Ga naar inhoud

Aanbevolen berichten

Geplaatst:

toen ik op msn zat vandaag keeg ik allmaal berichten : hey, is this really you :S .... en dan een link van een site.

hier heb ik de uitslagen van hijackthis;

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 20:14:16, on 6-4-2008

Platform: Windows Vista (WinNT 6.00.1904)

MSIE: Internet Explorer v7.00 (7.00.6000.16609)

Boot mode: Normal

Running processes:

C:\Windows\system32\Dwm.exe

C:\Windows\system32\taskeng.exe

C:\Windows\Explorer.EXE

C:\Program Files\Windows Defender\MSASCui.exe

C:\Windows\RtHDVCpl.exe

C:\Windows\System32\rundll32.exe

C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe

C:\Windows\System32\rundll32.exe

C:\Program Files\Grisoft\AVG7\avgcc.exe

C:\Windows\System32\LVCOMSX.EXE

C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

C:\Windows\ehome\ehtray.exe

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\Windows\ehome\ehmsas.exe

C:\Program Files\MSN Messenger\msnmsgr.exe

C:\Program Files\Windows Media Player\wmplayer.exe

C:\Program Files\Xfire\xfire.exe

C:\Program Files\Xfire\xfire.exe

C:\Program Files\Internet Explorer\ieuser.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Windows\system32\Macromed\Flash\FlashUtil9e.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O1 - Hosts: ::1 localhost

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {68FE9A58-5DE4-4128-9BBE-40891FFAA88A} - C:\Windows\system32\yayxyxVP.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll

O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe

O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\Windows\JM\JMInsIDE.exe

O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"

O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"

O4 - HKLM\..\Run: [LVCOMSX] C:\Windows\system32\LVCOMSX.EXE

O4 - HKLM\..\Run: [Windows live Messenger] msn.com

O4 - HKLM\..\Run: [MSServer] rundll32.exe C:\Windows\system32\vtUlKCsS.dll,#1

O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe

O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe

O4 - HKCU\..\Run: [MSServer] rundll32.exe C:\Users\guildman\AppData\Local\Temp\iifebARJ.dll,#1

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEEM')

O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')

O4 - Global Startup: Adobe Reader Snelle start.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL

O13 - Gopher Prefix:

O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O20 - Winlogon Notify: avgwlntf - C:\Windows\SYSTEM32\avgwlntf.dll

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe

O23 - Service: AVG7 Resident Shield Service (AvgCoreSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe

O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe

O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe

O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe

--

End of file - 6875 bytes

zou iemand mij kunnen helpen met dit probleem?

met vriendelijke groet,

bart

Geplaatst:

Verwijder je MSN (en alle andere Messengers).

Download Combofix en zet het op je Bureaublad.

Start Hijackthis op en kies voor 'Do a system scan only'. Selecteer alleen de items hieronder genoemd:

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O2 - BHO: (no name) - {68FE9A58-5DE4-4128-9BBE-40891FFAA88A} - C:\Windows\system32\yayxyxVP.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O4 - HKLM\..\Run: [Windows live Messenger] msn.com

O4 - HKLM\..\Run: [MSServer] rundll32.exe C:\Windows\system32\vtUlKCsS.dll,#1

O4 - HKCU\..\Run: [MSServer] rundll32.exe C:\Users\guildman\AppData\Local\Temp\iifebARJ.dll, #1

Klik op 'Fix checked' om de items te verwijderen.

Dubbelklik op Combofix.exe en volg de instructies, aanvaard de disclaimer door y te typen. Tijdens het runnen van de fix, NIET in het venster klikken, want dit zal je pc doen vasthangen.

Wanneer de fix voltooid is en na herstart, zal de log combofix.txt openen.

NOTA: Indien je virusscanner reageert met een melding van een scriptuitvoering, moet je dit toestaan.

Hang het log van Combofix en een nieuw log van HJT aan je volgende bericht.

Geplaatst:

dit is de log van combo fix.

ComboFix 08-04-06.1 - guildman 2008-04-07 18:58:24.1 - NTFSx86

Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1043.18.1284 [GMT 2:00]

Gestart vanuit: C:\Users\guildman\Downloads\ComboFix.exe

* Nieuw herstelpunt werd aangemaakt

.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\Windows\system32\awtsSihI.dll

C:\Windows\system32\ddcYpoOi.dll

C:\Windows\system32\fccaXPgF.dll

C:\Windows\system32\nnnlmJYS.dll

C:\Windows\system32\pmnmklLf.dll

C:\Windows\System32\PVxyxyay.ini

C:\Windows\System32\PVxyxyay.ini2

C:\Windows\system32\swsystem.dll

C:\Windows\system32\vtUlKCsS.dll

C:\Windows\system32\xxywVmnL.dll

C:\Windows\system32\yayaXPhF.dll

C:\Windows\system32\yayxyxVP.dll

.

(((((((((((((((((((( Bestanden Gemaakt van 2008-03-07 to 2008-04-07 ))))))))))))))))))))))))))))))

.

Geen nieuwe bestanden aangemaakt in deze periode

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-04-07 16:47 --------- d-----w C:\Users\guildman\AppData\Roaming\AVG7

2008-04-06 20:27 --------- d-----w C:\Users\guildman\AppData\Roaming\uTorrent

2008-04-06 18:12 --------- d-----w C:\Program Files\Trend Micro

2008-04-06 17:00 --------- d-----w C:\Users\guildman\AppData\Roaming\Xfire

2008-04-06 17:00 --------- d-----w C:\Users\guildman\AppData\Roaming\Hamachi

2008-04-06 15:42 --------- d-----w C:\ProgramData\Xfire

2008-04-06 11:28 39,424 --sh--r C:\Windows\msn.com

2008-04-06 09:46 --------- d-----w C:\Program Files\Maxis

2008-04-04 07:50 --------- d-----w C:\Users\guildman\AppData\Roaming\vlc

2008-04-04 07:15 --------- d-----w C:\Program Files\VideoLAN

2008-04-03 17:54 --------- d-----w C:\Program Files\Common Files\Logitech

2008-04-03 17:54 --------- d-----w C:\Program Files\Common Files\logishrd

2008-03-28 08:38 --------- d--h--w C:\Program Files\InstallShield Installation Information

2008-03-28 08:38 --------- d-----w C:\Users\guildman\AppData\Roaming\InstallShield

2008-03-28 08:32 --------- d-----w C:\Program Files\Java

2008-03-27 14:18 22,328 ----a-w C:\Windows\system32\drivers\PnkBstrK.sys

2008-03-27 12:53 --------- d-----w C:\ProgramData\Test Drive Unlimited

2008-03-26 20:58 --------- d-----w C:\ProgramData\Logishrd

2008-03-26 19:21 --------- d-----w C:\ProgramData\Logitech

2008-03-22 07:33 53,768 ----a-w C:\Windows\system32\drivers\avgwfp.sys

2008-03-22 01:06 --------- d-----w C:\ProgramData\Ubisoft

2008-03-22 00:55 --------- d-----w C:\Program Files\Ubisoft

2008-03-21 15:26 --------- d-----w C:\Program Files\EA Games

2008-03-21 14:10 --------- d-----w C:\Program Files\Atari

2008-03-21 13:37 --------- d-----w C:\Program Files\Xfire

2008-03-20 15:39 --------- d-----w C:\Users\guildman\AppData\Roaming\Ubisoft

2008-03-17 19:56 --------- d-----w C:\Program Files\Windows Mail

2008-03-12 16:39 163,644 ----a-w C:\Windows\system32\drivers\SECDRV.SYS

2008-03-12 16:33 --------- d-----w C:\Program Files\Electronic Arts

2008-03-12 13:34 --------- d-----w C:\Program Files\CCleaner

2008-02-18 14:14 --------- d-----w C:\Program Files\Hamachi

2008-02-18 14:13 25,280 ----a-w C:\Windows\system32\drivers\hamachi.sys

2008-02-17 04:30 --------- d-----w C:\Users\guildman\AppData\Roaming\InstallShield Installation Information

2008-02-17 04:11 --------- d-----w C:\Program Files\Unreal Tournament 3

2008-02-17 04:10 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard

2008-02-17 04:10 --------- d-----w C:\Program Files\AGEIA Technologies

2008-02-16 21:45 22,328 ----a-w C:\Users\guildman\AppData\Roaming\PnkBstrK.sys

2008-02-16 21:32 --------- d-----w C:\Program Files\Activision

2008-02-14 11:55 --------- d-----w C:\ProgramData\Media Center Programs

2008-02-13 16:12 110,080 ----a-w C:\Windows\system32\drivers\mrxdav.sys

2008-02-13 16:11 495,160 ----a-w C:\Windows\system32\drivers\Wdf01000.sys

2008-02-13 16:11 35,384 ----a-w C:\Windows\system32\drivers\WdfLdr.sys

2008-02-13 16:10 54,784 ----a-w C:\Windows\system32\drivers\i8042prt.sys

2008-02-13 16:10 35,384 ----a-w C:\Windows\system32\drivers\kbdclass.sys

2008-02-13 16:10 34,360 ----a-w C:\Windows\system32\drivers\mouclass.sys

2008-02-13 16:10 19,968 ----a-w C:\Windows\system32\drivers\sermouse.sys

2008-02-13 16:10 15,872 ----a-w C:\Windows\system32\drivers\mouhid.sys

2008-02-13 16:10 15,872 ----a-w C:\Windows\system32\drivers\kbdhid.sys

2008-02-13 16:09 45,112 ----a-w C:\Windows\system32\drivers\pciidex.sys

2008-02-13 16:09 21,560 ----a-w C:\Windows\system32\drivers\atapi.sys

2008-02-13 16:09 17,464 ----a-w C:\Windows\system32\drivers\intelide.sys

2008-02-13 16:09 154,624 ----a-w C:\Windows\system32\drivers\nwifi.sys

2008-02-13 16:09 109,624 ----a-w C:\Windows\system32\drivers\ataport.sys

2008-02-13 16:08 803,328 ----a-w C:\Windows\system32\drivers\tcpip.sys

2008-02-13 16:08 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll

2008-02-13 16:08 449,536 ----a-w C:\Windows\AppPatch\AcSpecfc.dll

2008-02-13 16:08 216,632 ----a-w C:\Windows\system32\drivers\netio.sys

2008-02-13 16:08 2,144,256 ----a-w C:\Windows\AppPatch\AcGenral.dll

2008-02-13 16:08 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll

2008-02-13 16:06 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll

2007-09-01 08:17 174 --sha-w C:\Program Files\desktop.ini

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

REGEDIT4

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 17:45 313472]

"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2007-12-09 18:35 171448]

"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 14:35 125440]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2007-08-06 16:10 1006264]

"RtHDVCpl"="RtHDVCpl.exe" [2007-04-10 16:01 4431872 C:\Windows\RtHDVCpl.exe]

"JMB36X IDE Setup"="C:\Windows\JM\JMInsIDE.exe" [2006-10-30 20:44 36864]

"NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-07-06 13:15 86016]

"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-07-06 13:15 8466432]

"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-07-06 13:15 81920]

"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784 C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe]

"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-01-11 14:19 579072]

"NeroFilterCheck"="C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 16:57 153136]

"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-08-08 10:25 1828136]

"LVCOMSX"="C:\Windows\system32\LVCOMSX.EXE" [2005-12-09 15:32 225280]

"Windows live Messenger"="msn.com" [2008-04-06 13:28 39424 C:\Windows\msn.com]

"SBI"="C:\Users\guildman\Downloads\install_sbd_nl VIRUS SCANNER.exe" [2008-04-07 18:07 1172768]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2007-10-30 16:04 219136]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]

"{8E1BFC0E-8AD2-424D-AC8A-06038481516E}"= C:\Windows\system32\vtUlKCsS.dll [ ]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgwlntf]

avgwlntf.dll 2007-08-07 09:19 9216 C:\Windows\System32\avgwlntf.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"VIDC.I420"= lvcodec2.dll

"VIDC.XFR1"= xfcodec.dll

"msacm.lhacm"= lhacm.acm

"MSVideo8"= VfWWDM32.dll

"MSVideo"= vfwwdm32.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Authentication Packages REG_MULTI_SZ msv1_0 C:\Windows\system32\yayxyxVP

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusDisableNotify"=dword:00000001

"AntivirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]

"{85CA479A-4F4A-4F9F-819D-E9E8E38D6CA0}"= C:\Program Files\Electronic Arts\Command & Conquer 3\RetailExe\1.0\cnc3game.dat:Command & Conquer 3 Tiberium Wars

"{3748C267-0686-4C2C-83C1-76835F020E45}"= UDP:C:\Program Files\Electronic Arts\The Battle for Middle-earth II\game.dat:The Battle for Middle-earth™ II

"{179F0B0D-787B-4566-8B9E-923D87C105D4}"= TCP:C:\Program Files\Electronic Arts\The Battle for Middle-earth II\game.dat:The Battle for Middle-earth™ II

"{8F1615E1-2389-4F72-A731-63E8B669766D}"= UDP:C:\Program Files\Electronic Arts\The Rise of the Witch-king\game.dat:The Lord of the Rings, The Rise of the Witch-king

"{10FF37FD-361C-44FA-BF39-16811D766F1A}"= TCP:C:\Program Files\Electronic Arts\The Rise of the Witch-king\game.dat:The Lord of the Rings, The Rise of the Witch-king

"TCP Query User{32869293-0DAC-462C-A829-59EDD36C7D4C}C:\\program files\\electronic arts\\command & conquer 3\\retailexe\\1.0\\cnc3game.dat"= UDP:C:\program files\electronic arts\command & conquer 3\retailexe\1.0\cnc3game.dat:Command and Conquer 3 Tiberium Wars™

"UDP Query User{6DD765EC-DA2F-4BE7-833B-0553EB6CD0BF}C:\\program files\\electronic arts\\command & conquer 3\\retailexe\\1.0\\cnc3game.dat"= TCP:C:\program files\electronic arts\command & conquer 3\retailexe\1.0\cnc3game.dat:Command and Conquer 3 Tiberium Wars™

"{065DE9A0-188F-4AE0-B5EB-D002CCBA17AE}"= UDP:C:\Program Files\Electronic Arts\The Rise of the Witch-king\game.dat:The Lord of the Rings, The Rise of the Witch-king

"{13CDB5E4-42D0-4799-9A15-A51A0F71FB64}"= TCP:C:\Program Files\Electronic Arts\The Rise of the Witch-king\game.dat:The Lord of the Rings, The Rise of the Witch-king

"TCP Query User{1442EF57-1796-44EA-A25A-10AC04BD653F}C:\\program files\\hamachi\\hamachi.exe"= UDP:C:\program files\hamachi\hamachi.exe:Hamachi Client

"UDP Query User{6E08A576-76C0-45FB-A4BD-970390D4CFD5}C:\\program files\\hamachi\\hamachi.exe"= TCP:C:\program files\hamachi\hamachi.exe:Hamachi Client

"TCP Query User{CAE9F192-B5E0-46C1-B1F3-4D8A48810023}C:\\users\\guildman\\appdata\\local\\temp\\electronicarts_patcher_000.exe"= UDP:C:\users\guildman\appdata\local\temp\electronicarts_patcher_000.exe:electronicarts_patcher_000.exe

"UDP Query User{52194791-5C0A-493B-B369-5F89512E2855}C:\\users\\guildman\\appdata\\local\\temp\\electronicarts_patcher_000.exe"= TCP:C:\users\guildman\appdata\local\temp\electronicarts_patcher_000.exe:electronicarts_patcher_000.exe

"{4D627931-2F6E-4BAE-AD9A-68ED089C7FC4}"= C:\Program Files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)

"TCP Query User{FE7F86CE-B485-43F9-993A-AF9A79367568}C:\\program files\\gamespy\\comrade\\comrade.exe"= UDP:C:\program files\gamespy\comrade\comrade.exe:Comrade

"UDP Query User{7E57F462-4649-4F46-A850-F99D3B599B42}C:\\program files\\gamespy\\comrade\\comrade.exe"= TCP:C:\program files\gamespy\comrade\comrade.exe:Comrade

"{9F6C932E-0DAA-410F-BF1C-B1299AFB46D2}"= UDP:C:\Program Files\Electronic Arts\Battlefield 2142\BF2142.exe:Battlefield 2

"{E8267A96-A928-4AD3-8B4A-6E511DB1E034}"= TCP:C:\Program Files\Electronic Arts\Battlefield 2142\BF2142.exe:Battlefield 2

"{FC7A86DD-32BE-4133-A3C2-FC268F64F3E9}"= UDP:C:\Windows\System32\PnkBstrA.exe:PnkBstrA

"{E956B76F-D336-42EC-95F3-26EB61780B19}"= TCP:C:\Windows\System32\PnkBstrA.exe:PnkBstrA

"{A9107380-EBC1-4709-9667-47EC4C28A84A}"= UDP:C:\Windows\System32\PnkBstrB.exe:PnkBstrB

"{7C1B81AD-860E-44E7-8665-14B527097911}"= TCP:C:\Windows\System32\PnkBstrB.exe:PnkBstrB

"{D0CA9787-5862-4862-B4EA-A139CA03673F}"= UDP:C:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\Crysis.exe:Crysis_32

"{5AF83993-6195-42E4-8F39-BFC02E00073C}"= TCP:C:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\Crysis.exe:Crysis_32

"{C6B999D9-DB95-4C50-9DE2-08349930CF13}"= UDP:C:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\CrysisDedicatedServer.exe:CrysisDedicatedServer_32

"{5354D629-136F-4720-91A7-C9EFB6892A05}"= TCP:C:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\CrysisDedicatedServer.exe:CrysisDedicatedServer_32

"{81AAF909-ABF6-4964-8FC9-3925AF8AB6DE}"= UDP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent

"{65A1C5CE-E140-46AD-91AB-10B72F739331}"= TCP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent

"{F0165FCF-DD28-4EC7-9B40-695A2231CE77}"= UDP:C:\Program Files\Ubisoft\THE SETTLERS - Rise of an Empire\base\bin\Settlers6.exe:THE SETTLERS - Rise of an Empire

"{7335FB89-CE03-44BD-BAE4-984428974DDB}"= TCP:C:\Program Files\Ubisoft\THE SETTLERS - Rise of an Empire\base\bin\Settlers6.exe:THE SETTLERS - Rise of an Empire

"{84E14DBE-4249-466C-BA04-69BB18B70C02}"= UDP:C:\Program Files\Unreal Tournament 3\Binaries\UT3.exe:Unreal Tournament 3

"{F992460F-79E7-4A16-BF5E-CD5F2BDE515E}"= TCP:C:\Program Files\Unreal Tournament 3\Binaries\UT3.exe:Unreal Tournament 3

"{B1BF99A2-982A-4FE0-AE99-D468D7441E29}"= UDP:C:\Program Files\Ubisoft\Assassin's Creed\AssassinsCreed_Dx9.exe:Assassin's Creed Dx9

"{04AFF9BF-8A65-4733-BCA2-30C5FF484232}"= TCP:C:\Program Files\Ubisoft\Assassin's Creed\AssassinsCreed_Dx9.exe:Assassin's Creed Dx9

"{0480B2BE-B4E6-472B-9532-C18C9818A0A8}"= UDP:C:\Program Files\Ubisoft\Assassin's Creed\AssassinsCreed_Dx10.exe:Assassin's Creed Dx10

"{263B9FD8-A680-479D-BF4D-F3FA8B03DEA7}"= TCP:C:\Program Files\Ubisoft\Assassin's Creed\AssassinsCreed_Dx10.exe:Assassin's Creed Dx10

"{35FA6214-19D4-44E5-837A-9422209DBB40}"= UDP:C:\Program Files\Ubisoft\Assassin's Creed\AssassinsCreed_Launcher.exe:Assassin's Creed Update

"{E851150A-3E16-4358-951B-58518D241568}"= TCP:C:\Program Files\Ubisoft\Assassin's Creed\AssassinsCreed_Launcher.exe:Assassin's Creed Update

"TCP Query User{0A1C39A0-538E-4DEB-B7A4-627F7314B374}C:\\program files\\xfire\\xfire.exe"= UDP:C:\program files\xfire\xfire.exe:Xfire

"UDP Query User{321076CB-96BE-432B-8B84-6E02C9CACEB9}C:\\program files\\xfire\\xfire.exe"= TCP:C:\program files\xfire\xfire.exe:Xfire

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]

"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

R3 AvgWFP;AVG7 Firewall Driver x86;C:\Windows\system32\Drivers\avgwfp.sys [2008-03-22 09:33]

R3 LVPrcMon;Logitech LVPrcMon Driver;C:\Windows\system32\drivers\LVPrcMon.sys [2005-12-09 15:37]

R3 yukonwlh;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk60x86.sys [2006-11-22 09:12]

S3 FXDrv32;FXDrv32;C:\Program Files\FOXCONN\FOX LiveUpdate\FXDrv32.sys [2005-12-20 19:23]

S3 MRV6X32P;Met Vista geleverd 32-bits-stuurprogramma;C:\Windows\system32\DRIVERS\MRVW13B.sys [2006-11-02 09:30]

S3 odysseyIM4;Odyssey Network Agent Miniport;C:\Windows\system32\DRIVERS\odysseyIM4.sys [2004-09-24 23:36]

S3 RTL85n86;Belkin Wireless G Notebook Card Service v8;C:\Windows\system32\DRIVERS\RTL85n86.sys [2007-03-12 17:49]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

bthsvcs REG_MULTI_SZ BthServ

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a58094c4-5000-11dc-b82a-001a7036ebf4}]

\shell\AutoRun\command - K:\autorun.exe

.

**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-04-07 19:04:59

Windows 6.0.6000 NTFS

scannen van verborgen processen ...

scannen van verborgen autostart items ...

scannen van verborgen bestanden ...

Scan succesvol afgerond

verborgen bestanden: 0

**************************************************************************

.

------------------------ Other Running Processes ------------------------

.

c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe

C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe

C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe

C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe

C:\PROGRA~1\Grisoft\AVG7\avgemc.exe

C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe

C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe

C:\Windows\system32\PnkBstrA.exe

C:\Windows\system32\WUDFHost.exe

C:\Windows\system32\conime.exe

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe

C:\Program Files\Grisoft\AVG7\avgcc.exe

C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

C:\Windows\ehome\ehmsas.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\system32\DllHost.exe

.

**************************************************************************

.

Voltooingstijd: 2008-04-07 19:07:07 - machine was rebooted

ComboFix-quarantined-files.txt 2008-04-07 17:07:02

Kan het bericht voor berichtnummer 0x2379 niet vinden in berichtenbestand voor Application.

Kan het bericht voor berichtnummer 0x2379 niet vinden in berichtenbestand voor Application.

.

2008-04-06 09:41:17 --- E O F ---

het log bestand van hijack ging niet zo als gewenst. hij gaf een fout melding, mischien kunt u met de bovenstaande gegevens genoeg.

met vriendelijke groet

bart

Geplaatst:

Open een kladblokbestand.

Kopieer en plak daarin de onderstaande vetgedrukte tekst.

File::

C:\Windows\msn.com

Folder::

C:\Program Files\Trend Micro

Registry::

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]

"Windows live Messenger"="msn.com"=-

"SBI"="C:\Users\guildman\Downloads\install_sbd _nl VIRUS SCANNER.exe"=-

[hkey_local_machine\software\microsoft\windows\curr entversion\explorer\shellexecutehooks]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\contro l\lsa]

Sla dit bestand op je bureaublad op als CFScript.txt.

Sleep CFScript.txt in ComboFix.exe

Dit zal ComboFix doen herstarten. Start opnieuw op als dat gevraagd wordt.

Post na herstart de inhoud van de Combofix.txt in je volgende bericht.

Download nu opnieuw HijackThis en probeer een nieuw log te maken. Hang dit ook in je volgend bericht (als het lukt).

Geplaatst:

ComboFix 08-04-06.1 - guildman 2008-04-07 20:04:41.2 - NTFSx86

Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1043.18.1310 [GMT 2:00]

Gestart vanuit: C:\Users\guildman\Desktop\combofix\combofix.exe

.

(((((((((((((((((((( Bestanden Gemaakt van 2008-03-07 to 2008-04-07 ))))))))))))))))))))))))))))))

.

Geen nieuwe bestanden aangemaakt in deze periode

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-04-07 16:47 --------- d-----w C:\Users\guildman\AppData\Roaming\AVG7

2008-04-06 20:27 --------- d-----w C:\Users\guildman\AppData\Roaming\uTorrent

2008-04-06 18:12 --------- d-----w C:\Program Files\Trend Micro

2008-04-06 17:00 --------- d-----w C:\Users\guildman\AppData\Roaming\Xfire

2008-04-06 17:00 --------- d-----w C:\Users\guildman\AppData\Roaming\Hamachi

2008-04-06 15:42 --------- d-----w C:\ProgramData\Xfire

2008-04-06 11:28 39,424 --sh--r C:\Windows\msn.com

2008-04-06 09:46 --------- d-----w C:\Program Files\Maxis

2008-04-04 07:50 --------- d-----w C:\Users\guildman\AppData\Roaming\vlc

2008-04-04 07:15 --------- d-----w C:\Program Files\VideoLAN

2008-04-03 17:54 --------- d-----w C:\Program Files\Common Files\Logitech

2008-04-03 17:54 --------- d-----w C:\Program Files\Common Files\logishrd

2008-03-28 08:38 --------- d--h--w C:\Program Files\InstallShield Installation Information

2008-03-28 08:38 --------- d-----w C:\Users\guildman\AppData\Roaming\InstallShield

2008-03-28 08:32 --------- d-----w C:\Program Files\Java

2008-03-27 14:18 22,328 ----a-w C:\Windows\system32\drivers\PnkBstrK.sys

2008-03-27 12:53 --------- d-----w C:\ProgramData\Test Drive Unlimited

2008-03-26 20:58 --------- d-----w C:\ProgramData\Logishrd

2008-03-26 19:21 --------- d-----w C:\ProgramData\Logitech

2008-03-22 07:33 53,768 ----a-w C:\Windows\system32\drivers\avgwfp.sys

2008-03-22 01:06 --------- d-----w C:\ProgramData\Ubisoft

2008-03-22 00:55 --------- d-----w C:\Program Files\Ubisoft

2008-03-21 15:26 --------- d-----w C:\Program Files\EA Games

2008-03-21 14:10 --------- d-----w C:\Program Files\Atari

2008-03-21 13:37 --------- d-----w C:\Program Files\Xfire

2008-03-20 15:39 --------- d-----w C:\Users\guildman\AppData\Roaming\Ubisoft

2008-03-17 19:56 --------- d-----w C:\Program Files\Windows Mail

2008-03-12 16:39 163,644 ----a-w C:\Windows\system32\drivers\SECDRV.SYS

2008-03-12 16:33 --------- d-----w C:\Program Files\Electronic Arts

2008-03-12 13:34 --------- d-----w C:\Program Files\CCleaner

2008-02-18 14:14 --------- d-----w C:\Program Files\Hamachi

2008-02-18 14:13 25,280 ----a-w C:\Windows\system32\drivers\hamachi.sys

2008-02-17 04:30 --------- d-----w C:\Users\guildman\AppData\Roaming\InstallShield Installation Information

2008-02-17 04:11 --------- d-----w C:\Program Files\Unreal Tournament 3

2008-02-17 04:10 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard

2008-02-17 04:10 --------- d-----w C:\Program Files\AGEIA Technologies

2008-02-16 21:45 22,328 ----a-w C:\Users\guildman\AppData\Roaming\PnkBstrK.sys

2008-02-16 21:32 --------- d-----w C:\Program Files\Activision

2008-02-14 11:55 --------- d-----w C:\ProgramData\Media Center Programs

2008-02-13 16:12 110,080 ----a-w C:\Windows\system32\drivers\mrxdav.sys

2008-02-13 16:11 495,160 ----a-w C:\Windows\system32\drivers\Wdf01000.sys

2008-02-13 16:11 35,384 ----a-w C:\Windows\system32\drivers\WdfLdr.sys

2008-02-13 16:10 54,784 ----a-w C:\Windows\system32\drivers\i8042prt.sys

2008-02-13 16:10 35,384 ----a-w C:\Windows\system32\drivers\kbdclass.sys

2008-02-13 16:10 34,360 ----a-w C:\Windows\system32\drivers\mouclass.sys

2008-02-13 16:10 19,968 ----a-w C:\Windows\system32\drivers\sermouse.sys

2008-02-13 16:10 15,872 ----a-w C:\Windows\system32\drivers\mouhid.sys

2008-02-13 16:10 15,872 ----a-w C:\Windows\system32\drivers\kbdhid.sys

2008-02-13 16:09 45,112 ----a-w C:\Windows\system32\drivers\pciidex.sys

2008-02-13 16:09 21,560 ----a-w C:\Windows\system32\drivers\atapi.sys

2008-02-13 16:09 17,464 ----a-w C:\Windows\system32\drivers\intelide.sys

2008-02-13 16:09 154,624 ----a-w C:\Windows\system32\drivers\nwifi.sys

2008-02-13 16:09 109,624 ----a-w C:\Windows\system32\drivers\ataport.sys

2008-02-13 16:08 803,328 ----a-w C:\Windows\system32\drivers\tcpip.sys

2008-02-13 16:08 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll

2008-02-13 16:08 449,536 ----a-w C:\Windows\AppPatch\AcSpecfc.dll

2008-02-13 16:08 216,632 ----a-w C:\Windows\system32\drivers\netio.sys

2008-02-13 16:08 2,144,256 ----a-w C:\Windows\AppPatch\AcGenral.dll

2008-02-13 16:08 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll

2008-02-13 16:06 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll

2007-09-01 08:17 174 --sha-w C:\Program Files\desktop.ini

.

((((((((((((((((((((((((((((( snapshot@2008-04-07_19.06.27.13 )))))))))))))))))))))))))))))))))))))))))

.

- 2008-04-07 17:03:48 67,584 --s-a-w C:\Windows\bootstat.dat

+ 2008-04-07 18:09:09 67,584 --s-a-w C:\Windows\bootstat.dat

+ 2005-10-20 18:02:28 163,328 ----a-w C:\Windows\erdnt\subs\ERDNT.EXE

- 2008-04-07 17:05:00 262,144 ----a-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\usrclass.dat

+ 2008-04-07 18:10:26 262,144 ----a-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\usrclass.dat

- 2008-04-07 17:04:54 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT

+ 2008-04-07 18:10:15 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT

+ 2008-04-07 18:10:15 262,144 ---ha-w C:\Windows\ServiceProfiles\LocalService\ntuser.dat.LOG1

- 2008-04-07 17:04:58 262,144 ----a-w C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\usrclass.dat

+ 2008-04-07 18:10:25 262,144 ----a-w C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\usrclass.dat

- 2008-04-07 17:04:54 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT

+ 2008-04-07 18:10:15 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT

+ 2008-04-07 18:10:15 262,144 ---ha-w C:\Windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1

- 2008-04-07 16:52:15 108,260 ----a-w C:\Windows\System32\perfc009.dat

+ 2008-04-07 17:43:49 108,260 ----a-w C:\Windows\System32\perfc009.dat

- 2008-04-07 16:52:15 128,256 ----a-w C:\Windows\System32\perfc013.dat

+ 2008-04-07 17:43:49 128,256 ----a-w C:\Windows\System32\perfc013.dat

- 2008-04-07 16:52:15 621,176 ----a-w C:\Windows\System32\perfh009.dat

+ 2008-04-07 17:43:49 621,176 ----a-w C:\Windows\System32\perfh009.dat

- 2008-04-07 16:52:15 701,994 ----a-w C:\Windows\System32\perfh013.dat

+ 2008-04-07 17:43:49 701,994 ----a-w C:\Windows\System32\perfh013.dat

- 2008-04-07 16:49:19 9,252 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1782276545-2530281447-14400948-1001_UserData.bin

+ 2008-04-07 17:06:20 9,498 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1782276545-2530281447-14400948-1001_UserData.bin

- 2008-04-07 16:49:19 70,986 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin

+ 2008-04-07 17:06:20 71,204 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin

- 2008-04-07 16:49:18 38,790 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin

+ 2008-04-07 17:06:16 39,358 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

REGEDIT4

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 17:45 313472]

"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2007-12-09 18:35 171448]

"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 14:35 125440]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2007-08-06 16:10 1006264]

"RtHDVCpl"="RtHDVCpl.exe" [2007-04-10 16:01 4431872 C:\Windows\RtHDVCpl.exe]

"JMB36X IDE Setup"="C:\Windows\JM\JMInsIDE.exe" [2006-10-30 20:44 36864]

"NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-07-06 13:15 86016]

"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-07-06 13:15 8466432]

"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-07-06 13:15 81920]

"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784 C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe]

"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-01-11 14:19 579072]

"NeroFilterCheck"="C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 16:57 153136]

"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-08-08 10:25 1828136]

"LVCOMSX"="C:\Windows\system32\LVCOMSX.EXE" [2005-12-09 15:32 225280]

"Windows live Messenger"="msn.com" [2008-04-06 13:28 39424 C:\Windows\msn.com]

"SBI"="C:\Users\guildman\Downloads\install_sbd_nl VIRUS SCANNER.exe" [2008-04-07 18:07 1172768]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2007-10-30 16:04 219136]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]

"{8E1BFC0E-8AD2-424D-AC8A-06038481516E}"= C:\Windows\system32\vtUlKCsS.dll [ ]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgwlntf]

avgwlntf.dll 2007-08-07 09:19 9216 C:\Windows\System32\avgwlntf.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"VIDC.I420"= lvcodec2.dll

"VIDC.XFR1"= xfcodec.dll

"msacm.lhacm"= lhacm.acm

"MSVideo8"= VfWWDM32.dll

"MSVideo"= vfwwdm32.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusDisableNotify"=dword:00000001

"AntivirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]

"{85CA479A-4F4A-4F9F-819D-E9E8E38D6CA0}"= C:\Program Files\Electronic Arts\Command & Conquer 3\RetailExe\1.0\cnc3game.dat:Command & Conquer 3 Tiberium Wars

"{3748C267-0686-4C2C-83C1-76835F020E45}"= UDP:C:\Program Files\Electronic Arts\The Battle for Middle-earth II\game.dat:The Battle for Middle-earth™ II

"{179F0B0D-787B-4566-8B9E-923D87C105D4}"= TCP:C:\Program Files\Electronic Arts\The Battle for Middle-earth II\game.dat:The Battle for Middle-earth™ II

"{8F1615E1-2389-4F72-A731-63E8B669766D}"= UDP:C:\Program Files\Electronic Arts\The Rise of the Witch-king\game.dat:The Lord of the Rings, The Rise of the Witch-king

"{10FF37FD-361C-44FA-BF39-16811D766F1A}"= TCP:C:\Program Files\Electronic Arts\The Rise of the Witch-king\game.dat:The Lord of the Rings, The Rise of the Witch-king

"TCP Query User{32869293-0DAC-462C-A829-59EDD36C7D4C}C:\\program files\\electronic arts\\command & conquer 3\\retailexe\\1.0\\cnc3game.dat"= UDP:C:\program files\electronic arts\command & conquer 3\retailexe\1.0\cnc3game.dat:Command and Conquer 3 Tiberium Wars™

"UDP Query User{6DD765EC-DA2F-4BE7-833B-0553EB6CD0BF}C:\\program files\\electronic arts\\command & conquer 3\\retailexe\\1.0\\cnc3game.dat"= TCP:C:\program files\electronic arts\command & conquer 3\retailexe\1.0\cnc3game.dat:Command and Conquer 3 Tiberium Wars™

"{065DE9A0-188F-4AE0-B5EB-D002CCBA17AE}"= UDP:C:\Program Files\Electronic Arts\The Rise of the Witch-king\game.dat:The Lord of the Rings, The Rise of the Witch-king

"{13CDB5E4-42D0-4799-9A15-A51A0F71FB64}"= TCP:C:\Program Files\Electronic Arts\The Rise of the Witch-king\game.dat:The Lord of the Rings, The Rise of the Witch-king

"TCP Query User{1442EF57-1796-44EA-A25A-10AC04BD653F}C:\\program files\\hamachi\\hamachi.exe"= UDP:C:\program files\hamachi\hamachi.exe:Hamachi Client

"UDP Query User{6E08A576-76C0-45FB-A4BD-970390D4CFD5}C:\\program files\\hamachi\\hamachi.exe"= TCP:C:\program files\hamachi\hamachi.exe:Hamachi Client

"TCP Query User{CAE9F192-B5E0-46C1-B1F3-4D8A48810023}C:\\users\\guildman\\appdata\\local\\temp\\electronicarts_patcher_000.exe"= UDP:C:\users\guildman\appdata\local\temp\electronicarts_patcher_000.exe:electronicarts_patcher_000.exe

"UDP Query User{52194791-5C0A-493B-B369-5F89512E2855}C:\\users\\guildman\\appdata\\local\\temp\\electronicarts_patcher_000.exe"= TCP:C:\users\guildman\appdata\local\temp\electronicarts_patcher_000.exe:electronicarts_patcher_000.exe

"{4D627931-2F6E-4BAE-AD9A-68ED089C7FC4}"= C:\Program Files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)

"TCP Query User{FE7F86CE-B485-43F9-993A-AF9A79367568}C:\\program files\\gamespy\\comrade\\comrade.exe"= UDP:C:\program files\gamespy\comrade\comrade.exe:Comrade

"UDP Query User{7E57F462-4649-4F46-A850-F99D3B599B42}C:\\program files\\gamespy\\comrade\\comrade.exe"= TCP:C:\program files\gamespy\comrade\comrade.exe:Comrade

"{9F6C932E-0DAA-410F-BF1C-B1299AFB46D2}"= UDP:C:\Program Files\Electronic Arts\Battlefield 2142\BF2142.exe:Battlefield 2

"{E8267A96-A928-4AD3-8B4A-6E511DB1E034}"= TCP:C:\Program Files\Electronic Arts\Battlefield 2142\BF2142.exe:Battlefield 2

"{FC7A86DD-32BE-4133-A3C2-FC268F64F3E9}"= UDP:C:\Windows\System32\PnkBstrA.exe:PnkBstrA

"{E956B76F-D336-42EC-95F3-26EB61780B19}"= TCP:C:\Windows\System32\PnkBstrA.exe:PnkBstrA

"{A9107380-EBC1-4709-9667-47EC4C28A84A}"= UDP:C:\Windows\System32\PnkBstrB.exe:PnkBstrB

"{7C1B81AD-860E-44E7-8665-14B527097911}"= TCP:C:\Windows\System32\PnkBstrB.exe:PnkBstrB

"{D0CA9787-5862-4862-B4EA-A139CA03673F}"= UDP:C:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\Crysis.exe:Crysis_32

"{5AF83993-6195-42E4-8F39-BFC02E00073C}"= TCP:C:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\Crysis.exe:Crysis_32

"{C6B999D9-DB95-4C50-9DE2-08349930CF13}"= UDP:C:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\CrysisDedicatedServer.exe:CrysisDedicatedServer_32

"{5354D629-136F-4720-91A7-C9EFB6892A05}"= TCP:C:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\CrysisDedicatedServer.exe:CrysisDedicatedServer_32

"{81AAF909-ABF6-4964-8FC9-3925AF8AB6DE}"= UDP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent

"{65A1C5CE-E140-46AD-91AB-10B72F739331}"= TCP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent

"{F0165FCF-DD28-4EC7-9B40-695A2231CE77}"= UDP:C:\Program Files\Ubisoft\THE SETTLERS - Rise of an Empire\base\bin\Settlers6.exe:THE SETTLERS - Rise of an Empire

"{7335FB89-CE03-44BD-BAE4-984428974DDB}"= TCP:C:\Program Files\Ubisoft\THE SETTLERS - Rise of an Empire\base\bin\Settlers6.exe:THE SETTLERS - Rise of an Empire

"{84E14DBE-4249-466C-BA04-69BB18B70C02}"= UDP:C:\Program Files\Unreal Tournament 3\Binaries\UT3.exe:Unreal Tournament 3

"{F992460F-79E7-4A16-BF5E-CD5F2BDE515E}"= TCP:C:\Program Files\Unreal Tournament 3\Binaries\UT3.exe:Unreal Tournament 3

"{B1BF99A2-982A-4FE0-AE99-D468D7441E29}"= UDP:C:\Program Files\Ubisoft\Assassin's Creed\AssassinsCreed_Dx9.exe:Assassin's Creed Dx9

"{04AFF9BF-8A65-4733-BCA2-30C5FF484232}"= TCP:C:\Program Files\Ubisoft\Assassin's Creed\AssassinsCreed_Dx9.exe:Assassin's Creed Dx9

"{0480B2BE-B4E6-472B-9532-C18C9818A0A8}"= UDP:C:\Program Files\Ubisoft\Assassin's Creed\AssassinsCreed_Dx10.exe:Assassin's Creed Dx10

"{263B9FD8-A680-479D-BF4D-F3FA8B03DEA7}"= TCP:C:\Program Files\Ubisoft\Assassin's Creed\AssassinsCreed_Dx10.exe:Assassin's Creed Dx10

"{35FA6214-19D4-44E5-837A-9422209DBB40}"= UDP:C:\Program Files\Ubisoft\Assassin's Creed\AssassinsCreed_Launcher.exe:Assassin's Creed Update

"{E851150A-3E16-4358-951B-58518D241568}"= TCP:C:\Program Files\Ubisoft\Assassin's Creed\AssassinsCreed_Launcher.exe:Assassin's Creed Update

"TCP Query User{0A1C39A0-538E-4DEB-B7A4-627F7314B374}C:\\program files\\xfire\\xfire.exe"= UDP:C:\program files\xfire\xfire.exe:Xfire

"UDP Query User{321076CB-96BE-432B-8B84-6E02C9CACEB9}C:\\program files\\xfire\\xfire.exe"= TCP:C:\program files\xfire\xfire.exe:Xfire

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]

"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

R3 AvgWFP;AVG7 Firewall Driver x86;C:\Windows\system32\Drivers\avgwfp.sys [2008-03-22 09:33]

R3 LVPrcMon;Logitech LVPrcMon Driver;C:\Windows\system32\drivers\LVPrcMon.sys [2005-12-09 15:37]

R3 yukonwlh;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk60x86.sys [2006-11-22 09:12]

S3 FXDrv32;FXDrv32;C:\Program Files\FOXCONN\FOX LiveUpdate\FXDrv32.sys [2005-12-20 19:23]

S3 MRV6X32P;Met Vista geleverd 32-bits-stuurprogramma;C:\Windows\system32\DRIVERS\MRVW13B.sys [2006-11-02 09:30]

S3 odysseyIM4;Odyssey Network Agent Miniport;C:\Windows\system32\DRIVERS\odysseyIM4.sys [2004-09-24 23:36]

S3 RTL85n86;Belkin Wireless G Notebook Card Service v8;C:\Windows\system32\DRIVERS\RTL85n86.sys [2007-03-12 17:49]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

bthsvcs REG_MULTI_SZ BthServ

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a58094c4-5000-11dc-b82a-001a7036ebf4}]

\shell\AutoRun\command - K:\autorun.exe

.

**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-04-07 20:10:24

Windows 6.0.6000 NTFS

scannen van verborgen processen ...

scannen van verborgen autostart items ...

scannen van verborgen bestanden ...

Scan succesvol afgerond

verborgen bestanden: 0

**************************************************************************

.

------------------------ Other Running Processes ------------------------

.

c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe

C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe

C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe

C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe

C:\PROGRA~1\Grisoft\AVG7\avgemc.exe

C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe

C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe

C:\Windows\system32\PnkBstrA.exe

C:\Windows\system32\WUDFHost.exe

C:\Windows\system32\conime.exe

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe

C:\Program Files\Grisoft\AVG7\avgcc.exe

C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

C:\Windows\ehome\ehmsas.exe

C:\Windows\system32\DllHost.exe

.

**************************************************************************

.

Voltooingstijd: 2008-04-07 20:12:05 - machine was rebooted

ComboFix-quarantined-files.txt 2008-04-07 18:12:02

ComboFix2.txt 2008-04-07 17:07:08

Kan het bericht voor berichtnummer 0x2379 niet vinden in berichtenbestand voor Application.

Kan het bericht voor berichtnummer 0x2379 niet vinden in berichtenbestand voor Application.

.

2008-04-06 09:41:17 --- E O F ---

hier heb ik weer een log van combofix,

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 20:18:48, on 7-4-2008

Platform: Windows Vista (WinNT 6.00.1904)

MSIE: Internet Explorer v7.00 (7.00.6000.16609)

Boot mode: Normal

Running processes:

C:\Windows\system32\Dwm.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\conime.exe

C:\Program Files\Windows Defender\MSASCui.exe

C:\Windows\RtHDVCpl.exe

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe

C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe

C:\Program Files\Grisoft\AVG7\avgcc.exe

C:\Windows\System32\LVCOMSX.EXE

C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

C:\Windows\ehome\ehtray.exe

C:\Windows\ehome\ehmsas.exe

C:\Windows\Explorer.exe

C:\Windows\system32\notepad.exe

C:\Program Files\Internet Explorer\ieuser.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll

O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe

O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\Windows\JM\JMInsIDE.exe

O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"

O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"

O4 - HKLM\..\Run: [LVCOMSX] C:\Windows\system32\LVCOMSX.EXE

O4 - HKLM\..\Run: [sBI] C:\Users\guildman\Downloads\install_sbd_nl VIRUS SCANNER.exe

O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEEM')

O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')

O4 - Global Startup: Adobe Reader Snelle start.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL

O13 - Gopher Prefix:

O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O20 - Winlogon Notify: avgwlntf - C:\Windows\SYSTEM32\avgwlntf.dll

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe

O23 - Service: AVG7 Resident Shield Service (AvgCoreSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe

O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe

O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe

O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe

--

End of file - 6029 bytes

en hier de log van hijack this, ik hoop dat het de juiste informatie is.

gr bart

Geplaatst:

Het log van HJT is inmiddels OK. Maar met Combofix is er iets misgelopen. Combofix heeft zijn werk niet correct uitgevoerd. Kan je nog eens proberen met dezelfde opdracht : het vetgedrukte opslaan en in Combofix slepen. En dan weer een log plaatsen. Ben benieuwd wat er nu gaat gebeuren ?

Geplaatst:

ComboFix 08-04-06.1 - guildman 2008-04-07 21:39:18.3 - NTFSx86

Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1043.18.1284 [GMT 2:00]

Gestart vanuit: C:\Users\guildman\Desktop\combofix\combofix.exe

.

(((((((((((((((((((( Bestanden Gemaakt van 2008-03-07 to 2008-04-07 ))))))))))))))))))))))))))))))

.

Geen nieuwe bestanden aangemaakt in deze periode

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-04-07 19:40 --------- d-----w C:\Users\guildman\AppData\Roaming\uTorrent

2008-04-07 16:47 --------- d-----w C:\Users\guildman\AppData\Roaming\AVG7

2008-04-06 18:12 --------- d-----w C:\Program Files\Trend Micro

2008-04-06 17:00 --------- d-----w C:\Users\guildman\AppData\Roaming\Xfire

2008-04-06 17:00 --------- d-----w C:\Users\guildman\AppData\Roaming\Hamachi

2008-04-06 15:42 --------- d-----w C:\ProgramData\Xfire

2008-04-06 11:28 39,424 --sh--r C:\Windows\msn.com

2008-04-06 09:46 --------- d-----w C:\Program Files\Maxis

2008-04-04 07:50 --------- d-----w C:\Users\guildman\AppData\Roaming\vlc

2008-04-04 07:15 --------- d-----w C:\Program Files\VideoLAN

2008-04-03 17:54 --------- d-----w C:\Program Files\Common Files\Logitech

2008-04-03 17:54 --------- d-----w C:\Program Files\Common Files\logishrd

2008-03-28 08:38 --------- d--h--w C:\Program Files\InstallShield Installation Information

2008-03-28 08:38 --------- d-----w C:\Users\guildman\AppData\Roaming\InstallShield

2008-03-28 08:32 --------- d-----w C:\Program Files\Java

2008-03-27 14:18 22,328 ----a-w C:\Windows\system32\drivers\PnkBstrK.sys

2008-03-27 14:18 107,832 ----a-w C:\Windows\System32\PnkBstrB.exe

2008-03-27 12:53 --------- d-----w C:\ProgramData\Test Drive Unlimited

2008-03-26 20:58 --------- d-----w C:\ProgramData\Logishrd

2008-03-26 19:21 --------- d-----w C:\ProgramData\Logitech

2008-03-22 07:33 53,768 ----a-w C:\Windows\system32\drivers\avgwfp.sys

2008-03-22 01:06 --------- d-----w C:\ProgramData\Ubisoft

2008-03-22 00:55 --------- d-----w C:\Program Files\Ubisoft

2008-03-21 17:02 108,144 ----a-w C:\Windows\System32\CmdLineExt.dll

2008-03-21 15:26 --------- d-----w C:\Program Files\EA Games

2008-03-21 14:10 --------- d-----w C:\Program Files\Atari

2008-03-21 13:37 --------- d-----w C:\Program Files\Xfire

2008-03-20 15:39 --------- d-----w C:\Users\guildman\AppData\Roaming\Ubisoft

2008-03-17 19:56 --------- d-----w C:\Program Files\Windows Mail

2008-03-13 23:06 41,296 ----a-w C:\Windows\System32\xfcodec.dll

2008-03-12 16:39 163,644 ----a-w C:\Windows\system32\drivers\SECDRV.SYS

2008-03-12 16:33 --------- d-----w C:\Program Files\Electronic Arts

2008-03-12 13:34 --------- d-----w C:\Program Files\CCleaner

2008-02-18 14:14 --------- d-----w C:\Program Files\Hamachi

2008-02-18 14:13 25,280 ----a-w C:\Windows\system32\drivers\hamachi.sys

2008-02-17 04:10 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard

2008-02-17 04:10 --------- d-----w C:\Program Files\AGEIA Technologies

2008-02-16 22:08 66,872 ----a-w C:\Windows\System32\PnkBstrA.exe

2008-02-16 21:45 22,328 ----a-w C:\Users\guildman\AppData\Roaming\PnkBstrK.sys

2008-02-16 21:32 --------- d-----w C:\Program Files\Activision

2008-02-14 11:55 --------- d-----w C:\ProgramData\Media Center Programs

2008-02-13 16:12 194,560 ----a-w C:\Windows\System32\WebClnt.dll

2008-02-13 16:12 110,080 ----a-w C:\Windows\system32\drivers\mrxdav.sys

2008-02-13 16:10 943,800 ----a-w C:\Windows\System32\winload.exe

2008-02-13 16:09 45,112 ----a-w C:\Windows\system32\drivers\pciidex.sys

2008-02-13 16:09 3,504,696 ----a-w C:\Windows\System32\ntkrnlpa.exe

2008-02-13 16:09 3,470,392 ----a-w C:\Windows\System32\ntoskrnl.exe

2008-02-13 16:09 21,560 ----a-w C:\Windows\system32\drivers\atapi.sys

2008-02-13 16:09 17,464 ----a-w C:\Windows\system32\drivers\intelide.sys

2008-02-13 16:09 154,624 ----a-w C:\Windows\system32\drivers\nwifi.sys

2008-02-13 16:09 109,624 ----a-w C:\Windows\system32\drivers\ataport.sys

2008-02-13 16:08 803,328 ----a-w C:\Windows\system32\drivers\tcpip.sys

2008-02-13 16:08 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll

2008-02-13 16:08 449,536 ----a-w C:\Windows\AppPatch\AcSpecfc.dll

2008-02-13 16:08 4,247,552 ----a-w C:\Windows\System32\GameUXLegacyGDFs.dll

2008-02-13 16:08 24,064 ----a-w C:\Windows\System32\netcfg.exe

2008-02-13 16:08 22,016 ----a-w C:\Windows\System32\netiougc.exe

2008-02-13 16:08 216,632 ----a-w C:\Windows\system32\drivers\netio.sys

2008-02-13 16:08 2,144,256 ----a-w C:\Windows\AppPatch\AcGenral.dll

2008-02-13 16:08 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll

2008-02-13 16:08 167,424 ----a-w C:\Windows\System32\tcpipcfg.dll

2008-02-13 16:08 1,686,528 ----a-w C:\Windows\System32\gameux.dll

2008-02-13 16:06 824,832 ----a-w C:\Windows\System32\wininet.dll

2008-02-13 16:06 56,320 ----a-w C:\Windows\System32\iesetup.dll

2008-02-13 16:06 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll

2008-02-13 16:06 26,624 ----a-w C:\Windows\System32\ieUnatt.exe

2008-01-30 21:51 1,957,672 ----a-w C:\Windows\System32\pbsvc.exe

2008-01-10 05:50 1,244,672 ----a-w C:\Windows\System32\mcmde.dll

2008-01-09 02:01 11,776 ----a-w C:\Windows\System32\sbunattend.exe

2007-09-01 08:17 174 --sha-w C:\Program Files\desktop.ini

.

((((((((((((((((((((((((((((( snapshot@2008-04-07_19.06.27.13 )))))))))))))))))))))))))))))))))))))))))

.

- 2008-04-07 17:03:48 67,584 --s-a-w C:\Windows\bootstat.dat

+ 2008-04-07 18:09:09 67,584 --s-a-w C:\Windows\bootstat.dat

+ 2005-10-20 18:02:28 163,328 ----a-w C:\Windows\erdnt\subs\ERDNT.EXE

- 2008-04-07 17:05:00 262,144 ----a-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\usrclass.dat

+ 2008-04-07 19:24:14 262,144 ----a-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\usrclass.dat

- 2008-04-07 17:04:54 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT

+ 2008-04-07 18:10:15 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT

+ 2008-04-07 18:10:15 262,144 ---ha-w C:\Windows\ServiceProfiles\LocalService\ntuser.dat.LOG1

- 2008-04-07 17:04:58 262,144 ----a-w C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\usrclass.dat

+ 2008-04-07 19:39:21 262,144 ----a-w C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\usrclass.dat

- 2008-04-07 17:04:54 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT

+ 2008-04-07 19:38:01 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT

+ 2008-04-07 19:38:01 262,144 ---ha-w C:\Windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1

- 2008-04-07 16:58:14 262,144 ----a-w C:\Windows\System32\config\systemprofile\ntuser.dat

+ 2008-04-07 19:39:17 262,144 ----a-w C:\Windows\System32\config\systemprofile\ntuser.dat

- 2008-04-07 16:52:15 108,260 ----a-w C:\Windows\System32\perfc009.dat

+ 2008-04-07 18:14:17 108,260 ----a-w C:\Windows\System32\perfc009.dat

- 2008-04-07 16:52:15 128,256 ----a-w C:\Windows\System32\perfc013.dat

+ 2008-04-07 18:14:17 128,256 ----a-w C:\Windows\System32\perfc013.dat

- 2008-04-07 16:52:15 621,176 ----a-w C:\Windows\System32\perfh009.dat

+ 2008-04-07 18:14:17 621,176 ----a-w C:\Windows\System32\perfh009.dat

- 2008-04-07 16:52:15 701,994 ----a-w C:\Windows\System32\perfh013.dat

+ 2008-04-07 18:14:17 701,994 ----a-w C:\Windows\System32\perfh013.dat

- 2008-04-07 16:49:19 9,252 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1782276545-2530281447-14400948-1001_UserData.bin

+ 2008-04-07 18:11:45 9,664 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1782276545-2530281447-14400948-1001_UserData.bin

- 2008-04-07 16:49:19 70,986 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin

+ 2008-04-07 18:11:44 71,298 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin

- 2008-04-07 16:49:18 38,790 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin

+ 2008-04-07 17:06:16 39,358 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

REGEDIT4

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 17:45 313472]

"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2007-12-09 18:35 171448]

"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 14:35 125440]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2007-08-06 16:10 1006264]

"RtHDVCpl"="RtHDVCpl.exe" [2007-04-10 16:01 4431872 C:\Windows\RtHDVCpl.exe]

"JMB36X IDE Setup"="C:\Windows\JM\JMInsIDE.exe" [2006-10-30 20:44 36864 C:\Windows\JM\JMInsIDE.exe]

"NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-07-06 13:15 86016]

"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-07-06 13:15 8466432]

"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-07-06 13:15 81920]

"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784]

"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-01-11 14:19 579072]

"NeroFilterCheck"="C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 16:57 153136]

"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-08-08 10:25 1828136]

"LVCOMSX"="C:\Windows\system32\LVCOMSX.EXE" [2005-12-09 15:32 225280]

"SBI"="C:\Users\guildman\Downloads\install_sbd_nl VIRUS SCANNER.exe" [2008-04-07 18:07 1172768]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2007-10-30 16:04 219136]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]

"{8E1BFC0E-8AD2-424D-AC8A-06038481516E}"= C:\Windows\system32\vtUlKCsS.dll [ ]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgwlntf]

avgwlntf.dll 2007-08-07 09:19 9216 C:\Windows\System32\avgwlntf.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"VIDC.I420"= lvcodec2.dll

"VIDC.XFR1"= xfcodec.dll

"msacm.lhacm"= lhacm.acm

"MSVideo8"= VfWWDM32.dll

"MSVideo"= vfwwdm32.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusDisableNotify"=dword:00000001

"AntivirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]

"{85CA479A-4F4A-4F9F-819D-E9E8E38D6CA0}"= C:\Program Files\Electronic Arts\Command & Conquer 3\RetailExe\1.0\cnc3game.dat:Command & Conquer 3 Tiberium Wars

"{3748C267-0686-4C2C-83C1-76835F020E45}"= UDP:C:\Program Files\Electronic Arts\The Battle for Middle-earth II\game.dat:The Battle for Middle-earth™ II

"{179F0B0D-787B-4566-8B9E-923D87C105D4}"= TCP:C:\Program Files\Electronic Arts\The Battle for Middle-earth II\game.dat:The Battle for Middle-earth™ II

"{8F1615E1-2389-4F72-A731-63E8B669766D}"= UDP:C:\Program Files\Electronic Arts\The Rise of the Witch-king\game.dat:The Lord of the Rings, The Rise of the Witch-king

"{10FF37FD-361C-44FA-BF39-16811D766F1A}"= TCP:C:\Program Files\Electronic Arts\The Rise of the Witch-king\game.dat:The Lord of the Rings, The Rise of the Witch-king

"TCP Query User{32869293-0DAC-462C-A829-59EDD36C7D4C}C:\\program files\\electronic arts\\command & conquer 3\\retailexe\\1.0\\cnc3game.dat"= UDP:C:\program files\electronic arts\command & conquer 3\retailexe\1.0\cnc3game.dat:Command and Conquer 3 Tiberium Wars™

"UDP Query User{6DD765EC-DA2F-4BE7-833B-0553EB6CD0BF}C:\\program files\\electronic arts\\command & conquer 3\\retailexe\\1.0\\cnc3game.dat"= TCP:C:\program files\electronic arts\command & conquer 3\retailexe\1.0\cnc3game.dat:Command and Conquer 3 Tiberium Wars™

"{065DE9A0-188F-4AE0-B5EB-D002CCBA17AE}"= UDP:C:\Program Files\Electronic Arts\The Rise of the Witch-king\game.dat:The Lord of the Rings, The Rise of the Witch-king

"{13CDB5E4-42D0-4799-9A15-A51A0F71FB64}"= TCP:C:\Program Files\Electronic Arts\The Rise of the Witch-king\game.dat:The Lord of the Rings, The Rise of the Witch-king

"TCP Query User{1442EF57-1796-44EA-A25A-10AC04BD653F}C:\\program files\\hamachi\\hamachi.exe"= UDP:C:\program files\hamachi\hamachi.exe:Hamachi Client

"UDP Query User{6E08A576-76C0-45FB-A4BD-970390D4CFD5}C:\\program files\\hamachi\\hamachi.exe"= TCP:C:\program files\hamachi\hamachi.exe:Hamachi Client

"TCP Query User{CAE9F192-B5E0-46C1-B1F3-4D8A48810023}C:\\users\\guildman\\appdata\\local\\temp\\electronicarts_patcher_000.exe"= UDP:C:\users\guildman\appdata\local\temp\electronicarts_patcher_000.exe:electronicarts_patcher_000.exe

"UDP Query User{52194791-5C0A-493B-B369-5F89512E2855}C:\\users\\guildman\\appdata\\local\\temp\\electronicarts_patcher_000.exe"= TCP:C:\users\guildman\appdata\local\temp\electronicarts_patcher_000.exe:electronicarts_patcher_000.exe

"{4D627931-2F6E-4BAE-AD9A-68ED089C7FC4}"= C:\Program Files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)

"TCP Query User{FE7F86CE-B485-43F9-993A-AF9A79367568}C:\\program files\\gamespy\\comrade\\comrade.exe"= UDP:C:\program files\gamespy\comrade\comrade.exe:Comrade

"UDP Query User{7E57F462-4649-4F46-A850-F99D3B599B42}C:\\program files\\gamespy\\comrade\\comrade.exe"= TCP:C:\program files\gamespy\comrade\comrade.exe:Comrade

"{9F6C932E-0DAA-410F-BF1C-B1299AFB46D2}"= UDP:C:\Program Files\Electronic Arts\Battlefield 2142\BF2142.exe:Battlefield 2

"{E8267A96-A928-4AD3-8B4A-6E511DB1E034}"= TCP:C:\Program Files\Electronic Arts\Battlefield 2142\BF2142.exe:Battlefield 2

"{FC7A86DD-32BE-4133-A3C2-FC268F64F3E9}"= UDP:C:\Windows\System32\PnkBstrA.exe:PnkBstrA

"{E956B76F-D336-42EC-95F3-26EB61780B19}"= TCP:C:\Windows\System32\PnkBstrA.exe:PnkBstrA

"{A9107380-EBC1-4709-9667-47EC4C28A84A}"= UDP:C:\Windows\System32\PnkBstrB.exe:PnkBstrB

"{7C1B81AD-860E-44E7-8665-14B527097911}"= TCP:C:\Windows\System32\PnkBstrB.exe:PnkBstrB

"{D0CA9787-5862-4862-B4EA-A139CA03673F}"= UDP:C:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\Crysis.exe:Crysis_32

"{5AF83993-6195-42E4-8F39-BFC02E00073C}"= TCP:C:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\Crysis.exe:Crysis_32

"{C6B999D9-DB95-4C50-9DE2-08349930CF13}"= UDP:C:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\CrysisDedicatedServer.exe:CrysisDedicatedServer_32

"{5354D629-136F-4720-91A7-C9EFB6892A05}"= TCP:C:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\CrysisDedicatedServer.exe:CrysisDedicatedServer_32

"{81AAF909-ABF6-4964-8FC9-3925AF8AB6DE}"= UDP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent

"{65A1C5CE-E140-46AD-91AB-10B72F739331}"= TCP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent

"{F0165FCF-DD28-4EC7-9B40-695A2231CE77}"= UDP:C:\Program Files\Ubisoft\THE SETTLERS - Rise of an Empire\base\bin\Settlers6.exe:THE SETTLERS - Rise of an Empire

"{7335FB89-CE03-44BD-BAE4-984428974DDB}"= TCP:C:\Program Files\Ubisoft\THE SETTLERS - Rise of an Empire\base\bin\Settlers6.exe:THE SETTLERS - Rise of an Empire

"{B1BF99A2-982A-4FE0-AE99-D468D7441E29}"= UDP:C:\Program Files\Ubisoft\Assassin's Creed\AssassinsCreed_Dx9.exe:Assassin's Creed Dx9

"{04AFF9BF-8A65-4733-BCA2-30C5FF484232}"= TCP:C:\Program Files\Ubisoft\Assassin's Creed\AssassinsCreed_Dx9.exe:Assassin's Creed Dx9

"{0480B2BE-B4E6-472B-9532-C18C9818A0A8}"= UDP:C:\Program Files\Ubisoft\Assassin's Creed\AssassinsCreed_Dx10.exe:Assassin's Creed Dx10

"{263B9FD8-A680-479D-BF4D-F3FA8B03DEA7}"= TCP:C:\Program Files\Ubisoft\Assassin's Creed\AssassinsCreed_Dx10.exe:Assassin's Creed Dx10

"{35FA6214-19D4-44E5-837A-9422209DBB40}"= UDP:C:\Program Files\Ubisoft\Assassin's Creed\AssassinsCreed_Launcher.exe:Assassin's Creed Update

"{E851150A-3E16-4358-951B-58518D241568}"= TCP:C:\Program Files\Ubisoft\Assassin's Creed\AssassinsCreed_Launcher.exe:Assassin's Creed Update

"TCP Query User{0A1C39A0-538E-4DEB-B7A4-627F7314B374}C:\\program files\\xfire\\xfire.exe"= UDP:C:\program files\xfire\xfire.exe:Xfire

"UDP Query User{321076CB-96BE-432B-8B84-6E02C9CACEB9}C:\\program files\\xfire\\xfire.exe"= TCP:C:\program files\xfire\xfire.exe:Xfire

"TCP Query User{9329639A-0BC2-4D3A-A003-CEA6422C9F97}C:\\program files\\unreal tournament 3\\binaries\\ut3.exe"= UDP:C:\program files\unreal tournament 3\binaries\ut3.exe:UT3

"UDP Query User{0A45FD69-E612-40B7-A28F-897952807A00}C:\\program files\\unreal tournament 3\\binaries\\ut3.exe"= TCP:C:\program files\unreal tournament 3\binaries\ut3.exe:UT3

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]

"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

R3 AvgWFP;AVG7 Firewall Driver x86;C:\Windows\system32\Drivers\avgwfp.sys [2008-03-22 09:33]

R3 LVPrcMon;Logitech LVPrcMon Driver;C:\Windows\system32\drivers\LVPrcMon.sys [2005-12-09 15:37]

R3 yukonwlh;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk60x86.sys [2006-11-22 09:12]

S3 FXDrv32;FXDrv32;C:\Program Files\FOXCONN\FOX LiveUpdate\FXDrv32.sys [2005-12-20 19:23]

S3 MRV6X32P;Met Vista geleverd 32-bits-stuurprogramma;C:\Windows\system32\DRIVERS\MRVW13B.sys [2006-11-02 09:30]

S3 odysseyIM4;Odyssey Network Agent Miniport;C:\Windows\system32\DRIVERS\odysseyIM4.sys [2004-09-24 23:36]

S3 RTL85n86;Belkin Wireless G Notebook Card Service v8;C:\Windows\system32\DRIVERS\RTL85n86.sys [2007-03-12 17:49]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

bthsvcs REG_MULTI_SZ BthServ

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a58094c4-5000-11dc-b82a-001a7036ebf4}]

\shell\AutoRun\command - K:\autorun.exe

.

**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-04-07 21:40:50

Windows 6.0.6000 NTFS

scannen van verborgen processen ...

scannen van verborgen autostart items ...

scannen van verborgen bestanden ...

Scan succesvol afgerond

verborgen bestanden: 0

**************************************************************************

.

Voltooingstijd: 2008-04-07 21:41:26

ComboFix-quarantined-files.txt 2008-04-07 19:41:24

ComboFix2.txt 2008-04-07 18:12:06

ComboFix3.txt 2008-04-07 17:07:08

Kan het bericht voor berichtnummer 0x2379 niet vinden in berichtenbestand voor Application.

Kan het bericht voor berichtnummer 0x2379 niet vinden in berichtenbestand voor Application.

.

2008-04-06 09:41:17 --- E O F ---

Gast
Dit topic is nu gesloten voor nieuwe reacties.
×
×
  • Nieuwe aanmaken...

Belangrijke informatie

We hebben cookies geplaatst op je toestel om deze website voor jou beter te kunnen maken. Je kunt de cookie instellingen aanpassen, anders gaan we er van uit dat het goed is om verder te gaan.