Op deze website gebruiken we cookies om content en advertenties te personaliseren, om functies voor social media te bieden en om ons websiteverkeer te analyseren. Ook delen we informatie over uw gebruik van onze site met onze partners voor social media, adverteren en analyse. Deze partners kunnen deze gegevens combineren met andere informatie die u aan ze heeft verstrekt of die ze hebben verzameld op basis van uw gebruik van hun services. Meer informatie.

Akkoord

Vraag & Antwoord

Beveiliging & privacy

hijack this please

None
32 antwoorden
  • Teveel actie op mijn pc terwijl ik niks doe :(
    —————————————————-
    C:\Documents and Settings\kalium\Bureaublad\HiJackThis_v2.exe
    C:\WINDOWS\system32\taskmgr.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Internet Explorer\iexplore.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi
    edir.dll?prd=ie&ar=iesearch
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi
    edir.dll?prd=ie&pver=6&ar=msnhome
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O2 - BHO: IGMONObj Class - {02464DDC-3187-11D8-8004-0020ED227566} - C:\Program Files\iGetter\Integration\IGMON.dll (file missing)
    O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [WSockDrv32] C:\WINDOWS\WSockDrv32.exe
    O4 - HKLM\..\Run: [cmdbcs] C:\WINDOWS\cmdbcs.exe
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
    O4 - HKCU\..\Run: [CTSyncU.exe] "C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe"
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service')
    O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Lokale service')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice')
    O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'Default user')
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2
    esources/MSNPUpld.cab
    O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab
    O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
    O16 - DPF: {E56347B0-6C2B-4C2E-939F-EE513EAC80BC} (Creative Product Registration ActiveX Control Module) - https:/
    egister.creative.com
    egister/OCXs/CtORWebClientNoMFC.cab
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\Skype4COM.dll
    O20 - AppInit_DLLs: C:\WINDOWS\System32\skuns.dat
    O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
    O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
    O23 - Service: B0619999 - Unknown owner - C:\WINDOWS\system32\F0578551.EXE (file missing)
    O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32
    vsvc32.exe
    O23 - Service: perfmons Service (perfmons) - Unknown owner - C:\WINDOWS\system32\perfmonss.exe
    O23 - Service: Routing Service (Routing) - Unknown owner - C:\WINDOWS\system32\routing.exe


    End of file - 6420 bytes
  • Mag ik een volledig Hijackthis logje?
  • Hallo ,Ik had hier een probleem omschreven maar heb dit probleem reeds zelf kunnen oplossen.

    Mvgr,

    PJC de Boer
  • meer dan dit krijg ik niet heur:

    Logfile of Trend Micro HijackThis v2.0.0 (BETA)
    Scan saved at 19:48:31, on 1-4-2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
    C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\WINDOWS\system32\CTsvcCDA.exe
    C:\Program Files\PrevxCSI\PrevxCSI.exe
    C:\WINDOWS\System32
    vsvc32.exe
    C:\WINDOWS\system32\perfmonss.exe
    C:\WINDOWS\system32\routing.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Documents and Settings\kalium\Bureaublad\HiJackThis_v2.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi
    edir.dll?prd=ie&ar=iesearch
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi
    edir.dll?prd=ie&pver=6&ar=msnhome
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O2 - BHO: IGMONObj Class - {02464DDC-3187-11D8-8004-0020ED227566} - C:\Program Files\iGetter\Integration\IGMON.dll (file missing)
    O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [cmdbcs] C:\WINDOWS\cmdbcs.exe
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service')
    O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Lokale service')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice')
    O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'Default user')
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2
    esources/MSNPUpld.cab
    O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab
    O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
    O16 - DPF: {E56347B0-6C2B-4C2E-939F-EE513EAC80BC} (Creative Product Registration ActiveX Control Module) - https:/
    egister.creative.com
    egister/OCXs/CtORWebClientNoMFC.cab
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\Skype4COM.dll
    O20 - AppInit_DLLs: C:\WINDOWS\System32\skuns.dat
    O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
    O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
    O23 - Service: B0619999 - Unknown owner - C:\WINDOWS\system32\F0578551.EXE (file missing)
    O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
    O23 - Service: CSIScanner - Prevx - C:\Program Files\PrevxCSI\\PrevxCSI.exe
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32
    vsvc32.exe
    O23 - Service: perfmons Service (perfmons) - Unknown owner - C:\WINDOWS\system32\perfmonss.exe
    O23 - Service: Routing Service (Routing) - Unknown owner - C:\WINDOWS\system32\routing.exe


    End of file - 5920 bytes
  • Is toch al een stuk meer dan net hoor

    Volg deze[/color:30bbe51e3f] instructies om [b:30bbe51e3f]ComboFix[/b:30bbe51e3f] te downloaden:
    [list:30bbe51e3f]
    Voer de instructies op de BleepingComputer pagina uit, [i:30bbe51e3f]inclusief het installeren van de XP Recovery Console[/i:30bbe51e3f]
    Indien je Combofix al eerder hebt gebruikt, gelieve die versie te verwijderen en Combofix opnieuw te downloaden via bovenstaande link, want Combofix wordt dagelijks geupdate.

    OPMERKING: indien je, tijdens of na het downloaden van Combofix of tijdens het gebruik van Combofix een melding krijgt van je Antivirus- of een andere realtime scanner,
    schakel dan deze scanner uit en [b:30bbe51e3f]download Combofix opnieuw.[/b:30bbe51e3f]
    Sommige scanners zien bepaalde componenten die Combofix gebruikt als verdacht en gaan deze blokkeren of verwijderen!

    [list:30bbe51e3f]
    Dubbelklik op [b:30bbe51e3f]Combofix.exe[/b:30bbe51e3f]
    Tijdens het runnen van de fix, [b:30bbe51e3f]NIET[/b:30bbe51e3f] in het venster klikken, want dit zal je pc doen vasthangen.
    Wanneer de fix voltooid is en na herstart, zal de log [b:30bbe51e3f]Combofix.txt[/b:30bbe51e3f] openen.
    [/list:u:30bbe51e3f]

    [i:30bbe51e3f]Plaats deze log in je volgende post, samen met een vers HijackThis logje.[/i:30bbe51e3f][/list:u:30bbe51e3f]
  • [quote:ad0ba63cec]

    (((((((((((((((((((( Bestanden Gemaakt van 2008-03-02 to 2008-04-02 ))))))))))))))))))))))))))))))
    .

    2008-04-01 23:04 . 2008-04-01 23:04 <DIR> d——– C:\Program Files\Spybot - Search & Destroy
    2008-04-01 18:59 . 2008-04-01 19:00 195 –a—— C:\WINDOWS\system32\adcklog.dat
    2008-04-01 18:52 . 2008-04-01 18:52 68 –a—— C:\WINDOWS\system32\tmp4_39857489184.bk
    2008-04-01 18:52 . 2008-04-01 18:52 68 –a—— C:\WINDOWS\system32\tmp3_162956195804.bk
    2008-04-01 18:52 . 2008-04-01 18:52 68 –a—— C:\WINDOWS\system32\tmp1_385418746755.bk
    2008-03-31 22:52 . 2008-03-31 22:52 <DIR> d——– C:\Program Files\PrevxCSI
    2008-03-31 22:52 . 2008-03-31 22:53 <DIR> d——– C:\Documents and Settings\All Users\Application Data\PrevxCSI
    2008-03-31 22:52 . 2008-03-31 22:52 10,880 –a—— C:\WINDOWS\system32\drivers\pxark.sys
    2008-03-31 22:30 . 2008-03-30 17:08 21,080 –a—— C:\WINDOWS\hhvola.exe
    2008-03-31 21:52 . 2008-03-30 17:08 21,080 –a—— C:\WINDOWS\xoyvbg.exe
    2008-03-31 18:14 . 2008-03-31 18:14 68 –a—— C:\WINDOWS\system32\tmp4_89422632103.bk
    2008-03-31 18:14 . 2008-03-31 18:14 68 –a—— C:\WINDOWS\system32\tmp3_74332588027.bk
    2008-03-31 18:14 . 2008-03-31 18:14 68 –a—— C:\WINDOWS\system32\tmp1_824176330346.bk
    2008-03-30 18:30 . 2008-03-30 17:08 21,080 –a—— C:\WINDOWS
    dqybf.exe
    2008-03-30 17:14 . 2008-04-02 17:11 <DIR> d——– C:\Documents and Settings\kalium\Application Data\AVG7
    2008-03-30 17:13 . 2008-03-30 17:13 <DIR> d——– C:\Documents and Settings\LocalService\Application Data\AVG7
    2008-03-30 17:13 . 2008-03-30 17:13 <DIR> d——– C:\Documents and Settings\All Users\Application Data\Grisoft
    2008-03-30 17:03 . 2008-03-31 19:54 <DIR> d——– C:\Documents and Settings\All Users\Application Data\Avg7
    2008-03-30 11:31 . 2008-03-30 11:31 68 –a—— C:\WINDOWS\system32\tmp4_151892295033.bk
    2008-03-30 11:31 . 2008-03-30 11:31 68 –a—— C:\WINDOWS\system32\tmp3_785113772651.bk
    2008-03-30 11:31 . 2008-03-30 11:31 68 –a—— C:\WINDOWS\system32\tmp1_263857531073.bk
    2008-03-30 01:01 . 2008-03-30 01:01 68 –a—— C:\WINDOWS\system32\tmp4_278780260546.bk
    2008-03-30 01:01 . 2008-03-30 01:01 68 –a—— C:\WINDOWS\system32\tmp3_335064324407.bk
    2008-03-30 01:01 . 2008-03-30 01:01 68 –a—— C:\WINDOWS\system32\tmp1_133604470935.bk
    2008-03-29 16:50 . 2008-03-29 16:50 68 –a—— C:\WINDOWS\system32\tmp4_38710138090.bk
    2008-03-29 16:50 . 2008-03-29 16:50 68 –a—— C:\WINDOWS\system32\tmp3_231713881785.bk
    2008-03-29 16:50 . 2008-03-29 16:50 68 –a—— C:\WINDOWS\system32\tmp1_516288546122.bk
    2008-03-28 16:47 . 2008-03-28 16:47 68 –a—— C:\WINDOWS\system32\tmp4_210009163275.bk
    2008-03-28 16:47 . 2008-03-28 16:47 68 –a—— C:\WINDOWS\system32\tmp3_330247372921.bk
    2008-03-28 16:46 . 2008-03-28 16:46 68 –a—— C:\WINDOWS\system32\tmp1_771568825365.bk
    2008-03-27 20:55 . 2008-03-27 20:55 68 –a—— C:\WINDOWS\system32\tmp4_413349684564.bk
    2008-03-27 20:55 . 2008-03-27 20:55 68 –a—— C:\WINDOWS\system32\tmp3_460741444128.bk
    2008-03-27 20:55 . 2008-03-27 20:55 68 –a—— C:\WINDOWS\system32\tmp1_39883730230.bk
    2008-03-27 01:01 . 2008-03-27 01:01 68 –a—— C:\WINDOWS\system32\tmp4_317452857477.bk
    2008-03-27 01:01 . 2008-03-27 01:01 68 –a—— C:\WINDOWS\system32\tmp3_485963773680.bk
    2008-03-27 01:00 . 2008-03-27 01:00 68 –a—— C:\WINDOWS\system32\tmp1_34152802634.bk
    2008-03-26 18:18 . 2008-03-26 18:18 68 –a—— C:\WINDOWS\system32\tmp4_479110205129.bk
    2008-03-26 18:18 . 2008-03-26 18:18 68 –a—— C:\WINDOWS\system32\tmp3_62985740533.bk
    2008-03-26 18:18 . 2008-03-26 18:18 68 –a—— C:\WINDOWS\system32\tmp1_593707407540.bk
    2008-03-25 19:43 . 2008-03-25 19:43 68 –a—— C:\WINDOWS\system32\tmp4_868992413079.bk
    2008-03-25 19:43 . 2008-03-25 19:43 68 –a—— C:\WINDOWS\system32\tmp3_775181567943.bk
    2008-03-25 19:42 . 2008-03-25 19:42 68 –a—— C:\WINDOWS\system32\tmp1_795282828888.bk
    2008-03-25 00:02 . 2008-03-25 00:02 68 –a—— C:\WINDOWS\system32\tmp4_82590653915.bk
    2008-03-25 00:01 . 2008-03-25 00:01 68 –a—— C:\WINDOWS\system32\tmp3_142966190760.bk
    2008-03-25 00:01 . 2008-03-25 00:01 68 –a—— C:\WINDOWS\system32\tmp1_678534489934.bk
    2008-03-24 23:29 . 2008-03-31 18:28 54,156 –ah—– C:\WINDOWS\QTFont.qfn
    2008-03-24 23:29 . 2008-03-31 18:28 1,409 –a—— C:\WINDOWS\QTFont.for
    2008-03-24 12:30 . 2008-03-24 12:30 68 –a—— C:\WINDOWS\system32\tmp4_339105159966.bk
    2008-03-24 12:30 . 2008-03-24 12:30 68 –a—— C:\WINDOWS\system32\tmp3_889835551430.bk
    2008-03-24 12:30 . 2008-03-24 12:30 68 –a—— C:\WINDOWS\system32\tmp1_603997606320.bk
    2008-03-24 01:01 . 2008-03-24 01:01 68 –a—— C:\WINDOWS\system32\tmp4_756823886782.bk
    2008-03-24 01:01 . 2008-03-24 01:01 68 –a—— C:\WINDOWS\system32\tmp3_3198269556.bk
    2008-03-24 01:00 . 2008-03-24 01:00 68 –a—— C:\WINDOWS\system32\tmp1_605310528556.bk
    2008-03-23 22:18 . 2008-03-23 22:18 68 –a—— C:\WINDOWS\system32\tmp4_720027393560.bk
    2008-03-23 22:18 . 2008-03-23 22:18 68 –a—— C:\WINDOWS\system32\tmp3_538727540322.bk
    2008-03-23 22:18 . 2008-03-23 22:18 68 –a—— C:\WINDOWS\system32\tmp1_783676385261.bk
    2008-03-22 12:31 . 2008-03-22 12:31 68 –a—— C:\WINDOWS\system32\tmp4_157789393790.bk
    2008-03-22 12:31 . 2008-03-22 12:31 68 –a—— C:\WINDOWS\system32\tmp3_84438894722.bk
    2008-03-22 12:31 . 2008-03-22 12:31 68 –a—— C:\WINDOWS\system32\tmp1_574715798981.bk
    2008-03-22 01:00 . 2008-03-22 01:00 68 –a—— C:\WINDOWS\system32\tmp3_361432166985.bk
    2008-03-22 01:00 . 2008-03-22 01:00 68 –a—— C:\WINDOWS\system32\tmp1_257066840101.bk
    2008-03-22 00:02 . 2008-03-22 00:02 68 –a—— C:\WINDOWS\system32\tmp3_75966939933.bk
    2008-03-22 00:01 . 2008-03-22 00:01 68 –a—— C:\WINDOWS\system32\tmp1_37181263582.bk
    2008-03-21 12:31 . 2008-03-21 12:31 68 –a—— C:\WINDOWS\system32\tmp4_97192760643.bk
    2008-03-21 12:31 . 2008-03-21 12:31 68 –a—— C:\WINDOWS\system32\tmp3_716945653889.bk
    2008-03-21 12:31 . 2008-03-21 12:31 68 –a—— C:\WINDOWS\system32\tmp1_443962429005.bk
    2008-03-21 01:01 . 2008-03-21 01:01 68 –a—— C:\WINDOWS\system32\tmp4_721844766353.bk
    2008-03-21 01:01 . 2008-03-21 01:01 68 –a—— C:\WINDOWS\system32\tmp3_517178829799.bk
    2008-03-21 01:01 . 2008-03-21 01:01 68 –a—— C:\WINDOWS\system32\tmp1_35728924657.bk
    2008-03-20 12:31 . 2008-03-20 12:31 68 –a—— C:\WINDOWS\system32\tmp4_3936159450.bk
    2008-03-20 12:31 . 2008-03-20 12:31 68 –a—— C:\WINDOWS\system32\tmp3_784168664228.bk
    2008-03-20 12:31 . 2008-03-20 12:31 68 –a—— C:\WINDOWS\system32\tmp1_2454518368.bk
    2008-03-20 01:01 . 2008-03-20 01:01 68 –a—— C:\WINDOWS\system32\tmp4_394661788504.bk
    2008-03-20 01:00 . 2008-03-20 01:00 68 –a—— C:\WINDOWS\system32\tmp3_839378194066.bk
    2008-03-20 01:00 . 2008-03-20 01:00 68 –a—— C:\WINDOWS\system32\tmp1_189119315479.bk
    2008-03-19 18:48 . 2008-03-19 18:48 68 –a—— C:\WINDOWS\system32\tmp4_795066188014.bk
    2008-03-19 18:48 . 2008-03-19 18:48 68 –a—— C:\WINDOWS\system32\tmp3_220622147895.bk
    2008-03-19 18:48 . 2008-03-19 18:48 68 –a—— C:\WINDOWS\system32\tmp1_800127506751.bk
    2008-03-18 20:01 . 2008-03-18 20:01 68 –a—— C:\WINDOWS\system32\tmp4_99832588433.bk
    2008-03-18 20:01 . 2008-03-18 20:01 68 –a—— C:\WINDOWS\system32\tmp3_239405385813.bk
    2008-03-18 20:01 . 2008-03-18 20:01 68 –a—— C:\WINDOWS\system32\tmp1_306114573929.bk
    2008-03-17 19:29 . 2008-04-01 19:40 0 –a—— C:\WINDOWS\system32\1.tsk
    2008-03-17 19:12 . 2008-03-17 19:12 68 –a—— C:\WINDOWS\system32\tmp4_145872629963.bk
    2008-03-17 19:12 . 2008-03-17 19:12 68 –a—— C:\WINDOWS\system32\tmp3_113324673332.bk
    2008-03-17 19:12 . 2008-03-17 19:12 68 –a—— C:\WINDOWS\system32\tmp1_488685879158.bk
    2008-03-16 12:31 . 2008-03-16 12:31 68 –a—— C:\WINDOWS\system32\tmp4_407960214624.bk
    2008-03-16 12:31 . 2008-03-16 12:31 68 –a—— C:\WINDOWS\system32\tmp3_389137665977.bk
    2008-03-16 12:31 . 2008-03-16 12:31 68 –a—— C:\WINDOWS\system32\tmp1_322441673951.bk
    2008-03-16 01:00 . 2008-03-16 01:00 68 –a—— C:\WINDOWS\system32\tmp4_858150309471.bk
    2008-03-16 01:00 . 2008-03-16 01:00 68 –a—— C:\WINDOWS\system32\tmp3_699048806268.bk
    2008-03-16 01:00 . 2008-03-16 01:00 68 –a—— C:\WINDOWS\system32\tmp1_42701023041.bk
    2008-03-16 00:01 . 2008-03-16 00:01 68 –a—— C:\WINDOWS\system32\tmp4_280170323198.bk
    2008-03-16 00:01 . 2008-03-16 00:01 68 –a—— C:\WINDOWS\system32\tmp3_692678337873.bk
    2008-03-16 00:00 . 2008-03-16 00:00 68 –a—— C:\WINDOWS\system32\tmp1_72100832727.bk
    2008-03-15 12:31 . 2008-03-15 12:31 68 –a—— C:\WINDOWS\system32\tmp4_329241509353.bk
    2008-03-15 12:30 . 2008-03-15 12:30 68 –a—— C:\WINDOWS\system32\tmp3_289795522734.bk
    2008-03-15 12:30 . 2008-03-15 12:30 68 –a—— C:\WINDOWS\system32\tmp1_602771756266.bk
    2008-03-15 01:01 . 2008-03-15 01:01 68 –a—— C:\WINDOWS\system32\tmp4_532553432158.bk
    2008-03-15 01:01 . 2008-03-15 01:01 68 –a—— C:\WINDOWS\system32\tmp3_724288424580.bk
    2008-03-15 01:01 . 2008-03-15 01:01 68 –a—— C:\WINDOWS\system32\tmp1_166242434348.bk

    .
    ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-04-01 21:17 ——— d—–w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    2008-04-01 18:13 ——— d—–w C:\Documents and Settings\kalium\Application Data\LimeWire
    2008-03-31 20:53 ——— d—–w C:\Program Files\Common Files\Symantec Shared
    2008-03-31 17:59 ——— d—–w C:\Documents and Settings\kalium\Application Data\Azureus
    2008-03-28 21:41 ——— d—–w C:\Program Files\Soulseek
    2008-03-25 20:36 ——— d—–w C:\Program Files\Common Files\Adobe
    2008-03-16 14:55 ——— d—–w C:\Program Files\Azureus
    2008-02-18 21:00 ——— d—–w C:\Program Files\Ableton
    2008-02-18 21:00 ——— d—–w C:\Documents and Settings\kalium\Application Data\Ableton
    2008-02-18 19:34 ——— d—–w C:\Program Files\TGTSoft
    2008-02-14 06:09 ——— d—–w C:\Documents and Settings\kalium\Application Data\Creative
    2008-02-12 16:40 ——— d–h–w C:\Program Files\InstallShield Installation Information
    2008-02-11 15:38 ——— d—–w C:\Program Files\Free Audio Pack
    2008-02-10 16:28 ——— d—–w C:\Program Files\Creative
    2008-02-10 16:26 ——— d–h–w C:\Program Files\Creative Installation Information
    2008-02-10 16:26 ——— d—–w C:\Program Files\Common Files\Creative
    2008-02-10 16:24 ——— d—–w C:\Documents and Settings\All Users\Application Data\Creative
    2008-02-10 16:19 ——— d—–w C:\Program Files\MSN Messenger
    2008-02-08 18:25 ——— d—–w C:\Documents and Settings\kalium\Application Data\Media Player Classic
    2008-02-08 18:24 ——— d—–w C:\Program Files\K-Lite Codec Pack
    .

    ((((((((((((((((((((((((((((( snapshot@2008-04-01_22.49.10.75 )))))))))))))))))))))))))))))))))))))))))
    .
    - 2007-04-03 11:48:54 13,511,640 —-a-w C:\WINDOWS\system32\MRT.exe
    + 2008-03-05 06:30:56 19,148,408 —-a-w C:\WINDOWS\system32\MRT.exe
    .
    ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "NvMediaCenter"="NvMCTray.dll" [2006-08-11 21:43 86016 C:\WINDOWS\system32
    vmctray.dll]
    "NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2006-08-11 21:43 7630848]
    "AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-03-30 17:20 579072]
    "MSConfig"="C:\WINDOWS\pchealth\helpctr\Binaries\MSCONFIG.exe" [2004-08-04 02:03 160256]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2007-08-17 22:48 439872]
    "msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 12:54 5674352]
    "AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2008-03-30 17:21 219136]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "SynchronousMachineGroupPolicy"= 0 (0x0)
    "SynchronousUserGroupPolicy"= 0 (0x0)

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
    "NoStrCmpLogical"= 1 (0x1)

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
    "NoSMBalloonTip"= 1 (0x1)
    "MemCheckBoxInRunDlg"= 0 (0x0)
    "NoAutoTrayNotify"= 0 (0x0)
    "NoResolveTrack"= 0 (0x0)
    "NoResolveSearch"= 1 (0x1)
    "NoWelcomeScreen"= 1 (0x1)
    "NoRecentDocsNetHood"= 1 (0x1)
    "NoDesktopCleanupWizard"= 1 (0x1)

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Adobe Reader Snelle start.lnk]
    path=C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\Adobe Reader Snelle start.lnk
    backup=C:\WINDOWS\pss\Adobe Reader Snelle start.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Microsoft Office.lnk]
    path=C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\Microsoft Office.lnk
    backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^PCzapper Media Manager.lnk]
    path=C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\PCzapper Media Manager.lnk
    backup=C:\WINDOWS\pss\PCzapper Media Manager.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
    –a—— 2005-07-14 15:09 57344 C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
    –a—— 2008-01-11 23:16 39792 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTSyncU.exe]
    ——— 2006-09-28 21:09 700416 C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HyvesKwekker]
    C:\Program Files\Hyves Kwekker\HyvesDesktop_2.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
    –a—— 2007-01-19 12:54 5674352 C:\Program Files\MSN Messenger\MsnMsgr.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
    –a—— 2001-07-09 10:50 155648 C:\WINDOWS\system32\NeroCheck.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
    –a—— 2006-11-06 10:27 200704 C:\Program Files\PowerISO\PWRISOVM.EXE

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    –a—— 2007-10-19 21:16 286720 C:\Program Files\QuickTime\qttask.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
    -rahs—- 2008-01-28 11:43 2097488 C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
    C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
    –a—— 2006-11-02 00:41 185896 C:\Program Files\Common Files\Real\Update_OB\realsched.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
    –a—— 2006-11-21 19:38 35328 C:\Program Files\Winamp\winampa.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WSockDrv32]
    –a—— 2008-03-30 17:08 21080 C:\WINDOWS\hhvola.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
    C:\PROGRA~1\Yahoo!\Messenger\YahooMessenger.exe

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
    "C:\\Program Files\\MSN Messenger\\livecall.exe"=
    "C:\\Westwood\\SUN\\Game.exe"=
    "C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "C:\\Program Files\\LimeWire\\LimeWire.exe"=
    "C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"=
    "C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"=
    "C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"=
    "C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe"=

    R0 pxark;pxark;C:\WINDOWS\system32\drivers\pxark.sys [2008-03-31 22:52]
    R2 CSIScanner;CSIScanner;"C:\Program Files\PrevxCSI\\PrevxCSI.exe" /service []
    S2 B0619999;B0619999;C:\WINDOWS\system32\F0578551.EXE []

    .
    Inhoud van de 'Gedeelde Taken' map
    "2008-03-11 10:43:05 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
    - C:\Program Files\Apple Software Update\SoftwareUpdate.exe
    .
    **************************************************************************

    catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-04-02 19:56:27
    Windows 5.1.2600 Service Pack 2 NTFS

    scannen van verborgen processen …

    scannen van verborgen autostart items …

    scannen van verborgen bestanden …

    Scan succesvol afgerond
    verborgen bestanden: 0

    **************************************************************************
    .
    Voltooingstijd: 2008-04-02 20:00:34
    ComboFix-quarantined-files.txt 2008-04-02 18:00:30
    ComboFix2.txt 2008-04-01 20:49:29
    ComboFix3.txt 2007-10-21 02:09:14
    Pre-Run: 5,149,470,720 bytes beschikbaar
    Post-Run: 5,138,923,520 bytes beschikbaar
    [/quote:ad0ba63cec]
  • volgende = van hijack


    [quote:5ada2f323c]Logfile of Trend Micro HijackThis v2.0.0 (BETA)
    Scan saved at 20:37:54, on 2-4-2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
    C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
    C:\Program Files\PrevxCSI\PrevxCSI.exe
    C:\WINDOWS\System32
    vsvc32.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\explorer.exe
    C:\WINDOWS\system32
    otepad.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Documents and Settings\kalium\Bureaublad\HiJackThis_v2.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi
    edir.dll?prd=ie&ar=iesearch
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O2 - BHO: IGMONObj Class - {02464DDC-3187-11D8-8004-0020ED227566} - C:\Program Files\iGetter\Integration\IGMON.dll (file missing)
    O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\pchealth\helpctr\Binaries\MSCONFIG.EXE /auto
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service')
    O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Lokale service')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice')
    O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'Default user')
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2
    esources/MSNPUpld.cab
    O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab
    O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
    O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
    O16 - DPF: {E56347B0-6C2B-4C2E-939F-EE513EAC80BC} (Creative Product Registration ActiveX Control Module) - https:/
    egister.creative.com
    egister/OCXs/CtORWebClientNoMFC.cab
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\Skype4COM.dll
    O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
    O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
    O23 - Service: B0619999 - Unknown owner - C:\WINDOWS\system32\F0578551.EXE (file missing)
    O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
    O23 - Service: CSIScanner - Prevx - C:\Program Files\PrevxCSI\\PrevxCSI.exe
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32
    vsvc32.exe


    End of file - 6126 bytes

    [/quote:5ada2f323c]
  • Open Kladblok, kopiëer en plak het volgende (vetgedrukte tekst) in een leeg venster:
    [b:187f54aebb]
    File::
    C:\WINDOWS\hhvola.exe
    C:\WINDOWS\xoyvbg.exe

    Registry::
    [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WSockDrv32]

    Driver::
    B0619999
    [/b:187f54aebb]
    Sla dit op op je Bureaublad als [b:187f54aebb]CFScript.txt[/b:187f54aebb]

    Sleep [b:187f54aebb]CFScript.txt[/b:187f54aebb] in [b:187f54aebb]ComboFix.exe[/b:187f54aebb] zoals getoond in onderstaand voorbeeld :

    [img:187f54aebb]http://users.pandora.be/bluepatchy/miekiemoes/images/CFScript.gif[/img:187f54aebb]

    Dit zal [b:187f54aebb]ComboFix[/b:187f54aebb] doen herstarten.
    Start opnieuw op als daarom gevraagd wordt,
    en post de inhoud van de [b:187f54aebb]Combofix.txt[/b:187f54aebb] in je volgende antwoord

    Nog problemen?
  • [quote:4138573caa]

    FILE ::
    C:\WINDOWS\hhvola.exe
    C:\WINDOWS\xoyvbg.exe
    .
    TimedOut: progfile.dat

    (((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\WINDOWS\hhvola.exe
    C:\WINDOWS\xoyvbg.exe

    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    ——-\Legacy_B0619999
    ——-\Service_B0619999


    (((((((((((((((((((( Bestanden Gemaakt van 2008-03-03 to 2008-04-03 ))))))))))))))))))))))))))))))
    .

    2008-04-01 23:04 . 2008-04-01 23:04 <DIR> d——– C:\Program Files\Spybot - Search & Destroy
    2008-04-01 18:59 . 2008-04-01 19:00 195 –a—— C:\WINDOWS\system32\adcklog.dat
    2008-04-01 18:52 . 2008-04-01 18:52 68 –a—— C:\WINDOWS\system32\tmp4_39857489184.bk
    2008-04-01 18:52 . 2008-04-01 18:52 68 –a—— C:\WINDOWS\system32\tmp3_162956195804.bk
    2008-04-01 18:52 . 2008-04-01 18:52 68 –a—— C:\WINDOWS\system32\tmp1_385418746755.bk
    2008-03-31 22:52 . 2008-03-31 22:52 <DIR> d——– C:\Program Files\PrevxCSI
    2008-03-31 22:52 . 2008-03-31 22:53 <DIR> d——– C:\Documents and Settings\All Users\Application Data\PrevxCSI
    2008-03-31 22:52 . 2008-03-31 22:52 10,880 –a—— C:\WINDOWS\system32\drivers\pxark.sys
    2008-03-31 18:14 . 2008-03-31 18:14 68 –a—— C:\WINDOWS\system32\tmp4_89422632103.bk
    2008-03-31 18:14 . 2008-03-31 18:14 68 –a—— C:\WINDOWS\system32\tmp3_74332588027.bk
    2008-03-31 18:14 . 2008-03-31 18:14 68 –a—— C:\WINDOWS\system32\tmp1_824176330346.bk
    2008-03-30 18:30 . 2008-03-30 17:08 21,080 –a—— C:\WINDOWS
    dqybf.exe
    2008-03-30 17:14 . 2008-04-03 16:23 <DIR> d——– C:\Documents and Settings\kalium\Application Data\AVG7
    2008-03-30 17:13 . 2008-03-30 17:13 <DIR> d——– C:\Documents and Settings\LocalService\Application Data\AVG7
    2008-03-30 17:13 . 2008-03-30 17:13 <DIR> d——– C:\Documents and Settings\All Users\Application Data\Grisoft
    2008-03-30 17:03 . 2008-03-31 19:54 <DIR> d——– C:\Documents and Settings\All Users\Application Data\Avg7
    2008-03-30 11:31 . 2008-03-30 11:31 68 –a—— C:\WINDOWS\system32\tmp4_151892295033.bk
    2008-03-30 11:31 . 2008-03-30 11:31 68 –a—— C:\WINDOWS\system32\tmp3_785113772651.bk
    2008-03-30 11:31 . 2008-03-30 11:31 68 –a—— C:\WINDOWS\system32\tmp1_263857531073.bk
    2008-03-30 01:01 . 2008-03-30 01:01 68 –a—— C:\WINDOWS\system32\tmp4_278780260546.bk
    2008-03-30 01:01 . 2008-03-30 01:01 68 –a—— C:\WINDOWS\system32\tmp3_335064324407.bk
    2008-03-30 01:01 . 2008-03-30 01:01 68 –a—— C:\WINDOWS\system32\tmp1_133604470935.bk
    2008-03-29 16:50 . 2008-03-29 16:50 68 –a—— C:\WINDOWS\system32\tmp4_38710138090.bk
    2008-03-29 16:50 . 2008-03-29 16:50 68 –a—— C:\WINDOWS\system32\tmp3_231713881785.bk
    2008-03-29 16:50 . 2008-03-29 16:50 68 –a—— C:\WINDOWS\system32\tmp1_516288546122.bk
    2008-03-28 16:47 . 2008-03-28 16:47 68 –a—— C:\WINDOWS\system32\tmp4_210009163275.bk
    2008-03-28 16:47 . 2008-03-28 16:47 68 –a—— C:\WINDOWS\system32\tmp3_330247372921.bk
    2008-03-28 16:46 . 2008-03-28 16:46 68 –a—— C:\WINDOWS\system32\tmp1_771568825365.bk
    2008-03-27 20:55 . 2008-03-27 20:55 68 –a—— C:\WINDOWS\system32\tmp4_413349684564.bk
    2008-03-27 20:55 . 2008-03-27 20:55 68 –a—— C:\WINDOWS\system32\tmp3_460741444128.bk
    2008-03-27 20:55 . 2008-03-27 20:55 68 –a—— C:\WINDOWS\system32\tmp1_39883730230.bk
    2008-03-27 01:01 . 2008-03-27 01:01 68 –a—— C:\WINDOWS\system32\tmp4_317452857477.bk
    2008-03-27 01:01 . 2008-03-27 01:01 68 –a—— C:\WINDOWS\system32\tmp3_485963773680.bk
    2008-03-27 01:00 . 2008-03-27 01:00 68 –a—— C:\WINDOWS\system32\tmp1_34152802634.bk
    2008-03-26 18:18 . 2008-03-26 18:18 68 –a—— C:\WINDOWS\system32\tmp4_479110205129.bk
    2008-03-26 18:18 . 2008-03-26 18:18 68 –a—— C:\WINDOWS\system32\tmp3_62985740533.bk
    2008-03-26 18:18 . 2008-03-26 18:18 68 –a—— C:\WINDOWS\system32\tmp1_593707407540.bk
    2008-03-25 19:43 . 2008-03-25 19:43 68 –a—— C:\WINDOWS\system32\tmp4_868992413079.bk
    2008-03-25 19:43 . 2008-03-25 19:43 68 –a—— C:\WINDOWS\system32\tmp3_775181567943.bk
    2008-03-25 19:42 . 2008-03-25 19:42 68 –a—— C:\WINDOWS\system32\tmp1_795282828888.bk
    2008-03-25 00:02 . 2008-03-25 00:02 68 –a—— C:\WINDOWS\system32\tmp4_82590653915.bk
    2008-03-25 00:01 . 2008-03-25 00:01 68 –a—— C:\WINDOWS\system32\tmp3_142966190760.bk
    2008-03-25 00:01 . 2008-03-25 00:01 68 –a—— C:\WINDOWS\system32\tmp1_678534489934.bk
    2008-03-24 23:29 . 2008-04-02 22:28 54,156 –ah—– C:\WINDOWS\QTFont.qfn
    2008-03-24 23:29 . 2008-03-31 18:28 1,409 –a—— C:\WINDOWS\QTFont.for
    2008-03-24 12:30 . 2008-03-24 12:30 68 –a—— C:\WINDOWS\system32\tmp4_339105159966.bk
    2008-03-24 12:30 . 2008-03-24 12:30 68 –a—— C:\WINDOWS\system32\tmp3_889835551430.bk
    2008-03-24 12:30 . 2008-03-24 12:30 68 –a—— C:\WINDOWS\system32\tmp1_603997606320.bk
    2008-03-24 01:01 . 2008-03-24 01:01 68 –a—— C:\WINDOWS\system32\tmp4_756823886782.bk
    2008-03-24 01:01 . 2008-03-24 01:01 68 –a—— C:\WINDOWS\system32\tmp3_3198269556.bk
    2008-03-24 01:00 . 2008-03-24 01:00 68 –a—— C:\WINDOWS\system32\tmp1_605310528556.bk
    2008-03-23 22:18 . 2008-03-23 22:18 68 –a—— C:\WINDOWS\system32\tmp4_720027393560.bk
    2008-03-23 22:18 . 2008-03-23 22:18 68 –a—— C:\WINDOWS\system32\tmp3_538727540322.bk
    2008-03-23 22:18 . 2008-03-23 22:18 68 –a—— C:\WINDOWS\system32\tmp1_783676385261.bk
    2008-03-22 12:31 . 2008-03-22 12:31 68 –a—— C:\WINDOWS\system32\tmp4_157789393790.bk
    2008-03-22 12:31 . 2008-03-22 12:31 68 –a—— C:\WINDOWS\system32\tmp3_84438894722.bk
    2008-03-22 12:31 . 2008-03-22 12:31 68 –a—— C:\WINDOWS\system32\tmp1_574715798981.bk
    2008-03-22 01:00 . 2008-03-22 01:00 68 –a—— C:\WINDOWS\system32\tmp3_361432166985.bk
    2008-03-22 01:00 . 2008-03-22 01:00 68 –a—— C:\WINDOWS\system32\tmp1_257066840101.bk
    2008-03-22 00:02 . 2008-03-22 00:02 68 –a—— C:\WINDOWS\system32\tmp3_75966939933.bk
    2008-03-22 00:01 . 2008-03-22 00:01 68 –a—— C:\WINDOWS\system32\tmp1_37181263582.bk
    2008-03-21 12:31 . 2008-03-21 12:31 68 –a—— C:\WINDOWS\system32\tmp4_97192760643.bk
    2008-03-21 12:31 . 2008-03-21 12:31 68 –a—— C:\WINDOWS\system32\tmp3_716945653889.bk
    2008-03-21 12:31 . 2008-03-21 12:31 68 –a—— C:\WINDOWS\system32\tmp1_443962429005.bk
    2008-03-21 01:01 . 2008-03-21 01:01 68 –a—— C:\WINDOWS\system32\tmp4_721844766353.bk
    2008-03-21 01:01 . 2008-03-21 01:01 68 –a—— C:\WINDOWS\system32\tmp3_517178829799.bk
    2008-03-21 01:01 . 2008-03-21 01:01 68 –a—— C:\WINDOWS\system32\tmp1_35728924657.bk
    2008-03-20 12:31 . 2008-03-20 12:31 68 –a—— C:\WINDOWS\system32\tmp4_3936159450.bk
    2008-03-20 12:31 . 2008-03-20 12:31 68 –a—— C:\WINDOWS\system32\tmp3_784168664228.bk
    2008-03-20 12:31 . 2008-03-20 12:31 68 –a—— C:\WINDOWS\system32\tmp1_2454518368.bk
    2008-03-20 01:01 . 2008-03-20 01:01 68 –a—— C:\WINDOWS\system32\tmp4_394661788504.bk
    2008-03-20 01:00 . 2008-03-20 01:00 68 –a—— C:\WINDOWS\system32\tmp3_839378194066.bk
    2008-03-20 01:00 . 2008-03-20 01:00 68 –a—— C:\WINDOWS\system32\tmp1_189119315479.bk
    2008-03-19 18:48 . 2008-03-19 18:48 68 –a—— C:\WINDOWS\system32\tmp4_795066188014.bk
    2008-03-19 18:48 . 2008-03-19 18:48 68 –a—— C:\WINDOWS\system32\tmp3_220622147895.bk
    2008-03-19 18:48 . 2008-03-19 18:48 68 –a—— C:\WINDOWS\system32\tmp1_800127506751.bk
    2008-03-18 20:01 . 2008-03-18 20:01 68 –a—— C:\WINDOWS\system32\tmp4_99832588433.bk
    2008-03-18 20:01 . 2008-03-18 20:01 68 –a—— C:\WINDOWS\system32\tmp3_239405385813.bk
    2008-03-18 20:01 . 2008-03-18 20:01 68 –a—— C:\WINDOWS\system32\tmp1_306114573929.bk
    2008-03-17 19:29 . 2008-04-01 19:40 0 –a—— C:\WINDOWS\system32\1.tsk
    2008-03-17 19:12 . 2008-03-17 19:12 68 –a—— C:\WINDOWS\system32\tmp4_145872629963.bk
    2008-03-17 19:12 . 2008-03-17 19:12 68 –a—— C:\WINDOWS\system32\tmp3_113324673332.bk
    2008-03-17 19:12 . 2008-03-17 19:12 68 –a—— C:\WINDOWS\system32\tmp1_488685879158.bk
    2008-03-16 12:31 . 2008-03-16 12:31 68 –a—— C:\WINDOWS\system32\tmp4_407960214624.bk
    2008-03-16 12:31 . 2008-03-16 12:31 68 –a—— C:\WINDOWS\system32\tmp3_389137665977.bk
    2008-03-16 12:31 . 2008-03-16 12:31 68 –a—— C:\WINDOWS\system32\tmp1_322441673951.bk
    2008-03-16 01:00 . 2008-03-16 01:00 68 –a—— C:\WINDOWS\system32\tmp4_858150309471.bk
    2008-03-16 01:00 . 2008-03-16 01:00 68 –a—— C:\WINDOWS\system32\tmp3_699048806268.bk
    2008-03-16 01:00 . 2008-03-16 01:00 68 –a—— C:\WINDOWS\system32\tmp1_42701023041.bk
    2008-03-16 00:01 . 2008-03-16 00:01 68 –a—— C:\WINDOWS\system32\tmp4_280170323198.bk
    2008-03-16 00:01 . 2008-03-16 00:01 68 –a—— C:\WINDOWS\system32\tmp3_692678337873.bk
    2008-03-16 00:00 . 2008-03-16 00:00 68 –a—— C:\WINDOWS\system32\tmp1_72100832727.bk
    2008-03-15 12:31 . 2008-03-15 12:31 68 –a—— C:\WINDOWS\system32\tmp4_329241509353.bk
    2008-03-15 12:30 . 2008-03-15 12:30 68 –a—— C:\WINDOWS\system32\tmp3_289795522734.bk
    2008-03-15 12:30 . 2008-03-15 12:30 68 –a—— C:\WINDOWS\system32\tmp1_602771756266.bk
    2008-03-15 01:01 . 2008-03-15 01:01 68 –a—— C:\WINDOWS\system32\tmp4_532553432158.bk
    2008-03-15 01:01 . 2008-03-15 01:01 68 –a—— C:\WINDOWS\system32\tmp3_724288424580.bk
    2008-03-15 01:01 . 2008-03-15 01:01 68 –a—— C:\WINDOWS\system32\tmp1_166242434348.bk
    2008-03-14 16:26 . 2008-03-14 16:26 68 –a—— C:\WINDOWS\system32\tmp4_289016310832.bk
    2008-03-14 16:26 . 2008-03-14 16:26 68 –a—— C:\WINDOWS\system32\tmp3_875003829681.bk

    .
    ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-04-01 21:17 ——— d—–w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    2008-04-01 18:13 ——— d—–w C:\Documents and Settings\kalium\Application Data\LimeWire
    2008-03-31 20:53 ——— d—–w C:\Program Files\Common Files\Symantec Shared
    2008-03-31 17:59 ——— d—–w C:\Documents and Settings\kalium\Application Data\Azureus
    2008-03-28 21:41 ——— d—–w C:\Program Files\Soulseek
    2008-03-25 20:36 ——— d—–w C:\Program Files\Common Files\Adobe
    2008-03-16 14:55 ——— d—–w C:\Program Files\Azureus
    2008-02-18 21:00 ——— d—–w C:\Program Files\Ableton
    2008-02-18 21:00 ——— d—–w C:\Documents and Settings\kalium\Application Data\Ableton
    2008-02-18 19:34 ——— d—–w C:\Program Files\TGTSoft
    2008-02-14 06:09 ——— d—–w C:\Documents and Settings\kalium\Application Data\Creative
    2008-02-12 16:40 ——— d–h–w C:\Program Files\InstallShield Installation Information
    2008-02-11 15:38 ——— d—–w C:\Program Files\Free Audio Pack
    2008-02-10 16:28 ——— d—–w C:\Program Files\Creative
    2008-02-10 16:26 ——— d–h–w C:\Program Files\Creative Installation Information
    2008-02-10 16:26 ——— d—–w C:\Program Files\Common Files\Creative
    2008-02-10 16:24 ——— d—–w C:\Documents and Settings\All Users\Application Data\Creative
    2008-02-10 16:19 ——— d—–w C:\Program Files\MSN Messenger
    2008-02-08 18:25 ——— d—–w C:\Documents and Settings\kalium\Application Data\Media Player Classic
    2008-02-08 18:24 ——— d—–w C:\Program Files\K-Lite Codec Pack
    .

    ((((((((((((((((((((((((((((( snapshot@2008-04-01_22.49.10.75 )))))))))))))))))))))))))))))))))))))))))
    .
    - 2007-04-03 11:48:54 13,511,640 —-a-w C:\WINDOWS\system32\MRT.exe
    + 2008-03-05 06:30:56 19,148,408 —-a-w C:\WINDOWS\system32\MRT.exe
    .
    ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "NvMediaCenter"="NvMCTray.dll" [2006-08-11 21:43 86016 C:\WINDOWS\system32
    vmctray.dll]
    "NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2006-08-11 21:43 7630848]
    "AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-03-30 17:20 579072]
    "MSConfig"="C:\WINDOWS\pchealth\helpctr\Binaries\MSCONFIG.exe" [2004-08-04 02:03 160256]
    "PrevxCSI"=" /bootupreg" []

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2007-08-17 22:48 439872]
    "msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 12:54 5674352]
    "AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2008-03-30 17:21 219136]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "SynchronousMachineGroupPolicy"= 0 (0x0)
    "SynchronousUserGroupPolicy"= 0 (0x0)

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
    "NoStrCmpLogical"= 1 (0x1)

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
    "NoSMBalloonTip"= 1 (0x1)
    "MemCheckBoxInRunDlg"= 0 (0x0)
    "NoAutoTrayNotify"= 0 (0x0)
    "NoResolveTrack"= 0 (0x0)
    "NoResolveSearch"= 1 (0x1)
    "NoWelcomeScreen"= 1 (0x1)
    "NoRecentDocsNetHood"= 1 (0x1)
    "NoDesktopCleanupWizard"= 1 (0x1)

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Adobe Reader Snelle start.lnk]
    path=C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\Adobe Reader Snelle start.lnk
    backup=C:\WINDOWS\pss\Adobe Reader Snelle start.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Microsoft Office.lnk]
    path=C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\Microsoft Office.lnk
    backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^PCzapper Media Manager.lnk]
    path=C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\PCzapper Media Manager.lnk
    backup=C:\WINDOWS\pss\PCzapper Media Manager.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
    –a—— 2005-07-14 15:09 57344 C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
    –a—— 2008-01-11 23:16 39792 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTSyncU.exe]
    ——— 2006-09-28 21:09 700416 C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HyvesKwekker]
    C:\Program Files\Hyves Kwekker\HyvesDesktop_2.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
    –a—— 2007-01-19 12:54 5674352 C:\Program Files\MSN Messenger\MsnMsgr.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
    –a—— 2001-07-09 10:50 155648 C:\WINDOWS\system32\NeroCheck.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
    –a—— 2006-11-06 10:27 200704 C:\Program Files\PowerISO\PWRISOVM.EXE

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    –a—— 2007-10-19 21:16 286720 C:\Program Files\QuickTime\qttask.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
    -rahs—- 2008-01-28 11:43 2097488 C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
    C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
    –a—— 2006-11-02 00:41 185896 C:\Program Files\Common Files\Real\Update_OB\realsched.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
    –a—— 2006-11-21 19:38 35328 C:\Program Files\Winamp\winampa.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
    C:\PROGRA~1\Yahoo!\Messenger\YahooMessenger.exe

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
    "C:\\Program Files\\MSN Messenger\\livecall.exe"=
    "C:\\Westwood\\SUN\\Game.exe"=
    "C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "C:\\Program Files\\LimeWire\\LimeWire.exe"=
    "C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"=
    "C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"=
    "C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"=
    "C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe"=

    R0 pxark;pxark;C:\WINDOWS\system32\drivers\pxark.sys [2008-03-31 22:52]
    R2 CSIScanner;CSIScanner;"C:\Program Files\PrevxCSI\\PrevxCSI.exe" /service []

    .
    Inhoud van de 'Gedeelde Taken' map
    "2008-03-11 10:43:05 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
    - C:\Program Files\Apple Software Update\SoftwareUpdate.exe
    .
    **************************************************************************

    catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-04-03 16:38:43
    Windows 5.1.2600 Service Pack 2 NTFS

    scannen van verborgen processen …

    scannen van verborgen autostart items …

    scannen van verborgen bestanden …

    Scan succesvol afgerond
    verborgen bestanden: 0

    **************************************************************************
    .
    ———————— Other Running Processes ————————
    .
    C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\WINDOWS\system32\CTsvcCDA.exe
    C:\Program Files\PrevxCSI\PrevxCSI.exe
    C:\WINDOWS\System32
    vsvc32.exe
    C:\WINDOWS\System32\wdfmgr.exe
    .
    **************************************************************************
    .
    Voltooingstijd: 2008-04-03 16:42:23 - machine was rebooted
    ComboFix-quarantined-files.txt 2008-04-03 14:42:19
    ComboFix2.txt 2008-04-02 18:00:35
    ComboFix3.txt 2008-04-01 20:49:29
    ComboFix4.txt 2007-10-21 02:09:14
    Pre-Run: 5,170,069,504 bytes beschikbaar
    Post-Run: 5,158,879,232 bytes beschikbaar
    [/quote:4138573caa]

    bij deze……
    geheugengebruik is de helft van totaal
  • Post eens een volledig Combofix logje, ik heb echt de volledige logjes van je nodig. Je kan hem terug vinden als C:\combofix.txt
  • ComboFix 08-04-01.2 - kalium 2008-04-03 16:32:53.5 - NTFSx86
    Microsoft Windows XP Professional 5.1.2600.2.1252.1.1043.18.125 [GMT 2:00]
    Gestart vanuit: C:\Documents and Settings\kalium\Bureaublad\ComboFix.exe
    Command switches used :: C:\Documents and Settings\kalium\Bureaublad\CFScript.txt .txt
    * Nieuw herstelpunt werd aangemaakt


    enige wat mist me dunkt
  • Klopt, maar toch essentieel voor de versie en overige dingen.

    Download MBAM (Malwarebytes' Anti-Malware) via [b:17a03cd12e]hier[/color:17a03cd12e][/b:17a03cd12e] of [b:17a03cd12e]hier[/color:17a03cd12e][/b:17a03cd12e].
    [list:17a03cd12e]Dubbelklik op [b:17a03cd12e]mbam-setup.exe[/b:17a03cd12e] om het programma te installeren.[list:17a03cd12e]
    [*:17a03cd12e]Zorg ervoor dat er een vinkje geplaatst is voor [b:17a03cd12e]Update Malwarebytes' Anti-Malware[/b:17a03cd12e] en [b:17a03cd12e]Start Malwarebytes' Anti-Malware[/b:17a03cd12e], Klik daarna op "Voltooien".
    [*:17a03cd12e]Indien een update gevonden werd, zal die gedownload en geïnstalleerd worden.
    [*:17a03cd12e]Wanneer het programma volledig up to date is, selecteer dan in het tabblad [b:17a03cd12e]Scanner[/b:17a03cd12e] : "[b:17a03cd12e]Snelle Scan[/b:17a03cd12e]", daarna klik op [b:17a03cd12e]Scan[/b:17a03cd12e].
    [*:17a03cd12e]Het scannen kan een tijdje duren, dus wees geduldig.
    [*:17a03cd12e]Wanneer de scan voltooid is, klik op [b:17a03cd12e]OK[/b:17a03cd12e], daarna "Bekijk Resultaten" om de resultaten te zien.
    [*:17a03cd12e]Zorg ervoor dat daar [b:17a03cd12e]alles aangevinkt is[/b:17a03cd12e], daarna klik op: [b:17a03cd12e]Verwijder geselecteerde[/b:17a03cd12e].
    [*:17a03cd12e]Na het verwijderen zal een log openen en zal er gevraagd worden om de computer opnieuw op te starten. (Zie verder)
    [*:17a03cd12e]De log wordt automatisch bewaard door MBAM en kan je terugvinden door op de "Logs" tab te klikken in MBAM.
    [*:17a03cd12e]Kopieer en plak de inhoud van het logje in je volgend antwoord, samen met een nieuw HijackThis log.
    [/list:u:17a03cd12e]
    [b:17a03cd12e]Indien MBAM moeilijkheden heeft met het verwijderen van bepaalde bestanden zal het enkele meldingen geven waar je OK moet klikken.
    Daarna zal het vragen om de Computer opnieuw op te starten… dus sta toe dat MBAM de computer opnieuw opstart.[/b:17a03cd12e][/list:u:17a03cd12e]
  • [b:32f56e97c2]malwarebyte log:[/b:32f56e97c2]

    [quote:32f56e97c2]Malwarebytes' Anti-Malware 1.10
    Database versie: 587

    Scan type: Snelle Scan
    Objecten gescand: 28103
    Verstreken tijd: 5 minute(s), 55 second(s)

    Geheugenprocessen geïnfecteerd: 0
    Geheugenmodulen geïnfecteerd: 0
    Registersleutels geïnfecteerd: 2
    Registerwaarden geïnfecteerd: 0
    Registerdata bestanden geïnfecteerd: 0
    Mappen geïnfecteerd: 0
    Bestanden geïnfecteerd: 0

    Geheugenprocessen geïnfecteerd:
    (Geen kwaadaardige items gevonden)

    Geheugenmodulen geïnfecteerd:
    (Geen kwaadaardige items gevonden)

    Registersleutels geïnfecteerd:
    HKEY_CLASSES_ROOT\Typelib\{50ccd00a-66b6-4d95-aaef-8ee959498f92} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\stfngdvw.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.

    Registerwaarden geïnfecteerd:
    (Geen kwaadaardige items gevonden)

    Registerdata bestanden geïnfecteerd:
    (Geen kwaadaardige items gevonden)

    Mappen geïnfecteerd:
    (Geen kwaadaardige items gevonden)

    Bestanden geïnfecteerd:
    (Geen kwaadaardige items gevonden)
    [/quote:32f56e97c2]
  • [b:51178215ff]hijack log:[/b:51178215ff]

    [quote:51178215ff]Logfile of Trend Micro HijackThis v2.0.0 (BETA)
    Scan saved at 22:57:39, on 3-4-2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
    C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\WINDOWS\system32\CTsvcCDA.exe
    C:\Program Files\PrevxCSI\PrevxCSI.exe
    C:\WINDOWS\System32
    vsvc32.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\NOTEPAD.EXE
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\WINDOWS\system32\taskmgr.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Documents and Settings\kalium\Bureaublad\HiJackThis_v2.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi
    edir.dll?prd=ie&ar=iesearch
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O2 - BHO: IGMONObj Class - {02464DDC-3187-11D8-8004-0020ED227566} - C:\Program Files\iGetter\Integration\IGMON.dll (file missing)
    O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [PrevxCSI] "" /bootupreg
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service')
    O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Lokale service')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice')
    O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'Default user')
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2
    esources/MSNPUpld.cab
    O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab
    O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
    O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
    O16 - DPF: {E56347B0-6C2B-4C2E-939F-EE513EAC80BC} (Creative Product Registration ActiveX Control Module) - https:/
    egister.creative.com
    egister/OCXs/CtORWebClientNoMFC.cab
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\Skype4COM.dll
    O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
    O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
    O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
    O23 - Service: CSIScanner - Prevx - C:\Program Files\PrevxCSI\\PrevxCSI.exe
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32
    vsvc32.exe


    End of file - 6191 bytes
    [/quote:51178215ff]
  • mijn avg scanner houdt op bepaalde momenten achter elkaar een trojan tegen : psw.onlinegames

    nu heb ik dus alles gedaan wat hierboven staat en online scan gedaan

    moet ik me druk maken met deze infectie op mijn pc???

    typ toch meerdere malen mijn pasword in hier en daar

    lijkt wel of dit bestand niet weg te krijgen is
  • Download [b:604d6d2bde]OTMoveIt2[/color:604d6d2bde][/b:604d6d2bde] (by OldTimer) naar je Bureaublad.[list:604d6d2bde]* Dubbelklik op [b:604d6d2bde]OTMoveIt2.exe[/b:604d6d2bde] om de tool te starten.
    * Kopiëer (selecteren en druk Ctrl-C) [b:604d6d2bde]alle[/b:604d6d2bde] onderstaande, vetgedrukte tekst :[list:604d6d2bde][b:604d6d2bde]
    C:\WINDOWS
    dqybf.exe
    [/color:604d6d2bde][/b:604d6d2bde][/list:u:604d6d2bde]* Plak de gekopiëerde tekst (druk Ctrl-V) in het [b:604d6d2bde]"Paste List of Files/Folders to be moved"[/b:604d6d2bde] venster
    * Klik op de rode [b:604d6d2bde]MoveIt![/b:604d6d2bde][/color:604d6d2bde] knop
    * [b:604d6d2bde]Kopiëer en plak de inhoud van het rechter resultaat-venster in je volgende antwoord[/b:604d6d2bde],
    (of het logje dat je terugvindt als [b:604d6d2bde]C:\_OTMoveIt\MovedFiles\mmddyyyy_hhmmss.log[/b:604d6d2bde]).
    * Sluit [b:604d6d2bde]OTMoveIt2[/b:604d6d2bde][/list:u:604d6d2bde]
    Indien een bestand of map niet onmiddellijk kan verplaatst worden,
    kun je gevraagd worden om de PC te herstarten teneinde het verplaatsen te beeïndigen.
    Klik dan op [b:604d6d2bde]Ja/Yes[/b:604d6d2bde].

    Maak vervolgens een nieuwe log met Combofix en post die.
  • de map wordt niet gevonden in dit programma

    moet zeggen dat ik ook niet stil heb gezeten en google af heb gezocht naar hulp

    met diverse malware verwijderaars mijn pc gecleaned

    nog steeds is mijn geheugen gebruik ruim 1/3 in gebruik terwijl ik niks doe

    combofix komt er aan…..
  • [quote:963683bcad]ComboFix 08-04-01.2 - kalium 2008-04-05 19:16:06.6 - NTFSx86
    Gestart vanuit: C:\Documents and Settings\kalium\Bureaublad\ComboFix.exe


    (((((((((((((((((((( Bestanden Gemaakt van 2008-03-05 to 2008-04-05 ))))))))))))))))))))))))))))))
    .

    2008-04-05 19:12 . 2008-04-05 19:12 <DIR> d——– C:\_OTMoveIt
    2008-04-04 20:52 . 2008-04-04 20:57 <DIR> d——– C:\Program Files\Eusing Free Registry Cleaner
    2008-04-04 20:15 . 2008-04-04 20:23 <DIR> d——– C:\Program Files\XoftSpySE
    2008-04-04 20:12 . 2008-04-04 20:26 <DIR> d——– C:\Program Files\SUPERAntiSpyware
    2008-04-04 20:12 . 2008-04-04 20:12 <DIR> d——– C:\Program Files\Common Files\Wise Installation Wizard
    2008-04-04 20:12 . 2008-04-04 20:12 <DIR> d——– C:\Documents and Settings\kalium\Application Data\SUPERAntiSpyware.com
    2008-04-04 20:12 . 2008-04-04 20:12 <DIR> d——– C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
    2008-04-03 23:07 . 2008-04-03 23:07 <DIR> d——– C:\Program Files\Panda Security
    2008-04-03 22:38 . 2008-04-03 22:38 <DIR> d——– C:\Documents and Settings\kalium\Application Data\Malwarebytes
    2008-04-03 22:37 . 2008-04-03 22:38 <DIR> d——– C:\Program Files\Malwarebytes' Anti-Malware
    2008-04-03 22:37 . 2008-04-03 22:37 <DIR> d——– C:\Documents and Settings\All Users\Application Data\Malwarebytes
    2008-04-01 23:04 . 2008-04-01 23:04 <DIR> d——– C:\Program Files\Spybot - Search & Destroy
    2008-04-01 18:59 . 2008-04-01 19:00 195 –a—— C:\WINDOWS\system32\adcklog.dat
    2008-04-01 18:52 . 2008-04-01 18:52 68 –a—— C:\WINDOWS\system32\tmp4_39857489184.bk
    2008-04-01 18:52 . 2008-04-01 18:52 68 –a—— C:\WINDOWS\system32\tmp3_162956195804.bk
    2008-04-01 18:52 . 2008-04-01 18:52 68 –a—— C:\WINDOWS\system32\tmp1_385418746755.bk
    2008-03-31 18:14 . 2008-03-31 18:14 68 –a—— C:\WINDOWS\system32\tmp4_89422632103.bk
    2008-03-31 18:14 . 2008-03-31 18:14 68 –a—— C:\WINDOWS\system32\tmp3_74332588027.bk
    2008-03-31 18:14 . 2008-03-31 18:14 68 –a—— C:\WINDOWS\system32\tmp1_824176330346.bk
    2008-03-30 17:14 . 2008-04-05 11:58 <DIR> d——– C:\Documents and Settings\kalium\Application Data\AVG7
    2008-03-30 17:13 . 2008-03-30 17:13 <DIR> d——– C:\Documents and Settings\LocalService\Application Data\AVG7
    2008-03-30 17:13 . 2008-03-30 17:13 <DIR> d——– C:\Documents and Settings\All Users\Application Data\Grisoft
    2008-03-30 17:03 . 2008-03-31 19:54 <DIR> d——– C:\Documents and Settings\All Users\Application Data\Avg7
    2008-03-30 11:31 . 2008-03-30 11:31 68 –a—— C:\WINDOWS\system32\tmp4_151892295033.bk
    2008-03-30 11:31 . 2008-03-30 11:31 68 –a—— C:\WINDOWS\system32\tmp3_785113772651.bk
    2008-03-30 11:31 . 2008-03-30 11:31 68 –a—— C:\WINDOWS\system32\tmp1_263857531073.bk
    2008-03-30 01:01 . 2008-03-30 01:01 68 –a—— C:\WINDOWS\system32\tmp4_278780260546.bk
    2008-03-30 01:01 . 2008-03-30 01:01 68 –a—— C:\WINDOWS\system32\tmp3_335064324407.bk
    2008-03-30 01:01 . 2008-03-30 01:01 68 –a—— C:\WINDOWS\system32\tmp1_133604470935.bk
    2008-03-29 16:50 . 2008-03-29 16:50 68 –a—— C:\WINDOWS\system32\tmp4_38710138090.bk
    2008-03-29 16:50 . 2008-03-29 16:50 68 –a—— C:\WINDOWS\system32\tmp3_231713881785.bk
    2008-03-29 16:50 . 2008-03-29 16:50 68 –a—— C:\WINDOWS\system32\tmp1_516288546122.bk
    2008-03-28 16:47 . 2008-03-28 16:47 68 –a—— C:\WINDOWS\system32\tmp4_210009163275.bk
    2008-03-28 16:47 . 2008-03-28 16:47 68 –a—— C:\WINDOWS\system32\tmp3_330247372921.bk
    2008-03-28 16:46 . 2008-03-28 16:46 68 –a—— C:\WINDOWS\system32\tmp1_771568825365.bk
    2008-03-27 20:55 . 2008-03-27 20:55 68 –a—— C:\WINDOWS\system32\tmp4_413349684564.bk
    2008-03-27 20:55 . 2008-03-27 20:55 68 –a—— C:\WINDOWS\system32\tmp3_460741444128.bk
    2008-03-27 20:55 . 2008-03-27 20:55 68 –a—— C:\WINDOWS\system32\tmp1_39883730230.bk
    2008-03-27 01:01 . 2008-03-27 01:01 68 –a—— C:\WINDOWS\system32\tmp4_317452857477.bk
    2008-03-27 01:01 . 2008-03-27 01:01 68 –a—— C:\WINDOWS\system32\tmp3_485963773680.bk
    2008-03-27 01:00 . 2008-03-27 01:00 68 –a—— C:\WINDOWS\system32\tmp1_34152802634.bk
    2008-03-26 18:18 . 2008-03-26 18:18 68 –a—— C:\WINDOWS\system32\tmp4_479110205129.bk
    2008-03-26 18:18 . 2008-03-26 18:18 68 –a—— C:\WINDOWS\system32\tmp3_62985740533.bk
    2008-03-26 18:18 . 2008-03-26 18:18 68 –a—— C:\WINDOWS\system32\tmp1_593707407540.bk
    2008-03-25 19:43 . 2008-03-25 19:43 68 –a—— C:\WINDOWS\system32\tmp4_868992413079.bk
    2008-03-25 19:43 . 2008-03-25 19:43 68 –a—— C:\WINDOWS\system32\tmp3_775181567943.bk
    2008-03-25 19:42 . 2008-03-25 19:42 68 –a—— C:\WINDOWS\system32\tmp1_795282828888.bk
    2008-03-25 00:02 . 2008-03-25 00:02 68 –a—— C:\WINDOWS\system32\tmp4_82590653915.bk
    2008-03-25 00:01 . 2008-03-25 00:01 68 –a—— C:\WINDOWS\system32\tmp3_142966190760.bk
    2008-03-25 00:01 . 2008-03-25 00:01 68 –a—— C:\WINDOWS\system32\tmp1_678534489934.bk
    2008-03-24 12:30 . 2008-03-24 12:30 68 –a—— C:\WINDOWS\system32\tmp4_339105159966.bk
    2008-03-24 12:30 . 2008-03-24 12:30 68 –a—— C:\WINDOWS\system32\tmp3_889835551430.bk
    2008-03-24 12:30 . 2008-03-24 12:30 68 –a—— C:\WINDOWS\system32\tmp1_603997606320.bk
    2008-03-24 01:01 . 2008-03-24 01:01 68 –a—— C:\WINDOWS\system32\tmp4_756823886782.bk
    2008-03-24 01:01 . 2008-03-24 01:01 68 –a—— C:\WINDOWS\system32\tmp3_3198269556.bk
    2008-03-24 01:00 . 2008-03-24 01:00 68 –a—— C:\WINDOWS\system32\tmp1_605310528556.bk
    2008-03-23 22:18 . 2008-03-23 22:18 68 –a—— C:\WINDOWS\system32\tmp4_720027393560.bk
    2008-03-23 22:18 . 2008-03-23 22:18 68 –a—— C:\WINDOWS\system32\tmp3_538727540322.bk
    2008-03-23 22:18 . 2008-03-23 22:18 68 –a—— C:\WINDOWS\system32\tmp1_783676385261.bk
    2008-03-22 12:31 . 2008-03-22 12:31 68 –a—— C:\WINDOWS\system32\tmp4_157789393790.bk
    2008-03-22 12:31 . 2008-03-22 12:31 68 –a—— C:\WINDOWS\system32\tmp3_84438894722.bk
    2008-03-22 12:31 . 2008-03-22 12:31 68 –a—— C:\WINDOWS\system32\tmp1_574715798981.bk
    2008-03-22 01:00 . 2008-03-22 01:00 68 –a—— C:\WINDOWS\system32\tmp3_361432166985.bk
    2008-03-22 01:00 . 2008-03-22 01:00 68 –a—— C:\WINDOWS\system32\tmp1_257066840101.bk
    2008-03-22 00:02 . 2008-03-22 00:02 68 –a—— C:\WINDOWS\system32\tmp3_75966939933.bk
    2008-03-22 00:01 . 2008-03-22 00:01 68 –a—— C:\WINDOWS\system32\tmp1_37181263582.bk
    2008-03-21 12:31 . 2008-03-21 12:31 68 –a—— C:\WINDOWS\system32\tmp4_97192760643.bk
    2008-03-21 12:31 . 2008-03-21 12:31 68 –a—— C:\WINDOWS\system32\tmp3_716945653889.bk
    2008-03-21 12:31 . 2008-03-21 12:31 68 –a—— C:\WINDOWS\system32\tmp1_443962429005.bk
    2008-03-21 01:01 . 2008-03-21 01:01 68 –a—— C:\WINDOWS\system32\tmp4_721844766353.bk
    2008-03-21 01:01 . 2008-03-21 01:01 68 –a—— C:\WINDOWS\system32\tmp3_517178829799.bk
    2008-03-21 01:01 . 2008-03-21 01:01 68 –a—— C:\WINDOWS\system32\tmp1_35728924657.bk
    2008-03-20 12:31 . 2008-03-20 12:31 68 –a—— C:\WINDOWS\system32\tmp4_3936159450.bk
    2008-03-20 12:31 . 2008-03-20 12:31 68 –a—— C:\WINDOWS\system32\tmp3_784168664228.bk
    2008-03-20 12:31 . 2008-03-20 12:31 68 –a—— C:\WINDOWS\system32\tmp1_2454518368.bk
    2008-03-20 01:01 . 2008-03-20 01:01 68 –a—— C:\WINDOWS\system32\tmp4_394661788504.bk
    2008-03-20 01:00 . 2008-03-20 01:00 68 –a—— C:\WINDOWS\system32\tmp3_839378194066.bk
    2008-03-20 01:00 . 2008-03-20 01:00 68 –a—— C:\WINDOWS\system32\tmp1_189119315479.bk
    2008-03-19 18:48 . 2008-03-19 18:48 68 –a—— C:\WINDOWS\system32\tmp4_795066188014.bk
    2008-03-19 18:48 . 2008-03-19 18:48 68 –a—— C:\WINDOWS\system32\tmp3_220622147895.bk
    2008-03-19 18:48 . 2008-03-19 18:48 68 –a—— C:\WINDOWS\system32\tmp1_800127506751.bk
    2008-03-18 20:01 . 2008-03-18 20:01 68 –a—— C:\WINDOWS\system32\tmp4_99832588433.bk
    2008-03-18 20:01 . 2008-03-18 20:01 68 –a—— C:\WINDOWS\system32\tmp3_239405385813.bk
    2008-03-18 20:01 . 2008-03-18 20:01 68 –a—— C:\WINDOWS\system32\tmp1_306114573929.bk
    2008-03-17 19:29 . 2008-04-01 19:40 0 –a—— C:\WINDOWS\system32\1.tsk
    2008-03-17 19:12 . 2008-03-17 19:12 68 –a—— C:\WINDOWS\system32\tmp4_145872629963.bk
    2008-03-17 19:12 . 2008-03-17 19:12 68 –a—— C:\WINDOWS\system32\tmp3_113324673332.bk
    2008-03-17 19:12 . 2008-03-17 19:12 68 –a—— C:\WINDOWS\system32\tmp1_488685879158.bk
    2008-03-16 12:31 . 2008-03-16 12:31 68 –a—— C:\WINDOWS\system32\tmp4_407960214624.bk
    2008-03-16 12:31 . 2008-03-16 12:31 68 –a—— C:\WINDOWS\system32\tmp3_389137665977.bk
    2008-03-16 12:31 . 2008-03-16 12:31 68 –a—— C:\WINDOWS\system32\tmp1_322441673951.bk
    2008-03-16 01:00 . 2008-03-16 01:00 68 –a—— C:\WINDOWS\system32\tmp4_858150309471.bk
    2008-03-16 01:00 . 2008-03-16 01:00 68 –a—— C:\WINDOWS\system32\tmp3_699048806268.bk
    2008-03-16 01:00 . 2008-03-16 01:00 68 –a—— C:\WINDOWS\system32\tmp1_42701023041.bk
    2008-03-16 00:01 . 2008-03-16 00:01 68 –a—— C:\WINDOWS\system32\tmp4_280170323198.bk
    2008-03-16 00:01 . 2008-03-16 00:01 68 –a—— C:\WINDOWS\system32\tmp3_692678337873.bk
    2008-03-16 00:00 . 2008-03-16 00:00 68 –a—— C:\WINDOWS\system32\tmp1_72100832727.bk
    2008-03-15 12:31 . 2008-03-15 12:31 68 –a—— C:\WINDOWS\system32\tmp4_329241509353.bk
    2008-03-15 12:30 . 2008-03-15 12:30 68 –a—— C:\WINDOWS\system32\tmp3_289795522734.bk
    2008-03-15 12:30 . 2008-03-15 12:30 68 –a—— C:\WINDOWS\system32\tmp1_602771756266.bk

    .
    ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-04-05 17:15 ——— d—–w C:\Program Files\Soulseek
    2008-04-03 20:34 ——— d—–w C:\Documents and Settings\kalium\Application Data\Azureus
    2008-04-01 21:17 ——— d—–w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    2008-04-01 18:13 ——— d—–w C:\Documents and Settings\kalium\Application Data\LimeWire
    2008-03-31 20:53 ——— d—–w C:\Program Files\Common Files\Symantec Shared
    2008-03-25 20:36 ——— d—–w C:\Program Files\Common Files\Adobe
    2008-03-16 14:55 ——— d—–w C:\Program Files\Azureus
    2008-02-18 21:00 ——— d—–w C:\Program Files\Ableton
    2008-02-18 21:00 ——— d—–w C:\Documents and Settings\kalium\Application Data\Ableton
    2008-02-18 19:34 ——— d—–w C:\Program Files\TGTSoft
    2008-02-14 06:09 ——— d—–w C:\Documents and Settings\kalium\Application Data\Creative
    2008-02-12 16:40 ——— d–h–w C:\Program Files\InstallShield Installation Information
    2008-02-11 15:38 ——— d—–w C:\Program Files\Free Audio Pack
    2008-02-10 16:28 ——— d—–w C:\Program Files\Creative
    2008-02-10 16:26 ——— d–h–w C:\Program Files\Creative Installation Information
    2008-02-10 16:26 ——— d—–w C:\Program Files\Common Files\Creative
    2008-02-10 16:24 ——— d—–w C:\Documents and Settings\All Users\Application Data\Creative
    2008-02-10 16:19 ——— d—–w C:\Program Files\MSN Messenger
    2008-02-08 18:25 ——— d—–w C:\Documents and Settings\kalium\Application Data\Media Player Classic
    2008-02-08 18:24 ——— d—–w C:\Program Files\K-Lite Codec Pack
    .

    ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-02-29 16:03 1481968]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "NvMediaCenter"="NvMCTray.dll" [2006-08-11 21:43 86016 C:\WINDOWS\system32
    vmctray.dll]
    "NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2006-08-11 21:43 7630848]
    "AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-03-30 17:20 579072]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2007-08-17 22:48 439872]
    "msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 12:54 5674352]
    "AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2008-03-30 17:21 219136]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "SynchronousMachineGroupPolicy"= 0 (0x0)
    "SynchronousUserGroupPolicy"= 0 (0x0)

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
    "NoStrCmpLogical"= 1 (0x1)

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
    "NoSMBalloonTip"= 1 (0x1)
    "MemCheckBoxInRunDlg"= 0 (0x0)
    "NoAutoTrayNotify"= 0 (0x0)
    "NoResolveTrack"= 0 (0x0)
    "NoResolveSearch"= 1 (0x1)
    "NoWelcomeScreen"= 1 (0x1)
    "NoRecentDocsNetHood"= 1 (0x1)
    "NoDesktopCleanupWizard"= 1 (0x1)

    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
    "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon
    otify\!SASWinLogon]
    C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 12:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Adobe Reader Snelle start.lnk]
    backup=C:\WINDOWS\pss\Adobe Reader Snelle start.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Microsoft Office.lnk]
    backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^PCzapper Media Manager.lnk]
    backup=C:\WINDOWS\pss\PCzapper Media Manager.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
    –a—— 2005-07-14 15:09 57344 C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
    –a—— 2008-01-11 23:16 39792 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTSyncU.exe]
    ——— 2006-09-28 21:09 700416 C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
    –a—— 2007-01-19 12:54 5674352 C:\Program Files\MSN Messenger\MsnMsgr.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
    –a—— 2001-07-09 10:50 155648 C:\WINDOWS\system32\NeroCheck.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
    –a—— 2006-11-06 10:27 200704 C:\Program Files\PowerISO\PWRISOVM.EXE

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    –a—— 2007-10-19 21:16 286720 C:\Program Files\QuickTime\qttask.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
    -rahs—- 2008-01-28 11:43 2097488 C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
    –a—— 2006-11-02 00:41 185896 C:\Program Files\Common Files\Real\Update_OB\realsched.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
    –a—— 2006-11-21 19:38 35328 C:\Program Files\Winamp\winampa.exe

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
    "C:\\Program Files\\MSN Messenger\\livecall.exe"=
    "C:\\Westwood\\SUN\\Game.exe"=
    "C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "C:\\Program Files\\LimeWire\\LimeWire.exe"=
    "C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"=
    "C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"=
    "C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"=
    "C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe"=


    .
    **************************************************************************

    catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-04-05 19:20:23
    Windows 5.1.2600 Service Pack 2 NTFS

    scannen van verborgen processen …

    scannen van verborgen autostart items …

    scannen van verborgen bestanden …

    Scan succesvol afgerond
    verborgen bestanden: 0

    **************************************************************************
    .
    Voltooingstijd: 2008-04-05 19:23:42
    ComboFix-quarantined-files.txt 2008-04-05 17:23:38
    ComboFix2.txt 2008-04-03 14:42:24
    ComboFix3.txt 2008-04-02 18:00:35
    ComboFix4.txt 2008-04-01 20:49:29
    ComboFix5.txt 2007-10-21 02:09:14
    Pre-Run: 6,267,002,880 bytes beschikbaar
    Post-Run: 6,261,800,960 bytes beschikbaar
    [/quote:963683bcad]
  • * [u:7b3e512107]Clean de Cache and Cookies in IE[/u:7b3e512107]:

    * Sluit Internet Explorer.
    * Ga naar Configuratiescherm > Internet Opties > tab Algemeen
    * Klik de Cookies verwijderen knop
    * Klik op de Bestanden verwijderen knop ernaast
    * Vink aan: Ook alle off line items verwijderen, klik OK

    * [u:7b3e512107]Clean de Cache and Cookies in Firefox[/u:7b3e512107] (In geval Firefox geïnstalleerd is):

    * Go to Extra > Opties.
    * Klik Privacy in het menu.
    * Klik op de knop wissen (Geschiedenis, Cookies, Cache).
    * Klik OK om het venster opnieuw te sluiten.

    * [u:7b3e512107]Clean andere Temporary files + Prullenbak[/u:7b3e512107]

    * Ga naar Start > Uitvoeren en typ: cleanmgr en klik ok.
    * Laat het je systeem scannen op bestanden die moeten verwijderd worden
    * Zorg er wel voor dat je daar enkel maar 'tijdelijke bestanden', 'tijdelijke internetbestanden' en 'prullenbak' staan aangevinkt.
    * Klik daarna op OK.

    Plaats ook een nieuw Hijackthis logje.
  • [quote:f99fe0617e]Logfile of Trend Micro HijackThis v2.0.0 (BETA)
    Scan saved at 16:18:18, on 6-4-2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
    C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\WINDOWS\system32\CTsvcCDA.exe
    C:\WINDOWS\System32
    vsvc32.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\Program Files\MSN Messenger\usnsvc.exe
    C:\Documents and Settings\kalium\Bureaublad\HiJackThis_v2.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi
    edir.dll?prd=ie&ar=iesearch
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O2 - BHO: IGMONObj Class - {02464DDC-3187-11D8-8004-0020ED227566} - (no file)
    O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
    O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service')
    O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Lokale service')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice')
    O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'Default user')
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\Skype4COM.dll
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
    O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
    O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
    O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32
    vsvc32.exe


    End of file - 5713 bytes
    [/quote:f99fe0617e]

Beantwoord deze vraag

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.