Vraag & Antwoord

Beveiliging & privacy

overal pop ups

8 antwoorden
  • hallo, ik krijg sinds dat ik mijn pc opnieuw heb geformateerd enorm veel pop ups als ik IE explorer of firefox open heb staan.. O.a. van powered by Zedo, www.mt50.nl/bladiebla en "aandacht uw systeem is niet beveiligd SchijfBewaker" dat ik hem moet scannen.. ik heb alle popup blockers geprobeert, en bijna alle spyware killers:S hieronder is een HJ log: Logfile of HijackThis v1.99.1 Scan saved at 22:29:45, on 19-2-2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16608) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\DU Meter\DUMeterSvc.exe C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe C:\Program Files\McAfee\MPF\MPFSrv.exe C:\Program Files\McAfee\MSK\MskSrver.exe C:\Program Files\Eset\nod32krn.exe C:\WINDOWS\system32\PnkBstrA.exe C:\Program Files\SiteAdvisor\6253\SAService.exe C:\WINDOWS\system32\wdfmgr.exe C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe C:\PROGRA~1\McAfee.com\Agent\mcagent.exe C:\WINDOWS\System32\alg.exe C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe C:\Program Files\SiteAdvisor\6253\SiteAdv.exe C:\Program Files\iTunes\iTunesHelper.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\ScreenPrint32 v3\ScreenPrint32.exe C:\WINDOWS\stsystra.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe C:\Program Files\DU Meter\DUMeter.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\iTunes\iTunes.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe C:\Program Files\Windows Live\Messenger\usnsvc.exe C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\distnoted.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceHelper.exe C:\Program Files\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.nl/ig/dell?hl=nl&client=dell-row&channel=nl&ibd=0061005 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll O2 - BHO: McAntiPhishingBHO - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - C:\Program Files\McAfee\MSK\mcapbho.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptsn.dll O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6253\SiteAdv.exe O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [ScreenPrint32] C:\Program Files\ScreenPrint32 v3\ScreenPrint32.exe -startup O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe O4 - HKLM\..\Run: [Hitman Pro Expiration Helper] "C:\Program Files\Hitman Pro\xphelper.exe" O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\RunOnce: [SpybotDeletingA9600] command /c del "C:\WINDOWS\system32\drivers\core.cache.dsk" O4 - HKLM\..\RunOnce: [SpybotDeletingC9094] cmd /c del "C:\WINDOWS\system32\drivers\core.cache.dsk" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [DU Meter] C:\Program Files\DU Meter\DUMeter.exe O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\RunOnce: [SpybotDeletingB9337] command /c del "C:\WINDOWS\system32\drivers\core.cache.dsk" O4 - HKCU\..\RunOnce: [SpybotDeletingD85] cmd /c del "C:\WINDOWS\system32\drivers\core.cache.dsk" O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll O11 - Options group: [INTERNATIONAL] International* O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1201637943674 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1201638211375 O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://cache.hyves-static.net/statics/Aurigma/ImageUploader4.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL O18 - Protocol: siteadvisor - {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: DU Meter Service (DUMeterSvc) - Hagel Technologies Ltd - C:\Program Files\DU Meter\DUMeterSvc.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6253\SAService.exe O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe alvast bedankt.. :)
  • Momentje aub
  • Download [url=http://download.bleepingcomputer.com/sUBs/ComboFix.exe][b:f57d39f3c6]Combofix[/b:f57d39f3c6][/url] naar je Bureaublad. Indien je Combofix al eerder hebt gebruikt, gelieve die versie te verwijderen en Combofix opnieuw te downloaden via bovenstaande link, want Combofix wordt dagelijks geupdate. OPMERKING: indien je, tijdens of na het downloaden van Combofix of tijdens het gebruik van Combofix een melding krijgt van je Antivirus- of een andere realtime scanner, schakel dan deze scanner uit en [b:f57d39f3c6]download Combofix opnieuw[/b:f57d39f3c6]. Sommige scanners zien bepaalde componenten die Combofix gebruikt als verdacht en gaan deze blokkeren of verwijderen![list:f57d39f3c6] Dubbelklik op [b:f57d39f3c6]Combofix.exe[/b:f57d39f3c6] Volg de instructies, aanvaard de disclaimer door [b:f57d39f3c6]Yes[/b:f57d39f3c6] te klikken. Tijdens het runnen van de fix, [b:f57d39f3c6]NIET[/b:f57d39f3c6] in het venster klikken, want dit zal je pc doen vasthangen.[/list:u:f57d39f3c6] Wanneer de fix voltooid is en na herstart, zal de log [b:f57d39f3c6]combofix.txt[/b:f57d39f3c6] openen. [i:f57d39f3c6]Plaats dit log in je volgende post samen met een nieuw HijackThis log.[/i:f57d39f3c6]
  • sorry dat ik zo laat reageerde, het probleem leek namelijk verholpen te zijn maar nu is het er harder dan ooit... hier is het combofix-log: ComboFix 08-03-08.1 - Danny Moerman 2008-03-09 3:56:40.3 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1043.18.301 [GMT 1:00] Gestart vanuit: C:\Documents and Settings\Danny Moerman\Local Settings\Temporary Internet Files\Content.IE5\KLLHROXZ\ComboFix[1].exe * Nieuw herstelpunt werd aangemaakt [color=red:deac48825a][b:deac48825a]WAARSCHUWING - DE RECOVERY CONSOLE IS NIET OP DIT SYSTEEM GEINSTALLEERD !![/b:deac48825a][/color:deac48825a] . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\temp\tn3 C:\WINDOWS\system32\drivers\core.cache.dsk . . . . konden niet verwijderd worden . (((((((((((((((((((( Bestanden Gemaakt van 2008-02-09 to 2008-03-09 )))))))))))))))))))))))))))))) . 2008-03-09 04:03 . 2008-03-09 04:03 <DIR> d-------- C:\TEMP\tn3 2008-03-08 17:09 . 2008-03-08 17:09 <DIR> d-------- C:\WINDOWS\LastGood.Tmp 2008-03-04 10:56 . 2008-03-04 10:56 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Adobe Systems 2008-03-04 10:52 . 2008-03-04 10:52 <DIR> d-------- C:\Program Files\Common Files\Adobe Systems Shared 2008-02-28 16:28 . 2008-02-28 16:28 <DIR> d-------- C:\Program Files\Common Files\Macrovision Shared 2008-02-26 12:06 . 2008-02-26 12:06 <DIR> d-------- C:\Program Files\iPod 2008-02-20 12:03 . 2008-02-20 12:03 <DIR> d-------- C:\WINDOWS\system32\vmm32 2008-02-20 01:27 . 2008-02-20 01:57 <DIR> d-------- C:\Program Files\SpywareBlaster 2008-02-20 00:27 . 2008-03-09 04:02 932 --a------ C:\WINDOWS\system32\drivers\core.cache.dsk 2008-02-19 23:54 . 2008-02-19 23:54 <DIR> d-------- C:\kav 2008-02-19 22:49 . 2004-09-14 08:45 <DIR> d--h----- C:\Documents and Settings\Administrator\Sjablonen 2008-02-19 22:49 . 2008-02-19 22:53 <DIR> dr-h----- C:\Documents and Settings\Administrator\Onlangs geopend 2008-02-19 22:49 . 2004-09-14 08:45 <DIR> d--h----- C:\Documents and Settings\Administrator\Netwerkprinteromgeving 2008-02-19 22:49 . 2006-10-05 09:22 <DIR> dr------- C:\Documents and Settings\Administrator\Mijn documenten 2008-02-19 22:49 . 2004-09-14 08:45 <DIR> dr------- C:\Documents and Settings\Administrator\Menu Start 2008-02-19 22:49 . 2004-09-14 08:56 <DIR> dr------- C:\Documents and Settings\Administrator\Favorieten 2008-02-19 22:49 . 2004-09-14 08:45 <DIR> d-------- C:\Documents and Settings\Administrator\Bureaublad 2008-02-19 22:49 . 2006-10-05 09:21 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Symantec 2008-02-19 22:49 . 2006-10-05 09:23 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Corel 2008-02-19 22:49 . 2008-01-29 19:55 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\ATI 2008-02-19 10:22 . 2008-02-19 10:22 <DIR> d-------- C:\Documents and Settings\Danny Moerman\Application Data\AdobeUM 2008-02-19 00:36 . 2008-02-19 00:45 <DIR> d-------- C:\Program Files\XoftSpySE 2008-02-18 21:59 . 2008-02-18 21:59 0 --ah----- C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf 2008-02-18 21:59 . 2008-02-18 21:59 0 --ah----- C:\WINDOWS\system32\drivers\Msft_Kernel_ggsemc_01005.Wdf 2008-02-18 08:05 . 2008-02-18 08:05 <DIR> d-------- C:\Program Files\Belastingdienst 2008-02-18 08:00 . 2008-02-18 08:00 164 --a------ C:\install.dat 2008-02-18 07:59 . 2005-08-25 18:19 115,920 --a------ C:\WINDOWS\system32\MSINET.OCX 2008-02-18 07:53 . 2008-02-20 00:05 <DIR> d-------- C:\Program Files\ESET 2008-02-18 07:52 . 2008-02-18 07:52 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Prevx 2008-02-18 07:46 . 2008-02-18 07:46 <DIR> d-------- C:\WINDOWS\system32\GroupPolicy 2008-02-18 07:46 . 2008-02-20 03:13 <DIR> d-------- C:\Program Files\Hitman Pro 2008-02-17 15:30 . 2008-02-17 15:30 <DIR> d-------- C:\Program Files\VSO 2008-02-17 15:30 . 2008-02-17 15:33 <DIR> d-------- C:\Documents and Settings\Danny Moerman\Application Data\Vso 2008-02-17 15:26 . 2008-02-17 15:26 <DIR> d-------- C:\WINDOWS\Downloaded Installations 2008-02-14 14:58 . 2008-02-14 14:58 268 --ah----- C:\sqmdata01.sqm 2008-02-14 14:58 . 2008-02-14 14:58 244 --ah----- C:\sqmnoopt01.sqm 2008-02-14 12:55 . 2008-02-14 12:55 268 --ah----- C:\sqmdata00.sqm 2008-02-14 12:55 . 2008-02-14 12:55 244 --ah----- C:\sqmnoopt00.sqm . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-03-09 03:01 --------- d-----w C:\Documents and Settings\Danny Moerman\Application Data\uTorrent 2008-03-08 16:09 --------- d-----w C:\Program Files\McAfee 2008-03-05 12:34 --------- d-----w C:\Documents and Settings\Danny Moerman\Application Data\SiteAdvisor 2008-03-04 09:59 --------- d-----w C:\Program Files\Common Files\Adobe 2008-02-29 15:29 --------- d-----w C:\Program Files\Steam 2008-02-26 11:06 --------- d-----w C:\Program Files\iTunes 2008-02-26 11:05 --------- d-----w C:\Program Files\QuickTime 2008-02-21 12:49 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP 2008-02-20 01:28 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2008-02-19 00:55 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help 2008-02-18 07:00 --------- d-----w C:\Program Files\Lavasoft 2008-02-17 23:58 --------- d-----w C:\Program Files\Sotfone 2008-02-08 12:15 --------- d-----w C:\Program Files\Avanquest update 2008-02-06 08:40 73,216 ----a-w C:\WINDOWS\ST6UNST.EXE 2008-02-06 08:40 249,856 ------w C:\WINDOWS\Setup1.exe 2008-02-06 08:37 --------- d-----w C:\Documents and Settings\All Users\Application Data\McAfee 2008-02-05 16:05 --------- d-----w C:\Documents and Settings\Danny Moerman\Application Data\McAfee 2008-02-04 23:42 --------- d-----w C:\Program Files\Java 2008-02-01 13:13 --------- d-----w C:\Program Files\Panicware 2008-02-01 04:17 --------- d-----w C:\Documents and Settings\LocalService\Application Data\McAfee 2008-01-31 22:29 --------- d-----w C:\Documents and Settings\Danny Moerman\Application Data\Media Player Classic 2008-01-31 21:51 --------- d-----w C:\Program Files\Dell 2008-01-31 21:25 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-01-31 21:14 --------- d-----w C:\Program Files\K-Lite Codec Pack 2008-01-31 20:38 --------- d-----w C:\Documents and Settings\Danny Moerman\Application Data\Apple Computer 2008-01-31 15:49 --------- d-----w C:\Program Files\Activision 2008-01-31 13:54 --------- d-----w C:\Program Files\Google 2008-01-31 12:49 --------- d-----w C:\Program Files\Spybot - Search & Destroy 2008-01-30 23:42 --------- d-----w C:\Program Files\SiteAdvisor 2008-01-30 15:52 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft 2008-01-30 15:51 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard 2008-01-30 15:35 --------- d-----w C:\Documents and Settings\Danny Moerman\Application Data\Lavasoft 2008-01-30 15:29 --------- d-----w C:\Program Files\Bonjour 2008-01-30 14:27 --------- d-----w C:\Program Files\Audio Phonics, Inc 2008-01-30 14:21 --------- d-----w C:\Program Files\DU Meter 2008-01-30 14:21 --------- d-----w C:\Documents and Settings\All Users\Application Data\Hagel Technologies 2008-01-30 14:20 86,144 ----a-w C:\WINDOWS\system32\drivers\s117crr.sys 2008-01-30 14:18 --------- d-----w C:\Program Files\Webteh 2008-01-30 14:16 --------- d-----w C:\Program Files\ScreenPrint32 v3 2008-01-30 14:08 20,520 ----a-w C:\WINDOWS\system32\drivers\ggsemc.sys 2008-01-30 14:08 13,352 ----a-w C:\WINDOWS\system32\drivers\ggflt.sys 2008-01-30 14:06 --------- d-----w C:\Program Files\Sony Ericsson 2008-01-30 13:12 --------- d-----w C:\Program Files\Total Video Converter 2008-01-30 13:07 --------- d-----w C:\Documents and Settings\All Users\Application Data\BVRP Software 2008-01-30 12:59 --------- d-----w C:\Documents and Settings\Danny Moerman\Application Data\InstallShield 2008-01-30 12:59 --------- d-----w C:\Documents and Settings\All Users\Application Data\Sony Ericsson 2008-01-29 22:35 --------- d-----w C:\Program Files\Apple Software Update 2008-01-29 22:35 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer 2008-01-29 22:34 --------- d-----w C:\Program Files\Common Files\Apple 2008-01-29 22:34 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple 2008-01-29 22:24 --------- d-----w C:\Program Files\GameSpy 2008-01-29 22:23 22,328 ----a-w C:\Documents and Settings\Danny Moerman\Application Data\PnkBstrK.sys 2008-01-29 22:14 --------- d-----w C:\Program Files\Electronic Arts 2008-01-29 22:12 --------- d-----w C:\Program Files\DAEMON Tools Lite 2008-01-29 22:12 --------- d-----w C:\Documents and Settings\Danny Moerman\Application Data\DAEMON Tools 2008-01-29 22:07 --------- d-----w C:\Program Files\McAfee.com 2008-01-29 22:07 --------- d-----w C:\Documents and Settings\All Users\Application Data\McAfee.com 2008-01-29 22:05 --------- d-----w C:\Documents and Settings\LocalService\Application Data\SiteAdvisor 2008-01-29 22:05 --------- d-----w C:\Documents and Settings\All Users\Application Data\SiteAdvisor 2008-01-29 22:04 --------- d-----w C:\Program Files\Common Files\McAfee 2008-01-29 21:42 --------- d-----w C:\Program Files\MSBuild 2008-01-29 21:42 --------- d-----w C:\Program Files\Microsoft Works 2008-01-29 21:38 --------- d-----w C:\Program Files\Microsoft.NET 2008-01-29 21:33 --------- d-----w C:\Program Files\Microsoft Visual Studio 8 2008-01-29 21:16 --------- d-----w C:\Program Files\Windows Live 2008-01-29 21:15 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller 2008-01-29 21:15 --------- d-----w C:\Program Files\uTorrent 2008-01-29 21:11 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller 2008-01-29 21:10 716,272 ----a-w C:\WINDOWS\system32\drivers\sptd.sys 2008-01-29 20:51 --------- d-----w C:\Program Files\Microsoft CAPICOM 2.1.0.2 2008-01-29 20:42 --------- d-----w C:\Program Files\Common Files\Symantec Shared 2008-01-29 20:34 --------- d-----w C:\Program Files\Roxio 2008-01-29 20:30 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec 2008-01-29 20:25 --------- d-----w C:\Program Files\Corel 2008-01-29 18:56 --------- d-----w C:\Program Files\ATI Technologies 2008-01-29 18:55 --------- d-----w C:\Documents and Settings\Danny Moerman\Application Data\ATI 2008-01-29 18:45 --------- d-----w C:\Program Files\SecureW2 . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 12:00 15360] "MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184] "DU Meter"="C:\Program Files\DU Meter\DUMeter.exe" [2008-01-30 15:22 2582288] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-02-04 15:44 68856] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496] "IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2006-07-06 07:15 151552] "ISUSPM Startup"="c:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 10:44 249856] "ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 10:44 81920] "mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [2007-08-03 22:33 582992] "SiteAdvisor"="C:\Program Files\SiteAdvisor\6253\SiteAdv.exe" [2007-08-24 22:57 36640] "BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 12:00 110592 C:\WINDOWS\system32\bthprops.cpl] "ScreenPrint32"="C:\Program Files\ScreenPrint32 v3\ScreenPrint32.exe" [2003-05-15 20:36 446464] "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-01-31 23:13 385024] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-02-19 13:10 267048] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 12:00 15360] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite] --a------ 2008-01-17 17:51 486856 C:\Program Files\DAEMON Tools Lite\daemon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor] --a------ 2007-08-24 07:00 33648 C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Hitman Pro Expiration Helper] --a------ 2007-01-30 14:41 596760 C:\Program Files\Hitman Pro\xphelper.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] --a------ 2008-02-19 13:10 267048 C:\Program Files\iTunes\iTunesHelper.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PopStop] C:\Program Files\PopStop\popstop.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] --a------ 2008-01-31 23:13 385024 C:\Program Files\QuickTime\QTTask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SigmatelSysTrayApp] --a------ 2006-03-20 16:00 282624 C:\WINDOWS\stsystra.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite] --------- 2007-10-18 15:42 360448 C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer] -rahs---- 2008-01-28 11:43 2097488 C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC] --a------ 2006-11-10 12:35 90112 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "usnjsvc"=3 (0x3) "PnkBstrA"=2 (0x2) "NOD32krn"=2 (0x2) [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "C:\\Program Files\\iTunes\\iTunes.exe"= "C:\\Program Files\\uTorrent\\uTorrent.exe"= R1 s117crr;s117crr;C:\WINDOWS\system32\drivers\s117crr.sys [2008-01-30 15:20] R2 DUMeterSvc;DU Meter Service;C:\Program Files\DU Meter\DUMeterSvc.exe [2008-01-30 15:22] S2 0206261204992550mcinstcleanup;McAfee Application Installer Cleanup (0206261204992550);C:\WINDOWS\TEMP\[u:deac48825a]0[/u:deac48825a]20626~1.EXE C:\PROGRA~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini [] S3 ggflt;SEMC USB Flash Driver Filter;C:\WINDOWS\system32\DRIVERS\ggflt.sys [2008-01-30 15:08] *Newly Created Service* - 0206261204992550MCINSTCLEANUP . Inhoud van de 'Gedeelde Taken' map "2008-01-29 22:03:52 C:\WINDOWS\Tasks\McDefragTask.job" - c:\PROGRA~1\mcafee\mqc\QcConsol.exe' "2008-03-01 00:00:11 C:\WINDOWS\Tasks\McQcTask.job" - c:\PROGRA~1\mcafee\mqc\QcConsol.exe . ************************************************************************** catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-03-09 04:03:15 Windows 5.1.2600 Service Pack 2 NTFS scannen van verborgen processen ... scannen van verborgen autostart items ... scannen van verborgen bestanden ... Scan succesvol afgerond verborgen bestanden: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\DUMeterSvc] "ImagePath"="C:\Program Files\DU Meter\DUMeterSvc.exe /startedbyscm:E1F6D4BE-40E33354-DUMeterService" . ------------------------ Other Running Processes ------------------------ . C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\Ati2evxx.exe C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe C:\Program Files\McAfee\MPF\MPFSrv.exe C:\Program Files\McAfee\MSK\MskSrver.exe C:\Program Files\SiteAdvisor\6253\SAService.exe C:\WINDOWS\system32\wdfmgr.exe C:\Program Files\iPod\bin\iPodService.exe C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe . ************************************************************************** . Voltooingstijd: 2008-03-09 4:06:52 - machine was rebooted ComboFix-quarantined-files.txt 2008-03-09 03:06:49 ComboFix2.txt 2008-02-20 00:14:33 ComboFix3.txt 2008-02-17 23:13:38 . 2008-02-20 09:19:46 --- E O F --- en het HJ Log: Logfile of HijackThis v1.99.1 Scan saved at 4:12:40, on 9-3-2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16608) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe C:\Program Files\McAfee.com\Agent\mcagent.exe C:\Program Files\SiteAdvisor\6253\SiteAdv.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\ScreenPrint32 v3\ScreenPrint32.exe C:\Program Files\iTunes\iTunesHelper.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe C:\Program Files\DU Meter\DUMeter.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\DU Meter\DUMeterSvc.exe C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe C:\Program Files\McAfee\MPF\MPFSrv.exe C:\Program Files\McAfee\MSK\MskSrver.exe C:\Program Files\SiteAdvisor\6253\SAService.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\explorer.exe c:\program files\common files\installshield\updateservice\isuspm.exe C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe C:\WINDOWS\system32\notepad.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe C:\Program Files\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.nl/ig/dell?hl=nl&client=dell-row&channel=nl&ibd=0061005 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll O2 - BHO: McAntiPhishingBHO - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - C:\Program Files\McAfee\MSK\mcapbho.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptsn.dll O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe O4 - HKLM\..\Run: [ISUSPM Startup] "c:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6253\SiteAdv.exe O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [ScreenPrint32] C:\Program Files\ScreenPrint32 v3\ScreenPrint32.exe -startup O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [DU Meter] C:\Program Files\DU Meter\DUMeter.exe O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file) O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll O11 - Options group: [INTERNATIONAL] International* O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1201637943674 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1201638211375 O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://cache.hyves-static.net/statics/Aurigma/ImageUploader4.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL O18 - Protocol: siteadvisor - {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL O23 - Service: McAfee Application Installer Cleanup (0206261204992550) (0206261204992550mcinstcleanup) - Unknown owner - C:\WINDOWS\TEMP\020626~1.EXE (file missing) O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: DU Meter Service (DUMeterSvc) - Hagel Technologies Ltd - C:\Program Files\DU Meter\DUMeterSvc.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6253\SAService.exe ik hoop dat je er iets mee kan..! Alvast bedankt
  • Open Kladblok, kopieer en plak het volgende ( tekst) in een leeg venster: [list:5486737537][b:5486737537] File:: C:\WINDOWS\system32\drivers\s117crr.sys C:\WINDOWS\system32\drivers\core.cache.dsk C:\TEMP\tn3 Driver:: s117crr [/b:5486737537] [/list:u:5486737537]Sla dit op op je Bureaublad als [b:5486737537]CFScript.txt[/b:5486737537]. Sleep [b:5486737537]CFScript.txt[/b:5486737537] in [b:5486737537]ComboFix.exe[/b:5486737537] zoals getoond in onderstaand voorbeeld : [img:5486737537]http://users.pandora.be/bluepatchy/miekiemoes/images/CFScript.gif[/img:5486737537] Dit zal [b:5486737537]ComboFix[/b:5486737537] doen herstarten. Na het herstarten van je computer, (indien het vraagt om te herstarten), kopieer en plak de inhoud van [b:5486737537]Combofix.txt[/b:5486737537] in je volgende antwoord.
  • het heette wel gewoon log en niet combofix.txt.. ComboFix 08-03-09.1 - Danny Moerman 2008-03-09 22:29:50.4 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1043.18.523 [GMT 1:00] Gestart vanuit: C:\Documents and Settings\Danny Moerman\Bureaublad\ComboFix.exe Command switches used :: C:\Documents and Settings\Danny Moerman\Bureaublad\CFScript.txt.txt * Nieuw herstelpunt werd aangemaakt [color=red:a5c15c71a0][b:a5c15c71a0]WAARSCHUWING - DE RECOVERY CONSOLE IS NIET OP DIT SYSTEEM GEINSTALLEERD !![/b:a5c15c71a0][/color:a5c15c71a0] FILE :: C:\TEMP\tn3 C:\WINDOWS\system32\drivers\core.cache.dsk C:\WINDOWS\system32\drivers\s117crr.sys . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\temp\tn3 C:\WINDOWS\system32\drivers\core.cache.dsk C:\WINDOWS\system32\drivers\s117crr.sys . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\LEGACY_S117CRR -------\s117crr (((((((((((((((((((( Bestanden Gemaakt van 2008-02-09 to 2008-03-09 )))))))))))))))))))))))))))))) . 2008-03-04 10:56 . 2008-03-04 10:56 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Adobe Systems 2008-03-04 10:52 . 2008-03-04 10:52 <DIR> d-------- C:\Program Files\Common Files\Adobe Systems Shared 2008-02-28 16:28 . 2008-02-28 16:28 <DIR> d-------- C:\Program Files\Common Files\Macrovision Shared 2008-02-26 12:06 . 2008-02-26 12:06 <DIR> d-------- C:\Program Files\iPod 2008-02-20 12:03 . 2008-02-20 12:03 <DIR> d-------- C:\WINDOWS\system32\vmm32 2008-02-20 01:27 . 2008-02-20 01:57 <DIR> d-------- C:\Program Files\SpywareBlaster 2008-02-19 23:54 . 2008-02-19 23:54 <DIR> d-------- C:\kav 2008-02-19 22:49 . 2004-09-14 08:45 <DIR> d--h----- C:\Documents and Settings\Administrator\Sjablonen 2008-02-19 22:49 . 2008-02-19 22:53 <DIR> dr-h----- C:\Documents and Settings\Administrator\Onlangs geopend 2008-02-19 22:49 . 2004-09-14 08:45 <DIR> d--h----- C:\Documents and Settings\Administrator\Netwerkprinteromgeving 2008-02-19 22:49 . 2006-10-05 09:22 <DIR> dr------- C:\Documents and Settings\Administrator\Mijn documenten 2008-02-19 22:49 . 2004-09-14 08:45 <DIR> dr------- C:\Documents and Settings\Administrator\Menu Start 2008-02-19 22:49 . 2004-09-14 08:56 <DIR> dr------- C:\Documents and Settings\Administrator\Favorieten 2008-02-19 22:49 . 2004-09-14 08:45 <DIR> d-------- C:\Documents and Settings\Administrator\Bureaublad 2008-02-19 22:49 . 2006-10-05 09:21 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Symantec 2008-02-19 22:49 . 2006-10-05 09:23 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Corel 2008-02-19 22:49 . 2008-01-29 19:55 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\ATI 2008-02-19 10:22 . 2008-02-19 10:22 <DIR> d-------- C:\Documents and Settings\Danny Moerman\Application Data\AdobeUM 2008-02-19 00:36 . 2008-02-19 00:45 <DIR> d-------- C:\Program Files\XoftSpySE 2008-02-18 21:59 . 2008-02-18 21:59 0 --ah----- C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf 2008-02-18 21:59 . 2008-02-18 21:59 0 --ah----- C:\WINDOWS\system32\drivers\Msft_Kernel_ggsemc_01005.Wdf 2008-02-18 08:05 . 2008-02-18 08:05 <DIR> d-------- C:\Program Files\Belastingdienst 2008-02-18 08:00 . 2008-02-18 08:00 164 --a------ C:\install.dat 2008-02-18 07:59 . 2005-08-25 18:19 115,920 --a------ C:\WINDOWS\system32\MSINET.OCX 2008-02-18 07:53 . 2008-02-20 00:05 <DIR> d-------- C:\Program Files\ESET 2008-02-18 07:52 . 2008-02-18 07:52 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Prevx 2008-02-18 07:46 . 2008-02-18 07:46 <DIR> d-------- C:\WINDOWS\system32\GroupPolicy 2008-02-18 07:46 . 2008-02-20 03:13 <DIR> d-------- C:\Program Files\Hitman Pro 2008-02-17 15:30 . 2008-02-17 15:30 <DIR> d-------- C:\Program Files\VSO 2008-02-17 15:30 . 2008-02-17 15:33 <DIR> d-------- C:\Documents and Settings\Danny Moerman\Application Data\Vso 2008-02-17 15:26 . 2008-02-17 15:26 <DIR> d-------- C:\WINDOWS\Downloaded Installations 2008-02-14 14:58 . 2008-02-14 14:58 268 --ah----- C:\sqmdata01.sqm 2008-02-14 14:58 . 2008-02-14 14:58 244 --ah----- C:\sqmnoopt01.sqm 2008-02-14 12:55 . 2008-02-14 12:55 268 --ah----- C:\sqmdata00.sqm 2008-02-14 12:55 . 2008-02-14 12:55 244 --ah----- C:\sqmnoopt00.sqm . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-03-09 21:01 --------- d-----w C:\Documents and Settings\Danny Moerman\Application Data\uTorrent 2008-03-09 18:38 --------- d-----w C:\Program Files\Steam 2008-03-09 18:33 --------- d-----w C:\Program Files\McAfee 2008-03-05 12:34 --------- d-----w C:\Documents and Settings\Danny Moerman\Application Data\SiteAdvisor 2008-03-04 09:59 --------- d-----w C:\Program Files\Common Files\Adobe 2008-02-26 11:06 --------- d-----w C:\Program Files\iTunes 2008-02-26 11:05 --------- d-----w C:\Program Files\QuickTime 2008-02-21 12:49 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP 2008-02-20 01:28 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2008-02-19 00:55 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help 2008-02-18 07:00 --------- d-----w C:\Program Files\Lavasoft 2008-02-17 23:58 --------- d-----w C:\Program Files\Sotfone 2008-02-08 12:15 --------- d-----w C:\Program Files\Avanquest update 2008-02-06 08:40 73,216 ----a-w C:\WINDOWS\ST6UNST.EXE 2008-02-06 08:40 249,856 ------w C:\WINDOWS\Setup1.exe 2008-02-06 08:37 --------- d-----w C:\Documents and Settings\All Users\Application Data\McAfee 2008-02-05 16:05 --------- d-----w C:\Documents and Settings\Danny Moerman\Application Data\McAfee 2008-02-04 23:42 --------- d-----w C:\Program Files\Java 2008-02-01 13:13 --------- d-----w C:\Program Files\Panicware 2008-02-01 04:17 --------- d-----w C:\Documents and Settings\LocalService\Application Data\McAfee 2008-01-31 22:29 --------- d-----w C:\Documents and Settings\Danny Moerman\Application Data\Media Player Classic 2008-01-31 21:51 --------- d-----w C:\Program Files\Dell 2008-01-31 21:25 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-01-31 21:14 --------- d-----w C:\Program Files\K-Lite Codec Pack 2008-01-31 20:38 --------- d-----w C:\Documents and Settings\Danny Moerman\Application Data\Apple Computer 2008-01-31 15:49 --------- d-----w C:\Program Files\Activision 2008-01-31 13:54 --------- d-----w C:\Program Files\Google 2008-01-31 12:49 --------- d-----w C:\Program Files\Spybot - Search & Destroy 2008-01-30 23:42 --------- d-----w C:\Program Files\SiteAdvisor 2008-01-30 15:52 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft 2008-01-30 15:51 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard 2008-01-30 15:35 --------- d-----w C:\Documents and Settings\Danny Moerman\Application Data\Lavasoft 2008-01-30 15:29 --------- d-----w C:\Program Files\Bonjour 2008-01-30 14:27 --------- d-----w C:\Program Files\Audio Phonics, Inc 2008-01-30 14:21 --------- d-----w C:\Program Files\DU Meter 2008-01-30 14:21 --------- d-----w C:\Documents and Settings\All Users\Application Data\Hagel Technologies 2008-01-30 14:18 --------- d-----w C:\Program Files\Webteh 2008-01-30 14:16 --------- d-----w C:\Program Files\ScreenPrint32 v3 2008-01-30 14:08 20,520 ----a-w C:\WINDOWS\system32\drivers\ggsemc.sys 2008-01-30 14:08 13,352 ----a-w C:\WINDOWS\system32\drivers\ggflt.sys 2008-01-30 14:08 1,419,232 ----a-w C:\WINDOWS\system32\wdfcoinstaller01005.dll 2008-01-30 14:06 --------- d-----w C:\Program Files\Sony Ericsson 2008-01-30 13:12 --------- d-----w C:\Program Files\Total Video Converter 2008-01-30 13:07 --------- d-----w C:\Documents and Settings\All Users\Application Data\BVRP Software 2008-01-30 12:59 --------- d-----w C:\Documents and Settings\Danny Moerman\Application Data\InstallShield 2008-01-30 12:59 --------- d-----w C:\Documents and Settings\All Users\Application Data\Sony Ericsson 2008-01-29 22:35 --------- d-----w C:\Program Files\Apple Software Update 2008-01-29 22:35 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer 2008-01-29 22:34 --------- d-----w C:\Program Files\Common Files\Apple 2008-01-29 22:34 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple 2008-01-29 22:24 --------- d-----w C:\Program Files\GameSpy 2008-01-29 22:23 22,328 ----a-w C:\Documents and Settings\Danny Moerman\Application Data\PnkBstrK.sys 2008-01-29 22:14 --------- d-----w C:\Program Files\Electronic Arts 2008-01-29 22:12 --------- d-----w C:\Program Files\DAEMON Tools Lite 2008-01-29 22:12 --------- d-----w C:\Documents and Settings\Danny Moerman\Application Data\DAEMON Tools 2008-01-29 22:07 --------- d-----w C:\Program Files\McAfee.com 2008-01-29 22:07 --------- d-----w C:\Documents and Settings\All Users\Application Data\McAfee.com 2008-01-29 22:05 --------- d-----w C:\Documents and Settings\LocalService\Application Data\SiteAdvisor 2008-01-29 22:05 --------- d-----w C:\Documents and Settings\All Users\Application Data\SiteAdvisor 2008-01-29 22:04 --------- d-----w C:\Program Files\Common Files\McAfee 2008-01-29 21:42 --------- d-----w C:\Program Files\MSBuild 2008-01-29 21:42 --------- d-----w C:\Program Files\Microsoft Works 2008-01-29 21:38 --------- d-----w C:\Program Files\Microsoft.NET 2008-01-29 21:33 --------- d-----w C:\Program Files\Microsoft Visual Studio 8 2008-01-29 21:16 --------- d-----w C:\Program Files\Windows Live 2008-01-29 21:15 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller 2008-01-29 21:15 --------- d-----w C:\Program Files\uTorrent 2008-01-29 21:11 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller 2008-01-29 21:10 716,272 ----a-w C:\WINDOWS\system32\drivers\sptd.sys 2008-01-29 20:51 --------- d-----w C:\Program Files\Microsoft CAPICOM 2.1.0.2 2008-01-29 20:42 --------- d-----w C:\Program Files\Common Files\Symantec Shared 2008-01-29 20:34 --------- d-----w C:\Program Files\Roxio 2008-01-29 20:30 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec 2008-01-29 20:25 --------- d-----w C:\Program Files\Corel 2008-01-29 18:56 --------- d-----w C:\Program Files\ATI Technologies 2008-01-29 18:55 --------- d-----w C:\Documents and Settings\Danny Moerman\Application Data\ATI 2008-01-29 18:45 --------- d-----w C:\Program Files\SecureW2 2008-01-11 05:52 44,544 ----a-w C:\WINDOWS\system32\dllcache\pngfilt.dll 2007-12-24 12:49 7,680 ----a-w C:\WINDOWS\system32\ff_vfw.dll 2007-12-21 03:53 2,843,136 ----a-w C:\WINDOWS\system32\dllcache\ati2mtag.sys 2007-12-21 03:09 368,640 ----a-w C:\WINDOWS\system32\ATIDEMGX.dll 2007-12-21 03:08 272,384 ----a-w C:\WINDOWS\system32\ati2dvag.dll 2007-12-21 03:02 307,200 ----a-w C:\WINDOWS\system32\atiiiexx.dll 2007-12-21 02:59 43,520 ----a-w C:\WINDOWS\system32\ati2edxx.dll 2007-12-21 02:59 26,112 ----a-w C:\WINDOWS\system32\Ati2mdxx.exe 2007-12-21 02:59 147,456 ----a-w C:\WINDOWS\system32\atipdlxx.dll 2007-12-21 02:59 122,880 ----a-w C:\WINDOWS\system32\Oemdspif.dll 2007-12-21 02:58 122,880 ----a-w C:\WINDOWS\system32\ati2evxx.dll 2007-12-21 02:57 512,000 ----a-w C:\WINDOWS\system32\ati2evxx.exe 2007-12-21 02:56 53,248 ----a-w C:\WINDOWS\system32\ATIDDC.DLL 2007-12-21 02:53 9,826,304 ----a-w C:\WINDOWS\system32\atioglx2.dll 2007-12-21 02:47 3,120,640 ----a-w C:\WINDOWS\system32\ati3duag.dll 2007-12-21 02:36 1,661,696 ----a-w C:\WINDOWS\system32\ativvaxx.dll 2007-12-21 02:24 46,080 ----a-w C:\WINDOWS\system32\amdpcom32.dll 2007-12-21 02:20 5,435,392 ----a-w C:\WINDOWS\system32\atioglxx.dll 2007-12-21 02:20 385,024 ----a-w C:\WINDOWS\system32\atikvmag.dll 2007-12-21 02:18 17,408 ----a-w C:\WINDOWS\system32\atitvo32.dll 2007-12-21 02:15 159,744 ----a-w C:\WINDOWS\system32\atiok3x2.dll 2007-12-21 02:11 499,712 ----a-w C:\WINDOWS\system32\ati2cqag.dll 2007-12-20 20:05 593,920 ------w C:\WINDOWS\system32\ati2sgag.exe . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 12:00 15360] "MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184] "DU Meter"="C:\Program Files\DU Meter\DUMeter.exe" [2008-01-30 15:22 2582288] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-02-04 15:44 68856] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496] "IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2006-07-06 07:15 151552] "ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 10:44 249856] "ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 10:44 81920] "mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [2007-08-03 22:33 582992] "SiteAdvisor"="C:\Program Files\SiteAdvisor\6253\SiteAdv.exe" [2007-08-24 22:57 36640] "BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 12:00 110592 C:\WINDOWS\system32\bthprops.cpl] "ScreenPrint32"="C:\Program Files\ScreenPrint32 v3\ScreenPrint32.exe" [2003-05-15 20:36 446464] "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-01-31 23:13 385024] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-02-19 13:10 267048] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 12:00 15360] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite] --a------ 2008-01-17 17:51 486856 C:\Program Files\DAEMON Tools Lite\daemon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor] --a------ 2007-08-24 07:00 33648 C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Hitman Pro Expiration Helper] --a------ 2007-01-30 14:41 596760 C:\Program Files\Hitman Pro\xphelper.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] --a------ 2008-02-19 13:10 267048 C:\Program Files\iTunes\iTunesHelper.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PopStop] C:\Program Files\PopStop\popstop.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] --a------ 2008-01-31 23:13 385024 C:\Program Files\QuickTime\QTTask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SigmatelSysTrayApp] --a------ 2006-03-20 16:00 282624 C:\WINDOWS\stsystra.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite] --------- 2007-11-20 15:29 360448 C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer] -rahs---- 2008-01-28 11:43 2097488 C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC] --a------ 2006-11-10 12:35 90112 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "usnjsvc"=3 (0x3) "PnkBstrA"=2 (0x2) "NOD32krn"=2 (0x2) [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "C:\\Program Files\\iTunes\\iTunes.exe"= "C:\\Program Files\\uTorrent\\uTorrent.exe"= R2 DUMeterSvc;DU Meter Service;C:\Program Files\DU Meter\DUMeterSvc.exe [2008-01-30 15:22] S3 ggflt;SEMC USB Flash Driver Filter;C:\WINDOWS\system32\DRIVERS\ggflt.sys [2008-01-30 15:08] . Inhoud van de 'Gedeelde Taken' map "2008-01-29 22:03:52 C:\WINDOWS\Tasks\McDefragTask.job" - c:\PROGRA~1\mcafee\mqc\QcConsol.exe' "2008-03-01 00:00:11 C:\WINDOWS\Tasks\McQcTask.job" - c:\PROGRA~1\mcafee\mqc\QcConsol.exe . ************************************************************************** catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-03-09 22:36:07 Windows 5.1.2600 Service Pack 2 NTFS scannen van verborgen processen ... scannen van verborgen autostart items ... scannen van verborgen bestanden ... Scan succesvol afgerond verborgen bestanden: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\DUMeterSvc] "ImagePath"="C:\Program Files\DU Meter\DUMeterSvc.exe /startedbyscm:E1F6D4BE-40E33354-DUMeterService" . ------------------------ Other Running Processes ------------------------ . C:\WINDOWS\system32\Ati2evxx.exe C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe C:\Program Files\McAfee\MPF\MPFSrv.exe C:\Program Files\McAfee\MSK\MskSrver.exe C:\Program Files\SiteAdvisor\6253\SAService.exe C:\WINDOWS\system32\wdfmgr.exe C:\Program Files\iPod\bin\iPodService.exe C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe . ************************************************************************** . Voltooingstijd: 2008-03-09 22:38:58 - machine was rebooted ComboFix-quarantined-files.txt 2008-03-09 21:38:55 ComboFix2.txt 2008-03-09 03:06:53 ComboFix3.txt 2008-02-20 00:14:33 ComboFix4.txt 2008-02-17 23:13:38 . 2008-02-20 09:19:46 --- E O F ---
  • Je mag alle gebruikte tools en aangemaakte mappen terug verwijderen. Verwijder ComboFix via [b:9be875bbd5]Start[/b:9be875bbd5] > [b:9be875bbd5]Uitvoeren[/b:9be875bbd5], kopiëer en plak [b:9be875bbd5]Combofix /U[/b:9be875bbd5] klik op OK of toets Enter. Dit verwijdert zowel ComboFix, als je oude systeemherstelpunten (met eventuele restanten van malware), en maakt een nieuw systeemherstelpunt aan. [img:9be875bbd5]http://hicheckthis.gethost.nl/images/Uninstall_combofix.JPG[/img:9be875bbd5] nog problemen nu ?
  • super! alles lijkt verholpen! erg bedankt, ik stond op het punt mijn hele computer te formateren :) scheelt een hele hoop werk zo!

Beantwoord deze vraag

Weet jij het antwoord op deze vraag? Registreer of meld je aan met je account

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.