Op deze website gebruiken we cookies om content en advertenties te personaliseren, om functies voor social media te bieden en om ons websiteverkeer te analyseren. Ook delen we informatie over uw gebruik van onze site met onze partners voor social media, adverteren en analyse. Deze partners kunnen deze gegevens combineren met andere informatie die u aan ze heeft verstrekt of die ze hebben verzameld op basis van uw gebruik van hun services. Meer informatie.

Akkoord

Vraag & Antwoord

Beveiliging & privacy

trojan infectie

Abraham54
13 antwoorden
  • Ik ben tevens geinfecteerd met een trojan generic 18.
    HiJackThis geeft dit:

    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 11:16:21, on 12-6-2010
    Platform: Windows Vista SP2 (WinNT 6.00.1906)
    MSIE: Internet Explorer v8.00 (8.00.6001.18904)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Windows\SMINST\scheduler.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\pthosttr.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
    C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
    C:\Windows\System32\mobsync.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Windows\SMINST\scheduler.exe
    C:\Windows\system32\conime.exe
    C:\Program Files\AVG\AVG9\avgui.exe
    C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.spitsnieuws.nl/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs
    dr?TYPE=3&tp=iehome&locale=NL_NL&c=none&bd=smb&pf=laptop
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs
    dr?TYPE=3&tp=iehome&locale=NL_NL&c=none&bd=smb&pf=laptop
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O1 - Hosts: ::1 localhost
    O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: ThreeShips IEHelper - {17FDB9F8-DCC4-4F6A-AE07-B16018A48469} - C:\Program Files\Common Files\Threeships Shared\DLL\ThreeShipsIEHelper.dll
    O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O2 - BHO: Aanmeldhulp voor Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
    O2 - BHO: Credential Manager for HP ProtectTools - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - C:\Program Files\Hewlett-Packard\IAM\Bin\ItIEAddIn.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    O4 - HKLM\..\Run: [PTHOSTTR] C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE /Start
    O4 - HKLM\..\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
    O4 - HKLM\..\Run: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
    O4 - HKLM\..\Run: [HP Health Check Scheduler] C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
    O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
    O4 - HKLM\..\Run: [CognizanceTS] rundll32.exe C:\PROGRA~1\HEWLET~1\IAM\Bin\ASTSVCC.dll,RegisterModule
    O4 - HKLM\..\Run: [WatchDog] C:\Program Files\InterVideo\DVD Check\DVDCheck .exe
    O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
    O4 - HKLM\..\Run: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe
    O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
    O4 - HKLM\..\RunOnce: [ST Recovery Launcher] %WINDIR%\SMINST\launcher.exe
    O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    O4 - HKCU\..\Run: [StartCCC] c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
    O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr .exe" /background
    O4 - HKCU\..\Run: [SoftAuto.exe] "C:\Program Files\Creative\Software Update 3\SoftAuto.exe"
    O4 - HKCU\..\Run: [M5T8QL3YW3] C:\Users\Diego\AppData\Local\Temp\Wsd.exe
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-18\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden (User 'SYSTEEM')
    O4 - HKUS\.DEFAULT\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden (User 'Default user')
    O4 - Global Startup: BTTray.lnk = ?
    O4 - Global Startup: DVD Check.lnk = C:\Program Files\InterVideo\DVD Check\DVDCheck.exe
    O8 - Extra context menu item: Afbeelding verzenden naar &Bluetooth-apparaat… - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
    O8 - Extra context menu item: Pagina verzenden naar &Bluetooth-apparaat… - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~2.0_0\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~2.0_0\bin\ssv.dll
    O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
    O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
    O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
    O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
    O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://download.divx.com/player/DivXBrowserPlugin.cab
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
    O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
    O20 - AppInit_DLLs: APSHook.dll,avgrsstx.dll
    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
    O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Andrea ADI Filters Service (AEADIFilters) - Andrea Electronics Corporation - C:\Windows\system32\AEADISRV.EXE
    O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
    O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
    O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
    O23 - Service: CT Device Query service (CTDevice_Srv) - Creative Technology Ltd - C:\Program Files\Creative\Shared Files\CTDevSrv.exe
    O23 - Service: Creative Centrale Media Server (CTUPnPSv) - Creative Technology Ltd - C:\Program Files\Creative\Creative Centrale\CTUPnPSv.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
    O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
    O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
    O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
    O23 - Service: RoxMediaDB9 - Sonic Solutions - c:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
    O23 - Service: SonicStage Back-End Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SsBeSvc.exe
    O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
    O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
    O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe


    End of file - 11777 bytes

    Hopenlijk kan iemand mij helpen.

    Alvast bedankt

  • Hallo diegotham,

    doe het volgende:

  • HiJackThis Log:
    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 19:40:54, on 14-6-2010
    Platform: Windows Vista SP2 (WinNT 6.00.1906)
    MSIE: Internet Explorer v8.00 (8.00.6001.18904)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\taskeng.exe
    C:\Program Files\Hewlett-Packard\IAM\bin\asghost.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Windows\SMINST\scheduler.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\pthosttr.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
    C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
    C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files\Lavasoft\Ad-Aware\AAWTray .exe
    C:\Program Files\Windows Live\Messenger\MsnMsgr .exe
    C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain .exe
    C:\Program Files\Analog Devices\Core\smax4pnp .exe
    C:\Program Files\Java\jre1.6.0_07\bin\jusched .exe
    C:\Program Files\Microsoft Office\Office12\GrooveMonitor .exe
    C:\Program Files\Creative\Software Update 3\SoftAuto .exe
    C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
    C:\Program Files\Hp\HP Software Update\HPWuSchd2 .exe
    C:\Windows\WindowsMobile\wmdc .exe
    C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
    C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    C:\Windows\System32\mobsync.exe
    C:\Windows\system32\conime.exe
    C:\Program Files\Java\jre1.6.0_07\bin\jucheck.exe
    C:\Program Files\AVG\AVG9\avgtray.exe
    C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.spitsnieuws.nl/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs
    dr?TYPE=3&tp=iehome&locale=NL_NL&c=none&bd=smb&pf=laptop
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs
    dr?TYPE=3&tp=iehome&locale=NL_NL&c=none&bd=smb&pf=laptop
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O1 - Hosts: ::1 localhost
    O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: ThreeShips IEHelper - {17FDB9F8-DCC4-4F6A-AE07-B16018A48469} - C:\Program Files\Common Files\Threeships Shared\DLL\ThreeShipsIEHelper.dll
    O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O2 - BHO: Aanmeldhulp voor Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
    O2 - BHO: Credential Manager for HP ProtectTools - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - C:\Program Files\Hewlett-Packard\IAM\Bin\ItIEAddIn.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    O4 - HKLM\..\Run: [PTHOSTTR] C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE /Start
    O4 - HKLM\..\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
    O4 - HKLM\..\Run: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
    O4 - HKLM\..\Run: [HP Health Check Scheduler] C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
    O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
    O4 - HKLM\..\Run: [CognizanceTS] rundll32.exe C:\PROGRA~1\HEWLET~1\IAM\Bin\ASTSVCC.dll,RegisterModule
    O4 - HKLM\..\Run: [WatchDog] C:\Program Files\InterVideo\DVD Check\DVDCheck .exe
    O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
    O4 - HKLM\..\Run: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe
    O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
    O4 - HKLM\..\RunOnce: [ST Recovery Launcher] %WINDIR%\SMINST\launcher.exe
    O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    O4 - HKCU\..\Run: [StartCCC] c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
    O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr .exe" /background
    O4 - HKCU\..\Run: [SoftAuto.exe] "C:\Program Files\Creative\Software Update 3\SoftAuto.exe"
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-18\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden (User 'SYSTEEM')
    O4 - HKUS\.DEFAULT\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden (User 'Default user')
    O4 - Global Startup: BTTray.lnk = ?
    O4 - Global Startup: DVD Check.lnk = C:\Program Files\InterVideo\DVD Check\DVDCheck.exe
    O8 - Extra context menu item: Afbeelding verzenden naar &Bluetooth-apparaat… - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
    O8 - Extra context menu item: Pagina verzenden naar &Bluetooth-apparaat… - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~2.0_0\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~2.0_0\bin\ssv.dll
    O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
    O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
    O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
    O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
    O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://download.divx.com/player/DivXBrowserPlugin.cab
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
    O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
    O20 - AppInit_DLLs: APSHook.dll,avgrsstx.dll
    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
    O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Andrea ADI Filters Service (AEADIFilters) - Andrea Electronics Corporation - C:\Windows\system32\AEADISRV.EXE
    O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
    O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
    O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
    O23 - Service: CT Device Query service (CTDevice_Srv) - Creative Technology Ltd - C:\Program Files\Creative\Shared Files\CTDevSrv.exe
    O23 - Service: Creative Centrale Media Server (CTUPnPSv) - Creative Technology Ltd - C:\Program Files\Creative\Creative Centrale\CTUPnPSv.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
    O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
    O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
    O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
    O23 - Service: RoxMediaDB9 - Sonic Solutions - c:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
    O23 - Service: SonicStage Back-End Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SsBeSvc.exe
    O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
    O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
    O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe


    End of file - 12277 bytes


    Uninstall log
    Aangifte inkomstenbelasting 2009
    Activation Assistant for the 2007 Microsoft Office suites
    Ad-Aware
    Ad-Aware
    Adobe Flash Player 10 ActiveX
    Adobe Reader 8.2.2 - Nederlands
    Age of Empires III
    Age of Empires III - The Asian Dynasties
    Age of Empires III - The WarChiefs
    Agere Systems HDA Modem
    Application Installer 4.00.B14
    ATI Uninstaller
    AVG Free 9.0
    Business Contact Manager voor Outlook 2007 SP2
    Business Contact Manager voor Outlook 2007 SP2
    ccc-Branding
    Creative Centrale
    Creative Centrale
    Creative Software Update
    Creative ZEN X-Fi Video Converter
    Creative ZEN X-Fi Video Converter
    Creative ZEN X-Fi-Gebruikershandleiding
    Credential Manager for HP ProtectTools
    CutePDF Writer 2.7
    ESU for Microsoft Vista
    Euroglot Professional 4.5 (remove only)
    GDR 4053 for SQL Server Database Services 2005 ENU (KB970892)
    Google Toolbar for Internet Explorer
    Google Toolbar for Internet Explorer
    Hewlett-Packard Active Check
    Hewlett-Packard Asset Agent
    HiJackThis
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    HP Active Support Library
    HP Active Support Library 32 bit components
    HP Backup & Recovery Manager Installer
    HP BIOS Configuration for ProtectTools
    HP Customer Experience Enhancements
    HP Doc Viewer
    HP Easy Setup - Core
    HP Easy Setup - Frontend
    HP Help and Support
    HP Integrated Module with Bluetooth wireless technology 6.0.1.4900
    HP Notebook Accessories Product Tour
    HP ProtectTools Security Manager
    HP Quick Launch Buttons 6.40 B2
    HP Update
    HP User Guides 0064
    HP Wireless Assistant
    Huur- en zorgtoeslag 2009
    InterVideo DVD Check
    InterVideo WinDVD
    Japanese Fonts Support For Adobe Reader 8
    Java(TM) 6 Update 5
    Java(TM) 6 Update 7
    Java(TM) SE Runtime Environment 6
    Junk Mail filter update
    K-Lite Codec Pack 3.9.0 Standard
    LG USB Modem driver
    Malwarebytes' Anti-Malware
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1 Dutch Language Pack
    Microsoft .NET Framework 1.1 Security Update (KB953297)
    Microsoft .NET Framework 3.5 Language Pack SP1 - nld
    Microsoft .NET Framework 3.5 SP1
    Microsoft .NET Framework 3.5 SP1
    Microsoft Choice Guard
    Microsoft Office 2003 Web Components
    Microsoft Office 2007 Primary Interop Assemblies
    Microsoft Office 2007 Service Pack 2 (SP2)
    Microsoft Office 2007 Service Pack 2 (SP2)
    Microsoft Office 2007 Service Pack 2 (SP2)
    Microsoft Office 2007 Service Pack 2 (SP2)
    Microsoft Office 2007 Service Pack 2 (SP2)
    Microsoft Office 2007 Service Pack 2 (SP2)
    Microsoft Office 2007 Service Pack 2 (SP2)
    Microsoft Office 2007 Service Pack 2 (SP2)
    Microsoft Office 2007 Service Pack 2 (SP2)
    Microsoft Office 2007 Service Pack 2 (SP2)
    Microsoft Office 2007 Service Pack 2 (SP2)
    Microsoft Office 2007 Service Pack 2 (SP2)
    Microsoft Office 2007 Service Pack 2 (SP2)
    Microsoft Office Access MUI (Dutch) 2007
    Microsoft Office Enterprise 2007
    Microsoft Office Enterprise 2007
    Microsoft Office Excel MUI (Dutch) 2007
    Microsoft Office Groove MUI (Dutch) 2007
    Microsoft Office InfoPath MUI (Dutch) 2007
    Microsoft Office Live Add-in 1.4
    Microsoft Office OneNote MUI (Dutch) 2007
    Microsoft Office Outlook MUI (Dutch) 2007
    Microsoft Office PowerPoint MUI (Dutch) 2007
    Microsoft Office Project 2007 Service Pack 2 (SP2)
    Microsoft Office Project 2007 Service Pack 2 (SP2)
    Microsoft Office Project MUI (Dutch) 2007
    Microsoft Office Project Professional 2007
    Microsoft Office Project Professional 2007
    Microsoft Office Proof (Dutch) 2007
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (German) 2007
    Microsoft Office Proofing (Dutch) 2007
    Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    Microsoft Office Publisher MUI (Dutch) 2007
    Microsoft Office Shared MUI (Dutch) 2007
    Microsoft Office Small Business-verbindingsonderdelen
    Microsoft Office Visio 2007 Service Pack 2 (SP2)
    Microsoft Office Visio 2007 Service Pack 2 (SP2)
    Microsoft Office Visio MUI (Dutch) 2007
    Microsoft Office Visio Professional 2007
    Microsoft Office Visio Professional 2007
    Microsoft Office Word MUI (Dutch) 2007
    Microsoft Reader
    Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs
    Microsoft Silverlight
    Microsoft SQL Server 2005
    Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
    Microsoft SQL Server Native Client
    Microsoft SQL Server Setup-ondersteuningsbestanden (Engels)
    Microsoft SQL Server VSS Writer
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    MSCU for Microsoft Vista
    MSVCRT
    MSXML 4.0 SP2 (KB936181)
    MSXML 4.0 SP2 (KB941833)
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    Need for Speed™ Most Wanted
    OpenMG Limited Patch 4.7-07-14-05-01
    OpenMG Secure Module 4.7.00
    Roxio Creator Audio
    Roxio Creator Basic v9
    Roxio Creator Copy
    Roxio Creator Data
    Roxio Creator Tools
    Roxio Express Labeler 3
    Roxio MyDVD Basic v9
    Security Update for 2007 Microsoft Office System (KB969559)
    Security Update for 2007 Microsoft Office System (KB969559)
    Security Update for 2007 Microsoft Office System (KB969559)
    Security Update for 2007 Microsoft Office System (KB976321)
    Security Update for 2007 Microsoft Office System (KB976321)
    Security Update for 2007 Microsoft Office System (KB976321)
    Security Update for 2007 Microsoft Office System (KB978380)
    Security Update for CAPICOM (KB931906)
    Security Update for CAPICOM (KB931906)
    Security Update for Microsoft Office Excel 2007 (KB978382)
    Security Update for Microsoft Office Outlook 2007 (KB972363)
    Security Update for Microsoft Office PowerPoint 2007 (KB957789)
    Security Update for Microsoft Office Publisher 2007 (KB980470)
    Security Update for Microsoft Office system 2007 (972581)
    Security Update for Microsoft Office system 2007 (972581)
    Security Update for Microsoft Office system 2007 (972581)
    Security Update for Microsoft Office system 2007 (KB969613)
    Security Update for Microsoft Office system 2007 (KB974234)
    Security Update for Microsoft Office system 2007 (KB974234)
    Security Update for Microsoft Office system 2007 (KB974234)
    Security Update for Microsoft Office Visio 2007 (KB979365)
    Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
    Sonic Activation Module
    SonicStage 4.3
    SopCast 3.2.9
    SoundMAX
    Spelling Dictionaries Support For Adobe Reader 8
    SPSS 16.0 for Windows
    Synaptics Pointing Device Driver
    Taalpakket voor Microsoft .NET Framework 3.5 SP1 - NL
    Three Ships Browser Plugin
    Total Commander (Remove or Repair)
    Update for 2007 Microsoft Office System (KB967642)
    Update for 2007 Microsoft Office System (KB967642)
    Update for 2007 Microsoft Office System (KB967642)
    Update for 2007 Microsoft Office System (KB981715)
    Update for 2007 Microsoft Office System (KB981715)
    Update for 2007 Microsoft Office System (KB981715)
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Microsoft Office InfoPath 2007 (KB976416)
    Update for Microsoft Office OneNote 2007 (KB980729)
    Update for Microsoft Office Word 2007 (KB974561)
    Update for Outlook 2007 Junk Email Filter (kb981726)
    Update voor Microsoft Office Excel 2007 Help (KB963678)
    Update voor Microsoft Office Powerpoint 2007 Help (KB963669)
    Update voor Microsoft Office Word 2007 Help (KB963665)
    Vista Default Settings
    Visual C++ 2008 x86 Runtime - (v9.0.30729)
    Visual C++ 2008 x86 Runtime - v9.0.30729.01
    Vuze
    Windows Live - Hulpprogramma voor uploaden
    Windows Live Call
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Essentials
    Windows Live ID Sign-in Assistant
    Windows Live Mail
    Windows Live Messenger
    Windows Mobile Apparaatcentrum
    Windows Mobile Device Center Driver Update
    WinRAR archiver



    MBAM log
    Malwarebytes' Anti-Malware 1.46
    www.malwarebytes.org

    Databaseversie: 4197

    Windows 6.0.6002 Service Pack 2
    Internet Explorer 8.0.6001.18904

    14-6-2010 18:43:24
    mbam-log-2010-06-14 (18-43-24).txt

    Scantype: Snelle scan
    Objecten gescand: 137251
    Verstreken tijd: 8 minuut/minuten, 47 seconde(n)

    Geheugenprocessen geïnfecteerd: 0
    Geheugenmodulen geïnfecteerd: 0
    Registersleutels geïnfecteerd: 6
    Registerwaarden geïnfecteerd: 0
    Registerdata geïnfecteerd: 0
    Mappen geïnfecteerd: 2
    Bestanden geïnfecteerd: 4

    Geheugenprocessen geïnfecteerd:
    (Geen kwaadaardige objecten gedetecteerd)

    Geheugenmodulen geïnfecteerd:
    (Geen kwaadaardige objecten gedetecteerd)

    Registersleutels geïnfecteerd:
    HKEY_CURRENT_USER\Software\M5T8QL3YW3 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Handle (Malware.Trace) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\QZAIB7KITK (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\AV Care (Rogue.AVCare) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AV Care (Rogue.AVCare) -> Quarantined and deleted successfully.

    Registerwaarden geïnfecteerd:
    (Geen kwaadaardige objecten gedetecteerd)

    Registerdata geïnfecteerd:
    (Geen kwaadaardige objecten gedetecteerd)

    Mappen geïnfecteerd:
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AV Care (Rogue.AVCare) -> Quarantined and deleted successfully.
    C:\Users\Diego\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AV Care (Rogue.AVCare) -> Quarantined and deleted successfully.

    Bestanden geïnfecteerd:
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AV Care\AV Care.lnk (Rogue.AVCare) -> Quarantined and deleted successfully.
    C:\ProgramData\sysReserve.ini (Malware.Trace) -> Quarantined and deleted successfully.
    C:\Windows\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job (Trojan.Downloader) -> Quarantined and deleted successfully.
    C:\Windows\Tasks\{8C3FDD81-7AE0-4605-A46A-2488B179F2A3}.job (Trojan.Downloader) -> Quarantined and deleted successfully.

  • Hallo diegotham, hoe gaat het ondertussen met jouw Windows?

    Je hebt een aantal zeer antieke Java runtimes in jouw Windows.
    Malware vindt dat geweldige fijn!

    [b:4167ac7d63]Java(TM) 6 Update 5
    Java(TM) 6 Update 7
    Java(TM) SE Runtime Environment 6[/b:4167ac7d63]

    https://cds.sun.com/is-bin/INTERSHOP.enfinity/WFS/CDS-CDS_Developer-Site/en_US/-/USD/ViewProductDetail-Start?ProductRef=jre-6u20-oth-JPR@CDS-CDS_Developer

    Via deze link is de nieuwste Java versie te downloaden.
    Het betreft een meertalige versie!

    Bovendien zijn er nu dus Java Runtime versies voor zowel Windows 32 bit(x86) en Windows 64 bit(x64).

    1) Selekteer dus de juiste versie, vink daarna bij [b:4167ac7d63]I agree to the Java SE Runtime Environment 6u20 with JavaFX 1 License Agreement.[/b:4167ac7d63] het hokje aan en klik vervolgens op de rode knop [b:4167ac7d63]Continue[/b:4167ac7d63]

    2) Kies vervolgens deze versie (in dit voorbeeld heb ik dus de downloadversie voor 32bits gekozen):
    [b:4167ac7d63]Windows Offline Installation jre-6u20-windows-i586.exe 15.54 MB [/b:4167ac7d63] en download het bestand naar je bureaublad.

    3) Ga nu eerst naar (in Windows 2000/XP) [b:4167ac7d63]Start\Configuratiescherm\Software[/b:4167ac7d63] of (Windows Vista en Windows 7) naar [b:4167ac7d63]Start\Configuratiescherm\Programma’s en onderdelen[/b:4167ac7d63] en verwijder daar alle versies van Java uit de Softwarelijst.

    Ter verduidelijking: verwijder dus alles met Java Runtime Environment ([b:4167ac7d63]JRE of J2SE[/b:4167ac7d63]) in de naam.

    Hierna de computer opnieuw opstarten en daarna mag dan de nieuwste versie van Java Runtime geïnstalleerd worden!

    Hoe het in het vervolg maar op één geïnsalleerde Java runtime - en dan altijd de nieuwste!


    Je Adobe reader is ook verouderd en een veiligheidsrisico!

    Deïnstalleren is het advies.

    De nieuwste versie vindt je hier: http://get.adobe.com/nl
    eader/

    Na installatie is de updater al aktief - je krijgt op gegeven moment een bericht boven de systray, dat de update gereed voor installatie is.
    Dubbelklik dan op het update-icoon in de systray!

    [b:4167ac7d63]Zo wordt Adobe Reader veilig:[/b:4167ac7d63]

    na starten van de reader klik je in de menubalk op [b:4167ac7d63]Bewerken[/b:4167ac7d63] en verolgens in het uitklapmenu op [b:4167ac7d63]Voorkeuren…[/b:4167ac7d63]

    Klik in het venster Voorkeuren op [b:4167ac7d63]Betrouwbaarheidsbeheer[/b:4167ac7d63] en dan onder [b:4167ac7d63]PDF-bestandsbijlagen[/b:4167ac7d63] het vinkje weghalen voor [b:4167ac7d63]Het openen van niet PDF-bijlagen in externe toepassingen toestaan.[/b:4167ac7d63]; klik vervolgens op [b:4167ac7d63]OK[/b:4167ac7d63] en mag de reader gesloten worden.

    Dit zorgt ervoor dat vanuit een PDF niet automatisch een applikatie kan worden opgestart.
    Dus eventuele malware in een PDF-dokument kan dan niks doen!
  • Volgens AVG heb ik nog steeds last van een Trojaans Paard Generic 18.JNL.

    Dit was een Tornjaans Paard Generic 18.ENE
  • Wat geeft AVG aan met betrekking tot de lokatie van dat bestand?

    En heb je datgene gedaan wat in mijn vorige bericht stond?
  • Alles wat in het bericht stond heb ik gedaan. Volgens AVG gaat het om:
    "C:\SwSetup\HPTools\PTBIOS\Disk1\Setup.exe";"Trojaans paard Generic18.JNL";
  • Doe het volgende: [b:62bcfb391e]Laat Combofix jouw Windows scannen[/b:62bcfb391e] (klik).

    [b:62bcfb391e]Hoe Combofix goed te gebruiken[/b:62bcfb391e] (klik)

    [b:62bcfb391e]Aanvulling: om Combofix te kunnen gebruiken geldt het volgende:
  • ComboFix 10-06-15.01 - Diego 15-06-2010 19:47:18.1.2 - x86
    Microsoft® Windows Vista™ Business 6.0.6002.2.1252.31.1043.18.1919.831 [GMT 2:00]
    Gestart vanuit: c:\users\Diego\Desktop\ComboFix.exe
    SP: Lavasoft Ad-Watch Live! *disabled* (Updated) {67844DAE-4F77-4D69-9457-98E8CFFDAA22}
    SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
    .

    (((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe
    c:\program files\Analog Devices\Core\smax4pnp.exe
    c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
    c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
    c:\program files\Creative\Software Update 3\SoftAuto.exe
    c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
    c:\program files\Hp\HP Software Update\HPWuSchd2.exe
    c:\program files\InterVideo\DVD Check\DVDCheck .exe
    c:\program files\InterVideo\DVD Check\DVDCheck .exe
    c:\program files\InterVideo\DVD Check\DVDCheck.exe
    c:\program files\Java\jre1.6.0_07\bin\jusched.exe
    c:\program files\Lavasoft\Ad-Aware\AAWTray.exe
    c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
    c:\program files\Windows Live\Messenger\MsnMsgr .exe
    c:\program files\Windows Live\Messenger\MsnMsgr .exe
    c:\program files\Windows Live\Messenger\MsnMsgr .exe
    c:\program files\Windows Live\Messenger\MsnMsgr .exe
    c:\programdata\0AhF4d3.exe
    c:\users\Diego\AppData\Local\0AhF4d3.exe
    c:\windows\Fonts\0AhF4d3.com
    c:\windows\system32\config\systemprofile\AppData\Local\0AhF4d3.exe
    c:\windows\Tasks\At1.job
    c:\windows\xpsp1hfm.log
    F:\Autorun.inf

    [code:1:ece92fa460] <pre>
    c:\program files\Adobe\Reader 8.0\Reader\Reader_sl .exe —^> c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe
    c:\program files\Analog Devices\Core\smax4pnp .exe —^> c:\program files\Analog Devices\Core\smax4pnp.exe
    c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart .exe —^> c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
    c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM .exe —^> c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
    c:\program files\Creative\Software Update 3\SoftAuto .exe —^> c:\program files\Creative\Software Update 3\SoftAuto.exe
    c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler .exe —^> c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
    c:\program files\Hp\HP Software Update\HPWuSchd2 .exe —^> c:\program files\Hp\HP Software Update\HPWuSchd2.exe
    c:\program files\InterVideo\DVD Check\DVDCheck .exe —^> c:\program files\InterVideo\DVD Check\DVDCheck.exe
    c:\program files\Java\jre1.6.0_07\bin\jusched .exe —^> c:\program files\Java\jre1.6.0_07\bin\jusched.exe
    c:\program files\Lavasoft\Ad-Aware\AAWTray .exe —^> c:\program files\Lavasoft\Ad-Aware\AAWTray.exe
    c:\program files\Microsoft Office\Office12\GrooveMonitor .exe —^> c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
    c:\program files\Windows Live\Messenger\MsnMsgr .exe —^> c:\program files\Windows Live\Messenger\MsnMsgr.exe
    </pre> [/code:1:ece92fa460]
    .
    Besmet exemplaar van c:\windows\system32\drivers\disk.sys werd aangetroffen en gedesinfecteerd
    Hersteld exemplaar van - Kitty had a snack :p
    .
    (((((((((((((((((((( Bestanden Gemaakt van 2010-05-15 to 2010-06-15 ))))))))))))))))))))))))))))))
    .

    2010-06-15 18:00 . 2010-06-15 18:05 ——– d—–w- c:\users\Diego\AppData\Local\temp
    2010-06-15 18:00 . 2010-06-15 18:00 ——– d—–w- c:\windows\system32\config\systemprofile\AppData\Local\temp
    2010-06-15 18:00 . 2010-06-15 18:00 ——– d—–w- c:\users\Default\AppData\Local\temp
    2010-06-15 15:41 . 2010-06-15 16:00 ——– d—–w- c:\windows\system32\config\systemprofile\AppData\Local\Google
    2010-06-15 11:21 . 2010-06-15 11:21 ——– d—–w- c:\program files\Enigma Software Group
    2010-06-15 10:59 . 2010-06-15 10:59 ——– d—–w- C:\$AVG
    2010-06-14 17:57 . 2010-06-14 17:57 ——– d—–w- c:\windows\system32\config\systemprofile\Tracing
    2010-06-14 17:22 . 2010-06-06 16:55 38916 —-a-w- c:\windows\system32\0AhF4d3.com
    2010-06-14 16:32 . 2010-06-14 16:32 ——– d—–w- c:\users\Diego\AppData\Roaming\Malwarebytes
    2010-06-14 16:32 . 2010-04-29 13:39 38224 —-a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2010-06-14 16:32 . 2010-06-16 02:40 ——– d—–w- c:\program files\Malwarebytes' Anti-Malware
    2010-06-14 16:32 . 2010-06-14 16:32 ——– d—–w- c:\programdata\Malwarebytes
    2010-06-14 16:32 . 2010-04-29 13:39 20952 —-a-w- c:\windows\system32\drivers\mbam.sys
    2010-06-14 16:05 . 2010-06-14 16:05 ——– d—–w- c:\windows\system32\config\systemprofile\Bluetooth Software
    2010-06-14 15:56 . 2010-06-14 19:18 ——– d—–w- c:\windows\system32\config\systemprofile\AppData\Local\Adobe
    2010-06-12 16:43 . 2010-06-12 16:44 ——– d—–w- c:\windows\system32\config\systemprofile\AppData\Roaming\Azureus
    2010-06-12 08:52 . 2010-06-12 08:52 ——– d—–w- c:\program files\Trend Micro
    2010-06-11 20:37 . 2009-07-14 17:45 445008 —-a-w- c:\windows\system32\drivers\Wdf01000.sys
    2010-06-11 20:37 . 2009-07-14 17:45 38480 —-a-w- c:\windows\system32\drivers\WdfLdr.sys
    2010-06-11 20:34 . 2009-08-07 07:49 1461992 —-a-w- c:\windows\system32\WdfCoInstaller01009.dll
    2010-06-11 20:34 . 2009-08-28 08:32 120104 —-a-w- c:\windows\system32\SynTPCo4.dll
    2010-06-11 20:34 . 2009-08-28 08:32 206120 —-a-w- c:\windows\system32\SynCtrl.dll
    2010-06-11 20:34 . 2009-08-28 08:32 169256 —-a-w- c:\windows\system32\SynCOM.dll
    2010-06-11 20:34 . 2009-08-28 08:33 228784 —-a-w- c:\windows\system32\drivers\SynTP.sys
    2010-06-11 20:34 . 2009-08-28 08:32 161064 —-a-w- c:\windows\system32\SynTPAPI.dll

    .
    ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2010-06-16 02:41 . 2006-11-02 12:37 ——– d—–w- c:\program files\Windows Photo Gallery
    2010-06-16 02:40 . 2008-05-27 19:53 ——– d—–w- c:\users\Diego\AppData\Roaming\Azureus
    2010-06-16 02:40 . 2008-05-27 16:53 ——– d—–w- c:\program files\Google
    2010-06-16 02:40 . 2008-05-27 19:07 ——– d—–w- c:\program files\Azureus
    2010-06-16 02:40 . 2007-07-18 14:03 ——– d—–w- c:\program files\Common Files\Java
    2010-06-16 02:40 . 2008-06-22 14:43 ——– d—–w- c:\program files\Common Files\Adobe
    2010-06-15 18:01 . 2006-11-21 16:07 12 —-a-w- c:\windows\bthservsdp.dat
    2010-06-15 17:51 . 2006-11-02 16:06 736688 —-a-w- c:\windows\system32\perfh013.dat
    2010-06-15 17:51 . 2006-11-02 16:06 157480 —-a-w- c:\windows\system32\perfc013.dat
    2010-06-15 17:13 . 2010-04-19 16:29 ——– d—–w- c:\programdata\avg9
    2010-06-15 15:41 . 2010-06-06 16:57 112 —-a-w- c:\programdata\qdWUKsm.dat
    2010-06-15 09:43 . 2007-07-18 14:03 ——– d—–w- c:\program files\Java
    2010-06-14 18:30 . 2007-07-18 12:59 ——– d–h–w- c:\program files\InstallShield Installation Information
    2010-06-14 18:30 . 2010-04-27 17:32 ——– d—–w- c:\program files\Giant
    2010-06-14 17:52 . 2010-06-14 17:52 29512 —-a-w- c:\programdata\avg9\update\backup\avgmfx86.sys
    2010-06-14 17:52 . 2010-06-14 17:52 242896 —-a-w- c:\programdata\avg9\update\backup\avgtdix.sys
    2010-06-14 16:01 . 2008-05-27 16:24 119560 —-a-w- c:\windows\system32\config\systemprofile\AppData\Local\GDIPFONTCACHEV1.DAT
    2010-06-12 08:52 . 2010-06-12 08:52 388096 —-a-r- c:\users\Diego\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
    2010-06-11 20:40 . 2010-06-11 20:40 0 —ha-w- c:\windows\system32\drivers\Msft_Kernel_SynTP_01009.Wdf
    2010-06-11 20:39 . 2010-06-11 20:39 0 —ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf
    2010-05-12 22:42 . 2006-11-02 11:18 ——– d—–w- c:\program files\Windows Mail
    2010-05-12 22:42 . 2007-07-18 13:24 ——– d—–w- c:\programdata\Microsoft Help
    2010-05-06 08:36 . 2009-10-02 16:28 221568 —-a-w- c:\windows\system32\MpSigStub.exe
    2010-04-19 16:29 . 2010-04-19 16:29 ——– d—–w- c:\program files\AVG
    2008-06-20 22:49 . 2008-06-20 22:49 22 –sha-w- c:\windows\SMINST\HPCD.sys
    .
    [code:1:ece92fa460]<pre>
    c:\program files\AVG\AVG9\avgtray .exe
    c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain .exe
    c:\program files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg .exe
    c:\program files\Synaptics\SynTP\SynTPEnh .exe
    c:\windows\WindowsMobile\wmdc .exe
    </pre>[/code:1:ece92fa460]

    ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
    "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
    "LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2007-04-19 484904]
    "MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr .exe" [N/A]
    "SoftAuto.exe"="c:\program files\Creative\Software Update 3\SoftAuto.exe" [2008-08-13 405504]
    "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]
    "PTHOSTTR"="c:\program files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE" [2007-01-09 145184]
    "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-08-28 1557800]
    "hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2010-06-06 38916]
    "WAWifiMessage"="c:\program files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [N/A]
    "HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2007-03-12 50696]
    "SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
    "QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-11-06 177456]
    "CognizanceTS"="c:\progra~1\HEWLET~1\IAM\Bin\ASTSVCC.dll" [2003-12-22 17920]
    "WatchDog"="c:\program files\InterVideo\DVD Check\DVDCheck.exe" [2007-05-23 192512]
    "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
    "HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
    "Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2010-03-01 524632]
    "Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2010-06-06 38916]
    "SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2007-02-21 1183744]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2010-04-02 40368]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
    "ST Recovery Launcher"="c:\windows\SMINST\launcher.exe" [2007-03-09 44168]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2007-04-19 484904]

    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    BTTray.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-3-29 719664]
    DVD Check.lnk - c:\program files\InterVideo\DVD Check\DVDCheck.exe [2008-5-27 192512]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableLUA"= 0 (0x0)
    "EnableUIADesktopToggle"= 0 (0x0)

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"=c:\windows\System32\APSHook.dll

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
    @="Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
    @="Driver"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
    @="Service"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Canaveral]
    c:\windows\system32\sshnas21.dll [N/A]

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
    "VistaSp2"=hex(b):d6,21,8d,0e,77,56,ca,01

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-3794467398-4075155546-3649200515-1006]
    "EnableNotificationsRef"=dword:00000001

    R3 CTUPnPSv;Creative Centrale Media Server;c:\program files\Creative\Creative Centrale\CTUPnPSv.exe [2008-05-21 64000]
    R4 sptd;sptd;c:\windows\system32\Drivers\sptd.sys [2008-05-27 717296]
    S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2009-05-18 64160]
    S2 ASBroker;Logon Session Broker;c:\windows\System32\svchost.exe [2008-01-19 21504]
    S2 ASChannel;Local Communication Channel;c:\windows\System32\svchost.exe [2008-01-19 21504]
    S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2010-03-01 1029456]
    S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\b57nd60x.sys [2007-02-26 179712]


    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
    bthsvcs REG_MULTI_SZ BthServ
    Cognizance REG_MULTI_SZ ASBroker ASChannel
    WindowsMobile REG_MULTI_SZ wcescomm rapimgr
    LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
    LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache

    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\ccc-core-static]
    msiexec [N/A]

    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
    2007-04-19 11:23 452136 —-a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
    .
    Inhoud van de 'Gedeelde Taken' map

    2010-05-24 c:\windows\Tasks\Ad-Aware Update (Weekly).job
    - c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-03-09 12:58]

    2010-06-14 c:\windows\Tasks\At101.job
    - c:\windows\system32\0AhF4d3.com [2010-06-14 16:55]

    2010-06-14 c:\windows\Tasks\At103.job
    - c:\windows\system32\0AhF4d3.com [2010-06-14 16:55]

    2010-06-14 c:\windows\Tasks\At105.job
    - c:\windows\system32\0AhF4d3.com [2010-06-14 16:55]

    2010-06-14 c:\windows\Tasks\At107.job
    - c:\windows\system32\0AhF4d3.com [2010-06-14 16:55]

    2010-06-14 c:\windows\Tasks\At109.job
    - c:\windows\system32\0AhF4d3.com [2010-06-14 16:55]

    2010-06-15 c:\windows\Tasks\At111.job
    - c:\windows\system32\0AhF4d3.com [2010-06-14 16:55]

    2010-06-14 c:\windows\Tasks\At113.job
    - c:\windows\system32\0AhF4d3.com [2010-06-14 16:55]

    2010-06-14 c:\windows\Tasks\At115.job
    - c:\windows\system32\0AhF4d3.com [2010-06-14 16:55]

    2010-06-14 c:\windows\Tasks\At117.job
    - c:\windows\system32\0AhF4d3.com [2010-06-14 16:55]

    2010-06-14 c:\windows\Tasks\At119.job
    - c:\windows\system32\0AhF4d3.com [2010-06-14 16:55]

    2010-06-10 c:\windows\Tasks\At16.job
    - c:\windows\Fonts\0AhF4d3.com [2010-06-15 16:55]

    2010-06-10 c:\windows\Tasks\At17.job
    - c:\windows\Fonts\0AhF4d3.com [2010-06-15 16:55]

    2010-06-10 c:\windows\Tasks\At18.job
    - c:\windows\Fonts\0AhF4d3.com [2010-06-15 16:55]

    2010-06-14 c:\windows\Tasks\At19.job
    - c:\windows\Fonts\0AhF4d3.com [2010-06-15 16:55]

    2010-06-10 c:\windows\Tasks\At2.job
    - c:\windows\Fonts\0AhF4d3.com [2010-06-15 16:55]

    2010-06-15 c:\windows\Tasks\At20.job
    - c:\windows\Fonts\0AhF4d3.com [2010-06-15 16:55]

    2010-06-14 c:\windows\Tasks\At21.job
    - c:\windows\Fonts\0AhF4d3.com [2010-06-15 16:55]

    2010-06-10 c:\windows\Tasks\At22.job
    - c:\windows\Fonts\0AhF4d3.com [2010-06-15 16:55]

    2010-06-11 c:\windows\Tasks\At23.job
    - c:\windows\Fonts\0AhF4d3.com [2010-06-15 16:55]

    2010-06-06 c:\windows\Tasks\At24.job
    - c:\windows\Fonts\0AhF4d3.com [2010-06-15 16:55]

    2010-06-14 c:\windows\Tasks\At25.job
    - c:\windows\Fonts\0AhF4d3.com [2010-06-15 16:55]

    2010-06-14 c:\windows\Tasks\At26.job
    - c:\windows\Fonts\0AhF4d3.com [2010-06-15 16:55]

    2010-06-14 c:\windows\Tasks\At27.job
    - c:\windows\Fonts\0AhF4d3.com [2010-06-15 16:55]

    2010-06-14 c:\windows\Tasks\At28.job
    - c:\windows\Fonts\0AhF4d3.com [2010-06-15 16:55]

    2010-06-14 c:\windows\Tasks\At29.job
    - c:\windows\Fonts\0AhF4d3.com [2010-06-15 16:55]

    2010-06-10 c:\windows\Tasks\At3.job
    - c:\windows\Fonts\0AhF4d3.com [2010-06-15 16:55]

    2010-06-14 c:\windows\Tasks\At30.job
    - c:\windows\Fonts\0AhF4d3.com [2010-06-15 16:55]

    2010-06-14 c:\windows\Tasks\At31.job
    - c:\windows\Fonts\0AhF4d3.com [2010-06-15 16:55]

    2010-06-14 c:\windows\Tasks\At32.job
    - c:\windows\Fonts\0AhF4d3.com [2010-06-15 16:55]

    2010-06-14 c:\windows\Tasks\At33.job
    - c:\windows\Fonts\0AhF4d3.com [2010-06-15 16:55]

    2010-06-14 c:\windows\Tasks\At34.job
    - c:\windows\Fonts\0AhF4d3.com [2010-06-15 16:55]

    2010-06-14 c:\windows\Tasks\At35.job
    - c:\windows\Fonts\0AhF4d3.com [2010-06-15 16:55]

    2010-06-14 c:\windows\Tasks\At36.job
    - c:\windows\Fonts\0AhF4d3.com [2010-06-15 16:55]

    2010-06-14 c:\windows\Tasks\At37.job
    - c:\windows\Fonts\0AhF4d3.com [2010-06-15 16:55]

    2010-06-14 c:\windows\Tasks\At38.job
    - c:\windows\Fonts\0AhF4d3.com [2010-06-15 16:55]

    2010-06-14 c:\windows\Tasks\At39.job
    - c:\windows\Fonts\0AhF4d3.com [2010-06-15 16:55]

    2010-06-10 c:\windows\Tasks\At4.job
    - c:\windows\Fonts\0AhF4d3.com [2010-06-15 16:55]

    2010-06-14 c:\windows\Tasks\At40.job
    - c:\windows\Fonts\0AhF4d3.com [2010-06-15 16:55]

    2010-06-14 c:\windows\Tasks\At41.job
    - c:\windows\Fonts\0AhF4d3.com [2010-06-15 16:55]

    2010-06-14 c:\windows\Tasks\At42.job
    - c:\windows\Fonts\0AhF4d3.com [2010-06-15 16:55]

    2010-06-14 c:\windows\Tasks\At43.job
    - c:\windows\Fonts\0AhF4d3.com [2010-06-15 16:55]

    2010-06-14 c:\windows\Tasks\At44.job
    - c:\windows\Fonts\0AhF4d3.com [2010-06-15 16:55]

    2010-06-14 c:\windows\Tasks\At45.job
    - c:\windows\Fonts\0AhF4d3.com [2010-06-15 16:55]

    2010-06-14 c:\windows\Tasks\At46.job
    - c:\windows\Fonts\0AhF4d3.com [2010-06-15 16:55]

    2010-06-14 c:\windows\Tasks\At47.job
    - c:\windows\Fonts\0AhF4d3.com [2010-06-15 16:55]

    2010-06-14 c:\windows\Tasks\At48.job
    - c:\windows\Fonts\0AhF4d3.com [2010-06-15 16:55]

    2010-06-14 c:\windows\Tasks\At49.job
    - c:\windows\Fonts\0AhF4d3.com [2010-06-15 16:55]

    2010-06-10 c:\windows\Tasks\At5.job
    - c:\windows\Fonts\0AhF4d3.com [2010-06-15 16:55]

    2010-06-14 c:\windows\Tasks\At50.job
    - c:\windows\Fonts\0AhF4d3.com [2010-06-15 16:55]

    2010-06-14 c:\windows\Tasks\At51.job
    - c:\windows\Fonts\0AhF4d3.com [2010-06-15 16:55]

    2010-06-14 c:\windows\Tasks\At52.job
    - c:\windows\Fonts\0AhF4d3.com [2010-06-15 16:55]

    2010-06-14 c:\windows\Tasks\At53.job
    - c:\windows\Fonts\0AhF4d3.com [2010-06-15 16:55]

    2010-06-14 c:\windows\Tasks\At54.job
    - c:\windows\Fonts\0AhF4d3.com [2010-06-15 16:55]

    2010-06-14 c:\windows\Tasks\At55.job
    - c:\windows\Fonts\0AhF4d3.com [2010-06-15 16:55]

    2010-06-14 c:\windows\Tasks\At56.job
    - c:\windows\Fonts\0AhF4d3.com [2010-06-15 16:55]

    2010-06-14 c:\windows\Tasks\At57.job
    - c:\windows\Fonts\0AhF4d3.com [2010-06-15 16:55]

    2010-06-14 c:\windows\Tasks\At58.job
    - c:\windows\Fonts\0AhF4d3.com [2010-06-15 16:55]

    2010-06-14 c:\windows\Tasks\At59.job
    - c:\windows\Fonts\0AhF4d3.com [2010-06-15 16:55]

    2010-06-10 c:\windows\Tasks\At6.job
    - c:\windows\Fonts\0AhF4d3.com [2010-06-15 16:55]

    2010-06-14 c:\windows\Tasks\At60.job
    - c:\windows\Fonts\0AhF4d3.com [2010-06-15 16:55]

    2010-06-14 c:\windows\Tasks\At61.job
    - c:\windows\Fonts\0AhF4d3.com [2010-06-15 16:55]

    2010-06-14 c:\windows\Tasks\At62.job
    - c:\windows\Fonts\0AhF4d3.com [2010-06-15 16:55]

    2010-06-15 c:\windows\Tasks\At63.job
    - c:\windows\Fonts\0AhF4d3.com [2010-06-15 16:55]

    2010-06-15 c:\windows\Tasks\At64.job
    - c:\windows\Fonts\0AhF4d3.com [2010-06-15 16:55]

    2010-06-14 c:\windows\Tasks\At65.job
    - c:\windows\Fonts\0AhF4d3.com [2010-06-15 16:55]

    2010-06-14 c:\windows\Tasks\At66.job
    - c:\windows\Fonts\0AhF4d3.com [2010-06-15 16:55]

    2010-06-14 c:\windows\Tasks\At67.job
    - c:\windows\Fonts\0AhF4d3.com [2010-06-15 16:55]

    2010-06-14 c:\windows\Tasks\At68.job
    - c:\windows\Fonts\0AhF4d3.com [2010-06-15 16:55]

    2010-06-14 c:\windows\Tasks\At69.job
    - c:\windows\Fonts\0AhF4d3.com [2010-06-15 16:55]

    2010-06-10 c:\windows\Tasks\At7.job
    - c:\windows\Fonts\0AhF4d3.com [2010-06-15 16:55]

    2010-06-14 c:\windows\Tasks\At70.job
    - c:\windows\Fonts\0AhF4d3.com [2010-06-15 16:55]

    2010-06-14 c:\windows\Tasks\At71.job
    - c:\windows\Fonts\0AhF4d3.com [2010-06-15 16:55]

    2010-06-14 c:\windows\Tasks\At72.job
    - c:\windows\Fonts\0AhF4d3.com [2010-06-15 16:55]

    2010-06-14 c:\windows\Tasks\At73.job
    - c:\windows\system32\0AhF4d3.com [2010-06-14 16:55]

    2010-06-14 c:\windows\Tasks\At75.job
    - c:\windows\system32\0AhF4d3.com [2010-06-14 16:55]

    2010-06-14 c:\windows\Tasks\At77.job
    - c:\windows\system32\0AhF4d3.com [2010-06-14 16:55]

    2010-06-14 c:\windows\Tasks\At79.job
    - c:\windows\system32\0AhF4d3.com [2010-06-14 16:55]

    2010-06-10 c:\windows\Tasks\At8.job
    - c:\windows\Fonts\0AhF4d3.com [2010-06-15 16:55]

    2010-06-14 c:\windows\Tasks\At81.job
    - c:\windows\system32\0AhF4d3.com [2010-06-14 16:55]

    2010-06-14 c:\windows\Tasks\At83.job
    - c:\windows\system32\0AhF4d3.com [2010-06-14 16:55]

    2010-06-14 c:\windows\Tasks\At85.job
    - c:\windows\system32\0AhF4d3.com [2010-06-14 16:55]

    2010-06-14 c:\windows\Tasks\At87.job
    - c:\windows\system32\0AhF4d3.com [2010-06-14 16:55]

    2010-06-14 c:\windows\Tasks\At89.job
    - c:\windows\system32\0AhF4d3.com [2010-06-14 16:55]

    2010-06-10 c:\windows\Tasks\At9.job
    - c:\windows\Fonts\0AhF4d3.com [2010-06-15 16:55]

    2010-06-14 c:\windows\Tasks\At91.job
    - c:\windows\system32\0AhF4d3.com [2010-06-14 16:55]

    2010-06-14 c:\windows\Tasks\At93.job
    - c:\windows\system32\0AhF4d3.com [2010-06-14 16:55]

    2010-06-14 c:\windows\Tasks\At95.job
    - c:\windows\system32\0AhF4d3.com [2010-06-14 16:55]

    2010-06-14 c:\windows\Tasks\At97.job
    - c:\windows\system32\0AhF4d3.com [2010-06-14 16:55]

    2010-06-14 c:\windows\Tasks\At99.job
    - c:\windows\system32\0AhF4d3.com [2010-06-14 16:55]
    .
    .
    ——- Bijkomende Scan ——-
    .
    uStart Page = hxxp://www.spitsnieuws.nl/
    mStart Page = hxxp://ie.redirect.hp.com/svs
    dr?TYPE=3&tp=iehome&locale=NL_NL&c=none&bd=smb&pf=laptop
    IE: Afbeelding verzenden naar &Bluetooth-apparaat… - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
    IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
    IE: Pagina verzenden naar &Bluetooth-apparaat… - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    .
    - - - - ORPHANS VERWIJDERD - - - -

    AddRemove-Agere Systems Soft Modem - c:\windows\agrsmdel



    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2010-06-15 20:04
    Windows 6.0.6002 Service Pack 2 NTFS

    scannen van verborgen processen …

    scannen van verborgen autostart items …

    scannen van verborgen bestanden …

    Scan succesvol afgerond
    verborgen bestanden: 0

    **************************************************************************
    .
    ——————— VERGRENDELDE REGISTER SLEUTELS ———————

    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    "MSCurrentCountry"=dword:000000b5

    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    ——————— DLLs Geladen Onder Lopende Processen ———————

    - - - - - - - > 'Explorer.exe'(5388)
    c:\windows\system32\APSHook.dll
    c:\program files\Hewlett-Packard\IAM\bin\ItClient.dll
    c:\windows\system32\btmmhook.dll
    c:\windows\system32\btncopy.dll
    .
    ———————— Andere Aktieve Processen ————————
    .
    c:\program files\Hewlett-Packard\IAM\bin\asghost.exe
    c:\windows\system32\AEADISRV.EXE
    c:\windows\system32\agrsmsvc.exe
    c:\program files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
    c:\program files\Creative\Shared Files\CTDevSrv.exe
    c:\program files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
    c:\program files\Common Files\LightScribe\LSSrvc.exe
    c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
    c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
    c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    c:\program files\Hewlett-Packard\Shared\hpqWmiEx.exe
    c:\windows\SMINST\scheduler.exe
    c:\windows\system32\wbem\unsecapp.exe
    c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain .exe
    c:\windows\WindowsMobile\wmdc .exe
    c:\program files\Synaptics\SynTP\SynTPHelper.exe
    c:\program files\Hewlett-Packard\Shared\HpqToaster.exe
    c:\program files\WIDCOMM\Bluetooth Software\BtStackServer.exe
    c:\program files\Hewlett-Packard\HP Health Check\hphc_service.exe
    c:\program files\Java\jre1.6.0_07\bin\jucheck.exe
    .
    **************************************************************************
    .
    Voltooingstijd: 2010-06-15 20:27:55 - machine werd herstart
    ComboFix-quarantined-files.txt 2010-06-15 18:27

    Pre-Run: 21.890.551.808 bytes beschikbaar
    Post-Run: 21.767.708.672 bytes beschikbaar

    - - End Of File - - D87D18048E86E5668DDA938F04601ABB
  • Hallo diegotham, na de laatste scan door Combofix - hoe gaat het nu met jouw Windows?
  • Nog steeds geinfecteerd, laatste detectie:

    c:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe

    Geeft aan dat het nog steeds de Generic18.ENE betreft.
  • Welke scanner geeft nu aan dat in c:\Program Files\Lavasoft\Ad-Aware het bestand [b:f3a96e9649]AAWTray.exe [/b:f3a96e9649] geïnfecteerd is?
  • AVG geeft het aan.

Beantwoord deze vraag

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.