Mededeling

Collapse
No announcement yet.

Richard's HJT log

Collapse
X
  •  
  • Filter
  • Tijd
  • Show
Clear All
new posts

  • Richard's HJT log

    N.a.v. dit draadje: http://www.nucia.eu/forum/showthread.php?t=49373
    deze log geplaatst.

    Logfile of HijackThis v1.99.1
    Scan saved at 17:56:08, on 18.06.2009
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\PCHealth\HelpCtr\Binaries\HelpSvc.exe
    C:\Documents and Settings\Richard Klok\Mijn documenten\Mijn ontvangen bestanden\hijackthis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startpagina.nl/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
    O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [NeroFilterCheck] "C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe"
    O4 - HKLM\..\Run: [RTHDCPL] "C:\WINDOWS\RTHDCPL.EXE"
    O4 - HKLM\..\Run: [Alcmtr] "C:\WINDOWS\ALCMTR.EXE"
    O4 - HKLM\..\Run: [DrvIcon] C:\Program Files\Vista Drive Icon\DrvIcon.exe
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "K:\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
    O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
    O4 - HKLM\..\Run: [LVCOMSX] "C:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
    O4 - HKCU\..\Run: [Taskbar Shuffle] C:\Program Files\Taskbar Shuffle\taskbarshuffle.exe
    O4 - Startup: MemInfo.lnk = C:\Program Files\MemInfo\meminfo.exe
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O4 - Global Startup: Logitech SetPoint.lnk = ?
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
    O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
    O9 - Extra 'Tools' menuitem: Mobiele favorieten maken... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O11 - Options group: [INTERNATIONAL] International
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab
    O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary...r.cab56986.cab
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
    O20 - AppInit_DLLs:
    O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
    O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
    O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - Unknown owner - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
    O23 - Service: Google Update Service (gupdate1c9870d610ff972) (gupdate1c9870d610ff972) - Unknown owner - C:\Program Files\Google\Update\GoogleUpdate.exe" /svc (file missing)
    O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: Imapi Helper - Unknown owner - C:\Program Files\Alex Feinman\ISO Recorder\ImapiHelper.exe (file missing)
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Unknown owner - C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf (file missing)
    O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
    O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
    O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
    O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
    Last edited by MeeCrobe; 18-06-09, 18:01.

  • #2
    Hoi Richard ,

    Ik zal naar je logje kijken.

    Ik ben echter Begeleid helper en zal daarom mijn fix eerst moeten laten controleren. Het kan dus iets langer duren.

    Tjibbe

    Comment


    • #3
      Hoi Richard ,

      1. Je gebruikt een oude versie van Hijackthis. Installeer deze nieuwe versie: http://www.trendsecure.com/portal/en...HJTInstall.exe

      2. Start Hijackthis, en kies voor 'Do a system scan only'. Vink, indien aanwezig, onderstaande regel aan:

      O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
      O4 - HKLM\..\Run: [Alcmtr] "C:\WINDOWS\ALCMTR.EXE"
      O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
      O20 - AppInit_DLLs:
      O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)


      Sluit nu alle openstaande vensters, behalve Hijackthis en klik op 'Fix Checked.'

      Herstart nu je computer

      3. Download Combofix naar je Bureaublad.
      OPMERKING: indien je, tijdens of na het downloaden van Combofix of tijdens het gebruik van Combofix een melding krijgt van je Antivirus- of een andere realtime scanner, schakel dan deze scanner uit en download Combofix opnieuw.
      Sommige scanners zien bepaalde componenten die Combofix gebruikt als verdacht en gaan deze blokkeren of verwijderen!
      • Klik met de rechtermuisknop op Combofix en wijzig de naam naar bijvoorbeeld: test.exe
      • Dubbelklik op Combofix.exe om het te starten.
      • Indien je Combofix al eerder hebt gebruikt, kan je een waarschuwing krijgen dat een update beschikbaar is. Sta toe dat ComboFix wordt geupdate.
      • Klik op OK in het "NirCmd" venstertje.
      • Indien de Recovery Console niet ge├»nstalleerd is, wordt je gevraagd om dit alsnog te doen door op JA te klikken in het "Query - Recovery Console" venster.
      • Klik op OK en Ja om automatisch de Recovery Console te laten installeren.
      • Klik na afloop terug op Ja om het scannen op malware te starten.
      • Tijdens het runnen van de fix, NIET in het venster klikken, want dit zal je pc doen vasthangen.
      • Wanneer de fix voltooid is en na herstart, zal de log Combofix.txt openen.


      Post het Combofixlogje samen met een nieuw Hijackthislogje in je volgende antwoord.

      Succes!

      Tjibbe

      Comment


      • #4
        Combofix log:

        ComboFix 09-06-17.04 - Richard Klok 18.06.2009 19:31.1 - NTFSx86
        Microsoft Windows XP Home Edition 5.1.2600.3.1252.31.1043.18.2047.1590 [GMT 2:00]
        Gestart vanuit: c:\documents and settings\Richard Klok\Bureaublad\ComboFix.exe

        WAARSCHUWING - DE RECOVERY CONSOLE IS NIET OP DIT SYSTEEM GEINSTALLEERD !!
        .
        /wow section - STAGE 1
        PV wordt niet herkend als een interne
        of externe opdracht, programma of batchbestand.


        (((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
        .

        c:\windows\system32\drivers\SKYNETyxbiqaqf.sys
        c:\windows\system32\SKYNETjnbnsqpu.dll
        c:\windows\system32\SKYNETrvgwaybi.dll
        c:\windows\system32\SKYNETrwolijup.dat
        c:\windows\system32\SKYNETtfnhnecw.dat
        c:\windows\system32\_003523_.tmp.dll
        c:\windows\system32\_003524_.tmp.dll
        c:\windows\system32\_003525_.tmp.dll
        c:\windows\system32\_003526_.tmp.dll
        c:\windows\system32\_003533_.tmp.dll
        c:\windows\system32\_003534_.tmp.dll
        c:\windows\system32\_003535_.tmp.dll
        c:\windows\system32\_003536_.tmp.dll
        c:\windows\system32\_003538_.tmp.dll
        c:\windows\system32\_003539_.tmp.dll
        c:\windows\system32\_003542_.tmp.dll
        c:\windows\system32\_003543_.tmp.dll
        c:\windows\system32\_003545_.tmp.dll
        c:\windows\system32\_003546_.tmp.dll
        c:\windows\system32\_003547_.tmp.dll
        c:\windows\system32\drivers\SKYNETyxbiqaqf.sys
        c:\windows\system32\SKYNETjnbnsqpu.dll
        c:\windows\system32\SKYNETrvgwaybi.dll
        c:\windows\system32\SKYNETrwolijup.dat
        c:\windows\system32\SKYNETtfnhnecw.dat

        .
        ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
        .

        -------\Service_SKYNETkkylkvvk
        -------\Legacy_6TO4
        -------\Service_6to4


        (((((((((((((((((((( Bestanden Gemaakt van 2009-05-18 to 2009-06-18 ))))))))))))))))))))))))))))))
        .

        2009-06-17 18:38 . 2009-06-17 18:38 -------- d-----w- c:\documents and settings\Richard Klok\Application Data\Malwarebytes
        2009-06-17 18:38 . 2009-06-17 18:38 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Malwarebytes
        2009-06-17 18:38 . 2009-05-26 11:20 40160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
        2009-06-17 18:38 . 2009-05-26 11:19 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
        2009-06-17 18:09 . 2009-06-17 18:09 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy
        2009-06-17 18:08 . 2009-06-17 18:08 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Lavasoft
        2009-06-17 16:42 . 2009-06-17 23:02 664 ----a-w- c:\windows\system32\d3d9caps.dat
        2009-06-17 15:40 . 2009-06-17 15:40 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
        2009-06-17 13:34 . 2009-06-17 13:34 68096 ----a-w- c:\windows\system32\drivers\qmqbvtnemxnwtiqj.sys
        2009-06-16 11:50 . 2009-06-16 15:49 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Test Drive Unlimited
        2009-06-16 11:45 . 2009-06-16 11:45 49152 ----a-r- c:\documents and settings\Richard Klok\Application Data\Microsoft\Installer\{C37A0BC1-52EE-4F97-8223-5CA9FC0357B0}\ARPPRODUCTICON.exe
        2009-06-12 20:45 . 2009-06-12 20:45 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Electronic Arts
        2009-06-12 20:44 . 2009-06-12 20:44 10134 ----a-r- c:\documents and settings\Richard Klok\Application Data\Microsoft\Installer\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}\ARPPRODUCTICON.exe
        2009-06-12 20:44 . 2008-09-04 18:17 447752 ----a-w- c:\windows\system32\vp6vfw.dll
        2009-06-12 20:44 . 2009-06-12 20:44 -------- d-----w- c:\program files\Microsoft WSE
        2009-06-12 20:41 . 2009-06-12 20:41 152576 ----a-w- c:\documents and settings\Richard Klok\Application Data\Sun\Java\jre1.6.0_13\lzma.dll
        2009-06-12 18:37 . 2009-06-12 18:37 -------- d-----w- c:\program files\SimBin
        2009-06-12 18:37 . 2009-06-12 18:37 15872 ----a-r- c:\documents and settings\Richard Klok\Application Data\Microsoft\Installer\{048298C9-A4D3-490B-9FF9-AB023A9238F3}\Icon048298C9.exe
        2009-06-12 13:54 . 2009-06-12 13:54 -------- d-----w- c:\windows\ASTULogTemp
        2009-06-11 23:52 . 2009-06-11 23:52 -------- d-----w- c:\program files\Microsoft.NET
        2009-06-10 21:35 . 2009-06-10 21:41 -------- d-----w- c:\documents and settings\Richard Klok\Application Data\RevoluTV
        2009-06-10 21:32 . 2009-06-18 17:42 -------- d-----w- c:\program files\Taskbar Shuffle
        2009-06-10 20:00 . 2009-06-10 20:00 -------- d-sh--w- c:\documents and settings\Richard Klok\IECompatCache
        2009-06-10 17:30 . 2009-04-30 21:18 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
        2009-06-10 17:30 . 2009-04-30 21:17 1985024 -c----w- c:\windows\system32\dllcache\iertutil.dll
        2009-06-10 17:30 . 2009-04-30 21:17 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll
        2009-06-10 17:30 . 2009-04-30 21:17 11064832 -c----w- c:\windows\system32\dllcache\ieframe.dll
        2009-06-06 23:40 . 2009-06-06 23:41 -------- d-----w- c:\program files\Common Files\DivX Shared
        2009-06-05 14:12 . 1999-05-29 07:39 45568 ----a-w- c:\windows\UniFish3.exe
        2009-06-01 18:31 . 2009-06-01 18:31 -------- d-sh--w- c:\documents and settings\Richard Klok\PrivacIE
        2009-06-01 17:58 . 2009-06-01 20:25 -------- d-----w- c:\documents and settings\Richard Klok\Application Data\Hamachi
        2009-06-01 17:57 . 2009-06-01 17:57 25280 ----a-w- c:\windows\system32\drivers\hamachi.sys
        2009-05-30 23:31 . 2009-05-30 23:31 -------- d-sh--w- c:\documents and settings\Richard Klok\IETldCache
        2009-05-30 11:32 . 2009-06-11 00:04 -------- d-----w- c:\windows\ie8updates
        2009-05-30 11:32 . 2009-05-12 05:11 102912 -c----w- c:\windows\system32\dllcache\iecompat.dll
        2009-05-30 11:30 . 2009-05-30 11:32 -------- dc-h--w- c:\windows\ie8
        2009-05-30 00:12 . 2009-05-30 00:12 3584 ----a-r- c:\documents and settings\Richard Klok\Application Data\Microsoft\Installer\{121634B0-2F4B-11D3-ADA3-00C04F52DD52}\Icon386ED4E3.exe
        2009-05-30 00:12 . 2009-05-30 00:12 -------- d-----w- c:\program files\Windows Installer Clean Up
        2009-05-29 11:10 . 2009-05-29 11:10 -------- d-----w- c:\documents and settings\Richard Klok\Application Data\Logitech
        2009-05-29 11:09 . 2009-05-29 11:09 10134 ----a-r- c:\documents and settings\Richard Klok\Application Data\Microsoft\Installer\{8CC990CD-87C8-475C-AC32-8A7984E2FCFA}\ARPPRODUCTICON.exe
        2009-05-29 11:09 . 2007-01-29 23:46 69632 ----a-w- c:\windows\system32\KemXML.dll
        2009-05-29 11:09 . 2007-01-29 23:46 163840 ----a-w- c:\windows\system32\kemutb.dll
        2009-05-29 11:09 . 2007-01-29 23:46 110592 ----a-w- c:\windows\system32\KemWnd.dll
        2009-05-29 11:09 . 2007-01-29 23:46 135168 ----a-w- c:\windows\system32\KemUtil.dll
        2009-05-29 11:09 . 2009-05-29 11:09 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Logitech
        2009-05-29 11:09 . 2009-05-29 11:09 10134 ----a-r- c:\documents and settings\Richard Klok\Application Data\Microsoft\Installer\{C89C8D86-4423-4A58-AA40-DD259ACE07C1}\ARPPRODUCTICON.exe
        2009-05-27 21:43 . 2009-05-27 21:43 48128 ----a-w- C:\hsyte12.exe
        2009-05-26 18:02 . 2009-05-30 00:12 -------- d-----w- c:\program files\MSECache
        2009-05-21 16:59 . 2009-05-21 16:59 -------- d-----w- c:\documents and settings\Richard Klok\Local Settings\Application Data\Criterion Games
        2009-05-21 16:58 . 2009-05-21 16:58 11982 ----a-w- c:\windows\system32\ealregsnapshot1.reg
        2009-05-21 16:57 . 2009-05-21 16:57 -------- d-----w- c:\documents and settings\Richard Klok\Local Settings\Application Data\Downloaded Installations

        .
        ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
        .
        2009-06-18 17:45 . 2002-09-11 12:00 84362 ----a-w- c:\windows\system32\perfc013.dat
        2009-06-18 17:45 . 2002-09-11 12:00 493236 ----a-w- c:\windows\system32\perfh013.dat
        2009-06-17 09:42 . 2009-02-04 21:12 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Google Updater
        2009-06-15 20:13 . 2008-12-19 20:00 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\TrackMania
        2009-06-14 20:25 . 2009-05-17 18:47 -------- d-----w- c:\documents and settings\Richard Klok\Application Data\Winamp
        2009-06-12 20:45 . 2008-09-05 12:53 -------- d-----w- c:\program files\Electronic Arts
        2009-06-12 20:43 . 2008-06-26 23:30 -------- d-----w- c:\program files\Java
        2009-06-12 20:39 . 2008-04-30 14:06 -------- d--h--w- c:\program files\InstallShield Installation Information
        2009-06-06 23:41 . 2008-05-09 22:52 -------- d-----w- c:\program files\DivX
        2009-05-29 11:10 . 2008-06-01 12:10 -------- d-----w- c:\program files\Common Files\Logishrd
        2009-05-29 11:09 . 2009-05-29 11:09 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_LMouFilt_01005.Wdf
        2009-05-29 11:08 . 2008-04-30 15:30 -------- d-----w- c:\program files\Common Files\Logitech
        2009-05-27 20:17 . 2008-10-05 17:04 26896 ----a-w- c:\documents and settings\Richard Klok\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
        2009-05-27 10:51 . 2008-05-31 17:40 -------- d-----w- c:\program files\SpeedFan
        2009-05-26 23:35 . 2009-03-13 16:11 1 ----a-w- c:\documents and settings\Richard Klok\Application Data\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
        2009-05-26 14:19 . 2009-05-07 13:46 -------- d-----w- c:\program files\HP
        2009-05-22 11:16 . 2008-04-30 15:30 -------- d-----w- c:\program files\Logitech
        2009-05-21 11:07 . 2009-01-10 08:44 82080 ----a-w- c:\windows\system32\drivers\inspect.sys
        2009-05-21 11:07 . 2009-01-10 08:44 24096 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
        2009-05-21 11:07 . 2009-01-10 08:44 168208 ----a-w- c:\windows\system32\guard32.dll
        2009-05-21 11:07 . 2009-01-10 08:44 132640 ----a-w- c:\windows\system32\drivers\cmdguard.sys
        2009-05-20 15:48 . 2009-01-14 18:03 -------- d-----w- c:\program files\Microsoft ActiveSync
        2009-05-18 22:49 . 2008-08-09 15:45 -------- d-----w- c:\program files\Frets on Fire
        2009-05-18 17:15 . 2008-04-30 22:09 -------- d-----w- c:\program files\eMule
        2009-05-17 18:48 . 2009-05-17 18:47 -------- d-----w- c:\program files\Winamp
        2009-05-13 05:06 . 2008-10-05 18:07 915456 ----a-w- c:\windows\system32\wininet.dll
        2009-05-08 21:07 . 2008-11-07 19:40 1530368 ----a-w- c:\documents and settings\LocalService.NT AUTHORITY\Local Settings\Application Data\FontCache3.0.0.0.dat
        2009-05-07 15:34 . 2008-10-05 18:07 347136 ----a-w- c:\windows\system32\localspl.dll
        2009-05-07 15:23 . 2009-05-07 15:23 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Codemasters
        2009-05-07 15:15 . 2009-03-17 22:31 444952 ----a-w- c:\windows\system32\wrap_oal.dll
        2009-05-07 15:15 . 2009-03-17 22:31 109080 ----a-w- c:\windows\system32\OpenAL32.dll
        2009-05-07 15:15 . 2009-03-17 22:31 -------- d-----w- c:\program files\OpenAL
        2009-05-07 13:52 . 2009-05-07 13:52 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\WEBREG
        2009-05-07 13:52 . 2009-05-07 13:44 177676 ----a-w- c:\windows\hpoins28.dat
        2009-05-07 13:51 . 2009-05-07 13:51 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\HP
        2009-05-07 13:51 . 2009-05-07 13:51 -------- d-----w- c:\program files\Common Files\HP
        2009-05-07 13:50 . 2009-05-07 13:50 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Hewlett-Packard
        2009-05-06 21:03 . 2009-05-06 21:03 -------- d-----w- c:\documents and settings\Richard Klok\Application Data\Apple Computer
        2009-05-06 21:01 . 2009-05-06 21:01 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Apple Computer
        2009-05-06 21:01 . 2009-05-06 21:01 -------- d-----w- c:\program files\Apple Software Update
        2009-05-06 21:01 . 2009-05-06 21:01 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Apple
        2009-05-06 20:58 . 2009-05-06 20:58 -------- d-----w- c:\documents and settings\Richard Klok\Application Data\vlc
        2009-05-06 14:30 . 2009-05-06 14:30 -------- d-----w- c:\documents and settings\Richard Klok\Application Data\Pariahware
        2009-05-04 22:23 . 2009-05-04 22:23 3120600 ----a-w- c:\documents and settings\Richard Klok\Application Data\ProtectDisc\pe17be1731.dll
        2009-05-04 22:23 . 2009-02-11 13:27 -------- d-----w- c:\documents and settings\Richard Klok\Application Data\ProtectDisc
        2009-05-01 21:02 . 2009-05-01 21:02 90112 ----a-w- c:\windows\system32\dpl100.dll
        2009-05-01 21:02 . 2009-05-01 21:02 823296 ----a-w- c:\windows\system32\divx_xx0c.dll
        2009-05-01 21:02 . 2009-05-01 21:02 823296 ----a-w- c:\windows\system32\divx_xx07.dll
        2009-05-01 21:02 . 2009-05-01 21:02 815104 ----a-w- c:\windows\system32\divx_xx0a.dll
        2009-05-01 21:02 . 2009-05-01 21:02 811008 ----a-w- c:\windows\system32\divx_xx16.dll
        2009-05-01 21:02 . 2009-05-01 21:02 802816 ----a-w- c:\windows\system32\divx_xx11.dll
        2009-05-01 21:02 . 2009-05-01 21:02 685056 ----a-w- c:\windows\system32\DivX.dll
        2009-04-21 22:20 . 2009-04-21 22:20 14311680 ----a-w- c:\windows\system32\xlive.dll
        2009-04-21 22:20 . 2009-04-21 22:20 13642496 ----a-w- c:\windows\system32\xlivefnt.dll
        2009-04-19 19:51 . 2008-10-05 18:07 1847296 ----a-w- c:\windows\system32\win32k.sys
        2009-04-15 14:55 . 2008-10-05 18:07 585216 ----a-w- c:\windows\system32\rpcrt4.dll
        2008-05-22 12:51 . 2008-05-22 12:51 2676954 ----a-w- c:\program files\BPFTP Server.rar
        2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
        2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
        2008-11-21 21:36 . 2008-11-21 21:36 61 --sh--w- c:\windows\cnerolf.dat
        2006-05-03 10:06 . 2009-02-16 01:59 163328 --sh--r- c:\windows\system32\flvDX.dll
        2007-02-21 11:47 . 2009-02-16 01:59 31232 --sh--r- c:\windows\system32\msfDX.dll
        2008-03-16 13:30 . 2009-02-16 01:59 216064 --sh--r- c:\windows\system32\nbDX.dll
        .

        ------- Sigcheck -------

        [-] 2008-04-14 21:33 1427968 8CE3B2402A303DD5C0219DE2C3F10C91 c:\windows\explorer.exe
        [-] 2007-06-13 13:12 1036800 1D6245AFBD3FAABC16A885116BE1874D c:\windows\$hf_mig$\KB938828\SP2QFE\explorer.exe
        [-] 2007-06-13 13:24 1427456 C17E18EB83C0E02FCF75C0593E1E32BB c:\windows\$NtServicePackUninstall$\explorer.exe
        [7] 2008-04-14 21:33 1037312 AA04F042A820BF1868E643575887E1A6 c:\windows\ServicePackFiles\i386\explorer.exe
        [7] 2008-04-14 17:02 1037312 AA04F042A820BF1868E643575887E1A6 c:\windows\SoftwareDistribution\Download\52e37a490e891c02ec3dfa4c57672666\explorer.exe
        [7] 2008-04-14 21:33 1037312 AA04F042A820BF1868E643575887E1A6 c:\windows\system32\VITrans\explorer.exe
        .
        ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
        .
        .
        *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
        REGEDIT4

        [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
        "CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
        "DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-08-08 490952]
        "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-27 152872]
        "MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
        "H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 1289000]
        "Taskbar Shuffle"="c:\program files\Taskbar Shuffle\taskbarshuffle.exe" [2008-04-16 818176]

        [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
        "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-01-15 13680640]
        "avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]
        "NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
        "RTHDCPL"="c:\windows\RTHDCPL.EXE" [2008-09-24 16859648]
        "DrvIcon"="c:\program files\Vista Drive Icon\DrvIcon.exe" [2008-04-13 49152]
        "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-01-15 86016]
        "COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2009-05-21 1794320]
        "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
        "QuickTime Task"="k:\quicktime\qttask.exe" [2009-01-05 413696]
        "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
        "LogitechCommunicationsManager"="c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-01-12 488984]
        "LVCOMSX"="c:\program files\Common Files\LogiShrd\LComMgr\LVComSX.exe" [2007-01-12 244512]
        "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
        "nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2009-01-15 1657376]
        "Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" - c:\windows\KHALMNPR.Exe [2007-01-23 101136]

        [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
        "CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]

        c:\documents and settings\Richard\Menu Start\Programma's\Opstarten\
        MemInfo.lnk - c:\program files\MemInfo\meminfo.exe [2008-1-13 724480]

        c:\documents and settings\Richard Klok\Menu Start\Programma's\Opstarten\
        MemInfo.lnk - c:\program files\MemInfo\meminfo.exe [2008-1-13 724480]

        c:\documents and settings\All Users.WINDOWS\Menu Start\Programma's\Opstarten\
        HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2008-3-25 214360]
        Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2009-5-29 688128]
        Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]

        [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
        "UIHost"=hex(2):76,69,73,74,61,75,69,2e,65,78,65,00

        [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
        @=""

        [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
        "EnableFirewall"= 0 (0x0)

        [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
        "%windir%\\system32\\sessmgr.exe"=
        "d:\\World in Conflict\\wic.exe"=
        "d:\\World in Conflict\\wic_online.exe"=
        "d:\\World in Conflict\\wic_ds.exe"=
        "d:\\S.T.A.L.K.E.R. - Shadow of Chernobyl\\bin\\XR_3DA.exe"=
        "d:\\S.T.A.L.K.E.R. - Shadow of Chernobyl\\bin\\dedicated\\XR_3DA.exe"=
        "d:\\Battlefield 2\\BF2.exe"=
        "c:\\WINDOWS\\system32\\PnkBstrA.exe"=
        "c:\\WINDOWS\\system32\\PnkBstrB.exe"=
        "d:\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
        "c:\\Documents and Settings\\All Users.WINDOWS\\Application Data\\NexonUS\\NGM\\NGM.exe"=
        "c:\\Program Files\\Deep Silver\\S.T.A.L.K.E.R. - Clear Sky\\bin\\xrEngine.exe"=
        "c:\\Program Files\\Deep Silver\\S.T.A.L.K.E.R. - Clear Sky\\bin\\dedicated\\xrEngine.exe"=
        "c:\\WINDOWS\\system32\\dpnsvr.exe"=
        "h:\\Axence\\NetTools\\3.1\\nVision.exe"=
        "k:\\Rockstar Games\\Rockstar Games Social Club\\Rockstar Games Social Club\\RGSCLauncher.exe"=
        "k:\\Rockstar Games\\GTA IV\\Grand Theft Auto IV\\LaunchGTAIV.exe"=
        "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
        "k:\\EA Games\\Mirror's Edge\\Binaries\\MirrorsEdge.exe"=
        "k:\\Ubisoft\\Far Cry 2\\bin\\FarCry2.exe"=
        "k:\\Ubisoft\\Far Cry 2\\bin\\FC2Launcher.exe"=
        "k:\\Ubisoft\\Far Cry 2\\bin\\FC2Editor.exe"=
        "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
        "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
        "k:\\Activision\\Call of Duty - World at War\\CoDWaWmp.exe"=
        "k:\\Activision\\Call of Duty - World at War\\CoDWaW.exe"=
        "c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
        "c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
        "c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
        "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
        "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
        "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
        "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
        "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
        "k:\\Codemasters\\GRID\\GRID.exe"=
        "k:\\Electronic Arts\\Burnout(TM) Paradise The Ultimate Box\\BurnoutLauncher.exe"=
        "k:\\Electronic Arts\\Burnout(TM) Paradise The Ultimate Box\\BurnoutConfigTool.exe"=
        "k:\\Electronic Arts\\Burnout(TM) Paradise The Ultimate Box\\BurnoutParadise.exe"=

        [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
        "4434:TCP"= 4434:TCP:nVision Agent Data Server
        "26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

        R0 sfsync03;StarForce Protection Synchronization Driver (version 3.x);c:\windows\system32\drivers\sfsync03.sys [06.12.2005 17:11 35328]
        R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [05.10.2008 17:47 114768]
        R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdguard.sys [10.01.2009 10:44 132640]
        R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [10.01.2009 10:44 24096]
        R2 acedrv11;acedrv11;c:\windows\system32\drivers\acedrv11.sys [30.07.2008 07:51 277736]
        R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [12.12.2008 01:35 20560]
        S2 gupdate1c9870d610ff972;Google Update Service (gupdate1c9870d610ff972);c:\program files\Google\Update\GoogleUpdate.exe [04.02.2009 23:13 133104]
        S2 NwSapAgent;SAP Agent;c:\windows\system32\svchost.exe -k netsvcs [05.10.2008 20:07 14336]

        [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
        HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
        hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
        AppMgmt
        AudioSrv
        Browser
        CryptSvc
        DMServer
        DHCP
        ERSvc
        FastUserSwitchingCompatibility
        HidServ
        LanmanServer
        LanmanWorkstation
        Messenger
        Nla
        NWCWorkstation
        Schedule
        Seclogon
        SRService
        Themes
        TrkWks
        W32Time
        Wmi
        WmdmPmSp
        winmgmt
        TermService
        wuauserv
        BITS
        ShellHWDetection
        helpsvc
        xmlprov
        wscsvc
        napagent
        hkmsvc

        [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
        "c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
        .
        Inhoud van de 'Gedeelde Taken' map

        2009-06-18 c:\windows\Tasks\Google Software Updater.job
        - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-10-04 00:02]

        2009-06-18 c:\windows\Tasks\GoogleUpdateTaskMachine.job
        - c:\program files\Google\Update\GoogleUpdate.exe [2009-02-04 21:13]
        .
        .
        ------- Bijkomende Scan -------
        .
        uStart Page = hxxp://www.startpagina.nl/
        IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
        DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
        DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
        .

        **************************************************************************

        catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
        Rootkit scan 2009-06-18 19:43
        Windows 5.1.2600 Service Pack 3 NTFS

        detected NTDLL code modification:
        ZwClose, ZwOpenFile

        scannen van verborgen processen ...

        scannen van verborgen autostart items ...

        scannen van verborgen bestanden ...


        **************************************************************************
        .
        --------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------

        [HKEY_USERS\S-1-5-21-789336058-1979792683-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{5B0B9E64-1E8F-94BC-984F-FF5E2D82E94D}*]
        @Allowed: (Read) (RestrictedCode)
        @Allowed: (Read) (RestrictedCode)
        "oaanhepbdndamhfbplijjmalahkffc"=hex:64,61,6c,67,6b,63,66,6b,00,60
        "oaemopgpfiagncncemlidfjepbbpmp"=hex:69,61,65,64,6e,61,64,6e,6f,6c,65,64,69,6f,
        68,70,67,6e,00,00
        "nagmioonikbcpinbgmpcgggnnbjf"=hex:69,61,65,64,6e,61,64,6e,6f,6c,65,64,69,6f,
        68,70,67,6e,00,00

        [HKEY_USERS\S-1-5-21-789336058-1979792683-725345543-1004\Software\SecuROM\License information*]
        "datasecu"=hex:ab,c7,c9,4e,6b,42,b8,1b,78,d0,6d,18,21,8d,34,75,f9,65,91,a3,2d,
        82,54,92,fe,69,c2,35,04,f3,b7,50,5d,f6,20,c6,48,93,09,81,cc,28,e9,c0,74,bf,\
        "rkeysecu"=hex:04,84,9c,79,a5,4d,7d,67,6e,77,ae,03,4a,13,90,7c

        [HKEY_LOCAL_MACHINE\software\Xanthic\{EAC0842F-9764-03DD-A0B6-5FFFB48AD6EB}*_]
        "fr"="078F5D4E44575C"
        "lr"="078F5D4E44575C"
        DUMPHIVE0.003 (REGF)
        .
        ------------------------ Andere Aktieve Processen ------------------------
        .
        c:\program files\COMODO\COMODO Internet Security\cmdagent.exe
        c:\program files\Alwil Software\Avast4\aswUpdSv.exe
        c:\program files\Alwil Software\Avast4\ashServ.exe
        c:\program files\Java\jre6\bin\jqs.exe
        c:\program files\CDBurnerXP\NMSAccessU.exe
        c:\windows\system32\nvsvc32.exe
        c:\windows\system32\rundll32.exe
        c:\program files\Common Files\Logitech\khalshared\KHALMNPR.exe
        c:\windows\system32\PnkBstrA.exe
        c:\progra~1\MI3AA1~1\rapimgr.exe
        c:\windows\system32\PnkBstrB.exe
        c:\program files\Alwil Software\Avast4\ashMaiSv.exe
        c:\program files\Alwil Software\Avast4\ashWebSv.exe
        c:\program files\Common Files\Ahead\Lib\NMIndexingService.exe
        c:\program files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
        c:\program files\HP\Digital Imaging\bin\hpqste08.exe
        c:\program files\HP\Digital Imaging\bin\hpqbam08.exe
        .
        **************************************************************************
        .
        Voltooingstijd: 2009-06-18 19:48 - machine werd herstart
        ComboFix-quarantined-files.txt 2009-06-18 17:48

        Pre-Run: 118.638.657.536 bytes beschikbaar
        Post-Run: 124.675.637.248 bytes beschikbaar

        Current=5 Default=5 Failed=1 LastKnownGood=2 Sets=1,2,4,5
        372 --- E O F --- 2009-06-11 00:05


        Hijackthis log:
        Logfile of Trend Micro HijackThis v2.0.2
        Scan saved at 19:51:01, on 18.06.2009
        Platform: Windows XP SP3 (WinNT 5.01.2600)
        MSIE: Internet Explorer v8.00 (8.00.6001.18702)
        Boot mode: Normal

        Running processes:
        C:\WINDOWS\System32\smss.exe
        C:\WINDOWS\system32\winlogon.exe
        C:\WINDOWS\system32\services.exe
        C:\WINDOWS\system32\lsass.exe
        C:\WINDOWS\system32\svchost.exe
        C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
        C:\WINDOWS\system32\svchost.exe
        C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
        C:\Program Files\Alwil Software\Avast4\ashServ.exe
        C:\WINDOWS\system32\spoolsv.exe
        C:\Program Files\Google\Update\GoogleUpdate.exe
        C:\WINDOWS\Explorer.EXE
        C:\WINDOWS\system32\CF3632.exe
        C:\WINDOWS\system32\svchost.exe
        C:\Program Files\Java\jre6\bin\jqs.exe
        C:\WINDOWS\System32\svchost.exe
        C:\Program Files\CDBurnerXP\NMSAccessU.exe
        C:\WINDOWS\system32\nvsvc32.exe
        C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
        C:\WINDOWS\RTHDCPL.EXE
        C:\Program Files\Vista Drive Icon\DrvIcon.exe
        C:\WINDOWS\system32\RUNDLL32.EXE
        C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
        C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
        C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
        C:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exe
        C:\Program Files\Java\jre6\bin\jusched.exe
        C:\WINDOWS\system32\ctfmon.exe
        C:\Program Files\DAEMON Tools Lite\daemon.exe
        C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
        C:\Program Files\Messenger\msmsgs.exe
        C:\Program Files\Microsoft ActiveSync\wcescomm.exe
        C:\Program Files\Taskbar Shuffle\taskbarshuffle.exe
        C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
        C:\Program Files\Logitech\SetPoint\SetPoint.exe
        C:\WINDOWS\System32\svchost.exe
        C:\Program Files\MemInfo\meminfo.exe
        C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE
        C:\WINDOWS\system32\PnkBstrA.exe
        C:\PROGRA~1\MI3AA1~1\rapimgr.exe
        C:\WINDOWS\system32\PnkBstrB.exe
        C:\WINDOWS\System32\svchost.exe
        C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
        C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
        C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
        C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
        C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
        C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
        C:\WINDOWS\system32\notepad.exe
        C:\Program Files\Mozilla Firefox\firefox.exe
        K:\Trend Micro\HijackThis\HijackThis.exe

        R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startpagina.nl/
        R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
        R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
        R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
        R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
        R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
        O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
        O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
        O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
        O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
        O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
        O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
        O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
        O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
        O4 - HKLM\..\Run: [NeroFilterCheck] "C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe"
        O4 - HKLM\..\Run: [RTHDCPL] "C:\WINDOWS\RTHDCPL.EXE"
        O4 - HKLM\..\Run: [DrvIcon] C:\Program Files\Vista Drive Icon\DrvIcon.exe
        O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
        O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h
        O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
        O4 - HKLM\..\Run: [QuickTime Task] "K:\QuickTime\qttask.exe" -atboottime
        O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
        O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
        O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
        O4 - HKLM\..\Run: [LVCOMSX] "C:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exe"
        O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
        O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
        O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
        O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
        O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
        O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
        O4 - HKCU\..\Run: [Taskbar Shuffle] C:\Program Files\Taskbar Shuffle\taskbarshuffle.exe
        O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
        O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
        O4 - Startup: MemInfo.lnk = C:\Program Files\MemInfo\meminfo.exe
        O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
        O4 - Global Startup: Logitech SetPoint.lnk = ?
        O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
        O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
        O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
        O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
        O9 - Extra 'Tools' menuitem: Mobiele favorieten maken... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
        O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
        O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
        O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
        O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
        O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
        O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab
        O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary...r.cab56986.cab
        O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
        O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
        O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
        O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
        O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - Unknown owner - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
        O23 - Service: Google Update Service (gupdate1c9870d610ff972) (gupdate1c9870d610ff972) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
        O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
        O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
        O23 - Service: Imapi Helper - Unknown owner - C:\Program Files\Alex Feinman\ISO Recorder\ImapiHelper.exe (file missing)
        O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
        O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
        O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
        O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
        O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
        O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
        O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe

        --
        End of file - 9332 bytes

        Ik heb de PC in ieder geval normaal kunnen opstarten en dat is al heel wat sinds 24 uur ;-)

        Comment


        • #5
          Hoi Richard ,

          1. Open een kladblokbestand.
          Kopieer onderstaande quote) in dit kladblokbestand.

          Code:
          Windows Registry Editor Version 5.00
          
          [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
          "UIHost"=hex(2):6c,00,6f,00,67,00,6f,00,6e,00,75,00,69,00,2e,00,65,00,78,00,65,\
            00,00,00
          Ga naar Bestand - Opslaan als.
          Bij "Opslaan in" kies je: Bureaublad
          Bij "Bestandsnaam" zet je: fix.reg
          Bij "Opslaan als type" selecteer je: Alle bestanden (*.*).
          Dubbelklik nu op fix.reg en laat de wijzigingen toevoegen aan het register.

          2. Open een kladblokbestand.
          Kopieer de onderstaande code, en plak deze in het kladblokbestand.

          Code:
          File::
          c:\windows\system32\drivers\qmqbvtnemxnwtiqj.sys
          C:\hsyte12.exe
          DirLook::
          k:\Codemasters\GRID
          REGNULL::
          [HKEY_USERS\S-1-5-21-789336058-1979792683-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{5B0B9E64-1E8F-94BC-984F-FF5E2D82E94D}*] 
          REGISTRY:
          [-HKEY_USERS\S-1-5-21-789336058-1979792683-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{5B0B9E64-1E8F-94BC-984F-FF5E2D82E94D}]
          Sla het kladblokbestand op als CFScript.txt

          Sleep vervolgens CFScript.txt in Combofix.exe zoals in het plaatje hieronder weergeven.


          ComboFix zal opnieuw starten.
          Wanneer ComboFix klaar is, dit kan na een herstart zijn, opent er een logfile.

          2. Ga naar www.jotti.org en laat de volgende bestanden scannen;
          c:\windows\UniFish3.exe
          c:\windows\explorer.exe
          c:\windows\cnerolf.dat
          c:\windows\system32\wininet.dll


          Post de scanresultaten samen met het Combofixlogje en een nieuw Hijackthislogje in je volgende antwoord.

          Hoe staat het met de problemen?

          Tjibbe

          Comment


          • #6
            Hi Tjibbe,

            M'n PC werkt (volgens mij) weer zoals 'ie hoort, d.w.z. ik kan internet op, gamen, MSN-en en noem maar op maar we gaan nog ver zie ik

            Jotti resultaten:
            C:\Windows\UniFish3.exe : Niks gevonden
            c:\windows\explorer.exe : Niks gevonden
            c:\windows\cnerolf.dat : Niks gevonden
            c:\windows\system32\wininet.dll : Niks Gevonden

            HJT logje:

            Logfile of Trend Micro HijackThis v2.0.2
            Scan saved at 00:22:35, on 21.06.2009
            Platform: Windows XP SP3 (WinNT 5.01.2600)
            MSIE: Internet Explorer v8.00 (8.00.6001.18702)
            Boot mode: Normal

            Running processes:
            C:\WINDOWS\System32\smss.exe
            C:\WINDOWS\system32\winlogon.exe
            C:\WINDOWS\system32\services.exe
            C:\WINDOWS\system32\lsass.exe
            C:\WINDOWS\system32\svchost.exe
            C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
            C:\WINDOWS\system32\svchost.exe
            C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
            C:\Program Files\Alwil Software\Avast4\ashServ.exe
            C:\WINDOWS\system32\spoolsv.exe
            C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
            C:\WINDOWS\RTHDCPL.EXE
            C:\Program Files\Vista Drive Icon\DrvIcon.exe
            C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
            C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
            C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
            C:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exe
            C:\Program Files\Java\jre6\bin\jusched.exe
            C:\WINDOWS\system32\ctfmon.exe
            C:\Program Files\DAEMON Tools Lite\daemon.exe
            C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
            C:\Program Files\Microsoft ActiveSync\wcescomm.exe
            C:\Program Files\Taskbar Shuffle\taskbarshuffle.exe
            C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
            C:\Program Files\Logitech\SetPoint\SetPoint.exe
            C:\Program Files\MemInfo\meminfo.exe
            C:\Program Files\Google\Update\GoogleUpdate.exe
            C:\PROGRA~1\MI3AA1~1\rapimgr.exe
            C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE
            C:\WINDOWS\system32\svchost.exe
            C:\Program Files\Java\jre6\bin\jqs.exe
            C:\WINDOWS\System32\svchost.exe
            C:\Program Files\CDBurnerXP\NMSAccessU.exe
            C:\WINDOWS\system32\nvsvc32.exe
            C:\WINDOWS\System32\svchost.exe
            C:\WINDOWS\system32\PnkBstrA.exe
            C:\WINDOWS\system32\PnkBstrB.exe
            C:\WINDOWS\System32\svchost.exe
            C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
            C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
            C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
            C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
            C:\Program Files\Winamp\winamp.exe
            C:\WINDOWS\explorer.exe
            C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
            C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
            C:\Program Files\Mozilla Firefox\firefox.exe
            K:\Trend Micro\HijackThis\HijackThis.exe
            C:\Program Files\Internet Explorer\IEXPLORE.EXE
            C:\Program Files\Internet Explorer\IEXPLORE.EXE

            R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startpagina.nl/
            R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
            R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
            R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
            R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
            R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
            O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
            O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
            O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
            O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
            O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
            O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
            O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
            O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
            O4 - HKLM\..\Run: [NeroFilterCheck] "C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe"
            O4 - HKLM\..\Run: [RTHDCPL] "C:\WINDOWS\RTHDCPL.EXE"
            O4 - HKLM\..\Run: [DrvIcon] C:\Program Files\Vista Drive Icon\DrvIcon.exe
            O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
            O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h
            O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
            O4 - HKLM\..\Run: [QuickTime Task] "K:\QuickTime\qttask.exe" -atboottime
            O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
            O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
            O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
            O4 - HKLM\..\Run: [LVCOMSX] "C:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exe"
            O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
            O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
            O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
            O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
            O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
            O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
            O4 - HKCU\..\Run: [Taskbar Shuffle] C:\Program Files\Taskbar Shuffle\taskbarshuffle.exe
            O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
            O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
            O4 - Startup: MemInfo.lnk = C:\Program Files\MemInfo\meminfo.exe
            O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
            O4 - Global Startup: Logitech SetPoint.lnk = ?
            O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
            O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
            O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
            O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
            O9 - Extra 'Tools' menuitem: Mobiele favorieten maken... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
            O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
            O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
            O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
            O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
            O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
            O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab
            O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary...r.cab56986.cab
            O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
            O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
            O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
            O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
            O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - Unknown owner - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
            O23 - Service: Google Update Service (gupdate1c9870d610ff972) (gupdate1c9870d610ff972) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
            O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
            O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
            O23 - Service: Imapi Helper - Unknown owner - C:\Program Files\Alex Feinman\ISO Recorder\ImapiHelper.exe (file missing)
            O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
            O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
            O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
            O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
            O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
            O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
            O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe

            --
            End of file - 9328 bytes

            Hmm het Combofix logje kan niet in het bericht worden geplakt en ook niet als aanhang verstuurd worden omdat ie in txt 2,6MB groot is
            Alle K:\Codemasters\Grid Bestanden staan er in...

            - Richard

            Comment


            • #7
              Hoi Richard,

              Post maar even het Combofixlogje zonder de inhoud van de Codemaster map

              Tjibbe

              Comment


              • #8
                Done ;-)

                ComboFix 09-06-20.02 - Richard Klok 21.06.2009 0:04.2 - NTFSx86
                Microsoft Windows XP Home Edition 5.1.2600.3.1252.31.1043.18.2047.1294 [GMT 2:00]
                Gestart vanuit: c:\documents and settings\Richard Klok\Bureaublad\ComboFix.exe
                gebruikte Opdracht switches :: c:\documents and settings\Richard Klok\Bureaublad\CFScript.txt.txt
                AV: avast! antivirus 4.8.1335 [VPS 090620-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
                FW: COMODO Firewall *enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}
                * Nieuw herstelpunt werd aangemaakt

                WAARSCHUWING - DE RECOVERY CONSOLE IS NIET OP DIT SYSTEEM GEINSTALLEERD !!

                FILE ::
                "C:\hsyte12.exe"
                "c:\windows\system32\drivers\qmqbvtnemxnwtiqj.sys"
                .

                (((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
                .

                C:\hsyte12.exe
                c:\windows\system32\drivers\qmqbvtnemxnwtiqj.sys

                .
                (((((((((((((((((((( Bestanden Gemaakt van 2009-05-20 to 2009-06-20 ))))))))))))))))))))))))))))))
                .

                2009-06-17 18:38 . 2009-06-17 18:38 -------- d-----w- c:\documents and settings\Richard Klok\Application Data\Malwarebytes
                2009-06-17 18:38 . 2009-06-17 18:38 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Malwarebytes
                2009-06-17 18:38 . 2009-05-26 11:20 40160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
                2009-06-17 18:38 . 2009-05-26 11:19 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
                2009-06-17 18:09 . 2009-06-17 18:09 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy
                2009-06-17 18:08 . 2009-06-17 18:08 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Lavasoft
                2009-06-17 16:42 . 2009-06-17 23:02 664 ----a-w- c:\windows\system32\d3d9caps.dat
                2009-06-17 15:40 . 2009-06-17 15:40 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
                2009-06-16 11:50 . 2009-06-18 23:19 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Test Drive Unlimited
                2009-06-16 11:45 . 2009-06-16 11:45 49152 ----a-r- c:\documents and settings\Richard Klok\Application Data\Microsoft\Installer\{C37A0BC1-52EE-4F97-8223-5CA9FC0357B0}\ARPPRODUCTICON.exe
                2009-06-12 20:45 . 2009-06-12 20:45 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Electronic Arts
                2009-06-12 20:44 . 2009-06-12 20:44 10134 ----a-r- c:\documents and settings\Richard Klok\Application Data\Microsoft\Installer\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}\ARPPRODUCTICON.exe
                2009-06-12 20:44 . 2008-09-04 18:17 447752 ----a-w- c:\windows\system32\vp6vfw.dll
                2009-06-12 20:44 . 2009-06-12 20:44 -------- d-----w- c:\program files\Microsoft WSE
                2009-06-12 20:41 . 2009-06-12 20:41 152576 ----a-w- c:\documents and settings\Richard Klok\Application Data\Sun\Java\jre1.6.0_13\lzma.dll
                2009-06-12 18:37 . 2009-06-12 18:37 -------- d-----w- c:\program files\SimBin
                2009-06-12 18:37 . 2009-06-12 18:37 15872 ----a-r- c:\documents and settings\Richard Klok\Application Data\Microsoft\Installer\{048298C9-A4D3-490B-9FF9-AB023A9238F3}\Icon048298C9.exe
                2009-06-12 13:54 . 2009-06-12 13:54 -------- d-----w- c:\windows\ASTULogTemp
                2009-06-11 23:52 . 2009-06-11 23:52 -------- d-----w- c:\program files\Microsoft.NET
                2009-06-10 21:35 . 2009-06-10 21:41 -------- d-----w- c:\documents and settings\Richard Klok\Application Data\RevoluTV
                2009-06-10 21:32 . 2009-06-20 20:10 -------- d-----w- c:\program files\Taskbar Shuffle
                2009-06-10 20:00 . 2009-06-10 20:00 -------- d-sh--w- c:\documents and settings\Richard Klok\IECompatCache
                2009-06-10 17:30 . 2009-04-30 21:18 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
                2009-06-10 17:30 . 2009-04-30 21:17 1985024 -c----w- c:\windows\system32\dllcache\iertutil.dll
                2009-06-10 17:30 . 2009-04-30 21:17 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll
                2009-06-10 17:30 . 2009-04-30 21:17 11064832 -c----w- c:\windows\system32\dllcache\ieframe.dll
                2009-06-06 23:40 . 2009-06-06 23:41 -------- d-----w- c:\program files\Common Files\DivX Shared
                2009-06-05 14:12 . 1999-05-29 07:39 45568 ----a-w- c:\windows\UniFish3.exe
                2009-06-01 18:31 . 2009-06-01 18:31 -------- d-sh--w- c:\documents and settings\Richard Klok\PrivacIE
                2009-06-01 17:58 . 2009-06-01 20:25 -------- d-----w- c:\documents and settings\Richard Klok\Application Data\Hamachi
                2009-06-01 17:57 . 2009-06-01 17:57 25280 ----a-w- c:\windows\system32\drivers\hamachi.sys
                2009-05-30 23:31 . 2009-05-30 23:31 -------- d-sh--w- c:\documents and settings\Richard Klok\IETldCache
                2009-05-30 11:32 . 2009-06-11 00:04 -------- d-----w- c:\windows\ie8updates
                2009-05-30 11:32 . 2009-05-12 05:11 102912 -c----w- c:\windows\system32\dllcache\iecompat.dll
                2009-05-30 11:30 . 2009-05-30 11:32 -------- dc-h--w- c:\windows\ie8
                2009-05-30 00:12 . 2009-05-30 00:12 3584 ----a-r- c:\documents and settings\Richard Klok\Application Data\Microsoft\Installer\{121634B0-2F4B-11D3-ADA3-00C04F52DD52}\Icon386ED4E3.exe
                2009-05-30 00:12 . 2009-05-30 00:12 -------- d-----w- c:\program files\Windows Installer Clean Up
                2009-05-29 11:10 . 2009-05-29 11:10 -------- d-----w- c:\documents and settings\Richard Klok\Application Data\Logitech
                2009-05-29 11:09 . 2009-05-29 11:09 10134 ----a-r- c:\documents and settings\Richard Klok\Application Data\Microsoft\Installer\{8CC990CD-87C8-475C-AC32-8A7984E2FCFA}\ARPPRODUCTICON.exe
                2009-05-29 11:09 . 2007-01-29 23:46 69632 ----a-w- c:\windows\system32\KemXML.dll
                2009-05-29 11:09 . 2007-01-29 23:46 163840 ----a-w- c:\windows\system32\kemutb.dll
                2009-05-29 11:09 . 2007-01-29 23:46 110592 ----a-w- c:\windows\system32\KemWnd.dll
                2009-05-29 11:09 . 2007-01-29 23:46 135168 ----a-w- c:\windows\system32\KemUtil.dll
                2009-05-29 11:09 . 2009-05-29 11:09 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Logitech
                2009-05-29 11:09 . 2009-05-29 11:09 10134 ----a-r- c:\documents and settings\Richard Klok\Application Data\Microsoft\Installer\{C89C8D86-4423-4A58-AA40-DD259ACE07C1}\ARPPRODUCTICON.exe
                2009-05-26 18:02 . 2009-05-30 00:12 -------- d-----w- c:\program files\MSECache

                .
                ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
                .
                2009-06-20 21:26 . 2008-12-19 20:00 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\TrackMania
                2009-06-20 21:09 . 2009-02-04 21:12 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Google Updater
                2009-06-18 23:57 . 2008-11-07 19:40 1614320 ----a-w- c:\documents and settings\LocalService.NT AUTHORITY\Local Settings\Application Data\FontCache3.0.0.0.dat
                2009-06-18 23:41 . 2002-09-11 12:00 84362 ----a-w- c:\windows\system32\perfc013.dat
                2009-06-18 23:41 . 2002-09-11 12:00 493236 ----a-w- c:\windows\system32\perfh013.dat
                2009-06-14 20:25 . 2009-05-17 18:47 -------- d-----w- c:\documents and settings\Richard Klok\Application Data\Winamp
                2009-06-12 20:45 . 2008-09-05 12:53 -------- d-----w- c:\program files\Electronic Arts
                2009-06-12 20:43 . 2008-06-26 23:30 -------- d-----w- c:\program files\Java
                2009-06-12 20:39 . 2008-04-30 14:06 -------- d--h--w- c:\program files\InstallShield Installation Information
                2009-06-06 23:41 . 2008-05-09 22:52 -------- d-----w- c:\program files\DivX
                2009-05-29 11:10 . 2008-06-01 12:10 -------- d-----w- c:\program files\Common Files\Logishrd
                2009-05-29 11:09 . 2009-05-29 11:09 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_LMouFilt_01005.Wdf
                2009-05-29 11:08 . 2008-04-30 15:30 -------- d-----w- c:\program files\Common Files\Logitech
                2009-05-27 20:17 . 2008-10-05 17:04 26896 ----a-w- c:\documents and settings\Richard Klok\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
                2009-05-27 10:51 . 2008-05-31 17:40 -------- d-----w- c:\program files\SpeedFan
                2009-05-26 23:35 . 2009-03-13 16:11 1 ----a-w- c:\documents and settings\Richard Klok\Application Data\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
                2009-05-26 14:19 . 2009-05-07 13:46 -------- d-----w- c:\program files\HP
                2009-05-22 11:16 . 2008-04-30 15:30 -------- d-----w- c:\program files\Logitech
                2009-05-21 16:58 . 2009-05-21 16:58 11982 ----a-w- c:\windows\system32\ealregsnapshot1.reg
                2009-05-21 11:07 . 2009-01-10 08:44 82080 ----a-w- c:\windows\system32\drivers\inspect.sys
                2009-05-21 11:07 . 2009-01-10 08:44 24096 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
                2009-05-21 11:07 . 2009-01-10 08:44 168208 ----a-w- c:\windows\system32\guard32.dll
                2009-05-21 11:07 . 2009-01-10 08:44 132640 ----a-w- c:\windows\system32\drivers\cmdguard.sys
                2009-05-20 15:48 . 2009-01-14 18:03 -------- d-----w- c:\program files\Microsoft ActiveSync
                2009-05-18 22:49 . 2008-08-09 15:45 -------- d-----w- c:\program files\Frets on Fire
                2009-05-18 17:15 . 2008-04-30 22:09 -------- d-----w- c:\program files\eMule
                2009-05-17 18:48 . 2009-05-17 18:47 -------- d-----w- c:\program files\Winamp
                2009-05-13 05:06 . 2008-10-05 18:07 915456 ----a-w- c:\windows\system32\wininet.dll
                2009-05-07 15:34 . 2008-10-05 18:07 347136 ----a-w- c:\windows\system32\localspl.dll
                2009-05-07 15:23 . 2009-05-07 15:23 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Codemasters
                2009-05-07 15:15 . 2009-03-17 22:31 444952 ----a-w- c:\windows\system32\wrap_oal.dll
                2009-05-07 15:15 . 2009-03-17 22:31 109080 ----a-w- c:\windows\system32\OpenAL32.dll
                2009-05-07 15:15 . 2009-03-17 22:31 -------- d-----w- c:\program files\OpenAL
                2009-05-07 13:52 . 2009-05-07 13:52 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\WEBREG
                2009-05-07 13:52 . 2009-05-07 13:44 177676 ----a-w- c:\windows\hpoins28.dat
                2009-05-07 13:51 . 2009-05-07 13:51 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\HP
                2009-05-07 13:51 . 2009-05-07 13:51 -------- d-----w- c:\program files\Common Files\HP
                2009-05-07 13:50 . 2009-05-07 13:50 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Hewlett-Packard
                2009-05-06 21:03 . 2009-05-06 21:03 -------- d-----w- c:\documents and settings\Richard Klok\Application Data\Apple Computer
                2009-05-06 21:01 . 2009-05-06 21:01 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Apple Computer
                2009-05-06 21:01 . 2009-05-06 21:01 -------- d-----w- c:\program files\Apple Software Update
                2009-05-06 21:01 . 2009-05-06 21:01 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Apple
                2009-05-06 20:58 . 2009-05-06 20:58 -------- d-----w- c:\documents and settings\Richard Klok\Application Data\vlc
                2009-05-06 14:30 . 2009-05-06 14:30 -------- d-----w- c:\documents and settings\Richard Klok\Application Data\Pariahware
                2009-05-04 22:23 . 2009-05-04 22:23 3120600 ----a-w- c:\documents and settings\Richard Klok\Application Data\ProtectDisc\pe17be1731.dll
                2009-05-04 22:23 . 2009-02-11 13:27 -------- d-----w- c:\documents and settings\Richard Klok\Application Data\ProtectDisc
                2009-05-01 21:02 . 2009-05-01 21:02 90112 ----a-w- c:\windows\system32\dpl100.dll
                2009-05-01 21:02 . 2009-05-01 21:02 823296 ----a-w- c:\windows\system32\divx_xx0c.dll
                2009-05-01 21:02 . 2009-05-01 21:02 823296 ----a-w- c:\windows\system32\divx_xx07.dll
                2009-05-01 21:02 . 2009-05-01 21:02 815104 ----a-w- c:\windows\system32\divx_xx0a.dll
                2009-05-01 21:02 . 2009-05-01 21:02 811008 ----a-w- c:\windows\system32\divx_xx16.dll
                2009-05-01 21:02 . 2009-05-01 21:02 802816 ----a-w- c:\windows\system32\divx_xx11.dll
                2009-05-01 21:02 . 2009-05-01 21:02 685056 ----a-w- c:\windows\system32\DivX.dll
                2009-04-21 22:20 . 2009-04-21 22:20 14311680 ----a-w- c:\windows\system32\xlive.dll
                2009-04-21 22:20 . 2009-04-21 22:20 13642496 ----a-w- c:\windows\system32\xlivefnt.dll
                2009-04-19 19:51 . 2008-10-05 18:07 1847296 ----a-w- c:\windows\system32\win32k.sys
                2009-04-15 14:55 . 2008-10-05 18:07 585216 ----a-w- c:\windows\system32\rpcrt4.dll
                2008-05-22 12:51 . 2008-05-22 12:51 2676954 ----a-w- c:\program files\BPFTP Server.rar
                2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
                2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
                2008-11-21 21:36 . 2008-11-21 21:36 61 --sh--w- c:\windows\cnerolf.dat
                2006-05-03 10:06 . 2009-02-16 01:59 163328 --sh--r- c:\windows\system32\flvDX.dll
                2007-02-21 11:47 . 2009-02-16 01:59 31232 --sh--r- c:\windows\system32\msfDX.dll
                2008-03-16 13:30 . 2009-02-16 01:59 216064 --sh--r- c:\windows\system32\nbDX.dll
                .

                (((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
                .



                ------- Sigcheck -------

                [-] 2008-04-14 21:33 1427968 8CE3B2402A303DD5C0219DE2C3F10C91 c:\windows\explorer.exe
                [-] 2007-06-13 13:12 1036800 1D6245AFBD3FAABC16A885116BE1874D c:\windows\$hf_mig$\KB938828\SP2QFE\explorer.exe
                [-] 2007-06-13 13:24 1427456 C17E18EB83C0E02FCF75C0593E1E32BB c:\windows\$NtServicePackUninstall$\explorer.exe
                [7] 2008-04-14 21:33 1037312 AA04F042A820BF1868E643575887E1A6 c:\windows\ServicePackFiles\i386\explorer.exe
                [7] 2008-04-14 17:02 1037312 AA04F042A820BF1868E643575887E1A6 c:\windows\SoftwareDistribution\Download\52e37a490e891c02ec3dfa4c57672666\explorer.exe
                [7] 2008-04-14 21:33 1037312 AA04F042A820BF1868E643575887E1A6 c:\windows\system32\VITrans\explorer.exe
                .
                ((((((((((((((((((((((((((((( [email protected]_17.44.35 )))))))))))))))))))))))))))))))))))))))))
                .
                + 2009-06-20 20:10 . 2009-06-20 20:10 16384 c:\windows\Temp\Perflib_Perfdata_af0.dat
                + 2009-06-20 20:10 . 2009-06-20 20:10 16384 c:\windows\Temp\Perflib_Perfdata_5bc.dat
                + 2002-09-11 12:00 . 2009-06-18 23:41 66376 c:\windows\system32\perfc009.dat
                - 2002-09-11 12:00 . 2009-06-18 17:45 66376 c:\windows\system32\perfc009.dat
                + 2002-09-11 12:00 . 2009-06-18 23:41 427592 c:\windows\system32\perfh009.dat
                - 2002-09-11 12:00 . 2009-06-18 17:45 427592 c:\windows\system32\perfh009.dat
                .
                ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
                .
                .
                *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
                REGEDIT4

                [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
                "CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
                "DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-08-08 490952]
                "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-27 152872]
                "MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
                "H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 1289000]
                "Taskbar Shuffle"="c:\program files\Taskbar Shuffle\taskbarshuffle.exe" [2008-04-16 818176]

                [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
                "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-01-15 13680640]
                "avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]
                "NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
                "RTHDCPL"="c:\windows\RTHDCPL.EXE" [2008-09-24 16859648]
                "DrvIcon"="c:\program files\Vista Drive Icon\DrvIcon.exe" [2008-04-13 49152]
                "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-01-15 86016]
                "COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2009-05-21 1794320]
                "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
                "QuickTime Task"="k:\quicktime\qttask.exe" [2009-01-05 413696]
                "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
                "LogitechCommunicationsManager"="c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-01-12 488984]
                "LVCOMSX"="c:\program files\Common Files\LogiShrd\LComMgr\LVComSX.exe" [2007-01-12 244512]
                "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
                "nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2009-01-15 1657376]
                "Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" - c:\windows\KHALMNPR.Exe [2007-01-23 101136]

                [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
                "CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]

                c:\documents and settings\Richard\Menu Start\Programma's\Opstarten\
                MemInfo.lnk - c:\program files\MemInfo\meminfo.exe [2008-1-13 724480]

                c:\documents and settings\Richard Klok\Menu Start\Programma's\Opstarten\
                MemInfo.lnk - c:\program files\MemInfo\meminfo.exe [2008-1-13 724480]

                c:\documents and settings\All Users.WINDOWS\Menu Start\Programma's\Opstarten\
                HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2008-3-25 214360]
                Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2009-5-29 688128]
                Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]

                [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
                @=""

                [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
                "EnableFirewall"= 0 (0x0)

                [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
                "%windir%\\system32\\sessmgr.exe"=
                "d:\\World in Conflict\\wic.exe"=
                "d:\\World in Conflict\\wic_online.exe"=
                "d:\\World in Conflict\\wic_ds.exe"=
                "d:\\S.T.A.L.K.E.R. - Shadow of Chernobyl\\bin\\XR_3DA.exe"=
                "d:\\S.T.A.L.K.E.R. - Shadow of Chernobyl\\bin\\dedicated\\XR_3DA.exe"=
                "d:\\Battlefield 2\\BF2.exe"=
                "c:\\WINDOWS\\system32\\PnkBstrA.exe"=
                "c:\\WINDOWS\\system32\\PnkBstrB.exe"=
                "d:\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
                "c:\\Documents and Settings\\All Users.WINDOWS\\Application Data\\NexonUS\\NGM\\NGM.exe"=
                "c:\\Program Files\\Deep Silver\\S.T.A.L.K.E.R. - Clear Sky\\bin\\xrEngine.exe"=
                "c:\\Program Files\\Deep Silver\\S.T.A.L.K.E.R. - Clear Sky\\bin\\dedicated\\xrEngine.exe"=
                "c:\\WINDOWS\\system32\\dpnsvr.exe"=
                "h:\\Axence\\NetTools\\3.1\\nVision.exe"=
                "k:\\Rockstar Games\\Rockstar Games Social Club\\Rockstar Games Social Club\\RGSCLauncher.exe"=
                "k:\\Rockstar Games\\GTA IV\\Grand Theft Auto IV\\LaunchGTAIV.exe"=
                "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
                "k:\\EA Games\\Mirror's Edge\\Binaries\\MirrorsEdge.exe"=
                "k:\\Ubisoft\\Far Cry 2\\bin\\FarCry2.exe"=
                "k:\\Ubisoft\\Far Cry 2\\bin\\FC2Launcher.exe"=
                "k:\\Ubisoft\\Far Cry 2\\bin\\FC2Editor.exe"=
                "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
                "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
                "k:\\Activision\\Call of Duty - World at War\\CoDWaWmp.exe"=
                "k:\\Activision\\Call of Duty - World at War\\CoDWaW.exe"=
                "c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
                "c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
                "c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
                "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
                "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
                "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
                "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
                "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
                "k:\\Codemasters\\GRID\\GRID.exe"=
                "k:\\Electronic Arts\\Burnout(TM) Paradise The Ultimate Box\\BurnoutLauncher.exe"=
                "k:\\Electronic Arts\\Burnout(TM) Paradise The Ultimate Box\\BurnoutConfigTool.exe"=
                "k:\\Electronic Arts\\Burnout(TM) Paradise The Ultimate Box\\BurnoutParadise.exe"=

                [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
                "4434:TCP"= 4434:TCP:nVision Agent Data Server
                "26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

                R0 sfsync03;StarForce Protection Synchronization Driver (version 3.x);c:\windows\system32\drivers\sfsync03.sys [06.12.2005 17:11 35328]
                R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [05.10.2008 17:47 114768]
                R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdguard.sys [10.01.2009 10:44 132640]
                R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [10.01.2009 10:44 24096]
                R2 acedrv11;acedrv11;c:\windows\system32\drivers\acedrv11.sys [30.07.2008 07:51 277736]
                R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [12.12.2008 01:35 20560]
                S2 gupdate1c9870d610ff972;Google Update Service (gupdate1c9870d610ff972);c:\program files\Google\Update\GoogleUpdate.exe [04.02.2009 23:13 133104]
                S2 NwSapAgent;SAP Agent;c:\windows\system32\svchost.exe -k netsvcs [05.10.2008 20:07 14336]

                [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
                HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
                hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

                [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
                "c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
                .
                Inhoud van de 'Gedeelde Taken' map

                2009-06-20 c:\windows\Tasks\Google Software Updater.job
                - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-10-04 00:02]

                2009-06-20 c:\windows\Tasks\GoogleUpdateTaskMachine.job
                - c:\program files\Google\Update\GoogleUpdate.exe [2009-02-04 21:13]
                .
                .
                ------- Bijkomende Scan -------
                .
                uStart Page = hxxp://www.startpagina.nl/
                IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
                DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
                DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
                .

                **************************************************************************

                catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
                Rootkit scan 2009-06-21 00:11
                Windows 5.1.2600 Service Pack 3 NTFS

                detected NTDLL code modification:
                ZwClose, ZwOpenFile

                scannen van verborgen processen ...

                scannen van verborgen autostart items ...

                scannen van verborgen bestanden ...

                Scan succesvol afgerond
                verborgen bestanden: 0

                **************************************************************************
                .
                --------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------

                [HKEY_USERS\S-1-5-21-789336058-1979792683-725345543-1004\Software\SecuROM\License information*]
                "datasecu"=hex:ab,c7,c9,4e,6b,42,b8,1b,78,d0,6d,18,21,8d,34,75,f9,65,91,a3,2d,
                82,54,92,fe,69,c2,35,04,f3,b7,50,5d,f6,20,c6,48,93,09,81,cc,28,e9,c0,74,bf,\
                "rkeysecu"=hex:04,84,9c,79,a5,4d,7d,67,6e,77,ae,03,4a,13,90,7c

                [HKEY_LOCAL_MACHINE\software\Xanthic\{EAC0842F-9764-03DD-A0B6-5FFFB48AD6EB}*_]
                "fr"="078F5D4E44575C"
                "lr"="078F5D4E44575C"
                DUMPHIVE0.003 (REGF)
                .
                --------------------- DLLs Geladen Onder Lopende Processen ---------------------

                - - - - - - - > 'winlogon.exe'(604)
                c:\windows\system32\cscui.dll

                - - - - - - - > 'lsass.exe'(660)
                c:\windows\system32\guard32.dll
                .
                Voltooingstijd: 2009-06-20 0:13
                ComboFix-quarantined-files.txt 2009-06-20 22:13
                ComboFix2.txt 2009-06-18 17:48

                Pre-Run: 124.590.350.336 bytes beschikbaar
                Post-Run: 124.557.082.624 bytes beschikbaar

                Current=5 Default=5 Failed=1 LastKnownGood=2 Sets=1,2,4,5
                22651 --- E O F --- 2009-06-11 00:05


                - Richard

                Comment


                • #9
                  Hoi Richard ,

                  Je logje ziet er goed uit. Ondervind je nog problemen?

                  Zou je k:\Codemasters\GRID\grid.exe eens willen uploaden naar www.jotti.org?

                  Tjibbe

                  Comment


                  • #10
                    Hi .

                    Is gescand, en is niks mis mee...
                    Verder werkt hier alles zoals het hoort, geen rare foutmeldingen enzo meer, ik ben weer blij

                    - Richard

                    Comment


                    • #11
                      Hoi Richard,

                      Goed om te horen!

                      1. Ga naar Start - Uitvoeren en geef hier de volgende regel in:
                      Combofix /U
                      Druk daarna op OK.
                      Let op dat je wel een spatie plaatst tussen Combofix en /U
                      Hiermee verwijder je alles van Combofix en ook nog de eventuele restanten van de infecties uit je systeemherstel.

                      2. Je mag alle gebruikte tooltjes verwijderen.

                      3. Ga naar http://windowsupdate.microsoft.com/ en installeer alle updates ter bescherming van je computer.

                      4. Lees deze pagina door om herinfectie te voorkomen.

                      5. Graag zouden we je willen vragen om enkele minuten van je tijd te gebruiken om je beklag te doen. Behalve het verwijderen van de malware(virussen) kunnen we de makers ervan op een andere manier bestrijden: zoveel mogelijk mensen hun verhaal laten vertellen, waardoor er aandacht zal ontstaan voor het probleem in de media en de politiek. Dankzij een initiatief hebben wereldwijd al vele mensen hun beklag geuit.
                      Blijf niet achter, want wij hebben ook jou hulp daarbij nodig!

                      Lees daarvoor deze pagina en post vervolgens via de richtlijnen die op de pagina staan(onderaan) jouw verhaal in dit topic. (Registreren duurt slechts enkele seconden)
                      Jouw infectie was: Malware

                      6. Indien je geen vragen meer hebt mag je de status van dit topic op opgelost zetten. Doe dit linksbovenin.

                      Succes!

                      Tjibbe

                      Comment


                      • #12
                        Hi Tjibbe,

                        Nogmaals bedankt voor alle hulp, ik zal zeker gebruik maken van de programma's in het door jou gelinkte topic!

                        - Richard

                        Comment


                        • #13
                          Hoi,

                          Graag gedaan! Veel succes met surfen.

                          Tjibbe

                          Comment

                          Sorry, you are not authorized to view this page
                          Working...
                          X