Volledige versie bekijken : kunnen juliie dit even nazien
hallo
ik heb me pc eens laten scannen met malwarebytes en deze vind keer op keer 2 dingen en geraak er niet vanaf
kunnen jullie dit even nazien
vriendelijk bedankt
dus zet ik nu hier een
logfile van malware en een van hijackthis
malware logje
Malwarebytes' Anti-Malware 1.39
Database versie: 2421
Windows 6.0.6002 Service Pack 2
18/07/2009 20:19:00
mbam-log-2009-07-18 (20-19-00).txt
Scan type: Snelle Scan
Objecten gescand: 80504
Verstreken tijd: 3 minute(s), 37 second(s)
Geheugenprocessen geïnfecteerd: 0
Geheugenmodulen geïnfecteerd: 0
Registersleutels geïnfecteerd: 0
Registerwaarden geïnfecteerd: 1
Registerdata bestanden geïnfecteerd: 0
Mappen geïnfecteerd: 0
Bestanden geïnfecteerd: 1
Geheugenprocessen geïnfecteerd:
(Geen kwaadaardige items gevonden)
Geheugenmodulen geïnfecteerd:
(Geen kwaadaardige items gevonden)
Registersleutels geïnfecteerd:
(Geen kwaadaardige items gevonden)
Registerwaarden geïnfecteerd:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\taskman (Backdoor.Bot) -> Quarantined and deleted successfully.
Registerdata bestanden geïnfecteerd:
(Geen kwaadaardige items gevonden)
Mappen geïnfecteerd:
(Geen kwaadaardige items gevonden)
Bestanden geïnfecteerd:
C:\Windows\Systemserv32.exe (Trojan.Agent) -> Quarantined and deleted successfully.
hijachtis logje
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:06:15, on 18/07/2009
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\G DATA\InternetSecurity\Firewall\GDFirewallTray.exe
C:\Program Files\G DATA\InternetSecurity\AVKTray\AVKTray.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://uk.rd.yahoo.com/customize/ycomp/defaults/sp/*http://uk.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.be/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://nl.intl.acer.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://uk.rd.yahoo.com/customize/ycomp/defaults/su/*http://uk.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [GDFirewallTray] C:\Program Files\G DATA\InternetSecurity\Firewall\GDFirewallTray.exe
O4 - HKLM\..\Run: [G DATA AntiVirus Trayapplication] C:\Program Files\G DATA\InternetSecurity\AVKTray\AVKTray.exe
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [HijackThis startup scan] C:\Program Files\Trend Micro\HijackThis\HijackThis.exe /startupscan
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: &Zoek met Binsearch - C:\binsearch.script
O8 - Extra context menu item: Converteren naar Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Doel van koppeling converteren naar Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Doel van koppeling toevoegen aan bestaande PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Toevoegen aan bestaande PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O23 - Service: G DATA AntiVirus Proxy (AVKProxy) - G DATA Software AG - C:\Program Files\Common Files\G DATA\AVKProxy\AVKProxy.exe
O23 - Service: G DATA Schedule (AVKService) - G DATA Software AG - C:\Program Files\G DATA\InternetSecurity\AVK\AVKService.exe
O23 - Service: AntiVirus-bewaker (AVKWCtl) - G DATA Software AG - C:\Program Files\G DATA\InternetSecurity\AVK\AVKWCtl.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: G DATA Persoonlijke Firewall (GDFwSvc) - G DATA Software AG - C:\Program Files\G DATA\InternetSecurity\Firewall\GDFwSvc.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: TomTomHOMEService - TomTom - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
O23 - Service: TuneUp Program Statistics Service (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\Windows\System32\TUProgSt.exe
--
End of file - 6821 bytes
vriendelijk bedankt
krijg het niet weg hoop op jullie
Download Combofix (http://download.bleepingcomputer.com/sUBs/ComboFix.exe) naar je Bureaublad en gebruik het volgens deze handleiding (http://www.bleepingcomputer.com/combofix/nl/hoe-dient-combofix-gebruikt-te-worden).
OPMERKING: indien je, tijdens of na het downloaden van Combofix of tijdens het gebruik van Combofix een melding krijgt van je Antivirus- of een andere realtime scanner, schakel dan deze scanner uit en download Combofix opnieuw.
Sommige scanners zien bepaalde componenten die Combofix gebruikt als verdacht en gaan deze blokkeren of verwijderen! Dubbelklik op Combofix.exe om het te starten.
Indien je Combofix al eerder hebt gebruikt, kan je een waarschuwing krijgen dat een update beschikbaar is. Sta toe dat ComboFix wordt geupdate.
Klik op OK in het "NirCmd" venstertje.
Klik na afloop terug op Ja om het scannen op malware te starten.
Tijdens het runnen van de fix, NIET in het venster klikken, want dit zal je pc doen vasthangen.
Wanneer de fix voltooid is en na herstart, zal de log Combofix.txt openen.Post dit logje in je volgende antwoord.[/quote]
bij deze de combofix logje
ComboFix 09-07-14.08 - johan 19/07/2009 11:31.1.4 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.32.1043.18.3327.2079 [GMT 2:00]
Gestart vanuit: c:\users\johan\Desktop\ComboFix.exe
AV: G DATA InternetSecurity 2009 *On-access scanning enabled* (Updated) {71310606-6F3B-49F2-9A81-8315AA75FBB3}
FW: G DATA Persoonlijke Firewall *enabled* {6E6F4BA6-C07D-443F-A130-0A57DA59A082}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
* Aanwezig AV is actief
.
(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\programdata\Microsoft\Network\Downloader\qmgr0. dat
c:\programdata\Microsoft\Network\Downloader\qmgr1. dat
c:\recycler\S-1-5-21-9239411150-1292178557-475068701-1134
c:\recycler\S-1-5-21-9239411150-1292178557-475068701-1134\Desktop.ini
c:\recycler\S-1-5-21-9239411150-1292178557-475068701-1134\twain_x86.exe
c:\users\johan\AppData\Roaming\bcrypt.html
c:\users\johan\AppData\Roaming\inst.exe
c:\windows\system32\ATIODCLI.exe
c:\windows\system32\ATIODE.exe
c:\windows\system32\OGACheckControl.dll
c:\windows\systemserv32.exe
----- BITS: Mogelijk geïnfecteerde sites -----
hxxp://binuser.fileave.com
.
(((((((((((((((((((( Bestanden Gemaakt van 2009-06-19 to 2009-07-19 ))))))))))))))))))))))))))))))
.
2009-07-19 09:35 . 2009-07-19 09:36 -------- d-----w- c:\users\johan\AppData\Local\temp
2009-07-18 17:51 . 2009-07-18 17:51 -------- d-----w- c:\program files\Trend Micro
2009-07-18 10:21 . 2009-07-18 10:21 128512 ----a-w- c:\users\johan\AppData\Local\wrar380d.exe
2009-07-18 10:21 . 2009-07-15 11:22 633398 ----a-w- c:\windows\run_setup.exe
2009-07-18 10:21 . 2009-07-15 09:56 16384 ----a-w- c:\windows\filextract.exe
2009-07-17 09:28 . 2009-07-17 09:28 -------- d-----w- c:\programdata\LightScribe
2009-07-17 09:18 . 2009-07-17 09:23 -------- d-----w- c:\users\johan\AppData\Roaming\CopyToDvd
2009-07-15 14:10 . 2009-07-15 14:10 -------- d-----w- c:\program files\TomTom DesktopSuite
2009-07-15 12:14 . 2009-06-15 14:53 156672 ----a-w- c:\windows\system32\t2embed.dll
2009-07-15 12:14 . 2009-06-15 14:52 23552 ----a-w- c:\windows\system32\lpk.dll
2009-07-15 12:14 . 2009-06-15 14:52 72704 ----a-w- c:\windows\system32\fontsub.dll
2009-07-15 12:14 . 2009-06-15 14:51 10240 ----a-w- c:\windows\system32\dciman32.dll
2009-07-15 12:14 . 2009-06-15 12:42 289792 ----a-w- c:\windows\system32\atmfd.dll
2009-07-15 11:37 . 2009-07-15 11:37 -------- d-----w- c:\programdata\Nokia
2009-07-15 11:36 . 2009-07-15 11:36 24389136 ----a-w- c:\programdata\Installations\{9F59C3AE-81B0-4EF6-9762-D674BB079705}\NokiaSoftwareUpdaterSetup_nl[1].exe
2009-07-15 11:36 . 2009-07-15 11:36 3351812 ----a-w- c:\programdata\Installations\{9F59C3AE-81B0-4EF6-9762-D674BB079705}\Installer\CommonCustomActions\msxml6 Exec.exe
2009-07-15 11:36 . 2009-07-15 11:36 36864 ----a-w- c:\programdata\Installations\{9F59C3AE-81B0-4EF6-9762-D674BB079705}\Installer\CommonCustomActions\Sleep. exe
2009-07-15 11:36 . 2009-07-15 11:36 3181612 ----a-w- c:\programdata\Installations\{9F59C3AE-81B0-4EF6-9762-D674BB079705}\Installer\CommonCustomActions\vcredi stExec.exe
2009-07-15 10:34 . 2009-05-20 10:26 4969808 ----a-w- c:\users\johan\AppData\Roaming\TomTom\HOME\Profile s\sodfzv0o.default\extensions\Navcore.8.351.9982@t omtom.com\8-351-9982-1.dll
2009-07-13 23:16 . 2009-07-18 22:33 -------- d-----w- c:\users\johan\AppData\Local\QuickPar
2009-07-13 21:28 . 2007-08-27 08:53 107864 ----a-w- c:\windows\system32\tsccvid.dll
2009-07-13 21:28 . 2009-07-13 21:28 -------- d-----w- c:\windows\system32\QuickTime
2009-07-13 21:28 . 2009-07-13 21:28 -------- d-----w- c:\programdata\TechSmith
2009-07-13 21:28 . 2009-07-13 21:28 -------- d-----w- c:\program files\Common Files\TechSmith Shared
2009-07-13 21:28 . 2009-07-13 21:28 -------- d-----w- c:\program files\TechSmith
2009-07-13 21:17 . 2009-07-13 21:17 -------- d-----w- c:\windows\CtDrvInstall
2009-07-13 21:17 . 2009-07-13 21:17 -------- d-----w- C:\Live! Cam
2009-07-13 18:36 . 2009-07-13 18:36 29128 ----a-w- c:\windows\system32\drivers\GRD.sys
2009-07-12 22:35 . 2009-07-12 22:35 -------- d-----w- C:\Acer
2009-07-12 13:50 . 2009-07-12 13:50 -------- d-----w- c:\users\johan\AppData\Roaming\Media Player Classic
2009-07-12 00:24 . 2009-07-12 00:24 604416 ----a-w- c:\windows\system32\TUProgSt.exe
2009-07-12 00:24 . 2009-04-27 12:21 17152 ----a-w- c:\windows\system32\authuitu.dll
2009-07-12 00:24 . 2009-04-27 12:21 28928 ----a-w- c:\windows\system32\uxtuneup.dll
2009-07-12 00:24 . 2009-07-12 00:24 361216 ----a-w- c:\windows\system32\TuneUpDefragService.exe
2009-07-12 00:24 . 2009-07-12 00:24 -------- d-----w- c:\users\johan\AppData\Roaming\TuneUp Software
2009-07-12 00:24 . 2009-07-12 00:24 -------- d-----w- c:\program files\TuneUp Utilities 2009
2009-07-12 00:24 . 2009-07-12 00:24 -------- d-----w- c:\programdata\TuneUp Software
2009-07-12 00:23 . 2009-07-12 00:23 -------- d-sh--w- c:\programdata\{55A29068-F2CE-456C-9148-C869879E2357}
2009-07-11 23:23 . 2009-07-17 09:29 -------- d-----w- c:\users\johan\AppData\Roaming\Ahead
2009-07-11 16:58 . 2009-07-11 16:58 -------- d-----w- c:\users\johan\AppData\Roaming\ATI
2009-07-11 16:58 . 2009-07-11 16:58 -------- d-----w- c:\users\johan\AppData\Local\ATI
2009-07-11 16:58 . 2009-07-11 16:58 -------- d-----w- c:\programdata\ATI
2009-07-11 16:57 . 2009-07-11 16:57 10134 ----a-r- c:\users\johan\AppData\Roaming\Microsoft\Installer \{963AE89F-073A-9030-CBCD-D0AE55ED06FC}\ARPPRODUCTICON.exe
2009-07-11 16:54 . 2009-07-11 16:54 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-07-11 16:54 . 2009-07-11 16:54 -------- d-----w- c:\program files\Java
2009-07-11 08:26 . 2008-09-16 19:23 168448 ----a-w- c:\windows\system32\unrar.dll
2009-07-11 08:26 . 2008-12-07 18:08 795648 ----a-w- c:\windows\system32\xvidcore.dll
2009-07-11 08:26 . 2008-12-07 18:08 130048 ----a-w- c:\windows\system32\xvidvfw.dll
2009-07-11 08:26 . 2004-01-25 16:18 217088 ----a-w- c:\windows\system32\yv12vfw.dll
2009-07-11 08:26 . 2008-12-11 00:33 86016 ----a-w- c:\windows\system32\dpl100.dll
2009-07-11 08:26 . 2008-11-06 16:37 3596288 ----a-w- c:\windows\system32\qt-dx331.dll
2009-07-11 08:26 . 2008-11-06 16:33 684032 ----a-w- c:\windows\system32\divx.dll
2009-07-11 08:26 . 2009-02-09 18:56 67584 ----a-w- c:\windows\system32\ff_vfw.dll
2009-07-11 08:26 . 2009-01-07 18:14 60273 ----a-w- c:\windows\system32\pthreadGC2.dll
2009-07-11 08:26 . 2009-07-11 08:26 -------- d-----w- c:\program files\K-Lite Codec Pack
2009-07-11 08:14 . 2009-07-11 08:14 -------- d-----w- c:\program files\Common Files\Ahead
2009-07-11 08:14 . 2009-07-11 08:14 -------- d-----w- c:\programdata\Nero
2009-07-11 08:14 . 2009-07-11 08:14 -------- d-----w- c:\program files\Nero
2009-07-11 08:05 . 2009-07-11 08:05 -------- d-----w- c:\program files\Elaborate Bytes
2009-07-11 08:01 . 2007-03-18 19:37 65602 ----a-w- c:\windows\system32\cook3260.dll
2009-07-11 08:01 . 2006-09-29 11:26 176165 ----a-w- c:\windows\system32\drv23260.dll
2009-07-11 08:01 . 2006-09-29 11:25 208935 ----a-w- c:\windows\system32\drv33260.dll
2009-07-11 08:01 . 2006-09-29 11:24 217127 ----a-w- c:\windows\system32\drv43260.dll
2009-07-11 08:01 . 2006-05-20 15:16 1184984 ----a-w- c:\windows\system32\wvc1dmod.dll
2009-07-11 08:01 . 2006-05-11 18:21 626688 ----a-w- c:\windows\system32\vp7vfw.dll
2009-07-11 08:01 . 2004-05-04 10:53 1645320 ----a-w- c:\windows\gdiplus.dll
2009-07-11 07:59 . 2009-07-17 09:24 -------- d-----w- c:\users\johan\AppData\Roaming\Vso
2009-07-11 07:59 . 2009-07-11 07:59 47360 ----a-w- c:\windows\system32\drivers\pcouffin.sys
2009-07-11 07:59 . 2009-07-11 07:59 47360 ----a-w- c:\users\johan\AppData\Roaming\pcouffin.sys
2009-07-11 07:59 . 2009-07-18 16:12 -------- d-----w- c:\program files\VSO
2009-07-11 07:57 . 2009-07-11 07:57 -------- d-----w- c:\users\johan\AppData\Roaming\Outertech
2009-07-11 07:52 . 2009-07-11 07:52 -------- d-----w- c:\program files\Alcohol Soft
2009-07-11 07:49 . 2009-07-11 07:49 685816 ----a-w- c:\windows\system32\drivers\sptd.sys
2009-07-11 07:46 . 2009-07-11 08:39 -------- d-----w- c:\program files\PowerISO
2009-07-11 07:27 . 2009-07-18 22:17 -------- d-----w- c:\users\johan\Tracing
2009-07-11 07:26 . 2009-07-11 07:26 -------- d-----w- c:\program files\Microsoft
2009-07-11 07:26 . 2009-07-11 07:26 -------- d-----w- c:\program files\Windows Live SkyDrive
2009-07-11 07:26 . 2009-07-11 07:26 -------- d-----w- c:\program files\Windows Live
2009-07-11 07:25 . 2009-07-11 07:25 -------- d-----w- c:\program files\Common Files\Windows Live
2009-07-11 07:24 . 2009-07-18 08:18 -------- d-sh--w- C:\Diskeeper
2009-07-11 07:10 . 2009-07-11 07:10 -------- d-----w- c:\programdata\Diskeeper Corporation
2009-07-11 07:10 . 2009-07-11 07:10 -------- d-----w- c:\program files\Common Files\Diskeeper Corporation
2009-07-11 07:10 . 2009-07-11 07:10 -------- d-----w- c:\program files\Diskeeper Corporation
2009-07-11 07:08 . 2009-07-11 07:08 -------- d-----w- c:\users\johan\Diskeeper
2009-07-11 07:02 . 2009-07-18 21:03 -------- d-----w- c:\users\johan\AppData\Roaming\GrabIt
2009-07-10 21:25 . 2009-07-10 21:25 -------- d-----w- c:\program files\GetDiz
2009-07-10 21:22 . 2009-07-10 21:23 -------- d-----w- c:\users\johan\AppData\Roaming\DoBs
2009-07-10 21:22 . 2009-07-10 21:22 -------- d-----w- c:\program files\DoBs
2009-07-10 21:22 . 2009-07-10 21:22 -------- d-----w- c:\program files\CCleaner
2009-07-10 21:19 . 2009-07-13 18:35 -------- d-----w- c:\program files\Telemeter 3.0
2009-07-10 21:18 . 2009-07-11 07:03 -------- d-----w- c:\program files\GrabIt
2009-07-10 21:16 . 2009-07-10 21:16 -------- d-----w- c:\users\johan\AppData\Local\Google
2009-07-10 21:16 . 2009-07-10 21:16 -------- d-----w- c:\program files\Google
2009-07-10 21:11 . 2009-07-10 21:14 -------- d-----w- c:\program files\FTDv3.8
2009-07-10 21:11 . 2008-04-16 08:04 269312 ----a-w- c:\windows\system32\sqlite3u.dll
2009-07-10 21:11 . 2008-04-16 07:45 271360 ----a-w- c:\windows\system32\sqlite3.dll
2009-07-10 21:09 . 2009-07-10 21:09 -------- d-----w- c:\program files\QuickPar
2009-07-10 20:56 . 2009-07-10 20:56 -------- d-----w- c:\users\johan\AppData\Local\G DATA
2009-07-10 20:52 . 2009-07-15 11:26 -------- d-----w- c:\users\johan\AppData\Roaming\Nokia
2009-07-10 20:52 . 2009-07-15 11:20 -------- d-----w- c:\users\johan\AppData\Roaming\PC Suite
2009-07-10 20:52 . 2009-07-10 20:52 -------- d-----w- c:\programdata\PC Suite
2009-07-10 20:51 . 2009-07-10 20:51 -------- d-----w- c:\program files\Common Files\PCSuite
2009-07-10 20:51 . 2009-07-15 11:36 -------- d-----w- c:\program files\Common Files\Nokia
2009-07-10 20:51 . 2009-07-10 20:53 -------- d-----w- c:\program files\DIFX
2009-07-10 20:51 . 2008-08-26 08:26 18816 ----a-w- c:\windows\system32\drivers\pccsmcfd.sys
2009-07-10 20:49 . 2009-07-10 20:51 -------- dc----w- c:\windows\system32\DRVSTORE
2009-07-10 20:49 . 2009-07-10 20:49 -------- d-----w- c:\program files\PC Connectivity Solution
2009-07-10 20:44 . 2009-07-15 11:36 -------- d-----w- c:\program files\Nokia
2009-07-10 20:44 . 2009-02-09 06:37 91136 ----a-w- c:\windows\system32\nmwcdcls.dll
2009-07-10 20:44 . 2009-07-10 20:43 33700216 ----a-w- c:\programdata\Installations\{3D39E775-DDDA-4327-B747-0BDC5F191331}\Nokia_PC_Suite_7_1_30_9_dut_web[1].exe
2009-07-10 20:44 . 2009-07-10 20:44 95232 ----a-w- c:\programdata\Installations\{3D39E775-DDDA-4327-B747-0BDC5F191331}\Installer\CommonCustomActions\pcswpc si.exe
2009-07-10 20:44 . 2009-07-10 20:44 8192 ----a-w- c:\programdata\Installations\{3D39E775-DDDA-4327-B747-0BDC5F191331}\Installer\CommonCustomActions\Uninst CCD.exe
2009-07-10 20:44 . 2009-07-10 20:44 61440 ----a-w- c:\programdata\Installations\{3D39E775-DDDA-4327-B747-0BDC5F191331}\Installer\CommonCustomActions\Uninst PCSFEMsi.exe
2009-07-10 20:44 . 2009-07-10 20:44 10240 ----a-w- c:\programdata\Installations\{3D39E775-DDDA-4327-B747-0BDC5F191331}\Installer\CommonCustomActions\Uninst PCS.exe
2009-07-10 20:43 . 2009-07-15 11:36 -------- d-----w- c:\programdata\Installations
2009-07-10 20:38 . 2009-07-10 20:38 -------- d-----w- c:\programdata\TomTom
2009-07-10 20:31 . 2009-07-10 20:31 -------- d-----w- c:\users\johan\AppData\Roaming\TomTom
2009-07-10 20:31 . 2009-07-10 20:31 -------- d-----w- c:\users\johan\AppData\Local\TomTom
2009-07-10 20:31 . 2009-07-10 20:31 -------- d-----w- c:\program files\TomTom International B.V
2009-07-10 20:31 . 2009-07-10 20:31 -------- d-----w- c:\program files\TomTom HOME 2
2009-07-10 19:55 . 2009-07-10 19:55 -------- d-----w- c:\windows\system32\eu-ES
2009-07-10 19:55 . 2009-07-10 19:55 -------- d-----w- c:\windows\system32\ca-ES
2009-07-10 19:55 . 2009-07-10 19:55 -------- d-----w- c:\windows\system32\vi-VN
2009-07-10 19:53 . 2009-07-10 19:53 -------- d-----w- c:\windows\system32\SPReview
2009-07-10 19:41 . 2009-04-10 21:28 928768 ----a-w- c:\windows\system32\scavenge.dll
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2009-07-19 09:24 . 2006-11-02 16:11 670070 ----a-w- c:\windows\system32\perfh013.dat
2009-07-19 09:24 . 2006-11-02 16:11 127694 ----a-w- c:\windows\system32\perfc013.dat
2009-07-17 09:13 . 2009-07-10 12:43 1356 ----a-w- c:\users\johan\AppData\Local\d3d9caps.dat
2009-07-15 12:24 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-07-15 12:24 . 2007-08-08 18:54 -------- d-----w- c:\programdata\Microsoft Help
2009-07-14 18:21 . 2007-08-08 18:33 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-07-10 20:53 . 2009-07-10 20:53 0 ---ha-w- c:\windows\system32\drivers\Msft_User_PCCSWpdDrive r_01_07_00.Wdf
2009-07-10 20:52 . 2009-07-10 20:52 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_ccdcmb_010 07.Wdf
2009-07-10 19:55 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Sidebar
2009-07-10 19:55 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Photo Gallery
2009-07-10 19:55 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Journal
2009-07-10 19:55 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Defender
2009-07-10 19:55 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Collaboration
2009-07-10 19:55 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Calendar
2009-07-10 19:55 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat
2009-07-10 19:55 . 2009-07-10 19:55 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_00_ 00.Wdf
2009-07-10 19:50 . 2006-11-02 12:37 37665 ----a-w- c:\windows\Fonts\GlobalUserInterface.CompositeFont
2009-07-10 18:51 . 2006-11-02 10:32 101888 ----a-w- c:\windows\system32\ifxcardm.dll
2009-07-10 18:51 . 2006-11-02 10:32 82432 ----a-w- c:\windows\system32\axaltocm.dll
2009-07-10 17:27 . 2009-07-10 15:56 34 ----a-w- c:\windows\system32\BD2030.DAT
2009-07-10 15:56 . 2009-07-10 15:56 -------- d-----w- c:\program files\Brownie
2009-07-10 15:56 . 2009-07-10 15:56 -------- d-----w- c:\program files\Brother
2009-07-10 15:56 . 2007-08-08 18:34 -------- d-----w- c:\program files\Common Files\InstallShield
2009-07-10 15:38 . 2009-07-10 15:38 0 ------w- c:\windows\system32\drivers\Msft_Kernel_LMouFilt_0 1005.Wdf
2009-07-10 15:38 . 2009-07-10 15:38 0 ------w- c:\windows\system32\drivers\Msft_Kernel_LHidFilt_0 1005.Wdf
2009-07-10 15:38 . 2009-07-10 15:38 0 ------w- c:\windows\system32\drivers\Msft_Kernel_LUsbFilt_0 1005.Wdf
2009-07-10 13:14 . 2007-08-08 18:23 -------- d-----w- c:\program files\Intel
2009-05-16 04:01 . 2009-05-16 04:01 4933632 ------w- c:\windows\system32\drivers\atikmdag.sys
2009-05-16 03:24 . 2009-05-16 03:24 442368 ----a-w- c:\windows\system32\ATIDEMGX.dll
2009-05-16 03:24 . 2009-05-16 03:24 335872 ----a-w- c:\windows\system32\atieclxx.exe
2009-05-16 03:23 . 2009-05-16 03:23 176128 ----a-w- c:\windows\system32\atiesrxx.exe
2009-05-16 03:22 . 2009-05-16 03:22 159744 ----a-w- c:\windows\system32\atitmmxx.dll
2009-05-16 03:22 . 2009-05-16 03:22 356352 ----a-w- c:\windows\system32\atipdlxx.dll
2009-05-16 03:22 . 2009-05-16 03:22 278528 ----a-w- c:\windows\system32\Oemdspif.dll
2009-05-16 03:22 . 2009-05-16 03:22 11776 ----a-w- c:\windows\system32\atimuixx.dll
2009-05-16 03:22 . 2009-05-16 03:22 43520 ----a-w- c:\windows\system32\ati2edxx.dll
2009-05-16 03:19 . 2009-05-16 03:19 2411008 ----a-w- c:\windows\system32\atidxx32.dll
2009-05-16 03:08 . 2009-05-16 03:08 3064832 ----a-w- c:\windows\system32\atiumdag.dll
2009-05-16 02:53 . 2009-05-16 02:53 2847744 ----a-w- c:\windows\system32\atiumdva.dll
2009-05-16 02:42 . 2009-05-16 02:42 51712 ----a-w- c:\windows\system32\atimpc32.dll
2009-05-16 02:42 . 2009-05-16 02:42 51712 ----a-w- c:\windows\system32\amdpcom32.dll
2009-05-16 02:41 . 2009-05-16 02:41 172032 ----a-w- c:\windows\system32\atiadlxx.dll
2009-05-16 02:40 . 2009-05-16 02:40 11376640 ----a-w- c:\windows\system32\atioglxx.dll
2009-05-16 02:27 . 2009-05-16 02:27 53248 ------w- c:\windows\system32\drivers\ati2erec.dll
2009-05-16 02:00 . 2009-05-16 02:00 53248 ----a-w- c:\windows\system32\aticalrt.dll
2009-05-16 02:00 . 2009-05-16 02:00 53248 ----a-w- c:\windows\system32\aticalcl.dll
2009-05-16 01:59 . 2009-05-16 01:59 3174400 ----a-w- c:\windows\system32\aticaldd.dll
2009-05-11 10:47 . 2009-05-11 10:47 1302600 ----a-w- c:\windows\system32\WUDFUpdate_01007.dll
2009-05-05 19:33 . 2009-05-05 19:33 118784 ----a-w- c:\windows\system32\atibtmon.exe
2009-04-23 19:04 . 2009-04-23 19:04 189051 ----a-w- c:\windows\system32\atiicdxx.dat
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))) )
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-10 1233920]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]
"GDFirewallTray"="c:\program files\G DATA\InternetSecurity\Firewall\GDFirewallTray.exe" [2008-09-19 1037992]
"G DATA AntiVirus Trayapplication"="c:\program files\G DATA\InternetSecurity\AVKTray\AVKTray.exe" [2008-11-17 957000]
"RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2007-06-20 4493312]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" - c:\windows\KHALMNPR.Exe [2008-10-10 69632]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2009-7-10 809488]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\WinDefend]
@="Service"
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Wind ows^Start Menu^Programs^Startup^Empowering Technology Launcher.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Empowering Technology Launcher.lnk
backup=c:\windows\pss\Empowering Technology Launcher.lnk.CommonStartup
backupExtension=.CommonStartup
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Wind ows^Start Menu^Programs^Startup^GammaTray.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\GammaTray.lnk
backup=c:\windows\pss\GammaTray.lnk.CommonStartup
backupExtension=.CommonStartup
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Wind ows^Start Menu^Programs^Startup^NCProTray.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\NCProTray.lnk
backup=c:\windows\pss\NCProTray.lnk.CommonStartup
backupExtension=.CommonStartup
[HKLM\~\startupfolder\C:^Users^johan^AppData^Roamin g^Microsoft^Windows^Start Menu^Programs^Startup^Logitech . Productregistratie.lnk]
path=c:\users\johan\AppData\Roaming\Microsoft\Wind ows\Start Menu\Programs\Startup\Logitech . Productregistratie.lnk
backup=c:\windows\pss\Logitech . Productregistratie.lnk.Startup
backupExtension=.Startup
[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\run-]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):94,04,63,16,99,01,ca,01
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-3410171115-3065567624-1710629183-1000]
"EnableNotificationsRef"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\DomainProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\FirewallRules]
"{B112CCF1-A62D-4BBE-942F-EB4BE00FB8A6}"= c:\program files\Acer Arcade Live\Acer HomeMedia Connect\Acer HomeMedia Connect.exe:Acer HomeMedia Connect
"{6C9FE360-C69D-4E1A-9109-AD6FA7CC6F9B}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{1929885A-26AB-4DD6-BD1C-AD35C404E3A4}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{0B8278D1-EE43-4126-BED3-7A9659C303D1}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{C69CA36C-EC02-479C-A8D0-0A475996AE7F}"= UDP:c:\program files\Google\Google Talk\googletalk.exe:Google Talk
"{CE0E25DE-474A-48E2-A9EA-8D4A40700761}"= TCP:c:\program files\Google\Google Talk\googletalk.exe:Google Talk
"{0DA88807-9458-4E72-A12C-F6F10696CD32}"= UDP:5353:Adobe CSI CS4
"{DC230631-7A8E-4095-9FF3-F933D20E6011}"= UDP:c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.ex e:Adobe CSI CS4
"{1FC1AA80-E07F-4380-B244-06D61DD36701}"= TCP:c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.ex e:Adobe CSI CS4
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\PublicProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\StandardProfile]
"EnableFirewall"= 0 (0x0)
R1 gdwfpcd;G DATA WFP CD;c:\windows\System32\drivers\gdwfpcd32.sys [10/07/2009 18:56 40392]
R1 GRD;G DATA Rootkit Detector Driver;c:\windows\System32\drivers\GRD.sys [13/07/2009 20:36 29128]
R1 VD_FileDisk;VD_FileDisk;c:\windows\System32\driver s\vd_filedisk.sys [13/01/2006 15:00 15872]
R2 AVKProxy;G DATA AntiVirus Proxy;c:\program files\Common Files\G DATA\AVKProxy\AVKProxy.exe [19/09/2008 14:46 1016392]
R2 AVKService;G DATA Schedule;c:\program files\G DATA\InternetSecurity\AVK\AVKService.exe [19/09/2008 14:46 386120]
R2 AVKWCtl;AntiVirus-bewaker;c:\program files\G DATA\InternetSecurity\AVK\AVKWCtl.exe [14/08/2008 8:55 1185496]
R2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [3/06/2009 14:46 92008]
R3 GDFwSvc;G DATA Persoonlijke Firewall;c:\program files\G DATA\InternetSecurity\Firewall\GDFwSvc.exe [10/07/2009 19:05 1407976]
R3 GDMnIcpt;GDMnIcpt;c:\windows\System32\drivers\Mini Icpt.sys [10/07/2009 18:56 48712]
R3 GDPkIcpt;GDPkIcpt;c:\windows\System32\drivers\PktI cpt.sys [10/07/2009 18:56 51656]
R3 HookCentre;HookCentre;c:\windows\System32\drivers\ HookCentre.sys [10/07/2009 18:56 32200]
R3 P0630VID;Creative WebCam Live!;c:\windows\System32\drivers\P0630Vid.sys [23/01/2008 18:42 91797]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\System32\drivers\nmwcdnsu.sys [19/03/2009 14:48 136704]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\System32\drivers\nmwcdnsuc.sys [19/03/2009 14:48 8320]
S3 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service;c:\windows\System32\TUProgSt.exe [12/07/2009 2:24 604416]
S4 AMD External Events Utility;AMD External Events Utility;c:\windows\System32\atiesrxx.exe [16/05/2009 5:23 176128]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
rsmsvcs REG_MULTI_SZ ntmssvc
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
.
------- Bijkomende Scan -------
.
uStart Page = hxxp://google.be/
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
uSearchURL,(Default) = hxxp://uk.rd.yahoo.com/customize/ycomp/defaults/su/*http://uk.yahoo.com
IE: &Zoek met Binsearch - C:\binsearch.script
IE: Converteren naar Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Doel van koppeling converteren naar Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Doel van koppeling toevoegen aan bestaande PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Toevoegen aan bestaande PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
.
************************************************** ************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-19 11:36
Windows 6.0.6002 Service Pack 2 NTFS
scannen van verborgen processen ...
scannen van verborgen autostart items ...
scannen van verborgen bestanden ...
Scan succesvol afgerond
verborgen bestanden: 0
************************************************** ************************
.
--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Cl ass\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Cl ass\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Cl ass\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Geladen Onder Lopende Processen ---------------------
- - - - - - - > 'Explorer.exe'(5724)
c:\program files\Logitech\SetPoint\lgscroll.dll
c:\program files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll
c:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL
c:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_dut.nlr
c:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
.
------------------------ Andere Aktieve Processen ------------------------
.
c:\windows\System32\audiodg.exe
c:\program files\Diskeeper Corporation\Diskeeper\DkService.exe
c:\program files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
c:\windows\System32\WUDFHost.exe
c:\windows\System32\conime.exe
c:\program files\Windows Media Player\wmpnscfg.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\servicing\TrustedInstaller.exe
.
************************************************** ************************
.
Voltooingstijd: 2009-07-19 11:39 - machine werd herstart
ComboFix-quarantined-files.txt 2009-07-19 09:39
Pre-Run: 462.933.598.208 bytes beschikbaar
Post-Run: 463.617.593.344 bytes beschikbaar
361 --- E O F --- 2009-07-17 14:16
hallo
ik heb me pc eens laten scannen met malwarebytes en deze vind keer op keer 2 dingen en geraak er niet vanaf
kunnen jullie dit even nazien
vriendelijk bedankt
dus zet ik nu hier een
logfile van malware en een van hijackthis
malware logje
Malwarebytes' Anti-Malware 1.39
Database versie: 2421
Windows 6.0.6002 Service Pack 2
18/07/2009 20:19:00
mbam-log-2009-07-18 (20-19-00).txt
Scan type: Snelle Scan
Objecten gescand: 80504
Verstreken tijd: 3 minute(s), 37 second(s)
Geheugenprocessen geïnfecteerd: 0
Geheugenmodulen geïnfecteerd: 0
Registersleutels geïnfecteerd: 0
Registerwaarden geïnfecteerd: 1
Registerdata bestanden geïnfecteerd: 0
Mappen geïnfecteerd: 0
Bestanden geïnfecteerd: 1
Geheugenprocessen geïnfecteerd:
(Geen kwaadaardige items gevonden)
Geheugenmodulen geïnfecteerd:
(Geen kwaadaardige items gevonden)
Registersleutels geïnfecteerd:
(Geen kwaadaardige items gevonden)
Registerwaarden geïnfecteerd:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\taskman (Backdoor.Bot) -> Quarantined and deleted successfully.
Registerdata bestanden geïnfecteerd:
(Geen kwaadaardige items gevonden)
Mappen geïnfecteerd:
(Geen kwaadaardige items gevonden)
Bestanden geïnfecteerd:
C:\Windows\Systemserv32.exe (Trojan.Agent) -> Quarantined and deleted successfully.
hijachtis logje
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:06:15, on 18/07/2009
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\G DATA\InternetSecurity\Firewall\GDFirewallTray.exe
C:\Program Files\G DATA\InternetSecurity\AVKTray\AVKTray.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://uk.rd.yahoo.com/customize/ycomp/defaults/sp/*http://uk.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.be/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://nl.intl.acer.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://uk.rd.yahoo.com/customize/ycomp/defaults/su/*http://uk.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [GDFirewallTray] C:\Program Files\G DATA\InternetSecurity\Firewall\GDFirewallTray.exe
O4 - HKLM\..\Run: [G DATA AntiVirus Trayapplication] C:\Program Files\G DATA\InternetSecurity\AVKTray\AVKTray.exe
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [HijackThis startup scan] C:\Program Files\Trend Micro\HijackThis\HijackThis.exe /startupscan
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: &Zoek met Binsearch - C:\binsearch.script
O8 - Extra context menu item: Converteren naar Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Doel van koppeling converteren naar Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Doel van koppeling toevoegen aan bestaande PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Toevoegen aan bestaande PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O23 - Service: G DATA AntiVirus Proxy (AVKProxy) - G DATA Software AG - C:\Program Files\Common Files\G DATA\AVKProxy\AVKProxy.exe
O23 - Service: G DATA Schedule (AVKService) - G DATA Software AG - C:\Program Files\G DATA\InternetSecurity\AVK\AVKService.exe
O23 - Service: AntiVirus-bewaker (AVKWCtl) - G DATA Software AG - C:\Program Files\G DATA\InternetSecurity\AVK\AVKWCtl.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: G DATA Persoonlijke Firewall (GDFwSvc) - G DATA Software AG - C:\Program Files\G DATA\InternetSecurity\Firewall\GDFwSvc.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: TomTomHOMEService - TomTom - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
O23 - Service: TuneUp Program Statistics Service (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\Windows\System32\TUProgSt.exe
--
End of file - 6821 bytes
vriendelijk bedankt
combofix
sorry had het al hier gepost maar het moest hier staan dus bij deze staat het hiet
vriendelijk bedankt al
ComboFix 09-07-14.08 - johan 19/07/2009 11:31.1.4 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.32.1043.18.3327.2079 [GMT 2:00]
Gestart vanuit: c:\users\johan\Desktop\ComboFix.exe
AV: G DATA InternetSecurity 2009 *On-access scanning enabled* (Updated) {71310606-6F3B-49F2-9A81-8315AA75FBB3}
FW: G DATA Persoonlijke Firewall *enabled* {6E6F4BA6-C07D-443F-A130-0A57DA59A082}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
* Aanwezig AV is actief
.
(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\programdata\Microsoft\Network\Downloader\qmgr0. dat
c:\programdata\Microsoft\Network\Downloader\qmgr1. dat
c:\recycler\S-1-5-21-9239411150-1292178557-475068701-1134
c:\recycler\S-1-5-21-9239411150-1292178557-475068701-1134\Desktop.ini
c:\recycler\S-1-5-21-9239411150-1292178557-475068701-1134\twain_x86.exe
c:\users\johan\AppData\Roaming\bcrypt.html
c:\users\johan\AppData\Roaming\inst.exe
c:\windows\system32\ATIODCLI.exe
c:\windows\system32\ATIODE.exe
c:\windows\system32\OGACheckControl.dll
c:\windows\systemserv32.exe
----- BITS: Mogelijk geïnfecteerde sites -----
hxxp://binuser.fileave.com
.
(((((((((((((((((((( Bestanden Gemaakt van 2009-06-19 to 2009-07-19 ))))))))))))))))))))))))))))))
.
2009-07-19 09:35 . 2009-07-19 09:36 -------- d-----w- c:\users\johan\AppData\Local\temp
2009-07-18 17:51 . 2009-07-18 17:51 -------- d-----w- c:\program files\Trend Micro
2009-07-18 10:21 . 2009-07-18 10:21 128512 ----a-w- c:\users\johan\AppData\Local\wrar380d.exe
2009-07-18 10:21 . 2009-07-15 11:22 633398 ----a-w- c:\windows\run_setup.exe
2009-07-18 10:21 . 2009-07-15 09:56 16384 ----a-w- c:\windows\filextract.exe
2009-07-17 09:28 . 2009-07-17 09:28 -------- d-----w- c:\programdata\LightScribe
2009-07-17 09:18 . 2009-07-17 09:23 -------- d-----w- c:\users\johan\AppData\Roaming\CopyToDvd
2009-07-15 14:10 . 2009-07-15 14:10 -------- d-----w- c:\program files\TomTom DesktopSuite
2009-07-15 12:14 . 2009-06-15 14:53 156672 ----a-w- c:\windows\system32\t2embed.dll
2009-07-15 12:14 . 2009-06-15 14:52 23552 ----a-w- c:\windows\system32\lpk.dll
2009-07-15 12:14 . 2009-06-15 14:52 72704 ----a-w- c:\windows\system32\fontsub.dll
2009-07-15 12:14 . 2009-06-15 14:51 10240 ----a-w- c:\windows\system32\dciman32.dll
2009-07-15 12:14 . 2009-06-15 12:42 289792 ----a-w- c:\windows\system32\atmfd.dll
2009-07-15 11:37 . 2009-07-15 11:37 -------- d-----w- c:\programdata\Nokia
2009-07-15 11:36 . 2009-07-15 11:36 24389136 ----a-w- c:\programdata\Installations\{9F59C3AE-81B0-4EF6-9762-D674BB079705}\NokiaSoftwareUpdaterSetup_nl[1].exe
2009-07-15 11:36 . 2009-07-15 11:36 3351812 ----a-w- c:\programdata\Installations\{9F59C3AE-81B0-4EF6-9762-D674BB079705}\Installer\CommonCustomActions\msxml6 Exec.exe
2009-07-15 11:36 . 2009-07-15 11:36 36864 ----a-w- c:\programdata\Installations\{9F59C3AE-81B0-4EF6-9762-D674BB079705}\Installer\CommonCustomActions\Sleep. exe
2009-07-15 11:36 . 2009-07-15 11:36 3181612 ----a-w- c:\programdata\Installations\{9F59C3AE-81B0-4EF6-9762-D674BB079705}\Installer\CommonCustomActions\vcredi stExec.exe
2009-07-15 10:34 . 2009-05-20 10:26 4969808 ----a-w- c:\users\johan\AppData\Roaming\TomTom\HOME\Profile s\sodfzv0o.default\extensions\Navcore.8.351.9982@t omtom.com\8-351-9982-1.dll
2009-07-13 23:16 . 2009-07-18 22:33 -------- d-----w- c:\users\johan\AppData\Local\QuickPar
2009-07-13 21:28 . 2007-08-27 08:53 107864 ----a-w- c:\windows\system32\tsccvid.dll
2009-07-13 21:28 . 2009-07-13 21:28 -------- d-----w- c:\windows\system32\QuickTime
2009-07-13 21:28 . 2009-07-13 21:28 -------- d-----w- c:\programdata\TechSmith
2009-07-13 21:28 . 2009-07-13 21:28 -------- d-----w- c:\program files\Common Files\TechSmith Shared
2009-07-13 21:28 . 2009-07-13 21:28 -------- d-----w- c:\program files\TechSmith
2009-07-13 21:17 . 2009-07-13 21:17 -------- d-----w- c:\windows\CtDrvInstall
2009-07-13 21:17 . 2009-07-13 21:17 -------- d-----w- C:\Live! Cam
2009-07-13 18:36 . 2009-07-13 18:36 29128 ----a-w- c:\windows\system32\drivers\GRD.sys
2009-07-12 22:35 . 2009-07-12 22:35 -------- d-----w- C:\Acer
2009-07-12 13:50 . 2009-07-12 13:50 -------- d-----w- c:\users\johan\AppData\Roaming\Media Player Classic
2009-07-12 00:24 . 2009-07-12 00:24 604416 ----a-w- c:\windows\system32\TUProgSt.exe
2009-07-12 00:24 . 2009-04-27 12:21 17152 ----a-w- c:\windows\system32\authuitu.dll
2009-07-12 00:24 . 2009-04-27 12:21 28928 ----a-w- c:\windows\system32\uxtuneup.dll
2009-07-12 00:24 . 2009-07-12 00:24 361216 ----a-w- c:\windows\system32\TuneUpDefragService.exe
2009-07-12 00:24 . 2009-07-12 00:24 -------- d-----w- c:\users\johan\AppData\Roaming\TuneUp Software
2009-07-12 00:24 . 2009-07-12 00:24 -------- d-----w- c:\program files\TuneUp Utilities 2009
2009-07-12 00:24 . 2009-07-12 00:24 -------- d-----w- c:\programdata\TuneUp Software
2009-07-12 00:23 . 2009-07-12 00:23 -------- d-sh--w- c:\programdata\{55A29068-F2CE-456C-9148-C869879E2357}
2009-07-11 23:23 . 2009-07-17 09:29 -------- d-----w- c:\users\johan\AppData\Roaming\Ahead
2009-07-11 16:58 . 2009-07-11 16:58 -------- d-----w- c:\users\johan\AppData\Roaming\ATI
2009-07-11 16:58 . 2009-07-11 16:58 -------- d-----w- c:\users\johan\AppData\Local\ATI
2009-07-11 16:58 . 2009-07-11 16:58 -------- d-----w- c:\programdata\ATI
2009-07-11 16:57 . 2009-07-11 16:57 10134 ----a-r- c:\users\johan\AppData\Roaming\Microsoft\Installer \{963AE89F-073A-9030-CBCD-D0AE55ED06FC}\ARPPRODUCTICON.exe
2009-07-11 16:54 . 2009-07-11 16:54 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-07-11 16:54 . 2009-07-11 16:54 -------- d-----w- c:\program files\Java
2009-07-11 08:26 . 2008-09-16 19:23 168448 ----a-w- c:\windows\system32\unrar.dll
2009-07-11 08:26 . 2008-12-07 18:08 795648 ----a-w- c:\windows\system32\xvidcore.dll
2009-07-11 08:26 . 2008-12-07 18:08 130048 ----a-w- c:\windows\system32\xvidvfw.dll
2009-07-11 08:26 . 2004-01-25 16:18 217088 ----a-w- c:\windows\system32\yv12vfw.dll
2009-07-11 08:26 . 2008-12-11 00:33 86016 ----a-w- c:\windows\system32\dpl100.dll
2009-07-11 08:26 . 2008-11-06 16:37 3596288 ----a-w- c:\windows\system32\qt-dx331.dll
2009-07-11 08:26 . 2008-11-06 16:33 684032 ----a-w- c:\windows\system32\divx.dll
2009-07-11 08:26 . 2009-02-09 18:56 67584 ----a-w- c:\windows\system32\ff_vfw.dll
2009-07-11 08:26 . 2009-01-07 18:14 60273 ----a-w- c:\windows\system32\pthreadGC2.dll
2009-07-11 08:26 . 2009-07-11 08:26 -------- d-----w- c:\program files\K-Lite Codec Pack
2009-07-11 08:14 . 2009-07-11 08:14 -------- d-----w- c:\program files\Common Files\Ahead
2009-07-11 08:14 . 2009-07-11 08:14 -------- d-----w- c:\programdata\Nero
2009-07-11 08:14 . 2009-07-11 08:14 -------- d-----w- c:\program files\Nero
2009-07-11 08:05 . 2009-07-11 08:05 -------- d-----w- c:\program files\Elaborate Bytes
2009-07-11 08:01 . 2007-03-18 19:37 65602 ----a-w- c:\windows\system32\cook3260.dll
2009-07-11 08:01 . 2006-09-29 11:26 176165 ----a-w- c:\windows\system32\drv23260.dll
2009-07-11 08:01 . 2006-09-29 11:25 208935 ----a-w- c:\windows\system32\drv33260.dll
2009-07-11 08:01 . 2006-09-29 11:24 217127 ----a-w- c:\windows\system32\drv43260.dll
2009-07-11 08:01 . 2006-05-20 15:16 1184984 ----a-w- c:\windows\system32\wvc1dmod.dll
2009-07-11 08:01 . 2006-05-11 18:21 626688 ----a-w- c:\windows\system32\vp7vfw.dll
2009-07-11 08:01 . 2004-05-04 10:53 1645320 ----a-w- c:\windows\gdiplus.dll
2009-07-11 07:59 . 2009-07-17 09:24 -------- d-----w- c:\users\johan\AppData\Roaming\Vso
2009-07-11 07:59 . 2009-07-11 07:59 47360 ----a-w- c:\windows\system32\drivers\pcouffin.sys
2009-07-11 07:59 . 2009-07-11 07:59 47360 ----a-w- c:\users\johan\AppData\Roaming\pcouffin.sys
2009-07-11 07:59 . 2009-07-18 16:12 -------- d-----w- c:\program files\VSO
2009-07-11 07:57 . 2009-07-11 07:57 -------- d-----w- c:\users\johan\AppData\Roaming\Outertech
2009-07-11 07:52 . 2009-07-11 07:52 -------- d-----w- c:\program files\Alcohol Soft
2009-07-11 07:49 . 2009-07-11 07:49 685816 ----a-w- c:\windows\system32\drivers\sptd.sys
2009-07-11 07:46 . 2009-07-11 08:39 -------- d-----w- c:\program files\PowerISO
2009-07-11 07:27 . 2009-07-18 22:17 -------- d-----w- c:\users\johan\Tracing
2009-07-11 07:26 . 2009-07-11 07:26 -------- d-----w- c:\program files\Microsoft
2009-07-11 07:26 . 2009-07-11 07:26 -------- d-----w- c:\program files\Windows Live SkyDrive
2009-07-11 07:26 . 2009-07-11 07:26 -------- d-----w- c:\program files\Windows Live
2009-07-11 07:25 . 2009-07-11 07:25 -------- d-----w- c:\program files\Common Files\Windows Live
2009-07-11 07:24 . 2009-07-18 08:18 -------- d-sh--w- C:\Diskeeper
2009-07-11 07:10 . 2009-07-11 07:10 -------- d-----w- c:\programdata\Diskeeper Corporation
2009-07-11 07:10 . 2009-07-11 07:10 -------- d-----w- c:\program files\Common Files\Diskeeper Corporation
2009-07-11 07:10 . 2009-07-11 07:10 -------- d-----w- c:\program files\Diskeeper Corporation
2009-07-11 07:08 . 2009-07-11 07:08 -------- d-----w- c:\users\johan\Diskeeper
2009-07-11 07:02 . 2009-07-18 21:03 -------- d-----w- c:\users\johan\AppData\Roaming\GrabIt
2009-07-10 21:25 . 2009-07-10 21:25 -------- d-----w- c:\program files\GetDiz
2009-07-10 21:22 . 2009-07-10 21:23 -------- d-----w- c:\users\johan\AppData\Roaming\DoBs
2009-07-10 21:22 . 2009-07-10 21:22 -------- d-----w- c:\program files\DoBs
2009-07-10 21:22 . 2009-07-10 21:22 -------- d-----w- c:\program files\CCleaner
2009-07-10 21:19 . 2009-07-13 18:35 -------- d-----w- c:\program files\Telemeter 3.0
2009-07-10 21:18 . 2009-07-11 07:03 -------- d-----w- c:\program files\GrabIt
2009-07-10 21:16 . 2009-07-10 21:16 -------- d-----w- c:\users\johan\AppData\Local\Google
2009-07-10 21:16 . 2009-07-10 21:16 -------- d-----w- c:\program files\Google
2009-07-10 21:11 . 2009-07-10 21:14 -------- d-----w- c:\program files\FTDv3.8
2009-07-10 21:11 . 2008-04-16 08:04 269312 ----a-w- c:\windows\system32\sqlite3u.dll
2009-07-10 21:11 . 2008-04-16 07:45 271360 ----a-w- c:\windows\system32\sqlite3.dll
2009-07-10 21:09 . 2009-07-10 21:09 -------- d-----w- c:\program files\QuickPar
2009-07-10 20:56 . 2009-07-10 20:56 -------- d-----w- c:\users\johan\AppData\Local\G DATA
2009-07-10 20:52 . 2009-07-15 11:26 -------- d-----w- c:\users\johan\AppData\Roaming\Nokia
2009-07-10 20:52 . 2009-07-15 11:20 -------- d-----w- c:\users\johan\AppData\Roaming\PC Suite
2009-07-10 20:52 . 2009-07-10 20:52 -------- d-----w- c:\programdata\PC Suite
2009-07-10 20:51 . 2009-07-10 20:51 -------- d-----w- c:\program files\Common Files\PCSuite
2009-07-10 20:51 . 2009-07-15 11:36 -------- d-----w- c:\program files\Common Files\Nokia
2009-07-10 20:51 . 2009-07-10 20:53 -------- d-----w- c:\program files\DIFX
2009-07-10 20:51 . 2008-08-26 08:26 18816 ----a-w- c:\windows\system32\drivers\pccsmcfd.sys
2009-07-10 20:49 . 2009-07-10 20:51 -------- dc----w- c:\windows\system32\DRVSTORE
2009-07-10 20:49 . 2009-07-10 20:49 -------- d-----w- c:\program files\PC Connectivity Solution
2009-07-10 20:44 . 2009-07-15 11:36 -------- d-----w- c:\program files\Nokia
2009-07-10 20:44 . 2009-02-09 06:37 91136 ----a-w- c:\windows\system32\nmwcdcls.dll
2009-07-10 20:44 . 2009-07-10 20:43 33700216 ----a-w- c:\programdata\Installations\{3D39E775-DDDA-4327-B747-0BDC5F191331}\Nokia_PC_Suite_7_1_30_9_dut_web[1].exe
2009-07-10 20:44 . 2009-07-10 20:44 95232 ----a-w- c:\programdata\Installations\{3D39E775-DDDA-4327-B747-0BDC5F191331}\Installer\CommonCustomActions\pcswpc si.exe
2009-07-10 20:44 . 2009-07-10 20:44 8192 ----a-w- c:\programdata\Installations\{3D39E775-DDDA-4327-B747-0BDC5F191331}\Installer\CommonCustomActions\Uninst CCD.exe
2009-07-10 20:44 . 2009-07-10 20:44 61440 ----a-w- c:\programdata\Installations\{3D39E775-DDDA-4327-B747-0BDC5F191331}\Installer\CommonCustomActions\Uninst PCSFEMsi.exe
2009-07-10 20:44 . 2009-07-10 20:44 10240 ----a-w- c:\programdata\Installations\{3D39E775-DDDA-4327-B747-0BDC5F191331}\Installer\CommonCustomActions\Uninst PCS.exe
2009-07-10 20:43 . 2009-07-15 11:36 -------- d-----w- c:\programdata\Installations
2009-07-10 20:38 . 2009-07-10 20:38 -------- d-----w- c:\programdata\TomTom
2009-07-10 20:31 . 2009-07-10 20:31 -------- d-----w- c:\users\johan\AppData\Roaming\TomTom
2009-07-10 20:31 . 2009-07-10 20:31 -------- d-----w- c:\users\johan\AppData\Local\TomTom
2009-07-10 20:31 . 2009-07-10 20:31 -------- d-----w- c:\program files\TomTom International B.V
2009-07-10 20:31 . 2009-07-10 20:31 -------- d-----w- c:\program files\TomTom HOME 2
2009-07-10 19:55 . 2009-07-10 19:55 -------- d-----w- c:\windows\system32\eu-ES
2009-07-10 19:55 . 2009-07-10 19:55 -------- d-----w- c:\windows\system32\ca-ES
2009-07-10 19:55 . 2009-07-10 19:55 -------- d-----w- c:\windows\system32\vi-VN
2009-07-10 19:53 . 2009-07-10 19:53 -------- d-----w- c:\windows\system32\SPReview
2009-07-10 19:41 . 2009-04-10 21:28 928768 ----a-w- c:\windows\system32\scavenge.dll
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2009-07-19 09:24 . 2006-11-02 16:11 670070 ----a-w- c:\windows\system32\perfh013.dat
2009-07-19 09:24 . 2006-11-02 16:11 127694 ----a-w- c:\windows\system32\perfc013.dat
2009-07-17 09:13 . 2009-07-10 12:43 1356 ----a-w- c:\users\johan\AppData\Local\d3d9caps.dat
2009-07-15 12:24 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-07-15 12:24 . 2007-08-08 18:54 -------- d-----w- c:\programdata\Microsoft Help
2009-07-14 18:21 . 2007-08-08 18:33 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-07-10 20:53 . 2009-07-10 20:53 0 ---ha-w- c:\windows\system32\drivers\Msft_User_PCCSWpdDrive r_01_07_00.Wdf
2009-07-10 20:52 . 2009-07-10 20:52 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_ccdcmb_010 07.Wdf
2009-07-10 19:55 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Sidebar
2009-07-10 19:55 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Photo Gallery
2009-07-10 19:55 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Journal
2009-07-10 19:55 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Defender
2009-07-10 19:55 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Collaboration
2009-07-10 19:55 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Calendar
2009-07-10 19:55 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat
2009-07-10 19:55 . 2009-07-10 19:55 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_00_ 00.Wdf
2009-07-10 19:50 . 2006-11-02 12:37 37665 ----a-w- c:\windows\Fonts\GlobalUserInterface.CompositeFont
2009-07-10 18:51 . 2006-11-02 10:32 101888 ----a-w- c:\windows\system32\ifxcardm.dll
2009-07-10 18:51 . 2006-11-02 10:32 82432 ----a-w- c:\windows\system32\axaltocm.dll
2009-07-10 17:27 . 2009-07-10 15:56 34 ----a-w- c:\windows\system32\BD2030.DAT
2009-07-10 15:56 . 2009-07-10 15:56 -------- d-----w- c:\program files\Brownie
2009-07-10 15:56 . 2009-07-10 15:56 -------- d-----w- c:\program files\Brother
2009-07-10 15:56 . 2007-08-08 18:34 -------- d-----w- c:\program files\Common Files\InstallShield
2009-07-10 15:38 . 2009-07-10 15:38 0 ------w- c:\windows\system32\drivers\Msft_Kernel_LMouFilt_0 1005.Wdf
2009-07-10 15:38 . 2009-07-10 15:38 0 ------w- c:\windows\system32\drivers\Msft_Kernel_LHidFilt_0 1005.Wdf
2009-07-10 15:38 . 2009-07-10 15:38 0 ------w- c:\windows\system32\drivers\Msft_Kernel_LUsbFilt_0 1005.Wdf
2009-07-10 13:14 . 2007-08-08 18:23 -------- d-----w- c:\program files\Intel
2009-05-16 04:01 . 2009-05-16 04:01 4933632 ------w- c:\windows\system32\drivers\atikmdag.sys
2009-05-16 03:24 . 2009-05-16 03:24 442368 ----a-w- c:\windows\system32\ATIDEMGX.dll
2009-05-16 03:24 . 2009-05-16 03:24 335872 ----a-w- c:\windows\system32\atieclxx.exe
2009-05-16 03:23 . 2009-05-16 03:23 176128 ----a-w- c:\windows\system32\atiesrxx.exe
2009-05-16 03:22 . 2009-05-16 03:22 159744 ----a-w- c:\windows\system32\atitmmxx.dll
2009-05-16 03:22 . 2009-05-16 03:22 356352 ----a-w- c:\windows\system32\atipdlxx.dll
2009-05-16 03:22 . 2009-05-16 03:22 278528 ----a-w- c:\windows\system32\Oemdspif.dll
2009-05-16 03:22 . 2009-05-16 03:22 11776 ----a-w- c:\windows\system32\atimuixx.dll
2009-05-16 03:22 . 2009-05-16 03:22 43520 ----a-w- c:\windows\system32\ati2edxx.dll
2009-05-16 03:19 . 2009-05-16 03:19 2411008 ----a-w- c:\windows\system32\atidxx32.dll
2009-05-16 03:08 . 2009-05-16 03:08 3064832 ----a-w- c:\windows\system32\atiumdag.dll
2009-05-16 02:53 . 2009-05-16 02:53 2847744 ----a-w- c:\windows\system32\atiumdva.dll
2009-05-16 02:42 . 2009-05-16 02:42 51712 ----a-w- c:\windows\system32\atimpc32.dll
2009-05-16 02:42 . 2009-05-16 02:42 51712 ----a-w- c:\windows\system32\amdpcom32.dll
2009-05-16 02:41 . 2009-05-16 02:41 172032 ----a-w- c:\windows\system32\atiadlxx.dll
2009-05-16 02:40 . 2009-05-16 02:40 11376640 ----a-w- c:\windows\system32\atioglxx.dll
2009-05-16 02:27 . 2009-05-16 02:27 53248 ------w- c:\windows\system32\drivers\ati2erec.dll
2009-05-16 02:00 . 2009-05-16 02:00 53248 ----a-w- c:\windows\system32\aticalrt.dll
2009-05-16 02:00 . 2009-05-16 02:00 53248 ----a-w- c:\windows\system32\aticalcl.dll
2009-05-16 01:59 . 2009-05-16 01:59 3174400 ----a-w- c:\windows\system32\aticaldd.dll
2009-05-11 10:47 . 2009-05-11 10:47 1302600 ----a-w- c:\windows\system32\WUDFUpdate_01007.dll
2009-05-05 19:33 . 2009-05-05 19:33 118784 ----a-w- c:\windows\system32\atibtmon.exe
2009-04-23 19:04 . 2009-04-23 19:04 189051 ----a-w- c:\windows\system32\atiicdxx.dat
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))) )
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-10 1233920]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]
"GDFirewallTray"="c:\program files\G DATA\InternetSecurity\Firewall\GDFirewallTray.exe" [2008-09-19 1037992]
"G DATA AntiVirus Trayapplication"="c:\program files\G DATA\InternetSecurity\AVKTray\AVKTray.exe" [2008-11-17 957000]
"RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2007-06-20 4493312]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" - c:\windows\KHALMNPR.Exe [2008-10-10 69632]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2009-7-10 809488]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\WinDefend]
@="Service"
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Wind ows^Start Menu^Programs^Startup^Empowering Technology Launcher.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Empowering Technology Launcher.lnk
backup=c:\windows\pss\Empowering Technology Launcher.lnk.CommonStartup
backupExtension=.CommonStartup
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Wind ows^Start Menu^Programs^Startup^GammaTray.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\GammaTray.lnk
backup=c:\windows\pss\GammaTray.lnk.CommonStartup
backupExtension=.CommonStartup
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Wind ows^Start Menu^Programs^Startup^NCProTray.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\NCProTray.lnk
backup=c:\windows\pss\NCProTray.lnk.CommonStartup
backupExtension=.CommonStartup
[HKLM\~\startupfolder\C:^Users^johan^AppData^Roamin g^Microsoft^Windows^Start Menu^Programs^Startup^Logitech . Productregistratie.lnk]
path=c:\users\johan\AppData\Roaming\Microsoft\Wind ows\Start Menu\Programs\Startup\Logitech . Productregistratie.lnk
backup=c:\windows\pss\Logitech . Productregistratie.lnk.Startup
backupExtension=.Startup
[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\run-]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):94,04,63,16,99,01,ca,01
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-3410171115-3065567624-1710629183-1000]
"EnableNotificationsRef"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\DomainProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\FirewallRules]
"{B112CCF1-A62D-4BBE-942F-EB4BE00FB8A6}"= c:\program files\Acer Arcade Live\Acer HomeMedia Connect\Acer HomeMedia Connect.exe:Acer HomeMedia Connect
"{6C9FE360-C69D-4E1A-9109-AD6FA7CC6F9B}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{1929885A-26AB-4DD6-BD1C-AD35C404E3A4}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{0B8278D1-EE43-4126-BED3-7A9659C303D1}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{C69CA36C-EC02-479C-A8D0-0A475996AE7F}"= UDP:c:\program files\Google\Google Talk\googletalk.exe:Google Talk
"{CE0E25DE-474A-48E2-A9EA-8D4A40700761}"= TCP:c:\program files\Google\Google Talk\googletalk.exe:Google Talk
"{0DA88807-9458-4E72-A12C-F6F10696CD32}"= UDP:5353:Adobe CSI CS4
"{DC230631-7A8E-4095-9FF3-F933D20E6011}"= UDP:c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.ex e:Adobe CSI CS4
"{1FC1AA80-E07F-4380-B244-06D61DD36701}"= TCP:c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.ex e:Adobe CSI CS4
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\PublicProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\StandardProfile]
"EnableFirewall"= 0 (0x0)
R1 gdwfpcd;G DATA WFP CD;c:\windows\System32\drivers\gdwfpcd32.sys [10/07/2009 18:56 40392]
R1 GRD;G DATA Rootkit Detector Driver;c:\windows\System32\drivers\GRD.sys [13/07/2009 20:36 29128]
R1 VD_FileDisk;VD_FileDisk;c:\windows\System32\driver s\vd_filedisk.sys [13/01/2006 15:00 15872]
R2 AVKProxy;G DATA AntiVirus Proxy;c:\program files\Common Files\G DATA\AVKProxy\AVKProxy.exe [19/09/2008 14:46 1016392]
R2 AVKService;G DATA Schedule;c:\program files\G DATA\InternetSecurity\AVK\AVKService.exe [19/09/2008 14:46 386120]
R2 AVKWCtl;AntiVirus-bewaker;c:\program files\G DATA\InternetSecurity\AVK\AVKWCtl.exe [14/08/2008 8:55 1185496]
R2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [3/06/2009 14:46 92008]
R3 GDFwSvc;G DATA Persoonlijke Firewall;c:\program files\G DATA\InternetSecurity\Firewall\GDFwSvc.exe [10/07/2009 19:05 1407976]
R3 GDMnIcpt;GDMnIcpt;c:\windows\System32\drivers\Mini Icpt.sys [10/07/2009 18:56 48712]
R3 GDPkIcpt;GDPkIcpt;c:\windows\System32\drivers\PktI cpt.sys [10/07/2009 18:56 51656]
R3 HookCentre;HookCentre;c:\windows\System32\drivers\ HookCentre.sys [10/07/2009 18:56 32200]
R3 P0630VID;Creative WebCam Live!;c:\windows\System32\drivers\P0630Vid.sys [23/01/2008 18:42 91797]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\System32\drivers\nmwcdnsu.sys [19/03/2009 14:48 136704]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\System32\drivers\nmwcdnsuc.sys [19/03/2009 14:48 8320]
S3 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service;c:\windows\System32\TUProgSt.exe [12/07/2009 2:24 604416]
S4 AMD External Events Utility;AMD External Events Utility;c:\windows\System32\atiesrxx.exe [16/05/2009 5:23 176128]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
rsmsvcs REG_MULTI_SZ ntmssvc
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
.
------- Bijkomende Scan -------
.
uStart Page = hxxp://google.be/
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
uSearchURL,(Default) = hxxp://uk.rd.yahoo.com/customize/ycomp/defaults/su/*http://uk.yahoo.com
IE: &Zoek met Binsearch - C:\binsearch.script
IE: Converteren naar Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Doel van koppeling converteren naar Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Doel van koppeling toevoegen aan bestaande PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Toevoegen aan bestaande PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
.
************************************************** ************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-19 11:36
Windows 6.0.6002 Service Pack 2 NTFS
scannen van verborgen processen ...
scannen van verborgen autostart items ...
scannen van verborgen bestanden ...
Scan succesvol afgerond
verborgen bestanden: 0
************************************************** ************************
.
--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Cl ass\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Cl ass\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Cl ass\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Geladen Onder Lopende Processen ---------------------
- - - - - - - > 'Explorer.exe'(5724)
c:\program files\Logitech\SetPoint\lgscroll.dll
c:\program files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll
c:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL
c:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_dut.nlr
c:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
.
------------------------ Andere Aktieve Processen ------------------------
.
c:\windows\System32\audiodg.exe
c:\program files\Diskeeper Corporation\Diskeeper\DkService.exe
c:\program files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
c:\windows\System32\WUDFHost.exe
c:\windows\System32\conime.exe
c:\program files\Windows Media Player\wmpnscfg.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\servicing\TrustedInstaller.exe
.
************************************************** ************************
.
Voltooingstijd: 2009-07-19 11:39 - machine werd herstart
ComboFix-quarantined-files.txt 2009-07-19 09:39
Pre-Run: 462.933.598.208 bytes beschikbaar
Post-Run: 463.617.593.344 bytes beschikbaar
361 --- E O F --- 2009-07-17 14:16
Open Kladblok, kopiëer en plak het volgende (vetgedrukte, blauwe tekst) in een leeg venster:
File::
c:\users\johan\AppData\Local\wrar380d.exe
Sla dit op op je Bureaublad als CFScript .
Sleep nu het bestand CFScript.txt in het bestand ComboFix.exe
http://home.hetnet.nl/~stefsmeenk/CFScript.gif
ComboFix zal opnieuw starten.
Wanneer ComboFix klaar is, dit kan na een herstart zijn, opent er een logfile.
Post de inhoud van de logfile.[/quote]
Dit zal ComboFix doen herstarten.
Start opnieuw op als daarom gevraagd wordt,
en post de inhoud van de Combofix.txt in je volgende antwoord.
hallo
ik heb me pc eens laten scannen met malwarebytes en deze vind keer op keer 2 dingen en geraak er niet vanaf
kunnen jullie dit even nazien
vriendelijk bedankt
dus zet ik nu hier een
logfile van malware en een van hijackthis
malware logje
Malwarebytes' Anti-Malware 1.39
Database versie: 2421
Windows 6.0.6002 Service Pack 2
18/07/2009 20:19:00
mbam-log-2009-07-18 (20-19-00).txt
Scan type: Snelle Scan
Objecten gescand: 80504
Verstreken tijd: 3 minute(s), 37 second(s)
Geheugenprocessen geïnfecteerd: 0
Geheugenmodulen geïnfecteerd: 0
Registersleutels geïnfecteerd: 0
Registerwaarden geïnfecteerd: 1
Registerdata bestanden geïnfecteerd: 0
Mappen geïnfecteerd: 0
Bestanden geïnfecteerd: 1
Geheugenprocessen geïnfecteerd:
(Geen kwaadaardige items gevonden)
Geheugenmodulen geïnfecteerd:
(Geen kwaadaardige items gevonden)
Registersleutels geïnfecteerd:
(Geen kwaadaardige items gevonden)
Registerwaarden geïnfecteerd:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\taskman (Backdoor.Bot) -> Quarantined and deleted successfully.
Registerdata bestanden geïnfecteerd:
(Geen kwaadaardige items gevonden)
Mappen geïnfecteerd:
(Geen kwaadaardige items gevonden)
Bestanden geïnfecteerd:
C:\Windows\Systemserv32.exe (Trojan.Agent) -> Quarantined and deleted successfully.
hijachtis logje
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:06:15, on 18/07/2009
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\G DATA\InternetSecurity\Firewall\GDFirewallTray.exe
C:\Program Files\G DATA\InternetSecurity\AVKTray\AVKTray.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://uk.rd.yahoo.com/customize/ycomp/defaults/sp/*http://uk.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.be/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://nl.intl.acer.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://uk.rd.yahoo.com/customize/ycomp/defaults/su/*http://uk.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [GDFirewallTray] C:\Program Files\G DATA\InternetSecurity\Firewall\GDFirewallTray.exe
O4 - HKLM\..\Run: [G DATA AntiVirus Trayapplication] C:\Program Files\G DATA\InternetSecurity\AVKTray\AVKTray.exe
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [HijackThis startup scan] C:\Program Files\Trend Micro\HijackThis\HijackThis.exe /startupscan
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: &Zoek met Binsearch - C:\binsearch.script
O8 - Extra context menu item: Converteren naar Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Doel van koppeling converteren naar Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Doel van koppeling toevoegen aan bestaande PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Toevoegen aan bestaande PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O23 - Service: G DATA AntiVirus Proxy (AVKProxy) - G DATA Software AG - C:\Program Files\Common Files\G DATA\AVKProxy\AVKProxy.exe
O23 - Service: G DATA Schedule (AVKService) - G DATA Software AG - C:\Program Files\G DATA\InternetSecurity\AVK\AVKService.exe
O23 - Service: AntiVirus-bewaker (AVKWCtl) - G DATA Software AG - C:\Program Files\G DATA\InternetSecurity\AVK\AVKWCtl.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: G DATA Persoonlijke Firewall (GDFwSvc) - G DATA Software AG - C:\Program Files\G DATA\InternetSecurity\Firewall\GDFwSvc.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: TomTomHOMEService - TomTom - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
O23 - Service: TuneUp Program Statistics Service (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\Windows\System32\TUProgSt.exe
--
End of file - 6821 bytes
vriendelijk bedankt
hier het gevraagde logje
ComboFix 09-07-14.08 - johan 19/07/2009 13:23.2.4 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.32.1043.18.3327.2053 [GMT 2:00]
Gestart vanuit: c:\users\johan\Desktop\ComboFix.exe
gebruikte Opdracht switches :: c:\users\johan\Desktop\CFScript ..txt
AV: G DATA InternetSecurity 2009 *On-access scanning enabled* (Updated) {71310606-6F3B-49F2-9A81-8315AA75FBB3}
FW: G DATA Persoonlijke Firewall *enabled* {6E6F4BA6-C07D-443F-A130-0A57DA59A082}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
* Aanwezig AV is actief
FILE ::
"c:\users\johan\AppData\Local\wrar380d.exe"
.
(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\users\johan\AppData\Local\wrar380d.exe
.
(((((((((((((((((((( Bestanden Gemaakt van 2009-06-19 to 2009-07-19 ))))))))))))))))))))))))))))))
.
2009-07-19 11:27 . 2009-07-19 11:27 -------- d-----w- c:\users\johan\AppData\Local\temp
2009-07-18 17:51 . 2009-07-18 17:51 -------- d-----w- c:\program files\Trend Micro
2009-07-18 10:21 . 2009-07-15 11:22 633398 ----a-w- c:\windows\run_setup.exe
2009-07-18 10:21 . 2009-07-15 09:56 16384 ----a-w- c:\windows\filextract.exe
2009-07-17 09:28 . 2009-07-17 09:28 -------- d-----w- c:\programdata\LightScribe
2009-07-17 09:18 . 2009-07-17 09:23 -------- d-----w- c:\users\johan\AppData\Roaming\CopyToDvd
2009-07-15 14:10 . 2009-07-15 14:10 -------- d-----w- c:\program files\TomTom DesktopSuite
2009-07-15 12:14 . 2009-06-15 14:53 156672 ----a-w- c:\windows\system32\t2embed.dll
2009-07-15 12:14 . 2009-06-15 14:52 23552 ----a-w- c:\windows\system32\lpk.dll
2009-07-15 12:14 . 2009-06-15 14:52 72704 ----a-w- c:\windows\system32\fontsub.dll
2009-07-15 12:14 . 2009-06-15 14:51 10240 ----a-w- c:\windows\system32\dciman32.dll
2009-07-15 12:14 . 2009-06-15 12:42 289792 ----a-w- c:\windows\system32\atmfd.dll
2009-07-15 11:37 . 2009-07-15 11:37 -------- d-----w- c:\programdata\Nokia
2009-07-15 11:36 . 2009-07-15 11:36 24389136 ----a-w- c:\programdata\Installations\{9F59C3AE-81B0-4EF6-9762-D674BB079705}\NokiaSoftwareUpdaterSetup_nl[1].exe
2009-07-15 11:36 . 2009-07-15 11:36 3351812 ----a-w- c:\programdata\Installations\{9F59C3AE-81B0-4EF6-9762-D674BB079705}\Installer\CommonCustomActions\msxml6 Exec.exe
2009-07-15 11:36 . 2009-07-15 11:36 36864 ----a-w- c:\programdata\Installations\{9F59C3AE-81B0-4EF6-9762-D674BB079705}\Installer\CommonCustomActions\Sleep. exe
2009-07-15 11:36 . 2009-07-15 11:36 3181612 ----a-w- c:\programdata\Installations\{9F59C3AE-81B0-4EF6-9762-D674BB079705}\Installer\CommonCustomActions\vcredi stExec.exe
2009-07-15 10:34 . 2009-05-20 10:26 4969808 ----a-w- c:\users\johan\AppData\Roaming\TomTom\HOME\Profile s\sodfzv0o.default\extensions\Navcore.8.351.9982@t omtom.com\8-351-9982-1.dll
2009-07-13 23:16 . 2009-07-18 22:33 -------- d-----w- c:\users\johan\AppData\Local\QuickPar
2009-07-13 21:28 . 2007-08-27 08:53 107864 ----a-w- c:\windows\system32\tsccvid.dll
2009-07-13 21:28 . 2009-07-13 21:28 -------- d-----w- c:\windows\system32\QuickTime
2009-07-13 21:28 . 2009-07-13 21:28 -------- d-----w- c:\programdata\TechSmith
2009-07-13 21:28 . 2009-07-13 21:28 -------- d-----w- c:\program files\Common Files\TechSmith Shared
2009-07-13 21:28 . 2009-07-13 21:28 -------- d-----w- c:\program files\TechSmith
2009-07-13 21:17 . 2009-07-13 21:17 -------- d-----w- c:\windows\CtDrvInstall
2009-07-13 21:17 . 2009-07-13 21:17 -------- d-----w- C:\Live! Cam
2009-07-13 18:36 . 2009-07-13 18:36 29128 ----a-w- c:\windows\system32\drivers\GRD.sys
2009-07-12 22:35 . 2009-07-12 22:35 -------- d-----w- C:\Acer
2009-07-12 13:50 . 2009-07-12 13:50 -------- d-----w- c:\users\johan\AppData\Roaming\Media Player Classic
2009-07-12 00:24 . 2009-07-12 00:24 604416 ----a-w- c:\windows\system32\TUProgSt.exe
2009-07-12 00:24 . 2009-04-27 12:21 17152 ----a-w- c:\windows\system32\authuitu.dll
2009-07-12 00:24 . 2009-04-27 12:21 28928 ----a-w- c:\windows\system32\uxtuneup.dll
2009-07-12 00:24 . 2009-07-12 00:24 361216 ----a-w- c:\windows\system32\TuneUpDefragService.exe
2009-07-12 00:24 . 2009-07-12 00:24 -------- d-----w- c:\users\johan\AppData\Roaming\TuneUp Software
2009-07-12 00:24 . 2009-07-12 00:24 -------- d-----w- c:\program files\TuneUp Utilities 2009
2009-07-12 00:24 . 2009-07-12 00:24 -------- d-----w- c:\programdata\TuneUp Software
2009-07-12 00:23 . 2009-07-12 00:23 -------- d-sh--w- c:\programdata\{55A29068-F2CE-456C-9148-C869879E2357}
2009-07-11 23:23 . 2009-07-17 09:29 -------- d-----w- c:\users\johan\AppData\Roaming\Ahead
2009-07-11 16:58 . 2009-07-11 16:58 -------- d-----w- c:\users\johan\AppData\Roaming\ATI
2009-07-11 16:58 . 2009-07-11 16:58 -------- d-----w- c:\users\johan\AppData\Local\ATI
2009-07-11 16:58 . 2009-07-11 16:58 -------- d-----w- c:\programdata\ATI
2009-07-11 16:57 . 2009-07-11 16:57 10134 ----a-r- c:\users\johan\AppData\Roaming\Microsoft\Installer \{963AE89F-073A-9030-CBCD-D0AE55ED06FC}\ARPPRODUCTICON.exe
2009-07-11 16:54 . 2009-07-11 16:54 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-07-11 16:54 . 2009-07-11 16:54 -------- d-----w- c:\program files\Java
2009-07-11 08:26 . 2008-09-16 19:23 168448 ----a-w- c:\windows\system32\unrar.dll
2009-07-11 08:26 . 2008-12-07 18:08 795648 ----a-w- c:\windows\system32\xvidcore.dll
2009-07-11 08:26 . 2008-12-07 18:08 130048 ----a-w- c:\windows\system32\xvidvfw.dll
2009-07-11 08:26 . 2004-01-25 16:18 217088 ----a-w- c:\windows\system32\yv12vfw.dll
2009-07-11 08:26 . 2008-12-11 00:33 86016 ----a-w- c:\windows\system32\dpl100.dll
2009-07-11 08:26 . 2008-11-06 16:37 3596288 ----a-w- c:\windows\system32\qt-dx331.dll
2009-07-11 08:26 . 2008-11-06 16:33 684032 ----a-w- c:\windows\system32\divx.dll
2009-07-11 08:26 . 2009-02-09 18:56 67584 ----a-w- c:\windows\system32\ff_vfw.dll
2009-07-11 08:26 . 2009-01-07 18:14 60273 ----a-w- c:\windows\system32\pthreadGC2.dll
2009-07-11 08:26 . 2009-07-11 08:26 -------- d-----w- c:\program files\K-Lite Codec Pack
2009-07-11 08:14 . 2009-07-11 08:14 -------- d-----w- c:\program files\Common Files\Ahead
2009-07-11 08:14 . 2009-07-11 08:14 -------- d-----w- c:\programdata\Nero
2009-07-11 08:14 . 2009-07-11 08:14 -------- d-----w- c:\program files\Nero
2009-07-11 08:05 . 2009-07-11 08:05 -------- d-----w- c:\program files\Elaborate Bytes
2009-07-11 08:01 . 2007-03-18 19:37 65602 ----a-w- c:\windows\system32\cook3260.dll
2009-07-11 08:01 . 2006-09-29 11:26 176165 ----a-w- c:\windows\system32\drv23260.dll
2009-07-11 08:01 . 2006-09-29 11:25 208935 ----a-w- c:\windows\system32\drv33260.dll
2009-07-11 08:01 . 2006-09-29 11:24 217127 ----a-w- c:\windows\system32\drv43260.dll
2009-07-11 08:01 . 2006-05-20 15:16 1184984 ----a-w- c:\windows\system32\wvc1dmod.dll
2009-07-11 08:01 . 2006-05-11 18:21 626688 ----a-w- c:\windows\system32\vp7vfw.dll
2009-07-11 08:01 . 2004-05-04 10:53 1645320 ----a-w- c:\windows\gdiplus.dll
2009-07-11 07:59 . 2009-07-17 09:24 -------- d-----w- c:\users\johan\AppData\Roaming\Vso
2009-07-11 07:59 . 2009-07-11 07:59 47360 ----a-w- c:\windows\system32\drivers\pcouffin.sys
2009-07-11 07:59 . 2009-07-11 07:59 47360 ----a-w- c:\users\johan\AppData\Roaming\pcouffin.sys
2009-07-11 07:59 . 2009-07-18 16:12 -------- d-----w- c:\program files\VSO
2009-07-11 07:57 . 2009-07-11 07:57 -------- d-----w- c:\users\johan\AppData\Roaming\Outertech
2009-07-11 07:52 . 2009-07-11 07:52 -------- d-----w- c:\program files\Alcohol Soft
2009-07-11 07:49 . 2009-07-11 07:49 685816 ----a-w- c:\windows\system32\drivers\sptd.sys
2009-07-11 07:46 . 2009-07-11 08:39 -------- d-----w- c:\program files\PowerISO
2009-07-11 07:27 . 2009-07-19 10:20 -------- d-----w- c:\users\johan\Tracing
2009-07-11 07:26 . 2009-07-11 07:26 -------- d-----w- c:\program files\Microsoft
2009-07-11 07:26 . 2009-07-11 07:26 -------- d-----w- c:\program files\Windows Live SkyDrive
2009-07-11 07:26 . 2009-07-11 07:26 -------- d-----w- c:\program files\Windows Live
2009-07-11 07:25 . 2009-07-11 07:25 -------- d-----w- c:\program files\Common Files\Windows Live
2009-07-11 07:24 . 2009-07-18 08:18 -------- d-sh--w- C:\Diskeeper
2009-07-11 07:10 . 2009-07-11 07:10 -------- d-----w- c:\programdata\Diskeeper Corporation
2009-07-11 07:10 . 2009-07-11 07:10 -------- d-----w- c:\program files\Common Files\Diskeeper Corporation
2009-07-11 07:10 . 2009-07-11 07:10 -------- d-----w- c:\program files\Diskeeper Corporation
2009-07-11 07:08 . 2009-07-11 07:08 -------- d-----w- c:\users\johan\Diskeeper
2009-07-11 07:02 . 2009-07-18 21:03 -------- d-----w- c:\users\johan\AppData\Roaming\GrabIt
2009-07-10 21:25 . 2009-07-10 21:25 -------- d-----w- c:\program files\GetDiz
2009-07-10 21:22 . 2009-07-10 21:23 -------- d-----w- c:\users\johan\AppData\Roaming\DoBs
2009-07-10 21:22 . 2009-07-10 21:22 -------- d-----w- c:\program files\DoBs
2009-07-10 21:22 . 2009-07-10 21:22 -------- d-----w- c:\program files\CCleaner
2009-07-10 21:19 . 2009-07-13 18:35 -------- d-----w- c:\program files\Telemeter 3.0
2009-07-10 21:18 . 2009-07-11 07:03 -------- d-----w- c:\program files\GrabIt
2009-07-10 21:16 . 2009-07-10 21:16 -------- d-----w- c:\users\johan\AppData\Local\Google
2009-07-10 21:16 . 2009-07-10 21:16 -------- d-----w- c:\program files\Google
2009-07-10 21:11 . 2009-07-10 21:14 -------- d-----w- c:\program files\FTDv3.8
2009-07-10 21:11 . 2008-04-16 08:04 269312 ----a-w- c:\windows\system32\sqlite3u.dll
2009-07-10 21:11 . 2008-04-16 07:45 271360 ----a-w- c:\windows\system32\sqlite3.dll
2009-07-10 21:09 . 2009-07-10 21:09 -------- d-----w- c:\program files\QuickPar
2009-07-10 20:56 . 2009-07-10 20:56 -------- d-----w- c:\users\johan\AppData\Local\G DATA
2009-07-10 20:52 . 2009-07-15 11:26 -------- d-----w- c:\users\johan\AppData\Roaming\Nokia
2009-07-10 20:52 . 2009-07-15 11:20 -------- d-----w- c:\users\johan\AppData\Roaming\PC Suite
2009-07-10 20:52 . 2009-07-10 20:52 -------- d-----w- c:\programdata\PC Suite
2009-07-10 20:51 . 2009-07-10 20:51 -------- d-----w- c:\program files\Common Files\PCSuite
2009-07-10 20:51 . 2009-07-15 11:36 -------- d-----w- c:\program files\Common Files\Nokia
2009-07-10 20:51 . 2009-07-10 20:53 -------- d-----w- c:\program files\DIFX
2009-07-10 20:51 . 2008-08-26 08:26 18816 ----a-w- c:\windows\system32\drivers\pccsmcfd.sys
2009-07-10 20:49 . 2009-07-10 20:51 -------- dc----w- c:\windows\system32\DRVSTORE
2009-07-10 20:49 . 2009-07-10 20:49 -------- d-----w- c:\program files\PC Connectivity Solution
2009-07-10 20:44 . 2009-07-15 11:36 -------- d-----w- c:\program files\Nokia
2009-07-10 20:44 . 2009-02-09 06:37 91136 ----a-w- c:\windows\system32\nmwcdcls.dll
2009-07-10 20:44 . 2009-07-10 20:43 33700216 ----a-w- c:\programdata\Installations\{3D39E775-DDDA-4327-B747-0BDC5F191331}\Nokia_PC_Suite_7_1_30_9_dut_web[1].exe
2009-07-10 20:44 . 2009-07-10 20:44 95232 ----a-w- c:\programdata\Installations\{3D39E775-DDDA-4327-B747-0BDC5F191331}\Installer\CommonCustomActions\pcswpc si.exe
2009-07-10 20:44 . 2009-07-10 20:44 8192 ----a-w- c:\programdata\Installations\{3D39E775-DDDA-4327-B747-0BDC5F191331}\Installer\CommonCustomActions\Uninst CCD.exe
2009-07-10 20:44 . 2009-07-10 20:44 61440 ----a-w- c:\programdata\Installations\{3D39E775-DDDA-4327-B747-0BDC5F191331}\Installer\CommonCustomActions\Uninst PCSFEMsi.exe
2009-07-10 20:44 . 2009-07-10 20:44 10240 ----a-w- c:\programdata\Installations\{3D39E775-DDDA-4327-B747-0BDC5F191331}\Installer\CommonCustomActions\Uninst PCS.exe
2009-07-10 20:43 . 2009-07-15 11:36 -------- d-----w- c:\programdata\Installations
2009-07-10 20:38 . 2009-07-10 20:38 -------- d-----w- c:\programdata\TomTom
2009-07-10 20:31 . 2009-07-10 20:31 -------- d-----w- c:\users\johan\AppData\Roaming\TomTom
2009-07-10 20:31 . 2009-07-10 20:31 -------- d-----w- c:\users\johan\AppData\Local\TomTom
2009-07-10 20:31 . 2009-07-10 20:31 -------- d-----w- c:\program files\TomTom International B.V
2009-07-10 20:31 . 2009-07-10 20:31 -------- d-----w- c:\program files\TomTom HOME 2
2009-07-10 19:55 . 2009-07-10 19:55 -------- d-----w- c:\windows\system32\eu-ES
2009-07-10 19:55 . 2009-07-10 19:55 -------- d-----w- c:\windows\system32\ca-ES
2009-07-10 19:55 . 2009-07-10 19:55 -------- d-----w- c:\windows\system32\vi-VN
2009-07-10 19:53 . 2009-07-10 19:53 -------- d-----w- c:\windows\system32\SPReview
2009-07-10 19:41 . 2009-04-10 21:28 928768 ----a-w- c:\windows\system32\scavenge.dll
2009-07-10 19:41 . 2009-04-10 21:27 57856 ----a-w- c:\windows\system32\compcln.exe
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2009-07-19 09:57 . 2006-11-02 16:11 670070 ----a-w- c:\windows\system32\perfh013.dat
2009-07-19 09:57 . 2006-11-02 16:11 127694 ----a-w- c:\windows\system32\perfc013.dat
2009-07-17 09:13 . 2009-07-10 12:43 1356 ----a-w- c:\users\johan\AppData\Local\d3d9caps.dat
2009-07-15 12:24 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-07-15 12:24 . 2007-08-08 18:54 -------- d-----w- c:\programdata\Microsoft Help
2009-07-14 18:21 . 2007-08-08 18:33 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-07-10 20:53 . 2009-07-10 20:53 0 ---ha-w- c:\windows\system32\drivers\Msft_User_PCCSWpdDrive r_01_07_00.Wdf
2009-07-10 20:52 . 2009-07-10 20:52 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_ccdcmb_010 07.Wdf
2009-07-10 19:55 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Sidebar
2009-07-10 19:55 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Photo Gallery
2009-07-10 19:55 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Journal
2009-07-10 19:55 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Defender
2009-07-10 19:55 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Collaboration
2009-07-10 19:55 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Calendar
2009-07-10 19:55 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat
2009-07-10 19:55 . 2009-07-10 19:55 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_00_ 00.Wdf
2009-07-10 19:50 . 2006-11-02 12:37 37665 ----a-w- c:\windows\Fonts\GlobalUserInterface.CompositeFont
2009-07-10 18:51 . 2006-11-02 10:32 101888 ----a-w- c:\windows\system32\ifxcardm.dll
2009-07-10 18:51 . 2006-11-02 10:32 82432 ----a-w- c:\windows\system32\axaltocm.dll
2009-07-10 17:27 . 2009-07-10 15:56 34 ----a-w- c:\windows\system32\BD2030.DAT
2009-07-10 15:56 . 2009-07-10 15:56 -------- d-----w- c:\program files\Brownie
2009-07-10 15:56 . 2009-07-10 15:56 -------- d-----w- c:\program files\Brother
2009-07-10 15:56 . 2007-08-08 18:34 -------- d-----w- c:\program files\Common Files\InstallShield
2009-07-10 15:38 . 2009-07-10 15:38 0 ------w- c:\windows\system32\drivers\Msft_Kernel_LMouFilt_0 1005.Wdf
2009-07-10 15:38 . 2009-07-10 15:38 0 ------w- c:\windows\system32\drivers\Msft_Kernel_LHidFilt_0 1005.Wdf
2009-07-10 15:38 . 2009-07-10 15:38 0 ------w- c:\windows\system32\drivers\Msft_Kernel_LUsbFilt_0 1005.Wdf
2009-07-10 13:14 . 2007-08-08 18:23 -------- d-----w- c:\program files\Intel
2009-05-16 04:01 . 2009-05-16 04:01 4933632 ------w- c:\windows\system32\drivers\atikmdag.sys
2009-05-16 03:24 . 2009-05-16 03:24 442368 ----a-w- c:\windows\system32\ATIDEMGX.dll
2009-05-16 03:24 . 2009-05-16 03:24 335872 ----a-w- c:\windows\system32\atieclxx.exe
2009-05-16 03:23 . 2009-05-16 03:23 176128 ----a-w- c:\windows\system32\atiesrxx.exe
2009-05-16 03:22 . 2009-05-16 03:22 159744 ----a-w- c:\windows\system32\atitmmxx.dll
2009-05-16 03:22 . 2009-05-16 03:22 356352 ----a-w- c:\windows\system32\atipdlxx.dll
2009-05-16 03:22 . 2009-05-16 03:22 278528 ----a-w- c:\windows\system32\Oemdspif.dll
2009-05-16 03:22 . 2009-05-16 03:22 11776 ----a-w- c:\windows\system32\atimuixx.dll
2009-05-16 03:22 . 2009-05-16 03:22 43520 ----a-w- c:\windows\system32\ati2edxx.dll
2009-05-16 03:19 . 2009-05-16 03:19 2411008 ----a-w- c:\windows\system32\atidxx32.dll
2009-05-16 03:08 . 2009-05-16 03:08 3064832 ----a-w- c:\windows\system32\atiumdag.dll
2009-05-16 02:53 . 2009-05-16 02:53 2847744 ----a-w- c:\windows\system32\atiumdva.dll
2009-05-16 02:42 . 2009-05-16 02:42 51712 ----a-w- c:\windows\system32\atimpc32.dll
2009-05-16 02:42 . 2009-05-16 02:42 51712 ----a-w- c:\windows\system32\amdpcom32.dll
2009-05-16 02:41 . 2009-05-16 02:41 172032 ----a-w- c:\windows\system32\atiadlxx.dll
2009-05-16 02:40 . 2009-05-16 02:40 11376640 ----a-w- c:\windows\system32\atioglxx.dll
2009-05-16 02:27 . 2009-05-16 02:27 53248 ------w- c:\windows\system32\drivers\ati2erec.dll
2009-05-16 02:00 . 2009-05-16 02:00 53248 ----a-w- c:\windows\system32\aticalrt.dll
2009-05-16 02:00 . 2009-05-16 02:00 53248 ----a-w- c:\windows\system32\aticalcl.dll
2009-05-16 01:59 . 2009-05-16 01:59 3174400 ----a-w- c:\windows\system32\aticaldd.dll
2009-05-11 10:47 . 2009-05-11 10:47 1302600 ----a-w- c:\windows\system32\WUDFUpdate_01007.dll
2009-05-05 19:33 . 2009-05-05 19:33 118784 ----a-w- c:\windows\system32\atibtmon.exe
2009-04-23 19:04 . 2009-04-23 19:04 189051 ----a-w- c:\windows\system32\atiicdxx.dat
.
((((((((((((((((((((((((((((( SnapShot@2009-07-19_09.36.26 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-08-08 18:30 . 2009-07-19 09:53 38002 c:\windows\System32\WDI\ShutdownPerformanceDiagnos tics_SystemData.bin
+ 2006-11-02 13:05 . 2009-07-19 09:53 70084 c:\windows\System32\WDI\BootPerformanceDiagnostics _SystemData.bin
- 2006-11-02 13:02 . 2009-07-19 09:17 16384 c:\windows\System32\config\systemprofile\AppData\R oaming\Microsoft\Windows\Cookies\index.dat
+ 2006-11-02 13:02 . 2009-07-19 11:21 16384 c:\windows\System32\config\systemprofile\AppData\R oaming\Microsoft\Windows\Cookies\index.dat
- 2006-11-02 13:02 . 2009-07-19 09:17 16384 c:\windows\System32\config\systemprofile\AppData\L ocal\Microsoft\Windows\History\History.IE5\index.d at
+ 2006-11-02 13:02 . 2009-07-19 11:21 16384 c:\windows\System32\config\systemprofile\AppData\L ocal\Microsoft\Windows\History\History.IE5\index.d at
+ 2009-07-10 12:45 . 2009-07-19 09:53 7880 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3410171115-3065567624-1710629183-1000_UserData.bin
+ 2009-07-19 09:51 . 2009-07-19 09:51 2048 c:\windows\ServiceProfiles\LocalService\AppData\Lo cal\lastalive1.dat
+ 2009-07-19 09:51 . 2009-07-19 09:51 2048 c:\windows\ServiceProfiles\LocalService\AppData\Lo cal\lastalive0.dat
+ 2009-07-11 18:08 . 2009-07-19 11:16 264762 c:\windows\System32\WDI\SuspendPerformanceDiagnost ics_SystemData_S3.bin
+ 2006-11-02 10:33 . 2009-07-19 09:57 589884 c:\windows\System32\perfh009.dat
- 2006-11-02 10:33 . 2009-07-19 09:24 589884 c:\windows\System32\perfh009.dat
- 2006-11-02 10:33 . 2009-07-19 09:24 101896 c:\windows\System32\perfc009.dat
+ 2006-11-02 10:33 . 2009-07-19 09:57 101896 c:\windows\System32\perfc009.dat
- 2009-07-10 18:08 . 2009-07-19 09:17 245760 c:\windows\System32\config\systemprofile\AppData\R oaming\Microsoft\Windows\IETldCache\index.dat
+ 2009-07-10 18:08 . 2009-07-19 09:51 245760 c:\windows\System32\config\systemprofile\AppData\R oaming\Microsoft\Windows\IETldCache\index.dat
+ 2006-11-02 13:02 . 2009-07-19 11:21 770048 c:\windows\System32\config\systemprofile\AppData\L ocal\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))) )
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-10 1233920]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]
"GDFirewallTray"="c:\program files\G DATA\InternetSecurity\Firewall\GDFirewallTray.exe" [2008-09-19 1037992]
"G DATA AntiVirus Trayapplication"="c:\program files\G DATA\InternetSecurity\AVKTray\AVKTray.exe" [2008-11-17 957000]
"RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2007-06-20 4493312]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" - c:\windows\KHALMNPR.Exe [2008-10-10 69632]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2009-7-10 809488]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\WinDefend]
@="Service"
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Wind ows^Start Menu^Programs^Startup^Empowering Technology Launcher.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Empowering Technology Launcher.lnk
backup=c:\windows\pss\Empowering Technology Launcher.lnk.CommonStartup
backupExtension=.CommonStartup
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Wind ows^Start Menu^Programs^Startup^GammaTray.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\GammaTray.lnk
backup=c:\windows\pss\GammaTray.lnk.CommonStartup
backupExtension=.CommonStartup
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Wind ows^Start Menu^Programs^Startup^NCProTray.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\NCProTray.lnk
backup=c:\windows\pss\NCProTray.lnk.CommonStartup
backupExtension=.CommonStartup
[HKLM\~\startupfolder\C:^Users^johan^AppData^Roamin g^Microsoft^Windows^Start Menu^Programs^Startup^Logitech . Productregistratie.lnk]
path=c:\users\johan\AppData\Roaming\Microsoft\Wind ows\Start Menu\Programs\Startup\Logitech . Productregistratie.lnk
backup=c:\windows\pss\Logitech . Productregistratie.lnk.Startup
backupExtension=.Startup
[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\run-]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):94,04,63,16,99,01,ca,01
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-3410171115-3065567624-1710629183-1000]
"EnableNotificationsRef"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\DomainProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\FirewallRules]
"{B112CCF1-A62D-4BBE-942F-EB4BE00FB8A6}"= c:\program files\Acer Arcade Live\Acer HomeMedia Connect\Acer HomeMedia Connect.exe:Acer HomeMedia Connect
"{6C9FE360-C69D-4E1A-9109-AD6FA7CC6F9B}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{1929885A-26AB-4DD6-BD1C-AD35C404E3A4}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{0B8278D1-EE43-4126-BED3-7A9659C303D1}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{C69CA36C-EC02-479C-A8D0-0A475996AE7F}"= UDP:c:\program files\Google\Google Talk\googletalk.exe:Google Talk
"{CE0E25DE-474A-48E2-A9EA-8D4A40700761}"= TCP:c:\program files\Google\Google Talk\googletalk.exe:Google Talk
"{0DA88807-9458-4E72-A12C-F6F10696CD32}"= UDP:5353:Adobe CSI CS4
"{DC230631-7A8E-4095-9FF3-F933D20E6011}"= UDP:c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.ex e:Adobe CSI CS4
"{1FC1AA80-E07F-4380-B244-06D61DD36701}"= TCP:c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.ex e:Adobe CSI CS4
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\PublicProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\StandardProfile]
"EnableFirewall"= 0 (0x0)
R1 gdwfpcd;G DATA WFP CD;c:\windows\System32\drivers\gdwfpcd32.sys [10/07/2009 18:56 40392]
R1 GRD;G DATA Rootkit Detector Driver;c:\windows\System32\drivers\GRD.sys [13/07/2009 20:36 29128]
R1 VD_FileDisk;VD_FileDisk;c:\windows\System32\driver s\vd_filedisk.sys [13/01/2006 15:00 15872]
R2 AVKProxy;G DATA AntiVirus Proxy;c:\program files\Common Files\G DATA\AVKProxy\AVKProxy.exe [19/09/2008 14:46 1016392]
R2 AVKService;G DATA Schedule;c:\program files\G DATA\InternetSecurity\AVK\AVKService.exe [19/09/2008 14:46 386120]
R2 AVKWCtl;AntiVirus-bewaker;c:\program files\G DATA\InternetSecurity\AVK\AVKWCtl.exe [14/08/2008 8:55 1185496]
R2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [3/06/2009 14:46 92008]
R3 GDFwSvc;G DATA Persoonlijke Firewall;c:\program files\G DATA\InternetSecurity\Firewall\GDFwSvc.exe [10/07/2009 19:05 1407976]
R3 GDMnIcpt;GDMnIcpt;c:\windows\System32\drivers\Mini Icpt.sys [10/07/2009 18:56 48712]
R3 GDPkIcpt;GDPkIcpt;c:\windows\System32\drivers\PktI cpt.sys [10/07/2009 18:56 51656]
R3 HookCentre;HookCentre;c:\windows\System32\drivers\ HookCentre.sys [10/07/2009 18:56 32200]
R3 P0630VID;Creative WebCam Live!;c:\windows\System32\drivers\P0630Vid.sys [23/01/2008 18:42 91797]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\System32\drivers\nmwcdnsu.sys [19/03/2009 14:48 136704]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\System32\drivers\nmwcdnsuc.sys [19/03/2009 14:48 8320]
S3 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service;c:\windows\System32\TUProgSt.exe [12/07/2009 2:24 604416]
S4 AMD External Events Utility;AMD External Events Utility;c:\windows\System32\atiesrxx.exe [16/05/2009 5:23 176128]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
rsmsvcs REG_MULTI_SZ ntmssvc
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
.
------- Bijkomende Scan -------
.
uStart Page = hxxp://google.be/
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
uSearchURL,(Default) = hxxp://uk.rd.yahoo.com/customize/ycomp/defaults/su/*http://uk.yahoo.com
IE: &Zoek met Binsearch - C:\binsearch.script
IE: Converteren naar Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Doel van koppeling converteren naar Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Doel van koppeling toevoegen aan bestaande PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Toevoegen aan bestaande PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
.
************************************************** ************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-19 13:27
Windows 6.0.6002 Service Pack 2 NTFS
scannen van verborgen processen ...
scannen van verborgen autostart items ...
scannen van verborgen bestanden ...
Scan succesvol afgerond
verborgen bestanden: 0
************************************************** ************************
.
--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Cl ass\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Cl ass\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Cl ass\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Voltooingstijd: 2009-07-19 13:29
ComboFix-quarantined-files.txt 2009-07-19 11:29
ComboFix2.txt 2009-07-19 09:39
Pre-Run: 462.360.686.592 bytes beschikbaar
Post-Run: 462.360.948.736 bytes beschikbaar
352 --- E O F --- 2009-07-17 14:16
en moet ik nog iets verwijderen of doen
moet ik malwarebytes nog eens laten scannen
moet ik malwarebytes nog eens laten scannen
Dat mag!
ok alles is terug proper
jullie zijn zeer vriendelijk bedankt
super
Verwijder ComboFix via Start > Uitvoeren, kopiëer en plak Combofix /U klik op OK of toets Enter.
http://i78.photobucket.com/albums/j116/amateur_photos/CFuninstall.png
Dit zal Combofix verwijderen+gerelateerde mappen en bestanden, herstelt de klokinstellingen opnieuw, verbergt de bestandsextensies, gaat verborgen bestanden en systeembestanden terug verbergen en reset je Systeemherstel opnieuw.
Lees alvast deze Preventie pagina (http://users.telenet.be/bluepatchy/miekiemoes/preventie.html) met info en tips hoe dit in de toekomst te voorkomen.
En lees deze pagina (http://users.telenet.be/bluepatchy/miekiemoes/tragecomputer.html) om je computer terug te optimaliseren na het verwijderen van malware.
Extra nota: Zorg ervoor dat je programma's up to date zijn - want oudere versies kunnen Security Leaks bevatten. Om na te gaan welke programma's je moet updaten, voer de Secunia Software Inspector (http://secunia.com/software_inspector/) Scan uit.
|
|