| Vorige onderwerp :: Volgende onderwerp :: Opgelost |
| Auteur |
Bericht |
Vivika
Net Gestart
Leeftijd: 19
Geregistreerd op: 28-7-2010
Berichten: 9
Woonplaats: Uden
|
 Geplaatst: Wo 28 Jul 2010, 13:46 Onderwerp: Log van Vivika |
 |
|
Hoi hoi ik heb sinds kort last van een aantal problemen die er eerst nog niet waren. Maar ik kan me niet herinneren dat ik iets heb geinstalleerd wat fout kan zijn. Ik krijg !!!QueryDosDevice failed meldingen als ik youtube heb aanstaan soms, of een forum of wat dan ook van internet. Dan krijg ik een scherm met als het ware een soort windows verkenner mapje met een knock out smiley erop. Weet niet hoe ik het anders moet omschrijven :p Ook zat ik gisteren in een spel ( League of Legends ) en toen kreeg ik ineens die Querydos error en toen was mn spel behoorlijk vreemd aan het doen. Ik zag bepaalde dingen als grote zwarte pixels en andere rare dingen. Ik mocht niet Alt+tab'en..
Vandaag is er een patch uitgekomen voor het spel League of Legends en die was ik aan het updaten. Maar op het einde gaf ie een error melding. Ik klikte op OK en toen opende ie ineens 63 internet explorer vensters met de afbeelding van de League of Legends launcher :S
Toen heb ik even aan een vriend gevraagd of ie wist wat er aan de hand kon zijn en hij zei dat het malware kon zijn dus zo ben ik uiteindelijk hier terechtgekomen. Dus hier volgt de Hijackthis log:
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 13:39:49, on 28-7-2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\VIA\RAID\raid_tool.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Documents and Settings\janne\Local Settings\Application Data\Google\Update\1.2.183.29\GoogleCrashHandler.exe
C:\Program Files\DAEMON Tools Lite\DTLite.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\janne\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\janne\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\janne\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\janne\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\janne\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\janne\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\janne\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\janne\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\janne\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\janne\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\janne\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [RaidTool] C:\Program Files\VIA\RAID\raid_tool.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\janne\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\janne\Menu Start\Programma's\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing)
--
End of file - 5636 bytes
Alvast bedankt voor de hulp!  |
|
| Naar boven |
|
 |
Juisterr
HijackThis Specialists
Leeftijd: 51
Geregistreerd op: 23-8-2006
Berichten: 1181
Woonplaats: kotje aan de kust.
|
| Geplaatst: Do 29 Jul 2010, 18:40 Onderwerp: |
|
|
Start Hijackthis op en kies voor 'Do a system scan only'
Selecteer alleen de items die hieronder zijn genoemd:
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\janne\Menu Start\Programma's\IMVU\Run IMVU.lnk (file missing)
Sluit alle vensters behalve Hijackthis
Klik op 'Fix checked' om de items te verwijderen.
Download ComboFix van één van deze locaties:
Link 1
Link 2
* BELANGRIJK !!! Sla ComboFix.exe op je Bureaublad op- Schakel alle antivirus- en antispywareprogramma's uit, want anders kunnen ze misschien conflicteren met ComboFix. Hier is een handleiding over hoe je ze kan uitschakelen:
Klik hier
Als het je niet lukt om ze uit te schakelen, ga dan gewoon door naar de volgende stap. - Dubbeklik op ComboFix.exe en volg de meldingen op het scherm.
- ComboFix zal controleren of dat de Microsoft Windows Recovery Console reeds is geďnstalleerd.
**Let op: Als de Microsoft Windows Recovery Console al is geďnstalleerd, dan krijg je de volgende schermen niet te zien en zal ComboFix automatisch verder gaan met het scannen naar malware. - Volg de meldingen op het scherm om ComboFix de Microsoft Windows Recovery Console te laten downloaden en installeren.
Je krijgt de volgende melding te zien wanneer ComboFix de Microsoft Windows Recovery Console succesvol heeft geďnstalleerd:
Klik op Ja om verder te gaan met het scannen naar malware.
NOTE: Wanneer ComboFix start, kan het zijn dat je een Error melding krijgt dat de “contents of the ComboFix package has been compromised”
Ga niet verder met de instructies, maar download ComboFix opnieuw. Deze melding kan verschijnen wanneer een file-infector (Virut) actief is op de computer.
Blijf je die melding krijgen dan meld je dit.
Wanneer ComboFix klaar is, zal het het een logbestand voor je maken. Post de inhoud van dit logbestand (te vinden als C:\ComboFix.txt) in je volgende bericht.
_________________
Wie niks heeft is met weinig tevreden.
Proud Member of ASAP
Bent u van uw probleem verlost dankzij Vragenforum.nl? Denk dan eens na om een bescheiden donatie te doen. Zie onze donatiepagina hier |
|
| Naar boven |
|
|
Vivika
Net Gestart
Leeftijd: 19
Geregistreerd op: 28-7-2010
Berichten: 9
Woonplaats: Uden
|
| Geplaatst: Do 29 Jul 2010, 20:48 Onderwerp: |
|
|
Ik wist niet of ik dat installeren moest doen want eerlijk gezegd vertrouwde ik t niet helemaal doordat t programma van te voren mn pc ineens liet afsluiten.. Dus heb hier een log van een scan die ie heeft gedaan na de reboot. Als ik 't alsnog moet doen en zeggen dat ie moet installeren dan zal ik dat doen. Maar graag even een bevestiging hiervoor 
ComboFix 10-07-29.01 - janne 29-07-2010 20:39:15.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.31.1043.18.1023.759 [GMT 2:00]
Gestart vanuit: c:\documents and settings\janne\Mijn documenten\Downloads\ComboFix.exe
WAARSCHUWING - DE RECOVERY CONSOLE IS NIET OP DIT SYSTEEM GEINSTALLEERD !!
.
(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\docume~1\janne\LOCALS~1\Temp\install_flash_player.exe
c:\program files\\setup.exe
c:\program files\Setup.exe
.
(((((((((((((((((((( Bestanden Gemaakt van 2010-06-28 to 2010-07-29 ))))))))))))))))))))))))))))))
.
2010-07-28 12:59 . 2010-07-28 12:59 53632 ----a-w- c:\documents and settings\janne\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2010-07-28 12:59 . 2010-06-02 02:55 74072 ----a-w- c:\windows\system32\XAPOFX1_5.dll
2010-07-28 12:59 . 2010-06-02 02:55 527192 ----a-w- c:\windows\system32\XAudio2_7.dll
2010-07-28 12:59 . 2010-06-02 02:55 239960 ----a-w- c:\windows\system32\xactengine3_7.dll
2010-07-28 12:59 . 2010-05-26 09:41 2106216 ----a-w- c:\windows\system32\D3DCompiler_43.dll
2010-07-28 12:59 . 2010-05-26 09:41 1868128 ----a-w- c:\windows\system32\d3dcsx_43.dll
2010-07-28 12:59 . 2010-05-26 09:41 248672 ----a-w- c:\windows\system32\d3dx11_43.dll
2010-07-28 12:59 . 2010-05-26 09:41 470880 ----a-w- c:\windows\system32\d3dx10_43.dll
2010-07-28 12:59 . 2010-05-26 09:41 1998168 ----a-w- c:\windows\system32\D3DX9_43.dll
2010-07-28 12:57 . 2010-07-28 12:59 -------- d-----w- c:\program files\Common Files\Adobe AIR
2010-07-28 12:35 . 2010-07-29 17:34 -------- d-----w- c:\program files\League of Legends EU
2010-07-28 12:34 . 2010-07-28 15:26 -------- d-----w- c:\documents and settings\janne\Local Settings\Application Data\PMB Files
2010-07-28 12:34 . 2010-07-28 12:35 -------- d-----w- c:\documents and settings\All Users\Application Data\PMB Files
2010-07-28 12:34 . 2010-07-28 12:34 -------- d-----w- c:\program files\Pando Networks
2010-07-28 11:39 . 2010-07-28 11:39 388096 ----a-r- c:\documents and settings\janne\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-07-28 11:39 . 2010-07-28 11:39 -------- d-----w- c:\program files\Trend Micro
2010-07-23 13:15 . 2008-06-14 17:36 272640 -c----w- c:\windows\system32\dllcache\bthport.sys
2010-07-23 13:15 . 2008-06-14 17:36 272640 ------w- c:\windows\system32\drivers\bthport.sys
2010-07-23 13:14 . 2010-02-24 13:11 455680 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
2010-07-23 13:14 . 2010-02-12 10:03 293376 ------w- c:\windows\system32\browserchoice.exe
2010-07-23 13:11 . 2010-02-17 12:09 2194304 -c----w- c:\windows\system32\dllcache\ntoskrnl.exe
2010-07-23 13:11 . 2010-02-16 19:09 2150912 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe
2010-07-23 13:11 . 2010-02-16 19:09 2029056 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe
2010-07-22 23:39 . 2010-07-24 10:00 -------- d--h--w- c:\windows\$hf_mig$
2010-07-22 09:02 . 2009-08-06 17:23 215920 ----a-w- c:\windows\system32\muweb.dll
2010-07-22 09:02 . 2009-08-06 17:23 274288 ----a-w- c:\windows\system32\mucltui.dll
2010-07-16 08:24 . 2010-07-16 11:38 -------- d-----w- c:\program files\Guild Wars
2010-07-15 19:45 . 2010-07-15 20:48 -------- d-----w- c:\documents and settings\janne\Application Data\Hamachi
2010-07-15 19:44 . 2010-07-15 19:45 -------- d-----w- c:\program files\Hamachi
2010-07-15 19:44 . 2010-07-15 19:44 17480 ----a-w- c:\windows\system32\drivers\hamachi.sys
2010-07-15 19:36 . 2010-07-15 19:36 -------- d-----w- c:\program files\Common Files\3DO Shared
2010-07-15 19:36 . 2010-07-15 19:36 -------- d-----w- c:\program files\3DO
2010-07-15 19:27 . 2010-07-15 19:27 -------- d-----w- c:\program files\Common Files\Skype
2010-07-15 19:08 . 2010-07-15 19:08 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-07-15 19:07 . 2010-07-15 19:26 -------- d-----w- c:\program files\DAEMON Tools Lite
2010-07-15 19:07 . 2010-07-15 19:35 -------- d-----w- c:\documents and settings\janne\Application Data\DAEMON Tools Lite
2010-07-15 19:07 . 2010-07-15 19:07 -------- d-----w- c:\documents and settings\All Users\Application Data\DAEMON Tools Lite
2010-07-15 19:00 . 2010-07-15 19:00 -------- d-----w- c:\program files\uTorrent
2010-07-15 18:59 . 2010-07-15 20:26 -------- d-----w- c:\documents and settings\janne\Application Data\uTorrent
2010-07-15 12:14 . 2010-07-25 18:53 -------- d-----w- c:\documents and settings\janne\Application Data\Mumble
2010-07-15 12:14 . 2010-07-15 12:14 -------- d-----w- c:\program files\Mumble
2010-07-13 09:37 . 2010-07-13 09:37 -------- d-----w- c:\documents and settings\janne\Local Settings\Application Data\assembly
2010-07-13 09:37 . 2010-07-13 09:38 -------- d-----w- c:\program files\NCSoft
2010-07-13 09:37 . 2010-07-13 09:37 -------- d-----w- c:\documents and settings\janne\Application Data\InstallShield
2010-07-10 10:42 . 2010-07-10 10:42 -------- d-----w- c:\program files\PokerStars
2010-07-04 14:23 . 2010-07-04 14:47 76815 ----a-w- c:\windows\War3Unin.dat
2010-07-04 14:23 . 2010-07-04 14:35 2829 ----a-w- c:\windows\War3Unin.pif
2010-07-04 14:23 . 2010-07-04 14:35 139264 ----a-w- c:\windows\War3Unin.exe
2010-07-01 17:44 . 2010-07-13 19:28 -------- d-----w- c:\program files\Warcraft III
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-29 09:51 . 2010-02-10 14:02 -------- d-----w- c:\program files\World of Warcraft
2010-07-28 12:34 . 2010-02-08 15:19 -------- d-----w- c:\documents and settings\janne\Application Data\Skype
2010-07-28 12:27 . 2010-02-05 11:01 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-07-28 09:58 . 2010-02-08 15:21 -------- d-----w- c:\documents and settings\janne\Application Data\skypePM
2010-07-25 21:40 . 2008-04-15 12:00 86022 ----a-w- c:\windows\system32\perfc013.dat
2010-07-25 21:40 . 2008-04-15 12:00 498912 ----a-w- c:\windows\system32\perfh013.dat
2010-07-25 11:17 . 2010-02-04 00:32 18832 ----a-w- c:\documents and settings\janne\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-07-16 14:00 . 2010-06-09 19:10 -------- d-----w- c:\program files\AGEIA Technologies
2010-06-24 18:34 . 2010-06-22 18:39 -------- d-----w- c:\documents and settings\janne\Application Data\gtk-2.0
2010-06-22 18:37 . 2010-06-22 18:37 -------- d-----w- c:\program files\GIMP-2.0
2010-06-16 20:36 . 2010-06-16 20:36 -------- d-----w- c:\program files\Common Files\Logitech
2010-06-15 19:19 . 2010-06-15 19:19 -------- d-----w- c:\documents and settings\janne\Application Data\TS3Client
2010-06-15 19:18 . 2010-06-15 19:18 -------- d-----w- c:\program files\TeamSpeak 3 Client
2010-06-14 14:31 . 2010-02-03 19:03 744448 ----a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe
2010-06-13 14:12 . 2010-06-13 14:12 -------- d-----w- c:\documents and settings\janne\Application Data\ATI
2010-06-13 14:12 . 2010-06-13 14:12 -------- d-----w- c:\documents and settings\All Users\Application Data\ATI
2010-06-09 19:45 . 2010-06-09 19:45 -------- d-----w- c:\program files\MSBuild
2010-06-09 19:45 . 2010-06-09 19:45 -------- d-----w- c:\program files\Reference Assemblies
2010-06-09 19:10 . 2010-06-09 19:10 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-06-07 09:09 . 2010-05-20 14:38 -------- d-----w- c:\program files\HeroOnline
2010-05-02 08:10 . 2008-04-15 12:00 1851392 ----a-w- c:\windows\system32\win32k.sys
2010-03-28 19:12 . 2010-03-28 18:50 692437298 ----a-w- c:\program files\data2.cab
2010-03-28 19:11 . 2010-03-28 18:50 1669931 ----a-w- c:\program files\setup.isn
2010-03-28 19:09 . 2010-03-28 18:50 576000 ----a-w- c:\program files\ISSetup.dll
2010-03-28 19:09 . 2010-03-28 18:50 21494 ----a-w- c:\program files\0x0409.ini
2010-03-28 19:09 . 2010-03-28 18:50 1079468 ----a-w- c:\program files\data1.cab
2010-03-28 19:06 . 2010-03-28 18:50 371458 ----a-w- c:\program files\data1.hdr
2010-03-28 19:04 . 2010-03-28 18:50 473 ----a-w- c:\program files\layout.bin
2010-03-28 19:01 . 2010-03-28 18:50 254098 ----a-w- c:\program files\setup.inx
2010-03-28 19:01 . 2010-03-28 18:50 1224 ----a-w- c:\program files\setup.ini
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Update"="c:\documents and settings\janne\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2010-02-05 135664]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-09-29 61440]
"RaidTool"="c:\program files\VIA\RAID\raid_tool.exe" [2005-04-26 589824]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-04-04 36272]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"LVCOMSX"="c:\windows\system32\LVCOMSX.EXE" [2004-10-08 221184]
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-3.2.0.10192-to-3.3.0.10958-enGB-downloader.exe"=
"c:\\Program Files\\World of Warcraft\\Launcher.exe"=
"c:\\Program Files\\Heroes2\\HEROES2W.EXE"=
"c:\\Documents and Settings\\janne\\Mijn documenten\\Downloads\\homm_v1000.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\3DO\\Heroes 3 Complete\\HEROES3.EXE"=
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"c:\\Program Files\\League of Legends EU\\Air\\LolClient.exe"=
"c:\\Program Files\\League of Legends EU\\Game\\League of Legends.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724
"8376:TCP"= 8376:TCP:League of Legends Launcher
"8376:UDP"= 8376:UDP:League of Legends Launcher
"8377:TCP"= 8377:TCP:League of Legends Launcher
"8377:UDP"= 8377:UDP:League of Legends Launcher
"8394:TCP"= 8394:TCP:League of Legends Launcher
"8394:UDP"= 8394:UDP:League of Legends Launcher
"6912:TCP"= 6912:TCP:League of Legends Launcher
"6912:UDP"= 6912:UDP:League of Legends Launcher
"8378:TCP"= 8378:TCP:League of Legends Launcher
"8378:UDP"= 8378:UDP:League of Legends Launcher
"6957:TCP"= 6957:TCP:League of Legends Launcher
"6957:UDP"= 6957:UDP:League of Legends Launcher
"6960:TCP"= 6960:TCP:League of Legends Launcher
"6960:UDP"= 6960:UDP:League of Legends Launcher
"6903:TCP"= 6903:TCP:League of Legends Launcher
"6903:UDP"= 6903:UDP:League of Legends Launcher
"6928:TCP"= 6928:TCP:League of Legends Launcher
"6928:UDP"= 6928:UDP:League of Legends Launcher
"6933:TCP"= 6933:TCP:League of Legends Launcher
"6933:UDP"= 6933:UDP:League of Legends Launcher
"6899:TCP"= 6899:TCP:League of Legends Launcher
"6899:UDP"= 6899:UDP:League of Legends Launcher
"6936:TCP"= 6936:TCP:League of Legends Launcher
"6936:UDP"= 6936:UDP:League of Legends Launcher
"8379:TCP"= 8379:TCP:League of Legends Launcher
"8379:UDP"= 8379:UDP:League of Legends Launcher
"6887:TCP"= 6887:TCP:League of Legends Launcher
"6887:UDP"= 6887:UDP:League of Legends Launcher
"6883:TCP"= 6883:TCP:League of Legends Launcher
"6883:UDP"= 6883:UDP:League of Legends Launcher
"56293:TCP"= 56293:TCP:Pando Media Booster
"56293:UDP"= 56293:UDP:Pando Media Booster
"6958:TCP"= 6958:TCP:League of Legends Launcher
"6958:UDP"= 6958:UDP:League of Legends Launcher
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [15-7-2010 21:08 691696]
.
Inhoud van de 'Gedeelde Taken' map
2010-07-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1214440339-602162358-1644491937-1003Core.job
- c:\documents and settings\janne\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-02-05 11:06]
2010-07-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1214440339-602162358-1644491937-1003UA.job
- c:\documents and settings\janne\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-02-05 11:06]
2010-07-29 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAEXEC.exe [2009-08-03 13:07]
.
.
------- Bijkomende Scan -------
.
uStart Page = hxxp://www.google.nl/
IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\janne\Application Data\Mozilla\Firefox\Profiles\26xet0t0.default\
FF - plugin: c:\documents and settings\janne\Local Settings\Application Data\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - ORPHANS VERWIJDERD - - - -
HKCU-Run-PlayNC Launcher - (no file)
**************************************************************************
scannen van verborgen processen ...
scannen van verborgen autostart items ...
scannen van verborgen bestanden ...
Scan succesvol afgerond
verborgen bestanden:
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\h–€|˙˙˙˙¤•€|ů•9~�*]
"3140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
.
--------------------- DLLs Geladen Onder Lopende Processen ---------------------
- - - - - - - > 'winlogon.exe'(588)
c:\windows\system32\Ati2evxx.dll
.
Voltooingstijd: 2010-07-29 20:44:01
ComboFix-quarantined-files.txt 2010-07-29 18:43
Pre-Run: 13.644.263.424 bytes beschikbaar
Post-Run: 15.535.009.792 bytes beschikbaar
- - End Of File - - 7EB97B1DF28B33A9287D6A53E1965945 |
|
| Naar boven |
|
|
Juisterr
HijackThis Specialists
Leeftijd: 51
Geregistreerd op: 23-8-2006
Berichten: 1181
Woonplaats: kotje aan de kust.
|
| Geplaatst: Do 29 Jul 2010, 22:35 Onderwerp: |
|
|
c:\documents and settings\janne\Mijn documenten\Downloads\ComboFix.exe
Iig staat hij niet op de juiste plek want hij moet volgens instructie op het bureaublad staan en niet in je downloads.
Verplaats het naar je bureaublad en installeer de recovery console.
Start het opnieuw.
_________________
Wie niks heeft is met weinig tevreden.
Proud Member of ASAP
Bent u van uw probleem verlost dankzij Vragenforum.nl? Denk dan eens na om een bescheiden donatie te doen. Zie onze donatiepagina hier |
|
| Naar boven |
|
|
Vivika
Net Gestart
Leeftijd: 19
Geregistreerd op: 28-7-2010
Berichten: 9
Woonplaats: Uden
|
| Geplaatst: Do 29 Jul 2010, 23:09 Onderwerp: |
|
|
Oke hier dan alsnog de log van na het installeren en scannen:
ComboFix 10-07-29.01 - janne 29-07-2010 23:03:45.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.31.1043.18.1023.785 [GMT 2:00]
Gestart vanuit: c:\documents and settings\janne\Bureaublad\ComboFix.exe
.
(((((((((((((((((((( Bestanden Gemaakt van 2010-06-28 to 2010-07-29 ))))))))))))))))))))))))))))))
.
2010-07-28 12:59 . 2010-07-28 12:59 53632 ----a-w- c:\documents and settings\janne\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2010-07-28 12:59 . 2010-06-02 02:55 74072 ----a-w- c:\windows\system32\XAPOFX1_5.dll
2010-07-28 12:59 . 2010-06-02 02:55 527192 ----a-w- c:\windows\system32\XAudio2_7.dll
2010-07-28 12:59 . 2010-06-02 02:55 239960 ----a-w- c:\windows\system32\xactengine3_7.dll
2010-07-28 12:59 . 2010-05-26 09:41 2106216 ----a-w- c:\windows\system32\D3DCompiler_43.dll
2010-07-28 12:59 . 2010-05-26 09:41 1868128 ----a-w- c:\windows\system32\d3dcsx_43.dll
2010-07-28 12:59 . 2010-05-26 09:41 248672 ----a-w- c:\windows\system32\d3dx11_43.dll
2010-07-28 12:59 . 2010-05-26 09:41 470880 ----a-w- c:\windows\system32\d3dx10_43.dll
2010-07-28 12:59 . 2010-05-26 09:41 1998168 ----a-w- c:\windows\system32\D3DX9_43.dll
2010-07-28 12:57 . 2010-07-28 12:59 -------- d-----w- c:\program files\Common Files\Adobe AIR
2010-07-28 12:35 . 2010-07-29 20:56 -------- d-----w- c:\program files\League of Legends EU
2010-07-28 12:34 . 2010-07-28 15:26 -------- d-----w- c:\documents and settings\janne\Local Settings\Application Data\PMB Files
2010-07-28 12:34 . 2010-07-28 12:35 -------- d-----w- c:\documents and settings\All Users\Application Data\PMB Files
2010-07-28 12:34 . 2010-07-28 12:34 -------- d-----w- c:\program files\Pando Networks
2010-07-28 11:39 . 2010-07-28 11:39 388096 ----a-r- c:\documents and settings\janne\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-07-28 11:39 . 2010-07-28 11:39 -------- d-----w- c:\program files\Trend Micro
2010-07-23 13:15 . 2008-06-14 17:36 272640 -c----w- c:\windows\system32\dllcache\bthport.sys
2010-07-23 13:15 . 2008-06-14 17:36 272640 ------w- c:\windows\system32\drivers\bthport.sys
2010-07-23 13:14 . 2010-02-24 13:11 455680 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
2010-07-23 13:14 . 2010-02-12 10:03 293376 ------w- c:\windows\system32\browserchoice.exe
2010-07-23 13:11 . 2010-02-17 12:09 2194304 -c----w- c:\windows\system32\dllcache\ntoskrnl.exe
2010-07-23 13:11 . 2010-02-16 19:09 2150912 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe
2010-07-23 13:11 . 2010-02-16 19:09 2029056 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe
2010-07-22 23:39 . 2010-07-24 10:00 -------- d--h--w- c:\windows\$hf_mig$
2010-07-22 09:02 . 2009-08-06 17:23 215920 ----a-w- c:\windows\system32\muweb.dll
2010-07-22 09:02 . 2009-08-06 17:23 274288 ----a-w- c:\windows\system32\mucltui.dll
2010-07-16 08:24 . 2010-07-16 11:38 -------- d-----w- c:\program files\Guild Wars
2010-07-15 19:45 . 2010-07-15 20:48 -------- d-----w- c:\documents and settings\janne\Application Data\Hamachi
2010-07-15 19:44 . 2010-07-15 19:45 -------- d-----w- c:\program files\Hamachi
2010-07-15 19:44 . 2010-07-15 19:44 17480 ----a-w- c:\windows\system32\drivers\hamachi.sys
2010-07-15 19:36 . 2010-07-15 19:36 -------- d-----w- c:\program files\Common Files\3DO Shared
2010-07-15 19:36 . 2010-07-15 19:36 -------- d-----w- c:\program files\3DO
2010-07-15 19:27 . 2010-07-15 19:27 -------- d-----w- c:\program files\Common Files\Skype
2010-07-15 19:08 . 2010-07-15 19:08 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-07-15 19:07 . 2010-07-15 19:26 -------- d-----w- c:\program files\DAEMON Tools Lite
2010-07-15 19:07 . 2010-07-15 19:35 -------- d-----w- c:\documents and settings\janne\Application Data\DAEMON Tools Lite
2010-07-15 19:07 . 2010-07-15 19:07 -------- d-----w- c:\documents and settings\All Users\Application Data\DAEMON Tools Lite
2010-07-15 19:00 . 2010-07-15 19:00 -------- d-----w- c:\program files\uTorrent
2010-07-15 18:59 . 2010-07-15 20:26 -------- d-----w- c:\documents and settings\janne\Application Data\uTorrent
2010-07-15 12:14 . 2010-07-25 18:53 -------- d-----w- c:\documents and settings\janne\Application Data\Mumble
2010-07-15 12:14 . 2010-07-15 12:14 -------- d-----w- c:\program files\Mumble
2010-07-13 09:37 . 2010-07-13 09:37 -------- d-----w- c:\documents and settings\janne\Local Settings\Application Data\assembly
2010-07-13 09:37 . 2010-07-13 09:38 -------- d-----w- c:\program files\NCSoft
2010-07-13 09:37 . 2010-07-13 09:37 -------- d-----w- c:\documents and settings\janne\Application Data\InstallShield
2010-07-10 10:42 . 2010-07-10 10:42 -------- d-----w- c:\program files\PokerStars
2010-07-04 14:23 . 2010-07-04 14:47 76815 ----a-w- c:\windows\War3Unin.dat
2010-07-04 14:23 . 2010-07-04 14:35 2829 ----a-w- c:\windows\War3Unin.pif
2010-07-04 14:23 . 2010-07-04 14:35 139264 ----a-w- c:\windows\War3Unin.exe
2010-07-01 17:44 . 2010-07-13 19:28 -------- d-----w- c:\program files\Warcraft III
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-29 09:51 . 2010-02-10 14:02 -------- d-----w- c:\program files\World of Warcraft
2010-07-28 12:34 . 2010-02-08 15:19 -------- d-----w- c:\documents and settings\janne\Application Data\Skype
2010-07-28 12:27 . 2010-02-05 11:01 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-07-28 09:58 . 2010-02-08 15:21 -------- d-----w- c:\documents and settings\janne\Application Data\skypePM
2010-07-25 21:40 . 2008-04-15 12:00 86022 ----a-w- c:\windows\system32\perfc013.dat
2010-07-25 21:40 . 2008-04-15 12:00 498912 ----a-w- c:\windows\system32\perfh013.dat
2010-07-25 11:17 . 2010-02-04 00:32 18832 ----a-w- c:\documents and settings\janne\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-07-16 14:00 . 2010-06-09 19:10 -------- d-----w- c:\program files\AGEIA Technologies
2010-06-24 18:34 . 2010-06-22 18:39 -------- d-----w- c:\documents and settings\janne\Application Data\gtk-2.0
2010-06-22 18:37 . 2010-06-22 18:37 -------- d-----w- c:\program files\GIMP-2.0
2010-06-16 20:36 . 2010-06-16 20:36 -------- d-----w- c:\program files\Common Files\Logitech
2010-06-15 19:19 . 2010-06-15 19:19 -------- d-----w- c:\documents and settings\janne\Application Data\TS3Client
2010-06-15 19:18 . 2010-06-15 19:18 -------- d-----w- c:\program files\TeamSpeak 3 Client
2010-06-14 14:31 . 2010-02-03 19:03 744448 ----a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe
2010-06-13 14:12 . 2010-06-13 14:12 -------- d-----w- c:\documents and settings\janne\Application Data\ATI
2010-06-13 14:12 . 2010-06-13 14:12 -------- d-----w- c:\documents and settings\All Users\Application Data\ATI
2010-06-09 19:45 . 2010-06-09 19:45 -------- d-----w- c:\program files\MSBuild
2010-06-09 19:45 . 2010-06-09 19:45 -------- d-----w- c:\program files\Reference Assemblies
2010-06-09 19:10 . 2010-06-09 19:10 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-06-07 09:09 . 2010-05-20 14:38 -------- d-----w- c:\program files\HeroOnline
2010-05-02 08:10 . 2008-04-15 12:00 1851392 ----a-w- c:\windows\system32\win32k.sys
2010-03-28 19:12 . 2010-03-28 18:50 692437298 ----a-w- c:\program files\data2.cab
2010-03-28 19:11 . 2010-03-28 18:50 1669931 ----a-w- c:\program files\setup.isn
2010-03-28 19:09 . 2010-03-28 18:50 576000 ----a-w- c:\program files\ISSetup.dll
2010-03-28 19:09 . 2010-03-28 18:50 21494 ----a-w- c:\program files\0x0409.ini
2010-03-28 19:09 . 2010-03-28 18:50 1079468 ----a-w- c:\program files\data1.cab
2010-03-28 19:06 . 2010-03-28 18:50 371458 ----a-w- c:\program files\data1.hdr
2010-03-28 19:04 . 2010-03-28 18:50 473 ----a-w- c:\program files\layout.bin
2010-03-28 19:01 . 2010-03-28 18:50 254098 ----a-w- c:\program files\setup.inx
2010-03-28 19:01 . 2010-03-28 18:50 1224 ----a-w- c:\program files\setup.ini
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Update"="c:\documents and settings\janne\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2010-02-05 135664]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-09-29 61440]
"RaidTool"="c:\program files\VIA\RAID\raid_tool.exe" [2005-04-26 589824]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-04-04 36272]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"LVCOMSX"="c:\windows\system32\LVCOMSX.EXE" [2004-10-08 221184]
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-3.2.0.10192-to-3.3.0.10958-enGB-downloader.exe"=
"c:\\Program Files\\World of Warcraft\\Launcher.exe"=
"c:\\Program Files\\Heroes2\\HEROES2W.EXE"=
"c:\\Documents and Settings\\janne\\Mijn documenten\\Downloads\\homm_v1000.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\3DO\\Heroes 3 Complete\\HEROES3.EXE"=
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"c:\\Program Files\\League of Legends EU\\Air\\LolClient.exe"=
"c:\\Program Files\\League of Legends EU\\Game\\League of Legends.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724
"8376:TCP"= 8376:TCP:League of Legends Launcher
"8376:UDP"= 8376:UDP:League of Legends Launcher
"8377:TCP"= 8377:TCP:League of Legends Launcher
"8377:UDP"= 8377:UDP:League of Legends Launcher
"8394:TCP"= 8394:TCP:League of Legends Launcher
"8394:UDP"= 8394:UDP:League of Legends Launcher
"6912:TCP"= 6912:TCP:League of Legends Launcher
"6912:UDP"= 6912:UDP:League of Legends Launcher
"8378:TCP"= 8378:TCP:League of Legends Launcher
"8378:UDP"= 8378:UDP:League of Legends Launcher
"6957:TCP"= 6957:TCP:League of Legends Launcher
"6957:UDP"= 6957:UDP:League of Legends Launcher
"6960:TCP"= 6960:TCP:League of Legends Launcher
"6960:UDP"= 6960:UDP:League of Legends Launcher
"6928:TCP"= 6928:TCP:League of Legends Launcher
"6928:UDP"= 6928:UDP:League of Legends Launcher
"6933:TCP"= 6933:TCP:League of Legends Launcher
"6933:UDP"= 6933:UDP:League of Legends Launcher
"6899:TCP"= 6899:TCP:League of Legends Launcher
"6899:UDP"= 6899:UDP:League of Legends Launcher
"6936:TCP"= 6936:TCP:League of Legends Launcher
"6936:UDP"= 6936:UDP:League of Legends Launcher
"8379:TCP"= 8379:TCP:League of Legends Launcher
"8379:UDP"= 8379:UDP:League of Legends Launcher
"6887:TCP"= 6887:TCP:League of Legends Launcher
"6887:UDP"= 6887:UDP:League of Legends Launcher
"6883:TCP"= 6883:TCP:League of Legends Launcher
"6883:UDP"= 6883:UDP:League of Legends Launcher
"56293:TCP"= 56293:TCP:Pando Media Booster
"56293:UDP"= 56293:UDP:Pando Media Booster
"6958:TCP"= 6958:TCP:League of Legends Launcher
"6958:UDP"= 6958:UDP:League of Legends Launcher
S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [15-7-2010 21:08 691696]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]
.
Inhoud van de 'Gedeelde Taken' map
2010-07-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1214440339-602162358-1644491937-1003Core.job
- c:\documents and settings\janne\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-02-05 11:06]
2010-07-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1214440339-602162358-1644491937-1003UA.job
- c:\documents and settings\janne\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-02-05 11:06]
2010-07-29 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAEXEC.exe [2009-08-03 13:07]
.
.
------- Bijkomende Scan -------
.
uStart Page = hxxp://www.google.nl/
IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\janne\Application Data\Mozilla\Firefox\Profiles\26xet0t0.default\
FF - plugin: c:\documents and settings\janne\Local Settings\Application Data\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-07-29 23:07
Windows 5.1.2600 Service Pack 3 NTFS
scannen van verborgen processen ...
scannen van verborgen autostart items ...
scannen van verborgen bestanden ...
Scan succesvol afgerond
verborgen bestanden: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\h–€|˙˙˙˙¤•€|ů•9~�*]
"3140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
.
--------------------- DLLs Geladen Onder Lopende Processen ---------------------
- - - - - - - > 'winlogon.exe'(588)
c:\windows\system32\Ati2evxx.dll
.
Voltooingstijd: 2010-07-29 23:08:41
ComboFix-quarantined-files.txt 2010-07-29 21:08
ComboFix2.txt 2010-07-29 18:44
Pre-Run: 15.518.224.384 bytes beschikbaar
Post-Run: 15.518.986.240 bytes beschikbaar
WindowsXP-KB310994-SP2-Pro-BootDisk-NLD.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
e:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
- - End Of File - - E25127B9C7BC738B2482898B1FA9C61A |
|
| Naar boven |
|
|
Juisterr
HijackThis Specialists
Leeftijd: 51
Geregistreerd op: 23-8-2006
Berichten: 1181
Woonplaats: kotje aan de kust.
|
| Geplaatst: Zo 01 Aug 2010, 20:05 Onderwerp: |
|
|
Was je aan het gamen terwijl combofix aan het runnen was ?
_________________
Wie niks heeft is met weinig tevreden.
Proud Member of ASAP
Bent u van uw probleem verlost dankzij Vragenforum.nl? Denk dan eens na om een bescheiden donatie te doen. Zie onze donatiepagina hier |
|
| Naar boven |
|
|
Vivika
Net Gestart
Leeftijd: 19
Geregistreerd op: 28-7-2010
Berichten: 9
Woonplaats: Uden
|
| Geplaatst: Ma 02 Aug 2010, 0:12 Onderwerp: |
|
|
| Euhm nee als ik 't me goed kan herinneren niet. Want zowieso je runt combofix en die heeft je 'windows interface' als 't ware uitgeschakeld als ie bezig is. Dus dan heeft alleen dat aangestaan. |
|
| Naar boven |
|
|
Juisterr
HijackThis Specialists
Leeftijd: 51
Geregistreerd op: 23-8-2006
Berichten: 1181
Woonplaats: kotje aan de kust.
|
| Geplaatst: Ma 02 Aug 2010, 19:37 Onderwerp: |
|
|
Heb je ook een nieuw HijackThis logje ter controle en vertel gelijk even hoe het nu gaat.
_________________
Wie niks heeft is met weinig tevreden.
Proud Member of ASAP
Bent u van uw probleem verlost dankzij Vragenforum.nl? Denk dan eens na om een bescheiden donatie te doen. Zie onze donatiepagina hier |
|
| Naar boven |
|
|
Vivika
Net Gestart
Leeftijd: 19
Geregistreerd op: 28-7-2010
Berichten: 9
Woonplaats: Uden
|
| Geplaatst: Di 03 Aug 2010, 10:48 Onderwerp: |
|
|
Ik heb Combofix even opnieuw aangezet en ik zal hieronder zo de log even posten. Ik heb nog geregeld last van 'Uknown DirectX' errors in mijn League of Legends game en dat is altijd als het spel van het voorbereidend Character selection screen naar de 'echte' game gaat. Ook krijg ik met Youtube of met een forum nog wel eens dat ie een foutmelding geeft en dat er dus of een puzzelstukje met een knock out gezichtje ( Voor Youtube ) of een Windows Verkenner mapje met een knock out gezichtje (Forum) op het scherm komt.
Hier is de log:
ComboFix 10-08-02.03 - janne 03-08-2010 10:38:51.3.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.31.1043.18.1023.711 [GMT 2:00]
Gestart vanuit: c:\documents and settings\janne\Bureaublad\ComboFix.exe
* Nieuw herstelpunt werd aangemaakt
.
(((((((((((((((((((( Bestanden Gemaakt van 2010-07-03 to 2010-08-03 ))))))))))))))))))))))))))))))
.
2010-07-30 11:03 . 2010-07-30 11:03 -------- d-----w- c:\documents and settings\All Users\Application Data\Office Genuine Advantage
2010-07-30 11:03 . 2010-07-30 11:03 -------- d-----w- c:\documents and settings\janne\Application Data\Office Genuine Advantage
2010-07-28 12:59 . 2010-07-28 12:59 53632 ----a-w- c:\documents and settings\janne\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2010-07-28 12:59 . 2010-06-02 02:55 74072 ----a-w- c:\windows\system32\XAPOFX1_5.dll
2010-07-28 12:59 . 2010-06-02 02:55 527192 ----a-w- c:\windows\system32\XAudio2_7.dll
2010-07-28 12:59 . 2010-06-02 02:55 239960 ----a-w- c:\windows\system32\xactengine3_7.dll
2010-07-28 12:59 . 2010-05-26 09:41 2106216 ----a-w- c:\windows\system32\D3DCompiler_43.dll
2010-07-28 12:59 . 2010-05-26 09:41 1868128 ----a-w- c:\windows\system32\d3dcsx_43.dll
2010-07-28 12:59 . 2010-05-26 09:41 248672 ----a-w- c:\windows\system32\d3dx11_43.dll
2010-07-28 12:59 . 2010-05-26 09:41 470880 ----a-w- c:\windows\system32\d3dx10_43.dll
2010-07-28 12:59 . 2010-05-26 09:41 1998168 ----a-w- c:\windows\system32\D3DX9_43.dll
2010-07-28 12:57 . 2010-07-28 12:59 -------- d-----w- c:\program files\Common Files\Adobe AIR
2010-07-28 12:35 . 2010-08-02 21:16 -------- d-----w- c:\program files\League of Legends EU
2010-07-28 12:34 . 2010-07-28 15:26 -------- d-----w- c:\documents and settings\janne\Local Settings\Application Data\PMB Files
2010-07-28 12:34 . 2010-07-28 12:35 -------- d-----w- c:\documents and settings\All Users\Application Data\PMB Files
2010-07-28 12:34 . 2010-07-28 12:34 -------- d-----w- c:\program files\Pando Networks
2010-07-28 11:39 . 2010-07-28 11:39 388096 ----a-r- c:\documents and settings\janne\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-07-28 11:39 . 2010-07-28 11:39 -------- d-----w- c:\program files\Trend Micro
2010-07-23 13:15 . 2008-06-14 17:36 272640 -c----w- c:\windows\system32\dllcache\bthport.sys
2010-07-23 13:15 . 2008-06-14 17:36 272640 ------w- c:\windows\system32\drivers\bthport.sys
2010-07-23 13:14 . 2010-02-24 13:11 455680 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
2010-07-23 13:14 . 2010-02-12 10:03 293376 ------w- c:\windows\system32\browserchoice.exe
2010-07-23 13:11 . 2010-02-17 12:09 2194304 -c----w- c:\windows\system32\dllcache\ntoskrnl.exe
2010-07-23 13:11 . 2010-02-16 19:09 2150912 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe
2010-07-23 13:11 . 2010-02-16 19:09 2029056 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe
2010-07-22 23:39 . 2010-08-03 08:12 -------- d--h--w- c:\windows\$hf_mig$
2010-07-22 09:02 . 2009-08-06 17:23 215920 ----a-w- c:\windows\system32\muweb.dll
2010-07-22 09:02 . 2009-08-06 17:23 274288 ----a-w- c:\windows\system32\mucltui.dll
2010-07-16 08:24 . 2010-07-16 11:38 -------- d-----w- c:\program files\Guild Wars
2010-07-15 19:45 . 2010-07-15 20:48 -------- d-----w- c:\documents and settings\janne\Application Data\Hamachi
2010-07-15 19:44 . 2010-07-15 19:45 -------- d-----w- c:\program files\Hamachi
2010-07-15 19:44 . 2010-07-15 19:44 17480 ----a-w- c:\windows\system32\drivers\hamachi.sys
2010-07-15 19:36 . 2010-07-15 19:36 -------- d-----w- c:\program files\Common Files\3DO Shared
2010-07-15 19:36 . 2010-07-15 19:36 -------- d-----w- c:\program files\3DO
2010-07-15 19:27 . 2010-07-15 19:27 -------- d-----w- c:\program files\Common Files\Skype
2010-07-15 19:08 . 2010-07-15 19:08 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-07-15 19:07 . 2010-07-15 19:26 -------- d-----w- c:\program files\DAEMON Tools Lite
2010-07-15 19:07 . 2010-07-15 19:35 -------- d-----w- c:\documents and settings\janne\Application Data\DAEMON Tools Lite
2010-07-15 19:07 . 2010-07-15 19:07 -------- d-----w- c:\documents and settings\All Users\Application Data\DAEMON Tools Lite
2010-07-15 19:00 . 2010-07-15 19:00 -------- d-----w- c:\program files\uTorrent
2010-07-15 18:59 . 2010-07-15 20:26 -------- d-----w- c:\documents and settings\janne\Application Data\uTorrent
2010-07-15 12:14 . 2010-07-25 18:53 -------- d-----w- c:\documents and settings\janne\Application Data\Mumble
2010-07-15 12:14 . 2010-07-15 12:14 -------- d-----w- c:\program files\Mumble
2010-07-13 09:37 . 2010-07-13 09:37 -------- d-----w- c:\documents and settings\janne\Local Settings\Application Data\assembly
2010-07-13 09:37 . 2010-07-13 09:38 -------- d-----w- c:\program files\NCSoft
2010-07-13 09:37 . 2010-07-13 09:37 -------- d-----w- c:\documents and settings\janne\Application Data\InstallShield
2010-07-10 10:42 . 2010-07-10 10:42 -------- d-----w- c:\program files\PokerStars
2010-07-04 14:23 . 2010-07-04 14:47 76815 ----a-w- c:\windows\War3Unin.dat
2010-07-04 14:23 . 2010-07-04 14:35 2829 ----a-w- c:\windows\War3Unin.pif
2010-07-04 14:23 . 2010-07-04 14:35 139264 ----a-w- c:\windows\War3Unin.exe
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-31 10:56 . 2010-02-08 15:19 -------- d-----w- c:\documents and settings\janne\Application Data\Skype
2010-07-31 10:56 . 2010-02-08 15:21 -------- d-----w- c:\documents and settings\janne\Application Data\skypePM
2010-07-29 09:51 . 2010-02-10 14:02 -------- d-----w- c:\program files\World of Warcraft
2010-07-28 12:27 . 2010-02-05 11:01 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-07-25 21:40 . 2008-04-15 12:00 86022 ----a-w- c:\windows\system32\perfc013.dat
2010-07-25 21:40 . 2008-04-15 12:00 498912 ----a-w- c:\windows\system32\perfh013.dat
2010-07-25 11:17 . 2010-02-04 00:32 18832 ----a-w- c:\documents and settings\janne\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-07-16 14:00 . 2010-06-09 19:10 -------- d-----w- c:\program files\AGEIA Technologies
2010-07-13 19:28 . 2010-07-01 17:44 -------- d-----w- c:\program files\Warcraft III
2010-06-24 18:34 . 2010-06-22 18:39 -------- d-----w- c:\documents and settings\janne\Application Data\gtk-2.0
2010-06-22 18:37 . 2010-06-22 18:37 -------- d-----w- c:\program files\GIMP-2.0
2010-06-16 20:36 . 2010-06-16 20:36 -------- d-----w- c:\program files\Common Files\Logitech
2010-06-15 19:19 . 2010-06-15 19:19 -------- d-----w- c:\documents and settings\janne\Application Data\TS3Client
2010-06-15 19:18 . 2010-06-15 19:18 -------- d-----w- c:\program files\TeamSpeak 3 Client
2010-06-14 14:31 . 2010-02-03 19:03 744448 ----a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe
2010-06-13 14:12 . 2010-06-13 14:12 -------- d-----w- c:\documents and settings\janne\Application Data\ATI
2010-06-13 14:12 . 2010-06-13 14:12 -------- d-----w- c:\documents and settings\All Users\Application Data\ATI
2010-06-09 19:45 . 2010-06-09 19:45 -------- d-----w- c:\program files\MSBuild
2010-06-09 19:45 . 2010-06-09 19:45 -------- d-----w- c:\program files\Reference Assemblies
2010-06-09 19:10 . 2010-06-09 19:10 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-06-07 09:09 . 2010-05-20 14:38 -------- d-----w- c:\program files\HeroOnline
2010-03-28 19:12 . 2010-03-28 18:50 692437298 ----a-w- c:\program files\data2.cab
2010-03-28 19:11 . 2010-03-28 18:50 1669931 ----a-w- c:\program files\setup.isn
2010-03-28 19:09 . 2010-03-28 18:50 576000 ----a-w- c:\program files\ISSetup.dll
2010-03-28 19:09 . 2010-03-28 18:50 21494 ----a-w- c:\program files\0x0409.ini
2010-03-28 19:09 . 2010-03-28 18:50 1079468 ----a-w- c:\program files\data1.cab
2010-03-28 19:06 . 2010-03-28 18:50 371458 ----a-w- c:\program files\data1.hdr
2010-03-28 19:04 . 2010-03-28 18:50 473 ----a-w- c:\program files\layout.bin
2010-03-28 19:01 . 2010-03-28 18:50 254098 ----a-w- c:\program files\setup.inx
2010-03-28 19:01 . 2010-03-28 18:50 1224 ----a-w- c:\program files\setup.ini
.
((((((((((((((((((((((((((((( SnapShot@2010-07-29_18.43.11 )))))))))))))))))))))))))))))))))))))))))
.
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Update"="c:\documents and settings\janne\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2010-02-05 135664]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-09-29 61440]
"RaidTool"="c:\program files\VIA\RAID\raid_tool.exe" [2005-04-26 589824]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-04-04 36272]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"LVCOMSX"="c:\windows\system32\LVCOMSX.EXE" [2004-10-08 221184]
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-3.2.0.10192-to-3.3.0.10958-enGB-downloader.exe"=
"c:\\Program Files\\World of Warcraft\\Launcher.exe"=
"c:\\Program Files\\Heroes2\\HEROES2W.EXE"=
"c:\\Documents and Settings\\janne\\Mijn documenten\\Downloads\\homm_v1000.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\3DO\\Heroes 3 Complete\\HEROES3.EXE"=
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"c:\\Program Files\\League of Legends EU\\Air\\LolClient.exe"=
"c:\\Program Files\\League of Legends EU\\Game\\League of Legends.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724
"8376:TCP"= 8376:TCP:League of Legends Launcher
"8376:UDP"= 8376:UDP:League of Legends Launcher
"8377:TCP"= 8377:TCP:League of Legends Launcher
"8377:UDP"= 8377:UDP:League of Legends Launcher
"8394:TCP"= 8394:TCP:League of Legends Launcher
"8394:UDP"= 8394:UDP:League of Legends Launcher
"6912:TCP"= 6912:TCP:League of Legends Launcher
"6912:UDP"= 6912:UDP:League of Legends Launcher
"8378:TCP"= 8378:TCP:League of Legends Launcher
"8378:UDP"= 8378:UDP:League of Legends Launcher
"6960:TCP"= 6960:TCP:League of Legends Launcher
"6960:UDP"= 6960:UDP:League of Legends Launcher
"6928:TCP"= 6928:TCP:League of Legends Launcher
"6928:UDP"= 6928:UDP:League of Legends Launcher
"6899:TCP"= 6899:TCP:League of Legends Launcher
"6899:UDP"= 6899:UDP:League of Legends Launcher
"6936:TCP"= 6936:TCP:League of Legends Launcher
"6936:UDP"= 6936:UDP:League of Legends Launcher
"8379:TCP"= 8379:TCP:League of Legends Launcher
"8379:UDP"= 8379:UDP:League of Legends Launcher
"6887:TCP"= 6887:TCP:League of Legends Launcher
"6887:UDP"= 6887:UDP:League of Legends Launcher
"6883:TCP"= 6883:TCP:League of Legends Launcher
"6883:UDP"= 6883:UDP:League of Legends Launcher
"56293:TCP"= 56293:TCP:Pando Media Booster
"56293:UDP"= 56293:UDP:Pando Media Booster
"6958:TCP"= 6958:TCP:League of Legends Launcher
"6958:UDP"= 6958:UDP:League of Legends Launcher
"6882:TCP"= 6882:TCP:League of Legends Launcher
"6882:UDP"= 6882:UDP:League of Legends Launcher
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [15-7-2010 21:08 691696]
.
Inhoud van de 'Gedeelde Taken' map
2010-08-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1214440339-602162358-1644491937-1003Core.job
- c:\documents and settings\janne\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-02-05 11:06]
2010-08-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1214440339-602162358-1644491937-1003UA.job
- c:\documents and settings\janne\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-02-05 11:06]
2010-08-03 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAEXEC.exe [2009-08-03 13:07]
.
.
------- Bijkomende Scan -------
.
uStart Page = hxxp://www.google.nl/
IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\janne\Application Data\Mozilla\Firefox\Profiles\26xet0t0.default\
FF - plugin: c:\documents and settings\janne\Local Settings\Application Data\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
**************************************************************************
scannen van verborgen processen ...
scannen van verborgen autostart items ...
scannen van verborgen bestanden ...
Scan succesvol afgerond
verborgen bestanden:
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\h–€|˙˙˙˙¤•€|ů•9~�*]
"3140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
.
--------------------- DLLs Geladen Onder Lopende Processen ---------------------
- - - - - - - > 'winlogon.exe'(588)
c:\windows\system32\Ati2evxx.dll
.
Voltooingstijd: 2010-08-03 10:43:34
ComboFix-quarantined-files.txt 2010-08-03 08:43
ComboFix2.txt 2010-07-29 21:08
ComboFix3.txt 2010-07-29 18:44
Pre-Run: 15.916.474.368 bytes beschikbaar
Post-Run: 15.916.851.200 bytes beschikbaar
- - End Of File - - 26B0EEBE3BFF704EB9B507D277C98A4B |
|
| Naar boven |
|
|
Juisterr
HijackThis Specialists
Leeftijd: 51
Geregistreerd op: 23-8-2006
Berichten: 1181
Woonplaats: kotje aan de kust.
|
| Geplaatst: Wo 04 Aug 2010, 22:29 Onderwerp: |
|
|
Een nieuw HijackThis logje aub.!
_________________
Wie niks heeft is met weinig tevreden.
Proud Member of ASAP
Bent u van uw probleem verlost dankzij Vragenforum.nl? Denk dan eens na om een bescheiden donatie te doen. Zie onze donatiepagina hier |
|
| Naar boven |
|
|
Vivika
Net Gestart
Leeftijd: 19
Geregistreerd op: 28-7-2010
Berichten: 9
Woonplaats: Uden
|
| Geplaatst: Do 05 Aug 2010, 0:03 Onderwerp: |
|
|
| Dat was een nieuw logje dat ik gepost heb.. |
|
| Naar boven |
|
|
Juisterr
HijackThis Specialists
Leeftijd: 51
Geregistreerd op: 23-8-2006
Berichten: 1181
Woonplaats: kotje aan de kust.
|
| Geplaatst: Zo 08 Aug 2010, 21:46 Onderwerp: |
|
|
outdated, aub een vers logje.
_________________
Wie niks heeft is met weinig tevreden.
Proud Member of ASAP
Bent u van uw probleem verlost dankzij Vragenforum.nl? Denk dan eens na om een bescheiden donatie te doen. Zie onze donatiepagina hier |
|
| Naar boven |
|
|
Vivika
Net Gestart
Leeftijd: 19
Geregistreerd op: 28-7-2010
Berichten: 9
Woonplaats: Uden
|
| Geplaatst: Ma 09 Aug 2010, 13:29 Onderwerp: |
|
|
Sorry was even in de war of ik nou een Combofix of Hijackthis Log moest plaatsen. Dus hier een Hijackthis log:
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 13:27:39, on 9-8-2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\VIA\RAID\raid_tool.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Documents and Settings\janne\Local Settings\Application Data\Google\Update\1.2.183.29\GoogleCrashHandler.exe
C:\Program Files\DAEMON Tools Lite\DTLite.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [RaidTool] C:\Program Files\VIA\RAID\raid_tool.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\janne\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing)
--
End of file - 4359 bytes |
|
| Naar boven |
|
|
Juisterr
HijackThis Specialists
Leeftijd: 51
Geregistreerd op: 23-8-2006
Berichten: 1181
Woonplaats: kotje aan de kust.
|
| Geplaatst: Di 10 Aug 2010, 19:55 Onderwerp: |
|
|
Ziet er schoon uit.
_________________
Wie niks heeft is met weinig tevreden.
Proud Member of ASAP
Bent u van uw probleem verlost dankzij Vragenforum.nl? Denk dan eens na om een bescheiden donatie te doen. Zie onze donatiepagina hier |
|
| Naar boven |
|
|
Vivika
Net Gestart
Leeftijd: 19
Geregistreerd op: 28-7-2010
Berichten: 9
Woonplaats: Uden
|
| Geplaatst: Wo 11 Aug 2010, 13:20 Onderwerp: |
|
|
Ik heb nog wel geregeld last van het vastlopen van Youtube. Ook krijg ik soms de volgende melding ( Zie screenshot )
 |
|
| Naar boven |
|
|
|
