Ga naar inhoud

Trojans: vooral vundo


Gast Naftrox

Aanbevolen berichten

Gast Naftrox

Sinds woensdag 6/5 is mijn pc een echte broeihaard voor allerlei trojans. Sinds vanmorgen is het ook onmogelijk om via IE op internet te gaan, enkel FireFox doet het nog. Ook krijg ik voortdurend vervelende pop-ups over 2 prog's (PC Cleaner en PC-Antispyware) die waarschijnlijk veroorzaakt worden door een besmetting. Hieronder post ik meteen al een hijackthis log, als jullie nog wat meer info nodig hebben, vraag maar, ik heb niet echt veel ervaring met dit soort dingen. Hopelijk is het niet al te erg... :hmmmm2:

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 22:24, on 2008-05-09

Platform: Windows Vista (WinNT 6.00.1904)

MSIE: Internet Explorer v7.00 (7.00.6000.16643)

Boot mode: Normal

Running processes:

C:\Windows\system32\taskeng.exe

C:\Windows\system32\Dwm.exe

C:\Windows\SYSTEM32\WISPTIS.EXE

C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\WTablet\TabUserW.exe

C:\Program Files\Windows Defender\MSASCui.exe

C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe

C:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exe

C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe

C:\Program Files\Alwil Software\Avast4\ashDisp.exe

C:\Program Files\Logitech\G-series Software\LGDCore.exe

C:\Program Files\Logitech\G-series Software\LCDMon.exe

C:\Windows\System32\rundll32.exe

C:\Program Files\Syncrosoft\POS\H2O\cledx.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Windows\System32\p2phost.exe

C:\Windows\System32\rundll32.exe

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\Windows\ehome\ehtray.exe

C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\ProgramData\hjwpkqkn\nqpcvwni.exe

C:\Windows\System32\rundll32.exe

C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

C:\Windows\System32\rundll32.exe

C:\Program Files\Logitech\SetPoint\SetPoint.exe

C:\Program Files\WinZip\WZQKPICK.EXE

C:\Windows\ehome\ehmsas.exe

C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE

C:\Windows\system32\rundll32.exe

C:\Windows\System32\mobsync.exe

C:\Program Files\Logitech\G-series Software\Applets\LCDPop3\LCDPOP3.exe

C:\Program Files\Internet Explorer\ieuser.exe

C:\Program Files\Logitech\G-series Software\Applets\LCDClock.exe

C:\Program Files\Logitech\G-series Software\Applets\LCDMedia.exe

C:\Windows\system32\rundll32.exe

C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe

C:\Windows\system32\rundll32.exe

C:\Windows\system32\taskeng.exe

C:\PROGRA~1\MOZILL~1\FIREFOX.EXE

C:\Windows\system32\rundll32.exe

C:\Windows\system32\conime.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

C:\Windows\system32\SearchFilterHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O1 - Hosts: ::1 localhost

O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {12F7DFF0-EF69-4B61-A1BB-EF66874F0713} - (no file)

O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O2 - BHO: (no name) - {25E782D5-B311-451F-8AAD-3A0728D7EBE5} - (no file)

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll

O2 - BHO: (no name) - {ADB586E4-21B4-4FB9-88EF-BF8B3B18A072} - (no file)

O2 - BHO: (no name) - {AF35C1BC-406D-4347-A252-68E1932F0333} - (no file)

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll

O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Windows\system32\NeroCheck.exe

O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE

O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"

O4 - HKLM\..\Run: [LVCOMSX] "C:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exe"

O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE

O4 - HKLM\..\Run: [AGEIA PhysX SysTray] C:\Program Files\AGEIA Technologies\TrayIcon.exe

O4 - HKLM\..\Run: [intelAudioStudio] "C:\Program Files\Intel Audio Studio\IntelAudioStudio.exe" TRAY

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"

O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [Launch LGDCore] "C:\Program Files\Logitech\G-series Software\LGDCore.exe" /SHOWHIDE

O4 - HKLM\..\Run: [Launch LCDMon] "C:\Program Files\Logitech\G-series Software\LCDMon.exe"

O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [H2O] C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe

O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - HKCU\..\Run: [CollaborationHost] C:\Windows\system32\p2phost.exe -s

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe

O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [Orb] "C:\Program Files\Winamp Remote\bin\OrbTray.exe" /background

O4 - HKCU\..\Run: [MSServer] rundll32.exe C:\Users\GEBRUI~1\AppData\Local\Temp\qoMeCtSI.dll,#1

O4 - HKCU\..\Run: [hjwpkqkn] C:\ProgramData\hjwpkqkn\nqpcvwni.exe

O4 - HKCU\..\Run: [cmds] rundll32.exe C:\Users\GEBRUI~1\AppData\Local\Temp\byXPHaBU.dll,c

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKCU\..\Run: [ec1d01d5] rundll32.exe "C:\Users\GEBRUI~1\AppData\Local\Temp\gxmkbvpm.dll",b

O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\RunOnce: [iETI] C:\Program Files\Skype\Phone\IEPlugin\unins000.exe /VERYSILENT /SUPPRESSMSGBOXES /NORESTART (User 'SYSTEEM')

O4 - HKUS\.DEFAULT\..\RunOnce: [iETI] C:\Program Files\Skype\Phone\IEPlugin\unins000.exe /VERYSILENT /SUPPRESSMSGBOXES /NORESTART (User 'Default user')

O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: hpoddt01.exe.lnk = ?

O4 - Global Startup: Logitech SetPoint.lnk = ?

O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE

O8 - Extra context menu item: Download All Files by HiDownload - C:\Program Files\HiDownload\HDGetAll.htm

O8 - Extra context menu item: Download by HiDownload - C:\Program Files\HiDownload\HDGet.htm

O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: HiDownload - {F4FBA929-A891-492C-A0F6-5C79CC4F1742} - C:\Program Files\HiDownload\hidownload.exe

O13 - Gopher Prefix:

O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/pr02/resources/VistaMSNPUpldnl-be.cab

O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab

O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab

O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab

O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/win/ActiveXPlugin.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O16 - DPF: {FDDBE2B8-6602-4AD8-946D-94C5A32FA6C1} (GameDesire Pool 8) - http://67.15.101.3/g_bin/eng/billard8_2_0_0_31.cab

O16 - DPF: {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} (DownloadManager Control) - http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.1.6.cab

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe

O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Windows\system32\STacSV.exe

O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe

O23 - Service: TabletService - Wacom Technology, Corp. - C:\Windows\system32\Tablet.exe

--

End of file - 12419 bytes

Bedankt,

Naftrox

Link naar reactie
Delen op andere sites

  • Reacties 25
  • Aangemaakt
  • Laatste reactie

Beste reacties in dit topic

Download VundoFix naar je bureaublad.

[*]Dubbelklik VundoFix.exe om het te starten.

[*]Klik op de Scan for Vundo knop.

[*]Eenmaal gedaan met scannen, klik op de Remove Vundo knop.

[*]Je zal een melding krijgen of je de bestanden wilt laten verwijderen, klik YES

[*]Nadat je Yes hebt geklikt, zullen de icoontjes op je Bureaublad verdwijnen tijdens het verwijderen van Vundo.

[*]Wanneer voltooid zal je de melding krijgen dat het je PC zal afsluiten, klik OK.

[*]Start je pc terug opnieuw op.

Nota: Het is mogelijk dat VundoFix een bestand vindt dat niet kan verwijderd worden.

In dit geval zal VundoFix na het heropstarten van je pc nog eens opstarten. Dan moet je de instructies van hierboven nog eens uitvoeren vanaf: "Klik op Scan for Vundo."

Start Hijackthis op en kies voor 'Do a system scan only'. Selecteer alleen de items hieronder genoemd:

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O2 - BHO: (no name) - {12F7DFF0-EF69-4B61-A1BB-EF66874F0713} - (no file)

O2 - BHO: (no name) - {25E782D5-B311-451F-8AAD-3A0728D7EBE5} - (no file)

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: (no name) - {ADB586E4-21B4-4FB9-88EF-BF8B3B18A072} - (no file)

O2 - BHO: (no name) - {AF35C1BC-406D-4347-A252-68E1932F0333} - (no file)

O4 - HKCU\..\Run: [CollaborationHost] C:\Windows\system32\p2phost.exe -s

O4 - HKCU\..\Run: [MSServer] rundll32.exe C:\Users\GEBRUI~1\AppData\Local\Temp\qoMeCtSI.dll,#1

O4 - HKCU\..\Run: [hjwpkqkn] C:\ProgramData\hjwpkqkn\nqpcvwni.exe

O4 - HKCU\..\Run: [cmds] rundll32.exe C:\Users\GEBRUI~1\AppData\Local\Temp\byXPHaBU.dll,c

O4 - HKCU\..\Run: [ec1d01d5] rundll32.exe "C:\Users\GEBRUI~1\AppData\Local\Temp\gxmkbvpm.dll",b

O16 - DPF: {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} (DownloadManager Control) - http://dlm.tools.akamai.com/dlmanage...ex-2.2.1.6.cab

Klik op 'Fix checked' om de items te verwijderen.

Verwijder volgende vetgedrukte map met Windows Verkenner.

C:\ProgramData\hjwpkqkn

Post de inhoud van C:\vundofix.txt en een nieuwe log van HJT in je volgende bericht.

Link naar reactie
Delen op andere sites

Gast Naftrox

Hieronder post ik mijn HJT log, VundoFix heeft geen enkele vundo gevonden, terwijl mijn anti-virus programma (Avast home4.8 edition) bij elke scan van de map AppData in C:\Users\Gebruiker\AppData er altijd wel een stuk of 5/6 weet te vinden. (Ze staan altijd in het mapje C:\Users\Gebruikers\AppData\Local\Microsoft\Windows\WER\ReportQueue)

Ook is mijn bureaubladachtergrond sinds vanmorgen zwart, en ik kan het niet veranderen... :hmmmm2:

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 11:41, on 2008-05-10

Platform: Windows Vista (WinNT 6.00.1904)

MSIE: Internet Explorer v7.00 (7.00.6000.16643)

Boot mode: Normal

Running processes:

C:\Windows\system32\taskeng.exe

C:\Windows\SYSTEM32\WISPTIS.EXE

C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Windows Defender\MSASCui.exe

C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe

C:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exe

C:\Program Files\AGEIA Technologies\TrayIcon.exe

C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe

C:\Program Files\Alwil Software\Avast4\ashDisp.exe

C:\Program Files\Logitech\G-series Software\LGDCore.exe

C:\Program Files\Logitech\G-series Software\LCDMon.exe

C:\Windows\system32\WTablet\TabUserW.exe

C:\Program Files\Syncrosoft\POS\H2O\cledx.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Windows\System32\mobsync.exe

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\Windows\ehome\ehtray.exe

C:\Program Files\Skype\Phone\Skype.exe

C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

C:\Windows\System32\rundll32.exe

C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

C:\Windows\System32\rundll32.exe

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\Program Files\Logitech\SetPoint\SetPoint.exe

C:\Windows\ehome\ehmsas.exe

C:\Program Files\WinZip\WZQKPICK.EXE

C:\Program Files\Logitech\G-series Software\Applets\LCDPop3\LCDPOP3.exe

C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE

C:\Program Files\Logitech\G-series Software\Applets\LCDClock.exe

C:\Program Files\Logitech\G-series Software\Applets\LCDMedia.exe

C:\Program Files\Skype\Plugin Manager\skypePM.exe

C:\Windows\system32\rundll32.exe

C:\Windows\system32\rundll32.exe

C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe

C:\Windows\system32\rundll32.exe

C:\Users\Gebruiker\Desktop\VundoFix.exe

C:\Windows\system32\taskeng.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

O1 - Hosts: ::1 localhost

O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {0C8BCF66-880A-4669-9668-6D05FB337802} - (no file)

O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll

O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Windows\system32\NeroCheck.exe

O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE

O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"

O4 - HKLM\..\Run: [LVCOMSX] "C:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exe"

O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE

O4 - HKLM\..\Run: [AGEIA PhysX SysTray] C:\Program Files\AGEIA Technologies\TrayIcon.exe

O4 - HKLM\..\Run: [intelAudioStudio] "C:\Program Files\Intel Audio Studio\IntelAudioStudio.exe" TRAY

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"

O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [Launch LGDCore] "C:\Program Files\Logitech\G-series Software\LGDCore.exe" /SHOWHIDE

O4 - HKLM\..\Run: [Launch LCDMon] "C:\Program Files\Logitech\G-series Software\LCDMon.exe"

O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [H2O] C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe

O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe

O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [Orb] "C:\Program Files\Winamp Remote\bin\OrbTray.exe" /background

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe

O4 - HKCU\..\Run: [MSServer] rundll32.exe C:\Users\GEBRUI~1\AppData\Local\Temp\fccaBQIb.dll,#1

O4 - HKCU\..\Run: [cmds] rundll32.exe C:\Users\GEBRUI~1\AppData\Local\Temp\byXPHaBU.dll,c

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\RunOnce: [iETI] C:\Program Files\Skype\Phone\IEPlugin\unins000.exe /VERYSILENT /SUPPRESSMSGBOXES /NORESTART (User 'SYSTEEM')

O4 - HKUS\.DEFAULT\..\RunOnce: [iETI] C:\Program Files\Skype\Phone\IEPlugin\unins000.exe /VERYSILENT /SUPPRESSMSGBOXES /NORESTART (User 'Default user')

O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: hpoddt01.exe.lnk = ?

O4 - Global Startup: Logitech SetPoint.lnk = ?

O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE

O8 - Extra context menu item: Download All Files by HiDownload - C:\Program Files\HiDownload\HDGetAll.htm

O8 - Extra context menu item: Download by HiDownload - C:\Program Files\HiDownload\HDGet.htm

O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: HiDownload - {F4FBA929-A891-492C-A0F6-5C79CC4F1742} - C:\Program Files\HiDownload\hidownload.exe

O13 - Gopher Prefix:

O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/pr02/resources/VistaMSNPUpldnl-be.cab

O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab

O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab

O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab

O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/win/ActiveXPlugin.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O16 - DPF: {FDDBE2B8-6602-4AD8-946D-94C5A32FA6C1} (GameDesire Pool 8) - http://67.15.101.3/g_bin/eng/billard8_2_0_0_31.cab

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe

O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Windows\system32\STacSV.exe

O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe

O23 - Service: TabletService - Wacom Technology, Corp. - C:\Windows\system32\Tablet.exe

--

End of file - 11506 bytes

Bedankt, Naftrox

P.S.: Dat mapje in ProgramData heb ik nergens kunnen vinden...

Link naar reactie
Delen op andere sites

Erg vreemd dat er steeds sprake is van Vundo's en dat Vundofix dan niets kan vinden. Maar er zit - hoe dan ook - nog een besmetting op je PC.

Download SDFix en klik op "uitvoeren".

Versie 1.40 en hoger zal de uitgepakte SDFix map automatisch naar je systeemdrive verplaatsen (waarschijnlijk: C:\SDFix).

Start Hijackthis op en kies voor 'Do a system scan only'. Selecteer alleen de items hieronder genoemd:

O2 - BHO: (no name) - {0C8BCF66-880A-4669-9668-6D05FB337802} - (no file)

O4 - HKCU\..\Run: [MSServer] rundll32.exe C:\Users\GEBRUI~1\AppData\Local\Temp\fccaBQIb.dll,#1

O4 - HKCU\..\Run: [cmds] rundll32.exe C:\Users\GEBRUI~1\AppData\Local\Temp\byXPHaBU.dll,c

Klik op 'Fix checked' om de items te verwijderen.

Herstart je PC in veilige modus.

Open de SDFix map en dubbelklik op RunThis.bat om het tooltje te starten.

Typ Y om het schoonmaakproces te starten.

Er zullen Trojan Services en/of Registry Entries worden verwijderd als ze worden gevonden en je zult een toets voor herstart moeten indrukken.

De computer zal dan herstarten (dit duurt langer dan gewoonlijk).

Wanneer de pc herstart zal het tooltje opnieuw runnen en het verwijderingsproces vervolgen, tot de melding Finished getoond wordt. Druk dan op eender welke toets om het script te beëindigen en je bureaubladiconen weer te laden.

Wanneer je bureaubladiconen verschijnen zal het rapportje van SDFix openen. Dit zal dan ook te vinden zijn in de SDFix map als Report.txt.

Kopieer en plak nu de inhoud van dat rapportje hier met een nieuw HJT-log.

Link naar reactie
Delen op andere sites

Gast Naftrox

Ik slaag er niet in om de RunThis.bat op te starten in Veilige Modus.Er komt steeds een venster op maar da's meteen weg na een halve seconde. Ook met de opdrachtprompt lukt het niet :(.

Link naar reactie
Delen op andere sites

Probeer dan eerst even dit :

Download Combofix en zet het op je Bureaublad.

Dubbelklik op Combofix.exe en volg de instructies, aanvaard de disclaimer door y te typen. Tijdens het runnen van de fix, NIET in het venster klikken, want dit zal je pc doen vasthangen.

Wanneer de fix voltooid is en na herstart, zal de log combofix.txt openen.

NOTA: Indien je virusscanner reageert met een melding van een scriptuitvoering, moet je dit toestaan.

Hang het log van Combofix aan je volgende bericht.

Link naar reactie
Delen op andere sites

Ik slaag er niet in om de RunThis.bat op te starten in Veilige Modus.Er komt steeds een venster op maar da's meteen weg na een halve seconde. Ook met de opdrachtprompt lukt het niet :(.

Tiens, Nafrtox heeft hetzelfde probleem als ik met de SDFix. Zou het aan Vista liggen?

Ik ben benieuwd of het jouw lukt met de combofix. Ik krijg hem zelfs niet geïnstalleerd.:hmmmm2:

Link naar reactie
Delen op andere sites

Gast Naftrox

Hieronder mijn Combofix log:

ComboFix 08-05-08.1 - Gebruiker 2008-05-11 0:20:22.1 - NTFSx86

Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1043.18.1053 [GMT 2:00]

Gestart vanuit: C:\Users\Gebruiker\Desktop\ComboFix.exe

* Nieuw herstelpunt werd aangemaakt

.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\ProgramData\Microsoft\Windows\Start Menu\Online Security Guide.url

C:\ProgramData\Microsoft\Windows\Start Menu\Security Troubleshooting.url

C:\Windows\Downloaded Program Files\setup.inf

.

(((((((((((((((((((( Bestanden Gemaakt van 2008-04-10 to 2008-05-10 ))))))))))))))))))))))))))))))

.

Geen nieuwe bestanden aangemaakt in deze periode

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-05-10 22:23 --------- d-----w C:\Users\Gebruiker\AppData\Roaming\Skype

2008-05-10 22:15 --------- d-----w C:\Users\Gebruiker\AppData\Roaming\WTablet

2008-05-10 22:15 --------- d-----w C:\Users\Gebruiker\AppData\Roaming\skypePM

2008-05-09 20:24 --------- d-----w C:\Program Files\Trend Micro

2008-05-09 19:48 --------- d-----w C:\Program Files\Exterminate It!

2008-05-09 16:38 --------- d-----w C:\ProgramData\Spybot - Search & Destroy

2008-05-09 16:00 --------- d-----w C:\Program Files\Norton Security Scan

2008-05-09 15:55 --------- d-----w C:\Program Files\Spybot - Search & Destroy

2008-05-07 20:34 --------- d-----w C:\Program Files\CCleaner

2008-05-06 15:28 --------- d-----w C:\Users\Gebruiker\AppData\Roaming\LimeWire

2008-05-05 23:46 --------- d-----w C:\ProgramData\hjwpkqkn

2008-05-05 23:46 --------- d-----w C:\ProgramData\fgtwrkro

2008-05-05 20:23 --------- d-----w C:\Program Files\Steam

2008-05-03 07:33 --------- d-----w C:\Program Files\Common Files\Symantec Shared

2008-05-02 15:16 --------- d-----w C:\ProgramData\TrackMania

2008-05-02 14:23 --------- d-----w C:\Program Files\Common Files\Steam

2008-04-30 09:29 --------- d-----w C:\Users\Gebruiker\AppData\Roaming\Steinberg

2008-04-30 09:21 --------- d-----w C:\Program Files\Syncrosoft

2008-04-29 18:24 --------- d-----w C:\Program Files\iPod

2008-04-28 19:39 --------- d-----w C:\Program Files\LimeWire

2008-04-26 18:03 --------- d-----w C:\Program Files\PortTrigger

2008-04-25 16:45 --------- d-----w C:\Program Files\Valve

2008-04-25 16:37 --------- d-----w C:\Program Files\PFConfig

2008-04-19 12:50 --------- d-----w C:\ProgramData\Apple Computer

2008-04-19 12:50 --------- d-----w C:\Program Files\QuickTime

2008-04-19 12:46 --------- d-----w C:\Program Files\Common Files\Apple

2008-04-19 12:45 --------- d-----w C:\ProgramData\Apple

2008-04-19 12:45 --------- d-----w C:\Program Files\Apple Software Update

2008-04-14 16:25 --------- d-----w C:\Program Files\Native Instruments

2008-04-10 10:04 --------- d-----w C:\ProgramData\Microsoft Help

2008-04-06 18:26 --------- d-----w C:\Program Files\vixy.net

2008-04-04 16:01 --------- d-----w C:\ProgramData\Symantec

2008-03-29 17:32 50,768 ----a-w C:\Windows\system32\drivers\aswMonFlt.sys

2008-03-29 12:12 --------- d-----w C:\Program Files\VTFEdit

2008-03-28 20:50 --------- d-----w C:\Program Files\Guitar Pro 5

2008-03-27 19:53 --------- d-----w C:\Users\Gebruiker\AppData\Roaming\AccurateRip

2008-03-27 19:53 --------- d-----w C:\Program Files\Illustrate

2008-03-27 19:52 4,230,520 ----a-w C:\Windows\System32\SpoonUninstall.exe

2008-03-25 22:50 --------- d-----w C:\Users\Gebruiker\AppData\Roaming\Xfire

2008-03-25 17:31 --------- d-----w C:\Program Files\GCFScape

2008-03-25 06:24 --------- d-----w C:\Program Files\Java

2008-03-25 06:14 --------- d-----w C:\ProgramData\Xfire

2008-03-24 09:39 --------- d-s---w C:\Program Files\Xfire

2008-03-22 20:28 --------- d--h--w C:\Program Files\InstallShield Installation Information

2008-03-22 20:28 --------- d-----w C:\Program Files\PENDULO Studios

2008-03-22 20:28 --------- d-----w C:\Program Files\Common Files\InstallShield

2008-03-21 22:14 41,296 ----a-w C:\Windows\System32\xfcodec.dll

2008-03-19 20:27 32 ----a-w C:\Users\All Users\ezsid.dat

2008-03-19 20:27 32 ----a-w C:\ProgramData\ezsid.dat

2008-03-19 20:26 --------- d-----w C:\Program Files\Common Files\Skype

2008-03-17 18:34 --------- d-----w C:\ProgramData\OrbNetworks

2008-03-17 18:34 --------- d-----w C:\Program Files\Winamp Remote

2008-03-17 18:34 --------- d-----w C:\Program Files\Winamp

2008-02-29 06:51 19,000 ----a-w C:\Windows\System32\kd1394.dll

2008-02-29 06:39 40,960 ----a-w C:\Windows\System32\srclient.dll

2008-02-29 06:39 371,712 ----a-w C:\Windows\System32\srcore.dll

2008-02-29 06:38 313,856 ----a-w C:\Windows\System32\rstrui.exe

2008-02-29 06:38 16,384 ----a-w C:\Windows\System32\srdelayed.exe

2008-02-29 06:35 6,656 ----a-w C:\Windows\System32\kbd106n.dll

2008-02-29 06:34 7,168 ----a-w C:\Windows\System32\f3ahvoas.dll

2008-02-29 04:16 2,027,008 ----a-w C:\Windows\System32\win32k.sys

2008-02-21 04:43 826,368 ----a-w C:\Windows\System32\wininet.dll

2008-02-21 04:43 56,320 ----a-w C:\Windows\System32\iesetup.dll

2008-02-21 04:43 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll

2008-02-21 04:43 296,448 ----a-w C:\Windows\System32\gdi32.dll

2008-02-21 04:43 26,624 ----a-w C:\Windows\System32\ieUnatt.exe

2008-02-19 05:10 620,088 ----a-w C:\Windows\System32\ci.dll

2008-02-14 23:19 944,184 ----a-w C:\Windows\System32\winload.exe

2008-02-13 11:20 194,560 ----a-w C:\Windows\System32\WebClnt.dll

2008-02-13 11:17 24,064 ----a-w C:\Windows\System32\netcfg.exe

2008-02-13 11:17 22,016 ----a-w C:\Windows\System32\netiougc.exe

2008-02-13 11:17 167,424 ----a-w C:\Windows\System32\tcpipcfg.dll

2007-12-01 21:10 32 ----a-r C:\Users\All Users\hash.dat

2007-12-01 21:10 32 ----a-r C:\ProgramData\hash.dat

2007-11-14 13:16 22,328 ----a-w C:\Users\Gebruiker\AppData\Roaming\PnkBstrK.sys

2007-09-24 16:09 174 --sha-w C:\Program Files\desktop.ini

2007-02-14 12:44 16,384 --sha-w C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

2007-02-14 12:44 32,768 --sha-w C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

2007-02-14 12:44 16,384 --sha-w C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

.

------- Sigcheck -------

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

REGEDIT4

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{03AB0955-35A4-4460-85F5-D22136FEFA04}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{097EA6AB-BD49-4F9B-9158-D66C8112F291}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6D32261F-5293-4225-B49F-262A31523A41}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{94BCDF34-583C-4DB4-A8DD-BFC884161EBF}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D70C192A-1617-48F8-A3CA-F41157BC2E3C}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-09 13:01 1232896]

"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 12:34 5724184]

"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 14:35 125440]

"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2008-02-01 18:22 21898024]

"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2007-10-18 10:42 171448]

"Orb"="C:\Program Files\Winamp Remote\bin\OrbTray.exe" [2008-01-07 22:02 495616]

"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]

"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 14:36 201728]

"cmds"="C:\Users\GEBRUI~1\AppData\Local\Temp\byXPHaBU.dll" [2008-05-08 20:28 274944]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2007-09-24 17:59 1006264]

"NeroFilterCheck"="C:\Windows\system32\NeroCheck.exe" [2001-07-09 11:50 155648]

"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-01-23 16:44 101136 C:\Windows\KHALMNPR.Exe]

"LogitechCommunicationsManager"="C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-01-12 04:09 488984]

"LVCOMSX"="C:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exe" [2007-01-12 04:12 244512]

"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-01-23 16:44 101136 C:\Windows\KHALMNPR.Exe]

"AGEIA PhysX SysTray"="C:\Program Files\AGEIA Technologies\TrayIcon.exe" [2006-03-20 21:43 331776]

"IntelAudioStudio"="C:\Program Files\Intel Audio Studio\IntelAudioStudio.exe" [2006-06-07 18:11 9129984]

"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784]

"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-03-29 19:37 79224]

"Launch LGDCore"="C:\Program Files\Logitech\G-series Software\LGDCore.exe" [2006-03-06 17:31 1122304]

"Launch LCDMon"="C:\Program Files\Logitech\G-series Software\LCDMon.exe" [2006-03-06 17:14 497152]

"NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-12-11 18:06 86016]

"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-12-11 18:06 8530464]

"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-12-11 18:06 81920]

"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]

"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-03-28 23:37 413696]

"H2O"="C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe" [2005-10-23 00:00 385024]

"MSConfig"="C:\Windows\system32\msconfig.exe" [2006-11-02 11:45 222208]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"IETI"="C:\Program Files\Skype\Phone\IEPlugin\unins000.exe" [ ]

C:\Users\Gebruiker\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 20:16:50 113664]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\

hpoddt01.exe.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [2003-04-06 02:06:58 28672]

Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2007-02-07 11:09:12 688128]

WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK.EXE [2007-11-30 12:10:00 394856]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"VIDC.XFR1"= xfcodec.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]

"{1A8D36FA-8CE3-4FEC-B69B-C912C7999EAA}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote

"{C87DB5E4-2227-4CAE-B52C-2483E4D773C6}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote

"TCP Query User{8572DDA9-F6B4-4473-8A6A-279D472979B6}C:\\program files\\ubisoft\\ghost recon advanced warfighter\\graw.exe"= UDP:C:\program files\ubisoft\ghost recon advanced warfighter\graw.exe:GRAW

"UDP Query User{5EC14AB4-C99E-487D-BEC5-622B873195B1}C:\\program files\\ubisoft\\ghost recon advanced warfighter\\graw.exe"= TCP:C:\program files\ubisoft\ghost recon advanced warfighter\graw.exe:GRAW

"TCP Query User{4396441A-4E94-4741-8FF4-12E6363B6A0B}C:\\program files\\steam\\steamapps\\nick666666\\counter-strike source\\hl2.exe"= UDP:C:\program files\steam\steamapps\nick666666\counter-strike source\hl2.exe:hl2

"UDP Query User{E4BBC0E5-76EA-41CB-87DF-E5DECD5DF687}C:\\program files\\steam\\steamapps\\nick666666\\counter-strike source\\hl2.exe"= TCP:C:\program files\steam\steamapps\nick666666\counter-strike source\hl2.exe:hl2

"TCP Query User{AA7CDB95-BEBF-40C0-A08C-1862FB4857D5}C:\\program files\\xfire\\xfire.exe"= UDP:C:\program files\xfire\xfire.exe:Xfire

"UDP Query User{70A9E81E-DADC-4499-87B8-078C5939137F}C:\\program files\\xfire\\xfire.exe"= TCP:C:\program files\xfire\xfire.exe:Xfire

"TCP Query User{17D16367-047A-40D4-BCAE-1E14A0E7A1B6}C:\\program files\\xfire\\xfire.exe"= UDP:C:\program files\xfire\xfire.exe:Xfire

"UDP Query User{20A171BA-C8CF-4CA4-B82C-FD91FAC173EB}C:\\program files\\xfire\\xfire.exe"= TCP:C:\program files\xfire\xfire.exe:Xfire

"TCP Query User{5E09A163-55AD-4E65-A05A-7A8F872D4360}C:\\program files\\soulseek\\slsk.exe"= UDP:C:\program files\soulseek\slsk.exe:SoulSeek

"UDP Query User{D730F156-2745-4213-8E92-6CFB92EDBCFF}C:\\program files\\soulseek\\slsk.exe"= TCP:C:\program files\soulseek\slsk.exe:SoulSeek

"TCP Query User{87E64911-8D47-4514-971E-7965FB85BEF7}C:\\program files\\itunes\\itunes.exe"= UDP:C:\program files\itunes\itunes.exe:iTunes

"UDP Query User{47F59B95-484C-4389-BA16-1A32D5161B23}C:\\program files\\itunes\\itunes.exe"= TCP:C:\program files\itunes\itunes.exe:iTunes

"TCP Query User{52AC91C3-AA89-4179-934A-56807B6E75EC}C:\\program files\\skype\\phone\\skype.exe"= UDP:C:\program files\skype\phone\skype.exe:Skype. Take a deep breath

"UDP Query User{950A01E9-40D4-4B7C-8E41-9973E89A63F5}C:\\program files\\skype\\phone\\skype.exe"= TCP:C:\program files\skype\phone\skype.exe:Skype. Take a deep breath

"{EBEECBFF-02BF-417E-A65A-C6E01A96A74B}"= UDP:C:\Program Files\EA GAMES\Battlefield 2\BF2.exe:Battlefield 2

"{64F8D304-B67D-4DF8-8B1D-2361EC0D0331}"= TCP:C:\Program Files\EA GAMES\Battlefield 2\BF2.exe:Battlefield 2

"TCP Query User{35257F3B-9EFB-42D6-9F61-DE389F7E3D35}C:\\program files\\gadu-gadu\\gg.exe"= UDP:C:\program files\gadu-gadu\gg.exe:Gadu-Gadu - program glówny

"UDP Query User{AC6090B9-26DE-4462-9E4F-0F51F8CE3183}C:\\program files\\gadu-gadu\\gg.exe"= TCP:C:\program files\gadu-gadu\gg.exe:Gadu-Gadu - program glówny

"TCP Query User{B3008EE7-A7BA-470A-9BAB-191DF84E5BCD}C:\\program files\\mozilla firefox\\firefox.exe"= UDP:C:\program files\mozilla firefox\firefox.exe:Firefox

"UDP Query User{43B5EE16-D133-4E29-8B06-91FC329128F2}C:\\program files\\mozilla firefox\\firefox.exe"= TCP:C:\program files\mozilla firefox\firefox.exe:Firefox

"TCP Query User{EDBE7D4E-ABD8-4978-AD55-BB22E0AC19DA}C:\\program files\\steam\\steamapps\\nick666666\\the ship\\ship.exe"= UDP:C:\program files\steam\steamapps\nick666666\the ship\ship.exe:ship

"UDP Query User{A9AE29FD-9BED-4695-BC21-73CAE93896F5}C:\\program files\\steam\\steamapps\\nick666666\\the ship\\ship.exe"= TCP:C:\program files\steam\steamapps\nick666666\the ship\ship.exe:ship

"{5E181511-B339-4D52-93EF-9AA75297CE79}"= UDP:C:\Program Files\Steam\Steam.exe:Steam

"{042AD0FA-8595-4F8C-BE6A-9EFFFD94C43F}"= TCP:C:\Program Files\Steam\Steam.exe:Steam

"TCP Query User{4B39252F-D558-41EC-A47D-2B8000E0045F}C:\\program files\\steam\\steamapps\\nick666666\\counter-strike source\\hl2.exe"= UDP:C:\program files\steam\steamapps\nick666666\counter-strike source\hl2.exe:hl2

"UDP Query User{7C80BD88-7A40-430F-B688-4515BE0DCCEA}C:\\program files\\steam\\steamapps\\nick666666\\counter-strike source\\hl2.exe"= TCP:C:\program files\steam\steamapps\nick666666\counter-strike source\hl2.exe:hl2

"{B5DF3C23-6FAE-4A24-BBC1-73789BCECF9D}"= UDP:C:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\Crysis.exe:Crysis_32

"{940BE13C-B67D-4128-9BF7-A54B3FD9F880}"= TCP:C:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\Crysis.exe:Crysis_32

"{F5B2E5CA-FD8D-4BB5-B7E4-1B95D9EB2534}"= UDP:C:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\CrysisDedicatedServer.exe:CrysisDedicatedServer_32

"{ECE2F229-2FF8-46C7-9FBB-23809E484BF0}"= TCP:C:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\CrysisDedicatedServer.exe:CrysisDedicatedServer_32

"{31227CFE-36D7-47B2-998C-059520D40630}"= UDP:C:\Windows\System32\PnkBstrA.exe:PnkBstrA

"{6C550B3C-1822-44D0-8C72-F8AE4216118A}"= TCP:C:\Windows\System32\PnkBstrA.exe:PnkBstrA

"{D17637C9-F640-4C8C-B672-5D6DA93043F5}"= UDP:C:\Windows\System32\PnkBstrB.exe:PnkBstrB

"{1D77289A-F01A-491E-B30D-3734FD81298C}"= TCP:C:\Windows\System32\PnkBstrB.exe:PnkBstrB

"{BB403085-076C-45B0-AE3C-633A5DD2DBB9}"= UDP:C:\Program Files\Frets on Fire\FretsOnFire.exe:Frets on Fire

"{D9262D7A-275E-4233-98B4-9EF6C4C55D04}"= TCP:C:\Program Files\Frets on Fire\FretsOnFire.exe:Frets on Fire

"TCP Query User{5AA0A669-391C-4A0D-80FF-93A3BF81FDD4}C:\\program files\\steam\\steamapps\\nick666666\\counter-strike\\hl.exe"= UDP:C:\program files\steam\steamapps\nick666666\counter-strike\hl.exe:Half-Life Launcher

"UDP Query User{FB44FEF9-F046-4AF6-B67F-A332825C0377}C:\\program files\\steam\\steamapps\\nick666666\\counter-strike\\hl.exe"= TCP:C:\program files\steam\steamapps\nick666666\counter-strike\hl.exe:Half-Life Launcher

"{43F8661C-8EDA-4BF1-8430-6C3B423B17C1}"= UDP:C:\Program Files\Sports Interactive\Football Manager 2008\fm.exe:Football Manager 2008

"{536B068E-C8AD-4555-B800-80B1520253ED}"= TCP:C:\Program Files\Sports Interactive\Football Manager 2008\fm.exe:Football Manager 2008

"TCP Query User{316CB0B9-1D77-462A-94F0-6305A72D73D4}C:\\softimage\\xsi_6_mod_tool\\application\\bin\\xsi.exe"= UDP:C:\softimage\xsi_6_mod_tool\application\bin\xsi.exe:XSI

"UDP Query User{1E2169F9-8345-4395-B2C7-9DC3AB8BA376}C:\\softimage\\xsi_6_mod_tool\\application\\bin\\xsi.exe"= TCP:C:\softimage\xsi_6_mod_tool\application\bin\xsi.exe:XSI

"TCP Query User{063545B5-9374-44D2-90C1-AF7D12B03D30}C:\\program files\\steam\\steamapps\\yamayamauchiman\\counter-strike source\\hl2.exe"= UDP:C:\program files\steam\steamapps\yamayamauchiman\counter-strike source\hl2.exe:hl2

"UDP Query User{01DE6D03-69DB-4B5C-BA88-8667C30FB5E8}C:\\program files\\steam\\steamapps\\yamayamauchiman\\counter-strike source\\hl2.exe"= TCP:C:\program files\steam\steamapps\yamayamauchiman\counter-strike source\hl2.exe:hl2

"TCP Query User{602A9105-9282-414A-86AA-B457BBFA8ED0}C:\\program files\\steam\\steamapps\\nick666666\\half-life 2 deathmatch\\hl2.exe"= UDP:C:\program files\steam\steamapps\nick666666\half-life 2 deathmatch\hl2.exe:hl2

"UDP Query User{FA60463A-960E-4F7B-832C-1C8714B33535}C:\\program files\\steam\\steamapps\\nick666666\\half-life 2 deathmatch\\hl2.exe"= TCP:C:\program files\steam\steamapps\nick666666\half-life 2 deathmatch\hl2.exe:hl2

"TCP Query User{211CB6D8-6FF8-40FA-903B-34552DD904C1}C:\\program files\\steam\\steamapps\\nick666666\\source sdk base\\hl2.exe"= UDP:C:\program files\steam\steamapps\nick666666\source sdk base\hl2.exe:hl2

"UDP Query User{F5791B61-4601-4B09-8723-FB82216AD45A}C:\\program files\\steam\\steamapps\\nick666666\\source sdk base\\hl2.exe"= TCP:C:\program files\steam\steamapps\nick666666\source sdk base\hl2.exe:hl2

"TCP Query User{5DBF91F7-AEA9-4908-BF5D-3812EB10FCB4}C:\\program files\\steam\\steamapps\\nick666666\\condition zero deleted scenes\\hl.exe"= UDP:C:\program files\steam\steamapps\nick666666\condition zero deleted scenes\hl.exe:Half-Life Launcher

"UDP Query User{C6E4164D-C1D4-4005-A040-FDA0E91ACB17}C:\\program files\\steam\\steamapps\\nick666666\\condition zero deleted scenes\\hl.exe"= TCP:C:\program files\steam\steamapps\nick666666\condition zero deleted scenes\hl.exe:Half-Life Launcher

"{EAC02982-0D55-4960-A77E-B7F972B22110}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)

"TCP Query User{C2B77459-6683-43B5-89D3-727092769F60}C:\\program files\\soulseek\\slsk.exe"= UDP:C:\program files\soulseek\slsk.exe:SoulSeek

"UDP Query User{0466222E-E6D0-4E99-B246-D90F12A2D333}C:\\program files\\soulseek\\slsk.exe"= TCP:C:\program files\soulseek\slsk.exe:SoulSeek

"{F36D4ADC-A766-456C-B68A-56ECB8D1EF1D}"= UDP:C:\Program Files\Winamp Remote\bin\Orb.exe:Orb

"{9B3A8E2C-63A8-40FD-B9FF-CDFDB1AD3278}"= TCP:C:\Program Files\Winamp Remote\bin\Orb.exe:Orb

"{ACB9517D-C069-4378-B746-F619EA2ACF55}"= UDP:C:\Program Files\Winamp Remote\bin\OrbTray.exe:OrbTray

"{0496D2C2-AE75-43AE-8749-3B2234D83776}"= TCP:C:\Program Files\Winamp Remote\bin\OrbTray.exe:OrbTray

"{FA999F59-A181-4ED7-88F1-78C293850EBA}"= UDP:C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe:Orb Stream Client

"{C4E7A534-7389-49F4-929F-FFD4FA930610}"= TCP:C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe:Orb Stream Client

"TCP Query User{07AF5DB2-E500-45E0-9CBD-7C69FAA103AD}C:\\program files\\steam\\steamapps\\common\\trackmania nations forever\\tmforever.exe"= UDP:C:\program files\steam\steamapps\common\trackmania nations forever\tmforever.exe:TmForever

"UDP Query User{59CD94CA-FF0C-4814-858B-128524C435B5}C:\\program files\\steam\\steamapps\\common\\trackmania nations forever\\tmforever.exe"= TCP:C:\program files\steam\steamapps\common\trackmania nations forever\tmforever.exe:TmForever

"TCP Query User{059158A1-EBC1-4E9B-8E0D-E948990C2502}C:\\program files\\limewire\\limewire.exe"= UDP:C:\program files\limewire\limewire.exe:LimeWire

"UDP Query User{9D39BD15-C186-4E5D-A72D-910D16A19CB6}C:\\program files\\limewire\\limewire.exe"= TCP:C:\program files\limewire\limewire.exe:LimeWire

"TCP Query User{C38A28B5-1507-442F-9CFE-CCB61FD607F2}C:\\program files\\steam\\steamapps\\nick666666\\source dedicated server\\srcds.exe"= UDP:C:\program files\steam\steamapps\nick666666\source dedicated server\srcds.exe:srcds

"UDP Query User{D3674341-A844-4496-84A2-4BE10D301BB8}C:\\program files\\steam\\steamapps\\nick666666\\source dedicated server\\srcds.exe"= TCP:C:\program files\steam\steamapps\nick666666\source dedicated server\srcds.exe:srcds

"TCP Query User{E6A315A5-E35C-4FC0-A399-1B8B990E5B2F}C:\\srcds\\srcds.exe"= UDP:C:\srcds\srcds.exe:srcds

"UDP Query User{F0F87535-65E4-4C5D-98A2-B8F216169B29}C:\\srcds\\srcds.exe"= TCP:C:\srcds\srcds.exe:srcds

"{489AC6C2-6CE3-4A31-9362-5BF756451D06}"= TCP:27015:CSS1

"{ED9011AB-1AEA-438E-A23C-F34246F7C76A}"= UDP:27015:CSS2

"TCP Query User{D31A81D2-6311-4159-B2A7-E7D84E5686D9}C:\\program files\\steam\\steamapps\\nick666666\\team fortress 2\\hl2.exe"= UDP:C:\program files\steam\steamapps\nick666666\team fortress 2\hl2.exe:hl2

"UDP Query User{87F324CC-58FE-409A-BAF0-011F7CE2B57A}C:\\program files\\steam\\steamapps\\nick666666\\team fortress 2\\hl2.exe"= TCP:C:\program files\steam\steamapps\nick666666\team fortress 2\hl2.exe:hl2

"{6FFFC489-F3C8-4BDC-9131-B048C8707EEA}"= UDP:C:\Program Files\Winamp Remote\bin\OrbIR.exe:OrbIR

"{A41A6806-8362-480D-B437-D025CC41A71A}"= TCP:C:\Program Files\Winamp Remote\bin\OrbIR.exe:OrbIR

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]

"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

R0 AFS;AFS;C:\Windows\system32\drivers\AFS.sys [2007-02-13 13:03]

R1 aswSP;avast! Self Protection;C:\Windows\system32\drivers\aswSP.sys [2008-03-29 19:31]

R2 aswFsBlk;aswFsBlk;C:\Windows\system32\DRIVERS\aswFsBlk.sys [2008-03-29 19:35]

R2 aswMonFlt;aswMonFlt;C:\Windows\system32\DRIVERS\aswMonFlt.sys [2008-03-29 19:32]

R3 CLEDX;Team H2O CLEDX service;C:\Windows\system32\DRIVERS\cledx.sys [2005-05-09 20:08]

R3 wacommousefilter;Wacom Mouse Filter Driver;C:\Windows\system32\DRIVERS\wacommousefilter.sys [2007-02-16 11:12]

R3 wacomvhid;Wacom Virtual Hid Driver;C:\Windows\system32\DRIVERS\wacomvhid.sys [2007-02-16 10:30]

R3 WacomVKHid;Virtual Keyboard Driver;C:\Windows\system32\DRIVERS\WacomVKHid.sys [2007-02-15 16:11]

S3 Steam Client Service;Steam Client Service;C:\Program Files\Common Files\Steam\SteamService.exe [2008-05-02 11:54]

*Newly Created Service* - CATCHME

.

Inhoud van de 'Gedeelde Taken' map

"2008-05-09 16:00:14 C:\Windows\Tasks\Norton Security Scan.job"

- C:\Program Files\Norton Security Scan\Nss.exe

.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-05-11 00:24:07

Windows 6.0.6000 NTFS

scannen van verborgen processen ...

scannen van verborgen autostart items ...

scannen van verborgen bestanden ...

Scan succesvol afgerond

verborgen bestanden: 0

**************************************************************************

.

Voltooingstijd: 2008-05-11 0:25:21

ComboFix-quarantined-files.txt 2008-05-10 22:24:57

Kan het bericht voor berichtnummer 0x2379 niet vinden in berichtenbestand voor Application.

Kan het bericht voor berichtnummer 0x2379 niet vinden in berichtenbestand voor Application.

257 --- E O F --- 2008-05-09 07:26:35

Bedankt, Naftrox

Link naar reactie
Delen op andere sites

Open een kladblokbestand.

Kopieer en plak daarin de onderstaande vetgedrukte tekst.

Folder::

C:\ProgramData\hjwpkqkn

C:\ProgramData\fgtwrkro

Registry::

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{03AB0955-35A4-4460-85F5-D22136FEFA04}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{097EA6AB-BD49-4F9B-9158-D66C8112F291}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6D32261F-5293-4225-B49F-262A31523A41}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{94BCDF34-583C-4DB4-A8DD-BFC884161EBF}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D70C192A-1617-48F8-A3CA-F41157BC2E3C}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"cmds"=-

Sla dit bestand op je bureaublad op als CFScript.txt.

Sleep CFScript.txt in ComboFix.exe

Dit zal ComboFix doen herstarten. Start opnieuw op als dat gevraagd wordt.

Post na herstart de inhoud van de Combofix.txt in je volgende bericht samen met een nieuw logje van HijackThis.

Link naar reactie
Delen op andere sites

Gast
Dit topic is nu gesloten voor nieuwe reacties.

×
×
  • Nieuwe aanmaken...

Belangrijke informatie

We hebben cookies geplaatst op je toestel om deze website voor jou beter te kunnen maken. Je kunt de cookie instellingen aanpassen, anders gaan we er van uit dat het goed is om verder te gaan.