Ga naar inhoud

[OPGELOST] Vreselijk trage pc


Aanbevolen berichten

Zo, heb eerst norton removel tool gedaan maar denk ni da het verschil heeft gemaakt, installatieprogramma staat er nog en de map NIS ziet er nog exact hetzelfde uit.

Heb daarna combofix gedaan, hier volgen logjes

P.S. Wel klein vraagje hoe komt het dat sinds combofix ik terug een vroegere bureaubladachtergrondfoto heb?

ComboFix 09-06-15.06 - The Kids 16/06/2009 14:18.1 - NTFSx86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.32.1043.18.255.61 [GMT 2:00]

Gestart vanuit: c:\documents and settings\The Kids\Bureaublad\ComboFix.exe

AV: Kaspersky Internet Security *On-access scanning enabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}

FW: Kaspersky Internet Security *enabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}

.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\documents and settings\The Kids\Application Data\WeatherDPA

c:\documents and settings\mieke.YOUR-702469E35F\Local Settings\Temporary Internet Files\kandidatchaufscan.doc

c:\documents and settings\The Kids\Application Data\WeatherDPA\Weather\WeatherStartup.xml

c:\documents and settings\The Kids\Favorieten\Videos.url

c:\documents and settings\The Kids\Menu Start\Programma's\Videos.url

C:\FLIPART.EXE

C:\GETDRIVE.EXE

c:\windows\IE4 Error Log.txt

c:\windows\system32\MabryObj.dll

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

-------\Legacy_BOONTY_GAMES

-------\Service_Boonty Games

(((((((((((((((((((( Bestanden Gemaakt van 2009-05-16 to 2009-06-16 ))))))))))))))))))))))))))))))

.

2009-06-16 11:44 . 2009-06-16 11:44 -------- d-----w- c:\documents and settings\All Users\Application Data\NortonInstaller

2009-06-16 11:12 . 2009-06-16 11:17 -------- d--h--r- c:\documents and settings\The Kids\Onlangs geopend

2009-06-10 21:24 . 2009-06-10 21:24 40960 ----a-w- c:\documents and settings\The Kids\Application Data\Thinstall\Windows Live Messenger\300000001200002i\PPCNVCOM.EXE

2009-06-10 11:41 . 2009-05-26 11:20 40160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2009-06-10 11:41 . 2009-06-10 11:41 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2009-06-10 11:41 . 2009-05-26 11:19 19096 ----a-w- c:\windows\system32\drivers\mbam.sys

2009-06-04 15:08 . 2009-06-04 15:08 -------- d-----w- c:\documents and settings\The Kids\Application Data\Malwarebytes

2009-06-04 15:08 . 2009-06-04 15:08 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2009-06-04 14:17 . 2009-06-04 14:17 40960 ----a-w- c:\documents and settings\The Kids\Application Data\Thinstall\Windows Live Messenger\400000700002i\Wordconv.exe

2009-06-04 14:16 . 2009-06-04 14:16 40960 ----a-w- c:\documents and settings\The Kids\Application Data\Thinstall\Windows Live Messenger\1000000e800002i\WgaTray.exe

2009-06-03 17:03 . 2009-06-03 17:03 -------- d-----w- c:\program files\Trend Micro

2009-06-01 23:08 . 2009-06-01 23:08 40960 ----a-w- c:\documents and settings\The Kids\Application Data\Thinstall\Windows Live Messenger\1000000b00002i\rundll32.exe

2009-06-01 19:19 . 2009-06-01 19:19 40960 ----a-w- c:\documents and settings\The Kids\Application Data\Thinstall\Windows Live Messenger\10000003100002i\WISPTIS.EXE

2009-05-31 22:48 . 2009-05-31 22:48 40960 ----a-w- c:\documents and settings\The Kids\Application Data\Thinstall\Windows Live Messenger\10000001600002i\msiexec.exe

2009-05-31 15:28 . 2009-05-31 15:28 -------- d-----w- c:\windows\l2schemas

2009-05-31 15:28 . 2009-05-31 15:28 -------- d-----w- c:\windows\system32\nl

2009-05-30 13:16 . 2009-05-30 13:16 -------- d-----w- c:\documents and settings\All Users\Application Data\Office Genuine Advantage

2009-05-28 19:40 . 2009-05-28 19:40 40960 ----a-w- c:\documents and settings\The Kids\Application Data\Thinstall\Windows Live Messenger\1000000b00002i\verclsid.exe

2009-05-25 22:22 . 2009-05-25 22:22 40960 ----a-w- c:\documents and settings\The Kids\Application Data\Thinstall\Windows Live Messenger\3000000062300002i\POWERPNT.EXE

2009-05-25 21:12 . 2009-05-25 21:12 40960 ----a-w- c:\documents and settings\The Kids\Application Data\Thinstall\Windows Live Messenger\400000600002i\ctfmon.exe

2009-05-23 22:04 . 2009-05-23 22:04 40960 ----a-w- c:\documents and settings\The Kids\Application Data\Thinstall\Windows Live Messenger\30000000bee00002i\WINWORD.EXE

2009-05-23 21:44 . 2009-05-23 21:44 40960 ----a-w- c:\documents and settings\The Kids\Application Data\Thinstall\Windows Live Messenger\4000009c00002i\IEXPLORE.EXE

2009-05-23 21:37 . 2009-05-23 21:37 40960 ----a-w- c:\documents and settings\The Kids\Application Data\Thinstall\Windows Live Messenger\4000004d00002i\mdm.exe

2009-05-23 21:37 . 2009-05-23 21:37 40960 ----a-w- c:\documents and settings\The Kids\Application Data\Thinstall\Windows Live Messenger\1000000600002i\svchost.exe

2009-05-23 06:06 . 2009-05-23 06:06 -------- d-----w- c:\program files\MSXML 4.0

2009-05-22 15:39 . 2008-04-14 17:02 276992 ------w- c:\windows\system32\wmphoto.dll

2009-05-22 15:39 . 2008-04-14 17:02 69120 ------w- c:\windows\system32\wlanapi.dll

2009-05-22 15:39 . 2008-04-14 17:02 712704 ------w- c:\windows\system32\windowscodecs.dll

2009-05-22 15:39 . 2008-04-14 17:02 346112 ------w- c:\windows\system32\windowscodecsext.dll

2009-05-22 15:39 . 2008-04-14 17:02 50688 ------w- c:\windows\system32\tspkg.dll

2009-05-22 15:39 . 2008-04-14 17:02 53248 ------w- c:\windows\system32\tsgqec.dll

2009-05-22 15:38 . 2008-04-13 18:40 10240 ------w- c:\windows\system32\drivers\sffp_mmc.sys

2009-05-22 15:38 . 2008-04-14 17:03 32768 ------w- c:\windows\system32\setupn.exe

2009-05-22 15:38 . 2008-04-14 17:02 290304 ------w- c:\windows\system32\rhttpaa.dll

2009-05-22 15:38 . 2008-04-14 17:02 61952 ------w- c:\windows\system32\rasqec.dll

2009-05-22 15:38 . 2008-04-14 17:02 76800 ------w- c:\windows\system32\qutil.dll

2009-05-22 15:38 . 2008-04-14 17:02 62464 ------w- c:\windows\system32\qcliprov.dll

2009-05-22 15:38 . 2008-04-14 17:02 292864 ------w- c:\windows\system32\qagentrt.dll

2009-05-22 15:38 . 2008-04-14 17:02 150528 ------w- c:\windows\system32\qagent.dll

2009-05-22 15:38 . 2008-04-14 17:02 412160 ------w- c:\windows\system32\photometadatahandler.dll

2009-05-22 15:38 . 2008-04-14 17:02 144896 ------w- c:\windows\system32\onex.dll

2009-05-22 15:37 . 2008-04-14 17:03 176640 ------w- c:\windows\system32\napstat.exe

2009-05-22 15:37 . 2008-04-14 17:02 30208 ------w- c:\windows\system32\napipsec.dll

2009-05-22 15:37 . 2008-04-14 17:02 196608 ------w- c:\windows\system32\napmontr.dll

2009-05-22 15:37 . 2008-04-14 16:39 88064 ------w- c:\windows\system32\msxml6r.dll

2009-05-22 15:37 . 2008-04-14 16:39 88064 ------w- c:\windows\system32\dllcache\msxml6r.dll

2009-05-22 15:37 . 2008-09-10 01:16 1307648 ------w- c:\windows\system32\msxml6.dll

2009-05-22 15:37 . 2008-09-10 01:16 1307648 ------w- c:\windows\system32\dllcache\msxml6.dll

2009-05-22 15:37 . 2008-04-14 17:02 155136 ------w- c:\windows\system32\mssha.dll

2009-05-22 15:37 . 2008-04-14 16:38 78336 ------w- c:\windows\system32\msshavmsg.dll

2009-05-22 15:37 . 2008-04-14 17:03 33792 ------w- c:\windows\system32\mmcperf.exe

2009-05-22 15:36 . 2008-04-14 17:02 397312 ------w- c:\windows\system32\mmcex.dll

2009-05-22 15:36 . 2008-04-14 17:02 184320 ------w- c:\windows\system32\microsoft.managementconsole.dll

2009-05-22 15:36 . 2008-04-14 17:02 106496 ------w- c:\windows\system32\mmcfxcommon.dll

2009-05-22 15:36 . 2008-04-14 17:02 37376 ------w- c:\windows\system32\l2gpstore.dll

2009-05-22 15:36 . 2008-04-14 17:02 61440 ------w- c:\windows\system32\kmsvc.dll

2009-05-22 15:36 . 2008-04-14 17:01 6144 ------w- c:\windows\system32\kbdpash.dll

2009-05-22 15:36 . 2008-04-14 17:01 6144 ------w- c:\windows\system32\kbdnepr.dll

2009-05-22 15:36 . 2008-04-14 17:01 6144 ------w- c:\windows\system32\kbdiultn.dll

2009-05-22 15:36 . 2008-04-14 17:01 6144 ------w- c:\windows\system32\kbdbhc.dll

2009-05-22 15:34 . 2008-04-14 17:02 7168 ------w- c:\windows\system32\bitsprx4.dll

2009-05-22 15:34 . 2008-04-14 17:02 233472 ------w- c:\windows\system32\azroles.dll

2009-05-22 15:34 . 2008-04-14 17:02 136192 ------w- c:\windows\system32\aaclient.dll

2009-05-22 15:09 . 2008-10-15 16:37 337408 ------w- c:\windows\system32\dllcache\netapi32.dll

2009-05-22 15:04 . 2008-10-24 11:21 455296 ------w- c:\windows\system32\dllcache\mrxsmb.sys

2009-05-22 15:04 . 2008-12-11 10:57 333952 ------w- c:\windows\system32\dllcache\srv.sys

2009-05-22 14:28 . 2008-04-21 21:16 218624 ------w- c:\windows\system32\dllcache\wordpad.exe

2009-05-22 12:04 . 2009-05-22 12:04 40960 ----a-w- c:\documents and settings\The Kids\Application Data\Thinstall\Windows Live Messenger\300000003400002i\dwwin.exe

2009-05-22 12:04 . 2009-05-22 12:04 40960 ----a-w- c:\documents and settings\The Kids\Application Data\Thinstall\Windows Live Messenger\4000003c00002i\FlashUtil10b.exe

2009-05-22 12:03 . 2009-05-22 12:03 40960 ----a-w- c:\documents and settings\The Kids\Application Data\Thinstall\Windows Live Messenger\4000003b00002i\FP_AX_CAB_INSTALLER.exe

2009-05-22 11:56 . 2009-05-22 11:56 40960 ----a-w- c:\documents and settings\The Kids\Application Data\Thinstall\Windows Live Messenger\4000009b00002i\IEXPLORE.EXE

2009-05-22 11:51 . 2009-05-22 11:51 40960 ----a-w- c:\documents and settings\The Kids\Application Data\Thinstall\Windows Live Messenger\4000001900003i\usnsvc.exe

2009-05-22 11:37 . 2009-05-22 11:37 -------- d-----w- c:\documents and settings\The Kids\Application Data\Thinstall

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-06-16 12:50 . 2007-06-06 14:56 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab

2009-06-16 12:39 . 2008-12-15 08:06 917536 --sha-w- c:\windows\system32\drivers\fidbox2.dat

2009-06-16 12:39 . 2008-12-15 08:06 42140 --sha-w- c:\windows\system32\drivers\fidbox2.idx

2009-06-16 12:39 . 2008-12-15 08:06 278492 --sha-w- c:\windows\system32\drivers\fidbox.idx

2009-06-16 12:39 . 2008-12-15 08:06 20713760 --sha-w- c:\windows\system32\drivers\fidbox.dat

2009-06-16 11:03 . 2008-07-13 19:18 -------- d-----w- c:\program files\Call of Duty

2009-06-15 14:50 . 2008-09-18 14:15 -------- d-----w- c:\program files\PokerStars

2009-06-04 16:53 . 2007-11-03 13:23 -------- d-----w- c:\program files\Common Files\Teleca Shared

2009-06-04 16:46 . 2007-11-21 20:29 -------- d-----w- c:\program files\NCH Software

2009-06-04 16:42 . 2008-12-23 14:48 -------- d-----w- c:\program files\BearShare Pro

2009-06-03 14:40 . 2007-04-29 11:04 -------- d-----w- c:\program files\Google

2009-05-31 16:39 . 2003-01-29 13:46 84432 ----a-w- c:\windows\system32\perfc013.dat

2009-05-31 16:39 . 2003-01-29 13:46 475216 ----a-w- c:\windows\system32\perfh013.dat

2009-05-31 15:35 . 2003-01-29 14:06 77179 ----a-w- c:\windows\PCHealth\HelpCtr\OfflineCache\index.dat

2009-05-23 07:09 . 2008-03-12 12:02 -------- d-----w- c:\program files\Microsoft Silverlight

2009-05-20 15:03 . 2008-12-15 08:09 94643 ----a-w- c:\windows\system32\drivers\klick.dat

2009-05-20 15:03 . 2008-12-15 08:09 105395 ----a-w- c:\windows\system32\drivers\klin.dat

2009-05-14 08:55 . 2004-10-02 08:46 95888 ----a-w- c:\documents and settings\The Kids\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

2009-05-07 15:34 . 2003-01-29 13:45 347136 ----a-w- c:\windows\system32\localspl.dll

2009-05-03 10:04 . 2008-01-29 15:29 33808 ----a-w- c:\windows\system32\drivers\klbg.sys

2009-05-03 10:02 . 2009-05-03 10:02 206088 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav8exec\8.0.0.506\avp.exe

2009-05-03 10:02 . 2009-05-03 10:02 33808 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav8exec\8.0.0.506\klbg.sys

2009-05-03 10:02 . 2009-05-03 10:02 226832 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav8exec\8.0.0.506\XP\klif.sys

2009-05-03 09:39 . 2006-06-16 14:09 -------- d-----w- c:\program files\Kaspersky Lab

2009-04-29 04:49 . 2004-02-06 16:09 827392 ----a-w- c:\windows\system32\wininet.dll

2009-04-29 04:49 . 2004-08-04 08:03 78336 ----a-w- c:\windows\system32\ieencode.dll

2009-04-26 16:55 . 2009-04-26 16:55 -------- d-----w- c:\program files\Common Files\DirectX

2009-04-19 19:51 . 2003-01-29 13:46 1847296 ----a-w- c:\windows\system32\win32k.sys

2009-04-15 14:55 . 2004-04-15 15:10 585216 ----a-w- c:\windows\system32\rpcrt4.dll

2009-04-08 13:55 . 2005-07-30 15:53 92000 ----a-w- c:\documents and settings\mieke.YOUR-702469E35F\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

2006-05-17 03:55 . 2006-05-17 03:55 618496 ----a-r- c:\program files\EReg.exe

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"HTpatch"="c:\windows\htpatch.exe" [2002-10-30 28672]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]

"AVP"="c:\program files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe" [2009-05-03 206088]

[HKLM\~\startupfolder\C:^Documents and Settings^The Kids^Menu Start^Programma's^Opstarten^Yahoo! Widget Engine.lnk]

path=c:\documents and settings\The Kids\Menu Start\Programma's\Opstarten\Yahoo! Widget Engine.lnk

backup=c:\windows\pss\Yahoo! Widget Engine.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]

"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Messenger\\msmsgs.exe"=

"c:\\Documents and Settings\\The Kids\\Mijn documenten\\Dimitri's Documenten\\Limewire\\LimeWire.exe"=

"c:\\Documents and Settings\\The Kids\\Mijn documenten\\Dimitri's Documenten\\Age_Of_Empire-II_The_Conquerors\\Age Of Empire-II The Conquerors\\age2_x1.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"9345:TCP"= 9345:TCP:BitComet 9345 TCP

"9345:UDP"= 9345:UDP:BitComet 9345 UDP

R3 getPlus® Helper;getPlus® Helper;c:\program files\NOS\bin\getPlus_HelperSvc.exe [2008-12-01 33752]

R3 V90drv;V90drv;c:\windows\system32\DRIVERS\v90drv.sys [2001-11-29 1432836]

S0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2009-05-03 33808]

S1 msikbd2k;Multimedia Keyboard Filter Driver;c:\windows\system32\DRIVERS\msikbd2k.sys [2001-12-20 6656]

S1 vcsmpdrv;vcsmpdrv;c:\windows\system32\DRIVERS\vcsmpdrv.sys [2002-06-07 49232]

S2 nhksrv;Netropa NHK Server;c:\apps\ActivBoard\nhksrv.exe [2001-08-06 28672]

S2 NwSapAgent;SAP Agent;c:\windows\system32\svchost.exe [2008-04-14 14336]

S2 VCSSecS;Virtual CD v4 Security service (SDK - Version);c:\program files\Virtual CD v4 SDK\system\vcssecs.exe [2002-05-16 139264]

S3 KLFLTDEV;Kaspersky Lab KLFltDev;c:\windows\system32\DRIVERS\klfltdev.sys [2008-03-13 26640]

S3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\DRIVERS\klim5.sys [2008-04-30 24592]

S3 STAC97NA;SigmaTel 3D Environmental Audio;c:\windows\system32\drivers\stac97na.sys [2002-09-20 296179]

S3 STAC97NH;STAC97NH;c:\windows\system32\drivers\stac97nh.sys [2002-09-20 231983]

.

Inhoud van de 'Gedeelde Taken' map

2003-05-25 c:\windows\Tasks\FRU Task 2002-05-31 16:38ewlett-PackardeskjetD1F5C76C62909B80B7DD96D9CE9D83EC24F74D1377528048C4168AA70B210A5D420.job

- c:\program files\Hewlett-Packard\upapp\hpqfruv.exe [2002-05-31 07:38]

2003-04-10 c:\windows\Tasks\Herinnering voor registratie 1.job

- c:\windows\System32\OOBE\oobebaln.exe [2003-01-29 17:03]

2003-04-16 c:\windows\Tasks\Herinnering voor registratie 2.job

- c:\windows\System32\OOBE\oobebaln.exe [2003-01-29 17:03]

2003-04-23 c:\windows\Tasks\Herinnering voor registratie 3.job

- c:\windows\System32\OOBE\oobebaln.exe [2003-01-29 17:03]

2009-06-15 c:\windows\Tasks\OGADaily.job

- c:\windows\system32\OGAVerify.exe [2008-12-31 15:04]

2009-06-16 c:\windows\Tasks\OGALogon.job

- c:\windows\system32\OGAVerify.exe [2008-12-31 15:04]

.

- - - - ORPHANS VERWIJDERD - - - -

HKCU-Run-Update Service - c:\program files\Common Files\Teknum Systems\update.exe

.

------- Bijkomende Scan -------

.

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

uInternet Connection Wizard,ShellNext = iexplore

IE: &D&ownload &with BitComet - c:\documents and settings\The Kids\Mijn documenten\Dimitri's Documenten\Bitcomet\BitComet.exe/AddLink.htm

IE: &D&ownload all video with BitComet - c:\documents and settings\The Kids\Mijn documenten\Dimitri's Documenten\Bitcomet\BitComet.exe/AddVideo.htm

IE: &D&ownload all with BitComet - c:\documents and settings\The Kids\Mijn documenten\Dimitri's Documenten\Bitcomet\BitComet.exe/AddAllLink.htm

IE: Toevoegen aan de Banner Ad Blokker - c:\program files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm

TCP: {E485216F-634A-4D3B-A7C8-6ADD94BB13A8} = 195.130.131.4,195.130.130.132

DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab

DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab

DPF: SysInfosCab - hxxps://www.homebanking2.axa.be/clientupgrade/SysInfosCab.cab

DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://game04.zylom.com/activex/zylomgamesplayer.cab

FF - ProfilePath -

.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover

Rootkit scan 2009-06-16 14:48

Windows 5.1.2600 Service Pack 3 NTFS

scannen van verborgen processen ...

scannen van verborgen autostart items ...

scannen van verborgen bestanden ...

Scan succesvol afgerond

verborgen bestanden: 0

**************************************************************************

.

--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------

[HKEY_USERS\S-1-5-21-1265887633-3067446407-1682384897-1013\Software\Microsoft\SystemCertificates\AddressBook*]

@Allowed: (Read) (RestrictedCode)

@Allowed: (Read) (RestrictedCode)

@SACL=

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{71A78D8C-2A2C-F1E0-42C57DD6D788EDD0}\{92C0E49C-6DF5-7FD3-2A5D5DA34780C80D}\{FCC2AF23-71C0-A57B-CCE1F90128BA76FE}*]

"IQNBLELQUCQAXRDYSTMOPE2WKD1"=hex:01,00,01,00,00,00,00,00,18,9b,fa,a9,f5,0c,d9,

2d,35,81,92,71,e8,29,5a,84,14,35,16,70,d8,6e,ff,61

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{71AAA611-245D-D09F-882845FC5EAA24CC}\{DFD26894-68B9-4777-FDD1761F9E74CD53}\{F10C9B44-6C01-0B82-830AFBCCD029C402}*]

"{3EE4C831-B7E0-4ed1-B9FC-EDC523C9612F}1"=hex:01,00,01,00,0c,00,00,00,45,79,7f,

91,5d,95,3e,79,b2,13,f8,ba,02,89,e4,5c,8b,4f,88,a8,8b,f8,93,2d,03,d9,49,c1,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{8CD4472C-E90F-9EEE-8658179FAD84CDE4}\{86C14694-A4A0-6014-B9D2B6867C4357D1}\{413E2BB7-2C4D-BBD1-7F39BC4CF716110E}*]

"IQNBLELQUCQAXRDYSTMOPE2WKD1"=hex:01,00,01,00,00,00,00,00,18,9b,fa,a9,f5,0c,d9,

2d,35,81,92,71,e8,29,5a,84,14,35,16,70,d8,6e,ff,61

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{DFFD277A-DF70-B410-AC1E2F7ACB2EF6E1}\{F03E0E06-1B3D-CEE3-10573FC9D15505B4}\{82A99E38-2615-AE8D-106A193CCF03E65A}*]

"{3EE4C831-B7E0-4ed1-B9FC-EDC523C9612F}1"=hex:01,00,01,00,0c,00,00,00,45,79,7f,

91,5d,95,3e,79,b2,13,f8,ba,02,89,e4,5c,8b,4f,88,a8,8b,f8,93,2d,03,d9,49,c1,\

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|ù•9~*]

"3140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"

.

--------------------- DLLs Geladen Onder Lopende Processen ---------------------

- - - - - - - > 'winlogon.exe'(1112)

c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(3616)

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

------------------------ Andere Aktieve Processen ------------------------

.

c:\windows\system32\ati2evxx.exe

c:\program files\Common Files\Microsoft Shared\VS7Debug\MDM.EXE

c:\windows\system32\slserv.exe

c:\windows\system32\ati2evxx.exe

c:\windows\system32\wscntfy.exe

c:\windows\system32\WGATray.exe

c:\windows\system32\CF1829.exe

.

**************************************************************************

.

Voltooingstijd: 2009-06-16 14:59 - machine werd herstart

ComboFix-quarantined-files.txt 2009-06-16 12:59

Pre-Run: 34.916.352.000 bytes beschikbaar

Post-Run: 35.022.286.848 bytes beschikbaar

Current=2 Default=2 Failed=1 LastKnownGood=4 Sets=1,2,3,4

260 --- E O F --- 2009-06-12 00:18

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 15:04:29, on 16/06/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16850)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Apps\ActivBoard\nhksrv.exe

C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe

C:\WINDOWS\system32\slserv.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\WgaTray.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\explorer.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll

O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll

O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll

O4 - HKLM\..\Run: [HTpatch] C:\WINDOWS\htpatch.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Documents and Settings\The Kids\Mijn documenten\Dimitri's Documenten\Bitcomet\BitComet.exe/AddLink.htm

O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Documents and Settings\The Kids\Mijn documenten\Dimitri's Documenten\Bitcomet\BitComet.exe/AddVideo.htm

O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Documents and Settings\The Kids\Mijn documenten\Dimitri's Documenten\Bitcomet\BitComet.exe/AddAllLink.htm

O8 - Extra context menu item: Toevoegen aan de Banner Ad Blokker - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\npjpi160_05.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\npjpi160_05.dll

O9 - Extra button: Statistieken bescherming internetverkeer - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll

O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe

O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll

O16 - DPF: SysInfosCab - https://www.homebanking2.axa.be/clientupgrade/SysInfosCab.cab

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} - https://www-secure.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://pluiskipje.spaces.live.com/PhotoUpload/MsnPUpld.cab?10,0,912,0

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1132077504796

O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://pluiskipje.spaces.live.com/PhotoUpload/MsnPUpld.cab

O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game04.zylom.com/activex/zylomgamesplayer.cab

O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/asa/ctrl/SymAData.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,5142/mcfscan.cab

O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} (PCPitstop Exam) - http://utilities.pcpitstop.com/optimize2/pcpitstop2.dll

O17 - HKLM\System\CCS\Services\Tcpip\..\{E485216F-634A-4D3B-A7C8-6ADD94BB13A8}: NameServer = 195.130.131.4,195.130.130.132

O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: Kaspersky Internet Security (avp) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe

O23 - Service: getPlus® Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - C:\Apps\ActivBoard\nhksrv.exe

O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe

O23 - Service: Virtual CD v4 Security service (SDK - Version) (VCSSecS) - H+H Software GmbH - C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe

--

End of file - 7633 bytes

Link naar reactie
Delen op andere sites

Open een kladblokbestand.

Kopieer en plak daarin de onderstaande vetgedrukte tekst.

Folder::

c:\documents and settings\All Users\Application Data\NortonInstaller

Rootkit::

c:\windows\system32\drivers\klin.dat

c:\windows\system32\drivers\klick.dat

Sla dit bestand op je bureaublad op als CFScript.txt.

Sleep CFScript.txt in ComboFix.exe

Dit zal ComboFix doen herstarten. Start opnieuw op als dat gevraagd wordt.

Post na herstart de inhoud van de Combofix.txt in je volgende bericht.

Link naar reactie
Delen op andere sites

Hey, merci nog is voor de hulp é :P

Hier zijn de logjes :P

ComboFix 09-06-19.01 - The Kids 20/06/2009 14:23.2 - NTFSx86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.32.1043.18.255.69 [GMT 2:00]

Gestart vanuit: c:\documents and settings\The Kids\Bureaublad\ComboFix.exe

gebruikte Opdracht switches :: c:\documents and settings\The Kids\Bureaublad\CFScript.txt

.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\documents and settings\All Users\Application Data\NortonInstaller

c:\recycler\S-1-5-21-1211209215-2863673219-2217861040-1003

c:\documents and settings\All Users\Application Data\NortonInstaller\Logs\06-16-2009-13h44m04s\SymNRT-06-16-2009-13h44m04s.log

c:\documents and settings\All Users\Application Data\NortonInstaller\Logs\06-16-2009-13h44m04s\SymNRT.1.mft.7z

c:\documents and settings\All Users\Application Data\NortonInstaller\Settings\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}.7z

.

(((((((((((((((((((( Bestanden Gemaakt van 2009-05-20 to 2009-06-20 ))))))))))))))))))))))))))))))

.

2009-06-20 12:45 . 2009-06-20 12:45 94643 ----a-w- c:\windows\system32\drivers\klick.dat

2009-06-20 12:45 . 2009-06-20 12:45 105395 ----a-w- c:\windows\system32\drivers\klin.dat

2009-06-20 10:48 . 2009-06-20 10:48 -------- d-sh--w- c:\documents and settings\The Kids\IETldCache

2009-06-20 09:59 . 2009-04-30 21:18 12800 ------w- c:\windows\system32\dllcache\xpshims.dll

2009-06-20 09:59 . 2009-04-30 21:17 246272 ------w- c:\windows\system32\dllcache\ieproxy.dll

2009-06-20 09:59 . 2009-06-20 10:01 -------- d-----w- c:\windows\ie8updates

2009-06-20 09:57 . 2009-05-12 05:11 102912 ------w- c:\windows\system32\dllcache\iecompat.dll

2009-06-20 09:53 . 2009-06-20 09:57 -------- dc-h--w- c:\windows\ie8

2009-06-16 11:12 . 2009-06-20 12:15 -------- d--h--r- c:\documents and settings\The Kids\Onlangs geopend

2009-06-10 21:24 . 2009-06-10 21:24 40960 ----a-w- c:\documents and settings\The Kids\Application Data\Thinstall\Windows Live Messenger\300000001200002i\PPCNVCOM.EXE

2009-06-04 15:08 . 2009-06-04 15:08 -------- d-----w- c:\documents and settings\The Kids\Application Data\Malwarebytes

2009-06-04 15:08 . 2009-06-04 15:08 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2009-06-04 14:17 . 2009-06-04 14:17 40960 ----a-w- c:\documents and settings\The Kids\Application Data\Thinstall\Windows Live Messenger\400000700002i\Wordconv.exe

2009-06-04 14:16 . 2009-06-04 14:16 40960 ----a-w- c:\documents and settings\The Kids\Application Data\Thinstall\Windows Live Messenger\1000000e800002i\WgaTray.exe

2009-06-03 17:03 . 2009-06-03 17:03 -------- d-----w- c:\program files\Trend Micro

2009-06-01 23:08 . 2009-06-01 23:08 40960 ----a-w- c:\documents and settings\The Kids\Application Data\Thinstall\Windows Live Messenger\1000000b00002i\rundll32.exe

2009-06-01 19:19 . 2009-06-01 19:19 40960 ----a-w- c:\documents and settings\The Kids\Application Data\Thinstall\Windows Live Messenger\10000003100002i\WISPTIS.EXE

2009-05-31 22:48 . 2009-05-31 22:48 40960 ----a-w- c:\documents and settings\The Kids\Application Data\Thinstall\Windows Live Messenger\10000001600002i\msiexec.exe

2009-05-31 15:28 . 2009-05-31 15:28 -------- d-----w- c:\windows\l2schemas

2009-05-31 15:28 . 2009-05-31 15:28 -------- d-----w- c:\windows\system32\nl

2009-05-30 13:16 . 2009-05-30 13:16 -------- d-----w- c:\documents and settings\All Users\Application Data\Office Genuine Advantage

2009-05-28 19:40 . 2009-05-28 19:40 40960 ----a-w- c:\documents and settings\The Kids\Application Data\Thinstall\Windows Live Messenger\1000000b00002i\verclsid.exe

2009-05-25 22:22 . 2009-05-25 22:22 40960 ----a-w- c:\documents and settings\The Kids\Application Data\Thinstall\Windows Live Messenger\3000000062300002i\POWERPNT.EXE

2009-05-25 21:12 . 2009-05-25 21:12 40960 ----a-w- c:\documents and settings\The Kids\Application Data\Thinstall\Windows Live Messenger\400000600002i\ctfmon.exe

2009-05-23 22:04 . 2009-05-23 22:04 40960 ----a-w- c:\documents and settings\The Kids\Application Data\Thinstall\Windows Live Messenger\30000000bee00002i\WINWORD.EXE

2009-05-23 21:44 . 2009-05-23 21:44 40960 ----a-w- c:\documents and settings\The Kids\Application Data\Thinstall\Windows Live Messenger\4000009c00002i\IEXPLORE.EXE

2009-05-23 21:37 . 2009-05-23 21:37 40960 ----a-w- c:\documents and settings\The Kids\Application Data\Thinstall\Windows Live Messenger\4000004d00002i\mdm.exe

2009-05-23 21:37 . 2009-05-23 21:37 40960 ----a-w- c:\documents and settings\The Kids\Application Data\Thinstall\Windows Live Messenger\1000000600002i\svchost.exe

2009-05-23 06:06 . 2009-05-23 06:06 -------- d-----w- c:\program files\MSXML 4.0

2009-05-22 15:39 . 2008-04-14 17:02 276992 ------w- c:\windows\system32\wmphoto.dll

2009-05-22 15:39 . 2008-04-14 17:02 69120 ------w- c:\windows\system32\wlanapi.dll

2009-05-22 15:39 . 2008-04-14 17:02 712704 ------w- c:\windows\system32\windowscodecs.dll

2009-05-22 15:39 . 2008-04-14 17:02 346112 ------w- c:\windows\system32\windowscodecsext.dll

2009-05-22 15:39 . 2008-04-14 17:02 50688 ------w- c:\windows\system32\tspkg.dll

2009-05-22 15:39 . 2008-04-14 17:02 53248 ------w- c:\windows\system32\tsgqec.dll

2009-05-22 15:38 . 2008-04-13 18:40 10240 ------w- c:\windows\system32\drivers\sffp_mmc.sys

2009-05-22 15:38 . 2008-04-14 17:03 32768 ------w- c:\windows\system32\setupn.exe

2009-05-22 15:38 . 2008-04-14 17:02 290304 ------w- c:\windows\system32\rhttpaa.dll

2009-05-22 15:38 . 2008-04-14 17:02 61952 ------w- c:\windows\system32\rasqec.dll

2009-05-22 15:38 . 2008-04-14 17:02 76800 ------w- c:\windows\system32\qutil.dll

2009-05-22 15:38 . 2008-04-14 17:02 62464 ------w- c:\windows\system32\qcliprov.dll

2009-05-22 15:38 . 2008-04-14 17:02 292864 ------w- c:\windows\system32\qagentrt.dll

2009-05-22 15:38 . 2008-04-14 17:02 150528 ------w- c:\windows\system32\qagent.dll

2009-05-22 15:38 . 2008-04-14 17:02 412160 ------w- c:\windows\system32\photometadatahandler.dll

2009-05-22 15:38 . 2008-04-14 17:02 144896 ------w- c:\windows\system32\onex.dll

2009-05-22 15:37 . 2008-04-14 17:03 176640 ------w- c:\windows\system32\napstat.exe

2009-05-22 15:37 . 2008-04-14 17:02 30208 ------w- c:\windows\system32\napipsec.dll

2009-05-22 15:37 . 2008-04-14 17:02 196608 ------w- c:\windows\system32\napmontr.dll

2009-05-22 15:37 . 2008-04-14 16:39 88064 ------w- c:\windows\system32\msxml6r.dll

2009-05-22 15:37 . 2008-04-14 16:39 88064 ------w- c:\windows\system32\dllcache\msxml6r.dll

2009-05-22 15:37 . 2008-09-10 01:16 1307648 ------w- c:\windows\system32\msxml6.dll

2009-05-22 15:37 . 2008-09-10 01:16 1307648 ------w- c:\windows\system32\dllcache\msxml6.dll

2009-05-22 15:37 . 2008-04-14 17:02 155136 ------w- c:\windows\system32\mssha.dll

2009-05-22 15:37 . 2008-04-14 16:38 78336 ------w- c:\windows\system32\msshavmsg.dll

2009-05-22 15:37 . 2008-04-14 17:03 33792 ------w- c:\windows\system32\mmcperf.exe

2009-05-22 15:36 . 2008-04-14 17:02 397312 ------w- c:\windows\system32\mmcex.dll

2009-05-22 15:36 . 2008-04-14 17:02 184320 ------w- c:\windows\system32\microsoft.managementconsole.dll

2009-05-22 15:36 . 2008-04-14 17:02 106496 ------w- c:\windows\system32\mmcfxcommon.dll

2009-05-22 15:36 . 2008-04-14 17:02 37376 ------w- c:\windows\system32\l2gpstore.dll

2009-05-22 15:36 . 2008-04-14 17:02 61440 ------w- c:\windows\system32\kmsvc.dll

2009-05-22 15:36 . 2008-04-14 17:01 6144 ------w- c:\windows\system32\kbdpash.dll

2009-05-22 15:36 . 2008-04-14 17:01 6144 ------w- c:\windows\system32\kbdnepr.dll

2009-05-22 15:36 . 2008-04-14 17:01 6144 ------w- c:\windows\system32\kbdiultn.dll

2009-05-22 15:36 . 2008-04-14 17:01 6144 ------w- c:\windows\system32\kbdbhc.dll

2009-05-22 15:34 . 2008-04-14 17:02 7168 ------w- c:\windows\system32\bitsprx4.dll

2009-05-22 15:34 . 2008-04-14 17:02 233472 ------w- c:\windows\system32\azroles.dll

2009-05-22 15:34 . 2008-04-14 17:02 136192 ------w- c:\windows\system32\aaclient.dll

2009-05-22 15:09 . 2008-10-15 16:37 337408 ------w- c:\windows\system32\dllcache\netapi32.dll

2009-05-22 15:04 . 2008-10-24 11:21 455296 ------w- c:\windows\system32\dllcache\mrxsmb.sys

2009-05-22 15:04 . 2008-12-11 10:57 333952 ------w- c:\windows\system32\dllcache\srv.sys

2009-05-22 14:28 . 2008-04-21 21:16 218624 ------w- c:\windows\system32\dllcache\wordpad.exe

2009-05-22 12:04 . 2009-05-22 12:04 40960 ----a-w- c:\documents and settings\The Kids\Application Data\Thinstall\Windows Live Messenger\300000003400002i\dwwin.exe

2009-05-22 12:04 . 2009-05-22 12:04 40960 ----a-w- c:\documents and settings\The Kids\Application Data\Thinstall\Windows Live Messenger\4000003c00002i\FlashUtil10b.exe

2009-05-22 12:03 . 2009-05-22 12:03 40960 ----a-w- c:\documents and settings\The Kids\Application Data\Thinstall\Windows Live Messenger\4000003b00002i\FP_AX_CAB_INSTALLER.exe

2009-05-22 11:56 . 2009-05-22 11:56 40960 ----a-w- c:\documents and settings\The Kids\Application Data\Thinstall\Windows Live Messenger\4000009b00002i\IEXPLORE.EXE

2009-05-22 11:51 . 2009-05-22 11:51 40960 ----a-w- c:\documents and settings\The Kids\Application Data\Thinstall\Windows Live Messenger\4000001900003i\usnsvc.exe

2009-05-22 11:37 . 2009-05-22 11:37 -------- d-----w- c:\documents and settings\The Kids\Application Data\Thinstall

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-06-20 12:58 . 2007-06-06 14:56 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab

2009-06-20 12:43 . 2008-12-15 08:06 942112 --sha-w- c:\windows\system32\drivers\fidbox2.dat

2009-06-20 12:43 . 2008-12-15 08:06 42140 --sha-w- c:\windows\system32\drivers\fidbox2.idx

2009-06-20 12:43 . 2008-12-15 08:06 278492 --sha-w- c:\windows\system32\drivers\fidbox.idx

2009-06-20 12:43 . 2008-12-15 08:06 20713760 --sha-w- c:\windows\system32\drivers\fidbox.dat

2009-06-19 22:00 . 2008-09-18 14:15 -------- d-----w- c:\program files\PokerStars

2009-06-16 11:03 . 2008-07-13 19:18 -------- d-----w- c:\program files\Call of Duty

2009-06-04 16:53 . 2007-11-03 13:23 -------- d-----w- c:\program files\Common Files\Teleca Shared

2009-06-04 16:46 . 2007-11-21 20:29 -------- d-----w- c:\program files\NCH Software

2009-06-04 16:42 . 2008-12-23 14:48 -------- d-----w- c:\program files\BearShare Pro

2009-06-03 14:40 . 2007-04-29 11:04 -------- d-----w- c:\program files\Google

2009-05-31 16:39 . 2003-01-29 13:46 84432 ----a-w- c:\windows\system32\perfc013.dat

2009-05-31 16:39 . 2003-01-29 13:46 475216 ----a-w- c:\windows\system32\perfh013.dat

2009-05-31 15:35 . 2003-01-29 14:06 77179 ----a-w- c:\windows\PCHealth\HelpCtr\OfflineCache\index.dat

2009-05-23 07:09 . 2008-03-12 12:02 -------- d-----w- c:\program files\Microsoft Silverlight

2009-05-14 08:55 . 2004-10-02 08:46 95888 ----a-w- c:\documents and settings\The Kids\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

2009-05-13 05:06 . 2004-02-06 16:09 915456 ----a-w- c:\windows\system32\wininet.dll

2009-05-07 15:34 . 2003-01-29 13:45 347136 ----a-w- c:\windows\system32\localspl.dll

2009-05-03 10:04 . 2008-01-29 15:29 33808 ----a-w- c:\windows\system32\drivers\klbg.sys

2009-05-03 10:02 . 2009-05-03 10:02 206088 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav8exec\8.0.0.506\avp.exe

2009-05-03 10:02 . 2009-05-03 10:02 33808 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav8exec\8.0.0.506\klbg.sys

2009-05-03 10:02 . 2009-05-03 10:02 226832 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav8exec\8.0.0.506\XP\klif.sys

2009-05-03 09:39 . 2006-06-16 14:09 -------- d-----w- c:\program files\Kaspersky Lab

2009-04-26 16:55 . 2009-04-26 16:55 -------- d-----w- c:\program files\Common Files\DirectX

2009-04-19 19:51 . 2003-01-29 13:46 1847296 ----a-w- c:\windows\system32\win32k.sys

2009-04-15 14:55 . 2004-04-15 15:10 585216 ----a-w- c:\windows\system32\rpcrt4.dll

2009-04-08 13:55 . 2005-07-30 15:53 92000 ----a-w- c:\documents and settings\mieke.YOUR-702469E35F\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

2006-05-17 03:55 . 2006-05-17 03:55 618496 ----a-r- c:\program files\EReg.exe

.

((((((((((((((((((((((((((((( SnapShot@2009-06-16_12.49.02 )))))))))))))))))))))))))))))))))))))))))

.

+ 2004-10-01 15:18 . 2009-01-07 16:21 26144 c:\windows\system32\spupdsvc.exe

+ 2006-11-29 13:01 . 2009-01-07 16:21 18464 c:\windows\system32\spmsg.dll

+ 2003-01-29 13:46 . 2009-03-08 02:31 46592 c:\windows\system32\pngfilt.dll

+ 2006-06-29 07:05 . 2009-01-07 16:20 23552 c:\windows\system32\normaliz.dll

- 2006-06-29 07:05 . 2006-06-29 07:05 23552 c:\windows\system32\normaliz.dll

- 2006-06-28 16:59 . 2006-06-28 16:59 24576 c:\windows\system32\nlsdl.dll

+ 2006-06-28 16:59 . 2009-01-07 16:20 24576 c:\windows\system32\nlsdl.dll

+ 2003-01-29 13:45 . 2009-03-08 02:31 48128 c:\windows\system32\mshtmler.dll

- 2003-01-29 13:45 . 2006-10-17 10:28 48128 c:\windows\system32\mshtmler.dll

+ 2003-01-29 13:45 . 2009-03-08 02:31 66560 c:\windows\system32\mshtmled.dll

- 2003-01-29 13:45 . 2006-10-17 10:56 45568 c:\windows\system32\mshta.exe

+ 2003-01-29 13:45 . 2009-03-08 02:31 45568 c:\windows\system32\mshta.exe

+ 2006-10-17 10:58 . 2009-03-08 02:31 13312 c:\windows\system32\msfeedssync.exe

+ 2006-11-07 20:03 . 2009-03-08 02:31 55296 c:\windows\system32\msfeedsbs.dll

+ 2003-01-29 13:45 . 2009-03-08 02:34 43008 c:\windows\system32\licmgr10.dll

+ 2003-01-29 13:45 . 2009-04-30 21:17 25600 c:\windows\system32\jsproxy.dll

+ 2003-01-29 13:45 . 2009-03-08 02:32 94720 c:\windows\system32\inseng.dll

+ 2003-01-29 13:45 . 2009-03-08 02:31 34816 c:\windows\system32\imgutil.dll

+ 2006-11-07 02:26 . 2009-03-08 02:32 36864 c:\windows\system32\ieudinit.exe

+ 2003-01-29 13:45 . 2009-03-08 02:32 71680 c:\windows\system32\iesetup.dll

+ 2003-01-29 13:45 . 2009-03-08 02:32 55808 c:\windows\system32\iernonce.dll

- 2006-06-29 07:05 . 2006-06-29 07:05 26112 c:\windows\system32\idndl.dll

+ 2006-06-29 07:05 . 2009-01-07 16:20 26112 c:\windows\system32\idndl.dll

+ 2006-10-17 10:58 . 2009-03-08 02:31 59904 c:\windows\system32\icardie.dll

+ 2006-05-10 05:25 . 2009-03-08 02:31 46592 c:\windows\system32\dllcache\pngfilt.dll

+ 2006-10-17 10:28 . 2009-03-08 02:31 48128 c:\windows\system32\dllcache\mshtmler.dll

- 2006-10-17 10:28 . 2006-10-17 10:28 48128 c:\windows\system32\dllcache\mshtmler.dll

+ 2003-01-29 13:45 . 2009-03-08 02:31 66560 c:\windows\system32\dllcache\mshtmled.dll

- 2006-10-17 10:56 . 2006-10-17 10:56 45568 c:\windows\system32\dllcache\mshta.exe

+ 2006-10-17 10:56 . 2009-03-08 02:31 45568 c:\windows\system32\dllcache\mshta.exe

+ 2007-05-10 14:20 . 2009-03-08 02:31 55296 c:\windows\system32\dllcache\msfeedsbs.dll

+ 2006-10-17 11:05 . 2009-03-08 02:34 43008 c:\windows\system32\dllcache\licmgr10.dll

+ 2003-01-29 13:45 . 2009-04-30 21:17 25600 c:\windows\system32\dllcache\jsproxy.dll

+ 2006-05-10 05:25 . 2009-03-08 02:32 94720 c:\windows\system32\dllcache\inseng.dll

+ 2006-10-17 10:57 . 2009-03-08 02:31 34816 c:\windows\system32\dllcache\imgutil.dll

+ 2006-11-07 02:26 . 2009-03-08 02:32 71680 c:\windows\system32\dllcache\iesetup.dll

+ 2006-11-07 02:26 . 2009-03-08 02:32 55808 c:\windows\system32\dllcache\iernonce.dll

+ 2007-08-20 10:02 . 2009-03-08 02:31 59904 c:\windows\system32\dllcache\icardie.dll

+ 2006-10-17 10:44 . 2009-03-08 02:24 68608 c:\windows\system32\dllcache\hmmapi.dll

+ 2009-03-08 02:33 . 2009-03-08 02:33 18944 c:\windows\system32\dllcache\corpol.dll

+ 2006-11-07 02:26 . 2009-03-08 02:32 72704 c:\windows\system32\dllcache\admparse.dll

+ 2003-01-29 13:44 . 2009-03-08 02:33 18944 c:\windows\system32\corpol.dll

+ 2003-01-29 14:11 . 2009-06-20 12:46 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat

- 2003-01-29 14:11 . 2009-06-16 12:42 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat

- 2003-01-29 14:11 . 2009-06-16 12:42 32768 c:\windows\system32\config\systemprofile\Local Settings\Geschiedenis\History.IE5\index.dat

+ 2003-01-29 14:11 . 2009-06-20 12:46 32768 c:\windows\system32\config\systemprofile\Local Settings\Geschiedenis\History.IE5\index.dat

- 2003-01-29 14:11 . 2009-06-16 12:42 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat

+ 2003-01-29 14:11 . 2009-06-20 12:46 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat

+ 2003-01-29 13:44 . 2009-03-08 02:32 72704 c:\windows\system32\admparse.dll

+ 2009-06-20 10:01 . 2009-03-08 02:33 12288 c:\windows\ie8updates\KB969897-IE8\xpshims.dll

+ 2009-06-20 10:01 . 2009-03-08 02:33 25600 c:\windows\ie8updates\KB969897-IE8\jsproxy.dll

+ 2009-06-20 09:54 . 2009-03-08 14:32 58448 c:\windows\ie8\spuninst\iecustom.dll

+ 2009-06-20 09:53 . 2009-04-29 04:49 44544 c:\windows\ie8\pngfilt.dll

+ 2009-06-20 09:53 . 2006-10-17 10:28 48128 c:\windows\ie8\mshtmler.dll

+ 2009-06-20 09:53 . 2006-10-17 10:56 45568 c:\windows\ie8\mshta.exe

+ 2009-06-20 09:53 . 2006-10-17 10:58 12288 c:\windows\ie8\msfeedssync.exe

+ 2009-06-20 09:53 . 2009-04-29 04:49 52224 c:\windows\ie8\msfeedsbs.dll

+ 2009-06-20 09:53 . 2006-10-17 11:05 40960 c:\windows\ie8\licmgr10.dll

+ 2009-06-20 09:53 . 2009-04-29 04:49 27648 c:\windows\ie8\jsproxy.dll

+ 2009-06-20 09:53 . 2006-11-07 02:26 92672 c:\windows\ie8\inseng.dll

+ 2009-06-20 09:53 . 2006-10-17 10:57 36352 c:\windows\ie8\imgutil.dll

+ 2009-06-20 09:53 . 2006-11-07 02:26 55296 c:\windows\ie8\iesetup.dll

+ 2009-06-20 09:53 . 2009-04-29 04:49 44544 c:\windows\ie8\iernonce.dll

+ 2009-06-20 09:53 . 2009-04-29 04:49 78336 c:\windows\ie8\ieencode.dll

+ 2009-06-20 09:53 . 2009-04-28 09:07 70656 c:\windows\ie8\ie4uinit.exe

+ 2009-06-20 09:53 . 2009-04-29 04:49 63488 c:\windows\ie8\icardie.dll

+ 2009-06-20 09:53 . 2006-10-17 10:44 60416 c:\windows\ie8\hmmapi.dll

+ 2009-06-20 09:53 . 2008-04-14 17:02 35328 c:\windows\ie8\corpol.dll

+ 2009-06-20 09:53 . 2006-11-07 02:26 71680 c:\windows\ie8\admparse.dll

+ 2009-06-20 09:59 . 2009-03-08 02:35 2048 c:\windows\ie8updates\KB971180-IE8\iecompat.dll

- 2007-01-03 10:30 . 2008-04-14 17:02 121856 c:\windows\system32\xmllite.dll

+ 2007-01-03 10:30 . 2009-01-07 16:21 121856 c:\windows\system32\xmllite.dll

+ 2006-10-17 11:05 . 2009-03-08 02:34 208384 c:\windows\system32\WinFXDocObj.exe

+ 2003-01-29 13:46 . 2009-03-08 02:34 236544 c:\windows\system32\webcheck.dll

+ 2003-01-29 13:46 . 2009-03-08 02:33 420352 c:\windows\system32\vbscript.dll

+ 2003-01-29 13:46 . 2009-03-08 02:34 105984 c:\windows\system32\url.dll

- 2003-01-29 13:46 . 2009-04-29 04:49 105984 c:\windows\system32\url.dll

+ 2003-01-29 13:45 . 2009-03-08 02:34 109568 c:\windows\system32\occache.dll

+ 2003-01-29 13:45 . 2009-03-08 02:32 611840 c:\windows\system32\mstime.dll

+ 2003-01-29 13:45 . 2009-03-08 02:34 193536 c:\windows\system32\msrating.dll

+ 2003-01-29 13:45 . 2009-03-08 02:22 156160 c:\windows\system32\msls31.dll

- 2003-01-29 13:45 . 2006-11-07 20:03 156160 c:\windows\system32\msls31.dll

+ 2006-11-07 20:03 . 2009-03-08 02:32 594432 c:\windows\system32\msfeeds.dll

+ 2009-01-07 16:20 . 2009-01-07 16:20 265720 c:\windows\system32\msdbg2.dll

+ 2003-01-13 12:57 . 2009-03-08 02:33 726528 c:\windows\system32\jscript.dll

+ 2006-11-07 20:03 . 2009-03-08 02:22 164352 c:\windows\system32\ieui.dll

+ 2003-01-29 13:45 . 2009-03-08 02:31 183808 c:\windows\system32\iepeers.dll

+ 2003-01-29 13:45 . 2009-04-30 21:17 385536 c:\windows\system32\iedkcs32.dll

+ 2006-10-17 10:27 . 2009-03-08 02:11 445952 c:\windows\system32\ieapfltr.dll

+ 2003-01-29 13:45 . 2009-03-08 02:32 163840 c:\windows\system32\ieakui.dll

+ 2003-01-29 13:45 . 2009-03-08 02:33 229376 c:\windows\system32\ieaksie.dll

+ 2003-01-29 13:45 . 2009-03-08 02:33 125952 c:\windows\system32\ieakeng.dll

+ 2003-01-29 13:45 . 2009-04-30 11:21 173056 c:\windows\system32\ie4uinit.exe

+ 2003-01-29 13:45 . 2009-03-08 02:31 216064 c:\windows\system32\dxtrans.dll

+ 2003-01-29 13:45 . 2009-03-08 02:31 348160 c:\windows\system32\dxtmsft.dll

+ 2004-02-06 16:09 . 2009-05-13 05:06 915456 c:\windows\system32\dllcache\wininet.dll

+ 2006-11-07 20:03 . 2009-03-08 02:34 236544 c:\windows\system32\dllcache\webcheck.dll

+ 2006-09-18 14:16 . 2009-03-08 02:33 759296 c:\windows\system32\dllcache\VGX.dll

+ 2008-05-09 10:56 . 2009-03-08 02:33 420352 c:\windows\system32\dllcache\vbscript.dll

- 2003-01-29 13:46 . 2009-04-29 04:49 105984 c:\windows\system32\dllcache\url.dll

+ 2003-01-29 13:46 . 2009-03-08 02:34 105984 c:\windows\system32\dllcache\url.dll

+ 2009-01-07 16:20 . 2009-01-07 16:20 134144 c:\windows\system32\dllcache\sqmapi.dll

+ 2009-01-07 16:21 . 2009-01-07 16:21 474624 c:\windows\system32\dllcache\shlwapi.dll

+ 2006-10-17 11:04 . 2009-03-08 02:34 109568 c:\windows\system32\dllcache\occache.dll

+ 2006-05-10 05:25 . 2009-03-08 02:32 611840 c:\windows\system32\dllcache\mstime.dll

+ 2006-05-10 05:25 . 2009-03-08 02:34 193536 c:\windows\system32\dllcache\msrating.dll

- 2003-01-29 13:45 . 2006-11-07 20:03 156160 c:\windows\system32\dllcache\msls31.dll

+ 2003-01-29 13:45 . 2009-03-08 02:22 156160 c:\windows\system32\dllcache\msls31.dll

+ 2007-05-10 14:20 . 2009-03-08 02:32 594432 c:\windows\system32\dllcache\msfeeds.dll

+ 2008-05-09 10:56 . 2009-03-08 02:33 726528 c:\windows\system32\dllcache\jscript.dll

+ 2003-01-29 14:03 . 2009-03-08 12:09 638816 c:\windows\system32\dllcache\iexplore.exe

+ 2003-01-29 13:45 . 2009-03-08 02:31 183808 c:\windows\system32\dllcache\iepeers.dll

+ 2006-11-07 02:27 . 2009-04-30 21:17 385536 c:\windows\system32\dllcache\iedkcs32.dll

+ 2007-05-10 14:20 . 2009-03-08 02:11 445952 c:\windows\system32\dllcache\ieapfltr.dll

+ 2006-11-07 02:25 . 2009-03-08 02:32 163840 c:\windows\system32\dllcache\ieakui.dll

+ 2006-11-07 02:27 . 2009-03-08 02:33 229376 c:\windows\system32\dllcache\ieaksie.dll

+ 2006-11-07 02:26 . 2009-03-08 02:33 125952 c:\windows\system32\dllcache\ieakeng.dll

+ 2006-11-07 02:26 . 2009-04-30 11:21 173056 c:\windows\system32\dllcache\ie4uinit.exe

+ 2006-05-10 05:25 . 2009-03-08 02:31 216064 c:\windows\system32\dllcache\dxtrans.dll

+ 2006-05-10 05:25 . 2009-03-08 02:31 348160 c:\windows\system32\dllcache\dxtmsft.dll

+ 2006-11-07 02:26 . 2009-03-08 02:32 128512 c:\windows\system32\dllcache\advpack.dll

+ 2003-01-29 13:44 . 2009-03-08 02:32 128512 c:\windows\system32\advpack.dll

+ 2009-06-20 09:59 . 2007-11-30 12:39 401272 c:\windows\ie8updates\KB971180-IE8\spuninst\updspapi.dll

+ 2009-06-20 09:59 . 2007-11-30 12:39 234872 c:\windows\ie8updates\KB971180-IE8\spuninst\spuninst.exe

+ 2009-06-20 10:01 . 2009-03-08 02:34 914944 c:\windows\ie8updates\KB969897-IE8\wininet.dll

+ 2009-06-20 10:01 . 2008-07-09 07:44 401272 c:\windows\ie8updates\KB969897-IE8\spuninst\updspapi.dll

+ 2009-06-20 10:01 . 2007-11-30 12:39 234872 c:\windows\ie8updates\KB969897-IE8\spuninst\spuninst.exe

+ 2009-06-20 10:01 . 2009-03-08 02:33 246784 c:\windows\ie8updates\KB969897-IE8\ieproxy.dll

+ 2009-06-20 10:01 . 2009-03-08 12:09 391536 c:\windows\ie8updates\KB969897-IE8\iedkcs32.dll

+ 2009-06-20 10:01 . 2009-03-08 02:32 173056 c:\windows\ie8updates\KB969897-IE8\ie4uinit.exe

+ 2009-06-20 09:53 . 2009-04-29 04:49 827392 c:\windows\ie8\wininet.dll

+ 2009-06-20 09:53 . 2006-10-17 11:05 206336 c:\windows\ie8\winfxdocobj.exe

+ 2009-06-20 09:53 . 2009-04-29 04:49 233472 c:\windows\ie8\webcheck.dll

+ 2009-06-20 09:53 . 2007-07-12 23:32 765952 c:\windows\ie8\vgx.dll

+ 2009-06-20 09:53 . 2008-05-09 10:56 430080 c:\windows\ie8\vbscript.dll

+ 2009-06-20 09:53 . 2009-04-29 04:49 105984 c:\windows\ie8\url.dll

+ 2009-06-20 09:54 . 2009-01-07 16:21 400928 c:\windows\ie8\spuninst\updspapi.dll

+ 2009-06-20 09:54 . 2009-01-07 16:21 235040 c:\windows\ie8\spuninst\spuninst.exe

+ 2009-06-20 09:53 . 2006-09-06 15:43 216800 c:\windows\ie8\spuninst.exe

+ 2009-06-20 09:53 . 2009-04-29 04:49 102912 c:\windows\ie8\occache.dll

+ 2009-06-20 09:53 . 2009-04-29 04:49 671232 c:\windows\ie8\mstime.dll

+ 2009-06-20 09:53 . 2009-04-29 04:49 193024 c:\windows\ie8\msrating.dll

+ 2009-06-20 09:53 . 2006-11-07 20:03 156160 c:\windows\ie8\msls31.dll

+ 2009-06-20 09:53 . 2009-04-29 04:49 477696 c:\windows\ie8\mshtmled.dll

+ 2009-06-20 09:53 . 2009-04-29 04:49 459264 c:\windows\ie8\msfeeds.dll

+ 2009-06-20 09:53 . 2008-05-09 10:56 512000 c:\windows\ie8\jscript.dll

+ 2009-06-20 09:53 . 2009-04-25 05:27 636088 c:\windows\ie8\iexplore.exe

+ 2009-06-20 09:53 . 2006-11-07 20:03 180736 c:\windows\ie8\ieui.dll

+ 2009-06-20 09:53 . 2009-04-29 04:49 268288 c:\windows\ie8\iertutil.dll

+ 2009-06-20 09:53 . 2006-11-07 20:03 287744 c:\windows\ie8\ieproxy.dll

+ 2009-06-20 09:53 . 2006-11-07 20:03 191488 c:\windows\ie8\iepeers.dll

+ 2009-06-20 09:53 . 2009-04-29 04:49 385024 c:\windows\ie8\iedkcs32.dll

+ 2009-06-20 09:53 . 2009-04-29 04:49 383488 c:\windows\ie8\ieapfltr.dll

+ 2009-06-20 09:53 . 2009-04-25 05:26 161792 c:\windows\ie8\ieakui.dll

+ 2009-06-20 09:53 . 2009-04-29 04:49 230400 c:\windows\ie8\ieaksie.dll

+ 2009-06-20 09:53 . 2009-04-29 04:49 153088 c:\windows\ie8\ieakeng.dll

+ 2009-06-20 09:53 . 2009-04-29 04:49 214528 c:\windows\ie8\dxtrans.dll

+ 2009-06-20 09:53 . 2009-04-29 04:49 347136 c:\windows\ie8\dxtmsft.dll

+ 2009-06-20 09:53 . 2009-04-29 04:49 124928 c:\windows\ie8\advpack.dll

+ 2004-01-21 17:30 . 2009-04-30 21:17 1207808 c:\windows\system32\urlmon.dll

+ 2004-07-07 17:00 . 2009-05-13 05:06 5936128 c:\windows\system32\mshtml.dll

+ 2006-10-17 10:57 . 2009-04-30 21:17 1985024 c:\windows\system32\iertutil.dll

+ 2006-09-05 22:01 . 2009-02-06 19:07 3698584 c:\windows\system32\ieapfltr.dat

+ 2004-01-21 17:30 . 2009-04-30 21:17 1207808 c:\windows\system32\dllcache\urlmon.dll

+ 2009-01-07 16:21 . 2009-01-07 16:21 1497088 c:\windows\system32\dllcache\shdocvw.dll

+ 2004-07-07 17:00 . 2009-05-13 05:06 5936128 c:\windows\system32\dllcache\mshtml.dll

+ 2007-05-10 14:20 . 2009-04-30 21:17 1985024 c:\windows\system32\dllcache\iertutil.dll

+ 2007-05-10 14:20 . 2009-02-06 19:07 3698584 c:\windows\system32\dllcache\ieapfltr.dat

+ 2009-01-07 16:21 . 2009-01-07 16:21 1022976 c:\windows\system32\dllcache\browseui.dll

+ 2009-06-20 10:01 . 2009-03-08 02:34 1206784 c:\windows\ie8updates\KB969897-IE8\urlmon.dll

+ 2009-06-20 10:01 . 2009-03-08 02:41 5937152 c:\windows\ie8updates\KB969897-IE8\mshtml.dll

+ 2009-06-20 10:01 . 2009-03-08 02:32 1985024 c:\windows\ie8updates\KB969897-IE8\iertutil.dll

+ 2009-06-20 09:53 . 2009-04-29 04:49 1159680 c:\windows\ie8\urlmon.dll

+ 2009-06-20 09:53 . 2009-04-29 04:49 3596288 c:\windows\ie8\mshtml.dll

+ 2009-06-20 09:53 . 2009-04-29 04:49 6066176 c:\windows\ie8\ieframe.dll

+ 2009-06-20 09:53 . 2008-07-09 14:25 2455488 c:\windows\ie8\ieapfltr.dat

+ 2006-11-07 20:03 . 2009-04-30 21:17 11064832 c:\windows\system32\ieframe.dll

+ 2007-05-10 14:20 . 2009-04-30 21:17 11064832 c:\windows\system32\dllcache\ieframe.dll

+ 2009-06-20 10:01 . 2009-03-08 02:39 11063808 c:\windows\ie8updates\KB969897-IE8\ieframe.dll

.

-- Snapshot teruggezet naar huidige datum --

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"HTpatch"="c:\windows\htpatch.exe" [2002-10-30 28672]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]

"AVP"="c:\program files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe" [2009-05-03 206088]

[HKLM\~\startupfolder\C:^Documents and Settings^The Kids^Menu Start^Programma's^Opstarten^Yahoo! Widget Engine.lnk]

path=c:\documents and settings\The Kids\Menu Start\Programma's\Opstarten\Yahoo! Widget Engine.lnk

backup=c:\windows\pss\Yahoo! Widget Engine.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]

"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Messenger\\msmsgs.exe"=

"c:\\Documents and Settings\\The Kids\\Mijn documenten\\Dimitri's Documenten\\Limewire\\LimeWire.exe"=

"c:\\Documents and Settings\\The Kids\\Mijn documenten\\Dimitri's Documenten\\Age_Of_Empire-II_The_Conquerors\\Age Of Empire-II The Conquerors\\age2_x1.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"9345:TCP"= 9345:TCP:BitComet 9345 TCP

"9345:UDP"= 9345:UDP:BitComet 9345 UDP

R3 getPlus® Helper;getPlus® Helper;c:\program files\NOS\bin\getPlus_HelperSvc.exe [2008-12-01 33752]

R3 V90drv;V90drv;c:\windows\system32\DRIVERS\v90drv.sys [2001-11-29 1432836]

S0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2009-05-03 33808]

S1 msikbd2k;Multimedia Keyboard Filter Driver;c:\windows\system32\DRIVERS\msikbd2k.sys [2001-12-20 6656]

S1 vcsmpdrv;vcsmpdrv;c:\windows\system32\DRIVERS\vcsmpdrv.sys [2002-06-07 49232]

S2 nhksrv;Netropa NHK Server;c:\apps\ActivBoard\nhksrv.exe [2001-08-06 28672]

S2 NwSapAgent;SAP Agent;c:\windows\system32\svchost.exe [2008-04-14 14336]

S2 VCSSecS;Virtual CD v4 Security service (SDK - Version);c:\program files\Virtual CD v4 SDK\system\vcssecs.exe [2002-05-16 139264]

S3 KLFLTDEV;Kaspersky Lab KLFltDev;c:\windows\system32\DRIVERS\klfltdev.sys [2008-03-13 26640]

S3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\DRIVERS\klim5.sys [2008-04-30 24592]

S3 STAC97NA;SigmaTel 3D Environmental Audio;c:\windows\system32\drivers\stac97na.sys [2002-09-20 296179]

S3 STAC97NH;STAC97NH;c:\windows\system32\drivers\stac97nh.sys [2002-09-20 231983]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]

"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

.

Inhoud van de 'Gedeelde Taken' map

2003-05-25 c:\windows\Tasks\FRU Task 2002-05-31 16:38ewlett-PackardeskjetD1F5C76C62909B80B7DD96D9CE9D83EC24F74D1377528048C4168AA70B210A5D420.job

- c:\program files\Hewlett-Packard\upapp\hpqfruv.exe [2002-05-31 07:38]

2003-04-10 c:\windows\Tasks\Herinnering voor registratie 1.job

- c:\windows\System32\OOBE\oobebaln.exe [2003-01-29 17:03]

2003-04-16 c:\windows\Tasks\Herinnering voor registratie 2.job

- c:\windows\System32\OOBE\oobebaln.exe [2003-01-29 17:03]

2003-04-23 c:\windows\Tasks\Herinnering voor registratie 3.job

- c:\windows\System32\OOBE\oobebaln.exe [2003-01-29 17:03]

2009-06-19 c:\windows\Tasks\OGADaily.job

- c:\windows\system32\OGAVerify.exe [2008-12-31 15:04]

2009-06-20 c:\windows\Tasks\OGALogon.job

- c:\windows\system32\OGAVerify.exe [2008-12-31 15:04]

.

.

------- Bijkomende Scan -------

.

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

uInternet Connection Wizard,ShellNext = iexplore

IE: &D&ownload &with BitComet - c:\documents and settings\The Kids\Mijn documenten\Dimitri's Documenten\Bitcomet\BitComet.exe/AddLink.htm

IE: &D&ownload all video with BitComet - c:\documents and settings\The Kids\Mijn documenten\Dimitri's Documenten\Bitcomet\BitComet.exe/AddVideo.htm

IE: &D&ownload all with BitComet - c:\documents and settings\The Kids\Mijn documenten\Dimitri's Documenten\Bitcomet\BitComet.exe/AddAllLink.htm

IE: Toevoegen aan de Banner Ad Blokker - c:\program files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm

TCP: {E485216F-634A-4D3B-A7C8-6ADD94BB13A8} = 195.130.131.4,195.130.130.132

DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab

DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab

DPF: SysInfosCab - hxxps://www.homebanking2.axa.be/clientupgrade/SysInfosCab.cab

DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://game04.zylom.com/activex/zylomgamesplayer.cab

FF - ProfilePath -

.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover

Rootkit scan 2009-06-20 14:50

Windows 5.1.2600 Service Pack 3 NTFS

scannen van verborgen processen ...

scannen van verborgen autostart items ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run

HTpatch = c:\windows\htpatch.exe?ows\CurrentVersion\Run???\??????[????`??[???[`??[???????????????[???[???[???[$??????[???????????????[???????????[???w????(????3?w???w?????3?w ??w???[:???????d???r??[1??[???[d??????[?-?[????z??w8h?[\2?[?1?[htinst.INI?[?u?[????d????????L?

scannen van verborgen bestanden ...

Scan succesvol afgerond

verborgen bestanden: 0

**************************************************************************

.

--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------

[HKEY_USERS\S-1-5-21-1265887633-3067446407-1682384897-1013\Software\Microsoft\SystemCertificates\AddressBook*]

@Allowed: (Read) (RestrictedCode)

@Allowed: (Read) (RestrictedCode)

@SACL=

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{71A78D8C-2A2C-F1E0-42C57DD6D788EDD0}\{92C0E49C-6DF5-7FD3-2A5D5DA34780C80D}\{FCC2AF23-71C0-A57B-CCE1F90128BA76FE}*]

"IQNBLELQUCQAXRDYSTMOPE2WKD1"=hex:01,00,01,00,00,00,00,00,18,9b,fa,a9,f5,0c,d9,

2d,35,81,92,71,e8,29,5a,84,14,35,16,70,d8,6e,ff,61

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{71AAA611-245D-D09F-882845FC5EAA24CC}\{DFD26894-68B9-4777-FDD1761F9E74CD53}\{F10C9B44-6C01-0B82-830AFBCCD029C402}*]

"{3EE4C831-B7E0-4ed1-B9FC-EDC523C9612F}1"=hex:01,00,01,00,0c,00,00,00,45,79,7f,

91,5d,95,3e,79,b2,13,f8,ba,02,89,e4,5c,8b,4f,88,a8,8b,f8,93,2d,03,d9,49,c1,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{8CD4472C-E90F-9EEE-8658179FAD84CDE4}\{86C14694-A4A0-6014-B9D2B6867C4357D1}\{413E2BB7-2C4D-BBD1-7F39BC4CF716110E}*]

"IQNBLELQUCQAXRDYSTMOPE2WKD1"=hex:01,00,01,00,00,00,00,00,18,9b,fa,a9,f5,0c,d9,

2d,35,81,92,71,e8,29,5a,84,14,35,16,70,d8,6e,ff,61

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{DFFD277A-DF70-B410-AC1E2F7ACB2EF6E1}\{F03E0E06-1B3D-CEE3-10573FC9D15505B4}\{82A99E38-2615-AE8D-106A193CCF03E65A}*]

"{3EE4C831-B7E0-4ed1-B9FC-EDC523C9612F}1"=hex:01,00,01,00,0c,00,00,00,45,79,7f,

91,5d,95,3e,79,b2,13,f8,ba,02,89,e4,5c,8b,4f,88,a8,8b,f8,93,2d,03,d9,49,c1,\

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|ù•9~*]

"3140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"

.

--------------------- DLLs Geladen Onder Lopende Processen ---------------------

- - - - - - - > 'winlogon.exe'(1064)

c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(4000)

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

------------------------ Andere Aktieve Processen ------------------------

.

c:\windows\system32\ati2evxx.exe

c:\program files\Common Files\Microsoft Shared\VS7Debug\MDM.EXE

c:\windows\system32\slserv.exe

c:\windows\system32\ati2evxx.exe

c:\windows\system32\WGATray.exe

.

**************************************************************************

.

Voltooingstijd: 2009-06-20 15:13 - machine werd herstart

ComboFix-quarantined-files.txt 2009-06-20 13:13

ComboFix2.txt 2009-06-16 12:59

Pre-Run: 34.869.026.816 bytes beschikbaar

Post-Run: 34.847.498.240 bytes beschikbaar

Current=2 Default=2 Failed=1 LastKnownGood=4 Sets=1,2,3,4

438 --- E O F --- 2009-06-20 10:03

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 15:19:27, on 20/06/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Apps\ActivBoard\nhksrv.exe

C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe

C:\WINDOWS\system32\slserv.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\WgaTray.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\explorer.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll

O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll

O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll

O4 - HKLM\..\Run: [HTpatch] C:\WINDOWS\htpatch.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Documents and Settings\The Kids\Mijn documenten\Dimitri's Documenten\Bitcomet\BitComet.exe/AddLink.htm

O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Documents and Settings\The Kids\Mijn documenten\Dimitri's Documenten\Bitcomet\BitComet.exe/AddVideo.htm

O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Documents and Settings\The Kids\Mijn documenten\Dimitri's Documenten\Bitcomet\BitComet.exe/AddAllLink.htm

O8 - Extra context menu item: Toevoegen aan de Banner Ad Blokker - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\npjpi160_05.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\npjpi160_05.dll

O9 - Extra button: Statistieken bescherming internetverkeer - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll

O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe

O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll

O16 - DPF: SysInfosCab - https://www.homebanking2.axa.be/clientupgrade/SysInfosCab.cab

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} - https://www-secure.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://pluiskipje.spaces.live.com/PhotoUpload/MsnPUpld.cab?10,0,912,0

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1132077504796

O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://pluiskipje.spaces.live.com/PhotoUpload/MsnPUpld.cab

O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game04.zylom.com/activex/zylomgamesplayer.cab

O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/asa/ctrl/SymAData.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,5142/mcfscan.cab

O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} (PCPitstop Exam) - http://utilities.pcpitstop.com/optimize2/pcpitstop2.dll

O17 - HKLM\System\CCS\Services\Tcpip\..\{E485216F-634A-4D3B-A7C8-6ADD94BB13A8}: NameServer = 195.130.131.4,195.130.130.132

O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: Kaspersky Internet Security (avp) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe

O23 - Service: getPlus® Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - C:\Apps\ActivBoard\nhksrv.exe

O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe

O23 - Service: Virtual CD v4 Security service (SDK - Version) (VCSSecS) - H+H Software GmbH - C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe

--

End of file - 7633 bytes

Link naar reactie
Delen op andere sites

Open een kladblokbestand.

Kopieer en plak daarin de onderstaande vetgedrukte tekst.

File::

c:\windows\system32\drivers\klick.dat

c:\windows\system32\drivers\klin.dat

Rootkit::

klick.dat

klin.dat

Sla dit bestand op je bureaublad op als CFScript.txt.

Sleep CFScript.txt in ComboFix.exe

Dit zal ComboFix doen herstarten. Start opnieuw op als dat gevraagd wordt.

Post na herstart de inhoud van de Combofix.txt in je volgende bericht samen met een nieuw logje van HijackThis.

Link naar reactie
Delen op andere sites

Nogmaals een succesvolle combofix gedaan, btw ook combofix geupdate. logjes volgen.

P.S. Is mijn pc er zo erg aan toe als het lijkt, of valt het nog mee?

ComboFix 09-06-20.04 - The Kids 21/06/2009 17:31.3 - NTFSx86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.32.1043.18.255.88 [GMT 2:00]

Gestart vanuit: c:\documents and settings\The Kids\Bureaublad\ComboFix.exe

gebruikte Opdracht switches :: c:\documents and settings\The Kids\Bureaublad\CFScript.txt

AV: Kaspersky Internet Security *On-access scanning disabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}

FW: Kaspersky Internet Security *disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}

FILE ::

"c:\windows\system32\drivers\klick.dat"

"c:\windows\system32\drivers\klin.dat"

.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\windows\system32\drivers\klick.dat

c:\windows\system32\drivers\klin.dat

.

(((((((((((((((((((( Bestanden Gemaakt van 2009-05-21 to 2009-06-21 ))))))))))))))))))))))))))))))

.

2009-06-20 10:48 . 2009-06-20 10:48 -------- d-sh--w- c:\documents and settings\The Kids\IETldCache

2009-06-20 09:59 . 2009-04-30 21:18 12800 ------w- c:\windows\system32\dllcache\xpshims.dll

2009-06-20 09:59 . 2009-04-30 21:17 246272 ------w- c:\windows\system32\dllcache\ieproxy.dll

2009-06-20 09:59 . 2009-06-20 10:01 -------- d-----w- c:\windows\ie8updates

2009-06-20 09:57 . 2009-05-12 05:11 102912 ------w- c:\windows\system32\dllcache\iecompat.dll

2009-06-20 09:53 . 2009-06-20 09:57 -------- dc-h--w- c:\windows\ie8

2009-06-16 11:12 . 2009-06-21 15:24 -------- d--h--r- c:\documents and settings\The Kids\Onlangs geopend

2009-06-10 21:24 . 2009-06-10 21:24 40960 ----a-w- c:\documents and settings\The Kids\Application Data\Thinstall\Windows Live Messenger\300000001200002i\PPCNVCOM.EXE

2009-06-04 15:08 . 2009-06-04 15:08 -------- d-----w- c:\documents and settings\The Kids\Application Data\Malwarebytes

2009-06-04 15:08 . 2009-06-04 15:08 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2009-06-04 14:17 . 2009-06-04 14:17 40960 ----a-w- c:\documents and settings\The Kids\Application Data\Thinstall\Windows Live Messenger\400000700002i\Wordconv.exe

2009-06-04 14:16 . 2009-06-04 14:16 40960 ----a-w- c:\documents and settings\The Kids\Application Data\Thinstall\Windows Live Messenger\1000000e800002i\WgaTray.exe

2009-06-03 17:03 . 2009-06-03 17:03 -------- d-----w- c:\program files\Trend Micro

2009-06-01 23:08 . 2009-06-01 23:08 40960 ----a-w- c:\documents and settings\The Kids\Application Data\Thinstall\Windows Live Messenger\1000000b00002i\rundll32.exe

2009-06-01 19:19 . 2009-06-01 19:19 40960 ----a-w- c:\documents and settings\The Kids\Application Data\Thinstall\Windows Live Messenger\10000003100002i\WISPTIS.EXE

2009-05-31 22:48 . 2009-05-31 22:48 40960 ----a-w- c:\documents and settings\The Kids\Application Data\Thinstall\Windows Live Messenger\10000001600002i\msiexec.exe

2009-05-31 15:28 . 2009-05-31 15:28 -------- d-----w- c:\windows\l2schemas

2009-05-31 15:28 . 2009-05-31 15:28 -------- d-----w- c:\windows\system32\nl

2009-05-30 13:16 . 2009-05-30 13:16 -------- d-----w- c:\documents and settings\All Users\Application Data\Office Genuine Advantage

2009-05-28 19:40 . 2009-05-28 19:40 40960 ----a-w- c:\documents and settings\The Kids\Application Data\Thinstall\Windows Live Messenger\1000000b00002i\verclsid.exe

2009-05-25 22:22 . 2009-05-25 22:22 40960 ----a-w- c:\documents and settings\The Kids\Application Data\Thinstall\Windows Live Messenger\3000000062300002i\POWERPNT.EXE

2009-05-25 21:12 . 2009-05-25 21:12 40960 ----a-w- c:\documents and settings\The Kids\Application Data\Thinstall\Windows Live Messenger\400000600002i\ctfmon.exe

2009-05-23 22:04 . 2009-05-23 22:04 40960 ----a-w- c:\documents and settings\The Kids\Application Data\Thinstall\Windows Live Messenger\30000000bee00002i\WINWORD.EXE

2009-05-23 21:44 . 2009-05-23 21:44 40960 ----a-w- c:\documents and settings\The Kids\Application Data\Thinstall\Windows Live Messenger\4000009c00002i\IEXPLORE.EXE

2009-05-23 21:37 . 2009-05-23 21:37 40960 ----a-w- c:\documents and settings\The Kids\Application Data\Thinstall\Windows Live Messenger\4000004d00002i\mdm.exe

2009-05-23 21:37 . 2009-05-23 21:37 40960 ----a-w- c:\documents and settings\The Kids\Application Data\Thinstall\Windows Live Messenger\1000000600002i\svchost.exe

2009-05-23 06:06 . 2009-05-23 06:06 -------- d-----w- c:\program files\MSXML 4.0

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-06-21 16:02 . 2007-06-06 14:56 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab

2009-06-21 15:46 . 2008-12-15 08:06 942112 --sha-w- c:\windows\system32\drivers\fidbox2.dat

2009-06-21 15:46 . 2008-12-15 08:06 42140 --sha-w- c:\windows\system32\drivers\fidbox2.idx

2009-06-21 15:46 . 2008-12-15 08:06 278492 --sha-w- c:\windows\system32\drivers\fidbox.idx

2009-06-21 15:46 . 2008-12-15 08:06 20713760 --sha-w- c:\windows\system32\drivers\fidbox.dat

2009-06-20 17:00 . 2008-09-18 14:15 -------- d-----w- c:\program files\PokerStars

2009-06-16 11:03 . 2008-07-13 19:18 -------- d-----w- c:\program files\Call of Duty

2009-06-04 16:53 . 2007-11-03 13:23 -------- d-----w- c:\program files\Common Files\Teleca Shared

2009-06-04 16:46 . 2007-11-21 20:29 -------- d-----w- c:\program files\NCH Software

2009-06-04 16:42 . 2008-12-23 14:48 -------- d-----w- c:\program files\BearShare Pro

2009-06-03 14:40 . 2007-04-29 11:04 -------- d-----w- c:\program files\Google

2009-05-31 16:39 . 2003-01-29 13:46 84432 ----a-w- c:\windows\system32\perfc013.dat

2009-05-31 16:39 . 2003-01-29 13:46 475216 ----a-w- c:\windows\system32\perfh013.dat

2009-05-31 15:35 . 2003-01-29 14:06 77179 ----a-w- c:\windows\PCHealth\HelpCtr\OfflineCache\index.dat

2009-05-23 07:09 . 2008-03-12 12:02 -------- d-----w- c:\program files\Microsoft Silverlight

2009-05-22 12:04 . 2009-05-22 12:04 40960 ----a-w- c:\documents and settings\The Kids\Application Data\Thinstall\Windows Live Messenger\300000003400002i\dwwin.exe

2009-05-22 12:04 . 2009-05-22 12:04 40960 ----a-w- c:\documents and settings\The Kids\Application Data\Thinstall\Windows Live Messenger\4000003c00002i\FlashUtil10b.exe

2009-05-22 12:03 . 2009-05-22 12:03 40960 ----a-w- c:\documents and settings\The Kids\Application Data\Thinstall\Windows Live Messenger\4000003b00002i\FP_AX_CAB_INSTALLER.exe

2009-05-22 11:56 . 2009-05-22 11:56 40960 ----a-w- c:\documents and settings\The Kids\Application Data\Thinstall\Windows Live Messenger\4000009b00002i\IEXPLORE.EXE

2009-05-22 11:51 . 2009-05-22 11:51 40960 ----a-w- c:\documents and settings\The Kids\Application Data\Thinstall\Windows Live Messenger\4000001900003i\usnsvc.exe

2009-05-22 11:37 . 2009-05-22 11:37 -------- d-----w- c:\documents and settings\The Kids\Application Data\Thinstall

2009-05-14 08:55 . 2004-10-02 08:46 95888 ----a-w- c:\documents and settings\The Kids\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

2009-05-13 05:06 . 2004-02-06 16:09 915456 ----a-w- c:\windows\system32\wininet.dll

2009-05-07 15:34 . 2003-01-29 13:45 347136 ----a-w- c:\windows\system32\localspl.dll

2009-05-03 10:04 . 2008-01-29 15:29 33808 ----a-w- c:\windows\system32\drivers\klbg.sys

2009-05-03 10:02 . 2009-05-03 10:02 206088 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav8exec\8.0.0.506\avp.exe

2009-05-03 10:02 . 2009-05-03 10:02 33808 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav8exec\8.0.0.506\klbg.sys

2009-05-03 10:02 . 2009-05-03 10:02 226832 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav8exec\8.0.0.506\XP\klif.sys

2009-05-03 09:39 . 2006-06-16 14:09 -------- d-----w- c:\program files\Kaspersky Lab

2009-04-26 16:55 . 2009-04-26 16:55 -------- d-----w- c:\program files\Common Files\DirectX

2009-04-19 19:51 . 2003-01-29 13:46 1847296 ----a-w- c:\windows\system32\win32k.sys

2009-04-15 14:55 . 2004-04-15 15:10 585216 ----a-w- c:\windows\system32\rpcrt4.dll

2009-04-08 13:55 . 2005-07-30 15:53 92000 ----a-w- c:\documents and settings\mieke.YOUR-702469E35F\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

2006-05-17 03:55 . 2006-05-17 03:55 618496 ----a-r- c:\program files\EReg.exe

.

((((((((((((((((((((((((((((( SnapShot_2009-06-20_12.53.24 )))))))))))))))))))))))))))))))))))))))))

.

- 2003-01-29 14:11 . 2009-06-20 12:46 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat

+ 2003-01-29 14:11 . 2009-06-21 15:49 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat

+ 2003-01-29 14:11 . 2009-06-21 15:49 32768 c:\windows\system32\config\systemprofile\Local Settings\Geschiedenis\History.IE5\index.dat

- 2003-01-29 14:11 . 2009-06-20 12:46 32768 c:\windows\system32\config\systemprofile\Local Settings\Geschiedenis\History.IE5\index.dat

+ 2003-01-29 14:11 . 2009-06-21 15:49 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat

- 2003-01-29 14:11 . 2009-06-20 12:46 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"HTpatch"="c:\windows\htpatch.exe" [2002-10-30 28672]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]

"AVP"="c:\program files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe" [2009-05-03 206088]

[HKLM\~\startupfolder\C:^Documents and Settings^The Kids^Menu Start^Programma's^Opstarten^Yahoo! Widget Engine.lnk]

path=c:\documents and settings\The Kids\Menu Start\Programma's\Opstarten\Yahoo! Widget Engine.lnk

backup=c:\windows\pss\Yahoo! Widget Engine.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]

"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Messenger\\msmsgs.exe"=

"c:\\Documents and Settings\\The Kids\\Mijn documenten\\Dimitri's Documenten\\Limewire\\LimeWire.exe"=

"c:\\Documents and Settings\\The Kids\\Mijn documenten\\Dimitri's Documenten\\Age_Of_Empire-II_The_Conquerors\\Age Of Empire-II The Conquerors\\age2_x1.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"9345:TCP"= 9345:TCP:BitComet 9345 TCP

"9345:UDP"= 9345:UDP:BitComet 9345 UDP

R3 getPlus® Helper;getPlus® Helper;c:\program files\NOS\bin\getPlus_HelperSvc.exe [2008-12-01 33752]

R3 V90drv;V90drv;c:\windows\system32\DRIVERS\v90drv.sys [2001-11-29 1432836]

S0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2009-05-03 33808]

S1 msikbd2k;Multimedia Keyboard Filter Driver;c:\windows\system32\DRIVERS\msikbd2k.sys [2001-12-20 6656]

S1 vcsmpdrv;vcsmpdrv;c:\windows\system32\DRIVERS\vcsmpdrv.sys [2002-06-07 49232]

S2 nhksrv;Netropa NHK Server;c:\apps\ActivBoard\nhksrv.exe [2001-08-06 28672]

S2 NwSapAgent;SAP Agent;c:\windows\system32\svchost.exe [2008-04-14 14336]

S2 VCSSecS;Virtual CD v4 Security service (SDK - Version);c:\program files\Virtual CD v4 SDK\system\vcssecs.exe [2002-05-16 139264]

S3 KLFLTDEV;Kaspersky Lab KLFltDev;c:\windows\system32\DRIVERS\klfltdev.sys [2008-03-13 26640]

S3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\DRIVERS\klim5.sys [2008-04-30 24592]

S3 STAC97NA;SigmaTel 3D Environmental Audio;c:\windows\system32\drivers\stac97na.sys [2002-09-20 296179]

S3 STAC97NH;STAC97NH;c:\windows\system32\drivers\stac97nh.sys [2002-09-20 231983]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]

"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

.

Inhoud van de 'Gedeelde Taken' map

2003-05-25 c:\windows\Tasks\FRU Task 2002-05-31 16:38ewlett-PackardeskjetD1F5C76C62909B80B7DD96D9CE9D83EC24F74D1377528048C4168AA70B210A5D420.job

- c:\program files\Hewlett-Packard\upapp\hpqfruv.exe [2002-05-31 07:38]

2003-04-10 c:\windows\Tasks\Herinnering voor registratie 1.job

- c:\windows\System32\OOBE\oobebaln.exe [2003-01-29 17:03]

2003-04-16 c:\windows\Tasks\Herinnering voor registratie 2.job

- c:\windows\System32\OOBE\oobebaln.exe [2003-01-29 17:03]

2003-04-23 c:\windows\Tasks\Herinnering voor registratie 3.job

- c:\windows\System32\OOBE\oobebaln.exe [2003-01-29 17:03]

2009-06-20 c:\windows\Tasks\OGADaily.job

- c:\windows\system32\OGAVerify.exe [2008-12-31 15:04]

2009-06-21 c:\windows\Tasks\OGALogon.job

- c:\windows\system32\OGAVerify.exe [2008-12-31 15:04]

.

.

------- Bijkomende Scan -------

.

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

uInternet Connection Wizard,ShellNext = iexplore

IE: &D&ownload &with BitComet - c:\documents and settings\The Kids\Mijn documenten\Dimitri's Documenten\Bitcomet\BitComet.exe/AddLink.htm

IE: &D&ownload all video with BitComet - c:\documents and settings\The Kids\Mijn documenten\Dimitri's Documenten\Bitcomet\BitComet.exe/AddVideo.htm

IE: &D&ownload all with BitComet - c:\documents and settings\The Kids\Mijn documenten\Dimitri's Documenten\Bitcomet\BitComet.exe/AddAllLink.htm

IE: Toevoegen aan de Banner Ad Blokker - c:\program files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm

TCP: {E485216F-634A-4D3B-A7C8-6ADD94BB13A8} = 195.130.131.4,195.130.130.132

DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab

DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab

DPF: SysInfosCab - hxxps://www.homebanking2.axa.be/clientupgrade/SysInfosCab.cab

DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://game04.zylom.com/activex/zylomgamesplayer.cab

FF - ProfilePath -

.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover

Rootkit scan 2009-06-21 17:55

Windows 5.1.2600 Service Pack 3 NTFS

scannen van verborgen processen ...

scannen van verborgen autostart items ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run

HTpatch = c:\windows\htpatch.exe?ows\CurrentVersion\Run???\??????[????`??[???[`??[???????????????[???[???[???[$??????[???????????????[???????????[???w????(????3?w???w?????3?w ??w???[:???????d???r??[1??[???[d??????[?-?[????z??w8h?[\2?[?1?[htinst.INI?[?u?[????d????????L?

scannen van verborgen bestanden ...

Scan succesvol afgerond

verborgen bestanden: 0

**************************************************************************

.

--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------

[HKEY_USERS\S-1-5-21-1265887633-3067446407-1682384897-1013\Software\Microsoft\SystemCertificates\AddressBook*]

@Allowed: (Read) (RestrictedCode)

@Allowed: (Read) (RestrictedCode)

@SACL=

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{71A78D8C-2A2C-F1E0-42C57DD6D788EDD0}\{92C0E49C-6DF5-7FD3-2A5D5DA34780C80D}\{FCC2AF23-71C0-A57B-CCE1F90128BA76FE}*]

"IQNBLELQUCQAXRDYSTMOPE2WKD1"=hex:01,00,01,00,00,00,00,00,18,9b,fa,a9,f5,0c,d9,

2d,35,81,92,71,e8,29,5a,84,14,35,16,70,d8,6e,ff,61

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{71AAA611-245D-D09F-882845FC5EAA24CC}\{DFD26894-68B9-4777-FDD1761F9E74CD53}\{F10C9B44-6C01-0B82-830AFBCCD029C402}*]

"{3EE4C831-B7E0-4ed1-B9FC-EDC523C9612F}1"=hex:01,00,01,00,0c,00,00,00,45,79,7f,

91,5d,95,3e,79,b2,13,f8,ba,02,89,e4,5c,8b,4f,88,a8,8b,f8,93,2d,03,d9,49,c1,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{8CD4472C-E90F-9EEE-8658179FAD84CDE4}\{86C14694-A4A0-6014-B9D2B6867C4357D1}\{413E2BB7-2C4D-BBD1-7F39BC4CF716110E}*]

"IQNBLELQUCQAXRDYSTMOPE2WKD1"=hex:01,00,01,00,00,00,00,00,18,9b,fa,a9,f5,0c,d9,

2d,35,81,92,71,e8,29,5a,84,14,35,16,70,d8,6e,ff,61

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{DFFD277A-DF70-B410-AC1E2F7ACB2EF6E1}\{F03E0E06-1B3D-CEE3-10573FC9D15505B4}\{82A99E38-2615-AE8D-106A193CCF03E65A}*]

"{3EE4C831-B7E0-4ed1-B9FC-EDC523C9612F}1"=hex:01,00,01,00,0c,00,00,00,45,79,7f,

91,5d,95,3e,79,b2,13,f8,ba,02,89,e4,5c,8b,4f,88,a8,8b,f8,93,2d,03,d9,49,c1,\

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|ù•9~*]

"3140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"

.

--------------------- DLLs Geladen Onder Lopende Processen ---------------------

- - - - - - - > 'winlogon.exe'(1060)

c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(3488)

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

------------------------ Andere Aktieve Processen ------------------------

.

c:\windows\system32\ati2evxx.exe

c:\program files\Common Files\Microsoft Shared\VS7Debug\MDM.EXE

c:\windows\system32\slserv.exe

c:\windows\system32\ati2evxx.exe

c:\windows\system32\wscntfy.exe

c:\windows\system32\WGATray.exe

.

**************************************************************************

.

Voltooingstijd: 2009-06-21 18:13 - machine werd herstart

ComboFix-quarantined-files.txt 2009-06-21 16:13

ComboFix2.txt 2009-06-20 13:13

ComboFix3.txt 2009-06-16 12:59

Pre-Run: 32.944.840.704 bytes beschikbaar

Post-Run: 32.916.684.800 bytes beschikbaar

Current=2 Default=2 Failed=1 LastKnownGood=4 Sets=1,2,3,4

223 --- E O F --- 2009-06-20 10:03

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 18:25:51, on 21/06/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Apps\ActivBoard\nhksrv.exe

C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe

C:\WINDOWS\system32\slserv.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\WgaTray.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\explorer.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll

O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll

O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll

O4 - HKLM\..\Run: [HTpatch] C:\WINDOWS\htpatch.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Documents and Settings\The Kids\Mijn documenten\Dimitri's Documenten\Bitcomet\BitComet.exe/AddLink.htm

O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Documents and Settings\The Kids\Mijn documenten\Dimitri's Documenten\Bitcomet\BitComet.exe/AddVideo.htm

O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Documents and Settings\The Kids\Mijn documenten\Dimitri's Documenten\Bitcomet\BitComet.exe/AddAllLink.htm

O8 - Extra context menu item: Toevoegen aan de Banner Ad Blokker - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\npjpi160_05.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\npjpi160_05.dll

O9 - Extra button: Statistieken bescherming internetverkeer - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll

O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe

O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll

O16 - DPF: SysInfosCab - https://www.homebanking2.axa.be/clientupgrade/SysInfosCab.cab

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} - https://www-secure.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://pluiskipje.spaces.live.com/PhotoUpload/MsnPUpld.cab?10,0,912,0

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1132077504796

O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://pluiskipje.spaces.live.com/PhotoUpload/MsnPUpld.cab

O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game04.zylom.com/activex/zylomgamesplayer.cab

O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/asa/ctrl/SymAData.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,5142/mcfscan.cab

O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} (PCPitstop Exam) - http://utilities.pcpitstop.com/optimize2/pcpitstop2.dll

O17 - HKLM\System\CCS\Services\Tcpip\..\{E485216F-634A-4D3B-A7C8-6ADD94BB13A8}: NameServer = 195.130.131.4,195.130.130.132

O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: Kaspersky Internet Security (avp) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe

O23 - Service: getPlus® Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - C:\Apps\ActivBoard\nhksrv.exe

O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe

O23 - Service: Virtual CD v4 Security service (SDK - Version) (VCSSecS) - H+H Software GmbH - C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe

--

End of file - 7633 bytes

Link naar reactie
Delen op andere sites

Is mijn pc er zo erg aan toe als het lijkt, of valt het nog mee?
Erg aan toe ? Hangt er maar van af wat je "erg" noemt :-) Je had wel een behoorlijke voorraad malware, een Trojan en een heel hardnekkige rootkit aan boord van je PC. Maar met de laatste bewerking is vooral die rootkit nu toch verdwenen ... en dat is goed nieuws. De huidige logjes zien er goed uit. Blijft de vraag of hiermee de snelheid verbeterd is ?
Link naar reactie
Delen op andere sites

Problemen wat minder erg, dan is het tijd voor de “grote schoonmaak” : verwijderen van gebruikte programma’s, een cleaning en het verwijderen van de besmette herstelpunten. En je JAVA kan een update gebruiken.

Verwijder Combofix: Start -> Uitvoeren en typ: combofix /u

Dit zal Combofix verwijderen + gerelateerde mappen en bestanden, herstelt de klokinstellingen opnieuw, verbergt de bestandsextensies, gaat verborgen bestanden en systeembestanden terug verbergen en maakt een nieuw herstelpunt.

Download CCleaner.

Installeer het en start CCleaner op. Klik in de linkse kolom op “Cleaner”. Klik achtereenvolgens op ‘Analyseren’ en 'Opschonen'. Soms is 1 analyse niet voldoende. Deze procedure mag je herhalen tot de analyse geen fouten meer aangeeft. Klik vervolgens in de linkse kolom op “Register” en klik op ‘Scan naar problemen”. Als er fouten gevonden worden klik je op ”Herstel geselecteerde problemen” en ”OK”. Dan krijg je de vraag om een back-up te maken. Klik op “JA”. Kies dan “Herstel alle geselecteerde fouten”. Sluit hierna CCleaner terug af.

Het is aangewezen om de bestaande herstelpunten te verwijderen (daar zitten besmette herstelpunten tussen die je eventueel zou kunnen terugzetten) door systeemherstel tijdelijk uit te schakelen. Doe dit via Start -> Configuratiescherm -> Systeem -> Systeemherstel -> "Systeemherstel op alle stations uitschakelen" aanvinken. Toepassen en OK. PC herstarten en het vinkje terug weg halen.

Je Java software is verouderd.

Oudere versies hebben lekken die malware de kans geeft om zich te installeren op je systeem.

Download Java Runtime Environment (JRE) 6u14 naar je Bureaublad

Sluit alle programma's die eventueel open zijn - Zeker je web browser!

  • Ga dan naar Start > Configuratiescherm > Software en verwijder alle oudere versies van Java uit de Softwarelijst.
  • Vink alles aan met Java Runtime Environment (JRE of J2SE) in de naam.
  • Klik dan op Verwijderen of op de Wijzig/Verwijder knop.
  • Herhaal dit tot alle oudere versies verdwenen zijn.
  • Na het verwijderen van alle oudere versies, herstart je pc.
  • Dubbelklik vervolgens op jre-6u14-windows-i586-p.s.exe op je Bureaublad om de nieuwste versie van Java te installeren.

That’s it !

Link naar reactie
Delen op andere sites

  • 1 maand later...
Gast
Dit topic is nu gesloten voor nieuwe reacties.
×
×
  • Nieuwe aanmaken...

Belangrijke informatie

We hebben cookies geplaatst op je toestel om deze website voor jou beter te kunnen maken. Je kunt de cookie instellingen aanpassen, anders gaan we er van uit dat het goed is om verder te gaan.