anatool
-
Items
242 -
Registratiedatum
-
Laatst bezocht
Inhoudstype
Profielen
Forums
Store
Alles dat geplaatst werd door anatool
-
mijn moeder haar pc last van hacker?
anatool reageerde op anatool's topic in Archief Bestrijding malware & virussen
ik moet er tevens bijzeggen dat hier mijn moeders pc wat trager gaat dan de mijne. mijn juist geplaatste reactie hierboven,neemt meer tijd in beslag om hem te plaatsen...in feite is meer het te kunnen bekijken van het het geplaatse reactie...,ook internet explorer (en de pc)start wat moeizaam op. -
mijn moeder haar pc last van hacker?
anatool reageerde op anatool's topic in Archief Bestrijding malware & virussen
ik gebruik thuis firefox kape,hier wordt internet explorer gebruikt. (sorry voor de eventuele de trage terugreacties,ik ben niet alle dagen bij moedertje lief, lol...) hmmm moet er nog iets getest worden ofzo cape? -
mijn moeder haar pc last van hacker?
anatool reageerde op anatool's topic in Archief Bestrijding malware & virussen
ok ik heb die manueel verwijderd. toch best grappig dat ik hier op moeders pc op deze site heel wat reclame zie,terwijl dat bij mij thuis op de pc niet het geval is. groeten anatool. -
ik zoek browser met privacy voor mijn zoon
anatool reageerde op anatool's topic in Archief Internet & Netwerk
sorry mijn zoon beweert geen privacy te willen. ik ga in het vervolg moeten EERST vragen aan hem blijkbaar...tja ik wilde hem alleen maar helpen...1000 maal sorry!!!! groeten anatool. -
mijn moeder haar pc last van hacker?
anatool reageerde op anatool's topic in Archief Bestrijding malware & virussen
ok,met wat moet ik dat verwijderen? -
ik zoek browser met privacy voor mijn zoon
anatool reageerde op anatool's topic in Archief Internet & Netwerk
bedankt clarkie maar ik kan pas antwoorden als ik weet wat hij in feite wilt...hij is nog niet thuis:-( althans bedankt clarckie!!! -
mijn moeder haar pc last van hacker?
anatool reageerde op anatool's topic in Archief Bestrijding malware & virussen
nu zie ik mijn combofix logfile niet hier dat ik voordien geplaatst heb...grrrrrrrr,ik zie enkel de reactie van jou cape(dat ik moet de uitvoering van combofix moet uitvoeren). ik heb hier op de pc eens naar "mijn netwerklocaties" gegaan,daar staan 2 symbolen staan...is dat niet vreemd? mod 1 hfdst 11 op 3up8ni.docs.live.net en ppt Els C op vqxwlk.docs.live.net bericht bijgewerkt: pas na het plaatsen van dit bericht,zie ik nu mijn combofix logfile. -
ik zoek browser met privacy voor mijn zoon
anatool reageerde op anatool's topic in Archief Internet & Netwerk
hier op moeders pc wordt internet explorer gebruikt en google chrome...neen het is niet het probleem waar hij surft hoor...thuis gebruik ik firefox,maar ik weet niet of ik de browser kan op een slotje of wachtwoord kan doen. ik denk dat hij niet zou willen dat ik zijn email of facebook berichten zou kunnen lezen denk ik...heeft hij daarom softonic-eng7 geïnstaleerd? maar dat moest ik verwijderen door een moderator met hijack,was dat programma(softonic-eng7) kwaadaardig...straks komt hij hier terug thuis en ik vrees dat hij niet tevreden zal zijn hoor dat ik dat verwijderd heb...haha,maarja ik heb nu medelijden met hem...wat is softonic-eng7 trouwens? groeten anatool -
mijn moeder haar pc last van hacker?
anatool reageerde op anatool's topic in Archief Bestrijding malware & virussen
ComboFix 11-01-29.02 - Windows XP 30/01/2011 11:50:02.1.2 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.31.1043.18.766.390 [GMT 1:00] Gestart vanuit: c:\documents and settings\Windows XP\Bureaublad\ComboFix.exe AV: G Data AntiVirus 2011 *Disabled/Updated* {71310606-6F3B-49F2-9A81-8315AA75FBB3} . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\Windows XP\Application Data\PriceGong c:\documents and settings\Windows XP\Application Data\PriceGong\Data\1.xml c:\documents and settings\Windows XP\Application Data\PriceGong\Data\a.xml c:\documents and settings\Windows XP\Application Data\PriceGong\Data\b.xml c:\documents and settings\Windows XP\Application Data\PriceGong\Data\c.xml c:\documents and settings\Windows XP\Application Data\PriceGong\Data\d.xml c:\documents and settings\Windows XP\Application Data\PriceGong\Data\e.xml c:\documents and settings\Windows XP\Application Data\PriceGong\Data\f.xml c:\documents and settings\Windows XP\Application Data\PriceGong\Data\g.xml c:\documents and settings\Windows XP\Application Data\PriceGong\Data\h.xml c:\documents and settings\Windows XP\Application Data\PriceGong\Data\i.xml c:\documents and settings\Windows XP\Application Data\PriceGong\Data\J.xml c:\documents and settings\Windows XP\Application Data\PriceGong\Data\k.xml c:\documents and settings\Windows XP\Application Data\PriceGong\Data\l.xml c:\documents and settings\Windows XP\Application Data\PriceGong\Data\m.xml c:\documents and settings\Windows XP\Application Data\PriceGong\Data\mru.xml c:\documents and settings\Windows XP\Application Data\PriceGong\Data\n.xml c:\documents and settings\Windows XP\Application Data\PriceGong\Data\o.xml c:\documents and settings\Windows XP\Application Data\PriceGong\Data\p.xml c:\documents and settings\Windows XP\Application Data\PriceGong\Data\q.xml c:\documents and settings\Windows XP\Application Data\PriceGong\Data\r.xml c:\documents and settings\Windows XP\Application Data\PriceGong\Data\s.xml c:\documents and settings\Windows XP\Application Data\PriceGong\Data\t.xml c:\documents and settings\Windows XP\Application Data\PriceGong\Data\u.xml c:\documents and settings\Windows XP\Application Data\PriceGong\Data\v.xml c:\documents and settings\Windows XP\Application Data\PriceGong\Data\w.xml c:\documents and settings\Windows XP\Application Data\PriceGong\Data\x.xml c:\documents and settings\Windows XP\Application Data\PriceGong\Data\y.xml c:\documents and settings\Windows XP\Application Data\PriceGong\Data\z.xml . (((((((((((((((((((( Bestanden Gemaakt van 2010-12-28 to 2011-01-30 )))))))))))))))))))))))))))))) . 2011-01-30 00:12 . 2011-01-30 00:12 -------- d--h--r- c:\documents and settings\Windows XP\Onlangs geopend 2011-01-29 21:18 . 2011-01-29 21:18 -------- d-----w- c:\documents and settings\Windows XP\Local Settings\Application Data\G DATA 2011-01-29 16:09 . 2011-01-29 16:09 68976 ----a-w- c:\windows\system32\drivers\GRD.sys 2011-01-29 16:04 . 2011-01-29 16:32 51400 ----a-w- c:\windows\system32\drivers\GDTdiIcpt.sys 2011-01-29 16:04 . 2011-01-29 16:32 38600 ----a-w- c:\windows\system32\drivers\HookCentre.sys 2011-01-29 16:04 . 2011-01-29 16:32 62024 ----a-w- c:\windows\system32\drivers\MiniIcpt.sys 2011-01-29 16:04 . 2011-01-29 16:32 33480 ----a-w- c:\windows\system32\drivers\GDBehave.sys 2011-01-29 16:02 . 2011-01-29 16:09 -------- d-----w- c:\documents and settings\All Users\Application Data\G DATA 2011-01-29 16:02 . 2011-01-29 16:02 -------- d-----w- c:\program files\Common Files\G Data 2011-01-29 16:02 . 2011-01-29 16:02 -------- d-----w- c:\program files\G Data 2011-01-29 15:54 . 2011-01-29 15:54 388096 ----a-r- c:\documents and settings\Windows XP\Application Data\Microsoft\Installer\{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}\HiJackThis.exe 2011-01-29 15:54 . 2011-01-29 15:54 -------- d-----w- c:\program files\TrendMicro 2011-01-29 15:46 . 2011-01-29 15:46 -------- d-----w- c:\documents and settings\Windows XP\Local Settings\Application Data\Downloaded Installations 2011-01-29 15:23 . 2011-01-29 15:23 -------- d-----w- c:\documents and settings\Windows XP\Application Data\Malwarebytes 2011-01-29 15:23 . 2010-12-20 17:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2011-01-29 15:23 . 2011-01-29 15:23 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2011-01-29 15:23 . 2011-01-29 15:23 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2011-01-29 15:23 . 2010-12-20 17:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-01-25 23:04 . 2011-01-25 23:04 -------- d-----w- c:\windows\Sun 2011-01-24 18:06 . 2011-01-28 08:33 -------- d-----w- c:\documents and settings\Windows XP\Local Settings\Application Data\Productivity_2.2 2011-01-24 18:06 . 2011-01-24 18:06 -------- d-----w- c:\program files\Productivity_2.2 2011-01-24 18:01 . 2011-01-24 18:02 -------- d-----w- c:\documents and settings\Windows XP\Local Settings\Application Data\MaxType LITE 2011-01-24 18:01 . 2011-01-24 18:06 -------- d-----w- c:\documents and settings\Windows XP\Local Settings\Application Data\Conduit 2011-01-24 18:01 . 2011-01-24 18:01 -------- d-----w- c:\program files\Conduit 2011-01-24 18:01 . 2011-01-24 19:32 -------- d-----w- c:\documents and settings\Windows XP\Local Settings\Application Data\Softonic-Eng7 2011-01-22 21:39 . 2011-01-22 21:39 -------- d-----w- c:\program files\YouTube Downloader 2011-01-21 20:04 . 2011-01-21 20:04 -------- d-----w- c:\program files\Audacity 2011-01-01 19:08 . 2011-01-01 19:08 -------- d-----w- c:\documents and settings\Windows XP\Local Settings\Application Data\Canon Easy-PhotoPrint EX . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-12-12 15:54 . 2010-12-12 15:55 73728 ----a-w- c:\windows\system32\javacpl.cpl 2010-12-12 15:54 . 2010-12-12 15:55 423656 ----a-w- c:\windows\system32\deployJava1.dll 2010-12-02 03:35 . 2010-12-02 03:35 4280320 ----a-w- c:\windows\system32\GPhotos.scr 2010-11-18 18:15 . 2010-05-28 20:55 86016 ----a-w- c:\windows\system32\isign32.dll 2010-11-09 14:52 . 2008-04-14 20:32 249856 ----a-w- c:\windows\system32\odbc32.dll 2010-11-06 00:23 . 2008-04-14 20:32 916480 ----a-w- c:\windows\system32\wininet.dll 2010-11-06 00:23 . 2008-04-14 20:33 1469440 ------w- c:\windows\system32\inetcpl.cpl 2010-11-06 00:23 . 2008-04-14 20:32 43520 ----a-w- c:\windows\system32\licmgr10.dll 2010-11-03 12:27 . 2008-04-14 20:05 385024 ----a-w- c:\windows\system32\html.iec 2010-11-02 15:17 . 2008-04-13 22:27 40960 ----a-w- c:\windows\system32\drivers\ndproxy.sys . ------- Sigcheck ------- [-] 2008-05-20 . 98A20E7EBC6C86429ECDB7DC89417D26 . 1571840 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "DisableCAD"= 1 (0x1) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoWindowsUpdate"= 1 (0x1) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"= "c:\\Documents and Settings\\Windows XP\\Bureaublad\\DCPlusPlus.exe"= "f:\\DCPlusPlus.exe"= "c:\\Program Files\\DC++\\DCPlusPlus.exe"= "c:\\Program Files\\Logitech\\Vid HD\\Vid.exe"= "c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"= "d:\\Mijn Documenten\\Mijn video's\\BitTornado\\btdownloadgui.exe"= "c:\\Program Files\\FrostWire\\FrostWire.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "1034:TCP"= 1034:TCP:Akamai NetSession Interface "5000:UDP"= 5000:UDP:Akamai NetSession Interface R0 GDBehave;GDBehave;c:\windows\system32\drivers\GDBehave.sys [29/01/2011 17:04 33480] R1 GDMnIcpt;GDMnIcpt;c:\windows\system32\drivers\MiniIcpt.sys [29/01/2011 17:04 62024] R1 GRD;G Data Rootkit Detector Driver;c:\windows\system32\drivers\GRD.sys [29/01/2011 17:09 68976] R1 HookCentre;HookCentre;c:\windows\system32\drivers\HookCentre.sys [29/01/2011 17:04 38600] R2 AVKProxy;G Data AntiVirus Proxy;c:\program files\Common Files\G Data\AVKProxy\AVKProxy.exe [17/05/2010 16:03 1098312] R2 AVKService;G Data Scheduler;c:\program files\G Data\AntiVirus\AVK\AVKService.exe [4/05/2010 17:06 410696] R2 AVKWCtl;G Data Bestandssysteembewaker;c:\program files\G Data\AntiVirus\AVK\AVKWCtl.exe [15/03/2010 11:24 1330792] R2 GDTdiInterceptor;GDTdiInterceptor;c:\windows\system32\drivers\GDTdiIcpt.sys [29/01/2011 17:04 51400] R3 GDScan;G Data Scanner;c:\program files\Common Files\G Data\GDScan\GDScan.exe [22/04/2010 13:59 340552] S2 gupdate;Google Updateservice (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [23/09/2010 21:08 136176] S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [28/05/2010 22:18 1684736] . Inhoud van de 'Gedeelde Taken' map 2011-01-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-09-23 20:08] 2011-01-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-09-23 20:08] 2011-01-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1708537768-682003330-1177238915-1003Core.job - c:\documents and settings\Windows XP\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-01-23 13:13] 2011-01-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1708537768-682003330-1177238915-1003UA.job - c:\documents and settings\Windows XP\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-01-23 13:13] . . ------- Bijkomende Scan ------- . uStart Page = hxxp://www.google.be/ uInternet Connection Wizard,ShellNext = hxxp://www.google.com/ IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 . . ------- Bestandsassociaties ------- . .scr=AutoCADScriptFile . - - - - ORPHANS VERWIJDERD - - - - URLSearchHooks-{e84cc2c1-b722-48fc-a39c-edb8b525c777} - (no file) Toolbar-{e84cc2c1-b722-48fc-a39c-edb8b525c777} - (no file) WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file) WebBrowser-{414B6D9D-4A95-4E8D-B5B1-149DD2D93BB3} - (no file) WebBrowser-{E84CC2C1-B722-48FC-A39C-EDB8B525C777} - (no file) AddRemove-Softonic-Eng7 Toolbar - c:\progra~1\SOFTON~1\UNWISE.EXE ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover Rootkit scan 2011-01-30 12:02 Windows 5.1.2600 Service Pack 3 NTFS scannen van verborgen processen ... scannen van verborgen autostart items ... scannen van verborgen bestanden ... Scan succesvol afgerond verborgen bestanden: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\.NET CLR Data] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\.NET CLR Networking] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\.NET Data Provider for Oracle] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\.NET Data Provider for SqlServer] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\.NETFramework] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Abiosdsk] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\abp480n5] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ACPI] "ImagePath"="system32\DRIVERS\ACPI.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ACPIEC] "ImagePath"="system32\DRIVERS\ACPIEC.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\adpu160m] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\aec] "ImagePath"="system32\drivers\aec.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\AFD] "ImagePath"="\SystemRoot\System32\drivers\afd.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Aha154x] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\aic78u2] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\aic78xx] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Alerter] "ServiceDll"="%SystemRoot%\system32\alrsvc.dll" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ALG] "ImagePath"="%SystemRoot%\System32\alg.exe" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\AliIde] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Ambfilt] "ImagePath"="system32\drivers\Ambfilt.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\amsint] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\AppMgmt] "ServiceDll"="%SystemRoot%\System32\appmgmts.dll" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\asc] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\asc3350p] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\asc3550] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ASP.NET] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ASP.NET_2.0.50727] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\aspnet_state] "ImagePath"="%SystemRoot%\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\AsyncMac] "ImagePath"="system32\DRIVERS\asyncmac.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\atapi] "ImagePath"="system32\DRIVERS\atapi.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Atdisk] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Ati HotKey Poller] "ImagePath"="%SystemRoot%\system32\Ati2evxx.exe" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ati2mtag] "ImagePath"="system32\DRIVERS\ati2mtag.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Atierecord] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Atmarpc] "ImagePath"="system32\DRIVERS\atmarpc.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\AudioSrv] "ServiceDll"="%SystemRoot%\System32\audiosrv.dll" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\audstub] "ImagePath"="system32\DRIVERS\audstub.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\AVKProxy] "ImagePath"="\"c:\program files\Common Files\G Data\AVKProxy\AVKProxy.exe\"" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\AVKService] "ImagePath"="c:\program files\G Data\AntiVirus\AVK\AVKService.exe" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\AVKWCtl] "ImagePath"="c:\program files\G Data\AntiVirus\AVK\AVKWCtl.exe" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\BattC] "MofImagePath"="System32\Drivers\battc.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\BCM43XX] "ImagePath"="system32\DRIVERS\bcmwl5.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Beep] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\BITS] "ServiceDll"="%systemroot%\system32\qmgr.dll" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Browser] "ServiceDll"="%SystemRoot%\System32\browser.dll" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\catchme] "ImagePath"="\??\c:\docume~1\WINDOW~1\LOCALS~1\Temp\catchme.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\cbidf2k] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\CCDECODE] "ImagePath"="system32\DRIVERS\CCDECODE.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\cd20xrnt] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Cdaudio] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Cdfs] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Cdrom] "ImagePath"="system32\DRIVERS\cdrom.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Changer] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\CiSvc] "ImagePath"="%SystemRoot%\system32\cisvc.exe" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ClipSrv] "ImagePath"="%SystemRoot%\system32\clipsrv.exe" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\clr_optimization_v2.0.50727_32] "ImagePath"="c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\CmBatt] "ImagePath"="system32\DRIVERS\CmBatt.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\CmdIde] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Compbatt] "ImagePath"="system32\DRIVERS\compbatt.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\COMSysApp] "ImagePath"="c:\windows\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ContentFilter] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ContentIndex] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Cpqarray] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\CryptSvc] "ServiceDll"="%SystemRoot%\System32\cryptsvc.dll" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\dac2w2k] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\dac960nt] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\DcomLaunch] "ServiceDll"="%SystemRoot%\system32\rpcss.dll" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Dhcp] "ServiceDll"="%SystemRoot%\System32\dhcpcsvc.dll" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Disk] "ImagePath"="system32\DRIVERS\disk.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\dmadmin] "ImagePath"="%SystemRoot%\System32\dmadmin.exe /com" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\dmboot] "ImagePath"="System32\drivers\dmboot.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\dmio] "ImagePath"="System32\drivers\dmio.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\dmload] "ImagePath"="System32\drivers\dmload.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\dmserver] "ServiceDll"="%SystemRoot%\System32\dmserver.dll" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\DMusic] "ImagePath"="system32\drivers\DMusic.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Dnscache] "ServiceDll"="%SystemRoot%\System32\dnsrslvr.dll" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Dot3svc] "ServiceDll"="%SystemRoot%\System32\dot3svc.dll" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\dpti2o] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\drmkaud] "ImagePath"="system32\drivers\drmkaud.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\EapHost] "ServiceDll"="%SystemRoot%\System32\eapsvc.dll" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\EMSCR] "ImagePath"="system32\DRIVERS\EMS7SK.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ERSvc] "ServiceDll"="%SystemRoot%\System32\ersvc.dll" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ESDCR] "ImagePath"="system32\DRIVERS\ESD7SK.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ESMCR] "ImagePath"="system32\DRIVERS\ESM7SK.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Eventlog] "ImagePath"="%SystemRoot%\system32\services.exe" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\EventSystem] "ServiceDll"="c:\windows\system32\es.dll" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Fastfat] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\FastUserSwitchingCompatibility] "ServiceDll"="%SystemRoot%\System32\shsvcs.dll" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Fdc] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\FilterService] "ImagePath"="system32\DRIVERS\lvuvcflt.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Fips] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\FLEXnet Licensing Service] "ImagePath"="\"c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe\"" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Flpydisk] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\FltMgr] "ImagePath"="system32\DRIVERS\fltMgr.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\FontCache3.0.0.0] "ImagePath"="c:\windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\fssfltr] "ImagePath"="system32\DRIVERS\fssfltr_tdi.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\fsssvc] "ImagePath"="\"c:\program files\Windows Live\Family Safety\fsssvc.exe\"" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Fs_Rec] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Ftdisk] "ImagePath"="system32\DRIVERS\ftdisk.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\GDBehave] "ImagePath"="system32\drivers\GDBehave.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\GDMnIcpt] "ImagePath"="\??\c:\windows\system32\drivers\MiniIcpt.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\GDScan] "ImagePath"="\"c:\program files\Common Files\G Data\GDScan\GDScan.exe\"" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\GDTdiInterceptor] "ImagePath"="\??\c:\windows\system32\drivers\GDTdiIcpt.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Gpc] "ImagePath"="system32\DRIVERS\msgpc.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\GRD] "ImagePath"="\??\c:\windows\system32\drivers\GRD.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\gupdate] "ImagePath"="\"c:\program files\Google\Update\GoogleUpdate.exe\" /svc" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\gusvc] "ImagePath"="\"c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe\"" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\HDAudBus] "ImagePath"="system32\DRIVERS\HDAudBus.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\helpsvc] "ServiceDll"="%WINDIR%\PCHealth\HelpCtr\Binaries\pchsvc.dll" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\HidServ] "ServiceDll"="%SystemRoot%\System32\hidserv.dll" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\HidUsb] "ImagePath"="system32\DRIVERS\hidusb.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\hkmsvc] "ServiceDll"="%SystemRoot%\System32\kmsvc.dll" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\HookCentre] "ImagePath"="\??\c:\windows\system32\drivers\HookCentre.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\hpn] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\HTTP] "ImagePath"="System32\Drivers\HTTP.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\HTTPFilter] "ServiceDll"="%SystemRoot%\System32\w3ssl.dll" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\i2omgmt] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\i2omp] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\i8042prt] "ImagePath"="system32\DRIVERS\i8042prt.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\iaStor] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\idsvc] "ImagePath"="\"c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe\"" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\IJPLMSVC] "ImagePath"="c:\program files\Canon\IJPLM\IJPLMSVC.EXE" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Imapi] "ImagePath"="system32\DRIVERS\imapi.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ImapiService] "ImagePath"="%systemroot%\system32\imapi.exe" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\inetaccs] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ini910u] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Inport] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\IntcAzAudAddService] "ImagePath"="system32\drivers\RtkHDAud.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\IntelIde] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Ip6Fw] "ImagePath"="system32\DRIVERS\Ip6Fw.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\IpFilterDriver] "ImagePath"="system32\DRIVERS\ipfltdrv.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\IpInIp] "ImagePath"="system32\DRIVERS\ipinip.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\IpNat] "ImagePath"="system32\DRIVERS\ipnat.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\IPSec] "ImagePath"="system32\DRIVERS\ipsec.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\IRENUM] "ImagePath"="system32\DRIVERS\irenum.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ISAPISearch] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\isapnp] "ImagePath"="system32\DRIVERS\isapnp.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\JavaQuickStarterService] "ImagePath"="\"c:\program files\Java\jre6\bin\jqs.exe\" -service -config \"c:\program files\Java\jre6\lib\deploy\jqs\jqs.conf\"" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Kbdclass] "ImagePath"="system32\DRIVERS\kbdclass.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\kmixer] "ImagePath"="system32\drivers\kmixer.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\KSecDD] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\LanmanServer] "ServiceDll"="%SystemRoot%\System32\srvsvc.dll" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\lanmanworkstation] "ServiceDll"="%SystemRoot%\System32\wkssvc.dll" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\lbrtfdc] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ldap] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\LicenseService] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\LmHosts] "ServiceDll"="%SystemRoot%\System32\lmhsvc.dll" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\LVPr2Mon] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MDM] "ImagePath"="\"c:\program files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe\"" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Messenger] "ServiceDll"="%SystemRoot%\System32\msgsvc.dll" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mnmdd] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mnmsrvc] "ImagePath"="c:\windows\system32\mnmsrvc.exe" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Modem] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Monfilt] "ImagePath"="system32\drivers\Monfilt.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Mouclass] "ImagePath"="system32\DRIVERS\mouclass.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mouhid] "ImagePath"="system32\DRIVERS\mouhid.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MountMgr] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mraid35x] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MRxDAV] "ImagePath"="system32\DRIVERS\mrxdav.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MRxSmb] "ImagePath"="system32\DRIVERS\mrxsmb.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MSDTC] "ImagePath"="c:\windows\system32\msdtc.exe" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MSDTC Bridge 3.0.0.0] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Msfs] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MSIServer] "ImagePath"="%systemroot%\system32\msiexec.exe /V" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MSKSSRV] "ImagePath"="system32\drivers\MSKSSRV.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MSPCLOCK] "ImagePath"="system32\drivers\MSPCLOCK.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MSPQM] "ImagePath"="system32\drivers\MSPQM.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MSSCNTRS] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mssmbios] "ImagePath"="system32\DRIVERS\mssmbios.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MSTEE] "ImagePath"="system32\drivers\MSTEE.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Mup] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NABTSFEC] "ImagePath"="system32\DRIVERS\NABTSFEC.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\napagent] "ServiceDll"="%SystemRoot%\System32\qagentrt.dll" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NDIS] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NdisIP] "ImagePath"="system32\DRIVERS\NdisIP.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NdisTapi] "ImagePath"="system32\DRIVERS\ndistapi.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Ndisuio] "ImagePath"="system32\DRIVERS\ndisuio.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NdisWan] "ImagePath"="system32\DRIVERS\ndiswan.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NDProxy] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NetBIOS] "ImagePath"="system32\DRIVERS\netbios.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NetBT] "ImagePath"="system32\DRIVERS\netbt.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NetDDE] "ImagePath"="%SystemRoot%\system32\netdde.exe" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NetDDEdsdm] "ImagePath"="%SystemRoot%\system32\netdde.exe" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Netlogon] "ImagePath"="%SystemRoot%\system32\lsass.exe" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Netman] "ServiceDll"="%SystemRoot%\System32\netman.dll" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NetTcpPortSharing] "ImagePath"="\"c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe\"" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Nla] "ServiceDll"="%SystemRoot%\System32\mswsock.dll" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NMSAccess] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NMSAccessU] "ImagePath"="c:\program files\CDBurnerXP\NMSAccessU.exe" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Npfs] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Ntfs] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NtLmSsp] "ImagePath"="%SystemRoot%\system32\lsass.exe" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NtmsSvc] "ServiceDll"="%SystemRoot%\system32\ntmssvc.dll" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Null] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NwlnkFlt] "ImagePath"="system32\DRIVERS\nwlnkflt.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NwlnkFwd] "ImagePath"="system32\DRIVERS\nwlnkfwd.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\odserv] "ImagePath"="\"c:\program files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE\"" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ose] "ImagePath"="\"c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE\"" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Outlook] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Parport] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PartMgr] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ParVdm] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PCI] "ImagePath"="system32\DRIVERS\pci.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PCIDump] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PCIIde] "ImagePath"="system32\DRIVERS\pciide.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Pcmcia] "ImagePath"="system32\DRIVERS\pcmcia.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PDCOMP] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PDFRAME] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PDRELI] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PDRFRAME] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\perc2] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\perc2hib] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PerfDisk] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PerfNet] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PerfOS] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PerfProc] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PlugPlay] "ImagePath"="%SystemRoot%\system32\services.exe" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PolicyAgent] "ImagePath"="%SystemRoot%\system32\lsass.exe" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PptpMiniport] "ImagePath"="system32\DRIVERS\raspptp.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Processor] "ImagePath"="system32\DRIVERS\processr.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ProtectedStorage] "ImagePath"="%SystemRoot%\system32\lsass.exe" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PSched] "ImagePath"="system32\DRIVERS\psched.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Ptilink] "ImagePath"="system32\DRIVERS\ptilink.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ql1080] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Ql10wnt] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ql12160] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ql1240] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ql1280] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RasAcd] "ImagePath"="system32\DRIVERS\rasacd.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RasAuto] "ServiceDll"="%SystemRoot%\System32\rasauto.dll" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Rasl2tp] "ImagePath"="system32\DRIVERS\rasl2tp.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RasMan] "ServiceDll"="%SystemRoot%\System32\rasmans.dll" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RasPppoe] "ImagePath"="system32\DRIVERS\raspppoe.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Raspti] "ImagePath"="system32\DRIVERS\raspti.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Rdbss] "ImagePath"="system32\DRIVERS\rdbss.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RDPCDD] "ImagePath"="System32\DRIVERS\RDPCDD.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RDPDD] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\rdpdr] "ImagePath"="system32\DRIVERS\rdpdr.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RDPNP] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RDPWD] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RDSessMgr] "ImagePath"="c:\windows\system32\sessmgr.exe" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\redbook] "ImagePath"="system32\DRIVERS\redbook.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RemoteAccess] "ServiceDll"="%SystemRoot%\System32\mprdim.dll" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RemoteRegistry] "ServiceDll"="%SystemRoot%\system32\regsvc.dll" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RpcLocator] "ImagePath"="%SystemRoot%\system32\locator.exe" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RpcSs] "ServiceDll"="%SystemRoot%\System32\rpcss.dll" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RSVP] "ImagePath"="%SystemRoot%\system32\rsvp.exe" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\rtl8139] "ImagePath"="system32\DRIVERS\RTL8139.SYS" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SamSs] "ImagePath"="%SystemRoot%\system32\lsass.exe" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SCardSvr] "ImagePath"="%SystemRoot%\System32\SCardSvr.exe" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Schedule] "ServiceDll"="%SystemRoot%\system32\schedsvc.dll" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\sdbus] "ImagePath"="system32\DRIVERS\sdbus.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SeaPort] "ImagePath"="\"c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe\"" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Secdrv] "ImagePath"="system32\DRIVERS\secdrv.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\seclogon] "ServiceDll"="%SystemRoot%\System32\seclogon.dll" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SENS] "ServiceDll"="%SystemRoot%\system32\sens.dll" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Serial] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ServiceModelEndpoint 3.0.0.0] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ServiceModelOperation 3.0.0.0] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ServiceModelService 3.0.0.0] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Sfloppy] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess] "ServiceDll"="%SystemRoot%\System32\ipnathlp.dll" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ShellHWDetection] "ServiceDll"="%SystemRoot%\System32\shsvcs.dll" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Simbad] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SLIP] "ImagePath"="system32\DRIVERS\SLIP.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SMSvcHost 3.0.0.0] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Sparrow] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\splitter] "ImagePath"="system32\drivers\splitter.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Spooler] "ImagePath"="%SystemRoot%\system32\spoolsv.exe" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\sr] "ImagePath"="system32\DRIVERS\sr.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\srservice] "ServiceDll"="%SystemRoot%\system32\srsvc.dll" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Srv] "ImagePath"="system32\DRIVERS\srv.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SSDPSRV] "ServiceDll"="%SystemRoot%\System32\ssdpsrv.dll" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\StarOpen] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\stisvc] "ServiceDll"="%SystemRoot%\system32\wiaservc.dll" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\streamip] "ImagePath"="system32\DRIVERS\StreamIP.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\swenum] "ImagePath"="system32\DRIVERS\swenum.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\swmidi] "ImagePath"="system32\drivers\swmidi.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SwPrv] "ImagePath"="c:\windows\system32\dllhost.exe /Processid:{F0EAA5A4-8491-4C1E-8344-25A75C77E543}" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\symc810] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\symc8xx] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\sym_hi] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\sym_u3] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\sysaudio] "ImagePath"="system32\drivers\sysaudio.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SysMain] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SysmonLog] "ImagePath"="%SystemRoot%\system32\smlogsvc.exe" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TabletInputService] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TapiSrv] "ServiceDll"="%SystemRoot%\System32\tapisrv.dll" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip] "ImagePath"="system32\DRIVERS\tcpip.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TDPIPE] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TDTCP] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TermDD] "ImagePath"="system32\DRIVERS\termdd.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TermService] "ServiceDll"="%SystemRoot%\System32\termsrv.dll" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Themes] "ServiceDll"="%SystemRoot%\System32\shsvcs.dll" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TlntSvr] "ImagePath"="c:\windows\system32\tlntsvr.exe" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TosIde] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TrkWks] "ServiceDll"="%SystemRoot%\system32\trkwks.dll" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TSDDD] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Udfs] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ultra] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Update] "ImagePath"="system32\DRIVERS\update.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\upnphost] "ServiceDll"="%SystemRoot%\System32\upnphost.dll" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\UPS] "ImagePath"="%SystemRoot%\System32\ups.exe" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\usbaudio] "ImagePath"="system32\drivers\usbaudio.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\usbccgp] "ImagePath"="system32\DRIVERS\usbccgp.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\usbehci] "ImagePath"="system32\DRIVERS\usbehci.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\usbhub] "ImagePath"="system32\DRIVERS\usbhub.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\usbohci] "ImagePath"="system32\DRIVERS\usbohci.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\usbprint] "ImagePath"="system32\DRIVERS\usbprint.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\usbscan] "ImagePath"="system32\DRIVERS\usbscan.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\USBSTOR] "ImagePath"="system32\DRIVERS\USBSTOR.SYS" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\usbvideo] "ImagePath"="System32\Drivers\usbvideo.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\UxSms] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\VgaSave] "ImagePath"="\SystemRoot\System32\drivers\vga.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ViaIde] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\VolSnap] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\VSS] "ImagePath"="%SystemRoot%\System32\vssvc.exe" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\W32Time] "ServiceDll"="%systemroot%\system32\w32time.dll" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\W3SVC] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Wanarp] "ImagePath"="system32\DRIVERS\wanarp.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WDICA] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\wdmaud] "ImagePath"="system32\drivers\wdmaud.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WebClient] "ServiceDll"="%SystemRoot%\System32\webclnt.dll" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Windows Workflow Foundation 3.0.0.0] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\winmgmt] "ServiceDll"="%SystemRoot%\system32\wbem\WMIsvc.dll" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Winsock] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WinSock2] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WinTrust] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WmdmPmSN] "ServiceDll"="c:\windows\system32\mspmsnsv.dll" -- [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Wmi] "ServiceDll"="%SystemRoot%\System32\advapi32.dll" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WmiAcpi] "ImagePath"="system32\DRIVERS\wmiacpi.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WmiApRpl] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WmiApSrv] "ImagePath"="c:\windows\system32\wbem\wmiapsrv.exe" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WMPNetworkSvc] "ImagePath"="\"c:\program files\Windows Media Player\WMPNetwk.exe\"" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WS2IFSL] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\wscsvc] "ServiceDll"="%SYSTEMROOT%\system32\wscsvc.dll" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WSTCODEC] "ImagePath"="system32\DRIVERS\WSTCODEC.SYS" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\wuauserv] "ServiceDll"="c:\windows\system32\wuauserv.dll" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WudfPf] "ImagePath"="system32\DRIVERS\WudfPf.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WudfRd] "ImagePath"="system32\DRIVERS\wudfrd.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WudfSvc] "ServiceDll"="%SystemRoot%\System32\WUDFSvc.dll" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WZCSVC] "ServiceDll"="%SystemRoot%\System32\wzcsvc.dll" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\xmlprov] "ServiceDll"="%SystemRoot%\System32\xmlprov.dll" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{30B344F4-19E6-410A-82AB-87FCB450B11E}] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{4432AE43-C850-4AF1-AB36-95412FE455F0}] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{4F189545-0328-4741-971D-662DD4E4CCF2}] . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101" [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe" [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . --------------------- DLLs Geladen Onder Lopende Processen --------------------- - - - - - - - > 'winlogon.exe'(556) c:\windows\system32\Ati2evxx.dll . Voltooingstijd: 2011-01-30 12:04:33 ComboFix-quarantined-files.txt 2011-01-30 11:04 Pre-Run: 38.741.446.656 bytes beschikbaar Post-Run: 39.146.926.080 bytes beschikbaar WindowsXP-KB310994-SP2-Pro-BootDisk-NLD.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons UnsupportedDebug="do not select this" /debug multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect - - End Of File - - C02ECE3B90C1D2219980CFE8C1B8CA7C -
mijn zoon woont een aantal maanden nu bij mijn moeder...hij zou graag wat privacy op mijn moeders pc hebben...dat zegt hij niet tegen mij,maar als vader ben ik nogal sterk in telepathie:D...dus kortom is er een browser waar hij eventueel een wachtwoord kan opzetten ,zodat ik en mijn moeder er geen toegang hebben?
-
mijn moeder haar pc last van hacker?
anatool reageerde op anatool's topic in Archief Bestrijding malware & virussen
antivirussan van gdata is gedaan en duurde maar liefst 2u53 min. pc start niet snel op merk ik,het wordt een lange avond voor mij...moeder is weg gaan feesten en ik hier alleen in haar huis...hopelijk vind ik wat hulp vanavond nog,zou graag hebben dat haar pc in orde is. greetings anatool!!!! -
mijn moeder haar pc last van hacker?
anatool reageerde op anatool's topic in Archief Bestrijding malware & virussen
vreemd hoor als ik inlog hier,ik raak soms niet verder dan de eerste reactie van segisoft...en dit kreeg ik hierbij als vermelding:Dit is Google's cachegeheugen van http://www.pc-helpforum.be/forum/. Dit is een momentopname van hoe de pagina eruitzag op 29 jan 2011 18:25:21 GMT. De huidige pagina kan in de tussentijd veranderd zijn. Meer informatie Tekstversie Deze zoekwoorden zijn gemarkeerd: helpforum wat mij ook opvalt vergeleken bij mijn pc,is dat hier op mijn moeders pc heel wat reclame te zien is...terwijl ik dat probleem niet heb op mijn pc. -
mijn moeder haar pc last van hacker?
anatool reageerde op anatool's topic in Archief Bestrijding malware & virussen
dat is vreemd...ik bedoel ik heb hier toch al een hijack logje geplaatst?en nu is hij hier weg?die antimalwarebytes reactie uitvoering die ik moest doen ook niet meer...ik heb gdata antivirus geïnstalleerd en heeft ondertussen een virus gevonden...ik moest een snelle scan doen met malmarebytes had ik gelezen,hierbij het logfile: Malwarebytes' Anti-Malware 1.50.1.1100 www.malwarebytes.org Databaseversie: 5634 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 29/01/2011 18:48:03 mbam-log-2011-01-29 (18-48-02).txt Scantype: Snelle scan Objecten gescand: 146796 Verstreken tijd: 41 minuut/minuten, 40 seconde(n) Geheugenprocessen geïnfecteerd: 0 Geheugenmodulen geïnfecteerd: 0 Registersleutels geïnfecteerd: 0 Registerwaarden geïnfecteerd: 0 Registerdata geïnfecteerd: 0 Mappen geïnfecteerd: 0 Bestanden geïnfecteerd: 0 Geheugenprocessen geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Geheugenmodulen geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Registersleutels geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Registerwaarden geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Registerdata geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Mappen geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Bestanden geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) ---------- Post toegevoegd om 19:00 ---------- Vorige post was om 18:56 ---------- tjeins nu zie ik de logfiles(en reacties van jullie) terug,zou het liggen aan de antivirusscanner die bezig was? nog een vraagje is die softonic toolbar enzo slecht? mijn zoon heeft die hier op de pc van mijn moeder gezet...dank u bij voorbaat!!!! ---------- Post toegevoegd om 19:01 ---------- Vorige post was om 19:00 ---------- tjeins nu zie ik de logfiles(en reacties van jullie) terug,zou het liggen aan de antivirusscanner die bezig was? nog een vraagje is die softonic toolbar enzo slecht? mijn zoon heeft die hier op de pc van mijn moeder gezet... ---------- Post toegevoegd om 19:03 ---------- Vorige post was om 19:01 ---------- tjeins nu zie ik de logfiles(en reacties van jullie) terug,zou het liggen aan de antivirusscanner die bezig was? nog een vraagje is die softonic toolbar enzo slecht? mijn zoon heeft die hier op de pc van mijn moeder gezet... -
mijn moeder haar pc last van hacker?
anatool reageerde op anatool's topic in Archief Bestrijding malware & virussen
vreemd ik had al voordien een hijack logfile gepost. Logfile of Trend Micro HijackThis v2.0.3 (BETA) Scan saved at 17:50:46, on 29/01/2011 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Common Files\G Data\GDScan\GDScan.exe C:\Program Files\G Data\AntiVirus\AVK\AVKWCtl.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\RTHDCPL.EXE C:\Program Files\Canon\MyPrinter\BJMyPrt.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\G Data\AntiVirus\AVKTray\AVKTray.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Windows Desktop Search\WindowsSearch.exe C:\Program Files\Common Files\G Data\AVKProxy\AVKProxy.exe C:\Program Files\G Data\AntiVirus\AVK\AVKService.exe C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe C:\Program Files\CDBurnerXP\NMSAccessU.exe C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\SearchIndexer.exe C:\Program Files\G Data\AntiVirus\GUI\GDSC.exe C:\Program Files\Common Files\Java\Java Update\jucheck.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\TrendMicro\HiJackThis\HiJackThis.exe C:\WINDOWS\system32\SearchProtocolHost.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll (file missing) R3 - URLSearchHook: Softonic-Eng7 Toolbar - {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - C:\Program Files\Softonic-Eng7\tbSoft.dll R3 - URLSearchHook: Productivity 2.2 Toolbar - {e84cc2c1-b722-48fc-a39c-edb8b525c777} - C:\Program Files\Productivity_2.2\prxtbProd.dll O2 - BHO: G Data WebFilter Class - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Program Files\G Data\AntiVirus\WebFilter\AvkWebIE.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll O2 - BHO: Softonic-Eng7 - {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - C:\Program Files\Softonic-Eng7\tbSoft.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll (file missing) O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O2 - BHO: Productivity 2.2 - {e84cc2c1-b722-48fc-a39c-edb8b525c777} - C:\Program Files\Productivity_2.2\prxtbProd.dll O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll (file missing) O3 - Toolbar: Softonic-Eng7 Toolbar - {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - C:\Program Files\Softonic-Eng7\tbSoft.dll O3 - Toolbar: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll O3 - Toolbar: Productivity 2.2 Toolbar - {e84cc2c1-b722-48fc-a39c-edb8b525c777} - C:\Program Files\Productivity_2.2\prxtbProd.dll O3 - Toolbar: G Data WebFilter - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Program Files\G Data\AntiVirus\WebFilter\AvkWebIE.dll O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [G Data AntiVirus Tray Application] C:\Program Files\G Data\AntiVirus\AVKTray\AVKTray.exe O4 - HKLM\..\RunOnce: [AvgUninstallURL] cmd.exe /c start AVG - Uninstallation survey O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Windows XP\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service') O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Lokale service') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice') O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Netwerkservice') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user') O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200 O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: In weblog opnemen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &In weblog opnemen met Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1275082291866 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1277307672656 O18 - Protocol: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll (file missing) O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: AVG Security Toolbar Service - Unknown owner - C:\Program Files\AVG\AVG9\Toolbar\ToolbarBroker.exe (file missing) O23 - Service: G Data AntiVirus Proxy (AVKProxy) - G Data Software AG - C:\Program Files\Common Files\G Data\AVKProxy\AVKProxy.exe O23 - Service: G Data Scheduler (AVKService) - G Data Software AG - C:\Program Files\G Data\AntiVirus\AVK\AVKService.exe O23 - Service: G Data Bestandssysteembewaker (AVKWCtl) - Unknown owner - C:\Program Files\G Data\AntiVirus\AVK\AVKWCtl.exe O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: G Data Scanner (GDScan) - G Data Software AG - C:\Program Files\Common Files\G Data\GDScan\GDScan.exe O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: PIXMA Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe -- End of file - 10852 bytes -
mijn moeder haar pc last van hacker?
anatool reageerde op anatool's topic in Archief Bestrijding malware & virussen
Logfile of Trend Micro HijackThis v2.0.3 (BETA) Scan saved at 16:55:39, on 29/01/2011 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\RTHDCPL.EXE C:\Program Files\Canon\MyPrinter\BJMyPrt.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Windows Desktop Search\WindowsSearch.exe C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe C:\Program Files\CDBurnerXP\NMSAccessU.exe C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\SearchIndexer.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\WINDOWS\system32\msiexec.exe C:\Program Files\Common Files\Java\Java Update\jucheck.exe C:\WINDOWS\system32\SearchProtocolHost.exe C:\Program Files\TrendMicro\HiJackThis\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll (file missing) R3 - URLSearchHook: Softonic-Eng7 Toolbar - {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - C:\Program Files\Softonic-Eng7\tbSoft.dll R3 - URLSearchHook: Productivity 2.2 Toolbar - {e84cc2c1-b722-48fc-a39c-edb8b525c777} - C:\Program Files\Productivity_2.2\prxtbProd.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll O2 - BHO: Softonic-Eng7 - {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - C:\Program Files\Softonic-Eng7\tbSoft.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll (file missing) O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O2 - BHO: Productivity 2.2 - {e84cc2c1-b722-48fc-a39c-edb8b525c777} - C:\Program Files\Productivity_2.2\prxtbProd.dll O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll (file missing) O3 - Toolbar: Softonic-Eng7 Toolbar - {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - C:\Program Files\Softonic-Eng7\tbSoft.dll O3 - Toolbar: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll O3 - Toolbar: Productivity 2.2 Toolbar - {e84cc2c1-b722-48fc-a39c-edb8b525c777} - C:\Program Files\Productivity_2.2\prxtbProd.dll O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\RunOnce: [AvgUninstallURL] cmd.exe /c start AVG - Uninstallation survey O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Windows XP\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service') O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Lokale service') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice') O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Netwerkservice') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user') O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200 O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: In weblog opnemen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &In weblog opnemen met Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1275082291866 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1277307672656 O18 - Protocol: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll (file missing) O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: AVG Security Toolbar Service - Unknown owner - C:\Program Files\AVG\AVG9\Toolbar\ToolbarBroker.exe (file missing) O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: PIXMA Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe -- End of file - 9723 bytes -
mijn moeder haar pc last van hacker?
anatool plaatste een topic in Archief Bestrijding malware & virussen
zo ik ben nu bij moeder en wil dus eens haar pc controleren:top: ik zal niet zo spoedig kunnen terug reageren,daar ik niet in het bezit ben van een auto en mjn moeder een 8 tal kilometer van mij woont:hmpf: -
hoe zou ik die kunnen noemen jean-pierre?suggestie? ---------- Post toegevoegd om 12:22 ---------- Vorige post was om 12:14 ---------- ok,zal wel op een naam komen voor het nieuwe topic. hartelijk bedankt voor de oplossing...deze topic is dus opgelost....hoorayyyyyyy!!!!
-
mijn wachtwoord verander ik regelmatig dus dat zal best ok zijn,heel erg bedankt cape voor je "vlugger dan schaduwe " reacties:-) mag ik mijn moeder pc eens testen en hierverder posten? want in mijn introductie hier van dit topic,was er een signalen van een duidelijke hacking(als da het juiste woord is weet ik niet).sorry voor het eventuele lastigvallen van mijn vraag daarnaar,maar ik zou het graag willen zeker weten. dan kan ik daar zonder zorgen ook in mijn naakie rondlopen in het bijzijn van haar pc(dat is natuurlijk ne grapje hé).
-
euhhh hoe bedoel je daarmee?bedoel je dat nu alles gecheckt is en er geen sporen zijn van een hacker? (sporen,afluisterapparatuur,...). groetjes anatool:-)
-
ok cape,ik heb toch gedaan wat je mij vroeg...nu vind ccleaner geen problemen meer.
-
ik heb avg verwijderd,maar er zijn dus nog sporen na het verwijderen....ik gebruik nu NOD32 VIRUS. ik heb nog meegemaakt dat ik een programma via software verwijder en die toch nog iets nalaten van het verwijderde bestand,ik verwijder die dan handmatig...begrijp je? ---------- Post toegevoegd om 23:05 ---------- Vorige post was om 23:00 ---------- een kabel is verbonden tussen pc naar mijn modem...internet modem dus(1enkele kabel...want dat heeft mijn pchersteller...zo zal ik hem maar noemen mij aangeraden na mijn problemen).
-
ok cape ,maar is het wel verstandig om dit te doen? ik bedoel voorbeeld daarmee dat ik avg verwijderd heb....en nu zal ik hem terughebben vrees ik...of is het niet zo?en zo zijn er nog enkele(amsn,pidgin,...),bestanden die ik in feite niet meer nodig heb.
-
ComboFix 11-01-28.01 - Windows XP 28/01/2011 19:29:06.1.1 - x86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.31.1043.18.503.156 [GMT 1:00] Gestart vanuit: c:\documents and settings\Windows XP\Mijn documenten\Downloads\ComboFix.exe AV: ESET NOD32 Antivirus 4.2 *Disabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0} . (((((((((((((((((((( Bestanden Gemaakt van 2010-12-28 to 2011-01-28 )))))))))))))))))))))))))))))) . 2011-01-28 12:46 . 2011-01-28 12:46 -------- d--h--r- c:\documents and settings\Windows XP\Onlangs geopend 2011-01-28 12:25 . 2011-01-28 12:25 -------- d-----w- c:\documents and settings\Windows XP\Application Data\Malwarebytes 2011-01-28 12:25 . 2010-12-20 17:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2011-01-28 12:25 . 2011-01-28 12:25 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2011-01-28 12:25 . 2011-01-28 12:36 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2011-01-28 12:25 . 2010-12-20 17:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-01-28 10:06 . 2011-01-28 10:06 388096 ----a-r- c:\documents and settings\Windows XP\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe 2011-01-28 10:06 . 2011-01-28 10:06 -------- d-----w- c:\program files\Trend Micro 2011-01-27 20:07 . 2011-01-27 20:07 -------- d-----w- c:\documents and settings\Windows XP\Local Settings\Application Data\ESET 2011-01-27 06:59 . 2011-01-27 06:59 -------- d-----w- c:\program files\YouTube Downloader 2011-01-26 21:49 . 2011-01-26 21:49 -------- d-----w- c:\documents and settings\Windows XP\Application Data\.BitTornado 2011-01-26 21:48 . 2011-01-26 21:48 -------- d-----w- c:\program files\BitTornado 2011-01-25 17:54 . 2011-01-25 17:54 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\ESET 2011-01-23 04:03 . 2011-01-23 04:03 -------- d-----w- c:\documents and settings\Windows XP\Application Data\Zylom 2011-01-23 04:03 . 2011-01-23 04:04 -------- d-----w- c:\documents and settings\All Users\Application Data\Zylom 2011-01-23 04:03 . 2011-01-24 22:11 -------- d-----w- c:\program files\Zylom Games 2011-01-22 18:40 . 2011-01-27 17:54 -------- d-----w- c:\program files\MP3Gain 2011-01-22 18:03 . 2011-01-23 01:01 -------- d-----w- c:\documents and settings\Windows XP\Local Settings\Application Data\Ahead 2011-01-22 18:02 . 2011-01-22 18:02 -------- d-----w- c:\documents and settings\Windows XP\Application Data\Ahead 2011-01-22 17:59 . 2011-01-22 17:59 -------- d-----w- c:\program files\Common Files\Ahead 2011-01-22 17:59 . 2011-01-22 17:59 -------- d-----w- c:\program files\Nero 2011-01-22 11:17 . 2009-08-06 18:23 274288 ----a-w- c:\windows\system32\mucltui.dll 2011-01-22 03:26 . 2008-04-15 12:00 26624 ----a-w- c:\documents and settings\LocalService\Application Data\Microsoft\UPnP Device Host\upnphost\udhisapi.dll 2011-01-22 03:24 . 2011-01-22 03:24 -------- d-----w- c:\program files\Windows Media Connect 2 2011-01-22 03:22 . 2011-01-22 03:23 -------- d-----w- c:\windows\system32\drivers\UMDF 2011-01-22 03:22 . 2011-01-22 03:22 -------- d-----w- c:\windows\system32\LogFiles 2011-01-21 18:36 . 2011-01-21 18:36 -------- d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2 2011-01-21 18:14 . 2011-01-21 18:14 -------- d-----w- c:\program files\ESET 2011-01-21 18:14 . 2011-01-21 18:14 -------- d-----w- c:\documents and settings\All Users\Application Data\ESET 2011-01-21 17:57 . 2011-01-28 18:21 -------- d-----w- c:\documents and settings\Windows XP\Tracing 2011-01-21 17:53 . 2011-01-21 17:53 -------- d-----w- c:\program files\Microsoft 2011-01-21 17:53 . 2011-01-21 17:53 -------- d-----w- c:\program files\Windows Live SkyDrive 2011-01-21 17:52 . 2011-01-21 17:54 -------- d-----w- c:\program files\Windows Live 2011-01-21 17:51 . 2011-01-21 17:51 -------- d-----w- c:\program files\Common Files\Windows Live 2011-01-21 16:51 . 2011-01-21 17:21 -------- d-----w- c:\documents and settings\Windows XP\amsn 2011-01-21 13:28 . 2011-01-21 13:29 -------- d-----w- C:\78b514b1fdcffc0a91 2011-01-21 13:28 . 2011-01-21 16:44 -------- d-----w- c:\windows\SxsCaPendDel 2011-01-21 13:11 . 2011-01-28 12:37 -------- d-----w- c:\program files\DC++ 2011-01-21 12:58 . 2011-01-21 12:58 -------- d-----w- c:\documents and settings\Windows XP\Local Settings\Application Data\Mozilla 2011-01-21 12:56 . 2011-01-21 12:56 -------- d-----w- c:\program files\ToniArts 2011-01-21 12:56 . 2004-07-15 23:20 733184 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\01\Intel32\iKernel.dll 2011-01-21 12:56 . 2004-07-15 23:20 69715 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\01\Intel32\ctor.dll 2011-01-21 12:56 . 2004-07-15 23:19 266240 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\01\Intel32\iscript.dll 2011-01-21 12:56 . 2004-07-15 23:18 172032 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\01\Intel32\iuser.dll 2011-01-21 12:56 . 2004-07-15 23:18 5632 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\01\Intel32\DotNetInstaller.exe 2011-01-21 12:56 . 2004-07-15 23:16 32768 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\Objectps.dll 2011-01-21 12:56 . 2011-01-21 12:56 303236 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\01\Intel32\setup.dll 2011-01-21 12:56 . 2011-01-21 12:56 180356 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\01\Intel32\iGdi.dll 2011-01-21 12:54 . 2011-01-21 12:54 -------- d-----w- c:\program files\CCleaner 2011-01-21 12:48 . 2011-01-21 13:30 -------- d-----w- c:\documents and settings\Windows XP\Application Data\.purple 2011-01-21 12:47 . 2011-01-21 16:45 -------- d-----w- c:\program files\Pidgin . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-11-18 18:15 . 2010-11-23 13:37 86016 ----a-w- c:\windows\system32\isign32.dll 2010-11-09 14:52 . 2008-04-15 12:00 249856 ----a-w- c:\windows\system32\odbc32.dll 2010-11-06 00:23 . 2008-04-15 12:00 916480 ----a-w- c:\windows\system32\wininet.dll 2010-11-06 00:23 . 2008-04-15 12:00 43520 ------w- c:\windows\system32\licmgr10.dll 2010-11-06 00:23 . 2008-04-15 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl 2010-11-03 12:27 . 2008-04-15 12:00 385024 ----a-w- c:\windows\system32\html.iec 2010-11-02 15:17 . 2008-04-15 12:00 40960 ----a-w- c:\windows\system32\drivers\ndproxy.sys . ------- Sigcheck ------- [-] 2010-03-25 . 497BEF5C5FAD126CA16437C1682F64EA . 1571840 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-04-16 3872080] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\lib\NMBgMonitor.exe" [2005-09-03 94208] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-01-13 131072] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-01-13 163840] "Persistence"="c:\windows\system32\igfxpers.exe" [2007-01-13 135168] "SoundMan"="SOUNDMAN.EXE" [2006-04-01 77824] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288] "egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2010-11-04 2219184] "NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-15 15360] [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "c:\\Program Files\\DC++\\DCPlusPlus.exe"= "c:\\WINDOWS\\system32\\sessmgr.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\BitTornado\\btdownloadgui.exe"= R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [29/07/2010 12:31 115008] R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [3/08/2010 12:28 95896] R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [4/11/2010 17:15 810144] S3 AVGIDSShim;AVGIDSShim;c:\windows\system32\DRIVERS\AVGIDSShim.Sys --> c:\windows\system32\DRIVERS\AVGIDSShim.Sys [?] S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [28/01/2011 13:25 38224] . . ------- Bijkomende Scan ------- . uStart Page = hxxp://www.google.com/ IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 FF - ProfilePath - c:\documents and settings\Windows XP\Application Data\Mozilla\Firefox\Profiles\leji5jgc.default\ FF - prefs.js: browser.search.selectedEngine - Bing FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} FF - Ext: WOT: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} - %profile%\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} FF - Ext: BetterPrivacy: {d40f5e7b-d2cf-4856-b441-cc613eeffbe3} - %profile%\extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3} FF - Ext: Easy Youtube Video Downloader: {c0c9a2c7-2e5c-4447-bc53-97718bc91e1b} - %profile%\extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b} . - - - - ORPHANS VERWIJDERD - - - - HKLM-Run-NWEReboot - (no file) ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover Rootkit scan 2011-01-28 19:32 Windows 5.1.2600 Service Pack 3 NTFS scannen van verborgen processen ... scannen van verborgen autostart items ... scannen van verborgen bestanden ... Scan succesvol afgerond verborgen bestanden: 0 ************************************************************************** . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101" [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe" [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . --------------------- DLLs Geladen Onder Lopende Processen --------------------- - - - - - - - > 'explorer.exe'(3076) c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . Voltooingstijd: 2011-01-28 19:34:30 ComboFix-quarantined-files.txt 2011-01-28 18:34 Pre-Run: 94.243.688.448 bytes beschikbaar Post-Run: 94.206.128.128 bytes beschikbaar WindowsXP-KB310994-SP2-Home-BootDisk-NLD.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons UnsupportedDebug="do not select this" /debug multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect - - End Of File - - 60743D0092B01E63E0B48BD71B4068F7
-
ok hierbij het logfiles(nota:antimalwarebytes heeft 1 bedreiging gevonden tijdens de eerste scan) Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 13:40:18, on 28/01/2011 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\igfxtray.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe C:\WINDOWS\system32\slserv.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Windows Live\Contacts\wlcomm.exe C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe" O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1290521594078 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1295634412500 O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe -- End of file - 5035 bytes Malwarebytes' Anti-Malware 1.50.1.1100 Malwarebytes Databaseversie: 5629 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 28/01/2011 13:36:48 mbam-log-2011-01-28 (13-36-48).txt Scantype: Snelle scan Objecten gescand: 131930 Verstreken tijd: 3 minuut/minuten, 37 seconde(n) Geheugenprocessen geïnfecteerd: 0 Geheugenmodulen geïnfecteerd: 0 Registersleutels geïnfecteerd: 0 Registerwaarden geïnfecteerd: 0 Registerdata geïnfecteerd: 1 Mappen geïnfecteerd: 0 Bestanden geïnfecteerd: 0 Geheugenprocessen geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Geheugenmodulen geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Registersleutels geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Registerwaarden geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Registerdata geïnfecteerd: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. Mappen geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Bestanden geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd)
-
ok cape...is mijn bericht duidelijk (of verstaanbaar)genoeg?weet je dat ik getwijfeld heb om dit te posten...want als ik het eens zeg tegen iemand krijg ik vlug de indruk dat ze mij niet geloven...ben ik nu echt een alleenstaand geval? Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 11:10:04, on 28/01/2011 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\igfxtray.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe C:\WINDOWS\system32\slserv.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\WINDOWS\system32\msiexec.exe C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe C:\WINDOWS\system32\wuauclt.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe" O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1290521594078 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1295634412500 O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe -- End of file - 5264 bytes
