[OPGELOST] Enorm trage pc (Windows Vista)

Nathalieke · 5 juli 2009

ComboFix 09-07-04.09 - Bart 05/07/2009 21:39.3 - NTFSx86

Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.32.1043.18.3326.2344 [GMT 2:00]

Gestart vanuit: c:\users\Bart\Desktop\ComboFix.exe

gebruikte Opdracht switches :: c:\users\Bart\Desktop\CFScript.txt

* Nieuw herstelpunt werd aangemaakt

FILE ::

"C:\$UPGRADE.~OS"

"C:\$WINDOWS.~BT"

"C:\$WINDOWS.~LS"

"C:\32788R22FWJFW.0.tmp"

.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\found.000

c:\found.000\dir0000.chk\{14ED79F4-8DBA-4AC3-BAA0-36E45857B5E4}.qbd

c:\found.000\dir0000.chk\{14ED79F4-8DBA-4AC3-BAA0-36E45857B5E4}.qbi

c:\found.000\dir0000.chk\{45E2989D-071E-4136-AFBB-789794210A35}.qbd

c:\found.000\dir0000.chk\{45E2989D-071E-4136-AFBB-789794210A35}.qbi

c:\found.000\dir0000.chk\{746708CC-8AEC-43FF-8885-1ADC920EFC7E}.qbd

c:\found.000\dir0000.chk\{746708CC-8AEC-43FF-8885-1ADC920EFC7E}.qbi

c:\found.000\dir0000.chk\{F0A093AC-0F24-4E5F-BDF2-F3E108C598DB}.qbd

c:\found.000\dir0000.chk\{F0A093AC-0F24-4E5F-BDF2-F3E108C598DB}.qbi

c:\found.000\file0000.chk

.

(((((((((((((((((((( Bestanden Gemaakt van 2009-06-05 to 2009-07-05 ))))))))))))))))))))))))))))))

.

2009-07-05 19:42 . 2009-07-05 19:42 -------- d-----w- c:\users\Bart\AppData\Local\temp

2009-07-05 19:34 . 2009-07-05 19:32 318976 ----a-w- c:\windows\system32\CF9386.exe

2009-07-05 18:25 . 2009-07-05 18:26 -------- d-----w- C:\32788R22FWJFW.0.tmp

2009-07-05 14:48 . 2009-07-04 02:47 89104 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090705.003\NAVENG.SYS

2009-07-05 14:48 . 2009-07-04 02:47 876144 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090705.003\NAVEX15.SYS

2009-07-05 14:48 . 2009-07-04 02:47 177520 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090705.003\NAVENG32.DLL

2009-07-05 14:48 . 2009-07-04 02:47 1181040 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090705.003\NAVEX32A.DLL

2009-07-05 14:48 . 2009-07-04 02:47 371248 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090705.003\EECTRL.SYS

2009-07-05 14:48 . 2009-07-04 02:47 259368 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090705.003\ECMSVR32.DLL

2009-07-05 14:48 . 2009-07-04 02:47 2414128 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090705.003\CCERASER.DLL

2009-07-05 14:48 . 2009-07-04 02:47 101936 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090705.003\ERASER.SYS

2009-07-05 13:28 . 2009-07-05 13:28 -------- d-----w- c:\program files\Trend Micro

2009-07-05 00:38 . 2009-07-05 00:38 -------- d-----w- C:\$WINDOWS.~LS

2009-07-05 00:14 . 2009-07-05 01:21 -------- d-----w- C:\$UPGRADE.~OS

2009-07-04 23:56 . 2009-07-04 23:56 -------- d-----w- C:\$WINDOWS.~BT

2009-07-04 21:35 . 2009-04-21 11:55 2033152 ----a-w- c:\windows\system32\win32k.sys

2009-07-04 21:34 . 2009-04-23 12:42 636928 ----a-w- c:\windows\system32\localspl.dll

2009-07-04 21:33 . 2009-04-23 12:43 784896 ----a-w- c:\windows\system32\rpcrt4.dll

2009-07-04 21:21 . 2009-04-24 16:05 827904 ----a-w- c:\windows\system32\wininet.dll

2009-07-04 21:21 . 2009-04-24 13:44 26624 ----a-w- c:\windows\system32\ieUnatt.exe

2009-07-04 21:21 . 2009-04-24 16:02 78336 ----a-w- c:\windows\system32\ieencode.dll

2009-07-04 21:06 . 2009-03-16 20:03 533880 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090625.003\Scxpx86.dll

2009-07-04 21:06 . 2009-01-29 21:50 276344 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090625.003\IDSXpx86.sys

2009-07-04 21:06 . 2009-01-29 21:50 292912 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090625.003\IDSvix86.sys

2009-07-04 21:06 . 2009-01-29 21:50 447864 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090625.003\IDSxpx86.dll

2009-07-04 21:06 . 2009-01-29 21:50 396848 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090625.003\IDSviA64.sys

2009-07-04 21:04 . 2009-07-04 21:04 -------- d-----r- c:\program files\Norton Support

2009-07-04 20:56 . 2009-07-04 20:56 -------- d-----w- c:\users\Bart\AppData\Local\Symantec

2009-06-08 18:51 . 2009-03-16 20:03 533880 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090604.001\Scxpx86.dll

2009-06-08 18:51 . 2009-01-29 21:50 276344 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090604.001\IDSXpx86.sys

2009-06-08 18:51 . 2009-01-29 21:50 292912 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090604.001\IDSvix86.sys

2009-06-08 18:51 . 2009-01-29 21:50 447864 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090604.001\IDSxpx86.dll

2009-06-08 18:51 . 2009-01-29 21:50 396848 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090604.001\IDSviA64.sys

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-07-05 15:34 . 2008-01-21 06:47 653042 ----a-w- c:\windows\system32\perfh013.dat

2009-07-05 15:34 . 2008-01-21 06:47 122470 ----a-w- c:\windows\system32\perfc013.dat

2009-07-05 01:46 . 2009-04-22 18:06 -------- d-----w- c:\programdata\Microsoft Help

2009-07-04 20:47 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail

2009-07-04 20:47 . 2009-01-22 23:24 -------- d-----w- c:\program files\Full Tilt Poker

2009-07-04 20:47 . 2009-01-11 22:36 -------- d-----w- c:\program files\PokerStars.NET

2009-07-04 17:03 . 2009-01-10 12:55 1356 ----a-w- c:\users\Bart\AppData\Local\d3d9caps.dat

2009-06-26 11:15 . 2009-02-02 16:09 -------- d-----w- c:\users\Bart\AppData\Roaming\LimeWire

2009-05-15 19:01 . 2009-05-15 19:01 2857 ----a-w- c:\users\Bart\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Borland C++ 4.52\Turbo Debugger for DOS.pif

2009-05-15 19:01 . 2009-05-15 19:01 2855 ----a-w- c:\users\Bart\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Borland C++ 4.52\TDW Configuration.pif

2009-05-15 19:01 . 2009-05-15 19:01 2855 ----a-w- c:\users\Bart\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Borland C++ 4.52\TD Configuration.pif

2009-05-15 18:13 . 2009-01-10 13:19 -------- d--h--w- c:\program files\InstallShield Installation Information

2009-05-15 18:03 . 2009-03-09 17:04 -------- d-----w- c:\program files\Activision

2009-04-22 20:04 . 2009-03-12 11:26 22328 ----a-w- c:\users\Bart\AppData\Roaming\PnkBstrK.sys

2009-04-22 18:28 . 2009-01-10 12:55 99864 ----a-w- c:\users\Bart\AppData\Local\GDIPFONTCACHEV1.DAT

2009-04-07 16:13 . 2009-04-07 12:07 98304 ----a-w- c:\windows\system32\CmdLineExt.dll

.

((((((((((((((((((((((((((((( SnapShot@2009-07-05_18.35.23 )))))))))))))))))))))))))))))))))))))))))

.

+ 2009-07-05 18:29 . 2009-07-05 19:38 6258688 c:\windows\ERDNT\Hiv-backup\schema.dat

- 2009-07-05 18:29 . 2009-07-05 18:29 6258688 c:\windows\ERDNT\Hiv-backup\schema.dat

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-21 1233920]

"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]

"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2007-12-29 486856]

"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-09-17 13580832]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-09-17 92704]

"Launch LgDevAgt"="c:\program files\Logitech\GamePanel Software\LgDevAgt.exe" [2008-11-06 358920]

"Launch LCDMon"="c:\program files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe" [2008-11-06 1548296]

"Launch LGDCore"="c:\program files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" [2008-11-06 2816520]

"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-02-02 136600]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]

"Telemeter 3.0"="c:\program files\Telemeter 3.0\telemeter3.exe" [2007-04-15 1441792]

"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]

c:\users\Bart\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

OneNote 2007 Schermopname en Snel starten.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2007-12-7 101440]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]

@="FSFilter Activity Monitor"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]

"TCP Query User{91B3FE2D-8C28-47EB-82C9-B47BB97E29DF}c:\\program files\\gigabyte\\@bios\\gwflash.exe"= UDP:c:\program files\gigabyte\@bios\gwflash.exe:@BIOS Application

"UDP Query User{31564D9D-AAEC-4CE8-ABB4-3ECF11FBDD54}c:\\program files\\gigabyte\\@bios\\gwflash.exe"= TCP:c:\program files\gigabyte\@bios\gwflash.exe:@BIOS Application

"TCP Query User{8EE09992-C8CD-42AF-8ECB-DB6D1AD3D7F6}c:\\program files\\limewire\\limewire.exe"= UDP:c:\program files\limewire\limewire.exe:LimeWire

"UDP Query User{CD61BA22-FF9B-4990-B363-D8A016F59B88}c:\\program files\\limewire\\limewire.exe"= TCP:c:\program files\limewire\limewire.exe:LimeWire

"TCP Query User{6028DC98-EA6E-482B-8811-868AB853B458}c:\\users\\bart\\appdata\\local\\temp\\blizzard launcher temporary - dc394dd8\\launcher.exe"= UDP:c:\users\bart\appdata\local\temp\blizzard launcher temporary - dc394dd8\launcher.exe:launcher.exe

"UDP Query User{D374C8B9-D57C-4D8C-89E4-02FE47411D62}c:\\users\\bart\\appdata\\local\\temp\\blizzard launcher temporary - dc394dd8\\launcher.exe"= TCP:c:\users\bart\appdata\local\temp\blizzard launcher temporary - dc394dd8\launcher.exe:launcher.exe

"TCP Query User{93B0F763-93C3-44AA-BD76-03D233517DB0}c:\\program files\\activision\\call of duty 2\\cod2mp_s.exe"= UDP:c:\program files\activision\call of duty 2\cod2mp_s.exe:CoD2MP_s

"UDP Query User{D35DAC6A-631F-42B2-ACD4-249CAFDA6DE0}c:\\program files\\activision\\call of duty 2\\cod2mp_s.exe"= TCP:c:\program files\activision\call of duty 2\cod2mp_s.exe:CoD2MP_s

"{86EB1249-E647-4B97-8DB6-8CFCBC92253E}"= UDP:c:\windows\System32\PnkBstrA.exe:PnkBstrA

"{718A051D-718D-4AA1-8465-F8D263A10CDA}"= TCP:c:\windows\System32\PnkBstrA.exe:PnkBstrA

"{FE7FB10D-0480-4FF4-8624-64C4AFFE46C4}"= UDP:c:\windows\System32\PnkBstrB.exe:PnkBstrB

"{249DC281-BED7-4A07-9618-F93DDCEE35EB}"= TCP:c:\windows\System32\PnkBstrB.exe:PnkBstrB

"TCP Query User{C032B5A5-3628-4AA2-BCEE-1100454B87C9}c:\\program files\\activision\\call of duty - world at war\\codwawmp.exe"= UDP:c:\program files\activision\call of duty - world at war\codwawmp.exe:Call of Duty®: World at War Multiplayer

"UDP Query User{CBE3E364-215D-47A8-9F4C-60B231CB13D0}c:\\program files\\activision\\call of duty - world at war\\codwawmp.exe"= TCP:c:\program files\activision\call of duty - world at war\codwawmp.exe:Call of Duty®: World at War Multiplayer

"TCP Query User{F434D531-0206-458E-828A-A552882B910F}c:\\program files\\activision\\call of duty - world at war\\codwaw.exe"= UDP:c:\program files\activision\call of duty - world at war\codwaw.exe:Call of Duty®: World at War Campaign/Coop

"UDP Query User{C8B529C4-C425-46DD-BAD8-34E3A613F405}c:\\program files\\activision\\call of duty - world at war\\codwaw.exe"= TCP:c:\program files\activision\call of duty - world at war\codwaw.exe:Call of Duty®: World at War Campaign/Coop

"TCP Query User{CE191732-B4DC-471D-9E91-CDE4D5526D04}c:\\program files\\empire interactive\\flatout 2\\flatout2.exe"= UDP:c:\program files\empire interactive\flatout 2\flatout2.exe:flatout2

"UDP Query User{AAE75166-C921-4BF1-B56B-4C0A22570885}c:\\program files\\empire interactive\\flatout 2\\flatout2.exe"= TCP:c:\program files\empire interactive\flatout 2\flatout2.exe:flatout2

"{8FA3E8B9-66A9-480C-A684-6C386C41D901}"= UDP:c:\ut2004\System\UT2004.exe:UT2004

"{B27A6579-D5F2-4951-B695-51859AA2A600}"= TCP:c:\ut2004\System\UT2004.exe:UT2004

"{FAB70A62-7C47-426A-91D9-2805C90AD119}"= UDP:c:\program files\Activision\Call of Duty - World at War\CoDWaW.exe:Call of Duty® - World at War

"{2BADFC37-2C72-43AB-A7DF-C2C77762A9B5}"= TCP:c:\program files\Activision\Call of Duty - World at War\CoDWaW.exe:Call of Duty® - World at War

"{204B70FD-EB9C-4C2D-BB7C-839C37498AE8}"= UDP:c:\program files\Activision\Call of Duty - World at War\CoDWaWmp.exe:Call of Duty® - World at War

"{AC91DF88-045C-4616-B9DD-BF39CBC436C5}"= TCP:c:\program files\Activision\Call of Duty - World at War\CoDWaWmp.exe:Call of Duty® - World at War

"{CC0BB44C-8AD1-4FF6-A289-0F334286971F}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook

"{BE425311-6333-445C-95C6-F4F18281BEB9}"= UDP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove

"{C71A4F61-E99E-438A-A2E7-1128BC6EF103}"= TCP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove

"{A6FD5927-E1AB-46BA-AD3E-BEA1BAF3CD80}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote

"{E23D1C1B-E562-481E-8AF9-8333BDEEBAC9}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote

"{1C775344-D9CB-4A7C-AEF4-FBA98B8CEFB8}"= UDP:c:\program files\Microsoft Games\Age of Empires III\age3.exe:Age of Empires III

"{DB6295C6-E6ED-49EF-A35A-EBC2806BE4FF}"= TCP:c:\program files\Microsoft Games\Age of Empires III\age3.exe:Age of Empires III

"{6A639473-CE99-494E-9885-705F4ADCA331}"= UDP:c:\program files\Microsoft Games\Age of Empires III\age3x.exe:Age of Empires III - The WarChiefs

"{345E177B-406A-4927-8CDB-17D0221A9A0B}"= TCP:c:\program files\Microsoft Games\Age of Empires III\age3x.exe:Age of Empires III - The WarChiefs

"{59107EF6-A5E1-429E-9455-8FD9056A4E8B}"= UDP:c:\program files\Microsoft Games\Age of Empires III\age3y.exe:Age of Empires III - The Asian Dynasties

"{3780323C-5E55-47A5-B13A-AFB6D15F1BA8}"= TCP:c:\program files\Microsoft Games\Age of Empires III\age3y.exe:Age of Empires III - The Asian Dynasties

"{7E6B21E5-37D1-46CD-AE62-78544ACBC013}"= UDP:c:\program files\Microsoft Games\Halo 2\halo2.exe:Halo 2

"{EA723E0D-3A0F-4A18-A87F-92C1594C7C85}"= TCP:c:\program files\Microsoft Games\Halo 2\halo2.exe:Halo 2

"{F106E51A-651A-4226-AC23-59362A911389}"= UDP:c:\program files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty® 4 - Modern Warfare

"{D6B13794-F0CD-4AA0-9A4D-0BF2A6BA9D01}"= TCP:c:\program files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty® 4 - Modern Warfare

"{AF59AB23-4D75-41B8-9313-632467373807}"= UDP:c:\users\Public\Documents\Blizzard Entertainment\World of Warcraft\WoW-3.0.9.9551-to-3.1.0.9767-enGB-downloader.exe:Blizzard Downloader

"{318D35FC-5C0B-4E04-BC2E-AD2CC149A1AE}"= TCP:c:\users\Public\Documents\Blizzard Entertainment\World of Warcraft\WoW-3.0.9.9551-to-3.1.0.9767-enGB-downloader.exe:Blizzard Downloader

"{211957A2-B43D-4C22-82B1-55E580C2D5F7}"= UDP:3724:Blizzard Downloader: 3724

"TCP Query User{77FE7AF8-E168-4E03-B30A-B05EA39D2C9E}c:\\users\\public\\games\\world of warcraft\\launcher.exe"= UDP:c:\users\public\games\world of warcraft\launcher.exe:Blizzard Launcher

"UDP Query User{36271937-AAD0-4CD8-A0CD-032BA33EC74F}c:\\users\\public\\games\\world of warcraft\\launcher.exe"= TCP:c:\users\public\games\world of warcraft\launcher.exe:Blizzard Launcher

R0 SymEFA;Symantec Extended File Attributes;c:\windows\System32\drivers\NAV\1005000.086\SymEFA.sys [21/03/2009 14:09 310320]

R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\System32\drivers\NAV\1005000.086\BHDrvx86.sys [21/03/2009 14:08 258608]

R1 ccHP;Symantec Hash Provider;c:\windows\System32\drivers\NAV\1005000.086\cchpx86.sys [21/03/2009 14:08 482352]

R1 IDSVix86;IDSVix86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090604.001\IDSvix86.sys [8/06/2009 20:51 292912]

R2 Norton AntiVirus;Norton AntiVirus;c:\program files\Norton AntiVirus\Engine\16.5.0.134\ccSvcHst.exe [21/03/2009 14:08 115560]

R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [31/05/2009 22:15 101936]

R3 rt61x86;Linksys Wireless-G PCI Adapter Driver;c:\windows\System32\drivers\WMP54Gv41x86.sys [10/01/2009 15:19 286208]

R3 SYMNDISV;Symantec Network Filter Driver;c:\windows\System32\drivers\NAV\1005000.086\symndisv.sys [21/03/2009 14:09 39984]

.

Inhoud van de 'Gedeelde Taken' map

2009-07-04 c:\windows\Tasks\OGADaily.job

- c:\windows\system32\OGAVerify.exe [2008-12-31 15:04]

2009-07-05 c:\windows\Tasks\OGALogon.job

- c:\windows\system32\OGAVerify.exe [2008-12-31 15:04]

.

------- Bijkomende Scan -------

.

uStart Page = hxxp://www.hln.be/

IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000

IE: {{FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - c:\program files\PokerStars.NET\PokerStarsUpdate.exe

FF - ProfilePath - c:\users\Bart\AppData\Roaming\Mozilla\Firefox\Profiles\pzxvfhoj.default\

FF - component: c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\IPSFFPlgn\components\IPSFFPl.dll

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}

.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover

Rootkit scan 2009-07-05 21:42

Windows 6.0.6001 Service Pack 1 NTFS

scannen van verborgen processen ...

scannen van verborgen autostart items ...

scannen van verborgen bestanden ...

Scan succesvol afgerond

verborgen bestanden: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Norton AntiVirus]

"ImagePath"="\"c:\program files\Norton AntiVirus\Engine\16.5.0.134\ccSvcHst.exe\" /s \"Norton AntiVirus\" /m \"c:\program files\Norton AntiVirus\Engine\16.5.0.134\diMaster.dll\" /prefetch:1"

.

--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------

[HKEY_USERS\S-1-5-21-2031088969-280777203-3046643747-1000\Software\SecuROM\License information*]

"datasecu"=hex:ff,a8,0b,32,14,f1,a8,c2,4a,d8,86,c2,6e,8f,7e,0d,3a,62,c9,d2,ca,

4d,b2,b0,c3,44,3c,6f,9c,4a,bc,37,1f,d9,bb,c4,2e,a0,a9,3b,73,99,08,1c,89,4a,\

"rkeysecu"=hex:c6,76,8f,f5,22,2d,43,8f,73,1c,0f,9d,31,6b,cf,9d

.

Voltooingstijd: 2009-07-05 21:44

ComboFix-quarantined-files.txt 2009-07-05 19:44

ComboFix2.txt 2009-07-05 18:37

Pre-Run: 337.248.198.656 bytes beschikbaar

Post-Run: 337.193.304.064 bytes beschikbaar

207 --- E O F --- 2009-07-05 02:29

kape · 5 juli 2009

Kan je eens bekijken wat deze mappen bevatten ?

"C:\$UPGRADE.~OS"

"C:\$WINDOWS.~BT"

"C:\$WINDOWS.~LS"

Nathalieke · 5 juli 2009

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 15:33:06, on 5/07/2009

Platform: Windows Vista SP1 (WinNT 6.00.1905)

MSIE: Internet Explorer v7.00 (7.00.6001.18248)

Boot mode: Normal

Running processes:

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\taskeng.exe

C:\Program Files\Windows Defender\MSASCui.exe

C:\Windows\System32\rundll32.exe

C:\Program Files\Logitech\GamePanel Software\LGDevAgt.exe

C:\Program Files\Java\jre6\bin\jusched.exe

C:\Program Files\Telemeter 3.0\Telemeter3.exe

C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files\Logitech\GamePanel Software\LCD Manager\lcdmon.exe

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\Program Files\DAEMON Tools Lite\daemon.exe

C:\Program Files\Norton AntiVirus\Engine\16.5.0.134\ccSvcHst.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDClock.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\PROGRA~1\Java\jre6\bin\jp2launcher.exe

C:\Program Files\Java\jre6\bin\java.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = HLN home

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O1 - Hosts: ::1 localhost

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton AntiVirus\Engine\16.5.0.134\IPSBHO.DLL

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll

O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [Launch LgDevAgt] "C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe"

O4 - HKLM\..\Run: [Launch LCDMon] "C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe"

O4 - HKLM\..\Run: [Launch LGDCore] "C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" /SHOWHIDE

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Telemeter 3.0] "C:\Program Files\Telemeter 3.0\telemeter3.exe"

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe"

O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')

O4 - Startup: OneNote 2007 Schermopname en Snel starten.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE

O4 - Startup: OneNote-inhoudsopgave.onetoc2

O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000

O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL

O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Programs\PartyGaming.Net\PartyPokerNet\RunPF.exe (file missing)

O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Programs\PartyGaming.Net\PartyPokerNet\RunPF.exe (file missing)

O9 - Extra button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files\PokerStars.NET\PokerStarsUpdate.exe

O13 - Gopher Prefix:

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: Norton AntiVirus - Symantec Corporation - C:\Program Files\Norton AntiVirus\Engine\16.5.0.134\ccSvcHst.exe

O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe

--

End of file - 6535 bytes

---------- Post added at 22:34 ---------- Previous post was at 22:29 ----------

In de mappen steken volgende mappen:

"C:\$UPGRADE.~OS"

OnlineEnGatherWork

OnlineMigGatherWork

OnlineUpgrateGatherWork

ReassembledDrivers

...

"C:\$WINDOWS.~BT"

Map Sources

$WimDesc"C:\$WINDOWS.~LS"

map Setup Temp

map Sources

---------- Post added at 22:46 ---------- Previous post was at 22:34 ----------

Qua snelheid is hij nog niet heel veel verbeterd. Hij start al iets sneller op, maar is nog altijd niet echt werkzaam..

Nathalieke · 5 juli 2009

Ik heb ondertussen MBAM kunnen laten draaien nadat ik daarnet de pc nog eens opnieuw had opgestart. (dit duurt nog steeds zo'n 5 minuten) Hierbij het log:

Malwarebytes' Anti-Malware 1.38

Database versie: 2377

Windows 6.0.6001 Service Pack 1

5/07/2009 23:03:27

mbam-log-2009-07-05 (23-03-27).txt

Scan type: Snelle Scan

Objecten gescand: 79458

Verstreken tijd: 7 minute(s), 11 second(s)

Geheugenprocessen geïnfecteerd: 0

Geheugenmodulen geïnfecteerd: 0

Registersleutels geïnfecteerd: 0

Registerwaarden geïnfecteerd: 0

Registerdata bestanden geïnfecteerd: 0

Mappen geïnfecteerd: 0

Bestanden geïnfecteerd: 1

Geheugenprocessen geïnfecteerd: