Ga naar inhoud

[OPGELOST] Windows security alert


Aanbevolen berichten

Ik heb een log gemaakt

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 19:44:39, on 26/03/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

G:\Alwil Software\Avast4\aswUpdSv.exe

G:\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Analog Devices\Core\smax4pnp.exe

C:\Program Files\Analog Devices\SoundMAX\Smax4.exe

G:\ALWILS~1\Avast4\ashDisp.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\WINDOWS\ATKKBService.exe

C:\WINDOWS\system32\drivers\CDAC11BA.EXE

C:\WINDOWS\system32\CTsvcCDA.exe

G:\Microsoft Office\Office12\GrooveMonitor.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\wdfmgr.exe

G:\Java\jre1.6.0_01\bin\jusched.exe

G:\BearShare\BearShare.exe

C:\WINDOWS\system32\SearchIndexer.exe

G:\ChrisTV PVR\ChrisTV_Agent.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\WINDOWS\system32\WgaTray.exe

C:\program files\powerstrip\pstrip.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Program Files\ASUS\WLAN Card Utilities\Center.exe

C:\WINDOWS\system32\ctfmon.exe

G:\DAEMON Tools\daemon.exe

G:\SuperCopier2\SuperCopier2.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe

C:\Program Files\Google\Google Talk\googletalk.exe

G:\Picasa2\PicasaMediaDetector.exe

C:\Program Files\Windows Desktop Search\WindowsSearch.exe

G:\Microsoft Office\Office12\ONENOTEM.EXE

G:\Alwil Software\Avast4\ashMaiSv.exe

G:\Alwil Software\Avast4\ashWebSv.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\WINDOWS\System32\alg.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\Windows Media Player\wmplayer.exe

C:\Program Files\MSN Messenger\msnmsgr.exe

G:\Java\jre1.6.0_01\bin\jucheck.exe

C:\WINDOWS\system32\NOTEPAD.EXE

C:\Program Files\MSN Messenger\usnsvc.exe

E:\MOZILL~1\FIREFOX.EXE

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\WINDOWS\system32\NOTEPAD.EXE

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Program Files\FTDv3.8\FTDv3.exe

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Program Files\Internet Explorer\IEXPLORE.EXE

G:\Futuremark\3DMark06\3DMark06.exe

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\WINDOWS\system32\rjwdtqbo.exe

C:\WINDOWS\ybinyxyd.exe

C:\WINDOWS\system32\winupdate.exe

c:\progra~1\azureus\Azureus.exe

C:\Program Files\RegistrySmart\RegistrySmart.exe

C:\Program Files\PC-Cleaner\PC-Cleaner.exe

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: UPnPService - Magix AG - C:\Program Files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe

--

End of file - 4154 bytes

Link naar reactie
Delen op andere sites

Ben je zeker dat dit je volledige log is van HiJackThis ? Er ontbreekt alvast een belangrijk gedeelte ... probeer het eens opnieuw - maar dan in zijn geheel - te plaatsen in een volgend bericht. Het zal zeker nodig zijn, want er zit een flinke besmetting op je PC.

Link naar reactie
Delen op andere sites

1 tip; als je Microsoft Groove niet gebruikt; zet dan je groovemonitor maar uit. Dat is een vrij zwaar programma (werkt wel schitterend), dus als je het niet gebruikt is dat een beetje zonde.

Link naar reactie
Delen op andere sites

nog eens een log gemaakt.

ik hoop dat dit een volledige log is.

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 14:03:43, on 27/03/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

G:\Alwil Software\Avast4\aswUpdSv.exe

G:\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\WINDOWS\ATKKBService.exe

C:\WINDOWS\system32\drivers\CDAC11BA.EXE

C:\WINDOWS\system32\CTsvcCDA.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\wdfmgr.exe

C:\WINDOWS\system32\SearchIndexer.exe

G:\Alwil Software\Avast4\ashMaiSv.exe

C:\WINDOWS\system32\WgaTray.exe

C:\WINDOWS\Explorer.EXE

G:\Alwil Software\Avast4\ashWebSv.exe

C:\WINDOWS\System32\alg.exe

C:\Program Files\Analog Devices\Core\smax4pnp.exe

C:\Program Files\Analog Devices\SoundMAX\Smax4.exe

G:\ALWILS~1\Avast4\ashDisp.exe

G:\Microsoft Office\Office12\GrooveMonitor.exe

G:\Java\jre1.6.0_01\bin\jusched.exe

G:\BearShare\BearShare.exe

G:\ChrisTV PVR\ChrisTV_Agent.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\program files\powerstrip\pstrip.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Program Files\ASUS\WLAN Card Utilities\Center.exe

C:\WINDOWS\system32\rjwdtqbo.exe

C:\WINDOWS\system32\ctfmon.exe

G:\DAEMON Tools\daemon.exe

G:\SuperCopier2\SuperCopier2.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe

C:\Program Files\Google\Google Talk\googletalk.exe

G:\Picasa2\PicasaMediaDetector.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Windows Desktop Search\WindowsSearch.exe

G:\Microsoft Office\Office12\ONENOTEM.EXE

C:\WINDOWS\system32\wscntfy.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\WINDOWS\system32\wuauclt.exe

G:\Futuremark\3DMark06\3DMark06.exe

G:\Java\jre1.6.0_01\bin\jucheck.exe

C:\Program Files\Windows Media Player\wmplayer.exe

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Google Search

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Google Search

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Google

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = Google Search

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = Google Search

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = %s - Google Search

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = iexplore

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen

F3 - REG:win.ini: run=""

O2 - BHO: (no name) - {00922FF5-A588-10D0-43A1-06CFEFE74C57} - C:\WINDOWS\system32\gfebrhld.dll

O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - G:\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - G:\MICROS~1\Office12\GRA8E1~1.DLL

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - G:\Java\jre1.6.0_01\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [soundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe

O4 - HKLM\..\Run: [soundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray

O4 - HKLM\..\Run: [avast!] G:\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [GrooveMonitor] "G:\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "G:\Java\jre1.6.0_01\bin\jusched.exe"

O4 - HKLM\..\Run: [bearShare] "G:\BearShare\BearShare.exe" /pause

O4 - HKLM\..\Run: [ChrisTV Agent] "G:\ChrisTV PVR\ChrisTV_Agent.exe" /silent

O4 - HKLM\..\Run: [RegistrySmart] "C:\Program Files\RegistrySmart\RegistrySmart.exe" -boot

O4 - HKLM\..\Run: [sSBkgdUpdate] C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe -Embedding -boot

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [PowerStrip] c:\program files\powerstrip\pstrip.exe

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [Control Center] C:\Program Files\ASUS\WLAN Card Utilities\Center.exe

O4 - HKLM\..\Run: [rjwdtqbo] C:\WINDOWS\system32\rjwdtqbo.exe

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [DAEMON Tools] "G:\DAEMON Tools\daemon.exe" -lang 1033

O4 - HKCU\..\Run: [superCopier2.exe] G:\SuperCopier2\SuperCopier2.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [updateMgr] "G:\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8

O4 - HKCU\..\Run: [CTSyncU.exe] "C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe"

O4 - HKCU\..\Run: [googletalk] "C:\Program Files\Google\Google Talk\googletalk.exe" /autostart

O4 - HKCU\..\Run: [Picasa Media Detector] G:\Picasa2\PicasaMediaDetector.exe

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKLM\..\Policies\Explorer\Run: [C1mlnINwLK] C:\WINDOWS\ybinyxyd.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Startup: OneNote 2007 Schermopname en Snel starten.lnk = G:\Microsoft Office\Office12\ONENOTEM.EXE

O4 - Global Startup: Adobe Reader Snelle start.lnk = G:\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe

O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://G:\MICROS~1\Office12\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - G:\Java\jre1.6.0_01\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - G:\Java\jre1.6.0_01\bin\ssv.dll

O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - G:\MICROS~1\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - G:\MICROS~1\Office12\ONBttnIE.dll

O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe

O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - G:\MICROS~1\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} (MetaStreamCtl Class) - https://components.viewpoint.com/adobe/MTSInstallers/MetaStream3.cab?url=http://www.gnahs.com/eigen/ThumbnailFrame.html

O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab

O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab

O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v4.cab

O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game01.zylom.com/activex/zylomgamesplayer.cab

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - G:\MICROS~1\Office12\GR99D3~1.DLL

O20 - Winlogon Notify: windii32 - windii32.dll (file missing)

O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - G:\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe

O23 - Service: avast! Antivirus - ALWIL Software - G:\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - G:\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - G:\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: C-DillaCdaC11BA - C-Dilla Ltd - C:\WINDOWS\system32\drivers\CDAC11BA.EXE

O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe

O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: UPnPService - Magix AG - C:\Program Files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe

--

End of file - 11572 bytes

Link naar reactie
Delen op andere sites

Perfect. Dit is het log wat we nodig hadden.

Download SmitfraudFix. Pak het uit naar je bureaublad.

Start je PC op in Veilige Modus, open de map SmitfraudFix en dubbelklik op Smitfraudfix.cmd.

Kies optie 2 (Clean) om alle besmette bestanden te laten verwijderen. Als er gevraagd wordt om het register op te kuisen, sta je dit toe.

Er wordt ook onderzocht of het bestandje wininet.dll besmet is. Indien dit het geval is, zal je de vraag krijgen om deze te vervangen. Type dan Y in achter de prompt en druk op Enter. De kans bestaat dat je PC herstart wordt in normale modus. Is dit niet het geval doe je dit handmatig zodat het zijn taak volledig kan uitvoeren.

Er zal een tekstbestandje openen met de resultaten van de fix. ( c:\rapport.txt). Sla dit op je bureaublad op.

Herstart de computer in normale modus.

Start Hijackthis op en kies voor 'Do a system scan only'. Selecteer alleen de items hieronder genoemd:

F3 - REG:win.ini: run=""

O2 - BHO: (no name) - {00922FF5-A588-10D0-43A1-06CFEFE74C57} - C:\WINDOWS\system32\gfebrhld.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O4 - HKLM\..\Run: [rjwdtqbo] C:\WINDOWS\system32\rjwdtqbo.exe

O4 - HKLM\..\Policies\Explorer\Run: [C1mlnINwLK] C:\WINDOWS\ybinyxyd.exe

O20 - Winlogon Notify: windii32 - windii32.dll (file missing)

Klik op 'Fix checked' om de items te verwijderen.

Verwijder volgende vetgedrukt bestand (indien nog aanwezig) met Windows Verkenner

C:\WINDOWS\system32\rjwdtqbo.exe

Hang het log van Smitfraud en een nieuw log van HJT aan je volgend bericht.

Link naar reactie
Delen op andere sites

Ik heb SmitfraudFix in normale modus gedaan, ik hoop dat dat niet erg is. Over het bestand wininet.dll heeft hij niets gezegt. voorderest heb ik alle stappen gevolgt.

mitFraudFix v2.309

Scan done at 14:52:34,59, do 27/03/2008

Run from C:\Documents and Settings\Samuel\Bureaublad\SmitfraudFix\SmitfraudFix

OS: Microsoft Windows XP [versie 5.1.2600] - Windows_NT

The filesystem type is NTFS

Fix run in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix

!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri

Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Killing process

»»»»»»»»»»»»»»»»»»»»»»»» hosts

127.0.0.1 localhost

»»»»»»»»»»»»»»»»»»»»»»»» VACFix

VACFix

Credits: Malware Analysis & Diagnostic

Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix

S!Ri's WS2Fix: LSP not Found.

»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files

»»»»»»»»»»»»»»»»»»»»»»»» IEDFix

IEDFix

Credits: Malware Analysis & Diagnostic

Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: ASUS USB Wireless Network Adapter #2 - Pakketplanner-minipoort

DNS Server Search Order: 192.168.1.1

HKLM\SYSTEM\CCS\Services\Tcpip\..\{08547EF2-90DE-4D4E-A17B-1DA81C83633B}: DhcpNameServer=192.168.1.1

HKLM\SYSTEM\CS1\Services\Tcpip\..\{08547EF2-90DE-4D4E-A17B-1DA81C83633B}: DhcpNameServer=192.168.1.1

HKLM\SYSTEM\CS2\Services\Tcpip\..\{08547EF2-90DE-4D4E-A17B-1DA81C83633B}: DhcpNameServer=192.168.1.1

HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1

HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1

HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1

»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files

»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System

!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]

"System"=""

»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

Registry Cleaning done.

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix

!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri

Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» End

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 15:04:00, on 27/03/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

G:\Alwil Software\Avast4\aswUpdSv.exe

G:\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\WINDOWS\ATKKBService.exe

C:\WINDOWS\system32\drivers\CDAC11BA.EXE

C:\WINDOWS\system32\CTsvcCDA.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\wdfmgr.exe

C:\WINDOWS\system32\SearchIndexer.exe

G:\Alwil Software\Avast4\ashMaiSv.exe

C:\WINDOWS\system32\WgaTray.exe

C:\WINDOWS\Explorer.EXE

G:\Alwil Software\Avast4\ashWebSv.exe

C:\WINDOWS\System32\alg.exe

C:\Program Files\Analog Devices\Core\smax4pnp.exe

C:\Program Files\Analog Devices\SoundMAX\Smax4.exe

G:\ALWILS~1\Avast4\ashDisp.exe

G:\Microsoft Office\Office12\GrooveMonitor.exe

G:\Java\jre1.6.0_01\bin\jusched.exe

G:\BearShare\BearShare.exe

G:\ChrisTV PVR\ChrisTV_Agent.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\program files\powerstrip\pstrip.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Program Files\ASUS\WLAN Card Utilities\Center.exe

C:\WINDOWS\system32\ctfmon.exe

G:\DAEMON Tools\daemon.exe

G:\SuperCopier2\SuperCopier2.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe

C:\Program Files\Google\Google Talk\googletalk.exe

G:\Picasa2\PicasaMediaDetector.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\wuauclt.exe

G:\Adobe\Acrobat 7.0\Reader\reader_sl.exe

C:\Program Files\Windows Desktop Search\WindowsSearch.exe

G:\Microsoft Office\Office12\ONENOTEM.EXE

C:\WINDOWS\system32\wscntfy.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

G:\Java\jre1.6.0_01\bin\jucheck.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Google Search

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Google Search

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Google

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = Google Search

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = Google Search

R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = Live Search

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = %s - Google Search

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = iexplore

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen

F3 - REG:win.ini: run=""

O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - G:\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - G:\MICROS~1\Office12\GRA8E1~1.DLL

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - G:\Java\jre1.6.0_01\bin\ssv.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [soundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe

O4 - HKLM\..\Run: [soundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray

O4 - HKLM\..\Run: [avast!] G:\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [GrooveMonitor] "G:\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "G:\Java\jre1.6.0_01\bin\jusched.exe"

O4 - HKLM\..\Run: [bearShare] "G:\BearShare\BearShare.exe" /pause

O4 - HKLM\..\Run: [ChrisTV Agent] "G:\ChrisTV PVR\ChrisTV_Agent.exe" /silent

O4 - HKLM\..\Run: [RegistrySmart] "C:\Program Files\RegistrySmart\RegistrySmart.exe" -boot

O4 - HKLM\..\Run: [sSBkgdUpdate] C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe -Embedding -boot

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [PowerStrip] c:\program files\powerstrip\pstrip.exe

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [Control Center] C:\Program Files\ASUS\WLAN Card Utilities\Center.exe

O4 - HKLM\..\Run: [hjnquqqo] C:\WINDOWS\system32\hjnquqqo.exe

O4 - HKLM\..\Run: [rjwdtqbo] C:\WINDOWS\system32\rjwdtqbo.exe

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [DAEMON Tools] "G:\DAEMON Tools\daemon.exe" -lang 1033

O4 - HKCU\..\Run: [superCopier2.exe] G:\SuperCopier2\SuperCopier2.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [updateMgr] "G:\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8

O4 - HKCU\..\Run: [CTSyncU.exe] "C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe"

O4 - HKCU\..\Run: [googletalk] "C:\Program Files\Google\Google Talk\googletalk.exe" /autostart

O4 - HKCU\..\Run: [Picasa Media Detector] G:\Picasa2\PicasaMediaDetector.exe

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Startup: OneNote 2007 Schermopname en Snel starten.lnk = G:\Microsoft Office\Office12\ONENOTEM.EXE

O4 - Global Startup: Adobe Reader Snelle start.lnk = G:\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe

O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://G:\MICROS~1\Office12\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - G:\Java\jre1.6.0_01\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - G:\Java\jre1.6.0_01\bin\ssv.dll

O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - G:\MICROS~1\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - G:\MICROS~1\Office12\ONBttnIE.dll

O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe

O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - G:\MICROS~1\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} (MetaStreamCtl Class) - https://components.viewpoint.com/adobe/MTSInstallers/MetaStream3.cab?url=http://www.gnahs.com/eigen/ThumbnailFrame.html

O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab

O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab

O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v4.cab

O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game01.zylom.com/activex/zylomgamesplayer.cab

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - G:\MICROS~1\Office12\GR99D3~1.DLL

O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - G:\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe

O23 - Service: avast! Antivirus - ALWIL Software - G:\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - G:\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - G:\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: C-DillaCdaC11BA - C-Dilla Ltd - C:\WINDOWS\system32\drivers\CDAC11BA.EXE

O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe

O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: UPnPService - Magix AG - C:\Program Files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe

--

End of file - 11383 bytes

Link naar reactie
Delen op andere sites

De volgende stap :

Download Combofix en zet het op je Bureaublad.

Start Hijackthis op en kies voor 'Do a system scan only'. Selecteer alleen de items hieronder genoemd:

F3 - REG:win.ini: run=""

O4 - HKLM\..\Run: [hjnquqqo] C:\WINDOWS\system32\hjnquqqo.exe

O4 - HKLM\..\Run: [rjwdtqbo] C:\WINDOWS\system32\rjwdtqbo.exe

Klik op 'Fix checked' om de items te verwijderen.

Dubbelklik op Combofix.exe en volg de instructies, aanvaard de disclaimer door y te typen. Tijdens het runnen van de fix, NIET in het venster klikken, want dit zal je pc doen vasthangen.

Wanneer de fix voltooid is en na herstart, zal de log combofix.txt openen.

NOTA: Indien je virusscanner reageert met een melding van een scriptuitvoering, moet je dit toestaan.

Hang het log van Combofix en een nieuw log van HJT aan je volgende bericht.

Link naar reactie
Delen op andere sites

ComboFix 08-03-26.1 - Samuel 2008-03-27 15:54:47.1 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1043.18.141 [GMT 1:00]

Gestart vanuit: C:\Documents and Settings\Samuel\Bureaublad\ComboFix.exe

* Nieuw herstelpunt werd aangemaakt

WAARSCHUWING - DE RECOVERY CONSOLE IS NIET OP DIT SYSTEEM GEINSTALLEERD !!

.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\WINDOWS\msettings.ini

C:\WINDOWS\system32\drivers\npf.sys

C:\WINDOWS\system32\Packet.dll

C:\WINDOWS\system32\sysmwwod.dll

C:\WINDOWS\system32\WanPacket.dll

C:\WINDOWS\system32\winupdate.exe

C:\WINDOWS\system32\wpcap.dll

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

-------\Legacy_NPF

-------\Service_NPF

(((((((((((((((((((( Bestanden Gemaakt van 2008-02-27 to 2008-03-27 ))))))))))))))))))))))))))))))

.

2008-03-27 14:47 . 2008-03-27 14:52 2,590 --a------ C:\WINDOWS\system32\tmp.reg

2008-03-27 14:46 . 2007-09-05 23:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe

2008-03-27 14:46 . 2006-04-27 16:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe

2008-03-27 14:46 . 2008-03-22 15:49 86,528 --a------ C:\WINDOWS\system32\VACFix.exe

2008-03-27 14:46 . 2008-03-26 08:50 82,432 --a------ C:\WINDOWS\system32\IEDFix.exe

2008-03-27 14:46 . 2003-06-05 20:13 53,248 --a------ C:\WINDOWS\system32\Process.exe

2008-03-27 14:46 . 2004-07-31 17:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe

2008-03-27 14:46 . 2007-10-03 23:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe

2008-03-27 14:17 . 2008-03-27 14:17 131,072 --a------ C:\WINDOWS\system32\ijszdqzu.dll

2008-03-27 14:17 . 2008-03-27 14:17 131,072 --a------ C:\Documents and Settings\All Users\Application Data\tmbsbcfy.dll

2008-03-27 14:17 . 2008-03-27 14:17 90,112 --a------ C:\WINDOWS\system32\hjnquqqo.exe

2008-03-26 21:52 . 2008-03-26 21:50 102,664 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys

2008-03-26 21:50 . 2008-03-26 22:00 <DIR> d-------- C:\Documents and Settings\Samuel\.housecall6.6

2008-03-26 21:49 . 2008-03-26 21:49 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy

2008-03-26 21:49 . 2008-03-26 22:37 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy

2008-03-26 19:43 . 2008-03-26 19:43 <DIR> d-------- C:\Program Files\Trend Micro

2008-03-26 19:39 . 2008-03-26 19:40 <DIR> d-------- C:\Documents and Settings\Samuel\Application Data\PC-Cleaner

2008-03-26 19:38 . 2008-03-26 20:55 <DIR> d-------- C:\WINDOWS\BDOSCAN8

2008-03-26 19:19 . 2008-03-26 19:19 106,496 --a------ C:\Documents and Settings\All Users\Application Data\oxqhqtub.dll

2008-03-26 19:19 . 2008-03-26 19:19 34,304 --a------ C:\WINDOWS\ybinyxyd.exe

2008-03-26 19:19 . 2008-03-26 19:19 18,944 --a------ C:\WINDOWS\system32\drvrid.dll

2008-03-26 18:44 . 2008-03-26 18:44 262,144 --a------ C:\WINDOWS\system32\wrap_oal.dll

2008-03-26 18:44 . 2008-03-26 18:44 86,016 --a------ C:\WINDOWS\system32\OpenAL32.dll

2008-03-26 18:40 . 2008-03-26 18:40 <DIR> d-------- C:\WINDOWS\system32\Futuremark

2008-03-26 18:40 . 2004-10-25 20:02 21,664 --a------ C:\WINDOWS\system32\drivers\Entech.sys

2008-03-26 18:40 . 1999-11-02 10:01 6,173 --a------ C:\WINDOWS\system32\drivers\Entech.vxd

2008-03-26 18:40 . 2004-06-22 15:44 5,632 --a------ C:\WINDOWS\system32\drivers\Entech64.sys

2008-03-26 18:40 . 2001-11-19 19:05 3,972 --a------ C:\WINDOWS\system32\drivers\PciBus.sys

2008-03-22 10:36 . 2008-03-22 15:50 <DIR> d-------- C:\debug

2008-03-20 14:45 . 2008-03-20 14:45 <DIR> d-------- C:\Program Files\Universal Extractor

2008-03-18 17:03 . 2008-03-18 17:04 440 --a------ C:\WINDOWS\BeatBox.INI

2008-03-18 15:32 . 2008-03-18 15:32 <DIR> d-------- C:\Documents and Settings\Samuel\Application Data\DivX

2008-03-12 19:11 . 2008-03-12 19:16 <DIR> d-------- C:\Program Files\TVUPlayer

2008-03-12 19:11 . 2008-03-12 19:11 <DIR> d-------- C:\Program Files\TVAnts

2008-03-12 19:11 . 2008-03-12 19:15 <DIR> d-------- C:\Program Files\Satellite TV for PC

2008-03-12 19:11 . 2008-03-12 19:15 <DIR> d-------- C:\Documents and Settings\Samuel\Application Data\TVU Networks

2008-03-04 17:42 . 2008-03-04 17:42 <DIR> d-------- C:\Program Files\ASUS

2008-03-04 17:42 . 2003-10-09 19:38 141,824 --a------ C:\WINDOWS\system32\ClientCpl.cpl

2008-03-04 17:42 . 2004-05-17 12:02 110,592 --a------ C:\WINDOWS\system32\AegisI5.exe

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-03-27 13:58 --------- d-----w C:\Documents and Settings\Samuel\Application Data\AdobeUM

2008-03-26 21:42 --------- d-----w C:\Documents and Settings\Samuel\Application Data\Azureus

2008-03-26 21:36 --------- d-----w C:\Program Files\RegistrySmart

2008-03-26 17:36 --------- d--h--w C:\Program Files\InstallShield Installation Information

2008-03-24 16:13 --------- d-----w C:\Documents and Settings\Samuel\Application Data\Hamachi

2008-03-14 20:35 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help

2008-02-27 20:37 --------- d-----w C:\Program Files\Windows Live

2008-02-18 21:09 --------- d-----w C:\Documents and Settings\All Users\Application Data\Zylom

2008-02-13 20:16 --------- d-----w C:\Program Files\Windows Desktop Search

2008-02-13 20:16 --------- d-----w C:\Documents and Settings\Samuel\Application Data\Windows Desktop Search

2008-02-08 16:07 --------- d-----w C:\Program Files\MAGIX

2008-02-07 14:34 --------- d-----w C:\Program Files\WinMPG VideoConvert

2008-02-06 16:19 --------- d-----w C:\Program Files\Qtrax_20080125

2008-02-06 16:19 --------- d-----w C:\Documents and Settings\Samuel\Application Data\Qtrax1

2008-02-06 16:19 --------- d-----w C:\Documents and Settings\All Users\Application Data\SongbirdVLC

2008-02-05 16:58 39,936 ----a-w C:\WINDOWS\system32\drivers\CDAC11BA.EXE

2008-02-05 16:58 30,720 ---h--r C:\WINDOWS\CdaC13BA.EXE

2008-02-05 16:58 112,128 ---h--r C:\WINDOWS\CdaC14BA.DLL

2008-02-05 16:57 8,864 ----a-w C:\WINDOWS\system32\drivers\CDAC15BA.SYS

2008-02-04 13:39 --------- d-----w C:\Program Files\AviSynth 2.5

2008-02-04 13:38 --------- d-----w C:\Program Files\ffdshow

2008-02-04 13:36 --------- d-----w C:\Program Files\On2 Technologies

2008-02-02 21:10 --------- d-----w C:\Program Files\K-Lite Codec Pack

2008-02-02 16:09 81,920 ----a-w C:\Documents and Settings\Samuel\Application Data\ezpinst.exe

2008-02-02 16:09 47,360 ----a-w C:\WINDOWS\system32\drivers\pcouffin.sys

2008-02-02 16:09 47,360 ----a-w C:\Documents and Settings\Samuel\Application Data\pcouffin.sys

2008-02-02 16:09 --------- d-----w C:\Documents and Settings\Samuel\Application Data\Vso

2008-02-01 10:17 587,264 ----a-w C:\WINDOWS\WLXPGSS.SCR

2008-01-30 20:48 65,536 -c--a-w C:\WINDOWS\IFinst27.exe

2008-01-30 17:21 --------- d-----w C:\Program Files\Google

2008-01-30 17:20 286,720 ----a-w C:\WINDOWS\pxwave.dll

2008-01-29 21:12 --------- d-----w C:\Program Files\MSXML 4.0

2008-01-28 20:14 --------- d-----w C:\Program Files\Common Files\MAGIX Shared

2008-01-28 20:13 --------- d-----w C:\Documents and Settings\All Users\Application Data\MAGIX

2008-01-09 14:01 53,248 ----a-w C:\WINDOWS\bdoscandel.exe

2007-12-30 16:32 73,216 ----a-w C:\WINDOWS\ST6UNST.EXE

2007-12-30 16:32 249,856 ------w C:\WINDOWS\Setup1.exe

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

REGEDIT4

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:03 15360]

"DAEMON Tools"="G:\DAEMON Tools\daemon.exe" [2007-04-03 23:29 165784]

"SuperCopier2.exe"="G:\SuperCopier2\SuperCopier2.exe" [2006-07-07 17:45 1052672]

"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 17:24 1694208]

"updateMgr"="G:\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 15:45 313472]

"CTSyncU.exe"="C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe" [2006-06-12 13:32 700416]

"googletalk"="C:\Program Files\Google\Google Talk\googletalk.exe" [2007-04-19 06:42 3293184]

"Picasa Media Detector"="G:\Picasa2\PicasaMediaDetector.exe" [2007-10-23 22:18 443968]

"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-05 01:41 8523776]

"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2005-05-20 02:11 925696]

"SoundMAX"="C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" [2005-09-07 14:35 716800]

"avast!"="G:\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224]

"GrooveMonitor"="G:\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 23:47 31016]

"SunJavaUpdateSched"="G:\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 02:43 83608]

"BearShare"="G:\BearShare\BearShare.exe" [2006-07-29 02:48 9887744]

"ChrisTV Agent"="G:\ChrisTV PVR\ChrisTV_Agent.exe" [2007-03-08 12:50 274944]

"RegistrySmart"="C:\Program Files\RegistrySmart\RegistrySmart.exe" [ ]

"SSBkgdUpdate"="C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-09-29 16:00 155648]

"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-10-19 20:16 286720]

"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-11-02 18:36 267048]

"PowerStrip"="c:\program files\powerstrip\pstrip.exe" [2007-12-20 16:21 798456]

"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-12-05 01:41 81920]

"Control Center"="C:\Program Files\ASUS\WLAN Card Utilities\Center.exe" [2004-11-04 19:36 1569280]

"hjnquqqo"="C:\WINDOWS\system32\hjnquqqo.exe" [2008-03-27 14:17 90112]

"rjwdtqbo"="C:\WINDOWS\system32\rjwdtqbo.exe" [ ]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 00:03 15360]

C:\Documents and Settings\Samuel\Menu Start\Programma's\Opstarten\

OneNote 2007 Schermopname en Snel starten.lnk - G:\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 19:24:54 98632]

C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\

Adobe Reader Snelle start.lnk - G:\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 20:05:26 29696]

Windows Desktop Search.lnk - C:\Program Files\Windows Desktop Search\WindowsSearch.exe [2007-02-05 15:40:46 118784]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]

"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2007-02-05 15:39 294400]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"G:\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"G:\\Microsoft Office\\Office12\\GROOVE.EXE"=

"G:\\Microsoft Office\\Office12\\ONENOTE.EXE"=

"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=

"C:\\Program Files\\MSN Messenger\\livecall.exe"=

"G:\\BearShare\\BearShare.exe"=

"C:\\Program Files\\Azureus\\Azureus.exe"=

"C:\\Program Files\\Google\\Google Talk\\googletalk.exe"=

"G:\\Activision\\Call of Duty 2\\CoD2MP_s.exe"=

"C:\\Program Files\\iTunes\\iTunes.exe"=

"G:\\EA Sports\\FIFA 08\\FIFA08.exe"=

"G:\\TrackMania Nations ESWC\\TmNationsESWC.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]

"AllowInboundRouterRequest"= 1 (0x1)

R2 PStrip;PSTRIP;C:\WINDOWS\system32\DRIVERS\PSTRIP.SYS [2007-07-15 03:37]

R2 UxTuneUp;TuneUp Thema-uitbreiding;C:\WINDOWS\System32\svchost.exe [2004-08-04 00:03]

R3 ASNDIS5;ASNDIS5 Protocol Driver;C:\WINDOWS\system32\ASNDIS5.SYS [2002-09-09 19:54]

S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe [2005-11-17 14:18]

S3 NSNDIS5;NSNDIS5 NDIS Protocol Driver;C:\WINDOWS\system32\NSNDIS5.SYS [2004-03-24 03:12]

S3 UPnPService;UPnPService;C:\Program Files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe [2006-12-14 16:00]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs

UxTuneUp

.

Inhoud van de 'Gedeelde Taken' map

"2007-11-10 14:50:31 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"

- C:\Program Files\Apple Software Update\SoftwareUpdate.exe

"2008-03-21 16:16:18 C:\WINDOWS\Tasks\Easy Onderhoud.job"

- G:\TuneUp Utilities 2007\SystemOptimizer.exe

.

**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-03-27 16:00:38

Windows 5.1.2600 Service Pack 2 NTFS

scannen van verborgen processen ...

scannen van verborgen autostart items ...

scannen van verborgen bestanden ...

Scan succesvol afgerond

verborgen bestanden: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mchInjDrv]

"ImagePath"="\??\C:\DOCUME~1\Samuel\LOCALS~1\Temp\mc26.tmp"

.

------------------------ Other Running Processes ------------------------

.

G:\Alwil Software\Avast4\aswUpdSv.exe

G:\Alwil Software\Avast4\ashServ.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\WINDOWS\ATKKBService.exe

C:\WINDOWS\system32\drivers\CDAC11BA.EXE

C:\WINDOWS\system32\CTsvcCDA.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\wdfmgr.exe

C:\WINDOWS\system32\SearchIndexer.exe

C:\WINDOWS\system32\WgaTray.exe

G:\Alwil Software\Avast4\ashMaiSv.exe

G:\Alwil Software\Avast4\ashWebSv.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\system32\SearchProtocolHost.exe

C:\WINDOWS\system32\SearchFilterHost.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\WINDOWS\system32\rundll32.exe

.

**************************************************************************

.

Voltooingstijd: 2008-03-27 16:03:29 - machine was rebooted [samuel]

ComboFix-quarantined-files.txt 2008-03-27 15:03:26

Pre-Run: 775,979,008 bytes beschikbaar

Post-Run: 695,463,936 bytes beschikbaar

.

2008-03-17 18:53:12 --- E O F ---

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 16:04:40, on 27/03/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

G:\Alwil Software\Avast4\aswUpdSv.exe

G:\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\WINDOWS\ATKKBService.exe

C:\WINDOWS\system32\drivers\CDAC11BA.EXE

C:\WINDOWS\system32\CTsvcCDA.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\wdfmgr.exe

C:\WINDOWS\system32\SearchIndexer.exe

C:\WINDOWS\system32\WgaTray.exe

G:\Alwil Software\Avast4\ashMaiSv.exe

G:\Alwil Software\Avast4\ashWebSv.exe

C:\WINDOWS\System32\alg.exe

C:\Program Files\Analog Devices\Core\smax4pnp.exe

C:\Program Files\Analog Devices\SoundMAX\Smax4.exe

G:\ALWILS~1\Avast4\ashDisp.exe

G:\Microsoft Office\Office12\GrooveMonitor.exe

G:\Java\jre1.6.0_01\bin\jusched.exe

G:\BearShare\BearShare.exe

G:\ChrisTV PVR\ChrisTV_Agent.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\program files\powerstrip\pstrip.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Program Files\ASUS\WLAN Card Utilities\Center.exe

C:\WINDOWS\system32\ctfmon.exe

G:\DAEMON Tools\daemon.exe

G:\SuperCopier2\SuperCopier2.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe

C:\Program Files\Google\Google Talk\googletalk.exe

G:\Picasa2\PicasaMediaDetector.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\explorer.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\system32\notepad.exe

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Google Search

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = Google Search

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = Google Search

R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = Live Search

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = %s - Google Search

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = iexplore

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen

O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - G:\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - G:\MICROS~1\Office12\GRA8E1~1.DLL

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - G:\Java\jre1.6.0_01\bin\ssv.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [soundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe

O4 - HKLM\..\Run: [soundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray

O4 - HKLM\..\Run: [avast!] G:\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [GrooveMonitor] "G:\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "G:\Java\jre1.6.0_01\bin\jusched.exe"

O4 - HKLM\..\Run: [bearShare] "G:\BearShare\BearShare.exe" /pause

O4 - HKLM\..\Run: [ChrisTV Agent] "G:\ChrisTV PVR\ChrisTV_Agent.exe" /silent

O4 - HKLM\..\Run: [RegistrySmart] "C:\Program Files\RegistrySmart\RegistrySmart.exe" -boot

O4 - HKLM\..\Run: [sSBkgdUpdate] C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe -Embedding -boot

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [PowerStrip] c:\program files\powerstrip\pstrip.exe

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [Control Center] C:\Program Files\ASUS\WLAN Card Utilities\Center.exe

O4 - HKLM\..\Run: [hjnquqqo] C:\WINDOWS\system32\hjnquqqo.exe

O4 - HKLM\..\Run: [rjwdtqbo] C:\WINDOWS\system32\rjwdtqbo.exe

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [DAEMON Tools] "G:\DAEMON Tools\daemon.exe" -lang 1033

O4 - HKCU\..\Run: [superCopier2.exe] G:\SuperCopier2\SuperCopier2.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [updateMgr] "G:\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8

O4 - HKCU\..\Run: [CTSyncU.exe] "C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe"

O4 - HKCU\..\Run: [googletalk] "C:\Program Files\Google\Google Talk\googletalk.exe" /autostart

O4 - HKCU\..\Run: [Picasa Media Detector] G:\Picasa2\PicasaMediaDetector.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Startup: OneNote 2007 Schermopname en Snel starten.lnk = G:\Microsoft Office\Office12\ONENOTEM.EXE

O4 - Global Startup: Adobe Reader Snelle start.lnk = G:\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe

O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://G:\MICROS~1\Office12\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - G:\Java\jre1.6.0_01\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - G:\Java\jre1.6.0_01\bin\ssv.dll

O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - G:\MICROS~1\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - G:\MICROS~1\Office12\ONBttnIE.dll

O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe

O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - G:\MICROS~1\Office12\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} (MetaStreamCtl Class) - https://components.viewpoint.com/adobe/MTSInstallers/MetaStream3.cab?url=http://www.gnahs.com/eigen/ThumbnailFrame.html

O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab

O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab

O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v4.cab

O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game01.zylom.com/activex/zylomgamesplayer.cab

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - G:\MICROS~1\Office12\GR99D3~1.DLL

O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - G:\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe

O23 - Service: avast! Antivirus - ALWIL Software - G:\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - G:\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - G:\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: C-DillaCdaC11BA - C-Dilla Ltd - C:\WINDOWS\system32\drivers\CDAC11BA.EXE

O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe

O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: UPnPService - Magix AG - C:\Program Files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe

--

End of file - 10642 bytes

Link naar reactie
Delen op andere sites

Open een kladblokbestand.

Kopieer en plak daarin de onderstaande vetgedrukte tekst.

File::

C:\WINDOWS\system32\tmp.reg

C:\WINDOWS\system32\VCCLSID.exe

C:\WINDOWS\system32\SrchSTS.exe

C:\WINDOWS\system32\Process.exe

C:\WINDOWS\system32\VACFix.exe

C:\WINDOWS\system32\IEDFix.exe

C:\WINDOWS\system32\dumphive.exe

C:\WINDOWS\system32\WS2Fix.exe

C:\WINDOWS\system32\ijszdqzu.dll

C:\Documents and Settings\All Users\Application Data\tmbsbcfy.dll

C:\WINDOWS\system32\hjnquqqo.exe

C:\Documents and Settings\All Users\Application Data\oxqhqtub.dll

C:\WINDOWS\ybinyxyd.exe

C:\WINDOWS\system32\drvrid.dll

Folder::

C:\Documents and Settings\Samuel\Application Data\PC-Cleaner

Registry::

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]

"hjnquqqo"="C:\WINDOWS\system32\hjnquqqo.exe"

"rjwdtqbo"="C:\WINDOWS\system32\rjwdtqbo.exe"

Sla dit bestand op je bureaublad op als CFScript.txt.

Sleep CFScript.txt in ComboFix.exe

Dit zal ComboFix doen herstarten. Start opnieuw op als dat gevraagd wordt.

Start Hijackthis op en kies voor 'Do a system scan only'. Selecteer alleen de items hieronder genoemd (indien ze nog aanwezig zijn, want normaal niet het geval mag zijn):

O4 - HKLM\..\Run: [hjnquqqo] C:\WINDOWS\system32\hjnquqqo.exe

O4 - HKLM\..\Run: [rjwdtqbo] C:\WINDOWS\system32\rjwdtqbo.exe

Klik op 'Fix checked' om de items te verwijderen.

Post de inhoud van de Combofix.txt in je volgende bericht samen met een nieuw logje van HijackThis.

En laat meteen eens weten hoe het staat met je Windows Security Alert ?

Link naar reactie
Delen op andere sites

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 17:23, on 2008-03-27

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

G:\Alwil Software\Avast4\aswUpdSv.exe

G:\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\WINDOWS\ATKKBService.exe

C:\WINDOWS\system32\drivers\CDAC11BA.EXE

C:\WINDOWS\system32\CTsvcCDA.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\wdfmgr.exe

C:\WINDOWS\system32\SearchIndexer.exe

G:\Alwil Software\Avast4\ashMaiSv.exe

C:\WINDOWS\system32\WgaTray.exe

C:\WINDOWS\Explorer.EXE

G:\Alwil Software\Avast4\ashWebSv.exe

C:\WINDOWS\System32\alg.exe

C:\Program Files\Analog Devices\Core\smax4pnp.exe

C:\Program Files\Analog Devices\SoundMAX\Smax4.exe

G:\ALWILS~1\Avast4\ashDisp.exe

G:\Microsoft Office\Office12\GrooveMonitor.exe

G:\Java\jre1.6.0_01\bin\jusched.exe

G:\BearShare\BearShare.exe

G:\ChrisTV PVR\ChrisTV_Agent.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\program files\powerstrip\pstrip.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Program Files\ASUS\WLAN Card Utilities\Center.exe

C:\WINDOWS\system32\ctfmon.exe

G:\DAEMON Tools\daemon.exe

G:\SuperCopier2\SuperCopier2.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe

C:\Program Files\Google\Google Talk\googletalk.exe

G:\Picasa2\PicasaMediaDetector.exe

C:\WINDOWS\system32\svchost.exe

G:\Adobe\Acrobat 7.0\Reader\reader_sl.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\Windows Desktop Search\WindowsSearch.exe

G:\Microsoft Office\Office12\ONENOTEM.EXE

C:\Program Files\iPod\bin\iPodService.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe

C:\Program Files\MSN Messenger\msnmsgr.exe

C:\Program Files\MSN Messenger\usnsvc.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Google Search

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = Google Search

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = Google Search

R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = Live Search

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = %s - Google Search

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = iexplore

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen

O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - G:\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - G:\MICROS~1\Office12\GRA8E1~1.DLL

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - G:\Java\jre1.6.0_01\bin\ssv.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [soundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe

O4 - HKLM\..\Run: [soundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray

O4 - HKLM\..\Run: [avast!] G:\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [GrooveMonitor] "G:\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "G:\Java\jre1.6.0_01\bin\jusched.exe"

O4 - HKLM\..\Run: [bearShare] "G:\BearShare\BearShare.exe" /pause

O4 - HKLM\..\Run: [ChrisTV Agent] "G:\ChrisTV PVR\ChrisTV_Agent.exe" /silent

O4 - HKLM\..\Run: [RegistrySmart] "C:\Program Files\RegistrySmart\RegistrySmart.exe" -boot

O4 - HKLM\..\Run: [sSBkgdUpdate] C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe -Embedding -boot

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [PowerStrip] c:\program files\powerstrip\pstrip.exe

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [Control Center] C:\Program Files\ASUS\WLAN Card Utilities\Center.exe

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [DAEMON Tools] "G:\DAEMON Tools\daemon.exe" -lang 1033

O4 - HKCU\..\Run: [superCopier2.exe] G:\SuperCopier2\SuperCopier2.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [updateMgr] "G:\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8

O4 - HKCU\..\Run: [CTSyncU.exe] "C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe"

O4 - HKCU\..\Run: [googletalk] "C:\Program Files\Google\Google Talk\googletalk.exe" /autostart

O4 - HKCU\..\Run: [Picasa Media Detector] G:\Picasa2\PicasaMediaDetector.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Startup: OneNote 2007 Schermopname en Snel starten.lnk = G:\Microsoft Office\Office12\ONENOTEM.EXE

O4 - Global Startup: Adobe Reader Snelle start.lnk = G:\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe

O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://G:\MICROS~1\Office12\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - G:\Java\jre1.6.0_01\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - G:\Java\jre1.6.0_01\bin\ssv.dll

O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - G:\MICROS~1\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - G:\MICROS~1\Office12\ONBttnIE.dll

O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe

O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - G:\MICROS~1\Office12\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} (MetaStreamCtl Class) - https://components.viewpoint.com/adobe/MTSInstallers/MetaStream3.cab?url=http://www.gnahs.com/eigen/ThumbnailFrame.html

O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab

O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab

O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v4.cab

O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game01.zylom.com/activex/zylomgamesplayer.cab

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - G:\MICROS~1\Office12\GR99D3~1.DLL

O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - G:\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe

O23 - Service: avast! Antivirus - ALWIL Software - G:\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - G:\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - G:\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: C-DillaCdaC11BA - C-Dilla Ltd - C:\WINDOWS\system32\drivers\CDAC11BA.EXE

O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe

O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: UPnPService - Magix AG - C:\Program Files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe

--

End of file - 10761 bytes

Ik heb geen last meer van Windows Security Alert

Link naar reactie
Delen op andere sites

Gast
Dit topic is nu gesloten voor nieuwe reacties.
×
×
  • Nieuwe aanmaken...

Belangrijke informatie

We hebben cookies geplaatst op je toestel om deze website voor jou beter te kunnen maken. Je kunt de cookie instellingen aanpassen, anders gaan we er van uit dat het goed is om verder te gaan.