+ Plaats een Reactie
Resultaten 1 tot 8 van de 8

Onderwerp: Het is weer zover

  1. 02-09-10, 22:34 #1
    niek XD
    niek XD is offline.
    Ingeschreven
    Oct 2009
    Berichten
    5

    OK Het is weer zover

    Hoi, ik heb het wederom weer voor elkaar gekregen mijn PC te infecteren...
    Er zijn plotseling fake spywarescanners op mijn computer geïnstalleerd, ook ratelt de harde schijf opeens veel en freezed mijn scherm soms voor een paar seconden. hier dus mijn logs:

    MBAM:

    Malwarebytes' Anti-Malware 1.46
    Malwarebytes

    Databaseversie: 4411

    Windows 6.1.7600
    Internet Explorer 8.0.7600.16385

    2-9-2010 22:14:40
    mbam-log-2010-09-02 (22-14-40).txt

    Scantype: Snelle scan
    Objecten gescand: 152604
    Verstreken tijd: 8 minuut/minuten, 20 seconde(n)

    Geheugenprocessen geïnfecteerd: 0
    Geheugenmodulen geïnfecteerd: 0
    Registersleutels geïnfecteerd: 2
    Registerwaarden geïnfecteerd: 0
    Registerdata geïnfecteerd: 0
    Mappen geïnfecteerd: 0
    Bestanden geïnfecteerd: 4

    Geheugenprocessen geïnfecteerd:
    (Geen kwaadaardige objecten gedetecteerd)

    Geheugenmodulen geïnfecteerd:
    (Geen kwaadaardige objecten gedetecteerd)

    Registersleutels geïnfecteerd:
    HKEY_CURRENT_USER\Software\Antimalware Doctor Inc (Rogue.AntimalwareDoctor) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Antimalware Doctor (Rogue.AntimalwareDoctor) -> Quarantined and deleted successfully.

    Registerwaarden geïnfecteerd:
    (Geen kwaadaardige objecten gedetecteerd)

    Registerdata geïnfecteerd:
    (Geen kwaadaardige objecten gedetecteerd)

    Mappen geïnfecteerd:
    (Geen kwaadaardige objecten gedetecteerd)

    Bestanden geïnfecteerd:
    C:\Users\Niek\Desktop\Antimalware Doctor.lnk (Rogue.AntimalwareDoctor) -> Quarantined and deleted successfully.
    C:\Users\Niek\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Antimalware Doctor.lnk (Rogue.AntimalwareDoctor) -> Quarantined and deleted successfully.
    C:\Users\Niek\AppData\Roaming\Microsoft\Windows\Start Menu\Antimalware Doctor.lnk (Rogue.AntimalwareDoctor) -> Quarantined and deleted successfully.
    C:\Users\Niek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Antimalware Doctor.lnk (Rogue.AntiMalwareDoctor) -> Quarantined and deleted successfully.

    HijackThis:
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 22:32:05, on 2-9-2010
    Platform: Unknown Windows (WinNT 6.01.3504)
    MSIE: Unable to get Internet Explorer version!
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Windows\system32\PRISMSVR.EXE
    C:\Windows\system32\taskhost.exe
    C:\Windows\System32\rundll32.exe
    C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe
    C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe
    C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe
    C:\Program Files\Steam\steam.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\Program Files\Logitech\GamePanel Software\Applets\LCDClock.exe
    C:\Program Files\Logitech\GamePanel Software\Applets\LCDCountdown.exe
    C:\Program Files\Logitech\GamePanel Software\Applets\LCDMedia.exe
    C:\Program Files\Logitech\GamePanel Software\Applets\LCDPop3.exe
    C:\Program Files\Logitech\GamePanel Software\Applets\LCDRSS.exe
    C:\Users\Niek\AppData\Local\Google\Update\1.2.183.29\GoogleCrashHandler.exe
    C:\Users\Niek\AppData\Roaming\81A574045E21B72CD13C6C30DEC8DC0F\mediafix70700en02.exe
    C:\Program Files\UltraMon\UltraMon.exe
    C:\Program Files\Xfire\Xfire.exe
    C:\Program Files\UltraMon\UltraMonTaskbar.exe
    C:\Program Files\Windows Media Player\WMPSideShowGadget.exe
    C:\Program Files\Windows Media Player\wmplayer.exe
    C:\Program Files\Windows Live\Contacts\wlcomm.exe
    C:\Users\Niek\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Niek\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Niek\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
    C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
    C:\Windows\system32\NOTEPAD.EXE

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\ievkbd.dll
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
    O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll
    O4 - HKLM\..\Run: [P17RunE] RunDll32 P17RunE.dll,RunDLLEntry
    O4 - HKLM\..\Run: [Launch LgDeviceAgent] "C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe"
    O4 - HKLM\..\Run: [Launch LCDMon] "C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe"
    O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe"
    O4 - HKLM\..\Run: [AdobeAAMUpdater-1.0] "C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
    O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
    O4 - HKLM\..\Run: [AdobeCS5ServiceManager] "C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
    O4 - HKLM\..\Run: [Microsoft Default Manager] "C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
    O4 - HKLM\..\Run: [rnsexcmoaw.exe] "C:\Users\Niek\AppData\Local\temp\rnsexcmoaw.exe"
    O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [Google Update] "C:\Users\Niek\AppData\Local\Google\Update\GoogleUpdate.exe" /c
    O4 - HKCU\..\Run: [WhatPulse] C:\Program Files\WhatPulse\WhatPulse.exe
    O4 - HKCU\..\Run: [mediafix70700en02.exe] C:\Users\Niek\AppData\Roaming\81A574045E21B72CD13C6C30DEC8DC0F\mediafix70700en02.exe
    O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\Xfire.exe
    O4 - Global Startup: UltraMon.lnk = ?
    O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\ie_banner_deny.htm
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
    O9 - Extra button: &Virtual keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
    O9 - Extra button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/reso...an8/oscan8.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://ccfiles.creative.com/Web/soft...5111/CTPID.cab
    O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
    O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll C:\PROGRA~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll
    O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe
    O23 - Service: Creative Audio Engine Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe
    O23 - Service: Creative Audio Service (CTAudSvcService) - Creative Technology Ltd - C:\Program Files\Creative\Shared Files\CTAudSvc.exe
    O23 - Service: Google Desktop Manager 5.9.911.3589 (GoogleDesktopManager-110309-193829) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
    O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
    O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe
    O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies, Inc. - C:\Program Files\WinPcap\rpcapd.exe
    O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
    O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
    O23 - Service: TeamViewer 5 (TeamViewer5) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe

    --
    End of file - 8693 bytes

    Bedankt
    Laatst gewijzigd door Tommiiee; 05-09-10 om 17:04.
    Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
    Antwoord met Citaat Antwoord met Citaat
  2. 02-09-10, 22:42 #2
    Tommiiee
    Tommiiee is offline.
    Hijack Mod Tommiiee's Avatar
    Ingeschreven
    May 2007
    Locatie
    Helmond
    Berichten
    2.926
    Alweer?

    Waarom heb je eigenlijk weer een nieuw account aangemaakt?

    Klik met de rechtermuis op het programma Hijackthis en kies voor "Uitvoeren als Administrator".
    Kies voor 'Do a system scan only'.
    Vink alleen de onderstaande, vetgedrukte items hieronder aan, indien deze nog aanwezig zijn:

    O4 - HKLM\..\Run: [rnsexcmoaw.exe] "C:\Users\Niek\AppData\Local\temp\rnsexcmoaw.exe"
    O4 - HKCU\..\Run: [mediafix70700en02.exe] C:\Users\Niek\AppData\Roaming\81A574045E21B72CD13C6C30DEC8DC0F\mediafix70700en02.exe

    Sluit alle vensters behalve Hijackthis.
    Klik op 'Fix checked' om de items te verwijderen.
    Daarna mag je HijackThis sluiten.


    Open een kladblokbestand.
    Kopieer onderstaande (alles wat vetgedrukt is) in dit kladblokbestand.

    @ECHO OFF
    IF EXIST log.txt DEL log.txt
    ECHO Deleting files>>log.txt
    FOR %%g in (
    "C:\Users\Niek\AppData\Local\temp\rnsexcmoaw.exe"
    "C:\Users\Niek\AppData\Roaming\81A574045E21B72CD13C6C30DEC8DC0F\mediafix70700en02.exe"
    ) DO (
    IF EXIST %%g (
    ATTRIB -r -s -h %%g
    DEL %%g
    IF EXIST %%g (
    ECHO %%g not deleted>>log.txt
    ) ELSE (
    ECHO %%g deleted>>log.txt)
    ) ELSE (
    ECHO %%g not found>>log.txt))
    START NOTEPAD.EXE log.txt

    Ga naar Bestand - Opslaan als.
    Bij "Opslaan in" kies je: Bureaublad
    Bij "Bestandsnaam" zet je: del.bat
    Bij "Opslaan als type" selecteer je: Alle bestanden (*.*).
    Klik op de knop Opslaan.
    Dubbelklik op del.bat en post de inhoud van de logfile die opent.


    Volg deze instructies om Combofix te downloaden naar je Bureaublad.
    Indien je Combofix al eerder hebt gebruikt kun je een waarschuwing krijgen dat een update beschikbaar is. Sta toe dat ComboFix wordt geupdate.

    OPMERKING: indien je tijdens of na het downloaden van Combofix of tijdens het gebruik van Combofix een melding krijgt van je Antivirus- of een andere realtime scanner schakel dan deze scanner uit en download Combofix opnieuw.
    Sommige scanners zien bepaalde componenten die Combofix gebruikt als verdacht en gaan deze blokkeren of verwijderen!

    • Dubbelklik op Combofix.exe
    • Volg de instructies, aanvaard de disclaimer door op Ja te klikken.
    • Indien de Recovery Console niet geïnstalleerd is, wordt je gevraagd om dit alsnog te doen door op JA te klikken in het Query - Recovery Console venster.
    • Klik op OK en Ja om automatisch de Recovery Console te laten installeren.
    • Klik na afloop terug op Ja om het scannen op malware te starten.
    • Tijdens het runnen van de fix NIET in het venster klikken want dit zal je pc doen vastlopen.


    Wanneer de fix voltooid is en na herstart
    zal de log Combofix.txt openen.
    Plaats de inhoud van dat log in je volgende bericht.


    Mvg,
    Tom
    Tevreden met de hulp die we je geboden hebben? Overweeg een donatie!

    Ben jij een Knights and Merchants fan? Bezoek dan de Engelse fansite met een actieve community en unieke informatie over de Remake van Knights and Merchants!
    Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
    Antwoord met Citaat Antwoord met Citaat
  3. 02-09-10, 23:15 #3
    niek XD
    niek XD is offline.
    Ingeschreven
    Oct 2009
    Berichten
    5
    Hoi :]
    bedankt voor je snelle reactie

    hier de log van del.bat:

    Deleting files
    "C:\Users\Niek\AppData\Local\temp\rnsexcmoaw.e xe" not found
    "C:\Users\Niek\AppData\Roaming\81A574045E21B72CD13 C6C30DEC8DC0F\mediafix70700en02.exe" not found

    en hier combofix log:


    ComboFix 10-09-01.04 - Niek 02-09-2010 22:50:33.5.2 - x86
    Microsoft Windows 7 Ultimate 6.1.7600.0.1252.31.1043.18.3326.1956 [GMT 2:00]
    Gestart vanuit: c:\users\Niek\Desktop\ComboFix.exe
    * Nieuw herstelpunt werd aangemaakt
    .

    (((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\users\Niek\AppData\Local\temp\explorer.dat
    c:\users\Niek\AppData\Local\Windows Server
    c:\users\Niek\AppData\Local\Windows Server\server.dat
    c:\users\Niek\AppData\Roaming\81A574045E21B72CD13C6C30DEC8DC0F
    c:\users\Niek\AppData\Roaming\81A574045E21B72CD13C6C30DEC8DC0F\enemies-names.txt
    c:\users\Niek\AppData\Roaming\81A574045E21B72CD13C6C30DEC8DC0F\local.ini
    c:\users\Niek\AppData\Roaming\81A574045E21B72CD13C6C30DEC8DC0F\lsrslt.ini
    c:\users\Niek\AppData\Roaming\81A574045E21B72CD13C6C30DEC8DC0F\mediafix70700en02.exe
    c:\users\Niek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Antimalware Doctor
    c:\users\Niek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Antimalware Doctor\Antimalware Doctor.lnk
    c:\users\Niek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Antimalware Doctor\Uninstall.lnk

    Besmet exemplaar van c:\windows\system32\wininit.exe werd aangetroffen en gedesinfecteerd
    Hersteld exemplaar van - c:\windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe

    Besmet exemplaar van c:\windows\explorer.exe werd aangetroffen en gedesinfecteerd
    Hersteld exemplaar van - c:\windows\ERDNT\cache\explorer.exe

    Besmet exemplaar van c:\windows\system32\wininit.exe werd aangetroffen en gedesinfecteerd
    Hersteld exemplaar van - c:\windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
    Besmet exemplaar van c:\windows\explorer.exe werd aangetroffen en gedesinfecteerd
    Hersteld exemplaar van - c:\windows\ERDNT\cache\explorer.exe
    .
    (((((((((((((((((((( Bestanden Gemaakt van 2010-08-02 to 2010-09-02 ))))))))))))))))))))))))))))))
    .

    2010-09-02 21:03 . 2010-09-02 21:03 -------- d-----w- c:\users\Public\AppData\Local\temp
    2010-09-02 21:03 . 2010-09-02 21:03 -------- d-----w- c:\users\Mcx1-NIEK-DE-EEND\AppData\Local\temp
    2010-09-02 21:03 . 2010-09-02 21:03 -------- d-----w- c:\users\Default\AppData\Local\temp
    2010-09-02 14:35 . 2010-09-02 14:36 -------- d-----w- C:\ImpactPKCacheV116
    2010-08-29 23:43 . 2010-08-29 23:43 -------- d-----w- C:\ImpactPKCacheV115
    2010-08-27 18:22 . 2010-08-27 18:22 -------- d-----w- c:\program files\Common Files\SWF Studio
    2010-08-27 18:22 . 2010-08-27 18:22 -------- d-----w- c:\program files\Riva
    2010-08-27 16:44 . 2010-08-27 16:45 -------- d-----w- c:\program files\AutoHotkey
    2010-08-27 16:37 . 2010-08-27 16:37 -------- d-----w- c:\users\Niek\AppData\Local\Orekaria
    2010-08-27 16:36 . 2010-08-27 16:36 -------- d-----w- c:\program files\Orekaria
    2010-08-26 15:15 . 2010-08-28 09:04 -------- d-----w- c:\users\Niek\AppData\Local\Unity
    2010-08-25 11:13 . 2010-04-07 07:10 571904 ----a-w- c:\windows\system32\oleaut32.dll
    2010-08-24 12:35 . 2010-08-24 12:39 -------- d-----w- c:\programdata\Escritorio
    2010-08-24 12:35 . 2010-08-24 12:35 -------- d-----w- C:\Archivos de programa
    2010-08-24 12:35 . 2010-08-24 12:35 -------- d-----w- c:\program files\DIFX
    2010-08-24 12:35 . 2010-08-24 12:35 -------- dc----w- c:\windows\system32\DRVSTORE
    2010-08-23 14:02 . 2010-08-23 14:02 -------- d-----w- c:\users\Niek\AppData\Local\CrashRpt
    2010-08-13 17:21 . 2010-08-13 17:21 -------- d-----w- c:\users\Niek\AppData\Local\Microsoft Game Studios
    2010-08-13 17:08 . 2010-08-13 17:08 -------- d-----w- c:\program files\Common Files\Microsoft Games
    2010-08-13 13:38 . 2010-08-13 13:38 -------- d-----w- c:\program files\MSXML 4.0
    2010-08-11 12:06 . 2010-06-14 06:12 1286016 ----a-w- c:\windows\system32\drivers\tcpip.sys
    2010-08-09 19:11 . 2010-08-09 19:11 -------- d-----w- C:\Device
    2010-08-08 19:24 . 2010-08-08 19:24 -------- d-----w- c:\programdata\Messenger Plus!
    2010-08-08 19:24 . 2010-08-09 18:07 -------- d-----w- c:\program files\Messenger Plus! Live

    .
    ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2010-09-02 21:05 . 2010-06-26 12:54 -------- d-----w- c:\users\Niek\AppData\Roaming\WhatPulse
    2010-09-02 21:05 . 2010-03-13 20:19 -------- d-----w- c:\program files\Steam
    2010-09-02 21:05 . 2010-03-13 20:32 -------- d-----w- c:\programdata\NVIDIA
    2010-09-02 21:04 . 2010-03-27 09:05 -------- d-----w- c:\programdata\Kaspersky Lab
    2010-09-02 01:36 . 2009-07-14 08:27 78538 ----a-w- c:\windows\system32\perfh013.dat
    2010-09-02 01:36 . 2009-07-14 08:27 31968 ----a-w- c:\windows\system32\perfc013.dat
    2010-08-31 18:54 . 2010-03-13 20:05 137256 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
    2010-08-31 18:54 . 2010-03-13 20:05 218808 ----a-w- c:\windows\system32\PnkBstrB.exe
    2010-08-31 18:05 . 2010-05-16 10:44 -------- d-----w- c:\users\Niek\AppData\Roaming\vlc
    2010-08-31 16:45 . 2010-03-24 17:17 -------- d-----w- c:\users\Niek\AppData\Roaming\Xfire
    2010-08-30 20:41 . 2010-03-16 18:38 -------- d-----w- c:\users\Niek\AppData\Roaming\Vso
    2010-08-30 11:11 . 2010-06-26 12:54 -------- d-----w- c:\program files\WhatPulse
    2010-08-30 11:11 . 2010-03-24 17:17 -------- d-----w- c:\programdata\Xfire
    2010-08-30 11:11 . 2010-03-14 07:39 -------- d-----w- c:\users\Niek\AppData\Roaming\uTorrent
    2010-08-29 21:05 . 2010-05-13 18:04 112 ----a-w- c:\programdata\3A0w7oOhy.dat
    2010-08-17 10:10 . 2010-03-14 19:46 99 ----a-w- c:\users\Niek\jagex_runescape_preferences2.dat
    2010-08-17 10:10 . 2010-03-14 19:45 46 ----a-w- c:\users\Niek\jagex_runescape_preferences.dat
    2010-08-17 10:08 . 2010-03-29 07:40 50 ----a-w- c:\users\Niek\jagex__preferences3.dat
    2010-08-13 17:53 . 2010-03-13 20:09 115144 ----a-w- c:\users\Niek\AppData\Local\GDIPFONTCACHEV1.DAT
    2010-08-13 17:09 . 2010-03-13 20:44 -------- d--h--w- c:\program files\InstallShield Installation Information
    2010-08-13 16:39 . 2009-07-14 04:52 -------- d-----w- c:\program files\Microsoft Games
    2010-08-13 11:28 . 2010-03-13 20:44 -------- d-----w- c:\program files\Common Files\InstallShield
    2010-08-11 17:38 . 2010-03-18 14:58 -------- d-----w- c:\programdata\Microsoft Help
    2010-08-09 19:01 . 2010-04-27 17:15 -------- d-----w- c:\program files\PowerISO
    2010-07-29 06:30 . 2010-08-11 12:06 197632 ----a-w- c:\windows\system32\ir32_32.dll
    2010-07-29 06:30 . 2010-08-11 12:06 82944 ----a-w- c:\windows\system32\iccvid.dll
    2010-07-25 09:11 . 2010-07-25 09:11 -------- d-----w- c:\users\Niek\AppData\Roaming\Realtime Soft
    2010-07-25 09:11 . 2010-07-25 09:11 -------- d-----w- c:\program files\Common Files\Realtime Soft
    2010-07-25 09:11 . 2010-07-25 09:11 -------- d-----w- c:\programdata\Realtime Soft
    2010-07-25 09:11 . 2010-07-25 09:11 -------- d-----w- c:\program files\UltraMon
    2010-07-25 09:01 . 2010-03-14 07:40 -------- d-----w- c:\program files\uTorrent
    2010-07-23 07:06 . 2010-07-23 07:06 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\Markup.dll
    2010-07-23 07:06 . 2010-07-23 07:06 923456 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
    2010-07-22 18:21 . 2010-05-16 07:57 -------- d-----w- c:\programdata\VMware
    2010-07-20 20:12 . 2010-03-13 20:29 -------- d-----w- c:\program files\Windows Live
    2010-07-20 20:11 . 2010-07-20 20:11 -------- d-----w- c:\program files\Windows Live SkyDrive
    2010-07-20 11:17 . 2010-04-10 20:41 -------- d-----w- c:\program files\Rockstar Games
    2010-07-20 11:17 . 2010-03-31 19:02 -------- d-----w- c:\program files\2K Games
    2010-07-17 10:17 . 2010-07-17 10:17 -------- d-----w- c:\program files\Infogrames
    2010-07-16 09:29 . 2010-07-16 09:29 -------- d-----w- c:\users\Niek\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
    2010-07-15 19:12 . 2010-07-15 19:12 -------- d-----w- c:\programdata\regid.1986-12.com.adobe
    2010-07-15 19:11 . 2010-04-05 09:07 -------- d-----w- c:\program files\Common Files\Adobe
    2010-07-15 19:09 . 2010-07-15 19:09 -------- d-----w- c:\program files\Adobe Media Player
    2010-07-15 19:07 . 2010-07-15 19:07 -------- d-----w- c:\program files\Common Files\Adobe AIR
    2010-07-14 11:02 . 2010-07-14 11:02 -------- d-----w- c:\program files\YouTube Downloader
    2010-07-14 10:52 . 2010-07-14 10:52 -------- d-----w- c:\users\Niek\AppData\Roaming\ManyCam
    2010-07-14 10:52 . 2010-07-14 10:51 -------- d-----w- c:\program files\ManyCam
    2010-07-13 12:27 . 2010-03-24 17:17 -------- d-----w- c:\program files\Xfire
    2010-07-12 19:26 . 2010-03-22 15:05 -------- d-----w- c:\program files\Windows Live Safety Center
    2010-07-09 19:04 . 2010-07-09 19:04 41872 ----a-w- c:\windows\system32\xfcodec.dll
    2010-06-30 06:25 . 2010-08-11 12:06 978432 ----a-w- c:\windows\system32\wininet.dll
    2010-06-22 02:47 . 2010-08-11 12:06 310784 ----a-w- c:\windows\system32\drivers\srv.sys
    2010-06-22 02:47 . 2010-08-11 12:06 307200 ----a-w- c:\windows\system32\drivers\srv2.sys
    2010-06-22 02:47 . 2010-08-11 12:06 113664 ----a-w- c:\windows\system32\drivers\srvnet.sys
    2010-06-19 06:33 . 2010-08-11 12:06 3955080 ----a-w- c:\windows\system32\ntkrnlpa.exe
    2010-06-19 06:33 . 2010-08-11 12:06 3899784 ----a-w- c:\windows\system32\ntoskrnl.exe
    2010-06-19 06:23 . 2010-08-11 12:06 37376 ----a-w- c:\windows\system32\rtutils.dll
    2010-06-19 04:07 . 2010-08-11 12:06 2326016 ----a-w- c:\windows\system32\win32k.sys
    2010-06-16 05:48 . 2010-08-11 12:06 224256 ----a-w- c:\windows\system32\schannel.dll
    2010-06-09 08:06 . 2010-06-09 08:06 976832 ----a-w- c:\programdata\Adobe\Reader\9.3\ARM\23681\AdobeARM.exe
    2010-06-09 08:06 . 2010-06-09 08:06 70584 ----a-w- c:\programdata\Adobe\Reader\9.3\ARM\23681\AdobeExtractFiles.dll
    2010-06-09 08:06 . 2010-06-09 08:06 331176 ----a-w- c:\programdata\Adobe\Reader\9.3\ARM\23681\ReaderUpdater.exe
    2010-06-09 08:06 . 2010-06-09 08:06 331176 ----a-w- c:\programdata\Adobe\Reader\9.3\ARM\23681\AcrobatUpdater.exe
    2010-06-08 06:02 . 2010-08-11 12:06 1233920 ----a-w- c:\windows\system32\msxml3.dll
    2009-06-10 21:26 . 2009-07-14 02:04 9633792 --sha-r- c:\windows\Fonts\StaticCache.dat
    2009-07-14 01:14 . 2009-07-13 23:42 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe
    .

    ------- Sigcheck -------

    [7] 2009-07-14 . 338C86357871C167A96AB976519BF59E . 21584 . . [6.1.7600.16385] . . c:\windows\ERDNT\cache\atapi.sys
    [-] 2009-07-14 01:26 . 3AC3AF497B397EBC5C3BBE9AABC101E4 . 21584 . . [------] . . c:\windows\System32\drivers\atapi.sys
    [7] 2009-07-14 . 338C86357871C167A96AB976519BF59E . 21584 . . [6.1.7600.16385] . . c:\windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_f64b9c35a3a5be81\atapi.sys
    .
    ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Steam"="c:\program files\steam\steam.exe" [2010-08-25 1242448]
    "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-04-16 3872080]
    "Google Update"="c:\users\Niek\AppData\Local\Google\Update\GoogleUpdate.exe" [2010-03-13 135664]
    "WhatPulse"="c:\program files\WhatPulse\WhatPulse.exe" [2009-04-08 2814976]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "P17RunE"="P17RunE.dll" [2008-03-28 14848]
    "Launch LgDeviceAgent"="c:\program files\Logitech\GamePanel Software\LgDevAgt.exe" [2010-02-18 357448]
    "Launch LCDMon"="c:\program files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe" [2010-02-18 1573448]
    "AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
    "SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
    "AdobeCS5ServiceManager"="c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]
    "Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2010-05-10 439568]

    c:\users\Niek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    Xfire.lnk - c:\program files\Xfire\Xfire.exe [2010-7-9 3493776]

    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    UltraMon.lnk - c:\windows\Installer\{B49673F8-7AB6-4A14-8213-C8A7BE370010}\IcoUltraMon.ico [2010-7-25 29310]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 0 (0x0)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableLUA"= 0 (0x0)
    "EnableUIADesktopToggle"= 0 (0x0)
    "PromptOnSecureDesktop"= 0 (0x0)

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\PRISMAPI.DLL]
    2005-11-16 14:57 450646 ----a-w- c:\windows\System32\PRISMAPI.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\persistentroutes]
    "72.55.172.157,255.255.255.255,192.168.0.12,1"=""

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "mixer1"=wdmaud.drv

    [HKLM\~\startupfolder\C:^Users^Niek^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Xfire.lnk]
    path=c:\users\Niek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Xfire.lnk
    backup=c:\windows\pss\Xfire.lnk.Startup
    backupExtension=.Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
    2010-04-14 14:26 30192 ----a-w- c:\program files\Google\Google Desktop Search\GoogleDesktop.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
    2010-03-13 20:09 135664 ----atw- c:\users\Niek\AppData\Local\Google\Update\GoogleUpdate.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
    2008-10-25 10:44 31072 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe

    R1 MpKsl5476828c;MpKsl5476828c;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{AF17BD55-43F6-47E1-8225-DB6C09A90CBB}\MpKsl5476828c.sys [x]
    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
    R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2010-03-13 79360]
    R3 GoogleDesktopManager-110309-193829;Google Desktop Manager 5.9.911.3589;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2010-04-14 30192]
    R3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys [2009-11-23 14856]
    R3 libusb0;LibUsb-Win32 - Kernel Driver 11/20/2005, 20051120;c:\windows\system32\DRIVERS\libusb0.sys [2006-05-31 29184]
    R3 PVUSB;CESG502 USB Driver;c:\windows\system32\DRIVERS\CESG502.sys [2007-03-13 47648]
    R3 rt70x86;%WUSB54Gv4.Service.DispName%;c:\windows\system32\DRIVERS\netr70.sys [2010-04-27 306016]
    R3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
    R3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-06-05 1343400]
    R4 sptd;sptd;c:\windows\system32\Drivers\sptd.sys [2010-03-30 691696]
    S2 cpuz133;cpuz133;c:\windows\system32\drivers\cpuz133_x32.sys [2010-03-10 20968]
    S2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2009-10-20 50704]
    S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-03-16 240232]
    S2 TeamViewer5;TeamViewer 5;c:\program files\TeamViewer\Version5\TeamViewer_Service.exe [2010-02-11 172328]
    S2 UltraMonUtility;UltraMon Utility Driver;c:\program files\Common Files\Realtime Soft\UltraMonMirrorDrv\x32\UltraMonUtility.sys [2008-11-14 17184]
    S3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys [2009-11-23 19720]
    S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-12-19 249888]


    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    getPlusHelper REG_MULTI_SZ getPlusHelper
    .
    Inhoud van de 'Gedeelde Taken' map

    2010-09-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3247001266-938410729-788923676-1000Core.job
    - c:\users\Niek\AppData\Local\Google\Update\GoogleUpdate.exe [2010-03-13 20:09]

    2010-09-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3247001266-938410729-788923676-1000UA.job
    - c:\users\Niek\AppData\Local\Google\Update\GoogleUpdate.exe [2010-03-13 20:09]
    .
    .
    ------- Bijkomende Scan -------
    .
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
    FF - ProfilePath - c:\users\Niek\AppData\Roaming\Mozilla\Firefox\Profiles\sgtokbx8.default\
    FF - component: c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\components\FFGlobalExtension.dll
    FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
    FF - plugin: c:\program files\NVIDIA Corporation\3D Vision\npnv3dv.dll
    FF - plugin: c:\users\Niek\AppData\Local\Google\Update\1.2.183.29\npGoogleOneClick8.dll
    FF - plugin: c:\users\Niek\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
    .
    - - - - ORPHANS VERWIJDERD - - - -

    AddRemove-Octoshape add-in for Adobe Flash Player - c:\users\Niek\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\octoshape.exe
    AddRemove-UnityWebPlayer - c:\users\Niek\AppData\Local\Unity\WebPlayer\Uninstall.exe


    .
    --------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------

    [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
    @Denied: (2) (LocalSystem)
    "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
    d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,a9,5a,fd,5b,c7,9b,6f,4c,8b,26,20,\
    "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
    d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,a9,5a,fd,5b,c7,9b,6f,4c,8b,26,20,\

    [HKEY_USERS\S-1-5-21-3247001266-938410729-788923676-1000\Software\SecuROM\License information*]
    "datasecu"=hex:7c,04,ff,1c,cf,38,19,c9,79,eb,f4,16,8e,4a,da,39,67,aa,28,23,20,
    c2,c0,97,00,b2,a4,5d,28,36,4e,dd,f3,55,cc,55,50,c8,54,bd,bf,29,04,bc,c7,36,\
    "rkeysecu"=hex:27,9a,4b,46,9d,70,5e,8f,7d,de,2a,2a,f2,f2,d6,b2
    .
    --------------------- DLLs Geladen Onder Lopende Processen ---------------------

    - - - - - - - > 'Explorer.exe'(5492)
    c:\program files\Xfire\xfire_toucan_43094.dll
    .
    ------------------------ Andere Aktieve Processen ------------------------
    .
    c:\windows\system32\nvvsvc.exe
    c:\program files\Creative\Shared Files\CTAudSvc.exe
    c:\windows\system32\nvvsvc.exe
    c:\windows\system32\WUDFHost.exe
    c:\windows\system32\WUDFHost.exe
    c:\windows\system32\PRISMSVR.EXE
    c:\windows\system32\taskhost.exe
    c:\windows\system32\PnkBstrA.exe
    c:\windows\system32\PnkBstrB.exe
    c:\windows\system32\conhost.exe
    c:\program files\Windows Media Player\WMPSideShowGadget.exe
    c:\windows\System32\rundll32.exe
    c:\program files\UltraMon\UltraMon.exe
    c:\users\Niek\AppData\Local\Google\Update\1.2.183.29\GoogleCrashHandler.exe
    c:\program files\Logitech\GamePanel Software\Applets\LCDClock.exe
    c:\program files\Logitech\GamePanel Software\Applets\LCDCountdown.exe
    c:\program files\Logitech\GamePanel Software\Applets\LCDRSS.exe
    c:\program files\UltraMon\UltraMonTaskbar.exe
    c:\program files\Windows Media Player\wmplayer.exe
    c:\program files\Windows Media Player\wmpnetwk.exe
    c:\windows\system32\taskhost.exe
    c:\program files\Windows Live\Contacts\wlcomm.exe
    c:\windows\system32\sppsvc.exe
    .
    **************************************************************************
    .
    Voltooingstijd: 2010-09-02 23:13:30 - machine werd herstart
    ComboFix-quarantined-files.txt 2010-09-02 21:13
    ComboFix2.txt 2010-08-09 19:20

    Pre-Run: 8.803.061.760 bytes beschikbaar
    Post-Run: 8.654.716.928 bytes beschikbaar

    - - End Of File - - A07324C0D7868F40D9B27ACC26C4066B

    De fake virusscanner start in ieder geval niet meer op.
    Bedankt! :]
    Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
    Antwoord met Citaat Antwoord met Citaat
  4. 03-09-10, 11:18 #4
    Tommiiee
    Tommiiee is offline.
    Hijack Mod Tommiiee's Avatar
    Ingeschreven
    May 2007
    Locatie
    Helmond
    Berichten
    2.926
    Hoi

    Open Kladblok.
    Kopieer en plak het volgende (vetgedrukte, blauwe tekst) in een leeg venster:


    FILE::
    c:\programdata\3A0w7oOhy.dat

    FCOPY::
    c:\windows\ERDNT\cache\atapi.sys | c:\windows\System32\drivers\atapi.sys

    Sla dit op op je Bureaublad als CFScript.txt


    Sleep CFScript.txt in ComboFix.exe zoals getoond in onderstaand voorbeeld:



    Dit zal ComboFix doen herstarten.
    Start opnieuw op als daarom gevraagd wordt, en post de inhoud van de Combofix.txt in je volgende antwoord samen met een nieuw HijackThis log.


    Mvg,
    Tom
    Tevreden met de hulp die we je geboden hebben? Overweeg een donatie!

    Ben jij een Knights and Merchants fan? Bezoek dan de Engelse fansite met een actieve community en unieke informatie over de Remake van Knights and Merchants!
    Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
    Antwoord met Citaat Antwoord met Citaat
  5. 03-09-10, 12:24 #5
    niek XD
    niek XD is offline.
    Ingeschreven
    Oct 2009
    Berichten
    5
    Hoi :]
    hier de logs:
    combofix:

    ComboFix 10-09-02.01 - Niek 03-09-2010 11:45:03.6.4 - x86
    Microsoft Windows 7 Ultimate 6.1.7600.0.1252.31.1043.18.3326.2232 [GMT 2:00]
    Gestart vanuit: c:\users\Niek\Desktop\ComboFix.exe
    gebruikte Opdracht switches :: c:\users\Niek\Desktop\CFScript.txt

    FILE ::
    "c:\programdata\3A0w7oOhy.dat"
    .

    (((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\programdata\3A0w7oOhy.dat

    .
    --------------- FCopy ---------------

    c:\windows\ERDNT\cache\atapi.sys --> c:\windows\System32\drivers\atapi.sys
    .
    (((((((((((((((((((( Bestanden Gemaakt van 2010-08-03 to 2010-09-03 ))))))))))))))))))))))))))))))
    .

    2010-09-03 10:07 . 2010-0a-03 10:07 -------- d-----w- c:\users\Public\AppData\Local\temp
    2010-09-03 10:07 . 2010-09-03 10:07 -------- d-----w- c:\users\Mcx1-NIEK-DE-EEND\AppData\Local\temp
    2010-09-03 10:07 . 2010-09-03 10:07 -------- d-----w- c:\users\Default\AppData\Local\temp
    2010-09-02 14:35 . 2010-09-02 14:36 -------- d-----w- C:\ImpactPKCacheV116
    2010-08-29 23:43 . 2010-08-29 23:43 -------- d-----w- C:\ImpactPKCacheV115
    2010-08-27 18:22 . 2010-08-27 18:22 -------- d-----w- c:\program files\Common Files\SWF Studio
    2010-08-27 18:22 . 2010-08-27 18:22 -------- d-----w- c:\program files\Riva
    2010-08-27 16:44 . 2010-08-27 16:45 -------- d-----w- c:\program files\AutoHotkey
    2010-08-27 16:37 . 2010-08-27 16:37 -------- d-----w- c:\users\Niek\AppData\Local\Orekaria
    2010-08-27 16:36 . 2010-08-27 16:36 -------- d-----w- c:\program files\Orekaria
    2010-08-26 15:15 . 2010-08-28 09:04 -------- d-----w- c:\users\Niek\AppData\Local\Unity
    2010-08-25 11:13 . 2010-04-07 07:10 571904 ----a-w- c:\windows\system32\oleaut32.dll
    2010-08-24 12:35 . 2010-08-24 12:39 -------- d-----w- c:\programdata\Escritorio
    2010-08-24 12:35 . 2010-08-24 12:35 -------- d-----w- C:\Archivos de programa
    2010-08-24 12:35 . 2010-08-24 12:35 -------- d-----w- c:\program files\DIFX
    2010-08-24 12:35 . 2010-08-24 12:35 -------- dc----w- c:\windows\system32\DRVSTORE
    2010-08-23 14:02 . 2010-08-23 14:02 -------- d-----w- c:\users\Niek\AppData\Local\CrashRpt
    2010-08-13 17:21 . 2010-08-13 17:21 -------- d-----w- c:\users\Niek\AppData\Local\Microsoft Game Studios
    2010-08-13 17:08 . 2010-08-13 17:08 -------- d-----w- c:\program files\Common Files\Microsoft Games
    2010-08-13 13:38 . 2010-08-13 13:38 -------- d-----w- c:\program files\MSXML 4.0
    2010-08-11 12:06 . 2010-06-14 06:12 1286016 ----a-w- c:\windows\system32\drivers\tcpip.sys
    2010-08-09 19:11 . 2010-08-09 19:11 -------- d-----w- C:\Device
    2010-08-08 19:24 . 2010-08-08 19:24 -------- d-----w- c:\programdata\Messenger Plus!
    2010-08-08 19:24 . 2010-08-09 18:07 -------- d-----w- c:\program files\Messenger Plus! Live

    .
    ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2010-09-03 09:19 . 2010-06-26 12:54 -------- d-----w- c:\users\Niek\AppData\Roaming\WhatPulse
    2010-09-03 08:33 . 2010-03-13 20:19 -------- d-----w- c:\program files\Steam
    2010-09-03 08:32 . 2010-03-13 20:32 -------- d-----w- c:\programdata\NVIDIA
    2010-09-02 21:04 . 2010-03-27 09:05 -------- d-----w- c:\programdata\Kaspersky Lab
    2010-09-02 01:36 . 2009-07-14 08:27 78538 ----a-w- c:\windows\system32\perfh013.dat
    2010-09-02 01:36 . 2009-07-14 08:27 31968 ----a-w- c:\windows\system32\perfc013.dat
    2010-08-31 18:54 . 2010-03-13 20:05 137256 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
    2010-08-31 18:54 . 2010-03-13 20:05 218808 ----a-w- c:\windows\system32\PnkBstrB.exe
    2010-08-31 18:05 . 2010-05-16 10:44 -------- d-----w- c:\users\Niek\AppData\Roaming\vlc
    2010-08-31 16:45 . 2010-03-24 17:17 -------- d-----w- c:\users\Niek\AppData\Roaming\Xfire
    2010-08-30 20:41 . 2010-03-16 18:38 -------- d-----w- c:\users\Niek\AppData\Roaming\Vso
    2010-08-30 11:11 . 2010-06-26 12:54 -------- d-----w- c:\program files\WhatPulse
    2010-08-30 11:11 . 2010-03-24 17:17 -------- d-----w- c:\programdata\Xfire
    2010-08-30 11:11 . 2010-03-14 07:39 -------- d-----w- c:\users\Niek\AppData\Roaming\uTorrent
    2010-08-17 10:10 . 2010-03-14 19:46 99 ----a-w- c:\users\Niek\jagex_runescape_preferences2.dat
    2010-08-17 10:10 . 2010-03-14 19:45 46 ----a-w- c:\users\Niek\jagex_runescape_preferences.dat
    2010-08-17 10:08 . 2010-03-29 07:40 50 ----a-w- c:\users\Niek\jagex__preferences3.dat
    2010-08-13 17:53 . 2010-03-13 20:09 115144 ----a-w- c:\users\Niek\AppData\Local\GDIPFONTCACHEV1.DAT
    2010-08-13 17:09 . 2010-03-13 20:44 -------- d--h--w- c:\program files\InstallShield Installation Information
    2010-08-13 16:39 . 2009-07-14 04:52 -------- d-----w- c:\program files\Microsoft Games
    2010-08-13 11:28 . 2010-03-13 20:44 -------- d-----w- c:\program files\Common Files\InstallShield
    2010-08-11 17:38 . 2010-03-18 14:58 -------- d-----w- c:\programdata\Microsoft Help
    2010-08-09 19:01 . 2010-04-27 17:15 -------- d-----w- c:\program files\PowerISO
    2010-07-29 06:30 . 2010-08-11 12:06 197632 ----a-w- c:\windows\system32\ir32_32.dll
    2010-07-29 06:30 . 2010-08-11 12:06 82944 ----a-w- c:\windows\system32\iccvid.dll
    2010-07-25 09:11 . 2010-07-25 09:11 -------- d-----w- c:\users\Niek\AppData\Roaming\Realtime Soft
    2010-07-25 09:11 . 2010-07-25 09:11 -------- d-----w- c:\program files\Common Files\Realtime Soft
    2010-07-25 09:11 . 2010-07-25 09:11 -------- d-----w- c:\programdata\Realtime Soft
    2010-07-25 09:11 . 2010-07-25 09:11 -------- d-----w- c:\program files\UltraMon
    2010-07-25 09:01 . 2010-03-14 07:40 -------- d-----w- c:\program files\uTorrent
    2010-07-23 07:06 . 2010-07-23 07:06 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\Markup.dll
    2010-07-23 07:06 . 2010-07-23 07:06 923456 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
    2010-07-22 18:21 . 2010-05-16 07:57 -------- d-----w- c:\programdata\VMware
    2010-07-20 20:12 . 2010-03-13 20:29 -------- d-----w- c:\program files\Windows Live
    2010-07-20 20:11 . 2010-07-20 20:11 -------- d-----w- c:\program files\Windows Live SkyDrive
    2010-07-20 11:17 . 2010-04-10 20:41 -------- d-----w- c:\program files\Rockstar Games
    2010-07-20 11:17 . 2010-03-31 19:02 -------- d-----w- c:\program files\2K Games
    2010-07-17 10:17 . 2010-07-17 10:17 -------- d-----w- c:\program files\Infogrames
    2010-07-16 09:29 . 2010-07-16 09:29 -------- d-----w- c:\users\Niek\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
    2010-07-15 19:12 . 2010-07-15 19:12 -------- d-----w- c:\programdata\regid.1986-12.com.adobe
    2010-07-15 19:11 . 2010-04-05 09:07 -------- d-----w- c:\program files\Common Files\Adobe
    2010-07-15 19:09 . 2010-07-15 19:09 -------- d-----w- c:\program files\Adobe Media Player
    2010-07-15 19:07 . 2010-07-15 19:07 -------- d-----w- c:\program files\Common Files\Adobe AIR
    2010-07-14 11:02 . 2010-07-14 11:02 -------- d-----w- c:\program files\YouTube Downloader
    2010-07-14 10:52 . 2010-07-14 10:52 -------- d-----w- c:\users\Niek\AppData\Roaming\ManyCam
    2010-07-14 10:52 . 2010-07-14 10:51 -------- d-----w- c:\program files\ManyCam
    2010-07-13 12:27 . 2010-03-24 17:17 -------- d-----w- c:\program files\Xfire
    2010-07-12 19:26 . 2010-03-22 15:05 -------- d-----w- c:\program files\Windows Live Safety Center
    2010-07-09 19:04 . 2010-07-09 19:04 41872 ----a-w- c:\windows\system32\xfcodec.dll
    2010-06-30 06:25 . 2010-08-11 12:06 978432 ----a-w- c:\windows\system32\wininet.dll
    2010-06-22 02:47 . 2010-08-11 12:06 310784 ----a-w- c:\windows\system32\drivers\srv.sys
    2010-06-22 02:47 . 2010-08-11 12:06 307200 ----a-w- c:\windows\system32\drivers\srv2.sys
    2010-06-22 02:47 . 2010-08-11 12:06 113664 ----a-w- c:\windows\system32\drivers\srvnet.sys
    2010-06-19 06:33 . 2010-08-11 12:06 3955080 ----a-w- c:\windows\system32\ntkrnlpa.exe
    2010-06-19 06:33 . 2010-08-11 12:06 3899784 ----a-w- c:\windows\system32\ntoskrnl.exe
    2010-06-19 06:23 . 2010-08-11 12:06 37376 ----a-w- c:\windows\system32\rtutils.dll
    2010-06-19 04:07 . 2010-08-11 12:06 2326016 ----a-w- c:\windows\system32\win32k.sys
    2010-06-16 05:48 . 2010-08-11 12:06 224256 ----a-w- c:\windows\system32\schannel.dll
    2010-06-09 08:06 . 2010-06-09 08:06 976832 ----a-w- c:\programdata\Adobe\Reader\9.3\ARM\23681\AdobeARM.exe
    2010-06-09 08:06 . 2010-06-09 08:06 70584 ----a-w- c:\programdata\Adobe\Reader\9.3\ARM\23681\AdobeExtractFiles.dll
    2010-06-09 08:06 . 2010-06-09 08:06 331176 ----a-w- c:\programdata\Adobe\Reader\9.3\ARM\23681\ReaderUpdater.exe
    2010-06-09 08:06 . 2010-06-09 08:06 331176 ----a-w- c:\programdata\Adobe\Reader\9.3\ARM\23681\AcrobatUpdater.exe
    2010-06-08 06:02 . 2010-08-11 12:06 1233920 ----a-w- c:\windows\system32\msxml3.dll
    2009-06-10 21:26 . 2009-07-14 02:04 9633792 --sha-r- c:\windows\Fonts\StaticCache.dat
    2009-07-14 01:14 . 2009-07-13 23:42 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe
    .

    ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Steam"="c:\program files\steam\steam.exe" [2010-08-25 1242448]
    "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-04-16 3872080]
    "Google Update"="c:\users\Niek\AppData\Local\Google\Update\GoogleUpdate.exe" [2010-03-13 135664]
    "WhatPulse"="c:\program files\WhatPulse\WhatPulse.exe" [2009-04-08 2814976]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "P17RunE"="P17RunE.dll" [2008-03-28 14848]
    "Launch LgDeviceAgent"="c:\program files\Logitech\GamePanel Software\LgDevAgt.exe" [2010-02-18 357448]
    "Launch LCDMon"="c:\program files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe" [2010-02-18 1573448]
    "AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
    "SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
    "AdobeCS5ServiceManager"="c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]
    "Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2010-05-10 439568]

    c:\users\Niek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    Xfire.lnk - c:\program files\Xfire\Xfire.exe [2010-7-9 3493776]

    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    UltraMon.lnk - c:\windows\Installer\{B49673F8-7AB6-4A14-8213-C8A7BE370010}\IcoUltraMon.ico [2010-7-25 29310]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 0 (0x0)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableLUA"= 0 (0x0)
    "EnableUIADesktopToggle"= 0 (0x0)
    "PromptOnSecureDesktop"= 0 (0x0)

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\PRISMAPI.DLL]
    2005-11-16 14:57 450646 ----a-w- c:\windows\System32\PRISMAPI.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\persistentroutes]
    "72.55.172.157,255.255.255.255,192.168.0.12,1"=""

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "mixer1"=wdmaud.drv

    [HKLM\~\startupfolder\C:^Users^Niek^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Xfire.lnk]
    path=c:\users\Niek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Xfire.lnk
    backup=c:\windows\pss\Xfire.lnk.Startup
    backupExtension=.Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
    2010-04-14 14:26 30192 ----a-w- c:\program files\Google\Google Desktop Search\GoogleDesktop.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
    2010-03-13 20:09 135664 ----atw- c:\users\Niek\AppData\Local\Google\Update\GoogleUpdate.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
    2008-10-25 10:44 31072 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe

    R1 MpKsl5476828c;MpKsl5476828c;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{AF17BD55-43F6-47E1-8225-DB6C09A90CBB}\MpKsl5476828c.sys [x]
    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
    R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2010-03-13 79360]
    R3 GoogleDesktopManager-110309-193829;Google Desktop Manager 5.9.911.3589;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2010-04-14 30192]
    R3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys [2009-11-23 14856]
    R3 libusb0;LibUsb-Win32 - Kernel Driver 11/20/2005, 20051120;c:\windows\system32\DRIVERS\libusb0.sys [2006-05-31 29184]
    R3 PVUSB;CESG502 USB Driver;c:\windows\system32\DRIVERS\CESG502.sys [2007-03-13 47648]
    R3 rt70x86;%WUSB54Gv4.Service.DispName%;c:\windows\system32\DRIVERS\netr70.sys [2010-04-27 306016]
    R3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
    R3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-06-05 1343400]
    R4 sptd;sptd;c:\windows\system32\Drivers\sptd.sys [2010-03-30 691696]
    S2 cpuz133;cpuz133;c:\windows\system32\drivers\cpuz133_x32.sys [2010-03-10 20968]
    S2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2009-10-20 50704]
    S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-03-16 240232]
    S2 TeamViewer5;TeamViewer 5;c:\program files\TeamViewer\Version5\TeamViewer_Service.exe [2010-02-11 172328]
    S2 UltraMonUtility;UltraMon Utility Driver;c:\program files\Common Files\Realtime Soft\UltraMonMirrorDrv\x32\UltraMonUtility.sys [2008-11-14 17184]
    S3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys [2009-11-23 19720]
    S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-12-19 249888]


    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    getPlusHelper REG_MULTI_SZ getPlusHelper
    .
    Inhoud van de 'Gedeelde Taken' map

    2010-09-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3247001266-938410729-788923676-1000Core.job
    - c:\users\Niek\AppData\Local\Google\Update\GoogleUpdate.exe [2010-03-13 20:09]

    2010-09-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3247001266-938410729-788923676-1000UA.job
    - c:\users\Niek\AppData\Local\Google\Update\GoogleUpdate.exe [2010-03-13 20:09]
    .
    .
    ------- Bijkomende Scan -------
    .
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
    FF - ProfilePath - c:\users\Niek\AppData\Roaming\Mozilla\Firefox\Profiles\sgtokbx8.default\
    FF - component: c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\components\FFGlobalExtension.dll
    FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
    FF - plugin: c:\program files\NVIDIA Corporation\3D Vision\npnv3dv.dll
    FF - plugin: c:\users\Niek\AppData\Local\Google\Update\1.2.183.29\npGoogleOneClick8.dll
    FF - plugin: c:\users\Niek\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
    .
    .
    --------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------

    [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
    @Denied: (2) (LocalSystem)
    "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
    d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,a9,5a,fd,5b,c7,9b,6f,4c,8b,26,20,\
    "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
    d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,a9,5a,fd,5b,c7,9b,6f,4c,8b,26,20,\

    [HKEY_USERS\S-1-5-21-3247001266-938410729-788923676-1000\Software\SecuROM\License information*]
    "datasecu"=hex:7c,04,ff,1c,cf,38,19,c9,79,eb,f4,16,8e,4a,da,39,67,aa,28,23,20,
    c2,c0,97,00,b2,a4,5d,28,36,4e,dd,f3,55,cc,55,50,c8,54,bd,bf,29,04,bc,c7,36,\
    "rkeysecu"=hex:27,9a,4b,46,9d,70,5e,8f,7d,de,2a,2a,f2,f2,d6,b2
    .
    Voltooingstijd: 2010-09-03 12:10:46
    ComboFix-quarantined-files.txt 2010-09-03 10:10
    ComboFix2.txt 2010-09-02 21:13
    ComboFix3.txt 2010-08-09 19:20

    Pre-Run: 7.978.553.344 bytes beschikbaar
    Post-Run: 7.950.512.128 bytes beschikbaar

    - - End Of File - - AE16A658013391695D1F09E13F1A4317

    HijackThis:

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 12:24:39, on 3-9-2010
    Platform: Unknown Windows (WinNT 6.01.3504)
    MSIE: Unable to get Internet Explorer version!
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\system32\PRISMSVR.EXE
    C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe
    C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe
    C:\Program Files\Steam\steam.exe
    C:\Program Files\Windows Media Player\WMPSideShowGadget.exe
    C:\Program Files\Windows Media Player\wmplayer.exe
    C:\Program Files\WhatPulse\WhatPulse.exe
    C:\Program Files\Logitech\GamePanel Software\Applets\LCDClock.exe
    C:\Program Files\Logitech\GamePanel Software\Applets\LCDCountdown.exe
    C:\Program Files\Logitech\GamePanel Software\Applets\LCDRSS.exe
    C:\Users\Niek\AppData\Local\Google\Update\1.2.183.29\GoogleCrashHandler.exe
    C:\Program Files\UltraMon\UltraMon.exe
    C:\Program Files\Xfire\Xfire.exe
    C:\Program Files\UltraMon\UltraMonTaskbar.exe
    C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
    C:\Windows\system32\notepad.exe
    C:\Windows\system32\notepad.exe
    C:\Windows\explorer.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\Program Files\Windows Live\Contacts\wlcomm.exe
    C:\Users\Niek\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Niek\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Niek\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Niek\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Niek\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
    O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O4 - HKLM\..\Run: [P17RunE] RunDll32 P17RunE.dll,RunDLLEntry
    O4 - HKLM\..\Run: [Launch LgDeviceAgent] "C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe"
    O4 - HKLM\..\Run: [Launch LCDMon] "C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe"
    O4 - HKLM\..\Run: [AdobeAAMUpdater-1.0] "C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
    O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
    O4 - HKLM\..\Run: [AdobeCS5ServiceManager] "C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
    O4 - HKLM\..\Run: [Microsoft Default Manager] "C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
    O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [Google Update] "C:\Users\Niek\AppData\Local\Google\Update\GoogleUpdate.exe" /c
    O4 - HKCU\..\Run: [WhatPulse] C:\Program Files\WhatPulse\WhatPulse.exe
    O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\Xfire.exe
    O4 - Global Startup: UltraMon.lnk = ?
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/reso...an8/oscan8.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://ccfiles.creative.com/Web/soft...5111/CTPID.cab
    O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
    O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll
    O23 - Service: Creative Audio Engine Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe
    O23 - Service: Creative Audio Service (CTAudSvcService) - Creative Technology Ltd - C:\Program Files\Creative\Shared Files\CTAudSvc.exe
    O23 - Service: Google Desktop Manager 5.9.911.3589 (GoogleDesktopManager-110309-193829) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
    O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
    O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe
    O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies, Inc. - C:\Program Files\WinPcap\rpcapd.exe
    O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
    O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
    O23 - Service: TeamViewer 5 (TeamViewer5) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe

    --
    End of file - 7330 bytes

    Het lijkt alsof ik geen problemen meer heb..
    Ik weet natuurlijk niet of het helemaal schoon is :]
    EDIT: als ik in sluimerstand ga, sluit de PC niet af maar gaat hij naar het scherm waar je een gebruiker kan kiezen, ik weet niet of dat hiermee te maken heeft..

    Bedankt
    Laatst gewijzigd door niek XD; 03-09-10 om 14:22.
    Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
    Antwoord met Citaat Antwoord met Citaat
  6. 04-09-10, 11:34 #6
    Tommiiee
    Tommiiee is offline.
    Hijack Mod Tommiiee's Avatar
    Ingeschreven
    May 2007
    Locatie
    Helmond
    Berichten
    2.926
    Hoi

    Bij de sluimerstand in Windows 7 gaat de PC ook niet uit. Dat is de slaapstand. Er stond een mooie uitleg hier op PCH, maar die is verloren gegaan tijdens de overgang naar vBulletin

    Je mag even een volledige scan doen met MBAM (eerst updaten), en de resultaten hier plaatsen.
    Het ziet er al beter uit.

    Mvg,
    Tom
    Tevreden met de hulp die we je geboden hebben? Overweeg een donatie!

    Ben jij een Knights and Merchants fan? Bezoek dan de Engelse fansite met een actieve community en unieke informatie over de Remake van Knights and Merchants!
    Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
    Antwoord met Citaat Antwoord met Citaat
  7. 04-09-10, 22:38 #7
    niek XD
    niek XD is offline.
    Ingeschreven
    Oct 2009
    Berichten
    5
    Hoi :]
    Mbam log:

    Malwarebytes' Anti-Malware 1.46
    Malwarebytes

    Databaseversie: 4411

    Windows 6.1.7600
    Internet Explorer 8.0.7600.16385

    4-9-2010 22:35:40
    mbam-log-2010-09-04 (22-35-40).txt

    Scantype: Volledige scan (C:\|)
    Objecten gescand: 374305
    Verstreken tijd: 1 uur/uren, 19 minuut/minuten, 52 seconde(n)

    Geheugenprocessen geïnfecteerd: 0
    Geheugenmodulen geïnfecteerd: 0
    Registersleutels geïnfecteerd: 0
    Registerwaarden geïnfecteerd: 0
    Registerdata geïnfecteerd: 0
    Mappen geïnfecteerd: 0
    Bestanden geïnfecteerd: 2

    Geheugenprocessen geïnfecteerd:
    (Geen kwaadaardige objecten gedetecteerd)

    Geheugenmodulen geïnfecteerd:
    (Geen kwaadaardige objecten gedetecteerd)

    Registersleutels geïnfecteerd:
    (Geen kwaadaardige objecten gedetecteerd)

    Registerwaarden geïnfecteerd:
    (Geen kwaadaardige objecten gedetecteerd)

    Registerdata geïnfecteerd:
    (Geen kwaadaardige objecten gedetecteerd)

    Mappen geïnfecteerd:
    (Geen kwaadaardige objecten gedetecteerd)

    Bestanden geïnfecteerd:
    C:\Program Files\Ubisoft\Ubisoft Game Launcher\storage\ubiorbitapi_r2.dll (Trojan.Agent.CK) -> Quarantined and deleted successfully.
    C:\Program Files\Ubisoft\Ubisoft Game Launcher\Ubisoft Game Launcher\storage\ubiorbitapi_r2.dll (Trojan.Agent.CK) -> Quarantined and deleted successfully.

    Heb nu geen problemen meer, behalve dan dat met sluimerstand want eerst ging mijn pc dan echt uit, maar ik betwijfel of het hiermee te maken heeft
    Bedankt!
    Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
    Antwoord met Citaat Antwoord met Citaat
  8. 05-09-10, 17:04 #8
    Tommiiee
    Tommiiee is offline.
    Hijack Mod Tommiiee's Avatar
    Ingeschreven
    May 2007
    Locatie
    Helmond
    Berichten
    2.926
    Prima.

    Graag gedaan

    Lees alvast deze preventie pagina met info en tips hoe dit in de toekomst te voorkomen.
    En lees deze pagina om je computer terug te optimaliseren na het verwijderen van malware.

    Extra nota: Zorg ervoor dat je programma's up to date zijn - want oudere versies kunnen beveiligingslekken bevatten. Om na te gaan welke programma's je moet updaten, voer de Secunia Software Inspector Scan uit.

    Doe ook nog het volgende:

    Systeemherstelpunten verwijderen.
    Om herinfectie via systeemherstel te voorkomen, is het raadzaam de bestaande systeemherstelpunten te verwijderen door systeemherstel tijdelijk uit te schakelen.
    Bekijk hier hoe je systeemherstel uitschakelt.


    Mvg,
    Tom
    Tevreden met de hulp die we je geboden hebben? Overweeg een donatie!

    Ben jij een Knights and Merchants fan? Bezoek dan de Engelse fansite met een actieve community en unieke informatie over de Remake van Knights and Merchants!
    Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
    Antwoord met Citaat Antwoord met Citaat
+ Plaats een Reactie
« Vorig Onderwerp | Volgend Onderwerp »

Forum Rechten

  • Je mag geen nieuwe onderwerpen plaatsen
  • Je mag geen reacties plaatsen
  • Je mag geen bijlagen toevoegen
  • Je mag jouw berichten niet wijzigen

Forum Regels


SEO by vBSEO 3.5.1