antivirus.startpagina.nl

traag na installatie fifa 10

  • Anonymous avatar

    marcel

    Bedankt. Derk en Argus, Dat van die support exe vroeg mijn pc,tje ook steeds om. Wilde ie wat aanmaken of zo.

    Maar ehh kan ik dan nu fixen?

  • Anonymous avatar

    marcel

    Bedankt Argus,

    In cofiguratie>software is niets te vinden van fifa 10. Daar kan ik dus geen software verwijderen.

    Wat is het verschil tussen fixen en van je pc verwijderen. Ik begrijp het verschil eerlijk gezegd niet.

    Wat moet ik nu doen?

  • Anonymous avatar

    Argus

    Hijack This

    Sluit alle vensters en start Hijack This

    Klik : Do a Systemscan only

    Zet een vinkje in het hokje voor:

    R3 - URLSearchHook: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\pdfforge Toolbar\SearchSettings.dll

    O2 - BHO: pdfforge Toolbar - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\pdfforgeToolbarIE.dll

    O2 - BHO: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\pdfforge Toolbar\SearchSettings.dll

    O3 - Toolbar: pdfforge Toolbar - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\pdfforgeToolbarIE.dll

    O4 - HKLM\..\Run: C:\Program Files\pdfforge Toolbar\SearchSettings.exe

    O4 - HKLM\..\Run: C:\Program Files\FIFA 10\FIFA 10 support.exe

    O4 - HKLM\..\Policies\Explorer\Run: C:\Program Files\FIFA 10\FIFA 10 support.exe

    O4 - HKCU\..\Policies\Explorer\Run: C:\Program Files\FIFA 10\FIFA 10 support.exe

    Klik op 'Fix checked' om de items te verwijderen.

    Internet Explorer moet gesloten zijn als je Fix Checked klikt

    Maak een nieuwe Map aan op je Bureaublad

    Download List_Kill’em.zip daar naar toe

    Pak het Programma uit

    Dubbelklik List_Kill’em.exe

    dan uitvoeren

    Kies in het venster “Choice” choose: E =English

    Kies in het venster “Choice” choose a number and Enter 1 =Search mode

    De scan wordt gestart. Note: De scan bij "Test Rootkits"kan enige tijd duren

    Aan het eind van de scan komen er twee logfiles

    Catchme.log en C:\List’em.txt post de inhoud van beide in je volgende antwoord

  • Anonymous avatar

    Argus

    Hoi,Marcel

    Het gaat mij niet om je voornaam maar je meld je hier aan als lima(at)prettel.nl

    Als dit ook je echte Emailadres is ontvang je in de toekomst veel Spammails

  • Anonymous avatar

    Derk

    Hoi argus waarom een rootkit? heb je een link met uitleg? Leer nl graag.

  • Anonymous avatar

    Argus

    Steeds meer scanners gebruiken programma's van Gmer om Rootkits op te sporen in Kill'em zit ook zo'n tool

    De laatste tijd zijn de infecties niet meer alleen een Trojan of virus maar steeds meer een Rootkit infectie

  • Anonymous avatar

    marcel

    Beste Argus, was een paar dagen weg, vandaar mijn late reactie. Kan ik mijn e mail adres alsnog verbergen? Ik kon in mijn profiel niets vinden.

    grt marcel

  • Anonymous avatar

    Jos H

    Zet in je profiel bij echte naam je nickname.

  • Anonymous avatar

    marcel

    Argus, hierbij mijn log files

    Ik hoor graag van je.

    grt marcel

    ps bvd

    ====================================

    List'em by g3n-h@ckm@n 1.1.5.2

    Thx to Chiquitine29…..& CCM team

    User : Marcel (Administrators) # MARCEL

    Update on 14/12/2009 by g3n-h@ckm@n ::::: 00:00

    Start at: 22:27:18 | 22-12-2009

    Contact : g3n-h@ckm@n sur CCM

    Intel Pentium III-processor

    Microsoft Windows XP Home Edition (5.1.2600 32-bit) # Service Pack 3

    Internet Explorer 8.0.6001.18702

    Windows Firewall Status : Enabled

    AV : avast! antivirus 4.8.1368 4.8.1368

    A:\ -> 3,5-inch diskettestation

    C:\ -> Lokale vaste schijf | 19,53 Go (875,14 Mo free) | NTFS

    D:\ -> Lokale vaste schijf | 9,08 Go (9 Go free) | NTFS

    E:\ -> Cd-rom-schijf

    F:\ -> Cd-rom-schijf

    ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Processes running

    C:\WINDOWS\System32\smss.exe 292

    C:\WINDOWS\system32\csrss.exe 348

    C:\WINDOWS\system32\winlogon.exe 372

    C:\WINDOWS\system32\services.exe 416

    C:\WINDOWS\system32\lsass.exe 428

    C:\WINDOWS\system32\svchost.exe 588

    C:\WINDOWS\system32\svchost.exe 636

    C:\WINDOWS\System32\svchost.exe 676

    C:\WINDOWS\system32\svchost.exe 716

    C:\WINDOWS\system32\svchost.exe 908

    C:\WINDOWS\system32\svchost.exe 944

    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe 1036

    C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe 1052

    C:\WINDOWS\Explorer.EXE 1064

    C:\Program Files\Alwil Software\Avast4\ashServ.exe 1112

    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe 1300

    C:\Program Files\Common Files\Real\Update_OB\realsched.exe 1320

    C:\WINDOWS\system32\rundll32.exe 1368

    C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe 1376

    C:\Program Files\Common Files\MyPoiWorld Shared\MyPoiMonitor\MyPoiMonitor.exe 1384

    C:\Program Files\Java\jre6\bin\jusched.exe 1436

    C:\WINDOWS\system32\ctfmon.exe 1460

    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe 1476

    C:\Program Files\Microsoft ActiveSync\Wcescomm.exe 1484

    C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe 1500

    C:\PROGRA~1\MICROS~2\rapimgr.exe 1564

    C:\WINDOWS\system32\spoolsv.exe 1848

    C:\WINDOWS\system32\svchost.exe 1212

    C:\WINDOWS\system32\svchost.exe 812

    C:\Program Files\Java\jre6\bin\jqs.exe 1332

    C:\Program Files\Common Files\LightScribe\LSSrvc.exe 1260

    C:\WINDOWS\system32\svchost.exe 1940

    C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe 2012

    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe 2420

    C:\WINDOWS\system32\wbem\unsecapp.exe 2468

    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe 2524

    C:\WINDOWS\system32\wbem\wmiprvse.exe 2600

    C:\WINDOWS\System32\svchost.exe 3220

    C:\Documents and Settings\Marcel\Bureaublad\list kill\List_Kill'em.exe 3400

    C:\WINDOWS\system32\cmd.exe 344

    C:\WINDOWS\system32\wbem\wmiprvse.exe 3272

    C:\Documents and Settings\Marcel\Local Settings\Temp\18.tmp\pv.exe 2792

    ======================

    Keys “Run”

    ======================

    CTFMON.EXE REG_SZ C:\WINDOWS\system32\ctfmon.exe

    SpybotSD TeaTimer REG_SZ C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

    H/PC Connection Agent REG_SZ “C:\Program Files\Microsoft ActiveSync\Wcescomm.exe”

    TomTomHOME.exe REG_SZ “C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe”

    avast! REG_SZ C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

    HPDJ Taskbar Utility REG_SZ C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe

    UnlockerAssistant REG_SZ C:\Program Files\Unlocker\UnlockerAssistant.exe

    UMonit REG_SZ C:\WINDOWS\system32\umonit.exe

    TkBellExe REG_SZ “C:\Program Files\Common Files\Real\Update_OB\realsched.exe” -osboot

    NeroFilterCheck REG_SZ C:\WINDOWS\system32\NeroCheck.exe

    UserFaultCheck REG_EXPAND_SZ %systemroot%\system32\dumprep 0 -u

    KernelFaultCheck REG_EXPAND_SZ %systemroot%\system32\dumprep 0 -k

    BluetoothAuthenticationAgent REG_SZ rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent

    Ad-Watch REG_SZ C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe

    MyPoi Monitor REG_SZ “C:\Program Files\Common Files\MyPoiWorld Shared\MyPoiMonitor\MyPoiMonitor.exe”

    SunJavaUpdateSched REG_SZ “C:\Program Files\Java\jre6\bin\jusched.exe”

    Adobe Reader Speed Launcher REG_SZ “C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe”

    Adobe ARM REG_SZ “C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe”

    =====================

    Other Keys

    =====================

    dontdisplaylastusername REG_DWORD 0 (0x0)

    legalnoticecaption REG_SZ

    legalnoticetext REG_SZ

    shutdownwithoutlogon REG_DWORD 1 (0x1)

    undockwithoutlogon REG_DWORD 1 (0x1)

    ===============

    NoDriveTypeAutoRun REG_DWORD 145 (0x91)

    ===============

    HonorAutoRunSetting REG_DWORD 1 (0x1)

    ===============

    AppInit_DLLS REG_SZ

    ===============

    ===============

    {AEB6717E-7E19-11d0-97EE-00C04FD91972} REG_SZ

    ===============

    %windir%\system32\sessmgr.exe REG_SZ %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019

    C:\Program Files\uTorrent\uTorrent.exe REG_SZ C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent

    C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE REG_SZ C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE:*:Enabled:Connection Manager

    C:\Program Files\Microsoft ActiveSync\rapimgr.exe REG_SZ C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager

    C:\Program Files\Microsoft ActiveSync\WCESMgr.exe REG_SZ C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application

    C:\Program Files\MyPoi Manager\MyPoiManager.exe REG_SZ C:\Program Files\MyPoi Manager\MyPoiManager.exe:*:Enabled:MyPoi Manager

    C:\Program Files\Nokia\Nokia Software Updater\nsu_ui_client.exe REG_SZ C:\Program Files\Nokia\Nokia Software Updater\nsu_ui_client.exe:*:Enabled:Nokia Software Updater

    C:\Program Files\Common Files\Nokia\Service Layer\A\nsl_host_process.exe REG_SZ C:\Program Files\Common Files\Nokia\Service Layer\A\nsl_host_process.exe:*:Enabled:Nokia Service Layer Host Process

    C:\Program Files\Internet Explorer\iexplore.exe REG_SZ C:\Program Files\Internet Explorer\iexplore.exe:*:Enabled:Internet Explorer

    %windir%\system32\sessmgr.exe REG_SZ %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019

    C:\Program Files\Microsoft ActiveSync\rapimgr.exe REG_SZ C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager

    C:\Program Files\Microsoft ActiveSync\wcescomm.exe REG_SZ C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager

    C:\Program Files\Microsoft ActiveSync\WCESMgr.exe REG_SZ C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application

    ===============

    BHO :

    ======

    ================

    Internet Explorer :

    ================

    Start Page REG_SZ http://go.microsoft.com/fwlink/?LinkId=69157

    Start Page REG_SZ http://www.google.nl/

    ========

    Services

    ========

    Ndisuio : 0x3

    EapHost : 0x3

    SharedAccess : 0x2

    wuauserv : 0x2

    =========

    C:\Autorun.inf :

    —————-

    shellexecute = FIFA10-CDrun.exe

    D:\Autorun.inf :

    —————-

    shellexecute = FIFA10-CDrun.exe

    =======

    Drive :

    =======

    Windows Schijfdefragmentatie

    Copyright © 2001 Microsoft Corp. en Executive Software International Inc.

    Analyserapport

    19,53 GB Totaal, 875 MB (4%) Beschikbaar, 24% Gefragmenteerd (37% bestandsfragmentatie)

    Het is aan te bevelen om dit volume te defragmenteren.

    ¤¤¤¤¤¤¤¤¤¤ Files/folders :

    C:\WINDOWS\System32\_000111_.tmp.dll

    C:\WINDOWS\System32\SET2F.tmp

    C:\WINDOWS\System32\SET32.tmp

    C:\WINDOWS\System32\SET41.tmp

    C:\WINDOWS\System32\SET7E.tmp

    C:\WINDOWS\System32\SET84.tmp

    C:\WINDOWS\System32\SET8D.tmp

    C:\WINDOWS\System32\SETF.tmp

    C:\Documents and Settings\Marcel\Application Data\Search Settings

    C:\Documents and Settings\Marcel\LOCAL Settings\Temp\FIFA10.exe

    C:\Documents and Settings\Marcel\LOCAL Settings\Temp\Nokia_PC_Suite_7_1_40_1_dut.exe

    C:\Documents and Settings\Marcel\LOCAL Settings\Temp\setup.exe

    C:\Documents and Settings\Marcel\LOCAL Settings\Temp\_is2.exe

    ¤¤¤¤¤¤¤¤¤¤ Keys :

    “HKCU\Software\Microsoft\Internet Explorer\LowRegistry\Search Settings”

    “HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Install.exe”

    “HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Setup.exe”

    “HKLM\Software\Search Settings”

    HKLM\SOFTWARE\Classes\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}

    HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\76DA9915C36F3D742951F63351CF5C97

    HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\9B0B0584E80456A4FB98DA3973B1EB3F

    HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\A89F1E0FE544529429C8BF82FE74CE39

    HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\C9667115F6A9CE340B31B63B680FF26F

    HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\EFB70E89C3D6D354596520DE424F89D6

    HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\F49A213B5069AC348994D03F81B56C19

    HKLM\Software\pdfforge

    ================

    Other infections

    ================

    catchme 0.3.1398.3 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

    Rootkit scan 2009-12-22 22:30:58

    Windows 5.1.2600 Service Pack 3 NTFS

    scanning hidden processes …

    scanning hidden services & system hive …

    “001ea47675e1”=hex:ab,06,99,5f,a3,bb,91,fd,8c,6f,e2,8d,4a,97,34,d1

    “001ea47675e1”=hex:ab,06,99,5f,a3,bb,91,fd,8c,6f,e2,8d,4a,97,34,d1

    “001ea47675e1”=hex:ab,06,99,5f,a3,bb,91,fd,8c,6f,e2,8d,4a,97,34,d1

    scanning hidden registry entries …

    “abljpopeagnhipfhgehlfelbedchmiofkb”=hex:61,61,00,00

    “bbljpopeagnhipfhgeklihiamjoggaehaijb”=hex:61,61,00,00

    scanning hidden files …

    scan completed successfully

    hidden processes: 0

    hidden services: 0

    hidden files: 0

    Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

    device: opened successfully

    user: MBR read successfully

    kernel: MBR read successfully

    user & kernel MBR OK

    ==========

    Programs

    ==========

    Activision

    Adobe

    Ahead

    Alwil Software

    Astonsoft

    AvantGo Connect

    Belastingdienst 2007

    Belastingdienst aangifte 2008

    Canon

    CheckPoint

    CleanUp!

    Common Files

    ComPlus Applications

    Convar

    Creative

    D-fotos Bestelsoftware

    DIFX

    FIFA 10

    Free WMA to MP3 Converter

    FTDv3.8

    Google

    Hewlett-Packard

    Hexacto Games

    hp deskjet 840c series

    Infogrames

    InstallShield Installation Information

    Intel

    Internet Explorer

    Java

    K-Lite

    K-Lite Codec Pack

    Lavasoft

    Malwarebytes' Anti-Malware

    Messenger

    Microsoft ActiveSync

    microsoft frontpage

    Microsoft Office

    Microsoft Visual Studio

    Mjuice Media Player

    Movie Maker

    Mozilla Firefox

    MSN Gaming Zone

    MSXML 4.0

    MyPoi Manager

    NCH Swift Sound

    NetMeeting

    Nokia

    Online Services

    Outlook Express

    Passware

    PC Connectivity Solution

    PDFCreator

    pdfforge Toolbar

    Real

    Samsung

    Spybot - Search & Destroy

    TomTom HOME 2

    TomTom International B.V

    Trend Micro

    Uninstall Information

    Unlocker

    uTorrent

    vso

    Winamp

    Windows Media Connect 2

    Windows Media Player

    Windows NT

    WindowsUpdate

    WinRAR

    WinZip

    winzip100.exe

    xerox

    XnView

    ============

    Lecteur C:

    ============

    aaw7boot.log

    ASLog.txt

    AUTOEXEC.BAT

    Autorun.inf

    Backup1

    boot.ini

    Bootfont.bin

    Coldplay.Viva La Vida - CD with Vid and Cover - 320Kbps.rar

    CONFIG.SYS

    conmgr.log

    DJ ™tzi & Nik P. - Ein Stern (der deinen Namen tr„gt).rar

    Documents and Settings

    FIFA10-CDrun.exe

    Guru_Josh_Project_-_Infinity_2008 BY KRIZZ.rar

    hiberfil.sys

    IO.SYS

    Kill'em

    List'em.txt

    marcel2 op Basiscomputer (Marcel)

    MPA

    MSDOS.SYS

    NServer.log

    NTDETECT.COM

    ntldr

    pagefile.sys

    Program Files

    RECYCLER

    SetupFTD3.8.1.zip

    System Volume Information

    temp.log

    W31098795H1400A0111.doc

    WINDOWS

    ¤¤¤¤¤¤¤¤¤¤ Cracks | Keygens | Serials

    ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤( EOF )¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

  • Anonymous avatar

    marcel

    En hierbij de catch me log

    ==================================

    catchme 0.3.1398.3 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

    Rootkit scan 2009-12-22 22:30:58

    Windows 5.1.2600 Service Pack 3 NTFS

    scanning hidden processes …

    scanning hidden services & system hive …

    “001ea47675e1”=hex:ab,06,99,5f,a3,bb,91,fd,8c,6f,e2,8d,4a,97,34,d1

    “001ea47675e1”=hex:ab,06,99,5f,a3,bb,91,fd,8c,6f,e2,8d,4a,97,34,d1

    “001ea47675e1”=hex:ab,06,99,5f,a3,bb,91,fd,8c,6f,e2,8d,4a,97,34,d1

    scanning hidden registry entries …

    “abljpopeagnhipfhgehlfelbedchmiofkb”=hex:61,61,00,00

    “bbljpopeagnhipfhgeklihiamjoggaehaijb”=hex:61,61,00,00

    scanning hidden files …

    scan completed successfully

    hidden processes: 0

    hidden services: 0

    hidden files: 0