Vraag & Antwoord
Bepaalde prgramma's kan ik niet meer openen!
11 antwoorden
- ziet er hier iemand onregelmatig heden op!!
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:42:05, on 4/02/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\brss01a.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Pinnacle\Shared Files\Programs\Scheduler\PCLEScheduler.exe
C:\WINDOWS\explorer.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\PROGRA~1\AVG\AVG8\avgam.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.be/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
R3 - URLSearchHook: Share Accelerator MM Toolbar - {4596013b-6c31-408b-a266-deae5c086dc2} - C:\Program Files\Share_Accelerator_MM\tbSha1.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Share Accelerator MM Toolbar - {4596013b-6c31-408b-a266-deae5c086dc2} - C:\Program Files\Share_Accelerator_MM\tbSha1.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O3 - Toolbar: Share Accelerator MM Toolbar - {4596013b-6c31-408b-a266-deae5c086dc2} - C:\Program Files\Share_Accelerator_MM\tbSha1.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] "C:\Program Files\Ahead\InCD\InCD.exe"
O4 - HKLM\..\Run: [PE2CKFNT SE] "C:\Program Files\Ulead Systems\Ulead Photo Express 2 SE\ChkFont.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Snelle start.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Pinnacle Scheduler.lnk = C:\Program Files\Pinnacle\Shared Files\Programs\Scheduler\PCLEScheduler.exe
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://express.foto.com/Newuploader/ImageUploader4.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
–
End of file - 6524 bytes - Download [b:6cf232d5bd] en sla het op je bureaublad op.
Dubbelklik op [b:6cf232d5bd]mbam-setup.exe[/b:6cf232d5bd] om het programma te installeren.
Zorg dat er na de installatie een vinkje is geplaatst bij:[list:6cf232d5bd]
[*:6cf232d5bd]Update MalwareBytes' Anti-Malware
[*:6cf232d5bd]Start MalwareBytes' Anti-Malware
[/list:u:6cf232d5bd]Klik daarna op "[b:6cf232d5bd]Voltooien[/b:6cf232d5bd]".
Indien een update gevonden wordt, zal die gedownload en geïnstalleerd worden.[list:6cf232d5bd]
[*:6cf232d5bd]Zodra het programma gestart is, ga dan naar het tabblad "[b:6cf232d5bd]Instellingen[/b:6cf232d5bd]".
[*:6cf232d5bd]Vink hier aan: "[b:6cf232d5bd]Sluit Internet Explorer tijdens verwijdering van malware[/b:6cf232d5bd]".
[*:6cf232d5bd]Ga daarna naar het tabblad "[b:6cf232d5bd]Scanner[/b:6cf232d5bd]", kies hier voor "[b:6cf232d5bd]Snelle Scan[/b:6cf232d5bd]".
[*:6cf232d5bd]Druk vervolgens op "[b:6cf232d5bd]Scannen[/b:6cf232d5bd]" om de scan te starten.
[*:6cf232d5bd]Het scannen kan een tijdje duren, dus wees geduldig.
[*:6cf232d5bd]Wanneer de scan voltooid is, klik op [b:6cf232d5bd]OK[/b:6cf232d5bd], daarna "[b:6cf232d5bd]Bekijk Resultaten[/b:6cf232d5bd]" om de resultaten te zien.
[*:6cf232d5bd]Zorg ervoor dat daar alles aangevinkt is, daarna klik op: "[b:6cf232d5bd]Verwijder geselecteerde[/b:6cf232d5bd]".
[*:6cf232d5bd]Na het verwijderen zal een log openen en zal er gevraagd worden om de computer opnieuw op te starten.
[/list:u:6cf232d5bd]Het log wordt automatisch bewaard door MalwareBytes' Anti-Malware en kan je terugvinden door op de "[b:6cf232d5bd]Logs[/b:6cf232d5bd]" tab te klikken in het programma.
Plaats dit logje.
Download [b:6cf232d5bd] naar je Bureaublad en gebruik het volgens deze handleiding.
[i:6cf232d5bd] - ik heb alles uitgevoerd met het volgende resultaat!
Malwarebytes' Anti-Malware 1.33
Database versie: 1736
Windows 5.1.2600 Service Pack 3
7/02/2009 14:12:00
mbam-log-2009-02-07 (14-12-00).txt
Scan type: Snelle Scan
Objecten gescand: 53181
Verstreken tijd: 4 minute(s), 30 second(s)
Geheugenprocessen geïnfecteerd: 0
Geheugenmodulen geïnfecteerd: 0
Registersleutels geïnfecteerd: 0
Registerwaarden geïnfecteerd: 0
Registerdata bestanden geïnfecteerd: 0
Mappen geïnfecteerd: 0
Bestanden geïnfecteerd: 0
Geheugenprocessen geïnfecteerd:
(Geen kwaadaardige items gevonden)
Geheugenmodulen geïnfecteerd:
(Geen kwaadaardige items gevonden)
Registersleutels geïnfecteerd:
(Geen kwaadaardige items gevonden)
Registerwaarden geïnfecteerd:
(Geen kwaadaardige items gevonden)
Registerdata bestanden geïnfecteerd:
(Geen kwaadaardige items gevonden)
Mappen geïnfecteerd:
(Geen kwaadaardige items gevonden)
Bestanden geïnfecteerd:
(Geen kwaadaardige items gevonden)
ComboFix 09-02-06.02 - Gebruiker 2009-02-07 14:18:11.3 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.31.1043.18.1023.503 [GMT 1:00]
Gestart vanuit: c:\documents and settings\Gebruiker\Bureaublad\ComboFix.exe
AV: AVG Anti-Virus *On-access scanning enabled* (Updated)
* Nieuw herstelpunt werd aangemaakt
.
(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\Gebruiker\Application Data\inst.exe
c:\program files\Common Files\{E890C~1
.
(((((((((((((((((((( Bestanden Gemaakt van 2009-01-07 to 2009-02-07 ))))))))))))))))))))))))))))))
.
2009-02-05 13:53 . 2009-02-05 14:24 <DIR> d–h-c— C:\$AVG8.VAULT$
2009-02-04 17:31 . 2009-02-06 21:25 <DIR> d——– c:\windows\system32\drivers\Avg
2009-02-04 17:31 . 2009-02-07 14:04 <DIR> d—-c— c:\documents and settings\Gebruiker\Application Data\AVGTOOLBAR
2009-02-04 17:31 . 2009-02-04 17:31 325,128 –a—— c:\windows\system32\drivers\avgldx86.sys
2009-02-04 17:31 . 2009-02-04 17:31 107,272 –a—— c:\windows\system32\drivers\avgtdix.sys
2009-02-04 17:31 . 2009-02-04 17:31 12,552 –a—— c:\windows\system32\drivers\avgrkx86.sys
2009-02-04 17:31 . 2009-02-04 17:31 10,520 –a—— c:\windows\system32\avgrsstx.dll
2009-02-04 17:30 . 2009-02-04 17:30 <DIR> d—-c— c:\documents and settings\All Users\Application Data\avg8
2009-01-10 16:37 . 2009-01-10 16:37 410,984 –a—— c:\windows\system32\deploytk.dll
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-31 12:33 ——— dc—-w c:\program files\SpywareGuard
2009-01-31 12:17 ——— d–h–w c:\program files\InstallShield Installation Information
2009-01-31 12:16 ——— dc—-w c:\program files\Mobile Action
2009-01-31 12:06 ——— dc—-w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-01-31 12:06 ——— d—–w c:\program files\Spybot - Search & Destroy
2009-01-31 12:04 ——— dc—-w c:\program files\Iomega
2009-01-30 10:00 ——— dc—-w c:\program files\Malwarebytes' Anti-Malware
2009-01-14 15:11 38,496 —-a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-01-14 15:11 15,504 —-a-w c:\windows\system32\drivers\mbam.sys
2009-01-10 15:37 ——— d—–w c:\program files\Java
2009-01-05 11:56 ——— dc—-w c:\program files\TeaTimer (Spybot - Search & Destroy)
2009-01-05 11:56 ——— dc—-w c:\program files\SDHelper (Spybot - Search & Destroy)
2009-01-05 11:56 ——— dc—-w c:\program files\Misc. Support Library (Spybot - Search & Destroy)
2009-01-05 11:56 ——— dc—-w c:\program files\File Scanner Library (Spybot - Search & Destroy)
2009-01-05 11:56 ——— dc—-w c:\program files\CCleaner
2009-01-05 10:00 ——— dc—-w c:\documents and settings\Gebruiker\Application Data\Malwarebytes
2009-01-05 10:00 ——— dc—-w c:\documents and settings\All Users\Application Data\Malwarebytes
2008-12-19 18:12 ——— d—–w c:\program files\Network Associates
2008-12-18 16:55 ——— dc—-w c:\program files\AVG
2008-12-11 10:57 333,952 —-a-w c:\windows\system32\drivers\srv.sys
2007-06-18 16:28 47,360 -c–a-w c:\documents and settings\Gebruiker\Application Data\pcouffin.sys
2007-02-18 17:06 87,608 -c–a-w c:\documents and settings\Gebruiker\Application Data\ezpinst.exe
2007-02-10 20:42 337 -c–a-w c:\documents and settings\Gebruiker\Application Data\internaldb1942.dat
2007-02-07 18:25 20,480 -c–a-w c:\documents and settings\Gebruiker\Application Data\internaldb4827.dat
2006-12-01 16:08 49 -c–a-w c:\documents and settings\Gebruiker\Application Data\internaldb41.dat
2006-11-25 13:25 9,216 -c–a-w c:\documents and settings\Gebruiker\Application Data\internaldb8467.dat
2006-11-25 13:25 0 -c–a-w c:\documents and settings\Gebruiker\Application Data\internaldb6334.dat
2006-11-25 13:24 0 -c–a-w c:\documents and settings\Gebruiker\Application Data\internaldb5436.dat
2006-03-24 19:05 26,922 -c–a-w c:\program files\moviepass Terms.html
2005-11-17 10:26 0 -c–a-w c:\program files\AUTOEXEC.BAT
2005-02-04 13:41 867 -c–a-w c:\program files\asdf.txt
2005-01-31 18:57 5,042 -c–a-r c:\program files\CLDMA.LOG
2004-05-25 22:24 0 -c–a-w c:\program files\CONFIG.SYS
2001-05-24 11:59 162,304 -c–a-w c:\program files\UNWISE.EXE
1999-12-07 18:00 1,384,448 -c–a-w c:\program files\msvbvm60.dll
2005-11-24 17:54 56 -csha-r c:\windows\system32\69A2D02CB7.sys
2005-11-24 17:54 1,682 -csha-w c:\windows\system32\KGyGaAvL.sys
2008-09-02 15:17 32,768 –sha-w c:\windows\system32\config\systemprofile\Local Settings\Geschiedenis\History.IE5\MSHist012008090220080903\index.dat
.
((((((((((((((((((((((((((((( snapshot@2009-01-30_18.44.26,09 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-12-19 18:14:19 26,824 —-a-w c:\windows\system32\drivers\avgmfx86.sys
+ 2009-02-04 16:31:06 27,656 —-a-w c:\windows\system32\drivers\avgmfx86.sys
+ 2009-02-04 16:22:48 16,384 —-atw c:\windows\Temp\Perflib_Perfdata_7b8.dat
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"NBJ"="c:\program files\Ahead\Nero BackItUp\NBJ.exe" [2005-07-14 1961984]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2004-12-15 5513216]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 32768]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"InCD"="c:\program files\Ahead\InCD\InCD.exe" [2005-04-12 1383936]
"PE2CKFNT SE"="c:\program files\Ulead Systems\Ulead Photo Express 2 SE\ChkFont.exe" [1998-07-03 25088]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-02-05 155648]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-01-10 136600]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-02-04 1601304]
"nwiz"="nwiz.exe" [2005-10-10 c:\windows\system32\nwiz.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\
Adobe Reader Snelle start.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-04-23 29696]
Pinnacle Scheduler.lnk - c:\program files\Pinnacle\Shared Files\Programs\Scheduler\PCLEScheduler.exe [2005-11-23 245760]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-02-04 17:31 10520 c:\windows\system32\avgrsstx.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.PIM1"= PCLEPIM1.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ersd.sys]
@="Driver"
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Photo Express Calendar Checker SE.lnk]
path=c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\Photo Express Calendar Checker SE.lnk
backup=c:\windows\pss\Photo Express Calendar Checker SE.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^Gebruiker^Menu Start^Programma's^Opstarten^SpywareGuard.lnk]
path=c:\documents and settings\Gebruiker\Menu Start\Programma's\Opstarten\SpywareGuard.lnk
backup=c:\windows\pss\SpywareGuard.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
–a—— 2006-01-25 05:28 7094272 c:\program files\MSN Messenger\msnmsgr.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Pinnacle\\PCTV Stereo\\TeleText\\WebServer.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\StubInstaller.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgam.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [2009-02-04 12552]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-02-04 325128]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-02-04 107272]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-02-04 298264]
R2 DriverX;DriverX;c:\windows\system32\drivers\DRIVERX.SYS [1997-03-12 25792]
R2 MarxDev1;MarxDev1;c:\windows\system32\drivers\MARXDEV1.SYS [2007-01-14 8864]
R2 MarxDev2;MarxDev2;c:\windows\system32\drivers\MARXDEV2.SYS [2007-01-14 8864]
R2 MarxDev3;MarxDev3;c:\windows\system32\drivers\MARXDEV3.SYS [2007-01-14 8864]
R2 Tdlpt;Tdlpt;c:\windows\system32\drivers\TDLPT.SYS [2007-01-14 8012]
R3 3xHybrid;Pinnacle PCTV Stereo service;c:\windows\system32\drivers\3xHybrid.sys [2005-11-23 556416]
R3 pctvvbi;PCTVVBI;c:\windows\system32\drivers\pctvvbi.sys [2005-11-23 6400]
S0 esff;esff;c:\windows\system32\drivers\esff.sys –> c:\windows\system32\drivers\esff.sys [?]
S1 ctredrv.sys;ctredrv.sys;\??\c:\windows\system32\drivers\ctredrv.sys –> c:\windows\system32\drivers\ctredrv.sys [?]
S1 ersd;ersd;\??\c:\windows\system32\drivers\ersd.sys –> c:\windows\system32\drivers\ersd.sys [?]
S3 P730C;P730C;c:\windows\system32\drivers\P730C.sys [2006-08-12 25300]
S3 P730M;P730M;c:\windows\system32\drivers\P730M.sys [2006-08-12 25300]
S3 P730U;P730U;c:\windows\system32\drivers\P730U.sys [2006-08-12 49365]
— Andere Services/Drivers In Geheugen —
*NewlyCreated* - AVG8WD
*NewlyCreated* - AVGLDX86
*NewlyCreated* - AVGMFX86
*NewlyCreated* - AVGRKX86
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ba902ec2-5b7a-11da-96c1-806d6172696f}]
\Shell\AutoRun\command - d:\bin\assetup.exe
.
Inhoud van de 'Gedeelde Taken' map
2009-02-07 c:\windows\Tasks\A46F885A91840682.job
- c:\docume~1\gebrui~1\applic~1\doesre~1\bind soap safe.exe []
2006-10-22 c:\windows\Tasks\XoftSpy.job
- c:\program files\XoftSpy\XoftSpy.exe []
.
.
——- Bijkomende Scan ——-
.
uStart Page = hxxp://google.be/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
Trusted Zone: recordgroup.be \www.home
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-07 14:20:12
Windows 5.1.2600 Service Pack 3 NTFS
scannen van verborgen processen …
scannen van verborgen autostart items …
scannen van verborgen bestanden …
Scan succesvol afgerond
verborgen bestanden: 0
**************************************************************************
.
——————— VERGRENDELDE REGISTER SLEUTELS ———————
[HKEY_USERS\S-1-5-21-1935655697-1450960922-839522115-1004\Software\Zepter Software\RegLib*c087c35c\CloneDVDmobile/1]
"1"=dword:45684247
"2"=dword:456887a7
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"cd042efbbd7f7af1647644e76e06692b"=hex:e2,63,26,f1,3f,c8,ff,68,96,90,77,5c,45,
16,a8,4f,e2,63,26,f1,3f,c8,ff,68,a2,f1,54,d9,4a,5c,ce,8e,e2,63,26,f1,3f,c8,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"bca643cdc5c2726b20d2ecedcc62c59b"=hex:6a,9c,d6,61,af,45,84,18,71,56,b3,d6,49,
f8,b9,f9,6a,9c,d6,61,af,45,84,18,3c,b5,d3,19,a7,d1,06,b2,6a,9c,d6,61,af,45,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"2c81e34222e8052573023a60d06dd016"=hex:7a,45,05,fd,91,e8,6f,31,75,34,11,c3,66,
39,5c,51,ff,7c,85,e0,43,d4,0e,fe,95,1a,5c,40,3e,49,83,6e,ff,7c,85,e0,43,d4,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"2582ae41fb52324423be06337561aa48"=hex:6b,65,49,6a,7e,99,74,f7,6e,4e,97,2a,cd,
ea,a0,59,86,8c,21,01,be,91,eb,e7,c2,e7,e4,2a,3c,3c,e0,77,86,8c,21,01,be,91,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"caaeda5fd7a9ed7697d9686d4b818472"=hex:f5,1d,4d,73,a8,13,5c,05,e5,4e,76,bb,ee,
93,40,fc,f5,1d,4d,73,a8,13,5c,05,55,b0,cb,c5,3c,eb,fb,aa,f5,1d,4d,73,a8,13,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"a4a1bcf2cc2b8bc3716b74b2b4522f5d"=hex:df,20,58,62,78,6b,cf,c8,7d,4a,8b,83,ad,
1d,f3,2a,df,20,58,62,78,6b,cf,c8,a1,0c,eb,73,e5,d0,3f,98,df,20,58,62,78,6b,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"4d370831d2c43cd13623e232fed27b7b"=hex:fb,a7,78,e6,12,2f,9a,ea,29,8f,9e,31,f0,
92,13,96,fb,a7,78,e6,12,2f,9a,ea,4b,c7,5a,b6,98,bc,40,96,fb,a7,78,e6,12,2f,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"1d68fe701cdea33e477eb204b76f993d"=hex:83,6c,56,8b,a0,85,96,ab,1d,20,e3,c0,b8,
d1,65,53,01,3a,48,fc,e8,04,4a,f1,69,c9,fc,90,2e,1a,36,7d,01,3a,48,fc,e8,04,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"1fac81b91d8e3c5aa4b0a51804d844a3"=hex:51,fa,6e,91,28,9e,14,cc,48,12,ea,d5,cc,
ff,13,d3,f6,0f,4e,58,98,5b,89,c9,c2,66,ce,3a,03,89,dc,aa,f6,0f,4e,58,98,5b,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"f5f62a6129303efb32fbe080bb27835b"=hex:b1,cd,45,5a,a8,c4,f8,b9,9e,2e,e6,b1,3e,
6b,c1,86,3d,ce,ea,26,2d,45,aa,78,72,2d,0c,b8,11,b2,da,23,3d,ce,ea,26,2d,45,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"fd4e2e1a3940b94dceb5a6a021f2e3c6"=hex:2a,b7,cc,b5,b9,7f,41,e7,63,d4,a8,5f,b0,
af,bd,63,2a,b7,cc,b5,b9,7f,41,e7,2a,3c,52,1d,d8,66,7d,7a,2a,b7,cc,b5,b9,7f,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"8a8aec57dd6508a385616fbc86791ec2"=hex:6c,43,2d,1e,aa,22,2f,9c,53,a5,42,a3,3a,
72,d1,03,6c,43,2d,1e,aa,22,2f,9c,4a,71,40,f6,51,86,fc,f0,6c,43,2d,1e,aa,22,\
.
Voltooingstijd: 2009-02-07 14:22:10
ComboFix-quarantined-files.txt 2009-02-07 13:22:04
ComboFix2.txt 2009-01-31 11:51:30
ComboFix3.txt 2009-01-30 17:46:17
Pre-Run: 21.572.362.240 bytes beschikbaar
Post-Run: 21,650,407,424 bytes beschikbaar
240 — E O F — 2009-01-14 17:02:55
mvg, - Ga naar Virustotal.com
Upload het volgende bestand door het volgende te kopiëren/plakken (dus niet via "Bladeren…" opzoeken!): [b:a0bcb170cb]c:\docume~1\gebrui~1\applic~1\doesre~1\bind soap safe.exe[/b:a0bcb170cb]
Wacht totdat het resultaat verschijnt. Post dit mee in je volgende reactie
Doe hetzelfde met dit bestand: [b:a0bcb170cb]c:\windows\Tasks\A46F885A91840682.job[/b:a0bcb170cb]
Download Flash_Disinfector.exe en plaats hem op je bureaublad: http://download.bleepingcomputer.com/sUBs/Flash_Disinfector.exe
Zorg dat de flasdrives / usbsticks / externe harde schijven ook ingestoken zijn.
Dubbelklik op Flash_Disinfector.exe om de tool te starten.
Als de tool klaar is, zal de computer opnieuw starten.
Open een kladblokbestand.
Kopieer de onderstaande code, en plak deze in het kladblokbestand. - dit bestand werkte niet met virus total
[b:0aaee87640]c:\docume~1\gebrui~1\applic~1\doesre~1\bind soap safe.exe [/b:0aaee87640]
het ander wel met volgend resultaat
Bestand A46F885A91840682.job_ ontvangen op 2009.02.08 10:13:11 (CET)
Huidig status: Laden … In wachtrij Wachtende Aan het scannen Einde NIET GEVONDEN GESTOPT
Resultaat: 0/39 (0%)
Server informatie laden…
Je bestand is in de wachtrij geplaatst, plaats: 4.
De gemiddelde starttijd ligt tussen 63 en 90 seconden.
Laat dit venster open tijdens het scannen.
De scanner die je bestand aan het verwerken was is gestopt, gelieve enkele seconden te wachten terwijl we proberen je resultaat te herstellen.
Indien u meer dan 5 minuten wachten dient U uw bestand opnieuw in te sturen.
Je bestand word op dit moment gescand door VirusTotal,
De resultaten worden weergegeven zodra ze beschikbaar zijn.
Geformatteerd Resultaten afdrukken
Je bestand is vervallen of bestaat niet.
De dienst is momenteel gestopt, je bestand staat in de wachtrij (plaats: ) voor een onbekende tijd.
Je kan deze pagina open houden en wachten (automatische refresh) of je kan je e-mailadres hieronder invullen en op "Aanvraag verzenden" klikken zodat je de resultaten per mail ontvangt.
E-mail:
Antivirus Versie Laatst geüpdatet Resultaat
a-squared 4.0.0.93 2009.02.08 -
AhnLab-V3 5.0.0.2 2009.02.07 -
AntiVir 7.9.0.76 2009.02.07 -
Authentium 5.1.0.4 2009.02.07 -
Avast 4.8.1335.0 2009.02.07 -
AVG 8.0.0.229 2009.02.07 -
BitDefender 7.2 2009.02.08 -
CAT-QuickHeal 10.00 2009.02.07 -
ClamAV 0.94.1 2009.02.08 -
Comodo 971 2009.02.08 -
DrWeb 4.44.0.09170 2009.02.08 -
eSafe 7.0.17.0 2009.02.05 -
eTrust-Vet 31.6.6346 2009.02.07 -
F-Prot 4.4.4.56 2009.02.07 -
F-Secure 8.0.14470.0 2009.02.08 -
Fortinet 3.117.0.0 2009.02.08 -
GData 19 2009.02.08 -
Ikarus T3.1.1.45.0 2009.02.08 -
K7AntiVirus 7.10.623 2009.02.07 -
Kaspersky 7.0.0.125 2009.02.08 -
McAfee 5518 2009.02.07 -
McAfee+Artemis 5518 2009.02.06 -
Microsoft 1.4306 2009.02.08 -
NOD32 3836 2009.02.07 -
Norman 6.00.02 2009.02.06 -
nProtect 2009.1.8.0 2009.02.08 -
Panda 9.5.1.2 2009.02.07 -
PCTools 4.4.2.0 2009.02.07 -
Prevx1 V2 2009.02.08 -
Rising 21.15.50.00 2009.02.07 -
SecureWeb-Gateway 6.7.6 2009.02.08 -
Sophos 4.38.0 2009.02.08 -
Sunbelt 3.2.1847.2 2009.02.07 -
Symantec 10 2009.02.08 -
TheHacker 6.3.1.5.249 2009.02.08 -
TrendMicro 8.700.0.1004 2009.02.06 -
VBA32 3.12.8.12 2009.02.08 -
ViRobot 2009.2.6.1594 2009.02.06 -
VirusBuster 4.5.11.0 2009.02.07 -
Extra informatie
File size: 278 bytes
MD5…: bf75a20168ebcfb8f3de579375739374
SHA1..: 30bcce2f314ef9c72d6af47f963cc1db1647dbe2
SHA256: d0c5743ef1b50fc9fde222f353aa7e6ee1ab4255105e87c9ca5c5c0320ce32f2
SHA512: 2cfbadeb0acb4601c67cb5f4a914e23dd57fd00d76a5407d2e1cd93ac066276d
4f6ce6dd4d513eff4e5ddafa856d535e05e186f5067fc3b34812184599265206
ssdeep: 3:BIVmajRT//t2WSlXv/l/el50yQh4lHNVi+lQGvlAiXlABFblfLMF6LlAAttYuv
/V:Qht2W0kGD+7QGvlJsLY+dtSuuXkle81
PEiD..: -
TrID..: File type identification
Unknown!
[b:0aaee87640]de resultaten van combofix[/b:0aaee87640]
ComboFix 09-02-06.04 - Gebruiker 2009-02-08 10:48:19.4 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.31.1043.18.1023.607 [GMT 1:00]
Gestart vanuit: c:\documents and settings\Gebruiker\Bureaublad\ComboFix.exe
gebruikte Opdracht switches :: c:\documents and settings\Gebruiker\Bureaublad\CFScript.txt
AV: AVG Anti-Virus *On-access scanning enabled* (Updated)
* Nieuw herstelpunt werd aangemaakt
.
(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
——-\Legacy_ERSD
——-\Legacy_ESFF
——-\Service_ersd
——-\Service_esff
(((((((((((((((((((( Bestanden Gemaakt van 2009-01-08 to 2009-02-08 ))))))))))))))))))))))))))))))
.
2009-02-05 13:53 . 2009-02-05 14:24 <DIR> d–h-c— C:\$AVG8.VAULT$
2009-02-04 17:31 . 2009-02-07 17:25 <DIR> d——– c:\windows\system32\drivers\Avg
2009-02-04 17:31 . 2009-02-07 14:04 <DIR> d—-c— c:\documents and settings\Gebruiker\Application Data\AVGTOOLBAR
2009-02-04 17:31 . 2009-02-04 17:31 325,128 –a—— c:\windows\system32\drivers\avgldx86.sys
2009-02-04 17:31 . 2009-02-04 17:31 107,272 –a—— c:\windows\system32\drivers\avgtdix.sys
2009-02-04 17:31 . 2009-02-04 17:31 12,552 –a—— c:\windows\system32\drivers\avgrkx86.sys
2009-02-04 17:31 . 2009-02-04 17:31 10,520 –a—— c:\windows\system32\avgrsstx.dll
2009-02-04 17:30 . 2009-02-04 17:30 <DIR> d—-c— c:\documents and settings\All Users\Application Data\avg8
2009-01-10 16:37 . 2009-01-10 16:37 410,984 –a—— c:\windows\system32\deploytk.dll
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-31 12:33 ——— dc—-w c:\program files\SpywareGuard
2009-01-31 12:17 ——— d–h–w c:\program files\InstallShield Installation Information
2009-01-31 12:16 ——— dc—-w c:\program files\Mobile Action
2009-01-31 12:06 ——— dc—-w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-01-31 12:06 ——— d—–w c:\program files\Spybot - Search & Destroy
2009-01-31 12:04 ——— dc—-w c:\program files\Iomega
2009-01-30 10:00 ——— dc—-w c:\program files\Malwarebytes' Anti-Malware
2009-01-14 15:11 38,496 —-a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-01-14 15:11 15,504 —-a-w c:\windows\system32\drivers\mbam.sys
2009-01-10 15:37 ——— d—–w c:\program files\Java
2009-01-05 11:56 ——— dc—-w c:\program files\TeaTimer (Spybot - Search & Destroy)
2009-01-05 11:56 ——— dc—-w c:\program files\SDHelper (Spybot - Search & Destroy)
2009-01-05 11:56 ——— dc—-w c:\program files\Misc. Support Library (Spybot - Search & Destroy)
2009-01-05 11:56 ——— dc—-w c:\program files\File Scanner Library (Spybot - Search & Destroy)
2009-01-05 11:56 ——— dc—-w c:\program files\CCleaner
2009-01-05 10:00 ——— dc—-w c:\documents and settings\Gebruiker\Application Data\Malwarebytes
2009-01-05 10:00 ——— dc—-w c:\documents and settings\All Users\Application Data\Malwarebytes
2008-12-19 18:12 ——— d—–w c:\program files\Network Associates
2008-12-18 16:55 ——— dc—-w c:\program files\AVG
2008-12-11 10:57 333,952 —-a-w c:\windows\system32\drivers\srv.sys
2007-06-18 16:28 47,360 -c–a-w c:\documents and settings\Gebruiker\Application Data\pcouffin.sys
2007-02-18 17:06 87,608 -c–a-w c:\documents and settings\Gebruiker\Application Data\ezpinst.exe
2007-02-10 20:42 337 -c–a-w c:\documents and settings\Gebruiker\Application Data\internaldb1942.dat
2007-02-07 18:25 20,480 -c–a-w c:\documents and settings\Gebruiker\Application Data\internaldb4827.dat
2006-12-01 16:08 49 -c–a-w c:\documents and settings\Gebruiker\Application Data\internaldb41.dat
2006-11-25 13:25 9,216 -c–a-w c:\documents and settings\Gebruiker\Application Data\internaldb8467.dat
2006-11-25 13:25 0 -c–a-w c:\documents and settings\Gebruiker\Application Data\internaldb6334.dat
2006-11-25 13:24 0 -c–a-w c:\documents and settings\Gebruiker\Application Data\internaldb5436.dat
2006-03-24 19:05 26,922 -c–a-w c:\program files\moviepass Terms.html
2005-11-17 10:26 0 -c–a-w c:\program files\AUTOEXEC.BAT
2005-02-04 13:41 867 -c–a-w c:\program files\asdf.txt
2005-01-31 18:57 5,042 -c–a-r c:\program files\CLDMA.LOG
2004-05-25 22:24 0 -c–a-w c:\program files\CONFIG.SYS
2001-05-24 11:59 162,304 -c–a-w c:\program files\UNWISE.EXE
1999-12-07 18:00 1,384,448 -c–a-w c:\program files\msvbvm60.dll
2005-11-24 17:54 56 -csha-r c:\windows\system32\69A2D02CB7.sys
2005-11-24 17:54 1,682 -csha-w c:\windows\system32\KGyGaAvL.sys
2008-09-02 15:17 32,768 –sha-w c:\windows\system32\config\systemprofile\Local Settings\Geschiedenis\History.IE5\MSHist012008090220080903\index.dat
.
((((((((((((((((((((((((((((( snapshot@2009-01-30_18.44.26,09 )))))))))))))))))))))))))))))))))))))))))
.
+ 2005-10-20 19:02:28 163,328 —-a-w c:\windows\ERDNT\subs\ERDNT.EXE
- 2008-12-19 18:14:19 26,824 —-a-w c:\windows\system32\drivers\avgmfx86.sys
+ 2009-02-04 16:31:06 27,656 —-a-w c:\windows\system32\drivers\avgmfx86.sys
+ 2009-02-08 09:51:58 16,384 —-atw c:\windows\Temp\Perflib_Perfdata_c8.dat
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"NBJ"="c:\program files\Ahead\Nero BackItUp\NBJ.exe" [2005-07-14 1961984]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2004-12-15 5513216]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 32768]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"InCD"="c:\program files\Ahead\InCD\InCD.exe" [2005-04-12 1383936]
"PE2CKFNT SE"="c:\program files\Ulead Systems\Ulead Photo Express 2 SE\ChkFont.exe" [1998-07-03 25088]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-02-05 155648]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-01-10 136600]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-02-04 1601304]
"nwiz"="nwiz.exe" [2005-10-10 c:\windows\system32\nwiz.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\
Adobe Reader Snelle start.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-04-23 29696]
Pinnacle Scheduler.lnk - c:\program files\Pinnacle\Shared Files\Programs\Scheduler\PCLEScheduler.exe [2005-11-23 245760]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-02-04 17:31 10520 c:\windows\system32\avgrsstx.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.PIM1"= PCLEPIM1.dll
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Photo Express Calendar Checker SE.lnk]
path=c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\Photo Express Calendar Checker SE.lnk
backup=c:\windows\pss\Photo Express Calendar Checker SE.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^Gebruiker^Menu Start^Programma's^Opstarten^SpywareGuard.lnk]
path=c:\documents and settings\Gebruiker\Menu Start\Programma's\Opstarten\SpywareGuard.lnk
backup=c:\windows\pss\SpywareGuard.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
–a—— 2006-01-25 05:28 7094272 c:\program files\MSN Messenger\msnmsgr.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Pinnacle\\PCTV Stereo\\TeleText\\WebServer.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\StubInstaller.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgam.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [2009-02-04 12552]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-02-04 325128]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-02-04 107272]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-02-04 298264]
R2 DriverX;DriverX;c:\windows\system32\drivers\DRIVERX.SYS [1997-03-12 25792]
R2 MarxDev1;MarxDev1;c:\windows\system32\drivers\MARXDEV1.SYS [2007-01-14 8864]
R2 MarxDev2;MarxDev2;c:\windows\system32\drivers\MARXDEV2.SYS [2007-01-14 8864]
R2 MarxDev3;MarxDev3;c:\windows\system32\drivers\MARXDEV3.SYS [2007-01-14 8864]
R2 Tdlpt;Tdlpt;c:\windows\system32\drivers\TDLPT.SYS [2007-01-14 8012]
R3 3xHybrid;Pinnacle PCTV Stereo service;c:\windows\system32\drivers\3xHybrid.sys [2005-11-23 556416]
R3 pctvvbi;PCTVVBI;c:\windows\system32\drivers\pctvvbi.sys [2005-11-23 6400]
S1 ctredrv.sys;ctredrv.sys;\??\c:\windows\system32\drivers\ctredrv.sys –> c:\windows\system32\drivers\ctredrv.sys [?]
S3 P730C;P730C;c:\windows\system32\drivers\P730C.sys [2006-08-12 25300]
S3 P730M;P730M;c:\windows\system32\drivers\P730M.sys [2006-08-12 25300]
S3 P730U;P730U;c:\windows\system32\drivers\P730U.sys [2006-08-12 49365]
.
Inhoud van de 'Gedeelde Taken' map
2009-02-08 c:\windows\Tasks\A46F885A91840682.job
- c:\docume~1\gebrui~1\applic~1\doesre~1\bind soap safe.exe []
2006-10-22 c:\windows\Tasks\XoftSpy.job
- c:\program files\XoftSpy\XoftSpy.exe []
.
- - - - ORPHANS VERWIJDERD - - - -
SafeBoot-ersd.sys
.
——- Bijkomende Scan ——-
.
uStart Page = hxxp://google.be/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
Trusted Zone: recordgroup.be \www.home
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-08 10:52:12
Windows 5.1.2600 Service Pack 3 NTFS
scannen van verborgen processen …
scannen van verborgen autostart items …
scannen van verborgen bestanden …
Scan succesvol afgerond
verborgen bestanden: 0
**************************************************************************
.
——————— VERGRENDELDE REGISTER SLEUTELS ———————
[HKEY_USERS\S-1-5-21-1935655697-1450960922-839522115-1004\Software\Zepter Software\RegLib*c087c35c\CloneDVDmobile/1]
"1"=dword:45684247
"2"=dword:456887a7
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"cd042efbbd7f7af1647644e76e06692b"=hex:e2,63,26,f1,3f,c8,ff,68,96,90,77,5c,45,
16,a8,4f,e2,63,26,f1,3f,c8,ff,68,a2,f1,54,d9,4a,5c,ce,8e,e2,63,26,f1,3f,c8,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"bca643cdc5c2726b20d2ecedcc62c59b"=hex:6a,9c,d6,61,af,45,84,18,71,56,b3,d6,49,
f8,b9,f9,6a,9c,d6,61,af,45,84,18,3c,b5,d3,19,a7,d1,06,b2,6a,9c,d6,61,af,45,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"2c81e34222e8052573023a60d06dd016"=hex:7a,45,05,fd,91,e8,6f,31,75,34,11,c3,66,
39,5c,51,ff,7c,85,e0,43,d4,0e,fe,95,1a,5c,40,3e,49,83,6e,ff,7c,85,e0,43,d4,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"2582ae41fb52324423be06337561aa48"=hex:6b,65,49,6a,7e,99,74,f7,6e,4e,97,2a,cd,
ea,a0,59,86,8c,21,01,be,91,eb,e7,c2,e7,e4,2a,3c,3c,e0,77,86,8c,21,01,be,91,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"caaeda5fd7a9ed7697d9686d4b818472"=hex:f5,1d,4d,73,a8,13,5c,05,e5,4e,76,bb,ee,
93,40,fc,f5,1d,4d,73,a8,13,5c,05,55,b0,cb,c5,3c,eb,fb,aa,f5,1d,4d,73,a8,13,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"a4a1bcf2cc2b8bc3716b74b2b4522f5d"=hex:df,20,58,62,78,6b,cf,c8,7d,4a,8b,83,ad,
1d,f3,2a,df,20,58,62,78,6b,cf,c8,a1,0c,eb,73,e5,d0,3f,98,df,20,58,62,78,6b,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"4d370831d2c43cd13623e232fed27b7b"=hex:fb,a7,78,e6,12,2f,9a,ea,29,8f,9e,31,f0,
92,13,96,fb,a7,78,e6,12,2f,9a,ea,4b,c7,5a,b6,98,bc,40,96,fb,a7,78,e6,12,2f,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"1d68fe701cdea33e477eb204b76f993d"=hex:83,6c,56,8b,a0,85,96,ab,1d,20,e3,c0,b8,
d1,65,53,01,3a,48,fc,e8,04,4a,f1,69,c9,fc,90,2e,1a,36,7d,01,3a,48,fc,e8,04,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"1fac81b91d8e3c5aa4b0a51804d844a3"=hex:51,fa,6e,91,28,9e,14,cc,48,12,ea,d5,cc,
ff,13,d3,f6,0f,4e,58,98,5b,89,c9,c2,66,ce,3a,03,89,dc,aa,f6,0f,4e,58,98,5b,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"f5f62a6129303efb32fbe080bb27835b"=hex:b1,cd,45,5a,a8,c4,f8,b9,9e,2e,e6,b1,3e,
6b,c1,86,3d,ce,ea,26,2d,45,aa,78,72,2d,0c,b8,11,b2,da,23,3d,ce,ea,26,2d,45,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"fd4e2e1a3940b94dceb5a6a021f2e3c6"=hex:2a,b7,cc,b5,b9,7f,41,e7,63,d4,a8,5f,b0,
af,bd,63,2a,b7,cc,b5,b9,7f,41,e7,2a,3c,52,1d,d8,66,7d,7a,2a,b7,cc,b5,b9,7f,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"8a8aec57dd6508a385616fbc86791ec2"=hex:6c,43,2d,1e,aa,22,2f,9c,53,a5,42,a3,3a,
72,d1,03,6c,43,2d,1e,aa,22,2f,9c,4a,71,40,f6,51,86,fc,f0,6c,43,2d,1e,aa,22,\
.
———————— Andere Aktieve Processen ————————
.
c:\program files\Ahead\InCD\InCDsrv.exe
c:\windows\system32\brsvc01a.exe
c:\windows\system32\brss01a.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\nvsvc32.exe
c:\windows\system32\wdfmgr.exe
c:\windows\system32\wscntfy.exe
c:\progra~1\AVG\AVG8\avgam.exe
c:\program files\AVG\AVG8\avgrsx.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
c:\windows\system32\rundll32.exe
.
**************************************************************************
.
Voltooingstijd: 2009-02-08 10:55:29 - machine werd herstart
ComboFix-quarantined-files.txt 2009-02-08 09:55:26
ComboFix2.txt 2009-02-07 13:22:12
ComboFix3.txt 2009-01-31 11:51:30
ComboFix4.txt 2009-01-30 17:46:17
Pre-Run: 21.669.814.272 bytes beschikbaar
Post-Run: 21,593,034,752 bytes beschikbaar
255 — E O F — 2009-01-14 17:02:55
mvg, - Ga nu naar Start -> Uitvoeren
Typ hier dit commando in: [b:102b79e2da]sc stop ctredrv[/b:102b79e2da] en druk op OK.
Open een kladblokbestand.
Kopieer de onderstaande code, en plak deze in het kladblokbestand. - ComboFix 09-02-08.02 - Gebruiker 2009-02-09 20:44:05.5 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.31.1043.18.1023.516 [GMT 1:00]
Gestart vanuit: c:\documents and settings\Gebruiker\Bureaublad\ComboFix.exe
gebruikte Opdracht switches :: c:\documents and settings\Gebruiker\Bureaublad\CFScript.txt
AV: AVG Anti-Virus *On-access scanning disabled* (Updated)
* Nieuw herstelpunt werd aangemaakt
FILE ::
c:\windows\system32\drivers\ctredrv.sys
.
(((((((((((((((((((( Bestanden Gemaakt van 2009-01-09 to 2009-02-09 ))))))))))))))))))))))))))))))
.
2009-02-05 13:53 . 2009-02-05 14:24 <DIR> d–h-c— C:\$AVG8.VAULT$
2009-02-04 17:31 . 2009-02-09 13:25 <DIR> d——– c:\windows\system32\drivers\Avg
2009-02-04 17:31 . 2009-02-07 14:04 <DIR> d—-c— c:\documents and settings\Gebruiker\Application Data\AVGTOOLBAR
2009-02-04 17:31 . 2009-02-04 17:31 325,128 –a—— c:\windows\system32\drivers\avgldx86.sys
2009-02-04 17:31 . 2009-02-04 17:31 107,272 –a—— c:\windows\system32\drivers\avgtdix.sys
2009-02-04 17:31 . 2009-02-04 17:31 12,552 –a—— c:\windows\system32\drivers\avgrkx86.sys
2009-02-04 17:31 . 2009-02-04 17:31 10,520 –a—— c:\windows\system32\avgrsstx.dll
2009-02-04 17:30 . 2009-02-04 17:30 <DIR> d—-c— c:\documents and settings\All Users\Application Data\avg8
2009-01-10 16:37 . 2009-01-10 16:37 410,984 –a—— c:\windows\system32\deploytk.dll
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-31 12:33 ——— dc—-w c:\program files\SpywareGuard
2009-01-31 12:17 ——— d–h–w c:\program files\InstallShield Installation Information
2009-01-31 12:16 ——— dc—-w c:\program files\Mobile Action
2009-01-31 12:06 ——— dc—-w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-01-31 12:06 ——— d—–w c:\program files\Spybot - Search & Destroy
2009-01-31 12:04 ——— dc—-w c:\program files\Iomega
2009-01-30 10:00 ——— dc—-w c:\program files\Malwarebytes' Anti-Malware
2009-01-14 15:11 38,496 —-a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-01-14 15:11 15,504 —-a-w c:\windows\system32\drivers\mbam.sys
2009-01-10 15:37 ——— d—–w c:\program files\Java
2009-01-05 11:56 ——— dc—-w c:\program files\TeaTimer (Spybot - Search & Destroy)
2009-01-05 11:56 ——— dc—-w c:\program files\SDHelper (Spybot - Search & Destroy)
2009-01-05 11:56 ——— dc—-w c:\program files\Misc. Support Library (Spybot - Search & Destroy)
2009-01-05 11:56 ——— dc—-w c:\program files\File Scanner Library (Spybot - Search & Destroy)
2009-01-05 11:56 ——— dc—-w c:\program files\CCleaner
2009-01-05 10:00 ——— dc—-w c:\documents and settings\Gebruiker\Application Data\Malwarebytes
2009-01-05 10:00 ——— dc—-w c:\documents and settings\All Users\Application Data\Malwarebytes
2008-12-19 18:12 ——— d—–w c:\program files\Network Associates
2008-12-18 16:55 ——— dc—-w c:\program files\AVG
2008-12-11 10:57 333,952 —-a-w c:\windows\system32\drivers\srv.sys
2007-06-18 16:28 47,360 -c–a-w c:\documents and settings\Gebruiker\Application Data\pcouffin.sys
2007-02-18 17:06 87,608 -c–a-w c:\documents and settings\Gebruiker\Application Data\ezpinst.exe
2007-02-10 20:42 337 -c–a-w c:\documents and settings\Gebruiker\Application Data\internaldb1942.dat
2007-02-07 18:25 20,480 -c–a-w c:\documents and settings\Gebruiker\Application Data\internaldb4827.dat
2006-12-01 16:08 49 -c–a-w c:\documents and settings\Gebruiker\Application Data\internaldb41.dat
2006-11-25 13:25 9,216 -c–a-w c:\documents and settings\Gebruiker\Application Data\internaldb8467.dat
2006-11-25 13:25 0 -c–a-w c:\documents and settings\Gebruiker\Application Data\internaldb6334.dat
2006-11-25 13:24 0 -c–a-w c:\documents and settings\Gebruiker\Application Data\internaldb5436.dat
2006-03-24 19:05 26,922 -c–a-w c:\program files\moviepass Terms.html
2005-11-17 10:26 0 -c–a-w c:\program files\AUTOEXEC.BAT
2005-02-04 13:41 867 -c–a-w c:\program files\asdf.txt
2005-01-31 18:57 5,042 -c–a-r c:\program files\CLDMA.LOG
2004-05-25 22:24 0 -c–a-w c:\program files\CONFIG.SYS
2001-05-24 11:59 162,304 -c–a-w c:\program files\UNWISE.EXE
1999-12-07 18:00 1,384,448 -c–a-w c:\program files\msvbvm60.dll
2005-11-24 17:54 56 -csha-r c:\windows\system32\69A2D02CB7.sys
2005-11-24 17:54 1,682 -csha-w c:\windows\system32\KGyGaAvL.sys
2008-09-02 15:17 32,768 –sha-w c:\windows\system32\config\systemprofile\Local Settings\Geschiedenis\History.IE5\MSHist012008090220080903\index.dat
.
((((((((((((((((((((((((((((( snapshot@2009-01-30_18.44.26,09 )))))))))))))))))))))))))))))))))))))))))
.
+ 2005-10-20 19:02:28 163,328 —-a-w c:\windows\ERDNT\subs\ERDNT.EXE
- 2008-12-19 18:14:19 26,824 —-a-w c:\windows\system32\drivers\avgmfx86.sys
+ 2009-02-04 16:31:06 27,656 —-a-w c:\windows\system32\drivers\avgmfx86.sys
+ 2009-02-08 09:51:58 16,384 —-atw c:\windows\Temp\Perflib_Perfdata_c8.dat
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"NBJ"="c:\program files\Ahead\Nero BackItUp\NBJ.exe" [2005-07-14 1961984]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2004-12-15 5513216]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 32768]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"InCD"="c:\program files\Ahead\InCD\InCD.exe" [2005-04-12 1383936]
"PE2CKFNT SE"="c:\program files\Ulead Systems\Ulead Photo Express 2 SE\ChkFont.exe" [1998-07-03 25088]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-02-05 155648]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-01-10 136600]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-02-04 1601304]
"nwiz"="nwiz.exe" [2005-10-10 c:\windows\system32\nwiz.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\
Adobe Reader Snelle start.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-04-23 29696]
Pinnacle Scheduler.lnk - c:\program files\Pinnacle\Shared Files\Programs\Scheduler\PCLEScheduler.exe [2005-11-23 245760]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-02-04 17:31 10520 c:\windows\system32\avgrsstx.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.PIM1"= PCLEPIM1.dll
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Photo Express Calendar Checker SE.lnk]
path=c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\Photo Express Calendar Checker SE.lnk
backup=c:\windows\pss\Photo Express Calendar Checker SE.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^Gebruiker^Menu Start^Programma's^Opstarten^SpywareGuard.lnk]
path=c:\documents and settings\Gebruiker\Menu Start\Programma's\Opstarten\SpywareGuard.lnk
backup=c:\windows\pss\SpywareGuard.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
–a—— 2006-01-25 05:28 7094272 c:\program files\MSN Messenger\msnmsgr.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Pinnacle\\PCTV Stereo\\TeleText\\WebServer.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\StubInstaller.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgam.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [2009-02-04 12552]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-02-04 325128]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-02-04 107272]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-02-04 298264]
R2 DriverX;DriverX;c:\windows\system32\drivers\DRIVERX.SYS [1997-03-12 25792]
R2 MarxDev1;MarxDev1;c:\windows\system32\drivers\MARXDEV1.SYS [2007-01-14 8864]
R2 MarxDev2;MarxDev2;c:\windows\system32\drivers\MARXDEV2.SYS [2007-01-14 8864]
R2 MarxDev3;MarxDev3;c:\windows\system32\drivers\MARXDEV3.SYS [2007-01-14 8864]
R2 Tdlpt;Tdlpt;c:\windows\system32\drivers\TDLPT.SYS [2007-01-14 8012]
R3 3xHybrid;Pinnacle PCTV Stereo service;c:\windows\system32\drivers\3xHybrid.sys [2005-11-23 556416]
R3 pctvvbi;PCTVVBI;c:\windows\system32\drivers\pctvvbi.sys [2005-11-23 6400]
S1 ctredrv.sys;ctredrv.sys;\??\c:\windows\system32\drivers\ctredrv.sys –> c:\windows\system32\drivers\ctredrv.sys [?]
S3 P730C;P730C;c:\windows\system32\drivers\P730C.sys [2006-08-12 25300]
S3 P730M;P730M;c:\windows\system32\drivers\P730M.sys [2006-08-12 25300]
S3 P730U;P730U;c:\windows\system32\drivers\P730U.sys [2006-08-12 49365]
.
Inhoud van de 'Gedeelde Taken' map
2009-02-09 c:\windows\Tasks\A46F885A91840682.job
- c:\docume~1\gebrui~1\applic~1\doesre~1\bind soap safe.exe []
2006-10-22 c:\windows\Tasks\XoftSpy.job
- c:\program files\XoftSpy\XoftSpy.exe []
.
.
——- Bijkomende Scan ——-
.
uStart Page = hxxp://google.be/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
Trusted Zone: recordgroup.be \www.home
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-09 20:46:21
Windows 5.1.2600 Service Pack 3 NTFS
scannen van verborgen processen …
scannen van verborgen autostart items …
scannen van verborgen bestanden …
Scan succesvol afgerond
verborgen bestanden: 0
**************************************************************************
.
——————— VERGRENDELDE REGISTER SLEUTELS ———————
[HKEY_USERS\S-1-5-21-1935655697-1450960922-839522115-1004\Software\Zepter Software\RegLib*c087c35c\CloneDVDmobile/1]
"1"=dword:45684247
"2"=dword:456887a7
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"cd042efbbd7f7af1647644e76e06692b"=hex:e2,63,26,f1,3f,c8,ff,68,96,90,77,5c,45,
16,a8,4f,e2,63,26,f1,3f,c8,ff,68,a2,f1,54,d9,4a,5c,ce,8e,e2,63,26,f1,3f,c8,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"bca643cdc5c2726b20d2ecedcc62c59b"=hex:6a,9c,d6,61,af,45,84,18,71,56,b3,d6,49,
f8,b9,f9,6a,9c,d6,61,af,45,84,18,3c,b5,d3,19,a7,d1,06,b2,6a,9c,d6,61,af,45,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"2c81e34222e8052573023a60d06dd016"=hex:7a,45,05,fd,91,e8,6f,31,75,34,11,c3,66,
39,5c,51,ff,7c,85,e0,43,d4,0e,fe,95,1a,5c,40,3e,49,83,6e,ff,7c,85,e0,43,d4,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"2582ae41fb52324423be06337561aa48"=hex:6b,65,49,6a,7e,99,74,f7,6e,4e,97,2a,cd,
ea,a0,59,86,8c,21,01,be,91,eb,e7,c2,e7,e4,2a,3c,3c,e0,77,86,8c,21,01,be,91,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"caaeda5fd7a9ed7697d9686d4b818472"=hex:f5,1d,4d,73,a8,13,5c,05,e5,4e,76,bb,ee,
93,40,fc,f5,1d,4d,73,a8,13,5c,05,55,b0,cb,c5,3c,eb,fb,aa,f5,1d,4d,73,a8,13,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"a4a1bcf2cc2b8bc3716b74b2b4522f5d"=hex:df,20,58,62,78,6b,cf,c8,7d,4a,8b,83,ad,
1d,f3,2a,df,20,58,62,78,6b,cf,c8,a1,0c,eb,73,e5,d0,3f,98,df,20,58,62,78,6b,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"4d370831d2c43cd13623e232fed27b7b"=hex:fb,a7,78,e6,12,2f,9a,ea,29,8f,9e,31,f0,
92,13,96,fb,a7,78,e6,12,2f,9a,ea,4b,c7,5a,b6,98,bc,40,96,fb,a7,78,e6,12,2f,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"1d68fe701cdea33e477eb204b76f993d"=hex:83,6c,56,8b,a0,85,96,ab,1d,20,e3,c0,b8,
d1,65,53,01,3a,48,fc,e8,04,4a,f1,69,c9,fc,90,2e,1a,36,7d,01,3a,48,fc,e8,04,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"1fac81b91d8e3c5aa4b0a51804d844a3"=hex:51,fa,6e,91,28,9e,14,cc,48,12,ea,d5,cc,
ff,13,d3,f6,0f,4e,58,98,5b,89,c9,c2,66,ce,3a,03,89,dc,aa,f6,0f,4e,58,98,5b,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"f5f62a6129303efb32fbe080bb27835b"=hex:b1,cd,45,5a,a8,c4,f8,b9,9e,2e,e6,b1,3e,
6b,c1,86,3d,ce,ea,26,2d,45,aa,78,72,2d,0c,b8,11,b2,da,23,3d,ce,ea,26,2d,45,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"fd4e2e1a3940b94dceb5a6a021f2e3c6"=hex:2a,b7,cc,b5,b9,7f,41,e7,63,d4,a8,5f,b0,
af,bd,63,2a,b7,cc,b5,b9,7f,41,e7,2a,3c,52,1d,d8,66,7d,7a,2a,b7,cc,b5,b9,7f,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"8a8aec57dd6508a385616fbc86791ec2"=hex:6c,43,2d,1e,aa,22,2f,9c,53,a5,42,a3,3a,
72,d1,03,6c,43,2d,1e,aa,22,2f,9c,4a,71,40,f6,51,86,fc,f0,6c,43,2d,1e,aa,22,\
.
Voltooingstijd: 2009-02-09 20:48:27
ComboFix-quarantined-files.txt 2009-02-09 19:48:25
ComboFix2.txt 2009-02-08 09:55:31
ComboFix3.txt 2009-02-07 13:22:12
ComboFix4.txt 2009-01-31 11:51:30
ComboFix5.txt 2009-02-09 19:43:24
Pre-Run: 21.505.114.112 bytes beschikbaar
Post-Run: 21,500,588,032 bytes beschikbaar
230 — E O F — 2009-01-14 17:02:55
mvg, - U]LopSD (by eric 71)
De-activeer bij dit tooltje je antispyware en virusscanner
Download LopSD naar je Bureaublad
* Kies Optie N en Enter
* Klik OK bij het informatie venter
* Kies Optie 2 en Enter
* Aan het eind verschijnt een log ( LopR.txt ) plaats de inhoud ervan in je volgende antwoord samen met een nieuw ComboFix logje.
Vista gebruikers:rechtsklik op LopSD en kies voor "Als Administrator uitvoeren" - sorry maar ik begrijp niet goed wat ik nu moet uitvoeren!
Kan je wat meer uitleg verschaffen aub?
mvg, - [u:80c293525f]LopSD (by eric 71)[/u:80c293525f]
De-activeer bij dit tooltje je antispyware en virusscanner
Download LopSD naar je Bureaublad
* Kies Optie N en Enter
* Klik OK bij het informatie venter
* Kies Optie 2 en Enter
* Aan het eind verschijnt een log ( LopR.txt ) plaats de inhoud ervan in je volgende antwoord samen met een nieuw ComboFix logje.
Vista gebruikers:rechtsklik op LopSD en kies voor "Als Administrator uitvoeren" - ComboFix 09-02-10.03 - Gebruiker 2009-02-11 16:31:02.6 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.31.1043.18.1023.497 [GMT 1:00]
Gestart vanuit: c:\documents and settings\Gebruiker\Bureaublad\ComboFix.exe
AV: AVG Anti-Virus *On-access scanning disabled* (Updated)
* Nieuw herstelpunt werd aangemaakt
.
(((((((((((((((((((( Bestanden Gemaakt van 2009-01-11 to 2009-02-11 ))))))))))))))))))))))))))))))
.
2009-02-11 16:14 . 2009-02-11 16:18 <DIR> d—-c— C:\Lop SD
2009-02-05 13:53 . 2009-02-05 14:24 <DIR> d–h-c— C:\$AVG8.VAULT$
2009-02-04 17:31 . 2009-02-11 13:25 <DIR> d——– c:\windows\system32\drivers\Avg
2009-02-04 17:31 . 2009-02-07 14:04 <DIR> d—-c— c:\documents and settings\Gebruiker\Application Data\AVGTOOLBAR
2009-02-04 17:31 . 2009-02-04 17:31 325,128 –a—— c:\windows\system32\drivers\avgldx86.sys
2009-02-04 17:31 . 2009-02-04 17:31 107,272 –a—— c:\windows\system32\drivers\avgtdix.sys
2009-02-04 17:31 . 2009-02-04 17:31 12,552 –a—— c:\windows\system32\drivers\avgrkx86.sys
2009-02-04 17:31 . 2009-02-04 17:31 10,520 –a—— c:\windows\system32\avgrsstx.dll
2009-02-04 17:30 . 2009-02-04 17:30 <DIR> d—-c— c:\documents and settings\All Users\Application Data\avg8
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-31 12:33 ——— dc—-w c:\program files\SpywareGuard
2009-01-31 12:17 ——— d–h–w c:\program files\InstallShield Installation Information
2009-01-31 12:16 ——— dc—-w c:\program files\Mobile Action
2009-01-31 12:06 ——— dc—-w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-01-31 12:06 ——— d—–w c:\program files\Spybot - Search & Destroy
2009-01-31 12:04 ——— dc—-w c:\program files\Iomega
2009-01-30 10:00 ——— dc—-w c:\program files\Malwarebytes' Anti-Malware
2009-01-14 15:11 38,496 —-a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-01-14 15:11 15,504 —-a-w c:\windows\system32\drivers\mbam.sys
2009-01-10 15:37 410,984 —-a-w c:\windows\system32\deploytk.dll
2009-01-10 15:37 ——— d—–w c:\program files\Java
2009-01-05 11:56 ——— dc—-w c:\program files\TeaTimer (Spybot - Search & Destroy)
2009-01-05 11:56 ——— dc—-w c:\program files\SDHelper (Spybot - Search & Destroy)
2009-01-05 11:56 ——— dc—-w c:\program files\Misc. Support Library (Spybot - Search & Destroy)
2009-01-05 11:56 ——— dc—-w c:\program files\File Scanner Library (Spybot - Search & Destroy)
2009-01-05 11:56 ——— dc—-w c:\program files\CCleaner
2009-01-05 10:00 ——— dc—-w c:\documents and settings\Gebruiker\Application Data\Malwarebytes
2009-01-05 10:00 ——— dc—-w c:\documents and settings\All Users\Application Data\Malwarebytes
2008-12-19 18:12 ——— d—–w c:\program files\Network Associates
2008-12-18 16:55 ——— dc—-w c:\program files\AVG
2008-12-11 10:57 333,952 —-a-w c:\windows\system32\drivers\srv.sys
2007-06-18 16:28 47,360 -c–a-w c:\documents and settings\Gebruiker\Application Data\pcouffin.sys
2007-02-18 17:06 87,608 -c–a-w c:\documents and settings\Gebruiker\Application Data\ezpinst.exe
2007-02-10 20:42 337 -c–a-w c:\documents and settings\Gebruiker\Application Data\internaldb1942.dat
2007-02-07 18:25 20,480 -c–a-w c:\documents and settings\Gebruiker\Application Data\internaldb4827.dat
2006-12-01 16:08 49 -c–a-w c:\documents and settings\Gebruiker\Application Data\internaldb41.dat
2006-11-25 13:25 9,216 -c–a-w c:\documents and settings\Gebruiker\Application Data\internaldb8467.dat
2006-11-25 13:25 0 -c–a-w c:\documents and settings\Gebruiker\Application Data\internaldb6334.dat
2006-11-25 13:24 0 -c–a-w c:\documents and settings\Gebruiker\Application Data\internaldb5436.dat
2006-03-24 19:05 26,922 -c–a-w c:\program files\moviepass Terms.html
2005-11-17 10:26 0 -c–a-w c:\program files\AUTOEXEC.BAT
2005-02-04 13:41 867 -c–a-w c:\program files\asdf.txt
2005-01-31 18:57 5,042 -c–a-r c:\program files\CLDMA.LOG
2004-05-25 22:24 0 -c–a-w c:\program files\CONFIG.SYS
2001-05-24 11:59 162,304 -c–a-w c:\program files\UNWISE.EXE
1999-12-07 18:00 1,384,448 -c–a-w c:\program files\msvbvm60.dll
2005-11-24 17:54 56 -csha-r c:\windows\system32\69A2D02CB7.sys
2005-11-24 17:54 1,682 -csha-w c:\windows\system32\KGyGaAvL.sys
2008-09-02 15:17 32,768 –sha-w c:\windows\system32\config\systemprofile\Local Settings\Geschiedenis\History.IE5\MSHist012008090220080903\index.dat
.
((((((((((((((((((((((((((((( snapshot@2009-01-30_18.44.26,09 )))))))))))))))))))))))))))))))))))))))))
.
+ 2005-10-20 19:02:28 163,328 —-a-w c:\windows\ERDNT\subs\ERDNT.EXE
- 2008-12-19 18:14:19 26,824 —-a-w c:\windows\system32\drivers\avgmfx86.sys
+ 2009-02-04 16:31:06 27,656 —-a-w c:\windows\system32\drivers\avgmfx86.sys
+ 2009-02-08 09:51:58 16,384 —-atw c:\windows\Temp\Perflib_Perfdata_c8.dat
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"NBJ"="c:\program files\Ahead\Nero BackItUp\NBJ.exe" [2005-07-14 1961984]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2004-12-15 5513216]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 32768]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"InCD"="c:\program files\Ahead\InCD\InCD.exe" [2005-04-12 1383936]
"PE2CKFNT SE"="c:\program files\Ulead Systems\Ulead Photo Express 2 SE\ChkFont.exe" [1998-07-03 25088]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-02-05 155648]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-01-10 136600]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-02-04 1601304]
"nwiz"="nwiz.exe" [2005-10-10 c:\windows\system32\nwiz.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\
Adobe Reader Snelle start.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-04-23 29696]
Pinnacle Scheduler.lnk - c:\program files\Pinnacle\Shared Files\Programs\Scheduler\PCLEScheduler.exe [2005-11-23 245760]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-02-04 17:31 10520 c:\windows\system32\avgrsstx.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.PIM1"= PCLEPIM1.dll
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Photo Express Calendar Checker SE.lnk]
path=c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\Photo Express Calendar Checker SE.lnk
backup=c:\windows\pss\Photo Express Calendar Checker SE.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^Gebruiker^Menu Start^Programma's^Opstarten^SpywareGuard.lnk]
path=c:\documents and settings\Gebruiker\Menu Start\Programma's\Opstarten\SpywareGuard.lnk
backup=c:\windows\pss\SpywareGuard.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
–a—— 2006-01-25 05:28 7094272 c:\program files\MSN Messenger\msnmsgr.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Pinnacle\\PCTV Stereo\\TeleText\\WebServer.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\StubInstaller.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgam.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [2009-02-04 12552]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-02-04 325128]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-02-04 107272]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-02-04 298264]
R2 DriverX;DriverX;c:\windows\system32\drivers\DRIVERX.SYS [1997-03-12 25792]
R2 MarxDev1;MarxDev1;c:\windows\system32\drivers\MARXDEV1.SYS [2007-01-14 8864]
R2 MarxDev2;MarxDev2;c:\windows\system32\drivers\MARXDEV2.SYS [2007-01-14 8864]
R2 MarxDev3;MarxDev3;c:\windows\system32\drivers\MARXDEV3.SYS [2007-01-14 8864]
R2 Tdlpt;Tdlpt;c:\windows\system32\drivers\TDLPT.SYS [2007-01-14 8012]
R3 3xHybrid;Pinnacle PCTV Stereo service;c:\windows\system32\drivers\3xHybrid.sys [2005-11-23 556416]
R3 pctvvbi;PCTVVBI;c:\windows\system32\drivers\pctvvbi.sys [2005-11-23 6400]
S1 ctredrv.sys;ctredrv.sys;\??\c:\windows\system32\drivers\ctredrv.sys –> c:\windows\system32\drivers\ctredrv.sys [?]
S3 P730C;P730C;c:\windows\system32\drivers\P730C.sys [2006-08-12 25300]
S3 P730M;P730M;c:\windows\system32\drivers\P730M.sys [2006-08-12 25300]
S3 P730U;P730U;c:\windows\system32\drivers\P730U.sys [2006-08-12 49365]
.
Inhoud van de 'Gedeelde Taken' map
2006-10-22 c:\windows\Tasks\XoftSpy.job
- c:\program files\XoftSpy\XoftSpy.exe []
.
.
——- Bijkomende Scan ——-
.
uStart Page = hxxp://google.be/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
Trusted Zone: recordgroup.be \www.home
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-11 16:33:02
Windows 5.1.2600 Service Pack 3 NTFS
scannen van verborgen processen …
scannen van verborgen autostart items …
scannen van verborgen bestanden …
Scan succesvol afgerond
verborgen bestanden: 0
**************************************************************************
.
——————— VERGRENDELDE REGISTER SLEUTELS ———————
[HKEY_USERS\S-1-5-21-1935655697-1450960922-839522115-1004\Software\Zepter Software\RegLib*c087c35c\CloneDVDmobile/1]
"1"=dword:45684247
"2"=dword:456887a7
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"cd042efbbd7f7af1647644e76e06692b"=hex:e2,63,26,f1,3f,c8,ff,68,96,90,77,5c,45,
16,a8,4f,e2,63,26,f1,3f,c8,ff,68,a2,f1,54,d9,4a,5c,ce,8e,e2,63,26,f1,3f,c8,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"bca643cdc5c2726b20d2ecedcc62c59b"=hex:6a,9c,d6,61,af,45,84,18,71,56,b3,d6,49,
f8,b9,f9,6a,9c,d6,61,af,45,84,18,3c,b5,d3,19,a7,d1,06,b2,6a,9c,d6,61,af,45,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"2c81e34222e8052573023a60d06dd016"=hex:7a,45,05,fd,91,e8,6f,31,75,34,11,c3,66,
39,5c,51,ff,7c,85,e0,43,d4,0e,fe,95,1a,5c,40,3e,49,83,6e,ff,7c,85,e0,43,d4,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"2582ae41fb52324423be06337561aa48"=hex:6b,65,49,6a,7e,99,74,f7,6e,4e,97,2a,cd,
ea,a0,59,86,8c,21,01,be,91,eb,e7,c2,e7,e4,2a,3c,3c,e0,77,86,8c,21,01,be,91,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"caaeda5fd7a9ed7697d9686d4b818472"=hex:f5,1d,4d,73,a8,13,5c,05,e5,4e,76,bb,ee,
93,40,fc,f5,1d,4d,73,a8,13,5c,05,55,b0,cb,c5,3c,eb,fb,aa,f5,1d,4d,73,a8,13,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"a4a1bcf2cc2b8bc3716b74b2b4522f5d"=hex:df,20,58,62,78,6b,cf,c8,7d,4a,8b,83,ad,
1d,f3,2a,df,20,58,62,78,6b,cf,c8,a1,0c,eb,73,e5,d0,3f,98,df,20,58,62,78,6b,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"4d370831d2c43cd13623e232fed27b7b"=hex:fb,a7,78,e6,12,2f,9a,ea,29,8f,9e,31,f0,
92,13,96,fb,a7,78,e6,12,2f,9a,ea,4b,c7,5a,b6,98,bc,40,96,fb,a7,78,e6,12,2f,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"1d68fe701cdea33e477eb204b76f993d"=hex:83,6c,56,8b,a0,85,96,ab,1d,20,e3,c0,b8,
d1,65,53,01,3a,48,fc,e8,04,4a,f1,69,c9,fc,90,2e,1a,36,7d,01,3a,48,fc,e8,04,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"1fac81b91d8e3c5aa4b0a51804d844a3"=hex:51,fa,6e,91,28,9e,14,cc,48,12,ea,d5,cc,
ff,13,d3,f6,0f,4e,58,98,5b,89,c9,c2,66,ce,3a,03,89,dc,aa,f6,0f,4e,58,98,5b,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"f5f62a6129303efb32fbe080bb27835b"=hex:b1,cd,45,5a,a8,c4,f8,b9,9e,2e,e6,b1,3e,
6b,c1,86,3d,ce,ea,26,2d,45,aa,78,72,2d,0c,b8,11,b2,da,23,3d,ce,ea,26,2d,45,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"fd4e2e1a3940b94dceb5a6a021f2e3c6"=hex:2a,b7,cc,b5,b9,7f,41,e7,63,d4,a8,5f,b0,
af,bd,63,2a,b7,cc,b5,b9,7f,41,e7,2a,3c,52,1d,d8,66,7d,7a,2a,b7,cc,b5,b9,7f,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"8a8aec57dd6508a385616fbc86791ec2"=hex:6c,43,2d,1e,aa,22,2f,9c,53,a5,42,a3,3a,
72,d1,03,6c,43,2d,1e,aa,22,2f,9c,4a,71,40,f6,51,86,fc,f0,6c,43,2d,1e,aa,22,\
.
Voltooingstijd: 2009-02-11 16:35:06
ComboFix-quarantined-files.txt 2009-02-11 15:35:03
ComboFix2.txt 2009-02-09 19:48:29
ComboFix3.txt 2009-02-08 09:55:31
ComboFix4.txt 2009-02-07 13:22:12
ComboFix5.txt 2009-02-11 15:30:29
Pre-Run: 21.365.809.152 bytes beschikbaar
Post-Run: 21,368,545,280 bytes beschikbaar
226 — E O F — 2009-01-14 17:02:55
——————–\\ Lop S&D 4.2.5-0 XP/Vista
Microsoft Windows XP Home Edition ( v5.1.2600 ) Service Pack 3
X86-based PC ( Uniprocessor Free : AMD Sempron™ Processor 3000+ )
BIOS : Default System BIOS
USER : Gebruiker ( Administrator )
BOOT : Normal boot
Antivirus : AVG Anti-Virus 8.0 (Not Activated)
A:\ (USB)
C:\ (Local Disk) - NTFS - Total:74 Go (Free:19 Go)
D:\ (Local Disk) - NTFS - Total:189 Go (Free:83 Go)
E:\ (CD or DVD)
F:\ (CD or DVD)
"C:\Lop SD" ( MAJ : 19-12-2008|23:40 )
Option : [2] ( wo 11/02/2009|16:15 )
\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ HERSTEL
Verwijderd ! - C:\WINDOWS\Tasks\A46F885A91840682.job
Verwijderd ! - C:\DOCUME~1\GEBRUI~1\APPLIC~1\doesre~1
Verwijderd ! - C:\Program Files\doesre~1
\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\
——————–\\ Beschrijving van mappen in APPLIC~1
[22/06/2008|08:34] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe
[09/12/2005|16:04] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Ahead
[06/02/2006|20:15] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer
[04/02/2009|17:30] C:\DOCUME~1\ALLUSE~1\APPLIC~1\avg8
[22/07/2006|16:33] C:\DOCUME~1\ALLUSE~1\APPLIC~1\CA
[08/05/2007|10:31] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Comodo
[23/11/2005|11:09] C:\DOCUME~1\ALLUSE~1\APPLIC~1\CyberLink
[24/07/2008|09:16] C:\DOCUME~1\ALLUSE~1\APPLIC~1\DVD Shrink
[26/07/2008|16:17] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google
[05/01/2009|11:00] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Malwarebytes
[02/06/2006|22:13] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft
[25/11/2007|11:12] C:\DOCUME~1\ALLUSE~1\APPLIC~1\nView_Profiles
[23/07/2007|10:08] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Oberon Games
[23/11/2005|15:27] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Pinnacle
[14/12/2007|16:07] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Prevx
[30/06/2008|19:15] C:\DOCUME~1\ALLUSE~1\APPLIC~1\RetroExp
[23/07/2007|16:55] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Sandlot Games
[23/07/2007|14:18] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SecretsOfOlympus
[01/10/2006|16:49] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Sony Corporation
[31/01/2009|13:06] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
[14/12/2007|16:03] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SurfRight
[05/02/2008|09:08] C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
[23/07/2007|11:36] C:\DOCUME~1\ALLUSE~1\APPLIC~1\TERMINAL Studio
[08/05/2007|09:10] C:\DOCUME~1\ALLUSE~1\APPLIC~1\TimeUpTeamFlaw
[07/05/2006|16:01] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
[24/07/2007|10:45] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Zylom
[0|bestand(en)] C:\DOCUME~1\ALLUSE~1\APPLIC~1\bytes
[28|map(pen)] C:\DOCUME~1\ALLUSE~1\APPLIC~1\bytes beschikbaar
[22/11/2005|17:20] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft
[0|bestand(en)] C:\DOCUME~1\DEFAUL~1\APPLIC~1\bytes
[3|map(pen)] C:\DOCUME~1\DEFAUL~1\APPLIC~1\bytes beschikbaar
[02/12/2005|19:37] C:\DOCUME~1\GEBRUI~1\APPLIC~1\Adobe
[21/06/2008|13:13] C:\DOCUME~1\GEBRUI~1\APPLIC~1\AdobeUM
[14/12/2005|11:42] C:\DOCUME~1\GEBRUI~1\APPLIC~1\Ahead
[05/02/2006|22:04] C:\DOCUME~1\GEBRUI~1\APPLIC~1\Apple Computer
[09/09/2006|14:54] C:\DOCUME~1\GEBRUI~1\APPLIC~1\ArcSoft
[10/02/2007|11:19] C:\DOCUME~1\GEBRUI~1\APPLIC~1\Autodesk
[07/02/2009|14:04] C:\DOCUME~1\GEBRUI~1\APPLIC~1\AVGTOOLBAR
[06/02/2008|13:27] C:\DOCUME~1\GEBRUI~1\APPLIC~1\Chessmaster Challenge
[08/05/2007|10:32] C:\DOCUME~1\GEBRUI~1\APPLIC~1\Comodo
[24/11/2005|21:52] C:\DOCUME~1\GEBRUI~1\APPLIC~1\CyberLink
[02/12/2006|13:15] C:\DOCUME~1\GEBRUI~1\APPLIC~1\DVD Shrink 3.0
[26/02/2006|16:22] C:\DOCUME~1\GEBRUI~1\APPLIC~1\dvdcss
[24/03/2006|19:57] C:\DOCUME~1\GEBRUI~1\APPLIC~1\Elaborate Bytes
[11/02/2007|15:21] C:\DOCUME~1\GEBRUI~1\APPLIC~1\Google
[12/12/2005|20:52] C:\DOCUME~1\GEBRUI~1\APPLIC~1\Help
[06/11/2007|15:18] C:\DOCUME~1\GEBRUI~1\APPLIC~1\Identities
[24/11/2005|22:49] C:\DOCUME~1\GEBRUI~1\APPLIC~1\Kazaa Lite
[23/11/2005|11:21] C:\DOCUME~1\GEBRUI~1\APPLIC~1\Lavasoft
[24/09/2006|17:31] C:\DOCUME~1\GEBRUI~1\APPLIC~1\Leadertech
[24/11/2005|23:14] C:\DOCUME~1\GEBRUI~1\APPLIC~1\Macromedia
[05/01/2009|11:00] C:\DOCUME~1\GEBRUI~1\APPLIC~1\Malwarebytes
[31/01/2009|13:16] C:\DOCUME~1\GEBRUI~1\APPLIC~1\Microsoft
[12/08/2006|14:27] C:\DOCUME~1\GEBRUI~1\APPLIC~1\MobileAction
[11/02/2006|00:14] C:\DOCUME~1\GEBRUI~1\APPLIC~1\Morpheus
[08/10/2006|17:45] C:\DOCUME~1\GEBRUI~1\APPLIC~1\RapidGet
[24/12/2007|13:34] C:\DOCUME~1\GEBRUI~1\APPLIC~1\Samsung
[23/07/2007|15:35] C:\DOCUME~1\GEBRUI~1\APPLIC~1\Sauce
[20/12/2006|20:56] C:\DOCUME~1\GEBRUI~1\APPLIC~1\Shareaza
[22/03/2006|19:57] C:\DOCUME~1\GEBRUI~1\APPLIC~1\SlySoft
[01/10/2006|16:56] C:\DOCUME~1\GEBRUI~1\APPLIC~1\Sony Corporation
[26/06/2007|18:53] C:\DOCUME~1\GEBRUI~1\APPLIC~1\SPAMfighter
[23/11/2005|11:02] C:\DOCUME~1\GEBRUI~1\APPLIC~1\Sun
[25/11/2005|18:47] C:\DOCUME~1\GEBRUI~1\APPLIC~1\vlc
[18/06/2007|17:28] C:\DOCUME~1\GEBRUI~1\APPLIC~1\Vso
[24/07/2007|10:46] C:\DOCUME~1\GEBRUI~1\APPLIC~1\Zylom
[0|bestand(en)] C:\DOCUME~1\GEBRUI~1\APPLIC~1\bytes
[37|map(pen)] C:\DOCUME~1\GEBRUI~1\APPLIC~1\bytes beschikbaar
[04/02/2009|17:30] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft
[14/12/2007|17:38] C:\DOCUME~1\LOCALS~1\APPLIC~1\SurfRight
[0|bestand(en)] C:\DOCUME~1\LOCALS~1\APPLIC~1\bytes
[4|map(pen)] C:\DOCUME~1\LOCALS~1\APPLIC~1\bytes beschikbaar
[04/02/2009|17:30] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft
[0|bestand(en)] C:\DOCUME~1\NETWOR~1\APPLIC~1\bytes
[3|map(pen)] C:\DOCUME~1\NETWOR~1\APPLIC~1\bytes beschikbaar
——————–\\ Geplande Taken gelocaliseerd in C:\WINDOWS\Tasks
[22/10/2006 15:40][–a——] C:\WINDOWS\tasks\XoftSpy.job
[09/02/2009 20:48][–ah—–] C:\WINDOWS\tasks\SA.DAT
[04/08/2004 13:00][-r-h—–] C:\WINDOWS\tasks\desktop.ini
——————–\\ Beschrijving van mappen in C:\Program Files
[02/12/2005|19:37] C:\Program Files\Adobe
[24/11/2005|22:25] C:\Program Files\Ahead
[14/01/2007|17:07] C:\Program Files\ALCATech
[23/11/2005|10:48] C:\Program Files\AMD
[12/05/2007|14:05] C:\Program Files\Ant Stratego
[09/09/2006|14:41] C:\Program Files\ArcSoft
[10/02/2007|11:19] C:\Program Files\Audacity
[18/12/2008|17:55] C:\Program Files\AVG
[17/11/2002|00:09] C:\Program Files\BPM Studio Pro 4.6
[05/01/2009|12:56] C:\Program Files\CCleaner
[22/07/2006|18:57] C:\Program Files\Common
[09/02/2009|20:45] C:\Program Files\Common Files
[09/05/2007|08:20] C:\Program Files\Comodo
[22/11/2005|17:17] C:\Program Files\ComPlus Applications
[23/11/2005|14:01] C:\Program Files\Config.Msi
[23/11/2005|14:01] C:\Program Files\converted
[23/11/2005|11:08] C:\Program Files\CyberLink
[25/06/2006|20:06] C:\Program Files\DigiPass
[25/03/2006|13:48] C:\Program Files\directx
[24/11/2005|18:54] C:\Program Files\DivX
[23/11/2005|14:47] C:\Program Files\Documents and Settings
[23/11/2005|14:47] C:\Program Files\DOMUS
[23/11/2005|11:15] C:\Program Files\DVD Decrypter
[23/11/2005|11:15] C:\Program Files\DVD Shrink
[15/05/2007|16:20] C:\Program Files\DVDFab Decrypter 3
[24/07/2008|12:17] C:\Program Files\DVDFab Platinum
[18/06/2007|17:28] C:\Program Files\DVDFab Platinum 3
[09/02/2007|21:05] C:\Program Files\Easy Computing
[25/11/2006|12:35] C:\Program Files\Elaborate Bytes
[29/01/2008|21:27] C:\Program Files\ESET
[24/07/2007|10:21] C:\Program Files\Ets3PlugIn
[05/01/2009|12:56] C:\Program Files\File Scanner Library (Spybot - Search & Destroy)
[23/11/2005|14:50] C:\Program Files\FreeMeter
[15/09/2007|12:17] C:\Program Files\fsupport
[14/08/2007|17:35] C:\Program Files\Gamenext
[27/07/2008|09:30] C:\Program Files\Google
[09/02/2007|21:19] C:\Program Files\HijackThis
[31/01/2009|13:17] C:\Program Files\InstallShield Installation Information
[11/12/2008|17:59] C:\Program Files\Internet Explorer
[22/12/2005|21:58] C:\Program Files\InterVideo
[31/01/2009|13:04] C:\Program Files\Iomega
[10/01/2009|16:37] C:\Program Files\Java
[01/11/2006|13:46] C:\Program Files\Lavasoft
[24/07/2007|10:46] C:\Program Files\LimeWire
[30/01/2009|11:00] C:\Program Files\Malwarebytes' Anti-Malware
[01/09/2008|18:12] C:\Program Files\Messenger
[04/06/2006|20:17] C:\Program Files\Microsoft AntiSpyware
[25/11/2005|17:14] C:\Program Files\microsoft frontpage
[29/11/2005|18:15] C:\Program Files\Microsoft Office
[23/11/2005|16:29] C:\Program Files\Microsoft Visual Studio
[23/11/2005|16:29] C:\Program Files\Microsoft Works
[23/11/2005|16:28] C:\Program Files\Microsoft.NET
[05/01/2009|12:56] C:\Program Files\Misc. Support Library (Spybot - Search & Destroy)
[31/01/2009|13:16] C:\Program Files\Mobile Action
[01/09/2008|18:09] C:\Program Files\Movie Maker
[14/12/2005|20:54] C:\Program Files\MP3Gain
[01/12/2005|18:29] C:\Program Files\MSN Apps
[22/11/2005|17:17] C:\Program Files\MSN Gaming Zone
[02/09/2008|16:19] C:\Program Files\MSN Messenger
[23/12/2006|09:52] C:\Program Files\MStart2Page
[28/06/2007|17:55] C:\Program Files\MSXML 4.0
[01/09/2008|18:06] C:\Program Files\NetMeeting
[19/12/2008|19:12] C:\Program Files\Network Associates
[23/11/2005|14:48] C:\Program Files\New
[02/12/2005|16:12] C:\Program Files\NVIDIA Corporation
[22/11/2005|17:19] C:\Program Files\Online Services
[01/09/2008|18:06] C:\Program Files\Outlook Express
[06/11/2007|16:16] C:\Program Files\Outlook Express sabrina
[23/11/2005|15:28] C:\Program Files\Pinnacle
[23/09/2007|17:19] C:\Program Files\Player Tool
[04/02/2008|15:12] C:\Program Files\Poker Pro Labs
[15/11/2008|17:04] C:\Program Files\Print Server
[25/11/2006|12:15] C:\Program Files\Program Files
[14/05/2006|15:45] C:\Program Files\Psygnosis
[05/02/2006|22:04] C:\Program Files\QuickTime
[25/12/2005|11:07] C:\Program Files\QuickTime(2)
[21/05/2007|15:04] C:\Program Files\Realtek AC97
[10/02/2007|11:19] C:\Program Files\Realtek Sound Manager
[29/06/2008|15:22] C:\Program Files\Retrospect
[05/01/2009|12:56] C:\Program Files\SDHelper (Spybot - Search & Destroy)
[29/05/2007|18:05] C:\Program Files\Share_Accelerator_MM
[20/12/2006|20:56] C:\Program Files\Shareaza
[25/03/2006|13:48] C:\Program Files\Sierra On-Line
[25/11/2006|12:57] C:\Program Files\SlySoft
[06/02/2008|11:25] C:\Program Files\software
[23/11/2005|14:57] C:\Program Files\SOHW-1653S
[01/10/2006|16:53] C:\Program Files\Sony
[01/10/2006|16:53] C:\Program Files\Sony Corporation
[04/02/2008|15:11] C:\Program Files\SPAMfighter(2)
[31/01/2009|13:06] C:\Program Files\Spybot - Search & Destroy
[31/01/2009|13:33] C:\Program Files\SpywareGuard
[14/12/2007|16:03] C:\Program Files\SurfRight
[05/01/2009|12:56] C:\Program Files\TeaTimer (Spybot - Search & Destroy)
[25/11/2005|18:26] C:\Program Files\TextBridge Classic
[07/02/2008|08:54] C:\Program Files\Trend Micro
[23/11/2005|15:01] C:\Program Files\TriVista
[10/12/2005|18:13] C:\Program Files\Ulead Systems
[23/11/2005|15:29] C:\Program Files\Uninstall Information
[10/12/2005|18:53] C:\Program Files\VCW VicMan's Photo Editor
[20/10/2006|18:21] C:\Program Files\VideoLAN
[05/11/2006|14:51] C:\Program Files\VSO
[29/11/2005|18:16] C:\Program Files\WexTech
[13/08/2006|19:13] C:\Program Files\Winamp
[01/09/2008|18:06] C:\Program Files\Windows Media Player
[14/05/2007|08:37] C:\Program Files\Windows NT
[22/11/2005|17:19] C:\Program Files\WindowsUpdate
[24/06/2006|20:26] C:\Program Files\WinRAR
[22/11/2005|17:20] C:\Program Files\xerox
[27/10/2006|16:32] C:\Program Files\XoftSpy
[15/03/2005|10:38] C:\Program Files\XoftSpy v4.11 with key
[18/03/2008|16:59] C:\Program Files\Yahoo!
[14/08/2007|17:30] C:\Program Files\Zylom Games
[0|bestand(en)] C:\Program Files\bytes
[114|map(pen)] C:\Program Files\bytes beschikbaar
——————–\\ Beschrijving van mappen in C:\Program Files\Common Files
[22/06/2008|08:34] C:\Program Files\Common Files\Adobe
[23/11/2005|11:13] C:\Program Files\Common Files\Ahead
[09/09/2006|14:44] C:\Program Files\Common Files\ArcSoft
[29/11/2005|18:13] C:\Program Files\Common Files\Autodesk Shared
[29/11/2005|18:15] C:\Program Files\Common Files\DESIGNER
[24/07/2007|10:21] C:\Program Files\Common Files\ELKA Shared
[02/12/2005|16:21] C:\Program Files\Common Files\InstallShield
[23/11/2005|11:01] C:\Program Files\Common Files\Java
[29/11/2005|18:16] C:\Program Files\Common Files\LHSPF
[18/12/2008|17:55] C:\Program Files\Common Files\Microsoft Shared
[22/11/2005|17:18] C:\Program Files\Common Files\MSSoap
[22/11/2005|18:10] C:\Program Files\Common Files\ODBC
[18/03/2008|16:59] C:\Program Files\Common Files\Scanner
[22/11/2005|17:18] C:\Program Files\Common Files\Services
[01/10/2006|16:53] C:\Program Files\Common Files\Sony Shared
[22/11/2005|18:10] C:\Program Files\Common Files\SpeechEngines
[25/11/2005|18:45] C:\Program Files\Common Files\SWF Studio
[01/09/2008|18:05] C:\Program Files\Common Files\System
[29/11/2005|18:16] C:\Program Files\Common Files\Wextech Shared
[0|bestand(en)] C:\Program Files\Common Files\bytes
[21|map(pen)] C:\Program Files\Common Files\bytes beschikbaar
——————–\\ Process
( 38 Processes )
… OK !
——————–\\ Zoeken met S_Lop
Geen Lop mappen gevonden !
——————–\\ Zoeken naar Lop Bestanden - Mappen
Geen Lop mappen gevonden !
——————–\\ Zoeken doorheen het Register
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
….. OK !
——————–\\ Nazicht van het Hosts bestand
Hosts bestand IN ORDE
——————–\\ Zoeken naar verborgen bestanden met Catchme
catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-11 16:17:30
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes …
scanning hidden files …
scan completed successfully
hidden processes: 0
hidden files: 0
——————–\\ Zoeken naar andere infecties
——————–\\ Cracks & Keygens ..
C:\DOCUME~1\GEBRUI~1\Favorieten\!CrackTeam.ws Cracks, serial numbers, keygens. Unlock Your Software..url
C:\DOCUME~1\ALLUSE~1\Documenten\Mijn downloads\Microsoft Serial, Key, Crack for all versions of 95, 98, 98 SE, 2000, XP, Corp, Visual C++, Visual Basic, Excel, Money, Office, publisher, word, works, and many more (anti-MS).zip
[F:20][D:0]-> C:\DOCUME~1\GEBRUI~1\Cookies
[F:104][D:4]-> C:\DOCUME~1\GEBRUI~1\LOCALS~1\TEMPOR~1\content.IE5
1 - "C:\Lop SD\LopR_1.txt" - wo 11/02/2009|16:18 - Option : [2]
——————–\\ Scan voltooid om 16:18:14
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-11 16:31:21
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden files …
scan completed successfully
hidden files: 0
mvg,
Beantwoord deze vraag
Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.
