Archief - hijackthis log - spyware guard 2008

Het archief is een bevroren moment uit een vorige versie van dit forum, met andere regels en andere bazen. Deze posts weerspiegelen op geen enkele manier onze huidige ideeën, waarden of wereldbeelden en zijn op sommige plaatsen gecensureerd wegens ontoelaatbaar. Veel zijn in een andere tijdsgeest gemaakt, al dan niet ironisch - zoals in het ironische subforum Off-Topic - en zouden op dit moment niet meer gepost (mogen) worden. Toch bieden we dit archief nog graag aan als informatiedatabank en naslagwerk. Lees er hier meer over of start een gesprek met anderen.

poppek

Legacy Member
Sinds kort staat er een vals antispyware programma op mijn pc, namelijk spyware guard 2008. Ik heb al wat gegoogeled en gevonden dat ik het zou kunnen oplossen met Malwarebytes AntiMalware, ik heb dit op mijn laptop gedownload, met een usb stick overgezet op mijn pc en proberen uitvoeren maar dit lukt niet.. Ik heb dit via mijn laptop gedaan omdat je op mijn pc niks deftig meer kan doen door spyware guard. Hier mijn hijackthis log: (het is wel niet de laatste versie omdat deze ook al niet werkt, met een oudere versie lukte het wel)

Logfile of HijackThis v1.99.1
Scan saved at 13:26:56, on 27/12/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)

Running processes:
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\winscenter.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\LVComsX.exe
C:\Documents and Settings\Thuis\Bureaublad\mbam-setup.exe
C:\Documents and Settings\Thuis\Mijn documenten\Nieuwe map\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;*.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\twext.exe,
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [spywareguard] C:\Program Files\Spyware Guard 2008\spywareguard.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - Startup: OneNote 2007 Schermopname en Snel starten.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O11 - Options group: [INTERNATIONAL] International*
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://hannemien.spaces.live.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {54BE6B6F-3056-470B-97E1-BB92E051B6C4} (DeviceEnum Class) - http://h20264.www2.hp.com/ediags/dd/install/HPDriverDiagnosticsxp2k.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/FacebookPhotoUploader3.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/NL-BE/a-UNO1/GAME_UNO1.cab
O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v5.cab
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - AppInit_DLLs: C:\WINDOWS\System32\dot3cfg32.dll
O20 - Winlogon Notify: 10b11c509 - C:\WINDOWS\System32\dot3cfg32.dll
O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)
O20 - Winlogon Notify: fccbcdb - fccbcdb.dll (file missing)
O20 - Winlogon Notify: jkkigdd - jkkigdd.dll (file missing)
O20 - Winlogon Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: ieModule - {7CC8CC99-05AD-4E93-B4E2-8FCF51C1F39F} - C:\Documents and Settings\All Users\Application Data\Microsoft\Internet Explorer\DLLs\ieModule.dll
O21 - SSODL: InternetConnection - {97A4218C-D699-4B14-A5E7-A7815BE3E5DC} - C:\Documents and Settings\All Users\Application Data\Microsoft\Internet Explorer\DLLs\hisyjcaxlo.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

poppek

Legacy Member
Kben er toch in geslaagd om de nieuwste versie van hijackthis te laten draaien door het op mijn usbstick te installeren en vanop mijn usbstick op mijn pc te laten draaien hier de log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:49:19, on 28/12/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\ATKKBService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Spyware Guard 2008\spywareguard.exe
J:\hijack\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;*.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\twext.exe,
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [spywareguard] C:\Program Files\Spyware Guard 2008\spywareguard.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKLM\..\Policies\Explorer\Run: [none] C:\Program Files\Video ActiveX Object\pmsngr.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://hannemien.spaces.live.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {54BE6B6F-3056-470B-97E1-BB92E051B6C4} (DeviceEnum Class) - http://h20264.www2.hp.com/ediags/dd/install/HPDriverDiagnosticsxp2k.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/FacebookPhotoUploader3.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/NL-BE/a-UNO1/GAME_UNO1.cab
O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v5.cab
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O20 - AppInit_DLLs: C:\WINDOWS\System32\dot3cfg32.dll
O20 - Winlogon Notify: 10b11c509 - C:\WINDOWS\System32\dot3cfg32.dll
O20 - Winlogon Notify: fccbcdb - fccbcdb.dll (file missing)
O20 - Winlogon Notify: jkkigdd - jkkigdd.dll (file missing)
O21 - SSODL: ieModule - {7CC8CC99-05AD-4E93-B4E2-8FCF51C1F39F} - C:\Documents and Settings\All Users\Application Data\Microsoft\Internet Explorer\DLLs\ieModule.dll
O21 - SSODL: InternetConnection - {97A4218C-D699-4B14-A5E7-A7815BE3E5DC} - C:\Documents and Settings\All Users\Application Data\Microsoft\Internet Explorer\DLLs\hisyjcaxlo.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 8516 bytes

Ik heb hetzelfde geprobeerd met Malwarebytes AntiMalware maar dit lukt jammer genoeg niet..

Juisterr

Legacy Member
Download Combofix naar je Bureaublad en gebruik het volgens deze handleiding.

OPMERKING: indien je, tijdens of na het downloaden van Combofix of tijdens het gebruik van Combofix een melding krijgt van je Antivirus- of een andere realtime scanner, schakel dan deze scanner uit en download Combofix opnieuw.
Sommige scanners zien bepaalde componenten die Combofix gebruikt als verdacht en gaan deze blokkeren of verwijderen!
  • Dubbelklik op Combofix.exe om het te starten.
  • Indien je Combofix al eerder hebt gebruikt, kan je een waarschuwing krijgen dat een update beschikbaar is. Sta toe dat ComboFix wordt geupdate.
  • Klik op OK in het "NirCmd" venstertje.
  • Indien de Recovery Console niet geïnstalleerd is, wordt je gevraagd om dit alsnog te doen door op JA te klikken in het "Query - Recovery Console" venster.
  • Klik op OK en Ja om automatisch de Recovery Console te laten installeren.
  • Klik na afloop terug op Ja om het scannen op malware te starten.
  • Tijdens het runnen van de fix, NIET in het venster klikken, want dit zal je pc doen vasthangen.
  • Wanneer de fix voltooid is en na herstart, zal de log Combofix.txt openen.
Post dit logje in je volgende antwoord.

poppek

Legacy Member
dit opent ook niet.. net zoals Malwarebytes AntiMalware.. ze komen wel bij processen bij taakbeheer maar ze worden niet geopend en na een tijdje verdwijnen ze weer vanzelf uit taakbeheer. Ik heb ook al systeemherstel geprobeerd maar dit werkt ook niet, ik kan wel een herstelpunt selecteren maar als ik de laatste keer op "volgende" moet klikken gebeurt er nieks meer.

poppek

Legacy Member
kheb nog wa gezocht en deze oplossing gevonden:
"
Ga naar control panel en klik op systeem. (system properties). Klik vervolgens op hardware. Dan klik je op apparaatbeheer (devicemanager). Bovenin zie je 'beeld' of view. Daar klik je op. Dan op verborgen apparaten(hidden devices klikken). Naar beneden scrollen tot je "non-plug-and-play-drivers ziet. Daar klik je op.
Vervolgens zoek je TDSSserv.Sys. Met de rechtermuisknop klikken en uitschakelen. LET OP: NIET VERWIJDEREN, het installeert zichzelf anders weer!!!!!
Dan toepassen of Apply klikken en pc opnieuw opstarten.
Nu kun je je antivirus weer updaten en de troep van je pc verwijderen.

Noot: het uitschakelen van dit bestand zorgt ervoor dat de infectie niet meer kan communiceren met 127.0.0.xxx (jouw pc) en eigenlijk niet meer functioneert. (UITLEG VOOR LEKEN)
"

Na dit te doen is het tot mijn grote vreugde gelukt om Malwarebytes AntiMalware te draaien :applause:
dit is de log:
Malwarebytes' Anti-Malware 1.31
Database versie: 1568
Windows 5.1.2600 Service Pack 3

29/12/2008 20:58:24
mbam-log-2008-12-29 (20-58-24).txt

Scan type: Volledige Scan (C:\|)
Objecten gescand: 193185
Verstreken tijd: 1 hour(s), 9 minute(s), 24 second(s)

Geheugenprocessen geïnfecteerd: 1
Geheugenmodulen geïnfecteerd: 3
Registersleutels geïnfecteerd: 4
Registerwaarden geïnfecteerd: 4
Registerdata bestanden geïnfecteerd: 1
Mappen geïnfecteerd: 2
Bestanden geïnfecteerd: 23

Geheugenprocessen geïnfecteerd:
C:\Program Files\Spyware Guard 2008\spywareguard.exe (Rogue.SpywareGuard) -> Unloaded process successfully.

Geheugenmodulen geïnfecteerd:
C:\Documents and Settings\All Users\Application Data\Microsoft\Internet Explorer\DLLs\hisyjcaxlo.dll (Trojan.FakeAlert) -> Delete on reboot.
C:\Documents and Settings\All Users\Application Data\Microsoft\Internet Explorer\DLLs\ieModule.dll (Trojan.FakeAlert) -> Delete on reboot.
C:\Documents and Settings\All Users\Application Data\Microsoft\Internet Explorer\DLLs\moduleie.dll (Trojan.FakeAlert) -> Delete on reboot.

Registersleutels geïnfecteerd:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\spyware guard 2008 (Rogue.SpywareGuard) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Spyware Guard 2008 (Rogue.SpywareGuard) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{97a4218c-d699-4b14-a5e7-a7815be3e5dc} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{7cc8cc99-05ad-4e93-b4e2-8fcf51c1f39f} (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Registerwaarden geïnfecteerd:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\spywareguard (Rogue.SpywareGuard) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Network\UID (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\InternetConnection (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\ieModule (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Registerdata bestanden geïnfecteerd:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Hijack.UserInit) -> Bad: (C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\twext.exe,) Good: (userinit.exe) -> Quarantined and deleted successfully.

Mappen geïnfecteerd:
C:\Program Files\Spyware Guard 2008 (Rogue.SpywareGuard) -> Quarantined and deleted successfully.
C:\Program Files\Spyware Guard 2008\quarantine (Rogue.SpywareGuard) -> Quarantined and deleted successfully.

Bestanden geïnfecteerd:
C:\Documents and Settings\Thuis\Local Settings\Temporary Internet Files\Content.IE5\RB1KPLET\SpywareGuard2008[1].exe (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Program Files\Spyware Guard 2008\conf.cfg (Rogue.SpywareGuard) -> Quarantined and deleted successfully.
C:\Program Files\Spyware Guard 2008\mbase.vdb (Rogue.SpywareGuard) -> Quarantined and deleted successfully.
C:\Program Files\Spyware Guard 2008\quarantine.vdb (Rogue.SpywareGuard) -> Quarantined and deleted successfully.
C:\Program Files\Spyware Guard 2008\queue.vdb (Rogue.SpywareGuard) -> Quarantined and deleted successfully.
C:\Program Files\Spyware Guard 2008\spywareguard.exe (Rogue.SpywareGuard) -> Quarantined and deleted successfully.
C:\Program Files\Spyware Guard 2008\uninstall.exe (Rogue.SpywareGuard) -> Quarantined and deleted successfully.
C:\Program Files\Spyware Guard 2008\vbase.vdb (Rogue.SpywareGuard) -> Quarantined and deleted successfully.
C:\WINDOWS\sysexplorer.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\winscenter.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\reged.exe (Rogue.SpywareGuard) -> Quarantined and deleted successfully.
C:\WINDOWS\spoolsystem.exe (Rogue.SpywareGuard) -> Quarantined and deleted successfully.
C:\WINDOWS\sys.com (Rogue.SpywareGuard) -> Quarantined and deleted successfully.
C:\WINDOWS\syscert.exe (Rogue.SpywareGuard) -> Quarantined and deleted successfully.
C:\WINDOWS\vmreg.dll (Rogue.SpywareGuard) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\svhost.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Internet Explorer\DLLs\hisyjcaxlo.dll (Trojan.FakeAlert) -> Delete on reboot.
C:\Documents and Settings\All Users\Application Data\Microsoft\Internet Explorer\DLLs\ieModule.dll (Trojan.FakeAlert) -> Delete on reboot.
C:\Documents and Settings\All Users\Application Data\Microsoft\Internet Explorer\DLLs\moduleie.dll (Trojan.FakeAlert) -> Delete on reboot.
C:\WINDOWS\temp\TDSS82c9.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\temp\TDSS82d8.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\temp\TDSSde0b.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Thuis\Bureaublad\Spyware Guard 2008.lnk (Rogue.SpywareGuard) -> Quarantined and deleted successfully.


Hierna heb ik combofix kunnen draaien de log:


ComboFix 08-12-28.01 - Thuis 2008-12-29 21:39:36.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1043.18.767.478 [GMT 1:00]
Gestart vanuit: c:\documents and settings\Thuis\Bureaublad\ComboFix.exe
* Nieuw herstelpunt werd aangemaakt
.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Administrator\Application Data\02000000529af852509C.manifest
c:\documents and settings\Administrator\Application Data\02000000529af852509O.manifest
c:\documents and settings\Administrator\Application Data\02000000529af852509P.manifest
c:\documents and settings\Administrator\Application Data\02000000529af852509S.manifest
c:\documents and settings\NetworkService\Application Data\twain_32
c:\documents and settings\NetworkService\Application Data\twain_32\user.ds
c:\documents and settings\Thuis\Application Data\02000000529af852509C.manifest
c:\documents and settings\Thuis\Application Data\02000000529af852509O.manifest
c:\documents and settings\Thuis\Application Data\02000000529af852509P.manifest
c:\documents and settings\Thuis\Application Data\02000000529af852509S.manifest
c:\windows\Downloaded Program Files\setup.inf
c:\windows\GnuHashes.ini
c:\windows\system32\dumphive.exe
c:\windows\system32\eemjtadu.ini
c:\windows\system32\GroupPolicy000.dat
c:\windows\system32\GroupPolicyManifest
c:\windows\system32\GroupPolicyManifest\1.music.mp3
c:\windows\system32\GroupPolicyManifest\1.music.mp3.kwd
c:\windows\system32\GroupPolicyManifest\10.setup.zip
c:\windows\system32\GroupPolicyManifest\10.setup.zip.kwd
c:\windows\system32\GroupPolicyManifest\11.unpack.zip
c:\windows\system32\GroupPolicyManifest\11.unpack.zip.kwd
c:\windows\system32\GroupPolicyManifest\12.limepro.zip
c:\windows\system32\GroupPolicyManifest\12.limepro.zip.kwd
c:\windows\system32\GroupPolicyManifest\13.keygen.zip
c:\windows\system32\GroupPolicyManifest\13.keygen.zip.kwd
c:\windows\system32\GroupPolicyManifest\2.crack.zip
c:\windows\system32\GroupPolicyManifest\2.crack.zip.kwd
c:\windows\system32\GroupPolicyManifest\8.mpgvideo.mpg
c:\windows\system32\GroupPolicyManifest\8.mpgvideo.mpg.kwd
c:\windows\system32\GroupPolicyManifest\9.remix.mp3
c:\windows\system32\GroupPolicyManifest\9.remix.mp3.kwd
c:\windows\system32\idtfjjlb.ini
c:\windows\system32\mdm.exe
c:\windows\system32\Process.exe
c:\windows\system32\SrchSTS.exe
c:\windows\system32\TDSSosvd.dat
c:\windows\system32\tmp.reg

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_TDSSSERV.SYS
-------\Service_TDSSserv.sys


(((((((((((((((((((( Bestanden Gemaakt van 2008-11-28 to 2008-12-29 ))))))))))))))))))))))))))))))
.

2008-12-29 22:01 . 2008-12-29 22:02 <DIR> d--hs---- c:\windows\system32\GroupPolicyManifest
2008-12-29 22:01 . 2008-12-29 22:01 373,760 --ahs---- c:\windows\system32\2.tmp
2008-12-29 22:01 . 2008-12-29 22:02 0 --a------ c:\windows\system32\GroupPolicy000.dat
2008-12-29 18:13 . 2008-12-29 18:13 <DIR> d-------- c:\documents and settings\Thuis\Application Data\Malwarebytes
2008-12-29 18:08 . 2008-12-29 19:31 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2008-12-29 18:08 . 2008-12-29 18:08 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2008-12-29 18:08 . 2008-12-03 19:52 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2008-12-29 18:08 . 2008-12-03 19:52 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2008-12-15 19:33 . 2008-12-15 19:33 <DIR> d-------- c:\documents and settings\All Users\Application Data\Grisoft
2008-12-11 15:56 . 2008-12-11 15:56 373,760 --ahs---- c:\windows\system32\1A.tmp
2008-12-11 15:56 . 2008-12-11 15:56 135,168 --a------ c:\windows\system32\dot3cfg32.dll
2008-11-29 00:59 . 2008-11-29 01:26 <DIR> d-------- c:\documents and settings\Thuis\Application Data\My Battle for Middle-earth Files

.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-16 15:42 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2008-12-11 18:41 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2008-12-09 09:45 31 ----a-w c:\documents and settings\Thuis\jagex_runescape_preferences.dat
2008-11-28 23:50 --------- d-----w c:\program files\EA GAMES
2008-11-19 18:06 --------- d-----w c:\documents and settings\Thuis\Application Data\U3
2008-09-08 13:50 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\Geschiedenis\History.IE5\MSHist012008090820080909\index.dat
.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-03-09 7561216]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-09-21 c:\windows\KHALMNPR.Exe]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-09-21 c:\windows\KHALMNPR.Exe]

c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2008-09-29 784912]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\10b11c509]
2008-12-11 15:56 135168 c:\windows\system32\dot3cfg32.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2007-11-15 09:10 72208 c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\dot3cfg32.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.3iv2"= 3ivxVfWCodec.dll
"VIDC.HFYU"= huffyuv.dll
"VIDC.VP31"= vp31vfw.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^InterVideo WinCinema Manager.lnk]
path=c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\InterVideo WinCinema Manager.lnk
backup=c:\windows\pss\InterVideo WinCinema Manager.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Logitech Desktop Messenger.lnk]
path=c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\Logitech Desktop Messenger.lnk
backup=c:\windows\pss\Logitech Desktop Messenger.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Thuis^Menu Start^Programma's^Opstarten^Gangsters2Setup.lnk]
path=c:\documents and settings\Thuis\Menu Start\Programma's\Opstarten\Gangsters2Setup.lnk
backup=c:\windows\pss\Gangsters2Setup.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Thuis^Menu Start^Programma's^Opstarten^OneNote 2007 Schermopname en Snel starten.lnk]
path=c:\documents and settings\Thuis\Menu Start\Programma's\Opstarten\OneNote 2007 Schermopname en Snel starten.lnk
backup=c:\windows\pss\OneNote 2007 Schermopname en Snel starten.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2008-04-14 18:02 15360 c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools-1033]
--a------ 2004-08-22 17:05 81920 c:\program files\D-Tools\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
--a------ 2007-08-24 06:00 33648 c:\program files\Microsoft Office\Office12\GrooveMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-03-30 09:36 267048 c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LDM]
--a------ 2005-12-28 13:01 20480 c:\program files\Logitech\Desktop Messenger\8876480\Program\backWeb-8876480.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechSoftwareUpdate]
--a------ 2005-06-08 14:44 196608 c:\program files\Logitech\Video\ManifestEngine.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoRepair]
--a------ 2005-06-08 15:24 458752 c:\program files\Logitech\Video\ISStart.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoTray]
--a------ 2005-06-08 15:14 217088 c:\program files\Logitech\Video\LogiTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LVCOMSX]
--a------ 2005-07-19 17:32 221184 c:\windows\system32\LVCOMSX.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
--a------ 2007-01-19 11:54 5674352 c:\program files\MSN Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2001-07-09 10:50 155648 c:\windows\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
--a------ 2006-03-09 08:29 7561216 c:\windows\system32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
--a------ 2006-03-09 08:29 86016 c:\windows\system32\nvmctray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NVRaidService]
-ra------ 2004-09-02 08:25 83968 c:\windows\system32\nvraidservice.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-03-28 22:37 413696 c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2008-06-10 03:27 144784 c:\program files\Java\jre1.6.0_07\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
--a------ 2007-11-24 18:24 68856 c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a------ 2006-03-09 08:29 1519616 c:\windows\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
--a------ 2004-11-15 11:20 77824 c:\windows\SOUNDMAN.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\EA GAMES\\The Battle for Middle-earth (tm)\\game.dat"=

S3 AvFlt;Antivirus Filter Driver;c:\windows\system32\drivers\av5flt.sys []
S3 NmpdrvN;Audio Player USB Controller;c:\windows\system32\Drivers\NmpdrvN.sys [2006-05-23 15792]
.
- - - - ORPHANS VERWIJDERD - - - -

Notify-fccbcdb - fccbcdb.dll
Notify-jkkigdd - jkkigdd.dll
MSConfigStartUp-BearShare - c:\program files\BearShare\BearShare.exe
MSConfigStartUp-spywareguard - c:\program files\Spyware Guard 2008\spywareguard.exe


.
------- Bijkomende Scan -------
.
uStart Page = hxxp://www.google.be/
mStart Page = about:blank
uInternet Settings,ProxyOverride = localhost;*.local
IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-29 22:01:55
Windows 5.1.2600 Service Pack 3 NTFS

scannen van verborgen processen ...

scannen van verborgen autostart items ...

scannen van verborgen bestanden ...

Scan succesvol afgerond
verborgen bestanden: 0

**************************************************************************
.
--------------------- DLLs Geladen Onder Lopende Processen ---------------------

- - - - - - - > 'winlogon.exe'(744)
c:\windows\System32\dot3cfg32.dll
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
c:\program files\common files\logishrd\bluetooth\LBTServ.dll
.
------------------------ Andere Aktieve Processen ------------------------
.
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\windows\ATKKBService.exe
c:\program files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\wscntfy.exe
c:\program files\Common Files\Logishrd\KHAL2\KHALMNPR.exe
.
**************************************************************************
.
Voltooingstijd: 2008-12-29 22:05:17 - machine werd herstart
ComboFix-quarantined-files.txt 2008-12-29 21:05:15
ComboFix2.txt 2007-07-28 18:47:31

Pre-Run: 16.524.570.624 bytes beschikbaar
Post-Run: 17,222,483,968 bytes beschikbaar

WindowsXP-KB310994-SP2-Home-BootDisk-NLD.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

229 --- E O F --- 2008-12-18 19:49:24


Ten slotte heb ik nog eens hijackthis gedraaid om eens te laten controleren of alles weg is log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:46:00, on 29/12/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\ATKKBService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\LVComsX.exe
C:\Documents and Settings\Thuis\Mijn documenten\hijackthis\hijack\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;*.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://hannemien.spaces.live.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {54BE6B6F-3056-470B-97E1-BB92E051B6C4} (DeviceEnum Class) - http://h20264.www2.hp.com/ediags/dd/install/HPDriverDiagnosticsxp2k.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/FacebookPhotoUploader3.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/NL-BE/a-UNO1/GAME_UNO1.cab
O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v5.cab
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O20 - AppInit_DLLs: C:\WINDOWS\System32\dot3cfg32.dll
O20 - Winlogon Notify: 10b11c509 - C:\WINDOWS\System32\dot3cfg32.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 8316 bytes

Juisterr

Legacy Member
Leuk trucje, bedankt voor het meedelen.


Open Kladblok, kopieer en plak het volgende (vetgedrukte, blauwe tekst) in een leeg venster:

File::
c:\windows\system32\dot3cfg32.dll
Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\10b11c509]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=""




Sla dit op op je Bureaublad als CFScript.txt.

Sleep CFScript.txt in ComboFix.exe zoals getoond in onderstaand voorbeeld :

CFScriptB-4.gif




Dit zal ComboFix doen herstarten.

Na het herstarten van je computer, (indien het vraagt om te herstarten), kopieer en plak de inhoud van Combofix.txt in je volgende antwoord.

vertel even hoe het nu gaat.

poppek

Legacy Member
hier de combofix log:

ComboFix 08-12-30.02 - Thuis 2008-12-31 17:36:41.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1043.18.767.506 [GMT 1:00]
Gestart vanuit: c:\documents and settings\Thuis\Bureaublad\ComboFix.exe
gebruikte Opdracht switches :: c:\documents and settings\Thuis\Bureaublad\CFScript.txt
* Nieuw herstelpunt werd aangemaakt

FILE ::
c:\windows\system32\dot3cfg32.dll
.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Thuis\Application Data\02000000529af852509C.manifest
c:\documents and settings\Thuis\Application Data\02000000529af852509O.manifest
c:\documents and settings\Thuis\Application Data\02000000529af852509P.manifest
c:\documents and settings\Thuis\Application Data\02000000529af852509S.manifest
c:\windows\system32\dot3cfg32.dll
c:\windows\system32\GroupPolicy000.dat
c:\windows\system32\GroupPolicyManifest

.
(((((((((((((((((((( Bestanden Gemaakt van 2008-11-28 to 2008-12-31 ))))))))))))))))))))))))))))))
.

2008-12-31 13:35 . 2008-12-31 13:38 <DIR> d-------- c:\program files\Spybot - Search & Destroy
2008-12-30 17:04 . 2008-12-30 17:04 <DIR> d-------- c:\program files\Nobilis
2008-12-29 18:13 . 2008-12-29 18:13 <DIR> d-------- c:\documents and settings\Thuis\Application Data\Malwarebytes
2008-12-29 18:08 . 2008-12-29 19:31 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2008-12-29 18:08 . 2008-12-29 18:08 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2008-12-29 18:08 . 2008-12-03 19:52 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2008-12-29 18:08 . 2008-12-03 19:52 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2008-12-15 19:33 . 2008-12-15 19:33 <DIR> d-------- c:\documents and settings\All Users\Application Data\Grisoft
2008-12-11 15:56 . 2008-12-11 15:56 373,760 --ahs---- c:\windows\system32\1A.tmp
2008-11-29 00:59 . 2008-12-30 20:22 <DIR> d-------- c:\documents and settings\Thuis\Application Data\My Battle for Middle-earth Files
2008-11-13 14:53 . 2008-10-24 12:21 455,296 -----c--- c:\windows\system32\dllcache\mrxsmb.sys
2008-11-13 14:52 . 2008-09-04 18:17 1,106,944 -----c--- c:\windows\system32\dllcache\msxml3.dll
2008-11-04 19:57 . 2008-11-04 19:57 <DIR> d--h----- c:\windows\PIF

.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-31 16:29 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2008-12-11 18:41 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2008-12-09 09:45 31 ----a-w c:\documents and settings\Thuis\jagex_runescape_preferences.dat
2008-11-28 23:50 --------- d-----w c:\program files\EA GAMES
2008-11-19 18:06 --------- d-----w c:\documents and settings\Thuis\Application Data\U3
2008-09-08 13:50 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\Geschiedenis\History.IE5\MSHist012008090820080909\index.dat
.

((((((((((((((((((((((((((((( snapshot@2008-12-29_22.04.51.00 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-12-30 16:12:45 53,248 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.AudioVideoPlayback\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.AudioVideoPlayback.dll
+ 2008-12-30 16:12:46 12,800 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.Diagnostics\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Diagnostics.dll
+ 2008-12-30 16:12:46 473,600 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.Direct3D\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3D.dll
+ 2008-12-30 16:12:40 2,676,224 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2008-12-30 16:12:41 2,846,720 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2903.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2008-12-30 16:12:42 563,712 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2904.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2008-12-30 16:12:42 567,296 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2905.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2008-12-30 16:12:43 576,000 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2906.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2008-12-30 16:12:43 577,024 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2907.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2008-12-30 16:12:43 577,536 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2908.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2008-12-30 16:12:44 577,536 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2909.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2008-12-30 16:12:44 578,560 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2910.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2008-12-30 16:12:46 578,560 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2911.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2008-12-30 16:12:46 145,920 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.DirectDraw\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectDraw.dll
+ 2008-12-30 16:12:47 159,232 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.DirectInput\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectInput.dll
+ 2008-12-30 16:12:47 364,544 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.DirectPlay\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectPlay.dll
+ 2008-12-30 16:12:47 178,176 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.DirectSound\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectSound.dll
+ 2008-12-30 16:12:45 223,232 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.dll
+ 2005-03-18 15:23:10 53,248 ----a-w c:\windows\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Microsoft.DirectX.AudioVideoPlayback.dll
+ 2005-03-18 15:23:10 12,800 ----a-w c:\windows\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Microsoft.DirectX.Diagnostics.dll
+ 2005-03-18 15:23:14 473,600 ----a-w c:\windows\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Microsoft.DirectX.Direct3D.dll
+ 2004-09-29 11:38:58 2,676,224 ----a-w c:\windows\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Microsoft.DirectX.Direct3DX.dll
+ 2005-03-18 15:23:10 145,920 ----a-w c:\windows\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Microsoft.DirectX.DirectDraw.dll
+ 2005-03-18 15:23:10 159,232 ----a-w c:\windows\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Microsoft.DirectX.DirectInput.dll
+ 2005-03-18 15:23:14 364,544 ----a-w c:\windows\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Microsoft.DirectX.DirectPlay.dll
+ 2005-03-18 15:23:12 178,176 ----a-w c:\windows\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Microsoft.DirectX.DirectSound.dll
+ 2005-03-18 15:23:14 223,232 ----a-w c:\windows\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Microsoft.DirectX.dll
+ 2004-12-01 14:53:06 2,846,720 ----a-w c:\windows\Microsoft.NET\DirectX for Managed Code\1.0.2903.0\Microsoft.DirectX.Direct3DX.dll
+ 2005-02-05 18:32:54 563,712 ----a-w c:\windows\Microsoft.NET\DirectX for Managed Code\1.0.2904.0\Microsoft.DirectX.Direct3DX.dll
+ 2005-03-18 16:23:14 567,296 ----a-w c:\windows\Microsoft.NET\DirectX for Managed Code\1.0.2905.0\Microsoft.DirectX.Direct3DX.dll
+ 2005-05-26 14:15:56 576,000 ----a-w c:\windows\Microsoft.NET\DirectX for Managed Code\1.0.2906.0\Microsoft.DirectX.Direct3DX.dll
+ 2005-07-22 16:21:34 577,024 ----a-w c:\windows\Microsoft.NET\DirectX for Managed Code\1.0.2907.0\Microsoft.DirectX.Direct3DX.dll
+ 2005-09-28 13:11:52 577,536 ----a-w c:\windows\Microsoft.NET\DirectX for Managed Code\1.0.2908.0\Microsoft.DirectX.Direct3DX.dll
+ 2005-12-05 16:20:50 577,536 ----a-w c:\windows\Microsoft.NET\DirectX for Managed Code\1.0.2909.0\Microsoft.DirectX.Direct3DX.dll
+ 2006-02-03 06:40:48 578,560 ----a-w c:\windows\Microsoft.NET\DirectX for Managed Code\1.0.2910.0\Microsoft.DirectX.Direct3DX.dll
+ 2006-03-31 10:27:50 578,560 ----a-w c:\windows\Microsoft.NET\DirectX for Managed Code\1.0.2911.0\Microsoft.DirectX.Direct3DX.dll
+ 2006-12-01 23:46:44 65,536 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.OpenMP_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6c18549a\vcomp.dll
.
-- Snapshot teruggezet naar huidige datum --
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2008-09-16 1833296]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-03-09 7561216]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-09-21 c:\windows\KHALMNPR.Exe]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-09-21 c:\windows\KHALMNPR.Exe]

c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2008-09-29 784912]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2007-11-15 09:10 72208 c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.3iv2"= 3ivxVfWCodec.dll
"VIDC.HFYU"= huffyuv.dll
"VIDC.VP31"= vp31vfw.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^InterVideo WinCinema Manager.lnk]
path=c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\InterVideo WinCinema Manager.lnk
backup=c:\windows\pss\InterVideo WinCinema Manager.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Logitech Desktop Messenger.lnk]
path=c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\Logitech Desktop Messenger.lnk
backup=c:\windows\pss\Logitech Desktop Messenger.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Thuis^Menu Start^Programma's^Opstarten^Gangsters2Setup.lnk]
path=c:\documents and settings\Thuis\Menu Start\Programma's\Opstarten\Gangsters2Setup.lnk
backup=c:\windows\pss\Gangsters2Setup.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Thuis^Menu Start^Programma's^Opstarten^OneNote 2007 Schermopname en Snel starten.lnk]
path=c:\documents and settings\Thuis\Menu Start\Programma's\Opstarten\OneNote 2007 Schermopname en Snel starten.lnk
backup=c:\windows\pss\OneNote 2007 Schermopname en Snel starten.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2008-04-14 18:02 15360 c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools-1033]
--a------ 2004-08-22 17:05 81920 c:\program files\D-Tools\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
--a------ 2007-08-24 06:00 33648 c:\program files\Microsoft Office\Office12\GrooveMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-03-30 09:36 267048 c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LDM]
--a------ 2005-12-28 13:01 20480 c:\program files\Logitech\Desktop Messenger\8876480\Program\backWeb-8876480.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechSoftwareUpdate]
--a------ 2005-06-08 14:44 196608 c:\program files\Logitech\Video\ManifestEngine.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoRepair]
--a------ 2005-06-08 15:24 458752 c:\program files\Logitech\Video\ISStart.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoTray]
--a------ 2005-06-08 15:14 217088 c:\program files\Logitech\Video\LogiTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LVCOMSX]
--a------ 2005-07-19 17:32 221184 c:\windows\system32\LVCOMSX.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
--a------ 2007-01-19 11:54 5674352 c:\program files\MSN Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2001-07-09 10:50 155648 c:\windows\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
--a------ 2006-03-09 08:29 7561216 c:\windows\system32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
--a------ 2006-03-09 08:29 86016 c:\windows\system32\nvmctray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NVRaidService]
-ra------ 2004-09-02 08:25 83968 c:\windows\system32\nvraidservice.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-03-28 22:37 413696 c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2008-06-10 03:27 144784 c:\program files\Java\jre1.6.0_07\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
--a------ 2007-11-24 18:24 68856 c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a------ 2006-03-09 08:29 1519616 c:\windows\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
--a------ 2004-11-15 11:20 77824 c:\windows\SOUNDMAN.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\EA GAMES\\The Battle for Middle-earth (tm)\\game.dat"=

S3 AvFlt;Antivirus Filter Driver;c:\windows\system32\drivers\av5flt.sys []
S3 NmpdrvN;Audio Player USB Controller;c:\windows\system32\Drivers\NmpdrvN.sys [2006-05-23 15792]
.
.
------- Bijkomende Scan -------
.
uStart Page = hxxp://www.google.be/
mStart Page = about:blank
uInternet Settings,ProxyOverride = localhost;*.local
IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-31 18:20:13
Windows 5.1.2600 Service Pack 3 NTFS

scannen van verborgen processen ...

scannen van verborgen autostart items ...

scannen van verborgen bestanden ...

Scan succesvol afgerond
verborgen bestanden: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-117609710-1078145449-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\Electronic Arts\T*NULL*h*NULL*e*NULL* *NULL*B*NULL*a*NULL*t*NULL*t*NULL*l*NULL*e*NULL* *NULL*f*NULL*o*NULL*r*NULL* *NULL*M*NULL*i*NULL*d*NULL*d*NULL*l*NULL*e*NULL*-*NULL*e*NULL*a*NULL*r*NULL*t*NULL*h*NULL*"! *NULL*I*NULL*I*NULL*]
@Security="Inherited"
"Order"=hex:08,00,00,00,02,00,00,00,28,05,00,00,01,00,00,00,08,00,00,00,a0,00,\
00,00,00,00,00,00,92,00,00,00,41,75,67,4d,02,00,00,00,01,00,00,00,80,00,32,\
00,bc,00,00,00,9e,35,77,7a,20,00,42,45,5a,4f,45,4b,7e,31,2e,4c,4e,4b,00,00,\
56,00,03,00,04,00,ef,be,9e,35,77,7a,c3,38,12,a1,14,00,00,00,42,00,65,00,7a,\
00,6f,00,65,00,6b,00,20,00,64,00,65,00,20,00,6f,00,66,00,66,00,69,00,63,00,\
69,00,eb,00,6c,00,65,00,20,00,77,00,65,00,62,00,73,00,69,00,74,00,65,00,2e,\
00,6c,00,6e,00,6b,00,00,00,1c,00,0e,00,00,00,0a,00,ef,be,00,00,00,00,1c,00,\
00,00,00,00,00,00,00,00,9c,00,00,00,01,00,00,00,8e,00,00,00,41,75,67,4d,02,\
00,00,00,01,00,00,00,7c,00,32,00,bd,04,00,00,9e,35,76,7a,20,00,45,4c,45,4b,\
54,52,7e,31,2e,4c,4e,4b,00,00,52,00,03,00,04,00,ef,be,9e,35,76,7a,c3,38,12,\
a1,14,00,00,00,45,00,6c,00,65,00,6b,00,74,00,72,00,6f,00,6e,00,69,00,73,00,\
63,00,68,00,65,00,20,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,61,00,74,\
00,69,00,65,00,2e,00,6c,00,6e,00,6b,00,00,00,1c,00,0e,00,00,00,0a,00,ef,be,\
00,00,00,00,1c,00,00,00,00,00,00,00,00,00,8c,00,00,00,02,00,00,00,7e,00,00,\
00,41,75,67,4d,02,00,00,00,01,00,00,00,6c,00,32,00,45,04,00,00,9e,35,76,7a,\
20,00,4c,45,45,53,4d,49,7e,31,2e,4c,4e,4b,00,00,42,00,03,00,04,00,ef,be,9e,\
35,76,7a,c3,38,12,a1,14,00,00,00,4c,00,65,00,65,00,73,00,6d,00,69,00,6a,00,\
20,00,77,00,65,00,65,00,72,00,67,00,65,00,76,00,65,00,6e,00,2e,00,6c,00,6e,\
00,6b,00,00,00,1c,00,0e,00,00,00,0a,00,ef,be,00,00,00,00,1c,00,00,00,00,00,\
00,00,00,00,90,00,00,00,03,00,00,00,82,00,00,00,41,75,67,4d,02,00,00,00,01,\
00,00,00,70,00,32,00,57,03,00,00,9e,35,77,7a,20,00,4e,41,41,52,55,50,7e,31,\
2e,4c,4e,4b,00,00,46,00,03,00,04,00,ef,be,9e,35,77,7a,c3,38,12,a1,14,00,00,\
00,4e,00,61,00,61,00,72,00,20,00,75,00,70,00,64,00,61,00,74,00,65,00,73,00,\
20,00,7a,00,6f,00,65,00,6b,00,65,00,6e,00,2e,00,6c,00,6e,00,6b,00,00,00,1c,\
00,0e,00,00,00,0a,00,ef,be,00,00,00,00,1c,00,00,00,00,00,00,00,00,00,9a,00,\
00,00,04,00,00,00,8c,00,00,00,41,75,67,4d,02,00,00,00,01,00,00,00,7a,00,32,\
00,63,05,00,00,9e,35,76,7a,20,00,54,45,43,48,4e,49,7e,31,2e,4c,4e,4b,00,00,\
50,00,03,00,04,00,ef,be,9e,35,76,7a,c3,38,12,a1,14,00,00,00,54,00,65,00,63,\
00,68,00,6e,00,69,00,73,00,63,00,68,00,65,00,20,00,6f,00,6e,00,64,00,65,00,\
72,00,73,00,74,00,65,00,75,00,6e,00,69,00,6e,00,67,00,2e,00,6c,00,6e,00,6b,\
00,00,00,1c,00,0e,00,00,00,0a,00,ef,be,00,00,00,00,1c,00,00,00,00,00,00,00,\
00,00,a8,00,00,00,05,00,00,00,9a,00,00,00,41,75,67,4d,02,00,00,00,01,00,00,\
00,88,00,32,00,10,08,00,00,9e,35,76,7a,20,00,54,48,45,42,41,54,7e,31,2e,4c,\
4e,4b,00,00,5e,00,03,00,04,00,ef,be,9e,35,76,7a,c3,38,12,a1,14,00,00,00,54,\
00,68,00,65,00,20,00,42,00,61,00,74,00,74,00,6c,00,65,00,20,00,66,00,6f,00,\
72,00,20,00,4d,00,69,00,64,00,64,00,6c,00,65,00,2d,00,65,00,61,00,72,00,74,\
00,68,00,22,21,20,00,49,00,49,00,2e,00,6c,00,6e,00,6b,00,00,00,1c,00,0e,00,\
00,00,0a,00,ef,be,00,00,00,00,1c,00,00,00,00,00,00,00,00,00,c0,00,00,00,06,\
00,00,00,b2,00,00,00,41,75,67,4d,02,00,00,00,01,00,00,00,a0,00,32,00,1a,08,\
00,00,9e,35,77,7a,20,00,54,48,45,42,41,54,7e,32,2e,4c,4e,4b,00,00,76,00,03,\
00,04,00,ef,be,9e,35,77,7a,c3,38,12,a1,14,00,00,00,54,00,68,00,65,00,20,00,\
42,00,61,00,74,00,74,00,6c,00,65,00,20,00,66,00,6f,00,72,00,20,00,4d,00,69,\
00,64,00,64,00,6c,00,65,00,2d,00,65,00,61,00,72,00,74,00,68,00,22,21,20,00,\
49,00,49,00,20,00,76,00,65,00,72,00,77,00,69,00,6a,00,64,00,65,00,72,00,65,\
00,6e,00,2e,00,6c,00,6e,00,6b,00,00,00,1c,00,0e,00,00,00,0a,00,ef,be,00,00,\
00,00,1c,00,00,00,00,00,00,00,00,00,c2,00,00,00,07,00,00,00,b4,00,00,00,41,\
75,67,4d,02,00,00,00,01,00,00,00,a2,00,32,00,4f,03,00,00,9e,35,77,7a,20,00,\
54,48,45,42,41,54,7e,33,2e,4c,4e,4b,00,00,78,00,03,00,04,00,ef,be,9e,35,77,\
7a,c3,38,12,a1,14,00,00,00,54,00,68,00,65,00,20,00,42,00,61,00,74,00,74,00,\
6c,00,65,00,20,00,66,00,6f,00,72,00,20,00,4d,00,69,00,64,00,64,00,6c,00,65,\
00,2d,00,65,00,61,00,72,00,74,00,68,00,22,21,20,00,49,00,49,00,20,00,57,00,\
6f,00,72,00,6c,00,64,00,62,00,75,00,69,00,6c,00,64,00,65,00,72,00,2e,00,6c,\
00,6e,00,6b,00,00,00,1c,00,0e,00,00,00,0a,00,ef,be,00,00,00,00,1c,00,00,00,\
00,00,00,00,00,00

[HKEY_USERS\S-1-5-21-117609710-1078145449-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\Electronic Arts\T*NULL*h*NULL*e*NULL* *NULL*R*NULL*i*NULL*s*NULL*e*NULL* *NULL*o*NULL*f*NULL* *NULL*t*NULL*h*NULL*e*NULL* *NULL*W*NULL*i*NULL*t*NULL*c*NULL*h*NULL*-*NULL*k*NULL*i*NULL*n*NULL*g*NULL*"!]
@Security="Inherited"
"Order"=hex:08,00,00,00,02,00,00,00,a6,04,00,00,01,00,00,00,07,00,00,00,a0,00,\
00,00,00,00,00,00,92,00,00,00,41,75,67,4d,02,00,00,00,01,00,00,00,80,00,32,\
00,a2,01,00,00,b5,36,d9,74,20,00,42,45,5a,4f,45,4b,7e,31,2e,4c,4e,4b,00,00,\
56,00,03,00,04,00,ef,be,b5,36,d9,74,b0,38,6a,79,14,00,00,00,42,00,65,00,7a,\
00,6f,00,65,00,6b,00,20,00,64,00,65,00,20,00,6f,00,66,00,66,00,69,00,63,00,\
69,00,eb,00,6c,00,65,00,20,00,77,00,65,00,62,00,73,00,69,00,74,00,65,00,2e,\
00,6c,00,6e,00,6b,00,00,00,1c,00,0e,00,00,00,0a,00,ef,be,00,00,00,00,1c,00,\
00,00,00,00,00,00,00,00,9c,00,00,00,01,00,00,00,8e,00,00,00,41,75,67,4d,02,\
00,00,00,01,00,00,00,7c,00,32,00,a7,04,00,00,b5,36,d7,74,20,00,45,4c,45,4b,\
54,52,7e,31,2e,4c,4e,4b,00,00,52,00,03,00,04,00,ef,be,b5,36,d7,74,b0,38,6a,\
79,14,00,00,00,45,00,6c,00,65,00,6b,00,74,00,72,00,6f,00,6e,00,69,00,73,00,\
63,00,68,00,65,00,20,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,61,00,74,\
00,69,00,65,00,2e,00,6c,00,6e,00,6b,00,00,00,1c,00,0e,00,00,00,0a,00,ef,be,\
00,00,00,00,1c,00,00,00,00,00,00,00,00,00,8c,00,00,00,02,00,00,00,7e,00,00,\
00,41,75,67,4d,02,00,00,00,01,00,00,00,6c,00,32,00,31,04,00,00,b5,36,d7,74,\
20,00,4c,45,45,53,4d,49,7e,31,2e,4c,4e,4b,00,00,42,00,03,00,04,00,ef,be,b5,\
36,d7,74,b0,38,6a,79,14,00,00,00,4c,00,65,00,65,00,73,00,6d,00,69,00,6a,00,\
20,00,77,00,65,00,65,00,72,00,67,00,65,00,76,00,65,00,6e,00,2e,00,6c,00,6e,\
00,6b,00,00,00,1c,00,0e,00,00,00,0a,00,ef,be,00,00,00,00,1c,00,00,00,00,00,\
00,00,00,00,90,00,00,00,03,00,00,00,82,00,00,00,41,75,67,4d,02,00,00,00,01,\
00,00,00,70,00,32,00,4b,03,00,00,b5,36,d9,74,20,00,4e,41,41,52,55,50,7e,31,\
2e,4c,4e,4b,00,00,46,00,03,00,04,00,ef,be,b5,36,d9,74,b0,38,6a,79,14,00,00,\
00,4e,00,61,00,61,00,72,00,20,00,75,00,70,00,64,00,61,00,74,00,65,00,73,00,\
20,00,7a,00,6f,00,65,00,6b,00,65,00,6e,00,2e,00,6c,00,6e,00,6b,00,00,00,1c,\
00,0e,00,00,00,0a,00,ef,be,00,00,00,00,1c,00,00,00,00,00,00,00,00,00,ea,00,\
00,00,04,00,00,00,dc,00,00,00,41,75,67,4d,02,00,00,00,01,00,00,00,ca,00,32,\
00,33,03,00,00,b5,36,d9,74,20,00,54,48,45,4c,4f,52,7e,31,2e,4c,4e,4b,00,00,\
a0,00,03,00,04,00,ef,be,b5,36,d9,74,b0,38,6a,79,14,00,00,00,54,00,68,00,65,\
00,20,00,4c,00,6f,00,72,00,64,00,20,00,6f,00,66,00,20,00,54,00,68,00,65,00,\
20,00,52,00,69,00,6e,00,67,00,73,00,22,21,2c,00,20,00,54,00,68,00,65,00,20,\
00,52,00,69,00,73,00,65,00,20,00,6f,00,66,00,20,00,54,00,68,00,65,00,20,00,\
57,00,69,00,74,00,63,00,68,00,2d,00,4b,00,69,00,6e,00,67,00,22,21,20,00,57,\
00,6f,00,72,00,6c,00,64,00,62,00,75,00,69,00,6c,00,64,00,65,00,72,00,2e,00,\
6c,00,6e,00,6b,00,00,00,1c,00,0e,00,00,00,0a,00,ef,be,00,00,00,00,1c,00,00,\
00,00,00,00,00,00,00,a0,00,00,00,05,00,00,00,92,00,00,00,41,75,67,4d,02,00,\
00,00,01,00,00,00,80,00,32,00,f3,07,00,00,b5,36,d7,74,20,00,54,48,45,52,49,\
53,7e,31,2e,4c,4e,4b,00,00,56,00,03,00,04,00,ef,be,b5,36,d7,74,b0,38,6a,79,\
14,00,00,00,54,00,68,00,65,00,20,00,52,00,69,00,73,00,65,00,20,00,6f,00,66,\
00,20,00,74,00,68,00,65,00,20,00,57,00,69,00,74,00,63,00,68,00,2d,00,6b,00,\
69,00,6e,00,67,00,22,21,2e,00,6c,00,6e,00,6b,00,00,00,1c,00,0e,00,00,00,0a,\
00,ef,be,00,00,00,00,1c,00,00,00,00,00,00,00,00,00,b8,00,00,00,06,00,00,00,\
aa,00,00,00,41,75,67,4d,02,00,00,00,01,00,00,00,98,00,32,00,ee,07,00,00,b5,\
36,d9,74,20,00,54,48,45,52,49,53,7e,32,2e,4c,4e,4b,00,00,6e,00,03,00,04,00,\
ef,be,b5,36,d9,74,b0,38,6a,79,14,00,00,00,54,00,68,00,65,00,20,00,52,00,69,\
00,73,00,65,00,20,00,6f,00,66,00,20,00,74,00,68,00,65,00,20,00,57,00,69,00,\
74,00,63,00,68,00,2d,00,6b,00,69,00,6e,00,67,00,22,21,20,00,76,00,65,00,72,\
00,77,00,69,00,6a,00,64,00,65,00,72,00,65,00,6e,00,2e,00,6c,00,6e,00,6b,00,\
00,00,1c,00,0e,00,00,00,0a,00,ef,be,00,00,00,00,1c,00,00,00,00,00,00,00,00,\
00
.
--------------------- DLLs Geladen Onder Lopende Processen ---------------------

- - - - - - - > 'winlogon.exe'(744)
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
c:\program files\common files\logishrd\bluetooth\LBTServ.dll
.
------------------------ Andere Aktieve Processen ------------------------
.
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\windows\ATKKBService.exe
c:\program files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Common Files\Logishrd\KHAL2\KHALMNPR.exe
.
**************************************************************************
.
Voltooingstijd: 2008-12-31 18:26:02 - machine werd herstart
ComboFix-quarantined-files.txt 2008-12-31 17:25:59
ComboFix2.txt 2008-12-29 21:05:18
ComboFix3.txt 2007-07-28 18:47:31

Pre-Run: 14.491.078.656 bytes beschikbaar
Post-Run: 14,625,165,312 bytes beschikbaar

331 --- E O F --- 2008-12-18 19:49:24


Op het eerste zicht lijkt het dat alles terug soepel loopt en dat alle smeerlapperij verdwenen is, waarvoor velen dank!

Juisterr

Legacy Member
Je mag alle gebruikte tools en aangemaakte mappen terug verwijderen.

Verwijder ComboFix via Start > Uitvoeren, kopiëer en plak Combofix /U
Klik op OK of toets Enter.
Dit verwijdert zowel ComboFix, als je oude systeemherstelpunten (met eventuele restanten van malware), en maakt een nieuw systeemherstelpunt aan.

CFuninstall.png
Het archief is een bevroren moment uit een vorige versie van dit forum, met andere regels en andere bazen. Deze posts weerspiegelen op geen enkele manier onze huidige ideeën, waarden of wereldbeelden en zijn op sommige plaatsen gecensureerd wegens ontoelaatbaar. Veel zijn in een andere tijdsgeest gemaakt, al dan niet ironisch - zoals in het ironische subforum Off-Topic - en zouden op dit moment niet meer gepost (mogen) worden. Toch bieden we dit archief nog graag aan als informatiedatabank en naslagwerk. Lees er hier meer over of start een gesprek met anderen.
Terug
Bovenaan