Ga naar inhoud

Aanbevolen berichten

Geplaatst:

Ik heb een probleem met internet. Het is te zeggen dat om de zoveel tijd een internetpagina wordt gestart met reklame op. Ik werk met firfox maar de reclame wordt steeds opgestart via microsoft explorer. Dit gebeurt om de zoveel minuten en dit is zeer storend. Kan iemand mij zeggen welk programma dit is ? Waarschijnlijk is dat ergens een aanhangsel geweest bij een andere download maar ik heb al alles nagekeken en vind het niet. Welk programma zou dit probleem kunnen veroorzaken ?

Dank

Eldritch

Geplaatst:

hallo ELDRITCH65

ik denk dat je een spyware probleem heb

even scannen met spybot sd

http://www.pc-helpforum.be/downloads/anti-spyware/9/spybot-search-destroy-54/

dat zal al een hoop schelen en evt een log van hijackthis plaatsen

pas wel op met dit programma en verwijder niks zelf want dit kan schadelijk zijn voor de pc

Download HiJackThis

Dubbelklik op HJTInstall.exe

Hijackthis wordt nu op je PC geïnstalleerd, een snelkoppeling wordt op je bureaublad geplaatst. Klik op "Do a systemscan and save a logfile". en hang dit logje aan je volgende bericht.

een medewerker van het forum zal de log bekijken en advies geven wat er evt weg zou kunnen

mvg carp

Geplaatst:

Ik heb gedaan zoals "carp" gevraagd had. Ik had reeds een spyware programma (spydoctor) maar heb voor het zekerste nog een ander gedownload (spyware search and destroy). Deze hebben een 27000 fouten gevonden vooral bij win32.agent.cmn meer bepaald op de locatie c:\windows\fonts\'\ alwaar duizenden zip bestanden staan. Deze directorie zie ik zelfs niet staan als ik manueel op die plaats ga kijken (verborgen bestanden staan aangeklikt). Maar het probleem is zowel bij spydoctor als bij spyware search and destroy als men vraagt om de problemen op te lossen dat beide programma's blokkeren. Ik heb vroeger al veel spyware verwijderd met de spywaredoctor maar nu blokkeert die ook en ik denk dat het vooral door die duizenden zip bestanden komt. Want nu is het zo dat als men op internet een pagina opendoet automatisch een andere pagina mee wordt geopend. ik krijg er grijs haar van en serieus op de heupen. Ik hoop dat u mij kunt verderhelpen desnoods als ik de boel moet herformateren is geen probleem.

Hieronder ook het logfile van hijack

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 11:07:46, on 30/12/2008

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16762)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Panda Security\Panda Global Protection 2009\TPSrv.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Sitecom\IVT BlueSoleil\BTNtService.exe

C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Program Files\Panda Security\Panda Global Protection 2009\PsCtrls.exe

C:\Program Files\Panda Security\Panda Global Protection 2009\PavFnSvr.exe

C:\Program Files\Common Files\Panda Security\PavShld\pavprsrv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\PnkBstrA.exe

C:\Program Files\Panda Security\Panda Global Protection 2009\PsImSvc.exe

C:\Program Files\Panda Security\Panda Global Protection 2009\PskSvc.exe

C:\WINDOWS\system32\tcpsvcs.exe

C:\WINDOWS\System32\snmp.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

C:\Program Files\Panda Security\Panda Global Protection 2009\pavsrv51.exe

C:\Program Files\Panda Security\Panda Global Protection 2009\AVENGINE.EXE

c:\program files\panda security\panda global protection 2009\firewall\PSHOST.EXE

C:\WINDOWS\system32\wscntfy.exe

C:\Program Files\Panda Security\Panda Global Protection 2009\PavBckPT.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\WINDOWS\system32\rundll32.exe

C:\WINDOWS\System32\regsvr32.exe

C:\Program Files\Logitech\Profiler\lwemon.exe

C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\system32\rundll32.exe

C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe

C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe

C:\WINDOWS\system32\msiexec.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Zita portaal | Nieuws | Entertainment | Lifestyle | Fun | Business

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mysystemexpert.com/search.htm

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.mysystemexpert.com/search.htm

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Telenet Internet

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://pac.telenet.be:8080

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen

R3 - URLSearchHook: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - (no file)

R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\2.bin\MWSSRCAS.DLL

R3 - URLSearchHook: (no name) - {47e161a0-f4ba-41dd-a17b-d2eb26ad6a02} - (no file)

R3 - URLSearchHook: (no name) - {d9c9a8c9-460d-4343-888e-ae02bcc3ce57} - (no file)

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O3 - Toolbar: (no name) - {db9d7a78-a76c-4bf2-97c6-258925ee1542} - (no file)

O3 - Toolbar: My Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\2.bin\MWSBAR.DLL

O3 - Toolbar: (no name) - {47e161a0-f4ba-41dd-a17b-d2eb26ad6a02} - (no file)

O3 - Toolbar: (no name) - {d9c9a8c9-460d-4343-888e-ae02bcc3ce57} - (no file)

O3 - Toolbar: ECO Bar - {10000000-1000-1000-1000-100000000000} - C:\Program Files\IEToolbar\ECO Bar\tbu02705\ecobar.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Security\Panda Global Protection 2009\APVXDWIN.EXE" /s

O4 - HKLM\..\Run: [sCANINICIO] "C:\Program Files\Panda Security\Panda Global Protection 2009\Inicio.exe"

O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE

O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto

O4 - HKLM\..\Run: [d4f5a1df] rundll32.exe "C:\WINDOWS\system32\nwednjmv.dll",b

O4 - HKLM\..\Run: [etmfubkvfoldpqb] C:\WINDOWS\System32\regsvr32.exe /s "C:\WINDOWS\system32\obkvgapopjawkl.dll"

O4 - HKLM\..\RunOnce: [spybot - Search & Destroy] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck

O4 - HKLM\..\RunOnce: [AskSBar Uninstall] rundll32 C:\PROGRA~1\UNINST~1.DLL,O -3

O4 - HKCU\..\Run: [start WingMan Profiler] "C:\Program Files\Logitech\Profiler\lwemon.exe" /noui

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe

O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html

O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZKfox000

O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: Gelijkwaardige pagina's - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html

O8 - Extra context menu item: Koppelingspagina's - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html

O8 - Extra context menu item: Opgeslagen momentopname van de pagina - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html

O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: (no name) - {53F6FCCD-9E22-4d71-86EA-6E43136192AB} - (no file)

O9 - Extra button: (no name) - {925DAB62-F9AC-4221-806A-057BFB1014AA} - (no file)

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper200711281.dll

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1225874385406

O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL rnmqwa.dll

O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\Sitecom\IVT BlueSoleil\BTNtService.exe

O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe

O23 - Service: Google Desktop Manager 5.7.806.10245 (GoogleDesktopManager-061008-081103) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Panda Software Controller - Panda Security, S.L. - C:\Program Files\Panda Security\Panda Global Protection 2009\PsCtrls.exe

O23 - Service: Panda Function Service (PAVFNSVR) - Panda Security, S.L. - C:\Program Files\Panda Security\Panda Global Protection 2009\PavFnSvr.exe

O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Security, S.L. - C:\Program Files\Common Files\Panda Security\PavShld\pavprsrv.exe

O23 - Service: Panda On-Access Anti-Malware Service (PAVSRV) - Panda Security, S.L. - C:\Program Files\Panda Security\Panda Global Protection 2009\pavsrv51.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe

O23 - Service: Panda Host Service (PSHost) - Panda Software International - c:\program files\panda security\panda global protection 2009\firewall\PSHOST.EXE

O23 - Service: Panda IManager Service (PSIMSVC) - Panda Security S.L. - C:\Program Files\Panda Security\Panda Global Protection 2009\PsImSvc.exe

O23 - Service: Panda PSK service (PskSvcRetail) - Panda Security, S.L. - C:\Program Files\Panda Security\Panda Global Protection 2009\PskSvc.exe

O23 - Service: Panda TPSrv (TPSrv) - Panda Security, S.L. - C:\Program Files\Panda Security\Panda Global Protection 2009\TPSrv.exe

O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

O23 - Service: UPnPService - Magix AG - C:\Program Files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe

--

End of file - 11980 bytes

Dank reeds voor het antwoord en de hulp

eldritch65

Geplaatst:

Sorry om even te moeten wachten, dit logje was ons blijkbaar even ontsnapt :s

Start Hijackthis op. Ben je gebruiker van Vista kies dan voor “Run as administrator" of "Uitvoeren als administrator". Selecteer “Do a system scan only”. Selecteer alleen de items die hieronder zijn genoemd:

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

R3 - URLSearchHook: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - (no file)

R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\2.bin\MWSSRCAS.DLL

R3 - URLSearchHook: (no name) - {47e161a0-f4ba-41dd-a17b-d2eb26ad6a02} - (no file)

R3 - URLSearchHook: (no name) - {d9c9a8c9-460d-4343-888e-ae02bcc3ce57} - (no file)

O3 - Toolbar: (no name) - {db9d7a78-a76c-4bf2-97c6-258925ee1542} - (no file)

O3 - Toolbar: My Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\2.bin\MWSBAR.DLL

O3 - Toolbar: (no name) - {47e161a0-f4ba-41dd-a17b-d2eb26ad6a02} - (no file)

O3 - Toolbar: (no name) - {d9c9a8c9-460d-4343-888e-ae02bcc3ce57} - (no file)

O4 - HKLM\..\Run: [d4f5a1df] rundll32.exe "C:\WINDOWS\system32\nwednjmv.dll",b

O4 - HKLM\..\Run: [etmfubkvfoldpqb] C:\WINDOWS\System32\regsvr32.exe /s "C:\WINDOWS\system32\obkvgapopjawkl.dll"

O4 - HKLM\..\RunOnce: [AskSBar Uninstall] rundll32 C:\PROGRA~1\UNINST~1.DLL,O -3

O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbar...tml?p=ZKfox000

O9 - Extra button: (no name) - {53F6FCCD-9E22-4d71-86EA-6E43136192AB} - (no file)

O9 - Extra button: (no name) - {925DAB62-F9AC-4221-806A-057BFB1014AA} - (no file)

O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL rnmqwa.dll

Klik op 'Fix checked' om de items te verwijderen.

Download MBAM (Malwarebytes' Anti-Malware).

Dubbelklik op mbam-setup.exe om het programma te installeren.

Zorg ervoor dat er een vinkje geplaatst is voor Update Malwarebytes' Anti-Malware en Start Malwarebytes' Anti-Malware, Klik daarna op "Voltooien".

Indien een update gevonden werd, zal die gedownload en geïnstalleerd worden.

Wanneer het programma volledig up to date is, selecteer dan in het tabblad Scanner : "Snelle Scan", daarna klik op Scan.

Het scannen kan een tijdje duren, dus wees geduldig.

Wanneer de scan voltooid is, klik op OK, daarna "Bekijk Resultaten" om de resultaten te zien.

Zorg ervoor dat daar alles aangevinkt is, daarna klik op: Verwijder geselecteerde.

Na het verwijderen zal een log openen en zal er gevraagd worden om de computer opnieuw op te starten. (Zie verder)

De log wordt automatisch bewaard door MBAM en kan je terugvinden door op de "Logs" tab te klikken in MBAM.

Indien MBAM moeilijkheden heeft met het verwijderen van bepaalde bestanden zal het enkele meldingen geven waar je OK moet klikken.

Daarna zal het vragen om de computeropnieuw op te starten... dus sta toe dat MBAM de computer opnieuw opstart.

Plak de inhoud van het logje in je volgende bericht, samen met een nieuw HijackThis log.

Geplaatst:

Hierbij de logs welke u gevraagd heeft. In eerste instantie de log van mbam en in tweede instantie de log van hijack

Malwarebytes' Anti-Malware 1.32

Database versie: 1618

Windows 5.1.2600 Service Pack 3

5/01/2009 18:02:02

mbam-log-2009-01-05 (18-02-02).txt

Scan type: Snelle Scan

Objecten gescand: 61944

Verstreken tijd: 6 minute(s), 55 second(s)

Geheugenprocessen geïnfecteerd: 0

Geheugenmodulen geïnfecteerd: 4

Registersleutels geïnfecteerd: 35

Registerwaarden geïnfecteerd: 1

Registerdata bestanden geïnfecteerd: 2

Mappen geïnfecteerd: 4

Bestanden geïnfecteerd: 33

Geheugenprocessen geïnfecteerd:

(Geen kwaadaardige items gevonden)

Geheugenmodulen geïnfecteerd:

C:\WINDOWS\system32\csuxpcrg.dll (Trojan.Vundo.H) -> Delete on reboot.

C:\WINDOWS\system32\jkkjIxvU.dll (Trojan.Vundo.H) -> Delete on reboot.

C:\WINDOWS\system32\fsinor.dll (Trojan.Vundo.H) -> Delete on reboot.

C:\WINDOWS\system32\iifcAqoO.dll (Trojan.Vundo) -> Delete on reboot.

Registersleutels geïnfecteerd:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0bbbcf35-e2e0-4d5b-968a-1acb65b8eb16} (Trojan.Vundo.H) -> Delete on reboot.

HKEY_CLASSES_ROOT\CLSID\{0bbbcf35-e2e0-4d5b-968a-1acb65b8eb16} (Trojan.Vundo.H) -> Delete on reboot.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{195e17c3-b80f-4519-8d1d-1fceac251f47} (Trojan.Vundo.H) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{195e17c3-b80f-4519-8d1d-1fceac251f47} (Trojan.Vundo.H) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{dd3ec823-d3a1-48b3-a18a-a1958795a18a} (Trojan.Vundo.H) -> Delete on reboot.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\iifcaqoo (Trojan.Vundo.H) -> Delete on reboot.

HKEY_CLASSES_ROOT\CLSID\{dd3ec823-d3a1-48b3-a18a-a1958795a18a} (Trojan.Vundo.H) -> Delete on reboot.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{dd3ec823-d3a1-48b3-a18a-a1958795a18a} (Trojan.Vundo) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{8cbb349a-6b7b-445b-8296-1586b859e942} (Trojan.BHO) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{a85ca9ae-00b0-49c3-ba80-bac3084e433e} (Trojan.BHO) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{b3bb269a-eb7b-4e5b-82d7-1518b8bae930} (Trojan.BHO) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{bb5c43ae-5ab0-49c3-ba5e-babd0842437f} (Trojan.BHO) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{cf54be1c-9359-4395-8533-1657cf209cfe} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{e67d5bc7-7129-493e-9281-f47bdaface4f} (Trojan.BHO) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{e79dfbcb-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Typelib\{2ee92bca-74c4-4d4b-88da-db9f9e3c9f93} (Trojan.BHO) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Typelib\{d518921a-4a03-425e-9873-b9a71756821e} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18ea1-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{25560540-9571-4d7b-9389-0f166788785a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3dc201fb-e9c9-499c-a11f-23c360d7c3f8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{9ff05104-b030-46fc-94b8-81276e4e27df} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\tbsb05288.ietoolbar (Trojan.BHO) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\tbsb05288.ietoolbar.1 (Trojan.BHO) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\tbsb05288.tbsb05288 (Trojan.BHO) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\tbsb05288.tbsb05288.3 (Trojan.BHO) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\instkey (Trojan.Vundo) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Registerwaarden geïnfecteerd:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{dd3ec823-d3a1-48b3-a18a-a1958795a18a} (Trojan.Vundo) -> Delete on reboot.

Registerdata bestanden geïnfecteerd:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\jkkjixvu -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\jkkjixvu -> Delete on reboot.

Mappen geïnfecteerd:

C:\Program Files\RelevantKnowledge (Spyware.Marketscore) -> Quarantined and deleted successfully.

C:\WINDOWS\Fonts\' (Trojan.Agent) -> Files: 26987 -> Quarantined and deleted successfully.

C:\Program Files\runit (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Documents and Settings\Eldritch\Application Data\gadcom (Trojan.Agent) -> Quarantined and deleted successfully.

Bestanden geïnfecteerd:

C:\WINDOWS\system32\jkkjIxvU.dll (Trojan.Vundo.H) -> Delete on reboot.

C:\WINDOWS\system32\UvxIjkkj.ini (Trojan.Vundo.H) -> Delete on reboot.

C:\WINDOWS\system32\UvxIjkkj.ini2 (Trojan.Vundo.H) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\fsinor.dll (Trojan.Vundo.H) -> Delete on reboot.

C:\WINDOWS\system32\iifcAqoO.dll (Trojan.Vundo.H) -> Delete on reboot.

C:\WINDOWS\system32\csuxpcrg.dll (Trojan.Vundo.H) -> Delete on reboot.

C:\WINDOWS\system32\grcpxusc.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.

C:\WINDOWS\ykgee3362.exe (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\c20232.exe (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\uscbl32136.exe (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\gncyq5.exe (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\hw5305.exe (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\prkndfhx.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\tkxure.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\slbstf.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\jbyulruc.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.

C:\Program Files\Internet Explorer\msimg32.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\Documents and Settings\Eldritch\Local Settings\Temporary Internet Files\Content.IE5\454DCPW5\upd105320[1] (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\Documents and Settings\Eldritch\Local Settings\Temporary Internet Files\Content.IE5\APNN7LZP\index[1] (Trojan.Vundo.H) -> Quarantined and deleted successfully.

C:\Documents and Settings\Eldritch\Local Settings\Temporary Internet Files\Content.IE5\S8AZJM4L\upd105320[1] (Trojan.Vundo.H) -> Quarantined and deleted successfully.

C:\Program Files\RelevantKnowledge\rlservice.exe (Spyware.Marketscore) -> Quarantined and deleted successfully.

C:\Program Files\runit\config.txt (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Program Files\runit\runitu_32.exe (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Program Files\runit\runit_32.exe (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\mcrh.tmp (Malware.Trace) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\c.ico (Malware.Trace) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\m.ico (Malware.Trace) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\p.ico (Malware.Trace) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\s.ico (Malware.Trace) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\pac.txt (Malware.Trace) -> Quarantined and deleted successfully.

C:\WINDOWS\adaway.lic (Rogue.AdwareAway) -> Quarantined and deleted successfully.

C:\Documents and Settings\Eldritch\Favorieten\SMS TRAP.url (Rogue.Link) -> Quarantined and deleted successfully.

C:\Documents and Settings\Eldritch\Menu Start\SMS TRAP.url (Rogue.Link) -> Quarantined and deleted successfully.

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 18:10:35, on 5/01/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16762)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Windows Defender\MsMpEng.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Panda Security\Panda Global Protection 2009\TPSrv.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\a-squared Anti-Malware\a2service.exe

C:\Program Files\Sitecom\IVT BlueSoleil\BTNtService.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Program Files\Panda Security\Panda Global Protection 2009\PsCtrls.exe

C:\Program Files\Panda Security\Panda Global Protection 2009\PavFnSvr.exe

C:\Program Files\Common Files\Panda Security\PavShld\pavprsrv.exe

C:\WINDOWS\system32\HPZipm12.exe

C:\WINDOWS\system32\PnkBstrA.exe

C:\Program Files\Panda Security\Panda Global Protection 2009\PsImSvc.exe

C:\Program Files\Panda Security\Panda Global Protection 2009\PskSvc.exe

C:\WINDOWS\system32\tcpsvcs.exe

C:\WINDOWS\System32\snmp.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

C:\Program Files\Panda Security\Panda Global Protection 2009\pavsrv51.exe

C:\Program Files\Panda Security\Panda Global Protection 2009\AVENGINE.EXE

c:\program files\panda security\panda global protection 2009\firewall\PSHOST.EXE

C:\WINDOWS\Explorer.EXE

C:\PROGRAM FILES\PANDA SECURITY\PANDA GLOBAL PROTECTION 2009\WebProxy.exe

C:\Program Files\Panda Security\Panda Global Protection 2009\APVXDWIN.EXE

C:\WINDOWS\system32\rundll32.exe

C:\Program Files\Windows Defender\MSASCui.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Program Files\Logitech\Profiler\lwemon.exe

C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Panda Security\Panda Global Protection 2009\SRVLOAD.EXE

C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe

C:\Program Files\Panda Security\Panda Global Protection 2009\PavBckPT.exe

C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe

C:\WINDOWS\system32\msiexec.exe

C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\knlwrap.exe

C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\iKernel.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Zita portaal | Nieuws | Entertainment | Lifestyle | Fun | Business

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mysystemexpert.com/search.htm

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.mysystemexpert.com/search.htm

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Telenet Internet

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://pac.telenet.be:8080

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen

O2 - BHO: (no name) - {4D754021-AF14-4A24-891E-3538EFADEE1A} - (no file)

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll

O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: (no name) - {D6874E2A-1F6D-48C8-B733-8A3388C93C71} - (no file)

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O3 - Toolbar: ECO Bar - {10000000-1000-1000-1000-100000000000} - (no file)

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Security\Panda Global Protection 2009\APVXDWIN.EXE" /s

O4 - HKLM\..\Run: [sCANINICIO] "C:\Program Files\Panda Security\Panda Global Protection 2009\Inicio.exe"

O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE

O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE

O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto

O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [a-squared] "C:\Program Files\a-squared Anti-Malware\a2guard.exe"

O4 - HKCU\..\Run: [start WingMan Profiler] "C:\Program Files\Logitech\Profiler\lwemon.exe" /noui

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe

O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1225874385406

O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll

O20 - AppInit_DLLs: fsinor.dll

O20 - Winlogon Notify: opnOigfF - opnOigfF.dll (file missing)

O23 - Service: a-squared Anti-Malware Service (a2AntiMalware) - Emsi Software GmbH - C:\Program Files\a-squared Anti-Malware\a2service.exe

O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\Sitecom\IVT BlueSoleil\BTNtService.exe

O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe

O23 - Service: Google Desktop Manager 5.7.806.10245 (GoogleDesktopManager-061008-081103) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Panda Software Controller - Panda Security, S.L. - C:\Program Files\Panda Security\Panda Global Protection 2009\PsCtrls.exe

O23 - Service: Panda Function Service (PAVFNSVR) - Panda Security, S.L. - C:\Program Files\Panda Security\Panda Global Protection 2009\PavFnSvr.exe

O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Security, S.L. - C:\Program Files\Common Files\Panda Security\PavShld\pavprsrv.exe

O23 - Service: Panda On-Access Anti-Malware Service (PAVSRV) - Panda Security, S.L. - C:\Program Files\Panda Security\Panda Global Protection 2009\pavsrv51.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

O23 - Service: Panda Host Service (PSHost) - Panda Software International - c:\program files\panda security\panda global protection 2009\firewall\PSHOST.EXE

O23 - Service: Panda IManager Service (PSIMSVC) - Panda Security S.L. - C:\Program Files\Panda Security\Panda Global Protection 2009\PsImSvc.exe

O23 - Service: Panda PSK service (PskSvcRetail) - Panda Security, S.L. - C:\Program Files\Panda Security\Panda Global Protection 2009\PskSvc.exe

O23 - Service: Panda TPSrv (TPSrv) - Panda Security, S.L. - C:\Program Files\Panda Security\Panda Global Protection 2009\TPSrv.exe

O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

O23 - Service: UPnPService - Magix AG - C:\Program Files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe

--

End of file - 10217 bytes

Bedant reeds voor de reaktie en de hulp

Eldritch

Geplaatst:

Start Hijackthis op. Ben je gebruiker van Vista kies dan voor “Run as administrator" of "Uitvoeren als administrator". Selecteer “Do a system scan only”. Selecteer alleen de items die hieronder zijn genoemd:

O2 - BHO: (no name) - {4D754021-AF14-4A24-891E-3538EFADEE1A} - (no file)

O2 - BHO: (no name) - {D6874E2A-1F6D-48C8-B733-8A3388C93C71} - (no file)

O3 - Toolbar: ECO Bar - {10000000-1000-1000-1000-100000000000} - (no file)

O20 - AppInit_DLLs: fsinor.dll

O20 - Winlogon Notify: opnOigfF - opnOigfF.dll (file missing)

Klik op 'Fix checked' om de items te verwijderen.

Download Combofix naar je Bureaublad.

OPMERKING: indien je, tijdens of na het downloaden van Combofix of tijdens het gebruik van Combofix een melding krijgt van je Antivirus- of een andere realtime scanner, schakel dan deze scanner uit en download Combofix opnieuw.

Sommige scanners zien bepaalde componenten die Combofix gebruikt als verdacht en gaan deze blokkeren of verwijderen!

  • Dubbelklik op Combofix.exe om het te starten.
    Indien je Combofix al eerder hebt gebruikt, kan je een waarschuwing krijgen dat een update beschikbaar is. Sta toe dat ComboFix wordt geupdate.
    Volg de instructies, aanvaard de disclaimer door op Ja te klikken.
    Indien de Recovery Console niet geïnstalleerd is, wordt je gevraagd om dit alsnog te doen door op JA te klikken in het "Query - Recovery Console" venster (enkel voor XP, niet voor VISTA).
    Klik op OK en Ja om automatisch de Recovery Console te laten installeren.
    Klik na afloop terug op Ja om het scannen op malware te starten.
    Tijdens het runnen van de fix, NIET in het venster klikken, want dit zal je pc doen vasthangen.

Wanneer de fix voltooid is en na herstart, zal de log Combofix.txt openen.

Post dit logje in je volgende antwoord, samen met een nieuw logje van HiJackThis.

Geplaatst:

Hierbij de twee gevraagde logs. Eerst de combofix en dan de hijack

ComboFix 09-01-05.05 - Eldritch 2009-01-06 21:21:55.1 - NTFSx86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.31.1043.18.1022.541 [GMT 1:00]

Gestart vanuit: c:\documents and settings\Eldritch\Bureaublad\ComboFix.exe

.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\documents and settings\Eldritch\Application Data\FunWebProducts

c:\documents and settings\Eldritch\Favorieten\Cheap Pharmacy Online.url

c:\documents and settings\Eldritch\Favorieten\Search Online.url

c:\documents and settings\Eldritch\Favorieten\VIP Casino.url

c:\documents and settings\Eldritch\Localdir

c:\documents and settings\Eldritch\Localdir\Setup.zip

c:\documents and settings\Eldritch\Localdir\winlogo.exe

c:\documents and settings\Eldritch\Menu Start\Cheap Pharmacy Online.url

c:\documents and settings\Eldritch\Menu Start\Search Online.url

c:\documents and settings\Eldritch\Menu Start\VIP Casino.url

c:\temp\1cb

c:\temp\1cb\syscheck.log

c:\windows\Fonts\a.zip

c:\windows\nohh06760.exe

c:\windows\system32\au3305adc.dll

c:\windows\system32\obkvgapopjawkl.dll

c:\windows\system32\qpXGOUvw.ini

c:\windows\system32\qpXGOUvw.ini2

c:\windows\system32\rfklrxqb.ini

c:\windows\system32\snuxmxom.ini

c:\windows\system32\togdrqrx.ini

c:\windows\system32\vmjndewn.ini

c:\windows\system32\xfvmcmgi.ini

c:\windows\system32\yqridnvx.ini

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

-------\Legacy_IPRIP

-------\Service_Iprip

(((((((((((((((((((( Bestanden Gemaakt van 2008-12-06 to 2009-01-06 ))))))))))))))))))))))))))))))

.

2009-01-05 17:52 . 2009-01-05 17:52 <DIR> d-------- c:\documents and settings\Eldritch\Application Data\Malwarebytes

2009-01-05 17:50 . 2009-01-05 17:52 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware

2009-01-05 17:50 . 2009-01-05 17:50 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes

2009-01-05 17:50 . 2009-01-04 18:41 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys

2009-01-05 17:50 . 2009-01-04 18:41 15,504 --a------ c:\windows\system32\drivers\mbam.sys

2009-01-04 16:33 . 2009-01-04 16:33 13,384,728 --a------ c:\windows\registry.zzz

2009-01-04 16:33 . 2009-01-04 16:33 13,384,728 --a------ c:\windows\registry.daz

2009-01-04 16:28 . 2009-01-04 16:28 <DIR> d-------- c:\program files\Microsoft Windows OneCare Live

2009-01-04 15:56 . 2009-01-04 16:13 <DIR> d-------- c:\program files\a-squared Anti-Malware

2009-01-04 15:32 . 2009-01-04 15:32 <DIR> d-------- c:\documents and settings\Eldritch\.housecall6.6

2009-01-04 15:32 . 2009-01-04 15:32 102,664 --a------ c:\windows\system32\drivers\tmcomm.sys

2009-01-04 13:54 . 2009-01-04 13:55 <DIR> d-------- c:\program files\Adware Away 3.0.1.cw

2009-01-04 13:39 . 2009-01-04 13:44 <DIR> d-------- c:\program files\Xoftspy_4.33_334

2009-01-04 13:10 . 2008-12-16 15:19 4,096 --a------ c:\windows\system32\drivers\Start2Driver.SYS

2009-01-04 12:28 . 2009-01-04 23:52 <DIR> dr-h----- c:\documents and settings\Eldritch\Onlangs geopend

2009-01-04 12:22 . 2009-01-04 12:23 <DIR> d-------- c:\program files\CCleaner

2009-01-04 12:22 . 2009-01-04 12:22 3,165,824 --a------ c:\documents and settings\ccsetup215.exe

2009-01-03 15:19 . 2009-01-03 15:19 <DIR> d-------- c:\documents and settings\All Users\Application Data\21F

2009-01-01 18:04 . 2009-01-01 18:04 <DIR> d-------- c:\documents and settings\Eldritch\Application Data\MyPrivacy

2009-01-01 13:46 . 2009-01-01 18:04 <DIR> d-------- C:\MyPrivacy

2008-12-31 19:54 . 2008-12-31 19:54 <DIR> d-------- c:\program files\Microsoft Silverlight

2008-12-31 17:09 . 2008-12-31 17:12 <DIR> d-------- c:\windows\NV3308236.TMP

2008-12-31 16:19 . 2008-12-31 16:19 <DIR> d-------- c:\documents and settings\All Users\Application Data\Codemasters

2008-12-31 16:12 . 2008-12-31 16:12 <DIR> d-------- c:\program files\OpenAL

2008-12-31 16:12 . 2008-04-28 15:53 805,400 -ra------ c:\windows\system32\tmpCD.tmp

2008-12-31 16:12 . 2008-04-28 15:53 805,400 -ra------ c:\windows\system32\tmpCC.tmp

2008-12-31 16:12 . 2008-12-31 16:12 444,952 --a------ c:\windows\system32\wrap_oal.dll

2008-12-31 16:12 . 2008-12-31 16:12 109,080 --a------ c:\windows\system32\OpenAL32.dll

2008-12-30 18:53 . 2009-01-02 23:46 104 --a------ c:\windows\WININIT.INI

2008-12-30 14:03 . 2009-01-04 15:45 <DIR> d-------- c:\windows\Omniquad Total Security

2008-12-30 14:03 . 2008-12-30 14:26 117 --a------ c:\windows\winomnifile.dat

2008-12-30 14:03 . 2009-01-04 15:41 0 --a------ c:\windows\test.dat

2008-12-30 12:08 . 2008-12-30 12:08 <DIR> d-------- c:\program files\Windows Defender

2008-12-30 12:03 . 2008-12-30 12:03 5,154,816 --a------ c:\documents and settings\WindowsDefender.msi

2008-12-30 11:07 . 2008-12-30 11:07 <DIR> d-------- c:\program files\Trend Micro

2008-12-29 21:21 . 2008-12-30 11:24 <DIR> d-------- c:\program files\Spybot - Search & Destroy

2008-12-29 21:21 . 2008-12-30 11:24 <DIR> d-------- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy

2008-12-29 16:43 . 2009-01-04 12:36 <DIR> d-------- c:\program files\Euro Truck Simulator

2008-12-29 13:48 . 2008-12-29 14:13 <DIR> d-------- c:\windows\system32\whSLD02

2008-12-29 13:48 . 2008-12-29 13:48 <DIR> d-------- c:\windows\system32\R

2008-12-29 13:48 . 2008-12-29 13:48 <DIR> d-------- c:\temp\REX81

2008-12-29 13:47 . 2008-12-29 19:12 <DIR> d-------- C:\tijdelijktoca3

2008-12-29 13:34 . 2008-12-29 13:34 147,456 --a------ c:\windows\system32\vbzip10.dll

2008-12-29 13:24 . 2008-12-29 19:12 <DIR> d-------- C:\tijdelijkeurotruck

2008-12-29 13:24 . 2008-12-29 13:24 905,320 --a------ c:\windows\aqrd60258.exe

2008-12-29 13:24 . 2008-12-29 13:24 197,185 --a------ c:\windows\jqog00568.exe

2008-12-29 13:24 . 2008-12-29 13:24 69,686 --a------ c:\windows\folgv0017.exe

2008-12-29 13:24 . 2008-12-29 13:24 56,318 --a------ c:\windows\sinnm01381.exe

2008-12-29 13:23 . 2008-12-29 13:24 198,855 --a------ c:\windows\srox36232.exe

2008-12-29 13:20 . 2008-12-29 13:40 196,444 --a------ c:\windows\pn8.exe

2008-12-29 13:20 . 2008-12-29 16:42 47,577 --a------ c:\windows\system32\dixqtlzmgsuz.exe

2008-12-28 22:53 . 2008-12-28 22:53 <DIR> d-------- C:\tijdelijkwinrescue

2008-12-28 12:08 . 2008-12-28 19:35 <DIR> d-------- C:\Incomplete

2008-12-28 12:06 . 2008-12-28 12:06 <DIR> d-------- C:\games

2008-12-28 12:05 . 2008-12-29 14:21 <DIR> d-------- c:\documents and settings\Eldritch\Application Data\FrostWire

2008-12-27 22:57 . 2008-12-29 20:23 <DIR> d-------- c:\program files\a-squared Free

2008-12-27 22:53 . 2008-12-27 22:54 <DIR> d-------- c:\program files\speedapps

2008-12-27 22:53 . 2008-12-27 22:53 12,861,144 --a------ c:\documents and settings\a2FreeSetup.exe

2008-12-27 20:52 . 2008-12-27 20:52 <DIR> d-------- c:\documents and settings\Eldritch\Application Data\Apple Computer

2008-12-27 20:51 . 2008-12-27 20:51 <DIR> d-------- c:\program files\Bonjour

2008-12-27 20:50 . 2008-12-27 20:51 <DIR> d-------- c:\program files\QuickTime

2008-12-27 20:50 . 2008-12-27 20:51 <DIR> d-------- c:\documents and settings\All Users\Application Data\Apple Computer

2008-12-27 20:50 . 2008-12-27 20:50 <DIR> d-------- c:\documents and settings\All Users\Application Data\Apple

2008-12-27 20:48 . 2008-12-27 20:55 <DIR> d-------- c:\program files\DVD Decrypter

2008-12-27 20:45 . 2008-12-29 16:55 <DIR> d-------- c:\program files\FrostWire

2008-12-27 20:45 . 2008-12-27 20:45 <DIR> d-------- c:\program files\Any Video Converter

2008-12-27 16:15 . 2008-12-27 16:15 <DIR> d-------- c:\documents and settings\All Users\Application Data\4FA

2008-12-26 14:39 . 2008-12-28 22:57 <DIR> d-------- c:\program files\Global Star Software

2008-12-26 14:21 . 2008-12-26 16:48 <DIR> d-------- c:\program files\Bejeweled Twist

2008-12-26 14:07 . 2008-12-29 16:56 <DIR> d-------- c:\program files\PopCap Games

2008-12-26 14:07 . 2008-12-26 14:07 0 --a------ c:\windows\popcinfo.dat

2008-12-25 14:41 . 2008-12-25 14:41 <DIR> d-------- c:\program files\Philips

2008-12-25 14:37 . 2008-05-02 01:55 46,504 -ra------ c:\temp\RebootWMP.exe

2008-12-25 14:01 . 2008-12-25 14:01 <DIR> d-------- c:\documents and settings\All Users\Application Data\19167

2008-12-24 15:27 . 2008-12-24 15:27 <DIR> d-------- c:\documents and settings\Eldritch\Application Data\Locktime

2008-12-24 15:22 . 2008-12-24 15:22 <DIR> d-------- c:\documents and settings\All Users\Application Data\Locktime

2008-12-24 15:18 . 2008-12-24 15:18 <DIR> d-------- c:\documents and settings\All Users\Application Data\Hagel Technologies

2008-12-23 15:32 . 2008-12-23 15:32 <DIR> d-------- c:\documents and settings\All Users\Application Data\102CE

2008-12-23 15:13 . 2008-12-23 15:13 <DIR> d-------- c:\documents and settings\All Users\Application Data\Trymedia

2008-12-23 14:07 . 2008-12-29 12:27 <DIR> d-------- c:\program files\Bus Driver

2008-12-23 13:28 . 2008-12-23 13:28 <DIR> d-------- c:\documents and settings\All Users\Application Data\1129F

2008-12-22 18:11 . 2008-12-22 18:13 <DIR> d-------- c:\program files\18 Wheels of Steel American Long Haul

2008-12-22 16:12 . 2008-12-22 16:12 <DIR> d-------- c:\documents and settings\Eldritch\LimeWire Store Purchased

2008-12-22 16:12 . 2008-12-22 16:12 <DIR> d-------- c:\documents and settings\Eldritch\LimeWire Shared

2008-12-22 16:11 . 2008-12-22 16:11 <DIR> d-------- c:\documents and settings\Eldritch\Incomplete

2008-12-22 16:11 . 2009-01-03 15:54 <DIR> d-------- c:\documents and settings\Eldritch\Application Data\LimeWirePlus

2008-12-22 16:09 . 2008-12-22 16:09 <DIR> d-------- c:\program files\LimewirePlus

2008-12-22 16:09 . 2008-12-22 16:11 <DIR> d-------- c:\program files\LimeWire Plus

2008-12-22 15:32 . 2008-12-22 15:32 <DIR> d-------- c:\documents and settings\All Users\Application Data\357D

2008-12-22 14:06 . 2008-12-29 13:52 <DIR> d-------- c:\documents and settings\Eldritch\Application Data\LimeWire

2008-12-22 14:03 . 2008-12-22 14:03 4,900,376 --a------ c:\documents and settings\LimeWireWin.exe

2008-12-21 21:25 . 2009-01-04 12:45 <DIR> d-------- C:\movie

2008-12-21 15:45 . 2008-12-21 15:45 <DIR> d-------- c:\windows\WinRescue

2008-12-21 15:39 . 2008-12-29 14:21 <DIR> d-------- c:\program files\WinRescue XP

2008-12-21 15:39 . 2009-01-04 16:32 47 --a------ C:\rsqXPdir.ini

2008-12-21 11:01 . 2009-01-04 13:59 <DIR> d-------- c:\documents and settings\Eldritch\Application Data\Azureus

2008-12-21 11:01 . 2008-12-21 11:01 <DIR> d-------- c:\documents and settings\All Users\Application Data\Azureus

2008-12-21 11:00 . 2008-12-21 11:00 <DIR> d-------- c:\program files\Vuze

2008-12-21 10:57 . 2008-12-21 10:57 <DIR> d-------- c:\documents and settings\Eldritch\Application Data\PCF-VLC

2008-12-21 10:45 . 2008-12-21 10:45 <DIR> d-------- c:\documents and settings\All Users\Application Data\LogiShrd

2008-12-19 14:36 . 2008-12-19 14:36 <DIR> d-------- c:\documents and settings\Eldritch\Application Data\Search Settings

2008-12-19 14:33 . 2008-12-19 14:33 <DIR> d-------- c:\program files\Search Settings

2008-12-19 14:33 . 2008-12-21 15:23 <DIR> d-------- c:\program files\Dealio

2008-12-19 14:33 . 2008-12-19 14:33 0 --ah----- c:\windows\SwSys2.bmp

2008-12-19 14:33 . 2008-12-19 14:33 0 --ah----- c:\windows\SwSys1.bmp

2008-12-19 14:04 . 2008-12-19 14:04 <DIR> d-------- c:\documents and settings\All Users\Application Data\12167

2008-12-19 13:41 . 2008-12-19 13:41 <DIR> d-------- c:\documents and settings\All Users\Application Data\383D8

2008-12-19 12:51 . 2008-05-02 02:38 301,656 --a------ c:\windows\system32\BtCoreIf.dll

2008-12-19 12:50 . 2008-12-19 12:51 <DIR> d-------- c:\program files\Common Files\Logishrd

2008-12-16 14:08 . 2008-12-24 10:43 <DIR> d-------- c:\program files\SearchIn1Step

2008-12-15 17:15 . 2008-12-15 17:15 <DIR> d-------- c:\documents and settings\Eldritch\Application Data\Participatory Culture Foundation

2008-12-15 17:15 . 2008-12-15 17:15 <DIR> d-------- c:\documents and settings\All Users\Application Data\Participatory Culture Foundation

2008-12-15 17:14 . 2008-12-15 17:14 <DIR> d-------- c:\program files\Participatory Culture Foundation

2008-12-15 14:33 . 2008-12-15 14:33 <DIR> d-------- c:\documents and settings\All Users\Application Data\19186

2008-12-14 21:26 . 2008-12-14 21:26 <DIR> d-------- c:\documents and settings\All Users\Application Data\C36B

2008-12-11 15:10 . 2008-12-11 15:10 <DIR> d-------- c:\documents and settings\All Users\Application Data\212BF

2008-12-10 14:01 . 2006-05-31 18:20 2,969,884 --a------ c:\windows\system32\Free Cartoon Screensaver.scr

2008-12-10 14:01 . 2007-02-07 17:10 2,518 --a------ c:\windows\system32\Free Cartoon Screensaver.html

2008-12-08 21:46 . 2008-12-08 21:46 <DIR> d-------- c:\program files\Common Files\Adobe AIR

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-01-06 20:29 371,748 ----a-w c:\windows\system32\drivers\APPFCONT.DAT.bck

2009-01-06 20:29 371,748 ----a-w c:\windows\system32\drivers\APPFCONT.DAT

2009-01-06 20:29 13,880 ----a-w c:\windows\system32\drivers\COMFiltr.sys

2009-01-06 20:29 1,132 ----a-w c:\windows\system32\drivers\APPFLTR.CFG.bck

2009-01-06 20:29 1,132 ----a-w c:\windows\system32\drivers\APPFLTR.CFG

2008-12-31 20:46 138,184 -c--a-w c:\windows\system32\drivers\PnkBstrK.sys

2008-12-31 14:52 --------- d--h--w c:\program files\InstallShield Installation Information

2008-12-31 14:52 --------- d-----w c:\program files\Codemasters

2008-12-30 19:40 --------- d-----w c:\program files\Google

2008-12-30 10:36 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP

2008-12-24 15:13 --------- d-----w c:\program files\Ahead

2008-12-21 14:43 --------- d-----w c:\program files\Norton Security Scan

2008-12-21 14:43 --------- d-----w c:\program files\Common Files\Symantec Shared

2008-12-19 14:45 --------- d-----w c:\program files\Seekeen

2008-12-19 11:51 --------- d-----w c:\program files\Common Files\Logitech

2008-12-10 13:01 --------- d-----w c:\program files\Free Screensavers

2008-12-10 12:50 --------- d-----w c:\program files\Skype

2008-12-10 12:50 --------- d-----w c:\documents and settings\All Users\Application Data\Skype

2008-12-10 12:32 --------- d-----w c:\program files\Cyanide

2008-12-10 12:30 --------- d-----w c:\program files\VGP2

2008-12-10 12:26 --------- d-----w c:\documents and settings\Eldritch\Application Data\My Games

2008-12-10 12:04 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help

2008-12-10 11:05 --------- d-----w c:\documents and settings\Eldritch\Application Data\skypePM

2008-12-08 20:44 --------- d-----w c:\program files\Common Files\Adobe

2008-12-06 11:16 --------- d-----w c:\program files\PC-Clean

2008-12-03 13:17 --------- d-----w c:\program files\Indo Cleaner 2008

2008-12-03 13:17 --------- d-----w c:\program files\Eusing Free Registry Cleaner

2008-12-02 23:29 --------- d-----w c:\documents and settings\Eldritch\Application Data\Smart PC Solutions

2008-12-02 22:20 --------- d-----w c:\program files\1 Click PC Fix

2008-12-02 21:20 --------- d-----w c:\documents and settings\Eldritch\Application Data\IObit

2008-12-01 12:47 --------- d-----w c:\documents and settings\Eldritch\Application Data\Windows Search

2008-12-01 12:47 --------- d-----w c:\documents and settings\Eldritch\Application Data\Windows Desktop Search

2008-12-01 12:46 --------- d-----w c:\program files\Windows Desktop Search

2008-11-29 17:40 315,392 ----a-w c:\windows\HideWin.exe

2008-11-29 17:40 --------- d-----w c:\program files\Realtek

2008-11-29 17:40 --------- d-----w c:\program files\Intel

2008-11-26 11:22 --------- d-----w c:\documents and settings\Eldritch\Application Data\ErrorFix

2008-11-26 09:57 --------- d-----w c:\program files\Clean Ram

2008-11-26 09:44 --------- d-----w c:\program files\BinarySense

2008-11-26 09:07 --------- d-----w c:\program files\Reganam

2008-11-25 12:32 --------- d-----w c:\program files\SystemRequirementsLab

2008-11-25 12:25 --------- d-----w c:\documents and settings\Eldritch\Application Data\SystemRequirementsLab

2008-11-24 19:03 --------- d-----w c:\documents and settings\Eldritch\Application Data\Image Zone Express

2008-11-24 15:39 --------- d-----w c:\program files\EA GAMES

2008-11-22 14:29 --------- d-----w c:\program files\3GP Player

2008-11-20 13:55 --------- d-----w c:\documents and settings\All Users\Application Data\2338A

2008-11-19 20:44 --------- d-----w c:\documents and settings\All Users\Application Data\3B177

2008-11-19 15:54 --------- d-----w c:\program files\www_screensavers_com

2008-11-18 17:14 --------- d-----w c:\documents and settings\All Users\Application Data\352CB

2008-11-16 20:34 --------- d-----w c:\documents and settings\All Users\Application Data\62E

2008-11-16 18:22 --------- d-----w c:\program files\Java

2008-11-16 14:12 --------- d-----w c:\documents and settings\Eldritch\Application Data\temp

2008-11-16 12:52 --------- d-----w c:\program files\Windows Live

2008-11-16 12:49 --------- d-----w c:\documents and settings\All Users\Application Data\WLInstaller

2008-11-16 11:34 --------- d-----w c:\documents and settings\Eldritch\Application Data\Logitech

2008-11-16 11:33 127,034 ------r c:\windows\bwUnin-8.1.1.50-8876480SL.exe

2008-11-16 11:33 --------- d-----w c:\program files\Logitech

2008-11-16 11:32 --------- d-----w c:\documents and settings\All Users\Application Data\Logitech

2008-11-14 20:39 --------- d-----w c:\documents and settings\All Users\Application Data\252BF

2008-11-14 17:21 --------- d-----w c:\program files\Electronic Arts

2008-11-14 17:16 --------- d-----w c:\documents and settings\Eldritch\Application Data\Leadertech

2008-11-14 16:51 --------- d-----w c:\program files\EA SPORTS

2008-11-14 13:33 --------- dcsh--w c:\program files\Common Files\WindowsLiveInstaller

2008-11-13 16:29 --------- d-----w c:\program files\ING

2008-11-12 23:52 --------- d-----w c:\documents and settings\All Users\Application Data\242EE

2008-11-12 23:52 --------- d-----w c:\documents and settings\All Users\Application Data\10CB

2008-11-11 23:23 --------- d-----w c:\documents and settings\All Users\Application Data\269C

2008-11-11 20:02 --------- d-----w c:\documents and settings\All Users\Application Data\15D

2008-11-11 00:17 --------- d-----w c:\documents and settings\All Users\Application Data\A3C8

2008-11-11 00:16 --------- d-----w c:\documents and settings\All Users\Application Data\D32C

2008-11-11 00:15 --------- d-----w c:\documents and settings\All Users\Application Data\55D

2008-11-10 19:51 --------- d-----w c:\program files\Conduit

2008-11-10 09:38 --------- d-----w c:\documents and settings\All Users\Application Data\13128

2008-11-09 20:56 --------- d-----w c:\program files\Common Files\AVSMedia

2008-11-09 20:56 --------- d-----w c:\program files\AVS4YOU

2008-11-09 20:56 --------- d-----w c:\documents and settings\Eldritch\Application Data\AVS4YOU

2008-11-09 20:56 --------- d-----w c:\documents and settings\All Users\Application Data\AVS4YOU

2008-11-09 19:24 --------- d-----w c:\documents and settings\All Users\Application Data\13D8

2008-11-08 17:18 --------- d-----w c:\documents and settings\All Users\Application Data\1A399

2008-11-08 14:49 --------- d-----w c:\program files\ICQ6Toolbar

2008-11-08 14:49 --------- d-----w c:\documents and settings\All Users\Application Data\ICQ

2008-11-07 20:49 --------- d-----w c:\documents and settings\All Users\Application Data\C3C8

2008-11-07 20:41 --------- d-----w c:\program files\BearShare Applications

2008-11-06 15:57 774,144 ----a-w c:\program files\RngInterstitial.dll

2008-11-06 15:57 --------- d-----w c:\program files\Real

2008-11-06 15:57 --------- d-----w c:\program files\Common Files\Real

2008-11-06 15:54 --------- d-----w c:\documents and settings\All Users\Application Data\Winferno

2008-11-06 15:49 --------- d-----w c:\program files\Winferno

2008-11-05 15:12 32 ----a-w c:\documents and settings\All Users\Application Data\ezsid.dat

2007-03-08 04:53 11,590,010 -c--a-w c:\documents and settings\Eldritch\Mad_Truckers.exe

2007-02-14 05:59 1,201,041 -c--a-w c:\documents and settings\Eldritch\wrar37b3.exe

2007-01-21 13:43 65 -c--a-w c:\program files\Common Files\appop.log

2005-11-01 04:20 7,253,204 -c--a-w c:\documents and settings\Eldritch\speed.exe

2004-10-01 14:00 40,960 -c--a-w c:\program files\Uninstall_CDS.exe

2008-11-14 20:50 122,880 ----a-w c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Start WingMan Profiler"="c:\program files\Logitech\Profiler\lwemon.exe" [2004-05-19 77824]

"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\lib\NMBgMonitor.exe" [2005-09-16 94208]

"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-10-07 13574144]

"APVXDWIN"="c:\program files\Panda Security\Panda Global Protection 2009\APVXDWIN.EXE" [2008-12-03 869632]

"SCANINICIO"="c:\program files\Panda Security\Panda Global Protection 2009\Inicio.exe" [2008-07-07 50432]

"MSConfig"="c:\windows\PCHealth\HelpCtr\Binaries\MSConfig.exe" [2008-04-14 172032]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-10-07 86016]

"a-squared"="c:\program files\a-squared Anti-Malware\a2guard.exe" [2008-12-14 2782352]

"nwiz"="nwiz.exe" [2008-10-07 c:\windows\system32\nwiz.exe]

"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 c:\windows\KHALMNPR.Exe]

"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 c:\windows\KHALMNPR.Exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\

HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2006-02-19 288472]

InterVideo WinCinema Manager.lnk - c:\program files\InterVideo\Common\Bin\WinCinemaMgr.exe [2007-01-21 270336]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2008-05-26 304128]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]

2008-05-02 02:42 72208 c:\program files\Common Files\Logitech\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avldr]

2008-03-18 16:58 58672 c:\windows\system32\avldr.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"vidc.iv41"= ir41_32.dll

"vidc.asv2"= asusasv2.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ autocheck autochk *\0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PskSvcRetail]

@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]

@=""

[HKLM\~\startupfolder\C:^Documents and Settings^Eldritch^Menu Start^Programma's^Opstarten^Registratie van Need for Speed™ Undercover.lnk]

backup=c:\windows\pss\Registratie van Need for Speed™ Undercover.lnkStartup

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PhilipsDM

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

--a------ 2008-06-12 02:38 34672 c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]

--a------ 2008-04-14 18:02 15360 c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EA Core]

--a------ 2008-07-22 12:34 2772992 c:\program files\Electronic Arts\EADM\Core.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]

--a------ 2008-11-14 21:50 29744 c:\program files\Google\Google Desktop Search\GoogleDesktop.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]

--a------ 2007-08-24 07:00 33648 c:\program files\Microsoft Office\Office12\GrooveMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

--a------ 2001-07-09 10:50 155648 c:\windows\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PhilipsDM\SA1916]

--a------ 2008-05-30 18:04 1503744 c:\program files\Philips\SA19xx\Philips Device Manager\bin\DeviceManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

--a------ 2008-01-10 15:27 385024 c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SearchSettings]

--a------ 2008-06-12 16:57 991584 c:\program files\Search Settings\SearchSettings.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

--a------ 2008-11-16 19:22 136600 c:\program files\Java\jre6\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]

-r------- 2008-03-03 04:40 69632 c:\windows\Alcmtr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]

-r------- 2008-03-03 04:40 16859648 c:\windows\RTHDCPL.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"WZCSVC"=2 (0x2)

"sdCoreService"=3 (0x3)

"sdAuxService"=3 (0x3)

"iPod Service"=3 (0x3)

"a2free"=2 (0x2)

"WSearch"=2 (0x2)

"MyWebSearchService"=2 (0x2)

"SearchIn1Step Service"=2 (0x2)

"Microsoft Office Groove Audit Service"=3 (0x3)

"MDM"=2 (0x2)

"LightScribeService"=2 (0x2)

"JavaQuickStarterService"=2 (0x2)

"IDriverT"=3 (0x3)

"EZ-Backup Manager"=2 (0x2)

"Bonjour Service"=2 (0x2)

"Apple Mobile Device"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=

"c:\\Program Files\\2K Games\\Firaxis Games\\Sid Meier's Railroads!\\RailRoads.exe"=

"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=

"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=

"c:\\Program Files\\Cyanide\\GameCenter\\GameCenter.exe"=

"c:\\Program Files\\Sitecom\\IVT BlueSoleil\\BlueSoleil.exe"=

"c:\\Program Files\\Messenger\\msmsgs.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=

"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

"c:\\Program Files\\LimeWire Plus\\LimeWire.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\Codemasters\\GRID\\GRID.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"3587:TCP"= 3587:TCP:Windows Peer-to-Peer-groepering

"3540:UDP"= 3540:UDP:PNRP (Peer Name Resolution Protocol)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]

"AllowInboundEchoRequest"= 1 (0x1)

R0 ivicd;Ivi CDVD Filter Driver;c:\windows\system32\drivers\ivicd.sys [2007-01-21 38784]

R0 pavboot;Panda boot driver;c:\windows\system32\drivers\pavboot.sys [2008-11-04 28544]

R0 sfsync03;StarForce Protection Synchronization Driver (version 3.x);c:\windows\system32\drivers\sfsync03.sys [2005-12-06 35328]

R1 APPFLT;App Filter Plugin;c:\windows\system32\drivers\APPFLT.SYS [2008-11-04 73728]

R1 DSAFLT;DSA Filter Plugin;c:\windows\system32\drivers\dsaflt.sys [2008-11-04 52992]

R1 FNETMON;NetMon Filter Plugin;c:\windows\system32\drivers\fnetmon.sys [2008-11-04 22072]

R1 IDSFLT;Ids Filter Plugin;c:\windows\system32\drivers\idsflt.sys [2008-11-04 193792]

R1 NETFLTDI;Panda Net Driver [TDI Layer];c:\windows\system32\drivers\NETFLTDI.SYS [2008-11-04 16:10:00 158848]

R1 ShldDrv;Panda File Shield Driver;c:\windows\system32\drivers\ShlDrv51.sys [2008-11-04 41144]

R1 WNMFLT;Wifi Monitor Filter Plugin;c:\windows\system32\drivers\wnmflt.sys [2008-11-04 46720]

R3 NETIMFLT01060034;PANDA NDIS IM Filter Miniport v1.6.0.34;c:\windows\system32\drivers\neti1634.sys [2008-11-04 197888]

R3 Video3D;ASUS Video3D Service;c:\windows\system32\drivers\Video3D.sys [2004-07-06 44544]

R4 Gwmsrv;Panda Goodware Cache Manager;c:\windows\system32\svchost -k Panda --> c:\windows\system32\svchost -k Panda [?]

R4 PavProc;Panda Process Protection Driver;c:\windows\system32\drivers\PavProc.sys [2008-11-04 179640]

R4 PskSvcRetail;Panda PSK service;c:\program files\Panda Security\Panda Global Protection 2009\psksvc.exe [2008-11-04 28928]

R4 Start2Driver;Start2Driver;c:\windows\system32\drivers\Start2Driver.SYS [2009-01-04 4096]

R4 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [2006-11-03 13592]

S1 Start1Driver;Start1Driver; [x]

S3 AEXPAM;Philips SmartManage Service;c:\windows\system32\drivers\aexpamdrv.sys [2005-12-20 27008]

S3 Amps2prt;Compatible PS/2 Port Mouse Driver;c:\windows\system32\drivers\Amps2prt.sys [2007-01-22 9600]

S3 AvFlt;Antivirus Filter Driver; [x]

S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\MAGIX\Common\Database\bin\fbserver.exe [2008-02-25 1527900]

S3 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2007-01-21 29744]

S3 iviudf;iviudf; [x]

S3 PavSRK.sys;PavSRK.sys; [x]

S3 PavTPK.sys;PavTPK.sys; [x]

S3 RTLWUSB;Realtek RTL8187 Wireless 802.11g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8187.sys [2007-01-20 176128]

S3 UPnPService;UPnPService;c:\program files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe [2008-02-25 544768]

S4 EZ-Backup Manager;EZ-Backup Manager;c:\program files\EzBackup\EZ-Backup Manager\EzBackup.exe [2007-01-21 1123840]

S4 SearchIn1Step Service;SearchIn1Step Service;c:\program files\SearchIn1Step\searchin1.exe [2008-12-16 4608]

S4 Seekeen Service;Seekeen Service; [x]

--- Other Services/Drivers In Memory ---

*Deregistered* - ComFiltr

*Deregistered* - udffsrec

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

panda REG_MULTI_SZ Gwmsrv

p2psvc REG_MULTI_SZ p2psvc p2pimsvc p2pgasvc PNRPSvc

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]

\Shell\AutoRun\command - D:\EIVCD.exe

.

Inhoud van de 'Gedeelde Taken' map

2008-12-28 c:\windows\Tasks\Basis-opruiming.job

- c:\program files\Panda Security\Panda Global Protection 2009\PlaTasks.exe [2008-07-03 17:55]

2009-01-06 c:\windows\Tasks\ErrorFix Scan.job

- c:\program files\ErrorFix\ErrorFix.exe []

2009-01-06 c:\windows\Tasks\ErrorFix Scan.job

- c:\program files\ErrorFix []

2009-01-06 c:\windows\Tasks\MP Scheduled Scan.job

- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 19:20]

2009-01-06 c:\windows\Tasks\PCConfidential.job

- c:\program files\Winferno\PC Confidential\PCConfidential.exe []

2009-01-06 c:\windows\Tasks\zbfbgvru.job

- c:\windows\system32\rundll32.exe [2008-04-14 18:03]

.

- - - - ORPHANS VERWIJDERD - - - -

WebBrowser-{DB9D7A78-A76C-4BF2-97C6-258925EE1542} - (no file)

WebBrowser-{7EFBC57C-CD57-481F-B794-648FCE9C9116} - (no file)

WebBrowser-{47E161A0-F4BA-41DD-A17B-D2EB26AD6A02} - (no file)

WebBrowser-{D9C9A8C9-460D-4343-888E-AE02BCC3CE57} - (no file)

WebBrowser-{10000000-1000-1000-1000-100000000000} - (no file)

MSConfigStartUp-IEPR - c:\docume~1\Eldritch\LOCALS~1\TempImages\IEPR.exe

MSConfigStartUp-iOmem - c:\docume~1\Eldritch\LOCALS~1\TempImages\iOmem.exe

MSConfigStartUp-MyWebSearch Plugin - c:\progra~1\MYWEBS~1\bar\2.bin\M3PLUGIN.DLL

MSConfigStartUp-Microsoft Update Machine - mdm.exe

.

------- Bijkomende Scan -------

.

uStart Page = hxxp://www.mysystemexpert.com/search.htm

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

mWindow Title = Telenet Internet

uInternet Settings,ProxyOverride = *.local

uSearchURL,(Default) = hxxp://www.mysystemexpert.com/search.htm

IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll

FF - ProfilePath - c:\documents and settings\Eldritch\Application Data\Mozilla\Firefox\Profiles\v919966\

FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=

FF - prefs.js: browser.search.selectedEngine - Yoog Search

FF - prefs.js: browser.startup.homepage - hxxp://www.humo.be

FF - prefs.js: keyword.URL - hxxp://www9.yoog.com/search.php?q=

FF - prefs.js: network.proxy.type - 2

FF - component: c:\documents and settings\All Users\Application Data\Google\Toolbar for Firefox\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbarloader.dll

FF - component: c:\documents and settings\All Users\Application Data\Google\Toolbar for Firefox\{3112ca9c-de6d-4884-a869-9855de68056c}\components\metricsloader.dll

FF - component: c:\program files\Mozilla Firefox\components\GoogleDesktopMozilla.dll

FF - plugin: c:\program files\Microsoft Silverlight\2.0.31005.0\npctrl.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\npgcplug.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\npqtplugin8.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\npracplug.dll

FF - plugin: c:\program files\Picasa2\npPicasa2.dll

FF - plugin: c:\program files\QuickTime\Plugins\npqtplugin8.dll

FF - plugin: c:\program files\Real\RealArcade\Plugins\Mozilla\npracplug.dll

FF - plugin: c:\program files\Yahoo!\Common\npyaxmpb.dll

ATTENTION: FIREFOX POLICES IS IN FORCE

FF - user.js: browser.search.selectedEngine - Yoog Search

FF - user.js: keyword.URL - hxxp://www9.yoog.com/search.php?q=

FF - user.js: keyword.enabled - true

.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-01-06 21:30:20

Windows 5.1.2600 Service Pack 3 NTFS

scannen van verborgen processen ...

scannen van verborgen autostart items ...

scannen van verborgen bestanden ...

Scan succesvol afgerond

verborgen bestanden: 0

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1214440339-1500820517-839522115-1004\Software\SecuROM\License information*NULL*]

"datasecu"=hex:36,4c,53,86,ea,d9,6b,bf,87,47,a2,3c,c9,7e,bf,0e,11,a6,58,d3,b8,\

14,e0,66,eb,a1,9b,df,c8,7c,0b,ba,49,0c,ce,36,0e,7e,05,2c,b7,83,ad,7f,f5,97,\

88,7d,2b,ad,21,a9,ec,c1,42,91,6f,d3,e6,4a,f1,a5,9b,65,60,91,72,c9,06,14,00,\

da,c9,1e,aa,d6,fa,76,4d,37,5f,dc,24,d8,cc,60,35,d9,58,7c,00,8a,19,f3,fb,bd,\

c6,36,54,39,4f,d7,50,f7,50,29,e8,5f,46,5a,05,ca,24,3d,2f,94,c7,f4,21,df,78,\

6a,86,b4,5c,f0,d0,76,8b,5b,c6,af,09,08,1f,8d,05,9e,04,db,27,0f,3c,57,f1,14,\

ab,86,d2,2e,71,33,7c,cc,cc,e0,b1,ff,20,dc,b0,14,79,cd,92,c2,e3,48,b5,7f,71,\

8d,2a,40,f6,65,bc,20,d8,3d,59,7c,df,23,90,ac,7d,34,9b,57,01,11,c2,2f,8c,23,\

5b,1b,7d,31,01,a1,51,bc,65,6b,05,62,3c,12,51,a6,fb,b3,5d,74,63,29,94,c1,2f,\

35,a1,f8,d1,02,bf,d8,79,4f,30,a2,4d,18,32,18,1a,09,f9,7a,08,46,2b,9f,6a,11,\

5c,a5,70,7b,c7,11,44,5a,db,11,e0,3e,32,43,41,f9,fe,06,23,07,d2,6b,ba,91,5f,\

a6,75,ef,0f,54,14,16,9f,c0,f7,3a,c5,17,9e,d0,a9,d1,2a,9e,b5,f6,6b,4d,4f,6f,\

8a,43,7d,11,e5,de,4e,b7,4e,2d,2e,fc,14,10,79,3f,b4,01,b4,7e,92,46,bd,90,57,\

c8,a2,76,e5,cf,69,41,92,1d,d7,7a,a8,06,03,78,a3,31,de,42,be,6b,8d,b4,60,96,\

e7,d3,f9,06,83,73,fb,ce,5e,3a,77,47,7b,0e,ef,80,12,5e,3b,44,bb,6c,7b,55,53,\

c8,35,ed,99,75,17,f2,6a,50,1c,1c,29,ba,54,6b,3b,7f,3a,75,bc,86,0c,50,41,1d,\

99,ea,13,7d,ec,54,1e,6e,40,4b,37,39,cf,23,28,51,12,4e,5d,d3,14,42,78,a0,14,\

14,1a,73,ad,0d,4b,46,13,10,95,6f,e3,85,6b,2f,f6,3d,38,aa,75,70,4d,af,d6,0f,\

04,f0,cf,d7,f8,12,89,ba,1d,7c,4b,39,0e,1e,fe,e4,a5,ae,53,c8,37,eb,50,52,63,\

5d,6e,fa,d3,d5,cf,6a,58,56,06,82,9f,e7,ae,27,4f,00,9a,e3,3a,70,c4,6d,72,27,\

04,27,b7,0f,a7,80,86,af,2c,16,88,9b,e8,5a,39,d4,e9,cc,4f,b4,3b,c9,dd,90,32,\

8e,f9,f9,cf,43,65,96,8a,c9,b5,ed,37,c2,d6,18,1b,bf,20,35,49,30,6a,69,3f,ea,\

d9,72,c8,84,b0,d0,7e,3f,68,d2,6c,67,f0,06,43,33,ec,8f,2f,fe,c3,f3,de,c3,e6,\

20,de,48,b0,17,23,cb,f3,71,4d,18,55,51,3c,8d,c8,23,8d,2f,0f,5d,29,68,2c,f8,\

b3,fc,36,87,89,5b,65,8a,5d,84,ac,c4,6a,d0,be,30,b3,67,03,18,b7,51,d3,3b,61,\

02,3f,9d,29,cb,5f,9f,14,c8,f9,7d,5d,f5,b0,34,dd,83,cc,4c,a4,d8,15,3f,7f,dc,\

29,73,c0,03,db,a7,1b,da,f0,22,1a,04,4e,75,dd,82,82,17,1c,0b,3b,90,c3,a5,42,\

99,46,4d,d7,76,3f,7b,cd,e1,4a,86,37,d8,40,08,1b,30,ab,97,07,69,38,21,78,64,\

3b,1d,b9,b8,d1,7c,32,bc,56,fb,ca,03,a7,15,7b,c2,da,e5,9b,d1,c6,b2,4c,78,23,\

63,3d,58,9d,e4,a8,ee,be,48,b2,36,d4,81,37,2b,17,a0,88,00,91,5c,c2,1b,86,d8,\

7b,a8,9f,8d,4c,24,58,93,61,e5,8a,05,5d,51,56,a7,90,56,51,f5,13,50,a6,3a,5e,\

8c,06,83,9c,06,20,6a,02,22,f7,84,5b,4c,13,67,ea,e5,75,7e,28,1b,38,3a,5a,a6,\

25,91,1e,72,df,62,3c,2c,86,95,5e,56,38,1c,1a,3e,0b,26,8e,c2,c1,df,88,94,6f,\

cc,0c,9b,63,d9,34,fe,47,b5,06,0d,24,af,95,c6,a4,29,73,b5,49,c6,96,01,0d,89,\

37,01,74,8b,f6,b2,59,8b,30,5c,61,a8,5a,81,14,00,0d,c9,a3,de,19,a0,59,43,a8,\

52,31,cd,fd,6d,fa,4c,b1,b3,e7,a7,d7,fc,16,7c,a1,d7,7e,9e,9f,79,88,ab,7d,81,\

bf,6a,0f,0e,d6,2a,31,39,06,70,61,f8,a2,4d,26,8b,f5,4a,f0,bf,ac,be,1e,5a,38,\

ad,aa,86,88,6f,8a,72,f8,c6,3c,67,2d,f6,46,6c,21,36,b7,a5,c0,6a,12,3d,51,00,\

b2,c6,dd,e4,36,38,b1,84,35,04,e5,cd,1e,5a,fe,f0,90,1a,37,0a,d3,6b,6c,a9,74,\

8f,62,ac,e8,cd,00,77,90,b1,56,98,f1,72,43,49,c5,1e,b4,e6,9e,ea,0d,51,99,1a,\

b8,53,e8,88,13,94,fa,3d,3f,95,09,4a,5a,81,4e,c7,b6,5a,2c,2d,cd,85,e6,b8,76,\

1f,d5,f8,b5,cf,0a,7f,56,58,68,aa,ac,8a,55,2c,8b,37,2c,16,87,27,05,bd,5a,7c,\

11,72,bd,a4,f2,88,97,24,4d,22,c7,5a,19,72,9f,22,ce,ff,18,33,2f,f6,1e,a2,fb,\

f7,ff,bd,7c,7b,64,c2,0f,4a,db,9e,4f,0b,4c,f6,af,98,c2,ca,71,ef,ac,39,12,cc,\

fc,7a,4c,e8,b1,c5,b8,5c,ff,e9,f5,10,6b,63,1d,d7,3b,73,a1,32,63,b3,4a,8f,f4,\

20,18,46,9e,da,69,c5,bb,e7,a1,5c,63,3a,a0,b0,09,af,f2,30,c4,c4,58,80,8d,ba,\

72,ac,c8,ac,74,d5,0d,e1,85,1a,95,08,b1,22,ce,c0,68,1f,67,84,59,2c,7b,2f,d5,\

98,e3,8b,96,7e,35,39,84,49,86,89,a2,c6,a7,36,b0,0b,2d,c1,2d,27,4f,a4,de,08,\

71,59,d8,ce,3e,46,12,b8,31,bb,2e,7e,a6,8e,15,1c,91,53,dc,ed,2e,c6,ec,a7,b3,\

f1,f0,fd,ea,9e,df,71,22,ca,2f,42,b4,4f,01,c9,64,bf,63,d6,29,a6,df,9b,92,fe,\

db,e2,f7,73,2e,9a,a4,04,81,d2,55,5d,53,30,ee,82,f5,9b,2a,b0,85,fc,f5,31,eb,\

f2,d6,61,ad,04,80,c2,5a,5f,29,43,9b,8d,43,50,be,18,1d,7b,ba,b9,4b,ba,9a,07,\

98,58,29,aa,a5,e9,39,c5,fa,38,f5,c3,bb,d0,38,88,1c,24,b8,06,68,88,81,0c,8b,\

e2,ba,28,d2,38,ed,9c,bf,c8,e5,d6,34,e8,9f,8f,6d,da,db,61,04,30,4c,97,a2,cf,\

5b,fd,2e,8f,bd,62,5d,ba,29,d6,7a,04,0d,06,a4,8d,0d,96,ea,3c,ba,bd,ff,1b,b3,\

39,c9,5f,bf,f9,86,48,55,8b,22,8c,46,c8,c7,16,55,14,77,da,ea,14,51,b4,c1,f1,\

ca,ec,d4,d2,b8,9c,f3,81,af,dc,76,ba,d7,a8,86,73,46,51,90,b0,e4,2e,59,f7,f7,\

02,9f,2e,39,a5,3f,27,7c,2e,a4,c6,87,c3,a8,8c,a3,58,50,8d,93,3f,93,95,4a,25,\

56,eb,71,4e,0b,1d,42,69,e2,58,6b,c8,53,12,3a,e7,89,f8,0d,89,c3,73,de,d0,32,\

bb,e7,45,88,4b,ed,34,38,bc,f3,eb,dc,59,3f,61,24,91,00,6a,4b,d2,af,ac,e5,0e,\

14,b6,ed,d0,2e,8c,89,13,65,d4,e4,f9,5c,29,e7,54,66,09,07,4a,5f,b0,59,45,4e,\

ae,38,fa,e0,d9,c1,c0,4d,54,e4,17,b4,ff,86,0c,9d,07,59,c1,98,4f,18,10,98,ad,\

3a,d5,ff,db,ba,b3,0a,95,c3,57,73,dd,c3,89,68,66,e3,4a,ef,f1,e2,cc,6e,a2,7b,\

6a,22,5c,4c,ef,09,9c,2b,6c,8a,b3,e4,11,58,2e,1e,48,22,73,0f,19,f3,d7,0c,76,\

cd,a8,ac,d7,7d,05,81,32,e0,e9,ae,e9,85,29,21,2f,b3,b0,f2,62,e4,b2,d0,b9,71,\

7b,86,30,d1,38,0f,8e,08,16,fe,a6,b5,7c,ba,1d,21,9c,d5,0c,4d,0e,b8,06,a6,95,\

5a,68,1c,2a,a9,d9,6f,25,d9,2b,3b,e2,4f,22,07,d4,62,19,c6,70,1a,12,46,9a,66,\

fb,58,eb,ed,39,c2,cb,7b,ac,39,71,43,3c,ec,78,63,c3,a6,44,1a,3d,d3,f0,59,c7,\

40,a2,59,8f,aa,46,69,40,38,09,e7,72,54,ae,c4,02,88,cc,a9,77,84,17,b1,72,51,\

d0,b0,cf,90,5b,71,cf,75,43,2e,e6,eb,cc,07,67,ee,05,0b,a3,0f,1c,24,ac,aa,6a,\

a3,49,f2,87,fd,08,5d,7e,48,31,12,47,24,92,90,e6,6a,f2,ee,97,27,c9,a9,ee,9c,\

d6,17,a2,2e,e1,2f,84,2e,d4,6a,2f,2f,2f,16,83,46,34,c6,59,c8,ca,dc,d6,ba,21,\

3a,57,88,4d,2c,ca,a1,ce,c4,86,89,35,d3,fc,9b,e9,a2,dd,8b,b5,cb,2c,2d,ca,d5,\

63,1c,67,fc,ce,8c,50,8d,9a,95,27,0a,a7,e8,b2,60,fb,e5,61,41,96,0f,14,cd,1e,\

e1,09,73,d8,fa,a2,c4,72,17,6e,eb,ed,d4,09,bf,4f,15,64,28,d9,2b,a7,b0,e6,3c,\

f5,dd,9e,af,c9,3f,43,b9,ab,40,b8,b2,ca,2a,db,d4,04,e1,c6,b3,99,b9,d8,5b,13,\

81,97,35,67,32,5d,8f,55,9a,5f,6a,91,de,78,6b,66,dd,b7,dd,bf,b0,8c,a3,44,27,\

4a,54,c9,f4,2f,12,7f,88,7f,c6,ad,28,91,7e,48,6c,73,84,00,21,5a,7f,7b,5f,03,\

b1,5e,df,bd,9d,31,df,ae,89,c6,f9,70,ae,10,c9,5b,d0,13,b4,63,9e,14,c8,a7,de,\

2a,5b,e1,09,58,63,d3,12,da,8b,bd,29,a7,4b,22,c7,1e,16,4e,53,3e,cb,f5,64,26,\

ab,fc,2e,b7,e2,88,73,c8,ef,87,e7,0f,82,59,f4,0b,80,46,cd,62,04,ed,f3,f9,c6,\

d0,04,2a,28,63,be,ea,b1,e3,8a,b3,27,ba,07,84,45,3c,dd,69,a4,ec,f7,ac,3e,37,\

06,ad,8f,62,da,52,2f,cc,39,e0,8a,ee,e5,68,68,1e,d0,44,4c,a2,e9,66,03,c0,ba,\

44,4c,e3,dc,aa,c0,2f,f5,c2,89,05,cc,a0,e7,f2,b3,8d,ae,0d,ef,e6,ea,4c,a6,f7,\

d5,65,f2,12,47,ec,66,77,b5,0e,3f,dc,03,81,09,f9,94,3a,52,95,f5,db,cd,95,c5,\

a8,28,18,ff,fe,2e,e4,fe,6e,f7,bc,91,11,97,38,94,67,e8,49,a4,89,be,5d,cc,fe,\

dd,64,a6,47,dd,b8,67,80,d0,c9,8b,b8,48,b6,91,3e,24,0d,f2,58,14,17,ec,bd,06,\

e8,c2,c3,7d,0a,67,d6,ef,86,6d,01,70,77,c8,d9,f4,56,42,46,9d,dc,6d,51,68,a8,\

a5,5b,db,84,d0,94,4b,3b,ef,ed,14,3f,7e,85,07,3a,1a,a0,0d,93,0a,7f,cb,d4,6b,\

ef,84,8e,28,44,42,7e,58,c2,1e,5d,aa,6d,e1,93,e9,11,85,1a,ee,05,ee,6a,57,b2,\

84,df,94,3e,6f,4a,6c,47,8d,89,38,1d,b1,30,fe,eb,31,ea,b0,1b,9d,fb,22,90,63,\

62,e7,0b,76,cf,d9,c0,4b,96,cb,89,d2,fb,b1,0e,12,25,9c,0a,8e,20,11,43,1a,38,\

d8,b4,99,a5,6c,f3,01,c4,f7,69,84,46,ef,e8,18,98,74,6a,c2,97,64,ef,7f,06,83,\

9d,a7,48,dd,59,91,19,b9,28,f0,46,49,fa,75,2f,a0,97,9e,ca,6a,21,31,69,3b,e7,\

47,e4,16,6f,de,b1,24,0a,da,6f,45,1c,d5,89,24,ee,40,73,4c,04,46,e9,f7,bb,aa,\

0d,80,cc,7e,73,cd,6d,35,80,66,dd,0c,0a,a1,ca,a7,22,40,29,08,1e,27,60,f8,0c,\

e0,f0,1a,be,82,1c,1a,39,a3,44,70,4e,79,59,09,99,77,c0,3b,46,24,f4,d5,28,6f,\

12,2f,40,48,5d,6b,30,13,62,3d,1e,a9,b4,fc,d6,35,b8,3a,ed,49,9d,69,a6,13,14,\

2e,e4,c3,e6,02,5c,09,48,5b,0a,ef,73,c4,e2,e3,cf,c4,dc,d7,0e,b9,b2,cf,97,f2,\

9d,81,85,22,92,5e,35,66,c4,29,a1,00,21,66,51,42,da,f2,0c,38,c7,b2,f0,5d,3b,\

da,0a,11,56,cb,29,9f,1b,7a,74,58,8a,66,22,d6,27,a9,0a,34,f5,61,bb,12,74,a6,\

f4,fe,7e,b1,ea,76,87,e9,ca,83,b6,e8,a7,a0,d7,2a,25,e8,57,95,c6,b8,c1,14,84,\

ff,50,c5,29,a1,e4,37,d2,72,d6,73,7b,a9,c6,27,da,c5,60,03,f5,b3,54,ef,dd,46,\

69,57,22,aa,0d,ce,87,fc,89,35,15,bd,88,75,02,1d,ae,17,4a,de,f8,90,2e,09,5e,\

72,a1,ed,63,92,14,cc,61,20,d9,56,f4,38,31,74,b6,c5,05,f3,a6,b6,79,4d,03,09,\

6a,0e,b8,78,fd,57,b4,f2,4f,66,50,03,cd,63,69,92,c9,aa,88,ee,d2,c7,5e,43,9d,\

ff,d3,0e,71,b4,4c,21,78,4e,4e,de,3b,46,53,3e,f3,02,35,bc,2e,fc,43,63,3a,86,\

ee,91,e5,51,17,0b,1c,c6,c9,60,a8,91,fc,67,1b,33,54,b2,a0,eb,33,56,b8,31,b3,\

bd,5d,af,3e,cb,2c,c3,e1,c1,05,20,07,b5,95,74,67,ae,35,07,d6,09,1c,71,44,e1,\

3f,15,63,b9,99,ad,56,90,63,0c,54,0e,c9,22,c5,07,4c,b5,63,ad,e5,70,e0,44,44,\

8c,3e,1e,00,9c,ff,c4,c1,11,73,92,cc,50,65,bc,5f,5b,b0,6d,dc,9d,00,af,6a,5d,\

d9,bd,43,b9,1b,3c,e5,ce,7f,2c,bb,1d,17,ab,3d,32,32,19,72,3e,16,d7,d0,53,6d,\

39,20,8a,b7,f9,69,e5,19,f1,ff,b1,a9,8d,2b,67,91,63,6d,93,99,76,de,4d,56,a0,\

42,a0,b3,89,eb,df,46,87,55,36,67,37,e4,70,ac,5d,aa,e9,0d,37,a9,fe,43,42,bf,\

b4,4a,7a,2e,2c,4e,7e,b3,80,b3,5b,4d,24,ef,d1,28,4e,93,10,9c,f7,00,06,04,29,\

89,81,b5,c9,b3,14,2c,08,f9,1a,f6,b2,82,5b,8e,a1,eb,b3,83,96,3f,a3,f2,2a,14,\

f9,b8,40,a5,86,ff,2b,78,e6,a1,0e,27,6b,38,73,9a,a3,ef,15,e9,b0,d4,2e,a7,34,\

d0,91,6d,cc,be,c0,49,69,36,0a,11,1d,04,43,d3,98,b9,32,5f,59,cc,99,67,94,3c,\

db,36,7b,a7,f1,43,5b,f3,f0,de,8a,ee,8b,c3,c7,32,9c,09,d1,f8,05,98,70,d1,2b,\

b3,59,f4,0f,17,34,64,7e,71,d5,fe,30,02,8d,0e,51,87,ff,c5,32,8b,68,34,ed,89,\

c0,24,af,8d,a2,ae,5b,eb,b0,75,2b,4e,53,ea,02,90,ce,5c,39,71,c6,ce,11,ea,85,\

52,91,87,ef,99,26,06,a2,a9,af,a4,9c,96,6c,de,f0,44,18,25,86,25,ec,02,ff,5e,\

95,fc,a7,9c,62,1e,94,67,b3,23,19,f9,0f,82,02,b1,be,49,89,04,2f,f4,5b,53,e7,\

1f,f5,d9,b5,49,d9,79,03,ce,2c,3d,3f,b5,d0,6f,ef,89,48,c3,48,db,45,30,49,30,\

61,b4,71,59,23,d5,28,87,5a,a4,e3,1f,ef,3c,37,22,f6,20,ab,84,b3,f4,47,40,32,\

c6,d8,eb,fe,f8,94,e3,b6,d8,fd,60,82,a0,07,9d,70,b8,5e,ad,f1,15,cf,2c,79,c7,\

76,c2,0a,dc,76,c7,7b,45,b1,a6,94,39,7d,b9,fd,8e,d9,e8,03,f8,93,9b,fb,3a,a9,\

60,e8,a8,3f,16,3d,12,37,d3,31,29,b1,05,40,03,5f,b9,ab,58,4b,13,be,56,7a,03,\

9b,30,cf,7d,8a,fb,20,ae,b1,6c,47,5a,16,9e,12,c7,d8,17,59,10,03,f9,99,91,17,\

f9,76,54,98,e4,3f,b3,c0,90,4f,3b,0a,ad,d8,3f,f3,fe,88,b4,36,78,c1,3d,53,29,\

d3,f0,89,b6,c9,33,31,71,87,51,39,d4,04,c3,ea,98,67,96,89,20,e4,8b,f7,a5,53,\

c7,d4,e9,9b,fc,9c,a5,02,f1,ef,7b,54,03,13,fa,82,0a,15,24,17,ab,99,dd,d4,3d,\

78,80,54,c1,d1,2a,c5,87,cf,eb,56,91,9b,ad,74,96,1e,ac,4a,57,a5,7d,e8,3a,e4,\

03,12,30,14,78,29,0e,15,4b,f5,ad,15,5f,04,9d,df,11,0e,70,2b,14,fa,36,46,11,\

78,17,e1,1b,c8,ed,e0,c2,67,db,05,dd,cf,08,c1,12,53,c0,64,7d,6c,6e,50,0a,a5,\

13,74,4f,d2,3d,35,57,41,45,e5,df,a6,b9,d8,36,d1,88,c7,e9,b5,e4,b5,10,af,41,\

99,79,46,1d,63,d2,cb,e5,ab,17,5b,af,4b,5e,83,56,3e,14,9e,3d,b5,cd,51,fe,59,\

42,f0,d6,ed,27,98,7f,93,99,a2,7c,14,df,a5,8b,90,1a,3e,d5,3c,46,8d,49,57,5e,\

e8,9c,09,46,fd,84,f2,4f,b0,28,a6,75,48,8f,ba,50,40,eb,95,a1,e2,07,9a,74,5d,\

e2,67,f4,ab,bd,cc,26,d7,ad,98,2f,48,77,69,6d,49,bc,7b,2e,01,b4,07,7f,9c,8e,\

ff,43,f6,e1,7a,ef,24,a3,b3,d3,3d,3a,8a,14,5c,17,f0,3a,e9,f6,73,44,96,3f,c1,\

91,bd,4b,d4,42,c4,3c,6b,5f,b1,d4,d6,72,42,25,b8,1c,b9,11,d2,96,ec,73,34,a9,\

6c,93,f6,a9,f8,fb,99,78,16,58,68,47,09,86,87,e5,5a,da,62,0b,c4,a4,ea,b8,46,\

23,d9,50,bb,d4,26,34,81,b4,2d,89,c5,fa,8f,5d,fe,02,1b,18,af,02,b0,5f,92,fb,\

99,b6,50,a0,d5,94,37,58,fd,30,ac,d8,e7,c6,3d,02,b9,85,2a,46,3c,d7,e6,22,42,\

78,1a,df,c1,b6,73,44,40,e6,00,bf,a0,db,04,e3,25,68,6a,85,bf,e1,ab,cf,f9,87,\

9d,1e,f0,c1,ef,ab,e0,c3,d6,97,d7,bf,b4,cb,17,3b,86,ad,94,cc,19,e9,0c,08,c5,\

b4,cb,b7,a6,de,8a,26,7a,24,7f,ad,e4,20,11,dd,09,48,08,0d,f1,45,7a,0f,0c,e1,\

db,5e,6a,e2,84,0c,33,5a,51,9c,b3,44,52,0a,54,0e,96,7a,79,81,ad,50,64,43,fc,\

41,17,01,98,0d,3f,06,c3,e6,72,d9,7b,79,28,e1,d6,39,76,07,b4,4b,eb,f1,c5,e3,\

21,46,16,8e,68,e1,c2,f8,23,4c,0b,43,51,fd,9c,65,c1,af,d4,0e,f7,ef,ae,3d,9f,\

af,0c,c2,ee,53,7f,80,80,4a,b9,03,14,a9,07,42,c1,0b,63,ad,33,ef,c1,6a,16,3e,\

97,e8,8f,17,d2,68,d9,f5,cd,86,d3,fd,52,7f,db,65,c7,64,5b,43,df,1d,97,87,b9,\

08,cd,f2,77,1e,c0,40,98,b2,1d,e8,ce,2d,06,a4,24,96,46,af,40,6d,b5,49,80,8d,\

92,c5,38,55,ad,8a,57,fa,4d,f7,27,63,e4,5e,41,5f,c4,de,fe,2a,04,04,4a,b2,13,\

26,f5,87,72,cd,57,ce,70,cf,94,73,49,ba,0e,7f,84,a3,b9,86,07,a5,c5,2f,8f,c3,\

c3,f2,bd,df,a9,0e,d8,d8,b8,0b,36,e7,38,c6,05,36,cb,df,43,ee,c7,a4,04,09,13,\

ed,32,b3,08,dc,a1,14,aa,00,57,d7,a4,86,2f,61,ef,67,43,0c,a1,89,e8,b2,33,bb,\

30,c3,af,2e,56,21,b5,ff,65,f3,f1,72,72,fa,7e,1e,c2,0e,a1,03,03,e5,c4,90,f3,\

66,ed,1b,fe,9d,b2,85,73,13,f2,7a,74,58,c6,1a,45,77,3b,c0,73,79,52,5c,23,71,\

e7,c2,10,be,f2,3f,13,96,f5,4b,56,65,06,64,2e,0c,e6,7b,a7,07,67,ed,85,84,ea,\

49,09,8a,bc,64,f6,25,ee,7e,5a,76,d6,21,4f,6a,8e,fc,97,0e,68,f4,8c,0e,03,d5,\

7d,ba,9f,7a,d1,46,ff,6c,c4,6c,44,06,96,d9,84,5e,d2,4e,ab,dd,5d,19,91,30,81,\

39,f9,0e,fb,f2,3e,68,72,7e,66,82,4a,fe,04,b4,65,c6,c0,af,f3,be,20,8c,60,b3,\

a1,51,59,e0,dc,a3,7c,b9,32,39,f8,ef,9e,ea,8c,6f,c0,db,ad,62,25,86,9e,d1,81,\

80,23,77,e0,07,70,fc,a0,b4,2e,c1,6f,fb,b8,e8,22,c7,12,76,b4,c3,06,f8,4e,e5,\

b9,e8,45,f7,ba,a7,2b,9f,06,a4,de,55,1a,5e,a1,2a,46,17,20,83,a2,a3,fa,54,95,\

04,51,f3,da,a2,2b,bf,e1,c1,9e,e2,c8,87,e5,3c,67,fb,11,f6,aa,da,7b,d7,6c,fb,\

62,4d,ae,32,b0,ac,c7,5d,57,82,55,f3,90,43,db,19,a4,e3,32,ef,aa,92,f8,86,ee,\

70,ef,32,f6,bf,17,1e,ee,55,a9,e9,8c,c3,dc,c9,65,55,56,46,dd,bb,ad,2c,47,6d,\

2f,0a,35,e9,b1,70,5f,bd,4f,fc,a2,00,67,c2,f7,f0,bc,cb,01,7a,fa,17,c2,46,d1,\

d6,40,93,18,d9,0f,9f,ff,9a,e9,54,e1,64,6b,18,3d,fe,d6,20,53,fe,d4,72,b6,94,\

ac,29,a5,aa,50,ac,cf,96,4e,15,3f,4b,d1,94,10,9e,de,a3,bf,ca,e9,bb,ba,99,13,\

14,83,b9,e3,c8,33,ff,79,e6,0b,b7,3f,c6,1c,b2,dc,1d,54,f9,89,7e,2c,b8,14,2b,\

73,d2,f1,5a,84,73,16,46,52,f7,40,18,b8,cf,fc,ca,5e,f8,2e,7a,7c,ce,3e,df,26,\

f7,b6,74,a1,6b,b0,c6,d5,36,22,64,5c,cb,90,f1,d0,5f,56,bc,9a,26,59,eb,5a,ad,\

72,f1,52,3a,b9,42,07,5d,a6,9c,de,73,6e,d7,c4,40,2d,be,31,49,6e,8a,04,8a,17,\

84,ba,f3,d9,06,54,cc,ec,09,5a,97,2a,60,9a,06,8e,5c,0d,8d,a9,39,7c,1a,3c,41,\

dc,47,1d,1a,d8,4d,f3,70,5d,da,78,63,81,0d,9a,14,a8,00,58,e3,ec,c3,44,07,57,\

c0,aa,b9,c9,33,40,4a,1b,14,ef,b5,7b,a5,2c,41,f9,e2,a1,02,4e,be,4b,39,b5,6b,\

c1,0a,49,eb,1a,9e,99,6b,0d,31,8f,8c,00,19,03,27,90,b3,d7,df,e3,a7,70,dd,66,\

bf,e8,e7,3e,a5,6f,9b,df,d6,1d,ee,b1,c8,30,50,9e,fb,25,c4,d4,7b,c5,75,28,7e,\

21,35,12,6f,2b,7c,82,fd,18,32,9d,40,5b,ed,f6,9e,89,3d,04,26,e0,7f,76,f5,db,\

54,76,66,59,5c,0a,65,e8,12,fb,d3,57,5e,83,cf,cb,c3,be,92,63,8a,a5,45,1b,8a,\

59,94,c1,27,ba,e3,f9,6e,9c,e9,43,59,5d,67,05,55,19,0e,97,fe,ad,19,4c,b0,45,\

b2,a3,32,bd,d2,5b,c2,5a,37,37,ae,a3,e7,69,87,da,14,9d,66,6f,83,9e,35,fe,98,\

c5,9e,0d,ae,11,24,b1,72,7a,fe,9c,1c,30,26,6f,35,1a,46,9e,f8,d1,50,91,b2,3f,\

ed,08,80,70,83,80,9a,04,aa,3a,7e,fd,5c,8b,2a,3a,54,0e,f2,be,4f,4f,8e,19,2b,\

8f,8f,a7,82,49,1c,de,6a,03,8e,10,fe,25,30,00,b4,3c,14,e4,9b,88,66,7b,66,02,\

96,ac,29,58,71,be,76,42,e4,86,01,36,05,4d,0f,aa,1f,60,a9,69,b4,83,ad,33,e5,\

7f,10,d3,32,4d,f1,08,71,2a,ba,e0,10,78,08,69,45,f8,64,4b,92,81,95,44,39,ac,\

24,f7,17,35,de,bb,4f,23,92,6c,fb,78,a9,54,22,da,30,9a,a7,9c,cf,0b,e3,bc,2d,\

e2,33,00,73,d2,cd,d8,7a,d2,c5,d8,6a,d2,fd,e8

"rkeysecu"=hex:23,20,fc,61,f3,eb,2b,67,6e,14,1a,94,39,03,a7,1e

.

--------------------- DLLs Geladen Onder Lopende Processen ---------------------

- - - - - - - > 'winlogon.exe'(1676)

c:\windows\system32\avldr.dll

c:\program files\common files\logitech\bluetooth\LBTWlgn.dll

c:\program files\common files\logitech\bluetooth\LBTServ.dll

.

------------------------ Andere Aktieve Processen ------------------------

.

c:\program files\Panda Security\Panda Global Protection 2009\TPSrv.exe

c:\program files\a-squared Anti-Malware\a2service.exe

c:\program files\Sitecom\IVT BlueSoleil\BTNtService.exe

c:\windows\system32\nvsvc32.exe

c:\program files\Panda Security\Panda Global Protection 2009\PsCtrlS.exe

c:\program files\Panda Security\Panda Global Protection 2009\PavFnSvr.exe

c:\program files\Common Files\Panda Security\PavShld\PavPrSrv.exe

c:\windows\system32\HPZipm12.exe

c:\windows\system32\PnkBstrA.exe

c:\program files\Panda Security\Panda Global Protection 2009\PsImSvc.exe

c:\windows\system32\tcpsvcs.exe

c:\windows\system32\snmp.exe

c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

c:\program files\Panda Security\Panda Global Protection 2009\PAVSRV51.EXE

c:\program files\Panda Security\Panda Global Protection 2009\AVENGINE.EXE

c:\program files\Panda Security\Panda Global Protection 2009\FIREWALL\PSHost.exe

c:\program files\Panda Security\Panda Global Protection 2009\PavBckPT.exe

c:\windows\system32\wscntfy.exe

c:\program files\HP\Digital Imaging\bin\hpqste08.exe

.

**************************************************************************

.

Voltooingstijd: 2009-01-06 21:34:35 - machine werd herstart [Eldritch]

ComboFix-quarantined-files.txt 2009-01-06 20:34:33

Pre-Run: 80,811,257,856 bytes beschikbaar

Post-Run: 80,741,666,816 bytes beschikbaar

714 --- E O F --- 2008-12-18 19:01:16

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 21:45:34, on 6/01/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16762)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Windows Defender\MsMpEng.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Panda Security\Panda Global Protection 2009\TPSrv.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\a-squared Anti-Malware\a2service.exe

C:\Program Files\Sitecom\IVT BlueSoleil\BTNtService.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Program Files\Panda Security\Panda Global Protection 2009\PsCtrls.exe

C:\Program Files\Panda Security\Panda Global Protection 2009\PavFnSvr.exe

C:\Program Files\Common Files\Panda Security\PavShld\pavprsrv.exe

C:\WINDOWS\system32\HPZipm12.exe

C:\WINDOWS\system32\PnkBstrA.exe

C:\Program Files\Panda Security\Panda Global Protection 2009\PsImSvc.exe

C:\Program Files\Panda Security\Panda Global Protection 2009\PskSvc.exe

C:\WINDOWS\system32\tcpsvcs.exe

C:\WINDOWS\System32\snmp.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

C:\Program Files\Panda Security\Panda Global Protection 2009\pavsrv51.exe

C:\Program Files\Panda Security\Panda Global Protection 2009\AVENGINE.EXE

c:\program files\panda security\panda global protection 2009\firewall\PSHOST.EXE

C:\WINDOWS\system32\RUNDLL32.EXE

C:\WINDOWS\system32\rundll32.exe

C:\Program Files\Logitech\Profiler\lwemon.exe

C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe

C:\Program Files\Panda Security\Panda Global Protection 2009\PavBckPT.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe

C:\WINDOWS\explorer.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\WINDOWS\system32\NOTEPAD.EXE

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mysystemexpert.com/search.htm

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.mysystemexpert.com/search.htm

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://pac.telenet.be:8080

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll

O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Security\Panda Global Protection 2009\APVXDWIN.EXE" /s

O4 - HKLM\..\Run: [sCANINICIO] "C:\Program Files\Panda Security\Panda Global Protection 2009\Inicio.exe"

O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE

O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE

O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [a-squared] "C:\Program Files\a-squared Anti-Malware\a2guard.exe"

O4 - HKCU\..\Run: [start WingMan Profiler] "C:\Program Files\Logitech\Profiler\lwemon.exe" /noui

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe

O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1225874385406

O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll

O23 - Service: a-squared Anti-Malware Service (a2AntiMalware) - Emsi Software GmbH - C:\Program Files\a-squared Anti-Malware\a2service.exe

O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\Sitecom\IVT BlueSoleil\BTNtService.exe

O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe

O23 - Service: Google Desktop Manager 5.7.806.10245 (GoogleDesktopManager-061008-081103) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Panda Software Controller - Panda Security, S.L. - C:\Program Files\Panda Security\Panda Global Protection 2009\PsCtrls.exe

O23 - Service: Panda Function Service (PAVFNSVR) - Panda Security, S.L. - C:\Program Files\Panda Security\Panda Global Protection 2009\PavFnSvr.exe

O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Security, S.L. - C:\Program Files\Common Files\Panda Security\PavShld\pavprsrv.exe

O23 - Service: Panda On-Access Anti-Malware Service (PAVSRV) - Panda Security, S.L. - C:\Program Files\Panda Security\Panda Global Protection 2009\pavsrv51.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

O23 - Service: Panda Host Service (PSHost) - Panda Software International - c:\program files\panda security\panda global protection 2009\firewall\PSHOST.EXE

O23 - Service: Panda IManager Service (PSIMSVC) - Panda Security S.L. - C:\Program Files\Panda Security\Panda Global Protection 2009\PsImSvc.exe

O23 - Service: Panda PSK service (PskSvcRetail) - Panda Security, S.L. - C:\Program Files\Panda Security\Panda Global Protection 2009\PskSvc.exe

O23 - Service: Panda TPSrv (TPSrv) - Panda Security, S.L. - C:\Program Files\Panda Security\Panda Global Protection 2009\TPSrv.exe

O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

O23 - Service: UPnPService - Magix AG - C:\Program Files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe

--

End of file - 9094 bytes

Dank reeds

Eldritch

  • 4 weken later...
Geplaatst:

Open een kladblokbestand.

Kopieer en plak daarin de onderstaande vetgedrukte tekst.

File::

c:\program files\Adware Away 3.0.1.cw

c:\documents and settings\ccsetup215.exe

c:\windows\NV3308236.TMP

c:\windows\system32\tmpCD.tmp

c:\windows\system32\tmpCC.tmp

c:\windows\aqrd60258.exe

c:\windows\jqog00568.exe

c:\windows\folgv0017.exe

c:\windows\sinnm01381.exe

c:\windows\srox36232.exe

c:\windows\pn8.exe

c:\windows\system32\dixqtlzmgsuz.exe

c:\windows\SwSys2.bmp

c:\windows\SwSys1.bmp

c:\windows\Tasks\ErrorFix Scan.job

c:\program files\ErrorFix\ErrorFix.exe

Folder::

c:\documents and settings\All Users\Application Data\252BF

c:\documents and settings\All Users\Application Data\242EE

c:\documents and settings\All Users\Application Data\10CB

c:\documents and settings\All Users\Application Data\269C

c:\documents and settings\All Users\Application Data\15D

c:\documents and settings\All Users\Application Data\A3C8

c:\documents and settings\All Users\Application Data\D32C

c:\documents and settings\All Users\Application Data\55D

c:\documents and settings\All Users\Application Data\13128

c:\documents and settings\All Users\Application Data\13D8

c:\documents and settings\All Users\Application Data\1A399

c:\documents and settings\All Users\Application Data\C3C8

c:\program files\ErrorFix

Sla dit bestand op je bureaublad op als CFScript.txt.

Sleep CFScript.txt in ComboFix.exe

Dit zal ComboFix doen herstarten. Start opnieuw op als dat gevraagd wordt.

Post na herstart de inhoud van de Combofix.txt in je volgende bericht samen met een nieuw logje van HijackThis.

  • 2 weken later...
Geplaatst:

Bij gebrek aan reactie sluiten we dit onderwerp af. Mocht u dit topic terug willen openen, geef dan een seintje aan één van de moderators.

Gast
Dit topic is nu gesloten voor nieuwe reacties.
×
×
  • Nieuwe aanmaken...

Belangrijke informatie

We hebben cookies geplaatst op je toestel om deze website voor jou beter te kunnen maken. Je kunt de cookie instellingen aanpassen, anders gaan we er van uit dat het goed is om verder te gaan.