Vraag & Antwoord

Beveiliging & privacy

CiD Pop Ups,

8 antwoorden
  • Hallo, Ik weet dat er meerdere topics zijn over dit probleem maar na vele pogingen met behulp van die topics is het me nog niet gelukt om van de CiD pop ups af te komen. Ik heb dit probleem al 1x meer gehad toen kon ik het zo weghalen met wat scans van AVG maar nu ongeveer 3 weken later is het weer teruggekomen. Hier is mijn hjackthis logje: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 11:33:52, on 15-9-2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Intel Audio Studio\IntelAudioStudio.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\MessengerPlus! 3\MsgPlus.exe C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe C:\WINDOWS\System32\Rundll32.exe C:\PROGRA~1\Grisoft\AVG7\avgcc.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\DAEMON Tools\daemon.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Google\Google Updater\GoogleUpdater.exe C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe C:\Program Files\Logitech\SetPoint\SetPoint.exe C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\PnkBstrA.exe C:\WINDOWS\system32\PSIService.exe C:\Program Files\Xfire\xfire.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ufclan.roxorgamers.com/ R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: rightonadz.biz browser optimizer - {36A91CEC-6C71-4758-B492-397BFC8E96A2} - C:\WINDOWS\system32\gzmrotate.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [SigmatelSysTrayApp] sttray.exe O4 - HKLM\..\Run: [IntelAudioStudio] "C:\Program Files\Intel Audio Studio\IntelAudioStudio.exe" TRAY O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" O4 - HKLM\..\Run: [outlook] C:\Program Files\outlook\outlook.exe /auto O4 - HKLM\..\Run: [hid_start] C:\WINDOWS\System32\Rundll32.exe "C:\WINDOWS\system32\gzmrotate.dll" DllVerify O4 - HKLM\..\Run: [Itch ford four knob] C:\Documents and Settings\All Users\Application Data\third lies itch ford\Default Owns.exe O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [rdrrule] C:\DOCUME~1\Dennis\APPLIC~1\4METAP~1\Audio browse wipe.exe O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 O4 - HKCU\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service') O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Lokale service') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Startup: hamachi.lnk = C:\Program Files\Hamachi\hamachi.exe O4 - Global Startup: Adobe Reader Snelle start.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe O4 - Global Startup: Logitech SetPoint.lnk = ? O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} (DownloadManager Control) - http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.1.6.cab O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe -- End of file - 7410 bytes Ik hoop dat Iemand me kan helpen. Groeten
  • Download [url=http://download.bleepingcomputer.com/sUBs/ComboFix.exe][b:701a796db3]Combofix[/b:701a796db3][/url] naar je Bureaublad.[list:701a796db3] Dubbelklik op [b:701a796db3]Combofix.exe[/b:701a796db3] Volg de instructies, aanvaard de disclaimer door [b:701a796db3]1[/b:701a796db3] (continue) te typen gevolgd door [b:701a796db3]ENTER[/b:701a796db3]. Tijdens het runnen van de fix, [b:701a796db3]NIET[/b:701a796db3] in het venster klikken, want dit zal je pc doen vasthangen.[/list:u:701a796db3] Wanneer de fix voltooid is en na herstart, zal de log [b:701a796db3]combofix.txt[/b:701a796db3] openen. [i:701a796db3]Plaats dit log in je volgende post tesamen met een nieuw HijackThis log.[/i:701a796db3] Opmerking: Indien je virusscanner reageert met een melding van een scriptuitvoering, mag je dit negeren. Start Hijackthis op en kies voor 'Do a system scan only' Selecteer alleen de items die hieronder zijn genoemd: [b:701a796db3] R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank O2 - BHO: rightonadz.biz browser optimizer - {36A91CEC-6C71-4758-B492-397BFC8E96A2} - C:\WINDOWS\system32\gzmrotate.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O4 - HKLM\..\Run: [hid_start] C:\WINDOWS\System32\Rundll32.exe "C:\WINDOWS\system32\gzmrotate.dll" DllVerify O4 - HKLM\..\Run: [Itch ford four knob] C:\Documents and Settings\All Users\Application Data\third lies itch ford\Default Owns.exe O4 - HKCU\..\Run: [rdrrule] C:\DOCUME~1\Dennis\APPLIC~1\4METAP~1\Audio browse wipe.exe [/b:701a796db3] Sluit alle vensters behalve Hijackthis Klik op 'Fix checked' om de items te verwijderen. Open de verkenner ("Mijn Computer") en kies [b:701a796db3]Extra[/b:701a796db3] -> [b:701a796db3]Mapopties...[/b:701a796db3] Controleer onder [b:701a796db3]Weergave[/b:701a796db3] de volgende instellingen: Uitzetten: Beveiligde besturingssysteembestanden verbergen (aanbevolen) Uitzetten: Extensies voor bekende bestandstypen verbergen Selecteer: De inhoud van systeemmappen weergeven (alleen bij XP) Selecteer: Verborgen bestanden en mappen weergeven Verwijder de volgende directories: in veilige modus (tijdens opstarten op F8 tappen) C:\Documents and Settings\All Users\Application Data\[b:701a796db3]third lies itch ford[/b:701a796db3]\ C:\DOCUME~1\Dennis\APPLIC~1\[b:701a796db3]4METAP~1[/b:701a796db3]\ Download dit bestand: [url=http://home.hetnet.nl/~stefsmeenk/tools/deljob.exe][b:701a796db3]Deljob.exe[/b:701a796db3][/url] Plaats het op je bureaublad. Indien je virusscanner de download van deljob.exe blokkeert, schakel dan tijdelijk je virusscanner uit of download de zip-versie [url=http://members.lycos.nl/deljob/deljob.zip][b:701a796db3]deljob.zip[/b:701a796db3][/url] en pak deze uit naar je Bureaublad. Dubbelklik [b:701a796db3]Deljob.exe[/b:701a796db3]. Een logje(logit.txt) zal openen, het bestandje kan je ook terugvinden op je bureaublad. Post de inhoud van [b:701a796db3]logit.txt[/b:701a796db3] in je volgende bericht. plaats in je volgende post. het deljob logje het combofix logje een nieuw HJT logje succes
  • Hallo, Bedankt voor je reactie! Ik heb alles met succes uit kunnen voeren. Hier zijn mijn logjes. Hjackthis: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 22:20:05, on 15-9-2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\EASYPH~1\Apache\apache.exe C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe C:\Program Files\MySQL\MySQL Server 5.0\bin\mysqld-nt.exe C:\PROGRA~1\EASYPH~1\Apache\apache.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\PnkBstrA.exe C:\WINDOWS\system32\PSIService.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Intel Audio Studio\IntelAudioStudio.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\MessengerPlus! 3\MsgPlus.exe C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe C:\PROGRA~1\Grisoft\AVG7\avgcc.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\DAEMON Tools\daemon.exe C:\Program Files\Picasa2\PicasaMediaDetector.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe C:\Program Files\Google\Google Updater\GoogleUpdater.exe C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe C:\Program Files\Logitech\SetPoint\SetPoint.exe C:\Program Files\Hamachi\hamachi.exe C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE C:\Program Files\MSN Messenger\msnmsgr.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ufclan.roxorgamers.com/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [SigmatelSysTrayApp] sttray.exe O4 - HKLM\..\Run: [IntelAudioStudio] "C:\Program Files\Intel Audio Studio\IntelAudioStudio.exe" TRAY O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 O4 - HKCU\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service') O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Lokale service') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Startup: hamachi.lnk = C:\Program Files\Hamachi\hamachi.exe O4 - Global Startup: Adobe Reader Snelle start.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe O4 - Global Startup: Logitech SetPoint.lnk = ? O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} (DownloadManager Control) - http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.1.6.cab O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Apache - Unknown owner - C:\PROGRA~1\EASYPH~1\Apache\apache.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: MySQL - Unknown owner - C:\Program.exe (file missing) O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe -- End of file - 7250 bytes Combofix log: ComboFix 07-08-24.4 - "Dennis" 2007-08-24 19:59:21.1 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1043.18.1479 [GMT 2:00] * Created a new restore point ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) C:\DOCUME~1\Dennis\APPLIC~1\macromedia\Flash Player\#SharedObjects\2RWSKVNW\iforex.com C:\DOCUME~1\Dennis\APPLIC~1\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#iforex.com C:\DOCUME~1\Dennis\BUREAU~1\internet.lnk C:\WINDOWS\system32\dwdsrngt.exe C:\WINDOWS\system32\lodsrngk.exe C:\WINDOWS\system32\msnav32.ax C:\WINDOWS\system32\nsq24.dll C:\WINDOWS\system32\nsz26.dll C:\WINDOWS\system32\qwinpmdt.exe C:\WINDOWS\system32\winpfz32.sys C:\WINDOWS\system32\zxdnt3d.cfg ((((((((((((((((((((((((( Files Created from 2007-07-24 to 2007-08-24 ))))))))))))))))))))))))))))))) 2007-08-24 19:58 51,200 --a------ C:\WINDOWS\nircmd.exe 2007-08-24 18:28 <DIR> d-------- C:\DOCUME~1\LOCALS~1\APPLIC~1\4 meta pure 2007-08-24 18:27 82,248 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys 2007-08-24 18:27 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll 2007-08-24 18:27 57,672 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys 2007-08-24 18:27 40,264 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys 2007-08-24 18:27 29,000 --a------ C:\WINDOWS\system32\drivers\kcom.sys 2007-08-24 18:27 <DIR> d-------- C:\Program Files\Spyware Doctor 2007-08-24 18:27 <DIR> d-------- C:\DOCUME~1\Dennis\APPLIC~1\PC Tools 2007-08-24 17:40 <DIR> d-------- C:\Program Files\Lavasoft 2007-08-24 17:40 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft 2007-08-24 17:26 <DIR> d-------- C:\Program Files\Trend Micro 2007-08-24 15:56 <DIR> d-------- C:\WINDOWS\LastGood.Tmp 2007-08-23 17:41 33,511 --a------ C:\WINDOWS\system32\ninjaext-uninstall.exe 2007-08-22 18:29 <DIR> d-------- C:\DOCUME~1\Dennis\APPLIC~1\NASA 2007-08-22 18:28 <DIR> d-------- C:\Program Files\NASA 2007-08-22 18:27 <DIR> d-------- C:\WINDOWS\system32\URTTemp 2007-08-20 19:58 75,264 --a------ C:\WINDOWS\system32\ninjaext.dll 2007-08-19 00:10 <DIR> d--hs---- C:\Program Files\outlook 2007-08-18 23:54 39,884 --a------ C:\WINDOWS\system32\gzmrot-uninst.exe 2007-08-18 23:53 55,542 --a------ C:\WINDOWS\system32\adssite-remove.exe 2007-08-18 23:50 <DIR> d-------- C:\DOCUME~1\Dennis\Incomplete 2007-08-18 23:50 <DIR> d-------- C:\DOCUME~1\Dennis\APPLIC~1\LimeWirePlus 2007-08-18 23:41 <DIR> d-------- C:\Program Files\LimeWire Plus 2007-08-16 16:35 <DIR> d-------- C:\Program Files\Ventrilo 2007-08-16 16:35 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard 2007-08-16 16:35 <DIR> d-------- C:\DOCUME~1\Dennis\APPLIC~1\Ventrilo 2007-08-14 20:30 <DIR> d-------- C:\DOCUME~1\Dennis\APPLIC~1\Download Manager 2007-08-14 13:24 <DIR> d-------- C:\Program Files\mIRC 2007-08-12 22:37 286,720 --a------ C:\WINDOWS\iun506.exe 2007-08-12 22:37 <DIR> d-------- C:\Program Files\Rcon Unlimited 2007-08-12 17:21 286,720 --------- C:\WINDOWS\Setup1.exe 2007-08-12 17:21 <DIR> d-------- C:\Program Files\Rcon4Cod2 2007-08-12 17:17 73,216 --a------ C:\WINDOWS\ST6UNST.EXE 2007-08-12 14:27 <DIR> d-------- C:\Program Files\FileZilla 2007-08-10 21:15 <DIR> d-------- C:\Program Files\VALVe 2007-08-09 18:47 <DIR> d-------- C:\Program Files\MSBuild 2007-08-09 18:47 <DIR> d-------- C:\Program Files\Microsoft Works 2007-08-09 18:45 <DIR> d-------- C:\WINDOWS\SHELLNEW 2007-08-09 18:44 <DIR> dr-h----- C:\MSOCache 2007-08-09 18:44 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft Help 2007-08-09 18:23 <DIR> d-------- C:\Program Files\DivX 2007-08-09 15:15 1,165 --a------ C:\WINDOWS\mozver.dat 2007-08-09 15:07 <DIR> d-------- C:\DOCUME~1\NETWOR~1\APPLIC~1\Xfire 2007-08-08 23:52 0 --a------ C:\WINDOWS\nsreg.dat 2007-08-07 11:52 <DIR> d-------- C:\DOCUME~1\LOCALS~1\APPLIC~1\Xfire 2007-08-06 11:58 50,688 --a------ C:\WINDOWS\system32\wbhelp2.dll 2007-08-06 11:58 499,712 --a------ C:\WINDOWS\system32\msvcp71.dll 2007-08-06 11:58 348,160 --a------ C:\WINDOWS\system32\msvcr71.dll 2007-08-06 11:58 1,060,864 --a------ C:\WINDOWS\system32\MFC71.dll 2007-08-06 11:58 <DIR> d-------- C:\Program Files\Ipswitch 2007-08-06 11:58 <DIR> d-------- C:\DOCUME~1\Dennis\APPLIC~1\Ipswitch 2007-08-06 11:58 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Ipswitch 2007-08-06 11:56 <DIR> d---s---- C:\DOCUME~1\Dennis\UserData 2007-08-05 23:22 <DIR> d-------- C:\Program Files\Teamspeak2_RC2 2007-08-05 23:22 <DIR> d-------- C:\DOCUME~1\Dennis\APPLIC~1\teamspeak2 2007-08-05 22:56 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Messenger Plus! 2007-08-05 22:54 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\dumb bolt knob third 2007-08-05 22:53 <DIR> d-------- C:\Program Files\MessengerPlus! 3 2007-08-05 22:53 <DIR> d-------- C:\Program Files\Adverts 2007-08-05 22:53 <DIR> d-------- C:\Program Files\4 meta pure 2007-08-05 22:53 <DIR> d-------- C:\DOCUME~1\Dennis\APPLIC~1\4 meta pure 2007-08-05 22:53 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\third lies itch ford 2007-08-05 22:52 <DIR> d-------- C:\Program Files\MSN Messenger 2007-08-05 22:51 <DIR> d-------- C:\WINDOWS\SxsCaPendDel 2007-08-05 18:36 4,682 --a------ C:\WINDOWS\system32\npptNT2.sys 2007-08-05 18:23 <DIR> d-------- C:\Program Files\Google 2007-08-05 18:23 <DIR> d-------- C:\DOCUME~1\Dennis\APPLIC~1\Google 2007-08-05 18:23 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google Updater 2007-08-05 18:23 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google 2007-08-05 18:11 <DIR> d-------- C:\Program Files\Gpotato 2007-08-05 13:11 <DIR> d-------- C:\Program Files\CoD RconTool 2007-08-05 11:37 271,224 --a------ C:\WINDOWS\system32\mucltui.dll 2007-08-05 11:37 207,736 --a------ C:\WINDOWS\system32\muweb.dll 2007-08-05 11:37 <DIR> d-------- C:\DOCUME~1\Dennis\Contacts 2007-08-05 11:33 <DIR> d-------- C:\Program Files\Windows Live 2007-08-05 11:33 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\WLInstaller 2007-08-05 11:33 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\WindowsLiveInstaller 2007-08-04 23:45 <DIR> d--h----- C:\WINDOWS\$hf_mig$ 2007-08-04 23:45 <DIR> d-------- C:\WINDOWS\system32\PreInstall 2007-08-04 22:38 <DIR> d-------- C:\Program Files\uTorrent 2007-08-04 22:38 <DIR> d-------- C:\DOCUME~1\Dennis\APPLIC~1\uTorrent 2007-08-04 22:36 <DIR> d-------- C:\DOCUME~1\Dennis\Downloads 2007-08-04 17:14 <DIR> d-------- C:\DOCUME~1\Dennis\APPLIC~1\Logitech 2007-08-04 17:09 34,576 --a------ C:\WINDOWS\system32\drivers\LHidFilt.Sys 2007-08-04 17:09 33,296 --a------ C:\WINDOWS\system32\drivers\LMouFilt.Sys 2007-08-04 17:09 127,034 -r------- C:\WINDOWS\bwUnin-8.1.1.50-8876480SL.exe 2007-08-04 17:09 101,136 --a------ C:\WINDOWS\KHALMNPR.Exe 2007-08-04 17:09 1,419,024 --a------ C:\WINDOWS\system32\WdfCoInstaller01005.dll 2007-08-04 17:09 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE 2007-08-04 17:09 <DIR> d-------- C:\WINDOWS\system32\ReinstallBackups 2007-08-04 17:08 69,632 --a------ C:\WINDOWS\system32\KemXML.dll 2007-08-04 17:08 163,840 --a------ C:\WINDOWS\system32\kemutb.dll 2007-08-04 17:08 135,168 --a------ C:\WINDOWS\system32\KemUtil.dll 2007-08-04 17:08 110,592 --a------ C:\WINDOWS\system32\KemWnd.dll 2007-08-04 17:08 <DIR> d-------- C:\Program Files\Logitech 2007-08-04 17:08 <DIR> d-------- C:\Program Files\Common Files\Logitech 2007-08-04 17:08 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Logitech 2007-08-04 16:59 66,872 --a------ C:\WINDOWS\system32\PnkBstrA.exe 2007-08-04 16:59 22,328 --a------ C:\WINDOWS\system32\drivers\PnkBstrK.sys (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) 2007-08-05 15:05 8972 --a------ C:\WINDOWS\pchealth\helpctr\Config\Cntstore.bin 2007-08-05 15:05 2378 --a------ C:\WINDOWS\pchealth\helpctr\PackageStore\SkuStore.bin 2007-08-04 17:09 0 --ah----- C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf 2007-08-04 17:09 0 --ah----- C:\WINDOWS\system32\drivers\Msft_Kernel_LMouFilt_01005.Wdf 2007-07-30 19:19 92504 --a------ C:\WINDOWS\system32\cdm.dll 2007-07-30 19:19 43352 --a------ C:\WINDOWS\system32\wups2.dll 2007-07-13 16:46 61440 --a------ C:\WINDOWS\system32\gzmrotate.dll 2007-06-29 00:43 8466432 --a------ C:\WINDOWS\system32\nvcpl.dll 2007-06-29 00:43 81920 --a------ C:\WINDOWS\system32\nvwddi.dll 2007-06-29 00:43 81920 --a------ C:\WINDOWS\system32\nvmctray.dll 2007-06-29 00:43 753664 --a------ C:\WINDOWS\system32\nvcplui.exe 2007-06-29 00:43 6807328 --a------ C:\WINDOWS\system32\drivers\nv4_mini.sys 2007-06-29 00:43 6729728 --a------ C:\WINDOWS\system32\nvoglnt.dll 2007-06-29 00:43 6234112 --a------ C:\WINDOWS\system32\nvdisps.dll 2007-06-29 00:43 5690624 --a------ C:\WINDOWS\system32\nv4_disp.dll 2007-06-29 00:43 5455872 --a------ C:\WINDOWS\system32\nvdispsr.dll 2007-06-29 00:43 466944 --a------ C:\WINDOWS\system32\nvshell.dll 2007-06-29 00:43 458752 --a------ C:\WINDOWS\system32\nvmccssr.dll 2007-06-29 00:43 45056 --a------ C:\WINDOWS\system32\nvmccsrs.dll 2007-06-29 00:43 442368 --a------ C:\WINDOWS\system32\nvappbar.exe 2007-06-29 00:43 425984 --a------ C:\WINDOWS\system32\keystone.exe 2007-06-29 00:43 37376 --a------ C:\WINDOWS\system32\nvcodins.dll 2007-06-29 00:43 37376 --a------ C:\WINDOWS\system32\nvcod.dll 2007-06-29 00:43 360448 --a------ C:\WINDOWS\system32\nvapi.dll 2007-06-29 00:43 3600384 --a------ C:\WINDOWS\system32\nvvitvsr.dll 2007-06-29 00:43 3518464 --a------ C:\WINDOWS\system32\nvvitvs.dll 2007-06-29 00:43 3321856 --a------ C:\WINDOWS\system32\nvgames.dll 2007-06-29 00:43 3072000 --a------ C:\WINDOWS\system32\nvgamesr.dll 2007-06-29 00:43 307200 --a------ C:\WINDOWS\system32\nvexpbar.dll 2007-06-29 00:43 286720 --a------ C:\WINDOWS\system32\nvnt4cpl.dll 2007-06-29 00:43 2854912 --a------ C:\WINDOWS\system32\nvmoblsr.dll 2007-06-29 00:43 2416640 --a------ C:\WINDOWS\system32\nvwssr.dll 2007-06-29 00:43 2330624 --a------ C:\WINDOWS\system32\nvwss.dll 2007-06-29 00:43 229376 --a------ C:\WINDOWS\system32\nvmccs.dll 2007-06-29 00:43 188416 --a------ C:\WINDOWS\system32\nvmccss.dll 2007-06-29 00:43 1703936 --a------ C:\WINDOWS\system32\nvwdmcpl.dll 2007-06-29 00:43 1626112 --a------ C:\WINDOWS\system32\nwiz.exe 2007-06-29 00:43 155716 --a------ C:\WINDOWS\system32\nvsvc32.exe 2007-06-29 00:43 1474560 --a------ C:\WINDOWS\system32\nview.dll 2007-06-29 00:43 147456 --a------ C:\WINDOWS\system32\nvcolor.exe 2007-06-29 00:43 1339392 --a------ C:\WINDOWS\system32\nvdspsch.exe 2007-06-29 00:43 1142784 --a------ C:\WINDOWS\system32\nvmobls.dll 2007-06-29 00:43 1073152 --a------ C:\WINDOWS\system32\nvcpluir.dll 2007-06-29 00:43 1019904 --a------ C:\WINDOWS\system32\nvwimg.dll 2007-06-29 00:43 1018772 --a------ C:\WINDOWS\system32\nvucode.bin 2007-06-26 08:10 1104896 --a------ C:\WINDOWS\system32\msxml3.dll 2007-06-19 15:33 282112 --a------ C:\WINDOWS\system32\gdi32.dll 2007-06-13 15:24 1036800 --a------ C:\WINDOWS\explorer.exe ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{36A91CEC-6C71-4758-B492-397BFC8E96A2}] 2007-07-13 16:46 61440 --a------ C:\WINDOWS\system32\gzmrotate.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-06-29 00:43] "nwiz"="nwiz.exe" [2007-06-29 00:43 C:\WINDOWS\system32\nwiz.exe] "SigmatelSysTrayApp"="sttray.exe" [] "IntelAudioStudio"="C:\Program Files\Intel Audio Studio\IntelAudioStudio.exe" [2006-09-21 10:36] "Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-01-23 15:44 C:\WINDOWS\KHALMNPR.Exe] "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-06-29 00:43] "MessengerPlus3"="C:\Program Files\MessengerPlus! 3\MsgPlus.exe" [2007-08-05 22:53] "Itch ford four knob"="C:\Documents and Settings\All Users\Application Data\third lies itch ford\okay enc.exe" [2007-08-24 20:01] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00] "SDTray"="C:\Program Files\Spyware Doctor\SDTrayApp.exe" [2007-08-14 17:02] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 14:00] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-08-05 18:23] "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 18:24] "rdrrule"="C:\DOCUME~1\LOCALS~1\APPLIC~1\4METAP~1\Audio browse wipe.exe" [2007-08-05 22:53] "MessengerPlus3"="C:\Program Files\MessengerPlus! 3\MsgPlus.exe" [2007-08-05 22:53] "msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2006-01-24 20:28] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup" ************************************************************************** catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-08-24 20:01:19 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** Completion time: 2007-08-24 20:01:58 - machine was rebooted C:\ComboFix-quarantined-files.txt ... 2007-08-24 20:01 --- E O F --- Deljob Log: -------------------------------------------------------- File(s) moved to C:\deljob AECB1FB5918492B1.job -------------------------------------------------------- Files remaining after cleaning -------------------------------------------------------- App data folders Het volume in station C heeft geen naam. Het volumenummer is 5407-D9C7 Map van C:\Documents and Settings\Dennis\Application Data 15-09-2007 22:15 <DIR> . 15-09-2007 22:15 <DIR> .. 10-09-2007 17:11 <DIR> Adobe 15-09-2007 10:46 <DIR> AVG7 30-08-2007 14:34 <DIR> BSplayer 25-08-2007 19:20 <DIR> BSPLAY~1 BSplayer Pro 08-09-2007 21:17 <DIR> Corel 29-08-2007 14:05 <DIR> DivX 14-08-2007 20:30 <DIR> DOWNLO~1 Download Manager 22-08-2007 16:08 <DIR> Google 15-09-2007 22:18 <DIR> Hamachi 04-08-2007 15:03 <DIR> IDENTI~1 Identities 06-08-2007 11:58 <DIR> Ipswitch 19-08-2007 00:19 <DIR> LIMEWI~1 LimeWirePlus 04-08-2007 17:14 <DIR> Logitech 05-08-2007 18:16 <DIR> MACROM~1 Macromedia 25-08-2007 19:55 <DIR> MEDIAP~1 Media Player Classic 15-09-2007 19:48 <DIR> MICROS~1 Microsoft 13-09-2007 17:58 <DIR> Mozilla 22-08-2007 18:29 <DIR> NASA 24-08-2007 18:27 <DIR> PCTOOL~1 PC Tools 13-09-2007 18:15 <DIR> SECOND~1 SecondLife 04-08-2007 15:26 <DIR> SONICF~1 Sonic Focus 18-08-2007 23:50 <DIR> Sun 08-09-2007 21:36 <DIR> TEAMSP~1 teamspeak2 16-08-2007 16:36 <DIR> Ventrilo 13-09-2007 20:07 <DIR> Xfire 0 bestand(en) 0 bytes 27 map(pen) 258.817.806.336 bytes beschikbaar Het volume in station C heeft geen naam. Het volumenummer is 5407-D9C7 Map van C:\Documents and Settings\All Users\Application Data 15-09-2007 22:13 <DIR> . 15-09-2007 22:13 <DIR> .. 09-09-2007 00:13 <DIR> Adobe 09-09-2007 00:13 <DIR> ADOBES~1 Adobe Systems 15-09-2007 10:46 <DIR> avg7 26-08-2007 16:28 <DIR> Corel 21-08-2007 18:43 <DIR> DUMBBO~1 dumb bolt knob third 05-08-2007 18:23 <DIR> Google 14-09-2007 18:00 <DIR> GOOGLE~1 Google Updater 14-09-2007 18:22 <DIR> Grisoft 06-08-2007 11:58 <DIR> Ipswitch 04-08-2007 17:08 <DIR> Logitech 05-08-2007 22:56 <DIR> MESSEN~1 Messenger Plus! 15-09-2007 20:07 <DIR> MICROS~1 Microsoft 15-08-2007 23:07 <DIR> MICROS~2 Microsoft Help 07-09-2007 21:50 <DIR> TEMP 05-08-2007 11:34 <DIR> WINDOW~1 WindowsLiveInstaller 05-08-2007 11:33 <DIR> WLINST~1 WLInstaller 0 bestand(en) 0 bytes 18 map(pen) 258.817.806.336 bytes beschikbaar -------------------------------------------------------- Dit zijn de logjes. Groeten
  • Het gaat vast al beter Open Kladblok, kopiëer en plak het volgende (vetgedrukte, blauwe tekst) in een leeg venster: [list:a72ad23715][b:a72ad23715][color=blue:a72ad23715] File:: C:\WINDOWS\system32\gzmrotate.dll Registry:: [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{36A91CEC-6C71-4758-B492-397BFC8E96A2}] [/color:a72ad23715][/b:a72ad23715][/list:u:a72ad23715]Sla dit op op je Bureaublad als [b:a72ad23715]CFScript.txt[/b:a72ad23715] Sleep [b:a72ad23715]CFScript.txt[/b:a72ad23715] in [b:a72ad23715]ComboFix.exe[/b:a72ad23715] zoals getoond in onderstaand voorbeeld : [img:a72ad23715]http://img.photobucket.com/albums/v666/sUBs/CFScript.gif[/img:a72ad23715] Dit zal [b:a72ad23715]ComboFix[/b:a72ad23715] doen herstarten. Start opnieuw op als daarom gevraagd wordt, en post de inhoud van de [b:a72ad23715]Combofix.txt[/b:a72ad23715] in je volgende antwoord samen met een nieuw HijackThislogje.
  • Ok, het is gelukt hier is de nieuwe combofix log: ComboFix 07-09-14.2 - "Dennis" 2007-09-15 22:57:11.3 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1043.18.1435 [GMT 2:00] Command switches used :: C:\Documents and Settings\Dennis\Bureaublad\CFScript.txt * Created a new restore point FILE:: C:\WINDOWS\system32\gzmrotate.dll . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\system32\gzmrotate.dll . ((((((((((((((((((((((((( Files Created from 2007-08-15 to 2007-09-15 ))))))))))))))))))))))))))))))) . 2007-09-15 21:39 2,688 --a--c--- C:\WINDOWS\system32\dllcache\hidswvd.sys 2007-09-15 21:39 2,688 --a------ C:\WINDOWS\system32\drivers\HIDSwvd.sys 2007-09-15 21:38 59,136 --a--c--- C:\WINDOWS\system32\dllcache\gckernel.sys 2007-09-15 21:38 59,136 --a------ C:\WINDOWS\system32\drivers\GcKernel.sys 2007-09-15 20:00 <DIR> d-------- C:\DOCUME~1\NETWOR~1\APPLIC~1\4 meta pure 2007-09-15 19:39 <DIR> d-------- C:\Program Files\Microsoft Games 2007-09-15 17:06 <DIR> d-------- C:\Program Files\EasyPHP1-8 2007-09-15 17:00 <DIR> d-------- C:\Program Files\MySQL 2007-09-15 13:11 <DIR> d-------- C:\Usb Webserver 2007-09-15 12:54 361,542,494 --a------ C:\wow-2[1].0.12.6546-to-2.1.0.6692-engb-patch.exe 2007-09-15 12:37 <DIR> d-------- C:\Program Files\Common Files\Blizzard Entertainment 2007-09-15 11:45 <DIR> d-------- C:\Program Files\World of Warcraft Jester's Wow 2007-09-15 11:44 <DIR> d-------- C:\Program Files\Wow Patches 2007-09-14 22:23 18,944 --a------ C:\WINDOWS\eraser.exe 2007-09-14 22:23 <DIR> d-------- C:\Program Files\LeechFTP 2007-09-14 21:43 <DIR> d-------- C:\WINDOWS\pss 2007-09-14 16:46 <DIR> d-------- C:\deljob 2007-09-14 16:06 <DIR> d-------- C:\Program Files\4 meta pure 2007-09-13 19:50 <DIR> d-------- C:\Program Files\Picasa2 2007-09-13 18:04 34,438,929 --a------ C:\Second Life 1-18-1-2 Setup.exe 2007-09-13 17:58 <DIR> d-------- C:\Program Files\SecondLife 2007-09-13 17:58 <DIR> d-------- C:\DOCUME~1\Dennis\APPLIC~1\SecondLife 2007-09-13 17:57 32,528,273 --a------ C:\Second Life 1-18-0-6 Setup.exe 2007-09-13 15:51 <DIR> d-------- C:\Program Files\EPN 2007-09-13 15:02 <DIR> d-------- C:\temp 2007-09-13 15:02 <DIR> d-------- C:\malmberg 2007-09-09 00:13 <DIR> d-------- C:\Program Files\Common Files\Adobe Systems Shared 2007-09-09 00:13 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe Systems 2007-09-08 23:28 <DIR> d-------- C:\Program Files\BearShare Pro 2007-09-08 23:28 <DIR> d-------- C:\DOWNLOADS 2007-09-08 23:28 <DIR> d-------- C:\!Temp 2007-09-08 23:23 <DIR> d-------- C:\Program Files\nik 2007-09-08 23:19 <DIR> d-------- C:\photoshop 2007-09-08 16:02 86,016 --a------ C:\WINDOWS\system32\OpenAL32.dll 2007-09-08 16:02 262,144 --a------ C:\WINDOWS\system32\wrap_oal.dll 2007-09-08 16:01 5,632 --a------ C:\WINDOWS\system32\drivers\Entech64.sys 2007-09-08 16:01 3,972 --a------ C:\WINDOWS\system32\drivers\PciBus.sys 2007-09-08 16:01 21,664 --a------ C:\WINDOWS\system32\drivers\Entech.sys 2007-09-08 16:01 <DIR> d-------- C:\WINDOWS\system32\Futuremark 2007-09-08 15:59 <DIR> d-------- C:\Program Files\Futuremark 2007-09-04 17:46 <DIR> d-------- C:\Program Files\EPN werkboek-i 2007-09-01 23:55 25,544 --a------ C:\WINDOWS\system32\drivers\hamachi.sys 2007-09-01 23:55 <DIR> d-------- C:\Program Files\Hamachi 2007-09-01 23:55 <DIR> d-------- C:\DOCUME~1\Dennis\APPLIC~1\Hamachi 2007-08-29 21:21 695 --a------ C:\WINDOWS\eReg.dat 2007-08-27 16:16 <DIR> d-------- C:\Program Files\DAEMON Tools 2007-08-27 16:14 685,816 --a------ C:\WINDOWS\system32\drivers\sptd.sys 2007-08-27 16:02 <DIR> d-------- C:\Program Files\GameSpy Arcade 2007-08-27 16:02 <DIR> d-------- C:\Program Files\EA GAMES 2007-08-26 16:28 472,656 --a------ C:\DOCUME~1\ALLUSE~1\APPLIC~1\pswi_preloaded.exe 2007-08-26 16:28 <DIR> d-------- C:\DOCUME~1\Dennis\APPLIC~1\Corel 2007-08-26 16:28 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Corel 2007-08-26 16:27 88 -r-hs---- C:\WINDOWS\system32\F96B242822.sys 2007-08-26 16:27 2,672 --ahs---- C:\WINDOWS\system32\KGyGaAvL.sys 2007-08-26 16:27 <DIR> d-------- C:\Program Files\Corel 2007-08-26 16:15 <DIR> d-a------ C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP 2007-08-26 16:14 <DIR> d-------- C:\Program Files\Banner Maker Pro 6 2007-08-25 20:44 <DIR> d-------- C:\DOCUME~1\Dennis\APPLIC~1\DivX 2007-08-25 19:55 765,952 --a------ C:\WINDOWS\system32\xvidcore.dll 2007-08-25 19:55 180,224 --a------ C:\WINDOWS\system32\xvidvfw.dll 2007-08-25 19:55 10,752 --a------ C:\WINDOWS\system32\ff_vfw.dll 2007-08-25 19:55 1,565,480 --a------ C:\WINDOWS\system32\wmv9vcm.dll 2007-08-25 19:55 <DIR> d-------- C:\Program Files\K-Lite Codec Pack 2007-08-25 19:55 <DIR> d-------- C:\DOCUME~1\Dennis\APPLIC~1\Media Player Classic 2007-08-25 19:29 356,352 --a------ C:\WINDOWS\eSellerateEngine.dll 2007-08-25 19:28 258,352 --a------ C:\WINDOWS\system32\Unicows.dll 2007-08-25 19:28 <DIR> d-------- C:\Program Files\Deskshare 2007-08-25 19:28 <DIR> d-------- C:\Program Files\Common Files\DeskShare Shared 2007-08-25 19:25 <DIR> d-------- C:\Program Files\All Video Converter 2007-08-25 19:20 <DIR> d-------- C:\Program Files\Webteh 2007-08-25 19:20 <DIR> d-------- C:\Program Files\AdVantage 2007-08-25 19:20 <DIR> d-------- C:\DOCUME~1\Dennis\APPLIC~1\BSplayer Pro 2007-08-25 19:20 <DIR> d-------- C:\DOCUME~1\Dennis\APPLIC~1\BSplayer 2007-08-24 20:04 <DIR> d-------- C:\DOCUME~1\Dennis\DoctorWeb 2007-08-24 19:58 51,200 --a------ C:\WINDOWS\nircmd.exe 2007-08-24 18:28 <DIR> d-------- C:\DOCUME~1\LOCALS~1\APPLIC~1\4 meta pure 2007-08-24 18:27 82,248 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys 2007-08-24 18:27 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll 2007-08-24 18:27 57,672 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys 2007-08-24 18:27 40,264 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys 2007-08-24 18:27 29,000 --a------ C:\WINDOWS\system32\drivers\kcom.sys 2007-08-24 18:27 <DIR> d-------- C:\Program Files\Spyware Doctor 2007-08-24 18:27 <DIR> d-------- C:\DOCUME~1\Dennis\APPLIC~1\PC Tools 2007-08-24 17:26 <DIR> d-------- C:\Program Files\Trend Micro 2007-08-23 17:41 33,511 --a------ C:\WINDOWS\system32\ninjaext-uninstall.exe 2007-08-22 18:29 <DIR> d-------- C:\DOCUME~1\Dennis\APPLIC~1\NASA 2007-08-22 18:28 <DIR> d-------- C:\Program Files\NASA 2007-08-22 18:27 <DIR> d-------- C:\WINDOWS\system32\URTTemp 2007-08-20 19:58 75,264 --a------ C:\WINDOWS\system32\ninjaext.dll 2007-08-19 00:10 <DIR> d--hs---- C:\Program Files\outlook 2007-08-18 23:54 40,315 --a------ C:\WINDOWS\system32\gzmrot-uninst.exe 2007-08-18 23:53 55,542 --a------ C:\WINDOWS\system32\adssite-remove.exe 2007-08-18 23:50 <DIR> d-------- C:\DOCUME~1\Dennis\Incomplete 2007-08-18 23:50 <DIR> d-------- C:\DOCUME~1\Dennis\APPLIC~1\LimeWirePlus 2007-08-18 23:41 <DIR> d-------- C:\Program Files\LimeWire Plus 2007-08-16 16:35 <DIR> d-------- C:\Program Files\Ventrilo 2007-08-16 16:35 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard 2007-08-16 16:35 <DIR> d-------- C:\DOCUME~1\Dennis\APPLIC~1\Ventrilo . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2007-09-15 22:30 22328 --a------ C:\WINDOWS\system32\drivers\PnkBstrK.sys 2007-09-15 22:30 103736 --a------ C:\WINDOWS\system32\PnkBstrB.exe 2007-09-15 20:07 --------- d--h----- C:\Program Files\InstallShield Installation Information 2007-09-14 18:00 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google Updater 2007-09-14 16:02 --------- d-------- C:\Program Files\MSN Messenger 2007-09-13 20:07 --------- d-------- C:\DOCUME~1\Dennis\APPLIC~1\Xfire 2007-09-11 15:00 --------- d---s---- C:\Program Files\Xfire 2007-09-08 21:36 --------- d-------- C:\DOCUME~1\Dennis\APPLIC~1\teamspeak2 2007-09-07 17:44 --------- d-------- C:\Program Files\Rcon4Cod2 2007-08-31 22:18 --------- d-------- C:\Program Files\mIRC 2007-08-29 16:09 --------- d-------- C:\Program Files\Common Files\InstallShield 2007-08-27 16:12 28400 --a------ C:\WINDOWS\system32\drivers\secdrv.sys 2007-08-25 20:43 --------- d-------- C:\Program Files\DivX 2007-08-24 19:24 --------- d-------- C:\Program Files\Adverts 2007-08-22 16:08 --------- d-------- C:\Program Files\Google 2007-08-22 16:08 --------- d-------- C:\DOCUME~1\Dennis\APPLIC~1\Google 2007-08-21 18:43 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\dumb bolt knob third 2007-08-15 23:07 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft Help 2007-08-14 20:30 --------- d-------- C:\DOCUME~1\Dennis\APPLIC~1\Download Manager 2007-08-12 22:38 --------- d-------- C:\Program Files\Rcon Unlimited 2007-08-12 22:37 286720 --a------ C:\WINDOWS\iun506.exe 2007-08-12 17:21 73216 --a------ C:\WINDOWS\ST6UNST.EXE 2007-08-12 17:21 286720 --------- C:\WINDOWS\Setup1.exe 2007-08-12 14:29 --------- d-------- C:\Program Files\FileZilla 2007-08-10 21:15 --------- d-------- C:\Program Files\VALVe 2007-08-09 18:47 --------- d-------- C:\Program Files\MSBuild 2007-08-09 18:47 --------- d-------- C:\Program Files\Microsoft Works 2007-08-09 15:07 --------- d-------- C:\DOCUME~1\NETWOR~1\APPLIC~1\Xfire 2007-08-07 11:52 --------- d-------- C:\DOCUME~1\LOCALS~1\APPLIC~1\Xfire 2007-08-06 11:58 --------- d-------- C:\Program Files\Ipswitch 2007-08-06 11:58 --------- d-------- C:\DOCUME~1\Dennis\APPLIC~1\Ipswitch 2007-08-06 11:58 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Ipswitch 2007-08-05 23:22 --------- d-------- C:\Program Files\Teamspeak2_RC2 2007-08-05 22:56 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Messenger Plus! 2007-08-05 22:53 --------- d-------- C:\Program Files\MessengerPlus! 3 2007-08-05 18:23 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google 2007-08-05 18:11 --------- d-------- C:\Program Files\Gpotato 2007-08-05 13:11 --------- d-------- C:\Program Files\CoD RconTool 2007-08-05 11:34 --------- d-------- C:\Program Files\Windows Live 2007-08-05 11:34 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\WindowsLiveInstaller 2007-08-05 11:33 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\WLInstaller 2007-08-04 17:14 --------- d-------- C:\DOCUME~1\Dennis\APPLIC~1\Logitech 2007-08-04 17:09 127034 -r------- C:\WINDOWS\bwUnin-8.1.1.50-8876480SL.exe 2007-08-04 17:09 0 --ah----- C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf 2007-08-04 17:09 0 --ah----- C:\WINDOWS\system32\drivers\Msft_Kernel_LMouFilt_01005.Wdf 2007-08-04 17:09 --------- d-------- C:\Program Files\Logitech 2007-08-04 17:09 --------- d-------- C:\Program Files\Common Files\Logitech 2007-08-04 17:08 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Logitech 2007-08-04 16:59 66872 --a------ C:\WINDOWS\system32\PnkBstrA.exe 2007-08-04 16:10 --------- d-------- C:\Program Files\Activision 2007-08-04 15:26 --------- d-------- C:\DOCUME~1\Dennis\APPLIC~1\Sonic Focus 2007-08-04 15:21 --------- d-------- C:\Program Files\Intel Audio Studio 2007-08-04 15:20 --------- d-------- C:\Program Files\SigmaTel 2007-08-04 15:05 --------- d-------- C:\Program Files\MSXML 4.0 2007-08-04 15:00 --------- d-------- C:\Program Files\microsoft frontpage 2007-07-30 19:19 92504 --a------ C:\WINDOWS\system32\cdm.dll 2007-07-30 19:19 549720 --a------ C:\WINDOWS\system32\wuapi.dll 2007-07-30 19:19 53080 --a------ C:\WINDOWS\system32\wuauclt.exe 2007-07-30 19:19 43352 --a------ C:\WINDOWS\system32\wups2.dll 2007-07-30 19:19 325976 --a------ C:\WINDOWS\system32\wucltui.dll 2007-07-30 19:19 271224 --a------ C:\WINDOWS\system32\mucltui.dll 2007-07-30 19:19 207736 --a------ C:\WINDOWS\system32\muweb.dll 2007-07-30 19:19 203096 --a------ C:\WINDOWS\system32\wuweb.dll 2007-07-30 19:19 1712984 --a------ C:\WINDOWS\system32\wuaueng.dll 2007-07-30 19:18 33624 --a------ C:\WINDOWS\system32\wups.dll 2007-07-26 05:06 144704 --a------ C:\WINDOWS\system32\DivXCodecVersionChecker.exe 2007-07-26 04:53 9464 --------- C:\WINDOWS\system32\drivers\cdralw2k.sys 2007-07-26 04:53 9336 --------- C:\WINDOWS\system32\drivers\cdr4_xp.sys 2007-07-26 04:53 524288 --a------ C:\WINDOWS\system32\DivXsm.exe 2007-07-26 04:53 43528 --------- C:\WINDOWS\system32\drivers\PxHelp20.sys 2007-07-26 04:53 3596288 --a------ C:\WINDOWS\system32\qt-dx331.dll 2007-07-26 04:53 200704 --a------ C:\WINDOWS\system32\ssldivx.dll 2007-07-26 04:53 129784 --------- C:\WINDOWS\system32\pxafs.dll 2007-07-26 04:53 120056 --------- C:\WINDOWS\system32\pxcpyi64.exe 2007-07-26 04:53 118520 --------- C:\WINDOWS\system32\pxinsi64.exe 2007-07-26 04:53 1044480 --a------ C:\WINDOWS\system32\libdivx.dll 2007-07-26 04:50 823296 --a------ C:\WINDOWS\system32\divx_xx0c.dll 2007-07-26 04:50 823296 --a------ C:\WINDOWS\system32\divx_xx07.dll 2007-07-26 04:50 81920 --a------ C:\WINDOWS\system32\dpl100.dll 2007-07-26 04:50 802816 --a------ C:\WINDOWS\system32\divx_xx11.dll 2007-07-26 04:50 740442 --a------ C:\WINDOWS\system32\DivX.dll 2007-07-26 04:50 593920 --a------ C:\WINDOWS\system32\dpuGUI11.dll 2007-07-26 04:50 57344 --a------ C:\WINDOWS\system32\dpv11.dll 2007-07-26 04:50 53248 --a------ C:\WINDOWS\system32\dpuGUI10.dll 2007-07-26 04:50 344064 --a------ C:\WINDOWS\system32\dpus11.dll 2007-07-26 04:50 294912 --a------ C:\WINDOWS\system32\dpu11.dll 2007-07-26 04:50 294912 --a------ C:\WINDOWS\system32\dpu10.dll 2007-07-26 04:50 196608 --a------ C:\WINDOWS\system32\dtu100.dll 2007-07-26 04:49 12288 --a------ C:\WINDOWS\system32\DivXWMPExtType.dll 2007-06-29 00:43 8466432 --a------ C:\WINDOWS\system32\nvcpl.dll 2007-06-29 00:43 81920 --a------ C:\WINDOWS\system32\nvwddi.dll 2007-06-29 00:43 81920 --a------ C:\WINDOWS\system32\nvmctray.dll 2007-06-29 00:43 753664 --a------ C:\WINDOWS\system32\nvcplui.exe 2007-06-29 00:43 6729728 --a------ C:\WINDOWS\system32\nvoglnt.dll 2007-06-29 00:43 6234112 --a------ C:\WINDOWS\system32\nvdisps.dll 2007-06-29 00:43 5690624 --a------ C:\WINDOWS\system32\nv4_disp.dll 2007-06-29 00:43 5455872 --a------ C:\WINDOWS\system32\nvdispsr.dll 2007-06-29 00:43 466944 --a------ C:\WINDOWS\system32\nvshell.dll 2007-06-29 00:43 458752 --a------ C:\WINDOWS\system32\nvmccssr.dll 2007-06-29 00:43 45056 --a------ C:\WINDOWS\system32\nvmccsrs.dll . ((((((((((((((((((((((((((((( snapshot_2007-09-15_220034,17 ))))))))))))))))))))))))))))))))))))))))) . ----a-w 273,376 2007-09-15 20:06:42 C:\WINDOWS\system32\FNTCACHE.DAT . ----a-w 269,392 2007-09-09 14:50:19 C:\WINDOWS\system32\FNTCACHE.DAT . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-06-29 00:43] "nwiz"="nwiz.exe" [2007-06-29 00:43 C:\WINDOWS\system32\nwiz.exe] "SigmatelSysTrayApp"="sttray.exe" [] "IntelAudioStudio"="C:\Program Files\Intel Audio Studio\IntelAudioStudio.exe" [2006-09-21 10:36] "Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-01-23 15:44 C:\WINDOWS\KHALMNPR.Exe] "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-06-29 00:43] "MessengerPlus3"="C:\Program Files\MessengerPlus! 3\MsgPlus.exe" [2007-08-05 22:53] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00] "AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-09-14 18:22] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 14:00] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-08-05 18:23] "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 18:24] "MessengerPlus3"="C:\Program Files\MessengerPlus! 3\MsgPlus.exe" [2007-08-05 22:53] "DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2007-08-22 14:06] "Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2007-08-17 22:48] "msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 12:54] C:\DOCUME~1\ALLUSE~1\MENUST~1\PROGRA~1\OPSTAR~1\ Adobe Reader Snelle start.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe [2006-10-23 01:48:20] Adobe Reader Synchronizer.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2006-10-23 00:01:50] Google Updater.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2007-08-05 18:23:12] Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2007-08-04 17:13:03] Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2007-08-04 17:12:39] Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 10:01:04] C:\DOCUME~1\Dennis\MENUST~1\PROGRA~1\OPSTAR~1\ Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 19:16:50] hamachi.lnk - C:\Program Files\Hamachi\hamachi.exe [2007-09-01 23:55:18] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "WLSetupSvc"=3 (0x3) "usnjsvc"=3 (0x3) "sdCoreService"=3 (0x3) "sdAuxService"=3 (0x3) "ose"=3 (0x3) "odserv"=3 (0x3) "gusvc"=2 (0x2) "Adobe LM Service"=3 (0x3) S3 GcKernel;Microsoft SideWinder Value Add - Filterstuurprogramma;C:\WINDOWS\system32\DRIVERS\GcKernel.sys S3 HIDSwvd;Mini-stuurprogramma voor virtueel HID-apparaat van Microsoft SideWinder;C:\WINDOWS\system32\DRIVERS\HIDSwvd.sys . ************************************************************************** catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-09-15 22:59:38 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2007-09-15 23:00:09 - machine was rebooted C:\ComboFix-quarantined-files.txt ... 2007-09-15 23:00 C:\ComboFix2.txt ... 2007-09-15 22:00 C:\ComboFix3.txt ... 2007-08-24 20:01 . --- E O F ---
  • gaat vast al beter, toch?
  • Halo, Het gaat zeker beter! De pop ups zijn weg en alle andere nare dingen ook. Dank u wel voor uw snelle, duidelijke en goede hulp. Groeten.
  • Graag gedaan. :D

Beantwoord deze vraag

Weet jij het antwoord op deze vraag? Registreer of meld je aan met je account

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.