Ga naar inhoud

[OPGELOST] problemen

filkill
 Delen

Aanbevolen berichten

filkill Vergevorderde

filkill

Geplaatst:
Geplaatst:

Ik heb de laatste tijd weer veel last van reclame pagina's en popups

hier een logje

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 11:43:10, on 26/06/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe

C:\Program Files\Common Files\Logitech\Bluetooth\LBTSERV.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe

C:\WINDOWS\AGRSMMSG.exe

C:\HP\KBD\KBD.EXE

C:\WINDOWS\SOUNDMAN.EXE

C:\WINDOWS\system32\dla\tfswctrl.exe

C:\Program Files\Logitech\SetPoint\LBTWiz.exe

C:\Program Files\Logitech\Easy Synchronization\LogitechEasySync.exe

C:\Program Files\EncryptDrop Free Edition\EncryptDrop.exe

C:\Program Files\Creative\Shared Files\CAMTRAY.EXE

C:\Program Files\Winamp\winampa.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Skype\Phone\Skype.exe

C:\Program Files\Electronic Arts\EADM\Core.exe

C:\Program Files\DNA\btdna.exe

C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

C:\documents and settings\hilde\local settings\application data\vnofufme.exe

C:\Program Files\Winamp Remote\bin\OrbTray.exe

C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE

C:\Program Files\Logitech\SetPoint\SetPoint.exe

C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE

C:\WINDOWS\svcadmin.exe

C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe

C:\Program Files\Logitech\Easy Synchronization\servicestub.exe

C:\Program Files\Logitech\Easy Synchronization\LogitechEasySync.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe

C:\Program Files\CDBurnerXP\NMSAccessU.exe

C:\WINDOWS\system32\HPZipm12.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe

C:\Program Files\Skype\Plugin Manager\skypePM.exe

C:\WINDOWS\system32\WgaTray.exe

C:\Program Files\iPod\bin\iPodService.exe

c:\documents and settings\all users\menu start\programma's\opstarten\dllhost.exe

C:\WINDOWS\system32\p2pnetworking.exe

C:\Program Files\limewire\limewire.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"

O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe

O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE

O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe

O4 - HKLM\..\Run: [updateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE

O4 - HKLM\..\Run: [Logitech BT Wizard] LBTWiz.exe -silent

O4 - HKLM\..\Run: [Easy Synchronization] C:\Program Files\Logitech\Easy Synchronization\LogitechEasySync.exe

O4 - HKLM\..\Run: [encryptdrop] "C:\Program Files\EncryptDrop Free Edition\EncryptDrop.exe" /minimized

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Creative WebCam Tray] C:\Program Files\Creative\Shared Files\CAMTRAY.EXE

O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"

O4 - HKLM\..\RunOnce: [Easy Synchronization] C:\Program Files\Logitech\Easy Synchronization\LogitechEasySync.exe --ports

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"

O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized

O4 - HKCU\..\Run: [EA Core] "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent

O4 - HKCU\..\Run: [bitTorrent DNA] "C:\Program Files\DNA\btdna.exe"

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKCU\..\Run: [vnofufme] c:\documents and settings\hilde\local settings\application data\vnofufme.exe vnofufme

O4 - HKCU\..\Run: [Orb] "C:\Program Files\Winamp Remote\bin\OrbTray.exe" /background

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: BTTray.lnk = ?

O4 - Global Startup: dllhost.exe

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

O4 - Global Startup: Internet Explorer.lnk = C:\Program Files\Internet Explorer\IEXPLORE.EXE

O4 - Global Startup: Logitech SetPoint.lnk = ?

O4 - Global Startup: Snelstart HP Image Zone.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe

O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: Verzenden naar &Bluetooth-apparaat... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra button: In weblog opnemen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &In weblog opnemen met Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra button: Flash - {43CF38F3-5AEC-45a3-AD31-04EB06E9C6CA} - C:\Program Files\UnH Solutions\Flash Saving Plugin\FlashSButton.dll (HKCU)

O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.nl/scanforvirus-en/kavwebscan_unicode.cab

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1197064011015

O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game04.zylom.com/activex/zylomgamesplayer.cab

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Anyplace Control Security - Unknown owner - C:\WINDOWS\svcadmin.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTSERV.EXE

O23 - Service: Logitech Easy Synchronization - Unknown owner - C:\Program Files\Logitech\Easy Synchronization\servicestub.exe

O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe

O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

--

End of file - 10497 bytes

Link naar reactie
Delen op andere sites
  • Reacties 58
  • Aangemaakt
  • Laatste reactie

Beste reacties in dit topic

Populaire dagen

Beste reacties in dit topic

Populaire dagen

Geplaatste afbeeldingen

kape Grootmeester

kape

Geplaatst:
Geplaatst:

Tja, daar heb je weer wat "rommel" biinnengehaald.

Schakel Spybot's TeaTimer even uit, omdat deze de fix in de weg kan zitten:

- Start Spybot

- Ga naar Mode > selecteer Advanced Mode

- Ga naar Tools en klik op het Resident-icoon in de lijst

- Haal het vinkje weg bij Resident TeaTimer en klik OK

- Herstart de computer

Download vervolgensResetTeaTimer.bat naar je Bureaublad.

Dubbelklik op ResetTeaTimer.bat om alle entries in TeaTimer te verwijderen.

Als de computer schoon is, kun je TeaTimer weer aan zetten

Start Hijackthis op en kies voor 'Do a system scan only'. Selecteer alleen de items hieronder genoemd:

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O4 - HKCU\..\Run: [vnofufme] c:\documents and settings\hilde\local settings\application data\vnofufme.exe vnofufme

O4 - Global Startup: BTTray.lnk = ?

O4 - Global Startup: dllhost.exe

O23 - Service: Anyplace Control Security - Unknown owner - C:\WINDOWS\svcadmin.exe

Klik op 'Fix checked' om de items te verwijderen.

Verwijder volgende vetgedrukte bestanden met Windows Verkenner

C:\WINDOWS\system32\p2pnetworking.exe

C:\WINDOWS\svcadmin.exe

C:\documents and settings\hilde\local settings\application data\vnofufme.exe

Download MBAM (Malwarebytes' Anti-Malware).

Dubbelklik op mbam-setup.exe om het programma te installeren.

Zorg ervoor dat er een vinkje geplaatst is voor Update Malwarebytes' Anti-Malware en Start Malwarebytes' Anti-Malware, Klik daarna op "Voltooien".

Indien een update gevonden werd, zal die gedownload en geïnstalleerd worden.

Wanneer het programma volledig up to date is, selecteer dan in het tabblad Scanner : "Snelle Scan", daarna klik op Scan.

Het scannen kan een tijdje duren, dus wees geduldig.

Wanneer de scan voltooid is, klik op OK, daarna "Bekijk Resultaten" om de resultaten te zien.

Zorg ervoor dat daar alles aangevinkt is, daarna klik op: Verwijder geselecteerde.

Na het verwijderen zal een log openen en zal er gevraagd worden om de computer opnieuw op te starten. (Zie verder)

De log wordt automatisch bewaard door MBAM en kan je terugvinden door op de "Logs" tab te klikken in MBAM.

Indien MBAM moeilijkheden heeft met het verwijderen van bepaalde bestanden zal het enkele meldingen geven waar je OK moet klikken.Daarna zal het vragen om de Computer opnieuw op te starten... dus sta toe dat MBAM de computer opnieuw opstart.

Plak de inhoud van het logje in je volgende bericht, samen met een nieuw HijackThis log.

Link naar reactie
Delen op andere sites
filkill Vergevorderde

filkill

Geplaatst:
  • Auteur
Geplaatst:

logje mbam

Malwarebytes' Anti-Malware 1.18

Database versie: 893

16:35:01 26/06/2008

mbam-log-6-26-2008 (16-35-01).txt

Scan type: Snelle Scan

Objecten gescand: 40956

Verstreken tijd: 6 minute(s), 6 second(s)

Geheugenprocessen geïnfecteerd: 4

Geheugenmodulen geïnfecteerd: 4

Registersleutels geïnfecteerd: 20

Registerwaarden geïnfecteerd: 9

Registerdata bestanden geïnfecteerd: 3

Mappen geïnfecteerd: 5

Bestanden geïnfecteerd: 40

Geheugenprocessen geïnfecteerd:

C:\WINDOWS\VmFuIEhldWNrZWxvbSAtIFdpbGxlbXM\command.exe (AdWare.CommAd) -> Failed to unload process.

C:\WINDOWS\system32\rwwnw64d.exe (Adware.Agent) -> Unloaded process successfully.

C:\WINDOWS\system32\tcntaxdm.exe (Adware.Agent) -> Unloaded process successfully.

C:\WINDOWS\system32\p2pnetworking.exe (Worm.Fontra) -> Unloaded process successfully.

Geheugenmodulen geïnfecteerd:

C:\WINDOWS\system32\awttttTJ.dll (Trojan.Vundo) -> Unloaded module successfully.

C:\WINDOWS\system32\guvyaxdw.dll (Trojan.Vundo) -> Unloaded module successfully.

C:\WINDOWS\VmFuIEhldWNrZWxvbSAtIFdpbGxlbXM\asappsrv.dll (AdWare.CommAd) -> Unloaded module successfully.

C:\WINDOWS\system32\geBtTKDS.dll (Trojan.Vundo) -> Unloaded module successfully.

Registersleutels geïnfecteerd:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{f625a599-ebe0-4c87-9fdd-ab44f04ef7d7} (Trojan.Vundo) -> Delete on reboot.

HKEY_CLASSES_ROOT\CLSID\{f625a599-ebe0-4c87-9fdd-ab44f04ef7d7} (Trojan.Vundo) -> Delete on reboot.

HKEY_CLASSES_ROOT\CLSID\{f30b1b0b-c305-414e-a4ff-ac93a08de0ac} (Trojan.Vundo) -> Delete on reboot.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{f30b1b0b-c305-414e-a4ff-ac93a08de0ac} (Trojan.Vundo) -> Delete on reboot.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\gebttkds (Trojan.Vundo) -> Delete on reboot.

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\cmdservice (AdWare.CommAd) -> Delete on reboot.

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\cmdservice (AdWare.CommAd) -> Delete on reboot.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\cmdservice (AdWare.CommAd) -> Delete on reboot.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{a394e835-c8d6-4b4b-884b-d2709059f3be} (Trojan.Network.Monitor) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3877c2cd-f137-4144-bdb2-0a811492f920} (Trojan.Downloader) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{fb64e935-758a-0004-aa3f-0ba2ecef4ccf} (Adware.ClickSpring) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Deewoo Network Manager (Adware.Radio) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Malware.Trace) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\WR (Malware.Trace) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\Software\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Outerinfo (Adware.PurityScan) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Network Monitor (Trojan.Service) -> Quarantined and deleted successfully.

Registerwaarden geïnfecteerd:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\50175143 (Trojan.Vundo) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{f30b1b0b-c305-414e-a4ff-ac93a08de0ac} (Trojan.Vundo) -> Delete on reboot.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\{75-51-1E-EC-DW} (Adware.Agent) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ExploreUpdSched (Adware.Agent) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\Software\Mozilla\Firefox\Extensions\{59a40ac9-e67d-4155-b31d-4b7330fcd2d6} (Adware.PurityScan) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\Software\Microsoft\OLE\p2p networking (Backdoor.Bot) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\p2p networking (Backdoor.Bot) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices\p2p networking (Backdoor.Bot) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\BM532462df (Trojan.Agent) -> Delete on reboot.

Registerdata bestanden geïnfecteerd:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\awtttttj -> Delete on reboot.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\awtttttj -> Delete on reboot.

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Mappen geïnfecteerd:

C:\Program Files\Outerinfo (Adware.Outerinfo) -> Quarantined and deleted successfully.

C:\Program Files\Outerinfo\FF (Adware.Outerinfo) -> Quarantined and deleted successfully.

C:\Program Files\Outerinfo\FF\components (Adware.Outerinfo) -> Quarantined and deleted successfully.

C:\Program Files\Network Monitor (Trojan.DNSChanger) -> Quarantined and deleted successfully.

C:\Documents and Settings\LocalService\Application Data\NetMon (Trojan.NetMon) -> Quarantined and deleted successfully.

Bestanden geïnfecteerd:

C:\WINDOWS\system32\awttttTJ.dll (Trojan.Vundo) -> Delete on reboot.

C:\WINDOWS\system32\JTttttwa.ini (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\JTttttwa.ini2 (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\guvyaxdw.dll (Trojan.Vundo) -> Delete on reboot.

C:\WINDOWS\system32\wdxayvug.ini (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\WINDOWS\VmFuIEhldWNrZWxvbSAtIFdpbGxlbXM\asappsrv.dll (AdWare.CommAd) -> Delete on reboot.

C:\WINDOWS\system32\geBtTKDS.dll (Trojan.Vundo) -> Delete on reboot.

C:\WINDOWS\VmFuIEhldWNrZWxvbSAtIFdpbGxlbXM\command.exe (AdWare.CommAd) -> Delete on reboot.

C:\WINDOWS\system32\rwwnw64d.exe (Adware.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\tcntaxdm.exe (Adware.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\p2pnetworking.exe (Worm.Fontra) -> Quarantined and deleted successfully.

C:\Program Files\Setup.exe (Worm.Fontra) -> Quarantined and deleted successfully.

C:\Program Files\Track_03.exe (Worm.Fontra) -> Quarantined and deleted successfully.

C:\Program Files\uy.exe (Worm.Fontra) -> Quarantined and deleted successfully.

C:\Program Files\Video.exe (Worm.Fontra) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\iftuyszv.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\zwwfsn.dll (Adware.ClickSpring) -> Quarantined and deleted successfully.

C:\WINDOWS\mrofinu1000106.exe (Trojan.DownLoader) -> Quarantined and deleted successfully.

C:\Documents and Settings\Hilde\Local Settings\temp\cmdinst.exe (Trojan.Proxy) -> Quarantined and deleted successfully.

C:\Program Files\Outerinfo\FF\chrome.manifest (Adware.Outerinfo) -> Quarantined and deleted successfully.

C:\Program Files\Outerinfo\FF\install.rdf (Adware.Outerinfo) -> Quarantined and deleted successfully.

C:\Program Files\Outerinfo\FF\components\FF.dll (Adware.Outerinfo) -> Quarantined and deleted successfully.

C:\Program Files\Outerinfo\FF\components\OuterinfoAds.xpt (Adware.Outerinfo) -> Quarantined and deleted successfully.

C:\Documents and Settings\LocalService\Application Data\NetMon\domains.txt (Trojan.NetMon) -> Quarantined and deleted successfully.

C:\Documents and Settings\LocalService\Application Data\NetMon\log.txt (Trojan.NetMon) -> Quarantined and deleted successfully.

C:\Program Files\a.zip (Malware.Trace) -> Quarantined and deleted successfully.

C:\Program Files\A.ico (Malware.Trace) -> Quarantined and deleted successfully.

C:\Program Files\b.zip (Malware.Trace) -> Quarantined and deleted successfully.

C:\Program Files\B.ico (Malware.Trace) -> Quarantined and deleted successfully.

C:\Program Files\c.zip (Malware.Trace) -> Quarantined and deleted successfully.

C:\WINDOWS\cookies.ini (Malware.Trace) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\winpfz33.sys (Malware.Trace) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\wdqrnhjc.dll (Trojan.Agent) -> Delete on reboot.

C:\WINDOWS\system32\pac.txt (Malware.Trace) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\msnav32.ax (Malware.Trace) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\zxdnt3d.cfg (Malware.Trace) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\atmtd.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\atmtd.dll._ (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Program Files\Common Files\Yazzle1396OinUninstaller.exe (Adware.PurityScan) -> Quarantined and deleted successfully.

C:\WINDOWS\uninstall_nmon.vbs (Malware.Trace) -> Quarantined and deleted successfully.

Link naar reactie
Delen op andere sites
filkill Vergevorderde

filkill

Geplaatst:
  • Auteur
Geplaatst:

En hier het hijactis logje:

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 16:40:46, on 26/06/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe

C:\Program Files\Common Files\Logitech\Bluetooth\LBTSERV.EXE

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\System32\SCardSvr.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe

C:\WINDOWS\AGRSMMSG.exe

C:\HP\KBD\KBD.EXE

C:\WINDOWS\SOUNDMAN.EXE

C:\WINDOWS\system32\dla\tfswctrl.exe

C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe

C:\Program Files\Logitech\SetPoint\LBTWiz.exe

C:\Program Files\Logitech\Easy Synchronization\LogitechEasySync.exe

C:\Program Files\EncryptDrop Free Edition\EncryptDrop.exe

C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe

C:\Program Files\Creative\Shared Files\CAMTRAY.EXE

C:\Program Files\Winamp\winampa.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Skype\Phone\Skype.exe

C:\Program Files\Electronic Arts\EADM\Core.exe

C:\Program Files\DNA\btdna.exe

C:\Program Files\Winamp Remote\bin\OrbTray.exe

C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Program Files\Logitech\SetPoint\SetPoint.exe

C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE

C:\WINDOWS\VmFuIEhldWNrZWxvbSAtIFdpbGxlbXM\command.exe

C:\Program Files\Logitech\Easy Synchronization\servicestub.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe

C:\Program Files\Logitech\Easy Synchronization\LogitechEasySync.exe

C:\Program Files\CDBurnerXP\NMSAccessU.exe

C:\WINDOWS\system32\HPZipm12.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe

C:\WINDOWS\System32\alg.exe

C:\WINDOWS\system32\WgaTray.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

C:\Program Files\Skype\Plugin Manager\skypePM.exe

C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search

O2 - BHO: {2cc0c558-30cd-e27b-6574-287a144ea5b3} - {3b5ae441-a782-4756-b72e-dc03855c0cc2} - C:\WINDOWS\system32\jrbhugix.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"

O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe

O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE

O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe

O4 - HKLM\..\Run: [updateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE

O4 - HKLM\..\Run: [Logitech BT Wizard] LBTWiz.exe -silent

O4 - HKLM\..\Run: [Easy Synchronization] C:\Program Files\Logitech\Easy Synchronization\LogitechEasySync.exe

O4 - HKLM\..\Run: [encryptdrop] "C:\Program Files\EncryptDrop Free Edition\EncryptDrop.exe" /minimized

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Creative WebCam Tray] C:\Program Files\Creative\Shared Files\CAMTRAY.EXE

O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"

O4 - HKLM\..\RunOnce: [Easy Synchronization] C:\Program Files\Logitech\Easy Synchronization\LogitechEasySync.exe --ports

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"

O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized

O4 - HKCU\..\Run: [EA Core] "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent

O4 - HKCU\..\Run: [bitTorrent DNA] "C:\Program Files\DNA\btdna.exe"

O4 - HKCU\..\Run: [Orb] "C:\Program Files\Winamp Remote\bin\OrbTray.exe" /background

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Startup: Deewoo.lnk = C:\WINDOWS\system32\tcntaxdm.exe

O4 - Startup: DW_Start.lnk = C:\WINDOWS\system32\rwwnw64d.exe

O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

O4 - Global Startup: Internet Explorer.lnk = C:\Program Files\Internet Explorer\IEXPLORE.EXE

O4 - Global Startup: Logitech SetPoint.lnk = ?

O4 - Global Startup: Snelstart HP Image Zone.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe

O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: Verzenden naar &Bluetooth-apparaat... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra button: In weblog opnemen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &In weblog opnemen met Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra button: Flash - {43CF38F3-5AEC-45a3-AD31-04EB06E9C6CA} - C:\Program Files\UnH Solutions\Flash Saving Plugin\FlashSButton.dll (HKCU)

O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.nl/scanforvirus-en/kavwebscan_unicode.cab

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1197064011015

O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game04.zylom.com/activex/zylomgamesplayer.cab

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe

O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\VmFuIEhldWNrZWxvbSAtIFdpbGxlbXM\command.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTSERV.EXE

O23 - Service: Logitech Easy Synchronization - Unknown owner - C:\Program Files\Logitech\Easy Synchronization\servicestub.exe

O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe

O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

--

End of file - 10256 bytes

Link naar reactie
Delen op andere sites
kape Grootmeester

kape

Geplaatst:
Geplaatst:

Start Hijackthis op en kies voor 'Do a system scan only'. Selecteer alleen de items hieronder genoemd:

O2 - BHO: {2cc0c558-30cd-e27b-6574-287a144ea5b3} - {3b5ae441-a782-4756-b72e-dc03855c0cc2} - C:\WINDOWS\system32\jrbhugix.dll

O4 - Startup: Deewoo.lnk = C:\WINDOWS\system32\tcntaxdm.exe

Klik op 'Fix checked' om de items te verwijderen.

Verwijder volgende vetgedrukte map en/of bestand via Windows Verkenner

C:\WINDOWS\VmFuIEhldWNrZWxvbSAtIFdpbGxlbXM

C:\WINDOWS\system32\tcntaxdm.exe

Download Combofix en zet het op je Bureaublad.

Indien je Combofix al eerder hebt gebruikt, gelieve die versie te verwijderen en Combofix opnieuw te downloaden via bovenstaande link, want Combofix wordt dagelijks geupdate.

Dubbelklik op Combofix.exe en volg de instructies, aanvaard de disclaimer door y te typen. Tijdens het runnen van de fix, NIET in het venster klikken, want dit zal je pc doen vasthangen.

Wanneer de fix voltooid is en na herstart, zal de log combofix.txt openen.

Indien je, tijdens of na het downloaden van Combofix of tijdens het gebruik van Combofix een melding krijgt van je antivirus- of een andere realtime scanner, schakel dan deze scanner uit en download Combofix opnieuw.

Sommige scanners zien bepaalde componenten die Combofix gebruikt als verdacht en gaan deze blokkeren of verwijderen!

Hang het log van Combofix aan je volgende bericht, samen met een nieuw log van HiJackThis.

Link naar reactie
Delen op andere sites
filkill Vergevorderde

filkill

Geplaatst:
  • Auteur
Geplaatst:

DE combofix log:

ComboFix 08-06-20.4 - Hilde 2008-06-28 10:56:55.9 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.31.1043.18.524 [GMT 2:00]

Gestart vanuit: C:\Documents and Settings\Hilde\Bureaublad\ComboFix.exe

* Nieuw herstelpunt werd aangemaakt

.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\Program Files\ecurit~1

C:\Program Files\ecurit~1\?ecurity\

C:\Program Files\ecurit~1\javaw.exe

C:\Temp\1cb

C:\Temp\1cb\syscheck.log

C:\WINDOWS\BM532462df.xml

C:\WINDOWS\pskt.ini

C:\WINDOWS\system32\awttttTJ.dll

C:\WINDOWS\system32\crosof~1.net

C:\WINDOWS\system32\crosof~1.net\n?pdb.exe

C:\WINDOWS\system32\geBtTKDS.dll

C:\WINDOWS\system32\hljwugsf.bin

C:\WINDOWS\system32\JTttttwa.ini

C:\WINDOWS\system32\JTttttwa.ini2

C:\WINDOWS\system32\MSINET.oca

C:\WINDOWS\VmFuIEhldWNrZWxvbSAtIFdpbGxlbXM\

C:\WINDOWS\VmFuIEhldWNrZWxvbSAtIFdpbGxlbXM\\asappsrv.dll

C:\WINDOWS\VmFuIEhldWNrZWxvbSAtIFdpbGxlbXM\\command.exe

C:\WINDOWS\VmFuIEhldWNrZWxvbSAtIFdpbGxlbXM\\pAIRKH15xqhOtqUSvmEQKIxDv3U5vrg.vbs

C:\WINDOWS\VmFuIEhldWNrZWxvbSAtIFdpbGxlbXM\command.exe

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

-------\Legacy_CMDSERVICE

-------\Legacy_NETWORK_MONITOR

-------\Service_cmdService

(((((((((((((((((((( Bestanden Gemaakt van 2008-05-28 to 2008-06-28 ))))))))))))))))))))))))))))))

.

2009-04-15 05:12 . 2009-04-15 05:12 <DIR> d-------- C:\Documents and Settings\Hilde\Bluetooth Software

2009-04-15 05:06 . 2009-04-15 05:10 <DIR> d-------- C:\Documents and Settings\Hilde\Application Data\Logitech

2009-04-15 05:06 . 2005-10-05 12:00 47,104 --a------ C:\WINDOWS\system32\drivers\vserial.sys

2009-04-15 05:06 . 2006-12-22 16:50 27,536 --a------ C:\WINDOWS\system32\drivers\frmupgr.sys

2009-04-15 05:06 . 2005-10-05 12:00 18,167 --a------ C:\WINDOWS\system32\drivers\vsb.sys

2009-04-15 05:06 . 2009-04-15 05:06 0 --ah----- C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf

2009-04-15 05:06 . 2009-04-15 05:06 0 --ah----- C:\WINDOWS\system32\drivers\Msft_Kernel_LMouFilt_01005.Wdf

2009-04-15 05:05 . 2007-01-23 15:45 1,419,024 --a------ C:\WINDOWS\system32\WdfCoInstaller01005.dll

2009-04-15 05:05 . 2006-12-04 13:32 290,881 --a------ C:\WINDOWS\system32\BtCoreIf.dll

2009-04-15 05:05 . 2007-01-30 01:46 163,840 --a------ C:\WINDOWS\system32\kemutb.dll

2009-04-15 05:05 . 2007-01-30 01:46 135,168 --a------ C:\WINDOWS\system32\KemUtil.dll

2009-04-15 05:05 . 2007-01-30 01:46 110,592 --a------ C:\WINDOWS\system32\KemWnd.dll

2009-04-15 05:05 . 2007-01-23 15:44 101,136 --a------ C:\WINDOWS\KHALMNPR.Exe

2009-04-15 05:05 . 2007-01-30 01:46 69,632 --a------ C:\WINDOWS\system32\KemXML.dll

2009-04-15 05:05 . 2007-01-23 15:45 34,576 --a------ C:\WINDOWS\system32\drivers\LHidFilt.Sys

2009-04-15 05:05 . 2007-01-23 15:45 33,296 --a------ C:\WINDOWS\system32\drivers\LMouFilt.Sys

2009-04-15 05:04 . 2009-04-15 05:07 <DIR> d-------- C:\Program Files\Logitech

2009-04-15 05:04 . 2009-04-15 05:05 <DIR> d-------- C:\Program Files\Common Files\Logitech

2009-04-15 05:04 . 2009-04-15 05:06 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Logitech

2009-04-15 05:03 . 2009-04-15 05:03 <DIR> d-------- C:\Program Files\WIDCOMM

2009-04-15 05:03 . 2006-12-04 23:33 863,402 --a------ C:\WINDOWS\system32\drivers\btkrnl.sys

2009-04-15 05:03 . 2006-12-04 23:33 329,901 --a------ C:\WINDOWS\system32\drivers\btaudio.sys

2009-04-15 05:03 . 2006-12-04 23:33 106,557 --a------ C:\WINDOWS\system32\btw_ci.dll

2009-04-15 05:03 . 2006-12-04 23:33 67,672 --a------ C:\WINDOWS\system32\drivers\btwusb.sys

2009-04-15 05:03 . 2006-12-04 23:33 47,907 --a------ C:\WINDOWS\system32\drivers\btwhid.sys

2009-04-15 05:03 . 2006-12-04 23:33 30,459 --a------ C:\WINDOWS\system32\drivers\btport.sys

2009-04-14 22:30 . 2008-04-04 11:02 <DIR> d-------- C:\Documents and Settings\Hilde\Application Data\Microsoft Games

2009-04-14 22:29 . 2009-04-14 22:29 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Microsoft Games

2009-04-14 22:24 . 2008-04-24 18:50 <DIR> d-------- C:\Program Files\Microsoft Games

2008-06-28 10:34 . 2008-06-28 10:34 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\NFS Underground

2008-06-28 10:33 . 2008-06-28 10:33 <DIR> d-------- C:\Program Files\Common Files\DirectX

2008-06-26 16:39 . 2008-06-26 16:39 687,592 --a------ C:\WINDOWS\system32\atmtd.dll._

2008-06-26 16:39 . 2008-06-26 16:39 687,592 --a------ C:\WINDOWS\system32\atmtd.dll

2008-06-26 16:09 . 2008-06-26 16:09 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware

2008-06-26 16:09 . 2008-06-19 17:48 34,296 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys

2008-06-26 16:09 . 2008-06-19 17:47 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys

2008-06-26 14:48 . 2008-06-26 20:59 <DIR> dr-h----- C:\Documents and Settings\Hilde\Onlangs geopend

2008-06-26 14:43 . 2008-06-26 16:34 80,896 --------- C:\WINDOWS\system32\guvyaxdw.dll

2008-06-26 14:41 . 2008-06-26 14:41 106,496 --a------ C:\WINDOWS\system32\jrbhugix.dll

2008-06-26 14:39 . 2008-06-26 16:34 91,648 --------- C:\WINDOWS\system32\wdqrnhjc.dll

2008-06-26 14:34 . 2008-06-26 14:34 91,648 --a------ C:\WINDOWS\system32\kyeflojp.dll

2008-06-26 14:29 . 2008-06-26 14:29 213 --a------ C:\WINDOWS\system32\9425.bat

2008-06-26 14:28 . 2008-06-26 14:28 <DIR> d-------- C:\WINDOWS\system32\yrt

2008-06-26 14:28 . 2008-06-26 14:28 <DIR> d-------- C:\WINDOWS\system32\rov

2008-06-26 14:28 . 2008-06-26 14:28 <DIR> d-------- C:\WINDOWS\system32\pRI

2008-06-26 14:28 . 2008-06-26 14:28 <DIR> d-------- C:\WINDOWS\system32\modtrux07

2008-06-26 14:28 . 2008-06-26 14:28 <DIR> d-------- C:\WINDOWS\system32\cTMO

2008-06-26 14:28 . 2008-06-26 14:28 <DIR> d-------- C:\temp\syschk3

2008-06-26 11:26 . 2008-06-26 11:26 147,456 --a------ C:\WINDOWS\system32\vbzip10.dll

2008-06-25 14:58 . 2008-06-25 14:58 <DIR> d-------- C:\Program Files\Bullfrog

2008-06-25 13:20 . 2008-06-25 13:20 <DIR> d-------- C:\Program Files\Winamp Remote

2008-06-25 13:20 . 2008-06-26 09:20 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Winamp Toolbar

2008-06-25 13:20 . 2008-06-25 13:20 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\OrbNetworks

2008-06-25 13:20 . 2007-03-08 01:51 129,784 --------- C:\WINDOWS\system32\pxafs.dll

2008-06-25 13:20 . 2007-03-08 01:51 9,464 --------- C:\WINDOWS\system32\drivers\cdralw2k.sys

2008-06-25 13:20 . 2007-03-08 01:51 9,336 --------- C:\WINDOWS\system32\drivers\cdr4_xp.sys

2008-06-25 13:19 . 2008-06-25 13:21 <DIR> d-------- C:\Program Files\Winamp

2008-06-25 13:19 . 2008-06-25 13:27 <DIR> d-------- C:\Documents and Settings\Hilde\Application Data\Winamp

2008-06-25 13:05 . 2008-06-25 13:11 <DIR> d-------- C:\Program Files\SHOUTcast

2008-06-24 12:41 . 2008-06-24 14:25 <DIR> d-------- C:\Program Files\Dvd-to-mpeg

2008-06-24 12:34 . 2008-06-24 12:39 <DIR> d-------- C:\Program Files\Okoker DVD to iPod Converter

2008-06-24 12:34 . 2008-06-24 12:39 <DIR> d-------- C:\Okoker DVD to iPod Converter

2008-06-24 12:34 . 2006-08-10 15:16 2,435,613 --a------ C:\WINDOWS\system32\DvdRipper.ax

2008-06-24 12:34 . 2005-09-09 16:51 54,193 --a------ C:\WINDOWS\system32\pthreadGC2.dll

2008-06-24 12:34 . 2005-01-19 18:23 25,600 --a------ C:\WINDOWS\system32\AVSredirect.dll

2008-06-24 12:23 . 2008-06-24 12:23 <DIR> d-------- C:\Program Files\Common Files\Download Manager

2008-06-24 12:23 . 2008-06-24 12:23 <DIR> d-------- C:\Program Files\Avex

2008-06-24 12:20 . 2008-06-24 12:20 <DIR> d-------- C:\Program Files\Total Video Converter

2008-06-24 12:20 . 2000-05-22 22:58 608,448 --a------ C:\WINDOWS\system32\comctl32.ocx

2008-06-22 17:52 . 2008-06-22 17:52 <DIR> d-------- C:\Program Files\DVD Shrink

2008-06-22 17:52 . 2008-06-22 17:55 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\DVD Shrink

2008-06-22 14:09 . 2008-06-22 14:11 <DIR> d-------- C:\Program Files\Telemeter 3.0

2008-06-19 16:07 . 2008-06-22 14:12 <DIR> d-------- C:\Program Files\Anyplace Control 4

2008-06-19 16:07 . 2008-06-19 16:07 <DIR> d-------- C:\Documents and Settings\All Users\Anyplace Control 4

2008-06-19 16:07 . 2008-06-22 14:12 24 --a------ C:\WINDOWS\ShellIcon32.dll

2008-06-17 19:14 . 2008-06-17 19:14 <DIR> d-------- C:\Documents and Settings\Hilde\Application Data\Uniblue

2008-06-17 19:04 . 2008-06-17 19:04 <DIR> d-------- C:\Program Files\Hamachi

2008-06-17 19:04 . 2008-06-22 12:19 <DIR> d-------- C:\Documents and Settings\Hilde\Application Data\Hamachi

2008-06-17 19:04 . 2008-06-17 19:04 25,280 --a------ C:\WINDOWS\system32\drivers\hamachi.sys

2008-06-17 18:37 . 2008-06-17 18:37 <DIR> d-------- C:\Program Files\MegaSpoof

2008-06-17 18:37 . 2003-07-08 10:13 28,672 --a------ C:\WINDOWS\system32\sizelimit.ocx

2008-06-17 12:40 . 2008-06-17 12:40 <DIR> d-------- C:\Program Files\Apple Software Update

2008-06-17 12:26 . 2008-06-17 12:26 6,902 --a------ C:\WINDOWS\system32\ealregsnapshot1.reg

2008-06-15 09:32 . 2008-06-15 09:32 23,392 --a------ C:\WINDOWS\system32\nscompat.tlb

2008-06-15 09:32 . 2008-06-15 09:32 16,832 --a------ C:\WINDOWS\system32\amcompat.tlb

2008-06-14 19:42 . 2008-06-14 19:42 <DIR> d-------- C:\Program Files\Virgin Interactive Entertainment

2008-06-13 13:08 . 2008-06-13 13:08 <DIR> d-------- C:\Program Files\Opera

2008-06-07 18:52 . 2008-06-14 16:51 <DIR> d-------- C:\Program Files\Windows Media Connect 2

2008-06-07 18:51 . 2008-06-19 19:29 <DIR> d-------- C:\WINDOWS\system32\LogFiles

2008-06-07 18:51 . 2008-06-07 18:52 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF

2008-06-07 18:51 . 2008-06-07 18:52 <DIR> d-------- C:\484ec0d4b7f6e3203b

2008-06-07 18:50 . 2008-06-07 18:51 <DIR> d-------- C:\4bc826e18c0df54766f299ab

2008-06-05 19:18 . 2008-06-05 19:18 <DIR> d-------- C:\Documents and Settings\Hilde\Application Data\Jasc

2008-06-05 19:17 . 2008-06-05 19:17 <DIR> d-------- C:\Program Files\Jasc Software Inc

2008-06-04 20:39 . 2008-06-04 20:39 <DIR> d-------- C:\Program Files\VSO

2008-06-04 20:39 . 2008-06-04 20:53 <DIR> d-------- C:\Documents and Settings\Hilde\Application Data\Vso

2008-06-04 20:39 . 2004-05-04 12:53 1,645,320 --a------ C:\WINDOWS\gdiplus.dll

2008-06-04 20:39 . 2006-05-11 20:21 626,688 --a------ C:\WINDOWS\system32\vp7vfw.dll

2008-06-04 20:39 . 2006-09-29 13:24 217,127 --a------ C:\WINDOWS\system32\drv43260.dll

2008-06-04 20:39 . 2006-09-29 13:25 208,935 --a------ C:\WINDOWS\system32\drv33260.dll

2008-06-04 20:39 . 2006-09-29 13:26 176,165 --a------ C:\WINDOWS\system32\drv23260.dll

2008-06-04 20:39 . 2007-03-18 21:37 65,602 --a------ C:\WINDOWS\system32\cook3260.dll

2008-06-04 20:39 . 2008-06-04 20:39 47,360 --a------ C:\WINDOWS\system32\drivers\pcouffin.sys

2008-06-04 20:39 . 2008-06-04 20:39 47,360 --a------ C:\Documents and Settings\Hilde\Application Data\pcouffin.sys

2008-06-04 16:44 . 2008-06-04 16:44 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes

2008-05-31 19:18 . 2008-05-31 19:18 <DIR> d-------- C:\Documents and Settings\Hilde\Application Data\Creative

2008-05-31 19:16 . 1999-10-11 03:00 41,984 --------- C:\WINDOWS\Ctregrun.exe

2008-05-31 19:16 . 2004-08-03 22:58 5,504 --a------ C:\WINDOWS\system32\drivers\MSTEE.sys

2008-05-31 19:16 . 2004-08-03 22:58 5,504 --a--c--- C:\WINDOWS\system32\dllcache\mstee.sys

2008-05-31 19:14 . 2008-05-31 19:16 <DIR> d-------- C:\Program Files\Creative

2008-05-31 19:14 . 1998-11-13 13:08 308,224 --a------ C:\WINDOWS\IsUn0413.exe

2008-05-31 13:09 . 2008-05-31 13:10 <DIR> d-------- C:\Program Files\SubSync

2008-05-31 12:59 . 2008-05-31 12:59 <DIR> d-------- C:\Program Files\uTorrent

2008-05-31 12:59 . 2008-06-26 14:34 <DIR> d-------- C:\Documents and Settings\Hilde\Application Data\uTorrent

2008-05-31 09:46 . 2008-05-31 09:46 <DIR> d-------- C:\WINDOWS\system32\Adobe

2008-05-31 09:46 . 2008-06-04 18:00 <DIR> d-------- C:\Program Files\Norton Security Scan

2008-05-30 16:42 . 2008-05-30 16:43 <DIR> d-------- C:\WINDOWS\ERUNT

2008-05-30 10:16 . 2008-05-30 10:27 <DIR> d-------- C:\hilde

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-04-15 03:07 --------- d-----w C:\Documents and Settings\LocalService\Application Data\Logitech

2009-04-14 07:25 512 ----a-w C:\ScanSectorLog.dat

2008-06-28 09:03 --------- d-----w C:\Documents and Settings\Hilde\Application Data\Skype

2008-06-28 08:59 --------- d-----w C:\Documents and Settings\Hilde\Application Data\DNA

2008-06-28 08:40 --------- d-----w C:\Documents and Settings\Hilde\Application Data\skypePM

2008-06-28 08:24 --------- d-----w C:\Program Files\EA Games

2008-06-26 12:41 --------- d-----w C:\Documents and Settings\Hilde\Application Data\LimeWire

2008-06-26 12:34 --------- d-----w C:\Program Files\ArtMoney

2008-06-26 11:45 --------- d-----w C:\Program Files\Cheat Engine

2008-06-24 15:38 --------- d-----w C:\Documents and Settings\Hilde\Application Data\BitTorrent

2008-06-24 10:12 --------- d-----w C:\Program Files\Handbrake

2008-06-23 14:47 0 ----a-w C:\Program Files\temp01

2008-06-23 06:42 --------- d-----w C:\Program Files\DeskPins

2008-06-22 15:41 --------- d-----w C:\Program Files\Tetris Unlimited

2008-06-22 12:47 --------- d-----w C:\Program Files\FDRLab

2008-06-17 10:41 --------- d-----w C:\Documents and Settings\Hilde\Application Data\Apple Computer

2008-06-14 17:42 --------- d--h--w C:\Program Files\InstallShield Installation Information

2008-06-14 14:51 --------- d-----w C:\Program Files\WinXMedia

2008-06-07 16:35 --------- d-----w C:\Program Files\WinAVI Video Converter

2008-06-07 08:57 --------- d-----w C:\Program Files\Google

2008-06-06 15:08 --------- d-----w C:\Program Files\GoogleMon

2008-06-06 15:08 --------- d-----w C:\Program Files\GamesBar

2008-06-06 15:08 --------- d-----w C:\Program Files\Gamenext

2008-06-06 15:05 --------- d-----w C:\Program Files\Ice Cream Tycoon

2008-06-05 18:09 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard

2008-06-05 18:09 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft

2008-06-02 17:13 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy

2008-06-02 15:51 --------- d-----w C:\Program Files\Spybot - Search & Destroy

2008-05-31 11:09 73,216 ----a-w C:\WINDOWS\ST6UNST.EXE

2008-05-31 11:09 249,856 ------w C:\WINDOWS\Setup1.exe

2008-05-26 17:31 --------- d-----w C:\Documents and Settings\Hilde\Application Data\CDBurnerXP_Soft

2008-05-26 17:30 --------- d-----w C:\Program Files\CDBurnerXP

2008-05-24 15:55 --------- d-----w C:\Program Files\LimeWire

2008-05-24 13:08 --------- d-----w C:\Program Files\AV Music Morpher Gold

2008-05-24 13:01 --------- d-----w C:\Program Files\AV Vcs 6.0

2008-05-22 17:48 --------- d-----w C:\Documents and Settings\Hilde\Application Data\FrostWire

2008-05-21 11:12 481,532 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx

2008-05-21 11:12 35,874,080 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat

2008-05-21 11:12 212,444 --sha-w C:\WINDOWS\system32\drivers\fidbox2.idx

2008-05-21 11:12 2,254,624 --sha-w C:\WINDOWS\system32\drivers\fidbox2.dat

2008-05-16 17:04 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help

2008-05-15 15:23 --------- d-----w C:\Documents and Settings\Hilde\Application Data\dvdcss

2008-05-14 17:10 --------- d-----w C:\Program Files\FLV Player

2008-05-14 17:06 --------- d-----w C:\Program Files\My Video Downloader

2008-05-13 19:06 --------- d-----w C:\Program Files\Common Files\DVDVideoSoft

2008-05-13 19:04 --------- d-----w C:\Program Files\DVDVideoSoft

2008-05-13 19:02 --------- d-----w C:\Program Files\Xilisoft

2008-05-13 18:39 --------- d-----w C:\Program Files\Jocsoft

2008-05-09 15:27 --------- d-----w C:\Program Files\PhotoZoom Pro 2

2008-05-09 04:38 --------- d-----w C:\Program Files\Common Files\Adobe

2008-05-08 18:37 --------- d-----w C:\Documents and Settings\Hilde\Application Data\Malwarebytes

2008-05-08 15:10 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP

2008-05-07 15:33 --------- d-----w C:\Program Files\3D Flash Animator 4.9.8.4

2008-05-07 15:15 --------- d-----w C:\Documents and Settings\Hilde\Application Data\3DFA

2007-12-07 20:52 32 ----a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

REGEDIT4

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 02:03 15360]

"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-05-16 10:27 153136]

"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2008-02-01 18:22 21898024]

"EA Core"="C:\Program Files\Electronic Arts\EADM\Core.exe" [2008-06-13 18:27 2752512]

"BitTorrent DNA"="C:\Program Files\DNA\btdna.exe" [2008-05-08 12:10 289088]

"Orb"="C:\Program Files\Winamp Remote\bin\OrbTray.exe" [2008-04-01 03:54 507904]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2008-03-14 14:05 153136]

"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2008-03-14 14:05 49152]

"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]

"AGRSMMSG"="AGRSMMSG.exe" [2004-06-29 10:06 88363 C:\WINDOWS\AGRSMMSG.exe]

"KBD"="C:\HP\KBD\KBD.EXE" [2008-03-14 14:05 61440]

"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2005-01-07 18:07 61952 C:\WINDOWS\system32\HdAShCut.exe]

"SoundMan"="SOUNDMAN.EXE" [2006-07-21 17:14 86016 C:\WINDOWS\SoundMan.exe]

"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2008-03-14 14:05 118837]

"UpdateManager"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [2008-03-14 14:05 110592]

"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-03-14 14:05 385024]

"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-01-23 15:44 101136 C:\WINDOWS\KHALMNPR.Exe]

"Logitech BT Wizard"="LBTWiz.exe" []

"Easy Synchronization"="C:\Program Files\Logitech\Easy Synchronization\LogitechEasySync.exe" [2005-10-05 12:00 53248]

"encryptdrop"="C:\Program Files\EncryptDrop Free Edition\EncryptDrop.exe" [2005-10-17 02:51 150016]

"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]

"Creative WebCam Tray"="C:\Program Files\Creative\Shared Files\CAMTRAY.EXE" [2004-07-30 11:04 245760]

"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2008-04-01 20:49 36352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

"Easy Synchronization"="C:\Program Files\Logitech\Easy Synchronization\LogitechEasySync.exe" [2005-10-05 12:00 53248]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 02:03 15360]

C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\

Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2007-12-14 17:55:34 113664]

HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2004-11-04 20:28:24 258048]

Internet Explorer.lnk - C:\Program Files\Internet Explorer\IEXPLORE.EXE [2007-12-07 18:45:52 93184]

Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2009-04-15 05:05:03 688128]

Snelstart HP Image Zone.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [2004-11-04 20:50:52 53248]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]

c:\program files\common files\logitech\bluetooth\LBTWlgn.dll 2007-01-30 02:15 65536 c:\Program Files\Common Files\Logitech\Bluetooth\LBTWlgn.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"vidc.iv41"= C:\WINDOWS\system32\Ir41_32.ax

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]

@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]

@=""

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Google Updater.lnk]

path=C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\Google Updater.lnk

backup=C:\WINDOWS\pss\Google Updater.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ares]

C:\Program Files\Ares\Ares.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

--a------ 2008-03-14 14:05 267048 C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"TabletService"=2 (0x2)

"gusvc"=2 (0x2)

"Ati HotKey Poller"=2 (0x2)

"Apple Mobile Device"=2 (0x2)

"aawservice"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusDisableNotify"=dword:00000001

"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"C:\\Program Files\\Messenger\\msmsgs.exe"=

"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

"C:\\Program Files\\Electronic Arts\\Battlefield 2142\\BF2142.exe"=

"C:\\Program Files\\iTunes\\iTunes.exe"=

"C:\\Program Files\\DNA\\btdna.exe"=

"C:\\Program Files\\BitTorrent\\bittorrent.exe"=

"C:\\Program Files\\FrostWire\\FrostWire.exe"=

"C:\\Program Files\\LimeWire\\LimeWire.exe"=

"C:\\Program Files\\uTorrent\\uTorrent.exe"=

"C:\\Documents and Settings\\Hilde\\Bureaublad\\uTorrent.exe"=

"C:\\Program Files\\MAIET\\Gunz\\GunzLauncher.exe"=

"C:\\Program Files\\Counter-Strike 1.6\\hl.exe"=

"C:\\Program Files\\Electronic Arts\\EADM\\Core.exe"=

"C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE"=

"C:\\Program Files\\SHOUTcast\\sc_serv.exe"=

"C:\\Program Files\\Winamp Remote\\bin\\Orb.exe"=

"C:\\Program Files\\Winamp Remote\\bin\\OrbTray.exe"=

"C:\\Program Files\\Winamp Remote\\bin\\OrbStreamerClient.exe"=

"C:\\Program Files\\EA Games\\Battlefield 1942\\BF1942.exe"=

"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

R2 NMSAccessU;NMSAccessU;C:\Program Files\CDBurnerXP\NMSAccessU.exe [2008-03-09 11:20]

R3 ACSSCR;ACR38 Smart Card Reader;C:\WINDOWS\system32\DRIVERS\a38usb.sys [2006-03-24 20:14]

S3 P0630VID;Creative WebCam Live!;C:\WINDOWS\system32\DRIVERS\P0630Vid.sys [2004-07-30 03:55]

S3 XDva032;XDva032;C:\WINDOWS\system32\XDva032.sys []

S4 Anyplace Control Security;Anyplace Control Security;C:\WINDOWS\svcadmin.exe []

.

Inhoud van de 'Gedeelde Taken' map

"2008-06-17 10:40:31 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"

- C:\Program Files\Apple Software Update\SoftwareUpdate.exe

"2008-06-04 16:06:26 C:\WINDOWS\Tasks\Norton Security Scan.job"

- C:\Program Files\Norton Security Scan\Nss.exe

.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-06-28 11:02:21

Windows 5.1.2600 Service Pack 2 NTFS

scannen van verborgen processen ...

scannen van verborgen autostart items ...

scannen van verborgen bestanden ...

Scan succesvol afgerond

verborgen bestanden: 0

**************************************************************************

.

------------------------ Other Running Processes ------------------------

.

C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe

C:\Program Files\Common Files\Logitech\Bluetooth\LBTSERV.EXE

C:\WINDOWS\system32\scardsvr.exe

C:\Program Files\Logitech\SetPoint\LBTWiz.exe

C:\Program Files\Logitech\Easy Synchronization\servicestub.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe

C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.exe

C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe

C:\WINDOWS\system32\HPZipm12.exe

C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe

C:\Program Files\Skype\Plugin Manager\skypePM.exe

C:\WINDOWS\system32\WgaTray.exe

.

**************************************************************************

.

Voltooingstijd: 2008-06-28 11:08:35 - machine was rebooted

ComboFix-quarantined-files.txt 2008-06-28 09:08:32

ComboFix2.txt 2008-06-02 17:29:37

Pre-Run: 153,404,989,440 bytes beschikbaar

Post-Run: 153,359,671,296 bytes beschikbaar

347 --- E O F --- 2007-12-28 14:27:14

Link naar reactie
Delen op andere sites
filkill Vergevorderde

filkill

Geplaatst:
  • Auteur
Geplaatst:

En de hijactis log:

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 11:52:44, on 28/06/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe

C:\Program Files\Common Files\Logitech\Bluetooth\LBTSERV.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe

C:\WINDOWS\AGRSMMSG.exe

C:\HP\KBD\KBD.EXE

C:\WINDOWS\SOUNDMAN.EXE

C:\WINDOWS\system32\dla\tfswctrl.exe

C:\Program Files\Logitech\SetPoint\LBTWiz.exe

C:\Program Files\Logitech\Easy Synchronization\LogitechEasySync.exe

C:\Program Files\EncryptDrop Free Edition\EncryptDrop.exe

C:\Program Files\Creative\Shared Files\CAMTRAY.EXE

C:\Program Files\Winamp\winampa.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Skype\Phone\Skype.exe

C:\Program Files\Electronic Arts\EADM\Core.exe

C:\Program Files\DNA\btdna.exe

C:\Program Files\Winamp Remote\bin\OrbTray.exe

C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

C:\Program Files\Logitech\Easy Synchronization\servicestub.exe

C:\Program Files\Logitech\Easy Synchronization\LogitechEasySync.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe

C:\Program Files\CDBurnerXP\NMSAccessU.exe

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Program Files\Logitech\SetPoint\SetPoint.exe

C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE

C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe

C:\WINDOWS\system32\HPZipm12.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe

C:\Program Files\Skype\Plugin Manager\skypePM.exe

C:\WINDOWS\system32\WgaTray.exe

C:\WINDOWS\explorer.exe

C:\WINDOWS\system32\notepad.exe

C:\Program Files\internet explorer\iexplore.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"

O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe

O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE

O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe

O4 - HKLM\..\Run: [updateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE

O4 - HKLM\..\Run: [Logitech BT Wizard] LBTWiz.exe -silent

O4 - HKLM\..\Run: [Easy Synchronization] C:\Program Files\Logitech\Easy Synchronization\LogitechEasySync.exe

O4 - HKLM\..\Run: [encryptdrop] "C:\Program Files\EncryptDrop Free Edition\EncryptDrop.exe" /minimized

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Creative WebCam Tray] C:\Program Files\Creative\Shared Files\CAMTRAY.EXE

O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"

O4 - HKLM\..\RunOnce: [Easy Synchronization] C:\Program Files\Logitech\Easy Synchronization\LogitechEasySync.exe --ports

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"

O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized

O4 - HKCU\..\Run: [EA Core] "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent

O4 - HKCU\..\Run: [bitTorrent DNA] "C:\Program Files\DNA\btdna.exe"

O4 - HKCU\..\Run: [Orb] "C:\Program Files\Winamp Remote\bin\OrbTray.exe" /background

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Startup: DW_Start.lnk = C:\WINDOWS\system32\rwwnw64d.exe

O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

O4 - Global Startup: Internet Explorer.lnk = C:\Program Files\Internet Explorer\IEXPLORE.EXE

O4 - Global Startup: Logitech SetPoint.lnk = ?

O4 - Global Startup: Snelstart HP Image Zone.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe

O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: Verzenden naar &Bluetooth-apparaat... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra button: In weblog opnemen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &In weblog opnemen met Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra button: Flash - {43CF38F3-5AEC-45a3-AD31-04EB06E9C6CA} - C:\Program Files\UnH Solutions\Flash Saving Plugin\FlashSButton.dll (HKCU)

O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.nl/scanforvirus-en/kavwebscan_unicode.cab

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1197064011015

O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game04.zylom.com/activex/zylomgamesplayer.cab

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTSERV.EXE

O23 - Service: Logitech Easy Synchronization - Unknown owner - C:\Program Files\Logitech\Easy Synchronization\servicestub.exe

O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe

O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

--

End of file - 9626 bytes

Link naar reactie
Delen op andere sites
Gast
Dit topic is nu gesloten voor nieuwe reacties.
 Delen
Ga naar topic overzicht
Logo

OVER ONS

PC Helpforum helpt GRATIS computergebruikers sinds juli 2006. Ons team geeft via het forum professioneel antwoord op uw vragen en probeert uw pc problemen zo snel mogelijk op te lossen. Word lid vandaag, plaats je vraag online en het PC Helpforum-team helpt u graag verder!

SITEMAP

×
×
  • Nieuwe aanmaken...

Belangrijke informatie

We hebben cookies geplaatst op je toestel om deze website voor jou beter te kunnen maken. Je kunt de cookie instellingen aanpassen, anders gaan we er van uit dat het goed is om verder te gaan.