Volledige versie bekijken : kan deze nagekeken worden aub
salmax 27 August 2010, 11:12 deze pc is een windows profesional 2000 sp4
versie hijack this 2.04 kreeg ik er niet op vondt deze 2.02
heb deze zo ver mogelijk nagekeken en opgekuist.
er stonden 3 anti virussen op
kan er gekeken worden of er geen resten van vorige antivirussen is overgebleven .
en of er van de 7 bedreigingen van die avast vondt nog resten zijn.
malwarebyte vond 150 bedreigingen
je de log moet hebben vraag je het maar
bedank op voorhand.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:15:45, on 28/06/2002
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\hidserv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINNT\system32\HPZipm12.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINNT\system32\LVCOMSX.EXE
C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe
C:\WINNT\system32\ctfmon.exe
C:\Program Files\LNM Client\Agent.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINNT\system32\wuauclt.exe
C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
C:\WINNT\System32\cleanmgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINNT\system32\taskmgr.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.be/0SENLBE/SAOS01
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/
O2 - BHO: System - {D1C8F9CE-563E-11D8-813C-005022E14DE2} - C:\PROGRA~1\LNMCLI~1\AddAPI.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINNT\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [avast5] C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui
O4 - HKCU\..\Run: [ctfmon.exe] ctfmon.exe
O4 - HKCU\..\Run: [Youlog Desktop] "C:\Program Files\LNM Client\Agent.exe"
O4 - HKCU\..\Run: [DriverUpdaterPro] C:\Program Files\iXi Tools\Driver Updater Pro\DriverUpdaterPro.exe -t
O4 - HKUS\.DEFAULT\..\Run: [internat.exe] internat.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: LNM Client - {5D602A21-B929-11d7-A5D3-005022E14DE3} - http://www.youlog.com (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O10 - Unknown file in Winsock LSP: c:\winnt\system32\nwprovau.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by110fd.bay110.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1263931323971
O16 - DPF: {89869334-AA13-489A-9A07-2BA062714A29} (Installer Class) - http://img.lnm.eu/youlog/client/MessengerInstaller.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game04.zylom.com/activex/zylomgamesplayer.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINNT\system32\HPZipm12.exe
O24 - Desktop Component 0: (no name) - file:///C:/Documents%20and%20Settings/Administrator/My%20Documents/My%20Pictures/04.jpg
O24 - Desktop Component 1: (no name) - http://v.netlogstatic.com/v4.00/skins/209660/dj/topper.jpg
--
End of file - 6071 bytes
Woudje100 27 August 2010, 15:13 Hallo Salmax,
Zou je het logje van MBAM ook kunnen posten.
Het log wordt automatisch bewaard door MalwareBytes' Anti-Malware en kan je terugvinden door op de "Logs" tab te klikken in het programma.
Zou je ook kunnen posten welke bedreigingen avast heeft gevonden.
Als je de O24 regels zelf hebt ingesteld, mag je die laten staan. Anders mag je die ook verwijderen
Start HijackThis op. Klik op "Do a system scan only". Selecteer, indien aanwezig, het volgende:
O2 - BHO: System - {D1C8F9CE-563E-11D8-813C-005022E14DE2} - C:\PROGRA~1\LNMCLI~1\AddAPI.dll
O4 - HKCU\..\Run: [Youlog Desktop] "C:\Program Files\LNM Client\Agent.exe"
O9 - Extra button: LNM Client - {5D602A21-B929-11d7-A5D3-005022E14DE3} - http://www.youlog.com (file missing)
O24 - Desktop Component 0: (no name) - file:///C:/Documents%20and%20Setting...ictures/04.jpg
O24 - Desktop Component 1: (no name) - http://v.netlogstatic.com/v4.00/skin.../dj/topper.jpg
Klik op "Fix checked" en sluit HijackThis
Let op!!! Windows Vista & 7 gebruikers dienen HijackThis als administrator uit te voeren "Rechtermuisknop uitvoeren als", indien dit via de snelkoppeling niet lukt voert u HijackThis als administrator uit in de volgende directory (C:\Program Files\Trend Micro\HiJackThis)
Download Combofix (http://download.bleepingcomputer.com/sUBs/ComboFix.exe) naar je Bureaublad en gebruik het volgens deze handleiding (http://www.bleepingcomputer.com/combofix/nl/hoe-dient-combofix-gebruikt-te-worden).
OPMERKING: indien je, tijdens of na het downloaden van Combofix of tijdens het gebruik van Combofix een melding krijgt van je Antivirus- of een andere realtime scanner, schakel dan deze scanner uit en download Combofix opnieuw.
Sommige scanners zien bepaalde componenten die Combofix gebruikt als verdacht en gaan deze blokkeren of verwijderen!
Dubbelklik op Combofix.exe om het te starten.
Indien je Combofix al eerder hebt gebruikt, kan je een waarschuwing krijgen dat een update beschikbaar is. Sta toe dat ComboFix wordt geupdate.
Klik op OK in het "NirCmd" venstertje.
Klik na afloop terug op Ja om het scannen op malware te starten.
Tijdens het runnen van de fix, NIET in het venster klikken, want dit zal je pc doen vasthangen.
Wanneer de fix voltooid is en na herstart, zal de log Combofix.txt openen.
Post dit logje in je volgende antwoord.
Woudje100
salmax 27 August 2010, 19:16 de log mbam is van rond 17/08/2010.
waarvoor staat regels 024 ik heb het bij mijn weten niet geinstalleerd.
zal deze uitvoeren .
ik zal een afspraak met de mensen maken en hopelijk kan dat snel
hoelang duurt combofix 1 h ongeveer .
Woudje100 27 August 2010, 20:20 Hoi Salmax,
Een ComboFix scan kan soms wel lang duren, maar meestal is een scan wel binnen een uur klaar.
Woudje100
salmax 6 September 2010, 11:32 heb vandaag pc meegekregen en ben combofix aan het laten scannen
eerst wat gefoefelt met beeld en muis gelukkig had ik nog heel oude muis dat hij aanvaarde
salmax 6 September 2010, 11:43 ComboFix 10-09-04.06 - Administrator 06/09/2010 11:15:48.1.1 - x86
Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\winnt\Downloaded Program Files\popcaploader.inf
c:\winnt\Web\default.htt
c:\winnt\system32\userinit.exe . . . is infected!!
.
((((((((((((((((((((((((( Files Created from 2010-08-06 to 2010-09-06 )))))))))))))))))))))))))))))))
.
No new files created in this timespan
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2010-09-06 08:29 . 2002-06-27 22:04 16384 ----atw- c:\winnt\system32\Perflib_Perfdata_230.dat
2010-06-28 20:57 . 2002-06-28 01:04 38848 ----a-w- c:\winnt\avastSS.scr
2010-06-28 20:57 . 2005-11-10 17:55 165032 ----a-w- c:\winnt\system32\aswBoot.exe
2010-06-28 20:37 . 2002-06-28 01:06 46672 ----a-w- c:\winnt\system32\drivers\aswTdi.sys
2010-06-28 20:37 . 2002-06-28 01:06 165456 ----a-w- c:\winnt\system32\drivers\aswSP.sys
2010-06-28 20:33 . 2005-11-10 17:55 23376 -c--a-w- c:\winnt\system32\drivers\aswRdr.sys
2010-06-28 20:32 . 2002-06-28 01:06 100176 ----a-w- c:\winnt\system32\drivers\aswmon2.sys
2010-06-28 20:32 . 2002-06-28 01:06 94544 ----a-w- c:\winnt\system32\drivers\aswmon.sys
2010-06-28 20:32 . 2002-06-28 01:06 28880 ----a-w- c:\winnt\system32\drivers\aavmker4.sys
2005-11-07 22:01 . 2005-11-07 22:01 21952 -c-h--w- c:\program files\folder.htt
.
------- Sigcheck -------
[-] 2003-06-19 11:05 . 8C718AA8C77041B3285D55A0CE980867 . 86672 . . [ERROR: 0x0] . . c:\winnt\ServicePackFiles\i386\atapi.sys
[-] 2003-06-19 11:05 . 8C718AA8C77041B3285D55A0CE980867 . 86672 . . [ERROR: 0x0] . . c:\winnt\system32\drivers\atapi.sys
[-] 1999-12-07 12:00 . F4D5D4CC7B704608FC686D248981F461 . 84976 . . [ERROR: 0x0] . . c:\winnt\$NtServicePackUninstall$\atapi.sys
[-] 2003-06-19 11:05 . 5D3D77C9EB3A8E6A14CC8E1252B6CC5C . 17840 . . [ERROR: 0x0] . . c:\winnt\ServicePackFiles\i386\asyncmac.sys
[-] 2003-06-19 11:05 . 5D3D77C9EB3A8E6A14CC8E1252B6CC5C . 17840 . . [ERROR: 0x0] . . c:\winnt\system32\drivers\asyncmac.sys
[-] 1999-12-07 12:00 . 1B4DE1039FE6D4321003303870185B8E . 16752 . . [ERROR: 0x0] . . c:\winnt\$NtServicePackUninstall$\asyncmac.sys
[-] 1999-12-07 12:00 . DF012C2853281CE2BF536E8DE871C8C1 . 4080 . . [ERROR: 0x0] . . c:\winnt\system32\dllcache\beep.sys
[-] 1999-12-07 12:00 . DF012C2853281CE2BF536E8DE871C8C1 . 4080 . . [ERROR: 0x0] . . c:\winnt\system32\drivers\beep.sys
[-] 2003-06-19 11:05 . 399055F5C4A98F39B47D26888A72145D . 24528 . . [ERROR: 0x0] . . c:\winnt\ServicePackFiles\i386\kbdclass.sys
[-] 2003-06-19 11:05 . 399055F5C4A98F39B47D26888A72145D . 24528 . . [ERROR: 0x0] . . c:\winnt\system32\dllcache\kbdclass.sys
[-] 2003-06-19 11:05 . 399055F5C4A98F39B47D26888A72145D . 24528 . . [ERROR: 0x0] . . c:\winnt\system32\drivers\kbdclass.sys
[-] 1999-12-07 12:00 . 283E1604997CFB83EE6A8DF7F1993AFC . 24496 . . [ERROR: 0x0] . . c:\winnt\$NtServicePackUninstall$\kbdclass.sys
[-] 2003-06-19 11:05 . FB4F2D0595BD3546A4DD915E4A9B4809 . 170928 . . [ERROR: 0x0] . . c:\winnt\ServicePackFiles\i386\ndis.sys
[-] 2003-06-19 11:05 . FB4F2D0595BD3546A4DD915E4A9B4809 . 170928 . . [ERROR: 0x0] . . c:\winnt\system32\drivers\ndis.sys
[-] 1999-12-07 12:00 . FBF289385E77176B5929975748ABD84B . 167760 . . [ERROR: 0x0] . . c:\winnt\$NtServicePackUninstall$\ndis.sys
[-] 2003-06-19 11:05 . F6AB0E765D5B80443B93C52C42F2602A . 534192 . . [ERROR: 0x0] . . c:\winnt\ServicePackFiles\i386\ntfs.sys
[-] 2003-06-19 11:05 . F6AB0E765D5B80443B93C52C42F2602A . 534192 . . [ERROR: 0x0] . . c:\winnt\system32\drivers\ntfs.sys
[-] 1999-12-07 12:00 . 99FB2B5556EF9168065B548A001FC393 . 535248 . . [ERROR: 0x0] . . c:\winnt\$NtServicePackUninstall$\ntfs.sys
[-] 1999-12-07 12:00 . 280209CDE798720A24D232BF9CFDA8E9 . 2800 . . [ERROR: 0x0] . . c:\winnt\system32\dllcache\null.sys
[-] 1999-12-07 12:00 . 280209CDE798720A24D232BF9CFDA8E9 . 2800 . . [ERROR: 0x0] . . c:\winnt\system32\drivers\null.sys
[-] 2003-06-19 11:05 . 38A6BC551496C24118BD1524425AF2FE . 68880 . . [ERROR: 0x0] . . c:\winnt\ServicePackFiles\i386\browser.dll
[-] 2003-06-19 11:05 . 38A6BC551496C24118BD1524425AF2FE . 68880 . . [ERROR: 0x0] . . c:\winnt\system32\browser.dll
[-] 1999-12-07 12:00 . 1E95C9153D96FC232F16DB274AE0E19E . 49424 . . [ERROR: 0x0] . . c:\winnt\$NtServicePackUninstall$\browser.dll
[-] 2003-06-19 11:05 . 271229760CCED993E9E7CAB1C7274134 . 33552 . . [ERROR: 0x0] . . c:\winnt\ServicePackFiles\i386\lsass.exe
[-] 2003-06-19 11:05 . 271229760CCED993E9E7CAB1C7274134 . 33552 . . [ERROR: 0x0] . . c:\winnt\system32\LSASS.EXE
[-] 1999-12-07 12:00 . 794087DA8DE60705C20E127262362C8C . 33552 . . [ERROR: 0x0] . . c:\winnt\$NtServicePackUninstall$\lsass.exe
[-] 2004-10-05 09:43 . DCD38D8178BF1BEA585F2F003EE3460E . 362496 . . [ERROR: 0x0] . . c:\winnt\system32\qmgr.dll
[-] 2004-10-05 09:43 . DCD38D8178BF1BEA585F2F003EE3460E . 362496 . . [ERROR: 0x0] . . c:\winnt\system32\BITS\qmgr.dll
[-] 2004-10-05 09:43 . DCD38D8178BF1BEA585F2F003EE3460E . 362496 . . [ERROR: 0x0] . . c:\winnt\system32\dllcache\qmgr.dll
[-] 2003-06-19 11:05 . FE02334DB8598E2706A51A24DD33AB00 . 244224 . . [ERROR: 0x0] . . c:\winnt\$NtUninstallKB842773$\qmgr.dll
[-] 2003-06-19 11:05 . FE02334DB8598E2706A51A24DD33AB00 . 244224 . . [ERROR: 0x0] . . c:\winnt\ServicePackFiles\i386\qmgr.dll
[-] 2003-06-19 11:05 . CFED2D28F5B8A24127E9E06043070643 . 89360 . . [ERROR: 0x0] . . c:\winnt\ServicePackFiles\i386\services.exe
[-] 2003-06-19 11:05 . CFED2D28F5B8A24127E9E06043070643 . 89360 . . [ERROR: 0x0] . . c:\winnt\system32\SERVICES.EXE
[-] 1999-12-07 12:00 . 63709F4C5BD9B401849C929D6EEFBB3D . 88848 . . [ERROR: 0x0] . . c:\winnt\$NtServicePackUninstall$\services.exe
[-] 2004-08-24 22:59 . 5922E8055EB439A58EF29530D8567A40 . 182544 . . [ERROR: 0x0] . . c:\winnt\SoftwareDistribution\Download\b81bcfe06a4 77e932fd34cf2bbb8a889\winlogon.exe
[-] 2003-06-19 11:05 . 3980C28D116D438BBB36FB38526FDE1A . 181008 . . [ERROR: 0x0] . . c:\winnt\ServicePackFiles\i386\winlogon.exe
[-] 2003-06-19 11:05 . 3980C28D116D438BBB36FB38526FDE1A . 181008 . . [ERROR: 0x0] . . c:\winnt\system32\WINLOGON.EXE
[-] 1999-12-07 12:00 . 85C0D6BD769AAB1B007B21CCA9A346C8 . 177424 . . [ERROR: 0x0] . . c:\winnt\$NtServicePackUninstall$\winlogon.exe
[-] 2003-06-19 11:05 . 385F52746FD8558D43999AEED250769A . 76048 . . [ERROR: 0x0] . . c:\winnt\ServicePackFiles\i386\cryptsvc.dll
[-] 2003-06-19 11:05 . 385F52746FD8558D43999AEED250769A . 76048 . . [ERROR: 0x0] . . c:\winnt\system32\cryptsvc.dll
[-] 1999-12-07 12:00 . 8F9F74E12804FCD1AE05C1B4CE09FDC8 . 63248 . . [ERROR: 0x0] . . c:\winnt\$NtServicePackUninstall$\cryptsvc.dll
[-] 2003-06-19 11:05 . 873794CE17DD72420D9C4072D4D112E5 . 96528 . . [ERROR: 0x0] . . c:\winnt\ServicePackFiles\i386\imm32.dll
[-] 2003-06-19 11:05 . 873794CE17DD72420D9C4072D4D112E5 . 96528 . . [ERROR: 0x0] . . c:\winnt\system32\imm32.dll
[-] 1999-12-07 12:00 . AE555A18419F65B94B2362DC0FFE91E3 . 96016 . . [ERROR: 0x0] . . c:\winnt\$NtServicePackUninstall$\imm32.dll
[-] 2003-06-19 11:05 . EF290209052ED43DDFDB8F0E74EC79EF . 20240 . . [ERROR: 0x0] . . c:\winnt\ServicePackFiles\i386\lpk.dll
[-] 2003-06-19 11:05 . EF290209052ED43DDFDB8F0E74EC79EF . 20240 . . [ERROR: 0x0] . . c:\winnt\system32\lpk.dll
[-] 1999-12-07 12:00 . 3B36C6F4573696B408AF5E28A00C54C1 . 20240 . . [ERROR: 0x0] . . c:\winnt\$NtServicePackUninstall$\lpk.dll
[-] 2003-06-19 11:05 . BA7BE6F92680B28B9031170659FD222D . 286773 . . [ERROR: 0x0] . . c:\winnt\ServicePackFiles\i386\msvcrt.dll
[-] 2003-06-19 11:05 . BA7BE6F92680B28B9031170659FD222D . 286773 . . [ERROR: 0x0] . . c:\winnt\system32\msvcrt.dll
[-] 1999-12-07 12:00 . 055B02D711CDEDB8C5997274C4E99CB8 . 295000 . . [ERROR: 0x0] . . c:\winnt\$NtServicePackUninstall$\msvcrt.dll
[-] 2003-06-19 11:05 . 0A35F356726069B95F4BB2A99203FDD4 . 13584 . . [ERROR: 0x0] . . c:\winnt\ServicePackFiles\i386\powrprof.dll
[-] 2003-06-19 11:05 . 0A35F356726069B95F4BB2A99203FDD4 . 13584 . . [ERROR: 0x0] . . c:\winnt\system32\powrprof.dll
[-] 1999-12-07 12:00 . F768D588307C35721FC6FD54BB87CD85 . 13584 . . [ERROR: 0x0] . . c:\winnt\$NtServicePackUninstall$\powrprof.dll
[-] 2003-06-19 11:05 . FF11B32A906D75CD96957B66E318DAD0 . 114448 . . [ERROR: 0x0] . . c:\winnt\ServicePackFiles\i386\scecli.dll
[-] 2003-06-19 11:05 . FF11B32A906D75CD96957B66E318DAD0 . 114448 . . [ERROR: 0x0] . . c:\winnt\system32\scecli.dll
[-] 1999-12-07 12:00 . 5D4EFA4B12CBF2F00A06F0C9A720BDAF . 107792 . . [ERROR: 0x0] . . c:\winnt\$NtServicePackUninstall$\scecli.dll
[-] 1999-12-07 12:00 . 9E64AD53CFD9DA2D22E8A924F8C6E62C . 7952 . . [ERROR: 0x0] . . c:\winnt\system32\svchost.exe
[-] 1999-12-07 12:00 . 9E64AD53CFD9DA2D22E8A924F8C6E62C . 7952 . . [ERROR: 0x0] . . c:\winnt\system32\dllcache\svchost.exe
[-] 2003-06-19 11:05 . BF179C5B8A722CC79AEF1CA90D6C7D48 . 17680 . . [ERROR: 0x0] . . c:\winnt\ServicePackFiles\i386\userinit.exe
[-] 2003-06-19 11:05 . BF179C5B8A722CC79AEF1CA90D6C7D48 . 17680 . . [ERROR: 0x0] . . c:\winnt\system32\USERINIT.EXE
[-] 1999-12-07 12:00 . A4E505D537A0476DAAF61EB90CAE457C . 17168 . . [ERROR: 0x0] . . c:\winnt\$NtServicePackUninstall$\userinit.exe
[-] 2003-06-19 11:05 . 0190C62DE42396D78DB9BE771CF2403E . 69904 . . [ERROR: 0x0] . . c:\winnt\ServicePackFiles\i386\ws2_32.dll
[-] 2003-06-19 11:05 . 0190C62DE42396D78DB9BE771CF2403E . 69904 . . [ERROR: 0x0] . . c:\winnt\system32\ws2_32.dll
[-] 1999-12-07 12:00 . E8162BF0C57D0CC137E2F3549D0485A7 . 71440 . . [ERROR: 0x0] . . c:\winnt\$NtServicePackUninstall$\ws2_32.dll
[-] 1999-12-07 12:00 . 28336B1300EC048124197091354251B6 . 18192 . . [ERROR: 0x0] . . c:\winnt\system32\ws2help.dll
[-] 1999-12-07 12:00 . 28336B1300EC048124197091354251B6 . 18192 . . [ERROR: 0x0] . . c:\winnt\system32\dllcache\ws2help.dll
[-] 2003-06-19 11:05 . 59CF2B7DCED9111F48F51B4B570E672D . 243472 . . [ERROR: 0x0] . . c:\winnt\explorer.exe
[-] 2003-06-19 11:05 . 59CF2B7DCED9111F48F51B4B570E672D . 243472 . . [ERROR: 0x0] . . c:\winnt\ServicePackFiles\i386\explorer.exe
[-] 1999-12-07 12:00 . 7251759785C60ED0E3D3F8379C89A079 . 238352 . . [ERROR: 0x0] . . c:\winnt\$NtServicePackUninstall$\explorer.exe
[-] 2003-06-19 11:05 . 5738D5804F61A1D30D86FA24DEE56E0C . 47888 . . [ERROR: 0x0] . . c:\winnt\ServicePackFiles\i386\eventlog.dll
[-] 2003-06-19 11:05 . 5738D5804F61A1D30D86FA24DEE56E0C . 47888 . . [ERROR: 0x0] . . c:\winnt\system32\EVENTLOG.DLL
[-] 1999-12-07 12:00 . E3B0DABC518C3744DF00B12899D60805 . 44816 . . [ERROR: 0x0] . . c:\winnt\$NtServicePackUninstall$\eventlog.dll
[-] 2003-06-19 11:05 . A871E77694E9146B3C655A734B1ECF46 . 971024 . . [ERROR: 0x0] . . c:\winnt\ServicePackFiles\i386\sfcfiles.dll
[-] 2003-06-19 11:05 . A871E77694E9146B3C655A734B1ECF46 . 971024 . . [ERROR: 0x0] . . c:\winnt\system32\sfcfiles.dll
[-] 1999-12-07 12:00 . C10A8903B7D5CBB59E2416C4CBD4D334 . 996624 . . [ERROR: 0x0] . . c:\winnt\$NtServicePackUninstall$\sfcfiles.dll
[-] 2003-06-19 11:05 . 9C2A16951FD6A21AEF1C29F213A564B2 . 120592 . . [ERROR: 0x0] . . c:\winnt\ServicePackFiles\i386\appmgmts.dll
[-] 2003-06-19 11:05 . 9C2A16951FD6A21AEF1C29F213A564B2 . 120592 . . [ERROR: 0x0] . . c:\winnt\system32\appmgmts.dll
[-] 1999-12-07 12:00 . C23832AE8FB509D763120BA5C45DE657 . 120592 . . [ERROR: 0x0] . . c:\winnt\$NtServicePackUninstall$\appmgmts.dll
[-] 2003-06-19 11:05 . C470CF2972A6DF2214764DA2FE8B768F . 35600 . . [ERROR: 0x0] . . c:\winnt\ServicePackFiles\i386\msgsvc.dll
[-] 2003-06-19 11:05 . C470CF2972A6DF2214764DA2FE8B768F . 35600 . . [ERROR: 0x0] . . c:\winnt\system32\MSGSVC.DLL
[-] 1999-12-07 12:00 . 702EAA689645EFFCF2D77099801736B3 . 34576 . . [ERROR: 0x0] . . c:\winnt\$NtServicePackUninstall$\msgsvc.dll
[-] 2002-11-26 17:03 . 36678803A8030EE9A771935CFC1848BD . 52224 . . [ERROR: 0x0] . . c:\winnt\system32\mspmsnsv.dll
[-] 2003-06-19 11:05 . 56D893A01269008C28FBF2D025B2FA78 . 401168 . . [ERROR: 0x0] . . c:\winnt\ServicePackFiles\i386\ntmssvc.dll
[-] 2003-06-19 11:05 . 56D893A01269008C28FBF2D025B2FA78 . 401168 . . [ERROR: 0x0] . . c:\winnt\system32\ntmssvc.dll
[-] 1999-12-07 12:00 . A4274902A9E3C0D7A1B156D26F6F5A9E . 400144 . . [ERROR: 0x0] . . c:\winnt\$NtServicePackUninstall$\ntmssvc.dll
[-] 2004-07-09 03:27 . 033A45AB696EEF481707C2808C806E1A . 381952 . . [ERROR: 0x0] . . c:\winnt\RegisteredPackages\{44BBA855-CC51-11CF-AAFA-00AA00B6015C}\dsound.dll
[-] 2004-07-09 03:27 . 033A45AB696EEF481707C2808C806E1A . 381952 . . [ERROR: 0x0] . . c:\winnt\system32\dsound.dll
[-] 2004-07-09 03:27 . 033A45AB696EEF481707C2808C806E1A . 381952 . . [ERROR: 0x0] . . c:\winnt\system32\dllcache\dsound.dll
[-] 2004-07-09 03:27 . 0E51BD586D186F61A9E4453DB8AEC774 . 1703936 . . [ERROR: 0x0] . . c:\winnt\system32\d3d9.dll
[-] 2004-07-09 03:27 . 90114704C17A581DA1BAE029F20932BE . 292864 . . [ERROR: 0x0] . . c:\winnt\RegisteredPackages\{44BBA855-CC51-11CF-AAFA-00AA00B6015C}\ddraw.dll
[-] 2004-07-09 03:27 . 90114704C17A581DA1BAE029F20932BE . 292864 . . [ERROR: 0x0] . . c:\winnt\system32\ddraw.dll
[-] 1999-12-07 12:00 . A365E3D3E465ACC45D095A9886854CAB . 266512 . . [ERROR: 0x0] . . c:\winnt\system32\dllcache\ddraw.dll
[-] 2003-06-19 11:05 . 6A8E009F98DD75553066C17B43AFB0A5 . 164112 . . [ERROR: 0x0] . . c:\winnt\ServicePackFiles\i386\olepro32.dll
[-] 2003-06-19 11:05 . 6A8E009F98DD75553066C17B43AFB0A5 . 164112 . . [ERROR: 0x0] . . c:\winnt\system32\OLEPRO32.DLL
[-] 1999-12-07 12:00 . A19E02FA0A7769D6CC0148AA44F1E189 . 164112 . . [ERROR: 0x0] . . c:\winnt\$NtServicePackUninstall$\olepro32.dll
[-] 2003-06-19 11:05 . B5AA069B3DFD6F4F28E09EA1B83BF782 . 42256 . . [ERROR: 0x0] . . c:\winnt\ServicePackFiles\i386\perfctrs.dll
[-] 2003-06-19 11:05 . B5AA069B3DFD6F4F28E09EA1B83BF782 . 42256 . . [ERROR: 0x0] . . c:\winnt\system32\PERFCTRS.DLL
[-] 1999-12-07 12:00 . F8D8D14275E346CC6B685A12D41A1F71 . 41744 . . [ERROR: 0x0] . . c:\winnt\$NtServicePackUninstall$\perfctrs.dll
[-] 2002-08-29 06:14 . EB9EAF627F705525D01DE5FA07EA1818 . 91136 . . [ERROR: 0x0] . . c:\winnt\system32\dllcache\iexplore.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"Synchronization Manager"="mobsync.exe" [2003-06-19 111376]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2005-05-11 49152]
"LVCOMSX"="c:\winnt\system32\LVCOMSX.EXE" [2005-07-19 221184]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2009-12-17 149224]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-06-28 2837864]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Run]
"internat.exe"="internat.exe" [1999-12-07 20752]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\RunOnce]
"^SetupICWDesktop"="c:\program files\Internet Explorer\Connection Wizard\icwconn1.exe" [2003-06-19 186640]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2005-5-12 282624]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="c:\winnt\explorer.exe,"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\nwprovau]
2006-09-01 05:49 140048 ----a-w- c:\winnt\system32\NWPROVAU.DLL
[HKEY_LOCAL_MACHINE\system\currentcontrolset\contro l\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 nwprovau
R3 NtApm;NT Apm/Legacy Interface Driver;c:\winnt\system32\DRIVERS\NtApm.sys [1999-09-25 9104]
S0 SONYPVM1;Sony Memory Stick Driver(SONYPVM1);c:\winnt\system32\DRIVERS\SONYPVM 1.SYS [2000-05-27 28224]
S1 aswSP;aswSP; [x]
S2 aswMon;aswMon; [x]
S3 openhci;Microsoft USB Open Host Controller Driver;c:\winnt\system32\DRIVERS\openhci.sys [2003-06-19 24784]
S3 SiS630;SiS630;c:\winnt\system32\DRIVERS\sis630p.sy s [2002-06-05 160511]
.
.
------- Supplementary Scan -------
.
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: {{c95fe080-8f5d-11d2-a20b-00aa003c157a} - %SystemRoot%\web\related.htm
LSP: %SystemRoot%\system32\msafd.dll
DPF: DirectAnimation Java Classes - file://c:\winnt\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\winnt\Java\classes\xmldso.cab
DPF: {89869334-AA13-489A-9A07-2BA062714A29} - hxxp://img.lnm.eu/youlog/client/MessengerInstaller.cab
DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://game04.zylom.com/activex/zylomgamesplayer.cab
.
- - - - ORPHANS REMOVED - - - -
HKLM-Run-Logitech Hardware Abstraction Layer - KHALMNPR.EXE
************************************************** ************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-09-06 11:33
Windows 5.0.2195 Service Pack 4 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
************************************************** ************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63 A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINNT\\system32\\Macromed\\Flash\\FlashUtil10 i_ActiveX.exe,-101"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63 A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63 A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINNT\\system32\\Macromed\\Flash\\FlashUtil10i _ActiveX.exe"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63 A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F 2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F 2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F 2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(168)
c:\winnt\system32\MSASN1.DLL
c:\winnt\system32\wzcdlg.dll
c:\winnt\system32\WZCSAPI.DLL
- - - - - - - > 'lsass.exe'(232)
c:\winnt\system32\CRYPT32.dll
.
Completion time: 2010-09-06 11:39:56
ComboFix-quarantined-files.txt 2010-09-06 09:39
Pre-Run: 33.833.185.280 bytes free
Post-Run: 34.130.759.680 bytes free
- - End Of File - - 84B47731D8FE7A9C38CA441B12752BD0
salmax 6 September 2010, 11:50 dit is het logje ik vond als bedreigingen de datum is niet juist omdat ik die net juist heb gezet
log dateerd van 17/08/2010 toen ik pc voor eerste keer zag
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org (http://www.malwarebytes.org)
Databaseversie: 4439
Windows 5.0.2195 Service Pack 4
Internet Explorer 6.0.2800.1106
28/06/2002 3:24:42
mbam-log-2002-06-28 (03-24-42).txt
Scantype: Snelle scan
Objecten gescand: 117274
Verstreken tijd: 28 minuut/minuten, 52 seconde(n)
Geheugenprocessen geïnfecteerd: 1
Geheugenmodulen geïnfecteerd: 0
Registersleutels geïnfecteerd: 8
Registerwaarden geïnfecteerd: 4
Registerdata geïnfecteerd: 0
Mappen geïnfecteerd: 0
Bestanden geïnfecteerd: 136
Geheugenprocessen geïnfecteerd:
C:\WINNT\infocard.exe (Worm.Messenger) -> Unloaded process successfully.
Geheugenmodulen geïnfecteerd:
(Geen kwaadaardige objecten gedetecteerd)
Registersleutels geïnfecteerd:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\ModuleUsage\C:/WINNT/Downloaded Program Files/popcaploader.dll (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{c9c5deaf-0a1f-4660-8279-9edfad6fefe1} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{e4e3e0f8-cd30-4380-8ce9-b96904bdefca} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{fe8a736f-4124-4d9c-b4b1-3b12381efabe} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{df780f87-ff2b-4df8-92d0-73db16a1543a} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{df780f87-ff2b-4df8-92d0-73db16a1543a} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\popcaploader.popcaploaderctrl2 (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\popcaploader.popcaploaderctrl2.1 (Adware.PopCap) -> Quarantined and deleted successfully.
Registerwaarden geïnfecteerd:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run\firewall administrating (Worm.Messenger) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run\firewall administrating (Worm.Messenger) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\SharedDLLs\C:\WINNT\Downloaded Program Files\popcaploader.dll (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Terminal Server\Install\Software\Microsoft\Windows\CurrentV ersion\Run\firewall administrating (Backdoor.IRCBot) -> Quarantined and deleted successfully.
Registerdata geïnfecteerd:
(Geen kwaadaardige objecten gedetecteerd)
Mappen geïnfecteerd:
(Geen kwaadaardige objecten gedetecteerd)
Bestanden geïnfecteerd:
C:\WINNT\infocard.exe (Worm.Messenger) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\My Documents\downloads\IM88532.JPG-www.facebook.com.exe (Backdoor.Bot.Gen) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\My Documents\downloads\IMG61411_38.JPG-www.myspace.com(2).exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\menu.exe (Worm.Bot.Gen) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Local Settings\Temp\ZAN237.exe (Adware.Seekmo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Local Settings\Temp\ZAN244.exe (Adware.Seekmo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Local Settings\Temp\ZAN250.exe (Adware.Seekmo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Local Settings\Temp\ZAN2B8.exe (Adware.Seekmo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Local Settings\Temp\ZAN2BA.exe (Adware.Seekmo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Local Settings\Temp\ZAN2BE.exe (Adware.Seekmo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Local Settings\Temp\ZAN2C3.exe (Adware.Seekmo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Local Settings\Temp\ZAN2C5.exe (Adware.Seekmo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Local Settings\Temp\IXP001.TMP\hdfs.exe (Worm.Messenger) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Local Settings\Temp\nsc230.tmp\Install.dll (Adware.Seekmo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Local Settings\Temp\nsc26B.tmp\Install.dll (Adware.Seekmo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Local Settings\Temp\nsc29D.tmp\Install.dll (Adware.Seekmo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Local Settings\Temp\nsc2C1.tmp\Install.dll (Adware.Seekmo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Local Settings\Temp\nsc2C1.tmp\Resource.dll (Adware.Seekmo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Local Settings\Temp\nsd30B.tmp\Install.dll (Adware.Seekmo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Local Settings\Temp\nse260.tmp\Install.dll (Adware.Seekmo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Local Settings\Temp\nse8B.tmp\Install.dll (Adware.Seekmo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Local Settings\Temp\nseB8.tmp\Install.dll (Adware.Seekmo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Local Settings\Temp\nseBC.tmp\Install.dll (Adware.Seekmo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Local Settings\Temp\nseC2.tmp\Install.dll (Adware.Seekmo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Local Settings\Temp\nseD3.tmp\Install.dll (Adware.Seekmo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Local Settings\Temp\nseD6.tmp\Install.dll (Adware.Seekmo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Local Settings\Temp\nseDA.tmp\Install.dll (Adware.Seekmo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Local Settings\Temp\nsf234.tmp\Install.dll (Adware.Seekmo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Local Settings\Temp\nsf240.tmp\Install.dll (Adware.Seekmo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Local Settings\Temp\nsfCB.tmp\Install.dll (Adware.Seekmo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Local Settings\Temp\nsfFC.tmp\Install.dll (Adware.Seekmo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Local Settings\Temp\nsg248.tmp\Install.dll (Adware.Seekmo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Local Settings\Temp\nsg248.tmp\Resource.dll (Adware.Seekmo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Local Settings\Temp\nsg274.tmp\Install.dll (Adware.Seekmo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Local Settings\Temp\nsg2C8.tmp\Install.dll (Adware.Seekmo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Local Settings\Temp\nsg2C8.tmp\Resource.dll (Adware.Seekmo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Local Settings\Temp\nsg304.tmp\Install.dll (Adware.Seekmo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Local Settings\Temp\nsgBF.tmp\Install.dll (Adware.Seekmo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Local Settings\Temp\nsgC1.tmp\Install.dll (Adware.Seekmo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Local Settings\Temp\nsgE0.tmp\Install.dll (Adware.Seekmo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Local Settings\Temp\nsgE5.tmp\Install.dll (Adware.Seekmo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Local Settings\Temp\nsh108.tmp\Install.dll (Adware.Seekmo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Local Settings\Temp\nsh150.tmp\Install.dll (Adware.Seekmo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Local Settings\Temp\nsh1F0.tmp\Install.dll (Adware.Seekmo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Local Settings\Temp\nsh2E0.tmp\Install.dll (Adware.Seekmo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Local Settings\Temp\nsh35C.tmp\Install.dll (Adware.Seekmo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Local Settings\Temp\nshD9.tmp\Install.dll (Adware.Seekmo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Local Settings\Temp\nshE3.tmp\Install.dll (Adware.Seekmo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Local Settings\Temp\nsi253.tmp\Install.dll (Adware.Seekmo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Local Settings\Temp\nsi253.tmp\Resource.dll (Adware.Seekmo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Local Settings\Temp\nsi2A4.tmp\Install.dll (Adware.Seekmo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Local Settings\Temp\nsi2FB.tmp\Install.dll (Adware.Seekmo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Local Settings\Temp\nsi331.tmp\Install.dll (Adware.Seekmo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Local Settings\Temp\nsiB3.tmp\Install.dll (Adware.Seekmo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Local Settings\Temp\nsiD8.tmp\Install.dll (Adware.Seekmo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Local Settings\Temp\nsiE0.tmp\Install.dll (Adware.Seekmo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Local Settings\Temp\nsj168.tmp\Install.dll (Adware.Seekmo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Local Settings\Temp\nsj169.tmp\Install.dll (Adware.Seekmo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Local Settings\Temp\nsj1BE.tmp\Install.dll (Adware.Seekmo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Local Settings\Temp\nsj245.tmp\Install.dll (Adware.Seekmo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Local Settings\Temp\nsj249.tmp\Install.dll (Adware.Seekmo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Local Settings\Temp\nsj25C.tmp\Install.dll (Adware.Seekmo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Local Settings\Temp\nsj8D.tmp\Install.dll (Adware.Seekmo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Local Settings\Temp\nsjC7.tmp\Install.dll (Adware.Seekmo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Local Settings\Temp\nsjCD.tmp\Install.dll (Adware.Seekmo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Local Settings\Temp\nsjE5.tmp\Install.dll (Adware.Seekmo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Local Settings\Temp\nsjFD.tmp\Install.dll (Adware.Seekmo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Local Settings\Temp\nsk143.tmp\Install.dll (Adware.Seekmo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Local Settings\Temp\nsk211.tmp\Install.dll (Adware.Seekmo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Local Settings\Temp\nskA0.tmp\Install.dll (Adware.Seekmo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Local Settings\Temp\nskDF.tmp\Install.dll (Adware.Seekmo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Local Settings\Temp\nsl102.tmp\Install.dll (Adware.Seekmo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Local Settings\Temp\nsl109.tmp\Install.dll (Adware.Seekmo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Local Settings\Temp\nsl312.tmp\Install.dll (Adware.Seekmo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Local Settings\Temp\nslD4.tmp\Install.dll (Adware.Seekmo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Local Settings\Temp\nslF4.tmp\Install.dll (Adware.Seekmo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Local Settings\Temp\nslF9.tmp\Install.dll (Adware.Seekmo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Local Settings\Temp\nsm2C6.tmp\Install.dll (Adware.Seekmo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Local Settings\Temp\nsm2C6.tmp\Resource.dll (Adware.Seekmo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Local Settings\Temp\nsmAC.tmp\Install.dll (Adware.Seekmo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Local Settings\Temp\nsmBA.tmp\Install.dll (Adware.Seekmo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Local Settings\Temp\nsmF0.tmp\Install.dll (Adware.Seekmo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Local Settings\Temp\nsmFE.tmp\Install.dll (Adware.Seekmo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Local Settings\Temp\nsn23A.tmp\Install.dll (Adware.Seekmo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Local Settings\Temp\nsn23A.tmp\Resource.dll (Adware.Seekmo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Local Settings\Temp\nsn9D.tmp\Install.dll (Adware.Seekmo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Local Settings\Temp\nso14F.tmp\Install.dll (Adware.Seekmo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Local Settings\Temp\nso173.tmp\Install.dll (Adware.Seekmo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Local Settings\Temp\nso270.tmp\Install.dll (Adware.Seekmo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Local Settings\Temp\nso8E.tmp\Install.dll (Adware.Seekmo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Local Settings\Temp\nsoAB.tmp\Install.dll (Adware.Seekmo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Local Settings\Temp\nsoAD.tmp\Install.dll (Adware.Seekmo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Local Settings\Temp\nsoC8.tmp\Install.dll (Adware.Seekmo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Local Settings\Temp\nsoF9.tmp\Install.dll (Adware.Seekmo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Local Settings\Temp\nsp1AE.tmp\Install.dll (Adware.Seekmo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Local Settings\Temp\nsp271.tmp\Install.dll (Adware.Seekmo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Local Settings\Temp\nsp2A4.tmp\Install.dll (Adware.Seekmo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Local Settings\Temp\nsp2F2.tmp\Install.dll (Adware.Seekmo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Local Settings\Temp\nsp372.tmp\Install.dll (Adware.Seekmo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Local Settings\Temp\nsq10A.tmp\Install.dll (Adware.Seekmo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Local Settings\Temp\nsq15B.tmp\Install.dll (Adware.Seekmo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Local Settings\Temp\nsq2BB.tmp\Install.dll (Adware.Seekmo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Local Settings\Temp\nsq2BB.tmp\Resource.dll (Adware.Seekmo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Local Settings\Temp\nsqBE.tmp\Install.dll (Adware.Seekmo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Local Settings\Temp\nsqF6.tmp\Install.dll (Adware.Seekmo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Local Settings\Temp\nsrAC.tmp\Install.dll (Adware.Seekmo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Local Settings\Temp\nsrD7.tmp\Install.dll (Adware.Seekmo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Local Settings\Temp\nss3B.tmp\Install.dll (Adware.Seekmo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Local Settings\Temp\nssAE.tmp\Install.dll (Adware.Seekmo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Local Settings\Temp\nst28A.tmp\Install.dll (Adware.Seekmo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Local Settings\Temp\nst342.tmp\Install.dll (Adware.Seekmo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Local Settings\Temp\nstAD.tmp\Install.dll (Adware.Seekmo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Local Settings\Temp\nsu14F.tmp\Install.dll (Adware.Seekmo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Local Settings\Temp\nsuAC.tmp\Install.dll (Adware.Seekmo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Local Settings\Temp\nsv27D.tmp\Install.dll (Adware.Seekmo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Local Settings\Temp\nsvAD.tmp\Install.dll (Adware.Seekmo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Local Settings\Temp\nsvC4.tmp\Install.dll (Adware.Seekmo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Local Settings\Temp\nsvCB.tmp\Install.dll (Adware.Seekmo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Local Settings\Temp\nsw251.tmp\Install.dll (Adware.Seekmo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Local Settings\Temp\nsw95.tmp\Install.dll (Adware.Seekmo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Local Settings\Temp\nswB6.tmp\Install.dll (Adware.Seekmo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Local Settings\Temp\nswE8.tmp\Install.dll (Adware.Seekmo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Local Settings\Temp\nsx12A.tmp\Install.dll (Adware.Seekmo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Local Settings\Temp\nsx2AF.tmp\Install.dll (Adware.Seekmo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Local Settings\Temp\nsx86.tmp\Install.dll (Adware.Seekmo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Local Settings\Temp\nsx97.tmp\Install.dll (Adware.Seekmo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Local Settings\Temp\nsxC0.tmp\Install.dll (Adware.Seekmo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Local Settings\Temp\nsxD0.tmp\Install.dll (Adware.Seekmo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Local Settings\Temp\nsy1C2.tmp\Install.dll (Adware.Seekmo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Local Settings\Temp\nsy30A.tmp\Install.dll (Adware.Seekmo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Local Settings\Temp\nsz103.tmp\Install.dll (Adware.Seekmo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Local Settings\Temp\nsz259.tmp\Install.dll (Adware.Seekmo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Local Settings\Temp\nsz2BE.tmp\Install.dll (Adware.Seekmo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Local Settings\Temp\nsz2BE.tmp\Resource.dll (Adware.Seekmo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Local Settings\Temp\nszB4.tmp\Install.dll (Adware.Seekmo) -> Quarantined and deleted successfully.
C:\WINNT\Downloaded Program Files\popcaploader.dll (Adware.PopCap) -> Quarantined and deleted successfully.
salmax 6 September 2010, 12:00 voor de bedreigingen die avast vond zal ik moeten overschrijven denk want kon de log niet copy/paste of zie ik iets over het hoofd
het zou kunnen dit plaats na 17h probeer alvast vroeger
ik ga nu eten en andere dingen regelen
salmax 6 September 2010, 17:34 Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:31:07, on 28/09/2010
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\hidserv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINNT\system32\HPZipm12.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\explorer.exe
C:\WINNT\system32\wuauclt.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINNT\system32\LVCOMSX.EXE
C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINNT\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINNT\system32\taskmgr.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
F2 - REG:system.ini: UserInit=C:\WINNT\explorer.exe,
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINNT\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [avast5] C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui
O4 - HKCU\..\Run: [ctfmon.exe] ctfmon.exe
O4 - HKUS\.DEFAULT\..\Run: [internat.exe] internat.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O10 - Unknown file in Winsock LSP: c:\winnt\system32\nwprovau.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by110fd.bay110.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1263931323971
O16 - DPF: {89869334-AA13-489A-9A07-2BA062714A29} (Installer Class) - http://img.lnm.eu/youlog/client/MessengerInstaller.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game04.zylom.com/activex/zylomgamesplayer.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINNT\system32\HPZipm12.exe
--
End of file - 5435 bytes
salmax 6 September 2010, 18:23 Bestandsnaam :
C:\ Documents and Settings\Administrator\My Documents\downloads\IM88532.JPG-www.facebook.com(2).exe
naugezetheid : hoog status bedreiging : Win32:Trojan-gen actie verwijderen resultaat actie geslaagd
Bestandsnaam :
C:\ Documents and Settings\Administrator\My Documents\downloads\IM88532.JPG-www.facebook.com(3).exe
naugezetheid : hoog status bedreiging : Win32:Trojan-gen actie verwijderen resultaat actie geslaagd
Bestandsnaam :
C:\ Documents and Settings\Administrator\My Documents\downloads\IM88532.JPG-www.facebook.com(4).exe
naugezetheid : hoog status bedreiging : Win32:Trojan-gen actie verwijderen resultaat actie geslaagd
Bestandsnaam :
C:\ Documents and Settings\Administrator\My Documents\downloads\IM88532.JPG-www.facebook.com(5).exe
naugezetheid : hoog status bedreiging : Win32:Malware-gen actie verwijderen resultaat actie geslaagd
Bestandsnaam :
C:\ Documents and Settings\Administrator\My Documents\downloads\IMG61411_38.JPG-www.myspace.com(3).exel>hdfs.exe
naugezetheid : hoog status bedreiging : Win32:AutoRun-BFS(trj) actie verwijderen resultaat actie geslaagd
Bestandsnaam :
C:\ Documents and Settings\Administrator\My Documents\downloads\IMG61411_38.JPG-www.myspace.com.exe l>hdfs.exe
naugezetheid : hoog status bedreiging : Win32:AutoRun-BFS(trj) actie verwijderen resultaat actie geslaagd
Bestandsnaam :
C:\WINNT\Downloaded Program Files\HblnstIE.dll
naugezetheid : hoog status bedreiging : Win32:Spyware-gen(Spy) actie verwijderen resultaat actie geslaagd
Woudje100 8 September 2010, 17:13 Hallo,
Download SystemLook.exe (http://images.malwareremoval.com/jpshortstuff/SystemLook.exe) naar je Bureaublad.
Dubbelklik SystemLook.exe om het programma te starten.
In het venster dat opent kopieer je onderstaande code:
:filefind
userinit.exeKlik op de knop "Look" om de scan te activeren.
Als de scan klaar is (kan even duren) opent een tekstbestand (SystemLook.txt).
Post de inhoud van dit bestand.
Open Kladblok, kopiëer en plak het volgende (vetgedrukte, blauwe tekst) in een leeg venster:
Driver::aswSPaswMonSRPEEK::
c:\winnt\system32\userinit.exeSla dit op op je Bureaublad als CFScript.txt
Sleep CFScript.txt in ComboFix.exe zoals getoond in onderstaand voorbeeld :
http://img517.imageshack.us/img517/8662/cfscript10uc2.gif
Dit zal ComboFix doen herstarten.
Start opnieuw op als daarom gevraagd wordt,
en post de inhoud van de Combofix.txt in je volgende antwoord samen met een nieuw HijackThislogje.
Woudje100
salmax 8 September 2010, 18:02 nr 2 in kladblok kan ik die letters niet in blauw zetten
is zo kopieren ook goed.
salmax 8 September 2010, 18:34 krijg fout bij SystemLook.exe
krijg het op bureaublad
wil dan op het bestand SystemLock rechtsklik openen om dat dubbelklik niet opent
en krijg dan venster met SystemLook.exe-Entry point Not found vak
waarin staat rode cirkel met wit x the procedure entry point IsWow64Process could not be located in the dynamic link library KERNEL32.dll
kan alleen ok drukken maar dat haalt weinig uit blijkbaar
zal de rest al afwerken
salmax 8 September 2010, 19:26 kreeg bij combofix scan
ook een melding registry editor kader met ingeschreven
Cannot import Creg.dat:Error accessing the registry klikte op oke
ComboFix 10-09-07.03 - Administrator 28/06/2002 0:38.2.1 - x86
Microsoft Windows 2000 Professional 5.0.2195.4.1252.1.1033.18.239.14 [GMT 1:00]
Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Administrator\Desktop\CFScript.txt
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\winnt\system\WINSPOOL.DRV
c:\winnt\system32\spool\prtprocs\w32x86\BRMFPP1.dl l
c:\winnt\regedit.exe . . . is infected!!
c:\winnt\system32\userinit.exe . . . is infected!!
c:\winnt\system32\msgsvc.dll . . . is infected!!
c:\winnt\explorer.exe . . . is infected!!
c:\winnt\winhlp32.exe . . . is infected!!
c:\winnt\winrep.exe . . . is infected!!
c:\winnt\system32\accwiz.exe . . . is infected!!
c:\winnt\system32\at.exe . . . is infected!!
c:\winnt\system32\AUTOCHK.EXE . . . is infected!!
c:\winnt\system32\AUTOCONV.EXE . . . is infected!!
c:\winnt\system32\autofmt.exe . . . is infected!!
c:\winnt\system32\autolfn.exe . . . is infected!!
c:\winnt\system32\CACLS.EXE . . . is infected!!
c:\winnt\system32\CHKDSK.EXE . . . is infected!!
c:\winnt\system32\CHKNTFS.EXE . . . is infected!!
c:\winnt\system32\cipher.exe . . . is infected!!
c:\winnt\system32\CLUSTER.EXE . . . is infected!!
c:\winnt\system32\CMD.EXE . . . is infected!!
c:\winnt\system32\cmstp.exe . . . is infected!!
c:\winnt\system32\conime.exe . . . is infected!!
c:\winnt\system32\control.exe . . . is infected!!
c:\winnt\system32\CONVERT.EXE . . . is infected!!
c:\winnt\system32\CSRSS.EXE . . . is infected!!
c:\winnt\system32\DCOMCNFG.EXE . . . is infected!!
c:\winnt\system32\dfrgfat.exe . . . is infected!!
c:\winnt\system32\dfrgntfs.exe . . . is infected!!
c:\winnt\system32\diskperf.exe . . . is infected!!
c:\winnt\system32\DLLHOST.EXE . . . is infected!!
c:\winnt\system32\dllhst3g.exe . . . is infected!!
c:\winnt\system32\dmadmin.exe . . . is infected!!
c:\winnt\system32\dmremote.exe . . . is infected!!
c:\winnt\system32\dplaysvr.exe . . . is infected!!
c:\winnt\system32\DRWTSN32.EXE . . . is infected!!
c:\winnt\system32\dxdiag.exe . . . is infected!!
c:\winnt\system32\eudcedit.exe . . . is infected!!
c:\winnt\system32\evntwin.exe . . . is infected!!
c:\winnt\system32\FAXSVC.EXE . . . is infected!!
c:\winnt\system32\find.exe . . . is infected!!
c:\winnt\system32\findstr.exe . . . is infected!!
c:\winnt\system32\FTP.EXE . . . is infected!!
c:\winnt\system32\hidserv.exe . . . is infected!!
c:\winnt\system32\ie4uinit.exe . . . is infected!!
c:\winnt\system32\LABEL.EXE . . . is infected!!
c:\winnt\system32\LOCATOR.EXE . . . is infected!!
c:\winnt\system32\LODCTR.EXE . . . is infected!!
c:\winnt\system32\LSASS.EXE . . . is infected!!
c:\winnt\system32\magnify.exe . . . is infected!!
c:\winnt\system32\mobsync.exe . . . is infected!!
c:\winnt\system32\mqbkup.exe . . . is infected!!
c:\winnt\system32\mshta.exe . . . is infected!!
c:\winnt\system32\msiexec.exe . . . is infected!!
c:\winnt\system32\MSPAINT.EXE . . . is infected!!
c:\winnt\system32\msswchx.exe . . . is infected!!
c:\winnt\system32\mstask.exe . . . is infected!!
c:\winnt\system32\narrator.exe . . . is infected!!
c:\winnt\system32\NBTSTAT.EXE . . . is infected!!
c:\winnt\system32\NDDEAPIR.EXE . . . is infected!!
c:\winnt\system32\net1.exe . . . is infected!!
c:\winnt\system32\NETDDE.EXE . . . is infected!!
c:\winnt\system32\NETSTAT.EXE . . . is infected!!
c:\winnt\system32\NSLOOKUP.EXE . . . is infected!!
c:\winnt\system32\NTBACKUP.EXE . . . is infected!!
c:\winnt\system32\ntdsutil.exe . . . is infected!!
c:\winnt\system32\NTVDM.EXE . . . is infected!!
c:\winnt\system32\osk.exe . . . is infected!!
c:\winnt\system32\packager.exe . . . is infected!!
c:\winnt\system32\RECOVER.EXE . . . is infected!!
c:\winnt\system32\regedt32.exe . . . is infected!!
c:\winnt\system32\regsvc.exe . . . is infected!!
c:\winnt\system32\REGSVR32.EXE . . . is infected!!
c:\winnt\system32\rsh.exe . . . is infected!!
c:\winnt\system32\rsm.exe . . . is infected!!
c:\winnt\system32\rsnotify.exe . . . is infected!!
c:\winnt\system32\rsvp.exe . . . is infected!!
c:\winnt\system32\runas.exe . . . is infected!!
c:\winnt\system32\SAVEDUMP.EXE . . . is infected!!
c:\winnt\system32\scardsvr.exe . . . is infected!!
c:\winnt\system32\secedit.exe . . . is infected!!
c:\winnt\system32\SERVICES.EXE . . . is infected!!
c:\winnt\system32\shmgrate.exe . . . is infected!!
c:\winnt\system32\skeys.exe . . . is infected!!
c:\winnt\system32\smlogsvc.exe . . . is infected!!
c:\winnt\system32\SMSS.EXE . . . is infected!!
c:\winnt\system32\sndrec32.exe . . . is infected!!
Infected copy of c:\winnt\system32\snmp.exe was found and disinfected
Restored copy from - c:\winnt\SoftwareDistribution\Download\731ddf4e6bd 21e3caa6db42f846a1594\snmp.exe
c:\winnt\system32\snmptrap.exe . . . is infected!!
c:\winnt\system32\stimon.exe . . . is infected!!
c:\winnt\system32\stisvc.exe . . . is infected!!
c:\winnt\system32\subst.exe . . . is infected!!
c:\winnt\system32\TASKMGR.EXE . . . is infected!!
c:\winnt\system32\tftp.exe . . . is infected!!
c:\winnt\system32\tlntsess.exe . . . is infected!!
c:\winnt\system32\tlntsvr.exe . . . is infected!!
c:\winnt\system32\utilman.exe . . . is infected!!
c:\winnt\system32\w32tm.exe . . . is infected!!
c:\winnt\system32\WINLOGON.EXE . . . is infected!!
c:\winnt\system32\winver.exe . . . is infected!!
c:\winnt\system32\wpnpinst.exe . . . is infected!!
c:\winnt\system32\wzcsetup.exe . . . is infected!!
c:\winnt\system32\export\encinst.exe . . . is infected!!
c:\winnt\system32\wbem\wbemtest.exe . . . is infected!!
c:\winnt\system32\wbem\WinMgmt.exe . . . is infected!!
c:\winnt\system32\ASYCFILT.DLL . . . is infected!!
c:\winnt\system32\ddraw.dll . . . is infected!!
c:\winnt\system32\OLEPRO32.DLL . . . is infected!!
c:\winnt\system32\PERFCTRS.DLL . . . is infected!!
.
((((((((((((((((((((((((( Files Created from 2002-05-28 to 2002-06-28 )))))))))))))))))))))))))))))))
.
2010-03-19 19:35 . 2010-03-19 19:35 -------- d-----w- c:\winnt\system32\msmq
2010-03-19 18:43 . 2002-06-28 01:05 -------- d-----w- c:\winnt\winsxs
2010-03-19 18:42 . 2010-03-19 18:42 -------- d-----w- c:\program files\MSECache
2010-03-19 18:37 . 2010-03-19 21:01 -------- d-----w- c:\documents and settings\Administrator\Application Data\GetRightToGo
2010-01-19 20:04 . 2009-08-06 18:23 274288 -c--a-w- c:\winnt\system32\mucltui.dll
2009-09-07 20:12 . 2009-09-07 20:12 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Mozilla
2009-09-05 06:36 . 2009-09-05 06:36 55056 -c----w- c:\winnt\system32\dllcache\msasn1.dll
2009-08-27 13:51 . 2009-08-27 13:51 576512 ----a-w- c:\winnt\system32\WININET.DLL
2009-08-06 18:23 . 2009-08-06 18:23 215904 ----a-w- c:\winnt\system32\muweb.dll
2009-08-05 05:04 . 2009-08-05 05:04 90164 -c----w- c:\winnt\system32\dllcache\atl.dll
2009-08-05 05:04 . 2009-08-05 05:04 90164 ----a-w- c:\winnt\system32\atl.dll
2009-08-04 11:39 . 2009-08-04 11:39 1735808 -c----w- c:\winnt\system32\dllcache\NTKRPAMP.EXE
2009-08-04 11:38 . 2009-08-04 11:38 1714496 -c----w- c:\winnt\system32\dllcache\NTKRNLMP.EXE
2009-07-13 13:13 . 2009-07-13 13:13 78608 -c----w- c:\winnt\system32\dllcache\avifil32.dll
2009-07-13 13:13 . 2009-07-13 13:13 78608 ----a-w- c:\winnt\system32\avifil32.dll
2009-07-11 22:05 . 2009-07-11 22:05 59904 ----a-w- c:\winnt\system32\mfcm90u.dll
2009-07-11 22:05 . 2009-07-11 22:05 59904 ----a-w- c:\winnt\system32\mfcm90.dll
2009-07-11 22:05 . 2009-07-11 22:05 225280 ----a-w- c:\winnt\system32\msvcm90.dll
2009-06-24 18:23 . 2001-05-24 10:59 162304 -c--a-w- C:\UNWISE.EXE
2009-05-07 06:41 . 2009-05-07 06:41 263440 -c----w- c:\winnt\system32\dllcache\localspl.dll
2009-04-22 13:38 . 2009-04-22 13:38 437008 ----a-w- c:\winnt\system32\rpcrt4.dll
2009-03-30 16:35 . 2009-03-30 16:35 -------- d-----w- C:\tell me more kids
2009-03-26 16:30 . 2009-03-26 16:30 -------- d-----w- c:\winnt\system32\Adobe
2009-02-25 13:13 . 2009-02-25 13:13 626688 ----a-w- c:\winnt\system32\msvcr80.dll
2009-02-25 13:13 . 2009-02-25 13:13 548864 ----a-w- c:\winnt\system32\msvcp80.dll
2009-02-25 13:13 . 2009-02-25 13:13 479232 ----a-w- c:\winnt\system32\msvcm80.dll
2009-02-08 16:16 . 2009-04-17 05:04 1645072 -c----w- c:\winnt\system32\dllcache\win32k.sys
2009-02-04 04:20 . 2009-02-04 04:20 47376 -c----w- c:\winnt\system32\dllcache\secur32.dll
2009-02-04 04:20 . 2009-02-04 04:20 47376 ----a-w- c:\winnt\system32\secur32.dll
2009-01-30 19:28 . 2009-05-11 17:54 -------- d-----w- c:\program files\LNM Client
2009-01-05 07:07 . 2009-01-05 07:07 6313472 -c--a-w- c:\winnt\system32\sp3res.dll
2009-01-05 07:07 . 2009-01-05 07:07 6313472 -c--a-w- c:\winnt\system32\dllcache\sp3res.dll
2008-12-31 09:32 . 2008-12-31 09:32 351232 -c--a-w- c:\winnt\system32\dllcache\winhttp.dll
2008-12-31 09:32 . 2008-12-31 09:32 351232 ----a-w- c:\winnt\system32\winhttp.dll
2008-11-18 14:08 . 2008-11-18 14:08 147728 ----a-w- c:\winnt\system32\SCHANNEL.DLL
2008-11-18 11:58 . 2008-11-18 11:58 86016 -c--a-w- c:\documents and settings\All Users\Application Data\Zylom\ZylomGamesPlayer\zylom\weddingdash2\nl-NL\ZylomHost.exe
2008-11-18 11:58 . 2008-11-18 11:58 49152 -c--a-w- c:\documents and settings\All Users\Application Data\Zylom\ZylomGamesPlayer\zylom\weddingdash2\nl-NL\ZylomAdapter.dll
2008-11-18 11:58 . 2008-11-18 11:58 1884160 -c--a-w- c:\documents and settings\All Users\Application Data\Zylom\ZylomGamesPlayer\zylom\weddingdash2\nl-NL\weddingdash2.exe
2008-10-23 05:27 . 2008-10-23 05:27 237840 -c----w- c:\winnt\system32\dllcache\GDI32.DLL
2008-10-23 05:27 . 2008-10-23 05:27 237840 ----a-w- c:\winnt\system32\GDI32.DLL
2008-10-17 17:41 . 2008-10-17 17:41 310032 -c----w- c:\winnt\system32\dllcache\NETAPI32.DLL
2008-09-12 15:44 . 2008-09-12 15:44 86016 -c--a-w- c:\documents and settings\All Users\Application Data\Zylom\ZylomGamesPlayer\zylom\weddingdash\nl-NL\ZylomHost.exe
2008-09-12 15:44 . 2008-09-12 15:44 49152 -c--a-w- c:\documents and settings\All Users\Application Data\Zylom\ZylomGamesPlayer\zylom\weddingdash\nl-NL\ZylomAdapter.dll
2008-09-12 15:44 . 2008-09-12 15:44 1740800 -c--a-w- c:\documents and settings\All Users\Application Data\Zylom\ZylomGamesPlayer\zylom\weddingdash\nl-NL\weddingdash.exe
2008-09-08 08:14 . 2008-09-08 08:14 1121280 -c----w- c:\winnt\system32\dllcache\msxml3.dll
2008-09-08 08:14 . 2008-09-08 08:14 1121280 ----a-w- c:\winnt\system32\msxml3.dll
2008-07-10 10:00 . 2008-07-10 10:00 251152 -c----w- c:\winnt\system32\dllcache\es.dll
2008-07-10 10:00 . 2008-07-10 10:00 251152 ----a-w- c:\winnt\system32\es.dll
2008-06-25 12:33 . 2008-06-25 12:33 728336 ----a-w- c:\winnt\system32\msdtcprx.dll
2008-06-25 12:33 . 2008-06-25 12:33 52496 ----a-w- c:\winnt\system32\mtxclu.dll
2008-06-25 12:33 . 2008-06-25 12:33 1202960 -c--a-w- c:\winnt\system32\msdtctm.dll
2008-06-25 12:33 . 2008-06-25 12:33 1202960 -c--a-w- c:\winnt\system32\dllcache\msdtctm.dll
2008-06-25 09:41 . 2008-06-25 09:41 64784 -c----w- c:\winnt\system32\dllcache\mswsock.dll
2008-06-25 09:41 . 2008-06-25 09:41 64784 ----a-w- c:\winnt\system32\mswsock.dll
2008-06-25 09:41 . 2008-06-25 09:41 137488 -c--a-w- c:\winnt\system32\dllcache\dnsapi.dll
2008-06-25 09:41 . 2008-06-25 09:41 105744 -c----w- c:\winnt\system32\dllcache\msafd.dll
2008-06-25 09:41 . 2008-06-25 09:41 105744 ----a-w- c:\winnt\system32\msafd.dll
2008-06-01 18:19 . 2008-06-01 18:19 335872 -c----w- c:\winnt\system32\dllcache\WMStream.dll
2008-04-30 06:08 . 2008-04-30 06:08 187664 -c--a-w- c:\winnt\system32\dllcache\wordpad.exe
2008-03-27 07:05 . 2008-03-27 07:05 621344 -c----w- c:\winnt\system32\dllcache\mswstr10.dll
2008-02-15 13:24 . 2008-02-15 13:24 96528 ----a-w- c:\winnt\system32\dnsrslvr.dll
2007-12-05 10:40 . 2007-12-05 10:40 631056 -c----w- c:\winnt\system32\dllcache\oleaut32.dll
2007-10-31 00:18 . 2007-10-31 00:18 1134592 -c----w- c:\winnt\system32\dllcache\wmvcore.dll
2007-10-31 00:17 . 2007-10-31 00:17 245760 -c----w- c:\winnt\system32\dllcache\wmasf.dll
2007-10-16 13:51 . 2007-10-16 13:51 14096 -c----w- c:\winnt\system32\dllcache\mqsvc.exe
2007-10-16 13:51 . 2007-10-16 13:51 98064 -c----w- c:\winnt\system32\dllcache\mqmig.exe
2007-10-16 13:51 . 2007-10-16 13:51 77712 -c----w- c:\winnt\system32\dllcache\mqac.sys
2007-10-16 13:51 . 2007-10-16 13:51 14096 -c----w- c:\winnt\system32\dllcache\mq1sync.exe
2007-10-16 11:34 . 2007-10-16 11:34 513808 ----a-w- c:\winnt\system32\LSASRV.DLL
2007-08-31 23:59 . 2007-08-31 23:59 430296 ----a-w- c:\winnt\system32\rtcrtp.dll
2007-08-31 23:59 . 2007-08-31 23:59 1011928 ----a-w- c:\winnt\system32\rtclib.dll
2007-08-27 15:43 . 2002-06-27 22:46 -------- d-----w- c:\program files\MSN Messenger
2007-08-27 15:12 . 2004-08-13 08:38 140544 -c--a-r- c:\winnt\system32\drivers\rt2500usb.sys
2007-08-27 15:03 . 2002-09-09 19:01 61440 -c--a-w- c:\winnt\system32\ASUSW32N50.dll
2007-08-27 15:03 . 2002-09-09 17:54 16269 -c--a-w- c:\winnt\system32\ASNDIS5.sys
2007-08-17 06:48 . 2007-08-17 06:48 448272 -c----w- c:\winnt\system32\dllcache\oieng400.dll
2007-08-17 06:48 . 2007-08-17 06:48 39184 -c----w- c:\winnt\system32\dllcache\jpeg2x32.dll
2007-06-25 06:25 . 2007-06-25 06:25 53008 -c--a-w- c:\winnt\system32\dllcache\agentdpv.dll
2007-05-24 13:30 . 2007-05-24 13:30 200704 -c--a-w- c:\documents and settings\All Users\Application Data\Zylom\ZylomGamesPlayer\zylom\PlayfirstExtensi on\PlayfirstExtension.dll
2007-05-11 07:42 . 2007-05-11 07:42 73488 -c----w- c:\winnt\system32\dllcache\kodakprv.exe
2007-05-11 07:41 . 2007-05-11 07:41 524560 -c----w- c:\winnt\system32\dllcache\kodakimg.exe
2007-04-23 06:22 . 2007-04-23 06:22 939280 -c--a-w- c:\winnt\system32\ntdsa.dll
2007-04-23 06:22 . 2007-04-23 06:22 939280 -c--a-w- c:\winnt\system32\dllcache\ntdsa.dll
2007-04-16 12:44 . 2007-04-16 12:44 712976 -c----w- c:\winnt\system32\dllcache\kernel32.dll
2007-04-16 12:44 . 2007-04-16 12:44 54032 -c----w- c:\winnt\system32\dllcache\mpr.dll
2007-04-16 12:44 . 2007-04-16 12:44 54032 ----a-w- c:\winnt\system32\mpr.dll
2007-04-05 07:17 . 2007-04-05 07:17 2854400 -c----w- c:\winnt\system32\dllcache\msi.dll
2007-04-05 07:17 . 2007-04-05 07:17 2854400 ----a-w- c:\winnt\system32\msi.dll
2007-03-16 13:13 . 2007-03-16 13:13 131072 -c--a-w- c:\documents and settings\All Users\Application Data\Zylom\ZylomGamesPlayer\zylom\MyZylomExtension \MyZylomExtension.dll
2007-03-13 09:44 . 2007-03-13 09:44 245520 -c----w- c:\winnt\system32\dllcache\winsrv.dll
2007-03-06 11:17 . 2007-03-06 11:17 381200 -c----w- c:\winnt\system32\dllcache\USER32.DLL
2007-03-06 11:17 . 2007-03-06 11:17 381200 ----a-w- c:\winnt\system32\USER32.DLL
2007-03-06 11:17 . 2007-03-06 11:17 38160 -c--a-w- c:\winnt\system32\mf3216.dll
2007-03-06 11:17 . 2007-03-06 11:17 38160 -c--a-w- c:\winnt\system32\dllcache\mf3216.dll
2007-01-10 09:09 . 2007-01-10 09:09 483328 -c--a-w- c:\winnt\system32\dllcache\oledb32.dll
2007-01-10 09:09 . 2007-01-10 09:09 212992 -c----w- c:\winnt\system32\dllcache\odbc32.dll
2007-01-10 09:09 . 2007-01-10 09:09 188449 -c----w- c:\winnt\system32\dllcache\msadox.dll
2007-01-10 09:09 . 2007-01-10 09:09 487424 -c--a-w- c:\winnt\system32\dllcache\msado15.dll
2007-01-09 14:54 . 2005-07-04 10:24 917504 -c--a-w- c:\documents and settings\All Users\Application Data\Zylom\ZylomGamesPlayer\zylom\FeedingFrenzy\nl-NL\FeedingFrenzy.dll
2007-01-06 11:36 . 2007-01-06 11:36 4096 -c--a-w- c:\winnt\d3dx.dat
2007-01-06 11:36 . 2007-02-21 16:54 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2006-11-17 13:16 . 2006-11-17 13:16 433664 -c----w- c:\winnt\system32\dllcache\riched20.dll
2006-11-09 15:09 . 2006-11-09 16:16 19 -c--a-w- c:\winnt\popcinfo.dat
2006-11-02 17:31 . 2006-11-02 17:31 1011774 -c----w- c:\winnt\system32\dllcache\mfc42u.dll
2006-10-09 15:37 . 2007-02-21 16:50 -------- d-----w- c:\program files\Aveyond_at
2006-09-28 17:10 . 2007-02-21 17:00 -------- d-----w- c:\program files\Gamenext
2006-09-25 20:59 . 2006-10-02 18:16 -------- d---a-w- c:\program files\Virtual Villagers
2006-09-25 20:58 . 2006-09-25 20:58 -------- d-----w- c:\program files\ReflexiveArcade
2006-09-01 05:49 . 2006-09-01 05:49 140048 -c----w- c:\winnt\system32\dllcache\nwprovau.dll
2006-08-28 08:44 . 2006-08-28 08:44 530192 ----a-w- c:\winnt\system32\comctl32.dll
2006-08-26 15:48 . 2006-08-26 15:48 -------- d-----w- c:\documents and settings\All Users\Application Data\Sandlot Games
2006-08-26 15:48 . 2006-10-23 15:24 -------- d-----w- c:\documents and settings\Administrator\Application Data\Zylom
2006-08-26 15:47 . 2006-03-22 02:27 98304 -c--a-w- c:\documents and settings\All Users\Application Data\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll
2006-08-26 15:47 . 2006-01-23 16:17 155648 -c--a-w- c:\documents and settings\All Users\Application Data\Zylom\ZylomGamesPlayer\zylomgamesplayer.dll
2006-08-23 13:58 . 2006-08-23 13:58 -------- d-----w- c:\documents and settings\All Users\Application Data\PlayFirst
2006-08-23 13:58 . 2006-08-23 13:58 -------- d-----w- c:\documents and settings\Administrator\Application Data\PlayFirst
2006-08-22 00:17 . 2006-08-22 00:17 -------- d-----w- c:\documents and settings\All Users\Application Data\Zylom
2006-08-17 13:14 . 2006-08-17 13:14 98064 -c----w- c:\winnt\system32\dllcache\wkssvc.dll
2006-07-28 11:54 . 2006-07-28 11:54 589824 -c--a-w- c:\documents and settings\All Users\Application Data\Zylom\ZylomGamesPlayer\zylom\Zuma\nl-NL\zuma.dll
2006-07-20 06:50 . 2006-07-20 06:50 1175552 -c--a-w- c:\documents and settings\All Users\Application Data\Zylom\ZylomGamesPlayer\zylom\deliciouswintere dition\nl-NL\deliciouswinteredition.dll
2006-07-20 06:50 . 2006-07-20 06:50 1175552 -c--a-w- c:\documents and settings\All Users\Application Data\Zylom\ZylomGamesPlayer\zylom\Delicious\nl-NL\delicious.dll
2006-07-17 11:40 . 2006-07-17 11:40 126976 -c--a-w- c:\documents and settings\All Users\Application Data\Zylom\ZylomGamesPlayer\zylom\ZylomExtension\Z ylomExtension.dll
2006-07-06 11:45 . 2008-02-15 13:24 96528 -c----w- c:\winnt\system32\dllcache\dnsrslvr.dll
2006-06-21 12:17 . 2006-06-21 12:17 161040 -c----w- c:\winnt\system32\dllcache\rasmans.dll
2006-06-19 14:18 . 2009-01-09 16:28 -------- d-----w- c:\documents and settings\Administrator\Application Data\Lavasoft
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2010-06-28 20:57 . 2002-06-28 01:04 38848 ----a-w- c:\winnt\avastSS.scr
2010-06-28 20:37 . 2002-06-28 01:06 46672 ----a-w- c:\winnt\system32\drivers\aswTdi.sys
2010-06-28 20:37 . 2002-06-28 01:06 165456 ----a-w- c:\winnt\system32\drivers\aswSP.sys
2010-06-28 20:32 . 2002-06-28 01:06 100176 ----a-w- c:\winnt\system32\drivers\aswmon2.sys
2010-06-28 20:32 . 2002-06-28 01:06 94544 ----a-w- c:\winnt\system32\drivers\aswmon.sys
2010-06-28 20:32 . 2002-06-28 01:06 28880 ----a-w- c:\winnt\system32\drivers\aavmker4.sys
2010-04-29 13:39 . 2002-06-27 23:28 38224 ----a-w- c:\winnt\system32\drivers\mbamswissarmy.sys
2010-04-29 13:39 . 2002-06-27 23:28 19288 ----a-w- c:\winnt\system32\drivers\mbam.sys
2009-09-05 06:36 . 1999-12-07 12:00 55056 ----a-w- c:\winnt\system32\msasn1.dll
2009-08-21 15:06 . 2005-11-09 20:15 247326 -c--a-w- c:\winnt\system32\strmdll.dll
2009-08-11 16:02 . 2005-11-09 20:14 1428240 -c--a-w- c:\winnt\system32\query.dll
2009-08-06 18:24 . 2005-11-09 20:15 53472 -c--a-w- c:\winnt\system32\wuauclt.exe
2009-08-06 18:24 . 2005-11-09 20:13 96480 -c--a-w- c:\winnt\system32\cdm.dll
2009-08-06 18:23 . 2005-11-09 20:15 1929952 ----a-w- c:\winnt\system32\wuaueng.dll
2009-08-04 11:38 . 1999-12-07 11:05 1713536 -c--a-w- c:\winnt\system32\NTKRNLPA.EXE
2009-08-04 11:38 . 1999-12-07 12:00 1690880 -c--a-w- c:\winnt\system32\NTOSKRNL.EXE
2009-07-27 11:27 . 1999-12-07 12:00 81168 -c--a-w- c:\winnt\system32\fontsub.dll
2009-07-27 11:27 . 1999-12-07 12:00 165136 ----a-w- c:\winnt\system32\t2embed.dll
2009-07-10 10:49 . 2002-08-29 06:06 601088 ----a-w- c:\winnt\system32\INETCOMM.DLL
2009-07-10 10:49 . 2002-08-29 06:06 47616 -c--a-w- c:\winnt\system32\INETRES.DLL
2009-07-10 10:49 . 2002-08-29 06:06 229376 -c--a-w- c:\winnt\system32\MSOEACCT.DLL
2009-07-10 10:49 . 2002-08-29 06:06 91136 ----a-w- c:\winnt\system32\MSOERT2.DLL
2009-07-10 10:47 . 2002-08-29 06:14 44032 ----a-w- c:\winnt\system32\MSIDENT.DLL
2009-06-02 17:23 . 2005-12-27 14:24 1225728 ----a-w- c:\winnt\system32\quartz.dll
2009-05-07 06:41 . 1999-12-07 12:00 263440 ----a-w- c:\winnt\system32\LOCALSPL.DLL
2009-04-24 09:54 . 1999-12-07 12:00 95504 ----a-w- c:\winnt\system32\WIN32SPL.DLL
2009-04-17 05:04 . 1999-12-07 12:00 1645072 ----a-w- c:\winnt\system32\WIN32K.SYS
2009-01-08 16:20 . 2003-06-19 11:05 80656 -c--a-w- c:\winnt\system32\telnet.exe
2008-12-11 12:09 . 1999-12-07 12:00 239472 -c--a-w- c:\winnt\system32\drivers\SRV.SYS
2008-08-27 16:29 . 1999-12-07 12:00 416016 -c--a-w- c:\winnt\system32\drivers\mrxsmb.sys
2008-08-27 16:28 . 1999-12-07 12:00 170800 -c--a-w- c:\winnt\system32\drivers\rdbss.sys
2008-06-25 12:51 . 1999-12-07 12:00 69904 ----a-w- c:\winnt\system32\mscms.dll
2008-06-25 12:33 . 2005-11-09 20:14 123152 -c--a-w- c:\winnt\system32\mtxoci.dll
2008-06-25 12:33 . 2005-11-09 20:14 154384 -c--a-w- c:\winnt\system32\msdtcui.dll
2008-06-25 12:33 . 2005-11-09 20:14 96016 -c--a-w- c:\winnt\system32\msdtclog.dll
2008-06-25 12:33 . 2005-11-07 22:59 19216 -c--a-w- c:\winnt\system32\xolehlp.dll
2008-06-18 10:05 . 1999-12-07 12:00 320528 -c--a-w- c:\winnt\system32\drivers\tcpip.sys
2008-06-16 06:36 . 2003-06-19 11:05 1843464 -c--a-r- c:\winnt\system32\dtcsetup.exe
2008-06-01 18:19 . 2001-05-01 15:05 335872 -c--a-w- c:\winnt\system32\WMStream.dll
2008-05-08 08:38 . 1999-12-07 12:00 119152 -c--a-w- c:\winnt\system32\drivers\AFD.SYS
2008-03-27 07:13 . 2005-11-09 20:14 151583 -c--a-w- c:\winnt\system32\msjint40.dll
2008-03-27 07:06 . 2005-11-09 20:14 355104 -c--a-w- c:\winnt\system32\msxbde40.dll
2008-03-27 07:05 . 2005-11-09 20:14 621344 ----a-w- c:\winnt\system32\mswstr10.dll
2008-03-27 07:05 . 2005-11-09 20:14 838432 -c--a-w- c:\winnt\system32\mswdat10.dll
2008-03-27 07:05 . 2005-11-09 20:14 264992 -c--a-w- c:\winnt\system32\mstext40.dll
2008-03-27 07:04 . 2005-11-09 20:14 559904 -c--a-w- c:\winnt\system32\msrepl40.dll
2008-03-27 07:04 . 2005-11-09 20:14 322336 -c--a-w- c:\winnt\system32\msrd3x40.dll
2008-03-27 07:04 . 2005-11-09 20:14 432928 -c--a-w- c:\winnt\system32\msrd2x40.dll
2008-03-27 07:03 . 2005-11-09 20:14 355104 -c--a-w- c:\winnt\system32\mspbde40.dll
2008-03-27 07:03 . 2005-11-09 20:14 219936 -c--a-w- c:\winnt\system32\msltus40.dll
2008-03-27 07:03 . 2005-11-09 20:14 248608 -c--a-w- c:\winnt\system32\msjtes40.dll
2008-03-27 07:02 . 2005-11-09 20:14 60192 -c--a-w- c:\winnt\system32\msjter40.dll
2008-03-27 07:02 . 2005-11-09 20:14 355112 -c--a-w- c:\winnt\system32\msjetoledb40.dll
2008-03-27 07:01 . 2005-11-09 20:14 1516568 -c--a-w- c:\winnt\system32\msjet40.dll
2008-03-27 07:00 . 2005-11-09 20:14 326432 -c--a-w- c:\winnt\system32\msexcl40.dll
2008-03-27 07:00 . 2005-11-09 20:14 518944 -c--a-w- c:\winnt\system32\msexch40.dll
2008-02-27 11:49 . 2002-06-27 22:59 3840 ----a-w- c:\winnt\system32\drivers\BANTExt.sys
2008-01-05 02:05 . 2002-02-26 14:58 401408 ----a-w- c:\winnt\system32\vbscript.dll
2007-12-05 10:40 . 1999-12-07 12:00 631056 ----a-w- c:\winnt\system32\OLEAUT32.DLL
2007-08-17 06:48 . 2005-11-09 20:14 448272 -c--a-w- c:\winnt\system32\oieng400.dll
2007-08-17 06:48 . 2005-11-07 22:59 33552 -c--a-w- c:\winnt\system32\tifflt.dll
2007-08-17 06:48 . 2005-11-07 22:59 39184 -c--a-w- c:\winnt\system32\jpeg2x32.dll
2007-03-13 09:44 . 1999-12-07 12:00 245520 ----a-w- c:\winnt\system32\WINSRV.DLL
2007-01-10 09:09 . 2005-11-09 20:14 212992 ----a-w- c:\winnt\system32\odbc32.dll
2007-01-05 06:49 . 2003-06-19 11:05 22752 -c--a-w- c:\winnt\system32\spupdsvc.exe
2006-11-29 07:31 . 2005-11-09 20:14 20752 -c--a-w- c:\winnt\system32\odtext32.dll
2006-11-29 07:31 . 2005-11-09 20:14 20752 -c--a-w- c:\winnt\system32\odpdx32.dll
2006-11-29 07:31 . 2005-11-09 20:14 20752 -c--a-w- c:\winnt\system32\odfox32.dll
2006-11-29 07:31 . 2005-11-09 20:14 53520 -c--a-w- c:\winnt\system32\odbcji32.dll
2006-11-29 07:31 . 2005-11-09 20:14 278800 -c--a-w- c:\winnt\system32\odbcjt32.dll
2006-11-29 07:31 . 2005-11-09 20:14 20752 -c--a-w- c:\winnt\system32\odexl32.dll
2006-11-29 07:31 . 2005-11-09 20:14 20752 -c--a-w- c:\winnt\system32\oddbse32.dll
2006-11-29 07:31 . 2005-11-09 20:14 102672 -c--a-w- c:\winnt\system32\ODBCCP32.dll
2006-11-02 17:31 . 2005-11-09 20:14 1011774 ----a-w- c:\winnt\system32\mfc42u.dll
2006-11-02 17:31 . 1999-12-07 12:00 927504 -c--a-w- c:\winnt\system32\MFC40U.DLL
2006-10-19 08:02 . 1999-12-07 12:00 115472 ----a-w- c:\winnt\system32\OLEDLG.DLL
2006-09-01 05:49 . 1999-12-07 12:00 64784 ----a-w- c:\winnt\system32\NWAPI32.DLL
2006-09-01 05:49 . 1999-12-07 12:00 140048 ----a-w- c:\winnt\system32\NWPROVAU.DLL
2006-09-01 04:57 . 1999-12-07 12:00 161520 -c--a-w- c:\winnt\system32\drivers\nwrdr.sys
2006-08-22 02:05 . 2005-11-09 20:13 498742 -c--a-w- c:\winnt\system32\dxmasf.dll
2006-08-17 13:14 . 1999-12-07 12:00 98064 ----a-w- c:\winnt\system32\WKSSVC.DLL
2006-07-25 05:08 . 2005-11-09 20:14 840976 -c--a-w- c:\winnt\system32\mmcndmgr.dll
2006-07-21 15:08 . 2005-11-09 20:13 72704 -c--a-w- c:\winnt\system32\hlink.dll
2006-07-06 09:52 . 2005-11-09 20:14 613648 -c--a-w- c:\winnt\system32\mmc.exe
2005-12-05 17:07 . 2005-12-27 14:23 63696 -c--a-w- c:\winnt\system32\dxdllreg.exe
2005-11-07 22:59 . 2005-11-07 22:59 -------- d-----w- c:\program files\Accessories
2005-11-07 22:04 . 2005-11-07 22:04 -------- d-----w- c:\program files\microsoft frontpage
2005-11-07 22:02 . 2005-11-07 22:02 2678 -c--a-w- c:\winnt\java\Packages\Data\79RBZ53L.DAT
2005-11-07 22:02 . 2005-11-07 22:02 558142 -c--a-w- c:\winnt\java\Packages\QIFRN39Z.ZIP
2005-11-07 22:02 . 2005-11-07 22:02 2474 -c--a-w- c:\winnt\java\Packages\Data\BDRNTBT7.DAT
2005-11-07 22:02 . 2005-11-07 22:02 2678 -c--a-w- c:\winnt\java\Packages\Data\O3RPJZL3.DAT
2005-11-07 22:02 . 2005-11-07 22:02 2474 -c--a-w- c:\winnt\java\Packages\Data\VPRRJFZT.DAT
2005-11-07 22:02 . 2005-11-07 22:02 156441 -c--a-w- c:\winnt\java\Packages\E2XFN93B.ZIP
2005-11-07 22:02 . 2005-11-07 22:02 2678 -c--a-w- c:\winnt\java\Packages\Data\P79ZBZVX.DAT
2005-11-07 22:02 . 2005-11-07 22:02 2678 -c--a-w- c:\winnt\java\Packages\Data\713TZ3B9.DAT
2005-11-07 22:02 . 2005-11-07 22:02 2678 -c--a-w- c:\winnt\java\Packages\Data\1B9VHBH7.DAT
2005-11-07 22:01 . 2005-11-07 22:01 21952 -c-h--w- c:\program files\folder.htt
2005-11-07 22:00 . 2005-11-07 22:00 15012 -c--a-w- c:\winnt\system32\emptyregdb.dat
2005-11-04 08:39 . 2005-11-04 08:39 161280 -c--a-w- c:\documents and settings\All Users\Application Data\Zylom\ZylomGamesPlayer\zylom\chainz2\nl-NL\fmod.dll
2005-09-23 11:03 . 2005-09-23 11:03 1120016 ----a-w- c:\winnt\system32\webvw.dll
.
------- Sigcheck -------
[-] 2003-06-19 11:05 . 8C718AA8C77041B3285D55A0CE980867 . 86672 . . [ERROR: 0x0] . . c:\winnt\ServicePackFiles\i386\atapi.sys
[-] 2003-06-19 11:05 . 8C718AA8C77041B3285D55A0CE980867 . 86672 . . [ERROR: 0x0] . . c:\winnt\system32\drivers\atapi.sys
[-] 1999-12-07 12:00 . F4D5D4CC7B704608FC686D248981F461 . 84976 . . [ERROR: 0x0] . . c:\winnt\$NtServicePackUninstall$\atapi.sys
[-] 2003-06-19 11:05 . 5D3D77C9EB3A8E6A14CC8E1252B6CC5C . 17840 . . [ERROR: 0x0] . . c:\winnt\ServicePackFiles\i386\asyncmac.sys
[-] 2003-06-19 11:05 . 5D3D77C9EB3A8E6A14CC8E1252B6CC5C . 17840 . . [ERROR: 0x0] . . c:\winnt\system32\drivers\asyncmac.sys
[-] 1999-12-07 12:00 . 1B4DE1039FE6D4321003303870185B8E . 16752 . . [ERROR: 0x0] . . c:\winnt\$NtServicePackUninstall$\asyncmac.sys
[-] 1999-12-07 12:00 . DF012C2853281CE2BF536E8DE871C8C1 . 4080 . . [ERROR: 0x0] . . c:\winnt\system32\dllcache\beep.sys
[-] 1999-12-07 12:00 . DF012C2853281CE2BF536E8DE871C8C1 . 4080 . . [ERROR: 0x0] . . c:\winnt\system32\drivers\beep.sys
[-] 2003-06-19 11:05 . 399055F5C4A98F39B47D26888A72145D . 24528 . . [ERROR: 0x0] . . c:\winnt\ServicePackFiles\i386\kbdclass.sys
[-] 2003-06-19 11:05 . 399055F5C4A98F39B47D26888A72145D . 24528 . . [ERROR: 0x0] . . c:\winnt\system32\dllcache\kbdclass.sys
[-] 2003-06-19 11:05 . 399055F5C4A98F39B47D26888A72145D . 24528 . . [ERROR: 0x0] . . c:\winnt\system32\drivers\kbdclass.sys
[-] 1999-12-07 12:00 . 283E1604997CFB83EE6A8DF7F1993AFC . 24496 . . [ERROR: 0x0] . . c:\winnt\$NtServicePackUninstall$\kbdclass.sys
[-] 2003-06-19 11:05 . FB4F2D0595BD3546A4DD915E4A9B4809 . 170928 . . [ERROR: 0x0] . . c:\winnt\ServicePackFiles\i386\ndis.sys
[-] 2003-06-19 11:05 . FB4F2D0595BD3546A4DD915E4A9B4809 . 170928 . . [ERROR: 0x0] . . c:\winnt\system32\drivers\ndis.sys
[-] 1999-12-07 12:00 . FBF289385E77176B5929975748ABD84B . 167760 . . [ERROR: 0x0] . . c:\winnt\$NtServicePackUninstall$\ndis.sys
[-] 2003-06-19 11:05 . F6AB0E765D5B80443B93C52C42F2602A . 534192 . . [ERROR: 0x0] . . c:\winnt\ServicePackFiles\i386\ntfs.sys
[-] 2003-06-19 11:05 . F6AB0E765D5B80443B93C52C42F2602A . 534192 . . [ERROR: 0x0] . . c:\winnt\system32\drivers\ntfs.sys
[-] 1999-12-07 12:00 . 99FB2B5556EF9168065B548A001FC393 . 535248 . . [ERROR: 0x0] . . c:\winnt\$NtServicePackUninstall$\ntfs.sys
[-] 1999-12-07 12:00 . 280209CDE798720A24D232BF9CFDA8E9 . 2800 . . [ERROR: 0x0] . . c:\winnt\system32\dllcache\null.sys
[-] 1999-12-07 12:00 . 280209CDE798720A24D232BF9CFDA8E9 . 2800 . . [ERROR: 0x0] . . c:\winnt\system32\drivers\null.sys
[-] 2003-06-19 11:05 . 38A6BC551496C24118BD1524425AF2FE . 68880 . . [ERROR: 0x0] . . c:\winnt\ServicePackFiles\i386\browser.dll
[-] 2003-06-19 11:05 . 38A6BC551496C24118BD1524425AF2FE . 68880 . . [ERROR: 0x0] . . c:\winnt\system32\browser.dll
[-] 1999-12-07 12:00 . 1E95C9153D96FC232F16DB274AE0E19E . 49424 . . [ERROR: 0x0] . . c:\winnt\$NtServicePackUninstall$\browser.dll
[-] 2003-06-19 11:05 . 271229760CCED993E9E7CAB1C7274134 . 33552 . . [ERROR: 0x0] . . c:\winnt\ServicePackFiles\i386\lsass.exe
[-] 2003-06-19 11:05 . 271229760CCED993E9E7CAB1C7274134 . 33552 . . [ERROR: 0x0] . . c:\winnt\system32\LSASS.EXE
[-] 1999-12-07 12:00 . 794087DA8DE60705C20E127262362C8C . 33552 . . [ERROR: 0x0] . . c:\winnt\$NtServicePackUninstall$\lsass.exe
[-] 2004-10-05 09:43 . DCD38D8178BF1BEA585F2F003EE3460E . 362496 . . [ERROR: 0x0] . . c:\winnt\system32\qmgr.dll
[-] 2004-10-05 09:43 . DCD38D8178BF1BEA585F2F003EE3460E . 362496 . . [ERROR: 0x0] . . c:\winnt\system32\BITS\qmgr.dll
[-] 2004-10-05 09:43 . DCD38D8178BF1BEA585F2F003EE3460E . 362496 . . [ERROR: 0x0] . . c:\winnt\system32\dllcache\qmgr.dll
[-] 2003-06-19 11:05 . FE02334DB8598E2706A51A24DD33AB00 . 244224 . . [ERROR: 0x0] . . c:\winnt\$NtUninstallKB842773$\qmgr.dll
[-] 2003-06-19 11:05 . FE02334DB8598E2706A51A24DD33AB00 . 244224 . . [ERROR: 0x0] . . c:\winnt\ServicePackFiles\i386\qmgr.dll
[-] 2003-06-19 11:05 . CFED2D28F5B8A24127E9E06043070643 . 89360 . . [ERROR: 0x0] . . c:\winnt\ServicePackFiles\i386\services.exe
[-] 2003-06-19 11:05 . CFED2D28F5B8A24127E9E06043070643 . 89360 . . [ERROR: 0x0] . . c:\winnt\system32\SERVICES.EXE
[-] 1999-12-07 12:00 . 63709F4C5BD9B401849C929D6EEFBB3D . 88848 . . [ERROR: 0x0] . . c:\winnt\$NtServicePackUninstall$\services.exe
[-] 2004-08-24 22:59 . 5922E8055EB439A58EF29530D8567A40 . 182544 . . [ERROR: 0x0] . . c:\winnt\SoftwareDistribution\Download\b81bcfe06a4 77e932fd34cf2bbb8a889\winlogon.exe
[-] 2003-06-19 11:05 . 3980C28D116D438BBB36FB38526FDE1A . 181008 . . [ERROR: 0x0] . . c:\winnt\ServicePackFiles\i386\winlogon.exe
[-] 2003-06-19 11:05 . 3980C28D116D438BBB36FB38526FDE1A . 181008 . . [ERROR: 0x0] . . c:\winnt\system32\WINLOGON.EXE
[-] 1999-12-07 12:00 . 85C0D6BD769AAB1B007B21CCA9A346C8 . 177424 . . [ERROR: 0x0] . . c:\winnt\$NtServicePackUninstall$\winlogon.exe
[-] 2003-06-19 11:05 . 385F52746FD8558D43999AEED250769A . 76048 . . [ERROR: 0x0] . . c:\winnt\ServicePackFiles\i386\cryptsvc.dll
[-] 2003-06-19 11:05 . 385F52746FD8558D43999AEED250769A . 76048 . . [ERROR: 0x0] . . c:\winnt\system32\cryptsvc.dll
[-] 1999-12-07 12:00 . 8F9F74E12804FCD1AE05C1B4CE09FDC8 . 63248 . . [ERROR: 0x0] . . c:\winnt\$NtServicePackUninstall$\cryptsvc.dll
[-] 2003-06-19 11:05 . 873794CE17DD72420D9C4072D4D112E5 . 96528 . . [ERROR: 0x0] . . c:\winnt\ServicePackFiles\i386\imm32.dll
[-] 2003-06-19 11:05 . 873794CE17DD72420D9C4072D4D112E5 . 96528 . . [ERROR: 0x0] . . c:\winnt\system32\imm32.dll
[-] 1999-12-07 12:00 . AE555A18419F65B94B2362DC0FFE91E3 . 96016 . . [ERROR: 0x0] . . c:\winnt\$NtServicePackUninstall$\imm32.dll
[-] 2003-06-19 11:05 . EF290209052ED43DDFDB8F0E74EC79EF . 20240 . . [ERROR: 0x0] . . c:\winnt\ServicePackFiles\i386\lpk.dll
[-] 2003-06-19 11:05 . EF290209052ED43DDFDB8F0E74EC79EF . 20240 . . [ERROR: 0x0] . . c:\winnt\system32\lpk.dll
[-] 1999-12-07 12:00 . 3B36C6F4573696B408AF5E28A00C54C1 . 20240 . . [ERROR: 0x0] . . c:\winnt\$NtServicePackUninstall$\lpk.dll
[-] 2003-06-19 11:05 . BA7BE6F92680B28B9031170659FD222D . 286773 . . [ERROR: 0x0] . . c:\winnt\ServicePackFiles\i386\msvcrt.dll
[-] 2003-06-19 11:05 . BA7BE6F92680B28B9031170659FD222D . 286773 . . [ERROR: 0x0] . . c:\winnt\system32\msvcrt.dll
[-] 1999-12-07 12:00 . 055B02D711CDEDB8C5997274C4E99CB8 . 295000 . . [ERROR: 0x0] . . c:\winnt\$NtServicePackUninstall$\msvcrt.dll
[-] 2003-06-19 11:05 . 0A35F356726069B95F4BB2A99203FDD4 . 13584 . . [ERROR: 0x0] . . c:\winnt\ServicePackFiles\i386\powrprof.dll
[-] 2003-06-19 11:05 . 0A35F356726069B95F4BB2A99203FDD4 . 13584 . . [ERROR: 0x0] . . c:\winnt\system32\powrprof.dll
[-] 1999-12-07 12:00 . F768D588307C35721FC6FD54BB87CD85 . 13584 . . [ERROR: 0x0] . . c:\winnt\$NtServicePackUninstall$\powrprof.dll
[-] 2003-06-19 11:05 . FF11B32A906D75CD96957B66E318DAD0 . 114448 . . [ERROR: 0x0] . . c:\winnt\ServicePackFiles\i386\scecli.dll
[-] 2003-06-19 11:05 . FF11B32A906D75CD96957B66E318DAD0 . 114448 . . [ERROR: 0x0] . . c:\winnt\system32\scecli.dll
[-] 1999-12-07 12:00 . 5D4EFA4B12CBF2F00A06F0C9A720BDAF . 107792 . . [ERROR: 0x0] . . c:\winnt\$NtServicePackUninstall$\scecli.dll
[-] 1999-12-07 12:00 . 9E64AD53CFD9DA2D22E8A924F8C6E62C . 7952 . . [ERROR: 0x0] . . c:\winnt\system32\svchost.exe
[-] 1999-12-07 12:00 . 9E64AD53CFD9DA2D22E8A924F8C6E62C . 7952 . . [ERROR: 0x0] . . c:\winnt\system32\dllcache\svchost.exe
[-] 2003-06-19 11:05 . BF179C5B8A722CC79AEF1CA90D6C7D48 . 17680 . . [ERROR: 0x0] . . c:\winnt\ServicePackFiles\i386\userinit.exe
[-] 2003-06-19 11:05 . BF179C5B8A722CC79AEF1CA90D6C7D48 . 17680 . . [ERROR: 0x0] . . c:\winnt\system32\USERINIT.EXE
[-] 1999-12-07 12:00 . A4E505D537A0476DAAF61EB90CAE457C . 17168 . . [ERROR: 0x0] . . c:\winnt\$NtServicePackUninstall$\userinit.exe
[-] 2003-06-19 11:05 . 0190C62DE42396D78DB9BE771CF2403E . 69904 . . [ERROR: 0x0] . . c:\winnt\ServicePackFiles\i386\ws2_32.dll
[-] 2003-06-19 11:05 . 0190C62DE42396D78DB9BE771CF2403E . 69904 . . [ERROR: 0x0] . . c:\winnt\system32\ws2_32.dll
[-] 1999-12-07 12:00 . E8162BF0C57D0CC137E2F3549D0485A7 . 71440 . . [ERROR: 0x0] . . c:\winnt\$NtServicePackUninstall$\ws2_32.dll
[-] 1999-12-07 12:00 . 28336B1300EC048124197091354251B6 . 18192 . . [ERROR: 0x0] . . c:\winnt\system32\ws2help.dll
[-] 1999-12-07 12:00 . 28336B1300EC048124197091354251B6 . 18192 . . [ERROR: 0x0] . . c:\winnt\system32\dllcache\ws2help.dll
[-] 2003-06-19 11:05 . 59CF2B7DCED9111F48F51B4B570E672D . 243472 . . [ERROR: 0x0] . . c:\winnt\explorer.exe
[-] 2003-06-19 11:05 . 59CF2B7DCED9111F48F51B4B570E672D . 243472 . . [ERROR: 0x0] . . c:\winnt\ServicePackFiles\i386\explorer.exe
[-] 1999-12-07 12:00 . 7251759785C60ED0E3D3F8379C89A079 . 238352 . . [ERROR: 0x0] . . c:\winnt\$NtServicePackUninstall$\explorer.exe
[-] 2003-06-19 11:05 . 5738D5804F61A1D30D86FA24DEE56E0C . 47888 . . [ERROR: 0x0] . . c:\winnt\ServicePackFiles\i386\eventlog.dll
[-] 2003-06-19 11:05 . 5738D5804F61A1D30D86FA24DEE56E0C . 47888 . . [ERROR: 0x0] . . c:\winnt\system32\EVENTLOG.DLL
[-] 1999-12-07 12:00 . E3B0DABC518C3744DF00B12899D60805 . 44816 . . [ERROR: 0x0] . . c:\winnt\$NtServicePackUninstall$\eventlog.dll
[-] 2003-06-19 11:05 . A871E77694E9146B3C655A734B1ECF46 . 971024 . . [ERROR: 0x0] . . c:\winnt\ServicePackFiles\i386\sfcfiles.dll
[-] 2003-06-19 11:05 . A871E77694E9146B3C655A734B1ECF46 . 971024 . . [ERROR: 0x0] . . c:\winnt\system32\sfcfiles.dll
[-] 1999-12-07 12:00 . C10A8903B7D5CBB59E2416C4CBD4D334 . 996624 . . [ERROR: 0x0] . . c:\winnt\$NtServicePackUninstall$\sfcfiles.dll
[-] 2003-06-19 11:05 . 9C2A16951FD6A21AEF1C29F213A564B2 . 120592 . . [ERROR: 0x0] . . c:\winnt\ServicePackFiles\i386\appmgmts.dll
[-] 2003-06-19 11:05 . 9C2A16951FD6A21AEF1C29F213A564B2 . 120592 . . [ERROR: 0x0] . . c:\winnt\system32\appmgmts.dll
[-] 1999-12-07 12:00 . C23832AE8FB509D763120BA5C45DE657 . 120592 . . [ERROR: 0x0] . . c:\winnt\$NtServicePackUninstall$\appmgmts.dll
[-] 2003-06-19 11:05 . C470CF2972A6DF2214764DA2FE8B768F . 35600 . . [ERROR: 0x0] . . c:\winnt\ServicePackFiles\i386\msgsvc.dll
[-] 2003-06-19 11:05 . C470CF2972A6DF2214764DA2FE8B768F . 35600 . . [ERROR: 0x0] . . c:\winnt\system32\MSGSVC.DLL
[-] 1999-12-07 12:00 . 702EAA689645EFFCF2D77099801736B3 . 34576 . . [ERROR: 0x0] . . c:\winnt\$NtServicePackUninstall$\msgsvc.dll
[-] 2002-11-26 17:03 . 36678803A8030EE9A771935CFC1848BD . 52224 . . [ERROR: 0x0] . . c:\winnt\system32\mspmsnsv.dll
[-] 2003-06-19 11:05 . 56D893A01269008C28FBF2D025B2FA78 . 401168 . . [ERROR: 0x0] . . c:\winnt\ServicePackFiles\i386\ntmssvc.dll
[-] 2003-06-19 11:05 . 56D893A01269008C28FBF2D025B2FA78 . 401168 . . [ERROR: 0x0] . . c:\winnt\system32\ntmssvc.dll
[-] 1999-12-07 12:00 . A4274902A9E3C0D7A1B156D26F6F5A9E . 400144 . . [ERROR: 0x0] . . c:\winnt\$NtServicePackUninstall$\ntmssvc.dll
[-] 2004-07-09 03:27 . 033A45AB696EEF481707C2808C806E1A . 381952 . . [ERROR: 0x0] . . c:\winnt\RegisteredPackages\{44BBA855-CC51-11CF-AAFA-00AA00B6015C}\dsound.dll
[-] 2004-07-09 03:27 . 033A45AB696EEF481707C2808C806E1A . 381952 . . [ERROR: 0x0] . . c:\winnt\system32\dsound.dll
[-] 2004-07-09 03:27 . 033A45AB696EEF481707C2808C806E1A . 381952 . . [ERROR: 0x0] . . c:\winnt\system32\dllcache\dsound.dll
[-] 2004-07-09 03:27 . 0E51BD586D186F61A9E4453DB8AEC774 . 1703936 . . [ERROR: 0x0] . . c:\winnt\system32\d3d9.dll
[-] 2004-07-09 03:27 . 90114704C17A581DA1BAE029F20932BE . 292864 . . [ERROR: 0x0] . . c:\winnt\RegisteredPackages\{44BBA855-CC51-11CF-AAFA-00AA00B6015C}\ddraw.dll
[-] 2004-07-09 03:27 . 90114704C17A581DA1BAE029F20932BE . 292864 . . [ERROR: 0x0] . . c:\winnt\system32\ddraw.dll
[-] 1999-12-07 12:00 . A365E3D3E465ACC45D095A9886854CAB . 266512 . . [ERROR: 0x0] . . c:\winnt\system32\dllcache\ddraw.dll
[-] 2003-06-19 11:05 . 6A8E009F98DD75553066C17B43AFB0A5 . 164112 . . [ERROR: 0x0] . . c:\winnt\ServicePackFiles\i386\olepro32.dll
[-] 2003-06-19 11:05 . 6A8E009F98DD75553066C17B43AFB0A5 . 164112 . . [ERROR: 0x0] . . c:\winnt\system32\OLEPRO32.DLL
[-] 1999-12-07 12:00 . A19E02FA0A7769D6CC0148AA44F1E189 . 164112 . . [ERROR: 0x0] . . c:\winnt\$NtServicePackUninstall$\olepro32.dll
[-] 2003-06-19 11:05 . B5AA069B3DFD6F4F28E09EA1B83BF782 . 42256 . . [ERROR: 0x0] . . c:\winnt\ServicePackFiles\i386\perfctrs.dll
[-] 2003-06-19 11:05 . B5AA069B3DFD6F4F28E09EA1B83BF782 . 42256 . . [ERROR: 0x0] . . c:\winnt\system32\PERFCTRS.DLL
[-] 1999-12-07 12:00 . F8D8D14275E346CC6B685A12D41A1F71 . 41744 . . [ERROR: 0x0] . . c:\winnt\$NtServicePackUninstall$\perfctrs.dll
[-] 2003-06-19 11:05 . CA34BD29EB86BD772D59D35B959D43EE . 16144 . . [ERROR: 0x0] . . c:\winnt\ServicePackFiles\i386\version.dll
[-] 2003-06-19 11:05 . CA34BD29EB86BD772D59D35B959D43EE . 16144 . . [ERROR: 0x0] . . c:\winnt\system32\version.dll
[-] 1999-12-07 12:00 . CF3FBD4086D9C7F2C0929FE89D26F834 . 16144 . . [ERROR: 0x0] . . c:\winnt\$NtServicePackUninstall$\version.dll
[-] 2002-08-29 06:14 . EB9EAF627F705525D01DE5FA07EA1818 . 91136 . . [ERROR: 0x0] . . c:\winnt\system32\dllcache\iexplore.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"Synchronization Manager"="mobsync.exe" [2003-06-19 111376]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2005-05-11 49152]
"LVCOMSX"="c:\winnt\system32\LVCOMSX.EXE" [2005-07-19 221184]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2009-12-17 149224]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-06-28 2837864]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Run]
"internat.exe"="internat.exe" [1999-12-07 20752]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\RunOnce]
"^SetupICWDesktop"="c:\program files\Internet Explorer\Connection Wizard\icwconn1.exe" [2003-06-19 186640]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2005-5-11 282624]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="c:\winnt\explorer.exe,"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\nwprovau]
2006-09-01 05:49 140048 ----a-w- c:\winnt\system32\NWPROVAU.DLL
[HKEY_LOCAL_MACHINE\system\currentcontrolset\contro l\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 nwprovau
R1 aswSP;aswSP;c:\winnt\system32\drivers\aswSP.sys [28/06/2002 2:06 165456]
R2 aswMon;aswMon;c:\winnt\system32\drivers\aswmon.sys [28/06/2002 2:06 94544]
R3 openhci;Microsoft USB Open Host Controller Driver;c:\winnt\system32\drivers\openhci.sys [7/12/1999 13:00 24784]
R3 SiS630;SiS630;c:\winnt\system32\drivers\sis630p.sy s [28/06/2002 1:42 160511]
S3 NtApm;NT Apm/Legacy Interface Driver;c:\winnt\system32\drivers\NtApm.sys [7/11/2005 23:51 9104]
.
.
------- Supplementary Scan -------
.
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: {{c95fe080-8f5d-11d2-a20b-00aa003c157a} - %SystemRoot%\web\related.htm
LSP: %SystemRoot%\system32\msafd.dll
DPF: DirectAnimation Java Classes - file://c:\winnt\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\winnt\Java\classes\xmldso.cab
DPF: {89869334-AA13-489A-9A07-2BA062714A29} - hxxp://img.lnm.eu/youlog/client/MessengerInstaller.cab
DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://game04.zylom.com/activex/zylomgamesplayer.cab
.
************************************************** ************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2002-06-28 01:04
Windows 5.0.2195 Service Pack 4 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
************************************************** ************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63 A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINNT\\system32\\Macromed\\Flash\\FlashUtil10 i_ActiveX.exe,-101"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63 A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63 A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINNT\\system32\\Macromed\\Flash\\FlashUtil10i _ActiveX.exe"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63 A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F 2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F 2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F 2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(200)
c:\winnt\system32\MSASN1.DLL
c:\winnt\system32\wzcdlg.dll
c:\winnt\system32\WZCSAPI.DLL
- - - - - - - > 'lsass.exe'(240)
c:\winnt\system32\CRYPT32.dll
- - - - - - - > 'explorer.exe'(940)
c:\winnt\AppPatch\AcLayers.DLL
c:\winnt\system32\SHDOCVW.DLL
c:\winnt\system32\MSASN1.DLL
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\winnt\system32\hidserv.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\winnt\system32\HPZipm12.exe
c:\winnt\system32\regsvc.exe
c:\winnt\system32\MSTask.exe
c:\winnt\system32\stisvc.exe
c:\winnt\System32\WBEM\WinMgmt.exe
c:\program files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
c:\program files\Alwil Software\Avast5\setup\avast.setup
.
************************************************** ************************
.
Completion time: 2002-06-28 01:15:38 - machine was rebooted
ComboFix-quarantined-files.txt 2002-06-28 00:15
ComboFix2.txt 2010-09-06 09:40
Pre-Run: 34.193.387.520 bytes free
Post-Run: 34.195.722.240 bytes free
- - End Of File - - 47F8BEF1D31CD9653D60A54EBF560421
salmax 8 September 2010, 19:36 bij opstart krijg ik ook altijd de f1 om in bios
f2 om verder te gaan dan pas start windows 2000 op
en klok veranderd zich ook altijd naar 2002 datum
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:30:43, on 28/06/2002
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\hidserv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINNT\system32\HPZipm12.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\wuauclt.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINNT\system32\LVCOMSX.EXE
C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
C:\WINNT\explorer.exe
C:\WINNT\system32\ctfmon.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
F2 - REG:system.ini: UserInit=C:\WINNT\explorer.exe,
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINNT\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [avast5] C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui
O4 - HKCU\..\Run: [ctfmon.exe] ctfmon.exe
O4 - HKUS\.DEFAULT\..\Run: [internat.exe] internat.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O10 - Unknown file in Winsock LSP: c:\winnt\system32\nwprovau.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by110fd.bay110.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1263931323971
O16 - DPF: {89869334-AA13-489A-9A07-2BA062714A29} (Installer Class) - http://img.lnm.eu/youlog/client/MessengerInstaller.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game04.zylom.com/activex/zylomgamesplayer.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINNT\system32\HPZipm12.exe
--
End of file - 5403 bytes
salmax 8 September 2010, 23:25 kunnen mijn pc's ook besmet raken want trek daarvoor altijd ene van mijn 2 pc zonder internet af om de na te kijken aan te sluiten
Woudje100 12 September 2010, 18:17 Hallo,
Start je computer opnieuw op, maar deze keer in de Veilige Modus.
Je kan dit doen door je computer opnieuw op te starten en continue op de F8 toets te drukken totdat er een menu verschijnt.
Gebruik in dit menu de pijltjes op je toetsenbord om de Veilige Modus te selecteren en druk daarna op Enter.
Dubbelklik op het installatie bestand om het programma te installeren.
Klik op Next om verder te gaan.
Het programma wordt standaard in een map op je buraublad geinstalleerd.Klik op Next.
Klik op OK in de melding om in de Veilige Modus te scannen.
Het programma wordt automatisch worden geopend op het tabblad Automatic scan.
Zorg ervoor dat het volgende onder Automatic scan is aangevinkt.
System Memory
Startup Objects
Disk Boot Sectors.
My Computer.
Ook alle andere (verwijderbare) schijven
Klik nadat je dat hebt aangevinkt op Security level, kies Customize, ga naar het tabblad Heuristic Analyzer, vink Enable Deep rootkit search aan en klik op ok.
Klik daarna nogmaals op op OK en je bent weer terug in het hoofd scherm.
Klik op Scan in de rechter bovenhoek.
Het programma neutraliseert automatisch alle gevonden objecten.
Als er nog niet-geneutraliseerde objecten overblijven, klik dan op de knop Neutralize all
Als er bestanden niet geneutraliseerd kunnen worden, verwijder het bestand dan.
Klik als dat allemaal klaar is op de reports knop aan de onderkant en sla het logje op met als bestandsnaam Kas.
Sla het logje op een geschikte plaats op bijvoorbeeld je bureaublad en kopieer alle gevonden malware uit je log, dit staat bovenaan onder Detected en plak alleen dit gedeelte van het logje in je volgende bericht.
N.B.: dit programma zal zichzelf verwijderen, indien je het programma afsluit! Dus sla het logje eerst op voordat je het programma afsluit.
Woudje100
salmax 16 September 2010, 15:54 ik ga even achter cd zoeken van windows 2000 pro is dat niet de snelste oplossing
Woudje100 17 September 2010, 14:23 Oké Salmax, is goed hoor ;)
Woudje100
salmax 17 September 2010, 22:19 weet niet ik ene vindt wat is moeilijk vindbaar
als ik gene vindt zien we nog wel
kan ik ergens zien het officiele code is
want op bak hangt geen sticker
Woudje100 18 September 2010, 19:05 Met het programma Keyfinder (http://www.magicaljellybean.com/keyfinder/) kun je je licentiesleutel achterhalen.
Woudje100
salmax 18 September 2010, 20:35 handig maar heb de code al via belarc advisor
maar daarom merk ik is ze niet altijd legaal zijn
zijn daar ook programmas voor
salmax 4 October 2010, 02:42 deze mag toe kan deze later vragen terug te openen ik wacht op een cd om deze te formateren bedankt voor hulp
woudje bedankt voor je inspanning
heb keyfinder free gedownload en is handig programma voor key snel te hebben
|
|