Het is nu za aug 23, 2014 5:32 am

Forumoverzicht » RSIT/DDS/HijackThis logfiles » Opgeloste RSIT/DDS/HijackThis logfiles




Dit onderwerp is gesloten, je kunt geen berichten wijzigen of nieuwe antwoorden plaatsen  [ 18 berichten ]  Ga naar pagina 1, 2  Volgende
Auteur Bericht
 Berichttitel: security tool
BerichtGeplaatst: za sep 25, 2010 12:53 pm 
Offline
Lid

Geregistreerd: vr sep 24, 2010 7:55 pm
Berichten: 10
Besturingssysteem: Windows Vista & Windows 7
Bescherming: Avast
beste,
gisteren bij het opstarten van de computer kregen we de melding van 'security tool' dat onze computer geïnfecteerd is. Wij wisten dat security tool een virus is.
Wij hebben twee gebruikers: eigen gebruiker en administrator.
Op eigen gebruiker kunnen we niets meer opstarten behalve internet.
Administrator is blijkbaar niet geïnfecteerd.
We hebben gezien op het forum dat u tegen security tool het programma malwarebytes aanraden. We hebben dit programma laten lopen via administrator en het vindt niets.
Wat kunnen we nog doen? hieronder ons logje van malwarebytes en hijackthis:

malwarebytes:
Malwarebytes' Anti-Malware 1.30
Database version: 1412
Windows 6.0.6002 Service Pack 2

25/09/2010 12:39:05
mbam-log-2010-09-25 (12-39-05).txt

Scan type: Quick Scan
Objects scanned: 56661
Time elapsed: 15 minute(s), 40 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)



en hijackthis:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:39:42, on 25/09/2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18943)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
C:\Program Files\Pure Networks\Network Magic\nmapp.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\Fomine Net Send GUI\NetSendGUI.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Windows\system32\NOTEPAD.EXE
C:\onderhoud\hijackthis-programma\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: ChromeFrame BHO - {ECB3C477-1A0A-44BD-BB57-78F9EFE34FA7} - C:\Program Files\Google\Chrome Frame\Application\6.0.472.63\npchrome_frame.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\Windows\system32\Msdxm6.ocx
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKLM\..\Run: [nmctxth] "C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe"
O4 - HKLM\..\Run: [nmapp] "C:\Program Files\Pure Networks\Network Magic\nmapp.exe" -autorun -nosplash
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\Windows\system32\Macromed\Flash\FlashUtil10h_ActiveX.exe -update activex
O4 - Startup: OpenOffice.org 3.1 .lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Net Send GUI.lnk = C:\Program Files\Fomine Net Send GUI\NetSendGUI.exe
O9 - Extra button: In weblog opnemen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &In weblog opnemen met Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: HP Slim selecteren - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O16 - DPF: {140E4DF8-9E14-4A34-9577-C77561ED7883} (SysInfo Class) - http://content.systemrequirementslab.co ... 1.71.0.cab
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.srtest.com/srl_bin/sysreqlab_srl.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplanet.com/fpdlmgr/cabs/ ... .9.113.cab
O16 - DPF: {40F576AD-8680-4F9E-9490-99D069CD665F} (System Requirements Lab Class) - http://srtest-cdn.systemrequirementslab ... detect.cab
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} - http://www.eset.eu/OnlineScanner.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 2408967284
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 2409237148
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab
O16 - DPF: {79E0C1C0-316D-11D5-A72A-006097BFA1AC} (EPSON Web Printer-SelfTest Control Class) - http://esupport.epson-europe.com/selfte ... TPTest.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game02.zylom.com/activex/zylomgamesplayer.cab
O16 - DPF: {C49134CC-B5EF-458C-A442-E8DFE7B4645F} (YYGInstantPlay Control) - http://www.yoyogames.com/downloads/activex/YoYo.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: gcf - {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - C:\Program Files\Google\Chrome Frame\Application\6.0.472.63\npchrome_frame.dll
O23 - Service: Mobiel Apple apparaat (Apple Mobile Device) - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: WebEx Service Host for Support Center (atashost) - WebEx Communications, Inc. - C:\Windows\system32\atashost.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Update Service (gupdate1c989d524595dcd) (gupdate1c989d524595dcd) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: Pure Networks Platform Service (nmservice) - Cisco Systems, Inc. - C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - c:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SonicStage Back-End Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SsBeSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: TeamViewer 5 (TeamViewer5) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe
O23 - Service: TomTomHOMEService - TomTom - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe

--
End of file - 10788 bytes


bedankt om dit eens te willen bekijken,

petthuis


Omhoog
 Profiel  
 
 Berichttitel: Re: security tool
BerichtGeplaatst: za sep 25, 2010 9:32 pm 
Offline
VIP
Avatar gebruiker

Geregistreerd: vr apr 25, 2008 1:32 pm
Berichten: 5326
Woonplaats: Belgie
Besturingssysteem: Windows Vista Home Premium SP2
Bescherming: Avast!
Tja, dat MBAM niets vind, verbaasd ons niet, je MBAM is namelijk hopeloos verouderdt :) :)


Voor we beginnen , wil ik even op het volgende wijze:

  • Het opruimen van je systeem kan wat tijd in beslag nemen, wees geduldig.
  • Blijf bij het topic totdat ik gemeldt heb dat je PC clean is.
  • De instructies die worden gegeven, zijn enkel geldig voor jouw PC.
  • Als je iets niet weet of verstaat, vraag het dan even aub.
  • Installeer of deinstalleer géén software of hardware terwijl we met je probleem bezig zijn.
  • Log enkel in als beheerder met alle rechten.
  • De logs niet als bijlage, noch tussen codetags zetten aub.


Voer exact de procedure uit zoals beschreven staat.
Indien je Vista hebt, alles uitvoeren als administrator........

De mogelijkheid bestaat dat de infectie je niet toelaat om bestanden te downloaden.
Als dit het geval is dan moet je de nodige (en opgesomde tools) van een ander PC downloaden.
Hiervoor kan je CD/DVD, externe HD of een USB stick gebruiken.



Start je PC op in Veilige Modus met Netwerkverbinding.



Open IE
Ga naar Extra > Internetopties > Tabblad Verbindingen.
Klik op LAN-instellingen.
Onder Automatische configuratie moet enkel Instellingen automatisch detecteren aan staan.
Onder Proxyserver mag er niets aangevinkt zijn.

Sluiten door OK > Toepassen > OK
__________________________________________________________________________________________


Eerst moeten we de processen van Security Suite stoppen.
Dit doen we door gebruik te maken van het tool : rkill.com

Download rkill.com naar je bureaublad en dubbelklik erop. Dit zal de processen stoppen.
Wees geduldig want dit kan een beetje tijd in beslag nemen.

Wanneer je tijdens deze procedure een boodschap mocht krijgen dat rkill.com een infectie is, schrik dan niet en negeer dit gewoon.
Het is namelijk een vals alarm van Security Suite.

Wanneer je echter blijft problemen hebben hiermee, download dan iExplorer.exe (hernoemde rkill.com) en probeer deze dan.


ZEER BELANGRIJK !!!! Herstart je PC niet na het uitvoeren van rkill.com

__________________________________________________________________________________________

  • Start MalwareBytes' Anti-Malware (MBAM)
  • Zodra het programma gestart is, ga dan naar het tabblad "Instellingen".
  • Vink hier aan: "Sluit Internet Explorer tijdens verwijdering van malware".
  • Ga naar het tabblad "Updates" en Update MBAM.
  • Ga daarna naar het tabblad "Scanner", kies hier voor "Snelle Scan".
  • Druk vervolgens op "Scannen" om de scan te starten.
  • Het scannen kan een tijdje duren, dus wees geduldig.
  • Wanneer de scan voltooid is, klik op OK, daarna "Bekijk Resultaten" om de resultaten te zien.
  • Zorg ervoor dat daar alles aangevinkt is, daarna klik op: "Verwijder geselecteerde".
  • Na het verwijderen zal een log openen en zal er gevraagd worden om de computer opnieuw op te starten.
Indien MBAM vraagt om een herstart, doe dit dan ook.

Het log wordt automatisch bewaard door MalwareBytes' Anti-Malware en kan je terugvinden door op de "Logs" tab te klikken in het programma.
__________________________________________________________________________________________

Vervolgens :

Deze infectie gaat gewoonlijk samen met een TDL3 infectie.


Download TDSSKiller en plaats het op je bureaublad.
Pak de bestanden in tdsskiller.zip uit.
Open de map tdsskiller en dubbelklik op TDSSKiller.exe om de tool te starten.
Klik op de knop "Start Scan" en volg de instructies.

Als er een Reboot (herstart) wordt gevraagt, dan klik je op Reboot Now.
Anders klik je op Report.
Kopie en plak de logfile die tevoorschijn komt.

Opmerking:

Wanneer er een herstart nodig was, vind je de logfile in C:\TDSSKiller.[Version]_[Date]_[Time]_log.txt



Maak eveneens een verse Hijackthis log (Uitvoeren als administrator).


De volgende logjes had ik dus graag gehad :

  • MBAM
  • TDSKiller
  • Hijackthis

Emphyrio :)

_________________
ASAP & Unite Member
Anti Malware Help * PC Info * E-Profile


Omhoog
 Profiel  
 
 Berichttitel: Re: security tool
BerichtGeplaatst: zo sep 26, 2010 6:11 pm 
Offline
Lid

Geregistreerd: vr sep 24, 2010 7:55 pm
Berichten: 10
Besturingssysteem: Windows Vista & Windows 7
Bescherming: Avast
Beste Emphyrio,

BELANGRIJK VRAAGJE
ik ben met dit alles bezig, mbam is aan het lopen.
Je zei dat ik niets mocht verwijderen of installeren tijdens het probleem, maar ik had intussen wel al een supermalware programma laten lopen, en dit had een en ander gevonden. Ik hoopte al dat de kous af was hiermee, maar blijkbaar niet.
Dus was ik begonnen met opkuis van de PC (oude spelletjes van de kinderen verwijderen en zo+jullie schoonmaakprogramma tot spybot.) hopelijk heb ik hiermee niets verkeerd gedaan!
Wel nog EEN BELANGRIJK VRAAGJE:
:arrow: ->>na uitvoeren van rkill.com mag ik de PC niet herstarten. Maar als Mbam of TDSSKiller om een herstart vraagt, mag dit dan?
Groetjes,
Petthuis.


Omhoog
 Profiel  
 
 Berichttitel: Re: security tool
BerichtGeplaatst: zo sep 26, 2010 7:24 pm 
Offline
VIP
Avatar gebruiker

Geregistreerd: vr apr 25, 2008 1:32 pm
Berichten: 5326
Woonplaats: Belgie
Besturingssysteem: Windows Vista Home Premium SP2
Bescherming: Avast!
Petthuis schreef:
na uitvoeren van rkill.com mag ik de PC niet herstarten.
Maar als Mbam of TDSSKiller om een herstart vraagt, mag dit dan?

Ja hoor.
De bedoeling van rkill is om het "malware proces" te stoppen en MBAM de kans te geven te scannen.
Dus als je na het scannen met MBAM de boodschap krijgt om te rebooten (herstarten) dan doe je dit.

_________________
ASAP & Unite Member
Anti Malware Help * PC Info * E-Profile


Omhoog
 Profiel  
 
 Berichttitel: Re: security tool
BerichtGeplaatst: zo sep 26, 2010 7:25 pm 
Offline
Lid

Geregistreerd: vr sep 24, 2010 7:55 pm
Berichten: 10
Besturingssysteem: Windows Vista & Windows 7
Bescherming: Avast
Beste Emphyrio,

ik heb dan toch maar de herstart gedaan die werd gevraagd door Mbam.
Nog even zeggen wat intussen gebeurd is:
:arrow: SuperAntispyware laten lopen: geen logje hiervan, maar er was zeker hier een en ander gevonden (een hoop tracking cookies en ook 2 beestjes).
:arrow: ad-aware-programma laten lopen: logje hieronder.
:arrow: spybot laten lopen: niets gevonden.
:arrow: IE instellingen stonden ok
:arrow: rkill uitgevoerd (nog iets aan af te zetten?)
:arrow: Mbam uitgevoerd: logje hieronder
:arrow: TDDSKiller uitgevoerd: niets gevonden.

Bekijk jij nog eens bijgevoegde logjes (ad-aware, Mbam, Hijackthis):
Logfile created: 25/09/2010 19:15:48
Ad-Aware version: 8.3.3
Extended engine: 3
Extended engine version: 3.1.2770
User performing scan: Administrator

*********************** Definitions database information ***********************
Lavasoft definition file: 150.100
Genotype definition file version: 2010/09/23 14:17:06
Extended engine definition file: 6928.0

******************************** Scan results: *********************************
Scan profile name: Vol. scan (ID: full)
Objects scanned: 424917
Objects detected: 9


Type Detected
==========================
Processes.......: 0
Registry entries: 0
Hostfile entries: 0
Files...........: 1
Folders.........: 0
LSPs............: 0
Cookies.........: 8
Browser hijacks.: 0
MRU objects.....: 0



Removed items:
Description: *adtech* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 409018 Family ID: 0
Description: *atdmt* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 408910 Family ID: 0
Description: *bs.serving-sys* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 408902 Family ID: 0
Description: *serving-sys* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 409130 Family ID: 0
Description: *doubleclick* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 408875 Family ID: 0
Description: *.comclick* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 409086 Family ID: 0
Description: *metriweb* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 408990 Family ID: 0
Description: *tradedoubler* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 408964 Family ID: 0

Quarantined items:
Description: c:\users\petrens\desktop\games en etc\java games for nokia\games\digitalred shuffleboard v20\b-shuff2.zip::shuffleboard.2.00.7650.exe Family Name: Trojan.Win32.Generic!BT Engine: 3 Clean status: Success Item ID: 1 Family ID: 0 MD5:

Scan and cleaning complete: Finished correctly after 24692 seconds

*********************************** Settings ***********************************

Scan profile:
ID: full, enabled:1, value: Vol. scan
ID: folderstoscan, enabled:1, value: C:\,D:\
ID: useantivirus, enabled:1, value: true
ID: sections, enabled:1
ID: scancriticalareas, enabled:1, value: true
ID: scanrunningapps, enabled:1, value: true
ID: scanregistry, enabled:1, value: true
ID: scanlsp, enabled:1, value: true
ID: scanads, enabled:1, value: true
ID: scanhostsfile, enabled:1, value: true
ID: scanmru, enabled:1, value: true
ID: scanbrowserhijacks, enabled:1, value: true
ID: scantrackingcookies, enabled:1, value: true
ID: closebrowsers, enabled:1, value: false
ID: filescanningoptions, enabled:1
ID: archives, enabled:1, value: true
ID: onlyexecutables, enabled:1, value: false
ID: skiplargerthan, enabled:1, value: 20480
ID: scanrootkits, enabled:1, value: true
ID: rootkitlevel, enabled:1, value: mild, domain: medium,mild,strict
ID: usespywareheuristics, enabled:1, value: true

Scan global:
ID: global, enabled:1
ID: addtocontextmenu, enabled:1, value: true
ID: playsoundoninfection, enabled:1, value: false
ID: soundfile, enabled:0, value: *to be filled in automatically*\alert.wav

Scheduled scan settings:
<Empty>

Update settings:
ID: updates, enabled:1
ID: launchthreatworksafterscan, enabled:1, value: normal, domain: normal,off,silently
ID: licenseandinfo, enabled:1, value: downloadandinstall, domain: dontcheck,downloadandinstall
ID: schedules, enabled:1, value: true
ID: updatedaily1, enabled:1, value: Daily 1
ID: time, enabled:1, value: Mon Jul 12 01:11:00 2010
ID: frequency, enabled:1, value: daily, domain: daily,monthly,once,systemstart,weekly
ID: weekdays, enabled:1
ID: monday, enabled:1, value: false
ID: tuesday, enabled:1, value: false
ID: wednesday, enabled:1, value: false
ID: thursday, enabled:1, value: false
ID: friday, enabled:1, value: false
ID: saturday, enabled:1, value: false
ID: sunday, enabled:1, value: false
ID: monthly, enabled:1, value: 1, minvalue: 1, maxvalue: 31
ID: scanprofile, enabled:1, value:
ID: auto_deal_with_infections, enabled:1, value: false
ID: updatedaily2, enabled:1, value: Daily 2
ID: time, enabled:1, value: Mon Jul 12 07:11:00 2010
ID: frequency, enabled:1, value: daily, domain: daily,monthly,once,systemstart,weekly
ID: weekdays, enabled:1
ID: monday, enabled:1, value: false
ID: tuesday, enabled:1, value: false
ID: wednesday, enabled:1, value: false
ID: thursday, enabled:1, value: false
ID: friday, enabled:1, value: false
ID: saturday, enabled:1, value: false
ID: sunday, enabled:1, value: false
ID: monthly, enabled:1, value: 1, minvalue: 1, maxvalue: 31
ID: scanprofile, enabled:1, value:
ID: auto_deal_with_infections, enabled:1, value: false
ID: updatedaily3, enabled:1, value: Daily 3
ID: time, enabled:1, value: Mon Jul 12 13:11:00 2010
ID: frequency, enabled:1, value: daily, domain: daily,monthly,once,systemstart,weekly
ID: weekdays, enabled:1
ID: monday, enabled:1, value: false
ID: tuesday, enabled:1, value: false
ID: wednesday, enabled:1, value: false
ID: thursday, enabled:1, value: false
ID: friday, enabled:1, value: false
ID: saturday, enabled:1, value: false
ID: sunday, enabled:1, value: false
ID: monthly, enabled:1, value: 1, minvalue: 1, maxvalue: 31
ID: scanprofile, enabled:1, value:
ID: auto_deal_with_infections, enabled:1, value: false
ID: updatedaily4, enabled:1, value: Daily 4
ID: time, enabled:1, value: Mon Jul 12 19:11:00 2010
ID: frequency, enabled:1, value: daily, domain: daily,monthly,once,systemstart,weekly
ID: weekdays, enabled:1
ID: monday, enabled:1, value: false
ID: tuesday, enabled:1, value: false
ID: wednesday, enabled:1, value: false
ID: thursday, enabled:1, value: false
ID: friday, enabled:1, value: false
ID: saturday, enabled:1, value: false
ID: sunday, enabled:1, value: false
ID: monthly, enabled:1, value: 1, minvalue: 1, maxvalue: 31
ID: scanprofile, enabled:1, value:
ID: auto_deal_with_infections, enabled:1, value: false
ID: updateweekly1, enabled:1, value: Weekly
ID: time, enabled:1, value: Mon Jul 12 01:11:00 2010
ID: frequency, enabled:1, value: weekly, domain: daily,monthly,once,systemstart,weekly
ID: weekdays, enabled:1
ID: monday, enabled:1, value: true
ID: tuesday, enabled:1, value: false
ID: wednesday, enabled:1, value: false
ID: thursday, enabled:1, value: true
ID: friday, enabled:1, value: false
ID: saturday, enabled:1, value: false
ID: sunday, enabled:1, value: false
ID: monthly, enabled:1, value: 1, minvalue: 1, maxvalue: 31
ID: scanprofile, enabled:1, value:
ID: auto_deal_with_infections, enabled:1, value: false
ID: deffiles, enabled:1, value: downloadandinstall, domain: dontcheck,downloadandinstall

Appearance settings:
ID: appearance, enabled:1
ID: skin, enabled:1, value: default.egl, reglocation: HKEY_LOCAL_MACHINE\SOFTWARE\Lavasoft\Ad-Aware\Resource
ID: showtrayicon, enabled:1, value: true
ID: language, enabled:1, value: nl, reglocation: HKEY_LOCAL_MACHINE\SOFTWARE\Lavasoft\Ad-Aware\Language
ID: autoentertainmentmode, enabled:1, value: true
ID: guimode, enabled:1, value: mode_simple, domain: mode_advanced,mode_simple

Realtime protection settings:
ID: realtime, enabled:1
ID: infomessages, enabled:1, value: onlyimportant, domain: display,dontnotify,onlyimportant
ID: layers, enabled:1
ID: useantivirus, enabled:1, value: true
ID: usespywareheuristics, enabled:1, value: true
ID: modules, enabled:1
ID: processprotection, enabled:1, value: true
ID: onaccessprotection, enabled:1, value: false
ID: registryprotection, enabled:1, value: true
ID: networkprotection, enabled:1, value: true


****************************** System information ******************************
Computer name: PC_VAN_PETRENS
Processor name: AMD Athlon(tm) 64 X2 Dual Core Processor 4000+
Processor identifier: x86 Family 15 Model 107 Stepping 1
Processor speed: ~2109MHZ
Raw info: processorarchitecture 0, processortype 586, processorlevel 15, processor revision 27393, number of processors 2, processor features: [MMX,SSE,SSE2,SSE3,3DNow]
Physical memory available: 937496576 bytes
Physical memory total: 2010918912 bytes
Virtual memory available: 1779429376 bytes
Virtual memory total: 2147352576 bytes
Memory load: 53%
Microsoft Windows Vista Home Premium Edition, 32-bit Service Pack 2 (build 6002)
Windows startup mode:

Running processes:
PID: 432 name: C:\Windows\System32\smss.exe owner: SYSTEEM domain: NT AUTHORITY
PID: 572 name: C:\Windows\System32\csrss.exe owner: SYSTEEM domain: NT AUTHORITY
PID: 624 name: C:\Windows\System32\wininit.exe owner: SYSTEEM domain: NT AUTHORITY
PID: 636 name: C:\Windows\System32\csrss.exe owner: SYSTEEM domain: NT AUTHORITY
PID: 668 name: C:\Windows\System32\services.exe owner: SYSTEEM domain: NT AUTHORITY
PID: 680 name: C:\Windows\System32\lsass.exe owner: SYSTEEM domain: NT AUTHORITY
PID: 688 name: C:\Windows\System32\lsm.exe owner: SYSTEEM domain: NT AUTHORITY
PID: 776 name: C:\Windows\System32\winlogon.exe owner: SYSTEEM domain: NT AUTHORITY
PID: 880 name: C:\Windows\System32\svchost.exe owner: SYSTEEM domain: NT AUTHORITY
PID: 940 name: C:\Windows\System32\nvvsvc.exe owner: SYSTEEM domain: NT AUTHORITY
PID: 968 name: C:\Windows\System32\svchost.exe owner: NETWORK SERVICE domain: NT AUTHORITY
PID: 1008 name: C:\Windows\System32\svchost.exe owner: SYSTEEM domain: NT AUTHORITY
PID: 1100 name: C:\Windows\System32\svchost.exe owner: LOCAL SERVICE domain: NT AUTHORITY
PID: 1152 name: C:\Windows\System32\svchost.exe owner: SYSTEEM domain: NT AUTHORITY
PID: 1176 name: C:\Windows\System32\svchost.exe owner: SYSTEEM domain: NT AUTHORITY
PID: 1292 name: C:\Windows\System32\svchost.exe owner: SYSTEEM domain: NT AUTHORITY
PID: 1316 name: C:\Windows\System32\SLsvc.exe owner: NETWORK SERVICE domain: NT AUTHORITY
PID: 1376 name: C:\Windows\System32\svchost.exe owner: LOCAL SERVICE domain: NT AUTHORITY
PID: 1424 name: C:\Windows\System32\nvvsvc.exe owner: SYSTEEM domain: NT AUTHORITY
PID: 1576 name: C:\Windows\System32\svchost.exe owner: NETWORK SERVICE domain: NT AUTHORITY
PID: 1668 name: C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe owner: SYSTEEM domain: NT AUTHORITY
PID: 1704 name: C:\Program Files\Alwil Software\Avast4\ashServ.exe owner: SYSTEEM domain: NT AUTHORITY
PID: 304 name: C:\Windows\System32\spoolsv.exe owner: SYSTEEM domain: NT AUTHORITY
PID: 444 name: C:\Windows\System32\svchost.exe owner: LOCAL SERVICE domain: NT AUTHORITY
PID: 964 name: C:\Windows\System32\taskeng.exe owner: SYSTEEM domain: NT AUTHORITY
PID: 1776 name: C:\Windows\System32\dwm.exe owner: Administrator domain: PC_van_petrens
PID: 1412 name: C:\Windows\System32\taskeng.exe owner: Administrator domain: PC_van_petrens
PID: 1816 name: C:\Windows\explorer.exe owner: Administrator domain: PC_van_petrens
PID: 2316 name: C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe owner: SYSTEEM domain: NT AUTHORITY
PID: 2328 name: C:\Windows\System32\atashost.exe owner: SYSTEEM domain: NT AUTHORITY
PID: 2364 name: C:\Windows\System32\svchost.exe owner: LOCAL SERVICE domain: NT AUTHORITY
PID: 2500 name: C:\Windows\System32\svchost.exe owner: SYSTEEM domain: NT AUTHORITY
PID: 2536 name: C:\Program Files\Common Files\LightScribe\LSSrvc.exe owner: SYSTEEM domain: NT AUTHORITY
PID: 2632 name: C:\Windows\RtHDVCpl.exe owner: Administrator domain: PC_van_petrens
PID: 2648 name: C:\Windows\System32\svchost.exe owner: LOCAL SERVICE domain: NT AUTHORITY
PID: 2712 name: C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe owner: Administrator domain: PC_van_petrens
PID: 2720 name: C:\Windows\System32\svchost.exe owner: LOCAL SERVICE domain: NT AUTHORITY
PID: 2740 name: C:\Windows\System32\svchost.exe owner: NETWORK SERVICE domain: NT AUTHORITY
PID: 2752 name: C:\Program Files\Pure Networks\Network Magic\nmapp.exe owner: Administrator domain: PC_van_petrens
PID: 2764 name: C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe owner: SYSTEEM domain: NT AUTHORITY
PID: 2888 name: C:\Windows\System32\svchost.exe owner: LOCAL SERVICE domain: NT AUTHORITY
PID: 2940 name: C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe owner: SYSTEEM domain: NT AUTHORITY
PID: 2964 name: C:\Program Files\Alwil Software\Avast4\ashDisp.exe owner: Administrator domain: PC_van_petrens
PID: 3028 name: C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe owner: SYSTEEM domain: NT AUTHORITY
PID: 3080 name: C:\Windows\System32\svchost.exe owner: SYSTEEM domain: NT AUTHORITY
PID: 3140 name: C:\Windows\System32\SearchIndexer.exe owner: SYSTEEM domain: NT AUTHORITY
PID: 3180 name: C:\Program Files\Windows Sidebar\sidebar.exe owner: Administrator domain: PC_van_petrens
PID: 3292 name: C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe owner: SYSTEEM domain: NT AUTHORITY
PID: 3380 name: C:\Program Files\Windows Live\Messenger\msnmsgr.exe owner: Administrator domain: PC_van_petrens
PID: 3416 name: C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe owner: Administrator domain: PC_van_petrens
PID: 3588 name: C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe owner: Administrator domain: PC_van_petrens
PID: 3636 name: C:\Program Files\Fomine Net Send GUI\NetSendGUI.exe owner: Administrator domain: PC_van_petrens
PID: 3660 name: C:\Windows\System32\WUDFHost.exe owner: LOCAL SERVICE domain: NT AUTHORITY
PID: 4004 name: C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe owner: SYSTEEM domain: NT AUTHORITY
PID: 4012 name: C:\Program Files\OpenOffice.org 3\program\soffice.exe owner: Administrator domain: PC_van_petrens
PID: 828 name: C:\Program Files\OpenOffice.org 3\program\soffice.bin owner: Administrator domain: PC_van_petrens
PID: 3520 name: C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe owner: SYSTEEM domain: NT AUTHORITY
PID: 2872 name: C:\Program Files\Alwil Software\Avast4\ashWebSv.exe owner: SYSTEEM domain: NT AUTHORITY
PID: 2660 name: C:\Windows\System32\alg.exe owner: LOCAL SERVICE domain: NT AUTHORITY
PID: 5332 name: C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Service.exe owner: SYSTEEM domain: NT AUTHORITY
PID: 3008 name: C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe owner: SYSTEEM domain: NT AUTHORITY
PID: 2224 name: C:\Program Files\Lavasoft\Ad-Aware\Ad-Aware.exe owner: Administrator domain: PC_van_petrens
PID: 5792 name: C:\Windows\System32\wbem\unsecapp.exe owner: SYSTEEM domain: NT AUTHORITY
PID: 5808 name: C:\Windows\System32\wbem\WmiPrvSE.exe owner: SYSTEEM domain: NT AUTHORITY
PID: 5144 name: C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe owner: Administrator domain: PC_van_petrens

Startup items:
Name: WebCheck
imagepath: {E6FB5E20-DE35-11CF-9C87-00AA005127ED}
Name: {8C7461EF-2B13-11d2-BE35-3078302C2030}
imagepath: Component Categories cache daemon
Name: RtHDVCpl
imagepath: RtHDVCpl.exe
Name: Ad-Watch
imagepath: C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
Name: nmctxth
imagepath: "C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe"
Name: nmapp
imagepath: "C:\Program Files\Pure Networks\Network Magic\nmapp.exe" -autorun -nosplash
Name: avast!
imagepath: C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
Name: Adobe Reader Speed Launcher
imagepath: "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
Name: Launcher
imagepath: %WINDIR%\SMINST\launcher.exe
Name:
imagepath: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
Name:
location: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk
imagepath: C:\Program Files\Microsoft Office\Office\OSA9.EXE
Name:
location: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Net Send GUI.lnk
imagepath: C:\Program Files\Fomine Net Send GUI\NetSendGUI.exe

Bootexecute items:
Name:
imagepath: autocheck autochk *
Name:
imagepath: lsdelete

Running services:
Name: AeLookupSvc
displayname: Application Experience
Name: ALG
displayname: Application Layer Gateway-service
Name: Appinfo
displayname: Application Information
Name: Apple Mobile Device
displayname: Mobiel Apple apparaat
Name: aswUpdSv
displayname: avast! iAVS4 Control Service
Name: atashost
displayname: WebEx Service Host for Support Center
Name: AudioEndpointBuilder
displayname: Windows Audio Endpoint Builder
Name: Audiosrv
displayname: Windows Audio
Name: avast! Antivirus
displayname: avast! Antivirus
Name: avast! Mail Scanner
displayname: avast! Mail Scanner
Name: avast! Web Scanner
displayname: avast! Web Scanner
Name: BFE
displayname: Base Filtering Engine
Name: BITS
displayname: Background Intelligent Transfer Service
Name: Browser
displayname: Computer Browser
Name: BthServ
displayname: Bluetooth Support-service
Name: CryptSvc
displayname: Cryptographic Services
Name: DcomLaunch
displayname: DCOM Server Process Launcher
Name: Dhcp
displayname: DHCP Client
Name: Dnscache
displayname: DNS Client
Name: DPS
displayname: Diagnostic Policy Service
Name: EMDMgmt
displayname: ReadyBoost
Name: Eventlog
displayname: Windows Event Log
Name: EventSystem
displayname: COM+ Event System
Name: fdPHost
displayname: Function Discovery Provider Host
Name: FDResPub
displayname: Function Discovery Resource Publication
Name: gpsvc
displayname: Group Policy Client
Name: HP Health Check Service
displayname: HP Health Check Service
Name: hpqcxs08
displayname: hpqcxs08
Name: hpqddsvc
displayname: HP CUE DeviceDiscovery-service
Name: IKEEXT
displayname: IKE and AuthIP IPsec Keying Modules
Name: iphlpsvc
displayname: IP Helper
Name: KtmRm
displayname: KtmRm for Distributed Transaction Coordinator
Name: LanmanServer
displayname: Server
Name: LanmanWorkstation
displayname: Workstation
Name: Lavasoft Ad-Aware Service
displayname: Lavasoft Ad-Aware Service
Name: LightScribeService
displayname: LightScribeService Direct Disc Labeling Service
Name: lmhosts
displayname: TCP/IP NetBIOS Helper
Name: MMCSS
displayname: Multimedia Class Scheduler
Name: MpsSvc
displayname: Windows Firewall
Name: Net Driver HPZ12
displayname: Net Driver HPZ12
Name: Netman
displayname: Network Connections
Name: netprofm
displayname: Network List-service
Name: NlaSvc
displayname: Network Location Awareness
Name: nmservice
displayname: Pure Networks Platform Service
Name: nsi
displayname: Network Store Interface-service
Name: nvsvc
displayname: NVIDIA Display Driver Service
Name: PcaSvc
displayname: Program Compatibility Assistant-service
Name: PlugPlay
displayname: Plug and Play
Name: Pml Driver HPZ12
displayname: Pml Driver HPZ12
Name: PolicyAgent
displayname: IPsec Policy Agent
Name: ProfSvc
displayname: User Profile-service
Name: RasMan
displayname: Remote Access Connection Manager
Name: RpcSs
displayname: Remote Procedure Call (RPC)
Name: SamSs
displayname: Security Accounts Manager
Name: SBSDWSCService
displayname: SBSD Security Center Service
Name: Schedule
displayname: Task Scheduler
Name: SeaPort
displayname: SeaPort
Name: seclogon
displayname: Secondary Logon
Name: SENS
displayname: System Event Notification-service
Name: SharedAccess
displayname: Internet Connection Sharing (ICS)
Name: ShellHWDetection
displayname: Shell Hardware Detection
Name: slsvc
displayname: Software Licensing
Name: Spooler
displayname: Print Spooler
Name: SSDPSRV
displayname: SSDP Discovery
Name: SstpSvc
displayname: SSTP-service (Secure Socket Tunneling Protocol)
Name: stisvc
displayname: WIA (Windows Image Acquisition)
Name: SysMain
displayname: Superfetch
Name: TabletInputService
displayname: Tablet PC Input-service
Name: TapiSrv
displayname: Telephony
Name: TeamViewer5
displayname: TeamViewer 5
Name: TermService
displayname: Terminal Services
Name: Themes
displayname: Themes
Name: TomTomHOMEService
displayname: TomTomHOMEService
Name: TrkWks
displayname: Distributed Link Tracking Client
Name: upnphost
displayname: UPnP Device Host
Name: UxSms
displayname: Desktop Window Manager Session Manager
Name: W32Time
displayname: Windows Time
Name: WdiSystemHost
displayname: Diagnostic System Host
Name: WebClient
displayname: WebClient
Name: WerSvc
displayname: Windows Error Reporting-service
Name: WinDefend
displayname: Windows Defender
Name: Winmgmt
displayname: Windows Management Instrumentation
Name: WPDBusEnum
displayname: Portable Device Enumerator-service
Name: wscsvc
displayname: Security Center
Name: WSearch
displayname: Windows Search
Name: wuauserv
displayname: Windows Update
Name: wudfsvc
displayname: Windows Driver Foundation - User-mode Driver Framework



Malwarebytes' Anti-Malware 1.46
http://www.malwarebytes.org

Database version: 4698

Windows 6.0.6002 Service Pack 2 (Safe Mode)
Internet Explorer 8.0.6001.18943

26/09/2010 18:12:52
mbam-log-2010-09-26 (18-12-52).txt

Scan type: Quick scan
Objects scanned: 152208
Time elapsed: 8 minute(s), 0 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Users\petrens\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Security Tool.LNK (Rogue.SecurityTool) -> No action taken.




Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:21:46, on 26/09/2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18943)
Boot mode: Safe mode with network support

Running processes:
C:\Windows\Explorer.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Windows\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\onderhoud\hijackthis-programma\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: ChromeFrame BHO - {ECB3C477-1A0A-44BD-BB57-78F9EFE34FA7} - C:\Program Files\Google\Chrome Frame\Application\6.0.472.63\npchrome_frame.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\Windows\system32\Msdxm6.ocx
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKLM\..\Run: [nmctxth] "C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe"
O4 - HKLM\..\Run: [nmapp] "C:\Program Files\Pure Networks\Network Magic\nmapp.exe" -autorun -nosplash
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\onderhoud\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\onderhoud\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe"
O4 - HKUS\S-1-5-21-1705306810-454223822-4283816249-500\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun (User 'Administrator')
O4 - HKUS\S-1-5-21-1705306810-454223822-4283816249-500\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'Administrator')
O4 - HKUS\S-1-5-21-1705306810-454223822-4283816249-500\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden (User 'Administrator')
O4 - HKUS\S-1-5-21-1705306810-454223822-4283816249-500\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (User 'Administrator')
O4 - S-1-5-21-1705306810-454223822-4283816249-500 Startup: OpenOffice.org 3.1 .lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe (User 'Administrator')
O4 - S-1-5-21-1705306810-454223822-4283816249-500 User Startup: OpenOffice.org 3.1 .lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe (User 'Administrator')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Net Send GUI.lnk = C:\Program Files\Fomine Net Send GUI\NetSendGUI.exe
O8 - Extra context menu item: Add to AMV Converter... - C:\Program Files\MP3 Player Utilities 4.16\AMVConverter\grab.html
O8 - Extra context menu item: MediaManager tool grab multimedia file - C:\Program Files\MP3 Player Utilities 4.00\MediaManager\grab.html
O9 - Extra button: In weblog opnemen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &In weblog opnemen met Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: HP Slim selecteren - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O16 - DPF: {140E4DF8-9E14-4A34-9577-C77561ED7883} (SysInfo Class) - http://content.systemrequirementslab.co ... 1.71.0.cab
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.srtest.com/srl_bin/sysreqlab_srl.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplanet.com/fpdlmgr/cabs/ ... .9.113.cab
O16 - DPF: {40F576AD-8680-4F9E-9490-99D069CD665F} (System Requirements Lab Class) - http://srtest-cdn.systemrequirementslab ... detect.cab
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} - http://www.eset.eu/OnlineScanner.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 2408967284
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 2409237148
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab
O16 - DPF: {79E0C1C0-316D-11D5-A72A-006097BFA1AC} (EPSON Web Printer-SelfTest Control Class) - http://esupport.epson-europe.com/selfte ... TPTest.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game02.zylom.com/activex/zylomgamesplayer.cab
O16 - DPF: {C49134CC-B5EF-458C-A442-E8DFE7B4645F} (YYGInstantPlay Control) - http://www.yoyogames.com/downloads/activex/YoYo.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: gcf - {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - C:\Program Files\Google\Chrome Frame\Application\6.0.472.63\npchrome_frame.dll
O23 - Service: Mobiel Apple apparaat (Apple Mobile Device) - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: WebEx Service Host for Support Center (atashost) - WebEx Communications, Inc. - C:\Windows\system32\atashost.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Update Service (gupdate1c989d524595dcd) (gupdate1c989d524595dcd) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: Pure Networks Platform Service (nmservice) - Cisco Systems, Inc. - C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SonicStage Back-End Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SsBeSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: TeamViewer 5 (TeamViewer5) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe
O23 - Service: TomTomHOMEService - TomTom - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe

--
End of file - 11077 bytes


Omhoog
 Profiel  
 
 Berichttitel: Re: security tool
BerichtGeplaatst: zo sep 26, 2010 7:28 pm 
Offline
Lid

Geregistreerd: vr sep 24, 2010 7:55 pm
Berichten: 10
Besturingssysteem: Windows Vista & Windows 7
Bescherming: Avast
En alles wat je hier vindt onder het Hijacklogje dat loopt, maar niet noodzakelijk is, dus gewoon telkens mee onnodig opstart, mag je ook eens melden. Dan zal de PC misschien wat sneller opstarten.

Bedankt,
Petthuis


Omhoog
 Profiel  
 
 Berichttitel: Re: security tool
BerichtGeplaatst: zo sep 26, 2010 7:34 pm 
Offline
VIP
Avatar gebruiker

Geregistreerd: vr apr 25, 2008 1:32 pm
Berichten: 5326
Woonplaats: Belgie
Besturingssysteem: Windows Vista Home Premium SP2
Bescherming: Avast!
Hoi pethuis,

Ik had enkel gevraagd om de MBAM, TDSSKiller en Hiajckthis logs.

Die andere tools had ik niet om gevraagd en werk ik ook niet mee :)
Dus slechts uitvoeren en posten wat er gevraagd wordt ;) :)





Ad-Watch van Ad-Aware kan de wijzingen die we gaan aanbrengen weer ongedaan maken.
Daarom schakel je Ad-Watch best even uit.
Rechtsonder, in de systray, rechtsklik je op het icoontje van Ad-Watch.
Haal de vinkjes weg bij Active en bij Automatic.


Download Combofix naar je bureaublad en gebruik het volgens deze handleiding.

Lees de handleiding even door aub en voer uit wat er staat.

Extra nota... Zorg ervoor dat je Security software uitschakeld is (Antivirus, Firewall, AntiSpyware) tijdens het gebruik van Combofix.
Dit omdat deze scanners bepaalde componenten die Combofix gebruikt onterecht zien als geïnfecteerd, en Combofix zullen blokkeren.


Kijk hier indien je niet weet hoe je je Antivirus, Firewall en/of Antispywarescanner moet uitschakelen.

Sluit ALLE vensters, ook je browser en laat Combofix rustig zijn werk doen.
Open dus geen andere applicaties totdat Combofix de log heeft gepreseneert.

Wanneer ComboFix start, kan het zijn dat je een Error melding krijgt dat de "contents of the ComboFix package has been compromised".
Ga niet verder met de instructies, maar download ComboFix opnieuw.
Deze melding kan verschijnen wanneer een file-infector (Virut) actief is op de computer. Blijf je die melding krijgen dan meld je dit.


Als Combofix vraagt om een update, dan staat je dit toe.

Wanneer ComboFix klaar is met scannen, dit kan eventueel na een reboot zijn, opent er een logfile (combofix.txt).

Deze kan je vinden op C:\combofix.txt.

Post het Combofixlogje samen met een nieuw HijackThislogje in je volgende antwoord.

Emphyrio :)

_________________
ASAP & Unite Member
Anti Malware Help * PC Info * E-Profile


Omhoog
 Profiel  
 
 Berichttitel: Re: security tool
BerichtGeplaatst: zo sep 26, 2010 8:28 pm 
Offline
Lid

Geregistreerd: vr sep 24, 2010 7:55 pm
Berichten: 10
Besturingssysteem: Windows Vista & Windows 7
Bescherming: Avast
Hey Emphyria, nog een vraagje of 2 alvorens te starten met Combofix.

:arrow: Ik klik op het ikoontje van ad-aware, en dan op ad-watch en daar staat ad-watch volledig uit!? Klopt dit?
Er staat gewoon AdWatch Live: permanente beveiliging UIT;
Daaronder: Processen: uit, Bestanden: uit, Register: uit, Netwerk: uit
Ik heb ook geen mogelijkheid om vinkjes aan te klikken.
Misschien door de veilige modus met Netwerkverbinding waar ik nog altijd in werk?
Alles ok nu om te starten met Combofix?

:arrow: Ik controleer wel eens of alles ok is met antivirussen: ik denk dat enkel Avast zal aanstaan, misschien Adaware. Kan jij in de vorige logjes ergens nog iets zien dat mogelijk zou aanstaan en Combofix zou tegenwerken. Heb op de duur geen idee meer wat hier allemaal op zit aan antivirus, firewall, ...

Bedankt,
Petthuis


Omhoog
 Profiel  
 
 Berichttitel: Re: security tool
BerichtGeplaatst: zo sep 26, 2010 8:54 pm 
Offline
VIP
Avatar gebruiker

Geregistreerd: vr apr 25, 2008 1:32 pm
Berichten: 5326
Woonplaats: Belgie
Besturingssysteem: Windows Vista Home Premium SP2
Bescherming: Avast!
Avast moet je nog uit zetten (zie vorige post)

_________________
ASAP & Unite Member
Anti Malware Help * PC Info * E-Profile


Omhoog
 Profiel  
 
 Berichttitel: Re: security tool
BerichtGeplaatst: ma sep 27, 2010 12:37 am 
Offline
Lid

Geregistreerd: vr sep 24, 2010 7:55 pm
Berichten: 10
Besturingssysteem: Windows Vista & Windows 7
Bescherming: Avast
Hey Emphyrio,
ik heb Combofix 2 keer doen lopen.
De eerste keer stond op het scherm bij verschillende stappen dat er geen toegang was, dat er moest ingelogd worden als administrator.
Ik dacht dat ik dat gedaan had, maar twijfelde.
Daarom heb ik het nog eens laten lopen, dan als administrator.
Maar ik kreeg dezelfde opmerkingen de 2e keer.

Ook startte Combofix de computer niet opnieuw op, beide keren niet.
En ik kon na beide keren de logjes niet openen, kreeg een melding dat het programma klaar stond om uit het register verwijderd te worden of zo.
Heb de computer beide keren zelf af en aan gezet, en dan kon ik de logjes wel openen.

Kan ook SuPERAntiSpyware niet afzetten, blijkbaar is hier een upgrade voor nodig?? Draait dit nu constant op de achtergrond? Is dit ok?

Hieronder de beide logjes van Combofix. Ik post het hijackthislogje apart, blijkbaar kan dit er niet meer bij. (teveel tekens in het bericht)

Groetjes en bedankt,

Petthuis.


ComboFix 10-09-25.07 - Administrator 26/09/2010 21:58:29.6.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.32.1043.18.1918.772 [GMT 2:00]
Gestart vanuit: c:\users\Administrator\Desktop\ComboFix.exe
SP: Lavasoft Ad-Watch Live! *disabled* (Updated) {67844DAE-4F77-4D69-9457-98E8CFFDAA22}
SP: Spybot - Search and Destroy *disabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: SUPERAntiSpyware *enabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.1 .lnk
c:\users\petrens\Second_Life_1-20-15-92456_Setup.exe
c:\users\petrens\VFPCR.EXE

.
(((((((((((((((((((( Bestanden Gemaakt van 2010-08-26 to 2010-09-26 ))))))))))))))))))))))))))))))
.

2010-09-26 20:18 . 2010-09-26 20:18 -------- d-----w- c:\users\petrens\AppData\Local\temp
2010-09-26 20:18 . 2010-09-26 20:18 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-09-26 17:05 . 2010-09-26 17:05 -------- d-----w- c:\users\petrens\AppData\Local\Adobe
2010-09-26 15:57 . 2010-09-26 15:57 -------- d-----w- c:\users\Administrator\AppData\Local\Adobe
2010-09-26 14:44 . 2010-09-26 14:44 -------- d-----w- c:\users\petrens\AppData\Local\Apple Computer
2010-09-26 08:53 . 2010-09-26 08:53 10134 ----a-r- c:\users\Administrator\AppData\Roaming\Microsoft\Installer\{0E532C84-4275-41B3-9D81-D4A1A20D8EE7}\ARPPRODUCTICON.exe
2010-09-26 08:53 . 2010-09-26 08:53 -------- d-----w- c:\users\Administrator\AppData\Local\Downloaded Installations
2010-09-26 08:52 . 2010-09-26 08:52 -------- d-----w- c:\program files\Sony Media Go Install
2010-09-25 12:24 . 2010-09-25 12:24 63488 ----a-w- c:\users\Administrator\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
2010-09-25 12:24 . 2010-09-25 12:24 52224 ----a-w- c:\users\Administrator\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-09-25 12:24 . 2010-09-25 12:24 117760 ----a-w- c:\users\Administrator\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-09-25 12:23 . 2010-09-25 12:23 -------- d-----w- c:\users\Administrator\AppData\Roaming\SUPERAntiSpyware.com
2010-09-25 12:23 . 2010-09-25 12:23 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2010-09-25 12:23 . 2010-09-25 12:23 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-09-25 09:56 . 2010-09-25 09:56 -------- d-----w- c:\users\Administrator\AppData\Roaming\Malwarebytes
2010-09-15 11:09 . 2010-04-16 16:46 502272 ----a-w- c:\windows\system32\usp10.dll
2010-09-15 11:09 . 2010-08-17 14:11 128000 ----a-w- c:\windows\system32\spoolsv.exe
2010-09-15 11:09 . 2010-04-05 17:02 317952 ----a-w- c:\windows\system32\MP4SDECD.DLL
2010-09-15 11:09 . 2010-05-27 20:08 739328 ----a-w- c:\windows\system32\inetcomm.dll

.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-26 19:13 . 2010-03-25 20:16 75589 ----a-w- c:\programdata\nvModes.dat
2010-09-26 15:45 . 2009-09-27 19:13 12 ----a-w- c:\windows\bthservsdp.dat
2010-09-26 14:44 . 2008-07-16 19:58 80504 ----a-w- c:\users\petrens\AppData\Local\GDIPFONTCACHEV1.DAT
2010-09-26 14:41 . 2007-09-14 12:47 667114 ----a-w- c:\windows\system32\perfh013.dat
2010-09-26 14:41 . 2007-09-14 12:47 126648 ----a-w- c:\windows\system32\perfc013.dat
2010-09-26 08:55 . 2009-10-02 11:43 -------- d-----w- c:\program files\Common Files\Sony Shared
2010-09-26 08:53 . 2008-10-30 13:51 -------- d-----w- c:\program files\Sony
2010-09-26 08:52 . 2009-05-20 11:51 -------- d-----w- c:\users\Administrator\AppData\Roaming\Sony
2010-09-26 08:50 . 2009-05-20 11:33 80504 ----a-w- c:\users\Administrator\AppData\Local\GDIPFONTCACHEV1.DAT
2010-09-25 16:39 . 2008-10-25 08:33 -------- d-----w- c:\program files\GameTop.com
2010-09-25 16:36 . 2007-09-14 03:45 -------- d-----w- c:\program files\Roxio
2010-09-25 16:36 . 2007-09-14 03:45 -------- d-----w- c:\program files\Common Files\Roxio Shared
2010-09-25 16:14 . 2007-09-14 03:45 -------- d-----w- c:\program files\Common Files\PX Storage Engine
2010-09-25 16:07 . 2009-02-22 19:00 -------- d-----w- c:\program files\Inca Ball
2010-09-25 15:58 . 2009-11-14 21:11 -------- d-----w- c:\program files\Adventure Maker v4.5.2
2010-09-21 22:01 . 2007-09-14 04:01 -------- d-----w- c:\program files\Google
2010-09-16 14:12 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-09-15 22:43 . 2008-10-11 14:39 -------- d-----w- c:\users\petrens\AppData\Roaming\uTorrent
2010-09-14 11:58 . 2010-03-25 20:09 -------- d-----w- c:\program files\Microsoft Silverlight
2010-09-11 13:33 . 2009-10-02 11:47 -------- d-----w- c:\program files\Typ-Top 3.0
2010-09-11 10:53 . 2010-08-21 11:12 -------- d-----w- c:\program files\WePrint
2010-08-29 11:24 . 2009-05-16 07:08 1 ----a-w- c:\users\petrens\AppData\Roaming\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-08-14 11:00 . 2010-08-14 11:00 1 ----a-w- c:\users\Administrator\AppData\Roaming\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-08-14 10:53 . 2010-08-14 10:53 -------- d-----w- c:\users\Administrator\AppData\Roaming\OpenOffice.org
2010-08-09 14:45 . 2010-08-09 14:30 -------- d-----w- c:\users\petrens\AppData\Roaming\XBMC
2010-08-09 14:35 . 2010-08-09 14:30 -------- d-----w- c:\program files\XBMC
2010-07-11 23:11 . 2010-07-11 23:11 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-07-06 17:29 . 2010-07-11 22:47 2979280 -c--a-w- c:\programdata\{65893B95-F47B-4483-B883-86BA181E9B54}\Ad-AwareInstall.exe
2010-07-06 17:28 . 2010-07-11 23:11 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2010-07-06 17:28 . 2009-02-13 17:45 15880 ----a-w- c:\windows\system32\lsdelete.exe
2008-08-13 19:17 . 2008-08-13 19:17 22 --sha-w- c:\windows\SMINST\HPCD.sys
2007-09-14 13:09 . 2007-09-14 12:51 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2009-06-17 2363392]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-09-10 2424560]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2008-01-15 4874240]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2010-09-23 864624]
"nmctxth"="c:\program files\Common Files\Pure Networks Shared\Platform\nmctxth.exe" [2009-07-07 647216]
"nmapp"="c:\program files\Pure Networks\Network Magic\nmapp.exe" [2009-07-08 472112]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-14 39792]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"="c:\windows\SMINST\launcher.exe" [2007-04-03 44168]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [2000-1-21 65588]
Net Send GUI.lnk - c:\program files\Fomine Net Send GUI\NetSendGUI.exe [2008-2-25 258048]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^AvaFind.exe]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\AvaFind.exe
backup=c:\windows\pss\AvaFind.exe.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Kodak EasyShare software.lnk
backup=c:\windows\pss\Kodak EasyShare software.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Registratiesoftware starten.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Registratiesoftware starten.lnk
backup=c:\windows\pss\Registratiesoftware starten.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^Users^petrens^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^PSPsync.lnk]
path=c:\users\petrens\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PSPsync.lnk
backup=c:\windows\pss\PSPsync.lnk.Startup
backupExtension=.Startup

[HKLM\~\startupfolder\C:^Users^petrens^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^ubisoft register.lnk]
path=c:\users\petrens\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ubisoft register.lnk
backup=c:\windows\pss\ubisoft register.lnk.Startup
backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2008-10-14 23:04 39792 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Health Check Scheduler]
2007-05-24 11:13 71176 ----a-w- c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpqSRMon]
2007-08-22 14:31 80896 ----a-w- c:\program files\HP\Digital Imaging\bin\HpqSRmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpsysdrv]
2007-04-18 15:01 65536 ----a-w- c:\hp\support\hpsysdrv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2009-01-06 12:06 290088 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KBD]
2006-12-08 16:16 65536 ----a-w- c:\hp\KBD\KbdStub.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Works Portfolio]
c:\program files\Microsoft Works\WksSb.exe [BU]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OsdMaestro]
2007-02-15 11:59 118784 ----a-w- c:\program files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-01-05 15:18 413696 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateReg]
2008-10-31 23:59 54680 ----a-w- c:\windows\System32\jureg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Symantec PIF AlertEng]
c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe [BU]

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-1705306810-454223822-4283816249-1000]
"EnableNotifications"=dword:00000001
"EnableNotificationsRef"=dword:00000001

R2 EZWINIT;EZWINIT;c:\windows\system32\Drivers\ezwinit.sys [2008-09-25 14494]
R2 EZWRITER;EZWRITER;c:\windows\system32\Drivers\ezwriter.sys [2008-09-25 12544]
R2 gupdate1c989d524595dcd;Google Update Service (gupdate1c989d524595dcd);c:\program files\Google\Update\GoogleUpdate.exe [2009-02-08 133104]
R3 XDva248;XDva248;c:\windows\system32\XDva248.sys [x]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2010-07-06 64288]
S1 aswSP;avast! Self Protection; [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2010-02-17 12872]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2010-05-10 67656]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2009-11-24 20560]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\DRIVERS\aswMonFlt.sys [2009-11-24 53328]
S2 atashost;WebEx Service Host for Support Center;c:\windows\system32\atashost.exe [2009-03-06 20376]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2010-09-23 1355928]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 TeamViewer5;TeamViewer 5;c:\program files\TeamViewer\Version5\TeamViewer_Service.exe [2010-03-18 172328]
S2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [2010-06-24 92008]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys [2010-08-14 15008]
S3 MungoDriver;MungoGamer Remote;c:\windows\system32\DRIVERS\MungoDriver.sys [2010-05-10 12504]


--- Andere Services/Drivers In Geheugen ---

*NewlyCreated* - LAVASOFT_KERNEXPLORER

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
bthsvcs REG_MULTI_SZ BthServ
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2009-06-17 10:11 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Inhoud van de 'Gedeelde Taken' map

2010-09-26 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-07-06 13:50]

2010-09-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-08 10:07]

2010-09-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-08 10:07]
.
.
------- Bijkomende Scan -------
.
uStart Page = www.google.be
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
DPF: {140E4DF8-9E14-4A34-9577-C77561ED7883} - hxxp://content.systemrequirementslab.co ... 1.71.0.cab
DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://game02.zylom.com/activex/zylomgamesplayer.cab
DPF: {C49134CC-B5EF-458C-A442-E8DFE7B4645F} - hxxp://www.yoyogames.com/downloads/activex/YoYo.cab
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-09-26 22:20
Windows 6.0.6002 Service Pack 2 NTFS

scannen van verborgen processen ...

scannen van verborgen autostart items ...

scannen van verborgen bestanden ...

Scan succesvol afgerond
verborgen bestanden: 0

**************************************************************************
.
--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------

[HKEY_USERS\S-1-5-21-1705306810-454223822-4283816249-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,83,03,79,12,62,bd,68,45,ba,d7,b0,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,83,03,79,12,62,bd,68,45,ba,d7,b0,\

[HKEY_USERS\S-1-5-21-1705306810-454223822-4283816249-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aif\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.AIFF"

[HKEY_USERS\S-1-5-21-1705306810-454223822-4283816249-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aifc\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.AIFF"

[HKEY_USERS\S-1-5-21-1705306810-454223822-4283816249-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aiff\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.AIFF"

[HKEY_USERS\S-1-5-21-1705306810-454223822-4283816249-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.asf\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ASF"

[HKEY_USERS\S-1-5-21-1705306810-454223822-4283816249-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.asx\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ASX"

[HKEY_USERS\S-1-5-21-1705306810-454223822-4283816249-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.au\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.AU"

[HKEY_USERS\S-1-5-21-1705306810-454223822-4283816249-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.avi\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.avi"

[HKEY_USERS\S-1-5-21-1705306810-454223822-4283816249-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cda\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.CDA"

[HKEY_USERS\S-1-5-21-1705306810-454223822-4283816249-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
@Denied: (2) (Administrator)
"Progid"="IE.AssocFile.HTM"

[HKEY_USERS\S-1-5-21-1705306810-454223822-4283816249-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
@Denied: (2) (Administrator)
"Progid"="IE.AssocFile.HTM"

[HKEY_USERS\S-1-5-21-1705306810-454223822-4283816249-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m1v\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"

[HKEY_USERS\S-1-5-21-1705306810-454223822-4283816249-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.M2V\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"

[HKEY_USERS\S-1-5-21-1705306810-454223822-4283816249-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m3u\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.M3U"

[HKEY_USERS\S-1-5-21-1705306810-454223822-4283816249-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mht\UserChoice]
@Denied: (2) (Administrator)
"Progid"="IE.AssocFile.MHT"

[HKEY_USERS\S-1-5-21-1705306810-454223822-4283816249-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mhtml\UserChoice]
@Denied: (2) (Administrator)
"Progid"="IE.AssocFile.MHT"

[HKEY_USERS\S-1-5-21-1705306810-454223822-4283816249-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mid\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MIDI"

[HKEY_USERS\S-1-5-21-1705306810-454223822-4283816249-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.midi\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MIDI"

[HKEY_USERS\S-1-5-21-1705306810-454223822-4283816249-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.MOD\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"

[HKEY_USERS\S-1-5-21-1705306810-454223822-4283816249-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp2\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"

[HKEY_USERS\S-1-5-21-1705306810-454223822-4283816249-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp2v\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"

[HKEY_USERS\S-1-5-21-1705306810-454223822-4283816249-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp3\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MP3"

[HKEY_USERS\S-1-5-21-1705306810-454223822-4283816249-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpa\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"

[HKEY_USERS\S-1-5-21-1705306810-454223822-4283816249-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpe\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"

[HKEY_USERS\S-1-5-21-1705306810-454223822-4283816249-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpeg\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"

[HKEY_USERS\S-1-5-21-1705306810-454223822-4283816249-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpg\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"

[HKEY_USERS\S-1-5-21-1705306810-454223822-4283816249-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpv2\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"

[HKEY_USERS\S-1-5-21-1705306810-454223822-4283816249-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rmi\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MIDI"

[HKEY_USERS\S-1-5-21-1705306810-454223822-4283816249-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.snd\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.AU"

[HKEY_USERS\S-1-5-21-1705306810-454223822-4283816249-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.url\UserChoice]
@Denied: (2) (Administrator)
"Progid"="IE.AssocFile.URL"

[HKEY_USERS\S-1-5-21-1705306810-454223822-4283816249-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wav\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WAV"

[HKEY_USERS\S-1-5-21-1705306810-454223822-4283816249-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wax\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WAX"

[HKEY_USERS\S-1-5-21-1705306810-454223822-4283816249-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wm\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ASF"

[HKEY_USERS\S-1-5-21-1705306810-454223822-4283816249-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wma\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WMA"

[HKEY_USERS\S-1-5-21-1705306810-454223822-4283816249-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmd\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WMD"

[HKEY_USERS\S-1-5-21-1705306810-454223822-4283816249-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wms\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WMS"

[HKEY_USERS\S-1-5-21-1705306810-454223822-4283816249-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmv\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WMV"

[HKEY_USERS\S-1-5-21-1705306810-454223822-4283816249-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmx\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ASX"

[HKEY_USERS\S-1-5-21-1705306810-454223822-4283816249-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmz\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WMZ"

[HKEY_USERS\S-1-5-21-1705306810-454223822-4283816249-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wpl\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WPL"

[HKEY_USERS\S-1-5-21-1705306810-454223822-4283816249-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wvx\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WVX"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Geladen Onder Lopende Processen ---------------------

- - - - - - - > 'Explorer.exe'(3908)
c:\program files\Pure Networks\Network Magic\nmrsrc.dll
.
Voltooingstijd: 2010-09-26 22:29:15
ComboFix-quarantined-files.txt 2010-09-26 20:29
ComboFix2.txt 2010-04-05 11:23
ComboFix3.txt 2008-11-22 11:49
ComboFix4.txt 2008-11-21 21:10
ComboFix5.txt 2010-09-26 19:53

Pre-Run: 65.553.555.456 bytes beschikbaar
Post-Run: 66.574.548.992 bytes beschikbaar

- - End Of File - - C6D329E3E688150872B8905C8A39C6E5


ComboFix 10-09-25.07 - Administrator 26/09/2010 23:07:30.6.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.32.1043.18.1918.901 [GMT 2:00]
Gestart vanuit: c:\users\Administrator\Desktop\ComboFix.exe
SP: Lavasoft Ad-Watch Live! *disabled* (Updated) {67844DAE-4F77-4D69-9457-98E8CFFDAA22}
SP: Spybot - Search and Destroy *disabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: SUPERAntiSpyware *enabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

(((((((((((((((((((( Bestanden Gemaakt van 2010-08-26 to 2010-09-26 ))))))))))))))))))))))))))))))
.

2010-09-26 21:27 . 2010-09-26 21:27 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2010-09-26 21:27 . 2010-09-26 21:27 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-09-26 21:27 . 2010-09-26 21:27 -------- d-----w- c:\users\petrens\AppData\Local\temp
2010-09-26 21:27 . 2010-09-26 21:27 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-09-26 17:05 . 2010-09-26 17:05 -------- d-----w- c:\users\petrens\AppData\Local\Adobe
2010-09-26 15:57 . 2010-09-26 15:57 -------- d-----w- c:\users\Administrator\AppData\Local\Adobe
2010-09-26 14:44 . 2010-09-26 14:44 -------- d-----w- c:\users\petrens\AppData\Local\Apple Computer
2010-09-26 08:53 . 2010-09-26 08:53 10134 ----a-r- c:\users\Administrator\AppData\Roaming\Microsoft\Installer\{0E532C84-4275-41B3-9D81-D4A1A20D8EE7}\ARPPRODUCTICON.exe
2010-09-26 08:53 . 2010-09-26 08:53 -------- d-----w- c:\users\Administrator\AppData\Local\Downloaded Installations
2010-09-26 08:52 . 2010-09-26 08:52 -------- d-----w- c:\program files\Sony Media Go Install
2010-09-25 12:24 . 2010-09-25 12:24 63488 ----a-w- c:\users\Administrator\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
2010-09-25 12:24 . 2010-09-25 12:24 52224 ----a-w- c:\users\Administrator\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-09-25 12:24 . 2010-09-25 12:24 117760 ----a-w- c:\users\Administrator\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-09-25 12:23 . 2010-09-25 12:23 -------- d-----w- c:\users\Administrator\AppData\Roaming\SUPERAntiSpyware.com
2010-09-25 12:23 . 2010-09-25 12:23 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2010-09-25 12:23 . 2010-09-25 12:23 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-09-25 09:56 . 2010-09-25 09:56 -------- d-----w- c:\users\Administrator\AppData\Roaming\Malwarebytes
2010-09-15 11:09 . 2010-04-16 16:46 502272 ----a-w- c:\windows\system32\usp10.dll
2010-09-15 11:09 . 2010-08-17 14:11 128000 ----a-w- c:\windows\system32\spoolsv.exe
2010-09-15 11:09 . 2010-04-05 17:02 317952 ----a-w- c:\windows\system32\MP4SDECD.DLL
2010-09-15 11:09 . 2010-05-27 20:08 739328 ----a-w- c:\windows\system32\inetcomm.dll

.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-26 20:40 . 2010-03-25 20:16 75589 ----a-w- c:\programdata\nvModes.dat
2010-09-26 20:34 . 2009-09-27 19:13 12 ----a-w- c:\windows\bthservsdp.dat
2010-09-26 14:44 . 2008-07-16 19:58 80504 ----a-w- c:\users\petrens\AppData\Local\GDIPFONTCACHEV1.DAT
2010-09-26 14:41 . 2007-09-14 12:47 667114 ----a-w- c:\windows\system32\perfh013.dat
2010-09-26 14:41 . 2007-09-14 12:47 126648 ----a-w- c:\windows\system32\perfc013.dat
2010-09-26 08:55 . 2009-10-02 11:43 -------- d-----w- c:\program files\Common Files\Sony Shared
2010-09-26 08:53 . 2008-10-30 13:51 -------- d-----w- c:\program files\Sony
2010-09-26 08:52 . 2009-05-20 11:51 -------- d-----w- c:\users\Administrator\AppData\Roaming\Sony
2010-09-26 08:50 . 2009-05-20 11:33 80504 ----a-w- c:\users\Administrator\AppData\Local\GDIPFONTCACHEV1.DAT
2010-09-25 16:39 . 2008-10-25 08:33 -------- d-----w- c:\program files\GameTop.com
2010-09-25 16:36 . 2007-09-14 03:45 -------- d-----w- c:\program files\Roxio
2010-09-25 16:36 . 2007-09-14 03:45 -------- d-----w- c:\program files\Common Files\Roxio Shared
2010-09-25 16:14 . 2007-09-14 03:45 -------- d-----w- c:\program files\Common Files\PX Storage Engine
2010-09-25 16:07 . 2009-02-22 19:00 -------- d-----w- c:\program files\Inca Ball
2010-09-25 15:58 . 2009-11-14 21:11 -------- d-----w- c:\program files\Adventure Maker v4.5.2
2010-09-21 22:01 . 2007-09-14 04:01 -------- d-----w- c:\program files\Google
2010-09-16 14:12 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-09-15 22:43 . 2008-10-11 14:39 -------- d-----w- c:\users\petrens\AppData\Roaming\uTorrent
2010-09-14 11:58 . 2010-03-25 20:09 -------- d-----w- c:\program files\Microsoft Silverlight
2010-09-11 13:33 . 2009-10-02 11:47 -------- d-----w- c:\program files\Typ-Top 3.0
2010-09-11 10:53 . 2010-08-21 11:12 -------- d-----w- c:\program files\WePrint
2010-08-29 11:24 . 2009-05-16 07:08 1 ----a-w- c:\users\petrens\AppData\Roaming\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-08-14 11:00 . 2010-08-14 11:00 1 ----a-w- c:\users\Administrator\AppData\Roaming\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-08-14 10:53 . 2010-08-14 10:53 -------- d-----w- c:\users\Administrator\AppData\Roaming\OpenOffice.org
2010-08-09 14:45 . 2010-08-09 14:30 -------- d-----w- c:\users\petrens\AppData\Roaming\XBMC
2010-08-09 14:35 . 2010-08-09 14:30 -------- d-----w- c:\program files\XBMC
2010-07-11 23:11 . 2010-07-11 23:11 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-07-06 17:29 . 2010-07-11 22:47 2979280 -c--a-w- c:\programdata\{65893B95-F47B-4483-B883-86BA181E9B54}\Ad-AwareInstall.exe
2010-07-06 17:28 . 2010-07-11 23:11 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2010-07-06 17:28 . 2009-02-13 17:45 15880 ----a-w- c:\windows\system32\lsdelete.exe
2008-08-13 19:17 . 2008-08-13 19:17 22 --sha-w- c:\windows\SMINST\HPCD.sys
2007-09-14 13:09 . 2007-09-14 12:51 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2009-06-17 2363392]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-09-10 2424560]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2008-01-15 4874240]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2010-09-23 864624]
"nmctxth"="c:\program files\Common Files\Pure Networks Shared\Platform\nmctxth.exe" [2009-07-07 647216]
"nmapp"="c:\program files\Pure Networks\Network Magic\nmapp.exe" [2009-07-08 472112]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-14 39792]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"="c:\windows\SMINST\launcher.exe" [2007-04-03 44168]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [2000-1-21 65588]
Net Send GUI.lnk - c:\program files\Fomine Net Send GUI\NetSendGUI.exe [2008-2-25 258048]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^AvaFind.exe]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\AvaFind.exe
backup=c:\windows\pss\AvaFind.exe.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Kodak EasyShare software.lnk
backup=c:\windows\pss\Kodak EasyShare software.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Registratiesoftware starten.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Registratiesoftware starten.lnk
backup=c:\windows\pss\Registratiesoftware starten.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^Users^petrens^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^PSPsync.lnk]
path=c:\users\petrens\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PSPsync.lnk
backup=c:\windows\pss\PSPsync.lnk.Startup
backupExtension=.Startup

[HKLM\~\startupfolder\C:^Users^petrens^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^ubisoft register.lnk]
path=c:\users\petrens\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ubisoft register.lnk
backup=c:\windows\pss\ubisoft register.lnk.Startup
backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2008-10-14 23:04 39792 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Health Check Scheduler]
2007-05-24 11:13 71176 ----a-w- c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpqSRMon]
2007-08-22 14:31 80896 ----a-w- c:\program files\HP\Digital Imaging\bin\HpqSRmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpsysdrv]
2007-04-18 15:01 65536 ----a-w- c:\hp\support\hpsysdrv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2009-01-06 12:06 290088 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KBD]
2006-12-08 16:16 65536 ----a-w- c:\hp\KBD\KbdStub.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Works Portfolio]
c:\program files\Microsoft Works\WksSb.exe [BU]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OsdMaestro]
2007-02-15 11:59 118784 ----a-w- c:\program files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-01-05 15:18 413696 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateReg]
2008-10-31 23:59 54680 ----a-w- c:\windows\System32\jureg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Symantec PIF AlertEng]
c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe [BU]

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-1705306810-454223822-4283816249-1000]
"EnableNotifications"=dword:00000001
"EnableNotificationsRef"=dword:00000001

R2 EZWINIT;EZWINIT;c:\windows\system32\Drivers\ezwinit.sys [2008-09-25 14494]
R2 EZWRITER;EZWRITER;c:\windows\system32\Drivers\ezwriter.sys [2008-09-25 12544]
R2 gupdate1c989d524595dcd;Google Update Service (gupdate1c989d524595dcd);c:\program files\Google\Update\GoogleUpdate.exe [2009-02-08 133104]
R3 XDva248;XDva248;c:\windows\system32\XDva248.sys [x]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2010-07-06 64288]
S1 aswSP;avast! Self Protection; [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2010-02-17 12872]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2010-05-10 67656]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2009-11-24 20560]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\DRIVERS\aswMonFlt.sys [2009-11-24 53328]
S2 atashost;WebEx Service Host for Support Center;c:\windows\system32\atashost.exe [2009-03-06 20376]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2010-09-23 1355928]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 TeamViewer5;TeamViewer 5;c:\program files\TeamViewer\Version5\TeamViewer_Service.exe [2010-03-18 172328]
S2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [2010-06-24 92008]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys [2010-08-14 15008]
S3 MungoDriver;MungoGamer Remote;c:\windows\system32\DRIVERS\MungoDriver.sys [2010-05-10 12504]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
bthsvcs REG_MULTI_SZ BthServ
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2009-06-17 10:11 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Inhoud van de 'Gedeelde Taken' map

2010-09-26 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-07-06 13:50]

2010-09-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-08 10:07]

2010-09-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-08 10:07]
.
.
------- Bijkomende Scan -------
.
uStart Page = www.google.be
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
DPF: {140E4DF8-9E14-4A34-9577-C77561ED7883} - hxxp://content.systemrequirementslab.co ... 1.71.0.cab
DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://game02.zylom.com/activex/zylomgamesplayer.cab
DPF: {C49134CC-B5EF-458C-A442-E8DFE7B4645F} - hxxp://www.yoyogames.com/downloads/activex/YoYo.cab
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-09-26 23:27
Windows 6.0.6002 Service Pack 2 NTFS

scannen van verborgen processen ...

scannen van verborgen autostart items ...

scannen van verborgen bestanden ...


c:\windows\TEMP\TMP000000632FBFBE4D9830E778 524288 bytes executable

Scan succesvol afgerond
verborgen bestanden: 1

**************************************************************************
.
--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------

[HKEY_USERS\S-1-5-21-1705306810-454223822-4283816249-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,83,03,79,12,62,bd,68,45,ba,d7,b0,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,83,03,79,12,62,bd,68,45,ba,d7,b0,\

[HKEY_USERS\S-1-5-21-1705306810-454223822-4283816249-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aif\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.AIFF"

[HKEY_USERS\S-1-5-21-1705306810-454223822-4283816249-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aifc\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.AIFF"

[HKEY_USERS\S-1-5-21-1705306810-454223822-4283816249-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aiff\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.AIFF"

[HKEY_USERS\S-1-5-21-1705306810-454223822-4283816249-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.asf\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ASF"

[HKEY_USERS\S-1-5-21-1705306810-454223822-4283816249-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.asx\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ASX"

[HKEY_USERS\S-1-5-21-1705306810-454223822-4283816249-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.au\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.AU"

[HKEY_USERS\S-1-5-21-1705306810-454223822-4283816249-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.avi\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.avi"

[HKEY_USERS\S-1-5-21-1705306810-454223822-4283816249-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cda\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.CDA"

[HKEY_USERS\S-1-5-21-1705306810-454223822-4283816249-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
@Denied: (2) (Administrator)
"Progid"="IE.AssocFile.HTM"

[HKEY_USERS\S-1-5-21-1705306810-454223822-4283816249-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
@Denied: (2) (Administrator)
"Progid"="IE.AssocFile.HTM"

[HKEY_USERS\S-1-5-21-1705306810-454223822-4283816249-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m1v\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"

[HKEY_USERS\S-1-5-21-1705306810-454223822-4283816249-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.M2V\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"

[HKEY_USERS\S-1-5-21-1705306810-454223822-4283816249-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m3u\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.M3U"

[HKEY_USERS\S-1-5-21-1705306810-454223822-4283816249-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mht\UserChoice]
@Denied: (2) (Administrator)
"Progid"="IE.AssocFile.MHT"

[HKEY_USERS\S-1-5-21-1705306810-454223822-4283816249-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mhtml\UserChoice]
@Denied: (2) (Administrator)
"Progid"="IE.AssocFile.MHT"

[HKEY_USERS\S-1-5-21-1705306810-454223822-4283816249-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mid\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MIDI"

[HKEY_USERS\S-1-5-21-1705306810-454223822-4283816249-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.midi\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MIDI"

[HKEY_USERS\S-1-5-21-1705306810-454223822-4283816249-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.MOD\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"

[HKEY_USERS\S-1-5-21-1705306810-454223822-4283816249-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp2\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"

[HKEY_USERS\S-1-5-21-1705306810-454223822-4283816249-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp2v\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"

[HKEY_USERS\S-1-5-21-1705306810-454223822-4283816249-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp3\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MP3"

[HKEY_USERS\S-1-5-21-1705306810-454223822-4283816249-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpa\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"

[HKEY_USERS\S-1-5-21-1705306810-454223822-4283816249-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpe\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"

[HKEY_USERS\S-1-5-21-1705306810-454223822-4283816249-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpeg\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"

[HKEY_USERS\S-1-5-21-1705306810-454223822-4283816249-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpg\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"

[HKEY_USERS\S-1-5-21-1705306810-454223822-4283816249-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpv2\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"

[HKEY_USERS\S-1-5-21-1705306810-454223822-4283816249-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rmi\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MIDI"

[HKEY_USERS\S-1-5-21-1705306810-454223822-4283816249-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.snd\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.AU"

[HKEY_USERS\S-1-5-21-1705306810-454223822-4283816249-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.url\UserChoice]
@Denied: (2) (Administrator)
"Progid"="IE.AssocFile.URL"

[HKEY_USERS\S-1-5-21-1705306810-454223822-4283816249-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wav\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WAV"

[HKEY_USERS\S-1-5-21-1705306810-454223822-4283816249-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wax\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WAX"

[HKEY_USERS\S-1-5-21-1705306810-454223822-4283816249-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wm\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ASF"

[HKEY_USERS\S-1-5-21-1705306810-454223822-4283816249-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wma\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WMA"

[HKEY_USERS\S-1-5-21-1705306810-454223822-4283816249-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmd\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WMD"

[HKEY_USERS\S-1-5-21-1705306810-454223822-4283816249-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wms\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WMS"

[HKEY_USERS\S-1-5-21-1705306810-454223822-4283816249-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmv\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WMV"

[HKEY_USERS\S-1-5-21-1705306810-454223822-4283816249-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmx\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ASX"

[HKEY_USERS\S-1-5-21-1705306810-454223822-4283816249-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmz\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WMZ"

[HKEY_USERS\S-1-5-21-1705306810-454223822-4283816249-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wpl\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WPL"

[HKEY_USERS\S-1-5-21-1705306810-454223822-4283816249-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wvx\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WVX"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Voltooingstijd: 2010-09-26 23:35:13
ComboFix-quarantined-files.txt 2010-09-26 21:35
ComboFix2.txt 2010-04-05 11:23
ComboFix3.txt 2008-11-22 11:49
ComboFix4.txt 2008-11-21 21:10
ComboFix5.txt 2010-09-26 19:53

Pre-Run: 66.419.884.032 bytes beschikbaar
Post-Run: 66.378.203.136 bytes beschikbaar

- - End Of File - - 6FB0DFC9A1C335A2B3E7F6B99E14A717


Omhoog
 Profiel  
 
 Berichttitel: Re: security tool
BerichtGeplaatst: ma sep 27, 2010 12:38 am 
Offline
Lid

Geregistreerd: vr sep 24, 2010 7:55 pm
Berichten: 10
Besturingssysteem: Windows Vista & Windows 7
Bescherming: Avast
En dit is het hijackthis logje

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 0:34:01, on 27/09/2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18943)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
C:\Program Files\Pure Networks\Network Magic\nmapp.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Fomine Net Send GUI\NetSendGUI.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\wuauclt.exe
C:\onderhoud\hijackthis-programma\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.be
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: ChromeFrame BHO - {ECB3C477-1A0A-44BD-BB57-78F9EFE34FA7} - C:\Program Files\Google\Chrome Frame\Application\6.0.472.63\npchrome_frame.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\Windows\system32\Msdxm6.ocx
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKLM\..\Run: [nmctxth] "C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe"
O4 - HKLM\..\Run: [nmapp] "C:\Program Files\Pure Networks\Network Magic\nmapp.exe" -autorun -nosplash
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Net Send GUI.lnk = C:\Program Files\Fomine Net Send GUI\NetSendGUI.exe
O9 - Extra button: In weblog opnemen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &In weblog opnemen met Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: HP Slim selecteren - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O16 - DPF: {140E4DF8-9E14-4A34-9577-C77561ED7883} (SysInfo Class) - http://content.systemrequirementslab.co ... 1.71.0.cab
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.srtest.com/srl_bin/sysreqlab_srl.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplanet.com/fpdlmgr/cabs/ ... .9.113.cab
O16 - DPF: {40F576AD-8680-4F9E-9490-99D069CD665F} (System Requirements Lab Class) - http://srtest-cdn.systemrequirementslab ... detect.cab
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} - http://www.eset.eu/OnlineScanner.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 2408967284
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 2409237148
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab
O16 - DPF: {79E0C1C0-316D-11D5-A72A-006097BFA1AC} (EPSON Web Printer-SelfTest Control Class) - http://esupport.epson-europe.com/selfte ... TPTest.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game02.zylom.com/activex/zylomgamesplayer.cab
O16 - DPF: {C49134CC-B5EF-458C-A442-E8DFE7B4645F} (YYGInstantPlay Control) - http://www.yoyogames.com/downloads/activex/YoYo.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: gcf - {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - C:\Program Files\Google\Chrome Frame\Application\6.0.472.63\npchrome_frame.dll
O23 - Service: Mobiel Apple apparaat (Apple Mobile Device) - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: WebEx Service Host for Support Center (atashost) - WebEx Communications, Inc. - C:\Windows\system32\atashost.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Update Service (gupdate1c989d524595dcd) (gupdate1c989d524595dcd) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: Pure Networks Platform Service (nmservice) - Cisco Systems, Inc. - C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SonicStage Back-End Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SsBeSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: TeamViewer 5 (TeamViewer5) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe
O23 - Service: TomTomHOMEService - TomTom - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe

--
End of file - 9994 bytes


Omhoog
 Profiel  
 
 Berichttitel: Re: security tool
BerichtGeplaatst: ma sep 27, 2010 12:46 am 
Offline
VIP
Avatar gebruiker

Geregistreerd: vr apr 25, 2008 1:32 pm
Berichten: 5326
Woonplaats: Belgie
Besturingssysteem: Windows Vista Home Premium SP2
Bescherming: Avast!
Open een kladblokbestand.
Kopieer het onderstaande en plak dit in het kladblokbestand.
Sla het kladblokbestand op als CFScript.txt
Code:
File::
c:\windows\system32\XDva248.sys
Driver::
XDva248


Sleep nu het bestand CFScript.txt in het bestand ComboFix.exe

Afbeelding

ComboFix zal opnieuw starten.
Wanneer ComboFix klaar is, dit kan na een herstart zijn, opent er een logfile. Post de inhoud van de logfile.

Maak een nieuwe hijackthislog en post deze ook.

_________________
ASAP & Unite Member
Anti Malware Help * PC Info * E-Profile


Omhoog
 Profiel  
 
 Berichttitel: Re: security tool
BerichtGeplaatst: ma sep 27, 2010 7:58 am 
Offline
Lid

Geregistreerd: vr sep 24, 2010 7:55 pm
Berichten: 10
Besturingssysteem: Windows Vista & Windows 7
Bescherming: Avast
Goeiemorgen Emphyrio,

hieronder beide logjes:

opnieuw waren er boodschappen tijdens combofix, dat zaken niet konden afgewerkt worden.
De computer werd weg gereboot.

Groetjes,

Petthuis


ComboFix 10-09-25.07 - Administrator 27/09/2010 1:15.6.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.32.1043.18.1918.860 [GMT 2:00]
Gestart vanuit: c:\users\Administrator\Desktop\ComboFix.exe
gebruikte Opdracht switches :: c:\users\Administrator\Desktop\CFScript.txt
SP: Lavasoft Ad-Watch Live! *disabled* (Updated) {67844DAE-4F77-4D69-9457-98E8CFFDAA22}
SP: Spybot - Search and Destroy *disabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: SUPERAntiSpyware *enabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

FILE ::
"c:\windows\system32\XDva248.sys"
.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_XDVA248
-------\Service_XDva248


(((((((((((((((((((( Bestanden Gemaakt van 2010-08-26 to 2010-09-26 ))))))))))))))))))))))))))))))
.

2010-09-26 23:34 . 2010-09-26 23:43 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2010-09-26 23:34 . 2010-09-26 23:34 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-09-26 23:34 . 2010-09-26 23:34 -------- d-----w- c:\users\petrens\AppData\Local\temp
2010-09-26 23:34 . 2010-09-26 23:34 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-09-26 17:05 . 2010-09-26 17:05 -------- d-----w- c:\users\petrens\AppData\Local\Adobe
2010-09-26 15:57 . 2010-09-26 15:57 -------- d-----w- c:\users\Administrator\AppData\Local\Adobe
2010-09-26 14:44 . 2010-09-26 14:44 -------- d-----w- c:\users\petrens\AppData\Local\Apple Computer
2010-09-26 08:53 . 2010-09-26 08:53 -------- d-----w- c:\users\Administrator\AppData\Local\Downloaded Installations
2010-09-26 08:52 . 2010-09-26 08:52 -------- d-----w- c:\program files\Sony Media Go Install
2010-09-25 12:23 . 2010-09-25 12:23 -------- d-----w- c:\users\Administrator\AppData\Roaming\SUPERAntiSpyware.com
2010-09-25 12:23 . 2010-09-25 12:23 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2010-09-25 12:23 . 2010-09-25 12:23 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-09-25 09:56 . 2010-09-25 09:56 -------- d-----w- c:\users\Administrator\AppData\Roaming\Malwarebytes
2010-09-15 11:09 . 2010-04-16 16:46 502272 ----a-w- c:\windows\system32\usp10.dll
2010-09-15 11:09 . 2010-08-17 14:11 128000 ----a-w- c:\windows\system32\spoolsv.exe
2010-09-15 11:09 . 2010-04-05 17:02 317952 ----a-w- c:\windows\system32\MP4SDECD.DLL
2010-09-15 11:09 . 2010-05-27 20:08 739328 ----a-w- c:\windows\system32\inetcomm.dll

.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-26 23:41 . 2010-03-25 20:16 75589 ----a-w- c:\programdata\nvModes.dat
2010-09-26 23:38 . 2009-09-27 19:13 12 ----a-w- c:\windows\bthservsdp.dat
2010-09-26 14:44 . 2008-07-16 19:58 80504 ----a-w- c:\users\petrens\AppData\Local\GDIPFONTCACHEV1.DAT
2010-09-26 14:41 . 2007-09-14 12:47 667114 ----a-w- c:\windows\system32\perfh013.dat
2010-09-26 14:41 . 2007-09-14 12:47 126648 ----a-w- c:\windows\system32\perfc013.dat
2010-09-26 08:55 . 2009-10-02 11:43 -------- d-----w- c:\program files\Common Files\Sony Shared
2010-09-26 08:53 . 2008-10-30 13:51 -------- d-----w- c:\program files\Sony
2010-09-26 08:52 . 2009-05-20 11:51 -------- d-----w- c:\users\Administrator\AppData\Roaming\Sony
2010-09-26 08:50 . 2009-05-20 11:33 80504 ----a-w- c:\users\Administrator\AppData\Local\GDIPFONTCACHEV1.DAT
2010-09-25 16:39 . 2008-10-25 08:33 -------- d-----w- c:\program files\GameTop.com
2010-09-25 16:36 . 2007-09-14 03:45 -------- d-----w- c:\program files\Roxio
2010-09-25 16:36 . 2007-09-14 03:45 -------- d-----w- c:\program files\Common Files\Roxio Shared
2010-09-25 16:14 . 2007-09-14 03:45 -------- d-----w- c:\program files\Common Files\PX Storage Engine
2010-09-25 16:07 . 2009-02-22 19:00 -------- d-----w- c:\program files\Inca Ball
2010-09-25 15:58 . 2009-11-14 21:11 -------- d-----w- c:\program files\Adventure Maker v4.5.2
2010-09-21 22:01 . 2007-09-14 04:01 -------- d-----w- c:\program files\Google
2010-09-16 14:12 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-09-15 22:43 . 2008-10-11 14:39 -------- d-----w- c:\users\petrens\AppData\Roaming\uTorrent
2010-09-14 11:58 . 2010-03-25 20:09 -------- d-----w- c:\program files\Microsoft Silverlight
2010-09-11 13:33 . 2009-10-02 11:47 -------- d-----w- c:\program files\Typ-Top 3.0
2010-09-11 10:53 . 2010-08-21 11:12 -------- d-----w- c:\program files\WePrint
2010-08-14 10:53 . 2010-08-14 10:53 -------- d-----w- c:\users\Administrator\AppData\Roaming\OpenOffice.org
2010-08-09 14:45 . 2010-08-09 14:30 -------- d-----w- c:\users\petrens\AppData\Roaming\XBMC
2010-08-09 14:35 . 2010-08-09 14:30 -------- d-----w- c:\program files\XBMC
2010-07-11 23:11 . 2010-07-11 23:11 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-07-06 17:28 . 2010-07-11 23:11 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2010-07-06 17:28 . 2009-02-13 17:45 15880 ----a-w- c:\windows\system32\lsdelete.exe
2008-08-13 19:17 . 2008-08-13 19:17 22 --sha-w- c:\windows\SMINST\HPCD.sys
2007-09-14 13:09 . 2007-09-14 12:51 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2009-06-17 2363392]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-09-10 2424560]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2008-01-15 4874240]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2010-09-23 864624]
"nmctxth"="c:\program files\Common Files\Pure Networks Shared\Platform\nmctxth.exe" [2009-07-07 647216]
"nmapp"="c:\program files\Pure Networks\Network Magic\nmapp.exe" [2009-07-08 472112]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-14 39792]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"="c:\windows\SMINST\launcher.exe" [2007-04-03 44168]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [2000-1-21 65588]
Net Send GUI.lnk - c:\program files\Fomine Net Send GUI\NetSendGUI.exe [2008-2-25 258048]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^AvaFind.exe]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\AvaFind.exe
backup=c:\windows\pss\AvaFind.exe.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Kodak EasyShare software.lnk
backup=c:\windows\pss\Kodak EasyShare software.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Registratiesoftware starten.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Registratiesoftware starten.lnk
backup=c:\windows\pss\Registratiesoftware starten.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^Users^petrens^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^PSPsync.lnk]
path=c:\users\petrens\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PSPsync.lnk
backup=c:\windows\pss\PSPsync.lnk.Startup
backupExtension=.Startup

[HKLM\~\startupfolder\C:^Users^petrens^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^ubisoft register.lnk]
path=c:\users\petrens\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ubisoft register.lnk
backup=c:\windows\pss\ubisoft register.lnk.Startup
backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2008-10-14 23:04 39792 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Health Check Scheduler]
2007-05-24 11:13 71176 ----a-w- c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpqSRMon]
2007-08-22 14:31 80896 ----a-w- c:\program files\HP\Digital Imaging\bin\HpqSRmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpsysdrv]
2007-04-18 15:01 65536 ----a-w- c:\hp\support\hpsysdrv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2009-01-06 12:06 290088 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KBD]
2006-12-08 16:16 65536 ----a-w- c:\hp\KBD\KbdStub.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Works Portfolio]
c:\program files\Microsoft Works\WksSb.exe [BU]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OsdMaestro]
2007-02-15 11:59 118784 ----a-w- c:\program files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-01-05 15:18 413696 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateReg]
2008-10-31 23:59 54680 ----a-w- c:\windows\System32\jureg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Symantec PIF AlertEng]
c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe [BU]

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-1705306810-454223822-4283816249-1000]
"EnableNotifications"=dword:00000001
"EnableNotificationsRef"=dword:00000001

R2 EZWINIT;EZWINIT;c:\windows\system32\Drivers\ezwinit.sys [2008-09-25 14494]
R2 EZWRITER;EZWRITER;c:\windows\system32\Drivers\ezwriter.sys [2008-09-25 12544]
R2 gupdate1c989d524595dcd;Google Update Service (gupdate1c989d524595dcd);c:\program files\Google\Update\GoogleUpdate.exe [2009-02-08 133104]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2010-09-23 1355928]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2010-07-06 64288]
S1 aswSP;avast! Self Protection; [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2010-02-17 12872]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2010-05-10 67656]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2009-11-24 20560]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\DRIVERS\aswMonFlt.sys [2009-11-24 53328]
S2 atashost;WebEx Service Host for Support Center;c:\windows\system32\atashost.exe [2009-03-06 20376]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 TeamViewer5;TeamViewer 5;c:\program files\TeamViewer\Version5\TeamViewer_Service.exe [2010-03-18 172328]
S2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [2010-06-24 92008]
S3 MungoDriver;MungoGamer Remote;c:\windows\system32\DRIVERS\MungoDriver.sys [2010-05-10 12504]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
bthsvcs REG_MULTI_SZ BthServ
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2009-06-17 10:11 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Inhoud van de 'Gedeelde Taken' map

2010-09-26 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-07-06 13:50]

2010-09-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-08 10:07]

2010-09-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-08 10:07]
.
.
------- Bijkomende Scan -------
.
uStart Page = www.google.be
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
DPF: {140E4DF8-9E14-4A34-9577-C77561ED7883} - hxxp://content.systemrequirementslab.co ... 1.71.0.cab
DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://game02.zylom.com/activex/zylomgamesplayer.cab
DPF: {C49134CC-B5EF-458C-A442-E8DFE7B4645F} - hxxp://www.yoyogames.com/downloads/activex/YoYo.cab
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-09-27 01:43
Windows 6.0.6002 Service Pack 2 NTFS

scannen van verborgen processen ...

scannen van verborgen autostart items ...

scannen van verborgen bestanden ...

Scan succesvol afgerond
verborgen bestanden: 0

**************************************************************************
.
--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------

[HKEY_USERS\S-1-5-21-1705306810-454223822-4283816249-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,83,03,79,12,62,bd,68,45,ba,d7,b0,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,83,03,79,12,62,bd,68,45,ba,d7,b0,\

[HKEY_USERS\S-1-5-21-1705306810-454223822-4283816249-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aif\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.AIFF"

[HKEY_USERS\S-1-5-21-1705306810-454223822-4283816249-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aifc\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.AIFF"

[HKEY_USERS\S-1-5-21-1705306810-454223822-4283816249-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aiff\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.AIFF"

[HKEY_USERS\S-1-5-21-1705306810-454223822-4283816249-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.asf\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ASF"

[HKEY_USERS\S-1-5-21-1705306810-454223822-4283816249-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.asx\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ASX"

[HKEY_USERS\S-1-5-21-1705306810-454223822-4283816249-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.au\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.AU"

[HKEY_USERS\S-1-5-21-1705306810-454223822-4283816249-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.avi\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.avi"

[HKEY_USERS\S-1-5-21-1705306810-454223822-4283816249-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cda\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.CDA"

[HKEY_USERS\S-1-5-21-1705306810-454223822-4283816249-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
@Denied: (2) (Administrator)
"Progid"="IE.AssocFile.HTM"

[HKEY_USERS\S-1-5-21-1705306810-454223822-4283816249-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
@Denied: (2) (Administrator)
"Progid"="IE.AssocFile.HTM"

[HKEY_USERS\S-1-5-21-1705306810-454223822-4283816249-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m1v\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"

[HKEY_USERS\S-1-5-21-1705306810-454223822-4283816249-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.M2V\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"

[HKEY_USERS\S-1-5-21-1705306810-454223822-4283816249-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m3u\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.M3U"

[HKEY_USERS\S-1-5-21-1705306810-454223822-4283816249-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mht\UserChoice]
@Denied: (2) (Administrator)
"Progid"="IE.AssocFile.MHT"

[HKEY_USERS\S-1-5-21-1705306810-454223822-4283816249-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mhtml\UserChoice]
@Denied: (2) (Administrator)
"Progid"="IE.AssocFile.MHT"

[HKEY_USERS\S-1-5-21-1705306810-454223822-4283816249-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mid\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MIDI"

[HKEY_USERS\S-1-5-21-1705306810-454223822-4283816249-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.midi\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MIDI"

[HKEY_USERS\S-1-5-21-1705306810-454223822-4283816249-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.MOD\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"

[HKEY_USERS\S-1-5-21-1705306810-454223822-4283816249-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp2\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"

[HKEY_USERS\S-1-5-21-1705306810-454223822-4283816249-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp2v\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"

[HKEY_USERS\S-1-5-21-1705306810-454223822-4283816249-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp3\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MP3"

[HKEY_USERS\S-1-5-21-1705306810-454223822-4283816249-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpa\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"

[HKEY_USERS\S-1-5-21-1705306810-454223822-4283816249-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpe\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"

[HKEY_USERS\S-1-5-21-1705306810-454223822-4283816249-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpeg\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"

[HKEY_USERS\S-1-5-21-1705306810-454223822-4283816249-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpg\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"

[HKEY_USERS\S-1-5-21-1705306810-454223822-4283816249-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpv2\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"

[HKEY_USERS\S-1-5-21-1705306810-454223822-4283816249-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rmi\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MIDI"

[HKEY_USERS\S-1-5-21-1705306810-454223822-4283816249-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.snd\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.AU"

[HKEY_USERS\S-1-5-21-1705306810-454223822-4283816249-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.url\UserChoice]
@Denied: (2) (Administrator)
"Progid"="IE.AssocFile.URL"

[HKEY_USERS\S-1-5-21-1705306810-454223822-4283816249-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wav\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WAV"

[HKEY_USERS\S-1-5-21-1705306810-454223822-4283816249-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wax\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WAX"

[HKEY_USERS\S-1-5-21-1705306810-454223822-4283816249-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wm\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ASF"

[HKEY_USERS\S-1-5-21-1705306810-454223822-4283816249-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wma\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WMA"

[HKEY_USERS\S-1-5-21-1705306810-454223822-4283816249-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmd\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WMD"

[HKEY_USERS\S-1-5-21-1705306810-454223822-4283816249-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wms\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WMS"

[HKEY_USERS\S-1-5-21-1705306810-454223822-4283816249-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmv\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WMV"

[HKEY_USERS\S-1-5-21-1705306810-454223822-4283816249-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmx\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ASX"

[HKEY_USERS\S-1-5-21-1705306810-454223822-4283816249-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmz\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WMZ"

[HKEY_USERS\S-1-5-21-1705306810-454223822-4283816249-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wpl\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WPL"

[HKEY_USERS\S-1-5-21-1705306810-454223822-4283816249-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wvx\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WVX"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Geladen Onder Lopende Processen ---------------------

- - - - - - - > 'Explorer.exe'(1732)
c:\program files\Pure Networks\Network Magic\nmrsrc.dll
c:\program files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll
c:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL
c:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_dut.nlr
c:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
.
------------------------ Andere Aktieve Processen ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\windows\system32\nvvsvc.exe
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
c:\windows\system32\WUDFHost.exe
c:\windows\system32\conime.exe
c:\windows\RtHDVCpl.exe
c:\program files\Alwil Software\Avast4\ashDisp.exe
c:\program files\Hewlett-Packard\HP Health Check\hphc_service.exe
c:\program files\windows defender\MpCmdRun.exe
.
**************************************************************************
.
Voltooingstijd: 2010-09-27 01:59:16 - machine werd herstart
ComboFix-quarantined-files.txt 2010-09-26 23:58
ComboFix2.txt 2010-09-26 21:35
ComboFix3.txt 2010-04-05 11:23
ComboFix4.txt 2008-11-22 11:49
ComboFix5.txt 2010-09-26 23:10

Pre-Run: 66.300.530.688 bytes beschikbaar
Post-Run: 66.070.601.728 bytes beschikbaar

- - End Of File - - 1ACC881B1F42B97778D78DE57CF22D05



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:53:16, on 27/09/2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18943)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\RtHDVCpl.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
C:\Program Files\Pure Networks\Network Magic\nmapp.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Fomine Net Send GUI\NetSendGUI.exe
C:\onderhoud\hijackthis-programma\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.be
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: ChromeFrame BHO - {ECB3C477-1A0A-44BD-BB57-78F9EFE34FA7} - C:\Program Files\Google\Chrome Frame\Application\6.0.472.63\npchrome_frame.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\Windows\system32\Msdxm6.ocx
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKLM\..\Run: [nmctxth] "C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe"
O4 - HKLM\..\Run: [nmapp] "C:\Program Files\Pure Networks\Network Magic\nmapp.exe" -autorun -nosplash
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Net Send GUI.lnk = C:\Program Files\Fomine Net Send GUI\NetSendGUI.exe
O9 - Extra button: In weblog opnemen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &In weblog opnemen met Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: HP Slim selecteren - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O16 - DPF: {140E4DF8-9E14-4A34-9577-C77561ED7883} (SysInfo Class) - http://content.systemrequirementslab.co ... 1.71.0.cab
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.srtest.com/srl_bin/sysreqlab_srl.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplanet.com/fpdlmgr/cabs/ ... .9.113.cab
O16 - DPF: {40F576AD-8680-4F9E-9490-99D069CD665F} (System Requirements Lab Class) - http://srtest-cdn.systemrequirementslab ... detect.cab
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} - http://www.eset.eu/OnlineScanner.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 2408967284
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 2409237148
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab
O16 - DPF: {79E0C1C0-316D-11D5-A72A-006097BFA1AC} (EPSON Web Printer-SelfTest Control Class) - http://esupport.epson-europe.com/selfte ... TPTest.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game02.zylom.com/activex/zylomgamesplayer.cab
O16 - DPF: {C49134CC-B5EF-458C-A442-E8DFE7B4645F} (YYGInstantPlay Control) - http://www.yoyogames.com/downloads/activex/YoYo.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: gcf - {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - C:\Program Files\Google\Chrome Frame\Application\6.0.472.63\npchrome_frame.dll
O23 - Service: Mobiel Apple apparaat (Apple Mobile Device) - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: WebEx Service Host for Support Center (atashost) - WebEx Communications, Inc. - C:\Windows\system32\atashost.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Update Service (gupdate1c989d524595dcd) (gupdate1c989d524595dcd) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: Pure Networks Platform Service (nmservice) - Cisco Systems, Inc. - C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SonicStage Back-End Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SsBeSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: TeamViewer 5 (TeamViewer5) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe
O23 - Service: TomTomHOMEService - TomTom - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe

--
End of file - 9863 bytes


Omhoog
 Profiel  
 
 Berichttitel: Re: security tool
BerichtGeplaatst: ma sep 27, 2010 1:52 pm 
Offline
VIP
Avatar gebruiker

Geregistreerd: vr apr 25, 2008 1:32 pm
Berichten: 5326
Woonplaats: Belgie
Besturingssysteem: Windows Vista Home Premium SP2
Bescherming: Avast!
Citaat:
opnieuw waren er boodschappen tijdens combofix, dat zaken niet konden afgewerkt worden.

Kan je hier wat meer specifieker zijn ?

Heb je onlangs WMP11 geinstalleerd of heb je hier problemen mee?

Heb je ooit Norton op je pc gehad ?

_________________
ASAP & Unite Member
Anti Malware Help * PC Info * E-Profile


Omhoog
 Profiel  
 
 Berichttitel: Re: security tool
BerichtGeplaatst: ma sep 27, 2010 10:25 pm 
Offline
Lid

Geregistreerd: vr sep 24, 2010 7:55 pm
Berichten: 10
Besturingssysteem: Windows Vista & Windows 7
Bescherming: Avast
Ik bedoel dat er tijdens het lopen van Combofix, op het blauwe scherm waarop alle stappen worden afgeteld, bij enkele punten de melding kwam dat er als administrator moest worden ingelogd, en dat er dus access denied was.
En dit terwijl ik het programma had opgestart als administrator, en ook had gekozen voor "als administrator uitvoeren".
De vorige 2 logs was dit ook zo.
Ik had nu de indruk dat het iets minder was, maar ik heb er niet de hele tijd op zitten kijken. Het was nogal laat.

We hebben ooit nog Norton op de computer gehad, maar ik dacht dat dit volledig was verwijderd.

Voor WMP (Ik vermoed Windows Media Player) hebben we versie 11.0.6002.18111. Ik heb echter niet de indruk dat we daar problemen mee gehad hebben.

Denk je dat hier nu nog beestjes op de PC zitten?


Omhoog
 Profiel  
 
Geef de vorige berichten weer:  Sorteer op  
Dit onderwerp is gesloten, je kunt geen berichten wijzigen of nieuwe antwoorden plaatsen  [ 18 berichten ]  Ga naar pagina 1, 2  Volgende

Forumoverzicht » RSIT/DDS/HijackThis logfiles » Opgeloste RSIT/DDS/HijackThis logfiles


Wie is er online

Gebruikers op dit forum: Google [Bot] en 3 gasten


Je mag geen nieuwe onderwerpen in dit forum plaatsen
Je mag niet antwoorden op een onderwerp in dit forum
Je mag je berichten in dit forum niet wijzigen
Je mag je berichten niet uit dit forum verwijderen
Je mag geen bijlagen toevoegen in dit forum

Ga naar:  
cron
Powered by phpBB® Forum Software © phpBB Group
phpBB.nl Vertaling