Ga naar inhoud

evaa

Lid
 Bekijk profiel  Bekijk hun activiteit

  • Items

    7

  • Registratiedatum

  • Laatst bezocht

 Inhoudstype 

Alles dat geplaatst werd door evaa

  1. evaa
    zo, dat geeft het volgende: ComboFix 10-06-18.03 - Administrator 19/06/2010 11:15:29.3.2 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.32.1043.18.2047.1628 [GMT 2:00] Gestart vanuit: c:\documents and settings\Administrator\Bureaublad\ComboFix.exe AV: COMODO Antivirus *On-access scanning disabled* (Updated) {043803A5-4F86-4ef7-AFC5-F6E02A79969B} FW: COMODO Firewall *disabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B} . (((((((((((((((((((( Bestanden Gemaakt van 2010-05-19 to 2010-06-19 )))))))))))))))))))))))))))))) . 2010-06-18 17:16 . 2010-06-18 17:16 -------- d-----w- c:\program files\Common Files\Java 2010-06-18 17:15 . 2010-06-18 17:15 411368 ----a-w- c:\windows\system32\deployJava1.dll 2010-06-18 15:12 . 2010-06-19 09:05 -------- d--h--r- c:\documents and settings\Administrator\Onlangs geopend 2010-06-18 14:58 . 2010-06-18 14:58 -------- d-----w- c:\program files\CCleaner 2010-06-18 13:09 . 2010-06-18 13:09 -------- d-----w- C:\VritualRoot 2010-06-18 13:09 . 2010-06-18 13:10 -------- d-----w- c:\documents and settings\All Users\Application Data\COMODO 2010-06-18 13:09 . 2010-06-19 09:07 1285329 ----a-w- c:\windows\system32\drivers\sfi.dat 2010-06-18 13:07 . 2010-06-18 13:07 -------- d-----w- c:\program files\COMODO 2010-06-18 12:46 . 2010-06-18 13:07 -------- d-----w- c:\documents and settings\All Users\Application Data\Comodo Downloader 2010-06-18 07:04 . 2010-06-18 07:04 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes 2010-06-18 07:04 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-06-18 07:03 . 2010-06-18 07:04 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-06-18 07:03 . 2010-06-18 07:03 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2010-06-18 07:03 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-06-17 16:44 . 2010-06-17 16:44 388096 ----a-r- c:\documents and settings\Administrator\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe 2010-06-17 16:44 . 2010-06-17 16:44 -------- d-----w- c:\program files\Trend Micro 2010-06-17 16:22 . 2010-06-17 16:22 -------- d-----w- C:\Street-Ads 2010-06-12 11:23 . 2010-06-12 11:23 -------- d-----w- c:\documents and settings\Laude\Application Data\Office Genuine Advantage 2010-06-11 14:59 . 2010-05-06 10:36 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll 2010-06-06 08:55 . 2010-06-06 08:55 -------- d-----w- c:\documents and settings\Administrator\Application Data\ElevatedDiagnostics 2010-06-04 19:27 . 2010-06-04 19:27 -------- d-----w- c:\documents and settings\Administrator\Application Data\Office Genuine Advantage 2010-06-04 09:55 . 2010-06-04 09:55 229312 ----a-w- c:\windows\system32\drivers\cmdGuard.sys 2010-06-04 06:36 . 2010-06-04 06:36 -------- d-----w- c:\windows\l2schemas 2010-06-04 06:36 . 2010-06-04 06:36 -------- d-----w- c:\windows\system32\nl 2010-06-04 06:36 . 2010-06-04 06:36 -------- d-----w- c:\windows\system32\bits 2010-06-03 19:47 . 2010-06-03 19:47 -------- d-----w- c:\documents and settings\Adm 2010-06-03 18:55 . 2010-06-03 18:55 -------- d-----w- c:\documents and settings\Administrator\Application Data\Epson 2010-06-01 17:00 . 2010-06-01 17:00 278288 ----a-w- c:\windows\system32\guard32.dll 2010-06-01 17:00 . 2010-06-01 17:00 87824 ----a-w- c:\windows\system32\drivers\inspect.sys 2010-06-01 17:00 . 2010-06-01 17:00 25240 ----a-w- c:\windows\system32\drivers\cmdhlp.sys 2010-06-01 17:00 . 2010-06-01 17:00 15464 ----a-w- c:\windows\system32\drivers\cmderd.sys 2010-05-28 05:13 . 2010-05-28 05:13 503808 ----a-w- c:\documents and settings\Laude\Application Data\Sun\Java\Deployment\cache\6.0\46\f84c6ae-14dd9992-n\msvcp71.dll 2010-05-28 05:13 . 2010-05-28 05:13 499712 ----a-w- c:\documents and settings\Laude\Application Data\Sun\Java\Deployment\cache\6.0\46\f84c6ae-14dd9992-n\jmc.dll 2010-05-28 05:13 . 2010-05-28 05:13 348160 ----a-w- c:\documents and settings\Laude\Application Data\Sun\Java\Deployment\cache\6.0\46\f84c6ae-14dd9992-n\msvcr71.dll . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-06-19 09:16 . 2002-12-31 12:00 87416 ----a-w- c:\windows\system32\perfc013.dat 2010-06-19 09:16 . 2002-12-31 12:00 502200 ----a-w- c:\windows\system32\perfh013.dat 2010-06-18 17:05 . 2008-02-12 21:51 -------- d-----w- c:\program files\Google 2010-06-18 17:05 . 2008-02-16 21:11 -------- d-----w- c:\program files\Java 2010-06-18 13:14 . 2008-02-12 23:12 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP 2010-06-17 11:40 . 2009-03-07 15:52 -------- d-----w- c:\documents and settings\All Users\Application Data\Hitman Pro 3 2010-06-17 09:54 . 2009-02-13 17:57 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater 2010-06-12 12:35 . 2008-11-12 22:03 85488 ----a-w- c:\documents and settings\Laude\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2010-06-05 06:25 . 2009-10-16 22:11 -------- d-----w- c:\documents and settings\Administrator\Application Data\LimeWirePlus 2010-06-04 21:46 . 2009-11-10 15:55 -------- d-----w- c:\program files\Microsoft Silverlight 2010-06-04 07:47 . 2008-02-12 22:23 85488 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2010-06-04 06:38 . 2008-02-13 04:27 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat 2010-05-26 20:42 . 2009-01-14 22:28 1388 ----a-w- c:\documents and settings\Administrator\Application Data\ViewerApp.dat 2010-05-06 10:37 . 2002-12-31 12:00 916480 ----a-w- c:\windows\system32\wininet.dll 2010-05-02 12:02 . 2010-05-02 11:55 -------- d-----w- c:\documents and settings\All Users\Application Data\EPSON 2010-05-02 11:57 . 2008-02-12 22:16 -------- d--h--w- c:\program files\InstallShield Installation Information 2010-05-02 11:57 . 2010-05-02 11:54 -------- d-----w- c:\program files\epson 2010-05-02 11:57 . 2008-02-12 22:12 -------- d-----w- c:\program files\Common Files\InstallShield 2010-05-02 11:57 . 2010-05-02 11:56 -------- d-----w- c:\program files\Epson Software 2010-05-02 11:56 . 2010-05-02 11:56 -------- d-----w- c:\program files\ABBYY FineReader 6.0 Sprint 2010-05-02 08:10 . 2002-12-31 12:00 1851392 ----a-w- c:\windows\system32\win32k.sys 2010-04-29 18:47 . 2010-04-29 18:47 3600384 ----a-w- c:\windows\system32\GPhotos.scr 2010-04-20 05:35 . 2002-12-31 12:00 285696 ----a-w- c:\windows\system32\atmfd.dll 2010-04-08 07:57 . 2010-04-08 07:57 664 ----a-w- c:\documents and settings\Hannekesnest\Local Settings\Application Data\d3d9caps.tmp 2010-03-22 06:52 . 2010-01-06 17:17 84712 ----a-w- c:\documents and settings\Hannekesnest\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2008-06-21 20:05 . 2008-06-21 20:01 10963280 ----a-w- c:\program files\setup-beid-runtime-2.6_tcm147-9841.zip . ((((((((((((((((((((((((((((( SnapShot@2010-06-18_17.58.20 ))))))))))))))))))))))))))))))))))))))))) . + 2010-06-19 09:11 . 2010-06-19 09:11 16384 c:\windows\Temp\Perflib_Perfdata_2f8.dat + 2010-06-19 09:11 . 2010-06-19 09:11 16384 c:\windows\Temp\Perflib_Perfdata_208.dat + 2002-12-31 12:00 . 2010-06-19 09:16 68470 c:\windows\system32\perfc009.dat - 2002-12-31 12:00 . 2010-06-18 17:53 68470 c:\windows\system32\perfc009.dat + 2002-12-31 12:00 . 2010-06-19 09:16 435574 c:\windows\system32\perfh009.dat - 2002-12-31 12:00 . 2010-06-18 17:53 435574 c:\windows\system32\perfh009.dat . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RocketDock"="c:\program files\RocketDock\RocketDock.exe" [2007-09-02 495616] "Rainlendar2"="c:\program files\Rainlendar2\Rainlendar2.exe" [2007-12-30 1365504] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-05-03 68856] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-12-05 8523776] "nwiz"="nwiz.exe" [2007-12-05 1626112] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-12-05 81920] "RTHDCPL"="RTHDCPL.EXE" [2007-02-26 16125440] "Norton Ghost 12.0"="c:\program files\Norton Ghost\Agent\VProTray.exe" [2007-03-28 2037352] "Logitech Utility"="Logi_MwX.Exe" [2003-12-17 19968] "beidsystemtray"="c:\program files\Belgium Identity Card\beidsystemtray.exe" [2007-02-19 188416] "HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb09.exe" [2004-05-04 176128] "HPHUPD05"="c:\program files\Hewlett-Packard\\{5372B9A6-6E51-4f90-9B40-E0A3B8475C4E}\hphupd05.exe" [2004-04-01 49152] "HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2003-12-22 241664] "ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2009-10-10 203264] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-11-10 417792] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-11-12 141600] "nxpOEAPI"="c:\program files\NXPowerLite\loadnxploeaddin.exe" [2009-06-01 91520] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768] "COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2010-06-01 2039240] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040] c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\ Kodak EasyShare software.lnk - c:\program files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2007-9-19 282624] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoSMBalloonTip"= 0 (0x0) [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer] "NoSMBalloonTip"= 0 (0x0) "ForceClassicControlPanel"= 1 (0x1) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=c:\windows\system32\guard32.dll [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Picture Package Menu.lnk] path=c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\Picture Package Menu.lnk backup=c:\windows\pss\Picture Package Menu.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Picture Package VCD Maker.lnk] path=c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\Picture Package VCD Maker.lnk backup=c:\windows\pss\Picture Package VCD Maker.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut] 2007-02-07 15:21 54832 ----a-w- c:\program files\CyberLink\PowerDVD\Language\Language.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LaunchList] 2007-03-21 13:41 145496 ----a-w- c:\program files\Pinnacle\Studio 11\LaunchList2.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl] 2007-02-07 15:24 71216 ------w- c:\program files\CyberLink\PowerDVD\PDVDServ.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite] 2009-09-24 13:41 434176 ----a-w- c:\program files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg] 2008-05-03 20:29 68856 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 "FirewallOverride"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\CyberLink\\PowerDVD\\PowerDVD.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"= "c:\\Program Files\\LimeWire\\LimeWire.exe"= "c:\\Program Files\\Pinnacle\\Studio 11\\programs\\RM.exe"= "c:\\Program Files\\Pinnacle\\Studio 11\\programs\\Studio.exe"= "c:\\Program Files\\Pinnacle\\Studio 11\\programs\\PMSRegisterFile.exe"= "c:\\Program Files\\Pinnacle\\Studio 11\\programs\\umi.exe"= "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"= "c:\\Program Files\\LimeWire Plus\\LimeWire.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= R1 cmderd;COMODO Internet Security Eradication Driver;c:\windows\system32\drivers\cmderd.sys [1/06/2010 19:00 15464] R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdGuard.sys [4/06/2010 11:55 229312] R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [1/06/2010 19:00 25240] R3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\drivers\seehcri.sys [7/03/2010 16:17 27632] S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [13/02/2008 0:55 715248] S2 Ca1528av;SPCA1528 Video Camera Service;c:\windows\system32\Drivers\Ca1528av.sys --> c:\windows\system32\Drivers\Ca1528av.sys [?] S2 gupdate1c98e04a0ad2bce;Google Updateservice (gupdate1c98e04a0ad2bce);c:\program files\Google\Update\GoogleUpdate.exe [13/02/2009 19:58 133104] S2 OMSI download service;Sony Ericsson OMSI download service;c:\program files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe [7/03/2010 16:17 90112] S3 ACSSCR;ACR38 Smart Card Reader;c:\windows\system32\drivers\a38usb.sys [24/03/2006 19:14 33536] S3 Bulk1528;SPCA1528 Still Camera Service;c:\windows\system32\Drivers\Bulk1528.sys --> c:\windows\system32\Drivers\Bulk1528.sys [?] S3 hitmanpro3;Hitman Pro 3 Support Driver;\??\c:\windows\system32\drivers\hitmanpro3.sys --> c:\windows\system32\drivers\hitmanpro3.sys [?] S3 s0016bus;Sony Ericsson Device 0016 driver (WDM);c:\windows\system32\drivers\s0016bus.sys [8/02/2009 15:12 89256] S3 s0016mdfl;Sony Ericsson Device 0016 USB WMC Modem Filter;c:\windows\system32\drivers\s0016mdfl.sys [8/02/2009 15:12 15016] S3 s0016mdm;Sony Ericsson Device 0016 USB WMC Modem Driver;c:\windows\system32\drivers\s0016mdm.sys [8/02/2009 15:12 120744] S3 s0016mgmt;Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s0016mgmt.sys [8/02/2009 15:12 114216] S3 s0016nd5;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS);c:\windows\system32\drivers\s0016nd5.sys [8/02/2009 15:12 25512] S3 s0016obex;Sony Ericsson Device 0016 USB WMC OBEX Interface;c:\windows\system32\drivers\s0016obex.sys [8/02/2009 15:12 110632] S3 s0016unic;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM);c:\windows\system32\drivers\s0016unic.sys [8/02/2009 15:12 115752] . Inhoud van de 'Gedeelde Taken' map 2010-06-15 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34] 2010-06-19 c:\windows\Tasks\Google Software Updater.job - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-02-16 11:27] 2010-06-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-02-13 17:58] 2010-06-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-02-13 17:58] 2010-06-19 c:\windows\Tasks\OGALogon.job - c:\windows\system32\OGAEXEC.exe [2009-08-03 13:07] . . ------- Bijkomende Scan ------- . uStart Page = hxxp://www.skynet.be/ uInternet Settings,ProxyOverride = *.local IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: E&xporteren naar Microsoft Excel - c:\progra~1\Microsoft Office\OFFICE11\EXCEL.EXE/3000 IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_2EC7709873947E87.dll/cmsidewiki.html . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover Rootkit scan 2010-06-19 11:21 Windows 5.1.2600 Service Pack 3 NTFS detected NTDLL code modification: ZwClose, ZwOpenFile scannen van verborgen processen ... scannen van verborgen autostart items ... scannen van verborgen bestanden ... Scan succesvol afgerond verborgen bestanden: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{95808DC4-FA4A-4c74-92FE-5B863F82066B}] "ImagePath"="\??\c:\program files\CyberLink\PowerDVD\000.fcl" . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- [HKEY_USERS\S-1-5-21-2052111302-2147133873-839522115-500\Software\Microsoft\Internet Explorer\User Preferences] @Denied: (2) (Administrator) "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,a8,ca,f0,db,2b,bf,7f,49,8b,d4,c9,\ "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,a8,ca,f0,db,2b,bf,7f,49,8b,d4,c9,\ [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|ù•9~*] "3140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL" . Voltooingstijd: 2010-06-19 11:22:24 ComboFix-quarantined-files.txt 2010-06-19 09:22 ComboFix2.txt 2010-06-19 08:50 ComboFix3.txt 2010-06-18 17:59 Pre-Run: 69.136.748.544 bytes beschikbaar Post-Run: 69.128.650.752 bytes beschikbaar - - End Of File - - 609003C3108356F35DE4D29AD202C797 groetjes en 'n fijn weekend Eva
  2. evaa
    zo, hier is 'm ComboFix 10-06-17.03 - Administrator 18/06/2010 19:54:54.1.2 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.32.1043.18.2047.1525 [GMT 2:00] Gestart vanuit: c:\documents and settings\Administrator\Bureaublad\ComboFix.exe AV: COMODO Antivirus *On-access scanning disabled* (Updated) {043803A5-4F86-4ef7-AFC5-F6E02A79969B} FW: COMODO Firewall *disabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B} . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\Administrator\Application Data\214D89AC59196C94A55313D1B5865BD0 c:\documents and settings\Administrator\Application Data\214D89AC59196C94A55313D1B5865BD0\enemies-names.txt c:\documents and settings\Administrator\Application Data\214D89AC59196C94A55313D1B5865BD0\local.ini c:\documents and settings\Administrator\Menu Start\Programma's\Antimalware Doctor c:\documents and settings\Administrator\Menu Start\Programma's\Antimalware Doctor\Antimalware Doctor.lnk c:\documents and settings\Administrator\Menu Start\Programma's\Antimalware Doctor\Uninstall.lnk c:\documents and settings\All Users\Application Data\hpe1928.dll c:\documents and settings\All Users\Application Data\hpeE99.dll C:\Thumbs.db c:\windows\system32\Thumbs.db c:\windows\system32\win.com . (((((((((((((((((((( Bestanden Gemaakt van 2010-05-18 to 2010-06-18 )))))))))))))))))))))))))))))) . 2010-06-18 17:16 . 2010-06-18 17:16 -------- d-----w- c:\program files\Common Files\Java 2010-06-18 17:15 . 2010-06-18 17:15 411368 ----a-w- c:\windows\system32\deployJava1.dll 2010-06-18 15:12 . 2010-06-18 15:12 -------- d--h--r- c:\documents and settings\Administrator\Onlangs geopend 2010-06-18 14:58 . 2010-06-18 14:58 -------- d-----w- c:\program files\CCleaner 2010-06-18 13:09 . 2010-06-18 13:09 -------- d-----w- C:\VritualRoot 2010-06-18 13:09 . 2010-06-18 13:10 -------- d-----w- c:\documents and settings\All Users\Application Data\COMODO 2010-06-18 13:09 . 2010-06-18 17:49 1170560 ----a-w- c:\windows\system32\drivers\sfi.dat 2010-06-18 13:07 . 2010-06-18 13:07 -------- d-----w- c:\program files\COMODO 2010-06-18 12:46 . 2010-06-18 13:07 -------- d-----w- c:\documents and settings\All Users\Application Data\Comodo Downloader 2010-06-18 07:04 . 2010-06-18 07:04 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes 2010-06-18 07:04 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-06-18 07:03 . 2010-06-18 07:04 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-06-18 07:03 . 2010-06-18 07:03 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2010-06-18 07:03 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-06-17 16:44 . 2010-06-17 16:44 388096 ----a-r- c:\documents and settings\Administrator\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe 2010-06-17 16:44 . 2010-06-17 16:44 -------- d-----w- c:\program files\Trend Micro 2010-06-17 16:22 . 2010-06-17 16:22 -------- d-----w- C:\Street-Ads 2010-06-12 11:23 . 2010-06-12 11:23 -------- d-----w- c:\documents and settings\Laude\Application Data\Office Genuine Advantage 2010-06-11 14:59 . 2010-05-06 10:36 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll 2010-06-06 08:55 . 2010-06-06 08:55 -------- d-----w- c:\documents and settings\Administrator\Application Data\ElevatedDiagnostics 2010-06-04 19:27 . 2010-06-04 19:27 -------- d-----w- c:\documents and settings\Administrator\Application Data\Office Genuine Advantage 2010-06-04 09:55 . 2010-06-04 09:55 229312 ----a-w- c:\windows\system32\drivers\cmdGuard.sys 2010-06-04 06:36 . 2010-06-04 06:36 -------- d-----w- c:\windows\l2schemas 2010-06-04 06:36 . 2010-06-04 06:36 -------- d-----w- c:\windows\system32\nl 2010-06-04 06:36 . 2010-06-04 06:36 -------- d-----w- c:\windows\system32\bits 2010-06-03 19:47 . 2010-06-03 19:47 -------- d-----w- c:\documents and settings\Adm 2010-06-03 18:55 . 2010-06-03 18:55 -------- d-----w- c:\documents and settings\Administrator\Application Data\Epson 2010-06-01 17:00 . 2010-06-01 17:00 278288 ----a-w- c:\windows\system32\guard32.dll 2010-06-01 17:00 . 2010-06-01 17:00 87824 ----a-w- c:\windows\system32\drivers\inspect.sys 2010-06-01 17:00 . 2010-06-01 17:00 25240 ----a-w- c:\windows\system32\drivers\cmdhlp.sys 2010-06-01 17:00 . 2010-06-01 17:00 15464 ----a-w- c:\windows\system32\drivers\cmderd.sys 2010-05-28 05:13 . 2010-05-28 05:13 503808 ----a-w- c:\documents and settings\Laude\Application Data\Sun\Java\Deployment\cache\6.0\46\f84c6ae-14dd9992-n\msvcp71.dll 2010-05-28 05:13 . 2010-05-28 05:13 499712 ----a-w- c:\documents and settings\Laude\Application Data\Sun\Java\Deployment\cache\6.0\46\f84c6ae-14dd9992-n\jmc.dll 2010-05-28 05:13 . 2010-05-28 05:13 348160 ----a-w- c:\documents and settings\Laude\Application Data\Sun\Java\Deployment\cache\6.0\46\f84c6ae-14dd9992-n\msvcr71.dll . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-06-18 17:53 . 2002-12-31 12:00 87416 ----a-w- c:\windows\system32\perfc013.dat 2010-06-18 17:53 . 2002-12-31 12:00 502200 ----a-w- c:\windows\system32\perfh013.dat 2010-06-18 17:05 . 2008-02-12 21:51 -------- d-----w- c:\program files\Google 2010-06-18 17:05 . 2008-02-16 21:11 -------- d-----w- c:\program files\Java 2010-06-18 13:14 . 2008-02-12 23:12 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP 2010-06-17 11:40 . 2009-03-07 15:52 -------- d-----w- c:\documents and settings\All Users\Application Data\Hitman Pro 3 2010-06-17 09:54 . 2009-02-13 17:57 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater 2010-06-12 12:35 . 2008-11-12 22:03 85488 ----a-w- c:\documents and settings\Laude\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2010-06-05 06:25 . 2009-10-16 22:11 -------- d-----w- c:\documents and settings\Administrator\Application Data\LimeWirePlus 2010-06-04 21:46 . 2009-11-10 15:55 -------- d-----w- c:\program files\Microsoft Silverlight 2010-06-04 07:47 . 2008-02-12 22:23 85488 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2010-06-04 06:38 . 2008-02-13 04:27 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat 2010-05-26 20:42 . 2009-01-14 22:28 1388 ----a-w- c:\documents and settings\Administrator\Application Data\ViewerApp.dat 2010-05-06 10:37 . 2002-12-31 12:00 916480 ----a-w- c:\windows\system32\wininet.dll 2010-05-02 12:02 . 2010-05-02 11:55 -------- d-----w- c:\documents and settings\All Users\Application Data\EPSON 2010-05-02 11:57 . 2008-02-12 22:16 -------- d--h--w- c:\program files\InstallShield Installation Information 2010-05-02 11:57 . 2010-05-02 11:54 -------- d-----w- c:\program files\epson 2010-05-02 11:57 . 2008-02-12 22:12 -------- d-----w- c:\program files\Common Files\InstallShield 2010-05-02 11:57 . 2010-05-02 11:56 -------- d-----w- c:\program files\Epson Software 2010-05-02 11:56 . 2010-05-02 11:56 -------- d-----w- c:\program files\ABBYY FineReader 6.0 Sprint 2010-05-02 08:10 . 2002-12-31 12:00 1851392 ----a-w- c:\windows\system32\win32k.sys 2010-04-29 18:47 . 2010-04-29 18:47 3600384 ----a-w- c:\windows\system32\GPhotos.scr 2010-04-20 05:35 . 2002-12-31 12:00 285696 ----a-w- c:\windows\system32\atmfd.dll 2010-04-08 07:57 . 2010-04-08 07:57 664 ----a-w- c:\documents and settings\Hannekesnest\Local Settings\Application Data\d3d9caps.tmp 2010-03-22 06:52 . 2010-01-06 17:17 84712 ----a-w- c:\documents and settings\Hannekesnest\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2008-06-21 20:05 . 2008-06-21 20:01 10963280 ----a-w- c:\program files\setup-beid-runtime-2.6_tcm147-9841.zip . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RocketDock"="c:\program files\RocketDock\RocketDock.exe" [2007-09-02 495616] "Rainlendar2"="c:\program files\Rainlendar2\Rainlendar2.exe" [2007-12-30 1365504] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-05-03 68856] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-12-05 8523776] "nwiz"="nwiz.exe" [2007-12-05 1626112] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-12-05 81920] "RTHDCPL"="RTHDCPL.EXE" [2007-02-26 16125440] "Norton Ghost 12.0"="c:\program files\Norton Ghost\Agent\VProTray.exe" [2007-03-28 2037352] "Logitech Utility"="Logi_MwX.Exe" [2003-12-17 19968] "beidsystemtray"="c:\program files\Belgium Identity Card\beidsystemtray.exe" [2007-02-19 188416] "HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb09.exe" [2004-05-04 176128] "HPHUPD05"="c:\program files\Hewlett-Packard\\{5372B9A6-6E51-4f90-9B40-E0A3B8475C4E}\hphupd05.exe" [2004-04-01 49152] "HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2003-12-22 241664] "ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2009-10-10 203264] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-11-10 417792] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-11-12 141600] "nxpOEAPI"="c:\program files\NXPowerLite\loadnxploeaddin.exe" [2009-06-01 91520] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768] "COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2010-06-01 2039240] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040] c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\ Kodak EasyShare software.lnk - c:\program files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2007-9-19 282624] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoSMBalloonTip"= 0 (0x0) [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer] "NoSMBalloonTip"= 0 (0x0) "ForceClassicControlPanel"= 1 (0x1) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=c:\windows\system32\guard32.dll [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Picture Package Menu.lnk] path=c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\Picture Package Menu.lnk backup=c:\windows\pss\Picture Package Menu.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Picture Package VCD Maker.lnk] path=c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\Picture Package VCD Maker.lnk backup=c:\windows\pss\Picture Package VCD Maker.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut] 2007-02-07 15:21 54832 ----a-w- c:\program files\CyberLink\PowerDVD\Language\Language.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LaunchList] 2007-03-21 13:41 145496 ----a-w- c:\program files\Pinnacle\Studio 11\LaunchList2.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl] 2007-02-07 15:24 71216 ------w- c:\program files\CyberLink\PowerDVD\PDVDServ.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite] 2009-09-24 13:41 434176 ----a-w- c:\program files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg] 2008-05-03 20:29 68856 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 "FirewallOverride"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\CyberLink\\PowerDVD\\PowerDVD.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"= "c:\\Program Files\\LimeWire\\LimeWire.exe"= "c:\\Program Files\\Pinnacle\\Studio 11\\programs\\RM.exe"= "c:\\Program Files\\Pinnacle\\Studio 11\\programs\\Studio.exe"= "c:\\Program Files\\Pinnacle\\Studio 11\\programs\\PMSRegisterFile.exe"= "c:\\Program Files\\Pinnacle\\Studio 11\\programs\\umi.exe"= "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"= "c:\\Program Files\\LimeWire Plus\\LimeWire.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= R1 cmderd;COMODO Internet Security Eradication Driver;c:\windows\system32\drivers\cmderd.sys [1/06/2010 19:00 15464] R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdGuard.sys [4/06/2010 11:55 229312] R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [1/06/2010 19:00 25240] R3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\drivers\seehcri.sys [7/03/2010 16:17 27632] S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [13/02/2008 0:55 715248] S2 Ca1528av;SPCA1528 Video Camera Service;c:\windows\system32\Drivers\Ca1528av.sys --> c:\windows\system32\Drivers\Ca1528av.sys [?] S2 gupdate1c98e04a0ad2bce;Google Updateservice (gupdate1c98e04a0ad2bce);c:\program files\Google\Update\GoogleUpdate.exe [13/02/2009 19:58 133104] S2 OMSI download service;Sony Ericsson OMSI download service;c:\program files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe [7/03/2010 16:17 90112] S3 ACSSCR;ACR38 Smart Card Reader;c:\windows\system32\drivers\a38usb.sys [24/03/2006 19:14 33536] S3 Bulk1528;SPCA1528 Still Camera Service;c:\windows\system32\Drivers\Bulk1528.sys --> c:\windows\system32\Drivers\Bulk1528.sys [?] S3 hitmanpro3;Hitman Pro 3 Support Driver;\??\c:\windows\system32\drivers\hitmanpro3.sys --> c:\windows\system32\drivers\hitmanpro3.sys [?] S3 s0016bus;Sony Ericsson Device 0016 driver (WDM);c:\windows\system32\drivers\s0016bus.sys [8/02/2009 15:12 89256] S3 s0016mdfl;Sony Ericsson Device 0016 USB WMC Modem Filter;c:\windows\system32\drivers\s0016mdfl.sys [8/02/2009 15:12 15016] S3 s0016mdm;Sony Ericsson Device 0016 USB WMC Modem Driver;c:\windows\system32\drivers\s0016mdm.sys [8/02/2009 15:12 120744] S3 s0016mgmt;Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s0016mgmt.sys [8/02/2009 15:12 114216] S3 s0016nd5;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS);c:\windows\system32\drivers\s0016nd5.sys [8/02/2009 15:12 25512] S3 s0016obex;Sony Ericsson Device 0016 USB WMC OBEX Interface;c:\windows\system32\drivers\s0016obex.sys [8/02/2009 15:12 110632] S3 s0016unic;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM);c:\windows\system32\drivers\s0016unic.sys [8/02/2009 15:12 115752] . Inhoud van de 'Gedeelde Taken' map 2010-06-15 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34] 2010-06-18 c:\windows\Tasks\Google Software Updater.job - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-02-16 11:27] 2010-06-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-02-13 17:58] 2010-06-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-02-13 17:58] 2010-06-18 c:\windows\Tasks\OGALogon.job - c:\windows\system32\OGAEXEC.exe [2009-08-03 13:07] . . ------- Bijkomende Scan ------- . uStart Page = hxxp://www.skynet.be/ uInternet Settings,ProxyOverride = *.local IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: E&xporteren naar Microsoft Excel - c:\progra~1\Microsoft Office\OFFICE11\EXCEL.EXE/3000 IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_2EC7709873947E87.dll/cmsidewiki.html . - - - - ORPHANS VERWIJDERD - - - - WebBrowser-{47E161A0-F4BA-41DD-A17B-D2EB26AD6A02} - (no file) ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover Rootkit scan 2010-06-18 19:58 Windows 5.1.2600 Service Pack 3 NTFS detected NTDLL code modification: ZwClose, ZwOpenFile scannen van verborgen processen ... scannen van verborgen autostart items ... scannen van verborgen bestanden ... Scan succesvol afgerond verborgen bestanden: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{95808DC4-FA4A-4c74-92FE-5B863F82066B}] "ImagePath"="\??\c:\program files\CyberLink\PowerDVD\000.fcl" . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- [HKEY_USERS\S-1-5-21-2052111302-2147133873-839522115-500\Software\Microsoft\Internet Explorer\User Preferences] @Denied: (2) (Administrator) "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,a8,ca,f0,db,2b,bf,7f,49,8b,d4,c9,\ "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,a8,ca,f0,db,2b,bf,7f,49,8b,d4,c9,\ [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|ù•9~*] "3140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL" . Voltooingstijd: 2010-06-18 19:59:33 ComboFix-quarantined-files.txt 2010-06-18 17:59 Pre-Run: 67.065.323.520 bytes beschikbaar Post-Run: 67.621.462.016 bytes beschikbaar WindowsXP-KB310994-SP2-Pro-BootDisk-NLD.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect - - End Of File - - AA00A0CE7391CA8500F36F34B0DCDDE2 ik kreeg wel een melding ivm cd emulation drivers die tijdelijk uitgeschakeld zouden worden. groetjes! Eva
  3. evaa
    Hee, Ik heb ondertussen Comodo geinstalleerd, de Comodo scan haalt er nog de volgende items uit: TrojWare.Win32.Rootkit.TDL3.gen@104154548 C:\System Volume Information\_restore{3EDA46A0-03ED-46BA-9361-F07C26C4E3A0}\RP850\A0103220.sys TrojWare.Win32.Rootkit.TDL3.gen@104154548 C:\System Volume Information\_restore{3EDA46A0-03ED-46BA-9361-F07C26C4E3A0}\RP852\A0103295.sys UnclassifiedMalware@98741631 C:\System Volume Information\_restore{3EDA46A0-03ED-46BA-9361-F07C26C4E3A0}\RP861\A0104078.exe Heur.Suspicious@25205291 C:\Program Files\Epson Software\Event Manager\EEventManager.exe UnclassifiedMalware@107431128 C:\Program Files\Trend Micro\HiJackThis\backups\backup-20100617-225601-976.dll UnclassifiedMalware@107431127 C:\Program Files\Trend Micro\HiJackThis\backups\backup-20100617-225602-338.dll Heur.Suspicious@107024248 C:\Documents and Settings\Administrator\Application Data\214D89AC59196C94A55313D1B5865BD0\gotnewupdate000.exe TrojWare.Win32.Trojan.Agent.~ICX@85680733 C:\Documents and Settings\Administrator\Application Data\Thinstall\ACDSee 9 Photo Manager\4000008f300002h\ACDSee9.exe TrojWare.Win32.Trojan.Agent.~ICX@85680733 C:\Documents and Settings\Administrator\Application Data\Thinstall\ACDSee 9 Photo Manager\1000000b00002h\verclsid.exe TrojWare.Java.TrojanDownloader.Agent.cl@106718799 C:\Documents and Settings\Administrator\Local Settings\Temp\jar_cache3455979979371654045.tmp|a13d8.class TrojWare.Java.Agent.d@106808859 C:\Documents and Settings\Administrator\Local Settings\Temp\jar_cache3455979979371654045.tmp|ad3740b4.class TrojWare.Java.TrojanDownloader.Agent.cl@106718799 C:\Documents and Settings\Administrator\Local Settings\Temp\jar_cache9215339503507353776.tmp|a13d8.class Heur.Dual.Extensions@-1 C:\Documents and Settings\Administrator\Local Settings\Temp\nsz5585.tmp.exe UnclassifiedMalware@107698024 C:\Documents and Settings\Administrator\Local Settings\Temp\rcosmwxaen.tmp|adInstlPlg.dll Heur.Dual.Extensions@-1 C:\Documents and Settings\Administrator\Local Settings\Temp\nsz24C8.tmp.exe UnclassifiedMalware@107431127 C:\Documents and Settings\Administrator\Local Settings\Temp\rcosmwxaen.tmp|$R UnclassifiedMalware@107431128 C:\Documents and Settings\Administrator\Local Settings\Temp\rcosmwxaen.tmp|$[(].dll UnclassifiedMalware@107698024 C:\Documents and Settings\Administrator\Local Settings\Temp\rcosmwxaen.tmp|adInstlPlg.dll Backdoor.Win32.mIRCbased@5904430 E:\Mijn muziek\Katana4\Mirc32.exe UnclassifiedMalware@27583983 E:\Mijn muziek\rock\Chinese White Boy - Peter Green And Mick Green.wma omdat hijackthis er ook tussenstaat vermoed ik nogal wat vals positieven, kan jij er aan uit? Ik heb voorlopig nog geen actie ondernomen. dit is het resultaat van security check: Results of screen317's Security Check version 0.99.4 Windows XP Service Pack 3 Internet Explorer 8 `````````````````````````````` Antivirus/Firewall Check: Antivirus up to date! ``````````````````````````````` Anti-malware/Other Utilities Check: Malwarebytes' Anti-Malware Java 6 Update 12 Java 6 Update 3 Java 6 Update 7 Out of date Java installed! Adobe Flash Player Adobe Reader 9.3 - Nederlands ```````````````````````````````` Process Check: objlist.exe by Laurent Comodo Firewall cmdagent.exe Comodo Firewall cfp.exe ```````````````````````````````` DNS Vulnerability Check: GREAT! (Not vulnerable to DNS cache poisoning) Momenteel laat ik de cleaner lopen en zal ik daarna nog eens scannen met Comodo. groetjes en thx! Eva
  4. evaa
    hee, item is nu weg, logje ziet er goed uit. Ik krijg geen meldingen meer maar de shortcuts van antimalware doctor zijn niet verdwenen, die mag ik gewoon deleten? Verder had ik na de infectie een windowsupdate gedaan om nieuwe infecties te voorkomen, die update heeft de cd rom driver verwijderd zodat het cdromstation niet meer zichtbaar is in de explorer. Daar open ik misschien beter een nieuw topic voor? Verder las ik hier ook iets van je java updaten? Kwestie van dit in de toekomst te voorkomen, hoe kan ik me indekken? Ken jij trouwens een goede gratis antispyware-antivirus combinatie? Is mijn windows firewall voldoende? Als ik morgen nog steeds een "schoon" systeem heb check ik deze topic als "opgelost" en ben ik ongelofelijk gelukkig met de snelle en professionele aanpak! De keren dat ik in het verleden probeerde het systeem op te kuisen leidde dat steeds naar een format c met toch wel verlies van heel wat data... Bedankt! Eva
  5. evaa
    okee, de logs: Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Databaseversie: 4211 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 18/06/2010 9:45:57 mbam-log-2010-06-18 (09-45-57).txt Scantype: Snelle scan Objecten gescand: 186866 Verstreken tijd: 16 minuut/minuten, 25 seconde(n) Geheugenprocessen geïnfecteerd: 1 Geheugenmodulen geïnfecteerd: 4 Registersleutels geïnfecteerd: 20 Registerwaarden geïnfecteerd: 1 Registerdata geïnfecteerd: 3 Mappen geïnfecteerd: 18 Bestanden geïnfecteerd: 29 Geheugenprocessen geïnfecteerd: C:\WINDOWS\regx32.exe (Hacktool.Agent) -> Unloaded process successfully. Geheugenmodulen geïnfecteerd: C:\WINDOWS\system32\notgqaju.dll (Adware.Lifze) -> Delete on reboot. C:\WINDOWS\system32\gupeqvbalagreavc.dll (Adware.Adrotator) -> Delete on reboot. C:\WINDOWS\system32\diwbjgjs.dll (Adware.AdShot) -> Delete on reboot. C:\WINDOWS\system32\cryptnet32.dll (Trojan.Tracur) -> Delete on reboot. Registersleutels geïnfecteerd: HKEY_CLASSES_ROOT\CLSID\{e0ec6fba-f009-3535-95d6-b6390db27da1} (Adware.AdShot) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\cscrptxt.cscrptxt (Adware.EZlife) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\cscrptxt.cscrptxt.1.0 (Adware.EZlife) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\AppID\{84c3c236-f588-4c93-84f4-147b2abbe67b} (Adware.Adrotator) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\AppID\{38061edc-40bb-4618-a8da-e56353347e6d} (Adware.EZlife) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\AppID\{7b6a2552-e65b-4a9e-add4-c45577ffd8fd} (Adware.EZLife) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\rjlpvvcrxyngewo (Adware.Adrotator) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\$NtUninstallMTF1011$ (Adware.Adrotator) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\$NtUninstallWTF1012$ (Adware.Adrotator) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Sky-Banners (Adware.Adrotator) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Sky-Banners (Adware.Adrotator) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\adgj.aghlp (Adware.EZLife) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\adgj.aghlp.1 (Adware.EZLife) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\adshothlpr.adshothlpr (Adware.Adrotator) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\adshothlpr.adshothlpr.1.0 (Adware.Adrotator) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\Software\Antimalware Doctor Inc (Rogue.AntimalwareDoctor) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Antimalware Doctor (Rogue.AntimalwareDoctor) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\Software\Street-Ads (Adware.Adrotator) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Street-Ads (Adware.Adrotator) -> Quarantined and deleted successfully. Registerwaarden geïnfecteerd: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\forceclassiccontrolpanel (Hijack.ControlPanelStyle) -> Quarantined and deleted successfully. Registerdata geïnfecteerd: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. Mappen geïnfecteerd: C:\Program Files\$NtUninstallWTF1012$ (Adware.EZLife) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Application Data\Sky-Banners (Adware.Adrotator) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Application Data\Sky-Banners\skb (Adware.Adrotator) -> Quarantined and deleted successfully. C:\Documents and Settings\Elias\Application Data\Sky-Banners (Adware.Adrotator) -> Quarantined and deleted successfully. C:\Documents and Settings\Elias\Application Data\Sky-Banners\skb (Adware.Adrotator) -> Quarantined and deleted successfully. C:\Documents and Settings\Hannekesnest\Application Data\Sky-Banners (Adware.Adrotator) -> Quarantined and deleted successfully. C:\Documents and Settings\Hannekesnest\Application Data\Sky-Banners\skb (Adware.Adrotator) -> Quarantined and deleted successfully. C:\Documents and Settings\Laude\Application Data\Sky-Banners (Adware.Adrotator) -> Quarantined and deleted successfully. C:\Documents and Settings\Laude\Application Data\Sky-Banners\skb (Adware.Adrotator) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Application Data\Street-Ads (Adware.Adrotator) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Application Data\Street-Ads\sta (Adware.Adrotator) -> Quarantined and deleted successfully. C:\Documents and Settings\Elias\Application Data\Street-Ads (Adware.Adrotator) -> Quarantined and deleted successfully. C:\Documents and Settings\Elias\Application Data\Street-Ads\sta (Adware.Adrotator) -> Quarantined and deleted successfully. C:\Documents and Settings\Hannekesnest\Application Data\Street-Ads (Adware.Adrotator) -> Quarantined and deleted successfully. C:\Documents and Settings\Hannekesnest\Application Data\Street-Ads\sta (Adware.Adrotator) -> Quarantined and deleted successfully. C:\Documents and Settings\Laude\Application Data\Street-Ads (Adware.Adrotator) -> Quarantined and deleted successfully. C:\Documents and Settings\Laude\Application Data\Street-Ads\sta (Adware.Adrotator) -> Quarantined and deleted successfully. C:\WINDOWS\$NtUninstallMTF1011$ (Adware.Adrotator) -> Quarantined and deleted successfully. Bestanden geïnfecteerd: C:\WINDOWS\system32\notgqaju.dll (Adware.Lifze) -> Delete on reboot. C:\WINDOWS\system32\gupeqvbalagreavc.dll (Adware.Adrotator) -> Delete on reboot. C:\WINDOWS\system32\diwbjgjs.dll (Adware.AdShot) -> Delete on reboot. C:\Documents and Settings\Administrator\Bureaublad\o.dat (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\aalqkmcy.exe (Adware.Lifze) -> Quarantined and deleted successfully. C:\WINDOWS\system32\rjlpvvcrxyngewo.exe (Adware.Adrotator) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Local Settings\Temp\YRWe.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Local Settings\Temp\_192.tmp (Trojan.Lukicsel) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Local Settings\Temp\cjxaymdn.exe (Trojan.Downloader) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Local Settings\Temp\cxgxdna.exe (Trojan.Downloader) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Local Settings\Temp\ecpaagh.exe (Trojan.Downloader) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Local Settings\Temp\Ewf.exe (Trojan.Fraudpack) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Local Settings\Temp\Ewg.exe (Trojan.Fraudpack) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Local Settings\Temp\exowrancms.tmp (Trojan.Downloader) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Local Settings\Temp\arapj.exe (Rogue.AntispywareSoft) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Local Settings\Temp\qrcbtbyy.exe (Malware.Gen) -> Quarantined and deleted successfully. C:\Program Files\$NtUninstallWTF1012$\elUninstall.exe (Adware.EZLife) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Application Data\Sky-Banners\skb\log.xml (Adware.Adrotator) -> Quarantined and deleted successfully. C:\Documents and Settings\Elias\Application Data\Sky-Banners\skb\log.xml (Adware.Adrotator) -> Quarantined and deleted successfully. C:\Documents and Settings\Hannekesnest\Application Data\Sky-Banners\skb\log.xml (Adware.Adrotator) -> Quarantined and deleted successfully. C:\Documents and Settings\Laude\Application Data\Sky-Banners\skb\log.xml (Adware.Adrotator) -> Quarantined and deleted successfully. C:\WINDOWS\$NtUninstallMTF1011$\apUninstall.exe (Adware.Adrotator) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Bureaublad\Antimalware Doctor.lnk (Rogue.AntimalwareDoctor) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Antimalware Doctor.lnk (Rogue.AntimalwareDoctor) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Menu Start\Antimalware Doctor.lnk (Rogue.AntimalwareDoctor) -> Quarantined and deleted successfully. C:\WINDOWS\system32\crt.dat (Malware.Trace) -> Quarantined and deleted successfully. C:\WINDOWS\system32\cryptnet32.dll (Trojan.Tracur) -> Delete on reboot. C:\WINDOWS\system32\shimg.dll (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\regx32.exe (Hacktool.Agent) -> Delete on reboot. en de volgende: Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 9:55:00, on 18/06/2010 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Norton Ghost\Agent\VProSvc.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe C:\WINDOWS\Explorer.EXE C:\Program Files\CyberLink\Shared files\RichVideo.exe C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\WINDOWS\RTHDCPL.EXE C:\Program Files\Norton Ghost\Agent\VProTray.exe C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe C:\Program Files\Belgium Identity Card\beidsystemtray.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe C:\Program Files\HP\hpcoretech\hpcmpmgr.exe C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe C:\Program Files\Logitech\MouseWare\system\em_exec.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac C:\Program Files\NXPowerLite\loadnxploeaddin.exe C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\RocketDock\RocketDock.exe C:\Program Files\Rainlendar2\Rainlendar2.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIFDE.EXE C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Skynet.be - LE portail belge – DE Belgische portaalsite! R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [Norton Ghost 12.0] "C:\Program Files\Norton Ghost\Agent\VProTray.exe" O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe O4 - HKLM\..\Run: [beidsystemtray] C:\Program Files\Belgium Identity Card\beidsystemtray.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\Hewlett-Packard\\{5372B9A6-6E51-4f90-9B40-E0A3B8475C4E}\hphupd05.exe O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" O4 - HKLM\..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [nxpOEAPI] C:\Program Files\NXPowerLite\loadnxploeaddin.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [EEventManager] C:\PROGRA~1\Epson Software\Event Manager\EEventManager.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe" O4 - HKCU\..\Run: [Rainlendar2] C:\Program Files\Rainlendar2\Rainlendar2.exe O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" O4 - HKCU\..\Run: [EPSON SX210 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIFDE.EXE /FU "C:\WINDOWS\TEMP\E_SDFA8.tmp" /EF "HKCU" O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200 O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\Microsoft Office\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_2EC7709873947E87.dll/cmsidewiki.html O9 - Extra button: In weblog opnemen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &In weblog opnemen met Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\Microsoft Office\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http://www.google.be O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} (Image Uploader Control) - http://www.new2.foto.com/ImageUploader5.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1237761331812 O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1237761321000 O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab O16 - DPF: {CB50428B-657F-47DF-9B32-671F82AA73F7} (Photodex Presenter AX control) - http://www.photodex.com/pxplay.cab O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} (Windows Live Hotmail Photo Upload Tool) - http://gfx2.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab O20 - Winlogon Notify: cryptnet32 - cryptnet32.dll (file missing) O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe O23 - Service: Adobe Active File Monitor V6 (AdobeActiveFileMonitor6.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe O23 - Service: Mobiel Apple apparaat (Apple Mobile Device) - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Google Updateservice (gupdate1c98e04a0ad2bce) (gupdate1c98e04a0ad2bce) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: Kodak Camera Connection Software (KodakCCS) - Unknown owner - C:\WINDOWS\system32\drivers\KodakCCS.exe (file missing) O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Norton Ghost\Agent\VProSvc.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Sony Ericsson OMSI download service (OMSI download service) - Unknown owner - C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe O23 - Service: PCLEPCI - Pinnacle Systems GmbH - C:\WINDOWS\system32\drivers\pclepci.sys O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe -- End of file - 12796 bytes
  6. evaa
    okee, dit is 'm: Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 22:57:43, on 17/06/2010 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Norton Ghost\Agent\VProSvc.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe C:\Program Files\CyberLink\Shared files\RichVideo.exe C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\RUNDLL32.EXE C:\WINDOWS\RTHDCPL.EXE C:\Program Files\Norton Ghost\Agent\VProTray.exe C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe C:\Program Files\Belgium Identity Card\beidsystemtray.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe C:\Program Files\HP\hpcoretech\hpcmpmgr.exe C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Logitech\MouseWare\system\em_exec.exe C:\Program Files\NXPowerLite\loadnxploeaddin.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\RocketDock\RocketDock.exe C:\Program Files\Rainlendar2\Rainlendar2.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIFDE.EXE C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\WINDOWS\system32\winlogon.exe C:\PROGRA~1\Microsoft Office\OFFICE11\OUTLOOK.EXE C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE C:\Program Files\Microsoft\Office Live\OfficeLiveSignIn.exe C:\Program Files\HP\hpcoretech\comp\hptskmgr.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Windows Media Player\wmplayer.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Documents and Settings\Administrator\Local Settings\Application Data\Yahoo!\BrowserPlus\2.8.1\BrowserPlusCore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\WINDOWS\system32\winlogon.exe C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Skynet.be - LE portail belge – DE Belgische portaalsite! R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [Norton Ghost 12.0] "C:\Program Files\Norton Ghost\Agent\VProTray.exe" O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe O4 - HKLM\..\Run: [beidsystemtray] C:\Program Files\Belgium Identity Card\beidsystemtray.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\Hewlett-Packard\\{5372B9A6-6E51-4f90-9B40-E0A3B8475C4E}\hphupd05.exe O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" O4 - HKLM\..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [nxpOEAPI] C:\Program Files\NXPowerLite\loadnxploeaddin.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [EEventManager] C:\PROGRA~1\Epson Software\Event Manager\EEventManager.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe" O4 - HKCU\..\Run: [Rainlendar2] C:\Program Files\Rainlendar2\Rainlendar2.exe O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" O4 - HKCU\..\Run: [EPSON SX210 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIFDE.EXE /FU "C:\WINDOWS\TEMP\E_SDFA8.tmp" /EF "HKCU" O4 - HKUS\S-1-5-21-2052111302-2147133873-839522115-1005\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Laude') O4 - HKUS\S-1-5-21-2052111302-2147133873-839522115-1005\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" (User 'Laude') O4 - HKUS\S-1-5-21-2052111302-2147133873-839522115-1005\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime (User 'Laude') O4 - HKUS\S-1-5-21-2052111302-2147133873-839522115-1005\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'Laude') O4 - HKUS\S-1-5-21-2052111302-2147133873-839522115-1005\..\Run: [sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" /systray /nologon (User 'Laude') O4 - HKUS\S-1-5-21-2052111302-2147133873-839522115-1007\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime (User 'Hannekesnest') O4 - HKUS\S-1-5-21-2052111302-2147133873-839522115-1007\..\RunOnce: [shockwave Updater] C:\WINDOWS\system32\Adobe\Shockwave 11\SwHelper_1103471.exe -Update -1103471 -"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB0.0; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30; .NET CLR 3.0.04506.648; InfoPath.1; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; OfficeLiveConnector.1.3; OfficeLivePatch.0.0)" -"http://plox.info/spelle/games/quadrijden.dcr" (User 'Hannekesnest') O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200 O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\Microsoft Office\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_2EC7709873947E87.dll/cmsidewiki.html O9 - Extra button: In weblog opnemen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &In weblog opnemen met Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\Microsoft Office\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http://www.google.be O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} (Image Uploader Control) - http://www.new2.foto.com/ImageUploader5.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1237761331812 O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1237761321000 O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab O16 - DPF: {CB50428B-657F-47DF-9B32-671F82AA73F7} (Photodex Presenter AX control) - http://www.photodex.com/pxplay.cab O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} (Windows Live Hotmail Photo Upload Tool) - http://gfx2.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab O20 - Winlogon Notify: cryptnet32 - cryptnet32.dll (file missing) O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe O23 - Service: Adobe Active File Monitor V6 (AdobeActiveFileMonitor6.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe O23 - Service: Mobiel Apple apparaat (Apple Mobile Device) - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Google Updateservice (gupdate1c98e04a0ad2bce) (gupdate1c98e04a0ad2bce) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: Kodak Camera Connection Software (KodakCCS) - Unknown owner - C:\WINDOWS\system32\drivers\KodakCCS.exe (file missing) O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Norton Ghost\Agent\VProSvc.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Sony Ericsson OMSI download service (OMSI download service) - Unknown owner - C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe O23 - Service: PCLEPCI - Pinnacle Systems GmbH - C:\WINDOWS\system32\drivers\pclepci.sys O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe -- Alvast bedankt voor de tips, heb ze meteen uitgevoerd! groetjes Eva
  7. evaa
    Hee, Ik heb al gemerkt dat ik niet het enige slachtoffer ben van die antimalware doctor, heb ook al m'n hijackthislogje klaar. Kan iemand me please helpen? Het wordt erger met de tijd en ik zou het jammer vinden te formatten. Hoe komt die rommel ook op m'n pc, ik surf al jaren zonder problemen met m'n windows firewall en eset nod 32 antivirus, kan het beter misschien? Hier is m'n logje: Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 18:46:55, on 17/06/2010 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Norton Ghost\Agent\VProSvc.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe C:\Program Files\CyberLink\Shared files\RichVideo.exe C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\RUNDLL32.EXE C:\WINDOWS\RTHDCPL.EXE C:\Program Files\Norton Ghost\Agent\VProTray.exe C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe C:\Program Files\Belgium Identity Card\beidsystemtray.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\WINDOWS\regx32.exe C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe C:\Program Files\HP\hpcoretech\hpcmpmgr.exe C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Logitech\MouseWare\system\em_exec.exe C:\Program Files\NXPowerLite\loadnxploeaddin.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\System32\regsvr32.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\RocketDock\RocketDock.exe C:\Program Files\Rainlendar2\Rainlendar2.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIFDE.EXE C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\WINDOWS\system32\winlogon.exe C:\PROGRA~1\Microsoft Office\OFFICE11\OUTLOOK.EXE C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE C:\Program Files\Microsoft\Office Live\OfficeLiveSignIn.exe C:\Program Files\HP\hpcoretech\comp\hptskmgr.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Windows Media Player\wmplayer.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Documents and Settings\Administrator\Local Settings\Application Data\Yahoo!\BrowserPlus\2.8.1\BrowserPlusCore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\WINDOWS\system32\msiexec.exe C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Skynet.be - LE portail belge – DE Belgische portaalsite! R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen R3 - URLSearchHook: LimewirePlus Toolbar - {47e161a0-f4ba-41dd-a17b-d2eb26ad6a02} - C:\Program Files\LimewirePlus\tbLime.dll O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: LimewirePlus Toolbar - {47e161a0-f4ba-41dd-a17b-d2eb26ad6a02} - C:\Program Files\LimewirePlus\tbLime.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Street-Ads Browser Enhancer notgqaju - {966586C1-B010-4974-98A8-2CE91617D3A0} - C:\WINDOWS\system32\notgqaju.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll O2 - BHO: voguecash browser enhancer - {B5D1CBEA-AE0C-08B5-A977-5D3826A4C8B3} - C:\WINDOWS\system32\gupeqvbalagreavc.dll O2 - BHO: Sky-Banners Browser Enhancer diwbjgjs - {C3CB6ACE-739A-4266-914C-7D443A5B9496} - C:\WINDOWS\system32\diwbjgjs.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll O3 - Toolbar: LimewirePlus Toolbar - {47e161a0-f4ba-41dd-a17b-d2eb26ad6a02} - C:\Program Files\LimewirePlus\tbLime.dll O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [Norton Ghost 12.0] "C:\Program Files\Norton Ghost\Agent\VProTray.exe" O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe O4 - HKLM\..\Run: [beidsystemtray] C:\Program Files\Belgium Identity Card\beidsystemtray.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [TrialReset] C:\WINDOWS\regx32.exe O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\Hewlett-Packard\\{5372B9A6-6E51-4f90-9B40-E0A3B8475C4E}\hphupd05.exe O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" O4 - HKLM\..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [nxpOEAPI] C:\Program Files\NXPowerLite\loadnxploeaddin.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [EEventManager] C:\PROGRA~1\Epson Software\Event Manager\EEventManager.exe O4 - HKLM\..\Run: [skb] rundll32 "diwbjgjs.dll",,Run O4 - HKLM\..\Run: [rcrplrxsfmlo] C:\WINDOWS\System32\regsvr32.exe /s "C:\WINDOWS\system32\gupeqvbalagreavc.dll" O4 - HKLM\..\Run: [MChk] C:\WINDOWS\system32\aalqkmcy.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe" O4 - HKCU\..\Run: [Rainlendar2] C:\Program Files\Rainlendar2\Rainlendar2.exe O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" O4 - HKCU\..\Run: [EPSON SX210 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIFDE.EXE /FU "C:\WINDOWS\TEMP\E_SDFA8.tmp" /EF "HKCU" O4 - HKCU\..\Run: [gotnewupdate000.exe] C:\Documents and Settings\Administrator\Application Data\214D89AC59196C94A55313D1B5865BD0\gotnewupdate000.exe O4 - HKCU\..\RunOnce: [shockwave Updater] C:\WINDOWS\system32\Adobe\Shockwave 11\SwHelper_1103471.exe -Update -1103471 -"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB6.3; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30; .NET CLR 3.0.04506.648; InfoPath.1; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; OfficeLiveConnector.1.3; OfficeLivePatch.0.0)" -"Steeplechase - Free Online Games and Free Action Games from Shockwave.com" O4 - HKUS\S-1-5-21-2052111302-2147133873-839522115-1005\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Laude') O4 - HKUS\S-1-5-21-2052111302-2147133873-839522115-1005\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" (User 'Laude') O4 - HKUS\S-1-5-21-2052111302-2147133873-839522115-1005\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime (User 'Laude') O4 - HKUS\S-1-5-21-2052111302-2147133873-839522115-1005\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'Laude') O4 - HKUS\S-1-5-21-2052111302-2147133873-839522115-1005\..\Run: [sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" /systray /nologon (User 'Laude') O4 - HKUS\S-1-5-21-2052111302-2147133873-839522115-1005\..\RunOnce: [shockwave Updater] C:\WINDOWS\system32\Adobe\Shockwave 11\SwHelper_1103471.exe -Update -1103471 -"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; GTB6.3; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30; .NET CLR 3.0.04506.648; InfoPath.1; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; OfficeLiveConnector.1.3; OfficeLivePatch.0.0)" -"myNewRoom2" (User 'Laude') O4 - Startup: Antimalware Doctor.lnk = C:\Documents and Settings\Administrator\Application Data\214D89AC59196C94A55313D1B5865BD0\gotnewupdate000.exe O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200 O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\Microsoft Office\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_2EC7709873947E87.dll/cmsidewiki.html O9 - Extra button: In weblog opnemen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &In weblog opnemen met Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\Microsoft Office\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe alvast bedankt voor de hulp! groetjes Eva
Logo

OVER ONS

PC Helpforum helpt GRATIS computergebruikers sinds juli 2006. Ons team geeft via het forum professioneel antwoord op uw vragen en probeert uw pc problemen zo snel mogelijk op te lossen. Word lid vandaag, plaats je vraag online en het PC Helpforum-team helpt u graag verder!

SITEMAP

×
×
  • Nieuwe aanmaken...

Belangrijke informatie

We hebben cookies geplaatst op je toestel om deze website voor jou beter te kunnen maken. Je kunt de cookie instellingen aanpassen, anders gaan we er van uit dat het goed is om verder te gaan.