Het is nu di jul 22, 2014 5:14 pm

Forumoverzicht » RSIT/DDS/HijackThis logfiles » Opgeloste RSIT/DDS/HijackThis logfiles




Dit onderwerp is gesloten, je kunt geen berichten wijzigen of nieuwe antwoorden plaatsen  [ 45 berichten ]  Ga naar pagina Vorige  1, 2, 3
Auteur Bericht
 Berichttitel: Re: pc schoonmaak
BerichtGeplaatst: di mei 12, 2009 8:29 am 
Offline
Moderator
Avatar gebruiker

Geregistreerd: wo apr 13, 2005 3:54 pm
Berichten: 33453
Woonplaats: Kotje aan de kust.
Besturingssysteem: Windows 7
Bescherming: Malwarebytes pro
niet helemaal goed gelukt, wil je het nogmaals uitvoeren aub.

_________________
****Afbeelding****
Lid van Team Opleiding.

traagheidtips
Keuze in AV
wat is een rootkit


Omhoog
 Profiel  
 
 Berichttitel: Re: pc schoonmaak
BerichtGeplaatst: di mei 12, 2009 7:55 pm 
Offline
Lid

Geregistreerd: zo jan 21, 2007 1:40 pm
Berichten: 57
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:55:09, on 12-5-2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\WINDOWS\system32\ssoftsrv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
C:\WINDOWS\Mixer.exe
C:\WINDOWS\system32\lexpps.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Common Files\Real\Update_OB\RealOneMessageCenter.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\WINDOWS\Mixer.exe
C:\WINDOWS\system32\lexpps.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://toolbar.ask.com/toolbarv/askRedi ... t=&gc=1&q=
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://toolbar.ask.com/toolbarv/askRedi ... t=&gc=1&q=%s
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://desktop.google.com/networkhelp3.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {af69de43-7d58-4638-b6fa-ce66b5ad205d} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: Google Dictionary Compression sdch - {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\system32\qttask.exe" -atboottime
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [MsgCenterExe] "C:\Program Files\Common Files\Real\Update_OB\RealOneMessageCenter.exe" -osboot
O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_1_0
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AROReminder] C:\Program Files\Advanced Registry Optimizer\aro.exe -rem
O4 - HKCU\..\Run: [DW4] "C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe"
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Snelle start.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {EDFCB7CB-942C-4822-AF14-F0B687409848} (Image Uploader Control) - http://cache.hyves-static.net/statics/A ... oader4.cab
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O23 - Service: Intelligente achtergrondsoverdrachtservice (BITS) - Unknown owner - C:\WINDOWS\
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
O23 - Service: Cryptainer service (ssoftservice) - Cypherix - C:\WINDOWS\SYSTEM32\ssoftsrv.exe
O23 - Service: Automatische updates (wuauserv) - Unknown owner - C:\WINDOWS\

--
End of file - 8362 bytes


Omhoog
 Profiel  
 
 Berichttitel: Re: pc schoonmaak
BerichtGeplaatst: di mei 12, 2009 9:07 pm 
Offline
Moderator
Avatar gebruiker

Geregistreerd: wo apr 13, 2005 3:54 pm
Berichten: 33453
Woonplaats: Kotje aan de kust.
Besturingssysteem: Windows 7
Bescherming: Malwarebytes pro
Open een kladblokbestand.
Kopieer onderstaande code in dit kladblokbestand.
Ga naar Bestand - Opslaan als.
Bij "Opslaan in" kies je: Bureaublad
Bij "Bestandsnaam" zet je: fix.bat
Bij "Opslaan als type" selecteer je: Alle bestanden (*.*).
Klik op de knop Opslaan.


Code:
SWREG ACL "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv" /GE:F /Q
SWREG ACL "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Bits" /GE:F /Q
SWREG ADD "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv" /v "ImagePath" /t REG_EXPAND_SZ /d "%%SystemRoot%%\system32\svchost.exe -k netsvcs" /f
SWREG ADD "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Bits" /v "ImagePath" /t REG_EXPAND_SZ /d "%%SystemRoot%%\system32\svchost.exe -k netsvcs" /f


dubbelklik op fix.bat en laat het zijn gang gaan.

start opnieuw op en plaats een nieuw HJT logje

_________________
****Afbeelding****
Lid van Team Opleiding.

traagheidtips
Keuze in AV
wat is een rootkit


Omhoog
 Profiel  
 
 Berichttitel: Re: pc schoonmaak
BerichtGeplaatst: di mei 12, 2009 10:06 pm 
Offline
Lid

Geregistreerd: zo jan 21, 2007 1:40 pm
Berichten: 57
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:04:20, on 12-5-2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Common Files\Real\Update_OB\RealOneMessageCenter.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\WINDOWS\Mixer.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\WINDOWS\system32\ssoftsrv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://toolbar.ask.com/toolbarv/askRedi ... t=&gc=1&q=
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://toolbar.ask.com/toolbarv/askRedi ... t=&gc=1&q=%s
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://desktop.google.com/networkhelp3.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {af69de43-7d58-4638-b6fa-ce66b5ad205d} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: Google Dictionary Compression sdch - {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\system32\qttask.exe" -atboottime
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [MsgCenterExe] "C:\Program Files\Common Files\Real\Update_OB\RealOneMessageCenter.exe" -osboot
O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_1_0
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AROReminder] C:\Program Files\Advanced Registry Optimizer\aro.exe -rem
O4 - HKCU\..\Run: [DW4] "C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe"
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Snelle start.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {EDFCB7CB-942C-4822-AF14-F0B687409848} (Image Uploader Control) - http://cache.hyves-static.net/statics/A ... oader4.cab
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O23 - Service: getPlus(R) Helper (getplus(r) helper) - Unknown owner - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe (file missing)
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
O23 - Service: Cryptainer service (ssoftservice) - Cypherix - C:\WINDOWS\SYSTEM32\ssoftsrv.exe
O23 - Service: Automatische updates (wuauserv) - Unknown owner - C:\WINDOWS\

--
End of file - 8033 bytes


Omhoog
 Profiel  
 
 Berichttitel: Re: pc schoonmaak
BerichtGeplaatst: di mei 12, 2009 10:26 pm 
Offline
Moderator
Avatar gebruiker

Geregistreerd: wo apr 13, 2005 3:54 pm
Berichten: 33453
Woonplaats: Kotje aan de kust.
Besturingssysteem: Windows 7
Bescherming: Malwarebytes pro
vreemd plaats nog eens een nieuw combofix logje aub.

_________________
****Afbeelding****
Lid van Team Opleiding.

traagheidtips
Keuze in AV
wat is een rootkit


Omhoog
 Profiel  
 
 Berichttitel: Re: pc schoonmaak
BerichtGeplaatst: do mei 14, 2009 7:09 pm 
Offline
Lid

Geregistreerd: zo jan 21, 2007 1:40 pm
Berichten: 57
ComboFix 09-05-13.02 - Windows 14-05-2009 19:01.7 - FAT32x86
Microsoft Windows XP Professional 5.1.2600.2.1252.31.1043.18.479.178 [GMT 2:00]
Gestart vanuit: c:\documents and settings\Windows.Unattended.000\Bureaublad\ComboFix.exe
AV: Windows Live OneCare *On-access scanning disabled* (Outdated) {427ADFC3-B354-4A51-BE34-A9D4218E45C4}
FW: Sygate Personal Firewall *enabled* {BE898FE3-CD0B-4014-85A9-03DB9923DDB6}
* Nieuw herstelpunt werd aangemaakt
.

(((((((((((((((((((( Bestanden Gemaakt van 2009-04-14 to 2009-05-14 ))))))))))))))))))))))))))))))
.

2009-05-14 15:15 . 2009-05-14 15:15 -------- d-sh--w C:\FOUND.001
2009-05-12 18:31 . 2009-05-12 18:31 -------- d-----w c:\documents and settings\All Users.WINDOWS\Application Data\NOS
2009-05-12 18:31 . 2009-05-12 18:31 -------- d-----w c:\program files\NOS
2009-05-04 10:17 . 2009-05-04 10:17 -------- d-----w c:\program files\MSECache
2009-05-02 20:19 . 2009-05-02 20:19 -------- d-----w c:\documents and settings\All Users.WINDOWS\Application Data\Google Updater
2009-05-02 16:36 . 2009-05-02 16:36 -------- d-----w c:\program files\QuickDownloadPack
2009-05-02 15:54 . 2009-05-02 15:55 -------- d-----w c:\program files\Trend Micro
2009-05-01 09:44 . 2009-05-01 09:44 -------- d-----w c:\program files\The Weather Channel FW
2009-05-01 09:37 . 2009-05-01 09:37 -------- d-----w c:\documents and settings\Windows.Unattended.000\Application Data\Sammsoft
2009-05-01 09:37 . 2009-05-01 09:37 -------- d-----w c:\program files\Advanced Registry Optimizer
2009-05-01 09:36 . 2009-05-01 09:36 -------- d-----w c:\documents and settings\Windows.Unattended.000\Local Settings\Application Data\The Weather Channel
2009-05-01 09:36 . 2009-05-01 09:36 -------- d-----w c:\program files\AskSearch
2009-05-01 09:36 . 2009-05-01 09:36 -------- d-----w c:\program files\AskBarDis

.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-09 11:27 . 2008-03-31 11:10 67480 ----a-w c:\documents and settings\JoyceJewelCelanyo.Unattended.000\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-05-04 11:02 . 2008-03-29 16:55 67480 ----a-w c:\documents and settings\Windows.Unattended.000\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-03-21 07:42 . 2009-03-21 07:42 -------- d-----w c:\program files\Belastingdienst
2009-02-21 09:51 . 2001-09-07 11:00 78662 ----a-w c:\windows\system32\perfc013.dat
2009-02-21 09:51 . 2001-09-07 11:00 461834 ----a-w c:\windows\system32\perfh013.dat
2006-10-11 07:04 . 2007-08-01 16:11 61036 ----a-w c:\program files\mozilla firefox\components\jar50.dll
2006-10-11 07:05 . 2007-08-01 16:11 48742 ----a-w c:\program files\mozilla firefox\components\jsd3250.dll
2006-10-11 07:05 . 2007-08-01 16:11 29313 ----a-w c:\program files\mozilla firefox\components\myspell.dll
2006-10-11 07:05 . 2007-08-01 16:11 41082 ----a-w c:\program files\mozilla firefox\components\spellchk.dll
2006-10-11 07:04 . 2007-08-01 16:11 166510 ----a-w c:\program files\mozilla firefox\components\xpinstal.dll
.

((((((((((((((((((((((((((((( SnapShot@2009-05-06_17.17.16 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-05-12 15:58 . 2009-05-12 15:59 14270 c:\windows\SoftwareDistribution\EventCache\{21441E95-0B86-44B1-A5A7-2C6A2C639BBE}.bin
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
2008-08-06 13:20 279944 ----a-w c:\program files\AskBarDis\bar\bin\askBar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-08-06 279944]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-08-06 279944]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"updateMgr"="c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2004-11-22 307200]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2006-01-02 68856]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"AROReminder"="c:\program files\Advanced Registry Optimizer\aro.exe" [2008-08-22 2084480]
"DW4"="c:\program files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe" [2007-12-20 715888]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-03-29 185896]
"SunJavaUpdateSched"="c:\program files\Java\j2re1.4.2_06\bin\jusched.exe" [2004-09-28 32881]
"SmcService"="c:\progra~1\Sygate\SPF\smc.exe" [2004-10-15 2577632]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 32768]
"QuickTime Task"="c:\windows\system32\qttask.exe" [2004-12-26 98304]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2005-05-08 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-05-08 5562368]
"MsgCenterExe"="c:\program files\Common Files\Real\Update_OB\RealOneMessageCenter.exe" [2008-03-29 69632]
"Lexmark X1100 Series"="c:\program files\Lexmark X1100 Series\lxbkbmgr.exe" [2003-08-19 57344]
"ISTray"="c:\program files\Spyware Doctor\pctsTray.exe" [2008-08-25 1168264]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2005-05-08 1495040]
"C-Media Mixer"="Mixer.exe" - c:\windows\mixer.exe [2005-05-08 1855488]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]

c:\documents and settings\JoyceJewelCelanyo\Menu Start\Programma's\Opstarten\
IMVU.lnk - c:\program files\IMVU\IMVUClient.exe [2008-6-20 49408]

c:\documents and settings\JoyceJewelCelanyo.Wachter\Menu Start\Programma's\Opstarten\
OneNote 2007 Schermopname en Snel starten.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 98632]

c:\documents and settings\All Users.WINDOWS\Menu Start\Programma's\Opstarten\
Adobe Reader Snelle start.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\WINDOWS\\System32\\LEXPPS.EXE"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"7082:TCP"= 7082:TCP:BitComet 7082 TCP
"7082:UDP"= 7082:UDP:BitComet 7082 UDP

R2 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [21-2-2009 11:49 356920]
R2 ssoftnt4;ssoftnt4;c:\windows\system32\drivers\ssoftnt4.sys [31-8-2008 12:09 114944]
S1 e6dfa4e2;e6dfa4e2;c:\windows\system32\drivers\e6dfa4e2.sys --> c:\windows\system32\drivers\e6dfa4e2.sys [?]
S3 getplus(r) helper;getPlus(R) Helper;c:\program files\NOS\bin\getPlus_HelperSvc.exe --> c:\program files\NOS\bin\getPlus_HelperSvc.exe [?]

--- Andere Services/Drivers In Geheugen ---

*Deregistered* - mchInjDrv

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ecec3e80-85c8-11dd-abc0-00c0268769cb}]
\Shell\Auto\command - sachost.exe
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL sachost.exe
.
Inhoud van de 'Gedeelde Taken' map

2009-05-14 c:\windows\Tasks\Controleren op updates voor Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 09:20]

2009-05-14 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-02-13 20:19]
.
.
------- Bijkomende Scan -------
.
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uInternet Connection Wizard,ShellNext = hxxp://desktop.google.com/networkhelp3.html
uSearchURL,(Default) = hxxp://toolbar.ask.com/toolbarv/askRedi ... t=&gc=1&q=%s
IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
FF - ProfilePath - c:\documents and settings\Windows.Unattended.000\Application Data\Mozilla\Firefox\Profiles\p13pnbvs.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://google.atcomet.com/b/
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-14 19:05
Windows 5.1.2600 Service Pack 2 FAT NTAPI

detected NTDLL code modification:
ZwClose

scannen van verborgen processen ...

scannen van verborgen autostart items ...

scannen van verborgen bestanden ...

Scan succesvol afgerond
verborgen bestanden: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\vsdatant]
"ImagePath"=""
.
--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|ù•9~*]
"3140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
.
--------------------- DLLs Geladen Onder Lopende Processen ---------------------

- - - - - - - > 'explorer.exe'(2540)
c:\windows\system32\SSSensor.dll
.
Voltooingstijd: 2009-05-14 19:07
ComboFix-quarantined-files.txt 2009-05-14 17:07
ComboFix2.txt 2009-05-08 20:53
ComboFix3.txt 2009-05-06 17:19
ComboFix4.txt 2009-05-05 12:44

Pre-Run: 2.923.937.792 bytes beschikbaar
Post-Run: 3.252.027.392 bytes beschikbaar

158 --- E O F --- 2009-03-12 11:02


Omhoog
 Profiel  
 
 Berichttitel: Re: pc schoonmaak
BerichtGeplaatst: do mei 14, 2009 7:21 pm 
Offline
Moderator
Avatar gebruiker

Geregistreerd: wo apr 13, 2005 3:54 pm
Berichten: 33453
Woonplaats: Kotje aan de kust.
Besturingssysteem: Windows 7
Bescherming: Malwarebytes pro
Open Kladblok, kopieer en plak het volgende (vetgedrukte, blauwe tekst) in een leeg venster:

File::
C:\FOUND.001
C:\FOUND.

Registry::
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ecec3e80-85c8-11dd-abc0-00c0268769cb}]



Sla dit op op je Bureaublad als CFScript.txt.

Sleep CFScript.txt in ComboFix.exe zoals getoond in onderstaand voorbeeld :
Afbeelding



Dit zal ComboFix doen herstarten.

Na het herstarten van je computer, (indien het vraagt om te herstarten), kopieer en plak de inhoud van log.txt in je volgende antwoord.

_________________
****Afbeelding****
Lid van Team Opleiding.

traagheidtips
Keuze in AV
wat is een rootkit


Omhoog
 Profiel  
 
 Berichttitel: Re: pc schoonmaak
BerichtGeplaatst: do mei 14, 2009 9:51 pm 
Offline
Lid

Geregistreerd: zo jan 21, 2007 1:40 pm
Berichten: 57
ComboFix 09-05-14.02 - Windows 14-05-2009 21:42.8 - FAT32x86
Microsoft Windows XP Professional 5.1.2600.2.1252.31.1043.18.479.234 [GMT 2:00]
Gestart vanuit: c:\documents and settings\Windows.Unattended.000\Bureaublad\ComboFix.exe
gebruikte Opdracht switches :: c:\documents and settings\Windows.Unattended.000\Bureaublad\CFScript.txt..txt
AV: Windows Live OneCare *On-access scanning disabled* (Outdated) {427ADFC3-B354-4A51-BE34-A9D4218E45C4}
FW: Sygate Personal Firewall *enabled* {BE898FE3-CD0B-4014-85A9-03DB9923DDB6}

FILE ::
C:\FOUND.
C:\FOUND.001
.

(((((((((((((((((((( Bestanden Gemaakt van 2009-04-14 to 2009-05-14 ))))))))))))))))))))))))))))))
.

2009-05-14 19:12 . 2009-05-14 19:12 -------- d-----w c:\windows\LastGood
2009-05-14 15:15 . 2009-05-14 15:15 -------- d-sh--w C:\FOUND.001
2009-05-12 18:31 . 2009-05-12 18:31 -------- d-----w c:\documents and settings\All Users.WINDOWS\Application Data\NOS
2009-05-12 18:31 . 2009-05-12 18:31 -------- d-----w c:\program files\NOS
2009-05-04 10:17 . 2009-05-04 10:17 -------- d-----w c:\program files\MSECache
2009-05-02 20:19 . 2009-05-02 20:19 -------- d-----w c:\documents and settings\All Users.WINDOWS\Application Data\Google Updater
2009-05-02 16:36 . 2009-05-02 16:36 -------- d-----w c:\program files\QuickDownloadPack
2009-05-02 15:54 . 2009-05-02 15:55 -------- d-----w c:\program files\Trend Micro
2009-05-01 09:44 . 2009-05-01 09:44 -------- d-----w c:\program files\The Weather Channel FW
2009-05-01 09:37 . 2009-05-01 09:37 -------- d-----w c:\documents and settings\Windows.Unattended.000\Application Data\Sammsoft
2009-05-01 09:37 . 2009-05-01 09:37 -------- d-----w c:\program files\Advanced Registry Optimizer
2009-05-01 09:36 . 2009-05-01 09:36 -------- d-----w c:\documents and settings\Windows.Unattended.000\Local Settings\Application Data\The Weather Channel
2009-05-01 09:36 . 2009-05-01 09:36 -------- d-----w c:\program files\AskSearch
2009-05-01 09:36 . 2009-05-01 09:36 -------- d-----w c:\program files\AskBarDis

.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-09 11:27 . 2008-03-31 11:10 67480 ----a-w c:\documents and settings\JoyceJewelCelanyo.Unattended.000\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-05-04 11:02 . 2008-03-29 16:55 67480 ----a-w c:\documents and settings\Windows.Unattended.000\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-03-21 07:42 . 2009-03-21 07:42 -------- d-----w c:\program files\Belastingdienst
2009-02-21 09:51 . 2001-09-07 11:00 78662 ----a-w c:\windows\system32\perfc013.dat
2009-02-21 09:51 . 2001-09-07 11:00 461834 ----a-w c:\windows\system32\perfh013.dat
2006-10-11 07:04 . 2007-08-01 16:11 61036 ----a-w c:\program files\mozilla firefox\components\jar50.dll
2006-10-11 07:05 . 2007-08-01 16:11 48742 ----a-w c:\program files\mozilla firefox\components\jsd3250.dll
2006-10-11 07:05 . 2007-08-01 16:11 29313 ----a-w c:\program files\mozilla firefox\components\myspell.dll
2006-10-11 07:05 . 2007-08-01 16:11 41082 ----a-w c:\program files\mozilla firefox\components\spellchk.dll
2006-10-11 07:04 . 2007-08-01 16:11 166510 ----a-w c:\program files\mozilla firefox\components\xpinstal.dll
.

((((((((((((((((((((((((((((( SnapShot@2009-05-06_17.17.16 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-05-12 15:58 . 2009-05-14 19:04 11488 c:\windows\SoftwareDistribution\EventCache\{21441E95-0B86-44B1-A5A7-2C6A2C639BBE}.bin
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
2008-08-06 13:20 279944 ----a-w c:\program files\AskBarDis\bar\bin\askBar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-08-06 279944]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-08-06 279944]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"updateMgr"="c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2004-11-22 307200]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2006-01-02 68856]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"AROReminder"="c:\program files\Advanced Registry Optimizer\aro.exe" [2008-08-22 2084480]
"DW4"="c:\program files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe" [2007-12-20 715888]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-03-29 185896]
"SunJavaUpdateSched"="c:\program files\Java\j2re1.4.2_06\bin\jusched.exe" [2004-09-28 32881]
"SmcService"="c:\progra~1\Sygate\SPF\smc.exe" [2004-10-15 2577632]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 32768]
"QuickTime Task"="c:\windows\system32\qttask.exe" [2004-12-26 98304]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2005-05-08 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-05-08 5562368]
"MsgCenterExe"="c:\program files\Common Files\Real\Update_OB\RealOneMessageCenter.exe" [2008-03-29 69632]
"Lexmark X1100 Series"="c:\program files\Lexmark X1100 Series\lxbkbmgr.exe" [2003-08-19 57344]
"ISTray"="c:\program files\Spyware Doctor\pctsTray.exe" [2008-08-25 1168264]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2005-05-08 1495040]
"C-Media Mixer"="Mixer.exe" - c:\windows\mixer.exe [2005-05-08 1855488]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]

c:\documents and settings\JoyceJewelCelanyo\Menu Start\Programma's\Opstarten\
IMVU.lnk - c:\program files\IMVU\IMVUClient.exe [2008-6-20 49408]

c:\documents and settings\JoyceJewelCelanyo.Wachter\Menu Start\Programma's\Opstarten\
OneNote 2007 Schermopname en Snel starten.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 98632]

c:\documents and settings\All Users.WINDOWS\Menu Start\Programma's\Opstarten\
Adobe Reader Snelle start.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\WINDOWS\\System32\\LEXPPS.EXE"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"7082:TCP"= 7082:TCP:BitComet 7082 TCP
"7082:UDP"= 7082:UDP:BitComet 7082 UDP

R2 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [21-2-2009 11:49 356920]
R2 ssoftnt4;ssoftnt4;c:\windows\system32\drivers\ssoftnt4.sys [31-8-2008 12:09 114944]
S1 e6dfa4e2;e6dfa4e2;c:\windows\system32\drivers\e6dfa4e2.sys --> c:\windows\system32\drivers\e6dfa4e2.sys [?]
S3 getplus(r) helper;getPlus(R) Helper;c:\program files\NOS\bin\getPlus_HelperSvc.exe --> c:\program files\NOS\bin\getPlus_HelperSvc.exe [?]

--- Andere Services/Drivers In Geheugen ---

*Deregistered* - mchInjDrv
.
Inhoud van de 'Gedeelde Taken' map

2009-05-14 c:\windows\Tasks\Controleren op updates voor Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 09:20]

2009-05-14 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-02-13 20:19]
.
.
------- Bijkomende Scan -------
.
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uInternet Connection Wizard,ShellNext = hxxp://desktop.google.com/networkhelp3.html
uSearchURL,(Default) = hxxp://toolbar.ask.com/toolbarv/askRedi ... t=&gc=1&q=%s
IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
FF - ProfilePath - c:\documents and settings\Windows.Unattended.000\Application Data\Mozilla\Firefox\Profiles\p13pnbvs.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://google.atcomet.com/b/
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-14 21:46
Windows 5.1.2600 Service Pack 2 FAT NTAPI

detected NTDLL code modification:
ZwClose

scannen van verborgen processen ...

scannen van verborgen autostart items ...

scannen van verborgen bestanden ...

Scan succesvol afgerond
verborgen bestanden: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\vsdatant]
"ImagePath"=""
.
--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|ù•9~*]
"3140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
.
--------------------- DLLs Geladen Onder Lopende Processen ---------------------

- - - - - - - > 'explorer.exe'(3456)
c:\windows\system32\SSSensor.dll
.
Voltooingstijd: 2009-05-14 21:48
ComboFix-quarantined-files.txt 2009-05-14 19:48
ComboFix2.txt 2009-05-14 17:07
ComboFix3.txt 2009-05-08 20:53
ComboFix4.txt 2009-05-06 17:19
ComboFix5.txt 2009-05-14 19:39

Pre-Run: 3.068.100.608 bytes beschikbaar
Post-Run: 3.084.042.240 bytes beschikbaar

160 --- E O F --- 2009-03-12 11:02


Omhoog
 Profiel  
 
 Berichttitel: Re: pc schoonmaak
BerichtGeplaatst: vr mei 15, 2009 12:48 pm 
Offline
Moderator
Avatar gebruiker

Geregistreerd: wo apr 13, 2005 3:54 pm
Berichten: 33453
Woonplaats: Kotje aan de kust.
Besturingssysteem: Windows 7
Bescherming: Malwarebytes pro
wil je het nog eens doen zat een foutje in.



Open Kladblok, kopieer en plak het volgende (vetgedrukte, blauwe tekst) in een leeg venster:

Folder::
C:\FOUND.001
C:\FOUND.

Registry::
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ecec3e80-85c8-11dd-abc0-00c0268769cb}]



Sla dit op op je Bureaublad als CFScript.txt.

Sleep CFScript.txt in ComboFix.exe zoals getoond in onderstaand voorbeeld :
Afbeelding



Dit zal ComboFix doen herstarten.

Na het herstarten van je computer, (indien het vraagt om te herstarten), kopieer en plak de inhoud van log.txt in je volgende antwoord.

_________________
****Afbeelding****
Lid van Team Opleiding.

traagheidtips
Keuze in AV
wat is een rootkit


Omhoog
 Profiel  
 
 Berichttitel: Re: pc schoonmaak
BerichtGeplaatst: za mei 16, 2009 12:42 pm 
Offline
Lid

Geregistreerd: zo jan 21, 2007 1:40 pm
Berichten: 57
ComboFix 09-05-14.02 - Windows 16-05-2009 12:33.9 - FAT32x86
Microsoft Windows XP Professional 5.1.2600.2.1252.31.1043.18.479.101 [GMT 2:00]
Gestart vanuit: c:\documents and settings\Windows.Unattended.000\Bureaublad\ComboFix.exe
AV: Windows Live OneCare *On-access scanning disabled* (Outdated) {427ADFC3-B354-4A51-BE34-A9D4218E45C4}
FW: Sygate Personal Firewall *enabled* {BE898FE3-CD0B-4014-85A9-03DB9923DDB6}
.
/wow section - STAGE 1
PV wordt niet herkend als een interne
of externe opdracht, programma of batchbestand.


(((((((((((((((((((( Bestanden Gemaakt van 2009-04-16 to 2009-05-16 ))))))))))))))))))))))))))))))
.

2009-05-14 20:04 . 2009-03-10 20:18 454024 ----a-w c:\windows\system32\KB905474\wgasetup.exe
2009-05-14 20:04 . 2009-03-10 20:26 1436544 ----a-w c:\windows\system32\KB905474\wganotifypackageinner.exe
2009-05-14 20:04 . 2009-05-14 20:04 -------- d-----w c:\windows\system32\KB905474
2009-05-14 19:20 . 2009-02-06 16:39 227840 ------w c:\windows\system32\dllcache\wmiprvse.exe
2009-05-14 19:20 . 2009-02-09 10:22 453120 ------w c:\windows\system32\dllcache\wmiprvsd.dll
2009-05-14 19:11 . 2008-04-21 21:28 218624 ------w c:\windows\system32\dllcache\wordpad.exe
2009-05-14 15:15 . 2009-05-14 15:15 -------- d-sh--w C:\FOUND.001
2009-05-12 18:31 . 2009-05-12 18:31 -------- d-----w c:\documents and settings\All Users.WINDOWS\Application Data\NOS
2009-05-12 18:31 . 2009-05-12 18:31 -------- d-----w c:\program files\NOS
2009-05-04 10:17 . 2009-05-04 10:17 -------- d-----w c:\program files\MSECache
2009-05-02 20:19 . 2009-05-02 20:19 -------- d-----w c:\documents and settings\All Users.WINDOWS\Application Data\Google Updater
2009-05-02 16:36 . 2009-05-02 16:36 -------- d-----w c:\program files\QuickDownloadPack
2009-05-02 15:54 . 2009-05-02 15:55 -------- d-----w c:\program files\Trend Micro
2009-05-01 09:44 . 2009-05-01 09:44 -------- d-----w c:\program files\The Weather Channel FW
2009-05-01 09:37 . 2009-05-01 09:37 -------- d-----w c:\documents and settings\Windows.Unattended.000\Application Data\Sammsoft
2009-05-01 09:37 . 2009-05-01 09:37 -------- d-----w c:\program files\Advanced Registry Optimizer
2009-05-01 09:36 . 2009-05-01 09:36 -------- d-----w c:\documents and settings\Windows.Unattended.000\Local Settings\Application Data\The Weather Channel
2009-05-01 09:36 . 2009-05-01 09:36 -------- d-----w c:\program files\AskSearch
2009-05-01 09:36 . 2009-05-01 09:36 -------- d-----w c:\program files\AskBarDis

.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-15 12:58 . 2001-09-07 11:00 461834 ----a-w c:\windows\system32\perfh013.dat
2009-05-15 12:58 . 2001-09-07 11:00 78662 ----a-w c:\windows\system32\perfc013.dat
2009-05-09 11:27 . 2008-03-31 11:10 67480 ----a-w c:\documents and settings\JoyceJewelCelanyo.Unattended.000\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-05-04 11:02 . 2008-03-29 16:55 67480 ----a-w c:\documents and settings\Windows.Unattended.000\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-03-21 07:42 . 2009-03-21 07:42 -------- d-----w c:\program files\Belastingdienst
2009-03-06 14:47 . 2004-08-04 00:03 285184 ----a-w c:\windows\system32\pdh.dll
2009-02-20 08:33 . 2004-08-04 00:03 662528 ----a-w c:\windows\system32\wininet.dll
2009-02-20 08:33 . 2004-08-04 00:03 81920 ----a-w c:\windows\system32\ieencode.dll
2006-10-11 07:04 . 2007-08-01 16:11 61036 ----a-w c:\program files\mozilla firefox\components\jar50.dll
2006-10-11 07:05 . 2007-08-01 16:11 48742 ----a-w c:\program files\mozilla firefox\components\jsd3250.dll
2006-10-11 07:05 . 2007-08-01 16:11 29313 ----a-w c:\program files\mozilla firefox\components\myspell.dll
2006-10-11 07:05 . 2007-08-01 16:11 41082 ----a-w c:\program files\mozilla firefox\components\spellchk.dll
2006-10-11 07:04 . 2007-08-01 16:11 166510 ----a-w c:\program files\mozilla firefox\components\xpinstal.dll
.

((((((((((((((((((((((((((((( SnapShot@2009-05-06_17.17.16 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-03-30 17:52 . 2008-07-09 07:44 26488 c:\windows\system32\spupdsvc.exe
- 2008-03-29 17:26 . 2007-11-30 10:19 18808 c:\windows\system32\spmsg.dll
+ 2008-03-29 17:26 . 2007-11-30 12:39 18808 c:\windows\system32\spmsg.dll
+ 2004-08-04 00:03 . 2009-02-03 20:11 55808 c:\windows\system32\secur32.dll
- 2004-08-04 00:03 . 2004-08-04 00:03 55808 c:\windows\system32\secur32.dll
+ 2001-09-07 11:00 . 2009-02-06 16:54 35328 c:\windows\system32\sc.exe
- 2004-08-04 00:03 . 2008-10-16 09:40 39424 c:\windows\system32\pngfilt.dll
+ 2004-08-04 00:03 . 2009-02-20 08:33 39424 c:\windows\system32\pngfilt.dll
- 2001-09-07 11:00 . 2009-02-21 09:51 59780 c:\windows\system32\perfc009.dat
+ 2001-09-07 11:00 . 2009-05-15 12:58 59780 c:\windows\system32\perfc009.dat
+ 2008-03-29 15:30 . 2008-06-12 14:19 91648 c:\windows\system32\mtxoci.dll
+ 2004-08-04 00:03 . 2008-06-12 14:19 66560 c:\windows\system32\mtxclu.dll
- 2004-08-04 00:03 . 2006-03-01 19:44 66560 c:\windows\system32\mtxclu.dll
- 2008-03-29 15:30 . 2004-08-04 01:03 58880 c:\windows\system32\msdtclog.dll
+ 2008-03-29 15:30 . 2008-06-12 14:19 58880 c:\windows\system32\msdtclog.dll
+ 2004-08-04 00:03 . 2009-02-20 08:33 16384 c:\windows\system32\jsproxy.dll
- 2004-08-04 00:03 . 2008-10-16 09:40 16384 c:\windows\system32\jsproxy.dll
+ 2004-08-04 00:03 . 2009-02-20 08:33 96768 c:\windows\system32\inseng.dll
- 2004-08-04 00:03 . 2008-10-16 09:40 96768 c:\windows\system32\inseng.dll
- 2004-08-04 00:03 . 2008-10-16 09:40 55808 c:\windows\system32\extmgr.dll
+ 2004-08-04 00:03 . 2009-02-20 08:33 55808 c:\windows\system32\extmgr.dll
- 2004-08-04 01:03 . 2004-08-04 01:03 55808 c:\windows\system32\dllcache\secur32.dll
+ 2004-08-04 01:03 . 2009-02-03 20:11 55808 c:\windows\system32\dllcache\secur32.dll
+ 2001-09-07 11:00 . 2009-02-06 16:54 35328 c:\windows\system32\dllcache\sc.exe
- 2004-08-04 00:03 . 2008-10-16 09:40 39424 c:\windows\system32\dllcache\pngfilt.dll
+ 2004-08-04 00:03 . 2009-02-20 08:33 39424 c:\windows\system32\dllcache\pngfilt.dll
+ 2008-03-29 15:30 . 2008-06-12 14:19 91648 c:\windows\system32\dllcache\mtxoci.dll
- 2004-08-04 00:03 . 2006-03-01 19:44 66560 c:\windows\system32\dllcache\mtxclu.dll
+ 2004-08-04 00:03 . 2008-06-12 14:19 66560 c:\windows\system32\dllcache\mtxclu.dll
- 2008-03-29 15:30 . 2004-08-04 01:03 58880 c:\windows\system32\dllcache\msdtclog.dll
+ 2008-03-29 15:30 . 2008-06-12 14:19 58880 c:\windows\system32\dllcache\msdtclog.dll
+ 2004-08-04 00:03 . 2009-02-20 08:33 16384 c:\windows\system32\dllcache\jsproxy.dll
- 2004-08-04 00:03 . 2008-10-16 09:40 16384 c:\windows\system32\dllcache\jsproxy.dll
+ 2004-08-04 00:03 . 2009-02-20 08:33 96768 c:\windows\system32\dllcache\inseng.dll
- 2004-08-04 00:03 . 2008-10-16 09:40 96768 c:\windows\system32\dllcache\inseng.dll
- 2004-08-04 00:03 . 2004-08-04 00:03 81920 c:\windows\system32\dllcache\ieencode.dll
+ 2004-08-04 00:03 . 2009-02-20 08:33 81920 c:\windows\system32\dllcache\ieencode.dll
- 2007-10-01 08:00 . 2008-10-15 08:45 18432 c:\windows\system32\dllcache\iedw.exe
+ 2007-10-01 08:00 . 2009-02-19 09:58 18432 c:\windows\system32\dllcache\iedw.exe
- 2004-08-04 00:03 . 2008-10-16 09:40 55808 c:\windows\system32\dllcache\extmgr.dll
+ 2004-08-04 00:03 . 2009-02-20 08:33 55808 c:\windows\system32\dllcache\extmgr.dll
+ 2008-03-29 16:00 . 2009-05-14 20:06 23040 c:\windows\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\unbndico.exe
- 2008-03-29 16:00 . 2009-03-12 09:55 23040 c:\windows\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\unbndico.exe
+ 2008-03-29 16:00 . 2009-05-14 20:06 61440 c:\windows\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\pubs.exe
- 2008-03-29 16:00 . 2009-03-12 09:55 61440 c:\windows\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\pubs.exe
- 2008-03-29 16:00 . 2009-03-12 09:55 27136 c:\windows\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\oisicon.exe
+ 2008-03-29 16:00 . 2009-05-14 20:06 27136 c:\windows\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\oisicon.exe
+ 2008-03-29 16:00 . 2009-05-14 20:06 11264 c:\windows\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\mspicons.exe
- 2008-03-29 16:00 . 2009-03-12 09:55 11264 c:\windows\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\mspicons.exe
+ 2008-03-29 16:00 . 2009-05-14 20:06 86016 c:\windows\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\inficon.exe
- 2008-03-29 16:00 . 2009-03-12 09:55 86016 c:\windows\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\inficon.exe
- 2008-03-29 16:00 . 2009-03-12 09:55 12288 c:\windows\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\cagicon.exe
+ 2008-03-29 16:00 . 2009-05-14 20:06 12288 c:\windows\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\cagicon.exe
+ 2007-03-22 17:05 . 2007-03-22 17:05 97632 c:\windows\Installer\$PatchCache$\Managed\3140110900063D11C8EF10054038389C\11.0.8173\PP7X32.DLL
- 2008-03-29 16:00 . 2009-03-12 09:55 4096 c:\windows\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\opwicon.exe
+ 2008-03-29 16:00 . 2009-05-14 20:06 4096 c:\windows\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\opwicon.exe
- 2006-10-16 10:41 . 2008-10-15 18:05 370176 c:\windows\system32\xpsp3res.dll
+ 2006-10-16 10:41 . 2009-02-19 23:50 370176 c:\windows\system32\xpsp3res.dll
- 2004-08-04 00:03 . 2004-08-04 00:03 351232 c:\windows\system32\winhttp.dll
+ 2004-08-04 00:03 . 2008-12-16 12:51 351232 c:\windows\system32\winhttp.dll
+ 2008-03-29 15:30 . 2009-02-06 16:39 227840 c:\windows\system32\wbem\wmiprvse.exe
+ 2008-03-29 15:30 . 2009-02-09 10:22 453120 c:\windows\system32\wbem\wmiprvsd.dll
+ 2008-03-29 15:30 . 2009-02-09 10:22 473088 c:\windows\system32\wbem\fastprox.dll
+ 2004-08-04 00:03 . 2009-02-20 08:33 617984 c:\windows\system32\urlmon.dll
- 2004-08-04 00:03 . 2008-10-16 09:40 474624 c:\windows\system32\shlwapi.dll
+ 2004-08-04 00:03 . 2009-02-20 08:33 474624 c:\windows\system32\shlwapi.dll
+ 2004-08-04 00:03 . 2009-02-09 10:11 111104 c:\windows\system32\services.exe
+ 2004-08-04 00:03 . 2009-02-09 10:22 399360 c:\windows\system32\rpcss.dll
- 2001-09-07 11:00 . 2009-02-21 09:51 397560 c:\windows\system32\perfh009.dat
+ 2001-09-07 11:00 . 2009-05-15 12:58 397560 c:\windows\system32\perfh009.dat
+ 2004-08-04 00:03 . 2009-02-09 10:22 735744 c:\windows\system32\ntdll.dll
+ 2004-08-04 00:03 . 2009-02-20 08:33 532480 c:\windows\system32\mstime.dll
- 2004-08-04 00:03 . 2008-10-16 09:40 532480 c:\windows\system32\mstime.dll
- 2004-08-04 00:03 . 2008-10-16 09:40 146432 c:\windows\system32\msrating.dll
+ 2004-08-04 00:03 . 2009-02-20 08:33 146432 c:\windows\system32\msrating.dll
+ 2004-08-04 00:03 . 2009-02-20 08:33 449024 c:\windows\system32\mshtmled.dll
- 2004-08-04 00:03 . 2008-10-16 09:40 449024 c:\windows\system32\mshtmled.dll
+ 2008-03-29 15:30 . 2008-06-12 14:19 161792 c:\windows\system32\msdtcuiu.dll
+ 2008-03-29 15:30 . 2008-06-12 14:19 956928 c:\windows\system32\msdtctm.dll
+ 2008-03-29 15:30 . 2008-06-12 14:19 428032 c:\windows\system32\msdtcprx.dll
+ 2004-08-04 00:03 . 2009-02-09 10:22 728576 c:\windows\system32\lsasrv.dll
- 2004-08-04 00:03 . 2008-10-16 09:40 251392 c:\windows\system32\iepeers.dll
+ 2004-08-04 00:03 . 2009-02-20 08:33 251392 c:\windows\system32\iepeers.dll
+ 2004-08-04 00:03 . 2009-02-20 08:33 205312 c:\windows\system32\dxtrans.dll
- 2004-08-04 00:03 . 2008-10-16 09:40 205312 c:\windows\system32\dxtrans.dll
+ 2004-08-04 00:03 . 2009-02-20 08:33 357888 c:\windows\system32\dxtmsft.dll
- 2004-08-04 00:03 . 2008-10-16 09:40 357888 c:\windows\system32\dxtmsft.dll
+ 2004-08-04 01:03 . 2009-02-20 08:33 662528 c:\windows\system32\dllcache\wininet.dll
- 2004-08-04 01:03 . 2008-10-16 09:40 662528 c:\windows\system32\dllcache\wininet.dll
+ 2008-12-16 12:51 . 2008-12-16 12:51 351232 c:\windows\system32\dllcache\winhttp.dll
+ 2004-08-04 01:03 . 2009-02-20 08:33 617984 c:\windows\system32\dllcache\urlmon.dll
+ 2004-08-04 01:03 . 2009-02-20 08:33 474624 c:\windows\system32\dllcache\shlwapi.dll
- 2004-08-04 01:03 . 2008-10-16 09:40 474624 c:\windows\system32\dllcache\shlwapi.dll
+ 2004-08-04 01:03 . 2009-02-09 10:11 111104 c:\windows\system32\dllcache\services.exe
+ 2004-08-04 01:03 . 2009-02-09 10:22 399360 c:\windows\system32\dllcache\rpcss.dll
- 2004-08-04 00:03 . 2004-08-04 00:03 285184 c:\windows\system32\dllcache\pdh.dll
+ 2004-08-04 00:03 . 2009-03-06 14:47 285184 c:\windows\system32\dllcache\pdh.dll
+ 2004-08-04 01:03 . 2009-02-09 10:22 735744 c:\windows\system32\dllcache\ntdll.dll
+ 2004-08-04 00:03 . 2009-02-20 08:33 532480 c:\windows\system32\dllcache\mstime.dll
- 2004-08-04 00:03 . 2008-10-16 09:40 532480 c:\windows\system32\dllcache\mstime.dll
- 2004-08-04 00:03 . 2008-10-16 09:40 146432 c:\windows\system32\dllcache\msrating.dll
+ 2004-08-04 00:03 . 2009-02-20 08:33 146432 c:\windows\system32\dllcache\msrating.dll
- 2004-08-04 00:03 . 2008-10-16 09:40 449024 c:\windows\system32\dllcache\mshtmled.dll
+ 2004-08-04 00:03 . 2009-02-20 08:33 449024 c:\windows\system32\dllcache\mshtmled.dll
+ 2008-03-29 15:30 . 2008-06-12 14:19 161792 c:\windows\system32\dllcache\msdtcuiu.dll
+ 2008-03-29 15:30 . 2008-06-12 14:19 956928 c:\windows\system32\dllcache\msdtctm.dll
+ 2008-03-29 15:30 . 2008-06-12 14:19 428032 c:\windows\system32\dllcache\msdtcprx.dll
+ 2004-08-04 01:03 . 2009-02-09 10:22 728576 c:\windows\system32\dllcache\lsasrv.dll
- 2004-08-04 00:03 . 2008-10-16 09:40 251392 c:\windows\system32\dllcache\iepeers.dll
+ 2004-08-04 00:03 . 2009-02-20 08:33 251392 c:\windows\system32\dllcache\iepeers.dll
+ 2008-03-29 15:30 . 2009-02-09 10:22 473088 c:\windows\system32\dllcache\fastprox.dll
- 2004-08-04 00:03 . 2008-10-16 09:40 205312 c:\windows\system32\dllcache\dxtrans.dll
+ 2004-08-04 00:03 . 2009-02-20 08:33 205312 c:\windows\system32\dllcache\dxtrans.dll
+ 2004-08-04 00:03 . 2009-02-20 08:33 357888 c:\windows\system32\dllcache\dxtmsft.dll
- 2004-08-04 00:03 . 2008-10-16 09:40 357888 c:\windows\system32\dllcache\dxtmsft.dll
+ 2004-08-04 00:03 . 2009-02-20 08:33 151552 c:\windows\system32\dllcache\cdfview.dll
- 2004-08-04 00:03 . 2008-10-16 09:40 151552 c:\windows\system32\dllcache\cdfview.dll
- 2004-08-04 01:03 . 2004-08-04 01:03 684032 c:\windows\system32\dllcache\advapi32.dll
+ 2004-08-04 01:03 . 2009-02-09 10:22 684032 c:\windows\system32\dllcache\advapi32.dll
- 2004-08-04 00:03 . 2008-10-16 09:40 151552 c:\windows\system32\cdfview.dll
+ 2004-08-04 00:03 . 2009-02-20 08:33 151552 c:\windows\system32\cdfview.dll
+ 2004-08-04 00:03 . 2009-02-09 10:22 684032 c:\windows\system32\advapi32.dll
- 2004-08-04 00:03 . 2004-08-04 00:03 684032 c:\windows\system32\advapi32.dll
- 2008-03-29 16:00 . 2009-03-12 09:55 409600 c:\windows\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\xlicons.exe
+ 2008-03-29 16:00 . 2009-05-14 20:06 409600 c:\windows\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\xlicons.exe
- 2008-03-29 16:00 . 2009-03-12 09:55 286720 c:\windows\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\wordicon.exe
+ 2008-03-29 16:00 . 2009-05-14 20:06 286720 c:\windows\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\wordicon.exe
- 2008-03-29 16:00 . 2009-03-12 09:55 249856 c:\windows\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\pptico.exe
+ 2008-03-29 16:00 . 2009-05-14 20:06 249856 c:\windows\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\pptico.exe
+ 2008-03-29 16:00 . 2009-05-14 20:06 794624 c:\windows\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\outicon.exe
- 2008-03-29 16:00 . 2009-03-12 09:55 794624 c:\windows\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\outicon.exe
+ 2008-03-29 16:00 . 2009-05-14 20:06 135168 c:\windows\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\misc.exe
- 2008-03-29 16:00 . 2009-03-12 09:55 135168 c:\windows\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\misc.exe
- 2008-03-29 16:00 . 2009-03-12 09:55 593920 c:\windows\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\accicons.exe
+ 2008-03-29 16:00 . 2009-05-14 20:06 593920 c:\windows\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\accicons.exe
+ 2004-08-04 00:03 . 2009-03-02 23:52 1495552 c:\windows\system32\shdocvw.dll
+ 2004-08-04 00:03 . 2008-12-20 22:44 1291776 c:\windows\system32\quartz.dll
- 2004-08-04 00:03 . 2008-05-07 05:16 1291776 c:\windows\system32\quartz.dll
+ 2004-08-03 23:58 . 2009-02-09 11:53 2184832 c:\windows\system32\ntoskrnl.exe
- 2004-08-03 22:58 . 2008-08-14 13:48 2062080 c:\windows\system32\ntkrnlpa.exe
+ 2004-08-03 22:58 . 2009-02-09 11:53 2062080 c:\windows\system32\ntkrnlpa.exe
+ 2004-08-04 00:03 . 2009-02-20 08:33 3080704 c:\windows\system32\mshtml.dll
+ 2004-08-04 00:03 . 2009-03-21 14:21 1027072 c:\windows\system32\kernel32.dll
+ 2004-08-04 01:03 . 2009-03-02 23:52 1495552 c:\windows\system32\dllcache\shdocvw.dll
+ 2004-08-04 00:03 . 2008-12-20 22:44 1291776 c:\windows\system32\dllcache\quartz.dll
- 2004-08-04 00:03 . 2008-05-07 05:16 1291776 c:\windows\system32\dllcache\quartz.dll
+ 2007-02-28 16:05 . 2009-02-09 11:53 2184832 c:\windows\system32\dllcache\ntoskrnl.exe
- 2007-02-28 16:05 . 2008-08-14 13:47 2020352 c:\windows\system32\dllcache\ntkrpamp.exe
+ 2007-02-28 16:05 . 2009-02-09 11:53 2020352 c:\windows\system32\dllcache\ntkrpamp.exe
- 2007-02-28 16:05 . 2008-08-14 13:48 2062080 c:\windows\system32\dllcache\ntkrnlpa.exe
+ 2007-02-28 16:05 . 2009-02-09 11:53 2062080 c:\windows\system32\dllcache\ntkrnlpa.exe
- 2007-02-28 16:05 . 2008-08-14 13:47 2140672 c:\windows\system32\dllcache\ntkrnlmp.exe
+ 2007-02-28 16:05 . 2009-02-09 11:53 2140672 c:\windows\system32\dllcache\ntkrnlmp.exe
+ 2004-08-04 00:03 . 2009-02-20 08:33 3080704 c:\windows\system32\dllcache\mshtml.dll
+ 2004-08-04 01:03 . 2009-03-21 14:21 1027072 c:\windows\system32\dllcache\kernel32.dll
+ 2004-08-04 00:03 . 2009-02-20 08:33 1057280 c:\windows\system32\dllcache\danim.dll
- 2004-08-04 00:03 . 2008-10-16 09:40 1057280 c:\windows\system32\dllcache\danim.dll
- 2004-08-04 00:03 . 2008-10-16 09:40 1023488 c:\windows\system32\dllcache\browseui.dll
+ 2004-08-04 00:03 . 2009-02-20 08:33 1023488 c:\windows\system32\dllcache\browseui.dll
+ 2004-08-04 00:03 . 2009-02-20 08:33 1057280 c:\windows\system32\danim.dll
- 2004-08-04 00:03 . 2008-10-16 09:40 1057280 c:\windows\system32\danim.dll
+ 2004-08-04 00:03 . 2009-02-20 08:33 1023488 c:\windows\system32\browseui.dll
- 2004-08-04 00:03 . 2008-10-16 09:40 1023488 c:\windows\system32\browseui.dll
+ 2008-03-29 17:26 . 2009-02-09 11:53 2184832 c:\windows\Driver Cache\i386\ntoskrnl.exe
- 2008-03-29 17:26 . 2008-08-14 13:47 2020352 c:\windows\Driver Cache\i386\ntkrpamp.exe
+ 2008-03-29 17:26 . 2009-02-09 11:53 2020352 c:\windows\Driver Cache\i386\ntkrpamp.exe
+ 2006-02-20 20:56 . 2009-02-09 11:53 2062080 c:\windows\Driver Cache\i386\ntkrnlpa.exe
- 2006-02-20 20:56 . 2008-08-14 13:48 2062080 c:\windows\Driver Cache\i386\ntkrnlpa.exe
- 2008-03-29 17:26 . 2008-08-14 13:47 2140672 c:\windows\Driver Cache\i386\ntkrnlmp.exe
+ 2008-03-29 17:26 . 2009-02-09 11:53 2140672 c:\windows\Driver Cache\i386\ntkrnlmp.exe
.
-- Snapshot teruggezet naar huidige datum --
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
2008-08-06 13:20 279944 ----a-w c:\program files\AskBarDis\bar\bin\askBar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-08-06 279944]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-08-06 279944]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"updateMgr"="c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2004-11-22 307200]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2006-01-02 68856]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"AROReminder"="c:\program files\Advanced Registry Optimizer\aro.exe" [2008-08-22 2084480]
"DW4"="c:\program files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe" [2007-12-20 715888]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-03-29 185896]
"SunJavaUpdateSched"="c:\program files\Java\j2re1.4.2_06\bin\jusched.exe" [2004-09-28 32881]
"SmcService"="c:\progra~1\Sygate\SPF\smc.exe" [2004-10-15 2577632]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 32768]
"QuickTime Task"="c:\windows\system32\qttask.exe" [2004-12-26 98304]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2005-05-08 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-05-08 5562368]
"MsgCenterExe"="c:\program files\Common Files\Real\Update_OB\RealOneMessageCenter.exe" [2008-03-29 69632]
"Lexmark X1100 Series"="c:\program files\Lexmark X1100 Series\lxbkbmgr.exe" [2003-08-19 57344]
"ISTray"="c:\program files\Spyware Doctor\pctsTray.exe" [2008-08-25 1168264]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2005-05-08 1495040]
"C-Media Mixer"="Mixer.exe" - c:\windows\mixer.exe [2005-05-08 1855488]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]

c:\documents and settings\JoyceJewelCelanyo.Wachter\Menu Start\Programma's\Opstarten\
OneNote 2007 Schermopname en Snel starten.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 98632]

c:\documents and settings\All Users.WINDOWS\Menu Start\Programma's\Opstarten\
Adobe Reader Snelle start.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\WINDOWS\\System32\\LEXPPS.EXE"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"7082:TCP"= 7082:TCP:BitComet 7082 TCP
"7082:UDP"= 7082:UDP:BitComet 7082 UDP

R2 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [21-2-2009 11:49 356920]
R2 ssoftnt4;ssoftnt4;c:\windows\system32\drivers\ssoftnt4.sys [31-8-2008 12:09 114944]
S1 e6dfa4e2;e6dfa4e2;c:\windows\system32\drivers\e6dfa4e2.sys --> c:\windows\system32\drivers\e6dfa4e2.sys [?]
S3 getplus(r) helper;getPlus(R) Helper;c:\program files\NOS\bin\getPlus_HelperSvc.exe --> c:\program files\NOS\bin\getPlus_HelperSvc.exe [?]

--- Andere Services/Drivers In Geheugen ---

*Deregistered* - mchInjDrv
.
Inhoud van de 'Gedeelde Taken' map

2009-05-16 c:\windows\Tasks\Controleren op updates voor Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 09:20]

2009-05-16 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2009-05-14 20:18]

2009-05-16 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-02-13 20:19]
.
.
------- Bijkomende Scan -------
.
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uInternet Connection Wizard,ShellNext = hxxp://desktop.google.com/networkhelp3.html
uSearchURL,(Default) = hxxp://toolbar.ask.com/toolbarv/askRedi ... t=&gc=1&q=%s
IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
FF - ProfilePath -
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-16 12:39
Windows 5.1.2600 Service Pack 2 FAT NTAPI

detected NTDLL code modification:
ZwClose

scannen van verborgen processen ...

scannen van verborgen autostart items ...

scannen van verborgen bestanden ...


**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\vsdatant]
"ImagePath"=""
.
--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|ù•9~*]
"3140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
.
Voltooingstijd: 2009-05-16 12:41
ComboFix-quarantined-files.txt 2009-05-16 10:41
ComboFix2.txt 2009-05-14 19:48
ComboFix3.txt 2009-05-14 17:07
ComboFix4.txt 2009-05-08 20:53
ComboFix5.txt 2009-05-16 10:33

Pre-Run: 2.590.392.320 bytes beschikbaar
Post-Run: 2.724.986.880 bytes beschikbaar

329 --- E O F --- 2009-05-14 20:07


Omhoog
 Profiel  
 
 Berichttitel: Re: pc schoonmaak
BerichtGeplaatst: za mei 16, 2009 3:55 pm 
Offline
Moderator
Avatar gebruiker

Geregistreerd: wo apr 13, 2005 3:54 pm
Berichten: 33453
Woonplaats: Kotje aan de kust.
Besturingssysteem: Windows 7
Bescherming: Malwarebytes pro
Verwijder ComboFix via Start > Uitvoeren, kopiëer en plak Combofix /U
Klik op OK of toets Enter.
Dit verwijdert zowel ComboFix, als je oude systeemherstelpunten (met eventuele restanten van malware), en maakt een nieuw systeemherstelpunt aan.

Afbeelding


start opnieuw op en plaats een nieuw HJT Logje aub

_________________
****Afbeelding****
Lid van Team Opleiding.

traagheidtips
Keuze in AV
wat is een rootkit


Omhoog
 Profiel  
 
 Berichttitel: Re: pc schoonmaak
BerichtGeplaatst: za mei 16, 2009 9:36 pm 
Offline
Lid

Geregistreerd: zo jan 21, 2007 1:40 pm
Berichten: 57
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:36:51, on 16-5-2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Common Files\Real\Update_OB\RealOneMessageCenter.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\WINDOWS\Mixer.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe
C:\WINDOWS\system32\ssoftsrv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://toolbar.ask.com/toolbarv/askRedi ... t=&gc=1&q=
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://toolbar.ask.com/toolbarv/askRedi ... t=&gc=1&q=%s
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://desktop.google.com/networkhelp3.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {af69de43-7d58-4638-b6fa-ce66b5ad205d} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: Google Dictionary Compression sdch - {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\system32\qttask.exe" -atboottime
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [MsgCenterExe] "C:\Program Files\Common Files\Real\Update_OB\RealOneMessageCenter.exe" -osboot
O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_1_0
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AROReminder] C:\Program Files\Advanced Registry Optimizer\aro.exe -rem
O4 - HKCU\..\Run: [DW4] "C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe"
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Snelle start.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {EDFCB7CB-942C-4822-AF14-F0B687409848} (Image Uploader Control) - http://cache.hyves-static.net/statics/A ... oader4.cab
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O23 - Service: getPlus(R) Helper (getplus(r) helper) - Unknown owner - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe (file missing)
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
O23 - Service: Cryptainer service (ssoftservice) - Cypherix - C:\WINDOWS\SYSTEM32\ssoftsrv.exe

--
End of file - 8026 bytes


Omhoog
 Profiel  
 
 Berichttitel: Re: pc schoonmaak
BerichtGeplaatst: zo mei 17, 2009 11:56 am 
Offline
Moderator
Avatar gebruiker

Geregistreerd: wo apr 13, 2005 3:54 pm
Berichten: 33453
Woonplaats: Kotje aan de kust.
Besturingssysteem: Windows 7
Bescherming: Malwarebytes pro
Nog ergens last van nu ?

_________________
****Afbeelding****
Lid van Team Opleiding.

traagheidtips
Keuze in AV
wat is een rootkit


Omhoog
 Profiel  
 
 Berichttitel: Re: pc schoonmaak
BerichtGeplaatst: zo mei 17, 2009 1:17 pm 
Offline
Lid

Geregistreerd: zo jan 21, 2007 1:40 pm
Berichten: 57
Ik heb Sygate Personal Firewall met als "veiligheids niveau" Allow all, als ik hoger kies dan kan ik niet op het internet. Is dit ok of moet ik iets anders instellen. En wat voor visrus programma stel die je voor die geen probleem met andere programma's kan opleveren.

Groet,
Marsel


Omhoog
 Profiel  
 
 Berichttitel: Re: pc schoonmaak
BerichtGeplaatst: zo mei 17, 2009 1:29 pm 
Offline
Moderator
Avatar gebruiker

Geregistreerd: wo apr 13, 2005 3:54 pm
Berichten: 33453
Woonplaats: Kotje aan de kust.
Besturingssysteem: Windows 7
Bescherming: Malwarebytes pro
Ik heb geen ervaring met sygate. Misschien heb je hier wat aan ?

http://www.jawwi.nl/beveiliging/basis.html.

_________________
****Afbeelding****
Lid van Team Opleiding.

traagheidtips
Keuze in AV
wat is een rootkit


Omhoog
 Profiel  
 
Geef de vorige berichten weer:  Sorteer op  
Dit onderwerp is gesloten, je kunt geen berichten wijzigen of nieuwe antwoorden plaatsen  [ 45 berichten ]  Ga naar pagina Vorige  1, 2, 3

Forumoverzicht » RSIT/DDS/HijackThis logfiles » Opgeloste RSIT/DDS/HijackThis logfiles


Wie is er online

Gebruikers op dit forum: Geen geregistreerde gebruikers. en 0 gasten


Je mag geen nieuwe onderwerpen in dit forum plaatsen
Je mag niet antwoorden op een onderwerp in dit forum
Je mag je berichten in dit forum niet wijzigen
Je mag je berichten niet uit dit forum verwijderen
Je mag geen bijlagen toevoegen in dit forum

Ga naar:  
Powered by phpBB® Forum Software © phpBB Group
phpBB.nl Vertaling