antivirus.startpagina.nl

logje

  • Anonymous avatar

    M@ria

    Hallo,

    Ik heb een vervelende zoekbalk van marktplaats, en mijn IE en Firefox lopen geregeld vast.

    IE bevriest helemaal en kan dan niets anders dan pc handmatig uitdoen, in FF word het probleem zelf opgelost doordat alle vensters automatisch worden gesloten.

    Logfile of Trend Micro HijackThis v2.0.2

    Scan saved at 16:39:23, on 9-6-2009

    Platform: Windows Vista SP1 (WinNT 6.00.1905)

    MSIE: Internet Explorer v8.00 (8.00.6001.18702)

    Boot mode: Normal

    Running processes:

    C:\Windows\system32\taskeng.exe

    C:\Windows\system32\Dwm.exe

    C:\Windows\Explorer.EXE

    C:\Program Files\Common Files\logishrd\LComMgr\Communications_Helper.exe

    C:\Windows\RtHDVCpl.exe

    C:\Windows\System32\rundll32.exe

    C:\Program Files\Logitech\QuickCam\Quickcam.exe

    C:\Program Files\Java\jre6\bin\jusched.exe

    C:\Program Files\Windows Sidebar\sidebar.exe

    C:\Program Files\R-Wipe&Clean\rwiped.exe

    C:\Windows\ehome\ehtray.exe

    C:\Program Files\Windows Live\Messenger\msnmsgr.exe

    C:\Program Files\TomTom HOME 2\HOMERunner.exe

    C:\Program Files\Eset\nod32kui.exe

    C:\Windows\System32\rundll32.exe

    C:\Program Files\ICQ6.5\ICQ.exe

    C:\Windows\ehome\ehmsas.exe

    C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

    C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe

    C:\Program Files\Windows Live\Contacts\wlcomm.exe

    C:\Program Files\Mozilla Firefox\firefox.exe

    C:\Windows\system32\SearchFilterHost.exe

    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.aldi.com/

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

    O1 - Hosts: ::1 localhost

    O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

    O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

    O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

    O4 - HKLM\..\Run: “C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe”

    O4 - HKLM\..\Run: %ProgramFiles%\Windows Defender\MSASCui.exe -hide

    O4 - HKLM\..\Run: Skytel.exe

    O4 - HKLM\..\Run: RtHDVCpl.exe

    O4 - HKLM\..\Run: RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart

    O4 - HKLM\..\Run: RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit

    O4 - HKLM\..\Run: RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup

    O4 - HKLM\..\Run: “C:\Program Files\Eset\nod32kui.exe” /WAITSERVICE

    O4 - HKLM\..\Run: C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

    O4 - HKLM\..\Run: “C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe”

    O4 - HKLM\..\Run: “C:\Program Files\Logitech\QuickCam\Quickcam.exe” /hide

    O4 - HKLM\..\Run: “C:\Program Files\Java\jre6\bin\jusched.exe”

    O4 - HKCU\..\Run: C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

    O4 - HKCU\..\Run: C:\Program Files\R-Wipe&Clean\rwiped.exe

    O4 - HKCU\..\Run: C:\Windows\ehome\ehTray.exe

    O4 - HKCU\..\Run: “C:\Program Files\Windows Live\Messenger\msnmsgr.exe” /background

    O4 - HKCU\..\Run: “C:\Program Files\TomTom HOME 2\HOMERunner.exe”

    O4 - HKCU\..\Run: “C:\Program Files\ICQ6.5\ICQ.exe” silent

    O4 - HKUS\S-1-5-19\..\Run: %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User ‘LOCAL SERVICE’)

    O4 - HKUS\S-1-5-19\..\Run: rundll32.exe oobefldr.dll,ShowWelcomeCenter (User ‘LOCAL SERVICE’)

    O4 - HKUS\S-1-5-20\..\Run: %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User ‘NETWORK SERVICE’)

    O4 - Startup: OneNote 2007 Schermopname en Snel starten.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE

    O4 - Global Startup: Event Reminder.lnk = C:\Program Files\Broderbund\PrintMaster\PMremind.exe

    O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

    O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll

    O9 - Extra ‘Tools’ menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll

    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL

    O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe

    O9 - Extra ‘Tools’ menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe

    O13 - Gopher Prefix:

    O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll

    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

    O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe

    O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\Logishrd\SrvLnch\SrvLnch.exe

    O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe

    O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe

    O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe

    O23 - Service: R-Wipe and Clean Assistant - Unknown owner - C:\Program Files\R-Wipe&Clean\RwcNtSrv.exe

    O23 - Service: R-Wipe and Clean Task Service - Unknown owner - C:\Program Files\R-Wipe&Clean\RwcTaskService.exe

    O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe

    O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe

    End of file - 6889 bytes

    Malwarebytes' Anti-Malware 1.37

    Database versie: 2253

    Windows 6.0.6001 Service Pack 1

    9-6-2009 16:29:29

    mbam-log-2009-06-09 (16-29-29).txt

    Scan type: Snelle Scan

    Objecten gescand: 75624

    Verstreken tijd: 2 minute(s), 46 second(s)

    Geheugenprocessen geïnfecteerd: 0

    Geheugenmodulen geïnfecteerd: 0

    Registersleutels geïnfecteerd: 0

    Registerwaarden geïnfecteerd: 0

    Registerdata bestanden geïnfecteerd: 0

    Mappen geïnfecteerd: 1

    Bestanden geïnfecteerd: 2

    Geheugenprocessen geïnfecteerd:

    (Geen kwaadaardige items gevonden)

    Geheugenmodulen geïnfecteerd:

    (Geen kwaadaardige items gevonden)

    Registersleutels geïnfecteerd:

    (Geen kwaadaardige items gevonden)

    Registerwaarden geïnfecteerd:

    (Geen kwaadaardige items gevonden)

    Registerdata bestanden geïnfecteerd:

    (Geen kwaadaardige items gevonden)

    Mappen geïnfecteerd:

    C:\Program Files\premieropinion (Spyware.Agent) -> Quarantined and deleted successfully.

    Bestanden geïnfecteerd:

    c:\program files\premieropinion\pmls.dll (Spyware.Agent) -> Quarantined and deleted successfully.

    c:\program files\premieropinion\pmservice.exe (Spyware.Agent) -> Quarantined and deleted successfully.

  • Anonymous avatar

    M@ria

    IK wist niet dat deze prikpagina was gestopt met logjes lezen sorry :S

    Is er misschien iemand die een site weet waar je nog logjes kan laten lezen?

    Dank jullie wel,

    M@ria

  • Anonymous avatar

    Teaser

    Krijg je wel eens in de buurt van de vakantie. 8-)

    Download Combofix naar je Bureaublad.

    Indien je Combofix al eerder hebt gebruikt, gelieve die versie te verwijderen en Combofix opnieuw te downloaden via bovenstaande link,

    want Combofix wordt dagelijks geupdate.

    OPMERKING: indien je, tijdens of na het downloaden van Combofix of tijdens het gebruik van Combofix een melding krijgt

    van je Antivirus- of een andere realtime scanner, schakel dan deze scanner uit en download Combofix opnieuw.

    Sommige scanners zien bepaalde componenten die Combofix gebruikt als verdacht en gaan deze blokkeren of verwijderen!

    • Dubbelklik op Combofix.exe

      Volg de instructies, aanvaard de disclaimer.

      Tijdens het runnen van de fix, NIET in het venster klikken, want dit zal je pc doen vasthangen.

    Wanneer de fix voltooid is en na herstart, zal de log combofix.txt openen.

    Plaats deze log in je volgende post samen met een nieuw HijackThis log.

  • Anonymous avatar

    M@ria

    Hey bedankt voor je reactie :)

    ComboFix 09-06-14.02 - Marga en Sjoerd 15-06-2009 10:34.1 - NTFSx86

    Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.31.1043.18.2046.1238

    Gestart vanuit: c:\users\Marga en Sjoerd\Desktop\ComboFix.exe

    AV: ESET NOD32 antivirus system 2.70 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}

    SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

    * Aanwezig AV is actief

    .

    (((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))

    .

    c:\windows\TEMP\logishrd\LVPrcInj01.dll

    .

    (((((((((((((((((((( Bestanden Gemaakt van 2009-05-15 to 2009-06-15 ))))))))))))))))))))))))))))))

    .

    2009-06-13 22:11 . 2009-04-30 12:37 293376 —-a-w- c:\windows\system32\psisdecd.dll

    2009-06-13 22:11 . 2009-04-30 12:37 428544 —-a-w- c:\windows\system32\EncDec.dll

    2009-06-13 17:59 . 2009-06-08 12:00 110592 —-a-w- c:\users\Marga en Sjoerd\AppData\Roaming\Mozilla\Firefox\Profiles\r2l02mbq.default\extensions\{81BF1D23-5F17-408D-AC6B-BD6DF7CAF670}\components\XpcomOpusConnector.dll

    2009-06-13 09:53 . 2008-07-01 15:55 9115984 —-a-w- c:\users\Marga en Sjoerd\AppData\Roaming\TomTom\HOME\Profiles\y23bivnl.default\extensions\Navcore.8.014.9372@tomtom.com\8-014-9372-2.dll

    2009-06-12 21:11 . 2009-06-12 21:11 ——– d—–w- c:\program files\TomTom International B.V

    2009-06-10 06:21 . 2009-04-21 11:55 2033152 —-a-w- c:\windows\system32\win32k.sys

    2009-06-10 06:21 . 2009-04-23 12:42 636928 —-a-w- c:\windows\system32\localspl.dll

    2009-06-10 06:21 . 2009-05-09 05:50 915456 —-a-w- c:\windows\system32\wininet.dll

    2009-06-10 06:20 . 2009-05-09 05:34 71680 —-a-w- c:\windows\system32\iesetup.dll

    2009-06-10 06:20 . 2009-04-23 12:43 784896 —-a-w- c:\windows\system32\rpcrt4.dll

    2009-06-09 14:38 . 2009-06-09 14:38 ——– d—–w- c:\program files\Trend Micro

    2009-06-09 14:25 . 2009-06-09 14:25 ——– d—–w- c:\users\Marga en Sjoerd\AppData\Roaming\Malwarebytes

    2009-06-09 14:25 . 2009-05-26 11:20 40160 —-a-w- c:\windows\system32\drivers\mbamswissarmy.sys

    2009-06-09 14:25 . 2009-06-09 14:25 ——– d—–w- c:\programdata\Malwarebytes

    2009-06-09 14:25 . 2009-05-26 11:19 19096 —-a-w- c:\windows\system32\drivers\mbam.sys

    2009-06-09 14:25 . 2009-06-09 14:25 ——– d—–w- c:\program files\Malwarebytes' Anti-Malware

    2009-06-09 14:20 . 2009-06-09 14:35 ——– d—–w- c:\program files\CleanUp!

    2009-05-22 04:39 . 2009-05-22 04:39 ——– d—–w- c:\programdata\WindowsSearch

    2009-05-19 21:34 . 2009-05-19 22:07 ——– d—–w- c:\program files\ICQ6.5

    .

    ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

    .

    2009-06-15 08:41 . 2007-08-23 18:58 ——– d—–w- c:\users\Marga en Sjoerd\AppData\Roaming\R-Wipe&Clean

    2009-06-15 08:39 . 2007-08-11 13:30 12 —-a-w- c:\windows\bthservsdp.dat

    2009-06-15 08:38 . 2008-04-27 17:25 ——– d—–w- c:\users\Marga en Sjoerd\AppData\Roaming\mIRC

    2009-06-14 17:04 . 2008-04-23 11:11 ——– d—–w- c:\program files\Winamp

    2009-06-14 09:15 . 2006-11-02 16:11 670070 —-a-w- c:\windows\system32\perfh013.dat

    2009-06-14 09:15 . 2006-11-02 16:11 127694 —-a-w- c:\windows\system32\perfc013.dat

    2009-06-14 09:12 . 2008-03-30 09:28 ——– d—–w- c:\programdata\R-Wipe&Clean

    2009-06-14 03:59 . 2007-06-27 16:54 ——– d—–w- c:\programdata\Microsoft Help

    2009-06-12 21:11 . 2009-02-07 16:33 ——– d—–w- c:\program files\TomTom HOME 2

    2009-06-09 14:06 . 2008-03-20 09:14 ——– d—–w- c:\programdata\Spybot - Search & Destroy

    2009-06-09 14:00 . 2008-08-22 18:01 ——– d—–w- c:\program files\CCleaner

    2009-06-06 05:32 . 2008-03-30 09:29 137296 —-a-w- c:\users\Marga en Sjoerd\AppData\Local\GDIPFONTCACHEV1.DAT

    2009-06-06 05:21 . 2007-06-27 16:46 ——– d—–w- c:\program files\Microsoft Works

    2009-05-30 23:03 . 2007-08-23 19:32 ——– d—–w- c:\program files\JkDefrag

    2009-05-20 17:57 . 2008-04-09 08:30 ——– d—–w- c:\users\Marga en Sjoerd\AppData\Roaming\ICQ

    2009-05-20 03:45 . 2009-04-27 11:25 ——– d—–w- c:\program files\Hot Keyboard Network Suite

    2009-05-19 21:35 . 2008-04-09 08:30 ——– d—–w- c:\program files\ICQ6

    2009-05-14 01:00 . 2006-11-02 11:18 ——– d—–w- c:\program files\Windows Mail

    2009-05-06 10:22 . 2007-07-19 09:23 ——– d—–w- c:\users\Marga en Sjoerd\AppData\Roaming\Hot Keyboard

    2009-04-22 16:31 . 2008-10-29 22:17 ——– d—–w- c:\program files\Messenger Plus! Live

    2009-04-21 20:13 . 2009-02-12 07:29 ——– d—–w- c:\users\Marga en Sjoerd\AppData\Roaming\Winamp

    2009-04-21 20:13 . 2008-08-01 11:41 ——– d–h–w- c:\programdata\CanonBJ

    2009-04-19 19:52 . 2009-04-19 19:52 ——– d—–w- c:\programdata\CanonBJ(190)

    2009-04-19 19:50 . 2009-04-19 19:50 ——– d—–w- c:\program files\CanonBJ

    .

    ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

    .

    .

    *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

    REGEDIT4

    “Sidebar”=“c:\program files\Windows Sidebar\sidebar.exe”

    “RWipeD”=“c:\program files\R-Wipe&Clean\rwiped.exe”

    “ehTray.exe”=“c:\windows\ehome\ehTray.exe”

    “MsnMsgr”=“c:\program files\Windows Live\Messenger\msnmsgr.exe”

    “TomTomHOME.exe”=“c:\program files\TomTom HOME 2\TomTomHOMERunner.exe”

    “ICQ”=“c:\program files\ICQ6.5\ICQ.exe”

    “LogitechCommunicationsManager”=“c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe”

    “NvSvc”=“c:\windows\system32\nvsvc.dll”

    “NvMediaCenter”=“c:\windows\system32\NvMcTray.dll”

    “NvCplDaemon”=“c:\windows\system32\NvCpl.dll”

    “nod32kui”=“c:\program files\Eset\nod32kui.exe”

    “NeroFilterCheck”=“c:\program files\Common Files\Ahead\Lib\NeroCheck.exe”

    “Adobe Reader Speed Launcher”=“c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe”

    “LogitechQuickCamRibbon”=“c:\program files\Logitech\QuickCam\Quickcam.exe”

    “SunJavaUpdateSched”=“c:\program files\Java\jre6\bin\jusched.exe”

    “Skytel”=“Skytel.exe” - c:\windows\SkyTel.exe

    “RtHDVCpl”=“RtHDVCpl.exe” - c:\windows\RtHDVCpl.exe

    c:\users\Marga en Sjoerd\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

    OneNote 2007 Schermopname en Snel starten.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE

    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

    Event Reminder.lnk - c:\program files\Broderbund\PrintMaster\PMremind.exe

    Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

    “EnableUIADesktopToggle”= 0 (0x0)

    “aux9”=wdmaud.drv

    BootExecute REG_MULTI_SZ autocheck autochk *\0RwcLkRen c:\windows\system32\RwcLkCfg

    @=“Service”

    “{E2D79F53-7D0B-4A3E-AD91-6FF8479238AA}”= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote

    “{F8804237-D9EA-44B1-88D6-79BA29337E09}”= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote

    “TCP Query User{5B1ACDBC-D5A4-42D6-8F2F-68B19B5A6288}c:\\program files\\internet explorer\\iexplore.exe”= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer

    “UDP Query User{4B765B5C-354B-45DC-97C9-A440C2FF4C78}c:\\program files\\internet explorer\\iexplore.exe”= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer

    “TCP Query User{AA8E00FC-77AE-43FB-BBF6-999C2A441324}c:\\program files\\winpcap\\rpcapd.exe”= UDP:c:\program files\winpcap\rpcapd.exe:Remote Packet Capture Daemon

    “UDP Query User{1693EB87-8BDE-4059-A049-42CFD8AC7136}c:\\program files\\winpcap\\rpcapd.exe”= TCP:c:\program files\winpcap\rpcapd.exe:Remote Packet Capture Daemon

    “TCP Query User{FF98C572-B771-4367-9807-718E93E58ADF}c:\\program files\\mozilla firefox\\firefox.exe”= UDP:c:\program files\mozilla firefox\firefox.exe:Firefox

    “UDP Query User{0559A977-DA3E-4630-9950-F4F6A5551096}c:\\program files\\mozilla firefox\\firefox.exe”= TCP:c:\program files\mozilla firefox\firefox.exe:Firefox

    “TCP Query User{258FA0CC-5EDD-438D-8289-BCBDD00C12CF}c:\\program files\\skype\\phone\\skype.exe”= Disabled:UDP:c:\program files\skype\phone\skype.exe:Skype. Take a deep breath

    “UDP Query User{BDE79DC2-E403-4362-922F-29BEF7397AE3}c:\\program files\\skype\\phone\\skype.exe”= Disabled:TCP:c:\program files\skype\phone\skype.exe:Skype. Take a deep breath

    “TCP Query User{F51EF9CC-5EBE-4CFF-9CED-C0043291BD81}c:\\program files\\soldier of fortune ii - double helix mp test\\sof2mp-test.exe”= UDP:c:\program files\soldier of fortune ii - double helix mp test\sof2mp-test.exe:SoF2MP-Test

    “UDP Query User{0F2555D4-4188-4A45-B8F7-F27C54D1DD65}c:\\program files\\soldier of fortune ii - double helix mp test\\sof2mp-test.exe”= TCP:c:\program files\soldier of fortune ii - double helix mp test\sof2mp-test.exe:SoF2MP-Test

    “{EEBF24F8-8C49-46DE-B3F9-94ACE4B25D56}”= UDP:c:\program files\LimeWire\LimeWire.exe:LimeWire

    “{EB027044-E93F-46F0-886D-C9E4954C7D34}”= TCP:c:\program files\LimeWire\LimeWire.exe:LimeWire

    “TCP Query User{7E5CD50E-8112-4115-92FF-F6294AD2BD6B}c:\\program files\\icq6\\icq.exe”= UDP:c:\program files\icq6\icq.exe:ICQ Library

    “UDP Query User{549AD63E-01C6-4068-BD24-CFBC1DD1905E}c:\\program files\\icq6\\icq.exe”= TCP:c:\program files\icq6\icq.exe:ICQ Library

    “{FA0046F8-D81B-4159-9D80-202FFE0CC6A8}”= UDP:c:\program files\Winamp Remote\bin\Orb.exe:Orb

    “{DFAD7987-B51B-4988-A891-6247928589ED}”= TCP:c:\program files\Winamp Remote\bin\Orb.exe:Orb

    “{C9C6F238-0F8E-4A20-84DF-4D9697FA0674}”= UDP:c:\program files\Winamp Remote\bin\OrbTray.exe:OrbTray

    “{6BCAE878-A795-48EF-BE13-9C5EC5D81652}”= TCP:c:\program files\Winamp Remote\bin\OrbTray.exe:OrbTray

    “{7511C993-C01F-4DD2-B884-BBE83D31BC4E}”= UDP:c:\program files\Winamp Remote\bin\OrbIR.exe:OrbIR

    “{A196FAFB-015B-42EE-A412-4F1937463A5E}”= TCP:c:\program files\Winamp Remote\bin\OrbIR.exe:OrbIR

    “{B75A4448-DCDE-43E2-9004-184B08A5529B}”= UDP:c:\program files\Winamp Remote\bin\OrbStreamerClient.exe:Orb Stream Client

    “{CABA9E48-7F7B-4ECC-8615-8BFDDBD5DECE}”= TCP:c:\program files\Winamp Remote\bin\OrbStreamerClient.exe:Orb Stream Client

    “TCP Query User{1FCE6798-BA43-4866-9A30-8C38FB0209A3}c:\\program files\\mirc\\mirc.exe”= UDP:c:\program files\mirc\mirc.exe:mIRC

    “UDP Query User{FA91B63B-C17C-47C3-9DDE-43B2A174793C}c:\\program files\\mirc\\mirc.exe”= TCP:c:\program files\mirc\mirc.exe:mIRC

    “{9869C259-7E2E-4B6B-8C52-D0E482CB1993}”= UDP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader

    “{0D5CCA65-E056-4CCA-8FF7-895FC7716C8A}”= TCP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader

    “{B17CF76F-6705-48C3-83C1-9CBF305A82D6}”= UDP:c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger

    “{AF0C3119-FBF3-4CDC-9B28-E166218728AB}”= TCP:c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger

    “{736B9C0C-6477-45C7-8758-9E3B20DBCC8B}”= UDP:c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger

    “{5DC18FCE-6CF4-4BD4-B4DC-60F715797B77}”= TCP:c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger

    “{2954C0C8-EBF6-4747-8B4C-05363AE02FCF}”= UDP:c:\program files\AIM6\aim6.exe:AIM

    “{91AB300C-EDA8-4A3D-9BFF-E006116A3059}”= TCP:c:\program files\AIM6\aim6.exe:AIM

    “{AEAD1598-EA88-40B0-93F8-973C58743779}”= c:\program files\Skype\Phone\Skype.exe:Skype

    “TCP Query User{DD76A13C-70A0-4A9B-BC47-7986B9D58371}c:\\program files\\limewire plus\\limewire.exe”= UDP:c:\program files\limewire plus\limewire.exe:LimeWire

    “UDP Query User{484E5024-2FD6-43DE-AABA-A7379830BAA4}c:\\program files\\limewire plus\\limewire.exe”= TCP:c:\program files\limewire plus\limewire.exe:LimeWire

    “TCP Query User{E0F5EF1A-65AF-41C3-A762-25C583E23AFE}c:\\program files\\mirc\\mirc.exe”= UDP:c:\program files\mirc\mirc.exe:mIRC

    “UDP Query User{FCC0C851-1171-4BDC-9B3D-4BCBFA665A34}c:\\program files\\mirc\\mirc.exe”= TCP:c:\program files\mirc\mirc.exe:mIRC

    R0 ViBus;ViBus;c:\windows\System32\drivers\ViBus.sys

    R0 ViPrt;VIA SATA IDE Device Driver;c:\windows\System32\drivers\ViPrt.sys

    R1 nod32drv;nod32drv;c:\windows\System32\drivers\nod32drv.sys

    R2 R-Wipe and Clean Task Service;R-Wipe and Clean Task Service;c:\program files\R-Wipe&Clean\RwcTaskService.exe

    R2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe

    R3 Ph3xIB32;Philips 713x Inbox PCI TV Card;c:\windows\System32\drivers\Ph3xIB32.sys

    R3 X10Hid;X10 Hid Device;c:\windows\System32\drivers\x10hid.sys

    S2 R-Wipe and Clean Assistant;R-Wipe and Clean Assistant;c:\program files\R-Wipe&Clean\RwcNtSrv.exe

    S3 3xHybrid;Philips SAA713x PCI Card;c:\windows\System32\drivers\3xHybrid.sys

    S3 NPF;NetGroup Packet Filter Driver;c:\windows\System32\drivers\npf.sys

    bthsvcs REG_MULTI_SZ BthServ

    “c:\windows\System32\rundll32.exe” “c:\windows\System32\iedkcs32.dll”,BrandIEActiveSetup SIGNUP

    .

    Inhoud van de ‘Gedeelde Taken’ map

    .

    .

    ——- Bijkomende Scan ——-

    .

    uStart Page = hxxp://www.google.nl/

    Trusted Zone: sbs6.nl\www

    Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll

    FF - ProfilePath - c:\users\Marga en Sjoerd\AppData\Roaming\Mozilla\Firefox\Profiles\r2l02mbq.default\

    FF - prefs.js: browser.search.selectedEngine - Marktplaats.nl

    FF - prefs.js: browser.startup.homepage - hxxp://yarold.eu/phpBB2/

    FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll

    FF - component: c:\users\Marga en Sjoerd\AppData\Roaming\Mozilla\Firefox\Profiles\r2l02mbq.default\extensions\{81BF1D23-5F17-408D-AC6B-BD6DF7CAF670}\components\XpcomOpusConnector.dll

    FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll

    FF - plugin: c:\program files\Mozilla Firefox\plugins\NpFv415.dll

    FF - plugin: c:\program files\VistaCodecPack\rm\browser\plugins\nppl3260.dll

    FF - plugin: c:\program files\VistaCodecPack\rm\browser\plugins\nprpjplug.dll

    .

    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

    Rootkit scan 2009-06-15 10:41

    Windows 6.0.6001 Service Pack 1 NTFS

    scannen van verborgen processen …

    scannen van verborgen autostart items …

    scannen van verborgen bestanden …

    c:\users\Marga en Sjoerd\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#cache.hyves-static.net

    Scan succesvol afgerond

    verborgen bestanden: 1

    **************************************************************************

    .

    ——————— DLLs Geladen Onder Lopende Processen ———————

    - - - - - - - > ‘Explorer.exe’(7048)

    c:\windows\TEMP\logishrd\LVPrcInj01.dll

    .

    ———————— Andere Aktieve Processen ————————

    .

    c:\windows\System32\audiodg.exe

    c:\program files\Common Files\LightScribe\LSSrvc.exe

    c:\program files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe

    c:\program files\ESET\nod32krn.exe

    c:\progra~1\COMMON~1\X10\Common\X10nets.exe

    c:\windows\System32\WUDFHost.exe

    c:\windows\System32\CF4231.exe

    c:\windows\System32\rundll32.exe

    c:\windows\System32\rundll32.exe

    c:\program files\R-Wipe&Clean\RwcRun.exe

    c:\windows\ehome\ehmsas.exe

    c:\program files\Common Files\logishrd\LQCVFX\COCIManager.exe

    c:\program files\R-Wipe&Clean\RPrivSvc.exe

    c:\windows\System32\wbem\WMIADAP.exe

    c:\windows\servicing\TrustedInstaller.exe

    .

    **************************************************************************

    .

    Voltooingstijd: 2009-06-15 10:47 - machine werd herstart

    ComboFix-quarantined-files.txt 2009-06-15 08:47

    Pre-Run: 224.815.132.672 bytes beschikbaar

    Post-Run: 224.575.819.776 bytes beschikbaar

    210 — E O F — 2009-06-14 04:00

    ——————————————

    Logfile of Trend Micro HijackThis v2.0.2

    Scan saved at 16:39:23, on 9-6-2009

    Platform: Windows Vista SP1 (WinNT 6.00.1905)

    MSIE: Internet Explorer v8.00 (8.00.6001.18702)

    Boot mode: Normal

    Running processes:

    C:\Windows\system32\taskeng.exe

    C:\Windows\system32\Dwm.exe

    C:\Windows\Explorer.EXE

    C:\Program Files\Common Files\logishrd\LComMgr\Communications_Helper.exe

    C:\Windows\RtHDVCpl.exe

    C:\Windows\System32\rundll32.exe

    C:\Program Files\Logitech\QuickCam\Quickcam.exe

    C:\Program Files\Java\jre6\bin\jusched.exe

    C:\Program Files\Windows Sidebar\sidebar.exe

    C:\Program Files\R-Wipe&Clean\rwiped.exe

    C:\Windows\ehome\ehtray.exe

    C:\Program Files\Windows Live\Messenger\msnmsgr.exe

    C:\Program Files\TomTom HOME 2\HOMERunner.exe

    C:\Program Files\Eset\nod32kui.exe

    C:\Windows\System32\rundll32.exe

    C:\Program Files\ICQ6.5\ICQ.exe

    C:\Windows\ehome\ehmsas.exe

    C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

    C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe

    C:\Program Files\Windows Live\Contacts\wlcomm.exe

    C:\Program Files\Mozilla Firefox\firefox.exe

    C:\Windows\system32\SearchFilterHost.exe

    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.aldi.com/

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

    O1 - Hosts: ::1 localhost

    O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

    O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

    O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

    O4 - HKLM\..\Run: “C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe”

    O4 - HKLM\..\Run: %ProgramFiles%\Windows Defender\MSASCui.exe -hide

    O4 - HKLM\..\Run: Skytel.exe

    O4 - HKLM\..\Run: RtHDVCpl.exe

    O4 - HKLM\..\Run: RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart

    O4 - HKLM\..\Run: RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit

    O4 - HKLM\..\Run: RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup

    O4 - HKLM\..\Run: “C:\Program Files\Eset\nod32kui.exe” /WAITSERVICE

    O4 - HKLM\..\Run: C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

    O4 - HKLM\..\Run: “C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe”

    O4 - HKLM\..\Run: “C:\Program Files\Logitech\QuickCam\Quickcam.exe” /hide

    O4 - HKLM\..\Run: “C:\Program Files\Java\jre6\bin\jusched.exe”

    O4 - HKCU\..\Run: C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

    O4 - HKCU\..\Run: C:\Program Files\R-Wipe&Clean\rwiped.exe

    O4 - HKCU\..\Run: C:\Windows\ehome\ehTray.exe

    O4 - HKCU\..\Run: “C:\Program Files\Windows Live\Messenger\msnmsgr.exe” /background

    O4 - HKCU\..\Run: “C:\Program Files\TomTom HOME 2\HOMERunner.exe”

    O4 - HKCU\..\Run: “C:\Program Files\ICQ6.5\ICQ.exe” silent

    O4 - HKUS\S-1-5-19\..\Run: %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User ‘LOCAL SERVICE’)

    O4 - HKUS\S-1-5-19\..\Run: rundll32.exe oobefldr.dll,ShowWelcomeCenter (User ‘LOCAL SERVICE’)

    O4 - HKUS\S-1-5-20\..\Run: %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User ‘NETWORK SERVICE’)

    O4 - Startup: OneNote 2007 Schermopname en Snel starten.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE

    O4 - Global Startup: Event Reminder.lnk = C:\Program Files\Broderbund\PrintMaster\PMremind.exe

    O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

    O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll

    O9 - Extra ‘Tools’ menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll

    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL

    O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe

    O9 - Extra ‘Tools’ menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe

    O13 - Gopher Prefix:

    O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll

    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

    O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe

    O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\Logishrd\SrvLnch\SrvLnch.exe

    O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe

    O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe

    O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe

    O23 - Service: R-Wipe and Clean Assistant - Unknown owner - C:\Program Files\R-Wipe&Clean\RwcNtSrv.exe

    O23 - Service: R-Wipe and Clean Task Service - Unknown owner - C:\Program Files\R-Wipe&Clean\RwcTaskService.exe

    O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe

    O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe

    End of file - 6889 bytes

  • Anonymous avatar

    Teaser

    Logjes zien er goed uit.

    Ga even naar start > uitvoeren en type daar combofix /U en klik op oke

    Hoe staat het nu met je probleem

  • Anonymous avatar

    M@ria

    Bedankt voor het kijken.

    Ik ben erg opgelucht dat alles goed is volgens jou.

    Die marktplaats balk begin ik al aan te wennen, dus we laten het mooi zo.

    IE is nog niet vastgelopen vandaag.

  • Anonymous avatar

    Teaser

    Kijk het nog even aan dan en anders horen we het graag (tu)