Ga naar inhoud

cursor heeft eigen leven

diadan

Door diadan
in Archief Windows Algemeen

 Delen

Aanbevolen berichten

diadan Groentje

diadan

Geplaatst:
  • Auteur
Geplaatst:

ComboFix 09-12-26.04 - Danny 27/12/2009 10:12:23.1.4 - x86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.32.1043.18.3327.2714 [GMT 1:00]

Gestart vanuit: c:\documents and settings\Danny\Bureaublad\ComboFix.exe

AV: Spyware Doctor with AntiVirus *On-access scanning disabled* (Updated) {D3C23B96-C9DC-477F-8EF1-69AF17A6EFF6}

AV: Telenet Security Pack 9.01 *On-access scanning disabled* (Updated) {E7512ED5-4245-4B4D-AF3A-382D3F313F15}

FW: Telenet Security Pack 9.01 *disabled* {D4747503-0346-49EB-9262-997542F79BF4}

.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe

.

(((((((((((((((((((( Bestanden Gemaakt van 2009-11-27 to 2009-12-27 ))))))))))))))))))))))))))))))

.

2009-12-26 19:53 . 2009-12-26 19:53 -------- d-----w- c:\documents and settings\Danny\Application Data\Malwarebytes

2009-12-26 19:53 . 2009-12-03 15:14 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2009-12-26 19:53 . 2009-12-26 19:53 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2009-12-26 19:53 . 2009-12-26 19:53 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2009-12-26 19:53 . 2009-12-03 15:13 19160 ----a-w- c:\windows\system32\drivers\mbam.sys

2009-12-26 16:05 . 2009-12-26 16:16 -------- d-----w- c:\documents and settings\Danny\Local Settings\Application Data\albelli photo book creator Extra

2009-12-26 15:57 . 2009-12-26 16:05 -------- d-----w- c:\documents and settings\All Users\Application Data\albelli photo book creator Extra

2009-12-26 15:57 . 2009-12-26 15:57 -------- d-----w- c:\program files\albelli photo book creator Extra

2009-12-26 09:37 . 2009-12-26 09:37 -------- d-----w- c:\program files\Trend Micro

2009-12-25 08:55 . 2009-12-25 08:58 -------- dc-h--w- c:\windows\ie8

2009-11-28 17:25 . 2009-12-27 08:53 -------- d-----w- c:\documents and settings\Danny\Application Data\Canon Easy-WebPrint EX

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-12-27 09:08 . 2009-01-16 16:08 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP

2009-12-27 09:08 . 2009-01-16 16:08 -------- d-----w- c:\program files\Spyware Doctor

2009-12-27 08:24 . 2008-04-15 12:00 89266 ----a-w- c:\windows\system32\perfc013.dat

2009-12-27 08:24 . 2008-04-15 12:00 506040 ----a-w- c:\windows\system32\perfh013.dat

2009-12-26 10:07 . 2009-01-11 19:22 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater

2009-12-22 14:48 . 2009-01-16 16:19 -------- d-----w- c:\documents and settings\Danny\Application Data\F-Secure

2009-12-22 13:08 . 2008-12-30 11:17 -------- d-----w- c:\program files\Telenet Security Pack

2009-12-22 13:07 . 2008-12-30 11:25 33920 ----a-w- c:\windows\system32\drivers\fsbts.sys

2009-12-22 12:59 . 2008-12-30 11:17 -------- d-----w- c:\documents and settings\All Users\Application Data\fssg

2009-12-22 12:58 . 2009-04-25 18:23 -------- d-----w- c:\documents and settings\Danny\Application Data\Skype

2009-12-22 08:58 . 2009-04-25 18:25 -------- d-----w- c:\documents and settings\Danny\Application Data\skypePM

2009-12-19 15:39 . 2009-01-04 09:11 -------- d-----w- c:\documents and settings\Danny\Application Data\ZoomBrowser EX

2009-12-19 15:36 . 2009-01-04 09:02 -------- d-----w- c:\documents and settings\All Users\Application Data\ZoomBrowser

2009-12-19 08:24 . 2009-01-11 19:21 -------- d-----w- c:\program files\Google

2009-12-14 11:03 . 2008-12-30 16:08 -------- d-----w- c:\program files\Common Files\Adobe

2009-11-28 17:25 . 2009-01-02 13:19 -------- d-----w- c:\program files\Canon

2009-11-06 13:32 . 2009-11-06 13:32 -------- d-----w- c:\program files\FunnyGames

2009-11-06 13:32 . 2009-11-06 13:32 -------- d-----w- c:\documents and settings\Danny\Application Data\FunnyGames

2009-11-05 09:02 . 2009-01-16 11:41 -------- d-----w- c:\program files\Java

2009-11-05 08:58 . 2009-11-05 08:58 152576 ----a-w- c:\documents and settings\Danny\Application Data\Sun\Java\jre1.6.0_17\lzma.dll

2009-11-02 19:08 . 2009-06-05 15:50 -------- d-----w- c:\program files\myBabylon_English

2009-10-29 07:44 . 2008-04-15 12:00 916480 ----a-w- c:\windows\system32\wininet.dll

2009-10-21 05:40 . 2008-04-15 12:00 75776 ----a-w- c:\windows\system32\strmfilt.dll

2009-10-21 05:40 . 2008-04-15 12:00 25088 ----a-w- c:\windows\system32\httpapi.dll

2009-10-20 16:20 . 2008-04-15 12:00 265728 ----a-w- c:\windows\system32\drivers\http.sys

2009-10-13 10:38 . 2008-04-15 12:00 270848 ----a-w- c:\windows\system32\oakley.dll

2009-10-12 13:40 . 2008-04-15 12:00 79872 ----a-w- c:\windows\system32\raschap.dll

2009-10-12 13:40 . 2008-04-15 12:00 150016 ----a-w- c:\windows\system32\rastls.dll

2009-10-11 03:17 . 2009-01-16 11:41 411368 ----a-w- c:\windows\system32\deploytk.dll

2009-10-06 15:31 . 2009-05-19 17:49 87784 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys

2009-10-03 07:48 . 2008-12-30 11:02 18160 ----a-w- c:\documents and settings\Danny\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]

"{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}"= "c:\program files\myBabylon_English\tbmyB0.dll" [2009-11-02 2166296]

[HKEY_CLASSES_ROOT\clsid\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}]

2009-11-02 19:08 2166296 ----a-w- c:\program files\myBabylon_English\tbmyB0.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}"= "c:\program files\myBabylon_English\tbmyB0.dll" [2009-11-02 2166296]

[HKEY_CLASSES_ROOT\clsid\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]

"{B2E293EE-FD7E-4C71-A714-5F4750D8D7B7}"= "c:\program files\myBabylon_English\tbmyB0.dll" [2009-11-02 2166296]

[HKEY_CLASSES_ROOT\clsid\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Gadwin PrintScreen"="c:\program files\Gadwin Systems\PrintScreen\PrintScreen.exe" [2008-12-09 495616]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-01-11 39408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RTHDCPL"="RTHDCPL.EXE" [2008-07-16 16806400]

"Six Engine"="c:\program files\ASUS\Six Engine\SixEngine.exe" [2008-07-04 5968384]

"36X Raid Configurer"="c:\windows\system32\xRaidSetup.exe" [2007-11-19 1970176]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-04-11 13524992]

"nwiz"="nwiz.exe" [2008-04-11 1630208]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-04-11 86016]

"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 76304]

"F-Secure Manager"="c:\program files\Telenet Security Pack\Common\FSM32.EXE" [2009-08-05 199264]

"F-Secure TNB"="c:\program files\Telenet Security Pack\FSGUI\TNBUtil.exe" [2009-08-05 2349664]

"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2007-05-15 644696]

"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2007-04-04 1603152]

"JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2007-03-20 36864]

"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]

c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\

Logitech Desktop Messenger.lnk - c:\documents and settings\Danny\Mijn documenten\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2008-12-30 67128]

Logitech SetPoint.lnk - c:\documents and settings\Danny\Mijn documenten\SetPoint\SetPoint.exe [2009-1-30 805392]

Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [2000-1-21 65588]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]

2008-05-02 01:42 72208 ----a-w- c:\program files\Common Files\Logitech\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]

@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]

@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]

@=""

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]

2007-09-10 23:43 67488 ----a-w- c:\program files\Adobe\Photoshop Elements 6.0\apdproxy.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

2009-10-03 03:08 35696 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

2004-04-15 10:00 155648 ----a-r- c:\windows\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]

2009-06-02 09:56 24264488 ----a-r- c:\program files\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]

2009-01-11 19:22 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomTomHOME.exe]

2009-04-24 11:57 251240 ----a-w- c:\program files\TomTom HOME 2\TomTomHOMERunner.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"TomTomHOMEService"=2 (0x2)

"AdobeActiveFileMonitor6.0"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

"c:\\Documents and Settings\\Danny\\Mijn documenten\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=

"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R0 fsbts;fsbts;c:\windows\system32\drivers\fsbts.sys [30/12/2008 12:25 33920]

R0 FSFW;F-Secure Firewall Driver;c:\windows\system32\drivers\fsdfw.sys [30/12/2008 12:17 80000]

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [19/05/2009 18:49 207280]

R1 F-Secure HIPS;F-Secure HIPS Driver;c:\program files\Telenet Security Pack\HIPS\drivers\fshs.sys [30/12/2008 12:17 68064]

R3 F-Secure Gatekeeper;F-Secure Gatekeeper;c:\program files\Telenet Security Pack\Anti-Virus\minifilter\fsgk.sys [30/12/2008 12:17 107104]

S2 gupdate1c9d6c9f5bb8e90;Google Updateservice (gupdate1c9d6c9f5bb8e90);c:\program files\Google\Update\GoogleUpdate.exe [17/05/2009 9:31 133104]

S2 hpiusb;HP PhotoSmart C5101A - S20;c:\windows\system32\drivers\USBSCAN.SYS [2/01/2009 15:09 15104]

S3 FSORSPClient;F-Secure ORSP Client;c:\program files\Telenet Security Pack\ORSP Client\fsorsp.exe [30/12/2008 12:17 55936]

S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [16/01/2009 17:08 358600]

S4 F-Secure Filter;F-Secure File System Filter;c:\program files\Telenet Security Pack\Anti-Virus\win2k\fsfilter.sys [30/12/2008 12:17 39776]

S4 F-Secure Recognizer;F-Secure File System Recognizer;c:\program files\Telenet Security Pack\Anti-Virus\win2k\fsrec.sys [30/12/2008 12:17 25184]

S4 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [24/04/2009 12:57 92008]

--- Andere Services/Drivers In Geheugen ---

*Deregistered* - PCTSDInjDriver32

.

------- Bijkomende Scan -------

.

uStart Page = hxxp://www.google.be/

LSP: c:\program files\Telenet Security Pack\FSPS\program\FSLSP.DLL

Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\documents and settings\Danny\Mijn documenten\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll

.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover

Rootkit scan 2009-12-27 10:16

Windows 5.1.2600 Service Pack 3 NTFS

scannen van verborgen processen ...

scannen van verborgen autostart items ...

scannen van verborgen bestanden ...

Scan succesvol afgerond

verborgen bestanden: 0

**************************************************************************

.

--------------------- DLLs Geladen Onder Lopende Processen ---------------------

- - - - - - - > 'winlogon.exe'(760)

c:\program files\common files\logitech\bluetooth\LBTWlgn.dll

c:\program files\common files\logitech\bluetooth\LBTServ.dll

c:\program files\telenet security pack\hips\fshook32.dll

- - - - - - - > 'lsass.exe'(816)

c:\program files\Telenet Security Pack\FSPS\program\FSLSP.DLL

c:\program files\telenet security pack\hips\fshook32.dll

.

Voltooingstijd: 2009-12-27 10:17:12

ComboFix-quarantined-files.txt 2009-12-27 09:17

Pre-Run: 269.785.182.208 bytes beschikbaar

Post-Run: 270.322.438.144 bytes beschikbaar

WindowsXP-KB310994-SP2-Home-BootDisk-NLD.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

- - End Of File - - 4886E5CAEA7D96FBC8A87777B8CE06F1

Link naar reactie
Delen op andere sites
kape Grootmeester

kape

Geplaatst:
Geplaatst:

Open een kladblokbestand.

Kopieer en plak daarin de onderstaande vetgedrukte tekst.

Registry::

[-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]

[-HKEY_CLASSES_ROOT\clsid\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}]

[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

[-HKEY_CLASSES_ROOT\clsid\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}]

[-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]

[-HKEY_CLASSES_ROOT\clsid\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}]

Sla dit bestand op je bureaublad op als CFScript.txt.

Sleep CFScript.txt in ComboFix.exe

Dit zal ComboFix doen herstarten. Start opnieuw op als dat gevraagd wordt.

Post na herstart de inhoud van de Combofix.txt in je volgende bericht en laat even weten of je cursor nog een eigen leven leidt ?

Link naar reactie
Delen op andere sites
diadan Groentje

diadan

Geplaatst:
  • Auteur
Geplaatst:

Het probleem is niet opgelost. De cursor doet nog altijd vreemde sprongen in favorieten zoals voordien en enkel in favorieten, favorieten. Ik weet niet of ik iets verkeerd gedaan heb, want ik kreeg nogal vreemde berichten zoals:

- new update available,downloaden waarop ik nee heb geantwoord.

- NIRCMDC niet erkend als interne of externe opdracht, programma of batch.

Ik vraag me af of ik niet eerst het verkeerd bestand heb ingesleept (logbestand ?).

Na een nieuw kladbestand te hebben gemaakt is achteraf toch alles normaal verlopen. Hierna volgt het logbestand:

ComboFix 09-12-26.04 - Danny 28/12/2009 17:28:28.2.4 - x86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.32.1043.18.3327.2814 [GMT 1:00]

Gestart vanuit: c:\documents and settings\Danny\Bureaublad\ComboFix.exe

gebruikte Opdracht switches :: c:\documents and settings\Danny\Bureaublad\CFScript.txt

AV: Spyware Doctor with AntiVirus *On-access scanning disabled* (Updated) {D3C23B96-C9DC-477F-8EF1-69AF17A6EFF6}

AV: Telenet Security Pack 9.01 *On-access scanning disabled* (Updated) {E7512ED5-4245-4B4D-AF3A-382D3F313F15}

FW: Telenet Security Pack 9.01 *disabled* {D4747503-0346-49EB-9262-997542F79BF4}

.

(((((((((((((((((((( Bestanden Gemaakt van 2009-11-28 to 2009-12-28 ))))))))))))))))))))))))))))))

.

2009-12-26 19:53 . 2009-12-26 19:53 -------- d-----w- c:\documents and settings\Danny\Application Data\Malwarebytes

2009-12-26 19:53 . 2009-12-03 15:14 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2009-12-26 19:53 . 2009-12-26 19:53 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2009-12-26 19:53 . 2009-12-26 19:53 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2009-12-26 19:53 . 2009-12-03 15:13 19160 ----a-w- c:\windows\system32\drivers\mbam.sys

2009-12-26 16:05 . 2009-12-27 13:39 -------- d-----w- c:\documents and settings\Danny\Local Settings\Application Data\albelli photo book creator Extra

2009-12-26 15:57 . 2009-12-26 16:05 -------- d-----w- c:\documents and settings\All Users\Application Data\albelli photo book creator Extra

2009-12-26 15:57 . 2009-12-26 15:57 -------- d-----w- c:\program files\albelli photo book creator Extra

2009-12-26 09:37 . 2009-12-26 09:37 -------- d-----w- c:\program files\Trend Micro

2009-12-25 08:55 . 2009-12-25 08:58 -------- dc-h--w- c:\windows\ie8

2009-11-28 17:25 . 2009-12-27 08:53 -------- d-----w- c:\documents and settings\Danny\Application Data\Canon Easy-WebPrint EX

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-12-28 16:15 . 2009-01-16 16:08 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP

2009-12-28 16:15 . 2009-01-16 16:08 -------- d-----w- c:\program files\Spyware Doctor

2009-12-28 15:35 . 2008-04-15 12:00 89266 ----a-w- c:\windows\system32\perfc013.dat

2009-12-28 15:35 . 2008-04-15 12:00 506040 ----a-w- c:\windows\system32\perfh013.dat

2009-12-26 10:07 . 2009-01-11 19:22 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater

2009-12-22 14:48 . 2009-01-16 16:19 -------- d-----w- c:\documents and settings\Danny\Application Data\F-Secure

2009-12-22 13:08 . 2008-12-30 11:17 -------- d-----w- c:\program files\Telenet Security Pack

2009-12-22 13:07 . 2008-12-30 11:25 33920 ----a-w- c:\windows\system32\drivers\fsbts.sys

2009-12-22 12:59 . 2008-12-30 11:17 -------- d-----w- c:\documents and settings\All Users\Application Data\fssg

2009-12-22 12:58 . 2009-04-25 18:23 -------- d-----w- c:\documents and settings\Danny\Application Data\Skype

2009-12-22 08:58 . 2009-04-25 18:25 -------- d-----w- c:\documents and settings\Danny\Application Data\skypePM

2009-12-19 15:39 . 2009-01-04 09:11 -------- d-----w- c:\documents and settings\Danny\Application Data\ZoomBrowser EX

2009-12-19 15:36 . 2009-01-04 09:02 -------- d-----w- c:\documents and settings\All Users\Application Data\ZoomBrowser

2009-12-19 08:24 . 2009-01-11 19:21 -------- d-----w- c:\program files\Google

2009-12-14 11:03 . 2008-12-30 16:08 -------- d-----w- c:\program files\Common Files\Adobe

2009-11-28 17:25 . 2009-01-02 13:19 -------- d-----w- c:\program files\Canon

2009-11-06 13:32 . 2009-11-06 13:32 -------- d-----w- c:\program files\FunnyGames

2009-11-06 13:32 . 2009-11-06 13:32 -------- d-----w- c:\documents and settings\Danny\Application Data\FunnyGames

2009-11-05 09:02 . 2009-01-16 11:41 -------- d-----w- c:\program files\Java

2009-11-05 08:58 . 2009-11-05 08:58 152576 ----a-w- c:\documents and settings\Danny\Application Data\Sun\Java\jre1.6.0_17\lzma.dll

2009-11-02 19:08 . 2009-06-05 15:50 -------- d-----w- c:\program files\myBabylon_English

2009-10-29 07:44 . 2008-04-15 12:00 916480 ------w- c:\windows\system32\wininet.dll

2009-10-21 05:40 . 2008-04-15 12:00 75776 ----a-w- c:\windows\system32\strmfilt.dll

2009-10-21 05:40 . 2008-04-15 12:00 25088 ----a-w- c:\windows\system32\httpapi.dll

2009-10-20 16:20 . 2008-04-15 12:00 265728 ----a-w- c:\windows\system32\drivers\http.sys

2009-10-13 10:38 . 2008-04-15 12:00 270848 ----a-w- c:\windows\system32\oakley.dll

2009-10-12 13:40 . 2008-04-15 12:00 79872 ----a-w- c:\windows\system32\raschap.dll

2009-10-12 13:40 . 2008-04-15 12:00 150016 ----a-w- c:\windows\system32\rastls.dll

2009-10-11 03:17 . 2009-01-16 11:41 411368 ----a-w- c:\windows\system32\deploytk.dll

2009-10-06 15:31 . 2009-05-19 17:49 87784 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys

2009-10-03 07:48 . 2008-12-30 11:02 18160 ----a-w- c:\documents and settings\Danny\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

.

((((((((((((((((((((((((((((( SnapShot@2009-12-27_09.16.07 )))))))))))))))))))))))))))))))))))))))))

.

+ 2009-12-28 15:31 . 2009-12-28 15:31 16384 c:\windows\Temp\Perflib_Perfdata_49c.dat

+ 2008-04-15 12:00 . 2009-12-28 15:35 70556 c:\windows\system32\perfc009.dat

- 2008-04-15 12:00 . 2009-12-27 08:24 70556 c:\windows\system32\perfc009.dat

+ 2008-04-15 12:00 . 2009-12-28 15:35 439484 c:\windows\system32\perfh009.dat

- 2008-04-15 12:00 . 2009-12-27 08:24 439484 c:\windows\system32\perfh009.dat

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Gadwin PrintScreen"="c:\program files\Gadwin Systems\PrintScreen\PrintScreen.exe" [2008-12-09 495616]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-01-11 39408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RTHDCPL"="RTHDCPL.EXE" [2008-07-16 16806400]

"Six Engine"="c:\program files\ASUS\Six Engine\SixEngine.exe" [2008-07-04 5968384]

"36X Raid Configurer"="c:\windows\system32\xRaidSetup.exe" [2007-11-19 1970176]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-04-11 13524992]

"nwiz"="nwiz.exe" [2008-04-11 1630208]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-04-11 86016]

"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 76304]

"F-Secure Manager"="c:\program files\Telenet Security Pack\Common\FSM32.EXE" [2009-08-05 199264]

"F-Secure TNB"="c:\program files\Telenet Security Pack\FSGUI\TNBUtil.exe" [2009-08-05 2349664]

"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2007-05-15 644696]

"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2007-04-04 1603152]

"JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2007-03-20 36864]

"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]

c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\

Logitech Desktop Messenger.lnk - c:\documents and settings\Danny\Mijn documenten\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2008-12-30 67128]

Logitech SetPoint.lnk - c:\documents and settings\Danny\Mijn documenten\SetPoint\SetPoint.exe [2009-1-30 805392]

Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [2000-1-21 65588]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]

2008-05-02 01:42 72208 ----a-w- c:\program files\Common Files\Logitech\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]

@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]

@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]

@=""

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]

2007-09-10 23:43 67488 ----a-w- c:\program files\Adobe\Photoshop Elements 6.0\apdproxy.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

2009-10-03 03:08 35696 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

2004-04-15 10:00 155648 ----a-r- c:\windows\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]

2009-06-02 09:56 24264488 ----a-r- c:\program files\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]

2009-01-11 19:22 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomTomHOME.exe]

2009-04-24 11:57 251240 ----a-w- c:\program files\TomTom HOME 2\TomTomHOMERunner.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"TomTomHOMEService"=2 (0x2)

"AdobeActiveFileMonitor6.0"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

"c:\\Documents and Settings\\Danny\\Mijn documenten\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=

"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R0 fsbts;fsbts;c:\windows\system32\drivers\fsbts.sys [30/12/2008 12:25 33920]

R0 FSFW;F-Secure Firewall Driver;c:\windows\system32\drivers\fsdfw.sys [30/12/2008 12:17 80000]

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [19/05/2009 18:49 207280]

R1 F-Secure HIPS;F-Secure HIPS Driver;c:\program files\Telenet Security Pack\HIPS\drivers\fshs.sys [30/12/2008 12:17 68064]

R3 F-Secure Gatekeeper;F-Secure Gatekeeper;c:\program files\Telenet Security Pack\Anti-Virus\minifilter\fsgk.sys [30/12/2008 12:17 107104]

S2 gupdate1c9d6c9f5bb8e90;Google Updateservice (gupdate1c9d6c9f5bb8e90);c:\program files\Google\Update\GoogleUpdate.exe [17/05/2009 9:31 133104]

S2 hpiusb;HP PhotoSmart C5101A - S20;c:\windows\system32\drivers\USBSCAN.SYS [2/01/2009 15:09 15104]

S3 FSORSPClient;F-Secure ORSP Client;c:\program files\Telenet Security Pack\ORSP Client\fsorsp.exe [30/12/2008 12:17 55936]

S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [16/01/2009 17:08 358600]

S4 F-Secure Filter;F-Secure File System Filter;c:\program files\Telenet Security Pack\Anti-Virus\win2k\fsfilter.sys [30/12/2008 12:17 39776]

S4 F-Secure Recognizer;F-Secure File System Recognizer;c:\program files\Telenet Security Pack\Anti-Virus\win2k\fsrec.sys [30/12/2008 12:17 25184]

S4 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [24/04/2009 12:57 92008]

--- Andere Services/Drivers In Geheugen ---

*Deregistered* - PCTSDInjDriver32

.

------- Bijkomende Scan -------

.

uStart Page = hxxp://www.google.be/

LSP: c:\program files\Telenet Security Pack\FSPS\program\FSLSP.DLL

Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\documents and settings\Danny\Mijn documenten\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll

.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover

Rootkit scan 2009-12-28 17:33

Windows 5.1.2600 Service Pack 3 NTFS

scannen van verborgen processen ...

scannen van verborgen autostart items ...

scannen van verborgen bestanden ...

Scan succesvol afgerond

verborgen bestanden: 0

**************************************************************************

.

--------------------- DLLs Geladen Onder Lopende Processen ---------------------

- - - - - - - > 'winlogon.exe'(760)

c:\program files\common files\logitech\bluetooth\LBTWlgn.dll

c:\program files\common files\logitech\bluetooth\LBTServ.dll

c:\program files\telenet security pack\hips\fshook32.dll

- - - - - - - > 'lsass.exe'(816)

c:\program files\Telenet Security Pack\FSPS\program\FSLSP.DLL

c:\program files\telenet security pack\hips\fshook32.dll

- - - - - - - > 'explorer.exe'(2784)

c:\documents and settings\Danny\Mijn documenten\SetPoint\lgscroll.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

Voltooingstijd: 2009-12-28 17:34:10

ComboFix-quarantined-files.txt 2009-12-28 16:34

ComboFix2.txt 2009-12-27 09:17

Pre-Run: 270.047.453.184 bytes beschikbaar

Post-Run: 270.279.225.344 bytes beschikbaar

- - End Of File - - 569A7DB794C29089E546652A4FA2F63E

Link naar reactie
Delen op andere sites
diadan Groentje

diadan

Geplaatst:
  • Auteur
Geplaatst:

Ik ben blij dat het niet te wijten is aan malware of een virus, en ik heb ook 2 valabele alternatieven van jullie gekregen om mijn favorieten genoeglijk te gebruiken, wat ik nu reeds ten volle doe. Ik zou hier het onderwerp willen afsluiten, maar niet zonder jullie te bedanken voor zoveel inzet en volharding in zo'n korte tijd. Nog een prettig eindejaar toegewenst en het allerbeste voor 2010.

Diadan.

Link naar reactie
Delen op andere sites
Gast
Dit topic is nu gesloten voor nieuwe reacties.
 Delen
Ga naar topic overzicht
Logo

OVER ONS

PC Helpforum helpt GRATIS computergebruikers sinds juli 2006. Ons team geeft via het forum professioneel antwoord op uw vragen en probeert uw pc problemen zo snel mogelijk op te lossen. Word lid vandaag, plaats je vraag online en het PC Helpforum-team helpt u graag verder!

SITEMAP

×
×
  • Nieuwe aanmaken...

Belangrijke informatie

We hebben cookies geplaatst op je toestel om deze website voor jou beter te kunnen maken. Je kunt de cookie instellingen aanpassen, anders gaan we er van uit dat het goed is om verder te gaan.