Archief - hulp bij hijack this log
Het archief is een bevroren moment uit een vorige versie van dit forum, met andere regels en andere bazen. Deze posts weerspiegelen op geen enkele manier onze huidige ideeën, waarden of wereldbeelden en zijn op sommige plaatsen gecensureerd wegens ontoelaatbaar. Veel zijn in een andere tijdsgeest gemaakt, al dan niet ironisch - zoals in het ironische subforum Off-Topic - en zouden op dit moment niet meer gepost (mogen) worden. Toch bieden we dit archief nog graag aan als informatiedatabank en naslagwerk. Lees er hier meer over of start een gesprek met anderen.
tiszalodge
Legacy Member
Ah ik vond hoe de log te posten... kan er iemand me helpen met deze hijack file?
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:45:05, on 2/12/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.17103)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\PROGRA~1\AVG\AVG2012\avgrsx.exe
C:\Program Files\AVG\AVG2012\avgcsrvx.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Uniblue\SpeedUpMyPC\spmonitor.exe
C:\Program Files\AVG\AVG2012\avgwdsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\AVG\AVG2012\avgtray.exe
C:\Program Files\AVG\AVG2012\avgnsx.exe
C:\Program Files\AVG\AVG2012\avgemcx.exe
C:\Program Files\AVG\AVG2012\avgcsrvx.exe
C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
C:\Documents and Settings\Patrick.PATRICK-H20DJRL\Mijn documenten\Downloads\HijackThis.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mail.yahoo.com/?.intl=us
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN | Hotmail | Messenger | Nieuws, sport, entertainment, video, lifestyle, auto en nog veel meer, dat is MSN !
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN | Hotmail | Messenger | Nieuws, sport, entertainment, video, lifestyle, auto en nog veel meer, dat is MSN !
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - (no file)
O4 - HKLM\..\Run: [AVG_TRAY] "C:\Program Files\AVG\AVG2012\avgtray.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpeedUpMyPC] "C:\PROGRA~1\Uniblue\SPEEDU~1\launcher.exe" -d 20000
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: XM2002® - {ECC5777A-6E88-BFCE-13CE-81F134789E7B} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: &XM2002® - {ECC5777A-6E88-BFCE-13CE-81F134789E7B} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\System32\shdocvw.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.belgacom.net
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/win...ls/en/x86/client/wuweb_site.cab?1195298929203
O16 - DPF: {660B74E4-4E01-43DE-BB13-2BA2D643C05A} (SmartStartCtl Class) - https://internetbanking.argenta.be/multisecure/smartstart/Win32/SmartStartCtl.cab
O16 - DPF: {6E718D87-6909-4FCE-92D4-EDCB2F725727} (Navigram Control) - http://www.navigram.com/engine/v911/Navigram.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://195.18.69.102/activex/AxisCamControl.cab
O16 - DPF: {94B964F0-45CC-11D4-9F1D-0060085C7782} - https://internetbanking.argenta.be/multisecure/smartstart/Win32/SmartStartSetup.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll
O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2012\avgwdsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
--
End of file - 4689 bytes
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:45:05, on 2/12/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.17103)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\PROGRA~1\AVG\AVG2012\avgrsx.exe
C:\Program Files\AVG\AVG2012\avgcsrvx.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Uniblue\SpeedUpMyPC\spmonitor.exe
C:\Program Files\AVG\AVG2012\avgwdsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\AVG\AVG2012\avgtray.exe
C:\Program Files\AVG\AVG2012\avgnsx.exe
C:\Program Files\AVG\AVG2012\avgemcx.exe
C:\Program Files\AVG\AVG2012\avgcsrvx.exe
C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
C:\Documents and Settings\Patrick.PATRICK-H20DJRL\Mijn documenten\Downloads\HijackThis.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mail.yahoo.com/?.intl=us
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN | Hotmail | Messenger | Nieuws, sport, entertainment, video, lifestyle, auto en nog veel meer, dat is MSN !
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN | Hotmail | Messenger | Nieuws, sport, entertainment, video, lifestyle, auto en nog veel meer, dat is MSN !
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - (no file)
O4 - HKLM\..\Run: [AVG_TRAY] "C:\Program Files\AVG\AVG2012\avgtray.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpeedUpMyPC] "C:\PROGRA~1\Uniblue\SPEEDU~1\launcher.exe" -d 20000
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: XM2002® - {ECC5777A-6E88-BFCE-13CE-81F134789E7B} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: &XM2002® - {ECC5777A-6E88-BFCE-13CE-81F134789E7B} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\System32\shdocvw.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.belgacom.net
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/win...ls/en/x86/client/wuweb_site.cab?1195298929203
O16 - DPF: {660B74E4-4E01-43DE-BB13-2BA2D643C05A} (SmartStartCtl Class) - https://internetbanking.argenta.be/multisecure/smartstart/Win32/SmartStartCtl.cab
O16 - DPF: {6E718D87-6909-4FCE-92D4-EDCB2F725727} (Navigram Control) - http://www.navigram.com/engine/v911/Navigram.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://195.18.69.102/activex/AxisCamControl.cab
O16 - DPF: {94B964F0-45CC-11D4-9F1D-0060085C7782} - https://internetbanking.argenta.be/multisecure/smartstart/Win32/SmartStartSetup.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll
O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2012\avgwdsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
--
End of file - 4689 bytes
tiszalodge
Legacy Member
Ah ik vond hoe de log te posten... kan er iemand me helpen met deze hijack file?
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:45:05, on 2/12/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.17103)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\PROGRA~1\AVG\AVG2012\avgrsx.exe
C:\Program Files\AVG\AVG2012\avgcsrvx.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Uniblue\SpeedUpMyPC\spmonitor.exe
C:\Program Files\AVG\AVG2012\avgwdsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\AVG\AVG2012\avgtray.exe
C:\Program Files\AVG\AVG2012\avgnsx.exe
C:\Program Files\AVG\AVG2012\avgemcx.exe
C:\Program Files\AVG\AVG2012\avgcsrvx.exe
C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
C:\Documents and Settings\Patrick.PATRICK-H20DJRL\Mijn documenten\Downloads\HijackThis.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mail.yahoo.com/?.intl=us
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN | Hotmail | Messenger | Nieuws, sport, entertainment, video, lifestyle, auto en nog veel meer, dat is MSN !
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN | Hotmail | Messenger | Nieuws, sport, entertainment, video, lifestyle, auto en nog veel meer, dat is MSN !
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - (no file)
O4 - HKLM\..\Run: [AVG_TRAY] "C:\Program Files\AVG\AVG2012\avgtray.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpeedUpMyPC] "C:\PROGRA~1\Uniblue\SPEEDU~1\launcher.exe" -d 20000
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: XM2002® - {ECC5777A-6E88-BFCE-13CE-81F134789E7B} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: &XM2002® - {ECC5777A-6E88-BFCE-13CE-81F134789E7B} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\System32\shdocvw.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.belgacom.net
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/win...ls/en/x86/client/wuweb_site.cab?1195298929203
O16 - DPF: {660B74E4-4E01-43DE-BB13-2BA2D643C05A} (SmartStartCtl Class) - https://internetbanking.argenta.be/multisecure/smartstart/Win32/SmartStartCtl.cab
O16 - DPF: {6E718D87-6909-4FCE-92D4-EDCB2F725727} (Navigram Control) - http://www.navigram.com/engine/v911/Navigram.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://195.18.69.102/activex/AxisCamControl.cab
O16 - DPF: {94B964F0-45CC-11D4-9F1D-0060085C7782} - https://internetbanking.argenta.be/multisecure/smartstart/Win32/SmartStartSetup.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll
O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2012\avgwdsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
--
End of file - 4689 bytes
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:45:05, on 2/12/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.17103)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\PROGRA~1\AVG\AVG2012\avgrsx.exe
C:\Program Files\AVG\AVG2012\avgcsrvx.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Uniblue\SpeedUpMyPC\spmonitor.exe
C:\Program Files\AVG\AVG2012\avgwdsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\AVG\AVG2012\avgtray.exe
C:\Program Files\AVG\AVG2012\avgnsx.exe
C:\Program Files\AVG\AVG2012\avgemcx.exe
C:\Program Files\AVG\AVG2012\avgcsrvx.exe
C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
C:\Documents and Settings\Patrick.PATRICK-H20DJRL\Mijn documenten\Downloads\HijackThis.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mail.yahoo.com/?.intl=us
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN | Hotmail | Messenger | Nieuws, sport, entertainment, video, lifestyle, auto en nog veel meer, dat is MSN !
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN | Hotmail | Messenger | Nieuws, sport, entertainment, video, lifestyle, auto en nog veel meer, dat is MSN !
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - (no file)
O4 - HKLM\..\Run: [AVG_TRAY] "C:\Program Files\AVG\AVG2012\avgtray.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpeedUpMyPC] "C:\PROGRA~1\Uniblue\SPEEDU~1\launcher.exe" -d 20000
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: XM2002® - {ECC5777A-6E88-BFCE-13CE-81F134789E7B} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: &XM2002® - {ECC5777A-6E88-BFCE-13CE-81F134789E7B} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\System32\shdocvw.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.belgacom.net
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/win...ls/en/x86/client/wuweb_site.cab?1195298929203
O16 - DPF: {660B74E4-4E01-43DE-BB13-2BA2D643C05A} (SmartStartCtl Class) - https://internetbanking.argenta.be/multisecure/smartstart/Win32/SmartStartCtl.cab
O16 - DPF: {6E718D87-6909-4FCE-92D4-EDCB2F725727} (Navigram Control) - http://www.navigram.com/engine/v911/Navigram.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://195.18.69.102/activex/AxisCamControl.cab
O16 - DPF: {94B964F0-45CC-11D4-9F1D-0060085C7782} - https://internetbanking.argenta.be/multisecure/smartstart/Win32/SmartStartSetup.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll
O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2012\avgwdsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
--
End of file - 4689 bytes
Juisterr
Legacy Member
Start Hijackthis op en kies voor 'Do a system scan only'
Selecteer alleen de items die hieronder zijn genoemd:
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - (no file)
O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file)
Sluit alle vensters behalve Hijackthis
Klik op 'Fix checked' om de items te verwijderen.
Download ComboFix van één van deze locaties:
Link 1
Link 2
* BELANGRIJK !!! Sla ComboFix.exe op je Bureaublad op.
>>Hier<< kunt u lezen hoe u Combofix dient te gebruiken.
1. Schakel alle antivirus- en antispywareprogramma's uit, want anders kunnen ze misschien conflicteren met ComboFix.
* (hier of hier staat een handleiding over hoe je deze kan uitschakelen
2. Het kan voorkomen dat de computer meerdere malen opnieuw gestart moet worden, dit is normaal.
3. Dubbelklik op "Combofix.exe" om de tool te starten.
4. Klik niet in het scherm van Combofix als deze actief is, hierdoor kan de 'tool' vastlopen.
* Noot !!! Als er een error wordt getoond met de melding "Illegal operation attempted on a registery key that has been marked for deletion." herstart dan de computer.
5. Wanneer ComboFix klaar is, zal het het een logbestand voor je maken. Post de inhoud van dit logbestand (te vinden als C:\ComboFix.txt) in je volgende bericht.
Selecteer alleen de items die hieronder zijn genoemd:
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - (no file)
O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file)
Sluit alle vensters behalve Hijackthis
Klik op 'Fix checked' om de items te verwijderen.
Download ComboFix van één van deze locaties:
Link 1
Link 2
* BELANGRIJK !!! Sla ComboFix.exe op je Bureaublad op.
>>Hier<< kunt u lezen hoe u Combofix dient te gebruiken.
1. Schakel alle antivirus- en antispywareprogramma's uit, want anders kunnen ze misschien conflicteren met ComboFix.
* (hier of hier staat een handleiding over hoe je deze kan uitschakelen
2. Het kan voorkomen dat de computer meerdere malen opnieuw gestart moet worden, dit is normaal.
3. Dubbelklik op "Combofix.exe" om de tool te starten.
4. Klik niet in het scherm van Combofix als deze actief is, hierdoor kan de 'tool' vastlopen.
* Noot !!! Als er een error wordt getoond met de melding "Illegal operation attempted on a registery key that has been marked for deletion." herstart dan de computer.
5. Wanneer ComboFix klaar is, zal het het een logbestand voor je maken. Post de inhoud van dit logbestand (te vinden als C:\ComboFix.txt) in je volgende bericht.
tiszalodge
Legacy Member
Ziehier de combofix log. En wat zegt dit? 'k Heb er geen idee van. Wat is de volgende stap?
ComboFix 11-12-03.01 - Patrick 03/12/2011 20:05:06.2.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.32.1043.18.511.283 [GMT 1:00]
Gestart vanuit: c:\documents and settings\Patrick.PATRICK-H20DJRL\Bureaublad\ComboFix.exe
AV: AVG Internet Security 2012 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: PC Cleaners *Disabled/Updated* {737A8864-C2D9-4337-B49A-B5E35815B9BB}
.
.
(((((((((((((((((((( Bestanden Gemaakt van 2011-11-03 to 2011-12-03 ))))))))))))))))))))))))))))))
.
.
2011-12-03 15:45 . 2011-12-03 15:45 -------- d-----w- c:\program files\Microsoft.NET
2011-12-03 15:37 . 2011-12-03 15:37 -------- d-----w- c:\program files\OSDSoft
2011-12-03 15:37 . 2011-12-03 15:37 -------- d-----w- c:\program files\Common Files\OSDSoft
2011-12-02 10:42 . 2011-12-02 10:42 -------- d-----w- c:\documents and settings\Patrick.PATRICK-H20DJRL\Application Data\NeroDigital(TM)
2011-12-01 19:34 . 2011-12-01 19:34 -------- dc----w- C:\$AVG
2011-12-01 17:17 . 2011-12-01 17:17 -------- d-----w- c:\documents and settings\Patrick.PATRICK-H20DJRL\Application Data\AVG2012
2011-12-01 17:09 . 2011-12-03 12:35 -------- d-----w- c:\windows\system32\drivers\AVG
2011-12-01 17:09 . 2011-12-01 17:22 -------- dc----w- c:\documents and settings\All Users.WINDOWS\Application Data\AVG2012
2011-12-01 17:07 . 2011-12-01 17:07 -------- d-----w- c:\program files\AVG
2011-12-01 16:58 . 2011-12-01 16:58 -------- dc-h--w- c:\documents and settings\All Users.WINDOWS\Application Data\Common Files
2011-12-01 16:56 . 2011-12-03 12:35 -------- dc----w- c:\documents and settings\All Users.WINDOWS\Application Data\MFAData
2011-12-01 16:54 . 2011-12-03 18:43 -------- d--h--r- c:\documents and settings\Patrick.PATRICK-H20DJRL\Onlangs geopend
2011-11-30 15:39 . 2011-11-30 15:39 -------- d-----w- c:\documents and settings\Patrick.PATRICK-H20DJRL\Application Data\Uniblue
2011-11-30 15:39 . 2011-11-30 15:39 -------- d-----w- c:\program files\Uniblue
2011-11-30 11:08 . 2011-11-30 11:08 -------- d-----w- c:\program files\microsoft frontpage
2011-11-29 15:51 . 2011-11-29 15:51 -------- d-----w- c:\windows\system32\wbem\Repository
2011-11-29 13:17 . 2011-11-29 13:17 -------- d-----w- c:\documents and settings\Patrick.PATRICK-H20DJRL\Application Data\Genie-Soft
2011-11-25 11:58 . 2011-11-25 11:58 -------- d-----w- c:\documents and settings\Patrick.PATRICK-H20DJRL\.swt
2011-11-25 11:58 . 2011-12-01 16:54 -------- d-----w- c:\documents and settings\Patrick.PATRICK-H20DJRL\Application Data\Azureus
2011-11-25 11:55 . 2011-11-25 11:57 -------- d-----w- c:\program files\Vuze
2011-11-25 11:55 . 2011-11-25 12:24 -------- d-----w- c:\documents and settings\Patrick.PATRICK-H20DJRL\Local Settings\Application Data\Conduit
2011-11-25 11:39 . 2011-11-25 11:39 -------- dc----w- c:\documents and settings\All Users.WINDOWS\Application Data\Premium
2011-11-25 11:39 . 2011-11-25 11:43 -------- dc----w- c:\documents and settings\All Users.WINDOWS\Application Data\InstallMate
2011-11-22 19:01 . 2011-11-22 19:23 -------- d-----w- c:\program files\Unlocker
2011-11-21 12:32 . 2011-11-21 12:32 -------- d-----w- c:\program files\CCleaner
2011-11-21 10:16 . 2011-11-21 10:17 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\PC1Data
2011-11-19 08:14 . 2011-11-19 08:14 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-11-13 19:12 . 2011-12-01 16:51 -------- d-----w- c:\program files\CPUID
2011-11-08 09:15 . 2011-11-10 16:33 134104 ----a-w- c:\program files\Mozilla Firefox\components\browsercomps.dll
2011-11-08 09:15 . 2011-11-10 16:33 89048 ----a-w- c:\program files\Mozilla Firefox\libEGL.dll
2011-11-08 09:15 . 2011-11-10 16:33 478168 ----a-w- c:\program files\Mozilla Firefox\libGLESv2.dll
2011-11-08 09:15 . 2011-11-10 16:33 15832 ----a-w- c:\program files\Mozilla Firefox\mozalloc.dll
2011-11-08 09:15 . 2011-11-10 16:33 1989592 ----a-w- c:\program files\Mozilla Firefox\mozjs.dll
2011-11-08 09:15 . 2011-11-10 16:33 801752 ----a-w- c:\program files\Mozilla Firefox\mozsqlite3.dll
2011-11-08 09:15 . 2011-09-29 00:26 2106216 ----a-w- c:\program files\Mozilla Firefox\D3DCompiler_43.dll
2011-11-08 09:15 . 2011-09-29 00:26 1998168 ----a-w- c:\program files\Mozilla Firefox\d3dx9_43.dll
2011-11-07 11:36 . 2011-11-07 11:36 -------- d-----w- c:\documents and settings\Patrick.PATRICK-H20DJRL\DoctorWeb
.
.
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-21 10:16 . 2003-05-22 19:30 5359888 ----a-w- c:\windows\uninst.exe
2011-10-10 14:22 . 2004-03-02 11:18 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-10-07 05:23 . 2011-10-07 05:23 230608 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2011-10-04 05:21 . 2011-10-04 05:21 16720 ----a-w- c:\windows\system32\drivers\AVGIDSShim.sys
2011-10-03 03:06 . 2010-05-13 10:48 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-09-28 07:06 . 2002-09-23 14:11 602624 ----a-w- c:\windows\system32\crypt32.dll
2011-09-26 09:41 . 2008-07-29 17:59 614912 ----a-w- c:\windows\system32\uiautomationcore.dll
2011-09-26 09:41 . 2001-09-07 12:00 23040 ----a-w- c:\windows\system32\oleaccrc.dll
2011-09-26 09:41 . 2001-09-07 12:00 220160 ----a-w- c:\windows\system32\oleacc.dll
2011-09-13 05:30 . 2011-09-13 05:30 32592 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2011-09-06 14:09 . 2001-09-07 12:00 1859072 ----a-w- c:\windows\system32\win32k.sys
2011-11-10 16:33 . 2011-11-08 09:15 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpeedUpMyPC"="c:\progra~1\Uniblue\SPEEDU~1\launcher.exe" [2011-10-19 67960]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2011-10-24 2415456]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
"NoThumbnailCache"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\VoipBuster.com\\VoipBuster\\VoipBuster.exe"=
"c:\\Program Files\\InterVideo\\WinRip\\WinRip.exe"=
"c:\\Program Files\\Vuze\\Azureus.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgnsx.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgmfapx.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgemcx.exe"=
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [11/07/2011 1:14 23120]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [13/09/2011 6:30 32592]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [7/10/2011 6:23 230608]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [11/07/2011 1:14 295248]
R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [2/08/2011 6:09 192776]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [11/07/2011 1:14 134608]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [11/07/2011 1:14 24272]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [4/10/2011 6:21 16720]
R3 ham50;Creatix V.90 HAM Data Fax Modem;c:\windows\system32\drivers\CTXH51.sys [7/11/2001 12:47 454815]
S2 Ca533av;Cam 3200, WDM Video Capture;c:\windows\system32\drivers\CA533AV.SYS [26/11/2003 15:45 515803]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18/03/2010 13:16 130384]
S3 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2012\AVGIDSAgent.exe [12/10/2011 6:25 4433248]
S3 Camdrv30;Philips ToUcam XS;c:\windows\system32\drivers\camdrv30.sys [3/05/2003 17:55 171264]
S3 SampleScanner;USB Flatbed Scanner Driver;c:\windows\system32\DRIVERS\ArtecGT.sys --> c:\windows\system32\DRIVERS\ArtecGT.sys [?]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18/03/2010 13:16 753504]
.
--- Andere Services/Drivers In Geheugen ---
.
*NewlyCreated* - CLR_OPTIMIZATION_V4.0.30319_32
.
Inhoud van de 'Gedeelde Taken' map
.
2011-12-03 c:\windows\Tasks\SpeedUpMyPC.job
- c:\program files\Uniblue\SpeedUpMyPC\spmonitor.exe [2011-11-30 14:28]
.
.
------- Bijkomende Scan -------
.
uStart Page = hxxp://mail.yahoo.com/?.intl=us
mSearch Bar =
uInternet Settings,ProxyOverride = <local>
IE: Word Explorer starten
IE: Zoek op het web
IE: {{ECC5777A-6E88-BFCE-13CE-81F134789E7B}
TCP: DhcpNameServer = 192.168.1.1
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: {660B74E4-4E01-43DE-BB13-2BA2D643C05A} - hxxps://internetbanking.argenta.be/multisecure/smartstart/Win32/SmartStartCtl.cab
FF - ProfilePath - c:\documents and settings\Patrick.PATRICK-H20DJRL\Application Data\Mozilla\Firefox\Profiles\tip6m0mw.default\
FF - prefs.js: browser.search.defaulturl -
FF - prefs.js: browser.search.selectedEngine - SweetIM Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.be/
.
- - - - ORPHANS VERWIJDERD - - - -
.
WebBrowser-{EEE6C35B-6118-11DC-9C72-001320C79847} - (no file)
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2011-12-03 20:18
Windows 5.1.2600 Service Pack 3 NTFS
.
scannen van verborgen processen ...
.
scannen van verborgen autostart items ...
.
scannen van verborgen bestanden ...
.
Scan succesvol afgerond
verborgen bestanden: 0
.
**************************************************************************
.
--------------------- DLLs Geladen Onder Lopende Processen ---------------------
.
- - - - - - - > 'explorer.exe'(3752)
c:\program files\Windows Media Player\wmpband.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Voltooingstijd: 2011-12-03 20:24:03
ComboFix-quarantined-files.txt 2011-12-03 19:23
.
Pre-Run: 35.433.582.592 bytes beschikbaar
Post-Run: 35.604.545.536 bytes beschikbaar
.
- - End Of File - - 24B26A7E84C3ACFBE23894228F150178
ComboFix 11-12-03.01 - Patrick 03/12/2011 20:05:06.2.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.32.1043.18.511.283 [GMT 1:00]
Gestart vanuit: c:\documents and settings\Patrick.PATRICK-H20DJRL\Bureaublad\ComboFix.exe
AV: AVG Internet Security 2012 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: PC Cleaners *Disabled/Updated* {737A8864-C2D9-4337-B49A-B5E35815B9BB}
.
.
(((((((((((((((((((( Bestanden Gemaakt van 2011-11-03 to 2011-12-03 ))))))))))))))))))))))))))))))
.
.
2011-12-03 15:45 . 2011-12-03 15:45 -------- d-----w- c:\program files\Microsoft.NET
2011-12-03 15:37 . 2011-12-03 15:37 -------- d-----w- c:\program files\OSDSoft
2011-12-03 15:37 . 2011-12-03 15:37 -------- d-----w- c:\program files\Common Files\OSDSoft
2011-12-02 10:42 . 2011-12-02 10:42 -------- d-----w- c:\documents and settings\Patrick.PATRICK-H20DJRL\Application Data\NeroDigital(TM)
2011-12-01 19:34 . 2011-12-01 19:34 -------- dc----w- C:\$AVG
2011-12-01 17:17 . 2011-12-01 17:17 -------- d-----w- c:\documents and settings\Patrick.PATRICK-H20DJRL\Application Data\AVG2012
2011-12-01 17:09 . 2011-12-03 12:35 -------- d-----w- c:\windows\system32\drivers\AVG
2011-12-01 17:09 . 2011-12-01 17:22 -------- dc----w- c:\documents and settings\All Users.WINDOWS\Application Data\AVG2012
2011-12-01 17:07 . 2011-12-01 17:07 -------- d-----w- c:\program files\AVG
2011-12-01 16:58 . 2011-12-01 16:58 -------- dc-h--w- c:\documents and settings\All Users.WINDOWS\Application Data\Common Files
2011-12-01 16:56 . 2011-12-03 12:35 -------- dc----w- c:\documents and settings\All Users.WINDOWS\Application Data\MFAData
2011-12-01 16:54 . 2011-12-03 18:43 -------- d--h--r- c:\documents and settings\Patrick.PATRICK-H20DJRL\Onlangs geopend
2011-11-30 15:39 . 2011-11-30 15:39 -------- d-----w- c:\documents and settings\Patrick.PATRICK-H20DJRL\Application Data\Uniblue
2011-11-30 15:39 . 2011-11-30 15:39 -------- d-----w- c:\program files\Uniblue
2011-11-30 11:08 . 2011-11-30 11:08 -------- d-----w- c:\program files\microsoft frontpage
2011-11-29 15:51 . 2011-11-29 15:51 -------- d-----w- c:\windows\system32\wbem\Repository
2011-11-29 13:17 . 2011-11-29 13:17 -------- d-----w- c:\documents and settings\Patrick.PATRICK-H20DJRL\Application Data\Genie-Soft
2011-11-25 11:58 . 2011-11-25 11:58 -------- d-----w- c:\documents and settings\Patrick.PATRICK-H20DJRL\.swt
2011-11-25 11:58 . 2011-12-01 16:54 -------- d-----w- c:\documents and settings\Patrick.PATRICK-H20DJRL\Application Data\Azureus
2011-11-25 11:55 . 2011-11-25 11:57 -------- d-----w- c:\program files\Vuze
2011-11-25 11:55 . 2011-11-25 12:24 -------- d-----w- c:\documents and settings\Patrick.PATRICK-H20DJRL\Local Settings\Application Data\Conduit
2011-11-25 11:39 . 2011-11-25 11:39 -------- dc----w- c:\documents and settings\All Users.WINDOWS\Application Data\Premium
2011-11-25 11:39 . 2011-11-25 11:43 -------- dc----w- c:\documents and settings\All Users.WINDOWS\Application Data\InstallMate
2011-11-22 19:01 . 2011-11-22 19:23 -------- d-----w- c:\program files\Unlocker
2011-11-21 12:32 . 2011-11-21 12:32 -------- d-----w- c:\program files\CCleaner
2011-11-21 10:16 . 2011-11-21 10:17 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\PC1Data
2011-11-19 08:14 . 2011-11-19 08:14 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-11-13 19:12 . 2011-12-01 16:51 -------- d-----w- c:\program files\CPUID
2011-11-08 09:15 . 2011-11-10 16:33 134104 ----a-w- c:\program files\Mozilla Firefox\components\browsercomps.dll
2011-11-08 09:15 . 2011-11-10 16:33 89048 ----a-w- c:\program files\Mozilla Firefox\libEGL.dll
2011-11-08 09:15 . 2011-11-10 16:33 478168 ----a-w- c:\program files\Mozilla Firefox\libGLESv2.dll
2011-11-08 09:15 . 2011-11-10 16:33 15832 ----a-w- c:\program files\Mozilla Firefox\mozalloc.dll
2011-11-08 09:15 . 2011-11-10 16:33 1989592 ----a-w- c:\program files\Mozilla Firefox\mozjs.dll
2011-11-08 09:15 . 2011-11-10 16:33 801752 ----a-w- c:\program files\Mozilla Firefox\mozsqlite3.dll
2011-11-08 09:15 . 2011-09-29 00:26 2106216 ----a-w- c:\program files\Mozilla Firefox\D3DCompiler_43.dll
2011-11-08 09:15 . 2011-09-29 00:26 1998168 ----a-w- c:\program files\Mozilla Firefox\d3dx9_43.dll
2011-11-07 11:36 . 2011-11-07 11:36 -------- d-----w- c:\documents and settings\Patrick.PATRICK-H20DJRL\DoctorWeb
.
.
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-21 10:16 . 2003-05-22 19:30 5359888 ----a-w- c:\windows\uninst.exe
2011-10-10 14:22 . 2004-03-02 11:18 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-10-07 05:23 . 2011-10-07 05:23 230608 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2011-10-04 05:21 . 2011-10-04 05:21 16720 ----a-w- c:\windows\system32\drivers\AVGIDSShim.sys
2011-10-03 03:06 . 2010-05-13 10:48 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-09-28 07:06 . 2002-09-23 14:11 602624 ----a-w- c:\windows\system32\crypt32.dll
2011-09-26 09:41 . 2008-07-29 17:59 614912 ----a-w- c:\windows\system32\uiautomationcore.dll
2011-09-26 09:41 . 2001-09-07 12:00 23040 ----a-w- c:\windows\system32\oleaccrc.dll
2011-09-26 09:41 . 2001-09-07 12:00 220160 ----a-w- c:\windows\system32\oleacc.dll
2011-09-13 05:30 . 2011-09-13 05:30 32592 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2011-09-06 14:09 . 2001-09-07 12:00 1859072 ----a-w- c:\windows\system32\win32k.sys
2011-11-10 16:33 . 2011-11-08 09:15 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpeedUpMyPC"="c:\progra~1\Uniblue\SPEEDU~1\launcher.exe" [2011-10-19 67960]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2011-10-24 2415456]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
"NoThumbnailCache"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\VoipBuster.com\\VoipBuster\\VoipBuster.exe"=
"c:\\Program Files\\InterVideo\\WinRip\\WinRip.exe"=
"c:\\Program Files\\Vuze\\Azureus.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgnsx.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgmfapx.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgemcx.exe"=
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [11/07/2011 1:14 23120]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [13/09/2011 6:30 32592]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [7/10/2011 6:23 230608]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [11/07/2011 1:14 295248]
R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [2/08/2011 6:09 192776]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [11/07/2011 1:14 134608]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [11/07/2011 1:14 24272]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [4/10/2011 6:21 16720]
R3 ham50;Creatix V.90 HAM Data Fax Modem;c:\windows\system32\drivers\CTXH51.sys [7/11/2001 12:47 454815]
S2 Ca533av;Cam 3200, WDM Video Capture;c:\windows\system32\drivers\CA533AV.SYS [26/11/2003 15:45 515803]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18/03/2010 13:16 130384]
S3 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2012\AVGIDSAgent.exe [12/10/2011 6:25 4433248]
S3 Camdrv30;Philips ToUcam XS;c:\windows\system32\drivers\camdrv30.sys [3/05/2003 17:55 171264]
S3 SampleScanner;USB Flatbed Scanner Driver;c:\windows\system32\DRIVERS\ArtecGT.sys --> c:\windows\system32\DRIVERS\ArtecGT.sys [?]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18/03/2010 13:16 753504]
.
--- Andere Services/Drivers In Geheugen ---
.
*NewlyCreated* - CLR_OPTIMIZATION_V4.0.30319_32
.
Inhoud van de 'Gedeelde Taken' map
.
2011-12-03 c:\windows\Tasks\SpeedUpMyPC.job
- c:\program files\Uniblue\SpeedUpMyPC\spmonitor.exe [2011-11-30 14:28]
.
.
------- Bijkomende Scan -------
.
uStart Page = hxxp://mail.yahoo.com/?.intl=us
mSearch Bar =
uInternet Settings,ProxyOverride = <local>
IE: Word Explorer starten
IE: Zoek op het web
IE: {{ECC5777A-6E88-BFCE-13CE-81F134789E7B}
TCP: DhcpNameServer = 192.168.1.1
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: {660B74E4-4E01-43DE-BB13-2BA2D643C05A} - hxxps://internetbanking.argenta.be/multisecure/smartstart/Win32/SmartStartCtl.cab
FF - ProfilePath - c:\documents and settings\Patrick.PATRICK-H20DJRL\Application Data\Mozilla\Firefox\Profiles\tip6m0mw.default\
FF - prefs.js: browser.search.defaulturl -
FF - prefs.js: browser.search.selectedEngine - SweetIM Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.be/
.
- - - - ORPHANS VERWIJDERD - - - -
.
WebBrowser-{EEE6C35B-6118-11DC-9C72-001320C79847} - (no file)
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2011-12-03 20:18
Windows 5.1.2600 Service Pack 3 NTFS
.
scannen van verborgen processen ...
.
scannen van verborgen autostart items ...
.
scannen van verborgen bestanden ...
.
Scan succesvol afgerond
verborgen bestanden: 0
.
**************************************************************************
.
--------------------- DLLs Geladen Onder Lopende Processen ---------------------
.
- - - - - - - > 'explorer.exe'(3752)
c:\program files\Windows Media Player\wmpband.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Voltooingstijd: 2011-12-03 20:24:03
ComboFix-quarantined-files.txt 2011-12-03 19:23
.
Pre-Run: 35.433.582.592 bytes beschikbaar
Post-Run: 35.604.545.536 bytes beschikbaar
.
- - End Of File - - 24B26A7E84C3ACFBE23894228F150178
tiszalodge
Legacy Member
Ziehier de combofix log. En wat zegt dit? 'k Heb er geen idee van. Wat is de volgende stap?
ComboFix 11-12-03.01 - Patrick 03/12/2011 20:05:06.2.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.32.1043.18.511.283 [GMT 1:00]
Gestart vanuit: c:\documents and settings\Patrick.PATRICK-H20DJRL\Bureaublad\ComboFix.exe
AV: AVG Internet Security 2012 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: PC Cleaners *Disabled/Updated* {737A8864-C2D9-4337-B49A-B5E35815B9BB}
.
.
(((((((((((((((((((( Bestanden Gemaakt van 2011-11-03 to 2011-12-03 ))))))))))))))))))))))))))))))
.
.
2011-12-03 15:45 . 2011-12-03 15:45 -------- d-----w- c:\program files\Microsoft.NET
2011-12-03 15:37 . 2011-12-03 15:37 -------- d-----w- c:\program files\OSDSoft
2011-12-03 15:37 . 2011-12-03 15:37 -------- d-----w- c:\program files\Common Files\OSDSoft
2011-12-02 10:42 . 2011-12-02 10:42 -------- d-----w- c:\documents and settings\Patrick.PATRICK-H20DJRL\Application Data\NeroDigital(TM)
2011-12-01 19:34 . 2011-12-01 19:34 -------- dc----w- C:\$AVG
2011-12-01 17:17 . 2011-12-01 17:17 -------- d-----w- c:\documents and settings\Patrick.PATRICK-H20DJRL\Application Data\AVG2012
2011-12-01 17:09 . 2011-12-03 12:35 -------- d-----w- c:\windows\system32\drivers\AVG
2011-12-01 17:09 . 2011-12-01 17:22 -------- dc----w- c:\documents and settings\All Users.WINDOWS\Application Data\AVG2012
2011-12-01 17:07 . 2011-12-01 17:07 -------- d-----w- c:\program files\AVG
2011-12-01 16:58 . 2011-12-01 16:58 -------- dc-h--w- c:\documents and settings\All Users.WINDOWS\Application Data\Common Files
2011-12-01 16:56 . 2011-12-03 12:35 -------- dc----w- c:\documents and settings\All Users.WINDOWS\Application Data\MFAData
2011-12-01 16:54 . 2011-12-03 18:43 -------- d--h--r- c:\documents and settings\Patrick.PATRICK-H20DJRL\Onlangs geopend
2011-11-30 15:39 . 2011-11-30 15:39 -------- d-----w- c:\documents and settings\Patrick.PATRICK-H20DJRL\Application Data\Uniblue
2011-11-30 15:39 . 2011-11-30 15:39 -------- d-----w- c:\program files\Uniblue
2011-11-30 11:08 . 2011-11-30 11:08 -------- d-----w- c:\program files\microsoft frontpage
2011-11-29 15:51 . 2011-11-29 15:51 -------- d-----w- c:\windows\system32\wbem\Repository
2011-11-29 13:17 . 2011-11-29 13:17 -------- d-----w- c:\documents and settings\Patrick.PATRICK-H20DJRL\Application Data\Genie-Soft
2011-11-25 11:58 . 2011-11-25 11:58 -------- d-----w- c:\documents and settings\Patrick.PATRICK-H20DJRL\.swt
2011-11-25 11:58 . 2011-12-01 16:54 -------- d-----w- c:\documents and settings\Patrick.PATRICK-H20DJRL\Application Data\Azureus
2011-11-25 11:55 . 2011-11-25 11:57 -------- d-----w- c:\program files\Vuze
2011-11-25 11:55 . 2011-11-25 12:24 -------- d-----w- c:\documents and settings\Patrick.PATRICK-H20DJRL\Local Settings\Application Data\Conduit
2011-11-25 11:39 . 2011-11-25 11:39 -------- dc----w- c:\documents and settings\All Users.WINDOWS\Application Data\Premium
2011-11-25 11:39 . 2011-11-25 11:43 -------- dc----w- c:\documents and settings\All Users.WINDOWS\Application Data\InstallMate
2011-11-22 19:01 . 2011-11-22 19:23 -------- d-----w- c:\program files\Unlocker
2011-11-21 12:32 . 2011-11-21 12:32 -------- d-----w- c:\program files\CCleaner
2011-11-21 10:16 . 2011-11-21 10:17 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\PC1Data
2011-11-19 08:14 . 2011-11-19 08:14 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-11-13 19:12 . 2011-12-01 16:51 -------- d-----w- c:\program files\CPUID
2011-11-08 09:15 . 2011-11-10 16:33 134104 ----a-w- c:\program files\Mozilla Firefox\components\browsercomps.dll
2011-11-08 09:15 . 2011-11-10 16:33 89048 ----a-w- c:\program files\Mozilla Firefox\libEGL.dll
2011-11-08 09:15 . 2011-11-10 16:33 478168 ----a-w- c:\program files\Mozilla Firefox\libGLESv2.dll
2011-11-08 09:15 . 2011-11-10 16:33 15832 ----a-w- c:\program files\Mozilla Firefox\mozalloc.dll
2011-11-08 09:15 . 2011-11-10 16:33 1989592 ----a-w- c:\program files\Mozilla Firefox\mozjs.dll
2011-11-08 09:15 . 2011-11-10 16:33 801752 ----a-w- c:\program files\Mozilla Firefox\mozsqlite3.dll
2011-11-08 09:15 . 2011-09-29 00:26 2106216 ----a-w- c:\program files\Mozilla Firefox\D3DCompiler_43.dll
2011-11-08 09:15 . 2011-09-29 00:26 1998168 ----a-w- c:\program files\Mozilla Firefox\d3dx9_43.dll
2011-11-07 11:36 . 2011-11-07 11:36 -------- d-----w- c:\documents and settings\Patrick.PATRICK-H20DJRL\DoctorWeb
.
.
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-21 10:16 . 2003-05-22 19:30 5359888 ----a-w- c:\windows\uninst.exe
2011-10-10 14:22 . 2004-03-02 11:18 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-10-07 05:23 . 2011-10-07 05:23 230608 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2011-10-04 05:21 . 2011-10-04 05:21 16720 ----a-w- c:\windows\system32\drivers\AVGIDSShim.sys
2011-10-03 03:06 . 2010-05-13 10:48 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-09-28 07:06 . 2002-09-23 14:11 602624 ----a-w- c:\windows\system32\crypt32.dll
2011-09-26 09:41 . 2008-07-29 17:59 614912 ----a-w- c:\windows\system32\uiautomationcore.dll
2011-09-26 09:41 . 2001-09-07 12:00 23040 ----a-w- c:\windows\system32\oleaccrc.dll
2011-09-26 09:41 . 2001-09-07 12:00 220160 ----a-w- c:\windows\system32\oleacc.dll
2011-09-13 05:30 . 2011-09-13 05:30 32592 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2011-09-06 14:09 . 2001-09-07 12:00 1859072 ----a-w- c:\windows\system32\win32k.sys
2011-11-10 16:33 . 2011-11-08 09:15 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpeedUpMyPC"="c:\progra~1\Uniblue\SPEEDU~1\launcher.exe" [2011-10-19 67960]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2011-10-24 2415456]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
"NoThumbnailCache"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\VoipBuster.com\\VoipBuster\\VoipBuster.exe"=
"c:\\Program Files\\InterVideo\\WinRip\\WinRip.exe"=
"c:\\Program Files\\Vuze\\Azureus.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgnsx.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgmfapx.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgemcx.exe"=
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [11/07/2011 1:14 23120]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [13/09/2011 6:30 32592]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [7/10/2011 6:23 230608]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [11/07/2011 1:14 295248]
R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [2/08/2011 6:09 192776]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [11/07/2011 1:14 134608]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [11/07/2011 1:14 24272]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [4/10/2011 6:21 16720]
R3 ham50;Creatix V.90 HAM Data Fax Modem;c:\windows\system32\drivers\CTXH51.sys [7/11/2001 12:47 454815]
S2 Ca533av;Cam 3200, WDM Video Capture;c:\windows\system32\drivers\CA533AV.SYS [26/11/2003 15:45 515803]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18/03/2010 13:16 130384]
S3 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2012\AVGIDSAgent.exe [12/10/2011 6:25 4433248]
S3 Camdrv30;Philips ToUcam XS;c:\windows\system32\drivers\camdrv30.sys [3/05/2003 17:55 171264]
S3 SampleScanner;USB Flatbed Scanner Driver;c:\windows\system32\DRIVERS\ArtecGT.sys --> c:\windows\system32\DRIVERS\ArtecGT.sys [?]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18/03/2010 13:16 753504]
.
--- Andere Services/Drivers In Geheugen ---
.
*NewlyCreated* - CLR_OPTIMIZATION_V4.0.30319_32
.
Inhoud van de 'Gedeelde Taken' map
.
2011-12-03 c:\windows\Tasks\SpeedUpMyPC.job
- c:\program files\Uniblue\SpeedUpMyPC\spmonitor.exe [2011-11-30 14:28]
.
.
------- Bijkomende Scan -------
.
uStart Page = hxxp://mail.yahoo.com/?.intl=us
mSearch Bar =
uInternet Settings,ProxyOverride = <local>
IE: Word Explorer starten
IE: Zoek op het web
IE: {{ECC5777A-6E88-BFCE-13CE-81F134789E7B}
TCP: DhcpNameServer = 192.168.1.1
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: {660B74E4-4E01-43DE-BB13-2BA2D643C05A} - hxxps://internetbanking.argenta.be/multisecure/smartstart/Win32/SmartStartCtl.cab
FF - ProfilePath - c:\documents and settings\Patrick.PATRICK-H20DJRL\Application Data\Mozilla\Firefox\Profiles\tip6m0mw.default\
FF - prefs.js: browser.search.defaulturl -
FF - prefs.js: browser.search.selectedEngine - SweetIM Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.be/
.
- - - - ORPHANS VERWIJDERD - - - -
.
WebBrowser-{EEE6C35B-6118-11DC-9C72-001320C79847} - (no file)
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2011-12-03 20:18
Windows 5.1.2600 Service Pack 3 NTFS
.
scannen van verborgen processen ...
.
scannen van verborgen autostart items ...
.
scannen van verborgen bestanden ...
.
Scan succesvol afgerond
verborgen bestanden: 0
.
**************************************************************************
.
--------------------- DLLs Geladen Onder Lopende Processen ---------------------
.
- - - - - - - > 'explorer.exe'(3752)
c:\program files\Windows Media Player\wmpband.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Voltooingstijd: 2011-12-03 20:24:03
ComboFix-quarantined-files.txt 2011-12-03 19:23
.
Pre-Run: 35.433.582.592 bytes beschikbaar
Post-Run: 35.604.545.536 bytes beschikbaar
.
- - End Of File - - 24B26A7E84C3ACFBE23894228F150178
ComboFix 11-12-03.01 - Patrick 03/12/2011 20:05:06.2.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.32.1043.18.511.283 [GMT 1:00]
Gestart vanuit: c:\documents and settings\Patrick.PATRICK-H20DJRL\Bureaublad\ComboFix.exe
AV: AVG Internet Security 2012 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: PC Cleaners *Disabled/Updated* {737A8864-C2D9-4337-B49A-B5E35815B9BB}
.
.
(((((((((((((((((((( Bestanden Gemaakt van 2011-11-03 to 2011-12-03 ))))))))))))))))))))))))))))))
.
.
2011-12-03 15:45 . 2011-12-03 15:45 -------- d-----w- c:\program files\Microsoft.NET
2011-12-03 15:37 . 2011-12-03 15:37 -------- d-----w- c:\program files\OSDSoft
2011-12-03 15:37 . 2011-12-03 15:37 -------- d-----w- c:\program files\Common Files\OSDSoft
2011-12-02 10:42 . 2011-12-02 10:42 -------- d-----w- c:\documents and settings\Patrick.PATRICK-H20DJRL\Application Data\NeroDigital(TM)
2011-12-01 19:34 . 2011-12-01 19:34 -------- dc----w- C:\$AVG
2011-12-01 17:17 . 2011-12-01 17:17 -------- d-----w- c:\documents and settings\Patrick.PATRICK-H20DJRL\Application Data\AVG2012
2011-12-01 17:09 . 2011-12-03 12:35 -------- d-----w- c:\windows\system32\drivers\AVG
2011-12-01 17:09 . 2011-12-01 17:22 -------- dc----w- c:\documents and settings\All Users.WINDOWS\Application Data\AVG2012
2011-12-01 17:07 . 2011-12-01 17:07 -------- d-----w- c:\program files\AVG
2011-12-01 16:58 . 2011-12-01 16:58 -------- dc-h--w- c:\documents and settings\All Users.WINDOWS\Application Data\Common Files
2011-12-01 16:56 . 2011-12-03 12:35 -------- dc----w- c:\documents and settings\All Users.WINDOWS\Application Data\MFAData
2011-12-01 16:54 . 2011-12-03 18:43 -------- d--h--r- c:\documents and settings\Patrick.PATRICK-H20DJRL\Onlangs geopend
2011-11-30 15:39 . 2011-11-30 15:39 -------- d-----w- c:\documents and settings\Patrick.PATRICK-H20DJRL\Application Data\Uniblue
2011-11-30 15:39 . 2011-11-30 15:39 -------- d-----w- c:\program files\Uniblue
2011-11-30 11:08 . 2011-11-30 11:08 -------- d-----w- c:\program files\microsoft frontpage
2011-11-29 15:51 . 2011-11-29 15:51 -------- d-----w- c:\windows\system32\wbem\Repository
2011-11-29 13:17 . 2011-11-29 13:17 -------- d-----w- c:\documents and settings\Patrick.PATRICK-H20DJRL\Application Data\Genie-Soft
2011-11-25 11:58 . 2011-11-25 11:58 -------- d-----w- c:\documents and settings\Patrick.PATRICK-H20DJRL\.swt
2011-11-25 11:58 . 2011-12-01 16:54 -------- d-----w- c:\documents and settings\Patrick.PATRICK-H20DJRL\Application Data\Azureus
2011-11-25 11:55 . 2011-11-25 11:57 -------- d-----w- c:\program files\Vuze
2011-11-25 11:55 . 2011-11-25 12:24 -------- d-----w- c:\documents and settings\Patrick.PATRICK-H20DJRL\Local Settings\Application Data\Conduit
2011-11-25 11:39 . 2011-11-25 11:39 -------- dc----w- c:\documents and settings\All Users.WINDOWS\Application Data\Premium
2011-11-25 11:39 . 2011-11-25 11:43 -------- dc----w- c:\documents and settings\All Users.WINDOWS\Application Data\InstallMate
2011-11-22 19:01 . 2011-11-22 19:23 -------- d-----w- c:\program files\Unlocker
2011-11-21 12:32 . 2011-11-21 12:32 -------- d-----w- c:\program files\CCleaner
2011-11-21 10:16 . 2011-11-21 10:17 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\PC1Data
2011-11-19 08:14 . 2011-11-19 08:14 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-11-13 19:12 . 2011-12-01 16:51 -------- d-----w- c:\program files\CPUID
2011-11-08 09:15 . 2011-11-10 16:33 134104 ----a-w- c:\program files\Mozilla Firefox\components\browsercomps.dll
2011-11-08 09:15 . 2011-11-10 16:33 89048 ----a-w- c:\program files\Mozilla Firefox\libEGL.dll
2011-11-08 09:15 . 2011-11-10 16:33 478168 ----a-w- c:\program files\Mozilla Firefox\libGLESv2.dll
2011-11-08 09:15 . 2011-11-10 16:33 15832 ----a-w- c:\program files\Mozilla Firefox\mozalloc.dll
2011-11-08 09:15 . 2011-11-10 16:33 1989592 ----a-w- c:\program files\Mozilla Firefox\mozjs.dll
2011-11-08 09:15 . 2011-11-10 16:33 801752 ----a-w- c:\program files\Mozilla Firefox\mozsqlite3.dll
2011-11-08 09:15 . 2011-09-29 00:26 2106216 ----a-w- c:\program files\Mozilla Firefox\D3DCompiler_43.dll
2011-11-08 09:15 . 2011-09-29 00:26 1998168 ----a-w- c:\program files\Mozilla Firefox\d3dx9_43.dll
2011-11-07 11:36 . 2011-11-07 11:36 -------- d-----w- c:\documents and settings\Patrick.PATRICK-H20DJRL\DoctorWeb
.
.
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-21 10:16 . 2003-05-22 19:30 5359888 ----a-w- c:\windows\uninst.exe
2011-10-10 14:22 . 2004-03-02 11:18 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-10-07 05:23 . 2011-10-07 05:23 230608 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2011-10-04 05:21 . 2011-10-04 05:21 16720 ----a-w- c:\windows\system32\drivers\AVGIDSShim.sys
2011-10-03 03:06 . 2010-05-13 10:48 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-09-28 07:06 . 2002-09-23 14:11 602624 ----a-w- c:\windows\system32\crypt32.dll
2011-09-26 09:41 . 2008-07-29 17:59 614912 ----a-w- c:\windows\system32\uiautomationcore.dll
2011-09-26 09:41 . 2001-09-07 12:00 23040 ----a-w- c:\windows\system32\oleaccrc.dll
2011-09-26 09:41 . 2001-09-07 12:00 220160 ----a-w- c:\windows\system32\oleacc.dll
2011-09-13 05:30 . 2011-09-13 05:30 32592 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2011-09-06 14:09 . 2001-09-07 12:00 1859072 ----a-w- c:\windows\system32\win32k.sys
2011-11-10 16:33 . 2011-11-08 09:15 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpeedUpMyPC"="c:\progra~1\Uniblue\SPEEDU~1\launcher.exe" [2011-10-19 67960]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2011-10-24 2415456]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
"NoThumbnailCache"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\VoipBuster.com\\VoipBuster\\VoipBuster.exe"=
"c:\\Program Files\\InterVideo\\WinRip\\WinRip.exe"=
"c:\\Program Files\\Vuze\\Azureus.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgnsx.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgmfapx.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgemcx.exe"=
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [11/07/2011 1:14 23120]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [13/09/2011 6:30 32592]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [7/10/2011 6:23 230608]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [11/07/2011 1:14 295248]
R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [2/08/2011 6:09 192776]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [11/07/2011 1:14 134608]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [11/07/2011 1:14 24272]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [4/10/2011 6:21 16720]
R3 ham50;Creatix V.90 HAM Data Fax Modem;c:\windows\system32\drivers\CTXH51.sys [7/11/2001 12:47 454815]
S2 Ca533av;Cam 3200, WDM Video Capture;c:\windows\system32\drivers\CA533AV.SYS [26/11/2003 15:45 515803]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18/03/2010 13:16 130384]
S3 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2012\AVGIDSAgent.exe [12/10/2011 6:25 4433248]
S3 Camdrv30;Philips ToUcam XS;c:\windows\system32\drivers\camdrv30.sys [3/05/2003 17:55 171264]
S3 SampleScanner;USB Flatbed Scanner Driver;c:\windows\system32\DRIVERS\ArtecGT.sys --> c:\windows\system32\DRIVERS\ArtecGT.sys [?]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18/03/2010 13:16 753504]
.
--- Andere Services/Drivers In Geheugen ---
.
*NewlyCreated* - CLR_OPTIMIZATION_V4.0.30319_32
.
Inhoud van de 'Gedeelde Taken' map
.
2011-12-03 c:\windows\Tasks\SpeedUpMyPC.job
- c:\program files\Uniblue\SpeedUpMyPC\spmonitor.exe [2011-11-30 14:28]
.
.
------- Bijkomende Scan -------
.
uStart Page = hxxp://mail.yahoo.com/?.intl=us
mSearch Bar =
uInternet Settings,ProxyOverride = <local>
IE: Word Explorer starten
IE: Zoek op het web
IE: {{ECC5777A-6E88-BFCE-13CE-81F134789E7B}
TCP: DhcpNameServer = 192.168.1.1
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: {660B74E4-4E01-43DE-BB13-2BA2D643C05A} - hxxps://internetbanking.argenta.be/multisecure/smartstart/Win32/SmartStartCtl.cab
FF - ProfilePath - c:\documents and settings\Patrick.PATRICK-H20DJRL\Application Data\Mozilla\Firefox\Profiles\tip6m0mw.default\
FF - prefs.js: browser.search.defaulturl -
FF - prefs.js: browser.search.selectedEngine - SweetIM Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.be/
.
- - - - ORPHANS VERWIJDERD - - - -
.
WebBrowser-{EEE6C35B-6118-11DC-9C72-001320C79847} - (no file)
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2011-12-03 20:18
Windows 5.1.2600 Service Pack 3 NTFS
.
scannen van verborgen processen ...
.
scannen van verborgen autostart items ...
.
scannen van verborgen bestanden ...
.
Scan succesvol afgerond
verborgen bestanden: 0
.
**************************************************************************
.
--------------------- DLLs Geladen Onder Lopende Processen ---------------------
.
- - - - - - - > 'explorer.exe'(3752)
c:\program files\Windows Media Player\wmpband.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Voltooingstijd: 2011-12-03 20:24:03
ComboFix-quarantined-files.txt 2011-12-03 19:23
.
Pre-Run: 35.433.582.592 bytes beschikbaar
Post-Run: 35.604.545.536 bytes beschikbaar
.
- - End Of File - - 24B26A7E84C3ACFBE23894228F150178
Het archief is een bevroren moment uit een vorige versie van dit forum, met andere regels en andere bazen. Deze posts weerspiegelen op geen enkele manier onze huidige ideeën, waarden of wereldbeelden en zijn op sommige plaatsen gecensureerd wegens ontoelaatbaar. Veel zijn in een andere tijdsgeest gemaakt, al dan niet ironisch - zoals in het ironische subforum Off-Topic - en zouden op dit moment niet meer gepost (mogen) worden. Toch bieden we dit archief nog graag aan als informatiedatabank en naslagwerk. Lees er hier meer over of start een gesprek met anderen.