radeloos!! ik kan niet meer op het internet

23 januari 2009

jep het is weer zover, al die virussen, pfff, ik kan ng op op msn maar ik kan geen websites meer bezoeken (er komt steeds op dat mijn pc niet met het internet verbonden is maar ik zitn op msn dus zit ik er wel delelijk op!!

ik heb al gescand met anti malware en hij vindt niets!!! met avast vindt hij ook niets!!! met ccleaner vondt hij wel iets maar dat is al allemaal verwijderd en ng steeds kan ik op geen 1 internet site!!!

is er iemand die raad mee weet met dit probleem, ik weet niet meer wat te doen!!!

ps dit is het logbestand van hijack this

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 13:56:54, on 23/01/2009

Platform: Windows Vista SP1 (WinNT 6.00.1905)

MSIE: Internet Explorer v7.00 (7.00.6001.18000)

Boot mode: Normal

Running processes:

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\taskeng.exe

C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe

C:\Windows\RtHDVCpl.exe

C:\Program Files\Softex\OmniPass\scureapp.exe

C:\Program Files\Synaptics\SynTP\SynTPStart.exe

C:\Program Files\Launch Manager\LaunchAp.exe

C:\Program Files\Launch Manager\HotkeyApp.exe

C:\Program Files\Launch Manager\OSD.exe

C:\Program Files\Launch Manager\WButton.exe

C:\Program Files\Home Cinema\PowerDVD\PDVDServ.exe

C:\Program Files\Java\jre6\bin\jusched.exe

C:\Windows\System32\igfxtray.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\Windows\system32\igfxsrvc.exe

C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

C:\Program Files\Alwil Software\Avast4\ashDisp.exe

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\Users\sketch\Program Files\DNA\btdna.exe

C:\Windows\ehome\ehtray.exe

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\Windows\ehome\ehmsas.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

C:\Windows\system32\WerCon.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Welcome to ALDI

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Welcome to ALDI

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Yahoo!

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Yahoo!

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:7070

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;<local>

O1 - Hosts: ::1 localhost

O2 - BHO: AGSearchHook Class - {0BC6E3FA-78EF-4886-842C-5A1258C4455A} - C:\Program Files\AGI\common\agcutils.dll

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll

O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll

O3 - Toolbar: BS.Player ControlBar - {2C688203-7EB3-4327-9995-1CB417BA23F9} - C:\Program Files\BS.Player ControlBar\BSToolbar.dll

O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll

O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

O4 - HKLM\..\Run: [iAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"

O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe

O4 - HKLM\..\Run: [OmniPass] C:\Program Files\Softex\OmniPass\scureapp.exe

O4 - HKLM\..\Run: [synTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe

O4 - HKLM\..\Run: [PLFSetL] C:\Windows\PLFSetL.exe

O4 - HKLM\..\Run: [LaunchAp] "C:\Program Files\Launch Manager\LaunchAp.exe"

O4 - HKLM\..\Run: [HotkeyApp] "C:\Program Files\Launch Manager\HotkeyApp.exe"

O4 - HKLM\..\Run: [LMgrOSD] "C:\Program Files\Launch Manager\OSD.exe"

O4 - HKLM\..\Run: [Wbutton] "C:\Program Files\Launch Manager\Wbutton.exe"

O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\Home Cinema\PowerDVD\PDVDServ.exe"

O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\Home Cinema\PowerDVD\Language\Language.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [igfxTray] C:\Windows\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe

O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"

O4 - HKLM\..\Run: [skytel] Skytel.exe

O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [bitTorrent DNA] "C:\Users\sketch\Program Files\DNA\btdna.exe"

O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe

O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe

O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\CCleaner.exe" /AUTO

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')

O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL

O13 - Gopher Prefix:

O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll

O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL

O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe

O23 - Service: AG Windows Service (AGWinService) - Unknown owner - C:\Program Files\AGI\common\win32\PythonService.exe

O23 - Service: Mobiel Apple apparaat (Apple Mobile Device) - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe

O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe

O23 - Service: Softex OmniPass Service (omniserv) - Softex Inc. - C:\Program Files\Softex\OmniPass\OmniServ.exe

O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\system32\IoctlSvc.exe

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe

O23 - Service: PC Tools Auxiliary Service (sdAuxService) - Unknown owner - C:\Program Files\Spyware Doctor\pctsAuxs.exe (file missing)

O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe

O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

O23 - Service: WisLMSvc - Wistron Corp. - C:\Program Files\Launch Manager\WisLMSvc.exe

O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe

--

End of file - 9893 bytes

kweezie wabbit · 26 januari 2009

Ik ben wel geen specialist in hjt logs maar volgens mij ziet dit er goed uit.

Op welke manier ben je normaal verbonden met internet?

Kabel (telenet) of adsl?

Indien adsl, gebruik je enkel een modem of een gecomboneerde modem/router?

Ga eens naar de instellingen van je browser en stel in dat je geen proxy gebruikt.

kape · 26 januari 2009

Logje ziet er inderdaad goed uit. Doe dit nog even - ter controle - met Combofix :

Download Combofix naar je Bureaublad.

OPMERKING: indien je, tijdens of na het downloaden van Combofix of tijdens het gebruik van Combofix een melding krijgt van je Antivirus- of een andere realtime scanner, schakel dan deze scanner uit en download Combofix opnieuw.

Sommige scanners zien bepaalde componenten die Combofix gebruikt als verdacht en gaan deze blokkeren of verwijderen!

Dubbelklik op Combofix.exe om het te starten.
Indien je Combofix al eerder hebt gebruikt, kan je een waarschuwing krijgen dat een update beschikbaar is. Sta toe dat ComboFix wordt geupdate.
Volg de instructies, aanvaard de disclaimer door op Ja te klikken.
Indien de Recovery Console niet geïnstalleerd is, wordt je gevraagd om dit alsnog te doen door op JA te klikken in het "Query - Recovery Console" venster (enkel voor XP, niet voor VISTA).
Klik op OK en Ja om automatisch de Recovery Console te laten installeren.
Klik na afloop terug op Ja om het scannen op malware te starten.
Tijdens het runnen van de fix, NIET in het venster klikken, want dit zal je pc doen vasthangen.

Wanneer de fix voltooid is en na herstart, zal de log Combofix.txt openen.

Post dit logje in je volgende antwoord.

4 februari 2009

ComboFix 09-02-03.01 - sketch 2009-02-04 11:26:18.2 - NTFSx86

Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1043.18.2038.989 [GMT 1:00]

Gestart vanuit: c:\users\sketch\Downloads\ComboFix.exe

AV: BitDefender Antivirus *On-access scanning disabled* (Outdated)

FW: BitDefender Firewall *disabled*

* Nieuw herstelpunt werd aangemaakt

.

(((((((((((((((((((( Bestanden Gemaakt van 2009-01-04 to 2009-02-04 ))))))))))))))))))))))))))))))

.

2009-01-29 22:05 . 2009-01-29 22:05 <DIR> d-------- c:\windows\System32\Adobe

2009-01-17 13:13 . 2009-01-17 13:13 1 --a------ c:\windows\z45ft7575f44.dat

2009-01-17 13:13 . 2009-01-17 13:13 1 ---h----- c:\windows\nlmark2.dat

2009-01-17 13:12 . 2009-01-17 13:12 1 ---h----- c:\windows\fm123.dat

2009-01-14 09:23 . 2009-01-15 07:37 <DIR> d-------- c:\users\All Users\NOS

2009-01-14 09:23 . 2009-01-15 07:37 <DIR> d-------- c:\programdata\NOS

2009-01-14 09:22 . 2009-01-15 07:37 <DIR> d-------- c:\program files\NOS

2009-01-14 08:51 . 2008-12-16 03:42 288,768 --a------ c:\windows\System32\drivers\srv.sys

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-02-04 10:27 --------- d-----w c:\users\sketch\AppData\Roaming\DNA

2009-01-29 21:05 --------- d-----w c:\program files\Google

2009-01-29 19:33 --------- d-----w c:\users\sketch\AppData\Roaming\BitTorrent

2009-01-23 12:25 --------- d-----w c:\program files\Spyware Doctor

2009-01-22 20:57 --------- d-----w c:\users\sketch\AppData\Roaming\Move Networks

2009-01-22 16:19 --------- d---a-w c:\programdata\TEMP

2009-01-14 08:35 --------- d-----w c:\programdata\Microsoft Help

2009-01-14 08:35 --------- d-----w c:\program files\Windows Mail

2009-01-14 08:27 --------- d-----w c:\program files\Common Files\Adobe

2009-01-10 17:22 --------- d-----w c:\users\sketch\AppData\Roaming\SuperNZB

2009-01-06 14:08 --------- d-----w c:\users\sketch\AppData\Roaming\Vso

2009-01-03 10:52 47,360 ----a-w c:\users\sketch\AppData\Roaming\pcouffin.sys

2009-01-03 10:52 --------- d-----w c:\program files\VSO

2008-12-24 07:47 --------- d-----w c:\program files\DNA

2008-12-24 07:47 --------- d-----w c:\program files\BitTorrent

2008-12-20 12:24 --------- d-----w c:\program files\Windows Live

2008-12-16 21:28 --------- d-----w c:\program files\Bonjour

2008-12-15 12:00 --------- d-----w c:\program files\DivX

2008-12-15 10:29 --------- d-----w c:\program files\SuperNZB

2008-12-12 10:18 87,336 ----a-w c:\windows\System32\dns-sd.exe

2008-12-12 10:11 61,440 ----a-w c:\windows\System32\dnssd.dll

2008-12-11 21:31 --------- d-----w c:\programdata\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}

2008-12-11 21:31 --------- d-----w c:\program files\iTunes

2008-12-11 21:31 --------- d-----w c:\program files\iPod

2008-12-11 21:31 --------- d-----w c:\program files\Common Files\Apple

2008-12-11 21:27 --------- d-----w c:\program files\QuickTime

2008-12-11 14:48 --------- d-----w c:\programdata\Launcher

2008-12-11 14:46 --------- d-----w c:\users\sketch\AppData\Roaming\vlc

2008-12-11 14:41 --------- d-----w c:\users\sketch\AppData\Roaming\MozillaControl

2008-12-11 14:40 --------- d-----w c:\programdata\Graboid Inc

2008-12-09 22:25 --------- d-----w c:\program files\Microsoft SQL Server Compact Edition

2008-12-09 22:24 --------- d-----w c:\program files\Windows Live Toolbar

2008-12-09 22:23 --------- d-----w c:\program files\Windows Live Favorites

2008-12-09 22:22 --------- dcsh--w c:\program files\Common Files\WindowsLiveInstaller

2008-12-09 22:20 --------- d-----w c:\programdata\WLInstaller

2008-12-09 21:05 --------- d-----w c:\program files\CCleaner

2008-12-09 20:11 --------- d-----w c:\users\sketch\AppData\Roaming\Malwarebytes

2008-12-09 20:11 --------- d-----w c:\programdata\Malwarebytes

2008-12-09 20:11 --------- d-----w c:\program files\Malwarebytes' Anti-Malware

2008-12-08 18:57 --------- d-----w c:\users\sketch\AppData\Roaming\Twain

2008-12-08 18:00 --------- d-----w c:\program files\Trend Micro

2008-12-08 17:53 --------- d-----w c:\program files\Alwil Software

2008-12-08 17:32 --------- d-----w c:\program files\BitDefender

2008-12-05 07:17 410,984 ----a-w c:\windows\System32\deploytk.dll

2008-12-04 14:41 --------- d-----w c:\program files\Common Files\BitDefender

2008-12-04 13:54 --------- d-----w c:\programdata\avg8

2008-12-04 13:50 --------- d-----w c:\programdata\Skype

2008-12-04 13:39 --------- d-----w c:\program files\Microsoft Office Outlook Connector

2008-12-04 13:34 --------- d-----w c:\program files\Microsoft

2008-12-04 13:32 --------- d-----w c:\program files\Common Files\Windows Live

2008-12-04 12:36 --------- d--h--w c:\program files\InstallShield Installation Information

2008-12-04 12:36 --------- d-----w c:\users\sketch\AppData\Roaming\dvdcss

2008-12-04 12:36 --------- d-----w c:\users\sketch\AppData\Roaming\agi

2008-12-04 12:36 --------- d-----w c:\programdata\Kiwee Toolbar

2008-12-04 12:36 --------- d-----w c:\programdata\avg8(576)

2008-12-04 12:36 --------- d-----w c:\programdata\avg8(166)

2008-12-04 12:36 --------- d-----w c:\programdata\agi

2008-12-04 12:36 --------- d-----w c:\program files\AutoCAD 2008

2008-12-04 12:36 --------- d-----w c:\program files\ArcSoft

2008-12-04 12:36 --------- d-----w c:\program files\AGI

2008-11-21 21:47 524,288 ----a-w c:\windows\System32\DivXsm.exe

2008-11-21 21:47 3,596,288 ----a-w c:\windows\System32\qt-dx331.dll

2008-11-21 21:46 200,704 ----a-w c:\windows\System32\ssldivx.dll

2008-11-21 21:46 1,044,480 ----a-w c:\windows\System32\libdivx.dll

2008-11-21 21:44 161,096 ----a-w c:\windows\System32\DivXCodecVersionChecker.exe

2008-11-21 21:44 12,288 ----a-w c:\windows\System32\DivXWMPExtType.dll

2008-09-24 10:27 174 --sha-w c:\program files\desktop.ini

2008-04-10 18:54 115,864 ----a-w c:\users\sketch\AppData\Roaming\GDIPFONTCACHEV1.DAT

2007-12-17 12:58 32 ----a-w c:\users\All Users\ezsid.dat

2007-12-17 12:58 32 ----a-w c:\programdata\ezsid.dat

2007-11-25 22:29 0 ----a-w c:\users\sketch\AppData\Roaming\wklnhst.dat

2008-10-04 10:45 8,192 --sha-w c:\windows\o2cLicStore.bin

1997-06-23 10:06 252,176 --sha-w c:\windows\System32\Msrd2x35.dll

1997-06-23 10:06 287,504 --sha-w c:\windows\System32\Msxbse35.dll

.

((((((((((((((((((((((((((((( snapshot@2009-01-29_18.36.04,95 )))))))))))))))))))))))))))))))))))))))))

.

- 2009-01-29 12:12:50 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

+ 2009-02-04 10:05:13 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

- 2009-01-29 12:12:50 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

+ 2009-02-04 10:05:13 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

- 2009-01-29 17:35:12 262,144 --sha-w c:\windows\ServiceProfiles\LocalService\NTUSER.DAT

+ 2009-02-04 10:07:17 262,144 --sha-w c:\windows\ServiceProfiles\LocalService\NTUSER.DAT

+ 2009-02-04 10:07:17 262,144 ---ha-w c:\windows\ServiceProfiles\LocalService\ntuser.dat.LOG1

- 2009-01-21 13:27:14 16,384 --sha-w c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2009-01-30 06:01:06 16,384 --sha-w c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

- 2009-01-21 13:27:14 32,768 --sha-w c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

+ 2009-01-30 06:01:06 32,768 --sha-w c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

- 2009-01-29 12:17:05 16,384 --sha-w c:\windows\ServiceProfiles\NetworkService\AppData\Local\Temp\Cookies\index.dat

+ 2009-01-30 05:53:32 16,384 --sha-w c:\windows\ServiceProfiles\NetworkService\AppData\Local\Temp\Cookies\index.dat

- 2009-01-29 12:17:05 16,384 --sha-w c:\windows\ServiceProfiles\NetworkService\AppData\Local\Temp\History\History.IE5\index.dat

+ 2009-01-30 05:53:32 16,384 --sha-w c:\windows\ServiceProfiles\NetworkService\AppData\Local\Temp\History\History.IE5\index.dat

- 2009-01-29 12:17:05 32,768 --sha-w c:\windows\ServiceProfiles\NetworkService\AppData\Local\Temp\Temporary Internet Files\Content.IE5\index.dat

+ 2009-01-30 05:53:32 32,768 --sha-w c:\windows\ServiceProfiles\NetworkService\AppData\Local\Temp\Temporary Internet Files\Content.IE5\index.dat

- 2009-01-21 13:27:14 16,384 --sha-w c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2009-01-30 06:01:06 16,384 --sha-w c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

- 2009-01-29 17:35:18 262,144 --sha-w c:\windows\ServiceProfiles\NetworkService\NTUSER.DAT

+ 2009-02-04 10:07:22 262,144 --sha-w c:\windows\ServiceProfiles\NetworkService\NTUSER.DAT

+ 2009-02-04 10:07:22 262,144 ---ha-w c:\windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1

+ 2009-01-16 16:11:10 114,688 ----a-w c:\windows\System32\Adobe\Director\np32dsw.dll

+ 2009-01-16 16:19:40 202,168 ----a-w c:\windows\System32\Adobe\Director\SwDir.dll

+ 2009-01-16 16:11:48 499,712 ----a-w c:\windows\System32\Adobe\Shockwave 11\Control.dll

+ 2009-01-16 15:52:16 1,798,144 ----a-w c:\windows\System32\Adobe\Shockwave 11\dirapi.dll

+ 2009-01-16 16:11:50 9,216 ----a-w c:\windows\System32\Adobe\Shockwave 11\DynaPlayer.dll

+ 2009-01-16 15:43:46 710,144 ----a-w c:\windows\System32\Adobe\Shockwave 11\gi.dll

+ 2009-01-29 21:05:20 1,145,896 ----atw c:\windows\System32\Adobe\Shockwave 11\gt.exe

+ 2009-01-16 15:43:46 52,288 ----a-w c:\windows\System32\Adobe\Shockwave 11\gtapi.dll

+ 2009-01-16 15:48:22 892,928 ----a-w c:\windows\System32\Adobe\Shockwave 11\iml32.dll

+ 2009-01-16 15:43:46 54,656 ----a-w c:\windows\System32\Adobe\Shockwave 11\pccuapi.dll

+ 2009-01-16 16:10:28 266,240 ----a-w c:\windows\System32\Adobe\Shockwave 11\Plugin.dll

+ 2009-01-16 16:12:22 446,464 ----a-w c:\windows\System32\Adobe\Shockwave 11\Proj.dll

+ 2009-01-16 16:19:20 460,216 ----a-w c:\windows\System32\Adobe\Shockwave 11\SwHelper_1103472.exe

+ 2009-01-16 16:10:14 114,688 ----a-w c:\windows\System32\Adobe\Shockwave 11\SwInit.exe

+ 2009-01-16 16:10:12 94,208 ----a-w c:\windows\System32\Adobe\Shockwave 11\SwMenu.dll

+ 2009-01-16 15:43:46 58,736 ----a-w c:\windows\System32\Adobe\Shockwave 11\SYMCCHECKER.DLL

+ 1999-06-25 09:55:30 149,504 ----a-w c:\windows\System32\Adobe\Shockwave 11\UNWISE.EXE

- 2009-01-29 16:23:28 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2009-02-04 10:09:17 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

- 2009-01-29 16:23:28 196,608 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

+ 2009-02-04 10:09:17 196,608 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

- 2009-01-29 16:23:28 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2009-02-04 10:09:17 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

- 2009-01-29 17:29:57 262,144 ----a-w c:\windows\System32\config\systemprofile\ntuser.dat

+ 2009-02-04 10:25:59 262,144 ----a-w c:\windows\System32\config\systemprofile\ntuser.dat

+ 2009-01-30 10:35:05 2,456 ----a-w c:\windows\System32\networklist\icons\{08758EE2-E3C8-49F4-B818-F3A69A71AC98}_24.bin

+ 2009-01-30 10:35:05 4,280 ----a-w c:\windows\System32\networklist\icons\{08758EE2-E3C8-49F4-B818-F3A69A71AC98}_32.bin

+ 2009-01-30 10:35:05 9,560 ----a-w c:\windows\System32\networklist\icons\{08758EE2-E3C8-49F4-B818-F3A69A71AC98}_48.bin

- 2009-01-29 12:18:31 16,392 ----a-w c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2213421549-2507828068-653695957-1000_UserData.bin

+ 2009-02-04 10:08:07 16,436 ----a-w c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2213421549-2507828068-653695957-1000_UserData.bin

- 2009-01-29 12:18:30 93,968 ----a-w c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin

+ 2009-02-04 10:08:06 94,928 ----a-w c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin

- 2009-01-29 12:18:29 70,824 ----a-w c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin

+ 2009-02-04 10:08:05 71,198 ----a-w c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin

- 2009-01-23 03:14:21 292,230 ----a-w c:\windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_S3.bin

+ 2009-01-30 17:06:59 292,918 ----a-w c:\windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_S3.bin

.

-- Snapshot teruggezet naar huidige datum --

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"msnmsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]

"BitTorrent DNA"="c:\users\sketch\Program Files\DNA\btdna.exe" [2008-12-25 342848]

"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]

"ccleaner"="c:\program files\CCleaner\CCleaner.exe" [2008-12-01 1406192]

"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-07-12 178712]

"OmniPass"="c:\program files\Softex\OmniPass\scureapp.exe" [2007-09-04 2560000]

"SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-08-31 102400]

"PLFSetL"="c:\windows\PLFSetL.exe" [2007-07-05 94208]

"LaunchAp"="c:\program files\Launch Manager\LaunchAp.exe" [2007-09-01 32768]

"HotkeyApp"="c:\program files\Launch Manager\HotkeyApp.exe" [2007-09-06 188416]

"LMgrOSD"="c:\program files\Launch Manager\OSD.exe" [2006-12-26 180224]

"Wbutton"="c:\program files\Launch Manager\Wbutton.exe" [2007-09-07 86016]

"RemoteControl"="c:\program files\Home Cinema\PowerDVD\PDVDServ.exe" [2007-02-09 71216]

"LanguageShortcut"="c:\program files\Home Cinema\PowerDVD\Language\Language.exe" [2007-01-08 52256]

"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-05 136600]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-01-02 141848]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-01-02 166424]

"Persistence"="c:\windows\system32\igfxpers.exe" [2008-01-02 133656]

"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]

"NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-06-08 2221352]

"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-11-26 81000]

"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-11-07 111936]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-11-04 413696]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]

"RtHDVCpl"="RtHDVCpl.exe" [2007-09-03 c:\windows\RtHDVCpl.exe]

"Skytel"="Skytel.exe" [2007-08-03 c:\windows\SkyTel.exe]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~2\GOEC62~1.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"msacm.mkdmp3enc"= c:\progra~1\CYBERL~1\PowerDV\Kernel\Burner\MKDMP3Enc.ACM

"SENTINEL"= snti386.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

--a------ 2008-11-20 13:20 290088 c:\program files\iTunes\iTunesHelper.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]

"{249633BF-E97F-4E47-9BA2-4AB4A2A0396F}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)

"TCP Query User{FF7E9F1F-EC57-4009-94EA-70DC3FCEF936}c:\\program files\\bittorrent\\bittorrent.exe"= UDP:c:\program files\bittorrent\bittorrent.exe:BitTorrent

"UDP Query User{6FAB4804-4D8D-4062-81F7-6B753113230A}c:\\program files\\bittorrent\\bittorrent.exe"= TCP:c:\program files\bittorrent\bittorrent.exe:BitTorrent

"TCP Query User{32C2EA8D-267E-4397-A804-B12F6C2B74A5}c:\\program files\\limewire\\limewire.exe"= UDP:c:\program files\limewire\limewire.exe:LimeWire

"UDP Query User{BCD91281-7D84-4369-A167-0CD511799E62}c:\\program files\\limewire\\limewire.exe"= TCP:c:\program files\limewire\limewire.exe:LimeWire

"{6DD99480-0236-4B73-AE6B-9507C977DF5D}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes

"{36A9C0B4-5FF5-4204-BD9A-240C09F0A736}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes

"{9B6D3F6E-9538-4CAD-8ED0-C0E262FC13C3}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour

"{1C11DA37-AB88-43A7-8C00-E1C8004191CA}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour

"{4C3C2124-74AD-4311-9A79-FDF6C77B87BE}"= UDP:c:\program files\DNA\btdna.exe:DNA

"{509589F7-D021-4E2F-80FC-BF0CE0FAA9A2}"= TCP:c:\program files\DNA\btdna.exe:DNA

"{8503CA39-CE18-451D-BEDB-DC93059B062C}"= UDP:c:\program files\DNA\btdna.exe:DNA (TCP-In)

"{A870603A-0935-489C-A317-DD0D5CA5FA9B}"= TCP:c:\program files\DNA\btdna.exe:DNA (UDP-In)

"TCP Query User{22347CDD-7E43-42C5-9026-798C9B8CB2D5}c:\\users\\sketch\\program files\\dna\\btdna.exe"= UDP:c:\users\sketch\program files\dna\btdna.exe:btdna.exe

"UDP Query User{4B894219-8293-4D3F-B96C-ECE811B6B71B}c:\\users\\sketch\\program files\\dna\\btdna.exe"= TCP:c:\users\sketch\program files\dna\btdna.exe:btdna.exe

"{9B07A8B8-6A13-460E-82D0-3E96402A932A}"= UDP:c:\program files\Common Files\System\smss.exe:smss

"{FD8C93D1-B4EE-42E1-B6A9-DDAC10177805}"= TCP:c:\program files\Common Files\System\smss.exe:smss

"TCP Query User{BFC73792-9742-49BF-9ABD-6273CBFA4818}c:\\program files\\limewire\\limewire.exe"= UDP:c:\program files\limewire\limewire.exe:LimeWire

"UDP Query User{33BD6BA2-33B1-4A4E-B89E-150C2CCA882D}c:\\program files\\limewire\\limewire.exe"= TCP:c:\program files\limewire\limewire.exe:LimeWire

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]

"DoNotAllowExceptions"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]

"c:\\Program Files\\BitTorrent\\bittorrent.exe"= c:\program files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent

R0 Si3531;SiI-3531 SATA Controller;c:\windows\System32\drivers\Si3531.sys [2007-08-26 210736]

R1 aswSP;avast! Self Protection;c:\windows\System32\drivers\aswSP.sys [2008-12-08 111184]

R1 Hotkey;Hotkey;c:\windows\System32\drivers\HOTKEY.sys [2007-09-27 9867]

R2 aswFsBlk;aswFsBlk;c:\windows\System32\drivers\aswFsBlk.sys [2008-12-08 20560]

R2 aswMonFlt;aswMonFlt;c:\windows\System32\drivers\aswMonFlt.sys [2008-12-08 51792]

R3 WisLMSvc;WisLMSvc;c:\program files\Launch Manager\WisLMSvc.exe [2007-09-27 118784]

R3 X10Hid;X10 Hid Device;c:\windows\System32\drivers\x10hid.sys [2007-08-26 13976]

S2 AGWinService;AG Windows Service;c:\program files\AGI\common\win32\pythonservice.exe [2008-10-31 10240]

S2 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe --> c:\program files\Spyware Doctor\pctsAuxs.exe [?]

S3 PhilCap;NXP service;c:\windows\System32\drivers\PhilCap.sys [2007-08-26 908896]

S4 Application Information (Appinfo);Application Information (Appinfo);c:\program files\Common Files\\System\\smss.exe --> c:\program files\Common Files\\System\\smss.exe [?]

S4 Human Interface Device Access (hidserv);Human Interface Device Access (hidserv);c:\program files\Common Files\\System\\smss.exe --> c:\program files\Common Files\\System\\smss.exe [?]

--- Andere Services/Drivers In Geheugen ---

*Deregistered* - sptd

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\I]

\shell\AutoRun\command - I:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{333840c5-8e2e-11dc-98cd-001b77d9f487}]

\shell\AutoRun\command - G:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4af138b9-b08b-11dd-9832-0016d3c07fcc}]

\shell\AutoRun\command - I:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{845e60ba-8f83-11dd-adb0-0016d3c07fcc}]

\shell\AutoRun\command - I:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{845e60bf-8f83-11dd-adb0-0016d3c07fcc}]

\shell\AutoRun\command - itsduel.exe

\shell\explore\Command - itsduel.exe

\shell\open\Command - itsduel.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ae428edd-11ee-11dd-a8bf-0016d3c07fcc}]

\shell\AutoRun\command - H:\LaunchU3.exe -a

.

Inhoud van de 'Gedeelde Taken' map

2009-01-31 c:\windows\Tasks\back up.job

- c:\program files\BitDefender\BitDefender Backup\backup.exe []

2008-12-09 c:\windows\Tasks\Controleren op updates voor Windows Live Toolbar.job

- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 11:20]

.

------- Bijkomende Scan -------

.

uStart Page = hxxp://www.google.be/

mStart Page = hxxp://www.yahoo.com

uInternet Settings,ProxyOverride = *.local;<local>

uInternet Settings,ProxyServer = http=127.0.0.1:7070

FF - ProfilePath - c:\users\sketch\AppData\Roaming\Mozilla\Firefox\Profiles\exftvjpq.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.google.be/

FF - prefs.js: network.proxy.http - 127.0.0.1

FF - prefs.js: network.proxy.http_port - 7070

FF - prefs.js: network.proxy.type - 1

FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll

FF - plugin: c:\program files\Veoh Networks\Veoh\Plugins\noreg\NPVeohVersion.dll

FF - plugin: c:\users\sketch\Program Files\DNA\plugins\npbtdna.dll

.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-02-04 11:30:25

Windows 6.0.6001 Service Pack 1 NTFS

scannen van verborgen processen ...

scannen van verborgen autostart items ...

scannen van verborgen bestanden ...

Scan succesvol afgerond

verborgen bestanden: 0

**************************************************************************

.

--------------------- DLLs Geladen Onder Lopende Processen ---------------------

- - - - - - - > 'Explorer.exe'(6116)

c:\program files\Softex\OmniPass\SCUREDLL.dll

.

Voltooingstijd: 2009-02-04 11:33:36

ComboFix-quarantined-files.txt 2009-02-04 10:33:29

ComboFix2.txt 2009-01-29 17:38:05

Pre-Run: 7.085.010.944 bytes beschikbaar

Post-Run: 6,836,314,112 bytes beschikbaar

298 --- E O F --- 2009-01-14 08:35:28

Logje ziet er inderdaad goed uit. Doe dit nog even - ter controle - met Combofix :
Download Combofix naar je Bureaublad.

OPMERKING: indien je, tijdens of na het downloaden van Combofix of tijdens het gebruik van Combofix een melding krijgt van je Antivirus- of een andere realtime scanner, schakel dan deze scanner uit en download Combofix opnieuw.

Sommige scanners zien bepaalde componenten die Combofix gebruikt als verdacht en gaan deze blokkeren of verwijderen!

Dubbelklik op Combofix.exe om het te starten.
Indien je Combofix al eerder hebt gebruikt, kan je een waarschuwing krijgen dat een update beschikbaar is. Sta toe dat ComboFix wordt geupdate.
Volg de instructies, aanvaard de disclaimer door op Ja te klikken.
Indien de Recovery Console niet geïnstalleerd is, wordt je gevraagd om dit alsnog te doen door op JA te klikken in het "Query - Recovery Console" venster (enkel voor XP, niet voor VISTA).
Klik op OK en Ja om automatisch de Recovery Console te laten installeren.
Klik na afloop terug op Ja om het scannen op malware te starten.
Tijdens het runnen van de fix, NIET in het venster klikken, want dit zal je pc doen vasthangen.

Wanneer de fix voltooid is en na herstart, zal de log Combofix.txt openen.

Post dit logje in je volgende antwoord.

kape · 4 februari 2009

Hoe staat het nu met de problemen ? Kan je al terug op Internet ?

4 februari 2009

Hoe staat het nu met de problemen ? Kan je al terug op Internet ?

nee ng steeds niet maar da is thuis maar ergens anders kan ik wel op het internet en het ligt niet aan het internet want andere pc's kunnen wel op het internet en laptops ook

kape · 4 februari 2009

Open een kladblokbestand.

Kopieer en plak daarin de onderstaande vetgedrukte tekst.

File::

c:\windows\z45ft7575f44.dat

c:\windows\nlmark2.dat

c:\windows\fm123.dat

Folder::

c:\programdata\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}

Registry::

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\I]

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{333840c5-8e2e-11dc-98cd-001b77d9f487}]

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4af138b9-b08b-11dd-9832-0016d3c07fcc}]

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{845e60ba-8f83-11dd-adb0-0016d3c07fcc}]

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{845e60bf-8f83-11dd-adb0-0016d3c07fcc}]

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ae428edd-11ee-11dd-a8bf-0016d3c07fcc}]

Sleep CFScript.txt in ComboFix.exe

Dit zal ComboFix doen herstarten. Start opnieuw op als dat gevraagd wordt.

Post na herstart de inhoud van de Combofix.txt in je volgende bericht.

4 februari 2009

Open een kladblokbestand.
Kopieer en plak daarin de onderstaande vetgedrukte tekst.

File::

c:\windows\z45ft7575f44.dat

c:\windows\nlmark2.dat

c:\windows\fm123.dat

Folder::

c:\programdata\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}

Registry::

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\I]

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{333840c5-8e2e-11dc-98cd-001b77d9f487}]

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4af138b9-b08b-11dd-9832-0016d3c07fcc}]

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{845e60ba-8f83-11dd-adb0-0016d3c07fcc}]

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{845e60bf-8f83-11dd-adb0-0016d3c07fcc}]

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ae428edd-11ee-11dd-a8bf-0016d3c07fcc}]

Sleep CFScript.txt in ComboFix.exe

Dit zal ComboFix doen herstarten. Start opnieuw op als dat gevraagd wordt.

Post na herstart de inhoud van de Combofix.txt in je volgende bericht.

ComboFix 09-02-03.01 - sketch 2009-02-04 21:49:56.3 - NTFSx86

Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1043.18.2038.1027 [GMT 1:00]

Gestart vanuit: c:\users\sketch\Downloads\ComboFix.exe

gebruikte Opdracht switches :: G:\CFScript.txt

AV: BitDefender Antivirus *On-access scanning disabled* (Outdated)

FW: BitDefender Firewall *disabled*

* Nieuw herstelpunt werd aangemaakt

FILE ::

c:\windows\fm123.dat

c:\windows\nlmark2.dat

c:\windows\z45ft7575f44.dat

.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\programdata\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}

c:\programdata\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}\x86\DIFxAPI.dll

c:\programdata\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}\x86\DifXInstall32.exe

c:\programdata\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}\x86\GEARAspiWDM.inf

c:\programdata\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}\x86\gearaspiwdmx86.cat

c:\programdata\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}\x86\x86\GEARAspi.dll

c:\programdata\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}\x86\x86\GEARAspiWDM.sys

c:\windows\fm123.dat

c:\windows\nlmark2.dat

c:\windows\z45ft7575f44.dat

.

(((((((((((((((((((( Bestanden Gemaakt van 2009-01-04 to 2009-02-04 ))))))))))))))))))))))))))))))

.

2009-01-29 22:05 . 2009-01-29 22:05 <DIR> d-------- c:\windows\System32\Adobe

2009-01-14 09:23 . 2009-01-15 07:37 <DIR> d-------- c:\users\All Users\NOS

2009-01-14 09:23 . 2009-01-15 07:37 <DIR> d-------- c:\programdata\NOS

2009-01-14 09:22 . 2009-01-15 07:37 <DIR> d-------- c:\program files\NOS

2009-01-14 08:51 . 2008-12-16 03:42 288,768 --a------ c:\windows\System32\drivers\srv.sys

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-02-04 20:52 --------- d-----w c:\users\sketch\AppData\Roaming\DNA