Vraag & Antwoord

Beveiliging & privacy

Hijackthis Log

15 antwoorden
  • Hallo, kan iemand dit logje even nakijken? Als ik Internet Explorer gebruik krijg ik allemaal popup dingen. En ik weet niet of dit er ook mee heeft te maken, maar als ik Internet Explorer gebruik start ook automatisch Limewire op. Als ik het vervolgens afsluit, komt het na enkele minuten weer terug. En nog een ander vraagje, bij Windows Live Messenger accepteer t automatisch bestandjes. Ik heb niet de keuze of ik het wil accepteren of weigeren. Weet iemand hoe je dat oplost? Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 17:08:14, on 5-11-2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16735) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\System32\SCardSvr.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\WINDOWS\R2VicnVpa2Vy\command.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe C:\Program Files\Network Monitor\netmon.exe C:\WINDOWS\system32\SearchIndexer.exe C:\WINDOWS\System32\alg.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\RunDll32.exe C:\WINDOWS\713xRMT.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe C:\Program Files\HP\hpcoretech\hpcmpmgr.exe C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe C:\WINDOWS\Fonts\svchost.exe C:\windows\system32\rkwnw64m.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Picasa2\PicasaMediaDetector.exe C:\Documents and Settings\Gebruiker\Application Data\gadcom\gadcom.exe C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe C:\Program Files\Windows Desktop Search\WindowsSearch.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\WINDOWS\System32\svchost.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\system32\mcntltdl.exe C:\WINDOWS\system32\QI02\QI022328.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\Windows Live\Messenger\usnsvc.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\limewire\limewire.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Internet Explorer\iexplore.exe C:\WINDOWS\System32\regsvr32.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe C:\WINDOWS\system32\SearchProtocolHost.exe C:\WINDOWS\system32\SearchFilterHost.exe C:\WINDOWS\system32\wbem\wmiprvse.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd O4 - HKLM\..\Run: [TV Card Remote Control Device Monitor] C:\WINDOWS\713xRMT.exe O4 - HKLM\..\Run: [Stupid Data Dart Wave] C:\Documents and Settings\All Users\Application Data\flag ace stupid data\LOCKS DEBUG.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" O4 - HKLM\..\Run: [Host Process] C:\WINDOWS\Fonts\svchost.exe O4 - HKLM\..\Run: [{FB-BD-D2-21-DW}] C:\windows\system32\rkwnw64m.exe DWmmm01 O4 - HKLM\..\Run: [ExploreUpdSched] C:\WINDOWS\system32\mcntltdl.exe DWmmm01 O4 - HKLM\..\Run: [alzhgfnhyiwscumg] C:\WINDOWS\System32\regsvr32.exe /s "C:\WINDOWS\system32\tfpakeldqf.dll" O4 - HKLM\..\Run: [CPM7b0c8e12] Rundll32.exe "c:\windows\system32\ovyutago.dll",a O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector O4 - HKCU\..\Run: [01wma] C:\DOCUME~1\GEBRUI~1\APPLIC~1\ERROR2~1\DOESLIES.exe O4 - HKCU\..\Run: [gadcom] "C:\Documents and Settings\Gebruiker\Application Data\gadcom\gadcom.exe" 61A847B5BBF72813329B385772FF01F0B3E35B6638993F4661AA4EBD86D67C56389B284534F310 O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: Deewoo.lnk = C:\WINDOWS\system32\mcntltdl.exe O4 - Startup: DW_Start.lnk = C:\WINDOWS\system32\rkwnw64m.exe O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1223917203140 O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-03.sun.com/s/ESD5/JSCDL/jdk/6u10/jinstall-6u10-windows-i586-jc.cab?e=1225057627564&h=e071cb737eeaba4414e51dd50d4a05d1/&filename=jinstall-6u10-windows-i586-jc.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://plugin.driveragent.com/files/driveragent.cab O16 - DPF: {EDFCB7CB-942C-4822-AF14-F0B687409848} (Image Uploader Control) - http://cache.hyves-static.net/statics/Aurigma/ImageUploader4.cab O20 - AppInit_DLLs: ,c:\windows\system32\ovyutago.dll jucpyb.dll O21 - SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\ovyutago.dll O22 - SharedTaskScheduler: STS - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\ovyutago.dll O23 - Service: Mobiel Apple apparaat (Apple Mobile Device) - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\R2VicnVpa2Vy\command.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe -- End of file - 8530 bytes
  • Start Hijackthis op en kies voor 'Do a system scan only'. Selecteer alleen de items hieronder genoemd: [b:69fe46959f]O4 - HKLM\..\Run: [Stupid Data Dart Wave] C:\Documents and Settings\All Users\Application Data\flag ace stupid data\LOCKS DEBUG.exe O4 - HKLM\..\Run: [Host Process] C:\WINDOWS\Fonts\svchost.exe O4 - HKLM\..\Run: [{FB-BD-D2-21-DW}] C:\windows\system32\rkwnw64m.exe DWmmm01 O4 - HKLM\..\Run: [ExploreUpdSched] C:\WINDOWS\system32\mcntltdl.exe DWmmm01 O4 - HKLM\..\Run: [alzhgfnhyiwscumg] C:\WINDOWS\System32\regsvr32.exe /s "C:\WINDOWS\system32\tfpakeldqf.dll" O4 - HKLM\..\Run: [CPM7b0c8e12] Rundll32.exe "c:\windows\system32\ovyutago.dll",a O4 - HKCU\..\Run: [01wma] C:\DOCUME~1\GEBRUI~1\APPLIC~1\ERROR2~1\DOESLIES.exe O4 - HKCU\..\Run: [gadcom] "C:\Documents and Settings\Gebruiker\Application Data\gadcom\gadcom.exe" 61A847B5BBF72813329B385772FF01F0B3E35B6638993F4661AA4EBD86D67C56389B284534F310 O4 - Startup: Deewoo.lnk = C:\WINDOWS\system32\mcntltdl.exe O4 - Startup: DW_Start.lnk = C:\WINDOWS\system32\rkwnw64m.exe O20 - AppInit_DLLs: ,c:\windows\system32\ovyutago.dll jucpyb.dll O21 - SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\ovyutago.dll O22 - SharedTaskScheduler: STS - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\ovyutago.dll[/b:69fe46959f] Klik op 'Fix checked' om de items te verwijderen. Download [b:69fe46959f]MBAM (Malwarebytes' Anti-Malware)[/b:69fe46959f] hier : http://www.besttechie.net/tools/mbam-setup.exe Dubbelklik op mbam-setup.exe om het programma te installeren. Zorg ervoor dat er een vinkje geplaatst is voor Update Malwarebytes' Anti-Malware en Start Malwarebytes' Anti-Malware, Klik daarna op "Voltooien". Indien een update gevonden werd, zal die gedownload en geïnstalleerd worden. Wanneer het programma volledig up to date is, selecteer dan in het tabblad Scanner : "Snelle Scan", daarna klik op Scan. Het scannen kan een tijdje duren, dus wees geduldig. Wanneer de scan voltooid is, klik op OK, daarna "Bekijk Resultaten" om de resultaten te zien. Zorg ervoor dat daar alles aangevinkt is, daarna klik op: Verwijder geselecteerde. Na het verwijderen zal een log openen en zal er gevraagd worden om de computer opnieuw op te starten. (Zie verder) De log wordt automatisch bewaard door MBAM en kan je terugvinden door op de "Logs" tab te klikken in MBAM. Indien MBAM moeilijkheden heeft met het verwijderen van bepaalde bestanden zal het enkele meldingen geven waar je OK moet klikken. Daarna zal het vragen om de computer opnieuw op te starten... dus sta toe dat MBAM de computer opnieuw opstart. Plak de inhoud van het logje in je volgende bericht, samen met een nieuw HijackThis log.
  • Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 22:59:53, on 5-11-2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16735) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\Ati2evxx.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe C:\WINDOWS\system32\SearchIndexer.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\RunDll32.exe C:\WINDOWS\713xRMT.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe C:\Program Files\HP\hpcoretech\hpcmpmgr.exe C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Picasa2\PicasaMediaDetector.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe C:\Program Files\Windows Desktop Search\WindowsSearch.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: (no name) - {C31C05B4-0A01-4DC2-8E5E-0315459F508E} - C:\WINDOWS\system32\mlJYopNf.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd O4 - HKLM\..\Run: [TV Card Remote Control Device Monitor] C:\WINDOWS\713xRMT.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" O4 - HKLM\..\Run: [CPM7b0c8e12] Rundll32.exe "c:\windows\system32\yesyuovd.dll",a O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1223917203140 O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-03.sun.com/s/ESD5/JSCDL/jdk/6u10/jinstall-6u10-windows-i586-jc.cab?e=1225057627564&h=e071cb737eeaba4414e51dd50d4a05d1/&filename=jinstall-6u10-windows-i586-jc.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://plugin.driveragent.com/files/driveragent.cab O16 - DPF: {EDFCB7CB-942C-4822-AF14-F0B687409848} (Image Uploader Control) - http://cache.hyves-static.net/statics/Aurigma/ImageUploader4.cab O20 - Winlogon Notify: mlJYopNf - C:\WINDOWS\SYSTEM32\mlJYopNf.dll O23 - Service: Mobiel Apple apparaat (Apple Mobile Device) - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe -- End of file - 6715 bytes Malwarebytes' Anti-Malware 1.30 Database versie: 1306 Windows 5.1.2600 Service Pack 3 5-11-2008 22:53:56 mbam-log-2008-11-05 (22-53-56).txt Scan type: Snelle Scan Objecten gescand: 43954 Verstreken tijd: 7 minute(s), 10 second(s) Geheugenprocessen geïnfecteerd: 2 Geheugenmodulen geïnfecteerd: 6 Registersleutels geïnfecteerd: 30 Registerwaarden geïnfecteerd: 2 Registerdata bestanden geïnfecteerd: 4 Mappen geïnfecteerd: 4 Bestanden geïnfecteerd: 32 Geheugenprocessen geïnfecteerd: C:\WINDOWS\R2VicnVpa2Vy\command.exe (Adware.CommAd) -> Failed to unload process. C:\Program Files\Network Monitor\netmon.exe (Trojan.DNSChanger) -> Unloaded process successfully. Geheugenmodulen geïnfecteerd: C:\WINDOWS\system32\hgukkdcu.dll (Trojan.Vundo.H) -> Delete on reboot. C:\WINDOWS\system32\opnlMged.dll (Trojan.Vundo.H) -> Delete on reboot. C:\WINDOWS\R2VicnVpa2Vy\asappsrv.dll (Adware.CommAd) -> Delete on reboot. C:\WINDOWS\system32\sveqwydq.dll (Trojan.Vundo.H) -> Delete on reboot. C:\WINDOWS\system32\zarkxt.dll (Trojan.Vundo.H) -> Delete on reboot. c:\WINDOWS\system32\yesyuovd.dll (Trojan.Agent) -> Delete on reboot. Registersleutels geïnfecteerd: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{21dc5101-fcb8-4265-9089-d7566260004c} (Trojan.Vundo.H) -> Delete on reboot. HKEY_CLASSES_ROOT\CLSID\{21dc5101-fcb8-4265-9089-d7566260004c} (Trojan.Vundo.H) -> Delete on reboot. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{fa78cc5e-5557-412d-b8b4-f20efbd68309} (Trojan.Vundo.H) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{fa78cc5e-5557-412d-b8b4-f20efbd68309} (Trojan.Vundo.H) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\cmdservice (Adware.CommAd) -> Delete on reboot. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\cmdservice (Adware.CommAd) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\cmdservice (Adware.CommAd) -> Delete on reboot. HKEY_CLASSES_ROOT\bho_myjavacore.mjcore (Trojan.BHO) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\bho_myjavacore.mjcore.1 (Trojan.BHO) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{17e44256-51e0-4d46-a0c8-44e80ab4ba5b} (Trojan.BHO) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4} (Trojan.Agent) -> Delete on reboot. HKEY_CLASSES_ROOT\Typelib\{e0f01490-dcf3-4357-95aa-169a8c2b2190} (Trojan.BHO) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\AppID\{80ef304a-b1c4-425c-8535-95ab6f1eefb8} (Trojan.BHO) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{a394e835-c8d6-4b4b-884b-d2709059f3be} (Trojan.Network.Monitor) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3877c2cd-f137-4144-bdb2-0a811492f920} (Trojan.Downloader) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\AppID\BHO_MyJavaCore.DLL (Trojan.BHO) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Deewoo Network Manager (Adware.Radio) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Delete on reboot. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\dslcnnct (Trojan.Vundo) -> Delete on reboot. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NETWORK_MONITOR (Trojan.DNSChanger) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CMDSERVICE (Trojan.Downloader) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Network Monitor (Trojan.Service) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4d8da907-a776-619b-6bc1-d1d90851882d} (Adware.BHO) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{4d8da907-a776-619b-6bc1-d1d90851882d} (Adware.BHO) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{be4ed16f-a661-6d3c-8351-195b3351b2ee} (Adware.BHO) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{be4ed16f-a661-6d3c-8351-195b3351b2ee} (Adware.BHO) -> Quarantined and deleted successfully. Registerwaarden geïnfecteerd: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4} (Trojan.Agent) -> Delete on reboot. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\ssodl (Trojan.Agent) -> Delete on reboot. Registerdata bestanden geïnfecteerd: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\opnlmged -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\opnlmged -> Delete on reboot. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Agent) -> Data: c:\windows\system32\yesyuovd.dll -> Delete on reboot. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Agent) -> Data: system32\yesyuovd.dll -> Delete on reboot. Mappen geïnfecteerd: C:\Program Files\Network Monitor (Trojan.DNSChanger) -> Quarantined and deleted successfully. C:\WINDOWS\Fonts\' (Trojan.Agent) -> Files: 28197 -> Quarantined and deleted successfully. C:\Program Files\Mjcore (Trojan.BHO) -> Quarantined and deleted successfully. C:\Documents and Settings\LocalService\Application Data\NetMon (Trojan.NetMon) -> Quarantined and deleted successfully. Bestanden geïnfecteerd: C:\WINDOWS\system32\opnlMged.dll (Trojan.Vundo.H) -> Delete on reboot. C:\WINDOWS\system32\degMlnpo.ini (Trojan.Vundo.H) -> Delete on reboot. C:\WINDOWS\system32\degMlnpo.ini2 (Trojan.Vundo.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\zarkxt.dll (Trojan.Vundo.H) -> Delete on reboot. C:\WINDOWS\system32\dtipkegi.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\igekpitd.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\hgukkdcu.dll (Trojan.Vundo.H) -> Delete on reboot. C:\WINDOWS\system32\ucdkkugh.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully. C:\WINDOWS\R2VicnVpa2Vy\asappsrv.dll (Adware.CommAd) -> Delete on reboot. C:\WINDOWS\R2VicnVpa2Vy\command.exe (Adware.CommAd) -> Delete on reboot. C:\Program Files\Network Monitor\netmon.exe (Trojan.DNSChanger) -> Quarantined and deleted successfully. C:\WINDOWS\system32\sveqwydq.dll (Trojan.Vundo.H) -> Delete on reboot. c:\WINDOWS\system32\yesyuovd.dll (Trojan.Agent) -> Delete on reboot. C:\Program Files\Mjcore\Mjcore.dll (Trojan.BHO) -> Quarantined and deleted successfully. C:\WINDOWS\Fonts\Setup.exe (Trojan.Downloader) -> Quarantined and deleted successfully. C:\Documents and Settings\Gebruiker\Local Settings\Temporary Internet Files\Content.IE5\0NINABY7\upd105320[1] (Trojan.Vundo.H) -> Quarantined and deleted successfully. C:\Documents and Settings\Gebruiker\Local Settings\Temporary Internet Files\Content.IE5\TH4WH3O8\nd82m0[1] (Trojan.Vundo.H) -> Quarantined and deleted successfully. C:\Documents and Settings\LocalService\Application Data\NetMon\domains.txt (Trojan.NetMon) -> Quarantined and deleted successfully. C:\Documents and Settings\LocalService\Application Data\NetMon\log.txt (Trojan.NetMon) -> Quarantined and deleted successfully. C:\WINDOWS\system32\gside.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\dwwnw64r.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\winpfz33.sys (Malware.Trace) -> Quarantined and deleted successfully. C:\WINDOWS\system32\zxdnt3d.cfg. (Adware.ZenoSearch) -> Quarantined and deleted successfully. C:\WINDOWS\system32\pac.txt (Malware.Trace) -> Quarantined and deleted successfully. C:\WINDOWS\system32\msnav32.ax (Malware.Trace) -> Quarantined and deleted successfully. C:\WINDOWS\system32\zxdnt3d.cfg (Malware.Trace) -> Quarantined and deleted successfully. C:\WINDOWS\Fonts\svchost.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\atmtd.dll (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\atmtd.dll._ (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\uninstall_nmon.vbs (Malware.Trace) -> Quarantined and deleted successfully. C:\WINDOWS\system32\jxsjnoumbvgck.dll (Adware.BHO) -> Quarantined and deleted successfully. C:\WINDOWS\system32\tfpakeldqf.dll (Adware.BHO) -> Quarantined and deleted successfully.
  • Start Hijackthis op en kies voor 'Do a system scan only'. Selecteer alleen de items hieronder genoemd: [b:210001947c]O2 - BHO: (no name) - {C31C05B4-0A01-4DC2-8E5E-0315459F508E} - C:\WINDOWS\system32\mlJYopNf.dll O4 - HKLM\..\Run: [CPM7b0c8e12] Rundll32.exe "c:\windows\system32\yesyuovd.dll",a O20 - Winlogon Notify: mlJYopNf - C:\WINDOWS\SYSTEM32\mlJYopNf.dll [/b:210001947c] Klik op 'Fix checked' om de items te verwijderen. Download [url=http://download.bleepingcomputer.com/sUBs/ComboFix.exe][b:210001947c][color=blue:210001947c]Combofix[/color:210001947c][/b:210001947c][/url] naar je Bureaublad. OPMERKING: indien je, tijdens of na het downloaden van Combofix of tijdens het gebruik van Combofix een melding krijgt van je Antivirus- of een andere realtime scanner, schakel dan deze scanner uit en [b:210001947c]download Combofix opnieuw[/b:210001947c]. Sommige scanners zien bepaalde componenten die Combofix gebruikt als verdacht en gaan deze blokkeren of verwijderen![list:210001947c] Dubbelklik op [b:210001947c]Combofix.exe[/b:210001947c] om het te starten. Indien je Combofix al eerder hebt gebruikt, kan je een waarschuwing krijgen dat een update beschikbaar is. Sta toe dat ComboFix wordt geupdate. Volg de instructies, aanvaard de disclaimer door op [b:210001947c]Ja[/b:210001947c] te klikken. Indien de Recovery Console niet geïnstalleerd is, wordt je gevraagd om dit alsnog te doen door op [b:210001947c]JA[/b:210001947c] te klikken in het "Query - Recovery Console" venster. Klik op [b:210001947c]OK[/b:210001947c] en [b:210001947c]Ja[/b:210001947c] om automatisch de Recovery Console te laten installeren. Klik na afloop terug op [b:210001947c]Ja[/b:210001947c] om het scannen op malware te starten. Tijdens het runnen van de fix, [b:210001947c]NIET[/b:210001947c] in het venster klikken, want dit zal je pc doen vasthangen.[/list:u:210001947c] Wanneer de fix voltooid is en na herstart, zal de log [b:210001947c]Combofix.txt[/b:210001947c] openen. Post dit logje in je volgende antwoord.
  • ik kon O2 - BHO: (no name) - {C31C05B4-0A01-4DC2-8E5E-0315459F508E} - C:\WINDOWS\system32\mlJYopNf.dll en O20 - Winlogon Notify: mlJYopNf - C:\WINDOWS\SYSTEM32\mlJYopNf.dll niet meer vinden in m'n hijackthis. Ik heb combofix gedownload. Maar als ik erop klik krijg ik een blauw schermpje en na enige tijd hoor ik een piep, en staat er: [i]Combifix heeft de aanwezigheid van rootkit activiteit ontdekt en dient de machine te herstarten.[/i] Nadat ik toen m'n computer had gestart, klikte ik weer op combifix. Maar krijg ik de zelfde melding. Wat nu?
  • Laat eerst Prevx Free Scanner - download hier : http://www.prevx.com/freescan.asp - eens los op je machientje. En daarna Combofix opnieuw proberen.
  • Ik heb het gedownload en een scan gedaan en er zijn 15 infecties gevonden. Maar er zijn infecties die Free to Cleanup zijn, en infecties waarbij staat: License required to Clean. Ik klikte dus op Clean up, maar nu moet ik een License aanschaffen. Want alle 15 infecties zijn License required to Clean. Dus dat gaat ook niet door.
  • Pech - maar niet geheel onverwacht - dat dit kon gebeuren ... maar wel een aanduiding dat er nog wat fout zit. Met de trialversie van A Squared http://www.emsisoft.com/en/software/download/ hetzelfde even doen. Benieuwd wat dat oplevert.
  • A Squared gedowload en laten scannen. Veel fouten gevonden, allemaal gewist. Toen Combifix geprobeerd, deed het deze keer wel. Hier het logje van Combifix: ComboFix 08-11-05.02 - Gebruiker 2008-11-06 23:21:20.1 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1043.18.144 [GMT 1:00] Gestart vanuit: c:\documents and settings\Gebruiker\Bureaublad\ComboFix.exe * Nieuw herstelpunt werd aangemaakt . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\Gebruiker\Application Data\gadcom c:\temp\1cb c:\windows\system32\aydyik.dll c:\windows\system32\debdfbmv.dll c:\windows\system32\efcATKET.dll c:\windows\system32\folsqebe.dll c:\windows\system32\gpupsyju.dll c:\windows\system32\hvlauuek.dll c:\windows\system32\jucpyb.dll c:\windows\system32\mbjtynrv.dll c:\windows\system32\MSINET.oca c:\windows\system32\ovyutago.dll c:\windows\system32\pjuyabqf.dll c:\windows\system32\sgyycxmv.ini c:\windows\system32\TEKTAcfe.ini c:\windows\system32\TEKTAcfe.ini2 c:\windows\system32\ujyspupg.ini c:\windows\system32\uyjjou.dll c:\windows\system32\vrnytjbm.ini . (((((((((((((((((((( Bestanden Gemaakt van 2008-10-06 to 2008-11-06 )))))))))))))))))))))))))))))) . 2008-11-06 21:31 . 2008-11-06 23:13 <DIR> d-------- c:\program files\a-squared Anti-Malware 2008-11-06 19:12 . 2008-11-06 22:47 <DIR> dr-h----- c:\documents and settings\Gebruiker\Onlangs geopend 2008-11-06 18:25 . 2008-11-06 18:32 <DIR> d-------- c:\documents and settings\Gebruiker\.jenny 2008-11-06 17:46 . 2008-11-06 17:47 <DIR> d-------- c:\program files\Windows Live Safety Center 2008-11-06 17:12 . 2008-11-06 17:12 <DIR> d-------- c:\program files\PrevxCSI 2008-11-06 17:12 . 2008-11-06 17:15 <DIR> d-------- c:\documents and settings\All Users\Application Data\PrevxCSI 2008-11-06 17:12 . 2008-11-06 17:12 25,400 --a------ c:\windows\system32\drivers\pxark.sys 2008-11-06 16:34 . 2008-11-06 19:44 160 --a------ c:\documents and settings\Gebruiker\Application Data\wklnhst.dat 2008-11-06 16:22 . 2008-11-06 16:22 395 --a------ c:\windows\ODBC.INI 2008-11-06 16:21 . 2008-11-06 16:21 <DIR> d-------- c:\windows\ShellNew 2008-11-06 16:17 . 2008-11-06 16:23 <DIR> d-------- c:\program files\Microsoft Works 2008-11-06 16:15 . 2008-11-06 16:15 <DIR> d-------- c:\program files\Microsoft Works Suite 2004 2008-11-05 17:07 . 2008-11-05 17:07 <DIR> d-------- c:\program files\Trend Micro 2008-11-05 17:03 . 2008-11-05 17:03 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware 2008-11-05 17:03 . 2008-11-05 17:03 <DIR> d-------- c:\documents and settings\Gebruiker\Application Data\Malwarebytes 2008-11-05 17:03 . 2008-11-05 17:03 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes 2008-11-05 17:03 . 2008-10-22 16:10 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys 2008-11-05 17:03 . 2008-10-22 16:10 15,504 --a------ c:\windows\system32\drivers\mbam.sys 2008-11-04 20:28 . 2008-11-04 20:28 50,000 --a------ c:\windows\CPM7b0c8e12 2008-11-04 19:22 . 2008-11-04 19:22 147,456 --a------ c:\windows\system32\vbzip10.dll 2008-11-04 19:19 . 2008-11-04 19:19 <DIR> d-------- c:\windows\system32\sni 2008-11-04 19:19 . 2008-11-06 23:12 <DIR> d-------- c:\windows\system32\QI02 2008-11-04 19:19 . 2008-11-06 23:12 <DIR> d-------- c:\windows\system32\hin 2008-11-04 19:19 . 2008-11-06 23:12 <DIR> d-------- c:\windows\system32\ell 2008-11-04 19:19 . 2008-11-06 23:12 <DIR> d--hs---- c:\windows\R2VicnVpa2Vy 2008-11-04 19:19 . 2008-11-04 19:19 <DIR> d-------- c:\temp\NT32 2008-11-04 19:19 . 2008-11-06 23:21 <DIR> d-------- C:\Temp 2008-11-04 19:19 . 2008-11-04 19:20 77,895 --a------ c:\windows\system32\xopzcdzmgdlije.exe 2008-11-04 19:11 . 1998-10-29 16:45 306,688 --a------ c:\windows\IsUninst.exe 2008-11-04 19:10 . 2008-11-04 19:10 <DIR> d-------- c:\program files\Microsoft SQL Server 2008-11-04 18:56 . 2008-11-04 18:56 <DIR> d-------- c:\program files\CCleaner 2008-11-04 18:54 . 2008-11-04 18:56 <DIR> d-------- c:\documents and settings\All Users\Application Data\WinZip 2008-11-03 14:19 . 2008-11-03 14:19 <DIR> d-------- c:\program files\ERROR 2 2008-11-01 20:25 . 2008-11-01 20:28 <DIR> d-------- c:\documents and settings\Gebruiker\Application Data\dvdcss 2008-10-28 23:21 . 2008-11-01 20:27 <DIR> d-------- c:\documents and settings\Gebruiker\Application Data\vlc 2008-10-28 23:20 . 2008-10-28 23:20 <DIR> d-------- c:\program files\VideoLAN 2008-10-27 23:09 . 2008-10-27 23:09 <DIR> d-------- c:\program files\MSXML 4.0 2008-10-27 23:09 . 2008-10-27 23:09 <DIR> d-------- c:\program files\Microsoft CAPICOM 2.1.0.2 2008-10-27 09:53 . 2003-12-11 11:15 626,960 -ra------ c:\windows\system32\hpvaut32.dll 2008-10-27 09:53 . 2003-12-11 11:15 487,424 -ra------ c:\windows\system32\hpvcp70.dll 2008-10-27 09:53 . 2003-12-11 11:15 344,064 -ra------ c:\windows\system32\hpvcr70.dll 2008-10-27 09:53 . 2003-12-11 11:15 82,432 -ra------ c:\windows\system32\MSXML4r.dll 2008-10-27 09:53 . 2003-12-11 11:15 44,544 -ra------ c:\windows\system32\MSXML4a.dll 2008-10-27 09:52 . 2008-10-27 09:52 <DIR> d-------- c:\program files\HP 2008-10-27 09:52 . 2008-10-27 09:53 <DIR> d-------- c:\program files\Hewlett-Packard 2008-10-27 09:52 . 2008-10-27 09:53 72,050 --a------ c:\windows\hpdj3840.his 2008-10-27 09:52 . 2008-10-27 09:53 7,260 --a------ c:\windows\hpdj3840.ini 2008-10-27 09:51 . 2008-10-27 09:52 4,241 --a------ c:\windows\hpbvspst.his 2008-10-27 09:51 . 2008-10-27 09:52 414 --a------ c:\windows\hpbvspst.ini 2008-10-27 09:50 . 2008-04-13 20:47 25,856 --a------ c:\windows\system32\drivers\usbprint.sys 2008-10-27 09:50 . 2008-04-13 20:47 25,856 --a--c--- c:\windows\system32\dllcache\usbprint.sys 2008-10-27 09:49 . 2008-10-27 09:49 <DIR> d-------- c:\program files\Common Files\Adobe AIR 2008-10-27 09:48 . 2008-10-27 09:48 <DIR> d-------- c:\program files\Common Files\Adobe 2008-10-27 09:46 . 2008-10-27 09:52 <DIR> d-------- c:\program files\NOS 2008-10-27 09:46 . 2008-10-27 09:52 <DIR> d-------- c:\documents and settings\All Users\Application Data\NOS 2008-10-27 09:05 . 2008-10-27 09:05 <DIR> d-------- c:\program files\MSECache 2008-10-26 22:46 . 2008-10-26 22:45 410,976 --a------ c:\windows\system32\deploytk.dll 2008-10-26 22:44 . 2008-10-26 22:44 <DIR> d-------- c:\windows\Sun 2008-10-24 22:31 . 2008-04-14 18:02 221,184 --a------ c:\windows\system32\wmpns.dll 2008-10-24 22:29 . 2008-10-24 22:29 <DIR> d--h----- c:\windows\PIF 2008-10-24 13:09 . 2008-10-24 13:09 <DIR> d-------- c:\documents and settings\Gebruiker\Incomplete 2008-10-24 13:07 . 2008-11-05 09:11 <DIR> d-------- c:\documents and settings\Gebruiker\Application Data\LimeWire 2008-10-24 13:06 . 2008-10-26 22:45 73,728 --a------ c:\windows\system32\javacpl.cpl 2008-10-24 13:05 . 2008-11-04 19:23 <DIR> d-------- c:\program files\LimeWire 2008-10-24 13:05 . 2008-10-26 22:45 <DIR> d-------- c:\program files\Java 2008-10-24 13:05 . 2008-10-24 13:05 <DIR> d-------- c:\program files\Common Files\Java 2008-10-24 10:37 . 2008-10-24 10:37 <DIR> d-------- c:\documents and settings\Gebruiker\Application Data\Windows Search 2008-10-24 10:20 . 2008-10-24 10:20 <DIR> dr-h----- C:\MSOCache 2008-10-24 10:18 . 2008-08-14 14:27 2,193,536 -----c--- c:\windows\system32\dllcache\ntoskrnl.exe 2008-10-24 10:18 . 2008-08-14 14:27 2,149,888 -----c--- c:\windows\system32\dllcache\ntkrnlmp.exe 2008-10-24 10:18 . 2008-08-14 14:27 2,070,400 -----c--- c:\windows\system32\dllcache\ntkrnlpa.exe 2008-10-24 10:18 . 2008-08-14 14:27 2,028,544 -----c--- c:\windows\system32\dllcache\ntkrpamp.exe 2008-10-24 10:18 . 2008-09-15 16:28 1,846,528 -----c--- c:\windows\system32\dllcache\win32k.sys 2008-10-24 10:18 . 2008-09-08 11:41 333,824 -----c--- c:\windows\system32\dllcache\srv.sys 2008-10-24 10:17 . 2008-10-15 17:37 337,408 -----c--- c:\windows\system32\dllcache\netapi32.dll 2008-10-24 10:16 . 2007-07-30 18:19 271,224 --a------ c:\windows\system32\mucltui.dll 2008-10-24 10:16 . 2007-07-30 18:18 30,072 --a------ c:\windows\system32\mucltui.dll.mui 2008-10-24 10:15 . 2008-10-24 10:15 <DIR> d-------- c:\documents and settings\All Users\Application Data\Messenger Plus! 2008-10-23 20:39 . 2008-10-26 22:44 <DIR> d-------- c:\documents and settings\Gebruiker\Application Data\Apple Computer 2008-10-23 20:38 . 2008-10-23 20:38 <DIR> d-------- c:\program files\QuickTime 2008-10-23 20:38 . 2008-10-23 20:38 <DIR> d-------- c:\program files\iTunes 2008-10-23 20:38 . 2008-10-23 20:38 <DIR> d-------- c:\program files\iPod 2008-10-23 20:38 . 2008-10-23 20:38 <DIR> d-------- c:\program files\Bonjour 2008-10-23 20:38 . 2008-10-23 20:38 <DIR> d-------- c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6} 2008-10-23 20:38 . 2008-04-17 12:12 107,368 --a------ c:\windows\system32\GEARAspi.dll 2008-10-23 20:38 . 2008-04-17 12:12 15,464 --a------ c:\windows\system32\drivers\GEARAspiWDM.sys 2008-10-23 20:37 . 2008-10-23 20:37 <DIR> d-------- c:\program files\Apple Software Update 2008-10-23 20:37 . 2008-10-23 20:38 <DIR> d-------- c:\documents and settings\All Users\Application Data\Apple Computer 2008-10-23 20:36 . 2008-10-23 20:36 <DIR> d-------- c:\program files\Common Files\Apple 2008-10-23 20:36 . 2008-10-23 20:36 <DIR> d-------- c:\documents and settings\All Users\Application Data\Apple 2008-10-23 20:25 . 2008-10-23 20:25 0 --a------ c:\windows\nsreg.dat 2008-10-23 18:53 . 2008-11-03 14:19 <DIR> d-------- c:\documents and settings\All Users\Application Data\flag ace stupid data 2008-10-23 18:52 . 2008-10-23 18:52 <DIR> d-------- c:\program files\Messenger Plus! Live 2008-10-23 18:52 . 2008-11-06 23:12 <DIR> d-------- c:\program files\Circle Developement 2008-10-23 18:52 . 2008-11-06 23:12 <DIR> d-------- c:\documents and settings\Gebruiker\Application Data\ERROR 2 2008-10-23 18:31 . 2008-10-23 18:31 9,084 --ah----- c:\windows\system32\mlfcache.dat 2008-10-23 18:29 . 2006-10-05 03:42 2,560 --------- c:\windows\system32\drivers\cdralw2k.sys 2008-10-23 18:29 . 2006-10-05 03:42 2,432 --------- c:\windows\system32\drivers\cdr4_xp.sys 2008-10-23 18:28 . 2008-10-23 18:29 <DIR> d-------- c:\program files\Picasa2 2008-10-23 18:28 . 2008-10-23 18:28 <DIR> d-------- c:\program files\Google 2008-10-23 18:17 . 2008-10-27 09:31 <DIR> d-------- c:\documents and settings\Gebruiker\Contacts 2008-10-23 18:14 . 2008-10-23 18:17 <DIR> d-------- c:\program files\Windows Live 2008-10-23 18:14 . 2008-10-23 18:15 <DIR> d--hsc--- c:\program files\Common Files\WindowsLiveInstaller 2008-10-23 18:14 . 2008-10-23 18:14 <DIR> d-------- c:\documents and settings\All Users\Application Data\WLInstaller 2008-10-13 18:12 . 2008-10-25 15:33 <DIR> d-------- c:\program files\Microsoft Silverlight 2008-10-13 18:12 . 2008-10-13 18:12 <DIR> d-------- c:\documents and settings\Gebruiker\Application Data\Windows Desktop Search 2008-10-13 18:11 . 2008-10-13 18:11 <DIR> d-------- c:\windows\system32\GroupPolicy 2008-10-13 18:11 . 2008-10-13 18:11 <DIR> d-------- c:\program files\Windows Media Connect 2 2008-10-13 18:11 . 2008-10-13 18:11 <DIR> d-------- c:\program files\Windows Desktop Search 2008-10-13 18:11 . 2008-03-07 18:02 192,000 -----c--- c:\windows\system32\dllcache\offfilt.dll 2008-10-13 18:11 . 2008-03-07 18:02 98,304 -----c--- c:\windows\system32\dllcache\nlhtml.dll 2008-10-13 18:11 . 2008-03-07 18:02 29,696 -----c--- c:\windows\system32\dllcache\mimefilt.dll 2008-10-13 18:09 . 2008-11-04 19:19 <DIR> d-------- c:\windows\system32\LogFiles 2008-10-13 18:09 . 2008-10-13 18:10 <DIR> d-------- c:\windows\system32\drivers\UMDF 2008-10-13 18:05 . 2008-10-13 18:06 <DIR> d-------- c:\windows\system32\URTTemp 2008-10-13 17:48 . 2008-10-13 17:48 <DIR> d-------- c:\windows\system32\nl 2008-10-13 17:48 . 2008-10-13 17:48 <DIR> d-------- c:\windows\system32\bits 2008-10-13 17:48 . 2008-10-13 17:48 <DIR> d-------- c:\windows\l2schemas 2008-10-13 17:47 . 2008-10-13 17:47 <DIR> d-------- c:\windows\ServicePackFiles 2008-10-13 17:43 . 2008-10-13 17:43 <DIR> d-------- c:\windows\EHome 2008-10-13 17:40 . 2008-10-13 17:40 2,422 --a------ c:\windows\system32\wpa.bak 2008-10-13 17:22 . 2008-10-13 18:11 <DIR> d-------- c:\windows\system32\nl-nl 2008-10-13 17:22 . 2008-10-03 18:38 6,066,176 -----c--- c:\windows\system32\dllcache\ieframe.dll 2008-10-13 17:22 . 2007-04-17 10:32 2,455,488 -----c--- c:\windows\system32\dllcache\ieapfltr.dat 2008-10-13 17:22 . 2007-03-08 06:11 1,032,192 -----c--- c:\windows\system32\dllcache\ieframe.dll.mui . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-10-13 16:10 --------- d--h--w c:\program files\InstallShield Installation Information 2008-10-13 16:07 --------- d-----w c:\program files\Common Files\InstallShield 2008-10-13 15:53 907,520 ----a-w c:\windows\system32\drivers\3xHybrid.sys 2008-10-13 15:53 466,944 ----a-w c:\windows\713xRMT.exe 2008-10-13 15:53 466,944 ----a-w c:\windows\23885RMT.exe 2008-10-13 15:53 450,560 ----a-w c:\windows\878RMTMon.exe 2008-10-13 15:53 450,560 ----a-w c:\windows\878RMT.exe 2008-10-13 15:45 --------- d-----w c:\program files\C-Media 3D Audio 2008-10-13 15:42 43,520 ----a-w c:\windows\system32\drivers\fetnd5bv.sys 2008-10-13 15:42 379,360 ----a-w c:\windows\system32\drivers\wlanCIG.sys 2008-10-13 15:32 --------- d-----w c:\program files\Intel 2008-10-13 15:27 23,600 ----a-w c:\windows\system32\drivers\TVICHW32.SYS 2008-10-13 14:21 --------- d-----w c:\program files\microsoft frontpage 2008-09-08 10:41 333,824 ----a-w c:\windows\system32\drivers\srv.sys . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Picasa Media Detector"="c:\program files\Picasa2\PicasaMediaDetector" [X] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "TV Card Remote Control Device Monitor"="c:\windows\713xRMT.exe" [2008-10-13 466944] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-09-06 413696] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-10-01 289576] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-10-26 136600] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672] "HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb10.exe" [2004-03-04 172032] "HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2003-12-22 241664] "HP Software Update"="c:\program files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2004-02-18 49152] "a-squared"="c:\program files\A-SQUARED ANTI-MALWARE\a2guard.exe" [2008-11-02 2780816] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\ Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-02-13 83360] Service Manager.lnk - c:\program files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe [2000-08-06 69632] Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-05-26 123904] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2008-05-26 304128] [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 "UpdatesDisableNotify"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\LimeWire\\LimeWire.exe"= R0 pxark;pxark;c:\windows\system32\drivers\pxark.sys [2008-11-06 25400] R2 CSIScanner;CSIScanner;c:\program files\PrevxCSI\prevxcsi.exe [2008-11-06 880696] R2 JavaQuickStarterService;Java Quick Starter;c:\program files\Java\jre6\bin\jqs.exe [2008-10-26 152984] R3 3xHybrid;SAA713x TV Card Service;c:\windows\system32\DRIVERS\3xHybrid.sys [2008-10-13 907520] R3 FET5X86V;VIA Rhine-Family Fast-Ethernet Adapter Driver Service;c:\windows\system32\DRIVERS\fetnd5bv.sys [2008-10-13 43520] R3 wbscr;Winbond Smartcard Reader for I/O;c:\windows\system32\drivers\wbscr.sys [2002-04-24 19928] S3 ADM8511;ADMtek ADM8511/AN986 USB To Fast Ethernet Converter;c:\windows\system32\DRIVERS\ADM8511.SYS [2001-08-17 20160] . Inhoud van de 'Gedeelde Taken' map 2008-11-06 c:\windows\Tasks\AF910737919EB88F.job - c:\docume~1\gebrui~1\applic~1\error2~1\flaw rule knob.exe [2008-11-03 14:19] 2008-11-06 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34] . - - - - ORPHANS VERWIJDERD - - - - BHO-{1F3FB1A6-E27C-430C-8F01-59ECBBFE6F08} - c:\windows\system32\efcATKET.dll BHO-{6387c1e4-56bc-4f7d-8723-33c5b2624d87} - c:\windows\system32\aydyik.dll HKCU-Run-01wma - c:\docume~1\GEBRUI~1\APPLIC~1\ERROR2~1\DOESLIES.exe HKLM-Run-CPM7b0c8e12 - c:\windows\system32\pjuyabqf.dll HKLM-Run-783fbd8e - c:\windows\system32\gpupsyju.dll HKLM-Run-Cmaudio - cmicnfg.cpl SharedTaskScheduler-{EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\pjuyabqf.dll SSODL-SSODL-{EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\pjuyabqf.dll . ------- Bijkomende Scan ------- . FireFox -: Profile - c:\documents and settings\Gebruiker\Application Data\Mozilla\Firefox\Profiles\[u]0[/u]nm4dv2c.default\ FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.google.nl/ FF -: plugin - c:\program files\iTunes\Mozilla Plugins\npitunes.dll FF -: plugin - c:\program files\Java\jre6\bin\new_plugin\npdeploytk.dll FF -: plugin - c:\program files\Java\jre6\bin\new_plugin\npjp2.dll FF -: plugin - c:\program files\Microsoft Silverlight\2.0.31005.0\npctrl.1.0.30716.0.dll FF -: plugin - c:\program files\Microsoft Silverlight\2.0.31005.0\npctrl.dll FF -: plugin - c:\program files\Mozilla Firefox\plugins\np_gp.dll FF -: plugin - c:\program files\Mozilla Firefox\plugins\npdeploytk.dll FF -: plugin - c:\program files\Picasa2\npPicasa2.dll . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-11-06 23:27:46 Windows 5.1.2600 Service Pack 3 NTFS scannen van verborgen processen ... scannen van verborgen autostart items ... scannen van verborgen bestanden ... Scan succesvol afgerond verborgen bestanden: 0 ************************************************************************** . ------------------------ Andere Aktieve Processen ------------------------ . c:\windows\system32\ati2evxx.exe c:\windows\system32\ati2evxx.exe c:\windows\system32\scardsvr.exe c:\program files\a-squared Anti-Malware\a2service.exe c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe c:\program files\Bonjour\mDNSResponder.exe c:\program files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe c:\windows\system32\searchindexer.exe c:\windows\system32\rundll32.exe c:\program files\Picasa2\PicasaMediaDetector.exe c:\program files\iPod\bin\iPodService.exe c:\windows\system32\wscntfy.exe . ************************************************************************** . Voltooingstijd: 2008-11-06 23:31:35 - machine werd herstart ComboFix-quarantined-files.txt 2008-11-06 22:31:23 Pre-Run: 216.073.740.288 bytes beschikbaar Post-Run: 216,080,367,616 bytes beschikbaar WindowsXP-KB310994-SP2-Home-BootDisk-NLD.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect 287 --- E O F --- 2008-10-28 19:41:33
  • Open een kladblokbestand. Kopieer en plak daarin de onderstaande vetgedrukte tekst. [b:5c8dbcb262]File:: c:\windows\Tasks\AF910737919EB88F.job c:\windows\713xRMT.exe c:\windows\system32\vbzip10.dll c:\windows\system32\xopzcdzmgdlije.exe c:\windows\23885RMT.exe c:\windows\878RMTMon.exe c:\windows\878RMT.exe Folder:: c:\windows\CPM7b0c8e12 c:\windows\system32\sni c:\windows\system32\QI02 c:\windows\system32\hin c:\windows\system32\ell c:\windows\R2VicnVpa2Vy Registry:: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "TV Card Remote Control Device Monitor"=-[/b:5c8dbcb262] Sla dit bestand op je bureaublad op als CFScript.txt. Sleep CFScript.txt in ComboFix.exe Dit zal ComboFix doen herstarten. Start opnieuw op als dat gevraagd wordt. Post na herstart de inhoud van de Combofix.txt in je volgende bericht samen met een nieuw logje van HijackThis. En laat dan eens weten of je nog problemen hebt en zo ja, dewelke ?
  • ComboFix 08-11-05.02 - Gebruiker 2008-11-07 8:16:15.2 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1043.18.79 [GMT 1:00] Gestart vanuit: c:\documents and settings\Gebruiker\Bureaublad\ComboFix.exe gebruikte Opdracht switches :: c:\documents and settings\Gebruiker\Bureaublad\CFScript.txt * Nieuw herstelpunt werd aangemaakt FILE :: c:\windows\23885RMT.exe c:\windows\713xRMT.exe c:\windows\878RMT.exe c:\windows\878RMTMon.exe c:\windows\system32\vbzip10.dll c:\windows\system32\xopzcdzmgdlije.exe c:\windows\Tasks\AF910737919EB88F.job . [color=purple]De volgende bestanden werden uitgeschakeld tijdens de run:[/color] c:\program files\a-squared Anti-Malware\a2handler.dll (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\23885RMT.exe c:\windows\713xRMT.exe c:\windows\878RMT.exe c:\windows\878RMTMon.exe c:\windows\CPM7b0c8e12\ c:\windows\R2VicnVpa2Vy c:\windows\system32\ell c:\windows\system32\hin c:\windows\system32\QI02 c:\windows\system32\sni c:\windows\system32\vbzip10.dll c:\windows\system32\xopzcdzmgdlije.exe c:\windows\Tasks\AF910737919EB88F.job . (((((((((((((((((((( Bestanden Gemaakt van 2008-10-07 to 2008-11-07 )))))))))))))))))))))))))))))) . 2008-11-07 00:12 . 2008-11-07 08:14 <DIR> dr-h----- c:\documents and settings\Gebruiker\Onlangs geopend 2008-11-06 23:48 . 2008-11-06 23:49 <DIR> d-------- c:\documents and settings\Gebruiker\.jordan 2008-11-06 21:31 . 2008-11-07 08:15 <DIR> d-------- c:\program files\a-squared Anti-Malware 2008-11-06 18:25 . 2008-11-06 23:50 <DIR> d-------- c:\documents and settings\Gebruiker\.jenny 2008-11-06 17:46 . 2008-11-06 17:47 <DIR> d-------- c:\program files\Windows Live Safety Center 2008-11-06 16:34 . 2008-11-06 19:44 160 --a------ c:\documents and settings\Gebruiker\Application Data\wklnhst.dat 2008-11-06 16:22 . 2008-11-06 16:22 395 --a------ c:\windows\ODBC.INI 2008-11-06 16:21 . 2008-11-06 16:21 <DIR> d-------- c:\windows\ShellNew 2008-11-06 16:17 . 2008-11-06 16:23 <DIR> d-------- c:\program files\Microsoft Works 2008-11-06 16:15 . 2008-11-06 16:15 <DIR> d-------- c:\program files\Microsoft Works Suite 2004 2008-11-05 17:07 . 2008-11-05 17:07 <DIR> d-------- c:\program files\Trend Micro 2008-11-05 17:03 . 2008-11-05 17:03 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware 2008-11-05 17:03 . 2008-11-05 17:03 <DIR> d-------- c:\documents and settings\Gebruiker\Application Data\Malwarebytes 2008-11-05 17:03 . 2008-11-05 17:03 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes 2008-11-05 17:03 . 2008-10-22 16:10 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys 2008-11-05 17:03 . 2008-10-22 16:10 15,504 --a------ c:\windows\system32\drivers\mbam.sys 2008-11-04 20:28 . 2008-11-04 20:28 50,000 --a------ c:\windows\CPM7b0c8e12 2008-11-04 19:19 . 2008-11-04 19:19 <DIR> d-------- c:\temp\NT32 2008-11-04 19:19 . 2008-11-06 23:21 <DIR> d-------- C:\Temp 2008-11-04 19:11 . 1998-10-29 16:45 306,688 --a------ c:\windows\IsUninst.exe 2008-11-04 19:10 . 2008-11-04 19:10 <DIR> d-------- c:\program files\Microsoft SQL Server 2008-11-04 18:56 . 2008-11-04 18:56 <DIR> d-------- c:\program files\CCleaner 2008-11-04 18:54 . 2008-11-04 18:56 <DIR> d-------- c:\documents and settings\All Users\Application Data\WinZip 2008-11-03 14:19 . 2008-11-03 14:19 <DIR> d-------- c:\program files\ERROR 2 2008-11-01 20:25 . 2008-11-01 20:28 <DIR> d-------- c:\documents and settings\Gebruiker\Application Data\dvdcss 2008-10-28 23:21 . 2008-11-01 20:27 <DIR> d-------- c:\documents and settings\Gebruiker\Application Data\vlc 2008-10-28 23:20 . 2008-10-28 23:20 <DIR> d-------- c:\program files\VideoLAN 2008-10-27 23:09 . 2008-10-27 23:09 <DIR> d-------- c:\program files\MSXML 4.0 2008-10-27 23:09 . 2008-10-27 23:09 <DIR> d-------- c:\program files\Microsoft CAPICOM 2.1.0.2 2008-10-27 09:53 . 2003-12-11 11:15 626,960 -ra------ c:\windows\system32\hpvaut32.dll 2008-10-27 09:53 . 2003-12-11 11:15 487,424 -ra------ c:\windows\system32\hpvcp70.dll 2008-10-27 09:53 . 2003-12-11 11:15 344,064 -ra------ c:\windows\system32\hpvcr70.dll 2008-10-27 09:53 . 2003-12-11 11:15 82,432 -ra------ c:\windows\system32\MSXML4r.dll 2008-10-27 09:53 . 2003-12-11 11:15 44,544 -ra------ c:\windows\system32\MSXML4a.dll 2008-10-27 09:52 . 2008-10-27 09:52 <DIR> d-------- c:\program files\HP 2008-10-27 09:52 . 2008-10-27 09:53 <DIR> d-------- c:\program files\Hewlett-Packard 2008-10-27 09:52 . 2008-10-27 09:53 72,050 --a------ c:\windows\hpdj3840.his 2008-10-27 09:52 . 2008-10-27 09:53 7,260 --a------ c:\windows\hpdj3840.ini 2008-10-27 09:51 . 2008-10-27 09:52 4,241 --a------ c:\windows\hpbvspst.his 2008-10-27 09:51 . 2008-10-27 09:52 414 --a------ c:\windows\hpbvspst.ini 2008-10-27 09:50 . 2008-04-13 20:47 25,856 --a------ c:\windows\system32\drivers\usbprint.sys 2008-10-27 09:50 . 2008-04-13 20:47 25,856 --a--c--- c:\windows\system32\dllcache\usbprint.sys 2008-10-27 09:49 . 2008-10-27 09:49 <DIR> d-------- c:\program files\Common Files\Adobe AIR 2008-10-27 09:48 . 2008-10-27 09:48 <DIR> d-------- c:\program files\Common Files\Adobe 2008-10-27 09:46 . 2008-10-27 09:52 <DIR> d-------- c:\program files\NOS 2008-10-27 09:46 . 2008-10-27 09:52 <DIR> d-------- c:\documents and settings\All Users\Application Data\NOS 2008-10-27 09:05 . 2008-10-27 09:05 <DIR> d-------- c:\program files\MSECache 2008-10-26 22:46 . 2008-10-26 22:45 410,976 --a------ c:\windows\system32\deploytk.dll 2008-10-26 22:44 . 2008-10-26 22:44 <DIR> d-------- c:\windows\Sun 2008-10-24 22:31 . 2008-04-14 18:02 221,184 --a------ c:\windows\system32\wmpns.dll 2008-10-24 22:29 . 2008-10-24 22:29 <DIR> d--h----- c:\windows\PIF 2008-10-24 13:09 . 2008-10-24 13:09 <DIR> d-------- c:\documents and settings\Gebruiker\Incomplete 2008-10-24 13:07 . 2008-11-05 09:11 <DIR> d-------- c:\documents and settings\Gebruiker\Application Data\LimeWire 2008-10-24 13:06 . 2008-10-26 22:45 73,728 --a------ c:\windows\system32\javacpl.cpl 2008-10-24 13:05 . 2008-11-04 19:23 <DIR> d-------- c:\program files\LimeWire 2008-10-24 13:05 . 2008-10-26 22:45 <DIR> d-------- c:\program files\Java 2008-10-24 13:05 . 2008-10-24 13:05 <DIR> d-------- c:\program files\Common Files\Java 2008-10-24 10:37 . 2008-10-24 10:37 <DIR> d-------- c:\documents and settings\Gebruiker\Application Data\Windows Search 2008-10-24 10:20 . 2008-10-24 10:20 <DIR> dr-h----- C:\MSOCache 2008-10-24 10:18 . 2008-08-14 14:27 2,193,536 -----c--- c:\windows\system32\dllcache\ntoskrnl.exe 2008-10-24 10:18 . 2008-08-14 14:27 2,149,888 -----c--- c:\windows\system32\dllcache\ntkrnlmp.exe 2008-10-24 10:18 . 2008-08-14 14:27 2,070,400 -----c--- c:\windows\system32\dllcache\ntkrnlpa.exe 2008-10-24 10:18 . 2008-08-14 14:27 2,028,544 -----c--- c:\windows\system32\dllcache\ntkrpamp.exe 2008-10-24 10:18 . 2008-09-15 16:28 1,846,528 -----c--- c:\windows\system32\dllcache\win32k.sys 2008-10-24 10:18 . 2008-09-08 11:41 333,824 -----c--- c:\windows\system32\dllcache\srv.sys 2008-10-24 10:17 . 2008-10-15 17:37 337,408 -----c--- c:\windows\system32\dllcache\netapi32.dll 2008-10-24 10:16 . 2007-07-30 18:19 271,224 --a------ c:\windows\system32\mucltui.dll 2008-10-24 10:16 . 2007-07-30 18:18 30,072 --a------ c:\windows\system32\mucltui.dll.mui 2008-10-24 10:15 . 2008-10-24 10:15 <DIR> d-------- c:\documents and settings\All Users\Application Data\Messenger Plus! 2008-10-23 20:39 . 2008-10-26 22:44 <DIR> d-------- c:\documents and settings\Gebruiker\Application Data\Apple Computer 2008-10-23 20:38 . 2008-10-23 20:38 <DIR> d-------- c:\program files\QuickTime 2008-10-23 20:38 . 2008-10-23 20:38 <DIR> d-------- c:\program files\iTunes 2008-10-23 20:38 . 2008-10-23 20:38 <DIR> d-------- c:\program files\iPod 2008-10-23 20:38 . 2008-10-23 20:38 <DIR> d-------- c:\program files\Bonjour 2008-10-23 20:38 . 2008-10-23 20:38 <DIR> d-------- c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6} 2008-10-23 20:38 . 2008-04-17 12:12 107,368 --a------ c:\windows\system32\GEARAspi.dll 2008-10-23 20:38 . 2008-04-17 12:12 15,464 --a------ c:\windows\system32\drivers\GEARAspiWDM.sys 2008-10-23 20:37 . 2008-10-23 20:37 <DIR> d-------- c:\program files\Apple Software Update 2008-10-23 20:37 . 2008-10-23 20:38 <DIR> d-------- c:\documents and settings\All Users\Application Data\Apple Computer 2008-10-23 20:36 . 2008-10-23 20:36 <DIR> d-------- c:\program files\Common Files\Apple 2008-10-23 20:36 . 2008-10-23 20:36 <DIR> d-------- c:\documents and settings\All Users\Application Data\Apple 2008-10-23 20:25 . 2008-10-23 20:25 0 --a------ c:\windows\nsreg.dat 2008-10-23 18:53 . 2008-11-03 14:19 <DIR> d-------- c:\documents and settings\All Users\Application Data\flag ace stupid data 2008-10-23 18:52 . 2008-10-23 18:52 <DIR> d-------- c:\program files\Messenger Plus! Live 2008-10-23 18:52 . 2008-11-06 23:12 <DIR> d-------- c:\program files\Circle Developement 2008-10-23 18:52 . 2008-11-06 23:12 <DIR> d-------- c:\documents and settings\Gebruiker\Application Data\ERROR 2 2008-10-23 18:31 . 2008-10-23 18:31 9,084 --ah----- c:\windows\system32\mlfcache.dat 2008-10-23 18:29 . 2006-10-05 03:42 2,560 --------- c:\windows\system32\drivers\cdralw2k.sys 2008-10-23 18:29 . 2006-10-05 03:42 2,432 --------- c:\windows\system32\drivers\cdr4_xp.sys 2008-10-23 18:28 . 2008-10-23 18:29 <DIR> d-------- c:\program files\Picasa2 2008-10-23 18:28 . 2008-10-23 18:28 <DIR> d-------- c:\program files\Google 2008-10-23 18:17 . 2008-10-27 09:31 <DIR> d-------- c:\documents and settings\Gebruiker\Contacts 2008-10-23 18:14 . 2008-10-23 18:17 <DIR> d-------- c:\program files\Windows Live 2008-10-23 18:14 . 2008-10-23 18:15 <DIR> d--hsc--- c:\program files\Common Files\WindowsLiveInstaller 2008-10-23 18:14 . 2008-10-23 18:14 <DIR> d-------- c:\documents and settings\All Users\Application Data\WLInstaller 2008-10-13 18:12 . 2008-10-25 15:33 <DIR> d-------- c:\program files\Microsoft Silverlight 2008-10-13 18:12 . 2008-10-13 18:12 <DIR> d-------- c:\documents and settings\Gebruiker\Application Data\Windows Desktop Search 2008-10-13 18:11 . 2008-10-13 18:11 <DIR> d-------- c:\windows\system32\GroupPolicy 2008-10-13 18:11 . 2008-10-13 18:11 <DIR> d-------- c:\program files\Windows Media Connect 2 2008-10-13 18:11 . 2008-10-13 18:11 <DIR> d-------- c:\program files\Windows Desktop Search 2008-10-13 18:11 . 2008-03-07 18:02 192,000 -----c--- c:\windows\system32\dllcache\offfilt.dll 2008-10-13 18:11 . 2008-03-07 18:02 98,304 -----c--- c:\windows\system32\dllcache\nlhtml.dll 2008-10-13 18:11 . 2008-03-07 18:02 29,696 -----c--- c:\windows\system32\dllcache\mimefilt.dll 2008-10-13 18:09 . 2008-11-04 19:19 <DIR> d-------- c:\windows\system32\LogFiles 2008-10-13 18:09 . 2008-10-13 18:10 <DIR> d-------- c:\windows\system32\drivers\UMDF 2008-10-13 18:05 . 2008-10-13 18:06 <DIR> d-------- c:\windows\system32\URTTemp 2008-10-13 17:48 . 2008-10-13 17:48 <DIR> d-------- c:\windows\system32\nl 2008-10-13 17:48 . 2008-10-13 17:48 <DIR> d-------- c:\windows\system32\bits 2008-10-13 17:48 . 2008-10-13 17:48 <DIR> d-------- c:\windows\l2schemas 2008-10-13 17:47 . 2008-10-13 17:47 <DIR> d-------- c:\windows\ServicePackFiles 2008-10-13 17:43 . 2008-10-13 17:43 <DIR> d-------- c:\windows\EHome 2008-10-13 17:40 . 2008-10-13 17:40 2,422 --a------ c:\windows\system32\wpa.bak 2008-10-13 17:22 . 2008-10-13 18:11 <DIR> d-------- c:\windows\system32\nl-nl 2008-10-13 17:22 . 2008-10-03 18:38 6,066,176 -----c--- c:\windows\system32\dllcache\ieframe.dll 2008-10-13 17:22 . 2007-04-17 10:32 2,455,488 -----c--- c:\windows\system32\dllcache\ieapfltr.dat 2008-10-13 17:22 . 2007-03-08 06:11 1,032,192 -----c--- c:\windows\system32\dllcache\ieframe.dll.mui 2008-10-13 17:22 . 2008-08-26 09:27 459,264 -----c--- c:\windows\system32\dllcache\msfeeds.dll 2008-10-13 17:22 . 2008-08-26 09:27 383,488 -----c--- c:\windows\system32\dllcache\ieapfltr.dll 2008-10-13 17:22 . 2008-08-26 09:27 267,776 -----c--- c:\windows\system32\dllcache\iertutil.dll 2008-10-13 17:22 . 2008-08-26 09:27 63,488 -----c--- c:\windows\system32\dllcache\icardie.dll 2008-10-13 17:22 . 2008-08-26 09:27 52,224 -----c--- c:\windows\system32\dllcache\msfeedsbs.dll 2008-10-13 17:22 . 2008-08-25 09:38 13,824 -----c--- c:\windows\system32\dllcache\ieudinit.exe 2008-10-13 17:13 . 2008-10-13 17:13 0 --a------ c:\windows\ativpsrm.bin 2008-10-13 17:10 . 2008-10-13 17:10 <DIR> d-------- C:\SWSetup 2008-10-13 17:10 . 2002-04-24 11:07 19,928 --a------ c:\windows\system32\drivers\wbscr.sys . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-10-13 16:10 --------- d--h--w c:\program files\InstallShield Installation Information 2008-10-13 16:07 --------- d-----w c:\program files\Common Files\InstallShield 2008-10-13 15:53 907,520 ----a-w c:\windows\system32\drivers\3xHybrid.sys 2008-10-13 15:53 9,760 ----a-w c:\windows\system32\34CoInstaller.dll 2008-10-13 15:53 104,992 ----a-w c:\windows\system32\NXPMV32.dll 2008-10-13 15:45 --------- d-----w c:\program files\C-Media 3D Audio 2008-10-13 15:42 69,632 ----a-w c:\windows\system32\vuins32.dll 2008-10-13 15:42 43,520 ----a-w c:\windows\system32\drivers\fetnd5bv.sys 2008-10-13 15:42 379,360 ----a-w c:\windows\system32\drivers\wlanCIG.sys 2008-10-13 15:42 319,456 ----a-w c:\windows\system32\difxapi.dll 2008-10-13 15:41 32,768 ----a-w c:\windows\system32\udaprop.dll 2008-10-13 15:32 --------- d-----w c:\program files\Intel 2008-10-13 15:27 23,600 ----a-w c:\windows\system32\drivers\TVICHW32.SYS 2008-10-13 14:21 --------- d-----w c:\program files\microsoft frontpage 2008-09-15 15:28 1,846,528 ----a-w c:\windows\system32\win32k.sys 2008-09-08 10:41 333,824 ----a-w c:\windows\system32\drivers\srv.sys 2008-08-29 08:18 87,336 ----a-w c:\windows\system32\dns-sd.exe 2008-08-29 07:53 61,440 ----a-w c:\windows\system32\dnssd.dll 2008-08-26 08:27 826,368 ----a-w c:\windows\system32\wininet.dll 2008-08-21 02:19 425,984 ----a-w c:\windows\system32\ATIDEMGX.dll 2008-08-21 02:18 314,880 ----a-w c:\windows\system32\ati2dvag.dll 2008-08-21 02:08 184,320 ----a-w c:\windows\system32\atipdlxx.dll 2008-08-21 02:08 143,360 ----a-w c:\windows\system32\Oemdspif.dll 2008-08-21 02:07 43,520 ----a-w c:\windows\system32\ati2edxx.dll 2008-08-21 02:07 26,112 ----a-w c:\windows\system32\Ati2mdxx.exe 2008-08-21 02:07 143,360 ----a-w c:\windows\system32\ati2evxx.dll 2008-08-21 02:05 573,440 ----a-w c:\windows\system32\ati2evxx.exe 2008-08-21 02:04 53,248 ----a-w c:\windows\system32\ATIDDC.DLL 2008-08-21 02:01 10,084,352 ----a-w c:\windows\system32\atioglxx.dll 2008-08-21 01:55 4,094,560 ----a-w c:\windows\system32\ati3duag.dll 2008-08-21 01:50 307,200 ----a-w c:\windows\system32\atiiiexx.dll 2008-08-21 01:38 2,377,856 ----a-w c:\windows\system32\ativvaxx.dll 2008-08-21 01:23 48,640 ----a-w c:\windows\system32\amdpcom32.dll 2008-08-21 01:19 380,928 ----a-w c:\windows\system32\atikvmag.dll 2008-08-21 01:18 37,376 ----a-w c:\windows\system32\atiadlxx.dll 2008-08-21 01:18 17,408 ----a-w c:\windows\system32\atitvo32.dll 2008-08-21 01:17 253,952 ----a-w c:\windows\system32\atiok3x2.dll 2008-08-21 01:11 561,152 ----a-w c:\windows\system32\ati2cqag.dll 2008-08-14 13:27 2,149,888 ----a-w c:\windows\system32\ntoskrnl.exe 2008-08-14 13:27 2,028,544 ----a-w c:\windows\system32\ntkrnlpa.exe . ((((((((((((((((((((((((((((( snapshot@2008-11-06_23.30.06.94 ))))))))))))))))))))))))))))))))))))))))) . + 2003-07-14 21:52:56 55,360 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040580900063D11C8EF10054038389C\11.0.6506\MSOHTMED.EXE + 2003-07-14 21:57:08 58,944 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040580900063D11C8EF10054038389C\11.0.6506\SEQCHK10.DLL + 2005-05-03 11:09:02 6,864,584 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040580900063D11C8EF10054038389C\11.0.6506\WORDVIEW.EXE + 2007-05-31 12:37:46 8,812,384 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040580900063D11C8EF10054038389C\11.0.8173\WORDVIEW.EXE - 2008-11-04 18:24:42 135,168 ----a-r c:\windows\Installer\{90850409-6000-11D3-8CFE-0150048383C9}\misc.exe + 2008-11-06 23:16:21 135,168 ----a-r c:\windows\Installer\{90850409-6000-11D3-8CFE-0150048383C9}\misc.exe - 2008-11-04 18:24:42 40,960 ----a-r c:\windows\Installer\{90850409-6000-11D3-8CFE-0150048383C9}\wrdvicon.exe + 2008-11-06 23:16:21 40,960 ----a-r c:\windows\Installer\{90850409-6000-11D3-8CFE-0150048383C9}\wrdvicon.exe + 2008-11-07 07:02:17 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_7ec.dat + 2008-11-07 07:02:21 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_90.dat . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Picasa Media Detector"="c:\program files\Picasa2\PicasaMediaDetector" [X] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-09-06 413696] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-10-01 289576] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-10-26 136600] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672] "HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb10.exe" [2004-03-04 172032] "HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2003-12-22 241664] "HP Software Update"="c:\program files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2004-02-18 49152] "a-squared"="c:\program files\A-SQUARED ANTI-MALWARE\a2guard.exe" [2008-11-02 2780816] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\ Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-02-13 83360] Service Manager.lnk - c:\program files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe [2000-08-06 69632] Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-05-26 123904] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2008-05-26 304128] [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 "UpdatesDisableNotify"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\LimeWire\\LimeWire.exe"= R2 JavaQuickStarterService;Java Quick Starter;c:\program files\Java\jre6\bin\jqs.exe [2008-10-26 152984] R3 3xHybrid;SAA713x TV Card Service;c:\windows\system32\DRIVERS\3xHybrid.sys [2008-10-13 907520] R3 FET5X86V;VIA Rhine-Family Fast-Ethernet Adapter Driver Service;c:\windows\system32\DRIVERS\fetnd5bv.sys [2008-10-13 43520] R3 wbscr;Winbond Smartcard Reader for I/O;c:\windows\system32\drivers\wbscr.sys [2002-04-24 19928] S3 ADM8511;ADMtek ADM8511/AN986 USB To Fast Ethernet Converter;c:\windows\system32\DRIVERS\ADM8511.SYS [2001-08-17 20160] . Inhoud van de 'Gedeelde Taken' map 2008-11-06 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34] . - - - - ORPHANS VERWIJDERD - - - - HKLM-Run-TV Card Remote Control Device Monitor - c:\windows\713xRMT.exe ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-11-07 08:17:54 Windows 5.1.2600 Service Pack 3 NTFS scannen van verborgen processen ... scannen van verborgen autostart items ... scannen van verborgen bestanden ... Scan succesvol afgerond verborgen bestanden: 0 ************************************************************************** . Voltooingstijd: 2008-11-07 8:18:58 ComboFix-quarantined-files.txt 2008-11-07 07:18:55 ComboFix2.txt 2008-11-06 22:31:39 Pre-Run: 215.896.678.400 bytes beschikbaar Post-Run: 215,883,800,576 bytes beschikbaar 280 --- E O F --- 2008-11-06 23:16:23 Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 8:20:36, on 7-11-2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16735) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\System32\SCardSvr.exe C:\Program Files\a-squared Anti-Malware\a2service.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe C:\WINDOWS\system32\SearchIndexer.exe C:\WINDOWS\System32\alg.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe C:\Program Files\HP\hpcoretech\hpcmpmgr.exe C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe C:\PROGRAM FILES\A-SQUARED ANTI-MALWARE\a2guard.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Picasa2\PicasaMediaDetector.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe C:\Program Files\Windows Desktop Search\WindowsSearch.exe C:\WINDOWS\system32\notepad.exe C:\WINDOWS\explorer.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe C:\WINDOWS\system32\wbem\wmiprvse.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" O4 - HKLM\..\Run: [a-squared] "C:\PROGRAM FILES\A-SQUARED ANTI-MALWARE\a2guard.exe" /d=60 O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1223917203140 O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-03.sun.com/s/ESD5/JSCDL/jdk/6u10/jinstall-6u10-windows-i586-jc.cab?e=1225057627564&h=e071cb737eeaba4414e51dd50d4a05d1/&filename=jinstall-6u10-windows-i586-jc.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://plugin.driveragent.com/files/driveragent.cab O16 - DPF: {EDFCB7CB-942C-4822-AF14-F0B687409848} (Image Uploader Control) - http://cache.hyves-static.net/statics/Aurigma/ImageUploader4.cab O23 - Service: a-squared Anti-Malware Service (a2AntiMalware) - Emsi Software GmbH - C:\Program Files\a-squared Anti-Malware\a2service.exe O23 - Service: Mobiel Apple apparaat (Apple Mobile Device) - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe -- End of file - 6621 bytes
  • Ziet er goed uit. En wat was het antwoord op deze vraag uit vorig bericht [quote:595981a22c] En laat dan eens weten of je nog problemen hebt en zo ja, dewelke ? [/quote:595981a22c]
  • Tot zo ver geen problemen meer gezien. Heel erg bedankt!
  • Graag gedaan. Maar er komt nog een staartje aan je verhaal :D Problemen van de baan, dan is het tijd voor de “grote schoonmaak” : verwijderen van gebruikte programma’s, een cleaning en het verwijderen van de besmette herstelpunten. Over de trialversie van A Squared mag je zelf beslissen of je deze nog even op je PC laat staan of onmiddellijk verwijdert. Verwijder Combofix: Start -> Uitvoeren en typ: [b:bb6a87ba6b]combofix /u[/b:bb6a87ba6b] Dit zal Combofix verwijderen + gerelateerde mappen en bestanden, herstelt de klokinstellingen opnieuw, verbergt de bestandsextensies, gaat verborgen bestanden en systeembestanden terug verbergen en maakt een nieuw herstelpunt. Download CCleaner hier : http://www.majorgeeks.com/download4191.html Installeer het en start CCleaner op. Klik in de linkse kolom op “Cleaner”. Klik achtereenvolgens op ‘Analyseren’ en 'Opschonen'. Klik vervolgens in de linkse kolom op “Register” en klik op ‘Scan naar problemen”. Als er fouten gevonden worden klik je op ”Herstel geselecteerde problemen” en ”OK”. Dan krijg je de vraag om een back-up te maken. Klik op “JA”. Kies dan “Herstel alle geselecteerde fouten”. Sluit hierna CCleaner terug af. Het is aangewezen om de bestaande herstelpunten te verwijderen (daar zitten besmette herstelpunten tussen die je eventueel zou kunnen terugzetten) door systeemherstel tijdelijk uit te schakelen. Doe dit via Start -> Configuratiescherm -> Systeem -> Systeemherstel -> "Systeemherstel op alle stations uitschakelen" aanvinken. Toepassen en OK. PC herstarten en het vinkje terug weg halen. That's it !
  • Is gelukt! Dank.

Beantwoord deze vraag

Weet jij het antwoord op deze vraag? Registreer of meld je aan met je account

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.