hoi teaser hier de logjes
ComboFix 09-05-07.A0 - Eigenaar 08-04-2009 14:32.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.31.1043.18.2047.1557
Gestart vanuit: c:\documents and settings\Eigenaar\Bureaublad\ComboFix.exe
AV: ESET NOD32 Antivirus 3.0 *On-access scanning disabled* (Updated)
.
(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\Eigenaar\Application Data\inst.exe
c:\windows\system32\Pncrt.dll
.
(((((((((((((((((((( Bestanden Gemaakt van 2009-03-08 to 2009-04-08 ))))))))))))))))))))))))))))))
.
2009-05-02 15:31 . 2009-05-03 06:20 ——– d—–w C:\Muziek 18
2009-04-30 20:35 . 2009-04-30 20:42 ——– d—–w c:\documents and settings\Eigenaar\Application Data\Shareaza
2009-04-30 20:35 . 2009-04-30 20:35 ——– d—–w c:\program files\Shareaza Applications
2009-04-30 20:12 . 2009-04-30 20:20 ——– d—–w c:\documents and settings\Eigenaar\Application Data\LimeWire
2009-04-30 17:49 . 2009-04-30 17:51 ——– d—–w c:\program files\Microsoft MapPoint Europe 2009
2009-04-30 17:48 . 2009-04-30 17:48 ——– d—–w c:\program files\MSECache
2009-04-29 08:01 . 2009-04-29 08:01 ——– d—–w c:\documents and settings\Eigenaar\Local Settings\Application Data\Micro Application
2009-04-26 13:33 . 2009-04-26 13:33 131 —-a-w c:\documents and settings\Eigenaar\Local Settings\Application Data\fusioncache.dat
2009-04-26 13:33 . 2009-04-28 06:16 ——– d—–w c:\documents and settings\Eigenaar\Local Settings\Application Data\ApplicationHistory
2009-04-26 13:31 . 2009-04-26 13:31 ——– d—–w c:\windows\system32\URTTEMP
2009-04-26 13:30 . 2009-04-29 07:59 ——– d—–w c:\program files\Easy Computing
2009-04-26 08:41 . 2009-04-26 11:15 ——– d—–w c:\windows\BDOSCAN8
2009-04-26 08:26 . 2009-04-26 08:26 ——– d—–w c:\documents and settings\Eigenaar\.housecall6.6
2009-04-26 06:11 . 2009-04-26 06:12 ——– d—–w c:\program files\Spybot - Search & Destroy
2009-04-26 06:11 . 2009-04-06 09:36 ——– d—–w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-04-25 20:34 . 2008-06-19 14:24 28544 —-a-w c:\windows\system32\drivers\pavboot.sys
2009-04-25 20:33 . 2009-04-25 20:33 ——– d—–w c:\program files\Panda Security
2009-04-25 04:29 . 2009-04-25 05:19 ——– d—–w c:\program files\MP3 Jukebox
2009-04-22 06:55 . 2009-04-22 06:55 ——– d—–w c:\documents and settings\Eigenaar\Application Data\Convivea
2009-04-22 06:55 . 2009-04-22 06:55 ——– d—–w c:\program files\Bit Che
2009-04-22 05:43 . 2003-11-04 13:10 69632 —-a-w c:\windows\system32\lfgif13n.dll
2009-04-22 05:43 . 2004-01-12 00:09 206336 —-a-w c:\windows\system32\ltefx13n.dll
2009-04-22 05:43 . 2004-05-14 14:53 401408 —-a-w c:\windows\system32\lfcmp13n.dll
2009-04-22 05:43 . 2004-05-14 14:53 57344 —-a-w c:\windows\system32\lfbmp13n.dll
2009-04-22 05:43 . 2004-05-14 14:53 450560 —-a-w c:\windows\system32\ltimg13n.dll
2009-04-22 05:43 . 2004-05-14 14:53 299008 —-a-w c:\windows\system32\ltdis13n.dll
2009-04-22 05:43 . 2004-05-14 14:53 163840 —-a-w c:\windows\system32\ltfil13n.dll
2009-04-22 05:43 . 2004-05-14 14:53 462848 —-a-w c:\windows\system32\ltkrn13n.dll
2009-04-21 08:40 . 2009-04-21 08:40 ——– d—–w c:\documents and settings\All Users\Application Data\vsosdk
2009-04-20 09:29 . 2009-04-20 09:29 ——– d—–w c:\documents and settings\Eigenaar\Application Data\TomTom
2009-04-20 09:29 . 2009-04-20 09:29 ——– d—–w c:\documents and settings\Eigenaar\Local Settings\Application Data\TomTom
2009-04-20 09:29 . 2009-04-20 09:29 ——– d—–w c:\program files\TomTom International B.V
2009-04-20 09:29 . 2009-04-20 09:29 ——– d—–w c:\program files\TomTom HOME 2
2009-04-20 06:20 . 2008-04-13 22:21 101120 -c–a-w c:\windows\system32\dllcache\bthpan.sys
2009-04-20 06:20 . 2008-04-13 22:21 101120 —-a-w c:\windows\system32\drivers\bthpan.sys
2009-04-20 06:20 . 2008-04-13 22:16 59136 -c–a-w c:\windows\system32\dllcache\rfcomm.sys
2009-04-20 06:20 . 2008-04-13 22:16 59136 —-a-w c:\windows\system32\drivers\rfcomm.sys
2009-04-20 06:20 . 2008-04-13 22:16 17024 -c–a-w c:\windows\system32\dllcache\bthenum.sys
2009-04-20 06:20 . 2008-04-13 22:16 17024 —-a-w c:\windows\system32\drivers\BthEnum.sys
2009-04-20 06:20 . 2008-04-14 20:32 29184 -c–a-w c:\windows\system32\dllcache\irmon.dll
2009-04-20 06:20 . 2008-04-14 20:32 29184 —-a-w c:\windows\system32\irmon.dll
2009-04-20 06:20 . 2008-04-14 20:33 153088 -c–a-w c:\windows\system32\dllcache\irftp.exe
2009-04-20 06:20 . 2008-04-14 20:33 153088 —-a-w c:\windows\system32\irftp.exe
2009-04-20 06:20 . 2008-04-14 20:32 8192 -c–a-w c:\windows\system32\dllcache\wshirda.dll
2009-04-20 06:20 . 2008-04-14 20:32 8192 —-a-w c:\windows\system32\wshirda.dll
2009-04-20 06:19 . 2008-04-13 22:16 18944 -c–a-w c:\windows\system32\dllcache\bthusb.sys
2009-04-20 06:19 . 2008-04-13 22:16 18944 —-a-w c:\windows\system32\drivers\BTHUSB.SYS
2009-04-19 18:33 . 2009-04-19 18:33 ——– d—–w c:\documents and settings\NetworkService\Local Settings\Application Data\Google
2009-04-19 09:24 . 2009-04-19 09:24 ——– d—–w c:\documents and settings\LocalService\Local Settings\Application Data\Google
2009-04-19 09:24 . 2009-04-19 09:25 ——– d—–w c:\program files\Google
2009-04-19 09:24 . 2009-04-19 09:24 ——– d—–w c:\documents and settings\Eigenaar\Local Settings\Application Data\Google
2009-04-18 22:21 . 2009-04-18 22:21 ——– d—–w c:\program files\MSXML 4.0
2009-04-17 07:33 . 2003-04-18 13:29 82432 —-a-w c:\windows\system32\msxml4r.dll
2009-04-17 07:33 . 2003-04-18 13:29 44544 —-a-w c:\windows\system32\msxml4a.dll
2009-04-17 07:33 . 2009-04-17 07:33 ——– d—–w c:\windows\system32\MAGIX
2009-04-17 07:33 . 2009-04-17 07:33 ——– d—–w c:\program files\Common Files\MAGIX Shared
2009-04-17 07:32 . 2009-04-17 07:32 ——– d—–w C:\MAGIX
2009-04-17 07:32 . 2002-09-20 21:33 1089536 —-a-w c:\windows\system32\ROBOEX32.DLL
2009-04-17 07:32 . 1998-10-15 14:28 85504 —-a-w c:\windows\system32\HtmlWH.dll
2009-04-17 07:32 . 1999-01-28 11:44 49152 —-a-w c:\windows\system32\INETWH32.dll
2009-04-17 07:32 . 2004-12-10 07:47 184320 —-a-w c:\windows\system32\mgxoschk.dll
2009-04-16 17:53 . 2009-04-16 17:53 ——– d—–w c:\documents and settings\Eigenaar\Saved Games
2009-04-16 17:52 . 2009-04-16 17:52 ——– d—–w c:\documents and settings\Eigenaar\Application Data\iWin
2009-04-15 08:52 . 2009-04-15 08:53 ——– d—–w c:\documents and settings\All Users\Application Data\Webcammax
2009-04-15 08:51 . 2009-04-15 08:52 ——– d—–w c:\program files\WebcamMax
2009-04-15 08:12 . 2009-04-15 08:12 ——– d—–w c:\documents and settings\Eigenaar\Application Data\Webcammax
2009-04-15 08:12 . 2008-03-11 13:14 941784 —-a-w c:\windows\system32\drivers\CAMTHWDM.sys
2009-04-13 12:33 . 2009-04-08 09:52 ——– d—–w c:\program files\Jewel Quest 3
2009-04-13 12:21 . 2009-04-13 12:21 4096 —-a-w c:\windows\d3dx.dat
2009-04-13 12:20 . 2009-04-13 12:20 ——– d—–w c:\documents and settings\All Users\Application Data\Trymedia
2009-04-13 12:19 . 2009-04-13 12:21 ——– d—–w c:\program files\Baghdad Central Desert Gunner
2009-04-12 05:19 . 2006-05-08 10:58 86016 —-a-w c:\windows\amcap.exe
2009-04-12 05:18 . 2006-05-10 07:20 344064 —-a-w c:\windows\vsnpstd3.exe
2009-04-12 05:18 . 2006-06-19 11:21 114688 —-a-w c:\windows\tsnpstd3.exe
2009-04-12 05:18 . 2006-02-06 18:19 8410880 —-a-w c:\windows\system32\drivers\snpstd3.sys
2009-04-12 05:18 . 2005-12-23 15:17 53248 —-a-w c:\windows\vsnpstd3.dll
2009-04-12 05:18 . 2006-05-12 12:18 151552 —-a-w c:\windows\system32\rsnpstd3.dll
2009-04-12 05:18 . 2005-11-23 11:55 53248 —-a-w c:\windows\system32\csnpstd3.dll
2009-04-12 05:18 . 2006-05-10 07:19 20480 —-a-w c:\windows\usnpstd3.exe
2009-04-12 05:18 . 2009-04-12 05:18 ——– d—–w c:\program files\Common Files\snpstd3
2009-04-10 06:37 . 2009-04-10 06:37 ——– d—–w c:\windows\MyFreeWeather
2009-04-10 06:37 . 2009-04-23 05:19 ——– d—–w c:\program files\MyFreeWeather
2009-04-10 05:33 . 2009-04-10 05:33 ——– d—–w c:\documents and settings\Eigenaar\jmeeting
2009-04-10 05:23 . 2009-04-10 05:26 ——– d—–w c:\documents and settings\Eigenaar\Application Data\Weather Pulse
2009-04-10 05:23 . 2009-04-10 05:26 ——– d—–w c:\program files\Weather Pulse
2009-04-09 11:26 . 2009-04-09 11:26 ——– d–h–w c:\windows\PIF
2009-04-09 11:22 . 2009-04-09 11:22 ——– d—–w c:\program files\Lavalys
2009-04-09 10:53 . 2009-04-09 10:53 ——– d—–w c:\program files\Readon Technology
2009-04-09 10:51 . 2009-04-09 10:53 ——– d—–w c:\documents and settings\Eigenaar\Local Settings\Application Data\Readon_Technology
2009-04-08 19:46 . 2009-04-08 19:46 ——– d—–w C:\Mijn documenten
2009-04-08 09:21 . 2009-04-08 09:21 ——– d—–w c:\program files\ROUTE66
2009-04-08 08:17 . 2009-04-08 08:17 ——– d—–w c:\program files\Common Files\Adobe
2009-04-08 08:15 . 2009-04-08 08:18 ——– d—–w c:\documents and settings\Eigenaar\Local Settings\Application Data\Adobe
2009-04-08 08:15 . 2009-04-09 04:32 ——– d—–w c:\documents and settings\All Users\Application Data\NOS
2009-04-08 08:15 . 2009-04-09 04:32 ——– d—–w c:\program files\NOS
2009-04-08 05:48 . 2009-04-08 12:25 ——– d–h–r c:\documents and settings\Eigenaar\Onlangs geopend
2009-04-07 21:06 . 2009-04-07 21:06 ——– d—–w c:\documents and settings\LocalService\Local Settings\Application Data\ESET
2009-04-07 03:34 . 2009-04-07 03:34 ——– d—–w c:\documents and settings\Eigenaar\Local Settings\Application Data\ESET
2009-04-07 03:34 . 2009-04-07 03:34 ——– d—–w c:\documents and settings\Eigenaar\Local Settings\Application Data\Ahead
2009-04-06 09:50 . 2009-04-06 09:50 ——– d—–w c:\documents and settings\Eigenaar\Application Data\SPAMfighter
2009-04-06 09:49 . 2009-04-06 09:49 ——– d—–w c:\program files\Common Files\Application
2009-04-06 09:49 . 2009-04-08 05:49 ——– d—–w c:\program files\SPAMfighter
2009-04-06 09:35 . 2009-04-06 09:35 64160 —-a-w c:\windows\system32\drivers\Lbd.sys
2009-04-06 09:35 . 2009-04-06 09:35 ——– dc—-w c:\windows\system32\DRVSTORE
2009-04-06 09:34 . 2009-04-06 09:34 ——– dc-h–w c:\documents and settings\All Users\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
2009-04-06 09:33 . 2009-04-06 09:33 ——– d—–w c:\program files\Lavasoft
2009-04-06 09:33 . 2009-04-06 09:35 ——– d—–w c:\documents and settings\All Users\Application Data\Lavasoft
2009-04-06 09:07 . 2009-04-06 09:07 ——– d—–w c:\program files\CleanUp!
2009-04-06 08:50 . 2009-04-06 08:50 ——– d—–w c:\documents and settings\Eigenaar\Application Data\Malwarebytes
2009-04-06 08:50 . 2009-04-06 13:32 15504 —-a-w c:\windows\system32\drivers\mbam.sys
2009-04-06 08:50 . 2009-04-06 13:32 38496 —-a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-06 08:50 . 2009-04-06 08:50 ——– d—–w c:\documents and settings\All Users\Application Data\Malwarebytes
2009-04-06 08:50 . 2009-04-06 08:50 ——– d—–w c:\program files\Malwarebytes' Anti-Malware
2009-04-06 08:44 . 2009-04-06 08:44 ——– d—–w C:\Downloads
2009-04-06 07:30 . 2008-01-07 12:29 352 —ha-w c:\windows\nod32fixtemdono.reg
2009-04-06 07:20 . 2009-04-06 07:20 ——– d—–w c:\windows\Sun
2009-04-06 07:20 . 2009-04-06 06:32 410984 —-a-w c:\windows\system32\deploytk.dll
2009-04-06 06:56 . 2009-04-06 06:56 ——– d—–w c:\program files\Trend Micro
2009-04-06 06:32 . 2009-04-06 06:32 ——– d—–w c:\program files\Java
2009-04-05 20:29 . 2009-04-25 04:00 ——– d—–w c:\program files\DJ2000
2009-04-05 19:18 . 2009-04-05 19:18 ——– d—–w c:\program files\FDRLab
2009-04-05 19:11 . 2009-04-05 19:11 ——– d—–w c:\program files\Gadwin Systems
2009-04-05 18:44 . 2009-04-05 18:45 ——– d—–w c:\program files\Windows Live Safety Center
2009-04-05 18:39 . 2009-04-05 18:39 ——– d—–w c:\documents and settings\All Users\Application Data\Messenger Plus!
2009-04-05 18:38 . 2009-04-20 05:34 ——– d—–w c:\program files\Messenger Plus! Live
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-29 08:05 . 2009-04-05 08:32 100536 —-a-w c:\documents and settings\Eigenaar\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-04-27 23:13 . 2008-04-15 12:00 82248 —-a-w c:\windows\system32\perfc013.dat
2009-04-27 23:13 . 2008-04-15 12:00 468228 —-a-w c:\windows\system32\perfh013.dat
2009-04-20 05:29 . 2009-04-05 10:54 1080 —-a-w c:\windows\AUTOLNCH.REG
2009-04-12 05:18 . 2009-04-05 08:09 ——– d–h–w c:\program files\InstallShield Installation Information
2009-04-05 11:13 . 2009-04-05 11:12 ——– d—–w c:\program files\EPSON Print CD
2009-04-05 11:07 . 2009-04-05 08:09 ——– d—–w c:\program files\Common Files\InstallShield
2009-04-05 10:54 . 2009-04-05 10:54 ——– d—–w c:\program files\Hewlett-Packard
2009-04-05 07:25 . 2009-04-05 07:25 ——– d—–w c:\program files\DAEMON Tools Lite
2009-04-05 07:23 . 2009-04-05 07:23 717296 —-a-w c:\windows\system32\drivers\sptd.sys
2009-04-05 07:20 . 2009-04-05 06:35 76487 —-a-w c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-04-05 07:11 . 2008-04-15 12:00 67 –sha-w c:\windows\Fonts\desktop.ini
2009-04-05 07:10 . 2009-04-05 06:33 22876 —-a-w c:\windows\system32\emptyregdb.dat
2009-04-05 06:36 . 2009-04-05 06:36 ——– d—–w c:\program files\microsoft frontpage
2009-03-06 14:23 . 2008-04-15 12:00 285696 —-a-w c:\windows\system32\pdh.dll
2009-03-03 00:16 . 2008-04-15 12:00 826368 —-a-w c:\windows\system32\wininet.dll
2009-02-20 17:18 . 2008-04-15 12:00 78336 —-a-w c:\windows\system32\ieencode.dll
2009-02-10 17:10 . 2008-04-14 22:11 2070400 —-a-w c:\windows\system32\ntkrnlpa.exe
2009-02-09 14:08 . 2008-04-15 12:00 1846912 —-a-w c:\windows\system32\win32k.sys
2009-02-09 11:27 . 2008-04-15 12:00 2193408 —-a-w c:\windows\system32\ntoskrnl.exe
2009-02-09 11:27 . 2008-04-15 12:00 111104 —-a-w c:\windows\system32\services.exe
2009-02-09 10:56 . 2008-04-15 12:00 734208 —-a-w c:\windows\system32\lsasrv.dll
2009-02-09 10:56 . 2008-04-15 12:00 684544 —-a-w c:\windows\system32\advapi32.dll
2009-02-09 10:56 . 2008-04-15 12:00 401408 —-a-w c:\windows\system32\rpcss.dll
2009-02-09 10:56 . 2008-04-15 12:00 735744 —-a-w c:\windows\system32\ntdll.dll
2009-02-06 16:52 . 2009-02-06 16:52 49504 —-a-w c:\windows\system32\sirenacm.dll
2009-02-06 10:39 . 2008-04-15 12:00 35328 —-a-w c:\windows\system32\sc.exe
2009-02-03 19:59 . 2008-04-15 12:00 56832 —-a-w c:\windows\system32\secur32.dll
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
“CTFMON.EXE”=“c:\windows\system32\ctfmon.exe”
“DAEMON Tools Lite”=“c:\program files\DAEMON Tools Lite\daemon.exe”
“EPSON Stylus Photo R265 Series”=“c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIBNE.EXE”
“ccleaner”=“c:\program files\CCleaner\CCleaner.exe”
“Gadwin PrintScreen 3.1”=“c:\program files\Gadwin Systems\PrintScreen\PrintScreen.exe”
“myweather”=“c:\program files\MyFreeWeather\myweather.exe”
“TomTomHOME.exe”=“c:\program files\TomTom HOME 2\TomTomHOMERunner.exe”
“SpybotSD TeaTimer”=“c:\program files\Spybot - Search & Destroy\TeaTimer.exe”
“uTorrent”=“c:\program files\uTorrent\uTorrent.exe”
“NvCplDaemon”=“c:\windows\system32\NvCpl.dll”
“NvMediaCenter”=“c:\windows\system32\NvMcTray.dll”
“NVMixerTray”=“c:\program files\NVIDIA Corporation\NvMixer\NVMixerTray.exe”
“GrooveMonitor”=“c:\program files\Microsoft Office\Office12\GrooveMonitor.exe”
“NeroFilterCheck”=“c:\windows\system32\NeroCheck.exe”
“SPAMfighter Agent”=“c:\program files\SPAMfighter\SFAgent.exe”
“Adobe Reader Speed Launcher”=“c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe”
“tsnpstd3”=“c:\windows\tsnpstd3.exe”
“snpstd3”=“c:\windows\vsnpstd3.exe”
“SunJavaUpdateSched”=“c:\program files\Java\jre6\bin\jusched.exe”
“egui”=“c:\program files\ESET\ESET NOD32 Antivirus\egui.exe”
“Ad-Watch”=“c:\program files\Lavasoft\Ad-Aware\AAWTray.exe”
“AlcxMonitor”=“ALCXMNTR.EXE” - c:\windows\ALCXMNTR.EXE
“nwiz”=“nwiz.exe” - c:\windows\system32\nwiz.exe
“BluetoothAuthenticationAgent”=“bthprops.cpl” - c:\windows\system32\bthprops.cpl
“CTFMON.EXE”=“c:\windows\system32\CTFMON.EXE”
c:\documents and settings\Eigenaar\Menu Start\Programma's\Opstarten\
OneNote 2007 Schermopname en Snel starten.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE
c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\
AutoStart IR.lnk - c:\program files\WinTV\Ir.exe
2007-02-21 19:21 43376 —-a-w c:\windows\system32\fsp_lmwl.dll
BootExecute REG_MULTI_SZ autocheck autochk *\0sprestrt
@=“Service”
“%windir%\\Network Diagnostic\\xpnetdiag.exe”=
“%windir%\\system32\\sessmgr.exe”=
“c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE”=
“c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE”=
“c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE”=
“c:\\Program Files\\uTorrent\\uTorrent.exe”=
“c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe”=
“c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe”=
“c:\\Program Files\\Java\\jre6\\bin\\java.exe”=
“c:\\Program Files\\Shareaza Applications\\Shareaza\\Shareaza.exe”=
“49500:TCP”= 49500:TCP:utoorent
“49500:UDP”= 49500:UDP:utoorent
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys
R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys
R2 CAMTHWDM;WebcamMax, WDM Video Capture;c:\windows\system32\drivers\CAMTHWDM.sys
R2 ekrn;Eset Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe
R2 SPAMfighter Update Service;SPAMfighter Update Service;c:\program files\SPAMfighter\sfus.exe
R2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe
R3 LMPC4;LMPC4;c:\windows\system32\drivers\lmpc4.sys
S2 gupdate1c9c0d0a9e91488;Google Updateservice (gupdate1c9c0d0a9e91488);c:\program files\Google\Update\GoogleUpdate.exe
S3 HauppaugeTVServer;HauppaugeTVServer;c:\progra~1\WinTV\HCWTVS~1.EXE
\Shell\AutoRun\command - I:\setupSNK.exe
.
Inhoud van de ‘Gedeelde Taken’ map
2009-04-06 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe
2009-04-08 c:\windows\Tasks\GoogleUpdateTaskMachine.job
- c:\program files\Google\Update\GoogleUpdate.exe
.
.
——- Bijkomende Scan ——-
.
uStart Page = hxxp://www.startpagina.nl/
mStart Page = hxxp://www.cooxer.com/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: {58F0277A-B5C6-4C21-9DE6-594C1D6C014D} = 192.168.1.1
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-08 14:33
Windows 5.1.2600 Service Pack 3 NTFS
scannen van verborgen processen …
scannen van verborgen autostart items …
scannen van verborgen bestanden …
Scan succesvol afgerond
verborgen bestanden: 0
**************************************************************************
.
——————— DLLs Geladen Onder Lopende Processen ———————
- - - - - - - > ‘winlogon.exe’(700)
c:\windows\system32\fsp_lmwl.dll
.
Voltooingstijd: 2009-04-08 14:34
ComboFix-quarantined-files.txt 2009-04-08 12:34
Pre-Run: 107.682.160.640 bytes beschikbaar
Post-Run: 107.686.969.344 bytes beschikbaar
WindowsXP-KB310994-SP2-Home-BootDisk-NLD.exe
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
c:\cmdcons\BOOTSECT.DAT=“Microsoft Windows Recovery Console” /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS=“Microsoft Windows XP Home Edition” /noexecute=optin /fastdetect
280 — E O F — 2009-04-30 21:15
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:37:52, on 8-4-2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\SPAMfighter\sfus.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\SPAMfighter\SFAgent.exe
C:\WINDOWS\tsnpstd3.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBNE.EXE
C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe
C:\Program Files\MyFreeWeather\myweather.exe
C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe
C:\Program Files\WinTV\Ir.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startpagina.nl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.cooxer.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: ALCXMNTR.EXE
O4 - HKLM\..\Run: RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: nwiz.exe /install
O4 - HKLM\..\Run: RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: “C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe”
O4 - HKLM\..\Run: “C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe”
O4 - HKLM\..\Run: C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: “C:\Program Files\SPAMfighter\SFAgent.exe” update delay 60
O4 - HKLM\..\Run: “C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe”
O4 - HKLM\..\Run: C:\WINDOWS\tsnpstd3.exe
O4 - HKLM\..\Run: C:\WINDOWS\vsnpstd3.exe
O4 - HKLM\..\Run: rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: “C:\Program Files\Java\jre6\bin\jusched.exe”
O4 - HKLM\..\Run: “C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe” /hide /waitservice
O4 - HKLM\..\Run: C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKCU\..\Run: C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: “C:\Program Files\DAEMON Tools Lite\daemon.exe” -autorun
O4 - HKCU\..\Run: C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBNE.EXE /FU “C:\WINDOWS\TEMP\E_S1D8.tmp” /EF “HKCU”
O4 - HKCU\..\Run: “C:\Program Files\CCleaner\CCleaner.exe” /AUTO
O4 - HKCU\..\Run: C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe /nosplash
O4 - HKCU\..\Run: “C:\Program Files\MyFreeWeather\myweather.exe” /autorun
O4 - HKCU\..\Run: “C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe”
O4 - HKCU\..\Run: C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: “C:\Program Files\uTorrent\uTorrent.exe”
O4 - HKUS\S-1-5-18\..\Run: C:\WINDOWS\system32\CTFMON.EXE (User ‘SYSTEM’)
O4 - HKUS\.DEFAULT\..\Run: C:\WINDOWS\system32\CTFMON.EXE (User ‘Default user’)
O4 - Startup: OneNote 2007 Schermopname en Snel starten.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: AutoStart IR.lnk = C:\Program Files\WinTV\Ir.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: In weblog opnemen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra ‘Tools’ menuitem: &In weblog opnemen met Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra ‘Tools’ menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra ‘Tools’ menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra ‘Tools’ menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra ‘Tools’ menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/resources/MSNPUpld.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-09.sun.com/s/ESD7/JSCDL/jdk/6u13-b03/jinstall-6u13-windows-i586-jc.cab?e=1241591650977&h=14e975ae843c43616d075b111bcffa46/&filename=jinstall-6u13-windows-i586-jc.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{58F0277A-B5C6-4C21-9DE6-594C1D6C014D}: NameServer = 192.168.1.1
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O20 - Winlogon Notify: fsp_lmwl - C:\WINDOWS\SYSTEM32\fsp_lmwl.dll
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: Google Updateservice (gupdate1c9c0d0a9e91488) (gupdate1c9c0d0a9e91488) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: HauppaugeTVServer - Hauppauge Computer Works - C:\PROGRA~1\WinTV\HCWTVS~1.EXE
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SPAMfighter Update Service - SPAMfighter ApS - C:\Program Files\SPAMfighter\sfus.exe
O23 - Service: TomTomHOMEService - TomTom - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
–
End of file - 9783 bytes
Doorzoek het forum
Zoeken met Startpagina
Startpagina Thema's
