Vraag & Antwoord

Beveiliging & privacy

trojan infectie

13 antwoorden
  • Ik ben tevens geinfecteerd met een trojan generic 18. HiJackThis geeft dit: Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 11:16:21, on 12-6-2010 Platform: Windows Vista SP2 (WinNT 6.00.1906) MSIE: Internet Explorer v8.00 (8.00.6001.18904) Boot mode: Normal Running processes: C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\SMINST\scheduler.exe C:\Program Files\Windows Defender\MSASCui.exe C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\pthosttr.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\Synaptics\SynTP\SynTPHelper.exe C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe C:\Windows\System32\mobsync.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Windows\SMINST\scheduler.exe C:\Windows\system32\conime.exe C:\Program Files\AVG\AVG9\avgui.exe C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.spitsnieuws.nl/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=NL_NL&c=none&bd=smb&pf=laptop R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=NL_NL&c=none&bd=smb&pf=laptop R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ::1 localhost O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: ThreeShips IEHelper - {17FDB9F8-DCC4-4F6A-AE07-B16018A48469} - C:\Program Files\Common Files\Threeships Shared\DLL\ThreeShipsIEHelper.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: Aanmeldhulp voor Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O2 - BHO: Credential Manager for HP ProtectTools - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - C:\Program Files\Hewlett-Packard\IAM\Bin\ItIEAddIn.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [PTHOSTTR] C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE /Start O4 - HKLM\..\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe O4 - HKLM\..\Run: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe O4 - HKLM\..\Run: [HP Health Check Scheduler] C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start O4 - HKLM\..\Run: [CognizanceTS] rundll32.exe C:\PROGRA~1\HEWLET~1\IAM\Bin\ASTSVCC.dll,RegisterModule O4 - HKLM\..\Run: [WatchDog] C:\Program Files\InterVideo\DVD Check\DVDCheck .exe O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe O4 - HKLM\..\Run: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe O4 - HKLM\..\RunOnce: [ST Recovery Launcher] %WINDIR%\SMINST\launcher.exe O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [StartCCC] c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr .exe" /background O4 - HKCU\..\Run: [SoftAuto.exe] "C:\Program Files\Creative\Software Update 3\SoftAuto.exe" O4 - HKCU\..\Run: [M5T8QL3YW3] C:\Users\Diego\AppData\Local\Temp\Wsd.exe O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden (User 'SYSTEEM') O4 - HKUS\.DEFAULT\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden (User 'Default user') O4 - Global Startup: BTTray.lnk = ? O4 - Global Startup: DVD Check.lnk = C:\Program Files\InterVideo\DVD Check\DVDCheck.exe O8 - Extra context menu item: Afbeelding verzenden naar &Bluetooth-apparaat... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Pagina verzenden naar &Bluetooth-apparaat... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~2.0_0\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~2.0_0\bin\ssv.dll O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://download.divx.com/player/DivXBrowserPlugin.cab O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll O20 - AppInit_DLLs: APSHook.dll,avgrsstx.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Andrea ADI Filters Service (AEADIFilters) - Andrea Electronics Corporation - C:\Windows\system32\AEADISRV.EXE O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe O23 - Service: CT Device Query service (CTDevice_Srv) - Creative Technology Ltd - C:\Program Files\Creative\Shared Files\CTDevSrv.exe O23 - Service: Creative Centrale Media Server (CTUPnPSv) - Creative Technology Ltd - C:\Program Files\Creative\Creative Centrale\CTUPnPSv.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe O23 - Service: RoxMediaDB9 - Sonic Solutions - c:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe O23 - Service: SonicStage Back-End Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SsBeSvc.exe O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe -- End of file - 11777 bytes Hopenlijk kan iemand mij helpen. Alvast bedankt
  • Hallo diegotham, doe het volgende: [color=#FF0000:9a5e243c21][b:9a5e243c21]Stap •1•[/b:9a5e243c21][/color:9a5e243c21] sluit alle openstaande vensters en start dan HijackThis en klik op de knop [b:9a5e243c21]Do a Scan only, O4 - HKCU\..\Run: [M5T8QL3YW3] C:\Users\Diego\AppData\Local\Temp\Wsd.exe[/b:9a5e243c21] • zet een vinkje voor die regel(s) welke met de bovenstaande regels corresponderen • vervolgens klik je daarna op de knop [b:9a5e243c21]Fix checked[/b:9a5e243c21] • Klik hierna HijackThis op uit.[/list] [b:9a5e243c21] Start de computer na de fix opnieuw op[/b:9a5e243c21] [color=#FF0000:9a5e243c21][b:9a5e243c21]Stap •2•[/b:9a5e243c21][/color:9a5e243c21] [b:9a5e243c21]Download [url=http://oldtimer.geekstogo.com/TFC.exe]TFC (klick)[/url] naar je bureaublad.[/b:9a5e243c21] N.B.: Gebruikers van Windows Vista en Windows 7 starten het tool middels rechtsklik en daarbij dan kiezend voor Als Administrator uitvoeren! • Klik/dubbelklik op [b:9a5e243c21]TFC.exe[/b:9a5e243c21] om het programma te starten. • Niet schrikken - het tool sluit alle lopende programma's - ergo: verzeker je dus ervan, dat je werk al is opgeslagen! • Vervolgens klik je op de knop [b:9a5e243c21]Start[/b:9a5e243c21] om de scan te starten. Deze scan kan kort of langer duren, wees geduldig en laat TFC zijn taak doen en wacht to TFC klaaar is. • Indien TFC klaar is, dan komt de melding dat de computer opnieuw opgestart wordt. • Gebeurt het afsluiten niet automatisch, start dan zelf de computer opnieuw op. • Noot: TFC vertoont geen log! [color=#FF0000:9a5e243c21][b:9a5e243c21]Stap •3•[/b:9a5e243c21][/color:9a5e243c21] [b:9a5e243c21][url=http://www.idealsoftware.nl/MBAM/]Download, installeer en blijf MBAM gebruiken (KLIK)[/url][/b:9a5e243c21] • Al meteen na de installatie wil [b:9a5e243c21]MBAM[/b:9a5e243c21] zijn database opwaarderen – toestaan dus. • Ook bij herhaald gebruik: eerst MBAM updaten via de tab [b:9a5e243c21]Update[/b:9a5e243c21]! • Start [b:9a5e243c21]MBAM[/b:9a5e243c21] en kies voor [b:9a5e243c21]Snelle Scan[/b:9a5e243c21] • [b:9a5e243c21]N.B.: Vistagebruik(st)ers starten MBAM middels rechtsklikken en dan kiezen voor Als Administrator uitvoeren.[/b:9a5e243c21] • Het scannen kan een tijdje duren, dus wees geduldig. • Indien de scan voltooid is, klik dan op de knop [b:9a5e243c21]OK[/b:9a5e243c21] • Klik daarna op de knop [b:9a5e243c21]Bekijk Resultaten[/b:9a5e243c21] om de resultaten te zien. • Zorg ervoor, dat alles aangevinkt is. • Vervolgens klik je op: [b:9a5e243c21]Verwijder geselecteerde[/b:9a5e243c21] . • Na het verwijderen zal een log openen en zal er gevraagd worden om de computer opnieuw op te starten. • Het log wordt automatisch bewaard door [b:9a5e243c21]MBAM[/b:9a5e243c21] en dat kan je terugvinden door op de tab [b:9a5e243c21]Logs[/b:9a5e243c21] te klikken in [b:9a5e243c21]MBAM[/b:9a5e243c21] . • Indien [b:9a5e243c21]MBAM[/b:9a5e243c21] moeilijkheden heeft met het verwijderen van bepaalde bestanden zal het enkele meldingen geven – dan telkens op [b:9a5e243c21]OK[/b:9a5e243c21] klikken! • Daarna zal [b:9a5e243c21]MBAM[/b:9a5e243c21] vragen om de Computer opnieuw op te starten - dus sta toe dat de computer opnieuw opgestart wordt.[/list] Indien er de rootkit (TDSS) aanwezig is, zal MBAM ook vragen te herstarten. Doe dit dan ook. MBAM zal dan na de herstart opnieuw scannen en de rootkit verwijderen. [b:9a5e243c21]Hierna post je de inhoud van de volgende logs:[/b:9a5e243c21] • een nieuw Hijackthis-log • MBAM scanlog [b:9a5e243c21]Tevens een Uninstall-lijst posten:[/b:9a5e243c21] • start HijackThis, • klik op de knop [b:9a5e243c21]Open the Misc Tools section[/b:9a5e243c21], • klik op de knop [b:9a5e243c21]Open Uninstall Manager[/b:9a5e243c21] • Klik op de knop [b:9a5e243c21]Save[/b:9a5e243c21].
  • HiJackThis Log: Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 19:40:54, on 14-6-2010 Platform: Windows Vista SP2 (WinNT 6.00.1906) MSIE: Internet Explorer v8.00 (8.00.6001.18904) Boot mode: Normal Running processes: C:\Windows\system32\taskeng.exe C:\Program Files\Hewlett-Packard\IAM\bin\asghost.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\SMINST\scheduler.exe C:\Program Files\Windows Defender\MSASCui.exe C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\pthosttr.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\Lavasoft\Ad-Aware\AAWTray .exe C:\Program Files\Windows Live\Messenger\MsnMsgr .exe C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain .exe C:\Program Files\Analog Devices\Core\smax4pnp .exe C:\Program Files\Java\jre1.6.0_07\bin\jusched .exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor .exe C:\Program Files\Creative\Software Update 3\SoftAuto .exe C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe C:\Program Files\Hp\HP Software Update\HPWuSchd2 .exe C:\Windows\WindowsMobile\wmdc .exe C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe C:\Program Files\Synaptics\SynTP\SynTPHelper.exe C:\Windows\System32\mobsync.exe C:\Windows\system32\conime.exe C:\Program Files\Java\jre1.6.0_07\bin\jucheck.exe C:\Program Files\AVG\AVG9\avgtray.exe C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.spitsnieuws.nl/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=NL_NL&c=none&bd=smb&pf=laptop R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=NL_NL&c=none&bd=smb&pf=laptop R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ::1 localhost O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: ThreeShips IEHelper - {17FDB9F8-DCC4-4F6A-AE07-B16018A48469} - C:\Program Files\Common Files\Threeships Shared\DLL\ThreeShipsIEHelper.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: Aanmeldhulp voor Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O2 - BHO: Credential Manager for HP ProtectTools - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - C:\Program Files\Hewlett-Packard\IAM\Bin\ItIEAddIn.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [PTHOSTTR] C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE /Start O4 - HKLM\..\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe O4 - HKLM\..\Run: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe O4 - HKLM\..\Run: [HP Health Check Scheduler] C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start O4 - HKLM\..\Run: [CognizanceTS] rundll32.exe C:\PROGRA~1\HEWLET~1\IAM\Bin\ASTSVCC.dll,RegisterModule O4 - HKLM\..\Run: [WatchDog] C:\Program Files\InterVideo\DVD Check\DVDCheck .exe O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe O4 - HKLM\..\Run: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe O4 - HKLM\..\RunOnce: [ST Recovery Launcher] %WINDIR%\SMINST\launcher.exe O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [StartCCC] c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr .exe" /background O4 - HKCU\..\Run: [SoftAuto.exe] "C:\Program Files\Creative\Software Update 3\SoftAuto.exe" O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden (User 'SYSTEEM') O4 - HKUS\.DEFAULT\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden (User 'Default user') O4 - Global Startup: BTTray.lnk = ? O4 - Global Startup: DVD Check.lnk = C:\Program Files\InterVideo\DVD Check\DVDCheck.exe O8 - Extra context menu item: Afbeelding verzenden naar &Bluetooth-apparaat... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Pagina verzenden naar &Bluetooth-apparaat... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~2.0_0\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~2.0_0\bin\ssv.dll O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://download.divx.com/player/DivXBrowserPlugin.cab O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll O20 - AppInit_DLLs: APSHook.dll,avgrsstx.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Andrea ADI Filters Service (AEADIFilters) - Andrea Electronics Corporation - C:\Windows\system32\AEADISRV.EXE O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe O23 - Service: CT Device Query service (CTDevice_Srv) - Creative Technology Ltd - C:\Program Files\Creative\Shared Files\CTDevSrv.exe O23 - Service: Creative Centrale Media Server (CTUPnPSv) - Creative Technology Ltd - C:\Program Files\Creative\Creative Centrale\CTUPnPSv.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe O23 - Service: RoxMediaDB9 - Sonic Solutions - c:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe O23 - Service: SonicStage Back-End Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SsBeSvc.exe O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe -- End of file - 12277 bytes Uninstall log Aangifte inkomstenbelasting 2009 Activation Assistant for the 2007 Microsoft Office suites Ad-Aware Ad-Aware Adobe Flash Player 10 ActiveX Adobe Reader 8.2.2 - Nederlands Age of Empires III Age of Empires III - The Asian Dynasties Age of Empires III - The WarChiefs Agere Systems HDA Modem Application Installer 4.00.B14 ATI Uninstaller AVG Free 9.0 Business Contact Manager voor Outlook 2007 SP2 Business Contact Manager voor Outlook 2007 SP2 ccc-Branding Creative Centrale Creative Centrale Creative Software Update Creative ZEN X-Fi Video Converter Creative ZEN X-Fi Video Converter Creative ZEN X-Fi-Gebruikershandleiding Credential Manager for HP ProtectTools CutePDF Writer 2.7 ESU for Microsoft Vista Euroglot Professional 4.5 (remove only) GDR 4053 for SQL Server Database Services 2005 ENU (KB970892) Google Toolbar for Internet Explorer Google Toolbar for Internet Explorer Hewlett-Packard Active Check Hewlett-Packard Asset Agent HiJackThis Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595) Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484) HP Active Support Library HP Active Support Library 32 bit components HP Backup & Recovery Manager Installer HP BIOS Configuration for ProtectTools HP Customer Experience Enhancements HP Doc Viewer HP Easy Setup - Core HP Easy Setup - Frontend HP Help and Support HP Integrated Module with Bluetooth wireless technology 6.0.1.4900 HP Notebook Accessories Product Tour HP ProtectTools Security Manager HP Quick Launch Buttons 6.40 B2 HP Update HP User Guides 0064 HP Wireless Assistant Huur- en zorgtoeslag 2009 InterVideo DVD Check InterVideo WinDVD Japanese Fonts Support For Adobe Reader 8 Java(TM) 6 Update 5 Java(TM) 6 Update 7 Java(TM) SE Runtime Environment 6 Junk Mail filter update K-Lite Codec Pack 3.9.0 Standard LG USB Modem driver Malwarebytes' Anti-Malware Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 Dutch Language Pack Microsoft .NET Framework 1.1 Security Update (KB953297) Microsoft .NET Framework 3.5 Language Pack SP1 - nld Microsoft .NET Framework 3.5 SP1 Microsoft .NET Framework 3.5 SP1 Microsoft Choice Guard Microsoft Office 2003 Web Components Microsoft Office 2007 Primary Interop Assemblies Microsoft Office 2007 Service Pack 2 (SP2) Microsoft Office 2007 Service Pack 2 (SP2) Microsoft Office 2007 Service Pack 2 (SP2) Microsoft Office 2007 Service Pack 2 (SP2) Microsoft Office 2007 Service Pack 2 (SP2) Microsoft Office 2007 Service Pack 2 (SP2) Microsoft Office 2007 Service Pack 2 (SP2) Microsoft Office 2007 Service Pack 2 (SP2) Microsoft Office 2007 Service Pack 2 (SP2) Microsoft Office 2007 Service Pack 2 (SP2) Microsoft Office 2007 Service Pack 2 (SP2) Microsoft Office 2007 Service Pack 2 (SP2) Microsoft Office 2007 Service Pack 2 (SP2) Microsoft Office Access MUI (Dutch) 2007 Microsoft Office Enterprise 2007 Microsoft Office Enterprise 2007 Microsoft Office Excel MUI (Dutch) 2007 Microsoft Office Groove MUI (Dutch) 2007 Microsoft Office InfoPath MUI (Dutch) 2007 Microsoft Office Live Add-in 1.4 Microsoft Office OneNote MUI (Dutch) 2007 Microsoft Office Outlook MUI (Dutch) 2007 Microsoft Office PowerPoint MUI (Dutch) 2007 Microsoft Office Project 2007 Service Pack 2 (SP2) Microsoft Office Project 2007 Service Pack 2 (SP2) Microsoft Office Project MUI (Dutch) 2007 Microsoft Office Project Professional 2007 Microsoft Office Project Professional 2007 Microsoft Office Proof (Dutch) 2007 Microsoft Office Proof (English) 2007 Microsoft Office Proof (French) 2007 Microsoft Office Proof (German) 2007 Microsoft Office Proofing (Dutch) 2007 Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) Microsoft Office Publisher MUI (Dutch) 2007 Microsoft Office Shared MUI (Dutch) 2007 Microsoft Office Small Business-verbindingsonderdelen Microsoft Office Visio 2007 Service Pack 2 (SP2) Microsoft Office Visio 2007 Service Pack 2 (SP2) Microsoft Office Visio MUI (Dutch) 2007 Microsoft Office Visio Professional 2007 Microsoft Office Visio Professional 2007 Microsoft Office Word MUI (Dutch) 2007 Microsoft Reader Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs Microsoft Silverlight Microsoft SQL Server 2005 Microsoft SQL Server 2005 Express Edition (MSSMLBIZ) Microsoft SQL Server Native Client Microsoft SQL Server Setup-ondersteuningsbestanden (Engels) Microsoft SQL Server VSS Writer Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Visual C++ 2005 Redistributable MSCU for Microsoft Vista MSVCRT MSXML 4.0 SP2 (KB936181) MSXML 4.0 SP2 (KB941833) MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) Need for Speed™ Most Wanted OpenMG Limited Patch 4.7-07-14-05-01 OpenMG Secure Module 4.7.00 Roxio Creator Audio Roxio Creator Basic v9 Roxio Creator Copy Roxio Creator Data Roxio Creator Tools Roxio Express Labeler 3 Roxio MyDVD Basic v9 Security Update for 2007 Microsoft Office System (KB969559) Security Update for 2007 Microsoft Office System (KB969559) Security Update for 2007 Microsoft Office System (KB969559) Security Update for 2007 Microsoft Office System (KB976321) Security Update for 2007 Microsoft Office System (KB976321) Security Update for 2007 Microsoft Office System (KB976321) Security Update for 2007 Microsoft Office System (KB978380) Security Update for CAPICOM (KB931906) Security Update for CAPICOM (KB931906) Security Update for Microsoft Office Excel 2007 (KB978382) Security Update for Microsoft Office Outlook 2007 (KB972363) Security Update for Microsoft Office PowerPoint 2007 (KB957789) Security Update for Microsoft Office Publisher 2007 (KB980470) Security Update for Microsoft Office system 2007 (972581) Security Update for Microsoft Office system 2007 (972581) Security Update for Microsoft Office system 2007 (972581) Security Update for Microsoft Office system 2007 (KB969613) Security Update for Microsoft Office system 2007 (KB974234) Security Update for Microsoft Office system 2007 (KB974234) Security Update for Microsoft Office system 2007 (KB974234) Security Update for Microsoft Office Visio 2007 (KB979365) Security Update for Microsoft Office Visio Viewer 2007 (KB973709) Sonic Activation Module SonicStage 4.3 SopCast 3.2.9 SoundMAX Spelling Dictionaries Support For Adobe Reader 8 SPSS 16.0 for Windows Synaptics Pointing Device Driver Taalpakket voor Microsoft .NET Framework 3.5 SP1 - NL Three Ships Browser Plugin Total Commander (Remove or Repair) Update for 2007 Microsoft Office System (KB967642) Update for 2007 Microsoft Office System (KB967642) Update for 2007 Microsoft Office System (KB967642) Update for 2007 Microsoft Office System (KB981715) Update for 2007 Microsoft Office System (KB981715) Update for 2007 Microsoft Office System (KB981715) Update for Microsoft .NET Framework 3.5 SP1 (KB963707) Update for Microsoft Office InfoPath 2007 (KB976416) Update for Microsoft Office OneNote 2007 (KB980729) Update for Microsoft Office Word 2007 (KB974561) Update for Outlook 2007 Junk Email Filter (kb981726) Update voor Microsoft Office Excel 2007 Help (KB963678) Update voor Microsoft Office Powerpoint 2007 Help (KB963669) Update voor Microsoft Office Word 2007 Help (KB963665) Vista Default Settings Visual C++ 2008 x86 Runtime - (v9.0.30729) Visual C++ 2008 x86 Runtime - v9.0.30729.01 Vuze Windows Live - Hulpprogramma voor uploaden Windows Live Call Windows Live Communications Platform Windows Live Essentials Windows Live Essentials Windows Live ID Sign-in Assistant Windows Live Mail Windows Live Messenger Windows Mobile Apparaatcentrum Windows Mobile Device Center Driver Update WinRAR archiver MBAM log Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Databaseversie: 4197 Windows 6.0.6002 Service Pack 2 Internet Explorer 8.0.6001.18904 14-6-2010 18:43:24 mbam-log-2010-06-14 (18-43-24).txt Scantype: Snelle scan Objecten gescand: 137251 Verstreken tijd: 8 minuut/minuten, 47 seconde(n) Geheugenprocessen geïnfecteerd: 0 Geheugenmodulen geïnfecteerd: 0 Registersleutels geïnfecteerd: 6 Registerwaarden geïnfecteerd: 0 Registerdata geïnfecteerd: 0 Mappen geïnfecteerd: 2 Bestanden geïnfecteerd: 4 Geheugenprocessen geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Geheugenmodulen geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Registersleutels geïnfecteerd: HKEY_CURRENT_USER\Software\M5T8QL3YW3 (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Handle (Malware.Trace) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\QZAIB7KITK (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\AV Care (Rogue.AVCare) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AV Care (Rogue.AVCare) -> Quarantined and deleted successfully. Registerwaarden geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Registerdata geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Mappen geïnfecteerd: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AV Care (Rogue.AVCare) -> Quarantined and deleted successfully. C:\Users\Diego\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AV Care (Rogue.AVCare) -> Quarantined and deleted successfully. Bestanden geïnfecteerd: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AV Care\AV Care.lnk (Rogue.AVCare) -> Quarantined and deleted successfully. C:\ProgramData\sysReserve.ini (Malware.Trace) -> Quarantined and deleted successfully. C:\Windows\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job (Trojan.Downloader) -> Quarantined and deleted successfully. C:\Windows\Tasks\{8C3FDD81-7AE0-4605-A46A-2488B179F2A3}.job (Trojan.Downloader) -> Quarantined and deleted successfully.
  • Hallo diegotham, hoe gaat het ondertussen met jouw Windows? Je hebt een aantal zeer antieke Java runtimes in jouw Windows. Malware vindt dat geweldige fijn! [b:4167ac7d63]Java(TM) 6 Update 5 Java(TM) 6 Update 7 Java(TM) SE Runtime Environment 6[/b:4167ac7d63] [url]https://cds.sun.com/is-bin/INTERSHOP.enfinity/WFS/CDS-CDS_Developer-Site/en_US/-/USD/ViewProductDetail-Start?ProductRef=jre-6u20-oth-JPR@CDS-CDS_Developer[/url] Via deze link is de nieuwste Java versie te downloaden. Het betreft een meertalige versie! Bovendien zijn er nu dus Java Runtime versies voor zowel Windows 32 bit(x86) en Windows 64 bit(x64). 1) Selekteer dus de juiste versie, vink daarna bij [b:4167ac7d63]I agree to the Java SE Runtime Environment 6u20 with JavaFX 1 License Agreement.[/b:4167ac7d63] het hokje aan en klik vervolgens op de rode knop [b:4167ac7d63]Continue[/b:4167ac7d63] 2) Kies vervolgens deze versie (in dit voorbeeld heb ik dus de downloadversie voor 32bits gekozen): [b:4167ac7d63]Windows Offline Installation jre-6u20-windows-i586.exe 15.54 MB [/b:4167ac7d63] en download het bestand naar je bureaublad. 3) Ga nu eerst naar (in Windows 2000/XP) [b:4167ac7d63]Start\Configuratiescherm\Software[/b:4167ac7d63] of (Windows Vista en Windows 7) naar [b:4167ac7d63]Start\Configuratiescherm\Programma’s en onderdelen[/b:4167ac7d63] en verwijder daar alle versies van Java uit de Softwarelijst. Ter verduidelijking: verwijder dus alles met Java Runtime Environment ([b:4167ac7d63]JRE of J2SE[/b:4167ac7d63]) in de naam. Hierna de computer opnieuw opstarten en daarna mag dan de nieuwste versie van Java Runtime geïnstalleerd worden! Hoe het in het vervolg maar op één geïnsalleerde Java runtime - en dan altijd de nieuwste! Je Adobe reader is ook verouderd en een veiligheidsrisico! Deïnstalleren is het advies. De nieuwste versie vindt je hier: http://get.adobe.com/nl/reader/ Na installatie is de updater al aktief - je krijgt op gegeven moment een bericht boven de systray, dat de update gereed voor installatie is. Dubbelklik dan op het update-icoon in de systray! [b:4167ac7d63]Zo wordt Adobe Reader veilig:[/b:4167ac7d63] na starten van de reader klik je in de menubalk op [b:4167ac7d63]Bewerken[/b:4167ac7d63] en verolgens in het uitklapmenu op [b:4167ac7d63]Voorkeuren...[/b:4167ac7d63] Klik in het venster Voorkeuren op [b:4167ac7d63]Betrouwbaarheidsbeheer[/b:4167ac7d63] en dan onder [b:4167ac7d63]PDF-bestandsbijlagen[/b:4167ac7d63] het vinkje weghalen voor [b:4167ac7d63]Het openen van niet PDF-bijlagen in externe toepassingen toestaan.[/b:4167ac7d63]; klik vervolgens op [b:4167ac7d63]OK[/b:4167ac7d63] en mag de reader gesloten worden. Dit zorgt ervoor dat vanuit een PDF niet automatisch een applikatie kan worden opgestart. Dus eventuele malware in een PDF-dokument kan dan niks doen!
  • Volgens AVG heb ik nog steeds last van een Trojaans Paard Generic 18.JNL. Dit was een Tornjaans Paard Generic 18.ENE
  • Wat geeft AVG aan met betrekking tot de lokatie van dat bestand? En heb je datgene gedaan wat in mijn vorige bericht stond?
  • Alles wat in het bericht stond heb ik gedaan. Volgens AVG gaat het om: "C:\SwSetup\HPTools\PTBIOS\Disk1\Setup.exe";"Trojaans paard Generic18.JNL";
  • Doe het volgende: [url=http://download.bleepingcomputer.com/sUBs/ComboFix.exe][b:62bcfb391e]Laat Combofix jouw Windows scannen[/b:62bcfb391e] (klik)[/url]. [url=http://www.bleepingcomputer.com/combofix/nl/hoe-dient-combofix-gebruikt-te-worden][b:62bcfb391e]Hoe Combofix goed te gebruiken[/b:62bcfb391e] (klik)[/url] [b:62bcfb391e]Aanvulling: om Combofix te kunnen gebruiken geldt het volgende: [color=red:62bcfb391e]• er mogen geen webbrowsers openstaan • antivirus moet geheel gedeaktiveerd zijn • actieve mal- en spywarescanners moeten gedeaktiveerd zijn.[/b:62bcfb391e][/color:62bcfb391e] Niet in het actieve Combofixvnster klikken – dit zal Combofix doen bevriezen! Combofix sluit de internet verbinding – probeer deze tussentijds niet te [url=http://www.bleepingcomputer.com/forums/topic114351.html][b:62bcfb391e]Hier vindt je gegevens hoe antivirus te deaktiveren[/b:62bcfb391e] (klik)[/url]
  • ComboFix 10-06-15.01 - Diego 15-06-2010 19:47:18.1.2 - x86 Microsoft® Windows Vista™ Business 6.0.6002.2.1252.31.1043.18.1919.831 [GMT 2:00] Gestart vanuit: c:\users\Diego\Desktop\ComboFix.exe SP: Lavasoft Ad-Watch Live! *disabled* (Updated) {67844DAE-4F77-4D69-9457-98E8CFFDAA22} SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46} . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe c:\program files\Analog Devices\Core\smax4pnp.exe c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe c:\program files\Creative\Software Update 3\SoftAuto.exe c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe c:\program files\Hp\HP Software Update\HPWuSchd2.exe c:\program files\InterVideo\DVD Check\DVDCheck .exe c:\program files\InterVideo\DVD Check\DVDCheck .exe c:\program files\InterVideo\DVD Check\DVDCheck.exe c:\program files\Java\jre1.6.0_07\bin\jusched.exe c:\program files\Lavasoft\Ad-Aware\AAWTray.exe c:\program files\Microsoft Office\Office12\GrooveMonitor.exe c:\program files\Windows Live\Messenger\MsnMsgr .exe c:\program files\Windows Live\Messenger\MsnMsgr .exe c:\program files\Windows Live\Messenger\MsnMsgr .exe c:\program files\Windows Live\Messenger\MsnMsgr .exe c:\programdata\0AhF4d3.exe c:\users\Diego\AppData\Local\0AhF4d3.exe c:\windows\Fonts\0AhF4d3.com c:\windows\system32\config\systemprofile\AppData\Local\0AhF4d3.exe c:\windows\Tasks\At1.job c:\windows\xpsp1hfm.log F:\Autorun.inf [code:1:ece92fa460] <pre> c:\program files\Adobe\Reader 8.0\Reader\Reader_sl .exe ---^> c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe c:\program files\Analog Devices\Core\smax4pnp .exe ---^> c:\program files\Analog Devices\Core\smax4pnp.exe c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart .exe ---^> c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM .exe ---^> c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe c:\program files\Creative\Software Update 3\SoftAuto .exe ---^> c:\program files\Creative\Software Update 3\SoftAuto.exe c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler .exe ---^> c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe c:\program files\Hp\HP Software Update\HPWuSchd2 .exe ---^> c:\program files\Hp\HP Software Update\HPWuSchd2.exe c:\program files\InterVideo\DVD Check\DVDCheck .exe ---^> c:\program files\InterVideo\DVD Check\DVDCheck.exe c:\program files\Java\jre1.6.0_07\bin\jusched .exe ---^> c:\program files\Java\jre1.6.0_07\bin\jusched.exe c:\program files\Lavasoft\Ad-Aware\AAWTray .exe ---^> c:\program files\Lavasoft\Ad-Aware\AAWTray.exe c:\program files\Microsoft Office\Office12\GrooveMonitor .exe ---^> c:\program files\Microsoft Office\Office12\GrooveMonitor.exe c:\program files\Windows Live\Messenger\MsnMsgr .exe ---^> c:\program files\Windows Live\Messenger\MsnMsgr.exe </pre> [/code:1:ece92fa460] . Besmet exemplaar van c:\windows\system32\drivers\disk.sys werd aangetroffen en gedesinfecteerd Hersteld exemplaar van - Kitty had a snack :p . (((((((((((((((((((( Bestanden Gemaakt van 2010-05-15 to 2010-06-15 )))))))))))))))))))))))))))))) . 2010-06-15 18:00 . 2010-06-15 18:05 -------- d-----w- c:\users\Diego\AppData\Local\temp 2010-06-15 18:00 . 2010-06-15 18:00 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp 2010-06-15 18:00 . 2010-06-15 18:00 -------- d-----w- c:\users\Default\AppData\Local\temp 2010-06-15 15:41 . 2010-06-15 16:00 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\Google 2010-06-15 11:21 . 2010-06-15 11:21 -------- d-----w- c:\program files\Enigma Software Group 2010-06-15 10:59 . 2010-06-15 10:59 -------- d-----w- C:\$AVG 2010-06-14 17:57 . 2010-06-14 17:57 -------- d-----w- c:\windows\system32\config\systemprofile\Tracing 2010-06-14 17:22 . 2010-06-06 16:55 38916 ----a-w- c:\windows\system32\0AhF4d3.com 2010-06-14 16:32 . 2010-06-14 16:32 -------- d-----w- c:\users\Diego\AppData\Roaming\Malwarebytes 2010-06-14 16:32 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-06-14 16:32 . 2010-06-16 02:40 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-06-14 16:32 . 2010-06-14 16:32 -------- d-----w- c:\programdata\Malwarebytes 2010-06-14 16:32 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-06-14 16:05 . 2010-06-14 16:05 -------- d-----w- c:\windows\system32\config\systemprofile\Bluetooth Software 2010-06-14 15:56 . 2010-06-14 19:18 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\Adobe 2010-06-12 16:43 . 2010-06-12 16:44 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Roaming\Azureus 2010-06-12 08:52 . 2010-06-12 08:52 -------- d-----w- c:\program files\Trend Micro 2010-06-11 20:37 . 2009-07-14 17:45 445008 ----a-w- c:\windows\system32\drivers\Wdf01000.sys 2010-06-11 20:37 . 2009-07-14 17:45 38480 ----a-w- c:\windows\system32\drivers\WdfLdr.sys 2010-06-11 20:34 . 2009-08-07 07:49 1461992 ----a-w- c:\windows\system32\WdfCoInstaller01009.dll 2010-06-11 20:34 . 2009-08-28 08:32 120104 ----a-w- c:\windows\system32\SynTPCo4.dll 2010-06-11 20:34 . 2009-08-28 08:32 206120 ----a-w- c:\windows\system32\SynCtrl.dll 2010-06-11 20:34 . 2009-08-28 08:32 169256 ----a-w- c:\windows\system32\SynCOM.dll 2010-06-11 20:34 . 2009-08-28 08:33 228784 ----a-w- c:\windows\system32\drivers\SynTP.sys 2010-06-11 20:34 . 2009-08-28 08:32 161064 ----a-w- c:\windows\system32\SynTPAPI.dll . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-06-16 02:41 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Photo Gallery 2010-06-16 02:40 . 2008-05-27 19:53 -------- d-----w- c:\users\Diego\AppData\Roaming\Azureus 2010-06-16 02:40 . 2008-05-27 16:53 -------- d-----w- c:\program files\Google 2010-06-16 02:40 . 2008-05-27 19:07 -------- d-----w- c:\program files\Azureus 2010-06-16 02:40 . 2007-07-18 14:03 -------- d-----w- c:\program files\Common Files\Java 2010-06-16 02:40 . 2008-06-22 14:43 -------- d-----w- c:\program files\Common Files\Adobe 2010-06-15 18:01 . 2006-11-21 16:07 12 ----a-w- c:\windows\bthservsdp.dat 2010-06-15 17:51 . 2006-11-02 16:06 736688 ----a-w- c:\windows\system32\perfh013.dat 2010-06-15 17:51 . 2006-11-02 16:06 157480 ----a-w- c:\windows\system32\perfc013.dat 2010-06-15 17:13 . 2010-04-19 16:29 -------- d-----w- c:\programdata\avg9 2010-06-15 15:41 . 2010-06-06 16:57 112 ----a-w- c:\programdata\qdWUKsm.dat 2010-06-15 09:43 . 2007-07-18 14:03 -------- d-----w- c:\program files\Java 2010-06-14 18:30 . 2007-07-18 12:59 -------- d--h--w- c:\program files\InstallShield Installation Information 2010-06-14 18:30 . 2010-04-27 17:32 -------- d-----w- c:\program files\Giant 2010-06-14 17:52 . 2010-06-14 17:52 29512 ----a-w- c:\programdata\avg9\update\backup\avgmfx86.sys 2010-06-14 17:52 . 2010-06-14 17:52 242896 ----a-w- c:\programdata\avg9\update\backup\avgtdix.sys 2010-06-14 16:01 . 2008-05-27 16:24 119560 ----a-w- c:\windows\system32\config\systemprofile\AppData\Local\GDIPFONTCACHEV1.DAT 2010-06-12 08:52 . 2010-06-12 08:52 388096 ----a-r- c:\users\Diego\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe 2010-06-11 20:40 . 2010-06-11 20:40 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_SynTP_01009.Wdf 2010-06-11 20:39 . 2010-06-11 20:39 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf 2010-05-12 22:42 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail 2010-05-12 22:42 . 2007-07-18 13:24 -------- d-----w- c:\programdata\Microsoft Help 2010-05-06 08:36 . 2009-10-02 16:28 221568 ----a-w- c:\windows\system32\MpSigStub.exe 2010-04-19 16:29 . 2010-04-19 16:29 -------- d-----w- c:\program files\AVG 2008-06-20 22:49 . 2008-06-20 22:49 22 --sha-w- c:\windows\SMINST\HPCD.sys . [code:1:ece92fa460]<pre> c:\program files\AVG\AVG9\avgtray .exe c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain .exe c:\program files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg .exe c:\program files\Synaptics\SynTP\SynTPEnh .exe c:\windows\WindowsMobile\wmdc .exe </pre>[/code:1:ece92fa460] ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920] "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112] "LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2007-04-19 484904] "MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr .exe" [N/A] "SoftAuto.exe"="c:\program files\Creative\Software Update 3\SoftAuto.exe" [2008-08-13 405504] "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184] "PTHOSTTR"="c:\program files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE" [2007-01-09 145184] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-08-28 1557800] "hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2010-06-06 38916] "WAWifiMessage"="c:\program files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [N/A] "HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2007-03-12 50696] "SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784] "QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-11-06 177456] "CognizanceTS"="c:\progra~1\HEWLET~1\IAM\Bin\ASTSVCC.dll" [2003-12-22 17920] "WatchDog"="c:\program files\InterVideo\DVD Check\DVDCheck.exe" [2007-05-23 192512] "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072] "HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840] "Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2010-03-01 524632] "Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2010-06-06 38916] "SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2007-02-21 1183744] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2010-04-02 40368] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] "ST Recovery Launcher"="c:\windows\SMINST\launcher.exe" [2007-03-09 44168] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2007-04-19 484904] c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ BTTray.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-3-29 719664] DVD Check.lnk - c:\program files\InterVideo\DVD Check\DVDCheck.exe [2008-5-27 192512] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=c:\windows\System32\APSHook.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend] @="Service" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Canaveral] c:\windows\system32\sshnas21.dll [N/A] [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc] "VistaSp2"=hex(b):d6,21,8d,0e,77,56,ca,01 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-3794467398-4075155546-3649200515-1006] "EnableNotificationsRef"=dword:00000001 R3 CTUPnPSv;Creative Centrale Media Server;c:\program files\Creative\Creative Centrale\CTUPnPSv.exe [2008-05-21 64000] R4 sptd;sptd;c:\windows\system32\Drivers\sptd.sys [2008-05-27 717296] S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2009-05-18 64160] S2 ASBroker;Logon Session Broker;c:\windows\System32\svchost.exe [2008-01-19 21504] S2 ASChannel;Local Communication Channel;c:\windows\System32\svchost.exe [2008-01-19 21504] S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2010-03-01 1029456] S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\b57nd60x.sys [2007-02-26 179712] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc bthsvcs REG_MULTI_SZ BthServ Cognizance REG_MULTI_SZ ASBroker ASChannel WindowsMobile REG_MULTI_SZ wcescomm rapimgr LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\ccc-core-static] msiexec [N/A] [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}] 2007-04-19 11:23 452136 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe . Inhoud van de 'Gedeelde Taken' map 2010-05-24 c:\windows\Tasks\Ad-Aware Update (Weekly).job - c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-03-09 12:58] 2010-06-14 c:\windows\Tasks\At101.job - c:\windows\system32\0AhF4d3.com [2010-06-14 16:55] 2010-06-14 c:\windows\Tasks\At103.job - c:\windows\system32\0AhF4d3.com [2010-06-14 16:55] 2010-06-14 c:\windows\Tasks\At105.job - c:\windows\system32\0AhF4d3.com [2010-06-14 16:55] 2010-06-14 c:\windows\Tasks\At107.job - c:\windows\system32\0AhF4d3.com [2010-06-14 16:55] 2010-06-14 c:\windows\Tasks\At109.job - c:\windows\system32\0AhF4d3.com [2010-06-14 16:55] 2010-06-15 c:\windows\Tasks\At111.job - c:\windows\system32\0AhF4d3.com [2010-06-14 16:55] 2010-06-14 c:\windows\Tasks\At113.job - c:\windows\system32\0AhF4d3.com [2010-06-14 16:55] 2010-06-14 c:\windows\Tasks\At115.job - c:\windows\system32\0AhF4d3.com [2010-06-14 16:55] 2010-06-14 c:\windows\Tasks\At117.job - c:\windows\system32\0AhF4d3.com [2010-06-14 16:55] 2010-06-14 c:\windows\Tasks\At119.job - c:\windows\system32\0AhF4d3.com [2010-06-14 16:55] 2010-06-10 c:\windows\Tasks\At16.job - c:\windows\Fonts\0AhF4d3.com [2010-06-15 16:55] 2010-06-10 c:\windows\Tasks\At17.job - c:\windows\Fonts\0AhF4d3.com [2010-06-15 16:55] 2010-06-10 c:\windows\Tasks\At18.job - c:\windows\Fonts\0AhF4d3.com [2010-06-15 16:55] 2010-06-14 c:\windows\Tasks\At19.job - c:\windows\Fonts\0AhF4d3.com [2010-06-15 16:55] 2010-06-10 c:\windows\Tasks\At2.job - c:\windows\Fonts\0AhF4d3.com [2010-06-15 16:55] 2010-06-15 c:\windows\Tasks\At20.job - c:\windows\Fonts\0AhF4d3.com [2010-06-15 16:55] 2010-06-14 c:\windows\Tasks\At21.job - c:\windows\Fonts\0AhF4d3.com [2010-06-15 16:55] 2010-06-10 c:\windows\Tasks\At22.job - c:\windows\Fonts\0AhF4d3.com [2010-06-15 16:55] 2010-06-11 c:\windows\Tasks\At23.job - c:\windows\Fonts\0AhF4d3.com [2010-06-15 16:55] 2010-06-06 c:\windows\Tasks\At24.job - c:\windows\Fonts\0AhF4d3.com [2010-06-15 16:55] 2010-06-14 c:\windows\Tasks\At25.job - c:\windows\Fonts\0AhF4d3.com [2010-06-15 16:55] 2010-06-14 c:\windows\Tasks\At26.job - c:\windows\Fonts\0AhF4d3.com [2010-06-15 16:55] 2010-06-14 c:\windows\Tasks\At27.job - c:\windows\Fonts\0AhF4d3.com [2010-06-15 16:55] 2010-06-14 c:\windows\Tasks\At28.job - c:\windows\Fonts\0AhF4d3.com [2010-06-15 16:55] 2010-06-14 c:\windows\Tasks\At29.job - c:\windows\Fonts\0AhF4d3.com [2010-06-15 16:55] 2010-06-10 c:\windows\Tasks\At3.job - c:\windows\Fonts\0AhF4d3.com [2010-06-15 16:55] 2010-06-14 c:\windows\Tasks\At30.job - c:\windows\Fonts\0AhF4d3.com [2010-06-15 16:55] 2010-06-14 c:\windows\Tasks\At31.job - c:\windows\Fonts\0AhF4d3.com [2010-06-15 16:55] 2010-06-14 c:\windows\Tasks\At32.job - c:\windows\Fonts\0AhF4d3.com [2010-06-15 16:55] 2010-06-14 c:\windows\Tasks\At33.job - c:\windows\Fonts\0AhF4d3.com [2010-06-15 16:55] 2010-06-14 c:\windows\Tasks\At34.job - c:\windows\Fonts\0AhF4d3.com [2010-06-15 16:55] 2010-06-14 c:\windows\Tasks\At35.job - c:\windows\Fonts\0AhF4d3.com [2010-06-15 16:55] 2010-06-14 c:\windows\Tasks\At36.job - c:\windows\Fonts\0AhF4d3.com [2010-06-15 16:55] 2010-06-14 c:\windows\Tasks\At37.job - c:\windows\Fonts\0AhF4d3.com [2010-06-15 16:55] 2010-06-14 c:\windows\Tasks\At38.job - c:\windows\Fonts\0AhF4d3.com [2010-06-15 16:55] 2010-06-14 c:\windows\Tasks\At39.job - c:\windows\Fonts\0AhF4d3.com [2010-06-15 16:55] 2010-06-10 c:\windows\Tasks\At4.job - c:\windows\Fonts\0AhF4d3.com [2010-06-15 16:55] 2010-06-14 c:\windows\Tasks\At40.job - c:\windows\Fonts\0AhF4d3.com [2010-06-15 16:55] 2010-06-14 c:\windows\Tasks\At41.job - c:\windows\Fonts\0AhF4d3.com [2010-06-15 16:55] 2010-06-14 c:\windows\Tasks\At42.job - c:\windows\Fonts\0AhF4d3.com [2010-06-15 16:55] 2010-06-14 c:\windows\Tasks\At43.job - c:\windows\Fonts\0AhF4d3.com [2010-06-15 16:55] 2010-06-14 c:\windows\Tasks\At44.job - c:\windows\Fonts\0AhF4d3.com [2010-06-15 16:55] 2010-06-14 c:\windows\Tasks\At45.job - c:\windows\Fonts\0AhF4d3.com [2010-06-15 16:55] 2010-06-14 c:\windows\Tasks\At46.job - c:\windows\Fonts\0AhF4d3.com [2010-06-15 16:55] 2010-06-14 c:\windows\Tasks\At47.job - c:\windows\Fonts\0AhF4d3.com [2010-06-15 16:55] 2010-06-14 c:\windows\Tasks\At48.job - c:\windows\Fonts\0AhF4d3.com [2010-06-15 16:55] 2010-06-14 c:\windows\Tasks\At49.job - c:\windows\Fonts\0AhF4d3.com [2010-06-15 16:55] 2010-06-10 c:\windows\Tasks\At5.job - c:\windows\Fonts\0AhF4d3.com [2010-06-15 16:55] 2010-06-14 c:\windows\Tasks\At50.job - c:\windows\Fonts\0AhF4d3.com [2010-06-15 16:55] 2010-06-14 c:\windows\Tasks\At51.job - c:\windows\Fonts\0AhF4d3.com [2010-06-15 16:55] 2010-06-14 c:\windows\Tasks\At52.job - c:\windows\Fonts\0AhF4d3.com [2010-06-15 16:55] 2010-06-14 c:\windows\Tasks\At53.job - c:\windows\Fonts\0AhF4d3.com [2010-06-15 16:55] 2010-06-14 c:\windows\Tasks\At54.job - c:\windows\Fonts\0AhF4d3.com [2010-06-15 16:55] 2010-06-14 c:\windows\Tasks\At55.job - c:\windows\Fonts\0AhF4d3.com [2010-06-15 16:55] 2010-06-14 c:\windows\Tasks\At56.job - c:\windows\Fonts\0AhF4d3.com [2010-06-15 16:55] 2010-06-14 c:\windows\Tasks\At57.job - c:\windows\Fonts\0AhF4d3.com [2010-06-15 16:55] 2010-06-14 c:\windows\Tasks\At58.job - c:\windows\Fonts\0AhF4d3.com [2010-06-15 16:55] 2010-06-14 c:\windows\Tasks\At59.job - c:\windows\Fonts\0AhF4d3.com [2010-06-15 16:55] 2010-06-10 c:\windows\Tasks\At6.job - c:\windows\Fonts\0AhF4d3.com [2010-06-15 16:55] 2010-06-14 c:\windows\Tasks\At60.job - c:\windows\Fonts\0AhF4d3.com [2010-06-15 16:55] 2010-06-14 c:\windows\Tasks\At61.job - c:\windows\Fonts\0AhF4d3.com [2010-06-15 16:55] 2010-06-14 c:\windows\Tasks\At62.job - c:\windows\Fonts\0AhF4d3.com [2010-06-15 16:55] 2010-06-15 c:\windows\Tasks\At63.job - c:\windows\Fonts\0AhF4d3.com [2010-06-15 16:55] 2010-06-15 c:\windows\Tasks\At64.job - c:\windows\Fonts\0AhF4d3.com [2010-06-15 16:55] 2010-06-14 c:\windows\Tasks\At65.job - c:\windows\Fonts\0AhF4d3.com [2010-06-15 16:55] 2010-06-14 c:\windows\Tasks\At66.job - c:\windows\Fonts\0AhF4d3.com [2010-06-15 16:55] 2010-06-14 c:\windows\Tasks\At67.job - c:\windows\Fonts\0AhF4d3.com [2010-06-15 16:55] 2010-06-14 c:\windows\Tasks\At68.job - c:\windows\Fonts\0AhF4d3.com [2010-06-15 16:55] 2010-06-14 c:\windows\Tasks\At69.job - c:\windows\Fonts\0AhF4d3.com [2010-06-15 16:55] 2010-06-10 c:\windows\Tasks\At7.job - c:\windows\Fonts\0AhF4d3.com [2010-06-15 16:55] 2010-06-14 c:\windows\Tasks\At70.job - c:\windows\Fonts\0AhF4d3.com [2010-06-15 16:55] 2010-06-14 c:\windows\Tasks\At71.job - c:\windows\Fonts\0AhF4d3.com [2010-06-15 16:55] 2010-06-14 c:\windows\Tasks\At72.job - c:\windows\Fonts\0AhF4d3.com [2010-06-15 16:55] 2010-06-14 c:\windows\Tasks\At73.job - c:\windows\system32\0AhF4d3.com [2010-06-14 16:55] 2010-06-14 c:\windows\Tasks\At75.job - c:\windows\system32\0AhF4d3.com [2010-06-14 16:55] 2010-06-14 c:\windows\Tasks\At77.job - c:\windows\system32\0AhF4d3.com [2010-06-14 16:55] 2010-06-14 c:\windows\Tasks\At79.job - c:\windows\system32\0AhF4d3.com [2010-06-14 16:55] 2010-06-10 c:\windows\Tasks\At8.job - c:\windows\Fonts\0AhF4d3.com [2010-06-15 16:55] 2010-06-14 c:\windows\Tasks\At81.job - c:\windows\system32\0AhF4d3.com [2010-06-14 16:55] 2010-06-14 c:\windows\Tasks\At83.job - c:\windows\system32\0AhF4d3.com [2010-06-14 16:55] 2010-06-14 c:\windows\Tasks\At85.job - c:\windows\system32\0AhF4d3.com [2010-06-14 16:55] 2010-06-14 c:\windows\Tasks\At87.job - c:\windows\system32\0AhF4d3.com [2010-06-14 16:55] 2010-06-14 c:\windows\Tasks\At89.job - c:\windows\system32\0AhF4d3.com [2010-06-14 16:55] 2010-06-10 c:\windows\Tasks\At9.job - c:\windows\Fonts\0AhF4d3.com [2010-06-15 16:55] 2010-06-14 c:\windows\Tasks\At91.job - c:\windows\system32\0AhF4d3.com [2010-06-14 16:55] 2010-06-14 c:\windows\Tasks\At93.job - c:\windows\system32\0AhF4d3.com [2010-06-14 16:55] 2010-06-14 c:\windows\Tasks\At95.job - c:\windows\system32\0AhF4d3.com [2010-06-14 16:55] 2010-06-14 c:\windows\Tasks\At97.job - c:\windows\system32\0AhF4d3.com [2010-06-14 16:55] 2010-06-14 c:\windows\Tasks\At99.job - c:\windows\system32\0AhF4d3.com [2010-06-14 16:55] . . ------- Bijkomende Scan ------- . uStart Page = hxxp://www.spitsnieuws.nl/ mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=NL_NL&c=none&bd=smb&pf=laptop IE: Afbeelding verzenden naar &Bluetooth-apparaat... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000 IE: Pagina verzenden naar &Bluetooth-apparaat... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm . - - - - ORPHANS VERWIJDERD - - - - AddRemove-Agere Systems Soft Modem - c:\windows\agrsmdel ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-06-15 20:04 Windows 6.0.6002 Service Pack 2 NTFS scannen van verborgen processen ... scannen van verborgen autostart items ... scannen van verborgen bestanden ... Scan succesvol afgerond verborgen bestanden: 0 ************************************************************************** . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 "MSCurrentCountry"=dword:000000b5 [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . --------------------- DLLs Geladen Onder Lopende Processen --------------------- - - - - - - - > 'Explorer.exe'(5388) c:\windows\system32\APSHook.dll c:\program files\Hewlett-Packard\IAM\bin\ItClient.dll c:\windows\system32\btmmhook.dll c:\windows\system32\btncopy.dll . ------------------------ Andere Aktieve Processen ------------------------ . c:\program files\Hewlett-Packard\IAM\bin\asghost.exe c:\windows\system32\AEADISRV.EXE c:\windows\system32\agrsmsvc.exe c:\program files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe c:\program files\Creative\Shared Files\CTDevSrv.exe c:\program files\Common Files\InterVideo\RegMgr\iviRegMgr.exe c:\program files\Common Files\LightScribe\LSSrvc.exe c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE c:\program files\Hewlett-Packard\Shared\hpqWmiEx.exe c:\windows\SMINST\scheduler.exe c:\windows\system32\wbem\unsecapp.exe c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain .exe c:\windows\WindowsMobile\wmdc .exe c:\program files\Synaptics\SynTP\SynTPHelper.exe c:\program files\Hewlett-Packard\Shared\HpqToaster.exe c:\program files\WIDCOMM\Bluetooth Software\BtStackServer.exe c:\program files\Hewlett-Packard\HP Health Check\hphc_service.exe c:\program files\Java\jre1.6.0_07\bin\jucheck.exe . ************************************************************************** . Voltooingstijd: 2010-06-15 20:27:55 - machine werd herstart ComboFix-quarantined-files.txt 2010-06-15 18:27 Pre-Run: 21.890.551.808 bytes beschikbaar Post-Run: 21.767.708.672 bytes beschikbaar - - End Of File - - D87D18048E86E5668DDA938F04601ABB
  • Hallo diegotham, na de laatste scan door Combofix - hoe gaat het nu met jouw Windows?
  • Nog steeds geinfecteerd, laatste detectie: c:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe Geeft aan dat het nog steeds de Generic18.ENE betreft.
  • Welke scanner geeft nu aan dat in c:\Program Files\Lavasoft\Ad-Aware het bestand [b:f3a96e9649]AAWTray.exe [/b:f3a96e9649] geïnfecteerd is?
  • AVG geeft het aan.

Beantwoord deze vraag

Weet jij het antwoord op deze vraag? Registreer of meld je aan met je account

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.