Op deze website gebruiken we cookies om content en advertenties te personaliseren, om functies voor social media te bieden en om ons websiteverkeer te analyseren. Ook delen we informatie over uw gebruik van onze site met onze partners voor social media, adverteren en analyse. Deze partners kunnen deze gegevens combineren met andere informatie die u aan ze heeft verstrekt of die ze hebben verzameld op basis van uw gebruik van hun services. Meer informatie.

Akkoord

Vraag & Antwoord

Beveiliging & privacy

hijackthis logje

None
7 antwoorden
  • ik blijf last hebben van een trojan, heb hem eraf gehaald met mbam maar nog geen minuut later geeft avg weer een waarschuwing…

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 13:43:19, on 5-3-2009
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16791)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
    C:\WINDOWS\System32\svchost.exe
    C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\system32\xIHw3H5X.exe
    C:\Documents and Settings\Cirkel\Bureaublad\utorrent.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service')
    O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Lokale service')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1198675699513
    O20 - AppInit_DLLs: C:\WINDOWS\system32\rimuwuka.dll
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
    O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe


    End of file - 3737 bytes



    alvast bedankt!!
  • Start hijackthis en kies voor 'do a system scan only'
    Selecteer alleen de items die hieronder zijn genoemd:

    [b:6e09eb7018]O20 - AppInit_DLLs: C:\WINDOWS\system32\rimuwuka.dll[/b:6e09eb7018]

    Sluit alle vensters behalve Hijackthis
    Klik op 'Fix checked' om de items te verwijderen.




    Open een kladblokbestand.
    Kopieer onderstaande (alles wat vetgedrukt is) in dit kladblokbestand.

    [b:6e09eb7018]@ECHO OFF
    IF EXIST log.txt DEL log.txt
    ECHO Deleting files>>log.txt
    taskkill /f /im xIHw3H5X.exe
    FOR %%g in (
    C:\WINDOWS\system32\xIHw3H5X.exe
    C:\WINDOWS\system32\rimuwuka.dll) DO (
    IF EXIST %%g (
    ATTRIB -r -s -h %%g
    DEL %%g
    IF EXIST %%g (
    ECHO %%g not deleted>>log.txt
    ) ELSE (
    ECHO %%g deleted>>log.txt)
    ) ELSE (
    ECHO %%g not found>>log.txt))
    START NOTEPAD.EXE log.txt[/b:6e09eb7018]

    Ga naar Bestand - Opslaan als.
    Bij "Opslaan in" kies je: Bureaublad
    Bij "Bestandsnaam" zet je: del.bat
    Bij "Opslaan als type" selecteer je: Alle bestanden (*.*).
    Klik op de knop Opslaan.
    Dubbelklik op del.bat en post de inhoud van de logfile die opent.



    Download [b:6e09eb7018] en sla het op je bureaublad op.
    Dubbelklik op [b:6e09eb7018]mbam-setup.exe[/b:6e09eb7018] om het programma te installeren.

    Zorg dat er na de installatie een vinkje is geplaatst bij:[list:6e09eb7018]
    [*:6e09eb7018]Update MalwareBytes' Anti-Malware
    [*:6e09eb7018]Start MalwareBytes' Anti-Malware
    [/list:u:6e09eb7018]Klik daarna op "[b:6e09eb7018]Voltooien[/b:6e09eb7018]".
    Indien een update gevonden wordt, zal die gedownload en geïnstalleerd worden.[list:6e09eb7018]
    [*:6e09eb7018]Zodra het programma gestart is, ga dan naar het tabblad "[b:6e09eb7018]Instellingen[/b:6e09eb7018]".
    [*:6e09eb7018]Vink hier aan: "[b:6e09eb7018]Sluit Internet Explorer tijdens verwijdering van malware[/b:6e09eb7018]".
    [*:6e09eb7018]Ga daarna naar het tabblad "[b:6e09eb7018]Scanner[/b:6e09eb7018]", kies hier voor "[b:6e09eb7018]Snelle Scan[/b:6e09eb7018]".
    [*:6e09eb7018]Druk vervolgens op "[b:6e09eb7018]Scannen[/b:6e09eb7018]" om de scan te starten.
    [*:6e09eb7018]Het scannen kan een tijdje duren, dus wees geduldig.

    [*:6e09eb7018]Wanneer de scan voltooid is, klik op [b:6e09eb7018]OK[/b:6e09eb7018], daarna "[b:6e09eb7018]Bekijk Resultaten[/b:6e09eb7018]" om de resultaten te zien.
    [*:6e09eb7018]Zorg ervoor dat daar alles aangevinkt is, daarna klik op: "[b:6e09eb7018]Verwijder geselecteerde[/b:6e09eb7018]".
    [*:6e09eb7018]Na het verwijderen zal een log openen en zal er gevraagd worden om de computer opnieuw op te starten.
    [/list:u:6e09eb7018]Het log wordt automatisch bewaard door MalwareBytes' Anti-Malware en kan je terugvinden door op de "[b:6e09eb7018]Logs[/b:6e09eb7018]" tab te klikken in het programma.

    Plaats dit logje samen met een nieuw logje van HijackThis
  • Deleting files
    C:\WINDOWS\system32\xIHw3H5X.exe not found
    C:\WINDOWS\system32\rimuwuka.dll not found





    Malwarebytes' Anti-Malware 1.34
    Database versie: 1815
    Windows 5.1.2600 Service Pack 3

    5-3-2009 15:47:30
    mbam-log-2009-03-05 (15-47-30).txt

    Scan type: Snelle Scan
    Objecten gescand: 69898
    Verstreken tijd: 10 minute(s), 0 second(s)

    Geheugenprocessen geïnfecteerd: 0
    Geheugenmodulen geïnfecteerd: 0
    Registersleutels geïnfecteerd: 0
    Registerwaarden geïnfecteerd: 0
    Registerdata bestanden geïnfecteerd: 0
    Mappen geïnfecteerd: 0
    Bestanden geïnfecteerd: 1

    Geheugenprocessen geïnfecteerd:
    (Geen kwaadaardige items gevonden)

    Geheugenmodulen geïnfecteerd:
    (Geen kwaadaardige items gevonden)

    Registersleutels geïnfecteerd:
    (Geen kwaadaardige items gevonden)

    Registerwaarden geïnfecteerd:
    (Geen kwaadaardige items gevonden)

    Registerdata bestanden geïnfecteerd:
    (Geen kwaadaardige items gevonden)

    Mappen geïnfecteerd:
    (Geen kwaadaardige items gevonden)

    Bestanden geïnfecteerd:
    C:\WINDOWS\system32\xIHw3H5X.exe.a_a (Trojan.Agent) -> Quarantined and deleted successfully.




    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 15:53:53, on 5-3-2009
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16791)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service')
    O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Lokale service')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1198675699513
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
    O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe


    End of file - 3624 bytes
  • Download GV Killer.exe.
    Zet het in een eigen map bijvoorbeeld in de map C:\Program Files\GV Killer en maak vervolgens een snelkoppeling van C:\Program Files\GV Killer\GV Killer.exe naar je bureaublad.
    Start GV Killer en gebruik Kopiëren en Plakken om de namen van onderstaande bestanden en mappen in het bestand C:\Program Files\GV Killer\input.txt te zetten.

    [b:4b306a8622]C:\WINDOWS\system32\rimuwuka.dll[/b:4b306a8622]

    Sluit het bestand C:\Program Files\GV Killer\input.txt en druk op de toets Start Killing om het programma te starten.
    Plaats de inhoud van het bestand C:\GV Killer.txt in je volgende bericht.



    Download [b:4b306a8622] naar je Bureaublad en gebruik het volgens deze handleiding.
    [i:4b306a8622]
  • Logfile gv_killer_01.txt v7.0.9 - Copyright © GV_Soft Guido Vaesen
    Rapport datum: 5-3-2009 16:25:02 log van Cirkel , Beheerder van deze computer
    Platform: Windows XP Prof SP3 NLD Normale modus

    BEGIN Geplande taken—————————————————————–
    C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
    C:\WINDOWS\tasks\AppleSoftwareUpdate.job
    C:\WINDOWS\tasks\At1.job
    C:\WINDOWS\tasks\At10.job
    C:\WINDOWS\tasks\At11.job
    C:\WINDOWS\tasks\At12.job
    C:\WINDOWS\tasks\At13.job
    C:\WINDOWS\tasks\At14.job
    C:\WINDOWS\tasks\At15.job
    C:\WINDOWS\tasks\At16.job
    C:\WINDOWS\tasks\At17.job
    C:\WINDOWS\tasks\At18.job
    C:\WINDOWS\tasks\At19.job
    C:\WINDOWS\tasks\At2.job
    C:\WINDOWS\tasks\At20.job
    C:\WINDOWS\tasks\At21.job
    C:\WINDOWS\tasks\At22.job
    C:\WINDOWS\tasks\At23.job
    C:\WINDOWS\tasks\At24.job
    C:\WINDOWS\tasks\At25.job
    C:\WINDOWS\tasks\At26.job
    C:\WINDOWS\tasks\At27.job
    C:\WINDOWS\tasks\At28.job
    C:\WINDOWS\tasks\At29.job
    C:\WINDOWS\tasks\At3.job
    C:\WINDOWS\tasks\At30.job
    C:\WINDOWS\tasks\At31.job
    C:\WINDOWS\tasks\At32.job
    C:\WINDOWS\tasks\At33.job
    C:\WINDOWS\tasks\At34.job
    C:\WINDOWS\tasks\At35.job
    C:\WINDOWS\tasks\At36.job
    C:\WINDOWS\tasks\At37.job
    C:\WINDOWS\tasks\At38.job
    C:\WINDOWS\tasks\At39.job
    C:\WINDOWS\tasks\At4.job
    C:\WINDOWS\tasks\At40.job
    C:\WINDOWS\tasks\At41.job
    C:\WINDOWS\tasks\At42.job
    C:\WINDOWS\tasks\At43.job
    C:\WINDOWS\tasks\At44.job
    C:\WINDOWS\tasks\At45.job
    C:\WINDOWS\tasks\At46.job
    C:\WINDOWS\tasks\At47.job
    C:\WINDOWS\tasks\At48.job
    C:\WINDOWS\tasks\At5.job
    C:\WINDOWS\tasks\At6.job
    C:\WINDOWS\tasks\At7.job
    C:\WINDOWS\tasks\At8.job
    C:\WINDOWS\tasks\At9.job
    EINDE Geplande taken—————————————————————–


    Lijst Notify keys——————————————————————–
    HKLM\software\microsoft\windows nt\currentversion\winlogon
    otify
    dimsntfy %SystemRoot%\System32\dimsntfy.dll
    WgaLogon WgaLogon.dll
    Settings
    Einde Notify keys——————————————————————–

    Verklaring Errorcodes—————————————————————-
    code 00 : Bestand is verwijderd.
    code 53 : Bestand of map werd niet gevonden op uw PC.
    code 70 : Bestand was in gebruik.
    code 75 : Services zijn nog geladen of bestand in gebruik.
    code M0 : Map is verwijderd.
    code ML : Map is volledig leeg gemaakt.
    code MN : Map werd niet gevonden op uw PC, is niet leeg gemaakt.
    code MV : Map werd niet gevonden op uw PC, is niet verwijderd.
    code K0 : Register key is verwijderd.
    Einde Errorcodes——————————————————————–

    BEGIN Inhoud van Input.txt———————————————————–
    C:\WINDOWS\system32\rimuwuka.dll
    EINDE Inhoud van Input.txt———————————————————–

    53 C:\WINDOWS\system32\rimuwuka.dll
    EINDE Inhoud van Input.txt———————————————————–


    ;0255679-640-0542111-23443=WD-WMADK300908125

    ;EINDE GV_Killer ———————————————————————






    ComboFix 09-03-04.01 - Cirkel 2009-03-05 16:41:12.1 - NTFSx86
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1043.18.382.168 [GMT 1:00]
    Gestart vanuit: c:\documents and settings\Cirkel\Bureaublad\ComboFix.exe
    * Nieuw herstelpunt werd aangemaakt

    WAARSCHUWING - DE RECOVERY CONSOLE IS NIET OP DIT SYSTEEM GEINSTALLEERD !!
    .

    (((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\documents and settings\Cirkel\Application Data\inst.exe
    c:\windows\system32\aKJy0J2A.dll
    c:\windows\system32\xIHw3H5X.exe
    c:\windows\system32\xIHw3H5X.exe.a_a

    .
    (((((((((((((((((((( Bestanden Gemaakt van 2009-02-05 to 2009-03-05 ))))))))))))))))))))))))))))))
    .

    2009-03-05 16:37 . 2009-03-05 16:37 <DIR> d——– c:\documents and settings\All Users\Application Data\Avg7
    2009-03-05 16:21 . 2009-03-05 16:23 <DIR> d——– c:\program files\GV_Killer
    2009-03-05 16:21 . 2004-03-08 23:00 152,848 –a—— c:\windows\system32\COMDLG32.OCX
    2009-03-05 16:21 . 2001-09-07 11:00 59,904 –a—— c:\windows\system32\wbemdisp.tlb
    2009-03-05 13:42 . 2009-03-05 13:42 <DIR> d——– c:\program files\Trend Micro
    2009-03-04 13:36 . 2009-03-04 13:36 <DIR> d——– c:\documents and settings\Cirkel\Application Data\Malwarebytes
    2009-03-04 13:35 . 2009-03-04 13:35 <DIR> d——– c:\program files\Malwarebytes' Anti-Malware
    2009-03-04 13:35 . 2009-03-04 13:35 <DIR> d——– c:\documents and settings\All Users\Application Data\Malwarebytes
    2009-03-04 13:35 . 2009-02-11 10:19 38,496 –a—— c:\windows\system32\drivers\mbamswissarmy.sys
    2009-03-04 13:35 . 2009-02-11 10:19 15,504 –a—— c:\windows\system32\drivers\mbam.sys
    2009-03-04 10:14 . 2009-03-05 16:23 <DIR> dr-h—– c:\documents and settings\Cirkel\Onlangs geopend
    2009-03-03 14:17 . 2009-03-03 14:17 <DIR> dr——- c:\documents and settings\LocalService\Favorieten
    2009-03-03 14:00 . 2009-03-03 14:00 <DIR> dr——- c:\documents and settings\NetworkService\Favorieten
    2009-02-28 13:22 . 2009-02-28 13:22 31,744 –a—— c:\windows\system32\mpaT3i3Q.exe
    2009-02-28 07:48 . 2009-01-09 20:19 1,089,883 —–c— c:\windows\system32\dllcache
    tprint.cat
    2009-02-28 06:15 . 2009-02-28 06:15 <DIR> d——– c:\windows\system32\XPSViewer
    2009-02-28 06:15 . 2009-02-28 06:15 <DIR> d——– c:\program files\MSBuild
    2009-02-28 06:14 . 2009-02-28 06:14 <DIR> d——– c:\program files\Reference Assemblies
    2009-02-28 06:13 . 2008-07-06 13:06 1,676,288 ——— c:\windows\system32\xpssvcs.dll
    2009-02-28 06:13 . 2008-07-06 13:06 1,676,288 —–c— c:\windows\system32\dllcache\xpssvcs.dll
    2009-02-28 06:13 . 2008-07-06 11:50 597,504 —–c— c:\windows\system32\dllcache\printfilterpipelinesvc.exe
    2009-02-28 06:13 . 2008-07-06 13:06 575,488 ——— c:\windows\system32\xpsshhdr.dll
    2009-02-28 06:13 . 2008-07-06 13:06 575,488 —–c— c:\windows\system32\dllcache\xpsshhdr.dll
    2009-02-28 06:13 . 2008-07-06 13:06 117,760 ——— c:\windows\system32\prntvpt.dll
    2009-02-28 06:13 . 2008-07-06 13:06 89,088 —–c— c:\windows\system32\dllcache\filterpipelineprintproc.dll
    2009-02-28 06:12 . 2009-02-28 06:13 <DIR> d——– C:\e117119740fb4b7ddbbd
    2009-02-28 04:56 . 2009-03-05 16:36 <DIR> d——– c:\documents and settings\LocalService\Bureaublad
    2009-02-28 04:32 . 2009-02-28 06:11 <DIR> d——– C:\9be34f1f241fd37a0d55434b
    2009-02-28 04:05 . 2009-02-28 04:05 <DIR> d–h—– c:\windows\PIF
    2009-02-28 04:03 . 2009-02-28 04:03 <DIR> d——– c:\documents and settings\Cirkel\Application Data\Windows Search
    2009-02-28 04:02 . 2009-02-28 04:02 <DIR> d——– c:\windows\system32\GroupPolicy
    2009-02-28 04:02 . 2009-02-28 06:47 <DIR> d——– c:\program files\Windows Desktop Search
    2009-02-28 04:00 . 2008-03-07 18:02 192,000 —–c— c:\windows\system32\dllcache\offfilt.dll
    2009-02-28 04:00 . 2008-03-07 18:02 98,304 —–c— c:\windows\system32\dllcache
    lhtml.dll
    2009-02-28 04:00 . 2008-03-07 18:02 29,696 —–c— c:\windows\system32\dllcache\mimefilt.dll
    2009-02-28 03:57 . 2008-12-21 00:03 6,066,688 —–c— c:\windows\system32\dllcache\ieframe.dll
    2009-02-28 03:57 . 2007-04-17 10:32 2,455,488 —–c— c:\windows\system32\dllcache\ieapfltr.dat
    2009-02-28 03:57 . 2007-03-08 06:11 1,032,192 —–c— c:\windows\system32\dllcache\ieframe.dll.mui
    2009-02-28 03:57 . 2008-12-21 00:03 459,264 —–c— c:\windows\system32\dllcache\msfeeds.dll
    2009-02-28 03:57 . 2008-12-21 00:03 383,488 —–c— c:\windows\system32\dllcache\ieapfltr.dll
    2009-02-28 03:57 . 2008-12-21 00:03 267,776 —–c— c:\windows\system32\dllcache\iertutil.dll
    2009-02-28 03:57 . 2008-12-21 00:03 63,488 —–c— c:\windows\system32\dllcache\icardie.dll
    2009-02-28 03:57 . 2008-12-21 00:03 52,224 —–c— c:\windows\system32\dllcache\msfeedsbs.dll
    2009-02-28 03:57 . 2008-12-19 10:10 13,824 —–c— c:\windows\system32\dllcache\ieudinit.exe
    2009-02-28 03:41 . 2009-02-28 03:41 <DIR> d——– C:\de07f5df6a3d29726005c3b3d02d32
    2009-02-28 03:38 . 2009-02-28 03:39 <DIR> d——– c:\windows\system32\URTTemp
    2009-02-28 02:49 . 2009-02-28 06:44 <DIR> d——– c:\program files\Lavasoft
    2009-02-28 02:49 . 2009-02-28 06:44 <DIR> d——– c:\documents and settings\All Users\Application Data\Lavasoft
    2009-02-28 02:45 . 2009-02-28 02:46 <DIR> d——– c:\program files\ATF-cleaner
    2009-02-28 02:44 . 2009-02-28 07:59 <DIR> d——– c:\program files\Spybot - Search & Destroy
    2009-02-28 02:44 . 2009-02-28 07:59 <DIR> d——– c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
    2009-02-12 00:01 . 2009-02-12 00:01 <DIR> d——– c:\program files\Real
    2009-02-11 23:49 . 2009-02-11 23:50 <DIR> d——– c:\program files\Common Files\Real
    2009-02-11 14:34 . 2009-02-11 14:34 <DIR> d——– c:\documents and settings\Cirkel\Application Data\Apple Computer
    2009-02-10 21:00 . 2009-02-10 21:00 <DIR> d——– c:\program files\QuickTime
    2009-02-10 21:00 . 2009-02-10 21:00 <DIR> d——– c:\documents and settings\All Users\Application Data\Apple Computer
    2009-02-10 20:59 . 2009-02-10 20:59 <DIR> d——– c:\program files\Apple Software Update
    2009-02-10 20:59 . 2009-02-10 20:59 <DIR> d——– c:\documents and settings\All Users\Application Data\Apple
    2009-02-09 10:39 . 2009-02-09 10:39 <DIR> d——– c:\documents and settings\Cirkel\Application Data\Belastingdienst
    2009-02-06 20:15 . 2009-02-06 20:15 <DIR> d——– c:\documents and settings\Cirkel\Application Data\Kensington
    2009-02-06 20:14 . 2009-02-06 20:14 7,304 –a—— c:\windows\TMP0001.TMP
    2009-02-06 10:05 . 2009-02-06 10:05 <DIR> d——– c:\program files\Maxon Cinema 4D

    .
    ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2009-03-05 14:19 ——— d—–w c:\documents and settings\Cirkel\Application Data\uTorrent
    2009-02-28 06:31 ——— d–h–w c:\program files\InstallShield Installation Information
    2009-02-28 03:50 ——— d—–w c:\program files\Common Files\InstallShield
    2009-02-28 01:57 ——— d—–w c:\program files\CCleaner
    2009-02-13 21:15 ——— d—–w c:\documents and settings\Cirkel\Application Data\MSN6
    2009-02-04 22:28 ——— d—–w c:\program files\Soulseek
    2009-01-26 16:52 ——— d—–w c:\documents and settings\Cirkel\Application Data\Quark
    2009-01-26 16:51 47,360 —-a-w c:\documents and settings\Cirkel\Application Data\pcouffin.sys
    2009-01-26 16:51 ——— d—–w c:\documents and settings\Cirkel\Application Data\Vso
    2009-01-26 16:50 ——— d—–w c:\program files\Common Files\AVSMedia
    2009-01-26 16:50 ——— d—–w c:\program files\AVS4YOU
    2009-01-25 12:54 ——— d—–w c:\program files\uTorrent
    2009-01-19 15:40 ——— d—–w c:\documents and settings\Cirkel\Application Data\AVS4YOU
    2009-01-19 15:40 ——— d—–w c:\documents and settings\All Users\Application Data\AVS4YOU
    2009-01-18 18:38 ——— d—–w c:\documents and settings\Cirkel\Application Data\vlc
    2009-01-18 18:37 ——— d—–w c:\program files\VideoLAN
    2008-12-20 23:03 826,368 —-a-w c:\windows\system32\wininet.dll
    .

    ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "PCSuiteTrayApplication"="c:\progra~1\Nokia\NOKIAP~1\LAUNCH~1.EXE" [2006-06-15 229376]
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]
    "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-02-12 185872]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]
    "Nokia.PCSync"="c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2006-06-27 1449984]

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\uTorrent\\uTorrent.exe"=
    "c:\\Documents and Settings\\Cirkel\\Bureaublad\\utorrent.exe"=

    .
    Inhoud van de 'Gedeelde Taken' map

    2009-03-02 c:\windows\Tasks\Ad-Aware Update (Weekly).job
    - c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe []

    2009-03-04 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]

    2009-03-04 c:\windows\Tasks\At1.job
    - c:\windows\system32\mpaT3i3Q.exe [2009-02-28 13:22]

    2009-03-05 c:\windows\Tasks\At10.job
    - c:\windows\system32\mpaT3i3Q.exe [2009-02-28 13:22]

    2009-03-05 c:\windows\Tasks\At11.job
    - c:\windows\system32\mpaT3i3Q.exe [2009-02-28 13:22]

    2009-03-05 c:\windows\Tasks\At12.job
    - c:\windows\system32\mpaT3i3Q.exe [2009-02-28 13:22]

    2009-03-05 c:\windows\Tasks\At13.job
    - c:\windows\system32\mpaT3i3Q.exe [2009-02-28 13:22]

    2009-03-05 c:\windows\Tasks\At14.job
    - c:\windows\system32\mpaT3i3Q.exe [2009-02-28 13:22]

    2009-03-05 c:\windows\Tasks\At15.job
    - c:\windows\system32\mpaT3i3Q.exe [2009-02-28 13:22]

    2009-03-05 c:\windows\Tasks\At16.job
    - c:\windows\system32\mpaT3i3Q.exe [2009-02-28 13:22]

    2009-03-05 c:\windows\Tasks\At17.job
    - c:\windows\system32\mpaT3i3Q.exe [2009-02-28 13:22]

    2009-03-04 c:\windows\Tasks\At18.job
    - c:\windows\system32\mpaT3i3Q.exe [2009-02-28 13:22]

    2009-03-04 c:\windows\Tasks\At19.job
    - c:\windows\system32\mpaT3i3Q.exe [2009-02-28 13:22]

    2009-03-05 c:\windows\Tasks\At2.job
    - c:\windows\system32\mpaT3i3Q.exe [2009-02-28 13:22]

    2009-03-04 c:\windows\Tasks\At20.job
    - c:\windows\system32\mpaT3i3Q.exe [2009-02-28 13:22]

    2009-03-04 c:\windows\Tasks\At21.job
    - c:\windows\system32\mpaT3i3Q.exe [2009-02-28 13:22]

    2009-03-04 c:\windows\Tasks\At22.job
    - c:\windows\system32\mpaT3i3Q.exe [2009-02-28 13:22]

    2009-03-04 c:\windows\Tasks\At23.job
    - c:\windows\system32\mpaT3i3Q.exe [2009-02-28 13:22]

    2009-03-04 c:\windows\Tasks\At24.job
    - c:\windows\system32\mpaT3i3Q.exe [2009-02-28 13:22]

    2009-03-04 c:\windows\Tasks\At25.job
    - c:\windows\system32\xIHw3H5X.exe []

    2009-03-05 c:\windows\Tasks\At26.job
    - c:\windows\system32\xIHw3H5X.exe []

    2009-03-05 c:\windows\Tasks\At27.job
    - c:\windows\system32\xIHw3H5X.exe []

    2009-03-05 c:\windows\Tasks\At28.job
    - c:\windows\system32\xIHw3H5X.exe []

    2009-03-05 c:\windows\Tasks\At29.job
    - c:\windows\system32\xIHw3H5X.exe []

    2009-03-05 c:\windows\Tasks\At3.job
    - c:\windows\system32\mpaT3i3Q.exe [2009-02-28 13:22]

    2009-03-05 c:\windows\Tasks\At30.job
    - c:\windows\system32\xIHw3H5X.exe []

    2009-03-03 c:\windows\Tasks\At31.job
    - c:\windows\system32\xIHw3H5X.exe []

    2009-03-03 c:\windows\Tasks\At32.job
    - c:\windows\system32\xIHw3H5X.exe []

    2009-03-03 c:\windows\Tasks\At33.job
    - c:\windows\system32\xIHw3H5X.exe []

    2009-03-05 c:\windows\Tasks\At34.job
    - c:\windows\system32\xIHw3H5X.exe []

    2009-03-05 c:\windows\Tasks\At35.job
    - c:\windows\system32\xIHw3H5X.exe []

    2009-03-05 c:\windows\Tasks\At36.job
    - c:\windows\system32\xIHw3H5X.exe []

    2009-03-05 c:\windows\Tasks\At37.job
    - c:\windows\system32\xIHw3H5X.exe []

    2009-03-05 c:\windows\Tasks\At38.job
    - c:\windows\system32\xIHw3H5X.exe []

    2009-03-05 c:\windows\Tasks\At39.job
    - c:\windows\system32\xIHw3H5X.exe []

    2009-03-05 c:\windows\Tasks\At4.job
    - c:\windows\system32\mpaT3i3Q.exe [2009-02-28 13:22]

    2009-03-05 c:\windows\Tasks\At40.job
    - c:\windows\system32\xIHw3H5X.exe []

    2009-03-05 c:\windows\Tasks\At41.job
    - c:\windows\system32\xIHw3H5X.exe []

    2009-03-04 c:\windows\Tasks\At42.job
    - c:\windows\system32\xIHw3H5X.exe []

    2009-03-04 c:\windows\Tasks\At43.job
    - c:\windows\system32\xIHw3H5X.exe []

    2009-03-04 c:\windows\Tasks\At44.job
    - c:\windows\system32\xIHw3H5X.exe []

    2009-03-04 c:\windows\Tasks\At45.job
    - c:\windows\system32\xIHw3H5X.exe []

    2009-03-04 c:\windows\Tasks\At46.job
    - c:\windows\system32\xIHw3H5X.exe []

    2009-03-04 c:\windows\Tasks\At47.job
    - c:\windows\system32\xIHw3H5X.exe []

    2009-03-04 c:\windows\Tasks\At48.job
    - c:\windows\system32\xIHw3H5X.exe []

    2009-03-05 c:\windows\Tasks\At5.job
    - c:\windows\system32\mpaT3i3Q.exe [2009-02-28 13:22]

    2009-03-05 c:\windows\Tasks\At6.job
    - c:\windows\system32\mpaT3i3Q.exe [2009-02-28 13:22]

    2009-03-03 c:\windows\Tasks\At7.job
    - c:\windows\system32\mpaT3i3Q.exe [2009-02-28 13:22]

    2009-03-03 c:\windows\Tasks\At8.job
    - c:\windows\system32\mpaT3i3Q.exe [2009-02-28 13:22]

    2009-03-03 c:\windows\Tasks\At9.job
    - c:\windows\system32\mpaT3i3Q.exe [2009-02-28 13:22]
    .
    .
    ——- Bijkomende Scan ——-
    .
    uStart Page = hxxp://www.google.nl/
    uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    FF - ProfilePath - c:\documents and settings\Cirkel\Application Data\Mozilla\Firefox\Profiles\s587onsd.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
    FF - prefs.js: browser.search.selectedEngine - Google
    FF - plugin: c:\documents and settings\Cirkel\Application Data\Mozilla\Firefox\Profiles\s587onsd.default\extensions\moveplayer@movenetworks.com\platform\WINNT_x86-msvc\plugins
    pmnqmp07076007.dll
    .

    **************************************************************************

    catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2009-03-05 16:43:50
    Windows 5.1.2600 Service Pack 3 NTFS

    scannen van verborgen processen …

    scannen van verborgen autostart items …

    scannen van verborgen bestanden …

    Scan succesvol afgerond
    verborgen bestanden: 0

    **************************************************************************
    .
    Voltooingstijd: 2009-03-05 16:46:07
    ComboFix-quarantined-files.txt 2009-03-05 15:45:56

    Pre-Run: 602.800.128 bytes beschikbaar
    Post-Run: 674,877,440 bytes beschikbaar

    247 — E O F — 2009-02-28 11:51:18



  • blijkbaar niet gelukt…..avg geeft weer waarschuwing….

    het lullige is: we hebben nooit problemen gehad met deze pc totdat een vriend er even mee aan de gang gaat om hem sneller te maken…
  • Open een kladblokbestand.
    Kopieer onderstaande (alles wat vetgedrukt is) in dit kladblokbestand.


    [b:a182cb3394]@ECHO OFF
    IF EXIST log.txt DEL log.txt
    ECHO Deleting Files>>log.txt
    FOR %%g in (
    c:\windows\Tasks\At*.job) DO (
    IF EXIST %%g (
    ATTRIB -r -s -h %%g
    DEL %%g
    IF EXIST %%g (
    ECHO %%g not deleted>>log.txt
    ) ELSE (
    ECHO %%g deleted successfully>>log.txt)
    ) ELSE (
    ECHO %%g not found>>log.txt))
    START NOTEPAD.EXE log.txt
    DEL %0[/b:a182cb3394]

    Ga naar Bestand - Opslaan als.
    Bij "Opslaan in" kies je: Bureaublad
    Bij "Bestandsnaam" zet je: del.bat
    Bij "Opslaan als type" selecteer je: Alle bestanden (*.*).
    Klik op de knop Opslaan.
    Dubbelklik op del.bat en post de inhoud van de logfile die opent.


    Open een kladblokbestand.
    Kopieer de onderstaande code, en plak deze in het kladblokbestand.

Beantwoord deze vraag

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.