Ga naar inhoud

Aanbevolen berichten

Gast beamer
Geplaatst:

Hallo

Ik heb dikke probleem wanneer ik wil surfen(op internet gaan)

gaat mijn internet over 5 min traag en dan val die uit ik heb al alles gedaan op sommig forum dat ik keek en niks werkt ik vraag iemand dat verstand heeft om me te zegge nwat probleem is

Beter uit leg

internet gaat over 5 min traag

dan val die uit

en dan gaat die weer

maar over 5 min gebeurt het weeral

elke keer

Iemand help me ik kom er zot van

Geplaatst:

Download HiJackThis

Dubbelklik op HJTInstall.exe

Hijackthis wordt nu op je PC geïnstalleerd, een snelkoppeling wordt op je bureaublad geplaatst. Klik op "Do a systemscan and save a logfile". en hang dit logje aan je volgende bericht.

NB. gebruikers met Windows Vista zullen eerst moeten rechtsklikken op HijackThis.exe en dan kiezen voor "Run as Administrator".

Gast beamer
Geplaatst:

unning processes:

E:\WINDOWS\System32\smss.exe

E:\WINDOWS\system32\winlogon.exe

E:\WINDOWS\system32\services.exe

E:\WINDOWS\system32\lsass.exe

E:\WINDOWS\system32\svchost.exe

E:\WINDOWS\System32\svchost.exe

E:\WINDOWS\system32\spoolsv.exe

E:\WINDOWS\Explorer.EXE

E:\WINDOWS\system32\RUNDLL32.EXE

E:\Program Files\ASUS\GamerOSD\GamerOSD.exe

E:\WINDOWS\RTHDCPL.EXE

E:\PROGRA~1\AVG\AVG8\avgtray.exe

E:\WINDOWS\system32\ctfmon.exe

E:\Program Files\Windows Live\Messenger\MsnMsgr.Exe

E:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

E:\WINDOWS\ATKKBService.exe

E:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

E:\WINDOWS\system32\nvsvc32.exe

E:\PROGRA~1\AVG\AVG8\avgrsx.exe

E:\PROGRA~1\AVG\AVG8\avgemc.exe

E:\WINDOWS\system32\wscntfy.exe

E:\Program Files\Windows Live\Messenger\usnsvc.exe

E:\WINDOWS\System32\svchost.exe

E:\Program Files\Internet Explorer\IEXPLORE.EXE

E:\PROGRA~1\AVG\AVG8\aAvgApi.exe

E:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe

E:\WINDOWS\system32\wuauclt.exe

E:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - E:\Program Files\AVG\AVG8\avgssie.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - E:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - E:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL

O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - E:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE E:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE E:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [ASUSGamerOSD] E:\Program Files\ASUS\GamerOSD\GamerOSD.exe

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE

O4 - HKLM\..\Run: [JMB36X IDE Setup] E:\WINDOWS\RaidTool\xInsIDE.exe

O4 - HKLM\..\Run: [36X Raid Configurer] E:\WINDOWS\system32\xRaidSetup.exe boot

O4 - HKLM\..\Run: [AVG8_TRAY] E:\PROGRA~1\AVG\AVG8\avgtray.exe

O4 - HKCU\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MsnMsgr] "E:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: Adobe Reader Speed Launch.lnk = E:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {2019DC25-D1C0-11D6-97B3-0008A124F542} (StreamPlug Class) - http://www.streamplug.com/StreamPlug/beta/SP.cab

O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab

O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v5.cab

O16 - DPF: {AA07EBD2-EBDD-4BD6-9F8F-114BD513492C} (NeffyLauncherCtl Class) - http://dist.globalgamecdn.com/dist/neffy/NeffyLauncher.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O16 - DPF: {E2E799BB-0285-4F31-9AE9-F21B4430A775} (EngOrkaWebCtrl Class) - http://orka.gamengame.com/Game_Exe/EngOrkaWeb.cab

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - E:\Program Files\AVG\AVG8\avgpp.dll

O20 - AppInit_DLLs: avgrsstx.dll

O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - E:\WINDOWS\ATKKBService.exe

O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - E:\PROGRA~1\AVG\AVG8\avgemc.exe

O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - E:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - E:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - E:\WINDOWS\system32\nvsvc32.exe

--

End of file - 5692 bytes

Zo ik moet voor paar uurtjes weg ik zal zo rap mogelijk terug komen

Geplaatst:

Start Hijackthis op en kies voor 'Do a system scan only'. Selecteer alleen de items hieronder genoemd:

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O4 - HKLM\..\Run: [JMB36X IDE Setup] E:\WINDOWS\RaidTool\xInsIDE.exe

O4 - HKLM\..\Run: [36X Raid Configurer] E:\WINDOWS\system32\xRaidSetup.exe boot

Klik op 'Fix checked' om de items te verwijderen.

Download MBAM (Malwarebytes' Anti-Malware).

Dubbelklik op mbam-setup.exe om het programma te installeren.

Zorg ervoor dat er een vinkje geplaatst is voor Update Malwarebytes' Anti-Malware en Start Malwarebytes' Anti-Malware, Klik daarna op "Voltooien".

Indien een update gevonden werd, zal die gedownload en geïnstalleerd worden.

Wanneer het programma volledig up to date is, selecteer dan in het tabblad Scanner : "Snelle Scan", daarna klik op Scan.

Het scannen kan een tijdje duren, dus wees geduldig.

Wanneer de scan voltooid is, klik op OK, daarna "Bekijk Resultaten" om de resultaten te zien.

Zorg ervoor dat daar alles aangevinkt is, daarna klik op: Verwijder geselecteerde.

Na het verwijderen zal een log openen en zal er gevraagd worden om de computer opnieuw op te starten. (Zie verder)

De log wordt automatisch bewaard door MBAM en kan je terugvinden door op de "Logs" tab te klikken in MBAM.

Indien MBAM moeilijkheden heeft met het verwijderen van bepaalde bestanden zal het enkele meldingen geven waar je OK moet klikken.Daarna zal het vragen om de Computer opnieuw op te starten... dus sta toe dat MBAM de computer opnieuw opstart.

Plak de inhoud van het logje in je volgende bericht, samen met een nieuw HijackThis log.

Gast beamer
Geplaatst:

Malwarebytes' Anti-Malware 1.12

Database versie: 731

Scan type: Snelle Scan

Objecten gescand: 49312

Verstreken tijd: 8 minute(s), 22 second(s)

Geheugenprocessen geïnfecteerd: 0

Geheugenmodulen geïnfecteerd: 0

Registersleutels geïnfecteerd: 0

Registerwaarden geïnfecteerd: 0

Registerdata bestanden geïnfecteerd: 0

Mappen geïnfecteerd: 0

Bestanden geïnfecteerd: 0

Geheugenprocessen geïnfecteerd:

(Geen kwaadaardige items gevonden)

Geheugenmodulen geïnfecteerd:

(Geen kwaadaardige items gevonden)

Registersleutels geïnfecteerd:

(Geen kwaadaardige items gevonden)

Registerwaarden geïnfecteerd:

(Geen kwaadaardige items gevonden)

Registerdata bestanden geïnfecteerd:

(Geen kwaadaardige items gevonden)

Mappen geïnfecteerd:

(Geen kwaadaardige items gevonden)

Bestanden geïnfecteerd:

(Geen kwaadaardige items gevonden)

dat is van de scan en de andere komt er onder

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 20:58:54, on 8-5-2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.5730.0013)

Boot mode: Normal

Running processes:

E:\WINDOWS\System32\smss.exe

E:\WINDOWS\system32\winlogon.exe

E:\WINDOWS\system32\services.exe

E:\WINDOWS\system32\lsass.exe

E:\WINDOWS\system32\svchost.exe

E:\WINDOWS\System32\svchost.exe

E:\WINDOWS\system32\spoolsv.exe

E:\WINDOWS\Explorer.EXE

E:\WINDOWS\system32\RUNDLL32.EXE

E:\Program Files\ASUS\GamerOSD\GamerOSD.exe

E:\WINDOWS\RTHDCPL.EXE

E:\PROGRA~1\AVG\AVG8\avgtray.exe

E:\WINDOWS\system32\ctfmon.exe

E:\WINDOWS\ATKKBService.exe

E:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

E:\WINDOWS\system32\nvsvc32.exe

E:\PROGRA~1\AVG\AVG8\avgrsx.exe

E:\PROGRA~1\AVG\AVG8\avgemc.exe

E:\WINDOWS\system32\wscntfy.exe

E:\Program Files\Windows Live\Messenger\usnsvc.exe

E:\WINDOWS\System32\svchost.exe

E:\Program Files\Internet Explorer\iexplore.exe

E:\PROGRA~1\AVG\AVG8\aAvgApi.exe

E:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe

E:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - E:\Program Files\AVG\AVG8\avgssie.dll

O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - E:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - E:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL

O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - E:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE E:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE E:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [ASUSGamerOSD] E:\Program Files\ASUS\GamerOSD\GamerOSD.exe

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE

O4 - HKLM\..\Run: [AVG8_TRAY] E:\PROGRA~1\AVG\AVG8\avgtray.exe

O4 - HKCU\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MsnMsgr] "E:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: Adobe Reader Speed Launch.lnk = E:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {2019DC25-D1C0-11D6-97B3-0008A124F542} (StreamPlug Class) - http://www.streamplug.com/StreamPlug/beta/SP.cab

O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab

O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v5.cab

O16 - DPF: {AA07EBD2-EBDD-4BD6-9F8F-114BD513492C} (NeffyLauncherCtl Class) - http://dist.globalgamecdn.com/dist/neffy/NeffyLauncher.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O16 - DPF: {E2E799BB-0285-4F31-9AE9-F21B4430A775} (EngOrkaWebCtrl Class) - http://orka.gamengame.com/Game_Exe/EngOrkaWeb.cab

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - E:\Program Files\AVG\AVG8\avgpp.dll

O20 - AppInit_DLLs: avgrsstx.dll

O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - E:\WINDOWS\ATKKBService.exe

O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - E:\PROGRA~1\AVG\AVG8\avgemc.exe

O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - E:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - E:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - E:\WINDOWS\system32\nvsvc32.exe

--

End of file - 5324 bytes

Zo wat nu ?

Geplaatst:

Het lijkt er op dat we het eerder bij een probleem met je verbinding (je provider) moeten zoeken, dan op softwarematig vlak. Nog een laatste controle om zeker te weten dat er geen problemen op je PC zitten :

Download Combofix en zet het op je Bureaublad.

Dubbelklik op Combofix.exe en volg de instructies, aanvaard de disclaimer door y te typen. Tijdens het runnen van de fix, NIET in het venster klikken, want dit zal je pc doen vasthangen.

Wanneer de fix voltooid is en na herstart, zal de log combofix.txt openen.

NOTA: Indien je virusscanner reageert met een melding van een scriptuitvoering, moet je dit toestaan.

Hang dat log van Combofix aan je volgende bericht.

Gast beamer
Geplaatst:

ComboFix 08-05-07.2 - sandro 2008-05-08 22:47:20.1 - NTFSx86

Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1043.18.562 [GMT 2:00]

Gestart vanuit: E:\Documents and Settings\sandro\Bureaublad\ComboFix.exe

* Nieuw herstelpunt werd aangemaakt

WAARSCHUWING - DE RECOVERY CONSOLE IS NIET OP DIT SYSTEEM GEINSTALLEERD !!

.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))

.

E:\Documents and Settings\sandro\Local Settings\Temporary Internet Files\ijjistarter_verinfo.dat

E:\Documents and Settings\sandro\Local Settings\Temporary Internet Files\ijjistarter2.exe

.

(((((((((((((((((((( Bestanden Gemaakt van 2008-04-08 to 2008-05-08 ))))))))))))))))))))))))))))))

.

2008-05-08 20:47 . 2008-05-08 20:47 <DIR> d-------- E:\Program Files\Malwarebytes' Anti-Malware

2008-05-08 20:47 . 2008-05-08 20:47 <DIR> d-------- E:\Documents and Settings\sandro\Application Data\Malwarebytes

2008-05-08 20:47 . 2008-05-08 20:47 <DIR> d-------- E:\Documents and Settings\All Users\Application Data\Malwarebytes

2008-05-08 20:47 . 2008-05-05 20:46 27,048 --a------ E:\WINDOWS\system32\drivers\mbamcatchme.sys

2008-05-08 20:47 . 2008-05-05 20:46 15,864 --a------ E:\WINDOWS\system32\drivers\mbam.sys

2008-05-07 23:28 . 2008-05-08 21:34 <DIR> d-------- E:\WINDOWS\system32\drivers\Avg

2008-05-07 23:28 . 2008-05-07 23:28 <DIR> d-------- E:\Program Files\AVG

2008-05-07 23:28 . 2008-05-07 23:44 <DIR> d-------- E:\Documents and Settings\sandro\Application Data\AVGTOOLBAR

2008-05-07 23:28 . 2008-05-07 23:28 <DIR> d-------- E:\Documents and Settings\All Users\Application Data\avg8

2008-05-07 23:28 . 2008-05-07 23:28 96,520 --a------ E:\WINDOWS\system32\drivers\avgldx86.sys

2008-05-07 23:28 . 2008-05-07 23:28 75,272 --a------ E:\WINDOWS\system32\drivers\avgtdix.sys

2008-05-07 23:28 . 2008-05-07 23:28 10,520 --a------ E:\WINDOWS\system32\avgrsstx.dll

2008-05-07 23:14 . 2008-05-07 23:14 <DIR> d-------- E:\Program Files\Trend Micro

2008-05-06 01:17 . 2008-05-06 01:17 <DIR> d-------- E:\Program Files\DNA

2008-05-06 01:17 . 2008-05-07 23:11 <DIR> d-------- E:\Documents and Settings\sandro\Application Data\DNA

2008-05-02 16:36 . 2008-05-02 16:36 <DIR> d-------- E:\WINDOWS\system32\LogFiles

2008-04-21 20:48 . 2008-04-21 20:48 <DIR> d-------- E:\Documents and Settings\sandro\Application Data\InstallShield

2008-04-21 20:48 . 2008-04-21 20:48 <DIR> d-------- E:\AeriaGames

2008-04-21 17:35 . 2008-05-08 03:43 <DIR> d-------- E:\Documents and Settings\sandro\Application Data\AdobeUM

2008-04-21 01:20 . 2008-04-21 01:20 <DIR> d-------- E:\Program Files\DivX

2008-04-19 22:29 . 2008-04-19 22:29 <DIR> d-------- E:\Program Files\Windows Live Toolbar

2008-04-19 22:29 . 2008-04-19 22:29 <DIR> d-------- E:\Program Files\Windows Live Favorites

2008-04-19 22:29 . 2008-04-20 13:07 <DIR> d-------- E:\Documents and Settings\sandro\Contacts

2008-04-19 22:25 . 2008-04-19 22:28 <DIR> d-------- E:\Program Files\Windows Live

2008-04-19 22:25 . 2008-04-19 22:28 <DIR> d--hsc--- E:\Program Files\Common Files\WindowsLiveInstaller

2008-04-19 22:25 . 2008-04-19 22:25 <DIR> d-------- E:\Documents and Settings\All Users\Application Data\WLInstaller

2008-04-19 01:54 . 2008-04-19 01:54 <DIR> d-------- E:\Program Files\Acclaim

2008-04-17 21:39 . 2008-04-19 16:38 <DIR> d-------- E:\Program Files\OGPlanet

2008-04-16 20:08 . 2008-04-16 20:08 <DIR> d-------- E:\Program Files\Softnyx

2008-04-16 20:06 . 2004-08-03 23:08 26,496 --a--c--- E:\WINDOWS\system32\dllcache\usbstor.sys

2008-04-16 18:10 . 2008-04-16 18:10 <DIR> d-------- E:\Program Files\Textures

2008-04-16 18:10 . 2008-04-16 18:10 <DIR> d-------- E:\Program Files\System

2008-04-16 17:34 . 2008-04-16 17:34 <DIR> d-------- E:\Program Files\G2G

2008-04-16 17:33 . 2008-04-16 17:40 <DIR> d-------- E:\Program Files\Neffy

2008-04-16 17:19 . 2008-04-16 17:19 <DIR> d-------- E:\Program Files\Common Files\INCA Shared

2008-04-16 17:19 . 2003-07-19 08:17 5,174 --a------ E:\WINDOWS\system32\nppt9x.vxd

2008-04-16 17:19 . 2005-01-02 23:43 4,682 --a------ E:\WINDOWS\system32\npptNT2.sys

2008-04-16 17:18 . 2008-04-16 17:18 <DIR> d-------- E:\Program Files\NHN USA

2008-04-16 17:18 . 2008-04-16 17:18 <DIR> d--h----- E:\Documents and Settings\sandro\Application Data\ijjigame

2008-04-16 17:18 . 2008-01-16 18:25 679,936 --a------ E:\WINDOWS\system32\ijjiSetup.exe

2008-04-16 17:18 . 2007-06-21 18:59 58,776 --a------ E:\WINDOWS\system32\ijjiPlugin2.dll

2008-04-15 22:25 . 2008-04-15 22:25 <DIR> d-------- E:\Documents and Settings\sandro\Application Data\Atari

2008-04-15 22:24 . 2007-09-18 23:41 258,352 --a------ E:\WINDOWS\system32\unicows.dll

2008-04-15 22:07 . 1998-10-29 16:45 306,688 --a------ E:\WINDOWS\IsUninst.exe

2008-04-15 21:22 . 2008-04-15 21:22 <DIR> d-------- E:\Documents and Settings\NetworkService\Application Data\Xfire

2008-04-15 21:21 . 2008-04-19 00:52 <DIR> d-------- E:\Documents and Settings\sandro\Application Data\Xfire

2008-04-15 21:16 . 2008-05-01 02:11 <DIR> d-------- E:\Documents and Settings\sandro\Application Data\Ventrilo

2008-04-15 21:13 . 2008-05-03 16:44 <DIR> d-------- E:\Documents and Settings\sandro\Application Data\teamspeak2

2008-04-15 19:04 . 2008-04-15 18:57 <DIR> d--h----- E:\Documents and Settings\sandro\Sjablonen

2008-04-15 19:04 . 2008-05-07 23:07 <DIR> dr-h----- E:\Documents and Settings\sandro\Onlangs geopend

2008-04-15 19:04 . 2008-04-15 20:53 <DIR> d--h----- E:\Documents and Settings\sandro\Netwerkprinteromgeving

2008-04-15 19:04 . 2008-04-26 03:32 <DIR> dr------- E:\Documents and Settings\sandro\Mijn documenten

2008-04-15 19:04 . 2008-04-15 20:53 <DIR> dr------- E:\Documents and Settings\sandro\Menu Start

2008-04-15 19:04 . 2008-05-07 22:14 <DIR> dr------- E:\Documents and Settings\sandro\Favorieten

2008-04-15 19:04 . 2008-05-08 22:45 <DIR> d-------- E:\Documents and Settings\sandro\Bureaublad

2008-04-15 19:04 . 2008-04-19 22:29 <DIR> d-------- E:\Documents and Settings\sandro

2008-04-15 19:04 . 2008-05-08 22:48 241,664 --ah----- E:\Documents and Settings\sandro\ntuser.dat.LOG

2008-04-15 19:03 . 2008-04-15 19:03 <DIR> d---s---- E:\WINDOWS\system32\Microsoft

2008-04-15 19:03 . 2008-04-15 19:03 <DIR> d--hs---- E:\Documents and Settings\NetworkService

2008-04-15 19:03 . 2008-04-15 19:03 <DIR> d--hs---- E:\Documents and Settings\LocalService

2008-04-15 19:03 . 2008-04-15 19:03 8,192 --a------ E:\WINDOWS\REGLOCS.OLD

2008-04-15 19:03 . 2008-05-08 12:20 1,024 --ah----- E:\Documents and Settings\NetworkService\ntuser.dat.LOG

2008-04-15 19:03 . 2008-05-08 12:20 1,024 --ah----- E:\Documents and Settings\LocalService\ntuser.dat.LOG

2008-04-15 19:02 . 2008-04-15 18:57 <DIR> d--h----- E:\WINDOWS\system32\config\systemprofile\Sjablonen

2008-04-15 19:02 . 2008-04-15 20:53 <DIR> d--h----- E:\WINDOWS\system32\config\systemprofile\Onlangs geopend

2008-04-15 19:02 . 2008-04-15 20:53 <DIR> d--h----- E:\WINDOWS\system32\config\systemprofile\Netwerkprinteromgeving

2008-04-15 19:02 . 2008-04-15 20:53 <DIR> d-------- E:\WINDOWS\system32\config\systemprofile\Mijn documenten

2008-04-15 19:02 . 2008-04-15 20:53 <DIR> dr------- E:\WINDOWS\system32\config\systemprofile\Menu Start

2008-04-15 19:02 . 2008-04-15 20:53 <DIR> d-------- E:\WINDOWS\system32\config\systemprofile\Favorieten

2008-04-15 19:02 . 2008-04-15 20:53 <DIR> d-------- E:\WINDOWS\system32\config\systemprofile\Bureaublad

2008-04-15 19:01 . 2008-04-15 19:01 <DIR> d-------- E:\WINDOWS\system32\xircom

2008-04-15 19:01 . 2008-04-15 19:01 <DIR> d-------- E:\Program Files\microsoft frontpage

2008-04-15 19:00 . 2008-04-15 19:00 <DIR> d--hs---- E:\Documents and Settings\All Users\DRM

2008-04-15 12:54 . 2008-04-15 12:55 <DIR> d--h----- E:\msdownld.tmp

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-05-05 15:30 196,608 ----a-w E:\WINDOWS\system32\drivers\nStandard.bin

2008-04-21 18:48 --------- d--h--w E:\Program Files\InstallShield Installation Information

2008-04-16 15:42 --------- d-----w E:\Program Files\Common Files\InstallShield

2008-04-15 18:48 --------- d-----w E:\Program Files\Attansic

2008-04-15 18:45 315,392 ----a-w E:\WINDOWS\HideWin.exe

2008-04-15 18:45 --------- d-----w E:\Program Files\Realtek

2008-04-15 18:38 --------- d-----w E:\Program Files\Intel

2008-04-15 18:36 --------- d-----w E:\Program Files\Common Files\Adobe

2008-04-15 18:32 --------- d-----w E:\Program Files\My Company Name

2008-04-15 18:31 --------- d-----w E:\Program Files\ASUS

2008-04-04 21:31 41,296 ----a-w E:\WINDOWS\system32\xfcodec.dll

2008-03-21 20:30 200,704 ----a-w E:\WINDOWS\system32\ssldivx.dll

2008-03-21 20:30 1,044,480 ----a-w E:\WINDOWS\system32\libdivx.dll

2008-03-20 08:10 1,845,376 ----a-w E:\WINDOWS\system32\win32k.sys

2008-02-20 06:51 282,624 ----a-w E:\WINDOWS\system32\gdi32.dll

2008-02-20 05:39 45,568 ----a-w E:\WINDOWS\system32\dnsrslvr.dll

2006-06-23 22:48 32,768 ----a-r E:\WINDOWS\inf\UpdateUSB.exe

2002-09-23 15:48 6,165 ----a-w E:\Program Files\TOAoT-332-Patch-Features.txt

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

REGEDIT4

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A057A204-BACC-4D26-9990-79A187E2698E}]

2008-05-07 23:28 2050816 --a------ E:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{A057A204-BACC-4D26-9990-79A187E2698E}"= "E:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL" [2008-05-07 23:28 2050816]

[HKEY_CLASSES_ROOT\clsid\{a057a204-bacc-4d26-9990-79a187e2698e}]

[HKEY_CLASSES_ROOT\avgtoolbar.AVGTOOLBAR]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]

"{A057A204-BACC-4D26-9990-79A187E2698E}"= E:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL [2008-05-07 23:28 2050816]

[HKEY_CLASSES_ROOT\clsid\{a057a204-bacc-4d26-9990-79a187e2698e}]

[HKEY_CLASSES_ROOT\avgtoolbar.AVGTOOLBAR]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="E:\WINDOWS\system32\ctfmon.exe" [2006-03-02 14:00 15360]

"MsnMsgr"="E:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NvCplDaemon"="E:\WINDOWS\system32\NvCpl.dll" [2007-06-28 18:43 8466432]

"nwiz"="nwiz.exe" [2007-06-28 18:43 1626112 E:\WINDOWS\system32\nwiz.exe]

"NvMediaCenter"="E:\WINDOWS\system32\NvMcTray.dll" [2007-06-28 18:43 81920]

"ASUSGamerOSD"="E:\Program Files\ASUS\GamerOSD\GamerOSD.exe" [2007-07-12 10:03 380928]

"RTHDCPL"="RTHDCPL.EXE" [2007-03-21 16:49 16126464 E:\WINDOWS\RTHDCPL.exe]

"AVG8_TRAY"="E:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-05-07 23:28 1177368]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="E:\WINDOWS\system32\CTFMON.EXE" [2006-03-02 14:00 15360]

E:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\

Adobe Reader Speed Launch.lnk - E:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 04:44:06 29696]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"VIDC.XFR1"= xfcodec.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"E:\\WINDOWS\\system32\\usmt\\migwiz.exe"=

"E:\\Program Files\\Messenger\\msmsgs.exe"=

"C:\\Program Files\\Xfire\\xfire.exe"=

"C:\\Program Files\\mIRC\\mirc.exe"=

"E:\\Program Files\\G2G\\Orka\\Client.exe"=

"E:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"E:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

"E:\\Program Files\\Softnyx\\WolfTeam\\Wolfteam.bin"=

"E:\\Program Files\\DNA\\btdna.exe"=

"E:\\Program Files\\AVG\\AVG8\\avgupd.exe"=

"E:\\Program Files\\AVG\\AVG8\\avgemc.exe"=

R1 AvgLdx86;AVG AVI Loader Driver x86;E:\WINDOWS\system32\Drivers\avgldx86.sys [2008-05-07 23:28]

R2 avg8emc;AVG8 E-mail Scanner;E:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-05-07 23:28]

R2 avg8wd;AVG8 WatchDog;E:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-05-07 23:28]

R2 AvgTdiX;AVG8 Network Redirector;E:\WINDOWS\system32\Drivers\avgtdix.sys [2008-05-07 23:28]

R3 asusgsb;ASUS Virtual Video Capture Device Driver;E:\WINDOWS\system32\drivers\asusgsb.sys [2007-07-12 10:03]

R3 AtcL001;NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Controller;E:\WINDOWS\system32\DRIVERS\atl01_xp.sys [2007-03-15 16:12]

R3 Video3D;ASUS Video3D Service;E:\WINDOWS\system32\Drivers\Video3D32.sys [2007-07-12 10:03]

S3 XDva032;XDva032;E:\WINDOWS\system32\XDva032.sys []

S3 XDva145;XDva145;E:\WINDOWS\system32\XDva145.sys []

*Newly Created Service* - CATCHME

.

**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-05-08 22:48:17

Windows 5.1.2600 Service Pack 2 NTFS

scannen van verborgen processen ...

scannen van verborgen autostart items ...

scannen van verborgen bestanden ...

Scan succesvol afgerond

verborgen bestanden: 2

**************************************************************************

.

Voltooingstijd: 2008-05-08 22:48:33

ComboFix-quarantined-files.txt 2008-05-08 20:48:32

Pre-Run: 185,200,541,696 bytes beschikbaar

Post-Run: 187,945,910,272 bytes beschikbaar

183 --- E O F --- 2008-04-15 18:53:34

Zo :)

Geplaatst:

Open een kladblokbestand.

Kopieer en plak daarin de onderstaande vetgedrukte tekst.

File::

E:\WINDOWS\system32\ijjiSetup.exe

E:\WINDOWS\system32\ijjiPlugin2.dll

E:\msdownld.tmp

E:\Program Files\TOAoT-332-Patch-Features.txt

Folder::

E:\Documents and Settings\sandro\Application Data\ijjigame

Sla dit bestand op je bureaublad op als CFScript.txt.

Sleep CFScript.txt in ComboFix.exe

Dit zal ComboFix doen herstarten. Start opnieuw op als dat gevraagd wordt.

Post na herstart de inhoud van de Combofix.txt in je volgende bericht samen met een nieuw logje van HijackThis en laat eens horen of dit iets gewijzigd heeft ?

Gast beamer
Geplaatst:

ComboFix 08-05-07.2 - sandro 2008-05-08 23:38:36.2 - NTFSx86

Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1043.18.705 [GMT 2:00]

Gestart vanuit: E:\Documents and Settings\sandro\Bureaublad\ComboFix.exe

Command switches used :: E:\Documents and Settings\sandro\Bureaublad\CFScript.txt.txt

* Nieuw herstelpunt werd aangemaakt

WAARSCHUWING - DE RECOVERY CONSOLE IS NIET OP DIT SYSTEEM GEINSTALLEERD !!

FILE ::

E:\msdownld.tmp

E:\Program Files\TOAoT-332-Patch-Features.txt

E:\WINDOWS\system32\ijjiPlugin2.dll

E:\WINDOWS\system32\ijjiSetup.exe

.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))

.

E:\Documents and Settings\sandro\Application Data\ijjigame

E:\Documents and Settings\sandro\Application Data\ijjigame\HUL\gamekind.ini

E:\Documents and Settings\sandro\Application Data\ijjigame\HUL\u_sf_launcher.hul

E:\Program Files\TOAoT-332-Patch-Features.txt

E:\WINDOWS\system32\ijjiPlugin2.dll

E:\WINDOWS\system32\ijjiSetup.exe

.

(((((((((((((((((((( Bestanden Gemaakt van 2008-04-08 to 2008-05-08 ))))))))))))))))))))))))))))))

.

2008-05-08 23:08 . 2008-05-08 23:08 <DIR> d-------- E:\Documents and Settings\All Users\Application Data\Avg8

2008-05-08 20:47 . 2008-05-08 20:47 <DIR> d-------- E:\Program Files\Malwarebytes' Anti-Malware

2008-05-08 20:47 . 2008-05-08 20:47 <DIR> d-------- E:\Documents and Settings\sandro\Application Data\Malwarebytes

2008-05-08 20:47 . 2008-05-08 20:47 <DIR> d-------- E:\Documents and Settings\All Users\Application Data\Malwarebytes

2008-05-08 20:47 . 2008-05-05 20:46 27,048 --a------ E:\WINDOWS\system32\drivers\mbamcatchme.sys

2008-05-08 20:47 . 2008-05-05 20:46 15,864 --a------ E:\WINDOWS\system32\drivers\mbam.sys

2008-05-07 23:28 . 2008-05-07 23:28 <DIR> d-------- E:\Program Files\AVG

2008-05-07 23:28 . 2008-05-07 23:44 <DIR> d-------- E:\Documents and Settings\sandro\Application Data\AVGTOOLBAR

2008-05-07 23:14 . 2008-05-07 23:14 <DIR> d-------- E:\Program Files\Trend Micro

2008-05-06 01:17 . 2008-05-08 23:09 <DIR> d-------- E:\Program Files\DNA

2008-05-02 16:36 . 2008-05-02 16:36 <DIR> d-------- E:\WINDOWS\system32\LogFiles

2008-04-21 20:48 . 2008-04-21 20:48 <DIR> d-------- E:\Documents and Settings\sandro\Application Data\InstallShield

2008-04-21 20:48 . 2008-04-21 20:48 <DIR> d-------- E:\AeriaGames

2008-04-21 17:35 . 2008-05-08 03:43 <DIR> d-------- E:\Documents and Settings\sandro\Application Data\AdobeUM

2008-04-21 01:20 . 2008-04-21 01:20 <DIR> d-------- E:\Program Files\DivX

2008-04-19 22:29 . 2008-04-19 22:29 <DIR> d-------- E:\Program Files\Windows Live Toolbar

2008-04-19 22:29 . 2008-04-19 22:29 <DIR> d-------- E:\Program Files\Windows Live Favorites

2008-04-19 22:29 . 2008-04-20 13:07 <DIR> d-------- E:\Documents and Settings\sandro\Contacts

2008-04-19 22:25 . 2008-04-19 22:28 <DIR> d-------- E:\Program Files\Windows Live

2008-04-19 22:25 . 2008-04-19 22:28 <DIR> d--hsc--- E:\Program Files\Common Files\WindowsLiveInstaller

2008-04-19 22:25 . 2008-04-19 22:25 <DIR> d-------- E:\Documents and Settings\All Users\Application Data\WLInstaller

2008-04-19 01:54 . 2008-04-19 01:54 <DIR> d-------- E:\Program Files\Acclaim

2008-04-17 21:39 . 2008-04-19 16:38 <DIR> d-------- E:\Program Files\OGPlanet

2008-04-16 20:08 . 2008-04-16 20:08 <DIR> d-------- E:\Program Files\Softnyx

2008-04-16 20:06 . 2004-08-03 23:08 26,496 --a--c--- E:\WINDOWS\system32\dllcache\usbstor.sys

2008-04-16 18:10 . 2008-04-16 18:10 <DIR> d-------- E:\Program Files\Textures

2008-04-16 18:10 . 2008-04-16 18:10 <DIR> d-------- E:\Program Files\System

2008-04-16 17:34 . 2008-04-16 17:34 <DIR> d-------- E:\Program Files\G2G

2008-04-16 17:33 . 2008-04-16 17:40 <DIR> d-------- E:\Program Files\Neffy

2008-04-16 17:19 . 2008-04-16 17:19 <DIR> d-------- E:\Program Files\Common Files\INCA Shared

2008-04-16 17:19 . 2003-07-19 08:17 5,174 --a------ E:\WINDOWS\system32\nppt9x.vxd

2008-04-16 17:19 . 2005-01-02 23:43 4,682 --a------ E:\WINDOWS\system32\npptNT2.sys

2008-04-16 17:18 . 2008-04-16 17:18 <DIR> d-------- E:\Program Files\NHN USA

2008-04-15 22:25 . 2008-04-15 22:25 <DIR> d-------- E:\Documents and Settings\sandro\Application Data\Atari

2008-04-15 22:24 . 2007-09-18 23:41 258,352 --a------ E:\WINDOWS\system32\unicows.dll

2008-04-15 22:07 . 1998-10-29 16:45 306,688 --a------ E:\WINDOWS\IsUninst.exe

2008-04-15 21:22 . 2008-04-15 21:22 <DIR> d-------- E:\Documents and Settings\NetworkService\Application Data\Xfire

2008-04-15 21:21 . 2008-04-19 00:52 <DIR> d-------- E:\Documents and Settings\sandro\Application Data\Xfire

2008-04-15 21:16 . 2008-05-01 02:11 <DIR> d-------- E:\Documents and Settings\sandro\Application Data\Ventrilo

2008-04-15 21:13 . 2008-05-03 16:44 <DIR> d-------- E:\Documents and Settings\sandro\Application Data\teamspeak2

2008-04-15 19:04 . 2008-04-15 18:57 <DIR> d--h----- E:\Documents and Settings\sandro\Sjablonen

2008-04-15 19:04 . 2008-05-08 23:36 <DIR> dr-h----- E:\Documents and Settings\sandro\Onlangs geopend

2008-04-15 19:04 . 2008-04-15 20:53 <DIR> d--h----- E:\Documents and Settings\sandro\Netwerkprinteromgeving

2008-04-15 19:04 . 2008-05-08 23:36 <DIR> dr------- E:\Documents and Settings\sandro\Mijn documenten

2008-04-15 19:04 . 2008-04-15 20:53 <DIR> dr------- E:\Documents and Settings\sandro\Menu Start

2008-04-15 19:04 . 2008-05-07 22:14 <DIR> dr------- E:\Documents and Settings\sandro\Favorieten

2008-04-15 19:04 . 2008-05-08 23:38 <DIR> d-------- E:\Documents and Settings\sandro\Bureaublad

2008-04-15 19:04 . 2008-04-19 22:29 <DIR> d-------- E:\Documents and Settings\sandro

2008-04-15 19:04 . 2008-05-08 23:39 36,864 --ah----- E:\Documents and Settings\sandro\ntuser.dat.LOG

2008-04-15 19:03 . 2008-04-15 19:03 <DIR> d---s---- E:\WINDOWS\system32\Microsoft

2008-04-15 19:03 . 2008-04-15 19:03 <DIR> d--hs---- E:\Documents and Settings\NetworkService

2008-04-15 19:03 . 2008-04-15 19:03 <DIR> d--hs---- E:\Documents and Settings\LocalService

2008-04-15 19:03 . 2008-04-15 19:03 8,192 --a------ E:\WINDOWS\REGLOCS.OLD

2008-04-15 19:03 . 2008-05-08 23:26 1,024 --ah----- E:\Documents and Settings\NetworkService\ntuser.dat.LOG

2008-04-15 19:03 . 2008-05-08 23:26 1,024 --ah----- E:\Documents and Settings\LocalService\ntuser.dat.LOG

2008-04-15 19:02 . 2008-04-15 18:57 <DIR> d--h----- E:\WINDOWS\system32\config\systemprofile\Sjablonen

2008-04-15 19:02 . 2008-04-15 20:53 <DIR> d--h----- E:\WINDOWS\system32\config\systemprofile\Onlangs geopend

2008-04-15 19:02 . 2008-04-15 20:53 <DIR> d--h----- E:\WINDOWS\system32\config\systemprofile\Netwerkprinteromgeving

2008-04-15 19:02 . 2008-04-15 20:53 <DIR> d-------- E:\WINDOWS\system32\config\systemprofile\Mijn documenten

2008-04-15 19:02 . 2008-04-15 20:53 <DIR> dr------- E:\WINDOWS\system32\config\systemprofile\Menu Start

2008-04-15 19:02 . 2008-04-15 20:53 <DIR> d-------- E:\WINDOWS\system32\config\systemprofile\Favorieten

2008-04-15 19:02 . 2008-04-15 20:53 <DIR> d-------- E:\WINDOWS\system32\config\systemprofile\Bureaublad

2008-04-15 19:01 . 2008-04-15 19:01 <DIR> d-------- E:\WINDOWS\system32\xircom

2008-04-15 19:01 . 2008-04-15 19:01 <DIR> d-------- E:\Program Files\microsoft frontpage

2008-04-15 19:00 . 2008-04-15 19:00 <DIR> d--hs---- E:\Documents and Settings\All Users\DRM

2008-04-15 12:54 . 2008-04-15 12:55 <DIR> d--h----- E:\msdownld.tmp

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-05-05 15:30 196,608 ----a-w E:\WINDOWS\system32\drivers\nStandard.bin

2008-04-21 18:48 --------- d--h--w E:\Program Files\InstallShield Installation Information

2008-04-16 15:42 --------- d-----w E:\Program Files\Common Files\InstallShield

2008-04-15 18:48 --------- d-----w E:\Program Files\Attansic

2008-04-15 18:45 315,392 ----a-w E:\WINDOWS\HideWin.exe

2008-04-15 18:45 --------- d-----w E:\Program Files\Realtek

2008-04-15 18:38 --------- d-----w E:\Program Files\Intel

2008-04-15 18:36 --------- d-----w E:\Program Files\Common Files\Adobe

2008-04-15 18:32 --------- d-----w E:\Program Files\My Company Name

2008-04-15 18:31 --------- d-----w E:\Program Files\ASUS

2008-04-04 21:31 41,296 ----a-w E:\WINDOWS\system32\xfcodec.dll

2008-03-21 20:30 200,704 ----a-w E:\WINDOWS\system32\ssldivx.dll

2008-03-21 20:30 1,044,480 ----a-w E:\WINDOWS\system32\libdivx.dll

2008-03-20 08:10 1,845,376 ----a-w E:\WINDOWS\system32\win32k.sys

2008-02-20 06:51 282,624 ----a-w E:\WINDOWS\system32\gdi32.dll

2008-02-20 05:39 45,568 ----a-w E:\WINDOWS\system32\dnsrslvr.dll

2006-06-23 22:48 32,768 ----a-r E:\WINDOWS\inf\UpdateUSB.exe

.

((((((((((((((((((((((((((((( snapshot@2008-05-08_22.48.29,37 )))))))))))))))))))))))))))))))))))))))))

.

- 2008-05-08 10:19:14 2,048 --s-a-w E:\WINDOWS\bootstat.dat

+ 2008-05-08 21:26:09 2,048 --s-a-w E:\WINDOWS\bootstat.dat

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

REGEDIT4

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="E:\WINDOWS\system32\ctfmon.exe" [2006-03-02 14:00 15360]

"MsnMsgr"="E:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NvCplDaemon"="E:\WINDOWS\system32\NvCpl.dll" [2007-06-28 18:43 8466432]

"nwiz"="nwiz.exe" [2007-06-28 18:43 1626112 E:\WINDOWS\system32\nwiz.exe]

"NvMediaCenter"="E:\WINDOWS\system32\NvMcTray.dll" [2007-06-28 18:43 81920]

"ASUSGamerOSD"="E:\Program Files\ASUS\GamerOSD\GamerOSD.exe" [2007-07-12 10:03 380928]

"RTHDCPL"="RTHDCPL.EXE" [2007-03-21 16:49 16126464 E:\WINDOWS\RTHDCPL.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="E:\WINDOWS\system32\CTFMON.EXE" [2006-03-02 14:00 15360]

E:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\

Adobe Reader Speed Launch.lnk - E:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 04:44:06 29696]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"VIDC.XFR1"= xfcodec.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"E:\\WINDOWS\\system32\\usmt\\migwiz.exe"=

"E:\\Program Files\\Messenger\\msmsgs.exe"=

"C:\\Program Files\\Xfire\\xfire.exe"=

"C:\\Program Files\\mIRC\\mirc.exe"=

"E:\\Program Files\\G2G\\Orka\\Client.exe"=

"E:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"E:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

"E:\\Program Files\\DNA\\btdna.exe"=

R3 asusgsb;ASUS Virtual Video Capture Device Driver;E:\WINDOWS\system32\drivers\asusgsb.sys [2007-07-12 10:03]

R3 AtcL001;NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Controller;E:\WINDOWS\system32\DRIVERS\atl01_xp.sys [2007-03-15 16:12]

R3 Video3D;ASUS Video3D Service;E:\WINDOWS\system32\Drivers\Video3D32.sys [2007-07-12 10:03]

S3 XDva032;XDva032;E:\WINDOWS\system32\XDva032.sys []

S3 XDva145;XDva145;E:\WINDOWS\system32\XDva145.sys []

.

**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-05-08 23:39:16

Windows 5.1.2600 Service Pack 2 NTFS

scannen van verborgen processen ...

scannen van verborgen autostart items ...

scannen van verborgen bestanden ...

Scan succesvol afgerond

verborgen bestanden: 2

**************************************************************************

.

Voltooingstijd: 2008-05-08 23:39:35

ComboFix-quarantined-files.txt 2008-05-08 21:39:33

ComboFix2.txt 2008-05-08 20:48:34

Pre-Run: 188,236,513,280 bytes beschikbaar

Post-Run: 188,241,276,928 bytes beschikbaar

169 --- E O F --- 2008-04-15 18:53:34

Combofix

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 23:42:15, on 8-5-2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.5730.0013)

Boot mode: Normal

Running processes:

E:\WINDOWS\System32\smss.exe

E:\WINDOWS\system32\winlogon.exe

E:\WINDOWS\system32\services.exe

E:\WINDOWS\system32\lsass.exe

E:\WINDOWS\system32\svchost.exe

E:\WINDOWS\System32\svchost.exe

E:\WINDOWS\system32\spoolsv.exe

E:\Program Files\ASUS\GamerOSD\GamerOSD.exe

E:\WINDOWS\RTHDCPL.EXE

E:\WINDOWS\system32\ctfmon.exe

E:\WINDOWS\ATKKBService.exe

E:\WINDOWS\system32\nvsvc32.exe

E:\WINDOWS\system32\wscntfy.exe

E:\WINDOWS\System32\svchost.exe

E:\Documents and Settings\sandro\Bureaublad\Ventrilo.exe

E:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe

E:\WINDOWS\system32\notepad.exe

E:\WINDOWS\explorer.exe

E:\Program Files\Internet Explorer\iexplore.exe

E:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - E:\Program Files\AVG\AVG8\avgssie.dll (file missing)

O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - E:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE E:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE E:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [ASUSGamerOSD] E:\Program Files\ASUS\GamerOSD\GamerOSD.exe

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKCU\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MsnMsgr] "E:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: Adobe Reader Speed Launch.lnk = E:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {2019DC25-D1C0-11D6-97B3-0008A124F542} (StreamPlug Class) - http://www.streamplug.com/StreamPlug/beta/SP.cab

O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab

O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v5.cab

O16 - DPF: {AA07EBD2-EBDD-4BD6-9F8F-114BD513492C} (NeffyLauncherCtl Class) - http://dist.globalgamecdn.com/dist/neffy/NeffyLauncher.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O16 - DPF: {E2E799BB-0285-4F31-9AE9-F21B4430A775} (EngOrkaWebCtrl Class) - http://orka.gamengame.com/Game_Exe/EngOrkaWeb.cab

O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - E:\WINDOWS\ATKKBService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - E:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - E:\WINDOWS\system32\nvsvc32.exe

--

End of file - 4493 bytes

i kzal nie weten wa die weg deed denk wel die Vet gedrukte letter die files weg zijn

Gast
Dit topic is nu gesloten voor nieuwe reacties.
×
×
  • Nieuwe aanmaken...

Belangrijke informatie

We hebben cookies geplaatst op je toestel om deze website voor jou beter te kunnen maken. Je kunt de cookie instellingen aanpassen, anders gaan we er van uit dat het goed is om verder te gaan.