hierbij het log van combofix
ComboFix 10-02-12.01 - Dennis 13-02-2010 19:40:57.14.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.31.1043.18.1023.631 [GMT 1:00]
Gestart vanuit: c:\documents and settings\Dennis\Bureaublad\ComboFix.exe
AV: ESET NOD32 antivirus systeem 2.70 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
* Aanwezig AV is actief
.
(((((((((((((((((((( Bestanden Gemaakt van 2010-01-13 to 2010-02-13 ))))))))))))))))))))))))))))))
.
2010-02-13 14:46 . 2010-02-13 14:46 61440 ----a-w- c:\documents and settings\Dennis\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-10b37fc1-n\decora-sse.dll
2010-02-13 14:46 . 2010-02-13 14:46 12800 ----a-w- c:\documents and settings\Dennis\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-10b37fc1-n\decora-d3d.dll
2010-02-13 14:46 . 2010-02-13 14:46 503808 ----a-w- c:\documents and settings\Dennis\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-22c1a500-n\msvcp71.dll
2010-02-13 14:46 . 2010-02-13 14:46 499712 ----a-w- c:\documents and settings\Dennis\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-22c1a500-n\jmc.dll
2010-02-13 14:46 . 2010-02-13 14:46 348160 ----a-w- c:\documents and settings\Dennis\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-22c1a500-n\msvcr71.dll
2010-02-12 19:04 . 2010-02-12 19:04 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2010-02-12 19:01 . 2010-02-12 16:56 15880 ----a-w- c:\windows\system32\lsdelete.exe
2010-02-12 17:30 . 2010-02-12 17:30 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2010-02-12 17:08 . 2010-02-12 17:08 -------- d-----w- c:\documents and settings\LocalService\Bureaublad
2010-02-12 16:57 . 2009-12-02 13:19 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2010-02-12 16:55 . 2010-02-12 16:55 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{BC9FCCF7-E686-494B-8C9B-55C9A39A7CA9}
2010-02-12 16:55 . 2009-12-07 14:10 2953352 -c--a-w- c:\documents and settings\All Users\Application Data\{BC9FCCF7-E686-494B-8C9B-55C9A39A7CA9}\Ad-AwareInstallation.exe
2010-02-12 16:16 . 2008-04-14 17:02 399872 ----a-w- c:\documents and settings\All Users\Application Data\Hitman Pro 3\prompt.exe
2010-02-12 16:14 . 2010-02-12 16:23 -------- d-----w- c:\documents and settings\All Users\Application Data\Hitman Pro 3
2010-02-12 16:14 . 2010-02-12 16:14 -------- d-----w- c:\program files\Hitman Pro 3
2010-02-07 08:23 . 2010-02-13 18:32 -------- d--h--r- c:\documents and settings\Dennis\Onlangs geopend
2010-02-06 15:23 . 2010-02-06 15:46 -------- d-----w- c:\program files\MP3 Jukebox
2010-02-04 20:48 . 2010-01-21 16:11 52224 ----a-w- c:\documents and settings\Dennis\Application Data\Mozilla\Firefox\Profiles\cxqeegn6.default\extensions\{ecdee021-0d17-467f-a1ff-c7a115230949}\components\FFExternalAlert.dll
2010-02-04 20:48 . 2010-01-21 16:11 101376 ----a-w- c:\documents and settings\Dennis\Application Data\Mozilla\Firefox\Profiles\cxqeegn6.default\extensions\{ecdee021-0d17-467f-a1ff-c7a115230949}\components\RadioWMPCore.dll
2010-02-03 21:00 . 2010-02-03 21:00 -------- d-----w- c:\program files\Pure Networks
2010-02-03 20:59 . 2010-02-13 17:48 -------- d-----w- c:\program files\WebEx
2010-02-03 20:57 . 2009-07-07 13:48 25392 ----a-w- c:\windows\system32\drivers\pnarp.sys
2010-02-03 20:57 . 2009-07-07 13:48 26672 ----a-w- c:\windows\system32\drivers\purendis.sys
2010-02-03 20:57 . 2010-02-03 20:57 -------- d-----w- c:\program files\Common Files\Pure Networks Shared
2010-02-03 20:54 . 2009-08-07 22:56 34226736 ----a-w- c:\documents and settings\All Users\Application Data\Pure Networks\Setup\nmsetup.exe
2010-01-25 16:52 . 2010-01-25 16:52 -------- d-----w- C:\PDF
2010-01-23 20:27 . 2010-01-23 20:27 -------- d-----w- c:\program files\Common Files\EZB Systems
2010-01-23 20:27 . 2010-01-23 20:27 -------- d-----w- c:\program files\UltraISO
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-13 17:53 . 2008-03-13 18:32 -------- d-----w- c:\documents and settings\Dennis\Application Data\uTorrent
2010-02-13 14:47 . 2009-07-13 20:48 -------- d-----w- c:\program files\Common Files\Java
2010-02-13 14:45 . 2008-10-23 21:54 -------- d-----w- c:\program files\Java
2010-02-12 20:07 . 2008-03-07 09:37 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-02-12 19:36 . 2008-10-18 14:16 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-02-10 17:01 . 2009-08-10 16:45 15944 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2010-02-10 10:00 . 2008-04-29 08:32 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-02-06 13:13 . 2009-12-15 11:04 -------- d-----w- c:\program files\Google
2010-02-06 12:27 . 2003-10-05 12:32 -------- d-----w- c:\program files\Common Files\Adobe
2010-02-03 21:06 . 2009-07-13 19:57 -------- d-----w- c:\documents and settings\All Users\Application Data\Pure Networks
2010-02-03 20:58 . 2010-02-03 20:58 8892928 ----a-w- c:\documents and settings\All Users\Application Data\atscie.msi
2010-02-03 20:53 . 2003-10-05 10:14 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-02-03 20:53 . 2009-07-13 20:44 -------- d-----w- c:\program files\Linksys
2010-02-03 16:51 . 2008-04-25 18:19 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-02-01 09:58 . 2009-07-27 07:19 664 ----a-w- c:\documents and settings\Leontine\Local Settings\Application Data\d3d9caps.tmp
2010-01-29 23:14 . 2008-03-07 09:27 -------- d-----w- c:\program files\ESET
2010-01-21 16:38 . 2009-07-02 20:33 -------- d-----w- c:\program files\Microsoft Silverlight
2010-01-20 05:17 . 2009-12-15 21:16 267808 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2010-01-09 15:06 . 2008-10-24 19:36 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-09 15:04 . 2008-12-12 12:02 5115824 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2010-01-09 11:50 . 2010-01-09 11:47 -------- d-----w- c:\documents and settings\Dennis\Application Data\Belastingdienst
2010-01-07 15:07 . 2008-10-24 19:37 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-07 15:07 . 2008-10-24 19:37 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-12-31 16:50 . 2003-10-05 18:52 353792 ----a-w- c:\windows\system32\drivers\srv.sys
2009-12-28 16:49 . 2009-12-27 19:55 -------- d-----w- c:\program files\AVS4YOU
2009-12-28 16:49 . 2009-12-27 19:56 -------- d-----w- c:\program files\Common Files\AVSMedia
2009-12-27 19:59 . 2009-12-27 19:59 -------- d-----w- c:\documents and settings\Dennis\Application Data\AVS4YOU
2009-12-27 19:59 . 2009-12-27 19:59 -------- d-----w- c:\documents and settings\All Users\Application Data\AVS4YOU
2009-12-26 08:40 . 2009-11-04 09:02 4722 ----a-w- c:\windows\system32\PerfStringBackup.TMP
2009-12-26 08:40 . 2003-10-05 18:52 95716 ----a-w- c:\windows\system32\perfc013.dat
2009-12-26 08:40 . 2003-10-05 18:52 489582 ----a-w- c:\windows\system32\perfh013.dat
2009-12-21 19:10 . 2006-06-23 12:29 916480 ------w- c:\windows\system32\wininet.dll
2009-12-17 16:14 . 2008-10-23 21:55 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-12-17 07:42 . 2003-10-05 09:58 345600 ----a-w- c:\windows\system32\mspaint.exe
2009-12-14 07:10 . 2003-10-05 18:52 33280 ----a-w- c:\windows\system32\csrsrv.dll
2009-12-11 09:04 . 2008-04-06 11:30 4632 ----a-w- c:\documents and settings\Leontine\Application Data\wklnhst.dat
2009-12-09 10:11 . 2002-09-09 13:18 2028544 ------w- c:\windows\system32\ntkrnlpa.exe
2009-12-09 10:11 . 2002-09-09 13:17 2149888 ------w- c:\windows\system32\ntoskrnl.exe
2009-12-04 18:22 . 2003-10-05 18:52 455424 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2009-11-27 17:14 . 2005-08-30 08:26 1295872 ----a-w- c:\windows\system32\quartz.dll
2009-11-27 17:14 . 2003-10-05 10:07 17920 ----a-w- c:\windows\system32\msyuv.dll
2009-11-27 16:10 . 2003-10-05 18:52 28672 ----a-w- c:\windows\system32\msvidc32.dll
2009-11-27 16:10 . 2003-10-05 18:52 11264 ----a-w- c:\windows\system32\msrle32.dll
2009-11-27 16:10 . 2003-10-05 18:52 85504 ----a-w- c:\windows\system32\avifil32.dll
2009-11-27 16:10 . 2003-10-05 10:37 8704 ----a-w- c:\windows\system32\tsbyuv.dll
2009-11-27 16:10 . 2003-10-05 10:37 48128 ----a-w- c:\windows\system32\iyuv_32.dll
2009-11-23 19:01 . 2009-11-23 19:01 5430 ----a-r- c:\documents and settings\Dennis\Application Data\Microsoft\Installer\{846E11C7-4E39-469C-8469-569E7DE9C5CD}\_E9E3E8815ADBA390949375.exe
2009-11-23 19:01 . 2009-11-23 19:01 5430 ----a-r- c:\documents and settings\Dennis\Application Data\Microsoft\Installer\{846E11C7-4E39-469C-8469-569E7DE9C5CD}\_6FEFF9B68218417F98F549.exe
2009-11-23 19:01 . 2009-11-23 19:01 5430 ----a-r- c:\documents and settings\Dennis\Application Data\Microsoft\Installer\{846E11C7-4E39-469C-8469-569E7DE9C5CD}\_0276E7E570CBB4EA97FB0F.exe
2009-11-21 16:03 . 2003-10-05 18:52 471552 ----a-w- c:\windows\AppPatch\aclayers.dll
.
((((((((((((((((((((((((((((( SnapShot@2010-02-13_18.06.59 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-02-13 18:38 . 2010-02-13 18:38 16384 c:\windows\temp\Perflib_Perfdata_7ec.dat
+ 2003-10-05 10:02 . 2010-02-13 18:39 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2003-10-05 10:02 . 2010-02-13 17:58 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2003-10-05 10:02 . 2010-02-13 18:39 32768 c:\windows\system32\config\systemprofile\Local Settings\Geschiedenis\History.IE5\index.dat
- 2003-10-05 10:02 . 2010-02-13 17:58 32768 c:\windows\system32\config\systemprofile\Local Settings\Geschiedenis\History.IE5\index.dat
+ 2010-02-13 18:39 . 2010-02-13 18:39 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2003-10-05 10:02 . 2010-02-13 17:58 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2009-06-25 1414144]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Dit"="Dit.exe" [2002-08-28 73728]
"ledpointer"="CNYHKey.exe" [2003-06-27 5798912]
"CHotkey"="mHotkey.exe" [2003-06-27 506368]
"Cmaudio"="cmicnfg.cpl" [2003-09-12 2244608]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2003-08-12 335872]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"nod32kui"="c:\program files\Eset\nod32kui.exe" [2009-08-10 949376]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-01-11 246504]
"nmctxth"="c:\program files\Common Files\Pure Networks Shared\Platform\nmctxth.exe" [2009-07-07 647216]
"nmapp"="c:\program files\Pure Networks\Network Magic\nmapp.exe" [2010-02-03 472112]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2009-12-18 40368]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\
Photo Loader supervisory.lnk - c:\program files\CASIO\Photo Loader\Plauto.exe [2008-3-7 217088]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0SsiEfr.e\0lsdelete
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2008-08-08 12:11 490952 ----a-w- c:\program files\DAEMON Tools Lite\daemon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]
2009-06-25 13:12 1414144 ----a-w- c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
2008-03-14 23:50 233472 ----a-w- c:\program files\PowerISO\PWRISOVM.EXE
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"BitTorrent DNA"="c:\program files\DNA\btdna.exe"
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" -autorun
"CTFMON.EXE"=c:\windows\system32\ctfmon.exe
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"PinnacleDriverCheck"=c:\windows\System32\PSDrvCheck.exe
"fssui"="c:\program files\Windows Live\Family Safety\fssui.exe" -autorun
"PWRISOVM.EXE"=c:\program files\PowerISO\PWRISOVM.EXE
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe"
"PRISMSTA.EXE"=PRISMSTA.EXE START
"HP Lamp"=c:\program files\Hewlett-Packard\HP PrecisionScan\PrecisionScan\HPLamp.exe
"HPDJ Taskbar Utility"=c:\windows\system32\spool\drivers\w32x86\3\hpztsb04.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"d:\\Utprrent Downloads\\U-Torrent 1.6 + taalpakket\\utorrent.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\Samsung\\SAMSUNG PC Share Manager\\WiselinkPro.exe"=
"c:\\Program Files\\Samsung\\SAMSUNG PC Share Manager\\http_ss_win_pro.exe"=
"c:\\Program Files\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"=
"c:\\Program Files\\Common Files\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=
"c:\\Program Files\\SopCast\\adv\\SopAdver.exe"=
"c:\\Program Files\\SopCast\\SopCast.exe"=
"c:\program files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe"= c:\program files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe:LocalSubNet,0.0.0.0/255.255.255.255:Enabled:Pure Networks Platform Service
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"67:UDP"= 67:UDP:DHCP Discovery Service
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [12-2-2010 17:57 64288]
R1 nod32drv;nod32drv;c:\windows\system32\drivers\nod32drv.sys [10-8-2009 18:17 15424]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr.sys [23-3-2008 22:28 43816]
R2 fsssvc;Windows Live OneCare Family Safety;c:\program files\Windows Live\Family Safety\fsssvc.exe [17-12-2007 11:13 523816]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2-12-2009 14:19 1181328]
R2 LogWatch;Event Log Watch;c:\program files\CA\SharedComponents\CA_LIC\LogWatNT.exe [20-9-2002 17:29 53248]
R3 ADM8511;ADMtek ADM8511/AN986 USB To Fast Ethernet Converter;c:\windows\system32\drivers\ADM8511.SYS [6-3-2008 14:58 20160]
R3 PhTVTune;MEDION TV-TUNER 7134 MK2/3;c:\windows\system32\drivers\PhTVTune.sys [12-6-2003 7:47 24704]
R3 PRISM_A00;PRISM 802.11g Driver;c:\windows\system32\drivers\PRISMA00.sys [10-9-2003 12:22 362688]
S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [19-4-2008 17:16 717296]
S1 ctredr15.sys;ctredr15.sys;\??\c:\windows\system32\drivers\ctredr15.sys --> c:\windows\system32\drivers\ctredr15.sys [?]
S1 SuperMounter;SuperMounter; [x]
S2 gupdate;Google Updateservice (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [15-12-2009 12:04 135664]
S2 SentinelFilter;SentinelFilter;\??\d:\utprrent downloads\STRUCAD V11.0 --> d:\utprrent downloads\STRUCAD V11.0 [?]
S2 WiselinkPro;SAMSUNG WiselinkPro Service;c:\program files\Samsung\SAMSUNG PC Share Manager\WiselinkPro.exe [8-1-2009 8:38 4136960]
S3 CA_LIC_CLNT;CA License Client;c:\program files\CA\SharedComponents\CA_LIC\lic98rmt.exe [20-9-2002 17:27 77824]
S3 CA_LIC_SRVR;CA License Server;c:\program files\CA\SharedComponents\CA_LIC\lic98rmtd.exe [20-9-2002 17:41 77824]
S3 epstw2k;SCM-SCSI stuurprogramma voor parallele poort;c:\windows\system32\drivers\epstw2k.sys [8-2-2009 18:11 114944]
S3 hitmanpro3;Hitman Pro 3 Support Driver;\??\c:\windows\system32\drivers\hitmanpro3.sys --> c:\windows\system32\drivers\hitmanpro3.sys [?]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [27-6-2009 22:49 136704]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [27-6-2009 22:49 8320]
S3 PIXMCV;JVC Communication PIX-MCV Driver;c:\windows\system32\drivers\pixmcvc.sys [28-6-2009 13:08 32000]
S3 PIXMCVA;JVC PIX-MCV Audio Capture;c:\windows\system32\drivers\pixmcva.sys [28-6-2009 13:17 28057]
S3 PIXMCVV;JVC PIX-MCV Video Capture;c:\windows\system32\drivers\pixmcvv.sys [28-6-2009 15:13 21081]
.
Inhoud van de 'Gedeelde Taken' map
2010-02-13 c:\windows\Tasks\Ad-Aware Update (Daily 1).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-12-02 16:56]
2010-02-13 c:\windows\Tasks\Ad-Aware Update (Daily 2).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-12-02 16:56]
2010-02-13 c:\windows\Tasks\Ad-Aware Update (Daily 3).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-12-02 16:56]
2010-02-13 c:\windows\Tasks\Ad-Aware Update (Daily 4).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-12-02 16:56]
2010-02-13 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-12-02 16:56]
2010-02-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-15 11:04]
2010-02-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-15 11:04]
.
.
------- Bijkomende Scan -------
.
uStart Page =
hxxp://www.weerplaza.nl/uInternet Settings,ProxyServer = proxy:8080
uInternet Settings,ProxyOverride = <local>
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
LSP: c:\windows\system32\imon.dll
DPF: DirectAnimation Java Classes -
file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java -
file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Dennis\Application Data\Mozilla\Firefox\Profiles\cxqeegn6.default\
FF - prefs.js: browser.search.defaulturl -
hxxp://search.conduit.com/ResultsExt.as ... ource=3&q=FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage -
hxxp://www.weerplaza.nl/FF - prefs.js: keyword.URL -
FF - component: c:\documents and settings\Dennis\Application Data\Mozilla\Firefox\Profiles\cxqeegn6.default\extensions\{ecdee021-0d17-467f-a1ff-c7a115230949}\components\FFExternalAlert.dll
FF - component: c:\documents and settings\Dennis\Application Data\Mozilla\Firefox\Profiles\cxqeegn6.default\extensions\{ecdee021-0d17-467f-a1ff-c7a115230949}\components\RadioWMPCore.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- FIREFOX POLICIES ----
FF - user.js: network.http.max-connections-per-server - 6
FF - user.js: network.http.max-persistent-connections-per-server - 3
FF - user.js: content.max.tokenizing.time - 1500000
FF - user.js: content.notify.interval - 750000
FF - user.js: nglayout.initialpaint.delay - 100
.
.
------- Bestandsassociaties -------
.
JSEFile=NOTEPAD.EXE %1
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2010-02-13 19:48
Windows 5.1.2600 Service Pack 3 NTFS
scannen van verborgen processen ...
scannen van verborgen autostart items ...
scannen van verborgen bestanden ...
Scan succesvol afgerond
verborgen bestanden: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SentinelFilter]
"ImagePath"="\??\d:\utprrent downloads\STRUCAD V11.0"
.
Voltooingstijd: 2010-02-13 19:53:18
ComboFix-quarantined-files.txt 2010-02-13 18:53
ComboFix2.txt 2010-02-13 18:11
ComboFix3.txt 2009-01-25 08:28
Pre-Run: 26.123.370.496 bytes beschikbaar
Post-Run: 26.089.738.240 bytes beschikbaar
- - End Of File - - 70140A762993FD86A686B0CCED991EA0
Nadien ook een nieuw hjt log gemaakt
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:19:25, on 13-2-2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Eset\nod32krn.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.weerplaza.nl/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy:8080
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Windows Live OneCare Family Safety Browser Helper - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [Dit] Dit.exe
O4 - HKLM\..\Run: [ledpointer] CNYHKey.exe
O4 - HKLM\..\Run: [CHotkey] mHotkey.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [nmctxth] "C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe"
O4 - HKLM\..\Run: [nmapp] "C:\Program Files\Pure Networks\Network Magic\nmapp.exe" -autorun -nosplash
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Photo Loader supervisory.lnk = C:\Program Files\CASIO\Photo Loader\Plauto.exe
O8 - Extra context menu item: E&xport to Microsoft Excel -
res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: In weblog opnemen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &In weblog opnemen met Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://start.home.nl/
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} -
http://www.eset.eu/OnlineScanner.cabO16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} (MUCatalogWebControl Class) -
http://catalog.update.microsoft.com/v7/ ... 8252521921O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: CA License Client (CA_LIC_CLNT) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmt.exe
O23 - Service: CA License Server (CA_LIC_SRVR) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmtd.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: Event Log Watch (LogWatch) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe
O23 - Service: Pure Networks Platform Service (nmservice) - Cisco Systems, Inc. - C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
O23 - Service: SAMSUNG WiselinkPro Service (WiselinkPro) - Unknown owner - C:\Program Files\Samsung\SAMSUNG PC Share Manager\WiselinkPro.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
--
End of file - 7996 bytes
Inloggen
Registreren
Help
