Ga naar inhoud

onverklaarbare snelkoppelingen

fusionfreak

Door fusionfreak
in Archief Internet & Netwerk

 Delen

Aanbevolen berichten

  • Reacties 33
  • Aangemaakt
  • Laatste reactie

Beste reacties in dit topic

Populaire dagen

Beste reacties in dit topic

Populaire dagen

fusionfreak Enthousiasteling

fusionfreak

Geplaatst:
  • Auteur
Geplaatst: (aangepast)

ok hier is ie dan, let vooral op de zivet en moipee en miaku

--------------------------------------------------------------------------------

KASPERSKY ONLINE SCANNER 7.0: scan report

Tuesday, August 24, 2010

Operating system: Microsoft Professional (build 7600)

Kaspersky Online Scanner version: 7.0.26.13

Last database update: Sunday, August 22, 2010 08:08:49

Records in database: 4134357

--------------------------------------------------------------------------------

Scan settings:

scan using the following database: extended

Scan archives: yes

Scan e-mail databases: yes

Scan area - My Computer:

A:\

C:\

D:\

E:\

F:\

G:\

H:\

Scan statistics:

Objects scanned: 856168

Threats found: 27

Infected objects found: 113

Suspicious objects found: 0

Scan duration: 47:24:15

File name / Threat / Threats count

G:\zivet.scr/G:\zivet.scr Infected: Worm.Win32.VBNA.b 1

C:\Users\***\geuuwo.exe/C:\Users\***\geuuwo.exe Infected: Worm.Win32.VBNA.b 1

C:\Program Files\EASEUS\Data Recovery Wizard Professional 3.3.4\OfficeViewer.exe Infected: Trojan-Mailfinder.Win32.Blen.xd 1

C:\Program Files\FindyKill\Tools\hldrrr.exe Infected: not-a-virus:RiskTool.Win32.PsKill.k 1

C:\Users\***\alg.exe Infected: Worm.Win32.VBNA.b 1

C:\Users\***\AppData\Local\Opera\Opera\cache\g_0071\opr00B77.tmp Infected: not-a-virus:RiskTool.Win32.PsKill.k 1

C:\Users\***\AppData\Local\Opera\Opera\temporary_downloads\FindyKill.exe Infected: not-a-virus:RiskTool.Win32.PsKill.k 1

C:\Users\***\Documents\Downloads\u995 (1).zip Infected: not-a-virus:NetTool.Win32.Proxy.h 1

C:\Users\***\Documents\Downloads\u995.zip Infected: not-a-virus:NetTool.Win32.Proxy.h 1

C:\Users\***\Documents\FindyKill.exe Infected: not-a-virus:RiskTool.Win32.PsKill.k 1

C:\Users\***\Downloads\Activation\7Loader_Release_4\7Loader Release 4.exe Infected: Trojan.Win32.VB.uci 1

C:\Users\***\Downloads\Activation\7Loader_Release_4\7Loader Release 4.exe Infected: Trojan.Win32.Swisyn.tpo 1

C:\Users\***\Downloads\Activation\7Loader_Release_4\7Loader Release 4.zip Infected: Trojan.Win32.VB.uci 1

C:\Users\***\Downloads\Activation\7Loader_Release_4\7Loader Release 4.zip Infected: Trojan.Win32.Swisyn.tpo 1

C:\Users\J***\Downloads\Activation\Windows 7 rtm x86 32bit activator\7Loader_Release_4.exe Infected: Trojan.Win32.Swisyn.tpo 1

C:\Users\***\Downloads\Celeb - Jennifer Love Hewitt Photos\Celeb - Jennifer Love Hewitt Photos\#1 Money Making Trick\Grand Master Blackjack - ROBOT.exe Infected: Worm.Win32.AutoIt.wa 1

C:\Users\***s\Downloads\Celeb - Jennifer Love Hewitt Photos .zip Infected: Worm.Win32.AutoIt.wa 1

C:\Users\J***\Downloads\Hirens BootCD 10.6\Hiren's.BootCD.10.6\HBCD\konboot.gz Infected: not-a-virus:PSWTool.Boot.KonBoot.a 1

C:\Users\***\Downloads\Win.BootUSB\Win.BootUSB\OPTION - 2 for XP and Vista\MULTI_CONTENT\wintools\commandline\MbrFix.exe Infected: not-a-virus:RiskTool.Win32.MBRFix.a 1

C:\Users\***\Downloads\Win.BootUSB\Win.BootUSB\OPTION - 2 for XP and Vista\MULTI_CONTENT\wintools\othertools\ProduKey.exe Infected: not-a-virus:PSWTool.Win32.ProductKey.i 1

C:\Users\***\Downloads\Win.BootUSB.rar Infected: not-a-virus:RiskTool.Win32.MBRFix.a 1

C:\Users\***\Downloads\Win.BootUSB.rar Infected: not-a-virus:PSWTool.Win32.ProductKey.i 1

C:\Users\***\geuuwo.exe Infected: Worm.Win32.VBNA.b 1

C:\Users\***\nzqif.exe Infected: Worm.Win32.VBNA.b 1

D:\Downloads\Windows 7 Ultimate Activator (32 and 64 bit!)\Windows 7 Ultimate Activator (32 and 64 bit!).zip Infected: Worm.Win32.VBNA.b 1

D:\Downloads\Windows 7 Ultimate Keygen (32 bits) (100% Working) (Clean) - CaZoR.zip Infected: Backdoor.Win32.Bifrose.bxeo 1

D:\Downloads\Windows7 Activation Patch For ALL VERSIONS FINAL-RTM {DIBYA}[H33T]\Win7 Activation Patch ALL VERSIONS FINAL-RTM{DIBYA}[H33T].rar Infected: Trojan.BAT.Agent.wq 2

D:\Users\Downloads\Windows 7 Ultimate Activator (32 and 64 bit!)\Windows 7 Ultimate Activator (32 and 64 bit!).zip Infected: Worm.Win32.VBNA.b 1

D:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\16\39c05850-3782ad9c Infected: Exploit.Java.Agent.f 1

D:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\16\39c05850-3782ad9c Infected: Trojan-Downloader.Java.Agent.ax 2

D:\Users\***AppData\LocalLow\Sun\Java\Deployment\cache\6.0\46\2a9ab7ae-23a245dc Infected: Trojan-Downloader.Java.Agent.aw 1

D:\Users\****\Documents\Windows XP Ultimate Edition (by Johnny) [January2010-R4.7]\Windows XP Ultimate Edition (by Johnny) [January2010-R4.7].iso Infected: Trojan.Win32.Swisyn.agfe 1

D:\Users\***\Documents\Windows XP Ultimate Edition (by Johnny) [January2010-R4.7]\Windows XP Ultimate Edition (by Johnny) [January2010-R4.7].iso Infected: Trojan.Win32.DelfInject.pb 1

D:\Users\***Downloads\Windows 7 Ultimate Keygen (32 bits) (100% Working) (Clean) - CaZoR.zip Infected: Backdoor.Win32.Bifrose.bxeo 1

D:\Users\***\Downloads\Windows7 Activation Patch For ALL VERSIONS FINAL-RTM {DIBYA}[H33T]\Win7 Activation Patch ALL VERSIONS FINAL-RTM{DIBYA}[H33T].rar Infected: Trojan.BAT.Agent.wq 2

F:\ert.dll Infected: Trojan.Win32.Zapchast.bro 1

F:\miaku.exe Infected: Worm.Win32.VBNA.b 1

F:\miakux.exe Infected: Worm.Win32.VBNA.b 1

F:\x.exe Infected: Worm.Win32.VBNA.b 1

G:\moipee.exe Infected: Worm.Win32.VBNA.b 1

G:\moipeex.exe Infected: Worm.Win32.VBNA.b 1

G:\x.exe Infected: Worm.Win32.VBNA.b 1

G:\zivet.exe Infected: Worm.Win32.VBNA.b 1

G:\moipee.scr Infected: Worm.Win32.VBNA.b 1

G:\zivetx.exe Infected: Worm.Win32.VBNA.b 1

G:\zivet.scr Infected: Worm.Win32.VBNA.b 1

G:\***S\Backup Set 2010-04-11 190009\Backup Files 2010-04-11 190009\Backup files 53.zip Infected: Exploit.Java.Agent.f 1

G:\***\Backup Set 2010-04-11 190009\Backup Files 2010-04-11 190009\Backup files 53.zip Infected: Trojan-Downloader.Java.Agent.ax 2

G:\***\Backup Set 2010-04-11 190009\Backup Files 2010-04-11 190009\Backup files 53.zip Infected: Trojan-Downloader.Java.Agent.aw 1

G:\***\Backup Set 2010-04-11 190009\Backup Files 2010-04-11 190009\Backup files 217.zip Infected: Backdoor.Win32.Bifrose.bxeo 1

G:\***\Backup Set 2010-04-11 190009\Backup Files 2010-04-11 190009\Backup files 217.zip Infected: Worm.Win32.VBNA.b 1

G:\***\Backup Set 2010-04-11 190009\Backup Files 2010-04-11 190009\Backup files 217.zip Infected: Trojan.BAT.Agent.wq 2

G:\***\Backup Set 2010-04-11 190009\Backup Files 2010-04-11 190009\Backup files 231.zip Infected: Backdoor.Win32.Bifrose.bxeo 1

G:\***Backup Set 2010-04-11 190009\Backup Files 2010-04-11 190009\Backup files 231.zip Infected: Worm.Win32.VBNA.b 1

G:\***\Backup Set 2010-04-11 190009\Backup Files 2010-04-11 190009\Backup files 231.zip Infected: Trojan.BAT.Agent.wq 2

G:\***\Backup Set 2010-04-11 190009\Backup Files 2010-04-11 190009\Backup files 294.zip Infected: Backdoor.Win32.Bifrose.bxeo 1

G:\***\Backup Set 2010-04-11 190009\Backup Files 2010-04-11 190009\Backup files 453.zip Infected: Trojan.BAT.Agent.wq 2

G:\****S\Backup Set 2010-04-11 190009\Backup Files 2010-05-27 231829\Backup files 4.zip Infected: Exploit.Java.Agent.f 1

G:\***\Backup Set 2010-04-11 190009\Backup Files 2010-05-27 231829\Backup files 4.zip Infected: Trojan-Downloader.Java.Agent.ax 2

G:\**010-04-11 190009\Backup Files 2010-05-27 231829\Backup files 4.zip Infected: Trojan-Downloader.Java.Agent.aw 1

G:\***\Backup Set 2010-04-11 190009\Backup Files 2010-05-27 231829\Backup files 150.zip Infected: Backdoor.Win32.Bifrose.bxeo 1

G:\Software and Documents\Windows 7 Loader v1.8.9.rar Infected: Trojan-Spy.Win32.Agent.birt 1

G:\Software and Documents\Windows 7 Ultimate Keygen (32 bits) (100% Working) (Clean) - CaZoR.zip Infected: Backdoor.Win32.Bifrose.bxeo 1

G:\Software and Documents\Google Earth Pro (Plus) 2010 v5.1.3533 Incl Patch\Google Earth Pro (Plus) 2010 v5.1.3533 Incl Patch.rar Infected: Packed.Win32.TDSS.z 2

G:\Software and Documents\Google Earth Pro (Plus) 2010 v5.1.3533 Incl Patch\Google Earth Pro (Plus) 2010 v5.1.3533 Incl Patch.rar Infected: Trojan-PSW.Win32.Dybalom.bkn 1

G:\Software and Documents\Google Earth Pro (Plus) 2010 v5.1.3533 Incl Patch\Google Earth Pro (Plus) 2010 v5.1.3533 Incl Patch\Google Earth Plus v5.1.3533.1731.exe Infected: Packed.Win32.TDSS.z 1

G:\Software and Documents\NORTON GHOST v14.0 SYSTEM RECOVERY DISK\NORTON GHOST v14.0 SYSTEM RECOVERY DISK (2).iso Infected: Trojan.Win32.Chifrax.d 1

G:\Software and Documents\NORTON GHOST v14.0 SYSTEM RECOVERY DISK\NORTON GHOST v14.0 SYSTEM RECOVERY DISK (2).iso Infected: Trojan-Downloader.Win32.Zlob.auvj 1

G:\Software and Documents\Windows 7 Activator Tested And Working All Version (x86 x64)\Windows 7 Activator Tested And Working All Version (x86 x64).rar Infected: Packed.Win32.TDSS.z 1

G:\Software and Documents\Ultimate DVD & Video Converter Suite v8.03 + Serial\Ultimate DVD & Video Converter Suite v8.03 + Serial.rar Infected: Packed.Win32.TDSS.z 1

H:\Software and Documents\Windows 7 Loader v1.8.9.rar Infected: Trojan-Spy.Win32.Agent.birt 1

H:\Software and Documents\Windows 7 Ultimate Keygen (32 bits) (100% Working) (Clean) - CaZoR.zip Infected: Backdoor.Win32.Bifrose.bxeo 1

H:\Software and Documents\Google Earth Pro (Plus) 2010 v5.1.3533 Incl Patch\Google Earth Pro (Plus) 2010 v5.1.3533 Incl Patch.rar Infected: Packed.Win32.TDSS.z 2

H:\Software and Documents\Google Earth Pro (Plus) 2010 v5.1.3533 Incl Patch\Google Earth Pro (Plus) 2010 v5.1.3533 Incl Patch.rar Infected: Trojan-PSW.Win32.Dybalom.bkn 1

H:\Software and Documents\Google Earth Pro (Plus) 2010 v5.1.3533 Incl Patch\Google Earth Pro (Plus) 2010 v5.1.3533 Incl Patch\Google Earth Plus v5.1.3533.1731.exe Infected: Packed.Win32.TDSS.z 1

H:\Software and Documents\NORTON GHOST v14.0 SYSTEM RECOVERY DISK\NORTON GHOST v14.0 SYSTEM RECOVERY DISK (2).iso Infected: Trojan.Win32.Chifrax.d 1

H:\Software and Documents\NORTON GHOST v14.0 SYSTEM RECOVERY DISK\NORTON GHOST v14.0 SYSTEM RECOVERY DISK (2).iso Infected: Trojan-Downloader.Win32.Zlob.auvj 1

H:\Software and Documents\Windows 7 Activator Tested And Working All Version (x86 x64)\Windows 7 Activator Tested And Working All Version (x86 x64).rar Infected: Packed.Win32.TDSS.z 1

H:\Software and Documents\Ultimate DVD & Video Converter Suite v8.03 + Serial\Ultimate DVD & Video Converter Suite v8.03 + Serial.rar Infected: Packed.Win32.TDSS.z 1

H:\New250\FSP_klite27rc1.exe Infected: not-a-virus:AdWare.Win32.Altnet.e 1

H:\xX\Films\Lesbian.Short.Film.Festival-TBMs\Tiny18 Premium Content - Horney Girl\Tiny18 Premium Content - Horney Girl.rar Infected: Trojan.Win32.VBKrypt.adi 1

H:\xX\Films\* - Clio and Sascha - Lets shoot\Tiny American School Model Princess- Very hot shoots\Tiny American School Model Princess- Very hot shoots.rar Infected: Trojan.Win32.VBKrypt.adi 1

H:\pics\varia\Sandra Beach\ teenhig resh pics.EXE Infected: Trojan.Win32.VBKrypt.adi 1

H:\pics\varia\Sandra Beach\ teen resh pics.EXE Infected: Virus.Win32.Parite.b 1

H:\X\Films\Lesbian.Short.Film.Festival-TBMs\Tiny18 Premium Content - Horney Girl\Tiny18 Premium Content - Horney Girl.rar Infected: Trojan.Win32.VBKrypt.adi 1

H:\X\Films\Seductive18 - Clio and Sascha - Lets shoot\Tiny American School Model Princess- Very hot shoots\ American Model Princess- Very hot shoots.rar Infected: Trojan.Win32.VBKrypt.adi 1

H:\x.exe Infected: Worm.Win32.VBNA.b 1

H:\moipee.scr Infected: Worm.Win32.VBNA.b 1

H:\usb stick vdab\Verwisselbare schijf\moipee.exe Infected: Worm.Win32.VBNA.b 1

H:\usb stick vdab\Verwisselbare schijf\moipeex.exe Infected: Worm.Win32.VBNA.b 1

H:\usb stick vdab\Verwisselbare schijf\x.exe Infected: Worm.Win32.VBNA.b 1

H:\usb stick II\nero 7 ultra crack.zip Infected: P2P-Worm.Win32.Agent.v 3

H:\moipee.exe Infected: Worm.Win32.VBNA.b 1

H:\moipeex.exe Infected: Worm.Win32.VBNA.b 1

H:\Downloads\Windows 7 Ultimate Keygen (32 bits) (100% Working) (Clean) - CaZoR.zip Infected: Backdoor.Win32.Bifrose.bxeo 1

H:\Downloads\Windows 7 Ultimate Activator (32 and 64 bit!)\Windows 7 Ultimate Activator (32 and 64 bit!).zip Infected: Worm.Win32.VBNA.b 1

H:\Downloads\Windows7 Activation Patch For ALL VERSIONS FINAL-RTM {DIBYA}[H33T]\Win7 Activation Patch ALL VERSIONS FINAL-RTM{DIBYA}[H33T].rar Infected: Trojan.BAT.Agent.wq 2

H:\Downloads\Downloads\Windows 7 Ultimate Keygen (32 bits) (100% Working) (Clean) - CaZoR.zip Infected: Backdoor.Win32.Bifrose.bxeo 1

H:\Downloads\Downloads\Windows7 Activation Patch For ALL VERSIONS FINAL-RTM {DIBYA}[H33T]\Win7 Activation Patch ALL VERSIONS FINAL-RTM{DIBYA}[H33T].rar Infected: Trojan.BAT.Agent.wq 2

Selected area has been scanned.

aangepast door fusionfreak
Link naar reactie
Delen op andere sites
kape Grootmeester

kape

Geplaatst:
Geplaatst:

Download ComboFix van één van deze locaties:

Link 1

Link 2

* BELANGRIJK !!! Sla ComboFix.exe op je Bureaublad op

Lees hier meer over correct gebruik van Combofix.

  • Schakel alle antivirus- en antispywareprogramma's uit, want anders kunnen ze misschien conflicteren met ComboFix. Hier is een handleiding over hoe je ze kan uitschakelen: Klik hier Als het je niet lukt om ze uit te schakelen, ga dan gewoon door naar de volgende stap.
  • Dubbelklik op ComboFix.exe en volg de meldingen op het scherm.
  • ComboFix zal controleren of dat de Microsoft Windows Recovery Console reeds is geïnstalleerd. Als deze Recovery Console al is geïnstalleerd zal ComboFix automatisch verder gaan met het scannen naar malware
  • Volg anders de meldingen op het scherm om ComboFix de Microsoft Windows Recovery Console te laten downloaden en installeren. Wanneer de Recovery Console succesvol is geïnstalleerd, klik je op “JA” om verder te gaan met het scannen naar malware.

NOTA: Wanneer ComboFix start, kan het zijn dat je een foutmelding krijgt dat “De inhoud van het ComboFix pakket werd gewijzigd”. Ga dan niet verder met de instructies, maar download ComboFix opnieuw. Deze melding kan verschijnen wanneer een file-infector (Virut) actief is op de computer. Blijf je die melding krijgen dan meld je dit.

Wanneer ComboFix klaar is, zal het het een logbestand voor je maken. Post de inhoud van dit logbestand (te vinden als C:\ComboFix.txt) in je volgende bericht.

Link naar reactie
Delen op andere sites
fusionfreak Enthousiasteling

fusionfreak

Geplaatst:
  • Auteur
Geplaatst: (aangepast)

de mappen vertonen zich weer normaal,

echter de snelkoppelingen zijn ook blijven staan,

raar hoor,

maar ik kan de data toch weer gebruiken..

ik zie ook nergens dat zivet maiku of moipee daadwerkelijk

verwijderd is...

ComboFix 10-08-23.05 - *** 24/08/2010 17:31:12.1.2 - x86

Microsoft Windows 7 Ultimate 6.1.7600.0.1252.32.1043.18.3070.1808 [GMT 2:00]

Gestart vanuit: c:\users\***\Desktop\ComboFix.exe

* Nieuw herstelpunt werd aangemaakt

.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\ErrLog.txt

c:\users\alg.exe

c:\users\AppData\Local\Windows Server

c:\users\AppData\Roaming\Microsoft\Windows\Templates\memory.tmp

c:\users\geuuwo.exe

c:\users\nzqif.exe

F:\Autorun.inf

F:\x.exe

G:\Autorun.inf

G:\x.exe

H:\Autorun.inf

H:\x.exe

.

(((((((((((((((((((( Bestanden Gemaakt van 2010-07-24 to 2010-08-24 ))))))))))))))))))))))))))))))

.

2010-08-24 15:41 . 2010-08-24 15:41 -------- d-----w- c:\users\Default\AppData\Local\temp

2010-08-24 15:25 . 2010-08-24 15:26 -------- d-----w- C:\32788R22FWJFW

2010-08-22 12:41 . 2010-08-22 12:41 -------- d-----w- c:\users\\jks

2010-08-22 12:40 . 2010-08-22 12:40 -------- d-----w- c:\program files\Common Files\Java

2010-08-22 12:39 . 2010-08-22 12:39 423656 ----a-w- c:\windows\system32\deployJava1.dll

2010-08-22 12:39 . 2010-08-22 12:39 -------- d-----w- c:\program files\Java

2010-08-22 12:04 . 2010-08-22 12:04 -------- d-----w- c:\program files\FindyKill

2010-08-20 23:11 . 2010-08-20 23:11 -------- d-----w- c:\users\AppData\Roaming\Malwarebytes

2010-08-20 23:11 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-08-20 23:11 . 2010-08-22 10:40 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-08-20 23:11 . 2010-08-20 23:11 -------- d-----w- c:\programdata\Malwarebytes

2010-08-20 23:11 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-08-20 23:09 . 2010-08-20 23:09 -------- d-----w- c:\users\AppData\Roaming\Registry Mechanic

2010-08-20 23:07 . 2010-08-05 06:46 37336 ----a-w- c:\windows\system32\CleanMFT32.exe

2010-08-20 23:07 . 2004-08-04 05:00 506368 ----a-w- c:\windows\system32\msxml.dll

2010-08-20 23:07 . 2010-08-20 23:07 -------- d-----w- c:\program files\Common Files\PC Tools

2010-08-17 13:26 . 2010-08-17 13:26 -------- d-----w- c:\users\AppData\Local\Opera

2010-08-17 13:26 . 2010-08-17 13:26 -------- d-----w- c:\program files\Opera

2010-08-14 10:59 . 2010-08-14 10:59 -------- d-----w- c:\program files\Hamster Soft

2010-08-11 13:47 . 2010-08-11 13:47 -------- d-----w- c:\program files\Xvid

2010-08-11 13:39 . 2010-08-11 13:39 -------- d-----w- c:\users\AppData\Roaming\F-Secure

2010-08-11 11:27 . 2010-07-29 06:30 197632 ----a-w- c:\windows\system32\ir32_32.dll

2010-08-11 11:27 . 2010-07-29 06:30 82944 ----a-w- c:\windows\system32\iccvid.dll

2010-08-11 11:27 . 2010-06-14 06:12 1286016 ----a-w- c:\windows\system32\drivers\tcpip.sys

2010-08-11 11:26 . 2010-06-19 06:23 37376 ----a-w- c:\windows\system32\rtutils.dll

2010-08-11 11:25 . 2010-06-08 06:02 1233920 ----a-w- c:\windows\system32\msxml3.dll

2010-08-11 11:25 . 2010-06-30 06:25 978432 ----a-w- c:\windows\system32\wininet.dll

2010-08-11 11:24 . 2010-06-19 06:33 3955080 ----a-w- c:\windows\system32\ntkrnlpa.exe

2010-08-11 11:24 . 2010-06-19 06:33 3899784 ----a-w- c:\windows\system32\ntoskrnl.exe

2010-08-11 11:24 . 2010-06-22 02:47 310784 ----a-w- c:\windows\system32\drivers\srv.sys

2010-08-11 11:24 . 2010-06-22 02:47 307200 ----a-w- c:\windows\system32\drivers\srv2.sys

2010-08-11 11:24 . 2010-06-22 02:47 113664 ----a-w- c:\windows\system32\drivers\srvnet.sys

2010-08-11 11:24 . 2010-06-16 05:48 224256 ----a-w- c:\windows\system32\schannel.dll

2010-08-11 11:22 . 2010-06-19 04:07 2326016 ----a-w- c:\windows\system32\win32k.sys

2010-08-07 01:51 . 2010-08-07 01:51 -------- d-----w- c:\users\AppData\Local\Nero_AG

2010-08-03 12:04 . 2010-08-03 12:12 41256 ----a-w- c:\windows\system32\drivers\fsbts.sys

2010-08-03 12:03 . 2009-08-05 15:57 35680 ----a-w- c:\windows\system32\drivers\fses.sys

2010-08-03 12:03 . 2009-08-05 15:57 71040 ----a-w- c:\windows\system32\drivers\fsdfw.sys

2010-08-03 12:02 . 2010-08-03 12:12 -------- d-----w- c:\program files\Telenet Security Pack

2010-08-03 11:58 . 2010-08-03 12:01 -------- d-----w- c:\programdata\fssg

2010-08-03 11:58 . 2010-08-03 12:03 -------- d-----w- c:\programdata\f-secure

2010-07-31 20:43 . 2010-07-31 20:43 -------- d-----w- c:\users\AppData\Roaming\J River

2010-07-28 21:46 . 2010-08-09 14:24 -------- d-----w- C:\Download

2010-07-28 17:30 . 2009-11-25 10:47 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll

2010-07-28 17:30 . 2009-11-25 10:47 49472 ----a-w- c:\windows\system32\netfxperf.dll

2010-07-28 17:30 . 2009-11-25 10:47 297808 ----a-w- c:\windows\system32\mscoree.dll

2010-07-28 17:30 . 2009-11-25 10:47 295264 ----a-w- c:\windows\system32\PresentationHost.exe

2010-07-28 17:30 . 2009-11-25 10:47 1130824 ----a-w- c:\windows\system32\dfshim.dll

2010-07-28 17:28 . 2009-12-08 11:32 292864 ----a-w- c:\windows\system32\apphelp.dll

2010-07-28 17:27 . 2010-05-27 07:24 34304 ----a-w- c:\windows\system32\atmlib.dll

2010-07-28 17:27 . 2010-05-27 03:49 293888 ----a-w- c:\windows\system32\atmfd.dll

2010-07-28 17:27 . 2010-03-05 07:42 67584 ----a-w- c:\windows\system32\asycfilt.dll

2010-07-27 18:38 . 2010-07-27 18:38 -------- d-----w- c:\program files\P2PFilter

2010-07-27 18:37 . 2010-07-27 18:37 -------- d-----w- c:\windows\system32\TVUAx

2010-07-27 16:54 . 2010-07-27 16:54 5430 ----a-r- c:\users\AppData\Roaming\Microsoft\Installer\{1584854C-1513-40EA-96D4-493384D0A3C7}\_BBC8D813A8F14BA749114F.exe

2010-07-27 16:54 . 2010-07-27 16:54 5430 ----a-r- c:\users\AppData\Roaming\Microsoft\Installer\{1584854C-1513-40EA-96D4-493384D0A3C7}\_44F622AA395D57B9743A14.exe

2010-07-27 15:48 . 2010-07-27 18:25 -------- d-----w- c:\users\AppData\Local\Readon_Technology

2010-07-27 15:47 . 2010-07-27 16:54 -------- d-----w- c:\program files\Readon Technology

2010-07-26 14:44 . 2010-07-26 14:44 -------- d-----w- c:\program files\DVD Decrypter

2010-07-26 09:21 . 2010-07-26 09:21 -------- d-----w- c:\users\AppData\Local\ZattooPlayer

2010-07-26 09:21 . 2010-07-26 09:21 -------- d-----w- c:\users\AppData\Local\Zattoo

2010-07-25 20:31 . 2010-07-25 20:31 -------- d-----w- c:\programdata\Kaspersky Lab

2010-07-25 20:16 . 2010-07-25 20:16 -------- d-----w- c:\users\\AppData\Roaming\JLC's Software

2010-07-25 20:15 . 2010-07-25 20:15 -------- d-----w- c:\program files\JLC's Software

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-08-24 00:38 . 2010-05-11 22:56 -------- d-----w- c:\users\\AppData\Roaming\vlc

2010-08-23 22:10 . 2010-07-02 07:39 -------- d-----w- c:\users\\AppData\Roaming\XBMC

2010-08-22 11:17 . 2010-05-11 21:40 -------- d-----w- c:\users\AppData\Roaming\SOUNDGRAPH

2010-08-21 03:36 . 2010-07-11 14:16 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\Markup.dll

2010-08-21 03:36 . 2010-05-11 20:55 704320 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll

2010-08-20 18:20 . 2010-05-15 10:55 -------- d-----w- c:\users\AppData\Roaming\BitTorrent

2010-08-20 17:52 . 2010-05-13 15:13 691884 ----a-w- c:\windows\system32\perfh00C.dat

2010-08-20 17:52 . 2010-05-13 15:13 690930 ----a-w- c:\windows\system32\perfh00A.dat

2010-08-20 17:52 . 2010-05-13 15:13 136750 ----a-w- c:\windows\system32\perfc00A.dat

2010-08-20 17:52 . 2010-05-13 15:13 130116 ----a-w- c:\windows\system32\perfc00C.dat

2010-08-20 17:52 . 2009-07-14 08:27 698618 ----a-w- c:\windows\system32\perfh013.dat

2010-08-20 17:52 . 2009-07-14 08:27 133270 ----a-w- c:\windows\system32\perfc013.dat

2010-08-17 23:48 . 2010-05-12 13:53 -------- d-----w- c:\users\\AppData\Roaming\dvdcss

2010-08-17 11:00 . 2010-07-06 16:04 -------- d-----w- c:\program files\RAR Password Recovery Magic

2010-08-09 14:25 . 2010-06-25 10:38 -------- d-----w- c:\program files\Star Downloader

2010-08-03 12:01 . 2010-05-11 19:51 -------- d-----w- c:\programdata\avg9

2010-07-28 16:54 . 2010-07-28 16:54 16 ----a-w- c:\users\AppData\Roaming\mbsvil.dat

2010-07-28 10:18 . 2010-05-30 16:01 -------- d-----w- c:\program files\SlySoft

2010-07-27 16:59 . 2010-07-19 14:02 -------- d-----w- c:\program files\Spyware Doctor

2010-07-27 16:30 . 2010-05-13 08:22 -------- d-----w- c:\program files\McAfee Security Scan

2010-07-20 17:35 . 2010-07-20 17:35 1615200 ----a-w- c:\programdata\avg9\update\backup\avgssie.dll

2010-07-20 17:35 . 2010-07-20 17:35 1107296 ----a-w- c:\programdata\avg9\update\backup\avgxpl.dll

2010-07-20 17:35 . 2010-07-20 17:35 921440 ----a-w- c:\programdata\avg9\update\backup\avgemc.exe

2010-07-20 17:35 . 2010-07-20 17:35 4368224 ----a-w- c:\programdata\avg9\update\backup\avgcorex.dll

2010-07-17 17:17 . 2010-05-12 12:46 -------- d-----w- c:\programdata\DVD Shrink

2010-07-17 12:52 . 2010-07-17 12:52 -------- d-----w- c:\program files\Uninstall Password Protect USB

2010-07-16 13:07 . 2010-07-16 13:07 242896 ----a-w- c:\programdata\avg9\update\backup\avgtdix.sys

2010-07-16 13:07 . 2010-07-16 13:07 216200 ----a-w- c:\programdata\avg9\update\backup\avgldx86.sys

2010-07-16 13:05 . 2010-07-16 13:05 813336 ----a-w- c:\programdata\avg9\update\backup\avginet.dll

2010-07-16 13:05 . 2010-07-16 13:05 624920 ----a-w- c:\programdata\avg9\update\backup\avgiproxy.exe

2010-07-16 13:05 . 2010-07-16 13:05 1690464 ----a-w- c:\programdata\avg9\update\backup\avgupd.dll

2010-07-16 13:05 . 2010-07-16 13:05 1038688 ----a-w- c:\programdata\avg9\update\backup\avgupd.exe

2010-07-13 16:20 . 2010-07-13 16:20 -------- d-----w- c:\programdata\McAfee

2010-07-12 12:37 . 2010-05-11 20:55 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\Markup.dll

2010-07-12 12:37 . 2010-07-12 12:37 704320 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll

2010-07-07 14:38 . 2010-07-07 14:36 -------- d-----w- c:\program files\Clarus

2010-07-07 14:38 . 2010-05-11 20:08 -------- d--h--w- c:\program files\InstallShield Installation Information

2010-07-02 07:43 . 2010-07-02 07:39 -------- d-----w- c:\program files\XBMC

2010-06-28 16:31 . 2010-06-28 16:28 -------- d-----w- c:\program files\Lexmark X1100 Series

2010-06-27 11:55 . 2010-06-27 11:55 -------- d-----w- c:\program files\Video Thumbnails Maker

2010-06-25 10:05 . 2010-06-25 10:05 57344 ----a-w- c:\programdata\DivX\RunAsUser\RUNASUSERPROCESS.dll

2010-06-25 10:05 . 2010-06-25 10:05 56997 ----a-w- c:\programdata\DivX\WebPlayer\Uninstaller.exe

2010-06-25 10:05 . 2010-06-25 10:05 56765 ----a-w- c:\programdata\DivX\DivXPlusShortcuts\Uninstaller.exe

2010-06-25 10:03 . 2010-06-25 10:05 1062184 ----a-w- c:\programdata\DivX\Setup\Resource.dll

2010-06-25 10:03 . 2010-06-25 10:05 895256 ----a-w- c:\programdata\DivX\Setup\DivXSetup.exe

2010-06-05 17:26 . 2010-06-05 17:26 37632 ----a-w- c:\windows\system32\drivers\a38usb.sys

2010-06-05 17:26 . 2010-06-05 17:26 110592 ----a-w- c:\windows\system32\usbr38.dll

2010-06-02 02:55 . 2010-07-02 07:42 74072 ----a-w- c:\windows\system32\XAPOFX1_5.dll

2010-06-02 02:55 . 2010-07-02 07:42 527192 ----a-w- c:\windows\system32\XAudio2_7.dll

2010-06-02 02:55 . 2010-07-02 07:42 239960 ----a-w- c:\windows\system32\xactengine3_7.dll

2010-05-28 10:27 . 2010-05-28 10:27 56912 ----a-w- c:\windows\system32\drivers\partmgr.sys

2009-06-10 21:26 . 2009-07-14 02:04 9633792 --sha-r- c:\windows\Fonts\StaticCache.dat

2005-08-24 21:10 . 2010-07-17 12:52 174592 --sha-w- c:\windows\System32\ncfpsys.exe

2009-07-14 01:14 . 2009-07-13 23:42 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Google Update"="c:\users\AppData\Local\Google\Update\GoogleUpdate.exe" [2010-05-11 136176]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-05-11 39408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"iMON"="c:\program files\SOUNDGRAPH\iMON\iMON.exe" [2010-06-25 2990080]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]

"NBAgent"="c:\program files\Nero\Nero 10\Nero BackItUp\NBAgent.exe" [2010-03-26 1234216]

"lxbkbmgr.exe"="c:\program files\Lexmark X1100 Series\lxbkbmgr.exe" [2008-02-28 74408]

"Password Protect USB 3.6.1"="c:\windows\system32\ncfpsys.exe" [2005-08-24 174592]

"F-Secure Manager"="c:\program files\Telenet Security Pack\Common\FSM32.EXE" [2009-08-05 199264]

"F-Secure TNB"="c:\program files\Telenet Security Pack\FSGUI\TNBUtil.exe" [2009-08-05 2349664]

"SSDMonitor"="c:\program files\Common Files\PC Tools\sMonitor\SSDMonitor.exe" [2010-08-05 104408]

"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-04-29 1090952]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

"EnableLinkedConnections"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"aux"=wdmaud.drv

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MScommt]

c:\users\JOACHI~1\AppData\Local\Temp [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\beid]

2010-02-05 11:29 2056192 ----a-w- c:\program files\Belgium Identity Card\beid35gui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]

2010-06-03 00:50 1144104 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel]

2009-06-17 10:13 2363392 ----a-w- c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]

2010-04-16 20:12 3872080 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe

R2 gupdate;Google Updateservice (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-05-11 136176]

R2 MSR Service;Virtual Disk Service Manager;c:\program files\Clarus\Samsung SecretZone\MSSvc.exe [2009-12-30 114688]

R3 ACSSCR;ACR38 Smart Card Reader;c:\windows\system32\DRIVERS\a38usb.sys [2010-06-05 37632]

R3 FSORSPClient;F-Secure ORSP Client;c:\program files\Telenet Security Pack\ORSP Client\fsorsp.exe [2010-08-03 57008]

R3 WatAdminSvc;WatAdminSvc;c:\windows\system32\Wat\WatAdminSvc.exe [2010-05-15 1343400]

R4 F-Secure Filter;F-Secure File System Filter;c:\program files\Telenet Security Pack\Anti-Virus\Win2K\FSfilter.sys [2009-08-05 39776]

R4 F-Secure Recognizer;F-Secure File System Recognizer;c:\program files\Telenet Security Pack\Anti-Virus\Win2K\FSrec.sys [2009-08-05 25184]

S0 fsbts;fsbts;c:\windows\system32\Drivers\fsbts.sys [2010-08-03 41256]

S1 F-Secure HIPS;F-Secure HIPS Driver;c:\program files\Telenet Security Pack\HIPS\drivers\fshs.sys [2009-08-05 68064]

S1 FSES;F-Secure Email Scanning Driver;c:\windows\system32\drivers\fses.sys [2009-08-05 35680]

S1 FSFW;F-Secure Firewall Driver;c:\windows\system32\drivers\fsdfw.sys [2009-08-05 71040]

S1 fsvista;F-Secure Vista Support Driver;c:\program files\Telenet Security Pack\Anti-Virus\minifilter\fsvista.sys [2009-08-05 12384]

S2 lxbk_device;lxbk_device;c:\windows\system32\lxbkcoms.exe [2008-02-19 537256]

S2 NAUpdate;Nero Update;c:\program files\Nero\Update\NASvc.exe [2010-03-25 490280]

S2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files\Common Files\PC Tools\sMonitor\StartManSvc.exe [2010-08-05 583640]

S3 F-Secure Gatekeeper;F-Secure Gatekeeper;c:\program files\Telenet Security Pack\Anti-Virus\minifilter\fsgk.sys [2010-08-03 124072]

S3 KMWDFILTERx86;HIDServiceDesc;c:\windows\system32\DRIVERS\KMWDFILTER.sys [2009-04-29 25088]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-03-01 139776]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]

2009-06-17 10:11 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe

.

Inhoud van de 'Gedeelde Taken' map

2010-08-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-11 20:17]

2010-08-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-11 20:17]

2010-08-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-242032662-382453786-369927515-1000Core.job

- c:\users\AppData\Local\Google\Update\GoogleUpdate.exe [2010-05-11 20:15]

2010-08-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-242032662-382453786-369927515-1000UA.job

- c:\users\AppData\Local\Google\Update\GoogleUpdate.exe [2010-05-11 20:15]

2010-08-24 c:\windows\Tasks\Scheduled scanning task.job

- c:\progra~1\TELENE~1\ANTI-V~1\fsav.exe [2010-08-03 15:56]

.

.

------- Bijkomende Scan -------

.

uStart Page = https://www.telenet.be/mijntelenet/navigation/navigation.do?family=DEFAULT&identifier=DEFAULT

IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html

LSP: c:\program files\Telenet Security Pack\FSPS\program\FSLSP.DLL

Trusted Zone: entriq.net\man

Trusted Zone: kbc.be\www

Trusted Zone: telenet.be\messagent

Trusted Zone: telenet.be\pctv

Trusted Zone: telenet.be\www

.

- - - - ORPHANS VERWIJDERD - - - -

WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)

HKCU-Run-geuuwo - c:\users\geuuwo.exe

MSConfigStartUp-cwvvuptt - c:\users\AppData\Local\gwkofaiym\hydtprhtssd.exe

MSConfigStartUp-dadlcomi - c:\users\AppData\Local\rpbxjvnwl\jtrdvvgtssd.exe

MSConfigStartUp-gtmgdsxi - c:\users\AppData\Local\nbgldaqvq\warjjlitssd.exe

MSConfigStartUp-Halo2 - c:\users\AppData\Local\Temp\sshnas21.dll

MSConfigStartUp-JDK5SWFMZY - c:\users\AppData\Local\Temp\Jcs.exe

MSConfigStartUp-ykojthrh - c:\users\AppData\Local\rbphpnixp\ixrgmxptssd.exe

MSConfigStartUp-zivet - c:\users\zivet.exe

.

--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

--------------------- DLLs Geladen Onder Lopende Processen ---------------------

- - - - - - - > 'winlogon.exe'(584)

c:\program files\telenet security pack\hips\fshook32.dll

- - - - - - - > 'lsass.exe'(500)

c:\program files\telenet security pack\hips\fshook32.dll

.

Voltooingstijd: 2010-08-24 17:45:08

ComboFix-quarantined-files.txt 2010-08-24 15:45

Pre-Run: 7.813.263.360 bytes beschikbaar

Post-Run: 10.992.922.624 bytes beschikbaar

- - End Of File - - B9817C72F876D6260A42CCF542535F24

---------- Post toegevoegd om 15:54 ---------- Vorige post was om 15:50 ----------

haja toch onder orphans is zivet.exe verwijderd,

wat is een orphan?

ik zie dat google earth ook voor veel problemen zorgt,

zal ik dat maar deinstalleren?

mvg

---------- Post toegevoegd om 16:02 ---------- Vorige post was om 15:54 ----------

verder vind ik zivet.exe nog is terug op G:

is het voldoende dit te verwijderen en prullenbak

leeg te maken?

mvg

aangepast door fusionfreak
Link naar reactie
Delen op andere sites
kape Grootmeester

kape

Geplaatst:
Geplaatst: (aangepast)

Tja, cracks en keygens zorgen voor heel wat rommel op je PC :sad Daar is dit weer een schitterend voorbeeld van (en dan hebben we het niet alleen over die illegale Windows 7). Google Earth kan je inderdaad best verwijderen, ook die Norton GHost is van twijfelachtig allooi (ook een illegaaltje ?).

Om de rest van de rommel op te ruimen mag je dit doen :

Open een kladblokbestand.

Kopieer en plak daarin de onderstaande vetgedrukte tekst.

File::

c:\users\Joachim Bellems\AppData\Roaming\Microsoft\Installer\{1584854C-1513-40EA-96D4-493384D0A3C7}\_BBC8D813A8F14BA749114F.exe

c:\users\Joachim Bellems\AppData\Roaming\Microsoft\Installer\{1584854C-1513-40EA-96D4-493384D0A3C7}\_44F622AA395D57B9743A14.exe

Folder::

c:\program files\FindyKill

c:\program files\McAfee Security Scan

c:\programdata\McAfee

Registry::

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MScommt]

Sla dit bestand op je bureaublad op als CFScript.txt.

Sleep CFScript.txt in ComboFix.exe

Dit zal ComboFix doen herstarten. Start opnieuw op als dat gevraagd wordt.

Post na herstart de inhoud van de Combofix.txt in je volgende bericht samen met een nieuw logje van HijackThis.

Die gegevens op je G-partitie mag je inderdaad verwijderen langs de Prullenbak. Maak die daarna leeg en laat dan Kaspersky (maak daar de quarantaine eerst leeg) nog eens scannen.

aangepast door kape
Link naar reactie
Delen op andere sites
fusionfreak Enthousiasteling

fusionfreak

Geplaatst:
  • Auteur
Geplaatst: (aangepast)

ComboFix 10-08-23.05 - 24/08/2010 18:51:16.3.2 - x86

Microsoft Windows 7 Ultimate 6.1.7600.0.1252.32.1043.18.3070.1872 [GMT 2:00]

Gestart vanuit: c:\users\\Desktop\ComboFix.exe

gebruikte Opdracht switches :: c:\users\Desktop\CFScript.txt

FILE ::

"c:\users\\AppData\Roaming\Microsoft\Installer\{1584854C-1513-40EA-96D4-493384D0A3C7}\_44F622AA395D57B9743A14.exe"

"c:\users\\AppData\Roaming\Microsoft\Installer\{1584854C-1513-40EA-96D4-493384D0A3C7}\_BBC8D813A8F14BA749114F.exe"

.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\program files\FindyKill

c:\program files\FindyKill\FindyKill.cmd

c:\program files\FindyKill\FixReg\FixSrosa.reg

c:\program files\FindyKill\FixReg\Limpia

c:\program files\FindyKill\FixReg\Limpia.reg

c:\program files\FindyKill\FixReg\Mse.reg

c:\program files\FindyKill\FixReg\Repair.reg

c:\program files\FindyKill\FixReg\Wvista.reg

c:\program files\FindyKill\FixReg\Wxp.reg

c:\program files\FindyKill\Tools\hldrrr.exe

c:\program files\FindyKill\Tools\Icone.ico

c:\program files\FindyKill\Tools\mdelk.exe

c:\program files\FindyKill\Tools\swreg.exe

c:\program files\FindyKill\Tools\wintems.exe

c:\program files\FindyKill\Uninstal.exe

c:\program files\McAfee Security Scan

c:\programdata\McAfee

c:\programdata\McAfee\MCLOGS\Common\McUICnt\McUICnt000.log

c:\programdata\McAfee\MCLOGS\McUICnt\McUICnt\McUICnt000.log

c:\programdata\McAfee\MCLOGS\PartnerCustom\McCHSvc\McCHSvc000.log

c:\programdata\McAfee\MCLOGS\PartnerCustom\McUICnt\McUICnt000.log

c:\programdata\McAfee\MCLOGS\PartnerCustom\SSScheduler\SSScheduler000.log

c:\programdata\McAfee\MCLOGS\SecurityScanner\McUICnt\McUICnt000.log

c:\users\AppData\Roaming\Microsoft\Installer\{1584854C-1513-40EA-96D4-493384D0A3C7}\_44F622AA395D57B9743A14.exe

c:\users\AppData\Roaming\Microsoft\Installer\{1584854C-1513-40EA-96D4-493384D0A3C7}\_BBC8D813A8F14BA749114F.exe

.

(((((((((((((((((((( Bestanden Gemaakt van 2010-07-24 to 2010-08-24 ))))))))))))))))))))))))))))))

.

2010-08-24 17:00 . 2010-08-24 17:00 -------- d-----w- c:\users\Public\AppData\Local\temp

2010-08-24 17:00 . 2010-08-24 17:00 -------- d-----w- c:\users\Default\AppData\Local\temp

2010-08-24 16:49 . 2010-08-24 16:49 -------- d-----w- C:\32788R22FWJFW

2010-08-22 12:41 . 2010-08-22 12:41 -------- d-----w- c:\users\\jks

2010-08-22 12:40 . 2010-08-22 12:40 -------- d-----w- c:\program files\Common Files\Java

2010-08-22 12:39 . 2010-08-22 12:39 423656 ----a-w- c:\windows\system32\deployJava1.dll

2010-08-22 12:39 . 2010-08-22 12:39 -------- d-----w- c:\program files\Java

2010-08-20 23:11 . 2010-08-20 23:11 -------- d-----w- c:\users\\AppData\Roaming\Malwarebytes

2010-08-20 23:11 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-08-20 23:11 . 2010-08-22 10:40 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-08-20 23:11 . 2010-08-20 23:11 -------- d-----w- c:\programdata\Malwarebytes

2010-08-20 23:11 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-08-20 23:09 . 2010-08-20 23:09 -------- d-----w- c:\users\AppData\Roaming\Registry Mechanic

2010-08-20 23:07 . 2010-08-05 06:46 37336 ----a-w- c:\windows\system32\CleanMFT32.exe

2010-08-20 23:07 . 2004-08-04 05:00 506368 ----a-w- c:\windows\system32\msxml.dll

2010-08-20 23:07 . 2010-08-20 23:07 -------- d-----w- c:\program files\Common Files\PC Tools

2010-08-17 13:26 . 2010-08-17 13:26 -------- d-----w- c:\users\\AppData\Local\Opera

2010-08-17 13:26 . 2010-08-17 13:26 -------- d-----w- c:\program files\Opera

2010-08-14 10:59 . 2010-08-14 10:59 -------- d-----w- c:\program files\Hamster Soft

2010-08-11 13:47 . 2010-08-11 13:47 -------- d-----w- c:\program files\Xvid

2010-08-11 13:39 . 2010-08-11 13:39 -------- d-----w- c:\users\\AppData\Roaming\F-Secure

2010-08-11 11:27 . 2010-07-29 06:30 197632 ----a-w- c:\windows\system32\ir32_32.dll

2010-08-11 11:27 . 2010-07-29 06:30 82944 ----a-w- c:\windows\system32\iccvid.dll

2010-08-11 11:27 . 2010-06-14 06:12 1286016 ----a-w- c:\windows\system32\drivers\tcpip.sys

2010-08-11 11:26 . 2010-06-19 06:23 37376 ----a-w- c:\windows\system32\rtutils.dll

2010-08-11 11:25 . 2010-06-08 06:02 1233920 ----a-w- c:\windows\system32\msxml3.dll

2010-08-11 11:25 . 2010-06-30 06:25 978432 ----a-w- c:\windows\system32\wininet.dll

2010-08-11 11:24 . 2010-06-19 06:33 3955080 ----a-w- c:\windows\system32\ntkrnlpa.exe

2010-08-11 11:24 . 2010-06-19 06:33 3899784 ----a-w- c:\windows\system32\ntoskrnl.exe

2010-08-11 11:24 . 2010-06-22 02:47 310784 ----a-w- c:\windows\system32\drivers\srv.sys

2010-08-11 11:24 . 2010-06-22 02:47 307200 ----a-w- c:\windows\system32\drivers\srv2.sys

2010-08-11 11:24 . 2010-06-22 02:47 113664 ----a-w- c:\windows\system32\drivers\srvnet.sys

2010-08-11 11:24 . 2010-06-16 05:48 224256 ----a-w- c:\windows\system32\schannel.dll

2010-08-11 11:22 . 2010-06-19 04:07 2326016 ----a-w- c:\windows\system32\win32k.sys

2010-08-07 01:51 . 2010-08-07 01:51 -------- d-----w- c:\users\AppData\Local\Nero_AG

2010-08-03 12:04 . 2010-08-03 12:12 41256 ----a-w- c:\windows\system32\drivers\fsbts.sys

2010-08-03 12:03 . 2009-08-05 15:57 35680 ----a-w- c:\windows\system32\drivers\fses.sys

2010-08-03 12:03 . 2009-08-05 15:57 71040 ----a-w- c:\windows\system32\drivers\fsdfw.sys

2010-08-03 12:02 . 2010-08-03 12:12 -------- d-----w- c:\program files\Telenet Security Pack

2010-08-03 11:58 . 2010-08-03 12:01 -------- d-----w- c:\programdata\fssg

2010-08-03 11:58 . 2010-08-03 12:03 -------- d-----w- c:\programdata\f-secure

2010-07-31 20:43 . 2010-07-31 20:43 -------- d-----w- c:\users\AppData\Roaming\J River

2010-07-28 21:46 . 2010-08-09 14:24 -------- d-----w- C:\Download

2010-07-28 17:30 . 2009-11-25 10:47 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll

2010-07-28 17:30 . 2009-11-25 10:47 49472 ----a-w- c:\windows\system32\netfxperf.dll

2010-07-28 17:30 . 2009-11-25 10:47 297808 ----a-w- c:\windows\system32\mscoree.dll

2010-07-28 17:30 . 2009-11-25 10:47 295264 ----a-w- c:\windows\system32\PresentationHost.exe

2010-07-28 17:30 . 2009-11-25 10:47 1130824 ----a-w- c:\windows\system32\dfshim.dll

2010-07-28 17:28 . 2009-12-08 11:32 292864 ----a-w- c:\windows\system32\apphelp.dll

2010-07-28 17:27 . 2010-05-27 07:24 34304 ----a-w- c:\windows\system32\atmlib.dll

2010-07-28 17:27 . 2010-05-27 03:49 293888 ----a-w- c:\windows\system32\atmfd.dll

2010-07-28 17:27 . 2010-03-05 07:42 67584 ----a-w- c:\windows\system32\asycfilt.dll

2010-07-27 19:03 . 2010-07-27 19:03 -------- d-----w- c:\programdata\Readon

2010-07-27 18:38 . 2010-07-27 18:38 -------- d-----w- c:\program files\P2PFilter

2010-07-27 18:37 . 2010-07-27 18:37 -------- d-----w- c:\windows\system32\TVUAx

2010-07-27 15:48 . 2010-07-27 18:25 -------- d-----w- c:\users\\AppData\Local\Readon_Technology

2010-07-27 15:47 . 2010-07-27 16:54 -------- d-----w- c:\program files\Readon Technology

2010-07-26 14:44 . 2010-07-26 14:44 -------- d-----w- c:\program files\DVD Decrypter

2010-07-26 09:21 . 2010-07-26 09:21 -------- d-----w- c:\users\AppData\Local\ZattooPlayer

2010-07-26 09:21 . 2010-07-26 09:21 -------- d-----w- c:\users\Zattoo

2010-07-25 20:31 . 2010-07-25 20:31 -------- d-----w- c:\programdata\Kaspersky Lab

2010-07-25 20:16 . 2010-07-25 20:16 -------- d-----w- c:\users\AppData\Roaming\JLC's Software

2010-07-25 20:15 . 2010-07-25 20:15 -------- d-----w- c:\program files\JLC's Software

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-08-24 15:52 . 2010-05-11 22:56 -------- d-----w- c:\users\AppData\Roaming\vlc

2010-08-23 22:10 . 2010-07-02 07:39 -------- d-----w- c:\users\AppData\Roaming\XBMC

2010-08-22 11:17 . 2010-05-11 21:40 -------- d-----w- c:\users\\AppData\Roaming\SOUNDGRAPH

2010-08-21 03:36 . 2010-07-11 14:16 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\Markup.dll

2010-08-21 03:36 . 2010-05-11 20:55 704320 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll

2010-08-20 18:20 . 2010-05-15 10:55 -------- d-----w- c:\users\\AppData\Roaming\BitTorrent

2010-08-20 17:52 . 2010-05-13 15:13 691884 ----a-w- c:\windows\system32\perfh00C.dat

2010-08-20 17:52 . 2010-05-13 15:13 690930 ----a-w- c:\windows\system32\perfh00A.dat

2010-08-20 17:52 . 2010-05-13 15:13 136750 ----a-w- c:\windows\system32\perfc00A.dat

2010-08-20 17:52 . 2010-05-13 15:13 130116 ----a-w- c:\windows\system32\perfc00C.dat

2010-08-20 17:52 . 2009-07-14 08:27 698618 ----a-w- c:\windows\system32\perfh013.dat

2010-08-20 17:52 . 2009-07-14 08:27 133270 ----a-w- c:\windows\system32\perfc013.dat

2010-08-17 23:48 . 2010-05-12 13:53 -------- d-----w- c:\users\AppData\Roaming\dvdcss

2010-08-17 11:00 . 2010-07-06 16:04 -------- d-----w- c:\program files\RAR Password Recovery Magic

2010-08-09 14:25 . 2010-06-25 10:38 -------- d-----w- c:\program files\Star Downloader

2010-08-03 12:01 . 2010-05-11 19:51 -------- d-----w- c:\programdata\avg9

2010-07-28 16:54 . 2010-07-28 16:54 16 ----a-w- c:\users\\AppData\Roaming\mbsvil.dat

2010-07-28 10:18 . 2010-05-30 16:01 -------- d-----w- c:\program files\SlySoft

2010-07-27 16:59 . 2010-07-19 14:02 -------- d-----w- c:\program files\Spyware Doctor

2010-07-20 17:35 . 2010-07-20 17:35 1615200 ----a-w- c:\programdata\avg9\update\backup\avgssie.dll

2010-07-20 17:35 . 2010-07-20 17:35 1107296 ----a-w- c:\programdata\avg9\update\backup\avgxpl.dll

2010-07-20 17:35 . 2010-07-20 17:35 921440 ----a-w- c:\programdata\avg9\update\backup\avgemc.exe

2010-07-20 17:35 . 2010-07-20 17:35 4368224 ----a-w- c:\programdata\avg9\update\backup\avgcorex.dll

2010-07-17 17:17 . 2010-05-12 12:46 -------- d-----w- c:\programdata\DVD Shrink

2010-07-17 12:52 . 2010-07-17 12:52 -------- d-----w- c:\program files\Uninstall Password Protect USB

2010-07-16 13:07 . 2010-07-16 13:07 242896 ----a-w- c:\programdata\avg9\update\backup\avgtdix.sys

2010-07-16 13:07 . 2010-07-16 13:07 216200 ----a-w- c:\programdata\avg9\update\backup\avgldx86.sys

2010-07-16 13:05 . 2010-07-16 13:05 813336 ----a-w- c:\programdata\avg9\update\backup\avginet.dll

2010-07-16 13:05 . 2010-07-16 13:05 624920 ----a-w- c:\programdata\avg9\update\backup\avgiproxy.exe

2010-07-16 13:05 . 2010-07-16 13:05 1690464 ----a-w- c:\programdata\avg9\update\backup\avgupd.dll

2010-07-16 13:05 . 2010-07-16 13:05 1038688 ----a-w- c:\programdata\avg9\update\backup\avgupd.exe

2010-07-12 12:37 . 2010-05-11 20:55 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\Markup.dll

2010-07-12 12:37 . 2010-07-12 12:37 704320 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll

2010-07-07 14:38 . 2010-07-07 14:36 -------- d-----w- c:\program files\Clarus

2010-07-07 14:38 . 2010-05-11 20:08 -------- d--h--w- c:\program files\InstallShield Installation Information

2010-07-02 07:43 . 2010-07-02 07:39 -------- d-----w- c:\program files\XBMC

2010-06-28 16:31 . 2010-06-28 16:28 -------- d-----w- c:\program files\Lexmark X1100 Series

2010-06-27 11:55 . 2010-06-27 11:55 -------- d-----w- c:\program files\Video Thumbnails Maker

2010-06-25 10:05 . 2010-06-25 10:05 57344 ----a-w- c:\programdata\DivX\RunAsUser\RUNASUSERPROCESS.dll

2010-06-25 10:05 . 2010-06-25 10:05 56997 ----a-w- c:\programdata\DivX\WebPlayer\Uninstaller.exe

2010-06-25 10:05 . 2010-06-25 10:05 56765 ----a-w- c:\programdata\DivX\DivXPlusShortcuts\Uninstaller.exe

2010-06-25 10:03 . 2010-06-25 10:05 1062184 ----a-w- c:\programdata\DivX\Setup\Resource.dll

2010-06-25 10:03 . 2010-06-25 10:05 895256 ----a-w- c:\programdata\DivX\Setup\DivXSetup.exe

2010-06-05 17:26 . 2010-06-05 17:26 37632 ----a-w- c:\windows\system32\drivers\a38usb.sys

2010-06-05 17:26 . 2010-06-05 17:26 110592 ----a-w- c:\windows\system32\usbr38.dll

2010-06-02 02:55 . 2010-07-02 07:42 74072 ----a-w- c:\windows\system32\XAPOFX1_5.dll

2010-06-02 02:55 . 2010-07-02 07:42 527192 ----a-w- c:\windows\system32\XAudio2_7.dll

2010-06-02 02:55 . 2010-07-02 07:42 239960 ----a-w- c:\windows\system32\xactengine3_7.dll

2010-05-28 10:27 . 2010-05-28 10:27 56912 ----a-w- c:\windows\system32\drivers\partmgr.sys

2009-06-10 21:26 . 2009-07-14 02:04 9633792 --sha-r- c:\windows\Fonts\StaticCache.dat

2005-08-24 21:10 . 2010-07-17 12:52 174592 --sha-w- c:\windows\System32\ncfpsys.exe

2009-07-14 01:14 . 2009-07-13 23:42 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe

.

((((((((((((((((((((((((((((( SnapShot@2010-08-24_15.42.11 )))))))))))))))))))))))))))))))))))))))))

.

- 2010-05-12 01:05 . 2010-08-24 15:10 32768 c:\windows\ServiceProfiles\LocalService\AppData\Local\Temp\Temporary Internet Files\Content.IE5\index.dat

+ 2010-05-12 01:05 . 2010-08-24 16:00 32768 c:\windows\ServiceProfiles\LocalService\AppData\Local\Temp\Temporary Internet Files\Content.IE5\index.dat

- 2010-05-12 01:05 . 2010-08-24 15:10 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Temp\History\History.IE5\index.dat

+ 2010-05-12 01:05 . 2010-08-24 16:00 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Temp\History\History.IE5\index.dat

+ 2010-05-12 01:05 . 2010-08-24 16:00 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Temp\Cookies\index.dat

- 2010-05-12 01:05 . 2010-08-24 15:10 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Temp\Cookies\index.dat

+ 2010-05-11 19:40 . 2010-08-24 16:00 32768 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

- 2010-05-11 19:40 . 2010-08-24 15:10 32768 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Google Update"="c:\users\Joachim Bellems\AppData\Local\Google\Update\GoogleUpdate.exe" [2010-05-11 136176]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-05-11 39408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"iMON"="c:\program files\SOUNDGRAPH\iMON\iMON.exe" [2010-06-25 2990080]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]

"NBAgent"="c:\program files\Nero\Nero 10\Nero BackItUp\NBAgent.exe" [2010-03-26 1234216]

"lxbkbmgr.exe"="c:\program files\Lexmark X1100 Series\lxbkbmgr.exe" [2008-02-28 74408]

"Password Protect USB 3.6.1"="c:\windows\system32\ncfpsys.exe" [2005-08-24 174592]

"F-Secure Manager"="c:\program files\Telenet Security Pack\Common\FSM32.EXE" [2009-08-05 199264]

"F-Secure TNB"="c:\program files\Telenet Security Pack\FSGUI\TNBUtil.exe" [2009-08-05 2349664]

"SSDMonitor"="c:\program files\Common Files\PC Tools\sMonitor\SSDMonitor.exe" [2010-08-05 104408]

"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-04-29 1090952]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

"EnableLinkedConnections"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"aux"=wdmaud.drv

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\beid]

2010-02-05 11:29 2056192 ----a-w- c:\program files\Belgium Identity Card\beid35gui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]

2010-06-03 00:50 1144104 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel]

2009-06-17 10:13 2363392 ----a-w- c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]

2010-04-16 20:12 3872080 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe

R2 gupdate;Google Updateservice (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-05-11 136176]

R2 MSR Service;Virtual Disk Service Manager;c:\program files\Clarus\Samsung SecretZone\MSSvc.exe [2009-12-30 114688]

R3 ACSSCR;ACR38 Smart Card Reader;c:\windows\system32\DRIVERS\a38usb.sys [2010-06-05 37632]

R3 FSORSPClient;F-Secure ORSP Client;c:\program files\Telenet Security Pack\ORSP Client\fsorsp.exe [2010-08-03 57008]

R3 WatAdminSvc;WatAdminSvc;c:\windows\system32\Wat\WatAdminSvc.exe [2010-05-15 1343400]

R4 F-Secure Filter;F-Secure File System Filter;c:\program files\Telenet Security Pack\Anti-Virus\Win2K\FSfilter.sys [2009-08-05 39776]

R4 F-Secure Recognizer;F-Secure File System Recognizer;c:\program files\Telenet Security Pack\Anti-Virus\Win2K\FSrec.sys [2009-08-05 25184]

S0 fsbts;fsbts;c:\windows\system32\Drivers\fsbts.sys [2010-08-03 41256]

S1 F-Secure HIPS;F-Secure HIPS Driver;c:\program files\Telenet Security Pack\HIPS\drivers\fshs.sys [2009-08-05 68064]

S1 FSES;F-Secure Email Scanning Driver;c:\windows\system32\drivers\fses.sys [2009-08-05 35680]

S1 FSFW;F-Secure Firewall Driver;c:\windows\system32\drivers\fsdfw.sys [2009-08-05 71040]

S1 fsvista;F-Secure Vista Support Driver;c:\program files\Telenet Security Pack\Anti-Virus\minifilter\fsvista.sys [2009-08-05 12384]

S2 lxbk_device;lxbk_device;c:\windows\system32\lxbkcoms.exe [2008-02-19 537256]

S2 NAUpdate;Nero Update;c:\program files\Nero\Update\NASvc.exe [2010-03-25 490280]

S2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files\Common Files\PC Tools\sMonitor\StartManSvc.exe [2010-08-05 583640]

S3 F-Secure Gatekeeper;F-Secure Gatekeeper;c:\program files\Telenet Security Pack\Anti-Virus\minifilter\fsgk.sys [2010-08-03 124072]

S3 KMWDFILTERx86;HIDServiceDesc;c:\windows\system32\DRIVERS\KMWDFILTER.sys [2009-04-29 25088]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-03-01 139776]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]

2009-06-17 10:11 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe

.

Inhoud van de 'Gedeelde Taken' map

2010-08-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-11 20:17]

2010-08-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-11 20:17]

2010-08-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-242032662-382453786-369927515-1000Core.job

- c:\users\AppData\Local\Google\Update\GoogleUpdate.exe [2010-05-11 20:15]

2010-08-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-242032662-382453786-369927515-1000UA.job

- c:\users\AppData\Local\Google\Update\GoogleUpdate.exe [2010-05-11 20:15]

2010-08-24 c:\windows\Tasks\Scheduled scanning task.job

- c:\progra~1\TELENE~1\ANTI-V~1\fsav.exe [2010-08-03 15:56]

.

.

------- Bijkomende Scan -------

.

uStart Page = https://www.telenet.be/mijntelenet/navigation/navigation.do?family=DEFAULT&identifier=DEFAULT

IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html

LSP: c:\program files\Telenet Security Pack\FSPS\program\FSLSP.DLL

Trusted Zone: entriq.net\man

Trusted Zone: kbc.be\www

Trusted Zone: telenet.be\messagent

Trusted Zone: telenet.be\pctv

Trusted Zone: telenet.be\www

.

- - - - ORPHANS VERWIJDERD - - - -

AddRemove-FindyKill - c:\program files\FindyKill\Uninstal.exe

.

--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

--------------------- DLLs Geladen Onder Lopende Processen ---------------------

- - - - - - - > 'winlogon.exe'(584)

c:\program files\telenet security pack\hips\fshook32.dll

- - - - - - - > 'lsass.exe'(500)

c:\program files\telenet security pack\hips\fshook32.dll

.

Voltooingstijd: 2010-08-24 19:05:22

ComboFix-quarantined-files.txt 2010-08-24 17:05

ComboFix2.txt 2010-08-24 16:46

ComboFix3.txt 2010-08-24 15:45

Pre-Run: 10.875.379.712 bytes beschikbaar

Post-Run: 10.821.046.272 bytes beschikbaar

- - End Of File - - 155617E1B47E582C44A947368F96A3A3

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 19:20:50, on 24/08/2010

Platform: Windows 7 (WinNT 6.00.3504)

MSIE: Internet Explorer v8.00 (8.00.7600.16385)

Boot mode: Normal

Running processes:

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Program Files\Nero\Nero 10\Nero BackItUp\NBAgent.exe

C:\Program Files\Lexmark X1100 Series\LXBKbmgr.exe

C:\Windows\System32\ncfpsys.exe

C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe

C:\Program Files\Common Files\PC Tools\sMonitor\SSDMonitor.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

G:\zivet.scr

C:\Program Files\Telenet Security Pack\Common\FSLAUNCH.EXE

C:\Windows\system32\taskhost.exe

C:\Windows\ehome\ehmsas.exe

C:\Windows\system32\DllHost.exe

C:\Program Files\Windows Live\Mail\wlmail.exe

C:\Program Files\Windows Live\Contacts\wlcomm.exe

C:\Windows\system32\NOTEPAD.EXE

C:\Windows\system32\notepad.exe

C:\Windows\system32\notepad.exe

C:\Windows\system32\notepad.exe

C:\Windows\explorer.exe

C:\Windows\system32\NOTEPAD.EXE

C:\Program Files\Opera\Opera.exe

C:\Program Files\Registry Mechanic\Alert.exe

C:\Program Files\Windows Live\Toolbar\wltuser.exe

C:\Users\Documents\HijackThis.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\system32\DllHost.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.telenet.be/mijntelenet/navigation/navigation.do?family=DEFAULT&identifier=DEFAULT

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll

O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll

O2 - BHO: LitmusBHO - {C6867EB7-8350-4856-877F-93CF8AE3DC9C} - C:\Program Files\Telenet Security Pack\NRS\iescript\baselitmus.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll

O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll

O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

O3 - Toolbar: Browsing Protection Toolbar - {265EEE8E-3228-44D3-AEA5-F7FDF5860049} - C:\Program Files\Telenet Security Pack\NRS\iescript\baselitmus.dll

O4 - HKLM\..\Run: [iMON] C:\Program Files\SOUNDGRAPH\iMON\iMON.exe /startup

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [NBAgent] "C:\Program Files\Nero\Nero 10\Nero BackItUp\NBAgent.exe" /WinStart

O4 - HKLM\..\Run: [lxbkbmgr.exe] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"

O4 - HKLM\..\Run: [Password Protect USB 3.6.1] C:\Windows\system32\ncfpsys.exe

O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Telenet Security Pack\Common\FSM32.EXE" /splash

O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Telenet Security Pack\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW

O4 - HKLM\..\Run: [sSDMonitor] C:\Program Files\Common Files\PC Tools\sMonitor\SSDMonitor.exe

O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

O4 - HKCU\..\Run: [Google Update] "C:\Users\AppData\Local\Google\Update\GoogleUpdate.exe" /c

O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html

O9 - Extra button: In weblog opnemen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &In weblog opnemen met Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O15 - Trusted Zone: Media Authorization Network

O15 - Trusted Zone: KBC Bank & Verzekering

O15 - Trusted Zone: http://messagent.telenet.be

O15 - Trusted Zone: http://pctv.telenet.be

O15 - Trusted Zone: Telenet

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - Unknown owner - C:\Program Files\Telenet Security Pack\Anti-Virus\fsgk32st.exe

O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\Telenet Security Pack\FWES\Program\fsdfwd.exe

O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\Telenet Security Pack\Common\FSMA32.EXE

O23 - Service: F-Secure ORSP Client (FSORSPClient) - F-Secure Corporation - C:\Program Files\Telenet Security Pack\ORSP Client\fsorsp.exe

O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

O23 - Service: lxbk_device - - C:\Windows\system32\lxbkcoms.exe

O23 - Service: Virtual Disk Service Manager (MSR Service) - Unknown owner - C:\Program Files\Clarus\Samsung SecretZone\MSSvc.exe

O23 - Service: @C:\Program Files\Nero\Update\NASvc.exe,-200 (NAUpdate) - Nero AG - C:\Program Files\Nero\Update\NASvc.exe

O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe

O23 - Service: PC Tools Startup and Shutdown Monitor service (PCToolsSSDMonitorSvc) - Unknown owner - C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe

O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe

--

End of file - 7416 bytes

aangepast door fusionfreak
Link naar reactie
Delen op andere sites
Gast
Dit topic is nu gesloten voor nieuwe reacties.
 Delen
Ga naar topic overzicht
Logo

OVER ONS

PC Helpforum helpt GRATIS computergebruikers sinds juli 2006. Ons team geeft via het forum professioneel antwoord op uw vragen en probeert uw pc problemen zo snel mogelijk op te lossen. Word lid vandaag, plaats je vraag online en het PC Helpforum-team helpt u graag verder!

SITEMAP

×
×
  • Nieuwe aanmaken...

Belangrijke informatie

We hebben cookies geplaatst op je toestel om deze website voor jou beter te kunnen maken. Je kunt de cookie instellingen aanpassen, anders gaan we er van uit dat het goed is om verder te gaan.