Mijn internet is traag.

Jean-Pierre · 16 mei 2010

Probeer deze Java link eens.

Lode1964 · 16 mei 2010

Hier eindelijk mijn volgende logs.

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 17:30:11, on 16/5/2553

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe

C:\Program Files\Alwil Software\Avast4\ashServ.exe

C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

C:\Program Files\Visual+\PowerMenu\PowerMenu.exe

C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\FolderSize\FolderSizeSvc.exe

C:\Program Files\Common Files\LightScribe\LSSrvc.exe

C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe

C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe

C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\lxdvserv.exe

C:\WINDOWS\system32\lxdvcoms.exe

C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe

C:\WINDOWS\system32\IoctlSvc.exe

C:\Program Files\CyberLink\Shared files\RichVideo.exe

C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe

C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe

C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe

C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe

C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\Program Files\Windows Live\Contacts\wlcomm.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll

O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll

O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll

O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32

O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC

O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName

O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [PowerMenu] C:\Program Files\Visual+\PowerMenu\PowerMenu.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

O4 - HKLM\..\RunOnce: [wextract_cleanup0] rundll32.exe C:\WINDOWS\system32\advpack.dll,DelNodeRunDLL32 "C:\DOCUME~1\admin\LOCALS~1\Temp\IXP000.TMP\"

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-18\..\Run: [LClock] C:\Program Files\LClock\LClock.exe (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [LClock] C:\Program Files\LClock\LClock.exe (User 'Default user')

O8 - Extra context menu item: Add to AMV/AVI Video Converter... - C:\Program Files\Media Player Utilities 4.21\AMVConverter\grab.html

O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000

O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll

O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll

O20 - Winlogon Notify: Antiwpa - antiwpa.dll (file missing)

O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll

O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX? - C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe

O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: Folder Size (FolderSize) - Brio - C:\Program Files\FolderSize\FolderSizeSvc.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe

O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe

O23 - Service: lxdvCATSCustConnectService - Lexmark International, Inc. - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxdvserv.exe

O23 - Service: lxdv_device - - C:\WINDOWS\system32\lxdvcoms.exe

O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe

O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe

O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

O23 - Service: TomTomHOMEService - TomTom - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe

O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe

O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe

O23 - Service: UPnPService - Magix AG - C:\Program Files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe

--

End of file - 11073 bytes

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org

Databaseversie: 4052

Windows 5.1.2600 Service Pack 2

Internet Explorer 8.0.6001.18702

16/5/2553 17:27:02

mbam-log-2010-05-16 (17-27-02).txt

Scantype: Snelle scan

Objecten gescand: 142957

Verstreken tijd: 8 minuut/minuten, 36 seconde(n)

Geheugenprocessen ge๏nfecteerd: 0

Geheugenmodulen ge๏nfecteerd: 0

Registersleutels ge๏nfecteerd: 0

Registerwaarden ge๏nfecteerd: 0

Registerdata ge๏nfecteerd: 0

Mappen ge๏nfecteerd: 0

Bestanden ge๏nfecteerd: 0

Geheugenprocessen ge๏nfecteerd:

(Geen kwaadaardige objecten gedetecteerd)

Geheugenmodulen ge๏nfecteerd:

(Geen kwaadaardige objecten gedetecteerd)

Registersleutels ge๏nfecteerd:

(Geen kwaadaardige objecten gedetecteerd)

Registerwaarden ge๏nfecteerd:

(Geen kwaadaardige objecten gedetecteerd)

Registerdata ge๏nfecteerd:

(Geen kwaadaardige objecten gedetecteerd)

Mappen ge๏nfecteerd:

(Geen kwaadaardige objecten gedetecteerd)

Bestanden ge๏nfecteerd:

(Geen kwaadaardige objecten gedetecteerd)

er is nog geen verbetering merkbaar. Moest dat al?

Lode1964 · 16 mei 2010

Last Result:

Download Speed: 120 kbps (15 KB/sec transfer rate)

Upload Speed: 81 kbps (10.1 KB/sec transfer rate)

Latency: 3010 ms

16 พฤษภาคม 2553 17:46:27

kape · 16 mei 2010

Download Combofix naar je Bureaublad.

Lees hier meer over correct gebruik van Combofix.

OPMERKING: indien je, tijdens of na het downloaden van Combofix of tijdens het gebruik van Combofix een melding krijgt van je Antivirus- of een andere realtime scanner, schakel dan deze scanner uit en download Combofix opnieuw.

Sommige scanners zien bepaalde componenten die Combofix gebruikt als verdacht en gaan deze blokkeren of verwijderen!

Dubbelklik op Combofix.exe om het te starten.
Indien je Combofix al eerder hebt gebruikt, kan je een waarschuwing krijgen dat een update beschikbaar is. Sta toe dat ComboFix wordt geupdate.
Volg de instructies, aanvaard de disclaimer door op Ja te klikken.
Indien de Recovery Console niet geïnstalleerd is, wordt je gevraagd om dit alsnog te doen door op JA te klikken in het "Query - Recovery Console" venster (enkel voor XP, niet voor VISTA).
Klik op OK en Ja om automatisch de Recovery Console te laten installeren.
Klik na afloop terug op Ja om het scannen op malware te starten.
Tijdens het runnen van de fix, NIET in het venster klikken, want dit zal je pc doen vasthangen.

Wanneer de fix voltooid is en na herstart, zal de log Combofix.txt openen.

Post dit logje in je volgende antwoord.

Lode1964 · 16 mei 2010

Ik heb vrijdag nog die combofix laten lopen maar de recovery loopt ook vast net zoals ik bijna 20 uur heb gewacht voor die java binnen was. Is dat van essetieel belang of kan hij ook zo lopen?

kape · 16 mei 2010

Ik heb vrijdag nog die combofix laten lopen maar de recovery loopt ook vast net zoals ik bijna 20 uur heb gewacht voor die java binnen was. Is dat van essetieel belang of kan hij ook zo lopen?

Heeft die run van Combofix een logje opgeleverd of helemaal niets ? Zo ja, hang het dan even in je volgende bericht.

Lode1964 · 17 mei 2010

Gelukt zie hieronder

ComboFix 10-05-15.03 - admin 05/17/2010 2:37.2.1 - x86

Microsoft Windows XP Professional 5.1.2600.2.874.66.1033.18.1023.534 [GMT 2:00]

Running from: c:\documents and settings\admin\My Documents\Downloads\ComboFix.exe

AV: avast! antivirus 4.8.1368 [VPS 100516-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\windows\TEMP\logishrd\LVPrcInj01.dll

.

((((((((((((((((((((((((( Files Created from 2010-04-17 to 2010-05-17 )))))))))))))))))))))))))))))))

.

2010-05-16 15:07 . 2010-05-16 15:07 -------- d-----w- c:\program files\Common Files\Java

2010-05-16 15:06 . 2010-05-16 15:06 411368 ----a-w- c:\windows\system32\deployJava1.dll

2010-05-15 13:18 . 2010-05-15 13:18 -------- d-----w- c:\program files\Trend Micro

2010-05-14 12:06 . 2009-02-01 21:44 60416 ----a-w- c:\windows\system32\antiwpa.dll

2010-05-13 14:02 . 2010-05-13 14:02 -------- d-----w- c:\documents and settings\admin\Application Data\Malwarebytes

2010-05-13 14:02 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-05-13 14:02 . 2010-05-13 14:02 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2010-05-13 14:02 . 2010-05-13 14:02 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-05-13 14:02 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-05-12 23:36 . 2010-05-12 23:36 -------- d-sh--w- c:\windows\system32\config\systemprofile\PrivacIE

2010-05-09 15:16 . 2010-05-09 22:25 -------- d-----w- c:\program files\Logia

2010-05-09 15:16 . 2010-05-09 15:16 -------- d-----w- c:\documents and settings\admin\Application Data\Logia

2010-04-28 14:29 . 2010-02-12 10:03 293376 ------w- c:\windows\system32\browserchoice.exe

2010-04-22 15:33 . 2009-10-30 13:08 29512 ----a-w- c:\windows\system32\TURegOpt.exe

2010-04-22 15:33 . 2009-10-30 13:01 30024 ----a-w- c:\windows\system32\uxtuneup.dll

2010-04-22 15:32 . 2010-04-22 15:33 -------- d-----w- c:\program files\TuneUp Utilities 2010

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-05-17 00:46 . 2009-12-14 20:10 -------- d-----w- c:\program files\Common Files\Akamai

2010-05-16 15:09 . 2010-05-16 15:09 503808 ----a-w- c:\documents and settings\admin\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-4153526f-n\msvcp71.dll

2010-05-16 15:09 . 2010-05-16 15:09 499712 ----a-w- c:\documents and settings\admin\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-4153526f-n\jmc.dll

2010-05-16 15:09 . 2010-05-16 15:09 348160 ----a-w- c:\documents and settings\admin\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-4153526f-n\msvcr71.dll

2010-05-16 15:08 . 2010-05-16 15:08 61440 ----a-w- c:\documents and settings\admin\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-71c00fa9-n\decora-sse.dll

2010-05-16 15:08 . 2010-05-16 15:08 12800 ----a-w- c:\documents and settings\admin\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-71c00fa9-n\decora-d3d.dll

2010-05-16 15:05 . 2009-02-14 04:28 -------- d-----w- c:\program files\Java

2010-05-15 13:18 . 2010-05-15 13:18 388096 ----a-r- c:\documents and settings\admin\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2010-05-15 09:26 . 2009-06-01 10:44 -------- d-----w- c:\program files\Google

2010-05-13 23:18 . 2009-03-10 15:27 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help

2010-05-12 22:55 . 2010-03-10 06:11 439816 ----a-w- c:\documents and settings\admin\Application Data\Real\Update\setup3.10\setup.exe

2010-05-07 00:18 . 2009-05-27 00:36 -------- d-----w- c:\program files\Soulseek

2010-05-02 16:18 . 2009-07-13 13:11 15880 ----a-w- c:\windows\system32\lsdelete.exe

2010-05-02 09:36 . 2009-09-11 14:27 0 ----a-w- c:\windows\system32\drivers\logiflt.iad

2010-05-01 20:11 . 2009-02-14 04:29 -------- d-----w- c:\program files\Common Files\Adobe

2010-04-30 06:41 . 2009-09-11 14:27 0 ----a-w- c:\windows\system32\drivers\lvuvc.hs

2010-04-22 15:57 . 2009-10-25 00:48 -------- d-----w- c:\program files\SpokenThai_2.5

2010-04-03 22:02 . 2010-02-07 11:16 -------- d-----w- c:\program files\IrfanView

2010-03-28 08:58 . 2010-03-28 08:57 -------- d-----w- c:\program files\myBabylon_English4

2010-03-28 08:57 . 2010-03-28 08:57 -------- d-----w- c:\program files\Conduit

2010-03-22 00:30 . 2010-03-22 00:30 20850160 ----a-w- c:\documents and settings\admin\Application Data\Real\Update\setup3.10\rp\RealPlayerSPGold.exe

2010-03-13 15:55 . 2010-03-13 15:55 8405312 ----a-w- c:\documents and settings\admin\Application Data\Real\Update\setup3.10\gtb\GOOGLE_TOOLBAR\GoogleToolbarInstaller.exe

2010-03-13 15:55 . 2010-03-13 15:55 149000 ----a-w- c:\documents and settings\admin\Application Data\Real\Update\setup3.10\chr_helper\LaunchHelper.exe

2010-03-13 15:54 . 2010-03-13 15:54 79368 ----a-w- c:\documents and settings\admin\Application Data\Real\Update\setup3.10\RUP\vista.exe

2010-03-13 15:54 . 2010-03-13 15:54 64000 ----a-w- c:\documents and settings\admin\Application Data\Real\Update\setup3.10\RUP\inst_config\gcapi_dll.dll

2010-03-13 15:54 . 2010-03-13 15:54 52288 ----a-w- c:\documents and settings\admin\Application Data\Real\Update\setup3.10\RUP\inst_config\gtapi.dll

2010-03-13 15:54 . 2010-03-13 15:54 50688 ----a-w- c:\documents and settings\admin\Application Data\Real\Update\setup3.10\RUP\inst_config\fftbapi.dll

2010-03-13 15:54 . 2010-03-13 15:54 49152 ----a-w- c:\documents and settings\admin\Application Data\Real\Update\setup3.10\RUP\inst_config\CarboniteCompatibility.dll

2010-03-13 15:54 . 2010-03-13 15:54 118784 ----a-w- c:\documents and settings\admin\Application Data\Real\Update\setup3.10\RUP\inst_config\compat.dll

2010-03-10 06:15 . 2008-02-27 17:38 420352 ----a-w- c:\windows\system32\vbscript.dll

2010-02-25 06:24 . 2008-02-27 17:38 916480 ----a-w- c:\windows\system32\wininet.dll

2010-02-24 12:48 . 2009-03-09 06:53 457216 ----a-w- c:\windows\system32\drivers\mrxsmb.sys

2010-02-20 12:35 . 2009-10-28 17:20 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys

2010-02-19 23:47 . 2010-02-19 23:47 3604480 ----a-w- c:\windows\system32\GPhotos.scr

2010-02-17 13:07 . 2009-04-29 16:13 86144 ----a-w- c:\documents and settings\admin\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

2010-02-17 09:57 . 2009-03-09 06:53 2063744 ----a-w- c:\windows\system32\ntkrnlpa.exe

2010-02-16 17:37 . 2009-03-09 06:53 2186880 ----a-w- c:\windows\system32\ntoskrnl.exe

2008-02-02 10:07 . 2009-02-14 04:28 67696 ----a-w- c:\program files\mozilla firefox\components\jar50.dll

2008-02-02 10:07 . 2009-02-14 04:28 54376 ----a-w- c:\program files\mozilla firefox\components\jsd3250.dll

2008-02-02 10:07 . 2009-02-14 04:28 34952 ----a-w- c:\program files\mozilla firefox\components\myspell.dll

2008-02-02 10:07 . 2009-02-14 04:28 46720 ----a-w- c:\program files\mozilla firefox\components\spellchk.dll

2008-02-02 10:07 . 2009-02-14 04:28 172144 ----a-w- c:\program files\mozilla firefox\components\xpinstal.dll

2006-05-03 10:06 . 2010-01-27 09:27 163328 --sh--r- c:\windows\system32\flvDX.dll

2007-02-21 11:47 . 2010-01-27 09:27 31232 --sh--r- c:\windows\system32\msfDX.dll

2008-03-16 13:30 . 2010-01-27 09:27 216064 --sh--r- c:\windows\system32\nbDX.dll

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]

"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-06-02 68856]

"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-02-27 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2008-02-27 208952]

"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-02-27 455168]

"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-02-27 455168]

"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000]

"PowerMenu"="c:\program files\Visual+\PowerMenu\PowerMenu.exe" [2002-12-20 57344]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

"wextract_cleanup0"="c:\windows\system32\advpack.dll" [2009-03-08 128512]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"LClock"="c:\program files\LClock\LClock.exe" [2004-09-19 65536]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

"NoResolveTrack"= 1 (0x1)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]

"ForceClassicControlPanel"= 1 (0x1)

"NoResolveTrack"= 1 (0x1)

"NoSMHelp"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Antiwpa]

[bU]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dimsntfy]

[bU]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]

@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]

"TomTomHOME.exe"="c:\program files\TomTom HOME 2\TomTomHOMERunner.exe"

"LiveSearchNotification"="c:\documents and settings\admin\Application Data\Techno Design IP\LiveSearch Notification.exe"

"VoipBuster"="c:\program files\VoipBuster.com\VoipBuster\VoipBuster.exe" -nosplash -minimized

"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" /background

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

"Sidebar"=c:\program files\Windows Sidebar\sidebar.exe /autoRun

"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray

"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020

"LClock"=c:\program files\LClock\lclock.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_04\bin\jusched.exe"

"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe"

"UnlockerAssistant"=c:\program files\Unlocker\UnlockerAssistant.exe -H

"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" -osboot

"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe"

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime

"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe"

"NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"

"NeroFilterCheck"=c:\program files\Common Files\Nero\Lib\NeroCheck.exe

"SoundMan"=SOUNDMAN.EXE

"LogitechCommunicationsManager"="c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"

"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin

"NokiaMServer"=c:\program files\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles startup

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

"c:\\WINDOWS\\system32\\dpvsetup.exe"=

"c:\\Program Files\\VoipBuster.com\\VoipBuster\\VoipBuster.exe"=

"c:\\Program Files\\LimeWire\\LimeWire.exe"=

"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=

"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=

"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=

"c:\\Program Files\\Soulseek\\slsk.exe"=

"c:\\Program Files\\Camfrog\\Camfrog Video Chat\\Camfrog Video Chat.exe"=

"c:\\PlayPark\\T3Entertainment\\AuditionTH\\patcher.exe"=

"c:\\Program Files\\Lexmark X5400 Series\\lxdvamon.exe"=

"c:\\Program Files\\Lexmark X5400 Series\\frun.exe"=

"c:\\Program Files\\Abbyy FineReader 6.0 Sprint\\Scan\\ScanMan6.exe"=

"c:\\Program Files\\Lexmark X5400 Series\\lxdvmon.exe"=

"c:\\WINDOWS\\system32\\lxdvcoms.exe"=

"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdvpswx.exe"=

"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdvtime.exe"=

"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdvjswx.exe"=

"c:\\Program Files\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"=

"c:\\Program Files\\Common Files\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=

"c:\\Program Files\\Lexmark X5400 Series\\LXDVFax.exe"=

"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdvwbgw.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=

"c:\\Program Files\\VoipDiscount.com\\VoipDiscount\\VoipDiscount.exe"=

"c:\\Program Files\\VoipCheapCom\\VoipCheapCom.exe"=

"c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"5353:TCP"= 5353:TCP:Adobe CSI CS4

"1041:TCP"= 1041:TCP:Akamai NetSession Interface

"5000:UDP"= 5000:UDP:Akamai NetSession Interface

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [13/7/2552 14:30 64288]

R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [14/2/2552 6:18 716272]

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [27/5/2552 20:40 114768]

R2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe -k Akamai [27/2/2551 19:38 14336]

R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [27/5/2552 20:40 20560]

R3 als4k;Avance Audio Miniport Driver (WDM);c:\windows\system32\drivers\als4000.sys [24/2/2552 18:02 28919]

R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys [14/10/2552 7:24 10064]

S1 ctredr15.sys;ctredr15.sys;\??\c:\windows\system32\drivers\ctredr15.sys --> c:\windows\system32\drivers\ctredr15.sys [?]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

Akamai REG_MULTI_SZ Akamai

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs

UxTuneUp

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]

2008-06-09 08:14 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe

.

Contents of the 'Scheduled Tasks' folder

2010-05-17 c:\windows\Tasks\Ad-Aware Update (Weekly).job

- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-02-04 16:25]

2010-05-17 c:\windows\Tasks\Automatic troubleshooting.job

- c:\program files\TuneUp Utilities 2010\TuneUpSystemStatusCheck.exe [2009-10-30 13:12]

2010-05-17 c:\windows\Tasks\Google Software Updater.job

- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-06-02 16:01]

2010-05-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-08-11 16:02]

2010-05-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-08-11 16:02]

2010-05-17 c:\windows\Tasks\OGALogon.job

- c:\windows\system32\OGAEXEC.exe [2009-08-03 13:07]

2010-05-17 c:\windows\Tasks\User_Feed_Synchronization-{04E240AA-201B-45E4-BA8C-2C90761805FA}.job

- c:\windows\system32\msfeedssync.exe [2009-02-14 02:31]

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.be/

uSearchURL,(Default) = hxxp://www.google.com/keyword/%s

IE: Add to AMV/AVI Video Converter... - c:\program files\Media Player Utilities 4.21\AMVConverter\grab.html

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000

FF - ProfilePath - c:\documents and settings\admin\Application Data\Mozilla\Firefox\Profiles\c74v5q0e.default\

FF - prefs.js: browser.search.defaulturl - hxxp://isearch.babylon.com/web/{searchTerms}?babsrc=browsersearch

FF - prefs.js: browser.search.selectedEngine - Search the web (Babylon)

FF - prefs.js: browser.startup.homepage - hxxp://isearch.babylon.com/home

FF - prefs.js: keyword.URL - hxxp://search.sweetim.com/search.asp?src=2&q=

FF - component: c:\program files\Mozilla Firefox\components\xpinstal.dll

FF - component: c:\program files\Mozilla Firefox\extensions\talkback@mozilla.org\components\qfaservices.dll

FF - component: c:\program files\Real\RealPlayer\browserrecord\components\nprpbrowserrecordplugin.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----

FF - user.js: network.http.max-persistent-connections-per-server - 4

FF - user.js: nglayout.initialpaint.delay - 600

FF - user.js: content.notify.interval - 600000

FF - user.js: content.max.tokenizing.time - 1800000

FF - user.js: content.switch.threshold - 600000

.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover

Rootkit scan 2010-05-17 02:46

Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, GMER - Rootkit Detector and Remover

device: opened successfully

user: MBR read successfully

called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x86DD81F8]<<

kernel: MBR read successfully

detected MBR rootkit hooks:

\Driver\Disk -> CLASSPNP.SYS @ 0xf7660f10

\Driver\ACPI -> ACPI.sys @ 0xf73decb8

\Driver\atapi -> 0x86dd81f8

IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x80578cb6

ParseProcedure -> ntkrnlpa.exe @ 0x80577918

\Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x80578cb6

ParseProcedure -> ntkrnlpa.exe @ 0x80577918

NDIS: Realtek RTL8139/810x Family Fast Ethernet NIC -> SendCompleteHandler -> NDIS.sys @ 0xf724cba0

PacketIndicateHandler -> NDIS.sys @ 0xf7259b21

SendHandler -> NDIS.sys @ 0xf723787b

Warning: possible MBR rootkit infection !

user & kernel MBR OK

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1772)

c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll

- - - - - - - > 'explorer.exe'(5912)

c:\windows\system32\WININET.dll

c:\program files\Visual+\PowerMenu\PowerMenuHook.dll

c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\program files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll

c:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL

c:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_dut.nlr

c:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll

.

------------------------ Other Running Processes ------------------------

.

c:\program files\Alwil Software\Avast4\aswUpdSv.exe

c:\program files\Lavasoft\Ad-Aware\AAWService.exe

c:\program files\Alwil Software\Avast4\ashServ.exe

c:\windows\system32\WgaTray.exe

c:\program files\FolderSize\FolderSizeSvc.exe

c:\program files\Java\jre6\bin\jqs.exe

c:\program files\Common Files\LightScribe\LSSrvc.exe

c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe

c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe

c:\windows\System32\spool\DRIVERS\W32X86\3\lxdvserv.exe

c:\windows\system32\lxdvcoms.exe

c:\program files\Nero\Nero8\Nero BackItUp\NBService.exe

c:\windows\system32\IoctlSvc.exe

c:\program files\CyberLink\Shared files\RichVideo.exe

c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

c:\program files\TomTom HOME 2\TomTomHOMEService.exe

c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe

c:\program files\Alwil Software\Avast4\ashMaiSv.exe

c:\windows\system32\wbem\unsecapp.exe

c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe

c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe

c:\program files\Alwil Software\Avast4\ashWebSv.exe

c:\program files\Lavasoft\Ad-Aware\AAWTray.exe

.

**************************************************************************

.

Completion time: 2010-05-17 02:54:53 - machine was rebooted

ComboFix-quarantined-files.txt 2010-05-17 00:54

ComboFix2.txt 2010-05-14 11:46

Pre-Run: 53,628,796,928 bytes free

Post-Run: 53,586,042,880 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

Current=1 Default=1 Failed=0 LastKnownGood=6 Sets=1,2,3,4,5,6

- - End Of File - - EEC26FEB274B4A0C2BC2F6D209580E40

Ga nu slapen, moet over een uurtje opstaan om te gaan werken in Frankrijk.

kape · 17 mei 2010

Open een kladblokbestand.

Kopieer en plak daarin de onderstaande vetgedrukte tekst.

File::

c:\windows\system32\drivers\lvuvc.hs

c:\windows\system32\drivers\logiflt.iad

c:\windows\system32\drivers\ctredr15.sys

Folder::

c:\program files\Conduit

Driver::

ctredr15.sys

Firefox::

FF - ProfilePath - c:\documents and settings\admin\Application Data\Mozilla\Firefox\Profiles\c74v5q0e.default\

FF - prefs.js: keyword.URL –

Sla dit bestand op je bureaublad op als CFScript.txt.

Sleep CFScript.txt in ComboFix.exe

Dit zal ComboFix doen herstarten. Start opnieuw op als dat gevraagd wordt.

Post na herstart de inhoud van de Combofix.txt in je volgende bericht samen met een nieuw logje van HijackThis.

Lode1964 · 17 mei 2010

Hoe en waar open ik een kladblok bestand?

Lode1964 · 17 mei 2010

Gevonden en uitgevoerd

ComboFix 10-05-16.02 - admin 05/17/2010 22:34:48.3.1 - x86

Microsoft Windows XP Professional 5.1.2600.2.874.66.1033.18.1023.525 [GMT 2:00]

Running from: c:\documents and settings\admin\My Documents\Downloads\ComboFix.exe

Command switches used :: c:\documents and settings\admin\My Documents\Downloads\CFScript.txt

AV: avast! antivirus 4.8.1368 [VPS 100517-1] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

FILE ::

"c:\windows\system32\drivers\ctredr15.sys"

"c:\windows\system32\drivers\logiflt.iad"

"c:\windows\system32\drivers\lvuvc.hs"

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\program files\Conduit

c:\program files\Conduit\Community Alerts\Alert.dll

c:\windows\system32\drivers\logiflt.iad

c:\windows\system32\drivers\lvuvc.hs

c:\windows\TEMP\logishrd\LVPrcInj01.dll

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

-------\Legacy_CTREDR15.SYS

-------\Service_ctredr15.sys

((((((((((((((((((((((((( Files Created from 2010-04-17 to 2010-05-17 )))))))))))))))))))))))))))))))

.

2010-05-17 19:02 . 2010-05-17 19:02 -------- d-----w- c:\documents and settings\All Users\Application Data\Office Genuine Advantage