftKit 2009-06-13 17:53 . 2009-06-13 17:53 -------- d-----w- c:\documents and settings\Administrator\Application Data\dvdcss 2009-06-11 15:32 . 2009-04-30 21:18 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll 2009-06-11 15:32 . 2009-04-30 21:17 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-07-02 09:07 . 2009-02-28 21:04 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP 2009-07-02 09:07 . 2009-02-14 15:53 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab 2009-07-02 09:06 . 2009-03-15 11:36 679968 --sha-w- c:\windows\system32\drivers\fidbox2.dat 2009-07-02 09:06 . 2009-03-15 11:36 4452 --sha-w- c:\windows\system32\drivers\fidbox2.idx 2009-07-02 09:06 . 2009-03-15 11:36 2999840 --sha-w- c:\windows\system32\drivers\fidbox.dat 2009-07-02 09:06 . 2009-03-15 11:36 25564 --sha-w- c:\windows\system32\drivers\fidbox.idx 2009-07-02 08:22 . 2009-02-13 13:56 34 ----a-w- c:\documents and settings\Administrator\jagex_runescape_preferences.dat 2009-07-02 06:30 . 2009-03-26 12:32 -------- d-----w- c:\program files\Common Files\Real 2009-07-02 06:27 . 2009-03-03 15:25 -------- d-----w- c:\program files\Common Files\Adobe 2009-07-02 06:23 . 2009-02-21 11:59 -------- d-----w- c:\documents and settings\Administrator\Application Data\uTorrent 2009-07-01 17:55 . 2009-03-08 09:02 -------- d-----w- c:\documents and settings\LocalService\Application Data\SACore 2009-06-26 12:15 . 2009-06-26 12:15 -------- d-----w- c:\documents and settings\Naam\Application Data\URSoft 2009-06-24 09:56 . 2009-02-24 09:21 -------- d-----w- c:\program files\Utorrent 2009-06-23 16:46 . 2009-05-15 16:05 -------- d-----w- c:\documents and settings\Administrator\Application Data\MessengerDiscovery 2 2009-06-13 11:07 . 2009-04-28 12:04 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help 2009-06-12 13:03 . 2009-02-13 13:19 78296 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-06-11 16:54 . 2009-02-17 16:52 -------- d-----w- c:\program files\Windows Desktop Search 2009-06-06 12:25 . 2009-03-08 09:30 -------- d-----w- c:\program files\CCleaner 2009-05-24 22:24 . 2008-05-26 21:18 350208 ------w- c:\windows\system32\mssph.dll 2009-05-18 15:33 . 2008-01-29 16:29 33808 ----a-w- c:\windows\system32\drivers\klbg.sys 2009-05-18 15:33 . 2009-03-15 11:46 33808 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav8exec\8.0.0.506\klbg.sys 2009-05-18 15:33 . 2009-03-15 11:46 226832 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav8exec\8.0.0.506\XP\klif.sys 2009-05-15 16:28 . 2009-05-15 16:28 -------- d-----w- c:\program files\Maxis 2009-05-15 16:04 . 2009-05-15 16:04 -------- d-----w- c:\program files\MessengerDiscovery 2 2009-05-13 05:06 . 2002-12-31 12:00 915456 ----a-w- c:\windows\system32\wininet.dll 2009-05-12 14:39 . 2009-03-14 13:23 -------- d-----w- c:\program files\MessengerDiscovery 2009-05-12 13:12 . 2009-02-13 14:32 26144 ----a-w- c:\windows\system32\spupdsvc.exe 2009-05-12 13:09 . 2009-05-09 10:28 -------- d-----w- c:\program files\Privacy Guardian 2009-05-10 12:09 . 2009-04-26 13:02 -------- d-----w- c:\program files\SopCast 2009-05-10 10:37 . 2009-05-10 09:43 -------- d-----w- c:\documents and settings\Administrator\Application Data\Download Manager 2009-05-07 15:34 . 2002-12-31 12:00 347136 ----a-w- c:\windows\system32\localspl.dll 2009-05-04 13:15 . 2009-05-04 13:15 -------- d-----w- c:\documents and settings\Administrator\Application Data\MiniDm 2009-05-01 18:30 . 2009-05-01 18:30 3366912 ----a-w- c:\windows\system32\GPhotos.scr 2009-05-01 11:56 . 2009-05-01 11:56 39424 ----a-w- c:\windows\zipinst.exe 2009-05-01 11:06 . 2002-12-31 12:00 537198 ----a-w- c:\windows\system32\perfh013.dat 2009-05-01 11:06 . 2002-12-31 12:00 101340 ----a-w- c:\windows\system32\perfc013.dat 2009-04-19 19:51 . 2002-12-31 12:00 1847296 ----a-w- c:\windows\system32\win32k.sys 2009-04-15 14:55 . 2002-12-31 12:00 585216 ----a-w- c:\windows\system32\rpcrt4.dll 2009-04-05 16:41 . 2002-12-31 12:00 219136 ----a-w- c:\windows\system32\uxtheme(2).dll 2009-04-05 14:05 . 2009-04-05 14:04 47864 ----a-w- c:\documents and settings\School.GOT2BE-3B3BB2DE.001\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-04-04 13:44 . 2009-02-27 07:58 1878888 ----a-w- c:\program files\install_flash_player.exe 2009-04-04 13:00 . 2009-04-04 13:00 318904 ----a-w- c:\program files\wmpfirefoxplugin.exe 2009-04-04 12:59 . 2009-04-04 12:59 2028 ----a-w- c:\program files\Adobe Downloads wordt hervat.lnk . ((((((((((((((((((((((((((((( SnapShot@2009-07-02_07.04.01 ))))))))))))))))))))))))))))))))))))))))) . + 2009-07-02 09:07 . 2009-07-02 09:07 16384 c:\windows\Temp\Perflib_Perfdata_194.dat + 2009-06-11 15:56 . 2009-07-02 08:22 49152 c:\windows\.jagex_cache_32\runescape\jagmisc.dll - 2009-06-11 15:56 . 2009-07-01 20:29 49152 c:\windows\.jagex_cache_32\runescape\jagmisc.dll + 2009-06-11 15:56 . 2009-07-02 08:22 77824 c:\windows\.jagex_cache_32\runescape\jaggl.dll - 2009-06-11 15:56 . 2009-07-01 20:29 77824 c:\windows\.jagex_cache_32\runescape\jaggl.dll . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "StartupFaster"="c:\program files\Startup Faster\startuploader.exe" [2008-09-07 1402080] "AVP"="c:\program files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe" [2009-03-15 206088] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128] [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "c:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Utorrent\\utorrent.exe"= "c:\\Program Files\\SopCast\\adv\\SopAdver.exe"= "c:\\Program Files\\SopCast\\SopCast.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Counter-Strike 1.6\\hl.exe"= "c:\\Program Files\\Utorrent\\VLC\\vlc.exe"= "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"= "c:\\Program Files\\Rockstar Games\\Grand Theft Auto Vice City\\lcmp-svr.exe"= "c:\\Program Files\\Rockstar Games\\Midnight Club II Demo\\mc2_demo.exe"= "c:\\Program Files\\IEPro\\MiniDM.exe"= "c:\\Program Files\\Counter-Strike 1.6\\hlds.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\MessengerDiscovery\\MessengerDiscovery Live.exe"= "c:\\Program Files\\Java\\jre6\\bin\\java.exe"= R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [29-1-2008 18:29 33808] R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [15-3-2009 14:07 210216] R3 KLFLTDEV;Kaspersky Lab KLFltDev;c:\windows\system32\drivers\klfltdev.sys [13-3-2008 19:02 26640] R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [30-4-2008 18:06 24592] S3 getPlus® Helper;getPlus® Helper;c:\program files\NOS\bin\getPlus_HelperSvc.exe [4-4-2009 14:59 33176] --- Andere Services/Drivers In Geheugen --- *Deregistered* - uphcleanhlp [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}] "c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP . Inhoud van de 'Gedeelde Taken' map 2009-07-01 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34] . . ------- Bijkomende Scan ------- . uStart Page = hxxp://google.nl/ uInternet Settings,ProxyOverride = *.local IE: &Block This Image (ABP) IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 IE: Toevoegen aan de Banner Ad Blokker - c:\program files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1xxqwj5g.default\ FF - prefs.js: browser.search.selectedEngine - Wikipedia (nl) FF - prefs.js: browser.startup.homepage - Google FF - component: c:\program files\McAfee\SiteAdvisor\components\McFFPlg.dll FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover Rootkit scan 2009-07-02 11:07 Windows 5.1.2600 Service Pack 3 NTFS scannen van verborgen processen ... scannen van verborgen autostart items ... scannen van verborgen bestanden ... Scan succesvol afgerond verborgen bestanden: 0 ************************************************************************** . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- [HKEY_USERS\S-1-5-21-789336058-1425521274-839522115-500\Software\Microsoft\Internet Explorer\User Preferences] @Denied: (2) (Administrator) "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,7d,df,50,98,31,4f,5b,4a,91,17,45,\ "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,7d,df,50,98,31,4f,5b,4a,91,17,45,\ [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\h–€|ÿÿÿÿ¤•€|ù•9~*] "3140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL" . --------------------- DLLs Geladen Onder Lopende Processen --------------------- - - - - - - - > 'explorer.exe'(1944) c:\program files\McAfee\SiteAdvisor\saHook.dll c:\program files\Windows Media Player\wmpband.dll c:\windows\system32\wpdshserviceobj.dll c:\windows\system32\webcheck.dll c:\windows\system32\portabledevicetypes.dll c:\windows\system32\portabledeviceapi.dll . ------------------------ Andere Aktieve Processen ------------------------ . c:\program files\Bonjour\mDNSResponder.exe c:\program files\Java\jre6\bin\jqs.exe c:\program files\Analog Devices\SoundMAX\SMAgent.exe c:\program files\UPHClean\uphclean.exe c:\windows\system32\searchindexer.exe c:\windows\system32\wscntfy.exe c:\program files\Java\jre6\bin\jusched.exe c:\program files\Startup Faster\SFAgent.exe . ************************************************************************** . Voltooingstijd: 2009-07-02 11:14 - machine werd herstart ComboFix-quarantined-files.txt 2009-07-02 09:14 ComboFix2.txt 2009-07-02 08:06 ComboFix3.txt 2009-07-02 07:09 ComboFix4.txt 2009-05-14 05:23 Pre-Run: 13.597.249.536 bytes beschikbaar Post-Run: 13.621.772.288 bytes beschikbaar 194 --- E O F --- 2009-06-24 12:27 ---------- Post added at 09:22 ---------- Previous post was at 09:20 ---------- Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 11:16:06, on 2-7-2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\McAfee\SiteAdvisor\McSACore.exe C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe C:\Program Files\UPHClean\uphclean.exe C:\WINDOWS\system32\SearchIndexer.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\Startup Faster\sfAgent.exe C:\WINDOWS\explorer.exe C:\WINDOWS\system32\notepad.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Internet Explorer\IEXPLORE.EXE R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O2 - BHO: IE7Pro - {00011268-E188-40DF-A514-835FCD78B1BF} - C:\Program Files\IEPro\iepro.dll O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll O4 - HKLM\..\Run: [startupFaster] "C:\Program Files\Startup Faster\startuploader.exe" -run SFAURUN SFCURUN SFAUSTARTUP SFCUSTARTUP O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe" O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: StartupFaster O4 - Global Startup: StartupFaster O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200 O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Toevoegen aan de Banner Ad Blokker - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm O9 - Extra button: IE7Pro Grab and Drag - {000002a3-84fe-43f1-b958-f2c3ca804f1a} - C:\Program Files\IEPro\iepro.dll O9 - Extra 'Tools' menuitem: IE7Pro Grab and Drag - {000002a3-84fe-43f1-b958-f2c3ca804f1a} - C:\Program Files\IEPro\iepro.dll O9 - Extra button: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll O9 - Extra 'Tools' menuitem: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll O9 - Extra button: Statistieken bescherming internetverkeer - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.srtest.com/srl_bin/sysreqlab_srl.cab O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase5483.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1234729934546 O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,5560/mcfscan.cab O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: getPlus® Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe -- End of file - 7919 bytes
-
ComboFix 09-07-01.01 - Administrator 02-07-2009 9:50.10 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.31.1043.18.503.179 [GMT 2:00] Gestart vanuit: c:\documents and settings\Administrator\Bureaublad\ComboFix.exe gebruikte Opdracht switches :: c:\documents and settings\Administrator\Bureaublad\CFScript.txt AV: Kaspersky Internet Security *On-access scanning disabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0} FW: Kaspersky Internet Security *disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0} FILE :: "c:\windows\system32\drivers\klick.dat" "c:\windows\system32\drivers\klin.dat" . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\found.001 c:\found.001\file0000.chk C:\found.002 c:\found.002\dir0000.chk\Desktop.ini c:\found.002\dir0000.chk\naamloos.lnk c:\windows\system32\drivers\klick.dat . . . . konden niet verwijderd worden c:\windows\system32\drivers\klin.dat . . . . konden niet verwijderd worden . (((((((((((((((((((( Bestanden Gemaakt van 2009-06-02 to 2009-07-02 )))))))))))))))))))))))))))))) . 2009-07-02 07:56 . 2009-07-02 07:56 94643 ------w- c:\windows\system32\drivers\klick.dat 2009-07-02 07:56 . 2009-07-02 07:56 105395 ------w- c:\windows\system32\drivers\klin.dat 2009-07-02 06:34 . 2009-07-02 07:35 -------- d--h--r- c:\documents and settings\Administrator\Onlangs geopend 2009-06-27 09:53 . 2009-06-27 09:53 -------- d-----w- c:\documents and settings\Administrator\.jagex_cache_32 2009-06-27 08:03 . 2009-06-27 08:03 -------- d-----w- C:\.jagex_cache_32 2009-06-26 12:40 . 2009-06-26 12:40 34 ----a-w- c:\documents and settings\Naam\jagex_runescape_preferences.dat 2009-06-26 12:14 . 2009-02-13 08:13 -------- d--h--w- c:\documents and settings\Naam\Netwerkprinteromgeving 2009-06-26 12:14 . 2009-02-13 08:13 -------- d-----r- c:\documents and settings\Naam\Menu Start 2009-06-26 12:14 . 2009-02-13 07:17 -------- d--h--w- c:\documents and settings\Naam\Sjablonen 2009-06-24 11:08 . 2009-06-24 11:08 -------- d-----w- c:\documents and settings\All Users\Application Data\SwiftKit 2009-06-24 11:08 . 2009-06-27 08:43 -------- d-----w- c:\program files\SwiftKit 2009-06-13 17:53 . 2009-06-13 17:53 -------- d-----w- c:\documents and settings\Administrator\Application Data\dvdcss 2009-06-11 15:32 . 2009-04-30 21:18 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll 2009-06-11 15:32 . 2009-04-30 21:17 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-07-02 07:59 . 2009-02-28 21:04 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP 2009-07-02 07:58 . 2009-02-14 15:53 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab 2009-07-02 07:55 . 2009-03-15 11:36 679968 --sha-w- c:\windows\system32\drivers\fidbox2.dat 2009-07-02 07:55 . 2009-03-15 11:36 4452 --sha-w- c:\windows\system32\drivers\fidbox2.idx 2009-07-02 07:55 . 2009-03-15 11:36 2999840 --sha-w- c:\windows\system32\drivers\fidbox.dat 2009-07-02 07:55 . 2009-03-15 11:36 25564 --sha-w- c:\windows\system32\drivers\fidbox.idx 2009-07-02 06:30 . 2009-03-26 12:32 -------- d-----w- c:\program files\Common Files\Real 2009-07-02 06:27 . 2009-03-03 15:25 -------- d-----w- c:\program files\Common Files\Adobe 2009-07-02 06:23 . 2009-02-21 11:59 -------- d-----w- c:\documents and settings\Administrator\Application Data\uTorrent 2009-07-01 20:30 . 2009-02-13 13:56 34 ----a-w- c:\documents and settings\Administrator\jagex_runescape_preferences.dat 2009-07-01 17:55 . 2009-03-08 09:02 -------- d-----w- c:\documents and settings\LocalService\Application Data\SACore 2009-06-26 12:15 . 2009-06-26 12:15 -------- d-----w- c:\documents and settings\Naam\Application Data\URSoft 2009-06-24 09:56 . 2009-02-24 09:21 -------- d-----w- c:\program files\Utorrent 2009-06-23 16:46 . 2009-05-15 16:05 -------- d-----w- c:\documents and settings\Administrator\Application Data\MessengerDiscovery 2 2009-06-13 11:07 . 2009-04-28 12:04 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help 2009-06-12 13:03 . 2009-02-13 13:19 78296 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-06-11 16:54 . 2009-02-17 16:52 -------- d-----w- c:\program files\Windows Desktop Search 2009-06-06 12:25 . 2009-03-08 09:30 -------- d-----w- c:\program files\CCleaner 2009-05-24 22:24 . 2008-05-26 21:18 350208 ------w- c:\windows\system32\mssph.dll 2009-05-18 15:33 . 2008-01-29 16:29 33808 ----a-w- c:\windows\system32\drivers\klbg.sys 2009-05-18 15:33 . 2009-03-15 11:46 33808 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav8exec\8.0.0.506\klbg.sys 2009-05-18 15:33 . 2009-03-15 11:46 226832 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav8exec\8.0.0.506\XP\klif.sys 2009-05-15 16:28 . 2009-05-15 16:28 -------- d-----w- c:\program files\Maxis 2009-05-15 16:04 . 2009-05-15 16:04 -------- d-----w- c:\program files\MessengerDiscovery 2 2009-05-13 05:06 . 2002-12-31 12:00 915456 ----a-w- c:\windows\system32\wininet.dll 2009-05-12 14:39 . 2009-03-14 13:23 -------- d-----w- c:\program files\MessengerDiscovery 2009-05-12 13:12 . 2009-02-13 14:32 26144 ----a-w- c:\windows\system32\spupdsvc.exe 2009-05-12 13:09 . 2009-05-09 10:28 -------- d-----w- c:\program files\Privacy Guardian 2009-05-10 12:09 . 2009-04-26 13:02 -------- d-----w- c:\program files\SopCast 2009-05-10 10:37 . 2009-05-10 09:43 -------- d-----w- c:\documents and settings\Administrator\Application Data\Download Manager 2009-05-07 15:34 . 2002-12-31 12:00 347136 ----a-w- c:\windows\system32\localspl.dll 2009-05-04 13:15 . 2009-05-04 13:15 -------- d-----w- c:\documents and settings\Administrator\Application Data\MiniDm 2009-05-01 18:30 . 2009-05-01 18:30 3366912 ----a-w- c:\windows\system32\GPhotos.scr 2009-05-01 11:56 . 2009-05-01 11:56 39424 ----a-w- c:\windows\zipinst.exe 2009-05-01 11:06 . 2002-12-31 12:00 537198 ----a-w- c:\windows\system32\perfh013.dat 2009-05-01 11:06 . 2002-12-31 12:00 101340 ----a-w- c:\windows\system32\perfc013.dat 2009-04-19 19:51 . 2002-12-31 12:00 1847296 ----a-w- c:\windows\system32\win32k.sys 2009-04-15 14:55 . 2002-12-31 12:00 585216 ----a-w- c:\windows\system32\rpcrt4.dll 2009-04-05 16:41 . 2002-12-31 12:00 219136 ----a-w- c:\windows\system32\uxtheme(2).dll 2009-04-05 14:05 . 2009-04-05 14:04 47864 ----a-w- c:\documents and settings\School.GOT2BE-3B3BB2DE.001\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-04-04 13:44 . 2009-02-27 07:58 1878888 ----a-w- c:\program files\install_flash_player.exe 2009-04-04 13:00 . 2009-04-04 13:00 318904 ----a-w- c:\program files\wmpfirefoxplugin.exe 2009-04-04 12:59 . 2009-04-04 12:59 2028 ----a-w- c:\program files\Adobe Downloads wordt hervat.lnk . ((((((((((((((((((((((((((((( SnapShot@2009-07-02_07.04.01 ))))))))))))))))))))))))))))))))))))))))) . + 2009-07-02 07:56 . 2009-07-02 07:56 16384 c:\windows\Temp\Perflib_Perfdata_198.dat . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "StartupFaster"="c:\program files\Startup Faster\startuploader.exe" [2008-09-07 1402080] "AVP"="c:\program files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe" [2009-03-15 206088] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128] [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "c:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Utorrent\\utorrent.exe"= "c:\\Program Files\\SopCast\\adv\\SopAdver.exe"= "c:\\Program Files\\SopCast\\SopCast.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Counter-Strike 1.6\\hl.exe"= "c:\\Program Files\\Utorrent\\VLC\\vlc.exe"= "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"= "c:\\Program Files\\Rockstar Games\\Grand Theft Auto Vice City\\lcmp-svr.exe"= "c:\\Program Files\\Rockstar Games\\Midnight Club II Demo\\mc2_demo.exe"= "c:\\Program Files\\IEPro\\MiniDM.exe"= "c:\\Program Files\\Counter-Strike 1.6\\hlds.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\MessengerDiscovery\\MessengerDiscovery Live.exe"= "c:\\Program Files\\Java\\jre6\\bin\\java.exe"= R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [29-1-2008 18:29 33808] R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [15-3-2009 14:07 210216] R3 KLFLTDEV;Kaspersky Lab KLFltDev;c:\windows\system32\drivers\klfltdev.sys [13-3-2008 19:02 26640] R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [30-4-2008 18:06 24592] S3 getPlus® Helper;getPlus® Helper;c:\program files\NOS\bin\getPlus_HelperSvc.exe [4-4-2009 14:59 33176] --- Andere Services/Drivers In Geheugen --- *Deregistered* - uphcleanhlp [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}] "c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP . Inhoud van de 'Gedeelde Taken' map 2009-07-01 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34] . . ------- Bijkomende Scan ------- . uStart Page = hxxp://google.nl/ uInternet Settings,ProxyOverride = *.local IE: &Block This Image (ABP) IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 IE: Toevoegen aan de Banner Ad Blokker - c:\program files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1xxqwj5g.default\ FF - prefs.js: browser.search.selectedEngine - Wikipedia (nl) FF - prefs.js: browser.startup.homepage - Google FF - component: c:\program files\McAfee\SiteAdvisor\components\McFFPlg.dll FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover Rootkit scan 2009-07-02 09:57 Windows 5.1.2600 Service Pack 3 NTFS scannen van verborgen processen ... scannen van verborgen autostart items ... scannen van verborgen bestanden ... Scan succesvol afgerond verborgen bestanden: 0 ************************************************************************** . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- [HKEY_USERS\S-1-5-21-789336058-1425521274-839522115-500\Software\Microsoft\Internet Explorer\User Preferences] @Denied: (2) (Administrator) "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,7d,df,50,98,31,4f,5b,4a,91,17,45,\ "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,7d,df,50,98,31,4f,5b,4a,91,17,45,\ [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\h–€|ÿÿÿÿ¤•€|ù•9~*] "3140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL" . --------------------- DLLs Geladen Onder Lopende Processen --------------------- - - - - - - - > 'explorer.exe'(2932) c:\program files\McAfee\SiteAdvisor\saHook.dll c:\program files\Windows Media Player\wmpband.dll c:\windows\system32\wpdshserviceobj.dll c:\windows\system32\webcheck.dll c:\windows\system32\portabledevicetypes.dll c:\windows\system32\portabledeviceapi.dll . ------------------------ Andere Aktieve Processen ------------------------ . c:\program files\Bonjour\mDNSResponder.exe c:\program files\Java\jre6\bin\jqs.exe c:\program files\Analog Devices\SoundMAX\SMAgent.exe c:\program files\UPHClean\uphclean.exe c:\windows\system32\searchindexer.exe c:\program files\Java\jre6\bin\jusched.exe c:\program files\Startup Faster\SFAgent.exe c:\windows\system32\wscntfy.exe . ************************************************************************** . Voltooingstijd: 2009-07-02 10:06 - machine werd herstart ComboFix-quarantined-files.txt 2009-07-02 08:06 ComboFix2.txt 2009-07-02 07:09 ComboFix3.txt 2009-05-14 05:23 Pre-Run: 13.607.333.888 bytes beschikbaar Post-Run: 13.595.279.360 bytes beschikbaar 204 --- E O F --- 2009-06-24 12:27 ---------- Post added at 08:11 ---------- Previous post was at 08:09 ---------- Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 10:07:30, on 2-7-2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\McAfee\SiteAdvisor\McSACore.exe C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe C:\Program Files\UPHClean\uphclean.exe C:\WINDOWS\system32\SearchIndexer.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\Startup Faster\sfAgent.exe C:\WINDOWS\explorer.exe C:\WINDOWS\system32\notepad.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O2 - BHO: IE7Pro - {00011268-E188-40DF-A514-835FCD78B1BF} - C:\Program Files\IEPro\iepro.dll O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll O4 - HKLM\..\Run: [startupFaster] "C:\Program Files\Startup Faster\startuploader.exe" -run SFAURUN SFCURUN SFAUSTARTUP SFCUSTARTUP O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe" O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: StartupFaster O4 - Global Startup: StartupFaster O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200 O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Toevoegen aan de Banner Ad Blokker - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm O9 - Extra button: IE7Pro Grab and Drag - {000002a3-84fe-43f1-b958-f2c3ca804f1a} - C:\Program Files\IEPro\iepro.dll O9 - Extra 'Tools' menuitem: IE7Pro Grab and Drag - {000002a3-84fe-43f1-b958-f2c3ca804f1a} - C:\Program Files\IEPro\iepro.dll O9 - Extra button: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll O9 - Extra 'Tools' menuitem: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll O9 - Extra button: Statistieken bescherming internetverkeer - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.srtest.com/srl_bin/sysreqlab_srl.cab O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase5483.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1234729934546 O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,5560/mcfscan.cab O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: getPlus® Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe -- End of file - 7800 bytes
-
ComboFix 09-07-01.01 - Administrator 02-07-2009 8:54.9 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.31.1043.18.503.187 [GMT 2:00] Gestart vanuit: c:\documents and settings\Administrator\Bureaublad\ComboFix.exe AV: Kaspersky Internet Security *On-access scanning disabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0} FW: Kaspersky Internet Security *disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0} . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\system32\mlfcache.dat . (((((((((((((((((((( Bestanden Gemaakt van 2009-06-02 to 2009-07-02 )))))))))))))))))))))))))))))) . 2009-07-02 06:34 . 2009-07-02 06:41 -------- d--h--r- c:\documents and settings\Administrator\Onlangs geopend 2009-06-27 09:53 . 2009-06-27 09:53 -------- d-----w- c:\documents and settings\Administrator\.jagex_cache_32 2009-06-27 08:03 . 2009-06-27 08:03 -------- d-----w- C:\.jagex_cache_32 2009-06-26 12:40 . 2009-06-26 12:40 34 ----a-w- c:\documents and settings\Naam\jagex_runescape_preferences.dat 2009-06-26 12:14 . 2009-02-13 08:13 -------- d--h--w- c:\documents and settings\Naam\Netwerkprinteromgeving 2009-06-26 12:14 . 2009-02-13 08:13 -------- d-----r- c:\documents and settings\Naam\Menu Start 2009-06-26 12:14 . 2009-02-13 07:17 -------- d--h--w- c:\documents and settings\Naam\Sjablonen 2009-06-25 05:40 . 2009-06-25 05:40 -------- d-sh--w- C:\found.002 2009-06-24 11:08 . 2009-06-24 11:08 -------- d-----w- c:\documents and settings\All Users\Application Data\SwiftKit 2009-06-24 11:08 . 2009-06-27 08:43 -------- d-----w- c:\program files\SwiftKit 2009-06-22 12:21 . 2009-06-22 12:21 -------- d-sh--w- C:\found.001 2009-06-13 17:53 . 2009-06-13 17:53 -------- d-----w- c:\documents and settings\Administrator\Application Data\dvdcss 2009-06-11 15:32 . 2009-04-30 21:18 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll 2009-06-11 15:32 . 2009-04-30 21:17 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-07-02 07:04 . 2009-02-14 15:53 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab 2009-07-02 07:04 . 2009-02-28 21:04 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP 2009-07-02 07:01 . 2009-03-15 11:36 679968 --sha-w- c:\windows\system32\drivers\fidbox2.dat 2009-07-02 07:01 . 2009-03-15 11:36 4452 --sha-w- c:\windows\system32\drivers\fidbox2.idx 2009-07-02 07:01 . 2009-03-15 11:36 2999840 --sha-w- c:\windows\system32\drivers\fidbox.dat 2009-07-02 07:01 . 2009-03-15 11:36 25564 --sha-w- c:\windows\system32\drivers\fidbox.idx 2009-07-02 06:30 . 2009-03-26 12:32 -------- d-----w- c:\program files\Common Files\Real 2009-07-02 06:27 . 2009-03-03 15:25 -------- d-----w- c:\program files\Common Files\Adobe 2009-07-02 06:23 . 2009-02-21 11:59 -------- d-----w- c:\documents and settings\Administrator\Application Data\uTorrent 2009-07-01 20:30 . 2009-02-13 13:56 34 ----a-w- c:\documents and settings\Administrator\jagex_runescape_preferences.dat 2009-07-01 17:55 . 2009-03-08 09:02 -------- d-----w- c:\documents and settings\LocalService\Application Data\SACore 2009-06-26 12:15 . 2009-06-26 12:15 -------- d-----w- c:\documents and settings\Naam\Application Data\URSoft 2009-06-24 09:56 . 2009-02-24 09:21 -------- d-----w- c:\program files\Utorrent 2009-06-23 16:46 . 2009-05-15 16:05 -------- d-----w- c:\documents and settings\Administrator\Application Data\MessengerDiscovery 2 2009-06-13 11:07 . 2009-04-28 12:04 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help 2009-06-12 13:03 . 2009-02-13 13:19 78296 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-06-11 16:54 . 2009-02-17 16:52 -------- d-----w- c:\program files\Windows Desktop Search 2009-06-06 12:25 . 2009-03-08 09:30 -------- d-----w- c:\program files\CCleaner 2009-05-24 22:24 . 2008-05-26 21:18 350208 ------w- c:\windows\system32\mssph.dll 2009-05-20 13:06 . 2009-03-15 11:37 94643 ----a-w- c:\windows\system32\drivers\klick.dat 2009-05-20 13:06 . 2009-03-15 11:37 105395 ----a-w- c:\windows\system32\drivers\klin.dat 2009-05-18 15:33 . 2008-01-29 16:29 33808 ----a-w- c:\windows\system32\drivers\klbg.sys 2009-05-18 15:33 . 2009-03-15 11:46 33808 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav8exec\8.0.0.506\klbg.sys 2009-05-18 15:33 . 2009-03-15 11:46 226832 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav8exec\8.0.0.506\XP\klif.sys 2009-05-15 16:28 . 2009-05-15 16:28 -------- d-----w- c:\program files\Maxis 2009-05-15 16:04 . 2009-05-15 16:04 -------- d-----w- c:\program files\MessengerDiscovery 2 2009-05-13 05:06 . 2002-12-31 12:00 915456 ----a-w- c:\windows\system32\wininet.dll 2009-05-12 14:39 . 2009-03-14 13:23 -------- d-----w- c:\program files\MessengerDiscovery 2009-05-12 13:12 . 2009-02-13 14:32 26144 ----a-w- c:\windows\system32\spupdsvc.exe 2009-05-12 13:09 . 2009-05-09 10:28 -------- d-----w- c:\program files\Privacy Guardian 2009-05-10 12:09 . 2009-04-26 13:02 -------- d-----w- c:\program files\SopCast 2009-05-10 10:37 . 2009-05-10 09:43 -------- d-----w- c:\documents and settings\Administrator\Application Data\Download Manager 2009-05-07 15:34 . 2002-12-31 12:00 347136 ----a-w- c:\windows\system32\localspl.dll 2009-05-04 13:15 . 2009-05-04 13:15 -------- d-----w- c:\documents and settings\Administrator\Application Data\MiniDm 2009-05-01 18:30 . 2009-05-01 18:30 3366912 ----a-w- c:\windows\system32\GPhotos.scr 2009-05-01 11:56 . 2009-05-01 11:56 39424 ----a-w- c:\windows\zipinst.exe 2009-05-01 11:06 . 2002-12-31 12:00 537198 ----a-w- c:\windows\system32\perfh013.dat 2009-05-01 11:06 . 2002-12-31 12:00 101340 ----a-w- c:\windows\system32\perfc013.dat 2009-04-19 19:51 . 2002-12-31 12:00 1847296 ----a-w- c:\windows\system32\win32k.sys 2009-04-15 14:55 . 2002-12-31 12:00 585216 ----a-w- c:\windows\system32\rpcrt4.dll 2009-04-05 16:41 . 2002-12-31 12:00 219136 ----a-w- c:\windows\system32\uxtheme(2).dll 2009-04-05 14:05 . 2009-04-05 14:04 47864 ----a-w- c:\documents and settings\School.GOT2BE-3B3BB2DE.001\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-04-04 13:44 . 2009-02-27 07:58 1878888 ----a-w- c:\program files\install_flash_player.exe 2009-04-04 13:00 . 2009-04-04 13:00 318904 ----a-w- c:\program files\wmpfirefoxplugin.exe 2009-04-04 12:59 . 2009-04-04 12:59 2028 ----a-w- c:\program files\Adobe Downloads wordt hervat.lnk . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "StartupFaster"="c:\program files\Startup Faster\startuploader.exe" [2008-09-07 1402080] "AVP"="c:\program files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe" [2009-03-15 206088] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128] [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "c:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Utorrent\\utorrent.exe"= "c:\\Program Files\\SopCast\\adv\\SopAdver.exe"= "c:\\Program Files\\SopCast\\SopCast.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Counter-Strike 1.6\\hl.exe"= "c:\\Program Files\\Utorrent\\VLC\\vlc.exe"= "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"= "c:\\Program Files\\Rockstar Games\\Grand Theft Auto Vice City\\lcmp-svr.exe"= "c:\\Program Files\\Rockstar Games\\Midnight Club II Demo\\mc2_demo.exe"= "c:\\Program Files\\IEPro\\MiniDM.exe"= "c:\\Program Files\\Counter-Strike 1.6\\hlds.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\MessengerDiscovery\\MessengerDiscovery Live.exe"= "c:\\Program Files\\Java\\jre6\\bin\\java.exe"= R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [29-1-2008 18:29 33808] R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [15-3-2009 14:07 210216] R3 KLFLTDEV;Kaspersky Lab KLFltDev;c:\windows\system32\drivers\klfltdev.sys [13-3-2008 19:02 26640] R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [30-4-2008 18:06 24592] S3 getPlus® Helper;getPlus® Helper;c:\program files\NOS\bin\getPlus_HelperSvc.exe [4-4-2009 14:59 33176] --- Andere Services/Drivers In Geheugen --- *Deregistered* - uphcleanhlp [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}] "c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP . Inhoud van de 'Gedeelde Taken' map 2009-07-01 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34] 2009-07-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-789336058-1425521274-839522115-500Core.job - c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-04-13 10:15] 2009-07-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-789336058-1425521274-839522115-500UA.job - c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-04-13 10:15] . . ------- Bijkomende Scan ------- . uStart Page = hxxp://google.nl/ uInternet Settings,ProxyOverride = *.local IE: &Block This Image (ABP) IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 IE: Toevoegen aan de Banner Ad Blokker - c:\program files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1xxqwj5g.default\ FF - prefs.js: browser.search.selectedEngine - Wikipedia (nl) FF - prefs.js: browser.startup.homepage - Google FF - component: c:\program files\McAfee\SiteAdvisor\components\McFFPlg.dll FF - plugin: c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\1.2.183.7\npGoogleOneClick8.dll FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover Rootkit scan 2009-07-02 09:04 Windows 5.1.2600 Service Pack 3 NTFS scannen van verborgen processen ... scannen van verborgen autostart items ... scannen van verborgen bestanden ... Scan succesvol afgerond verborgen bestanden: 0 ************************************************************************** . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- [HKEY_USERS\S-1-5-21-789336058-1425521274-839522115-500\Software\Microsoft\Internet Explorer\User Preferences] @Denied: (2) (Administrator) "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,7d,df,50,98,31,4f,5b,4a,91,17,45,\ "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,7d,df,50,98,31,4f,5b,4a,91,17,45,\ [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\h–€|ÿÿÿÿ¤•€|ù•9~*] "3140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL" . --------------------- DLLs Geladen Onder Lopende Processen --------------------- - - - - - - - > 'explorer.exe'(1764) c:\program files\McAfee\SiteAdvisor\saHook.dll c:\program files\Windows Media Player\wmpband.dll c:\windows\system32\wpdshserviceobj.dll c:\windows\system32\webcheck.dll c:\windows\system32\portabledevicetypes.dll c:\windows\system32\portabledeviceapi.dll . ------------------------ Andere Aktieve Processen ------------------------ . c:\program files\Bonjour\mDNSResponder.exe c:\program files\Java\jre6\bin\jqs.exe c:\program files\Analog Devices\SoundMAX\SMAgent.exe c:\program files\UPHClean\uphclean.exe c:\windows\system32\searchindexer.exe c:\program files\Java\jre6\bin\jusched.exe c:\program files\Startup Faster\SFAgent.exe c:\windows\system32\wscntfy.exe . ************************************************************************** . Voltooingstijd: 2009-07-02 9:09 - machine werd herstart ComboFix-quarantined-files.txt 2009-07-02 07:09 ComboFix2.txt 2009-05-14 05:23 Pre-Run: 13.723.881.472 bytes beschikbaar Post-Run: 13.616.316.416 bytes beschikbaar 196 --- E O F --- 2009-06-24 12:27
-
Ik heb een vergissing gemaakt, ik weet niet of het een trojan is, maar het is daadwerkelijk een virus. Kan je me helpen, please?
-
Elke keer...
-
Kaspersky meldt dat er verschillende trojans zijn, ik heb gescand, ik weet niet of er succes is? Hijackthis log: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 16:10:55, on 1-7-2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\McAfee\SiteAdvisor\McSACore.exe C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe C:\Program Files\UPHClean\uphclean.exe C:\WINDOWS\system32\SearchIndexer.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\Startup Faster\sfAgent.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O2 - BHO: IE7Pro - {00011268-E188-40DF-A514-835FCD78B1BF} - C:\Program Files\IEPro\iepro.dll O2 - BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll O4 - HKLM\..\Run: [startupFaster] "C:\Program Files\Startup Faster\startuploader.exe" -run SFAURUN SFCURUN SFAUSTARTUP SFCUSTARTUP O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe" O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: StartupFaster O4 - Global Startup: StartupFaster O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200 O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Toevoegen aan de Banner Ad Blokker - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm O9 - Extra button: IE7Pro Grab and Drag - {000002a3-84fe-43f1-b958-f2c3ca804f1a} - C:\Program Files\IEPro\iepro.dll O9 - Extra 'Tools' menuitem: IE7Pro Grab and Drag - {000002a3-84fe-43f1-b958-f2c3ca804f1a} - C:\Program Files\IEPro\iepro.dll O9 - Extra button: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll O9 - Extra 'Tools' menuitem: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll O9 - Extra button: Statistieken bescherming internetverkeer - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.srtest.com/srl_bin/sysreqlab_srl.cab O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/ms ... b56986.cab O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - Windows Live OneCare ... se5483.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 4729934546 O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b56907.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-l ... cfscan.cab O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll,C:\PROGRA ~1\KASPER~1\KASPER~1\mzvkbd3.dll,C:\PROGRA~1\KASPE R~1\KASPER~1\adialhk.dll,C:\PROGRA~1\KASPER~1\KASP ER~1\kloehk.dll O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762# # (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: getPlus® Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe -- End of file - 8243 bytes
