Vraag & Antwoord

Beveiliging & privacy

Administratie rechten afgenomen.

9 antwoorden
  • Hallo, sinds kort zijn mijn administratie rechten ineens weg (en aangezien dit mijn PC is en er niemand anders gebruikt van maakt zou niet zo moeten zijn). Ook zijn mijn programma's ineens weg, en heb ik een of ander 'Virus Alert' staan naast mijn klokje. Screenshot: Startbalk: http://img373.imageshack.us/img373/6876/buildpf8.png Administratie Rechten: http://img236.imageshack.us/img236/8540/buildrgu4.png Hijackthis log: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 10:20: VIRUS ALERT!, on 24-7-2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16674) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\ATKKBService.exe C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe D:\Program Files\Sitecom\IVT BlueSoleil\BTNtService.exe C:\WINDOWS\RTHDCPL.EXE C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe C:\WINDOWS\system32\PnkBstrA.exe C:\Program Files\WebcamMax\wcmmon.exe C:\WINDOWS\system32\svchost.exe D:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe C:\PROGRA~1\AVG\AVG8\avgtray.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe D:\program files\steam\steam.exe C:\Program Files\DAEMON Tools Lite\daemon.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\PROGRA~1\AVG\AVG8\avgrsx.exe D:\Program Files\Sitecom\IVT BlueSoleil\BlueSoleil.exe C:\PROGRA~1\AVG\AVG8\avgemc.exe C:\WINDOWS\system32\ntvdm.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\AVG\AVG8\avgui.exe C:\Program Files\Windows Live\Messenger\usnsvc.exe C:\Program Files\Java\jre1.6.0_06\bin\jucheck.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wmid=6010&mid=MjI6Ojg5&lid=2 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - D:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll O3 - Toolbar: qndsfmao - {3FCAEB7D-F8AE-4A67-AE6C-57EE1416BB6D} - C:\WINDOWS\qndsfmao.dll (file missing) O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" O4 - HKLM\..\Run: [WebcamMaxMoniter] "C:\Program Files\WebcamMax\wcmmon.exe" /a O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "D:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" O4 - HKLM\..\Run: [Adobe_ID0EYTHM] C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE O4 - HKLM\..\Run: [System Files Updater] C:\WINDOWS\FlyakiteOSX\Tools\System Files Updater.exe /S O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe O4 - HKLM\..\Run: [a0ec7ff2] rundll32.exe "C:\WINDOWS\system32\nwxdnvwa.dll",b O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [Steam] "d:\program files\steam\steam.exe" -silent O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: Mopy Points Collector.lnk = C:\MOPYFISH\GETPOINT.EXE O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: BlueSoleil.lnk = D:\Program Files\Sitecom\IVT BlueSoleil\BlueSoleil.exe O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1 O8 - Extra context menu item: Append to existing PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert link target to Adobe PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert link target to existing PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert selected links to Adobe PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Convert selected links to existing PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: Convert selection to Adobe PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert selection to existing PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert to Adobe PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://dev.srtest.com/srl_bin/sysreqlab3.cab O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl.sun.com/webapps/download/AutoDL?BundleId=21871 O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - AppInit_DLLs: avgrsstx.dll O21 - SSODL: kvxqmtre - {348B82A6-4F52-47B9-9F5E-EE816BEE173B} - C:\WINDOWS\kvxqmtre.dll (file missing) O21 - SSODL: evgratsm - {3DFCA451-4DE7-4DE7-94C2-5CA961632451} - C:\WINDOWS\evgratsm.dll (file missing) O23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe O23 - Service: BlueSoleil Hid Service - Unknown owner - D:\Program Files\Sitecom\IVT BlueSoleil\BTNtService.exe O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
  • eerst je avg updaten door rechts klikken op het icoontje.
  • Daar was ik ondertussen ook al mee bezig ;)
  • Hoi Renax, we zullen dit varkentje wel even wassen. 1)Start HijackThis op. - Kies nu voor [b:67edb6f0b7]"Do a system scan only.[/b:67edb6f0b7]. - Zet nu een vinkje voor de volgende items:[list:67edb6f0b7] [*:67edb6f0b7] O3 - Toolbar: qndsfmao - {3FCAEB7D-F8AE-4A67-AE6C-57EE1416BB6D} - C:\WINDOWS\qndsfmao.dll (file missing) [*:67edb6f0b7] O4 - HKLM\..\Run: [a0ec7ff2] rundll32.exe "C:\WINDOWS\system32\nwxdnvwa.dll",b [*:67edb6f0b7]O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present [*:67edb6f0b7]O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1 [*:67edb6f0b7]O21 - SSODL: kvxqmtre - {348B82A6-4F52-47B9-9F5E-EE816BEE173B} - C:\WINDOWS\kvxqmtre.dll (file missing) [*:67edb6f0b7]O21 - SSODL: evgratsm - {3DFCA451-4DE7-4DE7-94C2-5CA961632451} - C:\WINDOWS\evgratsm.dll (file missing) [/list:u:67edb6f0b7] - Sluit nu alle vensters behalve die van HijackThis en kies nu voor [b:67edb6f0b7] "fix checked[/b:67edb6f0b7]". 2) Herstart je computer. 3) Download [url=http://www.besttechie.net/tools/mbam-setup.exe][b:67edb6f0b7][color=red:67edb6f0b7]MalwareBytes' Anti-Malware[/color:67edb6f0b7][/b:67edb6f0b7][/url] en sla het op je bureaublad op. Dubbelklik op [b:67edb6f0b7]mbam-setup.exe[/b:67edb6f0b7] om het programma te installeren. Zorg dat er na de installatie een vinkje is geplaatst bij:[list:67edb6f0b7][*:67edb6f0b7]Update MalwareBytes' Anti-Malware [*:67edb6f0b7]Start MalwareBytes' Anti-Malware [/list:u:67edb6f0b7]Klik daarna op "[b:67edb6f0b7]Voltooien[/b:67edb6f0b7]". Indien een update gevonden wordt, zal die gedownload en geïnstalleerd worden.[list:67edb6f0b7][*:67edb6f0b7]Zodra het programma gestart is, ga dan naar het tabblad "[b:67edb6f0b7]Instellingen[/b:67edb6f0b7]". [*:67edb6f0b7]Vink hier aan: "[b:67edb6f0b7]Sluit Internet Explorer tijdens verwijdering van malware[/b:67edb6f0b7]". [*:67edb6f0b7]Ga daarna naar het tabblad "[b:67edb6f0b7]Scanner[/b:67edb6f0b7]", kies hier voor "[b:67edb6f0b7]Snelle Scan[/b:67edb6f0b7]". [*:67edb6f0b7]Druk vervolgens op "[b:67edb6f0b7]Scannen[/b:67edb6f0b7]" om de scan te starten. [*:67edb6f0b7]Het scannen kan een tijdje duren, dus wees geduldig. [*:67edb6f0b7]Wanneer de scan voltooid is, klik op [b:67edb6f0b7]OK[/b:67edb6f0b7], daarna "[b:67edb6f0b7]Bekijk Resultaten[/b:67edb6f0b7]" om de resultaten te zien. [*:67edb6f0b7]Zorg ervoor dat daar alles aangevinkt is, daarna klik op: "[b:67edb6f0b7]Verwijder geselecteerde[/b:67edb6f0b7]". [*:67edb6f0b7]Na het verwijderen zal een log openen, indien er gevraagd wordt om je computer te herstarten moet je dit toestaan. Dit is namelijk noodzakelijk om sommige infecties te kunnen verwijderen [/list:u:67edb6f0b7]Het log wordt automatisch bewaard door MalwareBytes' Anti-Malware en kan je terugvinden door op de "[b:67edb6f0b7]Logs[/b:67edb6f0b7]" tab te klikken in het programma. Post dit logje in je volgende reactie. 4) Volg deze [url=http://www.bleepingcomputer.com/combofix/nl/hoe-dient-combofix-gebruikt-te-worden]instructies[/url] om [b:67edb6f0b7]Combofix [/b:67edb6f0b7]te downloaden : Voer de instructies op de BleepingComputer pagina uit, [i:67edb6f0b7]inclusief het installeren van de XP Recovery Console [/i:67edb6f0b7] Indien je Combofix al eerder hebt gebruikt, gelieve die versie te verwijderen en Combofix opnieuw te downloaden via bovenstaande link, want Combofix wordt dagelijks geupdate. OPMERKING: indien je, tijdens of na het downloaden van Combofix of tijdens het gebruik van Combofix een melding krijgt van je Antivirus- of een andere realtime scanner, schakel dan deze scanner uit en [b:67edb6f0b7]download Combofix opnieuw[/b:67edb6f0b7]. Sommige scanners zien bepaalde componenten die Combofix gebruikt als verdacht en gaan deze blokkeren of verwijderen! Dubbelklik op [b:67edb6f0b7]Combofix.exe [/b:67edb6f0b7] Volg de instructies en aanvaard de disclaimer. Tijdens het runnen van de fix, [b:67edb6f0b7]NIET[/b:67edb6f0b7] in het venster klikken, want dit zal je pc doen vasthangen. Wanneer de fix voltooid is en na herstart, zal de log [b:67edb6f0b7]Combofix.txt [/b:67edb6f0b7]openen. 5) Mag ik de logjes van MBAM en Combofix van je te samen met een nieuw Hiajckthis logje. Groetjes, Roelof
  • [quote:78fe508269="roelof2"]Hoi Renax, we zullen dit varkentje wel even wassen. 1)Start HijackThis op. - Kies nu voor [b:78fe508269]"Do a system scan only.[/b:78fe508269]. - Zet nu een vinkje voor de volgende items:[list:78fe508269] [*:78fe508269] O3 - Toolbar: qndsfmao - {3FCAEB7D-F8AE-4A67-AE6C-57EE1416BB6D} - C:\WINDOWS\qndsfmao.dll (file missing) [*:78fe508269] O4 - HKLM\..\Run: [a0ec7ff2] rundll32.exe "C:\WINDOWS\system32\nwxdnvwa.dll",b [*:78fe508269]O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present [*:78fe508269]O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1 [*:78fe508269]O21 - SSODL: kvxqmtre - {348B82A6-4F52-47B9-9F5E-EE816BEE173B} - C:\WINDOWS\kvxqmtre.dll (file missing) [*:78fe508269]O21 - SSODL: evgratsm - {3DFCA451-4DE7-4DE7-94C2-5CA961632451} - C:\WINDOWS\evgratsm.dll (file missing) [/list:u:78fe508269] - Sluit nu alle vensters behalve die van HijackThis en kies nu voor [b:78fe508269] "fix checked[/b:78fe508269]". [/quote:78fe508269] Toen ik Fix Checked klikte kwam er: Registry editing has been disabled by your administrator. (Ik ga nu effe de rest doen dus don't worry.
  • Logs: Anti Malware: [code:1:a996fa5515] Malwarebytes' Anti-Malware 1.23 Database versie: 986 Windows 5.1.2600 Service Pack 2 19:28:46 24-7-2008 mbam-log-7-24-2008 (19-28-46).txt Scan type: Snelle Scan Objecten gescand: 50740 Verstreken tijd: 7 minute(s), 32 second(s) Geheugenprocessen geïnfecteerd: 0 Geheugenmodulen geïnfecteerd: 2 Registersleutels geïnfecteerd: 17 Registerwaarden geïnfecteerd: 1 Registerdata bestanden geïnfecteerd: 18 Mappen geïnfecteerd: 0 Bestanden geïnfecteerd: 25 Geheugenprocessen geïnfecteerd: (Geen kwaadaardige items gevonden) Geheugenmodulen geïnfecteerd: C:\WINDOWS\system32\efcYOfDu.dll (Trojan.Vundo) -> Delete on reboot. C:\WINDOWS\system32\pmnKaxyA.dll (Trojan.Vundo) -> Delete on reboot. Registersleutels geïnfecteerd: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00b8e09b-5cd6-4462-8e09-11d58a269337} (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{00b8e09b-5cd6-4462-8e09-11d58a269337} (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{74c3d78a-a8bf-445d-8d8c-015b1e7e09dc} (Trojan.Vundo) -> Delete on reboot. HKEY_CLASSES_ROOT\CLSID\{74c3d78a-a8bf-445d-8d8c-015b1e7e09dc} (Trojan.Vundo) -> Delete on reboot. HKEY_CLASSES_ROOT\CLSID\{6230596f-3a44-4cdf-815b-372fa03c75d6} (Trojan.Vundo) -> Delete on reboot. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6230596f-3a44-4cdf-815b-372fa03c75d6} (Trojan.Vundo) -> Delete on reboot. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\pmnkaxya (Trojan.Vundo) -> Delete on reboot. HKEY_CURRENT_USER\SOFTWARE\antivirus 2008 pro (Rogue.Antivirus2008) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\VSPlugin (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\qndsfmao.bvqe (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\qndsfmao.toolbar.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WebVideo (Trojan.FakeAlert) -> Quarantined and deleted successfully. Registerwaarden geïnfecteerd: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{6230596f-3a44-4cdf-815b-372fa03c75d6} (Trojan.Vundo) -> Delete on reboot. Registerdata bestanden geïnfecteerd: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo) -> Data: c:\windows\system32\efcyofdu -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\efcyofdu -> Delete on reboot. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page (Hijack.Homepage) -> Bad: (http://softwarereferral.com/jump.php?wmid=6010&mid=MjI6Ojg5&lid=2) Good: (http://www.google.com/) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProductId (Trojan.FakeAlert) -> Bad: (VIRUS ALERT!) Good: (76487-640-8365391-23401) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\Control Panel\International\sTimeFormat (Trojan.FakeAlert) -> Bad: (HH:mm: VIRUS ALERT!) Good: (H:mm:ss) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowControlPanel (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowRun (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowSearch (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowHelp (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowMyDocs (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowMyComputer (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoStartMenuMorePrograms (Hijack.StartMenu) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\StartMenuLogOff (Hijack.StartMenu) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDrives (Hijack.Drives) -> Bad: (12) Good: (0) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoToolbarCustomize (Hijack.Explorer) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSetFolders (Hijack.Explorer) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\NoDispCPL (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. Mappen geïnfecteerd: (Geen kwaadaardige items gevonden) Bestanden geïnfecteerd: C:\WINDOWS\system32\edfmjy.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\efcYOfDu.dll (Trojan.Vundo) -> Delete on reboot. C:\WINDOWS\system32\uDfOYcfe.ini (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\uDfOYcfe.ini2 (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\nqeekkxt.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\txkkeeqn.ini (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\pmnKaxyA.dll (Trojan.Vundo) -> Delete on reboot. C:\WINDOWS\system32\jooopykd.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\gnrjucvv.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\urqPhEur.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\byXPJCTL.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\ynarqg.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\woirah.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\ngcyyeqg.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\nnnnNFYQ.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\Documents and Settings\Jaeden\Local Settings\Temporary Internet Files\Content.IE5\6MVQDULI\kb767887[1] (Trojan.Vundo) -> Quarantined and deleted successfully. C:\Documents and Settings\Jaeden\Local Settings\Temporary Internet Files\Content.IE5\RDJMIYPR\kb456456[1] (Trojan.Vundo) -> Quarantined and deleted successfully. C:\Documents and Settings\Jaeden\Application Data\Microsoft\Internet Explorer\Quick Launch\Antivirus-2008pro.lnk (Rogue.Antivirus2008) -> Quarantined and deleted successfully. C:\Documents and Settings\Jaeden\Application Data\TmpRecentIcons\antivirus-2008pro.lnk (Rogue.Link) -> Quarantined and deleted successfully. C:\Documents and Settings\Jaeden\Desktop\Spyware&Malware Protection.url (Rogue.Link) -> Quarantined and deleted successfully. C:\Documents and Settings\Jaeden\Desktop\Privacy Protector.url (Rogue.Link) -> Quarantined and deleted successfully. C:\Documents and Settings\Jaeden\Desktop\Error Cleaner.url (Rogue.Link) -> Quarantined and deleted successfully. C:\Documents and Settings\Jaeden\Favorites\Error Cleaner.url (Rogue.Link) -> Quarantined and deleted successfully. C:\Documents and Settings\Jaeden\Favorites\Privacy Protector.url (Rogue.Link) -> Quarantined and deleted successfully. C:\Documents and Settings\Jaeden\Favorites\Spyware&Malware Protection.url (Rogue.Link) -> Quarantined and deleted successfully. [/code:1:a996fa5515] Combofix (Ja ik heb de recovery console niet geïnstalleerd aangezien ik de instalatie 'readme' niet kon uitvoeren, verder don't ask.) ComboFix 08-07-23.5 - Jaeden 2008-07-24 19:39:34.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1510 [GMT 2:00] Running from: C:\Documents and Settings\Jaeden\Desktop\ComboFix.exe * Created a new restore point * Resident AV is active [color=red:a996fa5515][b:a996fa5515]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b:a996fa5515][/color:a996fa5515] . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\system32\awvndxwn.ini C:\WINDOWS\system32\btfunc.dll C:\WINDOWS\system32\dmdjbthp.ini C:\WINDOWS\system32\mcrh.tmp C:\WINDOWS\system32\tmp37.tmp . ((((((((((((((((((((((((( Files Created from 2008-06-24 to 2008-07-24 ))))))))))))))))))))))))))))))) . 2008-07-24 19:17 . 2008-07-24 19:17 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware 2008-07-24 19:17 . 2008-07-24 19:17 <DIR> d-------- C:\Documents and Settings\Jaeden\Application Data\Malwarebytes 2008-07-24 19:17 . 2008-07-24 19:17 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Malwarebytes 2008-07-24 19:17 . 2008-07-23 20:09 38,472 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys 2008-07-24 19:17 . 2008-07-23 20:09 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys 2008-07-24 10:20 . 2008-07-24 10:20 <DIR> d-------- C:\Program Files\Trend Micro 2008-07-24 01:08 . 2008-07-24 01:08 12,936 --a------ C:\WINDOWS\system32\drivers\avgrkx86.sys 2008-07-24 01:02 . 2008-07-24 19:39 <DIR> d--h-c--- C:\$AVG8.VAULT$ 2008-07-24 00:42 . 2008-07-24 11:37 <DIR> d-------- C:\WINDOWS\system32\drivers\Avg 2008-07-24 00:42 . 2008-07-24 00:50 <DIR> d-------- C:\Documents and Settings\Jaeden\Application Data\AVGTOOLBAR 2008-07-24 00:42 . 2008-07-24 00:42 96,520 --a------ C:\WINDOWS\system32\drivers\avgldx86.sys 2008-07-24 00:42 . 2008-07-24 00:42 76,040 --a------ C:\WINDOWS\system32\drivers\avgtdix.sys 2008-07-24 00:42 . 2008-07-24 00:42 10,520 --a------ C:\WINDOWS\system32\avgrsstx.dll 2008-07-24 00:40 . 2008-07-24 00:40 <DIR> d-------- C:\Program Files\AVG 2008-07-24 00:40 . 2008-07-24 00:51 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\avg8 2008-07-23 19:40 . 2008-07-23 19:40 0 --a------ C:\WINDOWS\WoWEmuHackSettings.ini 2008-07-21 17:02 . 2008-07-21 17:02 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Codemasters 2008-07-21 16:58 . 2008-07-21 16:58 <DIR> d-------- C:\Program Files\OpenAL 2008-07-21 16:58 . 2008-04-28 15:53 805,400 -ra------ C:\WINDOWS\system32\tmpD5.tmp 2008-07-21 16:58 . 2008-04-28 15:53 805,400 -ra------ C:\WINDOWS\system32\tmpD4.tmp 2008-07-21 16:33 . 2008-07-21 19:26 <DIR> d-------- C:\Program Files\SubRip 2008-07-21 14:21 . 2008-07-21 14:21 46,905 --a------ C:\WINDOWS\vdj.eq 2008-07-21 14:19 . 2005-11-30 21:20 2,314,332 --a------ C:\WINDOWS\system32\LIBMMD.DLL 2008-07-21 14:19 . 2000-05-21 22:00 1,066,176 --a------ C:\WINDOWS\system32\mscomctl.ocx 2008-07-21 14:19 . 2000-05-21 22:00 647,872 --a------ C:\WINDOWS\system32\mscomct2.ocx 2008-07-21 14:19 . 1998-06-23 22:00 609,584 --a------ C:\WINDOWS\system32\comctl32.ocx 2008-07-21 14:19 . 2001-03-13 11:49 120,320 --a------ C:\WINDOWS\system32\comdlg32.ocx 2008-07-21 14:19 . 2000-05-22 15:58 115,920 --a------ C:\WINDOWS\system32\msinet.ocx 2008-07-19 22:21 . 2008-07-19 22:37 <DIR> d-------- C:\Program Files\Ascent DB Editor 2008-07-16 19:53 . 2008-07-24 19:09 <DIR> d-------- C:\Documents and Settings\Jaeden\Application Data\skypePM 2008-07-16 19:53 . 2008-07-16 19:53 56 --ah----- C:\WINDOWS\system32\ezsidmv.dat 2008-07-16 19:52 . 2008-07-24 19:34 <DIR> d-------- C:\Documents and Settings\Jaeden\Application Data\Skype 2008-07-16 19:51 . 2008-07-16 19:51 <DIR> d-------- C:\Program Files\Skype 2008-07-16 19:51 . 2008-07-16 19:51 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Skype 2008-07-16 01:09 . 2008-07-16 01:09 42,320 --a------ C:\WINDOWS\system32\xfcodec.dll 2008-07-09 12:48 . 2008-07-22 15:51 8 --a------ C:\WINDOWS\system32\nvModes.dat 2008-07-08 22:05 . 2008-07-08 22:05 <DIR> d----c--- C:\Logs 2008-07-08 19:58 . 2008-07-08 19:58 <DIR> d-------- C:\Program Files\Medieval Software 2008-07-08 01:42 . 2008-07-08 01:42 0 --a------ C:\WINDOWS\nsreg.dat 2008-07-07 18:43 . 2008-07-07 18:43 <DIR> d-------- C:\WINDOWS\system32\nl-NL 2008-07-07 18:41 . 2008-07-07 18:41 <DIR> d-------- C:\Program Files\Reference Assemblies 2008-07-07 18:41 . 2008-07-07 18:41 <DIR> d-------- C:\Program Files\MSBuild 2008-07-07 18:41 . 2006-06-29 13:07 14,048 --------- C:\WINDOWS\system32\spmsg2.dll 2008-07-07 18:38 . 2008-07-07 18:38 <DIR> d-------- C:\Program Files\MSXML 6.0 2008-07-07 18:34 . 2006-04-13 11:30 1,073,152 --a------ C:\WINDOWS\system32\libmysql_c.dll 2008-07-07 11:25 . 2008-04-23 06:16 6,066,176 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll 2008-07-07 11:25 . 2007-04-17 11:32 2,455,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dat 2008-07-07 11:25 . 2007-03-08 07:10 991,232 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll.mui 2008-07-07 11:25 . 2008-04-23 06:16 459,264 -----c--- C:\WINDOWS\system32\dllcache\msfeeds.dll 2008-07-07 11:25 . 2008-04-23 06:16 383,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dll 2008-07-07 11:25 . 2008-04-23 06:16 267,776 -----c--- C:\WINDOWS\system32\dllcache\iertutil.dll 2008-07-07 11:25 . 2008-04-23 06:16 63,488 -----c--- C:\WINDOWS\system32\dllcache\icardie.dll 2008-07-07 11:25 . 2008-04-23 06:16 52,224 -----c--- C:\WINDOWS\system32\dllcache\msfeedsbs.dll 2008-07-07 11:25 . 2008-04-22 09:39 13,824 -----c--- C:\WINDOWS\system32\dllcache\ieudinit.exe 2008-07-07 02:05 . 2008-07-24 19:32 <DIR> d--h----- C:\WINDOWS\FlyakiteOSX 2008-07-07 02:05 . 2006-08-09 20:58 218,624 --a------ C:\WINDOWS\system32\uxtheme.backup 2008-07-07 01:13 . 2008-07-07 01:13 <DIR> d-------- C:\Program Files\TeamViewer3 2008-07-07 00:51 . 2008-07-08 13:53 48 --a------ C:\WINDOWS\scmate.ini 2008-07-07 00:48 . 2008-07-07 00:48 <DIR> d----c--- C:\sheep 2008-07-07 00:48 . 2008-07-07 00:48 <DIR> d-------- C:\Program Files\Common Files\Sheepshead 2008-07-07 00:46 . 2008-07-07 00:45 14,320 --a------ C:\WINDOWS\MOPYFISH.SCR 2008-07-07 00:46 . 2008-07-07 00:45 10,944 --a------ C:\WINDOWS\BYEFISH.EXE 2008-07-07 00:42 . 2008-07-24 19:32 <DIR> d----c--- C:\MOPYFISH 2008-07-07 00:42 . 2008-07-08 13:50 47 --a------ C:\WINDOWS\mopyfish.ini 2008-07-06 16:10 . 2008-07-06 16:10 <DIR> d-------- C:\Documents and Settings\NetworkService.NT AUTHORITY.003\Application Data\Xfire 2008-07-06 12:59 . 2008-07-06 12:59 <DIR> d-------- C:\Documents and Settings\LocalService.NT AUTHORITY.003\Application Data\Xfire 2008-07-06 12:52 . 2008-07-24 19:28 <DIR> d-------- C:\Documents and Settings\Jaeden\Application Data\Xfire 2008-07-06 11:24 . 2008-07-06 11:28 23,392 --a------ C:\WINDOWS\system32\nscompat.tlb 2008-07-06 11:24 . 2008-07-06 11:28 16,832 --a------ C:\WINDOWS\system32\amcompat.tlb 2008-07-06 10:44 . 2008-06-16 19:28 221,184 --a------ C:\WINDOWS\system32\wmpns.dll 2008-07-06 10:43 . 2008-07-06 11:28 <DIR> d-------- C:\Program Files\Windows Media Connect 2 2008-07-06 10:41 . 2008-07-06 10:42 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF 2008-07-06 01:26 . 2008-07-21 23:50 136,888 --a------ C:\WINDOWS\system32\drivers\PnkBstrK.sys 2008-07-06 01:25 . 2008-07-21 23:49 111,928 --a------ C:\WINDOWS\system32\PnkBstrB.exe 2008-07-06 01:25 . 2008-07-07 19:44 66,872 --a------ C:\WINDOWS\system32\PnkBstrA.exe 2008-07-06 01:25 . 2008-07-06 01:25 22,328 --a------ C:\Documents and Settings\Jaeden\Application Data\PnkBstrK.sys 2008-07-06 01:25 . 2008-07-06 01:25 319 --a------ C:\WINDOWS\game.ini 2008-07-05 14:56 . 2008-07-22 18:13 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Messenger Plus! 2008-07-04 17:17 . 2008-07-04 17:17 <DIR> d-------- C:\Program Files\AC3Filter 2008-07-04 17:17 . 2003-08-19 09:20 180,224 --a------ C:\WINDOWS\system32\ac3filter.cpl 2008-07-02 14:36 . 2008-07-02 14:36 <DIR> d-------- C:\Documents and Settings\Jaeden\Application Data\Propellerhead Software 2008-07-02 13:09 . 2008-07-02 13:09 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\FLEXnet 2008-07-02 11:09 . 2008-07-02 11:09 <DIR> d-------- C:\Program Files\Common Files\Control Panels 2008-07-02 11:04 . 2008-07-02 11:04 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\ALM 2008-07-02 10:35 . 2008-07-02 20:21 23 --a------ C:\WINDOWS\BlendSettings.ini 2008-07-02 10:34 . 2008-07-02 10:34 <DIR> d-------- C:\Program Files\QuickTime 2008-07-02 10:22 . 2007-02-20 16:04 2,463,976 --a------ C:\WINDOWS\system32\NPSWF32.dll 2008-07-02 10:22 . 2007-02-20 16:04 190,696 --a------ C:\WINDOWS\system32\NPSWF32_FlashUtil.exe 2008-07-02 10:05 . 2008-07-02 10:05 <DIR> d-------- C:\Program Files\Bonjour 2008-07-02 01:30 . 2008-07-02 01:30 <DIR> d--h----- C:\Program Files\InstallJammer Registry 2008-07-02 01:30 . 2008-07-02 01:30 <DIR> d-------- C:\Program Files\Bloody Bastard 2008-07-01 00:24 . 2008-07-23 23:23 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Google Updater 2008-06-27 13:13 . 2008-06-27 13:13 <DIR> d-------- C:\Program Files\AKVIS 2008-06-27 09:43 . 2008-06-27 09:43 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Webcammax 2008-06-27 09:42 . 2008-06-27 09:44 <DIR> d-------- C:\Program Files\WebcamMax 2008-06-26 22:46 . 2004-08-03 23:08 26,496 --a--c--- C:\WINDOWS\system32\dllcache\usbstor.sys 2008-06-26 19:22 . 2002-01-05 15:37 344,064 --a------ C:\WINDOWS\system32\msvcr70.dll 2008-06-26 09:08 . 2008-06-26 09:08 <DIR> d-------- C:\Documents and Settings\All Users 2008-06-25 19:27 . 2008-06-25 19:28 <DIR> d-------- C:\Documents and Settings\Jaeden\Application Data\Webcammax 2008-06-25 19:27 . 2008-07-07 17:46 197 --ahs---- C:\Program Files\Common Files\maxtreme.dat 2008-06-25 08:17 . 2008-06-25 08:17 <DIR> d-------- C:\Program Files\Ventrilo 2008-06-25 08:17 . 2008-06-25 08:18 <DIR> d-------- C:\Documents and Settings\Jaeden\Application Data\Ventrilo . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-07-24 17:33 196,608 ----a-w C:\WINDOWS\system32\drivers\nStandard.bin 2008-07-23 07:46 --------- d-----w C:\Program Files\Xfire 2008-07-22 23:29 997,486 ----a-w C:\Program Files\Ascent DB Editor.rar 2008-07-22 19:36 --------- d-----w C:\Documents and Settings\Jaeden\Application Data\uTorrent 2008-07-21 14:37 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-07-20 11:17 --------- d-----w C:\Documents and Settings\Jaeden\Application Data\LimeWire 2008-07-06 15:22 --------- d-----w C:\Program Files\Common Files\Blizzard Entertainment 2008-07-05 12:55 --------- d-----w C:\Program Files\MSN Messenger 2008-07-05 12:55 --------- d-----w C:\Program Files\Messenger Plus! Live 2008-07-05 12:53 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\WLInstaller 2008-07-02 09:09 --------- d-----w C:\Program Files\Common Files\Adobe 2008-06-30 22:26 --------- d-----w C:\Program Files\Google 2008-06-26 17:22 --------- d-----w C:\Program Files\Common Files\DVDVideoSoft 2008-06-22 19:58 --------- d-----w C:\Program Files\Hyves Kwekker 2008-06-22 18:52 --------- d-----w C:\Program Files\Java 2008-06-22 15:36 --------- d---a-w C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP 2008-06-22 13:40 --------- d-----w C:\Program Files\CAPCOM 2008-06-20 17:41 245,248 ----a-w C:\WINDOWS\system32\mswsock.dll 2008-06-20 16:00 --------- d-----w C:\Program Files\RAR Password Cracker 2008-06-20 13:22 21,840 ----atw C:\WINDOWS\system32\SIntfNT.dll 2008-06-20 13:22 17,212 ----atw C:\WINDOWS\system32\SIntf32.dll 2008-06-20 13:22 12,067 ----atw C:\WINDOWS\system32\SIntf16.dll 2008-06-20 13:08 --------- d-----w C:\Program Files\DAEMON Tools Lite 2008-06-20 12:44 717,296 ----a-w C:\WINDOWS\system32\drivers\sptd.sys 2008-06-20 12:44 --------- d-----w C:\Documents and Settings\Jaeden\Application Data\DAEMON Tools 2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys 2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys 2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys 2008-06-19 19:32 --------- d-----w C:\Documents and Settings\Jaeden\Application Data\TeamViewer 2008-06-19 07:04 --------- d-----w C:\Program Files\Image-Line 2008-06-19 06:31 --------- d-----w C:\Program Files\uTorrent 2008-06-18 16:32 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Bluetooth 2008-06-18 16:23 --------- d-----w C:\Program Files\Common Files\Steinberg 2008-06-18 16:23 --------- d-----w C:\Documents and Settings\Jaeden\Application Data\Steinberg 2008-06-18 13:07 --------- d-----w C:\Program Files\Native Instruments 2008-06-18 12:53 --------- d-----w C:\Program Files\Outsim 2008-06-17 05:51 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\nView_Profiles 2008-06-16 19:56 --------- d-----w C:\Program Files\Yahoo! 2008-06-16 19:52 --------- d-----w C:\Program Files\My Company Name 2008-06-16 19:50 --------- d-----w C:\Program Files\ASUS 2008-06-16 19:47 --------- d-----w C:\Program Files\SystemRequirementsLab 2008-06-16 19:03 --------- d-----w C:\Program Files\VIA 2008-06-16 19:02 --------- d-----w C:\Program Files\Realtek 2008-06-16 17:27 994,304 ----a-w C:\WINDOWS\system32\msgina.dll 2008-06-16 17:26 99,840 ----a-w C:\WINDOWS\PCHealth\HelpCtr\Binaries\HelpHost.exe 2008-06-16 17:25 98,304 ----a-w C:\WINDOWS\system32\cscript.exe 2008-06-16 12:33 --------- d-----w C:\Program Files\Common Files\Symantec Shared 2008-06-14 17:01 --------- d-----w C:\Program Files\Windows Live 2008-06-13 13:10 272,128 ------w C:\WINDOWS\system32\drivers\bthport.sys 2008-06-12 06:28 56,108 ----a-w C:\WINDOWS\system32\drivers\scdemu.sys 2008-05-28 18:42 --------- d-----w C:\Program Files\Common Files\Skype 2008-05-28 14:17 --------- d-----w C:\Program Files\Common Files\TechSmith Shared 2008-05-26 09:53 --------- d-----w C:\Program Files\Common Files\Stardock 2008-05-07 05:18 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll 2008-04-30 15:27 442,368 ----a-w C:\WINDOWS\system32\NVUNINST.EXE . [code:1:a996fa5515]<pre> ----a-w 132,496 2008-01-12 09:21:55 C:\Program Files\Java\jre1.6.0_03\bin\jusched .exe ----a-w 5,674,352 2008-01-12 09:22:39 C:\Program Files\MSN Messenger\MsnMsgr .Exe </pre>[/code:1:a996fa5515] ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2008-06-16 19:25 15360] "MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 11:34 5724184] "Steam"="d:\program files\steam\steam.exe" [2008-06-17 15:31 1271032] "DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [2008-04-01 11:39 486856] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-06-23 08:48 68856] "Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2008-05-30 15:54 21718312] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2008-05-02 22:46 13529088] "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2008-05-02 22:46 86016] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 04:28 144784] "WebcamMaxMoniter"="C:\Program Files\WebcamMax\wcmmon.exe" [2008-02-09 06:58 456024] "Acrobat Assistant 8.0"="D:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2008-01-11 19:54 623992] "Adobe_ID0EYTHM"="C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE" [2007-03-20 16:40 1884160] "System Files Updater"="C:\WINDOWS\FlyakiteOSX\Tools\System Files Updater.exe" [2006-02-26 01:41 118485] "AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-07-24 00:42 1232152] "SkyTel"="SkyTel.EXE" [2006-05-16 05:04 2879488 C:\WINDOWS\SkyTel.exe] "RTHDCPL"="RTHDCPL.EXE" [2006-09-12 03:58 16264192 C:\WINDOWS\RTHDCPL.exe] "nwiz"="nwiz.exe" [2008-05-02 22:46 1630208 C:\WINDOWS\system32\nwiz.exe] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-06-16 19:25 15360] C:\Documents and Settings\Jaeden\Start Menu\Programs\Startup\ Mopy Points Collector.lnk - C:\MOPYFISH\GETPOINT.EXE [2008-07-07 00:45:02 39612] C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\ Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 04:44:06 29696] BlueSoleil.lnk - D:\Program Files\Sitecom\IVT BlueSoleil\BlueSoleil.exe [2006-07-16 17:33:36 626176] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=avgrsstx.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "VIDC.XFR1"= xfcodec.dll "msacm.fraunhoferacm"= l3codecp.acm [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GamerOSD] --a------ 2007-02-14 09:42 380928 C:\Program Files\ASUS\GamerOSD\GamerOSD.exe [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "D:\\Program Files\\Sitecom\\IVT BlueSoleil\\BlueSoleil.exe"= "C:\\Program Files\\uTorrent\\uTorrent.exe"= "D:\\Program Files\\LimeWire\\LimeWire.exe"= "C:\\Program Files\\Bonjour\\mDNSResponder.exe"= "C:\\Program Files\\Common Files\\Adobe\\Adobe Version Cue CS3\\Server\\bin\\VersionCueCS3.exe"= "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"= "C:\\WINDOWS\\system32\\PnkBstrA.exe"= "C:\\WINDOWS\\system32\\PnkBstrB.exe"= "D:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "D:\\Program Files\\Codemasters\\GRID\\GRID.exe"= "C:\\Program Files\\AVG\\AVG8\\avgemc.exe"= "C:\\Program Files\\AVG\\AVG8\\avgupd.exe"= "C:\\Program Files\\Skype\\Phone\\Skype.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3703:TCP"= 3703:TCP:Adobe Version Cue CS3 Server "3704:TCP"= 3704:TCP:Adobe Version Cue CS3 Server "50900:TCP"= 50900:TCP:Adobe Version Cue CS3 Server "50901:TCP"= 50901:TCP:Adobe Version Cue CS3 Server R1 AvgLdx86;AVG AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-07-24 00:42] R2 avg8emc;AVG8 E-mail Scanner;C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-07-24 00:42] R2 avg8wd;AVG8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-07-24 00:42] R2 AvgTdiX;AVG8 Network Redirector;C:\WINDOWS\system32\Drivers\avgtdix.sys [2008-07-24 00:42] R2 CamthWDM;WebcamMax, WDM Video Capture;C:\WINDOWS\system32\DRIVERS\CamthWDM.sys [2008-03-11 15:14] R3 Camdrv30;Philips ToUcam XS;C:\WINDOWS\system32\Drivers\camdrv30.sys [2001-08-17 16:04] R3 Video3D;ASUS Video3D Service;C:\WINDOWS\system32\Drivers\Video3D32.sys [2006-09-29 10:06] S1 asusgsb;ASUS Virtual Video Capture Device Driver;C:\WINDOWS\system32\drivers\asusgsb32.sys [2005-10-20 16:25] *Newly Created Service* - CATCHME *Newly Created Service* - PROCEXP90 . . ------- Supplementary Scan ------- . R0 -: HKCU-Main,SearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 R0 -: HKCU-Main,Start Page = hxxp://www.google.com/ R1 -: HKCU-Internet Settings,ProxyOverride = *.local R1 -: HKCU-SearchURL,(Default) = hxxp://www.google.com/search?q=%s O8 -: Append to existing PDF - D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 -: Convert link target to Adobe PDF - D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 -: Convert link target to existing PDF - D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 -: Convert selected links to Adobe PDF - D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 -: Convert selected links to existing PDF - D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 -: Convert selection to Adobe PDF - D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 -: Convert selection to existing PDF - D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 -: Convert to Adobe PDF - D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O16 -: {1E54D648-B804-468d-BC78-4AFFED8E262E} - hxxp://dev.srtest.com/srl_bin/sysreqlab3.cab C:\WINDOWS\Downloaded Program Files\SysReqLab3.osd C:\WINDOWS\Downloaded Program Files\sysreqlab3.dll ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-07-24 19:42:36 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2008-07-24 19:45:23 ComboFix-quarantined-files.txt 2008-07-24 17:45:10 Pre-Run: 19,229,143,040 bytes free Post-Run: 19,746,680,832 bytes free 286 --- E O F --- 2008-07-08 23:48:46 En een nieuw HijackThis logje: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 19:48:26, on 24-7-2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16674) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\ATKKBService.exe C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe D:\Program Files\Sitecom\IVT BlueSoleil\BTNtService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\PnkBstrA.exe C:\WINDOWS\RTHDCPL.EXE C:\WINDOWS\system32\svchost.exe C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe C:\Program Files\WebcamMax\wcmmon.exe D:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe C:\PROGRA~1\AVG\AVG8\avgtray.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\DAEMON Tools Lite\daemon.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\PROGRA~1\AVG\AVG8\avgrsx.exe C:\PROGRA~1\AVG\AVG8\avgemc.exe C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\Java\jre1.6.0_06\bin\jucheck.exe C:\WINDOWS\system32\notepad.exe C:\WINDOWS\explorer.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\AVG\AVG8\avgui.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - D:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" O4 - HKLM\..\Run: [WebcamMaxMoniter] "C:\Program Files\WebcamMax\wcmmon.exe" /a O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "D:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" O4 - HKLM\..\Run: [Adobe_ID0EYTHM] C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE O4 - HKLM\..\Run: [System Files Updater] C:\WINDOWS\FlyakiteOSX\Tools\System Files Updater.exe /S O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [Steam] "d:\program files\steam\steam.exe" -silent O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: Mopy Points Collector.lnk = C:\MOPYFISH\GETPOINT.EXE O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: BlueSoleil.lnk = D:\Program Files\Sitecom\IVT BlueSoleil\BlueSoleil.exe O8 - Extra context menu item: Append to existing PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert link target to Adobe PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert link target to existing PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert selected links to Adobe PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Convert selected links to existing PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: Convert selection to Adobe PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert selection to existing PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert to Adobe PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://dev.srtest.com/srl_bin/sysreqlab3.cab O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl.sun.com/webapps/download/AutoDL?BundleId=21871 O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - AppInit_DLLs: avgrsstx.dll O23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe O23 - Service: BlueSoleil Hid Service - Unknown owner - D:\Program Files\Sitecom\IVT BlueSoleil\BTNtService.exe O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe -- End of file - 9588 bytes
  • Hoi, Alles ziet er weer schoon uit. Hoe is het nu met je problemen ? Roelof
  • Nergens meer last van + me pc is net wat sneller dan eerst. Hartstikke bedankt! En voortaan word zondag avond mijn virus/spyware/malware scan avondje :oops:
  • Mooi, Als laatste kan ik je dan deze [url=http://www.jawwi.nl/nederlands/tips/beveiligen/beveiligen.html] tips[/url] aanbieden. Misschien dat je er wat aan hebt. Roelof

Beantwoord deze vraag

Weet jij het antwoord op deze vraag? Registreer of meld je aan met je account

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.