[hjt]
"faisal" - 2009-09-04 19:01:17 service pack 2
combofix 07-05.07.3.v - running from: "e:\"
((((((((((((((((((((((((((((((( files created from 2009-08-04 to 2009-09-04 ))))))))))))))))))))))))))))))))))
2009-09-04 18:51 <dir> d-------- c:\docume~1\temp\applic~1\yahoo!
2009-09-04 18:50 <dir> d-------- c:\docume~1\temp\applic~1\google
2009-09-04 18:47 524,288 --ah----- c:\docume~1\temp\ntuser.dat
2009-09-04 18:47 <dir> dr------- c:\docume~1\temp\menu start
2009-09-04 18:47 <dir> d--hs---- c:\docume~1\temp\onlangs geopend
2009-09-04 18:47 <dir> d--h----- c:\docume~1\temp\sjablonen
2009-09-04 18:47 <dir> d--h----- c:\docume~1\temp\netwerkprinteromgeving
2009-09-04 18:47 <dir> d---s---- c:\docume~1\temp\mijn documenten
2009-09-04 18:47 <dir> d---s---- c:\docume~1\temp\favorieten
2009-09-04 18:47 <dir> d-------- c:\docume~1\temp\bureaublad
2009-08-28 14:15 <dir> d-------- c:\vandale
(((((((((((((((((((((((((((((((((((((((((((((((( find3m report )))))))))))))))))))))))))))))))))))))))))))))))))))))
2009-09-04 16:51:00 -------- d-----w c:\docume~1\temp\applic~1.\yahoo!
2009-09-04 16:50:59 -------- d-----w c:\docume~1\temp\applic~1.\google
2009-09-03 22:22:35 664 ----a-w c:\windows\system32\d3d9caps.dat
2009-08-05 09:07:44 205,312 ----a-w c:\windows\system32\mswebdvd.dll
2009-08-01 11:35:16 504,832 ----a-w c:\windows\system32\winlogon.exe
2009-08-01 11:29:11 -------- d-----w c:\program files\nos
2009-07-31 23:01:06 -------- d-----w c:\program files\common files\adobe air
2009-07-17 19:01:13 58,880 ----a-w c:\windows\system32\atl.dll
2009-07-13 00:18:36 233,472 ------w c:\windows\system32\wmpdxm.dll
2009-06-26 16:20:04 81,920 ------w c:\windows\system32\ieencode.dll
2009-06-25 18:37:47 95,744 ----a-w c:\windows\system32\mqsec.dll
2009-06-25 18:37:47 661,504 ----a-w c:\windows\system32\mqqm.dll
2009-06-25 18:37:47 517,120 ----a-w c:\windows\system32\mqsnap.dll
2009-06-25 18:37:47 504,832 ----a-w c:\windows\system32\mqutil.dll
2009-06-25 18:37:47 48,640 ----a-w c:\windows\system32\mqupgrd.dll
2009-06-25 18:37:47 47,104 ----a-w c:\windows\system32\mqdscli.dll
2009-06-25 18:37:47 225,280 ----a-w c:\windows\system32\mqoa.dll
2009-06-25 18:37:47 186,880 ----a-w c:\windows\system32\mqtrig.dll
2009-06-25 18:37:47 177,152 ----a-w c:\windows\system32\mqrt.dll
2009-06-25 18:37:47 16,896 ----a-w c:\windows\system32\mqise.dll
2009-06-25 18:37:47 138,240 ----a-w c:\windows\system32\mqad.dll
2009-06-25 18:37:47 123,392 ----a-w c:\windows\system32\mqrtdep.dll
2009-06-25 08:48:08 729,600 ----a-w c:\windows\system32\lsasrv.dll
2009-06-25 08:48:08 59,392 ----a-w c:\windows\system32\wdigest.dll
2009-06-25 08:48:08 56,320 ----a-w c:\windows\system32\secur32.dll
2009-06-25 08:48:08 298,496 ----a-w c:\windows\system32\kerberos.dll
2009-06-25 08:48:08 168,448 ----a-w c:\windows\system32\schannel.dll
2009-06-25 08:48:08 133,632 ----a-w c:\windows\system32\msv1_0.dll
2009-06-22 11:49:23 19,968 ----a-w c:\windows\system32\mqbkup.exe
2009-06-22 11:49:23 117,248 ----a-w c:\windows\system32\mqtgsvc.exe
2009-06-22 11:49:04 4,608 ----a-w c:\windows\system32\mqsvc.exe
2009-06-16 14:55:13 82,432 ----a-w c:\windows\system32\fontsub.dll
2009-06-16 14:55:13 119,808 ----a-w c:\windows\system32\t2embed.dll
2009-06-15 11:33:52 79,872 ----a-w c:\windows\system32\telnet.exe
2009-06-15 11:33:49 82,432 ----a-w c:\windows\system32\tlntsess.exe
2009-06-10 14:26:34 85,504 ----a-w c:\windows\system32\avifil32.dll
2009-06-10 06:32:27 132,096 ----a-w c:\windows\system32\wkssvc.dll
2009-06-05 07:55:18 655,872 ----a-w c:\windows\system32\mstscax.dll
(((((((((((((((((((((((((((((((((((((((((( reg loading points ))))))))))))))))))))))))))))))))))))))))))))))))
*note* empty entries & legit default entries are not shown
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\browser helper objects]
"{02478d38-c3f9-4efb-9b51-7695eca05670}"=c:\progra~1\yahoo!\companion\installs\cpn0\yt.dll
"{18df081c-e8ad-4283-a596-fa578c2ebdc3}"=c:\program files\common files\adobe\acrobat\activex\acroiehelpershim.dll
"{aa58ed58-01dd-4d91-8333-cf10577473f7}"=c:\program files\google\google toolbar\googletoolbar_32.dll
"{af69de43-7d58-4638-b6fa-ce66b5ad205d}"=c:\program files\google\googletoolbarnotifier\5.2.4204.1700\swg.dll
"{c84d72fe-e17d-4195-bb24-76c02e2e7c4e}"=c:\program files\google\google toolbar\component\fastsearch_b7c5ac242193bb3e.dll
"{fdad4da1-61a2-4fd8-9c17-86f7ac245081}"=c:\progra~1\yahoo!\companion\installs\cpn0\ytsingleinstance.dll
[hkey_local_machine\software\microsoft\windows\currentversion\run]
"rthdcpl"="rthdcpl.exe"
"alcmtr"="alcmtr.exe"
"logitechcommunicationsmanager"="\c:\\program files\\common files\\logitech\\lcommgr\\communications_helper.exe\""
"logitechquickcamribbon"="\c:\\program files\\logitech\\quickcam10\\quickcam10.exe\" /hide"
"adobe reader speed launcher"="\c:\\program files\\adobe\\reader 9.0\\reader\\reader_sl.exe\""
"lvcomsx"="\c:\\program files\\common files\\logitech\\lcommgr\\lvcomsx.exe\""
[hkey_current_user\software\microsoft\windows\currentversion\run]
"ctfmon.exe"=c:\\windows\\system32\\ctfmon.exe
"ldm"=c:\\program files\\logitech\\desktop messenger\\8876480\\program\\logitechdesktopmessenger.exe
[hkey_local_machine\software\microsoft\windows\currentversion\policies\explorer]
"honorautorunsetting"=dword:00000001
[hkey_local_machine\software\microsoft\windows\currentversion\policies\explorer\run]
hkey_local_machine\system\currentcontrolset\control\lsa
authentication packages msv1_0\0\0
security packages kerberos\0msv1_0\0schannel\0wdigest\0\0
notification packages scecli\0\0
[hkey_local_machine\software\microsoft\windows nt\currentversion\svchost]
localservice alerter\0webclient\0lmhosts\0remoteregistry\0upnphost\0ssdpsrv\0\0
networkservice dnscache\0\0
rpcss rpcss\0\0
imgsvc stisvc\0\0
termsvcs termservice\0\0
httpfilter httpfilter\0\0
dcomlaunch dcomlaunch\0termservice\0\0
hkey_local_machine\software\microsoft\windows nt\currentversion\svchost
********************************************************************
catchme 0.3.660 w2k/xp/vista - userland rootkit detector by gmer, [noparse]http://www.gmer.net[/noparse]
rootkit scan 2009-09-04 19:02:33
windows 5.1.2600 service pack 2 ntfs
scanning hidden processes ...
scanning hidden services ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
********************************************************************
completion time: 2009-09-04 19:02:35
c:\combofix-quarantined-files.txt ... 2009-09-04 19:02
[/hjt]
--- automatische edit ---
ik heb gedaan wat je zei, is dit goed?
hoop het?...