virus/trojan/iets anders?

[Gast capronicus]

Bij deze de recentere versie van hijackthis

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 13:21:02, on 14/12/2010

Platform: Windows 7 SP2 (WinNT 6.00.3504)

MSIE: Internet Explorer v8.00 (8.00.7600.16671)

Boot mode: Normal

Running processes:

E:\Installed programs\RocketDock\RocketDock.exe

E:\Installed programs\alarm clock\Aquarius Soft\PC Alarm Clock Pro\alarm.exe

E:\installed programs\Xfire\Xfire.exe

C:\Windows\SysWOW64\Ctxfihlp.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

E:\Installed programs\iTunes\iTunesHelper.exe

C:\Windows\SysWOW64\CTXFISPI.EXE

C:\Users\Seppe\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Seppe\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Seppe\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Seppe\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Seppe\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Seppe\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Seppe\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Seppe\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Seppe\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Seppe\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Seppe\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Seppe\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Seppe\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Seppe\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Seppe\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Seppe\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Seppe\AppData\Local\Google\Chrome\Application\chrome.exe

E:\Installed games\Medieval Total War 2\Launcher.exe

C:\Users\Seppe\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Seppe\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Seppe\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Hijackthis\Trend Micro\HiJackThis\HiJackThis.exe

C:\Windows\SysWOW64\DllHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll

O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll

O2 - BHO: Bing Bar BHO - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - E:\installed programs\java\bin\jp2ssv.dll

O3 - Toolbar: @C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll,-100 - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll

O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE

O4 - HKLM\..\Run: [QuickTime Task] "E:\Installed programs\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "E:\Installed programs\adobe reader\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [iTunesHelper] "E:\installed programs\iTunes\iTunesHelper.exe"

O4 - HKCU\..\Run: [RocketDock] "E:\Installed programs\RocketDock\RocketDock.exe"

O4 - HKCU\..\Run: [steam] "e:\installed programs\steam\steam.exe" -silent

O4 - HKCU\..\Run: [Google Update] "C:\Users\Seppe\AppData\Local\Google\Update\GoogleUpdate.exe" /c

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')

O4 - Startup: Aquarius Soft PC Alarm Clock Pro.lnk = E:\Installed programs\alarm clock\Aquarius Soft\PC Alarm Clock Pro\alarm.exe

O4 - Startup: Xfire.lnk = E:\installed programs\Xfire\Xfire.exe

O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MIF5BA~1\Office12\EXCEL.EXE/3000

O9 - Extra button: @C:\Program Files (x86)\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll

O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MIF5BA~1\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MIF5BA~1\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MIF5BA~1\Office12\REFIEBAR.DLL

O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll

O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll

O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)

O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)

O23 - Service: AODService - Unknown owner - E:\Installed programs\AMD overdrive\AODAssist.exe

O23 - Service: Mobiel Apple apparaat (Apple Mobile Device) - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe

O23 - Service: Creative Audio Engine Licensing Service - Creative Labs - C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe

O23 - Service: Creative Audio Service (CTAudSvcService) - Creative Technology Ltd - C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe

O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)

O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: FLEXnet Licensing Service 64 - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe

O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)

O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)

O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies, Inc. - C:\Program Files (x86)\WinPcap\rpcapd.exe

O23 - Service: Remote Procedure Call (RPC) Locator (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)

O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: ServiceLayer - Nokia - C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe

O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)

O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)

O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)

O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe

O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)

O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)

O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)

O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)

O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

--

End of file - 12082 bytes

14 december 2010 aangepast door capronicus

[kweezie wabbit]

Je gebruikt een oudere versie van Hijackthis.

Download de nieuwste versie van HijackThis en maak een nieuw logje.

[Gast capronicus]

bump.

[kape]

bump.

Bumpen is hier een beetje overdreven ... probleem is dat je het oude log vervangen hebt door een nieuw log ... en dat wordt niet opgemerkt als een "nieuw" bericht. Vandaar dat onze medewerkers niet weten dat er al gereageerd is in dit topic. Als je het nieuwe log in een nieuw bericht had gezet, was dit wél het geval geweest.

Maar goed ... het huidig log is probleemloos. Hoe (of met welk programma) heb je vastgesteld dat er een Trojaantje of ander ongedierte op je PC zou zitten ?

[Gast capronicus]

malwarebyte had een stuk of 24 infecties gedetecteerd en verwijdert, aangezien de problemen daar niet direct mee verhoplen waren vermoede ik dat er mss nog iets was achtergebleven, blijkbaar niet in eerste instantie.

de reden dat ik bumpte was omdatk realiseerde dat het editten van een post niet als nieuw bericht werd gedetecteerd

[kape]

OK, dan kijken we nog even dieper ...

Download ComboFix van één van deze locaties:

Link 1

Link 2

* BELANGRIJK !!! Sla ComboFix.exe op je Bureaublad op

1. Schakel alle antivirus- en antispywareprogramma's uit, want anders kunnen ze misschien conflicteren met ComboFix. Hier is een handleiding over hoe je ze kan uitschakelen:

Klik hier

2. Het kan voorkomen dat de computer meerdere malen opnieuw gestart moet worden, dit is normaal.

3. Dubbelklik op "Combofix.exe" om de tool te starten.

4. Klik niet in het scherm van Combofix als deze actief is, hierdoor kan de 'tool' vastlopen.

Noot !!! Als er een error wordt getoond met de melding "Illegal operation attempted on a registery key that has been marked for deletion", herstart dan de computer.

5. Wanneer ComboFix klaar is, zal het het een logbestand voor je maken. Post de inhoud van dit logbestand (te vinden als C:\ComboFix.txt) in je volgende bericht.

[Gast capronicus]

ComboFix 10-12-15.07 - Seppe 16/12/2010 18:34:52.2.4 - x64

Microsoft Windows 7 Professional 6.1.7600.2.1252.32.1033.18.6142.4508 [GMT 1:00]

Gestart vanuit: c:\users\Seppe\Desktop\ComboFix.exe

AV: Microsoft Security Essentials *Disabled/Updated* {BF5CEBDC-F2D3-7540-343C-F0CE11FD6E66}

SP: Microsoft Security Essentials *Disabled/Updated* {043D0A38-D4E9-7ACE-0E8C-CBBC6A7A24DB}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

(((((((((((((((((((( Bestanden Gemaakt van 2010-11-16 to 2010-12-16 ))))))))))))))))))))))))))))))

.

2010-12-16 17:38 . 2010-12-16 17:38 -------- d-----w- c:\users\Seppe\AppData\Local\temp

2010-12-16 17:38 . 2010-12-16 17:38 -------- d-----w- c:\users\Default\AppData\Local\temp

2010-12-15 13:02 . 2010-10-16 05:23 112000 ----a-w- c:\windows\system32\consent.exe

2010-12-15 11:23 . 2010-11-10 05:35 8199504 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{28B3B20A-92FC-4317-8FA4-7FDDC5F1412D}\mpengine.dll

2010-12-14 12:20 . 2010-12-14 12:20 388096 ----a-r- c:\users\Seppe\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2010-12-13 15:32 . 2010-12-13 15:32 -------- d-----w- c:\users\Seppe\AppData\Local\Oblivion

2010-12-13 15:25 . 2005-04-03 21:59 5632 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\DotNetInstaller.exe

2010-12-13 12:21 . 2010-12-13 12:21 -------- d-----w- c:\users\Seppe\AppData\Local\Focus Home Interactive

2010-12-02 03:35 . 2010-12-02 03:35 4280320 ----a-w- c:\windows\SysWow64\GPhotos.scr

2010-12-01 03:09 . 2010-12-01 03:09 -------- d-----w- c:\users\Seppe\AppData\Roaming\Aquarius Soft

2010-12-01 03:09 . 2010-12-01 03:09 -------- d-----w- c:\programdata\Aquarius Soft

2010-11-29 17:43 . 2010-11-29 17:43 -------- d-----w- c:\users\Seppe\AppData\Local\Octodad

2010-11-24 11:55 . 2010-10-19 08:10 7680 ----a-w- c:\program files (x86)\Internet Explorer\iecompat.dll

2010-11-24 11:55 . 2010-10-19 08:47 7680 ----a-w- c:\program files\Internet Explorer\iecompat.dll

2010-11-18 17:42 . 2010-11-18 17:42 -------- d-----w- c:\users\Seppe\AppData\Local\Activision

2010-11-18 12:46 . 2007-06-25 21:21 1064448 ----a-w- c:\windows\system32\nvcplUIR.dll

2010-11-18 12:46 . 2007-06-25 21:21 381952 ----a-w- c:\windows\system32\nvexpBar.dll

2010-11-18 12:46 . 2010-11-18 12:44 372736 ----a-w- c:\windows\system32\NVUNINST.EXE

2010-11-18 12:46 . 2007-07-03 15:41 978944 ----a-w- c:\windows\system32\msvcp71.dll

2010-11-18 12:46 . 2007-07-03 15:41 1524736 ----a-w- c:\windows\system32\MFC71.dll

2010-11-18 12:46 . 2007-06-25 21:21 403456 ----a-w- c:\windows\system32\nvcpl.cpl

2010-11-18 12:46 . 2007-06-25 21:21 2065920 ----a-w- c:\windows\system32\nvcplUI.exe

2010-11-18 12:46 . 2010-11-18 12:46 -------- d-----w- c:\users\Seppe\AppData\Local\NVIDIA Corporation

2010-11-18 12:44 . 2010-11-18 12:44 -------- d-----w- c:\program files (x86)\NVIDIA nTune Performance Application

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-11-29 16:42 . 2009-10-01 11:19 38224 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys

2010-11-29 16:42 . 2009-10-01 11:19 24152 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-11-12 20:26 . 2010-11-12 20:26 314016 ----a-w- c:\windows\system32\drivers\atksgt.sys

2010-11-12 20:26 . 2010-11-12 20:26 43680 ----a-w- c:\windows\system32\drivers\lirsgt.sys

2010-11-10 05:35 . 2010-10-10 19:24 8199504 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2010-10-27 11:43 . 2007-12-31 22:16 466520 ----a-w- c:\windows\system32\wrap_oal.dll

2010-10-27 11:43 . 2007-12-31 22:16 445016 ----a-w- c:\windows\SysWow64\wrap_oal.dll

2010-10-19 20:51 . 2009-10-08 07:06 270720 ------w- c:\windows\system32\MpSigStub.exe

2010-10-16 18:55 . 2010-11-08 17:57 67176 ----a-w- c:\windows\system32\OpenCL.dll

2010-10-16 18:55 . 2010-11-08 17:57 6471784 ----a-w- c:\windows\system32\nvcuda.dll

2010-10-16 18:55 . 2010-11-08 17:57 57960 ----a-w- c:\windows\SysWow64\OpenCL.dll

2010-10-16 18:55 . 2010-11-08 17:57 5473896 ----a-w- c:\windows\SysWow64\nvwgf2um.dll

2010-10-16 18:55 . 2010-11-08 17:57 4837480 ----a-w- c:\windows\SysWow64\nvcuda.dll

2010-10-16 18:55 . 2010-11-08 17:57 386152 ----a-w- c:\windows\system32\nvdecodemft.dll

2010-10-16 18:55 . 2010-11-08 17:57 319080 ----a-w- c:\windows\SysWow64\nvdecodemft.dll

2010-10-16 18:55 . 2010-11-08 17:57 3112552 ----a-w- c:\windows\system32\nvcuvid.dll

2010-10-16 18:55 . 2010-11-08 17:57 2934888 ----a-w- c:\windows\system32\nvcuvenc.dll

2010-10-16 18:55 . 2010-11-08 17:57 2912360 ----a-w- c:\windows\SysWow64\nvcuvid.dll

2010-10-16 18:55 . 2010-11-08 17:57 2666600 ----a-w- c:\windows\SysWow64\nvcuvenc.dll

2010-10-16 18:55 . 2010-11-08 17:57 20284008 ----a-w- c:\windows\system32\nvoglv64.dll

2010-10-16 18:55 . 2010-11-08 17:57 1500264 ----a-w- c:\windows\system32\nvdispco642050.dll

2010-10-16 18:55 . 2010-11-08 17:57 14899816 ----a-w- c:\windows\SysWow64\nvoglv32.dll

2010-10-16 18:55 . 2010-11-08 17:57 1308776 ----a-w- c:\windows\system32\nvgenco642030.dll

2010-10-16 18:55 . 2010-11-08 17:57 12788840 ----a-w- c:\windows\system32\nvd3dumx.dll

2010-10-16 18:55 . 2010-11-08 17:57 12432616 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys

2010-10-16 18:55 . 2010-11-08 17:57 10023528 ----a-w- c:\windows\SysWow64\nvd3dum.dll

2010-10-16 18:55 . 2010-11-08 17:57 18597480 ----a-w- c:\windows\system32\nvcompiler.dll

2010-10-16 18:55 . 2010-11-08 17:57 13019752 ----a-w- c:\windows\SysWow64\nvcompiler.dll

2010-10-16 18:55 . 2010-08-10 10:00 7491688 ----a-w- c:\windows\system32\nvwgf2umx.dll

2010-10-16 18:55 . 2010-08-10 10:00 2161256 ----a-w- c:\windows\system32\nvapi64.dll

2010-10-16 18:55 . 2010-08-10 10:00 1719912 ----a-w- c:\windows\SysWow64\nvapi.dll

2010-10-16 12:13 . 2010-10-16 12:13 5901416 ----a-w- c:\windows\system32\nvcpl.dll

2010-10-16 12:13 . 2010-10-16 12:13 989800 ----a-w- c:\windows\system32\nvvsvc.exe

2010-10-16 12:13 . 2010-10-16 12:13 2590824 ----a-w- c:\windows\system32\nvsvc64.dll

2010-10-16 12:13 . 2010-10-16 12:13 116328 ----a-w- c:\windows\system32\nvmctray.dll

2010-10-14 00:36 . 2010-10-14 00:36 15451288 ----a-w- c:\windows\SysWow64\xlive.dll

2010-10-14 00:36 . 2010-10-14 00:36 13642904 ----a-w- c:\windows\SysWow64\xlivefnt.dll

2010-09-22 22:47 . 2010-09-22 22:47 49016 ----a-w- c:\windows\SysWow64\sirenacm.dll

2010-09-22 22:36 . 2010-10-20 11:24 48488 ----a-w- c:\windows\system32\drivers\fssfltr.sys

2010-09-22 22:32 . 2010-09-22 22:32 301936 ----a-w- c:\windows\WLXPGSS.SCR

2010-09-21 12:49 . 2010-09-21 12:49 252800 ----a-w- c:\windows\system32\LIVESSP.DLL

2010-09-21 12:03 . 2010-09-21 12:03 208768 ----a-w- c:\windows\SysWow64\LIVESSP.DLL

2010-09-20 13:39 . 2010-10-25 11:16 349800 ----a-w- c:\windows\system32\drivers\Rt64win7.sys

.

((((((((((((((((((((((((((((( SnapShot@2010-12-16_11.34.34 )))))))))))))))))))))))))))))))))))))))))

.

- 2009-09-08 19:35 . 2010-12-16 11:26 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2009-09-08 19:35 . 2010-12-16 17:14 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2009-09-08 19:35 . 2010-12-16 17:14 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

- 2009-09-08 19:35 . 2010-12-16 11:26 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2009-07-14 02:34 . 2010-12-16 11:37 9961472 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT

- 2009-07-14 02:34 . 2010-12-16 03:15 9961472 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RocketDock"="e:\installed programs\RocketDock\RocketDock.exe" [2007-09-02 495616]

"Steam"="e:\installed programs\steam\steam.exe" [2010-11-17 1242448]

"Google Update"="c:\users\Seppe\AppData\Local\Google\Update\GoogleUpdate.exe" [2009-09-08 133104]

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"QuickTime Task"="e:\installed programs\QuickTime\QTTask.exe" [2010-09-08 421888]

"Adobe Reader Speed Launcher"="e:\installed programs\adobe reader\Reader\Reader_sl.exe" [2010-09-23 35760]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]

"iTunesHelper"="e:\installed programs\iTunes\iTunesHelper.exe" [2010-11-10 421160]

c:\users\Seppe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Aquarius Soft PC Alarm Clock Pro.lnk - e:\installed programs\alarm clock\Aquarius Soft\PC Alarm Clock Pro\alarm.exe [2010-12-1 937984]

Xfire.lnk - e:\installed programs\Xfire\Xfire.exe [2010-7-9 3493776]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 0 (0x0)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

"PromptOnSecureDesktop"= 0 (0x0)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

@="Service"

R2 AODService;AODService;e:\installed programs\AMD overdrive\AODAssist.exe [2009-10-22 136544]

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-08-22 136176]

R3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]

R3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2010-07-07 265728]

R3 ATICDSDr;ATICDSDr;c:\users\Seppe\AppData\Local\Temp\ATICDSDr.sys [x]

R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2009-09-14 79360]

R3 CT20XUT;CT20XUT;c:\windows\system32\drivers\CT20XUT.SYS [2010-05-05 202840]

R3 CTEXFIFX;CTEXFIFX;c:\windows\system32\drivers\CTEXFIFX.SYS [2010-05-05 1417304]

R3 CTHWIUT;CTHWIUT;c:\windows\system32\drivers\CTHWIUT.SYS [2010-05-05 94808]

R3 ENTECH64;ENTECH64;c:\windows\system32\DRIVERS\ENTECH64.sys [2008-04-22 12744]

R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2009-09-10 1038088]

R3 GPUTool;GPUTool;c:\users\Seppe\AppData\Local\Temp\GPUTool.sys [x]

R3 nmwcdcx64;Nokia USB Generic;c:\windows\system32\drivers\ccdcmbox64.sys [2009-12-30 25088]

R3 nmwcdx64;Nokia USB Phone Parent;c:\windows\system32\drivers\ccdcmbx64.sys [2010-01-21 18944]

R3 s115bus;Sony Ericsson Device 115 driver (WDM);c:\windows\system32\DRIVERS\s115bus.sys [2007-04-23 108296]

R3 s115mdfl;Sony Ericsson Device 115 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s115mdfl.sys [2007-04-23 19720]

R3 s115mdm;Sony Ericsson Device 115 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s115mdm.sys [2007-04-23 144648]

R3 s115mgmt;Sony Ericsson Device 115 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s115mgmt.sys [2007-04-23 126216]

R3 s115obex;Sony Ericsson Device 115 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s115obex.sys [2007-04-23 123656]

R3 SaiHFFB5;SaiHFFB5;c:\windows\system32\DRIVERS\SaiHFFB5.sys [2008-04-04 178560]

R3 SaiIFFB5;Immersion's HID USB Driver (FFB5);c:\windows\system32\DRIVERS\SaiIFFB5.sys [2008-04-04 20864]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-03-30 1255736]

R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]

S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2009-12-16 834544]

S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-07-07 203264]

S2 MSSQL$BWDATOOLSET;SQL Server (BWDATOOLSET);c:\program files (x86)\DAODB\MSSQL.1\MSSQL\Binn\sqlservr.exe [2009-05-27 29262680]

S2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2009-10-20 47632]

S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-10-16 369256]

S3 CT20XUT.SYS;CT20XUT.SYS;c:\windows\System32\drivers\CT20XUT.SYS [2010-05-05 202840]

S3 CTEXFIFX.SYS;CTEXFIFX.SYS;c:\windows\System32\drivers\CTEXFIFX.SYS [2010-05-05 1417304]

S3 CTHWIUT.SYS;CTHWIUT.SYS;c:\windows\System32\drivers\CTHWIUT.SYS [2010-05-05 94808]

S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2010-03-25 40832]

S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [2010-09-07 155752]

S3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64k.sys [2009-10-16 28160]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-09-20 349800]

.

Inhoud van de 'Gedeelde Taken' map

2010-12-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-08-22 15:40]

2010-12-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-08-22 15:40]

2010-12-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4009387661-1012264335-483176939-1001Core.job

- c:\users\Seppe\AppData\Local\Google\Update\GoogleUpdate.exe [2009-09-08 20:17]

2010-12-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4009387661-1012264335-483176939-1001UA.job

- c:\users\Seppe\AppData\Local\Google\Update\GoogleUpdate.exe [2009-09-08 20:17]

.

--------- x86-64 -----------

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2010-07-21 2306448]

"MSSE"="c:\program files\Microsoft Security Essentials\msseces.exe" [2010-09-15 1448568]

.

------- Bijkomende Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = hxxp://www.google.be/

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = *.local

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: E&xport to Microsoft Excel - c:\progra~2\MIF5BA~1\Office12\EXCEL.EXE/3000

.

.

--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------

[HKEY_USERS\S-1-5-21-4009387661-1012264335-483176939-1001\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{BF04F962-4F88-A69D-D735-FFC58A3CA63C}*]

"jaakihnigbpfaflclhhe"=hex:62,61,6c,61,00,00

"iaalmflgdeabbpodek"=hex:6b,61,64,61,68,63,67,66,62,6b,6e,69,62,6b,70,61,6c,68,

61,62,6e,6c,00,04

"jaakihnigbpfaflclhlc"=hex:62,61,65,61,00,00

[HKEY_USERS\S-1-5-21-4009387661-1012264335-483176939-1001\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]

@Allowed: (Read) (RestrictedCode)

"??"=hex:a9,bc,a2,f2,71,78,9b,c9,6c,fb,b3,97,0d,f3,b1,c9,ce,92,7e,b6,db,77,ae,

3f,64,09,cc,ec,50,16,94,10,26,10,a2,8c,b1,15,df,4c,01,a0,89,a4,a9,d7,57,2d,\

"??"=hex:35,fc,c6,3d,c9,02,ad,db,37,1f,61,de,0f,33,8f,50

[HKEY_USERS\S-1-5-21-4009387661-1012264335-483176939-1001\Software\SecuROM\License information*]

"datasecu"=hex:99,7c,7f,f5,7a,0b,69,c3,56,91,62,f0,93,b8,8c,44,54,b9,e6,98,bf,

ba,01,43,d3,85,69,9e,99,35,5e,a7,ca,f9,f0,c1,93,3d,31,d5,e4,0a,8d,13,ab,c2,\

"rkeysecu"=hex:2b,49,cd,d6,70,33,27,c1,04,b3,31,47,c2,cc,2f,b1

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx"

"ThreadingModel"="Apartment"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.10"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx"

"ThreadingModel"="Apartment"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Voltooingstijd: 2010-12-16 18:40:55

ComboFix-quarantined-files.txt 2010-12-16 17:40

ComboFix2.txt 2010-12-16 11:37

Pre-Run: 18.346.885.120 bytes free

Post-Run: 18.285.391.872 bytes free

- - End Of File - - E6B680EC46C3E7BE0953EAD950491775

[kape]

Ook dit biedt niet meteen een negatief beeld van de PC.

Heb je dat logje van Malwarebytes nog ? Kunnen we eens kijken over welk soort besmettingen het daar ging ? Moet je nog kunnen vinden onder het tabblad "Logbestanden" bij Malwarebytes.