Mededeling

Collapse
No announcement yet.

Help me pls (log included)

Collapse
This topic is closed.
X
X
 
  • Filter
  • Tijd
  • Show
Clear All
new posts

  • Help me pls (log included)

    Er komt steeds een 'Windows has detected spyware on your computer'
    en nog een ander geel driehoekje ernaast.
    Nadat ik dit had kunnen verwijderen...
    Spybot is gerund en 1 Virtumonde is erafgetrapt samen met een doubleclick
    daarna had ik dit logje gemaakt via Hijackthis
    Maar nog steeds kan ik niet alle internetsites openen
    Google wil bijv. geeneens zoeken naar iets, andere sites niet, maar zulke invisionfora's wel, en op netstat zijn er duidelijk TE veel verbindingen

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 20:09:29, on 23-5-2008
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.5730.0013)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    C:\WINDOWS\System32\ezSP_Px.exe
    C:\WINDOWS\AGRSMMSG.exe
    C:\PROGRA~1\Belkin\BELKIN~1\Tool\WinXPDisableZeroConfigation.exe
    C:\WINDOWS\system32\Rundll32.exe
    C:\Program Files\DAEMON Tools Lite\daemon.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\WLTRYSVC.EXE
    C:\WINDOWS\System32\bcmwltry.exe
    C:\WINDOWS\System32\alg.exe
    C:\WINDOWS\explorer.exe
    C:\Program Files\Windows Live\Messenger\usnsvc.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Documents and Settings\sybren\Bureaublad\Favorieten\HiJackThis.exe
    C:\WINDOWS\System32\wbem\wmiprvse.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    O2 - BHO: (no name) - {0CF5D165-517E-48B6-B3C7-3054A24F8BF6} - (no file)
    O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
    O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~2\MEGAUP~1.DLL
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
    O2 - BHO: {5842d6ca-233d-e9c8-5334-e26b4b3cc1cc} - {cc1cc3b4-b62e-4335-8c9e-d332ac6d2485} - C:\WINDOWS\system32\iwovsfwu.dll
    O2 - BHO: (no name) - {EEB8CC03-493D-4CD0-AD68-DB1CCC9D1333} - (no file)
    O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
    O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~2\MEGAUP~1.DLL
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
    O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
    O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
    O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [XpDis0Conf] C:\PROGRA~1\Belkin\BELKIN~1\Tool\WinXPDisableZeroConfigation.exe VEN_14E4&DEV_4320&SUBSYS_70011799 /d
    O4 - HKLM\..\Run: [ISP] C:\Program Files\Sony\ISPselector\ISPselector.exe /SCHEDULER
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    O4 - HKLM\..\Run: [BM2b3d6e1d] Rundll32.exe "C:\WINDOWS\system32\icrolcma.dll",s
    O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
    O8 - Extra context menu item: Download Link Using Mega Manager... - C:\Program Files\Megaupload\Mega Manager\mm_file.htm
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O14 - IERESET.INF: START_PAGE_URL=http://www.club-vaio.sony-europe.com
    O15 - Trusted Zone: *.sony-europe.com
    O15 - Trusted Zone: *.sonystyle-europe.com
    O15 - Trusted Zone: *.vaio-link.com
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1204408921945
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1204409488437
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
    O20 - Winlogon Notify: jkkHYrSJ - jkkHYrSJ.dll (file missing)
    O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
    O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
    O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
    O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
    O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
    O23 - Service: WLTRYSVC - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

    --
    End of file - 7274 bytes
    Last edited by Th3avatar; 23-05-08, 20:34.

  • #2
    Hoi,

    Ik ga even voor je kijken.
    Met vriendelijke groet,
    Blackbird

    Comment


    • #3
      kben net ook Malwarebytes aan t scannen, maar tot nu toe nog niets...

      EDIT:
      met Malwarebytes heb ik er nog 6 gevonden, en lijkt mn internet weer normaal te werken
      met netstat lijkt er ook niets verdachts aanwezig te zijn...
      hieronder nog ff:

      Proto Lokaal adres Extern adres Status
      TCP Computer:1031 localhost:1032 ESTABLISHED
      TCP Computer:1032 localhost:1031 ESTABLISHED
      TCP Computer:1033 localhost:1034 ESTABLISHED
      TCP Computer:1034 localhost:1033 ESTABLISHED
      TCP Computer:1068 by2msg1104213.phx.gbl:1863 ESTABLISHE
      TCP Computer:1118 nhserver.blackgate.nl:http TIME_WAIT
      TCP Computer:1120 nhserver.blackgate.nl:http TIME_WAIT
      TCP Computer:1121 nhserver.blackgate.nl:http TIME_WAIT
      TCP Computer:1124 nhserver.blackgate.nl:http TIME_WAIT
      TCP Computer:1126 nhserver.blackgate.nl:http LAST_ACK
      TCP Computer:1128 nhserver.blackgate.nl:http TIME_WAIT

      ik weet alleen niet wat die blackgate is... zou dat jullie site kunnen zijn? :P
      Maar verder geen irritante pop ups meer, etc etc
      Nog bedankt voor de moeite
      Last edited by Th3avatar; 23-05-08, 21:11.

      Comment


      • #4
        Hoi,

        Welkom op Nucia.nl!

        Volg deze instructies om ComboFix te downloaden.
        Voer de instructies op die pagina uit, inclusief het installeren van de XP Recovery Console.

        Indien je ComboFix al eerder hebt gebruikt, gelieve die versie te verwijderen en ComboFix opnieuw te downloaden via de bovenstaande link. ComboFix wordt namelijk bijna dagelijks geupdate.

        Als je tijdens of na het downloaden van ComboFix of tijdens het gebruik van ComboFix een melding krijgt van je antivirus-of een andere scanner, schakel dan deze scanner uit en download ComboFix opnieuw. Sommige scanners zien bepaalde componenten die ComboFix gebruikt als verdacht en gaan deze blokkeren of verwijderen.
        • Dubbelklik op ComboFix.exe om ComboFix te openen.
          Volg de instructies en aanvaard de disclaimer door op "Ja" te klikken.
          Klik tijdens het draaien van ComboFix NIET in het venster, dit kan je systeem doen vastlopen.

        Wanneer ComboFix klaar is en eventueel na herstart zal er een log (ComboFix.txt) openen.
        Post deze samen met een nieuw logje van HijackThis in je volgende reactie.

        Hoe staat het met de problemen?
        Met vriendelijke groet,
        Blackbird

        Comment


        • #5
          Die zijn allemaal opgelost
          THX iig

          Comment


          • #6
            Zou ik even de logs van ComboFix en HijackThis mogen? Er kunnen nog resten zitten.
            Met vriendelijke groet,
            Blackbird

            Comment


            • #7
              Logfile of Trend Micro HijackThis v2.0.2
              Scan saved at 21:28:12, on 23-5-2008
              Platform: Windows XP SP3 (WinNT 5.01.2600)
              MSIE: Internet Explorer v7.00 (7.00.5730.0013)
              Boot mode: Normal

              Running processes:
              C:\WINDOWS\System32\smss.exe
              C:\WINDOWS\system32\winlogon.exe
              C:\WINDOWS\system32\services.exe
              C:\WINDOWS\system32\lsass.exe
              C:\WINDOWS\system32\svchost.exe
              C:\WINDOWS\System32\svchost.exe
              C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
              C:\WINDOWS\Explorer.EXE
              C:\WINDOWS\system32\ctfmon.exe
              C:\WINDOWS\System32\ezSP_Px.exe
              C:\WINDOWS\AGRSMMSG.exe
              C:\PROGRA~1\Belkin\BELKIN~1\Tool\WinXPDisableZeroConfigation.exe
              C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
              C:\Program Files\DAEMON Tools Lite\daemon.exe
              C:\WINDOWS\system32\spoolsv.exe
              C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
              C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
              C:\WINDOWS\System32\svchost.exe
              C:\WINDOWS\System32\WLTRYSVC.EXE
              C:\WINDOWS\System32\bcmwltry.exe
              C:\Program Files\Windows Live\Messenger\msnmsgr.exe
              C:\Program Files\Windows Live\Messenger\usnsvc.exe
              C:\Program Files\Mozilla Firefox\firefox.exe
              C:\Documents and Settings\sybren\Bureaublad\Favorieten\HiJackThis.exe

              R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
              R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
              R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
              O2 - BHO: (no name) - {0CF5D165-517E-48B6-B3C7-3054A24F8BF6} - (no file)
              O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
              O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~2\MEGAUP~1.DLL
              O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
              O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
              O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
              O2 - BHO: {5842d6ca-233d-e9c8-5334-e26b4b3cc1cc} - {cc1cc3b4-b62e-4335-8c9e-d332ac6d2485} - C:\WINDOWS\system32\iwovsfwu.dll
              O2 - BHO: (no name) - {EEB8CC03-493D-4CD0-AD68-DB1CCC9D1333} - (no file)
              O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
              O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~2\MEGAUP~1.DLL
              O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
              O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
              O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
              O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
              O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
              O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
              O4 - HKLM\..\Run: [XpDis0Conf] C:\PROGRA~1\Belkin\BELKIN~1\Tool\WinXPDisableZeroConfigation.exe VEN_14E4&DEV_4320&SUBSYS_70011799 /d
              O4 - HKLM\..\Run: [ISP] C:\Program Files\Sony\ISPselector\ISPselector.exe /SCHEDULER
              O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
              O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
              O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
              O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
              O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
              O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
              O8 - Extra context menu item: Download Link Using Mega Manager... - C:\Program Files\Megaupload\Mega Manager\mm_file.htm
              O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
              O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
              O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
              O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
              O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
              O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
              O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
              O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
              O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
              O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
              O14 - IERESET.INF: START_PAGE_URL=http://www.club-vaio.sony-europe.com
              O15 - Trusted Zone: *.sony-europe.com
              O15 - Trusted Zone: *.sonystyle-europe.com
              O15 - Trusted Zone: *.vaio-link.com
              O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1204408921945
              O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1204409488437
              O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
              O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
              O20 - Winlogon Notify: jkkHYrSJ - jkkHYrSJ.dll (file missing)
              O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
              O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
              O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
              O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
              O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
              O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
              O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
              O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
              O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
              O23 - Service: WLTRYSVC - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

              --
              End of file - 7371 bytes

              Comment


              • #8
                En de log van ComboFix?
                Met vriendelijke groet,
                Blackbird

                Comment


                • #9
                  ComboFix 08-05-21.3 - sybren 2008-05-23 21:29:36.2 - NTFSx86
                  Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1043.18.160 [GMT 2:00]
                  Gestart vanuit: C:\Documents and Settings\sybren\Bureaublad\Favorieten\ComboFix.exe
                  * Resident AV is active


                  WAARSCHUWING - DE RECOVERY CONSOLE IS NIET OP DIT SYSTEEM GEINSTALLEERD !!
                  .

                  (((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
                  .

                  C:\WINDOWS\BM2b3d6e1d.xml
                  C:\WINDOWS\pskt.ini

                  .
                  (((((((((((((((((((( Bestanden Gemaakt van 2008-04-23 to 2008-05-23 ))))))))))))))))))))))))))))))
                  .

                  2008-05-23 21:18 . 2008-01-07 14:29 352 --ah----- C:\WINDOWS\nod32fixtemdono.reg
                  2008-05-23 21:15 . 2008-05-23 21:15 <DIR> d-------- C:\Program Files\ESET
                  2008-05-23 21:15 . 2008-05-23 21:15 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\ESET
                  2008-05-23 20:26 . 2008-05-23 20:26 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
                  2008-05-23 20:26 . 2008-05-23 20:26 <DIR> d-------- C:\Documents and Settings\sybren\Application Data\Malwarebytes
                  2008-05-23 20:26 . 2008-05-23 20:26 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
                  2008-05-23 20:26 . 2008-05-05 20:46 27,048 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
                  2008-05-23 20:26 . 2008-05-05 20:46 15,864 --a------ C:\WINDOWS\system32\drivers\mbam.sys
                  2008-05-23 19:31 . 2008-05-23 19:31 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
                  2008-05-23 19:31 . 2008-05-23 20:08 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
                  2008-05-23 19:04 . 2008-05-23 21:21 <DIR> dr-h----- C:\Documents and Settings\sybren\Onlangs geopend
                  2008-05-23 17:36 . 2008-05-23 17:36 <DIR> d-------- C:\Program Files\Trend Micro
                  2008-05-23 16:52 . 2008-05-23 16:52 <DIR> d-------- C:\WINDOWS\ERUNT
                  2008-05-23 16:45 . 2008-05-23 17:11 <DIR> d-------- C:\SDFix
                  2008-05-23 16:20 . 2008-05-23 16:20 114,176 --a------ C:\WINDOWS\system32\slhsvwij.dll
                  2008-05-23 16:17 . 2008-05-23 16:17 136,192 --a------ C:\WINDOWS\system32\iwovsfwu.dll
                  2008-05-23 15:37 . 2008-05-23 15:37 <DIR> d-------- C:\Program Files\Lavasoft
                  2008-05-23 15:37 . 2008-05-23 15:39 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
                  2008-05-23 15:14 . 2008-05-23 17:57 <DIR> d-------- C:\Program Files\Spyware Doctor
                  2008-05-23 15:14 . 2008-05-23 15:14 <DIR> d-------- C:\Documents and Settings\sybren\Application Data\PC Tools
                  2008-05-23 15:14 . 2008-05-23 19:03 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
                  2008-05-23 15:14 . 2007-12-10 13:53 81,288 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
                  2008-05-23 15:14 . 2007-12-10 13:53 66,952 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
                  2008-05-23 15:14 . 2008-02-01 11:55 42,376 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
                  2008-05-23 15:14 . 2007-12-10 13:53 29,576 --a------ C:\WINDOWS\system32\drivers\kcom.sys
                  2008-05-23 07:50 . 2008-05-23 07:50 19,456 --a------ C:\WINDOWS\system32\drvtet.dll
                  2008-05-23 07:50 . 2008-05-23 07:50 145 --a------ C:\WINDOWS\system32\winver.bat
                  2008-05-23 07:47 . 2008-05-23 07:47 126,464 --a------ C:\WINDOWS\system32\oyvaxloi.dll
                  2008-05-22 17:35 . 2008-05-22 17:35 <DIR> d-------- C:\Program Files\ImTOO
                  2008-05-22 16:58 . 2008-05-22 17:06 <DIR> d-------- C:\divx
                  2008-05-22 16:43 . 2008-05-22 16:43 <DIR> d-------- C:\Program Files\Xvid
                  2008-05-16 11:58 . 2008-05-16 11:58 12,632 --a------ C:\WINDOWS\system32\lsdelete.exe
                  2008-05-12 15:32 . 2008-05-12 15:32 <DIR> d-------- C:\Program Files\Windows Media Connect 2
                  2008-05-12 15:30 . 2008-05-12 15:30 <DIR> d-------- C:\WINDOWS\system32\LogFiles
                  2008-05-12 15:30 . 2008-05-12 15:31 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF
                  2008-05-12 14:02 . 2008-05-22 20:20 54,156 --ah----- C:\WINDOWS\QTFont.qfn
                  2008-05-12 14:02 . 2008-05-12 14:02 1,409 --a------ C:\WINDOWS\QTFont.for
                  2008-05-11 19:24 . 2008-05-11 20:04 <DIR> d-------- C:\Program Files\YVD
                  2008-05-11 19:24 . 2004-03-29 16:23 90,112 --a------ C:\WINDOWS\unvise32.exe
                  2008-05-10 22:25 . 2008-05-10 22:25 <DIR> d-------- C:\Documents and Settings\sybren\Application Data\Thinstall
                  2008-05-10 21:40 . 2008-04-14 22:32 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
                  2008-05-10 21:27 . 2006-10-18 21:47 8,231,936 --a------ C:\WINDOWS\system32\wmploc.dll
                  2008-05-10 21:25 . 2008-04-13 22:06 144,384 --------- C:\WINDOWS\system32\drivers\hdaudbus.sys
                  2008-05-10 21:25 . 2008-04-14 00:10 10,240 --------- C:\WINDOWS\system32\drivers\sffp_mmc.sys
                  2008-05-10 21:23 . 2006-12-29 00:31 19,569 --a------ C:\WINDOWS\003120_.tmp
                  2008-04-29 11:20 . 2008-04-29 11:20 15,648 --a------ C:\WINDOWS\system32\drivers\NSDriver.sys
                  2008-04-29 11:19 . 2008-04-29 11:19 15,648 --a------ C:\WINDOWS\system32\drivers\Awrtrd.sys
                  2008-04-29 11:19 . 2008-04-29 11:19 12,960 --a------ C:\WINDOWS\system32\drivers\Awrtpd.sys
                  2008-04-27 23:46 . 2008-04-28 04:01 <DIR> d-------- C:\Documents and Settings\sybren\Application Data\DivX
                  2008-04-27 23:45 . 2008-04-27 23:46 <DIR> d-------- C:\Program Files\DivX
                  2008-04-27 23:45 . 2008-02-21 04:05 120,056 --------- C:\WINDOWS\system32\pxcpyi64.exe
                  2008-04-27 23:45 . 2008-02-21 04:05 118,520 --------- C:\WINDOWS\system32\pxinsi64.exe
                  2008-04-27 21:31 . 2008-04-27 21:31 <DIR> d-------- C:\Program Files\Combined Community Codec Pack

                  .
                  ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
                  .
                  2008-05-23 16:53 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater
                  2008-05-23 13:37 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
                  2008-05-22 15:48 --------- d-----w C:\Documents and Settings\sybren\Application Data\uTorrent
                  2008-05-11 16:57 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
                  2008-05-10 19:56 --------- d-----w C:\Program Files\Pcsx2_0.9.4
                  2008-05-07 18:08 --------- d-----w C:\Documents and Settings\sybren\Application Data\MegauploadToolbar
                  2008-04-17 21:14 --------- d-----w C:\Program Files\NOCTURNAL
                  2008-04-16 19:12 --------- d-----w C:\Program Files\TI Education
                  2008-04-16 19:12 --------- d-----w C:\Program Files\Common Files\TI Shared
                  2008-04-14 20:49 1,804 ----a-w C:\WINDOWS\system32\dcache.bin
                  2008-04-14 20:36 332,800 ----a-w C:\WINDOWS\system32\netsetup.exe
                  2008-04-14 20:32 99,840 ----a-w C:\WINDOWS\system32\winscard.dll
                  2008-04-14 20:31 763,904 ----a-w C:\WINDOWS\system32\winntbbu.dll
                  2008-04-14 20:30 9,344 ----a-w C:\WINDOWS\system32\framebuf.dll
                  2008-04-14 20:30 811,064 ----a-w C:\WINDOWS\system32\imjp81k.dll
                  2008-04-14 20:30 7,168 ----a-w C:\WINDOWS\system32\f3ahvoas.dll
                  2008-04-14 20:30 3,584 ----a-w C:\WINDOWS\system32\icmp.dll
                  2008-04-14 20:30 3,072 ----a-w C:\WINDOWS\system32\dpnlobby.dll
                  2008-04-14 20:30 3,072 ----a-w C:\WINDOWS\system32\dpnaddr.dll
                  2008-04-14 20:30 285,696 ----a-w C:\WINDOWS\system32\atmfd.dll
                  2008-04-14 20:30 16,896 ----a-w C:\WINDOWS\system32\cfgmgr32.dll
                  2008-04-14 20:13 80,256 ----a-w C:\WINDOWS\system32\drivers\parport.sys
                  2008-04-14 20:13 73,472 ----a-w C:\WINDOWS\system32\drivers\sr.sys
                  2008-04-14 20:13 68,224 ----a-w C:\WINDOWS\system32\drivers\pci.sys
                  2008-04-14 20:13 46,848 ----a-w C:\WINDOWS\system32\drivers\p3.sys
                  2008-04-14 20:13 120,448 ----a-w C:\WINDOWS\system32\drivers\pcmcia.sys
                  2008-04-14 20:11 4,096 ----a-w C:\WINDOWS\system32\dsprpres.dll
                  2008-04-14 20:11 2,149,888 ----a-w C:\WINDOWS\system32\ntoskrnl.exe
                  2008-04-14 20:11 2,028,544 ----a-w C:\WINDOWS\system32\ntkrnlpa.exe
                  2008-04-14 20:10 800,000 ----a-w C:\WINDOWS\system32\drivers\dmboot.sys
                  2008-04-14 20:10 153,856 ----a-w C:\WINDOWS\system32\drivers\dmio.sys
                  2008-04-14 20:09 88,064 ----a-w C:\WINDOWS\system32\msxml6r.dll
                  2008-04-14 20:09 25,088 ----a-w C:\WINDOWS\system32\drivers\kbdclass.sys
                  2008-04-14 20:09 14,720 ----a-w C:\WINDOWS\system32\drivers\kbdhid.sys
                  2008-04-14 20:08 78,336 ------w C:\WINDOWS\system32\msshavmsg.dll
                  2008-04-14 20:08 40,832 ----a-w C:\WINDOWS\system32\drivers\crusoe.sys
                  2008-04-14 20:08 37,760 ----a-w C:\WINDOWS\system32\drivers\isapnp.sys
                  2008-04-14 20:07 566,784 ----a-w C:\WINDOWS\system32\shdoclc.dll
                  2008-04-14 20:07 50,176 ----a-w C:\WINDOWS\system32\inetres.dll
                  2008-04-14 20:07 40,448 ------w C:\WINDOWS\system32\drivers\intelppm.sys
                  2008-04-14 20:06 65,536 ----a-w C:\WINDOWS\system32\drivers\serial.sys
                  2008-04-14 20:05 53,504 ----a-w C:\WINDOWS\system32\drivers\i8042prt.sys
                  2008-04-14 20:05 1,845,760 ----a-w C:\WINDOWS\system32\win32k.sys
                  2008-04-14 20:04 67,584 ----a-w C:\WINDOWS\system32\browselc.dll
                  2008-04-14 20:04 58,112 ----a-w C:\WINDOWS\system32\drivers\redbook.sys
                  2008-04-14 20:04 273,536 ------w C:\WINDOWS\system32\drivers\bthport.sys
                  2008-04-14 20:04 25,728 ------w C:\WINDOWS\system32\drivers\hidbth.sys
                  2008-04-14 20:04 10,240 ----a-w C:\WINDOWS\system32\gpkrsrc.dll
                  2008-04-14 20:03 53,504 ----a-w C:\WINDOWS\system32\drivers\volsnap.sys
                  2008-04-14 20:02 44,672 ----a-w C:\WINDOWS\system32\drivers\fips.sys
                  2008-04-14 20:02 41,856 ----a-w C:\WINDOWS\system32\drivers\amdk7.sys
                  2008-04-14 20:02 39,936 ----a-w C:\WINDOWS\system32\drivers\processr.sys
                  2008-04-14 20:01 41,472 ----a-w C:\WINDOWS\system32\drivers\amdk6.sys
                  2008-04-14 20:01 103,936 ----a-w C:\WINDOWS\system32\dpcdll.dll
                  2008-04-14 20:00 30,336 ----a-w C:\WINDOWS\system32\drivers\modem.sys
                  2008-04-14 20:00 23,552 ----a-w C:\WINDOWS\system32\drivers\mouclass.sys
                  2008-04-14 20:00 188,544 ----a-w C:\WINDOWS\system32\drivers\acpi.sys
                  2008-04-13 22:58 175,744 ----a-w C:\WINDOWS\system32\drivers\rdbss.sys
                  2008-04-13 22:51 162,816 ----a-w C:\WINDOWS\system32\drivers\netbt.sys
                  2008-04-13 22:50 91,520 ----a-w C:\WINDOWS\system32\drivers\ndiswan.sys
                  2008-04-13 22:50 361,344 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
                  2008-04-13 22:50 182,656 ----a-w C:\WINDOWS\system32\drivers\ndis.sys
                  2008-04-13 22:49 75,264 ----a-w C:\WINDOWS\system32\drivers\ipsec.sys
                  2008-04-13 22:49 51,328 ----a-w C:\WINDOWS\system32\drivers\rasl2tp.sys
                  2008-04-13 22:49 48,384 ----a-w C:\WINDOWS\system32\drivers\raspptp.sys
                  2008-04-13 22:49 146,048 ----a-w C:\WINDOWS\system32\drivers\portcls.sys
                  2008-04-13 22:49 138,112 ----a-w C:\WINDOWS\system32\drivers\afd.sys
                  2008-04-13 22:47 83,072 ----a-w C:\WINDOWS\system32\drivers\wdmaud.sys
                  2008-04-13 22:47 456,576 ----a-w C:\WINDOWS\system32\drivers\mrxsmb.sys
                  2008-04-13 22:47 105,344 ----a-w C:\WINDOWS\system32\drivers\mup.sys
                  2008-04-13 22:46 49,536 ----a-w C:\WINDOWS\system32\drivers\classpnp.sys
                  2008-04-13 22:46 141,056 ----a-w C:\WINDOWS\system32\drivers\ks.sys
                  2008-04-13 22:45 60,800 ----a-w C:\WINDOWS\system32\drivers\sysaudio.sys
                  2008-04-13 22:45 574,976 ----a-w C:\WINDOWS\system32\drivers\ntfs.sys
                  2008-04-13 22:45 334,848 ----a-w C:\WINDOWS\system32\drivers\srv.sys
                  2008-04-13 22:44 63,744 ----a-w C:\WINDOWS\system32\drivers\cdfs.sys
                  2008-04-13 22:44 143,744 ----a-w C:\WINDOWS\system32\drivers\fastfat.sys
                  2008-04-13 22:30 225,664 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
                  2008-04-13 22:30 19,072 ----a-w C:\WINDOWS\system32\drivers\tdi.sys
                  2008-04-13 22:27 41,472 ----a-w C:\WINDOWS\system32\drivers\raspppoe.sys
                  2008-04-13 22:27 40,576 ----a-w C:\WINDOWS\system32\drivers\ndproxy.sys
                  2008-04-13 22:27 34,560 ----a-w C:\WINDOWS\system32\drivers\wanarp.sys
                  2008-04-13 22:27 20,864 ----a-w C:\WINDOWS\system32\drivers\ipinip.sys
                  2008-04-13 22:27 152,832 ----a-w C:\WINDOWS\system32\drivers\ipnat.sys
                  2008-04-13 22:27 14,336 ----a-w C:\WINDOWS\system32\drivers\asyncmac.sys
                  2008-04-13 22:27 10,112 ----a-w C:\WINDOWS\system32\drivers\ndistapi.sys
                  2008-04-13 22:26 88,320 ----a-w C:\WINDOWS\system32\drivers\nwlnkipx.sys
                  2008-04-13 22:26 69,120 ----a-w C:\WINDOWS\system32\drivers\psched.sys
                  2008-04-13 22:26 35,072 ----a-w C:\WINDOWS\system32\drivers\msgpc.sys
                  2008-04-13 22:26 34,688 ----a-w C:\WINDOWS\system32\drivers\netbios.sys
                  2008-04-13 22:26 30,592 ----a-w C:\WINDOWS\system32\drivers\rndismp.sys
                  2008-04-13 22:26 30,592 ------w C:\WINDOWS\system32\drivers\rndismpx.sys
                  2008-04-13 22:26 14,592 ----a-w C:\WINDOWS\system32\drivers\ndisuio.sys
                  2008-04-13 22:26 12,800 ----a-w C:\WINDOWS\system32\drivers\usb8023.sys
                  2008-04-13 22:26 12,800 ------w C:\WINDOWS\system32\drivers\usb8023x.sys
                  2008-04-13 22:26 12,288 ----a-w C:\WINDOWS\system32\drivers\tunmp.sys
                  2008-04-13 22:25 202,624 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
                  2008-04-13 22:24 11,264 ----a-w C:\WINDOWS\system32\drivers\irenum.sys
                  2008-04-13 22:23 71,552 ----a-w C:\WINDOWS\system32\drivers\bridge.sys
                  2008-04-13 22:23 40,320 ----a-w C:\WINDOWS\system32\drivers\nmnt.sys
                  .

                  ((((((((((((((((((((((((((((( [email protected]_18.11.15.21 )))))))))))))))))))))))))))))))))))))))))
                  .
                  - 2008-05-23 16:06:27 2,048 --s-a-w C:\WINDOWS\bootstat.dat
                  + 2008-05-23 19:19:51 2,048 --s-a-w C:\WINDOWS\bootstat.dat
                  + 2008-05-23 19:16:55 10,134 ----a-r C:\WINDOWS\Installer\{57ECFB4D-FE11-491A-9AA0-0AF7C3ABC51D}\callmsi.exe
                  + 2008-05-23 19:16:55 136,448 ----a-r C:\WINDOWS\Installer\{57ECFB4D-FE11-491A-9AA0-0AF7C3ABC51D}\egui.exe
                  + 2007-12-21 06:19:54 39,944 ----a-w C:\WINDOWS\system32\drivers\eamon.sys
                  + 2007-12-21 06:20:14 30,216 ----a-w C:\WINDOWS\system32\drivers\easdrv.sys
                  + 2007-12-21 06:21:56 33,800 ----a-w C:\WINDOWS\system32\drivers\epfwtdir.sys
                  .
                  ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
                  .
                  .
                  REGEDIT4
                  *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

                  [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0CF5D165-517E-48B6-B3C7-3054A24F8BF6}]

                  [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{cc1cc3b4-b62e-4335-8c9e-d332ac6d2485}]
                  2008-05-23 16:17 136192 --a------ C:\WINDOWS\system32\iwovsfwu.dll

                  [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EEB8CC03-493D-4CD0-AD68-DB1CCC9D1333}]

                  [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
                  "DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [2008-02-14 01:09 486856]
                  "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 22:32 15360]

                  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
                  "NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2003-04-02 15:40 4616192]
                  "nwiz"="nwiz.exe" [2003-04-02 15:40 323584 C:\WINDOWS\system32\nwiz.exe]
                  "ezShieldProtector for Px"="C:\WINDOWS\System32\ezSP_Px.exe" [2002-08-20 10:29 40960]
                  "AGRSMMSG"="AGRSMMSG.exe" [2003-05-23 10:43 88363 C:\WINDOWS\AGRSMMSG.exe]
                  "ATIModeChange"="Ati2mdxx.exe" [2001-09-04 16:24 28672 C:\WINDOWS\system32\Ati2mdxx.exe]
                  "ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2003-07-06 13:01 335872]
                  "XpDis0Conf"="C:\PROGRA~1\Belkin\BELKIN~1\Tool\WinXPDisableZeroConfigation.exe" [2004-02-23 17:51 32768]
                  "ISP"="C:\Program Files\Sony\ISPselector\ISPselector.exe" [2002-05-21 07:04 1040896]
                  "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
                  "IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-03 23:32 208952]
                  "egui"="C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" [2007-12-21 08:21 1443072]

                  C:\Documents and Settings\sybren\Menu Start\Programma's\Opstarten\
                  OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 21:24:54 98632]

                  [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
                  "AllowLegacyWebView"= 1 (0x1)
                  "AllowUnhashedWebView"= 1 (0x1)

                  [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\jkkHYrSJ]
                  jkkHYrSJ.dll

                  [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
                  "vidc.I420"= i263_32.drv
                  "vidc.DIV3"= DivXc32.dll
                  "vidc.DIV4"= DivXc32f.dll
                  "vidc.3ivx"= 3ivxVfWCodec.dll
                  "vidc.3iv2"= 3ivxVfWCodec.dll
                  "msacm.divxa32"= divxa32.acm
                  "VIDC.HFYU"= huffyuv.dll
                  "VIDC.i263"= i263_32.drv
                  "msacm.imc"= imc32.acm
                  "VIDC.VP31"= vp31vfw.dll
                  "vidc.ffds"= C:\PROGRA~1\COMBIN~1\Filters\FFDShow\ff_vfw.dll

                  [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Google Updater.lnk]
                  path=C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\Google Updater.lnk
                  backup=C:\WINDOWS\pss\Google Updater.lnkCommon Startup

                  [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
                  --a------ 2007-01-15 17:14 147456 C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe

                  [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
                  --a------ 2006-10-27 01:47 31016 C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

                  [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
                  --a------ 2006-01-12 16:40 155648 C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

                  [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
                  --a------ 2008-03-01 23:44 185896 C:\Program Files\Common Files\Real\Update_OB\realsched.exe

                  [HKEY_LOCAL_MACHINE\software\microsoft\security center]
                  "AntiVirusDisableNotify"=dword:00000001
                  "UpdatesDisableNotify"=dword:00000001

                  [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
                  "%windir%\\system32\\sessmgr.exe"=
                  "C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
                  "C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
                  "C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
                  "C:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe"=
                  "C:\\Program Files\\uTorrent\\uTorrent.exe"=
                  "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
                  "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
                  "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
                  "C:\\Program Files\\YVD\\n00b-IRC.exe"=
                  "C:\\Program Files\\YVD\\YVD Relay Server.exe"=
                  "C:\\Program Files\\YVD\\YGO Virtual Desktop V086.exe"=

                  R1 epfwtdir;epfwtdir;C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2007-12-21 08:21]
                  S2 {09BB444F-B2E2-4009-BAF2-7B727681223E};BuddyVM;D:\Program Files\VMLaunch\BuddyVM.sys

                  .
                  Inhoud van de 'Gedeelde Taken' map
                  "2008-05-07 09:38:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
                  - C:\Program Files\Apple Software Update\SoftwareUpdate.exe
                  .
                  **************************************************************************

                  catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
                  Rootkit scan 2008-05-23 21:32:20
                  Windows 5.1.2600 Service Pack 3 NTFS

                  scannen van verborgen processen ...

                  scannen van verborgen autostart items ...

                  scannen van verborgen bestanden ...

                  Scan succesvol afgerond
                  verborgen bestanden: 0

                  **************************************************************************
                  .
                  Voltooingstijd: 2008-05-23 21:34:19
                  ComboFix-quarantined-files.txt 2008-05-23 19:34:09
                  ComboFix2.txt 2008-05-23 16:12:32

                  Pre-Run: 12,748,902,400 bytes beschikbaar
                  Post-Run: 12,730,478,592 bytes beschikbaar

                  273 --- E O F --- 2008-03-01 22:17:10

                  Comment


                  • #10
                    Je post je logje op meerdere forums:


                    Daarom gaat deze op slot.

                    Comment

                    Working...
                    X