Vraag & Antwoord

Beveiliging & privacy

Hardnekkige spyware

13 antwoorden
  • Hallo, Ik heb erg last van moeilijk te verwijderen spyware. Ik heb hitmanpro eroplos gelaten maar die loopt vast. Spybot kon ook niet de spyware verwijderen. Zouden jullie me kunnen helpen? Ik heb een logje hijackthis. (Na moeite verkregen omdat het telkens vast liep) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 13:59:29, on 10-10-2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\WINDOWS\SOUNDMAN.EXE C:\WINDOWS\ALCWZRD.EXE C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe c:\program files\mcafee.com\agent\mcagent.exe c:\progra~1\mcafee.com\vso\mcvsescn.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe C:\Program Files\QuickTime\QTTask.exe C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE C:\Program Files\DriveCleaner Free\UDC.exe C:\Program Files\Common Files\DriveCleaner Free\udcwap.exe C:\WINDOWS\TEMP\win5937.tmp.exe C:\WINDOWS\mgrs.exe C:\WINDOWS\system32\ctfmon.exe c:\program files\mcafee.com\agent\mcdetect.exe c:\PROGRA~1\mcafee.com\agent\mctskshd.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe C:\Program Files\Eset\nod32krn.exe C:\Program Files\iFinger\iFinger.exe C:\Program Files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe C:\Program Files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe C:\Program Files\Microsoft Office\Office\1043\OLFSNT40.EXE C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe c:\PROGRA~1\mcafee.com\vso\mcshield.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O2 - BHO: (no name) - {029e02f0-a0e5-4b19-b958-7bf2db29fb13} - (no file) O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {2d7cb618-cc1c-4126-a7e3-f5b12d3bcf71} - (no file) O2 - BHO: Need2Find Bar BHO - {4D1C4E81-A32A-416b-BCDB-33B3EF3617D3} - C:\Program Files\Need2Find\bar\2.bin\ND2FNBAR.DLL O2 - BHO: (no name) - {51641ef3-8a7a-4d84-8659-b0911e947cc8} - (no file) O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: (no name) - {54645654-2225-4455-44A1-9F4543D34546} - (no file) O2 - BHO: (no name) - {618A7E6F-ECD2-B05A-A640-9C2B559283BB} - C:\WINDOWS\system32\grsltzs.dll O2 - BHO: (no name) - {669695bc-a811-4a9d-8cdf-ba8c795f261e} - (no file) O2 - BHO: (no name) - {6abc861a-31e7-4d91-b43b-d3c98f22a5c0} - (no file) O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: iFinger plugin / Browser helper object - {A114D52B-870C-4F15-8021-B6D7F91A054B} - C:\PROGRA~1\iFinger\plugins\IE.ifp O2 - BHO: (no name) - {a4a435cf-3583-11d4-91bd-0048546a1450} - (no file) O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll O2 - BHO: GLN - {B4E7CAAB-6535-4243-99BD-F12350B584A2} - (no file) O2 - BHO: (no name) - {b8875bfe-b021-11d4-bfa8-00508b8e9bd3} - (no file) O2 - BHO: (no name) - {c2680e10-1655-4a0e-87f8-4259325a84b7} - (no file) O2 - BHO: (no name) - {ca1d1b05-9c66-11d5-a009-000103c1e50b} - (no file) O2 - BHO: (no name) - {D1159422-16E3-462F-A93D-FB718E100408} - C:\WINDOWS\system32\d3dxim.dll O2 - BHO: oembios32.msdn_hlp - {D79E1D43-C805-40EF-8ACB-DFFB17E9A4AF} - C:\WINDOWS\system32\oembios32.dll O2 - BHO: (no name) - {d8efadf1-9009-11d6-8c73-608c5dc19089} - (no file) O2 - BHO: (no name) - {e9306072-417e-43e3-81d5-369490beef7c} - (no file) O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [Snelkoppeling naar eigenschappenvenster voor High Definition Audio] HDAudPropShortcut.exe O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe" O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" O4 - HKLM\..\Run: [IJNetworkScanUtility] C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE O4 - HKLM\..\Run: [DriveCleaner Free] "C:\Program Files\DriveCleaner Free\UDC.exe" /min O4 - HKLM\..\Run: [WA6PM_Check] "C:\Program Files\Common Files\DriveCleaner Free\udcwap.exe" O4 - HKLM\..\Run: [avp] C:\WINDOWS\TEMP\win5937.tmp.exe O4 - HKLM\..\Run: [smgr] mgrs.exe O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe" O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1 O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [Cact] "C:\WINDOWS\system32\SSTEM3~1\mmc.exe" -vt ndrv O4 - HKCU\..\Run: [Qtobie] C:\WINDOWS\system32\??stem32\?hkdsk.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Adobe Reader Snelle start.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: iFinger 2.0.lnk = C:\Program Files\iFinger\iFinger.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O4 - Global Startup: Picture Package Menu.lnk = ? O4 - Global Startup: Picture Package VCD Maker.lnk = ? O4 - Global Startup: Poort voor Symantec Fax Starter Edition.lnk = C:\Program Files\Microsoft Office\Office\1043\OLFSNT40.EXE O8 - Extra context menu item: &Search - http://kw.bar.need2find.com/KW/menusearch.html?p=KW O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll O9 - Extra button: iFinger - {936E5D60-596C-11D3-BB96-00600816DF55} - C:\WINDOWS\system32\SHDOCVW.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - https://download.macromedia.com/pub/shockwave/cabs/director/sw.cab O16 - DPF: {31032508-5443-11D2-8150-0060080BE220} (NATBrowser) - file://C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\NATBrowser.ocx O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by121fd.bay121.hotmail.msn.com/resources/MsnPUpld.cab O16 - DPF: {9FFCDEC6-3906-11D2-8131-0060080BE220} (Three Ships FileIO Control) - file://C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\ThreeShipsFileIO.ocx O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.5 Control) - http://cache.hyves.nl/statics/Aurigma/ImageUploader.cab O16 - DPF: {A1F2F2CE-06AF-483C-9F12-D3BAA72477D6} (BatchDownloader Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/PhotoSwap/DigWXMSN.cab O16 - DPF: {A792BC36-6B4E-11D3-97B1-00500460FA55} (NATGrid) - file://C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\NATGrid.ocx O16 - DPF: {B08126A6-3BFF-11D2-8133-0060080BE220} (ThreeShips FileBrowser) - file://C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\ThreeShipsFileBrowser.ocx O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game01.zylom.com/activex/zylomgamesplayer.cab O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/1d/player.virtools.com/downloads/player/Install2.1/Installer.exe O20 - Winlogon Notify: bccefdcedffb - C:\WINDOWS\system32\bccefdcedffb.dll O20 - Winlogon Notify: winrnt32 - C:\WINDOWS\SYSTEM32\winrnt32.dll O20 - Winlogon Notify: wudb - C:\WINDOWS\system32\wudb.dll O22 - SharedTaskScheduler: za - {D1159422-16E3-462F-A93D-FB718E100408} - C:\WINDOWS\system32\d3dxim.dll O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - McAfee, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe O24 - Desktop Component 0: (no name) - http://jufroos.waarbenjij.nu/files/waarbenjij.nu/j/jufroos/457b19b67ed34306398488/file95584694.jpg Alvast bedankt!
  • Leuke verzameling :cry: Ga naar start --> configuratiescherm --> software en verwijder daar de volgende programma's, [b:9c1b63cc2d]indien aanwezig[/b:9c1b63cc2d]: [b:9c1b63cc2d] DriveCleaner Free Hitman Pro inclusief al zijn componenten, nod32, spyware doctor etc. [/b:9c1b63cc2d] Herstart je computer. Download [url=http://download.bleepingcomputer.com/sUBs/Beta/ComboFix.exe]Combofix[/url] naar je Bureaublad. [list:9c1b63cc2d] Dubbelklik [b:9c1b63cc2d]Combofix.exe[/b:9c1b63cc2d] Volg de instructies, aanvaard de disclaimer door "[b:9c1b63cc2d]1[/b:9c1b63cc2d]" te typen en te bevestigen via "[b:9c1b63cc2d]Enter[/b:9c1b63cc2d]". Tijdens het runnen van de fix, [b:9c1b63cc2d]NIET[/b:9c1b63cc2d] in het venster klikken, want dit zal je pc doen vasthangen.[/list:u:9c1b63cc2d] Wanneer de fix voltooid is en na herstart, zal de log combofix.txt openen. [i:9c1b63cc2d]Plaats deze log in je volgende post samen met een nieuw HijackThis log.[/i:9c1b63cc2d] [b:9c1b63cc2d]Note:[/b:9c1b63cc2d] Indien je virusscanner reageert tijdens het downloaden of gebruik van Combofix, mag je dit negeren. succes!
  • Drivecleaner kreeg ik niet verwijderd :( Hier heb je een logje van combofix ComboFix 07-10-11.5 - Administrator 2007-10-11 15:14:12.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1043.18.589 [GMT 2:00] Gestart vanuit: C:\Documents and Settings\Administrator\Bureaublad\ComboFix.exe * Nieuw herstelpunt werd aangemaakt . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Documents and Settings\Administrator\Application Data\DriveCleaner Free C:\Documents and Settings\Administrator\Application Data\DriveCleaner Free\Logs\update.log C:\Documents and Settings\Administrator\Application Data\DriveCleaner Free\Logs\update.log C:\Documents and Settings\Administrator\Bureaublad\DriveCleaner Free.lnk C:\Documents and Settings\Administrator\err.log C:\Documents and Settings\Administrator\Menu Start\Programma's\Outerinfo C:\Documents and Settings\Administrator\Menu Start\Programma's\Outerinfo\Terms.lnk C:\Documents and Settings\Administrator\Menu Start\Programma's\Outerinfo\Uninstall.lnk C:\Documents and Settings\Administrator\ResErrors.log C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CnsMin.zip C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CnsMin1.zip C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CnsMin2.zip C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CnsMin3.zip C:\Documents and Settings\All Users\Menu Start\Programma's.\DriveCleaner Free C:\Documents and Settings\All Users\Menu Start\Programma's.\DriveCleaner Free\Deinstallieren DriveCleaner.lnk C:\Documents and Settings\All Users\Menu Start\Programma's.\DriveCleaner Free\DriveCleaner Online Anleitung.lnk C:\Documents and Settings\All Users\Menu Start\Programma's.\DriveCleaner Free\DriveCleaner Online Hilfe.lnk C:\Documents and Settings\All Users\Menu Start\Programma's.\DriveCleaner Free\DriveCleaner Startseite.lnk C:\Documents and Settings\All Users\Menu Start\Programma's.\DriveCleaner Free\DriveCleaner.lnk C:\Documents and Settings\All Users\Menu Start\Programma's\DriveCleaner Free\Deinstallieren DriveCleaner.lnk C:\Documents and Settings\All Users\Menu Start\Programma's\DriveCleaner Free\DriveCleaner Online Anleitung.lnk C:\Documents and Settings\All Users\Menu Start\Programma's\DriveCleaner Free\DriveCleaner Online Hilfe.lnk C:\Documents and Settings\All Users\Menu Start\Programma's\DriveCleaner Free\DriveCleaner Startseite.lnk C:\Documents and Settings\All Users\Menu Start\Programma's\DriveCleaner Free\DriveCleaner.lnk C:\Program Files\3721 C:\Program Files\3721\assist\asbar.dll C:\Program Files\3721\helper.dll C:\Program Files\Accoona C:\Program Files\Accoona\ASearchAssist.dll C:\Program Files\akl C:\Program Files\akl\akl.dll C:\Program Files\akl\akl.exe C:\Program Files\akl\curlog.htm C:\Program Files\akl\keylog.txt C:\Program Files\akl\readme.txt C:\Program Files\akl\uninstall.exe C:\Program Files\akl\unsetup.dat C:\Program Files\akl\unsetup.exe C:\Program Files\amsys C:\Program Files\amsys\awmsg.dat C:\Program Files\amsys\guid.dat C:\Program Files\amsys\ijl15.dll C:\Program Files\amsys\mfc42.dll C:\Program Files\amsys\msvcrt.dll C:\Program Files\amsys\unins000.dat C:\Program Files\amsys\unis000.exe C:\Program Files\amsys\winam.dat C:\Program Files\Common Files\drivecleaner free C:\Program Files\Common Files\drivecleaner free\udcwap.exe C:\Program Files\Common Files\Yazzle1162OinAdmin.exe C:\Program Files\Common Files\Yazzle1162OinUninstaller.exe C:\Program Files\DriveCleaner Free C:\Program Files\DriveCleaner Free\Activate.dat C:\Program Files\DriveCleaner Free\Appbase\AE_CD_Cr.dat C:\Program Files\DriveCleaner Free\Appbase\AReadr4.dat C:\Program Files\DriveCleaner Free\Appbase\AReadr5.dat C:\Program Files\DriveCleaner Free\Appbase\ASDSEEpv.dat C:\Program Files\DriveCleaner Free\Appbase\ASPack.dat C:\Program Files\DriveCleaner Free\Appbase\Babylon.dat C:\Program Files\DriveCleaner Free\Appbase\BDelphi5.dat C:\Program Files\DriveCleaner Free\Appbase\CatchUp.dat C:\Program Files\DriveCleaner Free\Appbase\CBuildr5.dat C:\Program Files\DriveCleaner Free\Appbase\CCGA.dat C:\Program Files\DriveCleaner Free\Appbase\CManager.dat C:\Program Files\DriveCleaner Free\Appbase\CuteFTP4.dat C:\Program Files\DriveCleaner Free\Appbase\CuteHTML.dat C:\Program Files\DriveCleaner Free\Appbase\DAcceler.dat C:\Program Files\DriveCleaner Free\Appbase\DiscJug.dat C:\Program Files\DriveCleaner Free\Appbase\ECDCreat4.dat C:\Program Files\DriveCleaner Free\Appbase\Far.dat C:\Program Files\DriveCleaner Free\Appbase\FFTsks.dat C:\Program Files\DriveCleaner Free\Appbase\FlashFXP.dat C:\Program Files\DriveCleaner Free\Appbase\FrntPage.dat C:\Program Files\DriveCleaner Free\Appbase\FrontPEx.dat C:\Program Files\DriveCleaner Free\Appbase\FtpEXP.dat C:\Program Files\DriveCleaner Free\Appbase\FtpVoya.dat C:\Program Files\DriveCleaner Free\Appbase\GetRight.dat C:\Program Files\DriveCleaner Free\Appbase\GoZilla.dat C:\Program Files\DriveCleaner Free\Appbase\GravMRU.dat C:\Program Files\DriveCleaner Free\Appbase\H_TxtPad.dat C:\Program Files\DriveCleaner Free\Appbase\HomeSite.dat C:\Program Files\DriveCleaner Free\Appbase\HotDogPr.dat C:\Program Files\DriveCleaner Free\Appbase\IconExtr.dat C:\Program Files\DriveCleaner Free\Appbase\iMesh.dat C:\Program Files\DriveCleaner Free\Appbase\ImgReady3.dat C:\Program Files\DriveCleaner Free\Appbase\InsShExp.dat C:\Program Files\DriveCleaner Free\Appbase\JASC_P_P.dat C:\Program Files\DriveCleaner Free\Appbase\KaZaA.dat C:\Program Files\DriveCleaner Free\Appbase\LView.dat C:\Program Files\DriveCleaner Free\Appbase\MacDir.dat C:\Program Files\DriveCleaner Free\Appbase\MacDrWea.dat C:\Program Files\DriveCleaner Free\Appbase\MicAng.dat C:\Program Files\DriveCleaner Free\Appbase\MicDes.dat C:\Program Files\DriveCleaner Free\Appbase\MM_CON.dat C:\Program Files\DriveCleaner Free\Appbase\MMUnDisk.dat C:\Program Files\DriveCleaner Free\Appbase\Morpheus.dat C:\Program Files\DriveCleaner Free\Appbase\MPaint.dat C:\Program Files\DriveCleaner Free\Appbase\MPicPub.dat C:\Program Files\DriveCleaner Free\Appbase\MPImaGal.dat C:\Program Files\DriveCleaner Free\Appbase\MSExplorer.dat C:\Program Files\DriveCleaner Free\Appbase\MSoffice.dat C:\Program Files\DriveCleaner Free\Appbase\MSRegEdit.dat C:\Program Files\DriveCleaner Free\Appbase\MSWMP.dat C:\Program Files\DriveCleaner Free\Appbase\MSWordPad.dat C:\Program Files\DriveCleaner Free\Appbase\Nero.dat C:\Program Files\DriveCleaner Free\Appbase\NetShow.dat C:\Program Files\DriveCleaner Free\Appbase\NTBackup.dat C:\Program Files\DriveCleaner Free\Appbase\pfilelst.xda C:\Program Files\DriveCleaner Free\Appbase\PhotShel.dat C:\Program Files\DriveCleaner Free\Appbase\PHPCoder.dat C:\Program Files\DriveCleaner Free\Appbase\PowerZIP.dat C:\Program Files\DriveCleaner Free\Appbase\RapidBr.dat C:\Program Files\DriveCleaner Free\Appbase\RealAuPl.dat C:\Program Files\DriveCleaner Free\Appbase\RealDown.dat C:\Program Files\DriveCleaner Free\Appbase\SecurCRT.dat C:\Program Files\DriveCleaner Free\Appbase\SL_BlWin.dat C:\Program Files\DriveCleaner Free\Appbase\SmartClr.dat C:\Program Files\DriveCleaner Free\Appbase\Sonique.dat C:\Program Files\DriveCleaner Free\Appbase\StuffIt.dat C:\Program Files\DriveCleaner Free\Appbase\TelepPro.dat C:\Program Files\DriveCleaner Free\Appbase\UGifAnim.dat C:\Program Files\DriveCleaner Free\Appbase\UltraEd.dat C:\Program Files\DriveCleaner Free\Appbase\UMedStud.dat C:\Program Files\DriveCleaner Free\Appbase\UPhImpV.dat C:\Program Files\DriveCleaner Free\Appbase\UPhotoEx.dat C:\Program Files\DriveCleaner Free\Appbase\UVidStud.dat C:\Program Files\DriveCleaner Free\Appbase\VNC.dat C:\Program Files\DriveCleaner Free\Appbase\WebFeret.dat C:\Program Files\DriveCleaner Free\Appbase\WebReap.dat C:\Program Files\DriveCleaner Free\Appbase\WinACE.dat C:\Program Files\DriveCleaner Free\Appbase\WinGate.dat C:\Program Files\DriveCleaner Free\Appbase\WinRAR.dat C:\Program Files\DriveCleaner Free\Appbase\WinZIP.dat C:\Program Files\DriveCleaner Free\Appbase\WiseInst.dat C:\Program Files\DriveCleaner Free\Appbase\wordslst.xda C:\Program Files\DriveCleaner Free\Appbase\YahooPl.dat C:\Program Files\DriveCleaner Free\Appbase\ZipMagic.dat C:\Program Files\DriveCleaner Free\atl71.dll C:\Program Files\DriveCleaner Free\AV.dat C:\Program Files\DriveCleaner Free\bnlink.dat C:\Program Files\DriveCleaner Free\diagnosis.dat C:\Program Files\DriveCleaner Free\err.log C:\Program Files\DriveCleaner Free\InstHelp.exe C:\Program Files\DriveCleaner Free\lapv.dat C:\Program Files\DriveCleaner Free\license.rtf C:\Program Files\DriveCleaner Free\manual.url C:\Program Files\DriveCleaner Free\mfc71.dll C:\Program Files\DriveCleaner Free\msvcp71.dll C:\Program Files\DriveCleaner Free\msvcr71.dll C:\Program Files\DriveCleaner Free\pv.dat C:\Program Files\DriveCleaner Free\pv.exe C:\Program Files\DriveCleaner Free\readme.rtf C:\Program Files\DriveCleaner Free\remnag.dat C:\Program Files\DriveCleaner Free\ResErrors.log C:\Program Files\DriveCleaner Free\ScanReport.dat C:\Program Files\DriveCleaner Free\Schedule.dat C:\Program Files\DriveCleaner Free\sr.log C:\Program Files\DriveCleaner Free\support.url C:\Program Files\DriveCleaner Free\UDC.exe C:\Program Files\DriveCleaner Free\UDC.xml C:\Program Files\DriveCleaner Free\UDC6M.url C:\Program Files\DriveCleaner Free\UDCPChk.dll C:\Program Files\DriveCleaner Free\unins000.dat C:\Program Files\DriveCleaner Free\unins000.exe C:\Program Files\DriveCleaner Free\uninstall.ico C:\Program Files\DriveCleaner Free\up.dat C:\Program Files\DriveCleaner Free\updater.dat C:\Program Files\DriveCleaner Free\vbpv.dat C:\Program Files\e-zshopper C:\Program Files\e-zshopper\BarLcher.dll C:\Program Files\outerinfo C:\Program Files\outerinfo\Terms.rtf C:\Program Files\p2pnetworks C:\Program Files\p2pnetworks\amp2pl.exe C:\WINDOWS\764.exe C:\WINDOWS\7search.dll C:\WINDOWS\aconti.exe C:\WINDOWS\adbar.dll C:\WINDOWS\cbinst$.exe C:\WINDOWS\daxtime.dll C:\WINDOWS\dp0.dll C:\WINDOWS\eventlowg.dll C:\WINDOWS\fhfmm-Uninstaller.exe C:\WINDOWS\fhfmm.exe C:\WINDOWS\flt.dll C:\WINDOWS\Fonts\acrsec.fon C:\WINDOWS\Fonts\acrsecI.fon C:\WINDOWS\hcwprn.exe C:\WINDOWS\hotporn.exe C:\WINDOWS\ie_32.exe C:\WINDOWS\iexplorr23.dll C:\WINDOWS\jd2002.dll C:\WINDOWS\kkcomp$.exe C:\WINDOWS\kkcomp.dll C:\WINDOWS\kkcomp.exe C:\WINDOWS\kvnab$.exe C:\WINDOWS\kvnab.dll C:\WINDOWS\kvnab.exe C:\WINDOWS\liqad$.exe C:\WINDOWS\liqad.dll C:\WINDOWS\liqad.exe C:\WINDOWS\liqui-Uninstaller.exe C:\WINDOWS\liqui.dll C:\WINDOWS\liqui.exe C:\WINDOWS\mgrs.exe C:\WINDOWS\ngd.dll C:\WINDOWS\pbar.dll C:\WINDOWS\pbsysie.dll C:\WINDOWS\settn.dll C:\WINDOWS\spredirect.dll C:\WINDOWS\system32\drivers\bg_bg.gif C:\WINDOWS\system32\drivers\blank.gif C:\WINDOWS\system32\drivers\box_1.gif C:\WINDOWS\system32\drivers\box_2.gif C:\WINDOWS\system32\drivers\box_3.gif C:\WINDOWS\system32\drivers\button_buynow.gif C:\WINDOWS\system32\drivers\button_freescan.gif C:\WINDOWS\system32\drivers\cell_bg.gif C:\WINDOWS\system32\drivers\cell_footer.gif C:\WINDOWS\system32\drivers\cell_header_block.gif C:\WINDOWS\system32\drivers\cell_header_remove.gif C:\WINDOWS\system32\drivers\cell_header_scan.gif C:\WINDOWS\system32\drivers\close_ico.gif C:\WINDOWS\system32\drivers\detect.htm C:\WINDOWS\system32\drivers\download_box.gif C:\WINDOWS\system32\drivers\download_btn.jpg C:\WINDOWS\system32\drivers\download_now_btn.gif C:\WINDOWS\system32\drivers\footer_back.jpg C:\WINDOWS\system32\drivers\header_1.gif C:\WINDOWS\system32\drivers\header_2.gif C:\WINDOWS\system32\drivers\header_3.gif C:\WINDOWS\system32\drivers\header_4.gif C:\WINDOWS\system32\drivers\header_red_bg.gif C:\WINDOWS\system32\drivers\header_red_free_scan.gif C:\WINDOWS\system32\drivers\header_red_free_scan_bg.gif C:\WINDOWS\system32\drivers\header_red_protect_your_pc.gif C:\WINDOWS\system32\drivers\icon_warning_big.gif C:\WINDOWS\system32\drivers\infected.gif C:\WINDOWS\system32\drivers\main_back.gif C:\WINDOWS\system32\drivers\perfect_cleaner_box.jpg C:\WINDOWS\system32\drivers\product_1_header.gif C:\WINDOWS\system32\drivers\product_1_name_small.gif C:\WINDOWS\system32\drivers\product_2_header.gif C:\WINDOWS\system32\drivers\product_2_name_small.gif C:\WINDOWS\system32\drivers\product_3_header.gif C:\WINDOWS\system32\drivers\product_3_name_small.gif C:\WINDOWS\system32\drivers\product_features.gif C:\WINDOWS\system32\drivers\pt.htm C:\WINDOWS\system32\drivers\rating.gif C:\WINDOWS\system32\drivers\remove_spyware_header.gif C:\WINDOWS\system32\drivers\s_detect.htm C:\WINDOWS\system32\drivers\screenshot.jpg C:\WINDOWS\system32\drivers\sep_hor.gif C:\WINDOWS\system32\drivers\sep_vert.gif C:\WINDOWS\system32\drivers\shadow.jpg C:\WINDOWS\system32\drivers\shadow_bg.gif C:\WINDOWS\system32\drivers\spacer.gif C:\WINDOWS\system32\drivers\spy_away_box.jpg C:\WINDOWS\system32\drivers\spyware_detected.gif C:\WINDOWS\system32\drivers\star.gif C:\WINDOWS\system32\drivers\star_gray.gif C:\WINDOWS\system32\drivers\star_gray_small.gif C:\WINDOWS\system32\drivers\star_small.gif C:\WINDOWS\system32\drivers\style.css C:\WINDOWS\system32\drivers\v.gif C:\WINDOWS\system32\drivers\warning_ico.gif C:\WINDOWS\system32\drivers\warning_icon.gif C:\WINDOWS\system32\drivers\win_logo.gif C:\WINDOWS\system32\drivers\x.gif C:\WINDOWS\system32\drivers\yellow_warning_ico.gif C:\WINDOWS\system32\ESHOPEE.exe C:\WINDOWS\system32\gln.dll C:\WINDOWS\system32\grsltzs.dll C:\WINDOWS\system32\gtv_sd.bin C:\WINDOWS\system32\msole32.exe C:\WINDOWS\system32\nusrmgr.exe C:\WINDOWS\system32\oembios32.dll C:\WINDOWS\system32\sstem3~1 C:\WINDOWS\system32\sstem3~1\mmc.exe C:\WINDOWS\system32\stem32~1 C:\WINDOWS\system32\stem32~1\?hkdsk.exe C:\WINDOWS\system32\vxddsk.exe C:\WINDOWS\system32\wapiisv32.exe C:\WINDOWS\system32\winrnt32.dll C:\WINDOWS\system32\wml.exe C:\WINDOWS\Temp\.exe C:\WINDOWS\vxddsk.exe C:\WINDOWS\wbeCheck.exe C:\WINDOWS\wbeInst$.exe C:\WINDOWS\winh32.exe C:\WINDOWS\wml.exe C:\WINDOWS\xadbrk.dll C:\WINDOWS\xadbrk.exe C:\WINDOWS\xadbrk_.exe C:\WINDOWS\xxxvideo.exe . (((((((((((((((((((( Bestanden Gemaakt van 2007-09-11 to 2007-10-11 )))))))))))))))))))))))))))))) . 2007-10-11 15:12 51,200 --a------ C:\WINDOWS\NirCmd.exe 2007-10-10 13:50 <DIR> d-------- C:\Program Files\Trend Micro 2007-10-08 09:20 4 --a------ C:\WINDOWS\system32\stfv.bin 2007-10-08 09:17 <DIR> d-------- C:\WINDOWS\system32\acespy 2007-10-08 09:17 32,512 --a------ C:\WINDOWS\system32\ace16win.dll 2007-10-06 16:31 560 --a------ C:\Documents and Settings\Administrator\Application Data\ViewerApp.dat 2007-10-06 16:30 90,800 -ra------ C:\WINDOWS\system32\drivers\se2Bunic.sys 2007-10-06 16:30 4,128 -ra------ C:\WINDOWS\system32\drivers\se2Bcr.sys 2007-10-06 16:26 61,600 -ra------ C:\WINDOWS\system32\drivers\SE2Bbus.sys 2007-10-06 16:26 5,872 -ra------ C:\WINDOWS\system32\drivers\SE2Bwhnt.sys 2007-10-06 16:26 5,872 -ra------ C:\WINDOWS\system32\drivers\se2Bwh.sys 2007-09-23 13:09 <DIR> d-------- C:\WINDOWS\uninstall\CCRP5 Integrated Development Environment 2007-09-23 13:09 <DIR> d-------- C:\WINDOWS\uninstall 2007-09-23 13:09 <DIR> d-------- C:\Program Files\CCRP5 2007-09-23 13:07 <DIR> d-------- C:\Program Files\ROBOTER 2007-09-23 13:07 112,128 --a------ C:\WINDOWS\system32\CmCtlDE.dll 2007-09-23 13:07 33,792 --a------ C:\WINDOWS\system32\CmDlgDE.dll 2007-09-23 13:07 13,824 --a------ C:\WINDOWS\system32\MSComDE.dll 2007-09-23 13:07 10,752 --a------ C:\WINDOWS\system32\FlxGdDE.dll 2007-09-13 21:46 49,536 -ra------ C:\WINDOWS\system32\drivers\tiehdusb.sys . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2007-10-11 13:00 --------- d-----w C:\Program Files\iFinger 2007-10-11 13:00 --------- d-----w C:\Program Files\Hitman Pro 2007-10-11 12:59 --------- d-----w C:\Program Files\Webroot 2007-10-11 12:59 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2007-10-11 12:57 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Lavasoft 2007-09-28 13:18 --------- d-----w C:\Program Files\EA SPORTS 2007-09-10 19:07 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Canon 2007-09-04 16:01 --------- d--h--w C:\Program Files\InstallShield Installation Information 2007-09-04 16:01 --------- d-----w C:\Program Files\Kazaa 2007-09-04 15:50 1,761 ----a-w C:\WINDOWS\Fonts\acrsecB.fon 1999-04-06 16:19 99,840 ----a-w C:\Program Files\Common Files\IRAABOUT.DLL 1998-12-09 01:53 70,144 ----a-w C:\Program Files\Common Files\IRAMDMTR.DLL 1998-12-09 01:53 48,640 ----a-w C:\Program Files\Common Files\IRALPTTR.DLL 1998-12-09 01:53 31,744 ----a-w C:\Program Files\Common Files\IRAWEBTR.DLL 1998-12-09 01:53 186,368 ----a-w C:\Program Files\Common Files\IRAREG.DLL 1998-12-09 01:53 17,920 ----a-w C:\Program Files\Common Files\IRASRIAL.DLL 2006-11-25 10:11:34 2,560 --sh--r C:\WINDOWS\system32\fooool.exe . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{00000000-d9e3-4bc6-a0bd-3d0ca4be5271}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{00000012-890e-4aac-afd9-eff6954a34dd}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{029e02f0-a0e5-4b19-b958-7bf2db29fb13}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{06dfedaa-6196-11d5-bfc8-00508b4a487d}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1adbcce8-cf84-441e-9b38-afc7a19c06a4}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2d7cb618-cc1c-4126-a7e3-f5b12d3bcf71}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{51641ef3-8a7a-4d84-8659-b0911e947cc8}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{53C330D6-A4AB-419B-B45D-FD4411C1FEF4}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{54645654-2225-4455-44A1-9F4543D34546}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{669695bc-a811-4a9d-8cdf-ba8c795f261e}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6abc861a-31e7-4d91-b43b-d3c98f22a5c0}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{944864a5-3916-46e2-96a9-a2e84f3f1208}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{a4a435cf-3583-11d4-91bd-0048546a1450}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B4E7CAAB-6535-4243-99BD-F12350B584A2}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{b8875bfe-b021-11d4-bfa8-00508b8e9bd3}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{c2680e10-1655-4a0e-87f8-4259325a84b7}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{c4ca6559-2cf1-48b6-96b2-8340a06fd129}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{c5af2622-8c75-4dfb-9693-23ab7686a456}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ca1d1b05-9c66-11d5-a009-000103c1e50b}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D1159422-16E3-462F-A93D-FB718E100408}] 2007-06-19 22:05 70656 --a------ C:\WINDOWS\system32\d3dxim.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{d8efadf1-9009-11d6-8c73-608c5dc19089}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e9147a0a-a866-4214-b47c-da821891240f}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e9306072-417e-43e3-81d5-369490beef7c}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-03-22 22:05] "Snelkoppeling naar eigenschappenvenster voor High Definition Audio"="HDAudPropShortcut.exe" [2004-03-17 15:10 C:\WINDOWS\system32\Hdaudpropshortcut.exe] "SoundMan"="SOUNDMAN.EXE" [2004-09-23 13:27 C:\WINDOWS\SOUNDMAN.EXE] "AlcWzrd"="ALCWZRD.EXE" [2004-09-24 12:06 C:\WINDOWS\ALCWZRD.EXE] "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50] "RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2003-10-31 19:42] "VSOCheckTask"="c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" [2005-09-22 12:19] "VirusScan Online"="c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe" [2005-03-18 20:28] "MCAgentExe"="c:\PROGRA~1\mcafee.com\agent\mcagent.exe" [2005-09-22 19:29] "MCUpdateExe"="C:\PROGRA~1\mcafee.com\agent\mcupdate.exe" [2006-01-11 13:05] "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2006-03-06 15:13] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe" [2006-12-15 04:23] "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-06-29 06:24] "SSBkgdUpdate"="C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-09-30 01:14] "OpwareSE4"="C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" [2006-03-21 14:19] "IJNetworkScanUtility"="C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE" [2006-06-13 07:39] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 10:03] "NBJ"="C:\Program Files\Ahead\Nero BackItUp\NBJ.exe" [2004-09-22 16:10] "updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 16:45] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-23 20:00] "Cact"="C:\WINDOWS\system32\SSTEM3~1\mmc.exe" [] "Qtobie"="C:\WINDOWS\system32\??stem32\?hkdsk.exe" [] [HKEY_USERS\.default\software\microsoft\windows\currentversion\run] "Spyware Doctor"= C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\ Adobe Reader Snelle start.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-24 00:05:26] Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1999-02-17 21:05:56] Picture Package Menu.lnk - C:\Program Files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe [2006-02-18 12:45:24] Picture Package VCD Maker.lnk - C:\Program Files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe [2006-02-18 12:45:16] Poort voor Symantec Fax Starter Edition.lnk - C:\Program Files\Microsoft Office\Office\1043\OLFSNT40.EXE [1999-04-06 18:20:18] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler] "{D1159422-16E3-462F-A93D-FB718E100408}"= C:\WINDOWS\system32\d3dxim.dll [2007-06-19 22:05 70656] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\bccefdcedffb] C:\WINDOWS\system32\bccefdcedffb.dll 2007-10-09 16:18 93184 C:\WINDOWS\system32\bccefdcedffb.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wudb] C:\WINDOWS\system32\wudb.dll 2007-06-02 23:21 33792 C:\WINDOWS\system32\wudb.dll R1 cdrbsvsd;cdrbsvsd;C:\WINDOWS\system32\drivers\cdrbsvsd.sys R3 NaiFiltr;NaiFiltr;C:\WINDOWS\system32\DRIVERS\NaiFiltr.sys R3 SNCP106;PC Camera (6009 CIF);C:\WINDOWS\system32\DRIVERS\sncp106.sys S3 hwdatacard;HUAWEI Multimedia USB Driver Disk;C:\WINDOWS\system32\DRIVERS\hwusbmdm.sys S3 SE2Bbus;Sony Ericsson Device 043 Driver driver (WDM);C:\WINDOWS\system32\DRIVERS\SE2Bbus.sys S3 se2Bunic;Sony Ericsson Device 043 USB Ethernet Emulation SEMC43 (WDM);C:\WINDOWS\system32\DRIVERS\se2Bunic.sys S3 sonypvs1;Sony Digital Imaging Video2;C:\WINDOWS\system32\DRIVERS\sonypvs1.sys S3 TIEHDUSB;TIEHDUSB;C:\WINDOWS\system32\drivers\tiehdusb.sys . Inhoud van de 'Gedeelde Taken' map "2007-10-03 20:44:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job" . ************************************************************************** catchme 0.3.1169 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-10-11 15:24:31 Windows 5.1.2600 Service Pack 2 NTFS scannen van verborgen processen ... scannen van verborgen autostart items ... scannen van verborgen bestanden ... Scan succesvol afgerond verborgen bestanden: 0 ************************************************************************** . Voltooingstijd: 2007-10-11 15:25:24 - machine was rebooted . --- E O F --- [b:9820b18bb6]Ik heb een nieuwe hijackthis scan + logje [/b:9820b18bb6] Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 15:29:02, on 11-10-2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE c:\program files\mcafee.com\agent\mcdetect.exe c:\PROGRA~1\mcafee.com\agent\mctskshd.exe c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe C:\Program Files\Eset\nod32krn.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\WINDOWS\SOUNDMAN.EXE C:\WINDOWS\ALCWZRD.EXE C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe C:\PROGRA~1\mcafee.com\agent\mcagent.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe C:\Program Files\QuickTime\QTTask.exe c:\progra~1\mcafee.com\vso\mcvsescn.exe C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe C:\Program Files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe C:\Program Files\Microsoft Office\Office\1043\OLFSNT40.EXE c:\PROGRA~1\mcafee.com\vso\mcshield.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\notepad.exe C:\Program Files\Microsoft Office\Office\WINWORD.EXE C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O2 - BHO: (no name) - {00000000-d9e3-4bc6-a0bd-3d0ca4be5271} - (no file) O2 - BHO: (no name) - {00000012-890e-4aac-afd9-eff6954a34dd} - (no file) O2 - BHO: (no name) - {029e02f0-a0e5-4b19-b958-7bf2db29fb13} - (no file) O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {06dfedaa-6196-11d5-bfc8-00508b4a487d} - (no file) O2 - BHO: (no name) - {12F02779-6D88-4958-8AD3-83C12D86ADC7} - (no file) O2 - BHO: (no name) - {1adbcce8-cf84-441e-9b38-afc7a19c06a4} - (no file) O2 - BHO: (no name) - {2d7cb618-cc1c-4126-a7e3-f5b12d3bcf71} - (no file) O2 - BHO: Need2Find Bar BHO - {4D1C4E81-A32A-416b-BCDB-33B3EF3617D3} - C:\Program Files\Need2Find\bar\2.bin\ND2FNBAR.DLL O2 - BHO: (no name) - {51641ef3-8a7a-4d84-8659-b0911e947cc8} - (no file) O2 - BHO: (no name) - {53C330D6-A4AB-419B-B45D-FD4411C1FEF4} - (no file) O2 - BHO: (no name) - {54645654-2225-4455-44A1-9F4543D34546} - (no file) O2 - BHO: (no name) - {669695bc-a811-4a9d-8cdf-ba8c795f261e} - (no file) O2 - BHO: (no name) - {6abc861a-31e7-4d91-b43b-d3c98f22a5c0} - (no file) O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: (no name) - {944864a5-3916-46e2-96a9-a2e84f3f1208} - (no file) O2 - BHO: (no name) - {a4a435cf-3583-11d4-91bd-0048546a1450} - (no file) O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll O2 - BHO: GLN - {B4E7CAAB-6535-4243-99BD-F12350B584A2} - (no file) O2 - BHO: (no name) - {b8875bfe-b021-11d4-bfa8-00508b8e9bd3} - (no file) O2 - BHO: (no name) - {c2680e10-1655-4a0e-87f8-4259325a84b7} - (no file) O2 - BHO: (no name) - {c4ca6559-2cf1-48b6-96b2-8340a06fd129} - (no file) O2 - BHO: (no name) - {c5af2622-8c75-4dfb-9693-23ab7686a456} - (no file) O2 - BHO: (no name) - {ca1d1b05-9c66-11d5-a009-000103c1e50b} - (no file) O2 - BHO: (no name) - {D1159422-16E3-462F-A93D-FB718E100408} - C:\WINDOWS\system32\d3dxim.dll O2 - BHO: (no name) - {d8efadf1-9009-11d6-8c73-608c5dc19089} - (no file) O2 - BHO: (no name) - {e9147a0a-a866-4214-b47c-da821891240f} - (no file) O2 - BHO: (no name) - {e9306072-417e-43e3-81d5-369490beef7c} - (no file) O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [Snelkoppeling naar eigenschappenvenster voor High Definition Audio] HDAudPropShortcut.exe O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe" O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" O4 - HKLM\..\Run: [IJNetworkScanUtility] C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe" O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1 O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [Cact] "C:\WINDOWS\system32\SSTEM3~1\mmc.exe" -vt ndrv O4 - HKCU\..\Run: [Qtobie] C:\WINDOWS\system32\??stem32\?hkdsk.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Adobe Reader Snelle start.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O4 - Global Startup: Picture Package Menu.lnk = ? O4 - Global Startup: Picture Package VCD Maker.lnk = ? O4 - Global Startup: Poort voor Symantec Fax Starter Edition.lnk = C:\Program Files\Microsoft Office\Office\1043\OLFSNT40.EXE O8 - Extra context menu item: &Search - http://kw.bar.need2find.com/KW/menusearch.html?p=KW O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - https://download.macromedia.com/pub/shockwave/cabs/director/sw.cab O16 - DPF: {31032508-5443-11D2-8150-0060080BE220} (NATBrowser) - file://C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\NATBrowser.ocx O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by121fd.bay121.hotmail.msn.com/resources/MsnPUpld.cab O16 - DPF: {9FFCDEC6-3906-11D2-8131-0060080BE220} (Three Ships FileIO Control) - file://C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\ThreeShipsFileIO.ocx O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.5 Control) - http://cache.hyves.nl/statics/Aurigma/ImageUploader.cab O16 - DPF: {A1F2F2CE-06AF-483C-9F12-D3BAA72477D6} (BatchDownloader Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/PhotoSwap/DigWXMSN.cab O16 - DPF: {A792BC36-6B4E-11D3-97B1-00500460FA55} (NATGrid) - file://C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\NATGrid.ocx O16 - DPF: {B08126A6-3BFF-11D2-8133-0060080BE220} (ThreeShips FileBrowser) - file://C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\ThreeShipsFileBrowser.ocx O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game01.zylom.com/activex/zylomgamesplayer.cab O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/1d/player.virtools.com/downloads/player/Install2.1/Installer.exe O20 - Winlogon Notify: bccefdcedffb - C:\WINDOWS\system32\bccefdcedffb.dll O20 - Winlogon Notify: wudb - C:\WINDOWS\system32\wudb.dll O22 - SharedTaskScheduler: za - {D1159422-16E3-462F-A93D-FB718E100408} - C:\WINDOWS\system32\d3dxim.dll O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - McAfee, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe O24 - Desktop Component 0: (no name) - http://jufroos.waarbenjij.nu/files/waarbenjij.nu/j/jufroos/457b19b67ed34306398488/file95584694.jpg -- End of file - 11010 bytes Kan je me hiermee helpen?
  • 1. Ga naar start --> configuratiescherm --> software en verwijder daar: [b:0dcb70500c] Need2Find [/b:0dcb70500c] 2. Open Kladblok, kopiëer en plak het volgende (vetgedrukte tekst) in een leeg venster: [b:0dcb70500c] File:: C:\WINDOWS\system32\d3dxim.dll C:\WINDOWS\system32\stfv.bin C:\WINDOWS\system32\ace16win.dll C:\WINDOWS\system32\fooool.exe C:\WINDOWS\system32\??stem32\?hkdsk.exe C:\WINDOWS\system32\SSTEM3~1\mmc.exe C:\WINDOWS\system32\bccefdcedffb.dll C:\WINDOWS\system32\wudb.dll C:\WINDOWS\system32\bccefdcedffb.dll Registry:: [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{00000000-d9e3-4bc6-a0bd-3d0ca4be5271}] [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{00000012-890e-4aac-afd9-eff6954a34dd}] [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{029e02f0-a0e5-4b19-b958-7bf2db29fb13}] [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{06dfedaa-6196-11d5-bfc8-00508b4a487d}] [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1adbcce8-cf84-441e-9b38-afc7a19c06a4}] [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2d7cb618-cc1c-4126-a7e3-f5b12d3bcf71}] [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{51641ef3-8a7a-4d84-8659-b0911e947cc8}] [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{53C330D6-A4AB-419B-B45D-FD4411C1FEF4}] [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{54645654-2225-4455-44A1-9F4543D34546}] [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{669695bc-a811-4a9d-8cdf-ba8c795f261e}] [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6abc861a-31e7-4d91-b43b-d3c98f22a5c0}] [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{944864a5-3916-46e2-96a9-a2e84f3f1208}] [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{a4a435cf-3583-11d4-91bd-0048546a1450}] [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B4E7CAAB-6535-4243-99BD-F12350B584A2}] [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{b8875bfe-b021-11d4-bfa8-00508b8e9bd3}] [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{c2680e10-1655-4a0e-87f8-4259325a84b7}] [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{c4ca6559-2cf1-48b6-96b2-8340a06fd129}] [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{c5af2622-8c75-4dfb-9693-23ab7686a456}] [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ca1d1b05-9c66-11d5-a009-000103c1e50b}] [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D1159422-16E3-462F-A93D-FB718E100408}] [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{d8efadf1-9009-11d6-8c73-608c5dc19089}] [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e9147a0a-a866-4214-b47c-da821891240f}] [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e9306072-417e-43e3-81d5-369490beef7c}] [-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\bccefdcedffb] [-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wudb] Dirlook:: C:\WINDOWS\system32\SSTEM3~1 C:\WINDOWS\system32\??stem32 Folder:: C:\Program Files\Need2Find [/b:0dcb70500c] Sla dit op op je Bureaublad als [b:0dcb70500c]CFScript.txt[/b:0dcb70500c] Sleep [b:0dcb70500c]CFScript.txt[/b:0dcb70500c] in [b:0dcb70500c]ComboFix.exe[/b:0dcb70500c] zoals getoond in onderstaand voorbeeld : [img:0dcb70500c]http://img.photobucket.com/albums/v666/sUBs/CFScript.gif[/img:0dcb70500c] Dit zal [b:0dcb70500c]ComboFix[/b:0dcb70500c] doen herstarten. Start opnieuw op als daarom gevraagd wordt en post de inhoud van de Combofix.txt in je volgende antwoord samen met een nieuw HijackThislogje. Pim
  • Hier de combofix log: ComboFix 07-10-11.5 - Administrator 2007-10-12 15:47:14.2 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1043.18.587 [GMT 2:00] Gestart vanuit: C:\Documents and Settings\Administrator\Bureaublad\ComboFix.exe Command switches used :: C:\Documents and Settings\Administrator\Bureaublad\CFScript.txt * Nieuw herstelpunt werd aangemaakt FILE:: C:\WINDOWS\system32\ace16win.dll C:\WINDOWS\system32\bccefdcedffb.dll C:\WINDOWS\system32\d3dxim.dll C:\WINDOWS\system32\fooool.exe C:\WINDOWS\system32\SSTEM3~1\mmc.exe C:\WINDOWS\system32\stfv.bin C:\WINDOWS\system32\wudb.dll . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Program Files\Need2Find C:\Program Files\Need2Find\bar\2.bin\ND2FNBAR.DLL C:\Program Files\Need2Find\bar\History\search C:\WINDOWS\system32\ace16win.dll C:\WINDOWS\system32\bccefdcedffb.dll C:\WINDOWS\system32\d3dxim.dll C:\WINDOWS\system32\fooool.exe C:\WINDOWS\system32\stfv.bin C:\WINDOWS\system32\wudb.dll . (((((((((((((((((((( Bestanden Gemaakt van 2007-09-12 to 2007-10-12 )))))))))))))))))))))))))))))) . 2007-10-12 15:35 233,472 --a------ C:\Program Files\Uninstall Need2Find Bar.dll 2007-10-11 15:12 51,200 --a------ C:\WINDOWS\NirCmd.exe 2007-10-10 13:50 <DIR> d-------- C:\Program Files\Trend Micro 2007-10-08 09:17 <DIR> d-------- C:\WINDOWS\system32\acespy 2007-10-06 16:31 560 --a------ C:\Documents and Settings\Administrator\Application Data\ViewerApp.dat 2007-10-06 16:30 90,800 -ra------ C:\WINDOWS\system32\drivers\se2Bunic.sys 2007-10-06 16:30 4,128 -ra------ C:\WINDOWS\system32\drivers\se2Bcr.sys 2007-10-06 16:26 61,600 -ra------ C:\WINDOWS\system32\drivers\SE2Bbus.sys 2007-10-06 16:26 5,872 -ra------ C:\WINDOWS\system32\drivers\SE2Bwhnt.sys 2007-10-06 16:26 5,872 -ra------ C:\WINDOWS\system32\drivers\se2Bwh.sys 2007-09-23 13:09 <DIR> d-------- C:\WINDOWS\uninstall\CCRP5 Integrated Development Environment 2007-09-23 13:09 <DIR> d-------- C:\WINDOWS\uninstall 2007-09-23 13:09 <DIR> d-------- C:\Program Files\CCRP5 2007-09-23 13:07 <DIR> d-------- C:\Program Files\ROBOTER 2007-09-23 13:07 112,128 --a------ C:\WINDOWS\system32\CmCtlDE.dll 2007-09-23 13:07 33,792 --a------ C:\WINDOWS\system32\CmDlgDE.dll 2007-09-23 13:07 13,824 --a------ C:\WINDOWS\system32\MSComDE.dll 2007-09-23 13:07 10,752 --a------ C:\WINDOWS\system32\FlxGdDE.dll 2007-09-13 21:46 49,536 -ra------ C:\WINDOWS\system32\drivers\tiehdusb.sys . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2007-10-11 13:00 --------- d-----w C:\Program Files\iFinger 2007-10-11 13:00 --------- d-----w C:\Program Files\Hitman Pro 2007-10-11 12:59 --------- d-----w C:\Program Files\Webroot 2007-10-11 12:59 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2007-10-11 12:57 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Lavasoft 2007-09-28 13:18 --------- d-----w C:\Program Files\EA SPORTS 2007-09-10 19:07 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Canon 2007-09-04 16:01 --------- d--h--w C:\Program Files\InstallShield Installation Information 2007-09-04 16:01 --------- d-----w C:\Program Files\Kazaa 2007-09-04 15:50 1,761 ----a-w C:\WINDOWS\Fonts\acrsecB.fon 1999-04-06 16:19 99,840 ----a-w C:\Program Files\Common Files\IRAABOUT.DLL 1998-12-09 01:53 70,144 ----a-w C:\Program Files\Common Files\IRAMDMTR.DLL 1998-12-09 01:53 48,640 ----a-w C:\Program Files\Common Files\IRALPTTR.DLL 1998-12-09 01:53 31,744 ----a-w C:\Program Files\Common Files\IRAWEBTR.DLL 1998-12-09 01:53 186,368 ----a-w C:\Program Files\Common Files\IRAREG.DLL 1998-12-09 01:53 17,920 ----a-w C:\Program Files\Common Files\IRASRIAL.DLL . (((((((((((((((((((((((((((((((((((((((((((( Look ))))))))))))))))))))))))))))))))))))))))))))))))))))))))) . ---- Directory of C:\WINDOWS\system32\??stem32 ---- C:\WINDOWS\system32\??stem32\ ---- Directory of C:\WINDOWS\system32\SSTEM3~1 ---- C:\WINDOWS\system32\SSTEM3~1\ ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-03-22 22:05] "Snelkoppeling naar eigenschappenvenster voor High Definition Audio"="HDAudPropShortcut.exe" [2004-03-17 15:10 C:\WINDOWS\system32\Hdaudpropshortcut.exe] "SoundMan"="SOUNDMAN.EXE" [2004-09-23 13:27 C:\WINDOWS\SOUNDMAN.EXE] "AlcWzrd"="ALCWZRD.EXE" [2004-09-24 12:06 C:\WINDOWS\ALCWZRD.EXE] "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50] "RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2003-10-31 19:42] "VSOCheckTask"="c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" [2005-09-22 12:19] "VirusScan Online"="c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe" [2005-03-18 20:28] "MCAgentExe"="c:\PROGRA~1\mcafee.com\agent\mcagent.exe" [2005-09-22 19:29] "MCUpdateExe"="C:\PROGRA~1\mcafee.com\agent\mcupdate.exe" [2006-01-11 13:05] "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2006-03-06 15:13] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe" [2006-12-15 04:23] "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-06-29 06:24] "SSBkgdUpdate"="C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-09-30 01:14] "OpwareSE4"="C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" [2006-03-21 14:19] "IJNetworkScanUtility"="C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE" [2006-06-13 07:39] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 10:03] "NBJ"="C:\Program Files\Ahead\Nero BackItUp\NBJ.exe" [2004-09-22 16:10] "updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 16:45] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-23 20:00] "Cact"="C:\WINDOWS\system32\SSTEM3~1\mmc.exe" [] "Qtobie"="C:\WINDOWS\system32\??stem32\?hkdsk.exe" [] [HKEY_USERS\.default\software\microsoft\windows\currentversion\run] "Spyware Doctor"= C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\ Adobe Reader Snelle start.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-24 00:05:26] Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1999-02-17 21:05:56] Picture Package Menu.lnk - C:\Program Files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe [2006-02-18 12:45:24] Picture Package VCD Maker.lnk - C:\Program Files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe [2006-02-18 12:45:16] Poort voor Symantec Fax Starter Edition.lnk - C:\Program Files\Microsoft Office\Office\1043\OLFSNT40.EXE [1999-04-06 18:20:18] R1 cdrbsvsd;cdrbsvsd;C:\WINDOWS\system32\drivers\cdrbsvsd.sys R3 NaiFiltr;NaiFiltr;C:\WINDOWS\system32\DRIVERS\NaiFiltr.sys R3 SNCP106;PC Camera (6009 CIF);C:\WINDOWS\system32\DRIVERS\sncp106.sys S3 hwdatacard;HUAWEI Multimedia USB Driver Disk;C:\WINDOWS\system32\DRIVERS\hwusbmdm.sys S3 SE2Bbus;Sony Ericsson Device 043 Driver driver (WDM);C:\WINDOWS\system32\DRIVERS\SE2Bbus.sys S3 se2Bunic;Sony Ericsson Device 043 USB Ethernet Emulation SEMC43 (WDM);C:\WINDOWS\system32\DRIVERS\se2Bunic.sys S3 sonypvs1;Sony Digital Imaging Video2;C:\WINDOWS\system32\DRIVERS\sonypvs1.sys S3 TIEHDUSB;TIEHDUSB;C:\WINDOWS\system32\drivers\tiehdusb.sys . Inhoud van de 'Gedeelde Taken' map "2007-10-03 20:44:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job" . ************************************************************************** catchme 0.3.1169 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-10-12 15:51:01 Windows 5.1.2600 Service Pack 2 NTFS scannen van verborgen processen ... scannen van verborgen autostart items ... scannen van verborgen bestanden ... Scan succesvol afgerond verborgen bestanden: 0 ************************************************************************** . Voltooingstijd: 2007-10-12 15:52:43 - machine was rebooted C:\ComboFix2.txt ... 2007-10-11 15:25 . --- E O F --- [b]Hier hijackthis log Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 15:54:23, on 12-10-2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE c:\program files\mcafee.com\agent\mcdetect.exe c:\PROGRA~1\mcafee.com\agent\mctskshd.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\WINDOWS\SOUNDMAN.EXE C:\WINDOWS\ALCWZRD.EXE C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe C:\PROGRA~1\mcafee.com\agent\mcagent.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe c:\progra~1\mcafee.com\vso\mcvsescn.exe C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe C:\Program Files\QuickTime\QTTask.exe C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE C:\Program Files\Eset\nod32krn.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe C:\Program Files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe C:\Program Files\Microsoft Office\Office\1043\OLFSNT40.EXE c:\PROGRA~1\mcafee.com\vso\mcshield.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {12F02779-6D88-4958-8AD3-83C12D86ADC7} - (no file) O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [Snelkoppeling naar eigenschappenvenster voor High Definition Audio] HDAudPropShortcut.exe O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe" O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" O4 - HKLM\..\Run: [IJNetworkScanUtility] C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe" O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1 O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [Cact] "C:\WINDOWS\system32\SSTEM3~1\mmc.exe" -vt ndrv O4 - HKCU\..\Run: [Qtobie] C:\WINDOWS\system32\??stem32\?hkdsk.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Adobe Reader Snelle start.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O4 - Global Startup: Picture Package Menu.lnk = ? O4 - Global Startup: Picture Package VCD Maker.lnk = ? O4 - Global Startup: Poort voor Symantec Fax Starter Edition.lnk = C:\Program Files\Microsoft Office\Office\1043\OLFSNT40.EXE O8 - Extra context menu item: &Search - http://kw.bar.need2find.com/KW/menusearch.html?p=KW O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - https://download.macromedia.com/pub/shockwave/cabs/director/sw.cab O16 - DPF: {31032508-5443-11D2-8150-0060080BE220} (NATBrowser) - file://C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\NATBrowser.ocx O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by121fd.bay121.hotmail.msn.com/resources/MsnPUpld.cab O16 - DPF: {9FFCDEC6-3906-11D2-8131-0060080BE220} (Three Ships FileIO Control) - file://C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\ThreeShipsFileIO.ocx O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.5 Control) - http://cache.hyves.nl/statics/Aurigma/ImageUploader.cab O16 - DPF: {A1F2F2CE-06AF-483C-9F12-D3BAA72477D6} (BatchDownloader Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/PhotoSwap/DigWXMSN.cab O16 - DPF: {A792BC36-6B4E-11D3-97B1-00500460FA55} (NATGrid) - file://C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\NATGrid.ocx O16 - DPF: {B08126A6-3BFF-11D2-8133-0060080BE220} (ThreeShips FileBrowser) - file://C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\ThreeShipsFileBrowser.ocx O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game01.zylom.com/activex/zylomgamesplayer.cab O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/1d/player.virtools.com/downloads/player/Install2.1/Installer.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - McAfee, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe O24 - Desktop Component 0: (no name) - http://jufroos.waarbenjij.nu/files/waarbenjij.nu/j/jufroos/457b19b67ed34306398488/file95584694.jpg -- End of file - 8876 bytes Alvast bedankt!
  • 1. Schakel NOD32 van HitmanPro uit of verwijder deze via start --> configuratiescherm --> software omdat deze anders ruzie gaat maken met je MCafee. 2. Start Hijackthis, Kies voor 'Do a system scan only' en vink onderstaande regels aan: [b:23a9d6b0d9] O2 - BHO: (no name) - {12F02779-6D88-4958-8AD3-83C12D86ADC7} - (no file) O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O4 - HKCU\..\Run: [Cact] "C:\WINDOWS\system32\SSTEM3~1\mmc.exe" -vt ndrv O4 - HKCU\..\Run: [Qtobie] C:\WINDOWS\system32\??stem32\?hkdsk.exe O8 - Extra context menu item: &Search - http://kw.bar.need2find.com/KW/menusearch.html?p=KW O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll (file missing) O16 - DPF: {31032508-5443-11D2-8150-0060080BE220} (NATBrowser) - file://C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\NATBrowser.ocx O16 - DPF: {9FFCDEC6-3906-11D2-8131-0060080BE220} (Three Ships FileIO Control) - file://C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\ThreeShipsFileIO.ocx O16 - DPF: {A792BC36-6B4E-11D3-97B1-00500460FA55} (NATGrid) - file://C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\NATGrid.ocx O16 - DPF: {B08126A6-3BFF-11D2-8133-0060080BE220} (ThreeShips FileBrowser) - file://C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\ThreeShipsFileBrowser.ocx O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game01.zylom.com/activex/zylomgamesplayer.cab O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/1d/player.virtools.com/downloads/player/Install2.1/Installer.exe [/b:23a9d6b0d9] 3. Open Kladblok, kopiëer en plak het volgende (vetgedrukte tekst) in een leeg venster: [b:23a9d6b0d9] File:: C:\Program Files\Uninstall Need2Find Bar.dll C:\WINDOWS\system32\SSTEM3~1\mmc.exe C:\WINDOWS\system32\??stem32\?hkdsk.exe [/b:23a9d6b0d9] Sla dit op op je Bureaublad als [b:23a9d6b0d9]CFScript.txt[/b:23a9d6b0d9] Sleep [b:23a9d6b0d9]CFScript.txt[/b:23a9d6b0d9] in [b:23a9d6b0d9]ComboFix.exe[/b:23a9d6b0d9] zoals getoond in onderstaand voorbeeld : [img:23a9d6b0d9]http://img.photobucket.com/albums/v666/sUBs/CFScript.gif[/img:23a9d6b0d9] Dit zal [b:23a9d6b0d9]ComboFix[/b:23a9d6b0d9] doen herstarten. Start opnieuw op als daarom gevraagd wordt en post de inhoud van de Combofix.txt in je volgende antwoord samen met een nieuw HijackThislogje. Pim
  • Wat ik moest aanvinken heb ik verwijderd
  • [quote:4d1cba22ec="pimvandenderen"]Leuke verzameling :cry: Ga naar start --> configuratiescherm --> software en verwijder daar de volgende programma's, [b:4d1cba22ec]indien aanwezig[/b:4d1cba22ec]: [b:4d1cba22ec] DriveCleaner Free Hitman Pro inclusief al zijn componenten, nod32, spyware doctor etc. [/b:4d1cba22ec] Herstart je computer. Download [url=http://download.bleepingcomputer.com/sUBs/Beta/ComboFix.exe]Combofix[/url] naar je Bureaublad. [list:4d1cba22ec] Dubbelklik [b:4d1cba22ec]Combofix.exe[/b:4d1cba22ec] Volg de instructies, aanvaard de disclaimer door "[b:4d1cba22ec]1[/b:4d1cba22ec]" te typen en te bevestigen via "[b:4d1cba22ec]Enter[/b:4d1cba22ec]". Tijdens het runnen van de fix, [b:4d1cba22ec]NIET[/b:4d1cba22ec] in het venster klikken, want dit zal je pc doen vasthangen.[/list:u:4d1cba22ec] Wanneer de fix voltooid is en na herstart, zal de log combofix.txt openen. [i:4d1cba22ec]Plaats deze log in je volgende post samen met een nieuw HijackThis log.[/i:4d1cba22ec] [b:4d1cba22ec]Note:[/b:4d1cba22ec] Indien je virusscanner reageert tijdens het downloaden of gebruik van Combofix, mag je dit negeren. succes![/quote:4d1cba22ec] wta ik niet snap waarom hitmanpro verwijderen?? is toch een goeie programma met goeie scanners enzo. off is het wat anders tell me pleasss kan ik t ook verwijderen
  • [quote:90137d4309="pimvandenderen"]Leuke verzameling :cry: Ga naar start --> configuratiescherm --> software en verwijder daar de volgende programma's, [b:90137d4309]indien aanwezig[/b:90137d4309]: [b:90137d4309] DriveCleaner Free Hitman Pro inclusief al zijn componenten, nod32, spyware doctor etc. [/b:90137d4309] Herstart je computer. Download [url=http://download.bleepingcomputer.com/sUBs/Beta/ComboFix.exe]Combofix[/url] naar je Bureaublad. [list:90137d4309] Dubbelklik [b:90137d4309]Combofix.exe[/b:90137d4309] Volg de instructies, aanvaard de disclaimer door "[b:90137d4309]1[/b:90137d4309]" te typen en te bevestigen via "[b:90137d4309]Enter[/b:90137d4309]". Tijdens het runnen van de fix, [b:90137d4309]NIET[/b:90137d4309] in het venster klikken, want dit zal je pc doen vasthangen.[/list:u:90137d4309] Wanneer de fix voltooid is en na herstart, zal de log combofix.txt openen. [i:90137d4309]Plaats deze log in je volgende post samen met een nieuw HijackThis log.[/i:90137d4309] [b:90137d4309]Note:[/b:90137d4309] Indien je virusscanner reageert tijdens het downloaden of gebruik van Combofix, mag je dit negeren. succes![/quote:90137d4309] wat ik niet snap waarom hitmanpro verwijderen?? is toch een goeie programma met goeie scanners enzo. of is het wat anders tell me pleasss dan kan ik t ook verwjderen
  • Combofix logje: ComboFix 07-10-11.5 - Administrator 2007-10-12 18:52:10.3 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1043.18.626 [GMT 2:00] Gestart vanuit: C:\Documents and Settings\Administrator\Bureaublad\ComboFix.exe Command switches used :: C:\Documents and Settings\Administrator\Bureaublad\CFScript.txt * Nieuw herstelpunt werd aangemaakt FILE:: C:\Program Files\Uninstall Need2Find Bar.dll C:\WINDOWS\system32\SSTEM3~1\mmc.exe . (((((((((((((((((((( Bestanden Gemaakt van 2007-09-12 to 2007-10-12 )))))))))))))))))))))))))))))) . 2007-10-11 15:12 51,200 --a------ C:\WINDOWS\NirCmd.exe 2007-10-10 13:50 <DIR> d-------- C:\Program Files\Trend Micro 2007-10-08 09:17 <DIR> d-------- C:\WINDOWS\system32\acespy 2007-10-06 16:31 560 --a------ C:\Documents and Settings\Administrator\Application Data\ViewerApp.dat 2007-10-06 16:30 90,800 -ra------ C:\WINDOWS\system32\drivers\se2Bunic.sys 2007-10-06 16:30 4,128 -ra------ C:\WINDOWS\system32\drivers\se2Bcr.sys 2007-10-06 16:26 61,600 -ra------ C:\WINDOWS\system32\drivers\SE2Bbus.sys 2007-10-06 16:26 5,872 -ra------ C:\WINDOWS\system32\drivers\SE2Bwhnt.sys 2007-10-06 16:26 5,872 -ra------ C:\WINDOWS\system32\drivers\se2Bwh.sys 2007-09-23 13:09 <DIR> d-------- C:\WINDOWS\uninstall\CCRP5 Integrated Development Environment 2007-09-23 13:09 <DIR> d-------- C:\WINDOWS\uninstall 2007-09-23 13:09 <DIR> d-------- C:\Program Files\CCRP5 2007-09-23 13:07 <DIR> d-------- C:\Program Files\ROBOTER 2007-09-23 13:07 112,128 --a------ C:\WINDOWS\system32\CmCtlDE.dll 2007-09-23 13:07 33,792 --a------ C:\WINDOWS\system32\CmDlgDE.dll 2007-09-23 13:07 13,824 --a------ C:\WINDOWS\system32\MSComDE.dll 2007-09-23 13:07 10,752 --a------ C:\WINDOWS\system32\FlxGdDE.dll 2007-09-13 21:46 49,536 -ra------ C:\WINDOWS\system32\drivers\tiehdusb.sys . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2007-10-12 16:51 --------- d-----w C:\Program Files\Virtools Web Player 2.1 2007-10-11 13:00 --------- d-----w C:\Program Files\iFinger 2007-10-11 13:00 --------- d-----w C:\Program Files\Hitman Pro 2007-10-11 12:59 --------- d-----w C:\Program Files\Webroot 2007-10-11 12:59 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2007-10-11 12:57 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Lavasoft 2007-09-28 13:18 --------- d-----w C:\Program Files\EA SPORTS 2007-09-10 19:07 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Canon 2007-09-04 16:01 --------- d--h--w C:\Program Files\InstallShield Installation Information 2007-09-04 16:01 --------- d-----w C:\Program Files\Kazaa 2007-09-04 15:50 1,761 ----a-w C:\WINDOWS\Fonts\acrsecB.fon 2007-08-21 06:18 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll 2007-07-30 17:19 92,504 ----a-w C:\WINDOWS\system32\cdm.dll 2007-07-30 17:19 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll 2007-07-30 17:19 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe 2007-07-30 17:19 43,352 ----a-w C:\WINDOWS\system32\wups2.dll 2007-07-30 17:19 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll 2007-07-30 17:19 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll 2007-07-30 17:19 1,712,984 ----a-w C:\WINDOWS\system32\wuaueng.dll 2007-07-30 17:18 33,624 ----a-w C:\WINDOWS\system32\wups.dll 1999-04-06 16:19 99,840 ----a-w C:\Program Files\Common Files\IRAABOUT.DLL 1998-12-09 01:53 70,144 ----a-w C:\Program Files\Common Files\IRAMDMTR.DLL 1998-12-09 01:53 48,640 ----a-w C:\Program Files\Common Files\IRALPTTR.DLL 1998-12-09 01:53 31,744 ----a-w C:\Program Files\Common Files\IRAWEBTR.DLL 1998-12-09 01:53 186,368 ----a-w C:\Program Files\Common Files\IRAREG.DLL 1998-12-09 01:53 17,920 ----a-w C:\Program Files\Common Files\IRASRIAL.DLL . ((((((((((((((((((((((((((((( snapshot@2007-10-11_15.24.48.95 ))))))))))))))))))))))))))))))))))))))))) . + 2004-08-04 08:03:23 417,792 -c--a-w C:\WINDOWS\system32\dllcache\vbscript.dll + 2004-08-04 08:03:23 178,176 -c--a-w C:\WINDOWS\system32\dllcache\wbemdisp.dll . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-03-22 22:05] "Snelkoppeling naar eigenschappenvenster voor High Definition Audio"="HDAudPropShortcut.exe" [2004-03-17 15:10 C:\WINDOWS\system32\Hdaudpropshortcut.exe] "SoundMan"="SOUNDMAN.EXE" [2004-09-23 13:27 C:\WINDOWS\SOUNDMAN.EXE] "AlcWzrd"="ALCWZRD.EXE" [2004-09-24 12:06 C:\WINDOWS\ALCWZRD.EXE] "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50] "RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2003-10-31 19:42] "VSOCheckTask"="c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" [2005-09-22 12:19] "VirusScan Online"="c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe" [2005-03-18 20:28] "MCAgentExe"="c:\PROGRA~1\mcafee.com\agent\mcagent.exe" [2005-09-22 19:29] "MCUpdateExe"="C:\PROGRA~1\mcafee.com\agent\mcupdate.exe" [2006-01-11 13:05] "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2006-03-06 15:13] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe" [2006-12-15 04:23] "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-06-29 06:24] "SSBkgdUpdate"="C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-09-30 01:14] "OpwareSE4"="C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" [2006-03-21 14:19] "IJNetworkScanUtility"="C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE" [2006-06-13 07:39] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 10:03] "NBJ"="C:\Program Files\Ahead\Nero BackItUp\NBJ.exe" [2004-09-22 16:10] "updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 16:45] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-23 20:00] [HKEY_USERS\.default\software\microsoft\windows\currentversion\run] "Spyware Doctor"= C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\ Adobe Reader Snelle start.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-24 00:05:26] Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1999-02-17 21:05:56] Picture Package Menu.lnk - C:\Program Files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe [2006-02-18 12:45:24] Picture Package VCD Maker.lnk - C:\Program Files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe [2006-02-18 12:45:16] Poort voor Symantec Fax Starter Edition.lnk - C:\Program Files\Microsoft Office\Office\1043\OLFSNT40.EXE [1999-04-06 18:20:18] R1 cdrbsvsd;cdrbsvsd;C:\WINDOWS\system32\drivers\cdrbsvsd.sys R3 NaiFiltr;NaiFiltr;C:\WINDOWS\system32\DRIVERS\NaiFiltr.sys R3 SNCP106;PC Camera (6009 CIF);C:\WINDOWS\system32\DRIVERS\sncp106.sys S3 hwdatacard;HUAWEI Multimedia USB Driver Disk;C:\WINDOWS\system32\DRIVERS\hwusbmdm.sys S3 SE2Bbus;Sony Ericsson Device 043 Driver driver (WDM);C:\WINDOWS\system32\DRIVERS\SE2Bbus.sys S3 se2Bunic;Sony Ericsson Device 043 USB Ethernet Emulation SEMC43 (WDM);C:\WINDOWS\system32\DRIVERS\se2Bunic.sys S3 sonypvs1;Sony Digital Imaging Video2;C:\WINDOWS\system32\DRIVERS\sonypvs1.sys S3 TIEHDUSB;TIEHDUSB;C:\WINDOWS\system32\drivers\tiehdusb.sys . Inhoud van de 'Gedeelde Taken' map "2007-10-03 20:44:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job" . ************************************************************************** catchme 0.3.1169 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-10-12 18:54:01 Windows 5.1.2600 Service Pack 2 NTFS scannen van verborgen processen ... scannen van verborgen autostart items ... scannen van verborgen bestanden ... Scan succesvol afgerond verborgen bestanden: 0 ************************************************************************** . Voltooingstijd: 2007-10-12 18:54:33 C:\ComboFix2.txt ... 2007-10-12 15:52 C:\ComboFix3.txt ... 2007-10-11 15:25 . --- E O F --- [b:a39e2f8962]Hijackthis logje[/b:a39e2f8962] Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 18:55:50, on 12-10-2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\Ati2evxx.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\WINDOWS\SOUNDMAN.EXE C:\WINDOWS\ALCWZRD.EXE C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe C:\PROGRA~1\mcafee.com\agent\mcagent.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe c:\progra~1\mcafee.com\vso\mcvsescn.exe C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe C:\Program Files\QuickTime\QTTask.exe C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe c:\program files\mcafee.com\agent\mcdetect.exe c:\PROGRA~1\mcafee.com\agent\mctskshd.exe c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe C:\Program Files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe C:\Program Files\Microsoft Office\Office\1043\OLFSNT40.EXE c:\PROGRA~1\mcafee.com\vso\mcshield.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\MSN Messenger\msnmsgr.exe c:\progra~1\mcafee.com\vso\mcvsftsn.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\MSN Messenger\usnsvc.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\explorer.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [Snelkoppeling naar eigenschappenvenster voor High Definition Audio] HDAudPropShortcut.exe O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe" O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" O4 - HKLM\..\Run: [IJNetworkScanUtility] C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe" O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1 O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Adobe Reader Snelle start.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O4 - Global Startup: Picture Package Menu.lnk = ? O4 - Global Startup: Picture Package VCD Maker.lnk = ? O4 - Global Startup: Poort voor Symantec Fax Starter Edition.lnk = C:\Program Files\Microsoft Office\Office\1043\OLFSNT40.EXE O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - https://download.macromedia.com/pub/shockwave/cabs/director/sw.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by121fd.bay121.hotmail.msn.com/resources/MsnPUpld.cab O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.5 Control) - http://cache.hyves.nl/statics/Aurigma/ImageUploader.cab O16 - DPF: {A1F2F2CE-06AF-483C-9F12-D3BAA72477D6} (BatchDownloader Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/PhotoSwap/DigWXMSN.cab O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - McAfee, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe O24 - Desktop Component 0: (no name) - http://jufroos.waarbenjij.nu/files/waarbenjij.nu/j/jufroos/457b19b67ed34306398488/file95584694.jpg -- End of file - 7561 bytes
  • Hitman Pro heeft een aantal trail versies erin zitten van 30 dagen, deze werken in het begin leuk maar daarna vertragen ze het systeem alleen maar: http://www.vragenforum.nl/bv2.php?article=30 Download [url=http://www.atribune.org/ccount/click.php?id=1]ATF Cleaner[/url] (by Atribune) Dubbelklik op ATF cleaner om het programma te starten. Op het tabblad "Main", plaats je een vinkje bij [b:21e7a4685c]Select All[/b:21e7a4685c]. Klik op de knop [b:21e7a4685c]Empty Selected[/b:21e7a4685c]. Het volgende doen als je ook [u:21e7a4685c]FireFox[/u:21e7a4685c] als browser hebt: Klik op tabblad "Firefox", plaats een vinkje bij [b:21e7a4685c]Select All[/b:21e7a4685c]. Wil je de door Firefox opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op "No". (dit haalt het vinkje weer weg bij "Firefox saved passwords") Klik op de knop [b:21e7a4685c]Empty Selected.[/b:21e7a4685c] Het volgende doen als je ook [u:21e7a4685c]Opera[/u:21e7a4685c] als browser hebt: Klik op tabblad "Opera", plaats een vinkje bij [b:21e7a4685c]Select All[/b:21e7a4685c]. Wil je de door Opera opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op "No". Klik op de knop [b:21e7a4685c]Empty Selected[/b:21e7a4685c]. Ga naar het tabblad "Main" en klik op de knop [b:21e7a4685c]Exit[/b:21e7a4685c] om het programma af te sluiten. Download [url=ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe]Dr.Web Cureit[/url] naar je bureaublad. [list:21e7a4685c] * Dubbelklik [b:21e7a4685c]drweb-cureit.exe[/b:21e7a4685c] en sta het toe om de express scan te starten. * Indien een popup verschijnt met het voorstel tot kopen/50% korting, mag je deze sluiten met het kruisje. * Dit zal de bestanden scannen die momenteel in het geheugen geladen zijn en wanneer er iets gevonden wordt, klik de [b:21e7a4685c]Yes to all[/b:21e7a4685c] knop bij de vraag 'cure it?'. Dit is enkel een korte scan. * Kies bovenaan in het menu voor [b:21e7a4685c]Language/Taal[/b:21e7a4685c] en wijzig deze naar [b:21e7a4685c]Dutch (Nederlands)[/b:21e7a4685c] indien deze bij jou anders staat ingesteld. * Druk op [b:21e7a4685c]F9[/b:21e7a4685c] en kies daarna voor [b:21e7a4685c]Acties[/b:21e7a4685c] en stel daar het volgende in onder [b:21e7a4685c]Malware[/b:21e7a4685c] : o Adware: [b:21e7a4685c]Verplaats[/b:21e7a4685c] Dialers: [b:21e7a4685c]Verplaats[/b:21e7a4685c] Jokes: [b:21e7a4685c]Rapportage[/b:21e7a4685c] Riskware: [b:21e7a4685c]Rapportage[/b:21e7a4685c] Hacktools: [b:21e7a4685c]Verplaats[/b:21e7a4685c] Haal dan het [b:21e7a4685c]vinkje weg bij "Prompt bij actie"[/b:21e7a4685c]. Druk dan op [b:21e7a4685c]OK[/b:21e7a4685c]. * Druk op [b:21e7a4685c]F9[/b:21e7a4685c] en kies daarna voor [b:21e7a4685c]Scan[/b:21e7a4685c] en verwijder het vinkje bij [b:21e7a4685c]Heuristische analyse[/b:21e7a4685c] en klik op [b:21e7a4685c]OK[/b:21e7a4685c]. * Eenmaal de korte scan is beeïndigd, kan je de drives selecteren die je wilt laten scannen (Selecteer stations). * Selecteer hier [b:21e7a4685c]alle stations[/b:21e7a4685c]. Een rood bolletje zal dan tevoorschijn komen op de drives die je laat scannen. * Klik daarna de [color=green:21e7a4685c]groene pijl[/color:21e7a4685c] rechts om de scan te starten. * Gevonden bestanden worden naar de "%userprofile%\DoctorWeb\quarantaine-map" verplaatst, indien herstel niet mogelijk is. * Nadat de scan gedaan is, in het menu bovenaan, klik [b:21e7a4685c]Bestand[/b:21e7a4685c] en kies [b:21e7a4685c]Rapportage lijst opslaan[/b:21e7a4685c]. Bewaar het op je Bureaublad. * Sluit daarna Dr.Web Cureit. * [b:21e7a4685c]Herstart[/b:21e7a4685c] je computer!! [i:21e7a4685c]Belangrijke stap, want het kan zijn dat Dr.Web Cureit bestanden zal verplaatsen/verwijderen tijdens herstart.[/i:21e7a4685c] * Na het herstarten, [b:21e7a4685c]kopieer en plak de inhoud van die log die je eerder hebt bewaard in je volgende post.[/b:21e7a4685c] [/list:u:21e7a4685c] Succes! Pim
  • Alle spyware is er al vanaf :D En de pc doet gewoon weer normaal thx!! Is het dan nog persé nodig dat ik hetgene nog doe wat je in je laatste post hebt staan?
  • Graag gedaan alvast :wink: Die Drweb scan wou ik voor de zekerheid even laten uitvoeren, omdat er toch aardig wat spyware opzat. Opzich hoef je deze niet te doen, maar ter controle is het opzich wel handig! Het is je eigen keus natuurlijk :wink: Wel moet je dringend je Java even updaten: De Java software op je computer is verouderd. Oudere versies hebben lekken die malware de kans geeft om zich te installeren. Voer eerst onderstaane stappen uit om Java te deïnstalleren en de nieuwste versie te installeren: * Download [url=http://javadl.sun.com/webapps/download/AutoDL?BundleId=127981]Java Runtime Environment (JRE) 6u3 [/url] * Scroll omlaag naar : "Java Runtime Environment (JRE) 6u3". * Klik op de "[b:39e5f2f1d2]Download[/b:39e5f2f1d2]" knop aan de rechterkant. * Vink aan: "[b:39e5f2f1d2]Accept[/b:39e5f2f1d2] License Agreement". * De pagina zal herladen. * Klik op de link om Windows [b:39e5f2f1d2]Offline[/b:39e5f2f1d2] Installation te downloaden met Meerdere-talen, en bewaar het naar je Bureaublad. * Sluit alle programma's die eventueel open zijn - Zeker je web browser! * Ga dan naar [b:39e5f2f1d2]Start > Configuratiescherm > Software[/b:39e5f2f1d2] en verwijder alle oudere versies van Java uit de Softwarelijst. * Vink alles aan met Java Runtime Environment (JRE of J2SE) in de naam. * Klik dan op [b:39e5f2f1d2]Verwijderen[/b:39e5f2f1d2] of op de [b:39e5f2f1d2]Wijzig/Verwijder[/b:39e5f2f1d2] knop. * Herhaal dit tot alle oudere versies verdwenen zijn. * Na het verwijderen van alle oudere versies, [b:39e5f2f1d2]herstart[/b:39e5f2f1d2] je pc. * Dubbelklik vervolgens op [b:39e5f2f1d2]jre-6u3-windows-i586-p.exe[/b:39e5f2f1d2] op je Bureaublad om de nieuwste versie van Java te installeren.

Beantwoord deze vraag

Weet jij het antwoord op deze vraag? Registreer of meld je aan met je account

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.