Ga naar inhoud

[OPGELOST] Windows Xp Een HiJackThis logje


Aanbevolen berichten

Open een kladblokbestand.

Kopieer en plak daarin de onderstaande vetgedrukte tekst.

File::

c:\windows\system32\mlhlyscbxmglzvb.exe

c:\windows\system32\nsz11BB.dll

Folder::

c:\program files\BearShare

c:\program files\LimeWire

Sla dit bestand op je bureaublad op als CFScript.txt.

Sleep CFScript.txt in ComboFix.exe

Dit zal ComboFix doen herstarten. Start opnieuw op als dat gevraagd wordt.

Post na herstart de inhoud van de Combofix.txt in je volgende bericht samen met een nieuw logje van HijackThis.

ComboFix 09-05-09.01 - golf1gti 10/05/2009 15:55.2 - NTFSx86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.32.1043.18.1022.506 [GMT 2:00]

Gestart vanuit: c:\documents and settings\golf1gti\Bureaublad\ComboFix.exe

gebruikte Opdracht switches :: c:\documents and settings\golf1gti\Bureaublad\CFScript.txt

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated)

FW: Norton Internet Worm Protection *disabled*

FILE ::

c:\windows\system32\mlhlyscbxmglzvb.exe

c:\windows\system32\nsz11BB.dll

.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\program files\BearShare

c:\program files\BearShare\BearShare.dat

c:\program files\BearShare\db\config.bin

c:\program files\BearShare\db\gwebcache.dat

c:\program files\BearShare\db\Hostiles-Chat.txt

c:\program files\BearShare\db\Hostiles.txt

c:\program files\BearShare\db\library.2.db-journal.bak

c:\program files\BearShare\db\library.2.db

c:\program files\BearShare\db\library.2.db.lastgoodload.bak

c:\program files\BearShare\db\library.db-journal.bak

c:\program files\BearShare\db\library.db

c:\program files\BearShare\db\library.db.lastgoodload.bak

c:\program files\BearShare\db\library.db.sync

c:\program files\BearShare\db\searches.ini

c:\program files\BearShare\db\TMP106E.tmp

c:\program files\BearShare\db\TMP1185.tmp

c:\program files\BearShare\db\TMP377.tmp

c:\program files\BearShare\db\TMP513.tmp

c:\program files\BearShare\FreePeers.ini

c:\program files\BearShare\Logs\console.txt

c:\program files\BearShare\Logs\hosts-state.txt

c:\program files\BearShare\Logs\memory.txt

c:\program files\BearShare\Logs\ordinal.txt

c:\program files\BearShare\Logs\streams.txt

c:\program files\BearShare\proinstall2.ini

c:\program files\BearShare\Temp\092414.tmp

c:\program files\BearShare\Temp\44010A5.tmp

c:\program files\BearShare\Temp\TMP(Arabic) v Mature - Amateur Xxx Arab Lebanon Sex Sehr Weibliche Figur Guter Orgasmus Sagenhafte Fotze (Homemade Video).mpeg

c:\program files\BearShare\Temp\TMP(pthc) 7yo crystal pleasuring her pretty child cunt! masturbation, preteen pedo lolita r@ygold.dat

c:\program files\BearShare\Temp\TMP(pthc) 7yo crystal pleasuring her pretty child cunt! masturbation, preteen pedo lolita r@ygold.dat.bak

c:\program files\BearShare\Temp\TMP(pthc) 7yo crystal pleasuring her pretty child cunt! masturbation, preteen pedo lolita r@ygold.mpg

c:\program files\BearShare\Temp\TMP(pthc) 7yo crystal pleasuring her pretty child cunt! masturbation, preteen pedo lolita r@ygold.tiger

c:\program files\BearShare\Temp\TMP13 yr incest brother and two sisters Daddy Fucks Daughter If you want to know me email me jb270752@yahoo.com lolita pedo **** xxx incest blowjob suck.dat

c:\program files\BearShare\Temp\TMP13 yr incest brother and two sisters Daddy Fucks Daughter If you want to know me email me jb270752@yahoo.com lolita pedo **** xxx incest blowjob suck.dat.bak

c:\program files\BearShare\Temp\TMP13 yr incest brother and two sisters Daddy Fucks Daughter If you want to know me email me jb270752@yahoo.com lolita pedo **** xxx incest blowjob suck.mpg

c:\program files\BearShare\Temp\TMP13 yr incest brother and two sisters Daddy Fucks Daughter If you want to know me email me jb270752@yahoo.com lolita pedo **** xxx incest blowjob suck.tiger

c:\program files\BearShare\Temp\TMP2 real little Teen Girls (Goth) NUDE in park very sexy- FKK PJK Nudist - free sex stories black movies *** pics teen scat virgin teen video nude girls **** young women big pedo rape incest girl taboo ggw cum m.dat

c:\program files\BearShare\Temp\TMP2 real little Teen Girls (Goth) NUDE in park very sexy- FKK PJK Nudist - free sex stories black movies *** pics teen scat virgin teen video nude girls **** young women big pedo rape incest girl taboo ggw cum m.dat.bak

c:\program files\BearShare\Temp\TMP2 real little Teen Girls (Goth) NUDE in park very sexy- FKK PJK Nudist - free sex stories black movies *** pics teen scat virgin teen video nude girls **** young women big pedo rape incest girl taboo ggw cum m.jpg

c:\program files\BearShare\Temp\TMP50 cent get up dirty (unplugged version).dat

c:\program files\BearShare\Temp\TMP50 cent get up dirty (unplugged version).dat.bak

c:\program files\BearShare\Temp\TMP50 cent get up dirty (unplugged version).mp3

c:\program files\BearShare\Temp\TMP50 cent get up dirty (unplugged version).tiger

c:\program files\BearShare\Temp\TMPArsch Grotten (Die Reichen Omas Von Paris) - Old Ladies Extreme - (Young Men Fuck Good Looking Mature Women - Extreme Oral Anal Vaginal Dp's Fisting & Pissing Sex)(Xxx German ****).avi

c:\program files\BearShare\Temp\TMPArsch Grotten (Die Reichen Omas Von Paris) - Old Ladies Extreme - (Young Men Fuck Good Looking Mature Women - Extreme Oral Anal Vaginal Dp's Fisting & Pissing Sex)(Xxx German ****).dat

c:\program files\BearShare\Temp\TMPArsch Grotten (Die Reichen Omas Von Paris) - Old Ladies Extreme - (Young Men Fuck Good Looking Mature Women - Extreme Oral Anal Vaginal Dp's Fisting & Pissing Sex)(Xxx German ****).dat.bak

c:\program files\BearShare\Temp\TMPEminem feat. Nate Dogg - Shake That Ass.dat

c:\program files\BearShare\Temp\TMPEminem feat. Nate Dogg - Shake That Ass.dat.bak

c:\program files\BearShare\Temp\TMPEminem feat. Nate Dogg - Shake That Ass.mp3

c:\program files\BearShare\Temp\TMPExploited Moms - Dalny Marga.mpg

c:\program files\BearShare\Temp\TMPExploited Moms - Dana - same slut as in MyFirstSexTeacher - Mrs.Hayes.mpeg

c:\program files\BearShare\Temp\TMPExploited Moms - Paige.dat.bak

c:\program files\BearShare\Temp\TMPExploited Moms - Paige.mpg

c:\program files\BearShare\Temp\TMPExploited Moms - Paige.tiger

c:\program files\BearShare\Temp\TMP*** **** - 3 Military Boys having bareback sex hot *** video triple fucking 20 min video.dat

c:\program files\BearShare\Temp\TMP*** **** - 3 Military Boys having bareback sex hot *** video triple fucking 20 min video.dat.bak

c:\program files\BearShare\Temp\TMPHELL YES!!!!!!!! 17Yr Boyfriend Getting 16 Yr Girlfriend Pregnant (Lolita Child Preteen Doggyfuck, Lolita, Sex, ****, Hentai, Manga, Rape, Anime).dat.bak

c:\program files\BearShare\Temp\TMPJojo - The High Road - 05 - Anything.dat

c:\program files\BearShare\Temp\TMPJojo - The High Road - 05 - Anything.dat.bak

c:\program files\BearShare\Temp\TMPJojo - The High Road - 05 - Anything.mp3

c:\program files\BearShare\Temp\TMPLady GaGa ft. Colby O'Donis & Akon - Just Dance .dat

c:\program files\BearShare\Temp\TMPLady GaGa ft. Colby O'Donis & Akon - Just Dance .dat.bak

c:\program files\BearShare\Temp\TMPLady GaGa ft. Colby O'Donis & Akon - Just Dance .mp3

c:\program files\BearShare\Temp\TMPLady GaGa ft. Colby O'Donis & Akon - Just Dance .tiger

c:\program files\BearShare\Temp\TMPNicole Scherzinger ft. T.I. - Whatever U Like (Dirty).dat

c:\program files\BearShare\Temp\TMPNicole Scherzinger ft. T.I. - Whatever U Like (Dirty).dat.bak

c:\program files\BearShare\Temp\TMPNicole Scherzinger ft. T.I. - Whatever U Like (Dirty).mp3

c:\program files\BearShare\Temp\TMPNicole Scherzinger ft. T.I. - Whatever U Like (Dirty).tiger

c:\program files\LimeWire

c:\program files\LimeWire\.NetworkShare\LimeWireWin5.1.2.exe

c:\program files\LimeWire\Buy LimeWire PRO.url

c:\program files\LimeWire\COPYING

c:\program files\LimeWire\data.ser

c:\program files\LimeWire\inspection.props

c:\program files\LimeWire\install.log

c:\program files\LimeWire\language.prop

c:\program files\LimeWire\lib\additional_resources.jar

c:\program files\LimeWire\lib\aopalliance.jar

c:\program files\LimeWire\lib\AppFramework.jar

c:\program files\LimeWire\lib\base64-2.2.2.jar

c:\program files\LimeWire\lib\clink.jar

c:\program files\LimeWire\lib\commons-codec-1.3.jar

c:\program files\LimeWire\lib\commons-logging.jar

c:\program files\LimeWire\lib\commons-math-1.2.jar

c:\program files\LimeWire\lib\daap.jar

c:\program files\LimeWire\lib\dnsjava-2.0.6.jar

c:\program files\LimeWire\lib\EventBus-1.2b.jar

c:\program files\LimeWire\lib\gettext-commons.jar

c:\program files\LimeWire\lib\glazedlists-1.7.0_java15.jar

c:\program files\LimeWire\lib\guice-assistedinject-snapshot.jar

c:\program files\LimeWire\lib\guice-snapshot.jar

c:\program files\LimeWire\lib\hashes

c:\program files\LimeWire\lib\hsqldb.jar

c:\program files\LimeWire\lib\httpclient-4.0-beta1.jar

c:\program files\LimeWire\lib\httpcore-4.0-beta2.jar

c:\program files\LimeWire\lib\httpcore-nio-4.0-beta2.jar

c:\program files\LimeWire\lib\icu4j.jar

c:\program files\LimeWire\lib\iTunes-0.0.1.jar

c:\program files\LimeWire\lib\jacob-1.14.1-x64.dll

c:\program files\LimeWire\lib\jacob-1.14.1-x86.dll

c:\program files\LimeWire\lib\jacob-1.14.1.jar

c:\program files\LimeWire\lib\jaudiotagger.jar

c:\program files\LimeWire\lib\jcip-annotations.jar

c:\program files\LimeWire\lib\jcraft.jar

c:\program files\LimeWire\lib\jdic.dll

c:\program files\LimeWire\lib\jdic.jar

c:\program files\LimeWire\lib\jdic_stub.jar

c:\program files\LimeWire\lib\jflac.jar

c:\program files\LimeWire\lib\jl.jar

c:\program files\LimeWire\lib\jmdns.jar

c:\program files\LimeWire\lib\jna.jar

c:\program files\LimeWire\lib\jogg.jar

c:\program files\LimeWire\lib\jorbis.jar

c:\program files\LimeWire\lib\jxlayer.jar

c:\program files\LimeWire\lib\LimeWire.ico

c:\program files\LimeWire\lib\LimeWire.jar

c:\program files\LimeWire\lib\log4j.jar

c:\program files\LimeWire\lib\log4j.properties

c:\program files\LimeWire\lib\messages.jar

c:\program files\LimeWire\lib\miglayout.jar

c:\program files\LimeWire\lib\mozdom4java.jar

c:\program files\LimeWire\lib\MozillaGlue-1.9.jar

c:\program files\LimeWire\lib\MozillaInterfaces-1.9.jar

c:\program files\LimeWire\lib\mozswing.jar

c:\program files\LimeWire\lib\mp3spi.jar

c:\program files\LimeWire\lib\onion-common.jar

c:\program files\LimeWire\lib\onion-fec.jar

c:\program files\LimeWire\lib\smack.jar

c:\program files\LimeWire\lib\smackx-debug.jar

c:\program files\LimeWire\lib\smackx.jar

c:\program files\LimeWire\lib\swing-worker-1.1.jar

c:\program files\LimeWire\lib\swingx-0.9.4.jar

c:\program files\LimeWire\lib\SystemUtilities.dll

c:\program files\LimeWire\lib\SystemUtilitiesA.dll

c:\program files\LimeWire\lib\tritonus.jar

c:\program files\LimeWire\lib\vorbisspi.jar

c:\program files\LimeWire\LimeWire On Startup.lnk

c:\program files\LimeWire\LimeWire.exe

c:\program files\LimeWire\LimeWire.ico

c:\program files\LimeWire\pmf.ico

c:\program files\LimeWire\root\magnet10\badge.img

c:\program files\LimeWire\root\magnet10\canHandle.img

c:\program files\LimeWire\root\magnet10\limewire.gif

c:\program files\LimeWire\root\magnet10\options.js

c:\program files\LimeWire\root\magnet10\silentdetect.js

c:\program files\LimeWire\SOURCE

c:\program files\LimeWire\spacer.gif

c:\program files\LimeWire\uninstall.exe

c:\program files\LimeWire\unpack.log

c:\windows\system32\mlhlyscbxmglzvb.exe

c:\windows\system32\nsz11BB.dll

.

(((((((((((((((((((( Bestanden Gemaakt van 2009-04-10 to 2009-05-10 ))))))))))))))))))))))))))))))

.

2009-05-08 16:04 . 2009-05-08 16:04 -------- d-----w c:\program files\MSECache

2009-05-03 12:12 . 2009-05-03 12:12 -------- d-----w c:\documents and settings\golf1gti\Application Data\Malwarebytes

2009-05-03 12:12 . 2009-04-06 13:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys

2009-05-03 12:12 . 2009-04-06 13:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys

2009-05-03 12:12 . 2009-05-03 12:12 -------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes

2009-05-03 12:12 . 2009-05-03 12:59 -------- d-----w c:\program files\Malwarebytes' Anti-Malware

2009-05-02 13:43 . 2009-05-06 20:25 -------- d-----w c:\documents and settings\golf1gti\Application Data\LimeWire

2009-05-01 17:50 . 2009-05-02 17:42 -------- d--h--w C:\$AVG8.VAULT$

2009-05-01 17:40 . 2009-05-01 17:40 11952 ----a-w c:\windows\system32\avgrsstx.dll

2009-05-01 17:40 . 2009-05-01 17:40 108552 ----a-w c:\windows\system32\drivers\avgtdix.sys

2009-05-01 17:40 . 2009-05-01 17:40 325896 ----a-w c:\windows\system32\drivers\avgldx86.sys

2009-05-01 17:40 . 2009-05-09 15:10 -------- d-----w c:\windows\system32\drivers\Avg

2009-05-01 17:40 . 2009-05-01 17:46 -------- d-----w c:\documents and settings\golf1gti\Application Data\AVGTOOLBAR

2009-05-01 17:40 . 2009-05-01 17:40 -------- d-----w c:\program files\AVG

2009-05-01 17:40 . 2009-05-03 12:53 -------- d-----w c:\documents and settings\All Users\Application Data\avg8

2009-05-01 17:20 . 2009-05-01 17:20 -------- d-sh--w c:\documents and settings\golf1gti\IECompatCache

2009-05-01 17:19 . 2009-05-01 17:19 -------- d-sh--w c:\documents and settings\golf1gti\PrivacIE

2009-05-01 17:17 . 2009-05-01 17:17 -------- d-sh--w c:\documents and settings\LocalService\IETldCache

2009-05-01 17:17 . 2009-05-01 17:17 -------- d-sh--w c:\documents and settings\golf1gti\IETldCache

2009-05-01 17:15 . 2009-05-01 17:15 -------- d-----w c:\program files\Trend Micro

2009-05-01 17:11 . 2009-05-01 17:11 -------- d-----w c:\windows\ie8updates

2009-05-01 17:10 . 2009-02-28 04:55 105984 ------w c:\windows\system32\dllcache\iecompat.dll

2009-05-01 17:08 . 2009-05-01 17:09 -------- dc-h--w c:\windows\ie8

2009-05-01 16:58 . 2009-05-01 16:57 410984 ----a-w c:\windows\system32\deploytk.dll

2009-05-01 14:02 . 2009-05-01 14:02 -------- d-----w c:\documents and settings\LocalService\Bureaublad

2009-05-01 13:57 . 2009-05-01 13:52 15688 ----a-w c:\windows\system32\lsdelete.exe

2009-05-01 13:52 . 2009-05-01 13:52 64160 ----a-w c:\windows\system32\drivers\Lbd.sys

2009-05-01 13:51 . 2009-05-01 13:51 -------- dc-h--w c:\documents and settings\All Users\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}

2009-05-01 13:50 . 2009-05-01 13:50 -------- d-----w c:\program files\Lavasoft

2009-05-01 13:50 . 2009-05-01 13:52 -------- d-----w c:\documents and settings\All Users\Application Data\Lavasoft

2009-04-15 18:26 . 2009-02-06 10:10 227840 ------w c:\windows\system32\dllcache\wmiprvse.exe

2009-04-15 18:26 . 2009-03-06 14:23 285696 ------w c:\windows\system32\dllcache\pdh.dll

2009-04-15 18:26 . 2009-02-09 11:27 111104 ------w c:\windows\system32\dllcache\services.exe

2009-04-15 18:26 . 2009-02-09 10:56 401408 ------w c:\windows\system32\dllcache\rpcss.dll

2009-04-15 18:26 . 2009-02-09 10:56 473600 ------w c:\windows\system32\dllcache\fastprox.dll

2009-04-15 18:26 . 2009-02-09 10:56 684544 ------w c:\windows\system32\dllcache\advapi32.dll

2009-04-15 18:26 . 2009-02-09 10:56 734208 ------w c:\windows\system32\dllcache\lsasrv.dll

2009-04-15 18:26 . 2009-02-09 10:56 453120 ------w c:\windows\system32\dllcache\wmiprvsd.dll

2009-04-15 18:26 . 2009-02-09 10:56 735744 ------w c:\windows\system32\dllcache\ntdll.dll

2009-04-15 18:25 . 2008-04-21 21:16 218624 ------w c:\windows\system32\dllcache\wordpad.exe

2009-04-11 07:23 . 2009-04-11 07:23 85657 ----a-w c:\windows\system32\1247fb58-e922-9a08-e7b3-76853ff35fc9.exe

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-05-01 16:59 . 2006-08-04 13:29 -------- d-----w c:\program files\Common Files\Symantec Shared

2009-05-01 16:57 . 2006-08-04 12:45 -------- d-----w c:\program files\Java

2009-05-01 13:55 . 2006-12-18 11:22 49 ----a-w c:\documents and settings\golf1gti\Application Data\internaldb41.dat

2009-05-01 13:55 . 2006-12-18 11:21 379 ----a-w c:\documents and settings\golf1gti\Application Data\internaldb1942.dat

2009-05-01 13:55 . 2006-12-18 11:21 20480 ----a-w c:\documents and settings\golf1gti\Application Data\internaldb4827.dat

2009-05-01 13:15 . 2007-05-10 18:45 523 ----a-w c:\documents and settings\golf1gti\Application Data\internaldb6500.dat

2009-04-16 17:44 . 2004-12-03 03:15 71562 ----a-w c:\windows\system32\perfc013.dat

2009-04-16 17:44 . 2004-12-03 03:15 446808 ----a-w c:\windows\system32\perfh013.dat

2009-04-04 13:43 . 2009-03-29 16:56 -------- d-----w c:\program files\Spyware Doctor

2009-03-29 20:20 . 2009-03-29 20:16 -------- d-----w c:\program files\Angle Interactive

2009-03-29 20:20 . 2006-08-04 13:15 -------- d--h--w c:\program files\InstallShield Installation Information

2009-03-08 02:34 . 2004-08-03 21:00 914944 ----a-w c:\windows\system32\wininet.dll

2009-03-08 02:34 . 2004-08-03 21:00 43008 ----a-w c:\windows\system32\licmgr10.dll

2009-03-08 02:33 . 2004-08-03 21:00 18944 ----a-w c:\windows\system32\corpol.dll

2009-03-08 02:33 . 2004-08-03 21:00 420352 ----a-w c:\windows\system32\vbscript.dll

2009-03-08 02:32 . 2004-08-03 21:00 72704 ----a-w c:\windows\system32\admparse.dll

2009-03-08 02:32 . 2004-08-03 21:00 71680 ----a-w c:\windows\system32\iesetup.dll

2009-03-08 02:31 . 2004-08-03 21:00 34816 ----a-w c:\windows\system32\imgutil.dll

2009-03-08 02:31 . 2004-08-03 21:00 48128 ----a-w c:\windows\system32\mshtmler.dll

2009-03-08 02:31 . 2004-08-03 21:00 45568 ----a-w c:\windows\system32\mshta.exe

2009-03-08 02:22 . 2004-08-03 21:00 156160 ----a-w c:\windows\system32\msls31.dll

2009-03-06 14:23 . 2004-08-03 21:00 285696 ----a-w c:\windows\system32\pdh.dll

2009-02-09 14:08 . 2004-08-03 21:00 1846912 ----a-w c:\windows\system32\win32k.sys

2007-06-18 17:44 . 2007-06-18 17:44 1681459 ----a-w c:\program files\205898_672_1165252694266-photofiltre.exe

.

((((((((((((((((((((((((((((( SnapShot@2009-05-03_16.59.50 )))))))))))))))))))))))))))))))))))))))))

.

+ 2009-05-10 13:58 . 2009-05-10 13:58 16384 c:\windows\Temp\Perflib_Perfdata_53c.dat

+ 2009-05-08 16:05 . 2009-05-08 16:05 38240 c:\windows\Installer\{90120000-0020-0413-0000-0000000FF1CE}\O12ConvIcon.exe

+ 2004-12-03 03:12 . 2009-05-08 18:50 172280 c:\windows\system32\FNTCACHE.DAT

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"msnmsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]

"updateMgr"="c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2005-08-18 307200]

"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-31 7634944]

"PCMService"="c:\program files\CyberLink\PowerCinema\PCMService.exe" [2006-02-24 147456]

"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2005-07-22 237568]

"HPBootOp"="c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2006-02-15 249856]

"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2006-08-04 180269]

"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-05-01 148888]

"VX1000"="c:\windows\vVX1000.exe" [2006-10-13 707376]

"LifeCam"="c:\program files\Microsoft LifeCam\LifeExp.exe" [2006-10-13 277296]

"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-11 49152]

"KBD"="c:\hp\KBD\KBD.EXE" [2005-02-02 61440]

"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-03-13 81920]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-09-06 413696]

"Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 583048]

"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-05-01 516440]

"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-05-01 1947928]

"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.EXE [2006-03-08 16010240]

"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2006-10-31 1622016]

c:\documents and settings\Default User\Menu Start\Programma's\Opstarten\

Pin.lnk - c:\hp\bin\CLOAKER.EXE [2006-8-4 27136]

c:\documents and settings\golf1gti\Menu Start\Programma's\Opstarten\

Pin.lnk - c:\hp\bin\CLOAKER.EXE [2006-8-4 27136]

c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\

HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-3-11 210520]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]

2009-05-01 17:40 11952 ----a-w c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]

@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\CyberLink\\PowerCinema\\PowerCinema.exe"=

"c:\\Program Files\\CyberLink\\PowerCinema\\PCMService.exe"=

"c:\\Program Files\\Messenger\\msmsgs.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=

"c:\\Program Files\\Microsoft LifeCam\\LifeExp.exe"=

"c:\\Program Files\\Microsoft LifeCam\\LifeCam.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

"c:\\Program Files\\BearFlix\\bearflix.exe"=

"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=

"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [1/05/2009 15:52 64160]

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [1/05/2009 19:40 325896]

R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [1/05/2009 19:40 108552]

R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [1/05/2009 19:40 298776]

R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [9/03/2009 21:06 953168]

R2 SDPASVC;SDPAUMS server service;c:\windows\system32\sdpasvc.exe -service --> c:\windows\system32\sdpasvc.exe -service [?]

R3 3xHybrid;3xHybrid service;c:\windows\system32\drivers\3xHybrid.sys [4/08/2006 14:58 2825088]

R3 USB-100;Realtek RTL8150 USB 10/100 Fast Ethernet Adapter;c:\windows\system32\drivers\RTL8150.SYS [22/10/2006 10:29 27519]

S0 ivcuoexs;ivcuoexs;c:\windows\system32\drivers\acavwfxy.dat --> c:\windows\system32\drivers\acavwfxy.dat [?]

S3 WN5301;LIteon Wireless PCI Network Adapter Service;c:\windows\system32\drivers\wn5301.sys [4/08/2006 14:57 468768]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]

"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

.

Inhoud van de 'Gedeelde Taken' map

2009-05-01 c:\windows\Tasks\Ad-Aware Update (Weekly).job

- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-03-09 13:52]

2009-05-10 c:\windows\Tasks\User_Feed_Synchronization-{2A0DA24D-AA20-4C2A-B15E-D460333D9918}.job

- c:\windows\system32\msfeedssync.exe [2006-10-17 02:31]

.

.

------- Bijkomende Scan -------

.

uStart Page = hxxp://www.cleaned.be/

uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=NL_BE&c=63&bd=PAVILION&pf=desktop

mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=NL_BE&c=63&bd=PAVILION&pf=desktop

uInternet Connection Wizard,ShellNext = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=NL_BE&c=63&bd=PAVILION&pf=desktop

IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

DPF: RaptisoftGameLoader - hxxp://www.miniclip.com/games/hamsterball/en/raptisoftgameloader.cab

DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://game02.zylom.com/activex/zylomgamesplayer.cab

.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-05-10 15:59

Windows 5.1.2600 Service Pack 3 NTFS

scannen van verborgen processen ...

scannen van verborgen autostart items ...

scannen van verborgen bestanden ...

Scan succesvol afgerond

verborgen bestanden: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ivcuoexs]

"ImagePath"="system32\drivers\acavwfxy.dat"

.

--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|ù•9~*]

"3140211900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"

.

--------------------- DLLs Geladen Onder Lopende Processen ---------------------

- - - - - - - > 'explorer.exe'(3608)

c:\windows\system32\nview.dll

c:\windows\system32\NVWRSNL.DLL

c:\windows\system32\ieframe.dll

c:\windows\system32\nvwddi.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

------------------------ Andere Aktieve Processen ------------------------

.

c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

c:\program files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe

c:\program files\CyberLink\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe

c:\program files\AVG\AVG8\avgrsx.exe

c:\progra~1\AVG\AVG8\avgnsx.exe

c:\program files\Java\jre6\bin\jqs.exe

c:\program files\Common Files\LightScribe\LSSrvc.exe

c:\program files\Microsoft LifeCam\MSCamS32.exe

c:\windows\system32\nvsvc32.exe

c:\windows\system32\sdpasvc.exe

c:\program files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe

c:\program files\Microsoft LifeCam\LifeTray.exe

c:\windows\system32\wbem\unsecapp.exe

c:\windows\system32\rundll32.exe

c:\program files\AVG\AVG8\avgtray.exe

c:\program files\HP\Digital Imaging\bin\hpqste08.exe

.

**************************************************************************

.

Voltooingstijd: 2009-05-10 16:05 - machine werd herstart

ComboFix-quarantined-files.txt 2009-05-10 14:04

ComboFix2.txt 2009-05-03 17:01

Pre-Run: 216.521.412.608 bytes beschikbaar

Post-Run: 217.231.212.544 bytes beschikbaar

391 --- E O F --- 2009-04-30 23:00

Groetjes, Dorien

Link naar reactie
Delen op andere sites

Gast
Dit topic is nu gesloten voor nieuwe reacties.
×
×
  • Nieuwe aanmaken...

Belangrijke informatie

We hebben cookies geplaatst op je toestel om deze website voor jou beter te kunnen maken. Je kunt de cookie instellingen aanpassen, anders gaan we er van uit dat het goed is om verder te gaan.