Ga naar inhoud

antimaleware doctor


Aanbevolen berichten

uitgevoerd en hierbij weer een nieuwe log:

ComboFix 10-09-12.04 - Administrator 13-09-2010 22:58:46.2.4 - x86 NETWORK

Microsoft Windows XP Professional 5.1.2600.2.1252.31.1043.18.3320.3018 [GMT 2:00]

Gestart vanuit: c:\documents and settings\Administrator\Bureaublad\ComboFix.exe

gebruikte Opdracht switches :: c:\documents and settings\Administrator\Bureaublad\CFScript.txt

AV: McAfee VirusScan *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}

FILE ::

"c:\windows\Rpufia.exe"

"c:\windows\Rpufib.exe"

"c:\windows\system32\drivers\rbxocw.sys"

"c:\windows\system32\DVCState-{00000001-00000000-00000006-00001102-00000002-80651102}.dat"

"c:\windows\system32\DVCStateBkp-{00000001-00000000-00000006-00001102-00000002-80651102}.dat"

.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\windows\Rpufia.exe

c:\windows\Rpufib.exe

c:\windows\system32\drivers\rbxocw.sys

c:\windows\system32\DVCState-{00000001-00000000-00000006-00001102-00000002-80651102}.dat

c:\windows\system32\DVCStateBkp-{00000001-00000000-00000006-00001102-00000002-80651102}.dat

c:\windows\system32\winlogon.exe . . . is geïnfecteerd!!

c:\windows\explorer.exe . . . is geïnfecteerd!!

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

-------\Legacy_RBXOCW

-------\Service_rbxocw

(((((((((((((((((((( Bestanden Gemaakt van 2010-08-13 to 2010-09-13 ))))))))))))))))))))))))))))))

.

2010-09-13 18:58 . 2010-09-13 18:58 -------- d-s---w- c:\documents and settings\Administrator\UserData

2010-09-13 16:36 . 2010-09-13 16:36 -------- d-----r- c:\documents and settings\NetworkService\Favorieten

2010-09-12 09:28 . 2010-09-12 09:28 664 ----a-w- c:\windows\system32\d3d9caps.dat

2010-09-12 08:15 . 2010-09-12 08:16 -------- d-----w- c:\documents and settings\Administrator\Application Data\ChessBase

2010-09-12 08:15 . 2010-09-12 08:15 55024 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

2010-09-12 08:15 . 2010-09-12 08:16 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\ChessBase

2010-09-12 07:14 . 2010-09-12 07:14 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes

2010-09-12 07:13 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-09-12 07:13 . 2010-09-12 07:14 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-09-12 07:13 . 2010-09-12 07:13 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2010-09-12 07:13 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-09-11 12:02 . 2009-07-18 21:55 -------- d--h--w- c:\documents and settings\Administrator\Netwerkprinteromgeving

2010-09-11 12:02 . 2009-07-18 21:55 -------- d-----r- c:\documents and settings\Administrator\Menu Start

2010-09-11 12:02 . 2009-07-18 20:00 -------- d--h--w- c:\documents and settings\Administrator\Sjablonen

2010-09-11 12:02 . 2010-09-13 18:58 -------- d-----w- c:\documents and settings\Administrator

2010-09-11 11:59 . 2010-09-11 11:59 388096 ----a-r- c:\documents and settings\astrid\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2010-09-11 11:59 . 2010-09-11 11:59 -------- d-----w- c:\documents and settings\astrid\Trend Micro

2010-09-11 11:52 . 2010-09-11 11:52 -------- d-s---w- c:\documents and settings\NetworkService\UserData

2010-09-11 10:46 . 2010-09-11 10:46 -------- d-----w- c:\documents and settings\LocalService\Application Data\HPAppData

2010-09-11 10:46 . 2010-09-11 10:46 -------- d-----r- c:\documents and settings\LocalService\Favorieten

2010-09-09 20:31 . 2010-09-10 12:24 -------- d-----w- c:\program files\DAEMON Tools Lite

2010-08-22 07:40 . 2010-08-22 07:40 -------- d-----w- c:\program files\AppieSoft

2010-08-17 21:14 . 2010-08-17 21:14 -------- d-----w- c:\windows\Performance

2010-08-17 21:13 . 2010-08-17 21:14 -------- d-----w- c:\program files\Microsoft Windows 7 Upgrade Advisor

2010-08-17 18:45 . 2008-01-22 16:50 126528 ----a-w- C:\oscdimg.exe

2010-08-17 18:32 . 2008-01-22 16:50 126528 ----a-w- c:\program files\oscdimg.exe

2010-08-16 19:18 . 2010-08-16 19:18 -------- d-----w- c:\windows\XSxS

2010-08-16 19:18 . 2010-08-16 19:18 -------- d-----w- c:\program files\Xenocode

2010-08-16 18:26 . 2010-08-16 18:26 -------- d-----w- C:\BM2005

2010-08-16 18:17 . 2008-01-21 15:43 39472 ----a-w- c:\windows\system32\drivers\hotcore3.sys

2010-08-16 18:17 . 2008-01-21 15:43 4244744 ----a-w- c:\windows\system32\qtp-mt334.dll

2010-08-16 18:17 . 2008-01-21 15:43 13576 ----a-w- c:\windows\system32\wnaspi32.dll

2010-08-16 18:17 . 2008-01-21 15:43 247560 ----a-w- c:\windows\system32\prgiso.dll

2010-08-16 18:16 . 2010-08-16 18:16 -------- d-----w- c:\program files\Paragon Software

2010-08-16 17:32 . 2010-08-16 17:32 -------- d-----r- c:\windows\AsDmiHtm

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-09-13 20:58 . 2010-09-11 12:03 -------- d-----w- c:\documents and settings\Administrator\Application Data\HPAppData

2010-09-13 20:38 . 2001-09-07 12:00 87232 ----a-w- c:\windows\system32\perfc013.dat

2010-09-13 20:38 . 2001-09-07 12:00 501596 ----a-w- c:\windows\system32\perfh013.dat

2010-09-13 20:34 . 2009-10-15 20:57 -------- d-----w- c:\program files\QuickTime

2010-09-13 18:55 . 2010-09-13 16:34 112 ----a-w- c:\documents and settings\All Users\Application Data\Vt36FoK88.dat

2010-09-13 16:27 . 2009-08-02 13:37 -------- d-----w- c:\documents and settings\LocalService\Application Data\VMware

2010-09-13 16:27 . 2009-08-02 13:11 -------- d-----w- c:\documents and settings\All Users\Application Data\VMware

2010-09-11 12:18 . 2010-03-04 06:41 -------- d-----w- c:\documents and settings\astrid\Application Data\HPAppData

2010-09-09 20:32 . 2009-07-22 04:44 691696 ----a-w- c:\windows\system32\drivers\sptd.sys

2010-09-09 20:31 . 2009-07-22 04:49 -------- d-----w- c:\documents and settings\All Users\Application Data\DAEMON Tools Lite

2010-08-16 18:16 . 2009-07-18 21:35 -------- d--h--w- c:\program files\InstallShield Installation Information

2010-07-26 05:59 . 2009-11-24 07:25 42076 ----a-w- c:\documents and settings\astrid\Application Data\mdbu.bin

2010-07-24 18:26 . 2010-07-18 07:01 -------- d-----w- c:\program files\McAfee

2010-07-22 05:13 . 2009-08-05 14:58 55024 ----a-w- c:\documents and settings\astrid\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

2010-07-18 10:02 . 2010-07-18 06:56 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee

2010-07-18 07:01 . 2010-07-18 07:01 -------- d-----w- c:\program files\Common Files\McAfee

2010-07-18 07:01 . 2010-07-18 07:01 -------- d-----w- c:\program files\McAfee.com

2010-07-16 17:32 . 2010-07-16 17:32 -------- d-----w- c:\program files\Webteh

2010-07-15 13:18 . 2010-07-18 07:01 120136 ----a-w- c:\windows\system32\drivers\Mpfp.sys

2008-08-16 15:42 . 2008-08-16 15:42 13112 ----a-w- c:\program files\mozilla firefox\plugins\cgpcfg.dll

2008-08-16 15:42 . 2008-08-16 15:42 70456 ----a-w- c:\program files\mozilla firefox\plugins\CgpCore.dll

2008-08-16 15:42 . 2008-08-16 15:42 91448 ----a-w- c:\program files\mozilla firefox\plugins\confmgr.dll

2008-08-16 15:42 . 2008-08-16 15:42 20800 ----a-w- c:\program files\mozilla firefox\plugins\ctxlogging.dll

2008-08-16 15:43 . 2008-08-16 15:43 206136 ----a-w- c:\program files\mozilla firefox\plugins\ctxmui.dll

2008-08-16 15:42 . 2008-08-16 15:42 31032 ----a-w- c:\program files\mozilla firefox\plugins\icafile.dll

2008-08-16 15:42 . 2008-08-16 15:42 40248 ----a-w- c:\program files\mozilla firefox\plugins\icalogon.dll

2008-05-21 06:41 . 2008-05-21 06:41 479232 ----a-w- c:\program files\mozilla firefox\plugins\msvcm80.dll

2008-05-21 06:41 . 2008-05-21 06:41 548864 ----a-w- c:\program files\mozilla firefox\plugins\msvcp80.dll

2008-05-21 06:41 . 2008-05-21 06:41 626688 ----a-w- c:\program files\mozilla firefox\plugins\msvcr80.dll

2008-06-05 11:58 . 2008-06-05 11:58 648504 ----a-w- c:\program files\mozilla firefox\plugins\sslsdk_b.dll

2008-08-16 15:42 . 2008-08-16 15:42 23864 ----a-w- c:\program files\mozilla firefox\plugins\TcpPServ.dll

.

------- Sigcheck -------

[-] 2008-04-14 . 1247D4D5444E28519BBE31BE8AB4C029 . 510464 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\260e3108a35423121f4aaa9d90f9f113\winlogon.exe

[-] 2004-08-03 . 993BAA1CC42035D8915D762C504B8022 . 504832 . . [5.1.2600.2180] . . c:\windows\system32\winlogon.exe

[-] 2008-04-14 . AA04F042A820BF1868E643575887E1A6 . 1037312 . . [6.00.2900.5512] . . c:\windows\SoftwareDistribution\Download\260e3108a35423121f4aaa9d90f9f113\explorer.exe

[-] 2004-08-03 . F322E4E400DEB976ED1263B6C155FA56 . 1035776 . . [6.00.2900.2180] . . c:\windows\explorer.exe

.

((((((((((((((((((((((((((((( SnapShot@2010-09-13_20.34.06 )))))))))))))))))))))))))))))))))))))))))

.

- 2001-09-07 12:00 . 2010-09-13 18:58 68522 c:\windows\system32\perfc009.dat

+ 2001-09-07 12:00 . 2010-09-13 20:38 68522 c:\windows\system32\perfc009.dat

+ 2009-08-30 21:04 . 2002-07-02 15:56 24576 c:\windows\system32\CTHELPER.exe

+ 2001-09-07 12:00 . 2010-09-13 20:38 435040 c:\windows\system32\perfh009.dat

- 2001-09-07 12:00 . 2010-09-13 18:58 435040 c:\windows\system32\perfh009.dat

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RTHDCPL"="RTHDCPL.EXE" [2008-07-03 16876032]

"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-20 148888]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-06-10 13758464]

"nwiz"="nwiz.exe" [2009-06-10 1657376]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-06-10 86016]

"WINDVDPatch"="CTHELPER.EXE" [2002-07-02 24576]

"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-10 90112]

"Jet Detection"="c:\program files\Creative\SBLive\PROGRAM\ADGJDet.exe" [2001-11-28 28672]

"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-04-28 61440]

"Logitech G35"="c:\program files\Logitech\G35\G35.exe" [2009-06-30 1811728]

"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]

"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2010-06-10 1218008]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-09-04 417792]

"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-04-29 1090952]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-03 15360]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]

@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

@=""

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^HP Digital Imaging Monitor.lnk]

path=c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\HP Digital Imaging Monitor.lnk

backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

2009-02-27 15:10 35696 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]

2007-05-08 15:24 54840 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

2009-09-21 14:36 305440 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]

2009-07-26 15:44 3883856 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

2009-09-04 23:54 417792 ----a-w- c:\program files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]

"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\WINDOWS\\system32\\dpvsetup.exe"=

"h:\\WOW\\World of Warcraft\\BackgroundDownloader.exe"=

"e:\\pincacle studio 12\\Programs\\RM.exe"=

"e:\\pincacle studio 12\\Programs\\Studio.exe"=

"e:\\pincacle studio 12\\Programs\\umi.exe"=

"h:\\WOW\\World of Warcraft\\WoW-3.1.3.9947-to-3.2.0.10192-enGB-downloader.exe"=

"h:\\WOW\\World of Warcraft\\WoW-3.2.0.10192-to-3.2.0.10314-enGB-downloader.exe"=

"h:\\WOW\\World of Warcraft\\Launcher.exe"=

"c:\\Program Files\\Messenger\\msmsgs.exe"=

"h:\\WOW\\World of Warcraft\\WoW-3.2.0.10314-to-3.2.2.10482-enGB-downloader.exe"=

"h:\\WOW\\World of Warcraft\\WoW-3.2.2.10482-to-3.2.2.10505-enGB-downloader.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=

"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfcCopy.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=

"c:\\Program Files\\Common Files\\HP\\Digital Imaging\\Bin\\hpqPhotoCrm.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgplgtupl.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgpc01.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgm.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgh.exe"=

"c:\\Program Files\\HP\\HP Software Update\\HPWUCli.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\smart web printing\\SmartWebPrintExe.exe"=

"c:\\Program Files\\KCeasy\\giFT\\giFTl.exe"=

"c:\\Program Files\\KCeasy\\KCeasy.exe"=

"c:\\Program Files\\uTorrent\\uTorrent.exe"=

"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724

"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

"9100:TCP"= 9100:TCP:printer

R0 ahcix86;ahcix86;c:\windows\system32\drivers\ahcix86.sys [1-1-1980 2:00 184848]

R0 hotcore3;hotcore3;c:\windows\system32\drivers\hotcore3.sys [16-8-2010 20:17 39472]

S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [22-7-2009 6:44 691696]

S3 LADF_DHP2;G35 DHP2 Filter Driver;c:\windows\system32\drivers\ladfDHP2i386.sys [14-4-2010 16:20 53520]

S3 LADF_SBVM;G35 SBVM Filter Driver;c:\windows\system32\drivers\ladfSBVMi386.sys [14-4-2010 16:20 334992]

S3 SetupNTGLM7X;SetupNTGLM7X;\??\d:\ntglm7x.sys --> d:\NTGLM7X.sys [?]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPService REG_MULTI_SZ HPSLPSVC

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

.

Inhoud van de 'Gedeelde Taken' map

2010-07-18 c:\windows\Tasks\McDefragTask.job

- c:\progra~1\mcafee\mqc\QcConsol.exe [2010-07-18 10:22]

2010-07-31 c:\windows\Tasks\McQcTask.job

- c:\progra~1\mcafee\mqc\QcConsol.exe [2010-07-18 10:22]

.

.

------- Bijkomende Scan -------

.

uInternet Connection Wizard,ShellNext = hxxp://hjt-data.trendmicro.com/hjt/analyzethis/index.php?report=13802917

FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ibyvihb6.default\

FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpClipBook.dll

FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpClipBookDB.dll

FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpNeoLogger.dll

FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSaturn.dll

FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSeymour.dll

FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSmartSelect.dll

FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSmartWebPrinting.dll

FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSWPOperation.dll

FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXPLogging.dll

FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXPMTC.dll

FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXPMTL.dll

FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXREStub.dll

FF - plugin: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\plugins\nphpclipbook.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\npicaN.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);

.

- - - - ORPHANS VERWIJDERD - - - -

HKLM-Run-vmware-tray - e:\vmware 6.2 workstation\vmware-tray.exe

HKLM-Run-VMware hqtray - e:\vmware 6.2 workstation\hqtray.exe

MSConfigStartUp-DAEMON Tools Lite - c:\program files\DAEMON Tools Lite\daemon.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover

Rootkit scan 2010-09-13 23:02

Windows 5.1.2600 Service Pack 2 NTFS

scannen van verborgen processen ...

scannen van verborgen autostart items ...

scannen van verborgen bestanden ...

Scan succesvol afgerond

verborgen bestanden: 0

**************************************************************************

.

--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\ð•€|ÿÿÿÿ.•€|þ»Ñw*]

"3140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"

.

--------------------- DLLs Geladen Onder Lopende Processen ---------------------

- - - - - - - > 'winlogon.exe'(844)

c:\windows\system32\Ati2evxx.dll

.

------------------------ Andere Aktieve Processen ------------------------

.

c:\progra~1\McAfee\MSC\mcmscsvc.exe

c:\progra~1\mcafee.com\agent\mcagent.exe

.

**************************************************************************

.

Voltooingstijd: 2010-09-13 23:03:08 - machine werd herstart

ComboFix-quarantined-files.txt 2010-09-13 21:03

ComboFix2.txt 2010-09-13 20:35

Pre-Run: 22.735.040.512 bytes beschikbaar

Post-Run: 22.718.021.632 bytes beschikbaar

- - End Of File - - 9F8568415D80302226A0C7A1B757E2FF

Link naar reactie
Delen op andere sites

  • Reacties 23
  • Aangemaakt
  • Laatste reactie

Beste reacties in dit topic

Kijk eens op twee plaatsen of er nog sporen te vinden zijn :

1. bij de opstarters : via de opdracht msconfig en daar op het tabblad "opstarten" ?

2. in het register : via de opdracht regedit en daar via "zoeken" met de zoektermen 70700 en antimalware en doctor een search doen ?

... en laat de resultaten van beide handelingen even weten ?

Link naar reactie
Delen op andere sites

Beste Kape,

Ik heb de acties uitgevoerd die je beschreef.

bij msconfig tab opstarten staat niets meer wat verwijst naar antimalware doctor

bij het zoeken in het register op antimalware of doctor komt er ook niets terug

alleen bij het zoeken naar 70700 krijg ik onderstaande hits:

HKEY_CURRENT_USER\Software\Microsoft\MediaPlayer\Battery\Presets\dandelionaid\PostShiftInfo\0\dbl5 met waarde 0.7027070033364

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Applets\Regedit\lastkey met waarde Deze computer\HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Session Manager\AppPatches\SETUP\ff060102564ee6000407b0670700

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Session Manager\AppPatches\SETUP\ff060102564ee6000407b0670700

de problemen zijn echter als ik onder mijn normale account inlog nog steeds aanwezig (dit account heeft ook administrator rechten) moet ik de zelfde acties van HJT en MBAM nog een keer onder dat account uitvoeren of wordt alles schoongepoetst onder welk account je het dan ook uitvoert?

alvast super bedankt voor de hulp!

mvg,

sun

Link naar reactie
Delen op andere sites

ik heb eerst MBAM gedraaid onder het probleem account hieronder de log:

Malwarebytes' Anti-Malware 1.46

Malwarebytes

Database version: 4599

Windows 5.1.2600 Service Pack 2 (Safe Mode)

Internet Explorer 6.0.2900.2180

14-9-2010 16:42:37

mbam-log-2010-09-14 (16-42-37).txt

Scan type: Quick scan

Objects scanned: 149917

Time elapsed: 2 minute(s), 32 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 7

Registry Values Infected: 6

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 17

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

HKEY_CURRENT_USER\Software\Antimalware Doctor Inc (Rogue.AntimalwareDoctor) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Handle (Malware.Trace) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Antimalware Doctor (Rogue.AntimalwareDoctor) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\OTGV1DNWQQ (Trojan.FakeAlert) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\wnxmal (Rogue.SecuritySuite) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\YXE7DXCQ37 (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Registry Values Infected:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mediafix70700en02.exe (Rogue.Installer) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\hglvtvhw (Rogue.SecuritySuite) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\62845110 (Rogue.SecurityTool) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\12601581 (Rogue.SecurityTool) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\com+ manager (Trojan.Agent) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\yxe7dxcq37 (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

C:\Documents and Settings\admdennis\Application Data\A66260502908F60D3D72125B10F83401\mediafix70700en02.exe (Rogue.Installer) -> Quarantined and deleted successfully.

C:\Documents and Settings\admdennis\Local Settings\Application Data\bgurggpkl\lalqtqcuqiw.exe (Rogue.SecuritySuite) -> Quarantined and deleted successfully.

C:\Documents and Settings\admdennis\Local Settings\Application Data\62845110.exe (Rogue.SecurityTool) -> Quarantined and deleted successfully.

C:\Documents and Settings\admdennis\Local Settings\Application Data\12601581.exe (Rogue.SecurityTool) -> Quarantined and deleted successfully.

C:\Documents and Settings\admdennis\Application Data\ohydy.exe (Heuristics.Shuriken) -> Quarantined and deleted successfully.

C:\Documents and Settings\admdennis\Local Settings\Temp\1CF.tmp (Rootkit.Dropper) -> Quarantined and deleted successfully.

C:\Documents and Settings\admdennis\Local Settings\Temp\1D1.tmp (Rootkit.Dropper) -> Quarantined and deleted successfully.

C:\Documents and Settings\admdennis\Local Settings\Temp\1D3.tmp (Rootkit.Dropper) -> Quarantined and deleted successfully.

C:\Documents and Settings\admdennis\Local Settings\Temp\mkcxhunr.exe (Rogue.SecuritySuite) -> Quarantined and deleted successfully.

C:\Documents and Settings\admdennis\Local Settings\Temp\sshnas21.dll (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\Documents and Settings\admdennis\Local Settings\Temp\tpcuqc.exe (Heuristics.Shuriken) -> Quarantined and deleted successfully.

C:\Documents and Settings\admdennis\Local Settings\Temp\waecnsorxm.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\Documents and Settings\admdennis\Bureaublad\Antimalware Doctor.lnk (Rogue.AntimalwareDoctor) -> Quarantined and deleted successfully.

C:\Documents and Settings\admdennis\Application Data\Microsoft\Internet Explorer\Quick Launch\Antimalware Doctor.lnk (Rogue.AntimalwareDoctor) -> Quarantined and deleted successfully.

C:\Documents and Settings\admdennis\Menu Start\Antimalware Doctor.lnk (Rogue.AntimalwareDoctor) -> Quarantined and deleted successfully.

C:\Documents and Settings\admdennis\Menu Start\Programma's\Opstarten\Antimalware Doctor.lnk (Rogue.AntiMalwareDoctor) -> Quarantined and deleted successfully.

C:\Documents and Settings\admdennis\Local Settings\Temp\Rw2.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

en tevens een HJT onder dit account gedraaid:

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 16:50:03, on 14-9-2010

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Safe mode with network support

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe

C:\WINDOWS\Explorer.EXE

c:\PROGRA~1\mcafee.com\agent\mcagent.exe

C:\WINDOWS\Explorer.EXE

C:\Documents and Settings\astrid\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:6092

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen

O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll

O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE

O4 - HKLM\..\Run: [updReg] C:\WINDOWS\UpdReg.EXE

O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"

O4 - HKLM\..\Run: [startCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

O4 - HKLM\..\Run: [Logitech G35] C:\Program Files\Logitech\G35\G35.exe

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Toon of verberg HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll

O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll

O23 - Service: Mobiel Apple apparaat (Apple Mobile Device) - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe

O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe

O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe

O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe

O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\McShield.exe

O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: VMware Agent Service (ufad-ws60) - VMware, Inc. - E:\vmware 6.2 workstation\vmware-ufad.exe

O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - E:\vmware 6.2 workstation\vmware-authd.exe

O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\WINDOWS\system32\vmnetdhcp.exe

O23 - Service: VMware Virtual Mount Manager Extended (vmount2) - VMware, Inc. - C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe

O23 - Service: VMware NAT Service - VMware, Inc. - C:\WINDOWS\system32\vmnat.exe

--

End of file - 6603 bytes

lijkt er dus op dat de problemen onder meerdere user accounts voorkomt.

mvg,

sun

Link naar reactie
Delen op andere sites

Malwarebytes heeft ook hier behoorlijk wat gecleand.

Start Hijackthis op. Selecteer “Scan”. Selecteer alleen de items die hieronder zijn genoemd:

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:6092

Klik op 'Fix checked' om de items te verwijderen. Hang dan een nieuw logje van HijackThis en Malwarebytes in je volgende bericht.

Link naar reactie
Delen op andere sites

ik heb een rescan gedaan echter was de sleutel die u opgaf niet meer te vinden :o

hierbij een nieuw HJT en MBAM logje

Malwarebytes' Anti-Malware 1.46

Malwarebytes

Database version: 4599

Windows 5.1.2600 Service Pack 2 (Safe Mode)

Internet Explorer 6.0.2900.2180

14-9-2010 16:48:59

mbam-log-2010-09-14 (16-48-59).txt

Scan type: Quick scan

Objects scanned: 149770

Time elapsed: 2 minute(s), 30 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 17:52:35, on 14-9-2010

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Safe mode with network support

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\Explorer.EXE

c:\PROGRA~1\mcafee.com\agent\mcagent.exe

C:\Documents and Settings\astrid\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

R3 - Default URLSearchHook is missing

O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll

O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE

O4 - HKLM\..\Run: [updReg] C:\WINDOWS\UpdReg.EXE

O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"

O4 - HKLM\..\Run: [startCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

O4 - HKLM\..\Run: [Logitech G35] C:\Program Files\Logitech\G35\G35.exe

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Toon of verberg HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll

O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll

O23 - Service: Mobiel Apple apparaat (Apple Mobile Device) - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe

O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe

O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe

O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe

O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\McShield.exe

O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: VMware Agent Service (ufad-ws60) - VMware, Inc. - E:\vmware 6.2 workstation\vmware-ufad.exe

O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - E:\vmware 6.2 workstation\vmware-authd.exe

O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\WINDOWS\system32\vmnetdhcp.exe

O23 - Service: VMware Virtual Mount Manager Extended (vmount2) - VMware, Inc. - C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe

O23 - Service: VMware NAT Service - VMware, Inc. - C:\WINDOWS\system32\vmnat.exe

--

End of file - 6361 bytes

mvg,

sun

Link naar reactie
Delen op andere sites

Gast
Dit topic is nu gesloten voor nieuwe reacties.

×
×
  • Nieuwe aanmaken...

Belangrijke informatie

We hebben cookies geplaatst op je toestel om deze website voor jou beter te kunnen maken. Je kunt de cookie instellingen aanpassen, anders gaan we er van uit dat het goed is om verder te gaan.