Vraag & Antwoord
Hardnekkige spyware
13 antwoorden
- Hallo,
Ik heb erg last van moeilijk te verwijderen spyware. Ik heb hitmanpro eroplos gelaten maar die loopt vast. Spybot kon ook niet de spyware verwijderen. Zouden jullie me kunnen helpen?
Ik heb een logje hijackthis. (Na moeite verkregen omdat het telkens vast liep)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:59:29, on 10-10-2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
c:\program files\mcafee.com\agent\mcagent.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe
C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE
C:\Program Files\DriveCleaner Free\UDC.exe
C:\Program Files\Common Files\DriveCleaner Free\udcwap.exe
C:\WINDOWS\TEMP\win5937.tmp.exe
C:\WINDOWS\mgrs.exe
C:\WINDOWS\system32\ctfmon.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\Program Files\Eset\nod32krn.exe
C:\Program Files\iFinger\iFinger.exe
C:\Program Files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe
C:\Program Files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe
C:\Program Files\Microsoft Office\Office\1043\OLFSNT40.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: (no name) - {029e02f0-a0e5-4b19-b958-7bf2db29fb13} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {2d7cb618-cc1c-4126-a7e3-f5b12d3bcf71} - (no file)
O2 - BHO: Need2Find Bar BHO - {4D1C4E81-A32A-416b-BCDB-33B3EF3617D3} - C:\Program Files\Need2Find\bar\2.bin\ND2FNBAR.DLL
O2 - BHO: (no name) - {51641ef3-8a7a-4d84-8659-b0911e947cc8} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {54645654-2225-4455-44A1-9F4543D34546} - (no file)
O2 - BHO: (no name) - {618A7E6F-ECD2-B05A-A640-9C2B559283BB} - C:\WINDOWS\system32\grsltzs.dll
O2 - BHO: (no name) - {669695bc-a811-4a9d-8cdf-ba8c795f261e} - (no file)
O2 - BHO: (no name) - {6abc861a-31e7-4d91-b43b-d3c98f22a5c0} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: iFinger plugin / Browser helper object - {A114D52B-870C-4F15-8021-B6D7F91A054B} - C:\PROGRA~1\iFinger\plugins\IE.ifp
O2 - BHO: (no name) - {a4a435cf-3583-11d4-91bd-0048546a1450} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: GLN - {B4E7CAAB-6535-4243-99BD-F12350B584A2} - (no file)
O2 - BHO: (no name) - {b8875bfe-b021-11d4-bfa8-00508b8e9bd3} - (no file)
O2 - BHO: (no name) - {c2680e10-1655-4a0e-87f8-4259325a84b7} - (no file)
O2 - BHO: (no name) - {ca1d1b05-9c66-11d5-a009-000103c1e50b} - (no file)
O2 - BHO: (no name) - {D1159422-16E3-462F-A93D-FB718E100408} - C:\WINDOWS\system32\d3dxim.dll
O2 - BHO: oembios32.msdn_hlp - {D79E1D43-C805-40EF-8ACB-DFFB17E9A4AF} - C:\WINDOWS\system32\oembios32.dll
O2 - BHO: (no name) - {d8efadf1-9009-11d6-8c73-608c5dc19089} - (no file)
O2 - BHO: (no name) - {e9306072-417e-43e3-81d5-369490beef7c} - (no file)
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Snelkoppeling naar eigenschappenvenster voor High Definition Audio] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe"
O4 - HKLM\..\Run: [IJNetworkScanUtility] C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE
O4 - HKLM\..\Run: [DriveCleaner Free] "C:\Program Files\DriveCleaner Free\UDC.exe" /min
O4 - HKLM\..\Run: [WA6PM_Check] "C:\Program Files\Common Files\DriveCleaner Free\udcwap.exe"
O4 - HKLM\..\Run: [avp] C:\WINDOWS\TEMP\win5937.tmp.exe
O4 - HKLM\..\Run: [smgr] mgrs.exe
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Cact] "C:\WINDOWS\system32\SSTEM3~1\mmc.exe" -vt ndrv
O4 - HKCU\..\Run: [Qtobie] C:\WINDOWS\system32\??stem32\?hkdsk.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Snelle start.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: iFinger 2.0.lnk = C:\Program Files\iFinger\iFinger.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Picture Package Menu.lnk = ?
O4 - Global Startup: Picture Package VCD Maker.lnk = ?
O4 - Global Startup: Poort voor Symantec Fax Starter Edition.lnk = C:\Program Files\Microsoft Office\Office\1043\OLFSNT40.EXE
O8 - Extra context menu item: &Search - http://kw.bar.need2find.com/KW/menusearch.html?p=KW
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll
O9 - Extra button: iFinger - {936E5D60-596C-11D3-BB96-00600816DF55} - C:\WINDOWS\system32\SHDOCVW.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - https://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
O16 - DPF: {31032508-5443-11D2-8150-0060080BE220} (NATBrowser) - file://C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\NATBrowser.ocx
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by121fd.bay121.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {9FFCDEC6-3906-11D2-8131-0060080BE220} (Three Ships FileIO Control) - file://C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\ThreeShipsFileIO.ocx
O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.5 Control) - http://cache.hyves.nl/statics/Aurigma/ImageUploader.cab
O16 - DPF: {A1F2F2CE-06AF-483C-9F12-D3BAA72477D6} (BatchDownloader Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/PhotoSwap/DigWXMSN.cab
O16 - DPF: {A792BC36-6B4E-11D3-97B1-00500460FA55} (NATGrid) - file://C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\NATGrid.ocx
O16 - DPF: {B08126A6-3BFF-11D2-8133-0060080BE220} (ThreeShips FileBrowser) - file://C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\ThreeShipsFileBrowser.ocx
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game01.zylom.com/activex/zylomgamesplayer.cab
O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/1d/player.virtools.com/downloads/player/Install2.1/Installer.exe
O20 - Winlogon Notify: bccefdcedffb - C:\WINDOWS\system32\bccefdcedffb.dll
O20 - Winlogon Notify: winrnt32 - C:\WINDOWS\SYSTEM32\winrnt32.dll
O20 - Winlogon Notify: wudb - C:\WINDOWS\system32\wudb.dll
O22 - SharedTaskScheduler: za - {D1159422-16E3-462F-A93D-FB718E100408} - C:\WINDOWS\system32\d3dxim.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - McAfee, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O24 - Desktop Component 0: (no name) - http://jufroos.waarbenjij.nu/files/waarbenjij.nu/j/jufroos/457b19b67ed34306398488/file95584694.jpg
Alvast bedankt! - Leuke verzameling :cry:
Ga naar start –> configuratiescherm –> software en verwijder daar de volgende programma's, [b:9c1b63cc2d]indien aanwezig[/b:9c1b63cc2d]:
[b:9c1b63cc2d]
DriveCleaner Free
Hitman Pro inclusief al zijn componenten, nod32, spyware doctor etc.
[/b:9c1b63cc2d]
Herstart je computer.
Download Combofix naar je Bureaublad.
[list:9c1b63cc2d]
Dubbelklik [b:9c1b63cc2d]Combofix.exe[/b:9c1b63cc2d]
Volg de instructies, aanvaard de disclaimer door "[b:9c1b63cc2d]1[/b:9c1b63cc2d]" te typen en te bevestigen via "[b:9c1b63cc2d]Enter[/b:9c1b63cc2d]".
Tijdens het runnen van de fix, [b:9c1b63cc2d]NIET[/b:9c1b63cc2d] in het venster klikken, want dit zal je pc doen vasthangen.[/list:u:9c1b63cc2d]
Wanneer de fix voltooid is en na herstart, zal de log combofix.txt openen.
[i:9c1b63cc2d]Plaats deze log in je volgende post samen met een nieuw HijackThis log.[/i:9c1b63cc2d]
[b:9c1b63cc2d]Note:[/b:9c1b63cc2d] Indien je virusscanner reageert tijdens het downloaden of gebruik van Combofix, mag je dit negeren.
succes! - Drivecleaner kreeg ik niet verwijderd
Hier heb je een logje van combofix
ComboFix 07-10-11.5 - Administrator 2007-10-11 15:14:12.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1043.18.589 [GMT 2:00]
Gestart vanuit: C:\Documents and Settings\Administrator\Bureaublad\ComboFix.exe
* Nieuw herstelpunt werd aangemaakt
.
(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\Administrator\Application Data\DriveCleaner Free
C:\Documents and Settings\Administrator\Application Data\DriveCleaner Free\Logs\update.log
C:\Documents and Settings\Administrator\Application Data\DriveCleaner Free\Logs\update.log
C:\Documents and Settings\Administrator\Bureaublad\DriveCleaner Free.lnk
C:\Documents and Settings\Administrator\err.log
C:\Documents and Settings\Administrator\Menu Start\Programma's\Outerinfo
C:\Documents and Settings\Administrator\Menu Start\Programma's\Outerinfo\Terms.lnk
C:\Documents and Settings\Administrator\Menu Start\Programma's\Outerinfo\Uninstall.lnk
C:\Documents and Settings\Administrator\ResErrors.log
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CnsMin.zip
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CnsMin1.zip
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CnsMin2.zip
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CnsMin3.zip
C:\Documents and Settings\All Users\Menu Start\Programma's.\DriveCleaner Free
C:\Documents and Settings\All Users\Menu Start\Programma's.\DriveCleaner Free\Deinstallieren DriveCleaner.lnk
C:\Documents and Settings\All Users\Menu Start\Programma's.\DriveCleaner Free\DriveCleaner Online Anleitung.lnk
C:\Documents and Settings\All Users\Menu Start\Programma's.\DriveCleaner Free\DriveCleaner Online Hilfe.lnk
C:\Documents and Settings\All Users\Menu Start\Programma's.\DriveCleaner Free\DriveCleaner Startseite.lnk
C:\Documents and Settings\All Users\Menu Start\Programma's.\DriveCleaner Free\DriveCleaner.lnk
C:\Documents and Settings\All Users\Menu Start\Programma's\DriveCleaner Free\Deinstallieren DriveCleaner.lnk
C:\Documents and Settings\All Users\Menu Start\Programma's\DriveCleaner Free\DriveCleaner Online Anleitung.lnk
C:\Documents and Settings\All Users\Menu Start\Programma's\DriveCleaner Free\DriveCleaner Online Hilfe.lnk
C:\Documents and Settings\All Users\Menu Start\Programma's\DriveCleaner Free\DriveCleaner Startseite.lnk
C:\Documents and Settings\All Users\Menu Start\Programma's\DriveCleaner Free\DriveCleaner.lnk
C:\Program Files\3721
C:\Program Files\3721\assist\asbar.dll
C:\Program Files\3721\helper.dll
C:\Program Files\Accoona
C:\Program Files\Accoona\ASearchAssist.dll
C:\Program Files\akl
C:\Program Files\akl\akl.dll
C:\Program Files\akl\akl.exe
C:\Program Files\akl\curlog.htm
C:\Program Files\akl\keylog.txt
C:\Program Files\akl\readme.txt
C:\Program Files\akl\uninstall.exe
C:\Program Files\akl\unsetup.dat
C:\Program Files\akl\unsetup.exe
C:\Program Files\amsys
C:\Program Files\amsys\awmsg.dat
C:\Program Files\amsys\guid.dat
C:\Program Files\amsys\ijl15.dll
C:\Program Files\amsys\mfc42.dll
C:\Program Files\amsys\msvcrt.dll
C:\Program Files\amsys\unins000.dat
C:\Program Files\amsys\unis000.exe
C:\Program Files\amsys\winam.dat
C:\Program Files\Common Files\drivecleaner free
C:\Program Files\Common Files\drivecleaner free\udcwap.exe
C:\Program Files\Common Files\Yazzle1162OinAdmin.exe
C:\Program Files\Common Files\Yazzle1162OinUninstaller.exe
C:\Program Files\DriveCleaner Free
C:\Program Files\DriveCleaner Free\Activate.dat
C:\Program Files\DriveCleaner Free\Appbase\AE_CD_Cr.dat
C:\Program Files\DriveCleaner Free\Appbase\AReadr4.dat
C:\Program Files\DriveCleaner Free\Appbase\AReadr5.dat
C:\Program Files\DriveCleaner Free\Appbase\ASDSEEpv.dat
C:\Program Files\DriveCleaner Free\Appbase\ASPack.dat
C:\Program Files\DriveCleaner Free\Appbase\Babylon.dat
C:\Program Files\DriveCleaner Free\Appbase\BDelphi5.dat
C:\Program Files\DriveCleaner Free\Appbase\CatchUp.dat
C:\Program Files\DriveCleaner Free\Appbase\CBuildr5.dat
C:\Program Files\DriveCleaner Free\Appbase\CCGA.dat
C:\Program Files\DriveCleaner Free\Appbase\CManager.dat
C:\Program Files\DriveCleaner Free\Appbase\CuteFTP4.dat
C:\Program Files\DriveCleaner Free\Appbase\CuteHTML.dat
C:\Program Files\DriveCleaner Free\Appbase\DAcceler.dat
C:\Program Files\DriveCleaner Free\Appbase\DiscJug.dat
C:\Program Files\DriveCleaner Free\Appbase\ECDCreat4.dat
C:\Program Files\DriveCleaner Free\Appbase\Far.dat
C:\Program Files\DriveCleaner Free\Appbase\FFTsks.dat
C:\Program Files\DriveCleaner Free\Appbase\FlashFXP.dat
C:\Program Files\DriveCleaner Free\Appbase\FrntPage.dat
C:\Program Files\DriveCleaner Free\Appbase\FrontPEx.dat
C:\Program Files\DriveCleaner Free\Appbase\FtpEXP.dat
C:\Program Files\DriveCleaner Free\Appbase\FtpVoya.dat
C:\Program Files\DriveCleaner Free\Appbase\GetRight.dat
C:\Program Files\DriveCleaner Free\Appbase\GoZilla.dat
C:\Program Files\DriveCleaner Free\Appbase\GravMRU.dat
C:\Program Files\DriveCleaner Free\Appbase\H_TxtPad.dat
C:\Program Files\DriveCleaner Free\Appbase\HomeSite.dat
C:\Program Files\DriveCleaner Free\Appbase\HotDogPr.dat
C:\Program Files\DriveCleaner Free\Appbase\IconExtr.dat
C:\Program Files\DriveCleaner Free\Appbase\iMesh.dat
C:\Program Files\DriveCleaner Free\Appbase\ImgReady3.dat
C:\Program Files\DriveCleaner Free\Appbase\InsShExp.dat
C:\Program Files\DriveCleaner Free\Appbase\JASC_P_P.dat
C:\Program Files\DriveCleaner Free\Appbase\KaZaA.dat
C:\Program Files\DriveCleaner Free\Appbase\LView.dat
C:\Program Files\DriveCleaner Free\Appbase\MacDir.dat
C:\Program Files\DriveCleaner Free\Appbase\MacDrWea.dat
C:\Program Files\DriveCleaner Free\Appbase\MicAng.dat
C:\Program Files\DriveCleaner Free\Appbase\MicDes.dat
C:\Program Files\DriveCleaner Free\Appbase\MM_CON.dat
C:\Program Files\DriveCleaner Free\Appbase\MMUnDisk.dat
C:\Program Files\DriveCleaner Free\Appbase\Morpheus.dat
C:\Program Files\DriveCleaner Free\Appbase\MPaint.dat
C:\Program Files\DriveCleaner Free\Appbase\MPicPub.dat
C:\Program Files\DriveCleaner Free\Appbase\MPImaGal.dat
C:\Program Files\DriveCleaner Free\Appbase\MSExplorer.dat
C:\Program Files\DriveCleaner Free\Appbase\MSoffice.dat
C:\Program Files\DriveCleaner Free\Appbase\MSRegEdit.dat
C:\Program Files\DriveCleaner Free\Appbase\MSWMP.dat
C:\Program Files\DriveCleaner Free\Appbase\MSWordPad.dat
C:\Program Files\DriveCleaner Free\Appbase\Nero.dat
C:\Program Files\DriveCleaner Free\Appbase\NetShow.dat
C:\Program Files\DriveCleaner Free\Appbase\NTBackup.dat
C:\Program Files\DriveCleaner Free\Appbase\pfilelst.xda
C:\Program Files\DriveCleaner Free\Appbase\PhotShel.dat
C:\Program Files\DriveCleaner Free\Appbase\PHPCoder.dat
C:\Program Files\DriveCleaner Free\Appbase\PowerZIP.dat
C:\Program Files\DriveCleaner Free\Appbase\RapidBr.dat
C:\Program Files\DriveCleaner Free\Appbase\RealAuPl.dat
C:\Program Files\DriveCleaner Free\Appbase\RealDown.dat
C:\Program Files\DriveCleaner Free\Appbase\SecurCRT.dat
C:\Program Files\DriveCleaner Free\Appbase\SL_BlWin.dat
C:\Program Files\DriveCleaner Free\Appbase\SmartClr.dat
C:\Program Files\DriveCleaner Free\Appbase\Sonique.dat
C:\Program Files\DriveCleaner Free\Appbase\StuffIt.dat
C:\Program Files\DriveCleaner Free\Appbase\TelepPro.dat
C:\Program Files\DriveCleaner Free\Appbase\UGifAnim.dat
C:\Program Files\DriveCleaner Free\Appbase\UltraEd.dat
C:\Program Files\DriveCleaner Free\Appbase\UMedStud.dat
C:\Program Files\DriveCleaner Free\Appbase\UPhImpV.dat
C:\Program Files\DriveCleaner Free\Appbase\UPhotoEx.dat
C:\Program Files\DriveCleaner Free\Appbase\UVidStud.dat
C:\Program Files\DriveCleaner Free\Appbase\VNC.dat
C:\Program Files\DriveCleaner Free\Appbase\WebFeret.dat
C:\Program Files\DriveCleaner Free\Appbase\WebReap.dat
C:\Program Files\DriveCleaner Free\Appbase\WinACE.dat
C:\Program Files\DriveCleaner Free\Appbase\WinGate.dat
C:\Program Files\DriveCleaner Free\Appbase\WinRAR.dat
C:\Program Files\DriveCleaner Free\Appbase\WinZIP.dat
C:\Program Files\DriveCleaner Free\Appbase\WiseInst.dat
C:\Program Files\DriveCleaner Free\Appbase\wordslst.xda
C:\Program Files\DriveCleaner Free\Appbase\YahooPl.dat
C:\Program Files\DriveCleaner Free\Appbase\ZipMagic.dat
C:\Program Files\DriveCleaner Free\atl71.dll
C:\Program Files\DriveCleaner Free\AV.dat
C:\Program Files\DriveCleaner Free\bnlink.dat
C:\Program Files\DriveCleaner Free\diagnosis.dat
C:\Program Files\DriveCleaner Free\err.log
C:\Program Files\DriveCleaner Free\InstHelp.exe
C:\Program Files\DriveCleaner Free\lapv.dat
C:\Program Files\DriveCleaner Free\license.rtf
C:\Program Files\DriveCleaner Free\manual.url
C:\Program Files\DriveCleaner Free\mfc71.dll
C:\Program Files\DriveCleaner Free\msvcp71.dll
C:\Program Files\DriveCleaner Free\msvcr71.dll
C:\Program Files\DriveCleaner Free\pv.dat
C:\Program Files\DriveCleaner Free\pv.exe
C:\Program Files\DriveCleaner Free\readme.rtf
C:\Program Files\DriveCleaner Free\remnag.dat
C:\Program Files\DriveCleaner Free\ResErrors.log
C:\Program Files\DriveCleaner Free\ScanReport.dat
C:\Program Files\DriveCleaner Free\Schedule.dat
C:\Program Files\DriveCleaner Free\sr.log
C:\Program Files\DriveCleaner Free\support.url
C:\Program Files\DriveCleaner Free\UDC.exe
C:\Program Files\DriveCleaner Free\UDC.xml
C:\Program Files\DriveCleaner Free\UDC6M.url
C:\Program Files\DriveCleaner Free\UDCPChk.dll
C:\Program Files\DriveCleaner Free\unins000.dat
C:\Program Files\DriveCleaner Free\unins000.exe
C:\Program Files\DriveCleaner Free\uninstall.ico
C:\Program Files\DriveCleaner Free\up.dat
C:\Program Files\DriveCleaner Free\updater.dat
C:\Program Files\DriveCleaner Free\vbpv.dat
C:\Program Files\e-zshopper
C:\Program Files\e-zshopper\BarLcher.dll
C:\Program Files\outerinfo
C:\Program Files\outerinfo\Terms.rtf
C:\Program Files\p2pnetworks
C:\Program Files\p2pnetworks\amp2pl.exe
C:\WINDOWS\764.exe
C:\WINDOWS\7search.dll
C:\WINDOWS\aconti.exe
C:\WINDOWS\adbar.dll
C:\WINDOWS\cbinst$.exe
C:\WINDOWS\daxtime.dll
C:\WINDOWS\dp0.dll
C:\WINDOWS\eventlowg.dll
C:\WINDOWS\fhfmm-Uninstaller.exe
C:\WINDOWS\fhfmm.exe
C:\WINDOWS\flt.dll
C:\WINDOWS\Fonts\acrsec.fon
C:\WINDOWS\Fonts\acrsecI.fon
C:\WINDOWS\hcwprn.exe
C:\WINDOWS\hotporn.exe
C:\WINDOWS\ie_32.exe
C:\WINDOWS\iexplorr23.dll
C:\WINDOWS\jd2002.dll
C:\WINDOWS\kkcomp$.exe
C:\WINDOWS\kkcomp.dll
C:\WINDOWS\kkcomp.exe
C:\WINDOWS\kvnab$.exe
C:\WINDOWS\kvnab.dll
C:\WINDOWS\kvnab.exe
C:\WINDOWS\liqad$.exe
C:\WINDOWS\liqad.dll
C:\WINDOWS\liqad.exe
C:\WINDOWS\liqui-Uninstaller.exe
C:\WINDOWS\liqui.dll
C:\WINDOWS\liqui.exe
C:\WINDOWS\mgrs.exe
C:\WINDOWS\ngd.dll
C:\WINDOWS\pbar.dll
C:\WINDOWS\pbsysie.dll
C:\WINDOWS\settn.dll
C:\WINDOWS\spredirect.dll
C:\WINDOWS\system32\drivers\bg_bg.gif
C:\WINDOWS\system32\drivers\blank.gif
C:\WINDOWS\system32\drivers\box_1.gif
C:\WINDOWS\system32\drivers\box_2.gif
C:\WINDOWS\system32\drivers\box_3.gif
C:\WINDOWS\system32\drivers\button_buynow.gif
C:\WINDOWS\system32\drivers\button_freescan.gif
C:\WINDOWS\system32\drivers\cell_bg.gif
C:\WINDOWS\system32\drivers\cell_footer.gif
C:\WINDOWS\system32\drivers\cell_header_block.gif
C:\WINDOWS\system32\drivers\cell_header_remove.gif
C:\WINDOWS\system32\drivers\cell_header_scan.gif
C:\WINDOWS\system32\drivers\close_ico.gif
C:\WINDOWS\system32\drivers\detect.htm
C:\WINDOWS\system32\drivers\download_box.gif
C:\WINDOWS\system32\drivers\download_btn.jpg
C:\WINDOWS\system32\drivers\download_now_btn.gif
C:\WINDOWS\system32\drivers\footer_back.jpg
C:\WINDOWS\system32\drivers\header_1.gif
C:\WINDOWS\system32\drivers\header_2.gif
C:\WINDOWS\system32\drivers\header_3.gif
C:\WINDOWS\system32\drivers\header_4.gif
C:\WINDOWS\system32\drivers\header_red_bg.gif
C:\WINDOWS\system32\drivers\header_red_free_scan.gif
C:\WINDOWS\system32\drivers\header_red_free_scan_bg.gif
C:\WINDOWS\system32\drivers\header_red_protect_your_pc.gif
C:\WINDOWS\system32\drivers\icon_warning_big.gif
C:\WINDOWS\system32\drivers\infected.gif
C:\WINDOWS\system32\drivers\main_back.gif
C:\WINDOWS\system32\drivers\perfect_cleaner_box.jpg
C:\WINDOWS\system32\drivers\product_1_header.gif
C:\WINDOWS\system32\drivers\product_1_name_small.gif
C:\WINDOWS\system32\drivers\product_2_header.gif
C:\WINDOWS\system32\drivers\product_2_name_small.gif
C:\WINDOWS\system32\drivers\product_3_header.gif
C:\WINDOWS\system32\drivers\product_3_name_small.gif
C:\WINDOWS\system32\drivers\product_features.gif
C:\WINDOWS\system32\drivers\pt.htm
C:\WINDOWS\system32\drivers\rating.gif
C:\WINDOWS\system32\drivers\remove_spyware_header.gif
C:\WINDOWS\system32\drivers\s_detect.htm
C:\WINDOWS\system32\drivers\screenshot.jpg
C:\WINDOWS\system32\drivers\sep_hor.gif
C:\WINDOWS\system32\drivers\sep_vert.gif
C:\WINDOWS\system32\drivers\shadow.jpg
C:\WINDOWS\system32\drivers\shadow_bg.gif
C:\WINDOWS\system32\drivers\spacer.gif
C:\WINDOWS\system32\drivers\spy_away_box.jpg
C:\WINDOWS\system32\drivers\spyware_detected.gif
C:\WINDOWS\system32\drivers\star.gif
C:\WINDOWS\system32\drivers\star_gray.gif
C:\WINDOWS\system32\drivers\star_gray_small.gif
C:\WINDOWS\system32\drivers\star_small.gif
C:\WINDOWS\system32\drivers\style.css
C:\WINDOWS\system32\drivers\v.gif
C:\WINDOWS\system32\drivers\warning_ico.gif
C:\WINDOWS\system32\drivers\warning_icon.gif
C:\WINDOWS\system32\drivers\win_logo.gif
C:\WINDOWS\system32\drivers\x.gif
C:\WINDOWS\system32\drivers\yellow_warning_ico.gif
C:\WINDOWS\system32\ESHOPEE.exe
C:\WINDOWS\system32\gln.dll
C:\WINDOWS\system32\grsltzs.dll
C:\WINDOWS\system32\gtv_sd.bin
C:\WINDOWS\system32\msole32.exe
C:\WINDOWS\system32\nusrmgr.exe
C:\WINDOWS\system32\oembios32.dll
C:\WINDOWS\system32\sstem3~1
C:\WINDOWS\system32\sstem3~1\mmc.exe
C:\WINDOWS\system32\stem32~1
C:\WINDOWS\system32\stem32~1\?hkdsk.exe
C:\WINDOWS\system32\vxddsk.exe
C:\WINDOWS\system32\wapiisv32.exe
C:\WINDOWS\system32\winrnt32.dll
C:\WINDOWS\system32\wml.exe
C:\WINDOWS\Temp\.exe
C:\WINDOWS\vxddsk.exe
C:\WINDOWS\wbeCheck.exe
C:\WINDOWS\wbeInst$.exe
C:\WINDOWS\winh32.exe
C:\WINDOWS\wml.exe
C:\WINDOWS\xadbrk.dll
C:\WINDOWS\xadbrk.exe
C:\WINDOWS\xadbrk_.exe
C:\WINDOWS\xxxvideo.exe
.
(((((((((((((((((((( Bestanden Gemaakt van 2007-09-11 to 2007-10-11 ))))))))))))))))))))))))))))))
.
2007-10-11 15:12 51,200 –a—— C:\WINDOWS\NirCmd.exe
2007-10-10 13:50 <DIR> d——– C:\Program Files\Trend Micro
2007-10-08 09:20 4 –a—— C:\WINDOWS\system32\stfv.bin
2007-10-08 09:17 <DIR> d——– C:\WINDOWS\system32\acespy
2007-10-08 09:17 32,512 –a—— C:\WINDOWS\system32\ace16win.dll
2007-10-06 16:31 560 –a—— C:\Documents and Settings\Administrator\Application Data\ViewerApp.dat
2007-10-06 16:30 90,800 -ra—— C:\WINDOWS\system32\drivers\se2Bunic.sys
2007-10-06 16:30 4,128 -ra—— C:\WINDOWS\system32\drivers\se2Bcr.sys
2007-10-06 16:26 61,600 -ra—— C:\WINDOWS\system32\drivers\SE2Bbus.sys
2007-10-06 16:26 5,872 -ra—— C:\WINDOWS\system32\drivers\SE2Bwhnt.sys
2007-10-06 16:26 5,872 -ra—— C:\WINDOWS\system32\drivers\se2Bwh.sys
2007-09-23 13:09 <DIR> d——– C:\WINDOWS\uninstall\CCRP5 Integrated Development Environment
2007-09-23 13:09 <DIR> d——– C:\WINDOWS\uninstall
2007-09-23 13:09 <DIR> d——– C:\Program Files\CCRP5
2007-09-23 13:07 <DIR> d——– C:\Program Files\ROBOTER
2007-09-23 13:07 112,128 –a—— C:\WINDOWS\system32\CmCtlDE.dll
2007-09-23 13:07 33,792 –a—— C:\WINDOWS\system32\CmDlgDE.dll
2007-09-23 13:07 13,824 –a—— C:\WINDOWS\system32\MSComDE.dll
2007-09-23 13:07 10,752 –a—— C:\WINDOWS\system32\FlxGdDE.dll
2007-09-13 21:46 49,536 -ra—— C:\WINDOWS\system32\drivers\tiehdusb.sys
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-10-11 13:00 ——— d—–w C:\Program Files\iFinger
2007-10-11 13:00 ——— d—–w C:\Program Files\Hitman Pro
2007-10-11 12:59 ——— d—–w C:\Program Files\Webroot
2007-10-11 12:59 ——— d—–w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-10-11 12:57 ——— d—–w C:\Documents and Settings\Administrator\Application Data\Lavasoft
2007-09-28 13:18 ——— d—–w C:\Program Files\EA SPORTS
2007-09-10 19:07 ——— d—–w C:\Documents and Settings\Administrator\Application Data\Canon
2007-09-04 16:01 ——— d–h–w C:\Program Files\InstallShield Installation Information
2007-09-04 16:01 ——— d—–w C:\Program Files\Kazaa
2007-09-04 15:50 1,761 —-a-w C:\WINDOWS\Fonts\acrsecB.fon
1999-04-06 16:19 99,840 —-a-w C:\Program Files\Common Files\IRAABOUT.DLL
1998-12-09 01:53 70,144 —-a-w C:\Program Files\Common Files\IRAMDMTR.DLL
1998-12-09 01:53 48,640 —-a-w C:\Program Files\Common Files\IRALPTTR.DLL
1998-12-09 01:53 31,744 —-a-w C:\Program Files\Common Files\IRAWEBTR.DLL
1998-12-09 01:53 186,368 —-a-w C:\Program Files\Common Files\IRAREG.DLL
1998-12-09 01:53 17,920 —-a-w C:\Program Files\Common Files\IRASRIAL.DLL
2006-11-25 10:11:34 2,560 –sh–r C:\WINDOWS\system32\fooool.exe
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{00000000-d9e3-4bc6-a0bd-3d0ca4be5271}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{00000012-890e-4aac-afd9-eff6954a34dd}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{029e02f0-a0e5-4b19-b958-7bf2db29fb13}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{06dfedaa-6196-11d5-bfc8-00508b4a487d}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1adbcce8-cf84-441e-9b38-afc7a19c06a4}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2d7cb618-cc1c-4126-a7e3-f5b12d3bcf71}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{51641ef3-8a7a-4d84-8659-b0911e947cc8}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{53C330D6-A4AB-419B-B45D-FD4411C1FEF4}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{54645654-2225-4455-44A1-9F4543D34546}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{669695bc-a811-4a9d-8cdf-ba8c795f261e}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6abc861a-31e7-4d91-b43b-d3c98f22a5c0}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{944864a5-3916-46e2-96a9-a2e84f3f1208}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{a4a435cf-3583-11d4-91bd-0048546a1450}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B4E7CAAB-6535-4243-99BD-F12350B584A2}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{b8875bfe-b021-11d4-bfa8-00508b8e9bd3}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{c2680e10-1655-4a0e-87f8-4259325a84b7}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{c4ca6559-2cf1-48b6-96b2-8340a06fd129}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{c5af2622-8c75-4dfb-9693-23ab7686a456}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ca1d1b05-9c66-11d5-a009-000103c1e50b}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D1159422-16E3-462F-A93D-FB718E100408}]
2007-06-19 22:05 70656 –a—— C:\WINDOWS\system32\d3dxim.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{d8efadf1-9009-11d6-8c73-608c5dc19089}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e9147a0a-a866-4214-b47c-da821891240f}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e9306072-417e-43e3-81d5-369490beef7c}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-03-22 22:05]
"Snelkoppeling naar eigenschappenvenster voor High Definition Audio"="HDAudPropShortcut.exe" [2004-03-17 15:10 C:\WINDOWS\system32\Hdaudpropshortcut.exe]
"SoundMan"="SOUNDMAN.EXE" [2004-09-23 13:27 C:\WINDOWS\SOUNDMAN.EXE]
"AlcWzrd"="ALCWZRD.EXE" [2004-09-24 12:06 C:\WINDOWS\ALCWZRD.EXE]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2003-10-31 19:42]
"VSOCheckTask"="c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" [2005-09-22 12:19]
"VirusScan Online"="c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe" [2005-03-18 20:28]
"MCAgentExe"="c:\PROGRA~1\mcafee.com\agent\mcagent.exe" [2005-09-22 19:29]
"MCUpdateExe"="C:\PROGRA~1\mcafee.com\agent\mcupdate.exe" [2006-01-11 13:05]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2006-03-06 15:13]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe" [2006-12-15 04:23]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-06-29 06:24]
"SSBkgdUpdate"="C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-09-30 01:14]
"OpwareSE4"="C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" [2006-03-21 14:19]
"IJNetworkScanUtility"="C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE" [2006-06-13 07:39]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 10:03]
"NBJ"="C:\Program Files\Ahead\Nero BackItUp\NBJ.exe" [2004-09-22 16:10]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 16:45]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-23 20:00]
"Cact"="C:\WINDOWS\system32\SSTEM3~1\mmc.exe" []
"Qtobie"="C:\WINDOWS\system32\??stem32\?hkdsk.exe" []
[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Spyware Doctor"=
C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\
Adobe Reader Snelle start.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-24 00:05:26]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1999-02-17 21:05:56]
Picture Package Menu.lnk - C:\Program Files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe [2006-02-18 12:45:24]
Picture Package VCD Maker.lnk - C:\Program Files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe [2006-02-18 12:45:16]
Poort voor Symantec Fax Starter Edition.lnk - C:\Program Files\Microsoft Office\Office\1043\OLFSNT40.EXE [1999-04-06 18:20:18]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{D1159422-16E3-462F-A93D-FB718E100408}"= C:\WINDOWS\system32\d3dxim.dll [2007-06-19 22:05 70656]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\bccefdcedffb]
C:\WINDOWS\system32\bccefdcedffb.dll 2007-10-09 16:18 93184 C:\WINDOWS\system32\bccefdcedffb.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wudb]
C:\WINDOWS\system32\wudb.dll 2007-06-02 23:21 33792 C:\WINDOWS\system32\wudb.dll
R1 cdrbsvsd;cdrbsvsd;C:\WINDOWS\system32\drivers\cdrbsvsd.sys
R3 NaiFiltr;NaiFiltr;C:\WINDOWS\system32\DRIVERS\NaiFiltr.sys
R3 SNCP106;PC Camera (6009 CIF);C:\WINDOWS\system32\DRIVERS\sncp106.sys
S3 hwdatacard;HUAWEI Multimedia USB Driver Disk;C:\WINDOWS\system32\DRIVERS\hwusbmdm.sys
S3 SE2Bbus;Sony Ericsson Device 043 Driver driver (WDM);C:\WINDOWS\system32\DRIVERS\SE2Bbus.sys
S3 se2Bunic;Sony Ericsson Device 043 USB Ethernet Emulation SEMC43 (WDM);C:\WINDOWS\system32\DRIVERS\se2Bunic.sys
S3 sonypvs1;Sony Digital Imaging Video2;C:\WINDOWS\system32\DRIVERS\sonypvs1.sys
S3 TIEHDUSB;TIEHDUSB;C:\WINDOWS\system32\drivers\tiehdusb.sys
.
Inhoud van de 'Gedeelde Taken' map
"2007-10-03 20:44:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
.
**************************************************************************
catchme 0.3.1169 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-10-11 15:24:31
Windows 5.1.2600 Service Pack 2 NTFS
scannen van verborgen processen …
scannen van verborgen autostart items …
scannen van verborgen bestanden …
Scan succesvol afgerond
verborgen bestanden: 0
**************************************************************************
.
Voltooingstijd: 2007-10-11 15:25:24 - machine was rebooted
.
— E O F —
[b:9820b18bb6]Ik heb een nieuwe hijackthis scan + logje [/b:9820b18bb6]
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:29:02, on 11-10-2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\Program Files\QuickTime\QTTask.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe
C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe
C:\Program Files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe
C:\Program Files\Microsoft Office\Office\1043\OLFSNT40.EXE
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Microsoft Office\Office\WINWORD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: (no name) - {00000000-d9e3-4bc6-a0bd-3d0ca4be5271} - (no file)
O2 - BHO: (no name) - {00000012-890e-4aac-afd9-eff6954a34dd} - (no file)
O2 - BHO: (no name) - {029e02f0-a0e5-4b19-b958-7bf2db29fb13} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {06dfedaa-6196-11d5-bfc8-00508b4a487d} - (no file)
O2 - BHO: (no name) - {12F02779-6D88-4958-8AD3-83C12D86ADC7} - (no file)
O2 - BHO: (no name) - {1adbcce8-cf84-441e-9b38-afc7a19c06a4} - (no file)
O2 - BHO: (no name) - {2d7cb618-cc1c-4126-a7e3-f5b12d3bcf71} - (no file)
O2 - BHO: Need2Find Bar BHO - {4D1C4E81-A32A-416b-BCDB-33B3EF3617D3} - C:\Program Files\Need2Find\bar\2.bin\ND2FNBAR.DLL
O2 - BHO: (no name) - {51641ef3-8a7a-4d84-8659-b0911e947cc8} - (no file)
O2 - BHO: (no name) - {53C330D6-A4AB-419B-B45D-FD4411C1FEF4} - (no file)
O2 - BHO: (no name) - {54645654-2225-4455-44A1-9F4543D34546} - (no file)
O2 - BHO: (no name) - {669695bc-a811-4a9d-8cdf-ba8c795f261e} - (no file)
O2 - BHO: (no name) - {6abc861a-31e7-4d91-b43b-d3c98f22a5c0} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {944864a5-3916-46e2-96a9-a2e84f3f1208} - (no file)
O2 - BHO: (no name) - {a4a435cf-3583-11d4-91bd-0048546a1450} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: GLN - {B4E7CAAB-6535-4243-99BD-F12350B584A2} - (no file)
O2 - BHO: (no name) - {b8875bfe-b021-11d4-bfa8-00508b8e9bd3} - (no file)
O2 - BHO: (no name) - {c2680e10-1655-4a0e-87f8-4259325a84b7} - (no file)
O2 - BHO: (no name) - {c4ca6559-2cf1-48b6-96b2-8340a06fd129} - (no file)
O2 - BHO: (no name) - {c5af2622-8c75-4dfb-9693-23ab7686a456} - (no file)
O2 - BHO: (no name) - {ca1d1b05-9c66-11d5-a009-000103c1e50b} - (no file)
O2 - BHO: (no name) - {D1159422-16E3-462F-A93D-FB718E100408} - C:\WINDOWS\system32\d3dxim.dll
O2 - BHO: (no name) - {d8efadf1-9009-11d6-8c73-608c5dc19089} - (no file)
O2 - BHO: (no name) - {e9147a0a-a866-4214-b47c-da821891240f} - (no file)
O2 - BHO: (no name) - {e9306072-417e-43e3-81d5-369490beef7c} - (no file)
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Snelkoppeling naar eigenschappenvenster voor High Definition Audio] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe"
O4 - HKLM\..\Run: [IJNetworkScanUtility] C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Cact] "C:\WINDOWS\system32\SSTEM3~1\mmc.exe" -vt ndrv
O4 - HKCU\..\Run: [Qtobie] C:\WINDOWS\system32\??stem32\?hkdsk.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Snelle start.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Picture Package Menu.lnk = ?
O4 - Global Startup: Picture Package VCD Maker.lnk = ?
O4 - Global Startup: Poort voor Symantec Fax Starter Edition.lnk = C:\Program Files\Microsoft Office\Office\1043\OLFSNT40.EXE
O8 - Extra context menu item: &Search - http://kw.bar.need2find.com/KW/menusearch.html?p=KW
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - https://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
O16 - DPF: {31032508-5443-11D2-8150-0060080BE220} (NATBrowser) - file://C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\NATBrowser.ocx
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by121fd.bay121.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {9FFCDEC6-3906-11D2-8131-0060080BE220} (Three Ships FileIO Control) - file://C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\ThreeShipsFileIO.ocx
O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.5 Control) - http://cache.hyves.nl/statics/Aurigma/ImageUploader.cab
O16 - DPF: {A1F2F2CE-06AF-483C-9F12-D3BAA72477D6} (BatchDownloader Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/PhotoSwap/DigWXMSN.cab
O16 - DPF: {A792BC36-6B4E-11D3-97B1-00500460FA55} (NATGrid) - file://C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\NATGrid.ocx
O16 - DPF: {B08126A6-3BFF-11D2-8133-0060080BE220} (ThreeShips FileBrowser) - file://C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\ThreeShipsFileBrowser.ocx
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game01.zylom.com/activex/zylomgamesplayer.cab
O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/1d/player.virtools.com/downloads/player/Install2.1/Installer.exe
O20 - Winlogon Notify: bccefdcedffb - C:\WINDOWS\system32\bccefdcedffb.dll
O20 - Winlogon Notify: wudb - C:\WINDOWS\system32\wudb.dll
O22 - SharedTaskScheduler: za - {D1159422-16E3-462F-A93D-FB718E100408} - C:\WINDOWS\system32\d3dxim.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - McAfee, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O24 - Desktop Component 0: (no name) - http://jufroos.waarbenjij.nu/files/waarbenjij.nu/j/jufroos/457b19b67ed34306398488/file95584694.jpg
–
End of file - 11010 bytes
Kan je me hiermee helpen? - 1. Ga naar start –> configuratiescherm –> software en verwijder daar:
[b:0dcb70500c]
Need2Find
[/b:0dcb70500c]
2. Open Kladblok, kopiëer en plak het volgende (vetgedrukte tekst) in een leeg venster:
[b:0dcb70500c]
File::
C:\WINDOWS\system32\d3dxim.dll
C:\WINDOWS\system32\stfv.bin
C:\WINDOWS\system32\ace16win.dll
C:\WINDOWS\system32\fooool.exe
C:\WINDOWS\system32\??stem32\?hkdsk.exe
C:\WINDOWS\system32\SSTEM3~1\mmc.exe
C:\WINDOWS\system32\bccefdcedffb.dll
C:\WINDOWS\system32\wudb.dll
C:\WINDOWS\system32\bccefdcedffb.dll
Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{00000000-d9e3-4bc6-a0bd-3d0ca4be5271}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{00000012-890e-4aac-afd9-eff6954a34dd}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{029e02f0-a0e5-4b19-b958-7bf2db29fb13}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{06dfedaa-6196-11d5-bfc8-00508b4a487d}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1adbcce8-cf84-441e-9b38-afc7a19c06a4}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2d7cb618-cc1c-4126-a7e3-f5b12d3bcf71}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{51641ef3-8a7a-4d84-8659-b0911e947cc8}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{53C330D6-A4AB-419B-B45D-FD4411C1FEF4}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{54645654-2225-4455-44A1-9F4543D34546}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{669695bc-a811-4a9d-8cdf-ba8c795f261e}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6abc861a-31e7-4d91-b43b-d3c98f22a5c0}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{944864a5-3916-46e2-96a9-a2e84f3f1208}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{a4a435cf-3583-11d4-91bd-0048546a1450}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B4E7CAAB-6535-4243-99BD-F12350B584A2}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{b8875bfe-b021-11d4-bfa8-00508b8e9bd3}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{c2680e10-1655-4a0e-87f8-4259325a84b7}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{c4ca6559-2cf1-48b6-96b2-8340a06fd129}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{c5af2622-8c75-4dfb-9693-23ab7686a456}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ca1d1b05-9c66-11d5-a009-000103c1e50b}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D1159422-16E3-462F-A93D-FB718E100408}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{d8efadf1-9009-11d6-8c73-608c5dc19089}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e9147a0a-a866-4214-b47c-da821891240f}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e9306072-417e-43e3-81d5-369490beef7c}]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\bccefdcedffb]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wudb]
Dirlook::
C:\WINDOWS\system32\SSTEM3~1
C:\WINDOWS\system32\??stem32
Folder::
C:\Program Files\Need2Find
[/b:0dcb70500c]
Sla dit op op je Bureaublad als [b:0dcb70500c]CFScript.txt[/b:0dcb70500c]
Sleep [b:0dcb70500c]CFScript.txt[/b:0dcb70500c] in [b:0dcb70500c]ComboFix.exe[/b:0dcb70500c] zoals getoond in onderstaand voorbeeld :
[img:0dcb70500c]http://img.photobucket.com/albums/v666/sUBs/CFScript.gif[/img:0dcb70500c]
Dit zal [b:0dcb70500c]ComboFix[/b:0dcb70500c] doen herstarten.
Start opnieuw op als daarom gevraagd wordt en post de inhoud van de Combofix.txt in je volgende antwoord samen met een nieuw HijackThislogje.
Pim - Hier de combofix log:
ComboFix 07-10-11.5 - Administrator 2007-10-12 15:47:14.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1043.18.587 [GMT 2:00]
Gestart vanuit: C:\Documents and Settings\Administrator\Bureaublad\ComboFix.exe
Command switches used :: C:\Documents and Settings\Administrator\Bureaublad\CFScript.txt
* Nieuw herstelpunt werd aangemaakt
FILE::
C:\WINDOWS\system32\ace16win.dll
C:\WINDOWS\system32\bccefdcedffb.dll
C:\WINDOWS\system32\d3dxim.dll
C:\WINDOWS\system32\fooool.exe
C:\WINDOWS\system32\SSTEM3~1\mmc.exe
C:\WINDOWS\system32\stfv.bin
C:\WINDOWS\system32\wudb.dll
.
(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Program Files\Need2Find
C:\Program Files\Need2Find\bar\2.bin\ND2FNBAR.DLL
C:\Program Files\Need2Find\bar\History\search
C:\WINDOWS\system32\ace16win.dll
C:\WINDOWS\system32\bccefdcedffb.dll
C:\WINDOWS\system32\d3dxim.dll
C:\WINDOWS\system32\fooool.exe
C:\WINDOWS\system32\stfv.bin
C:\WINDOWS\system32\wudb.dll
.
(((((((((((((((((((( Bestanden Gemaakt van 2007-09-12 to 2007-10-12 ))))))))))))))))))))))))))))))
.
2007-10-12 15:35 233,472 –a—— C:\Program Files\Uninstall Need2Find Bar.dll
2007-10-11 15:12 51,200 –a—— C:\WINDOWS\NirCmd.exe
2007-10-10 13:50 <DIR> d——– C:\Program Files\Trend Micro
2007-10-08 09:17 <DIR> d——– C:\WINDOWS\system32\acespy
2007-10-06 16:31 560 –a—— C:\Documents and Settings\Administrator\Application Data\ViewerApp.dat
2007-10-06 16:30 90,800 -ra—— C:\WINDOWS\system32\drivers\se2Bunic.sys
2007-10-06 16:30 4,128 -ra—— C:\WINDOWS\system32\drivers\se2Bcr.sys
2007-10-06 16:26 61,600 -ra—— C:\WINDOWS\system32\drivers\SE2Bbus.sys
2007-10-06 16:26 5,872 -ra—— C:\WINDOWS\system32\drivers\SE2Bwhnt.sys
2007-10-06 16:26 5,872 -ra—— C:\WINDOWS\system32\drivers\se2Bwh.sys
2007-09-23 13:09 <DIR> d——– C:\WINDOWS\uninstall\CCRP5 Integrated Development Environment
2007-09-23 13:09 <DIR> d——– C:\WINDOWS\uninstall
2007-09-23 13:09 <DIR> d——– C:\Program Files\CCRP5
2007-09-23 13:07 <DIR> d——– C:\Program Files\ROBOTER
2007-09-23 13:07 112,128 –a—— C:\WINDOWS\system32\CmCtlDE.dll
2007-09-23 13:07 33,792 –a—— C:\WINDOWS\system32\CmDlgDE.dll
2007-09-23 13:07 13,824 –a—— C:\WINDOWS\system32\MSComDE.dll
2007-09-23 13:07 10,752 –a—— C:\WINDOWS\system32\FlxGdDE.dll
2007-09-13 21:46 49,536 -ra—— C:\WINDOWS\system32\drivers\tiehdusb.sys
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-10-11 13:00 ——— d—–w C:\Program Files\iFinger
2007-10-11 13:00 ——— d—–w C:\Program Files\Hitman Pro
2007-10-11 12:59 ——— d—–w C:\Program Files\Webroot
2007-10-11 12:59 ——— d—–w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-10-11 12:57 ——— d—–w C:\Documents and Settings\Administrator\Application Data\Lavasoft
2007-09-28 13:18 ——— d—–w C:\Program Files\EA SPORTS
2007-09-10 19:07 ——— d—–w C:\Documents and Settings\Administrator\Application Data\Canon
2007-09-04 16:01 ——— d–h–w C:\Program Files\InstallShield Installation Information
2007-09-04 16:01 ——— d—–w C:\Program Files\Kazaa
2007-09-04 15:50 1,761 —-a-w C:\WINDOWS\Fonts\acrsecB.fon
1999-04-06 16:19 99,840 —-a-w C:\Program Files\Common Files\IRAABOUT.DLL
1998-12-09 01:53 70,144 —-a-w C:\Program Files\Common Files\IRAMDMTR.DLL
1998-12-09 01:53 48,640 —-a-w C:\Program Files\Common Files\IRALPTTR.DLL
1998-12-09 01:53 31,744 —-a-w C:\Program Files\Common Files\IRAWEBTR.DLL
1998-12-09 01:53 186,368 —-a-w C:\Program Files\Common Files\IRAREG.DLL
1998-12-09 01:53 17,920 —-a-w C:\Program Files\Common Files\IRASRIAL.DLL
.
(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
—- Directory of C:\WINDOWS\system32\??stem32 —-
C:\WINDOWS\system32\??stem32\
—- Directory of C:\WINDOWS\system32\SSTEM3~1 —-
C:\WINDOWS\system32\SSTEM3~1\
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-03-22 22:05]
"Snelkoppeling naar eigenschappenvenster voor High Definition Audio"="HDAudPropShortcut.exe" [2004-03-17 15:10 C:\WINDOWS\system32\Hdaudpropshortcut.exe]
"SoundMan"="SOUNDMAN.EXE" [2004-09-23 13:27 C:\WINDOWS\SOUNDMAN.EXE]
"AlcWzrd"="ALCWZRD.EXE" [2004-09-24 12:06 C:\WINDOWS\ALCWZRD.EXE]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2003-10-31 19:42]
"VSOCheckTask"="c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" [2005-09-22 12:19]
"VirusScan Online"="c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe" [2005-03-18 20:28]
"MCAgentExe"="c:\PROGRA~1\mcafee.com\agent\mcagent.exe" [2005-09-22 19:29]
"MCUpdateExe"="C:\PROGRA~1\mcafee.com\agent\mcupdate.exe" [2006-01-11 13:05]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2006-03-06 15:13]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe" [2006-12-15 04:23]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-06-29 06:24]
"SSBkgdUpdate"="C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-09-30 01:14]
"OpwareSE4"="C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" [2006-03-21 14:19]
"IJNetworkScanUtility"="C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE" [2006-06-13 07:39]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 10:03]
"NBJ"="C:\Program Files\Ahead\Nero BackItUp\NBJ.exe" [2004-09-22 16:10]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 16:45]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-23 20:00]
"Cact"="C:\WINDOWS\system32\SSTEM3~1\mmc.exe" []
"Qtobie"="C:\WINDOWS\system32\??stem32\?hkdsk.exe" []
[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Spyware Doctor"=
C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\
Adobe Reader Snelle start.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-24 00:05:26]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1999-02-17 21:05:56]
Picture Package Menu.lnk - C:\Program Files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe [2006-02-18 12:45:24]
Picture Package VCD Maker.lnk - C:\Program Files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe [2006-02-18 12:45:16]
Poort voor Symantec Fax Starter Edition.lnk - C:\Program Files\Microsoft Office\Office\1043\OLFSNT40.EXE [1999-04-06 18:20:18]
R1 cdrbsvsd;cdrbsvsd;C:\WINDOWS\system32\drivers\cdrbsvsd.sys
R3 NaiFiltr;NaiFiltr;C:\WINDOWS\system32\DRIVERS\NaiFiltr.sys
R3 SNCP106;PC Camera (6009 CIF);C:\WINDOWS\system32\DRIVERS\sncp106.sys
S3 hwdatacard;HUAWEI Multimedia USB Driver Disk;C:\WINDOWS\system32\DRIVERS\hwusbmdm.sys
S3 SE2Bbus;Sony Ericsson Device 043 Driver driver (WDM);C:\WINDOWS\system32\DRIVERS\SE2Bbus.sys
S3 se2Bunic;Sony Ericsson Device 043 USB Ethernet Emulation SEMC43 (WDM);C:\WINDOWS\system32\DRIVERS\se2Bunic.sys
S3 sonypvs1;Sony Digital Imaging Video2;C:\WINDOWS\system32\DRIVERS\sonypvs1.sys
S3 TIEHDUSB;TIEHDUSB;C:\WINDOWS\system32\drivers\tiehdusb.sys
.
Inhoud van de 'Gedeelde Taken' map
"2007-10-03 20:44:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
.
**************************************************************************
catchme 0.3.1169 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-10-12 15:51:01
Windows 5.1.2600 Service Pack 2 NTFS
scannen van verborgen processen …
scannen van verborgen autostart items …
scannen van verborgen bestanden …
Scan succesvol afgerond
verborgen bestanden: 0
**************************************************************************
.
Voltooingstijd: 2007-10-12 15:52:43 - machine was rebooted
C:\ComboFix2.txt … 2007-10-11 15:25
.
— E O F —
Hier hijackthis log
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:54:23, on 12-10-2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe
C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe
C:\Program Files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe
C:\Program Files\Microsoft Office\Office\1043\OLFSNT40.EXE
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {12F02779-6D88-4958-8AD3-83C12D86ADC7} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Snelkoppeling naar eigenschappenvenster voor High Definition Audio] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe"
O4 - HKLM\..\Run: [IJNetworkScanUtility] C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Cact] "C:\WINDOWS\system32\SSTEM3~1\mmc.exe" -vt ndrv
O4 - HKCU\..\Run: [Qtobie] C:\WINDOWS\system32\??stem32\?hkdsk.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Snelle start.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Picture Package Menu.lnk = ?
O4 - Global Startup: Picture Package VCD Maker.lnk = ?
O4 - Global Startup: Poort voor Symantec Fax Starter Edition.lnk = C:\Program Files\Microsoft Office\Office\1043\OLFSNT40.EXE
O8 - Extra context menu item: &Search - http://kw.bar.need2find.com/KW/menusearch.html?p=KW
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - https://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
O16 - DPF: {31032508-5443-11D2-8150-0060080BE220} (NATBrowser) - file://C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\NATBrowser.ocx
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by121fd.bay121.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {9FFCDEC6-3906-11D2-8131-0060080BE220} (Three Ships FileIO Control) - file://C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\ThreeShipsFileIO.ocx
O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.5 Control) - http://cache.hyves.nl/statics/Aurigma/ImageUploader.cab
O16 - DPF: {A1F2F2CE-06AF-483C-9F12-D3BAA72477D6} (BatchDownloader Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/PhotoSwap/DigWXMSN.cab
O16 - DPF: {A792BC36-6B4E-11D3-97B1-00500460FA55} (NATGrid) - file://C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\NATGrid.ocx
O16 - DPF: {B08126A6-3BFF-11D2-8133-0060080BE220} (ThreeShips FileBrowser) - file://C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\ThreeShipsFileBrowser.ocx
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game01.zylom.com/activex/zylomgamesplayer.cab
O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/1d/player.virtools.com/downloads/player/Install2.1/Installer.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - McAfee, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O24 - Desktop Component 0: (no name) - http://jufroos.waarbenjij.nu/files/waarbenjij.nu/j/jufroos/457b19b67ed34306398488/file95584694.jpg
–
End of file - 8876 bytes
Alvast bedankt! - 1. Schakel NOD32 van HitmanPro uit of verwijder deze via start –> configuratiescherm –> software omdat
deze anders ruzie gaat maken met je MCafee.
2. Start Hijackthis, Kies voor 'Do a system scan only' en vink onderstaande regels aan:
[b:23a9d6b0d9]
O2 - BHO: (no name) - {12F02779-6D88-4958-8AD3-83C12D86ADC7} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKCU\..\Run: [Cact] "C:\WINDOWS\system32\SSTEM3~1\mmc.exe" -vt ndrv
O4 - HKCU\..\Run: [Qtobie] C:\WINDOWS\system32\??stem32\?hkdsk.exe
O8 - Extra context menu item: &Search - http://kw.bar.need2find.com/KW/menusearch.html?p=KW
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll (file missing)
O16 - DPF: {31032508-5443-11D2-8150-0060080BE220} (NATBrowser) - file://C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\NATBrowser.ocx
O16 - DPF: {9FFCDEC6-3906-11D2-8131-0060080BE220} (Three Ships FileIO Control) - file://C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\ThreeShipsFileIO.ocx
O16 - DPF: {A792BC36-6B4E-11D3-97B1-00500460FA55} (NATGrid) - file://C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\NATGrid.ocx
O16 - DPF: {B08126A6-3BFF-11D2-8133-0060080BE220} (ThreeShips FileBrowser) - file://C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\ThreeShipsFileBrowser.ocx
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game01.zylom.com/activex/zylomgamesplayer.cab
O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/1d/player.virtools.com/downloads/player/Install2.1/Installer.exe
[/b:23a9d6b0d9]
3. Open Kladblok, kopiëer en plak het volgende (vetgedrukte tekst) in een leeg venster:
[b:23a9d6b0d9]
File::
C:\Program Files\Uninstall Need2Find Bar.dll
C:\WINDOWS\system32\SSTEM3~1\mmc.exe
C:\WINDOWS\system32\??stem32\?hkdsk.exe
[/b:23a9d6b0d9]
Sla dit op op je Bureaublad als [b:23a9d6b0d9]CFScript.txt[/b:23a9d6b0d9]
Sleep [b:23a9d6b0d9]CFScript.txt[/b:23a9d6b0d9] in [b:23a9d6b0d9]ComboFix.exe[/b:23a9d6b0d9] zoals getoond in onderstaand voorbeeld :
[img:23a9d6b0d9]http://img.photobucket.com/albums/v666/sUBs/CFScript.gif[/img:23a9d6b0d9]
Dit zal [b:23a9d6b0d9]ComboFix[/b:23a9d6b0d9] doen herstarten.
Start opnieuw op als daarom gevraagd wordt en post de inhoud van de Combofix.txt in je volgende antwoord samen met een nieuw HijackThislogje.
Pim - Wat ik moest aanvinken heb ik verwijderd
- [quote:4d1cba22ec="pimvandenderen"]Leuke verzameling :cry:
Ga naar start –> configuratiescherm –> software en verwijder daar de volgende programma's, [b:4d1cba22ec]indien aanwezig[/b:4d1cba22ec]:
[b:4d1cba22ec]
DriveCleaner Free
Hitman Pro inclusief al zijn componenten, nod32, spyware doctor etc.
[/b:4d1cba22ec]
Herstart je computer.
Download Combofix naar je Bureaublad.
[list:4d1cba22ec]
Dubbelklik [b:4d1cba22ec]Combofix.exe[/b:4d1cba22ec]
Volg de instructies, aanvaard de disclaimer door "[b:4d1cba22ec]1[/b:4d1cba22ec]" te typen en te bevestigen via "[b:4d1cba22ec]Enter[/b:4d1cba22ec]".
Tijdens het runnen van de fix, [b:4d1cba22ec]NIET[/b:4d1cba22ec] in het venster klikken, want dit zal je pc doen vasthangen.[/list:u:4d1cba22ec]
Wanneer de fix voltooid is en na herstart, zal de log combofix.txt openen.
[i:4d1cba22ec]Plaats deze log in je volgende post samen met een nieuw HijackThis log.[/i:4d1cba22ec]
[b:4d1cba22ec]Note:[/b:4d1cba22ec] Indien je virusscanner reageert tijdens het downloaden of gebruik van Combofix, mag je dit negeren.
succes![/quote:4d1cba22ec]
wta ik niet snap
waarom hitmanpro verwijderen??
is toch een goeie programma met goeie scanners enzo.
off is het wat anders
tell me pleasss
kan ik t ook verwijderen - [quote:90137d4309="pimvandenderen"]Leuke verzameling :cry:
Ga naar start –> configuratiescherm –> software en verwijder daar de volgende programma's, [b:90137d4309]indien aanwezig[/b:90137d4309]:
[b:90137d4309]
DriveCleaner Free
Hitman Pro inclusief al zijn componenten, nod32, spyware doctor etc.
[/b:90137d4309]
Herstart je computer.
Download Combofix naar je Bureaublad.
[list:90137d4309]
Dubbelklik [b:90137d4309]Combofix.exe[/b:90137d4309]
Volg de instructies, aanvaard de disclaimer door "[b:90137d4309]1[/b:90137d4309]" te typen en te bevestigen via "[b:90137d4309]Enter[/b:90137d4309]".
Tijdens het runnen van de fix, [b:90137d4309]NIET[/b:90137d4309] in het venster klikken, want dit zal je pc doen vasthangen.[/list:u:90137d4309]
Wanneer de fix voltooid is en na herstart, zal de log combofix.txt openen.
[i:90137d4309]Plaats deze log in je volgende post samen met een nieuw HijackThis log.[/i:90137d4309]
[b:90137d4309]Note:[/b:90137d4309] Indien je virusscanner reageert tijdens het downloaden of gebruik van Combofix, mag je dit negeren.
succes![/quote:90137d4309]
wat ik niet snap
waarom hitmanpro verwijderen??
is toch een goeie programma met goeie scanners enzo.
of is het wat anders
tell me pleasss
dan kan ik t ook verwjderen - Combofix logje:
ComboFix 07-10-11.5 - Administrator 2007-10-12 18:52:10.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1043.18.626 [GMT 2:00]
Gestart vanuit: C:\Documents and Settings\Administrator\Bureaublad\ComboFix.exe
Command switches used :: C:\Documents and Settings\Administrator\Bureaublad\CFScript.txt
* Nieuw herstelpunt werd aangemaakt
FILE::
C:\Program Files\Uninstall Need2Find Bar.dll
C:\WINDOWS\system32\SSTEM3~1\mmc.exe
.
(((((((((((((((((((( Bestanden Gemaakt van 2007-09-12 to 2007-10-12 ))))))))))))))))))))))))))))))
.
2007-10-11 15:12 51,200 –a—— C:\WINDOWS\NirCmd.exe
2007-10-10 13:50 <DIR> d——– C:\Program Files\Trend Micro
2007-10-08 09:17 <DIR> d——– C:\WINDOWS\system32\acespy
2007-10-06 16:31 560 –a—— C:\Documents and Settings\Administrator\Application Data\ViewerApp.dat
2007-10-06 16:30 90,800 -ra—— C:\WINDOWS\system32\drivers\se2Bunic.sys
2007-10-06 16:30 4,128 -ra—— C:\WINDOWS\system32\drivers\se2Bcr.sys
2007-10-06 16:26 61,600 -ra—— C:\WINDOWS\system32\drivers\SE2Bbus.sys
2007-10-06 16:26 5,872 -ra—— C:\WINDOWS\system32\drivers\SE2Bwhnt.sys
2007-10-06 16:26 5,872 -ra—— C:\WINDOWS\system32\drivers\se2Bwh.sys
2007-09-23 13:09 <DIR> d——– C:\WINDOWS\uninstall\CCRP5 Integrated Development Environment
2007-09-23 13:09 <DIR> d——– C:\WINDOWS\uninstall
2007-09-23 13:09 <DIR> d——– C:\Program Files\CCRP5
2007-09-23 13:07 <DIR> d——– C:\Program Files\ROBOTER
2007-09-23 13:07 112,128 –a—— C:\WINDOWS\system32\CmCtlDE.dll
2007-09-23 13:07 33,792 –a—— C:\WINDOWS\system32\CmDlgDE.dll
2007-09-23 13:07 13,824 –a—— C:\WINDOWS\system32\MSComDE.dll
2007-09-23 13:07 10,752 –a—— C:\WINDOWS\system32\FlxGdDE.dll
2007-09-13 21:46 49,536 -ra—— C:\WINDOWS\system32\drivers\tiehdusb.sys
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-10-12 16:51 ——— d—–w C:\Program Files\Virtools Web Player 2.1
2007-10-11 13:00 ——— d—–w C:\Program Files\iFinger
2007-10-11 13:00 ——— d—–w C:\Program Files\Hitman Pro
2007-10-11 12:59 ——— d—–w C:\Program Files\Webroot
2007-10-11 12:59 ——— d—–w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-10-11 12:57 ——— d—–w C:\Documents and Settings\Administrator\Application Data\Lavasoft
2007-09-28 13:18 ——— d—–w C:\Program Files\EA SPORTS
2007-09-10 19:07 ——— d—–w C:\Documents and Settings\Administrator\Application Data\Canon
2007-09-04 16:01 ——— d–h–w C:\Program Files\InstallShield Installation Information
2007-09-04 16:01 ——— d—–w C:\Program Files\Kazaa
2007-09-04 15:50 1,761 —-a-w C:\WINDOWS\Fonts\acrsecB.fon
2007-08-21 06:18 683,520 —-a-w C:\WINDOWS\system32\inetcomm.dll
2007-07-30 17:19 92,504 —-a-w C:\WINDOWS\system32\cdm.dll
2007-07-30 17:19 549,720 —-a-w C:\WINDOWS\system32\wuapi.dll
2007-07-30 17:19 53,080 —-a-w C:\WINDOWS\system32\wuauclt.exe
2007-07-30 17:19 43,352 —-a-w C:\WINDOWS\system32\wups2.dll
2007-07-30 17:19 325,976 —-a-w C:\WINDOWS\system32\wucltui.dll
2007-07-30 17:19 203,096 —-a-w C:\WINDOWS\system32\wuweb.dll
2007-07-30 17:19 1,712,984 —-a-w C:\WINDOWS\system32\wuaueng.dll
2007-07-30 17:18 33,624 —-a-w C:\WINDOWS\system32\wups.dll
1999-04-06 16:19 99,840 —-a-w C:\Program Files\Common Files\IRAABOUT.DLL
1998-12-09 01:53 70,144 —-a-w C:\Program Files\Common Files\IRAMDMTR.DLL
1998-12-09 01:53 48,640 —-a-w C:\Program Files\Common Files\IRALPTTR.DLL
1998-12-09 01:53 31,744 —-a-w C:\Program Files\Common Files\IRAWEBTR.DLL
1998-12-09 01:53 186,368 —-a-w C:\Program Files\Common Files\IRAREG.DLL
1998-12-09 01:53 17,920 —-a-w C:\Program Files\Common Files\IRASRIAL.DLL
.
((((((((((((((((((((((((((((( snapshot@2007-10-11_15.24.48.95 )))))))))))))))))))))))))))))))))))))))))
.
+ 2004-08-04 08:03:23 417,792 -c–a-w C:\WINDOWS\system32\dllcache\vbscript.dll
+ 2004-08-04 08:03:23 178,176 -c–a-w C:\WINDOWS\system32\dllcache\wbemdisp.dll
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-03-22 22:05]
"Snelkoppeling naar eigenschappenvenster voor High Definition Audio"="HDAudPropShortcut.exe" [2004-03-17 15:10 C:\WINDOWS\system32\Hdaudpropshortcut.exe]
"SoundMan"="SOUNDMAN.EXE" [2004-09-23 13:27 C:\WINDOWS\SOUNDMAN.EXE]
"AlcWzrd"="ALCWZRD.EXE" [2004-09-24 12:06 C:\WINDOWS\ALCWZRD.EXE]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2003-10-31 19:42]
"VSOCheckTask"="c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" [2005-09-22 12:19]
"VirusScan Online"="c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe" [2005-03-18 20:28]
"MCAgentExe"="c:\PROGRA~1\mcafee.com\agent\mcagent.exe" [2005-09-22 19:29]
"MCUpdateExe"="C:\PROGRA~1\mcafee.com\agent\mcupdate.exe" [2006-01-11 13:05]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2006-03-06 15:13]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe" [2006-12-15 04:23]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-06-29 06:24]
"SSBkgdUpdate"="C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-09-30 01:14]
"OpwareSE4"="C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" [2006-03-21 14:19]
"IJNetworkScanUtility"="C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE" [2006-06-13 07:39]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 10:03]
"NBJ"="C:\Program Files\Ahead\Nero BackItUp\NBJ.exe" [2004-09-22 16:10]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 16:45]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-23 20:00]
[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Spyware Doctor"=
C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\
Adobe Reader Snelle start.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-24 00:05:26]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1999-02-17 21:05:56]
Picture Package Menu.lnk - C:\Program Files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe [2006-02-18 12:45:24]
Picture Package VCD Maker.lnk - C:\Program Files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe [2006-02-18 12:45:16]
Poort voor Symantec Fax Starter Edition.lnk - C:\Program Files\Microsoft Office\Office\1043\OLFSNT40.EXE [1999-04-06 18:20:18]
R1 cdrbsvsd;cdrbsvsd;C:\WINDOWS\system32\drivers\cdrbsvsd.sys
R3 NaiFiltr;NaiFiltr;C:\WINDOWS\system32\DRIVERS\NaiFiltr.sys
R3 SNCP106;PC Camera (6009 CIF);C:\WINDOWS\system32\DRIVERS\sncp106.sys
S3 hwdatacard;HUAWEI Multimedia USB Driver Disk;C:\WINDOWS\system32\DRIVERS\hwusbmdm.sys
S3 SE2Bbus;Sony Ericsson Device 043 Driver driver (WDM);C:\WINDOWS\system32\DRIVERS\SE2Bbus.sys
S3 se2Bunic;Sony Ericsson Device 043 USB Ethernet Emulation SEMC43 (WDM);C:\WINDOWS\system32\DRIVERS\se2Bunic.sys
S3 sonypvs1;Sony Digital Imaging Video2;C:\WINDOWS\system32\DRIVERS\sonypvs1.sys
S3 TIEHDUSB;TIEHDUSB;C:\WINDOWS\system32\drivers\tiehdusb.sys
.
Inhoud van de 'Gedeelde Taken' map
"2007-10-03 20:44:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
.
**************************************************************************
catchme 0.3.1169 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-10-12 18:54:01
Windows 5.1.2600 Service Pack 2 NTFS
scannen van verborgen processen …
scannen van verborgen autostart items …
scannen van verborgen bestanden …
Scan succesvol afgerond
verborgen bestanden: 0
**************************************************************************
.
Voltooingstijd: 2007-10-12 18:54:33
C:\ComboFix2.txt … 2007-10-12 15:52
C:\ComboFix3.txt … 2007-10-11 15:25
.
— E O F —
[b:a39e2f8962]Hijackthis logje[/b:a39e2f8962]
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:55:50, on 12-10-2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe
C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe
C:\Program Files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe
C:\Program Files\Microsoft Office\Office\1043\OLFSNT40.EXE
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Snelkoppeling naar eigenschappenvenster voor High Definition Audio] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe"
O4 - HKLM\..\Run: [IJNetworkScanUtility] C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Snelle start.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Picture Package Menu.lnk = ?
O4 - Global Startup: Picture Package VCD Maker.lnk = ?
O4 - Global Startup: Poort voor Symantec Fax Starter Edition.lnk = C:\Program Files\Microsoft Office\Office\1043\OLFSNT40.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - https://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by121fd.bay121.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.5 Control) - http://cache.hyves.nl/statics/Aurigma/ImageUploader.cab
O16 - DPF: {A1F2F2CE-06AF-483C-9F12-D3BAA72477D6} (BatchDownloader Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/PhotoSwap/DigWXMSN.cab
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - McAfee, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O24 - Desktop Component 0: (no name) - http://jufroos.waarbenjij.nu/files/waarbenjij.nu/j/jufroos/457b19b67ed34306398488/file95584694.jpg
–
End of file - 7561 bytes - Hitman Pro heeft een aantal trail versies erin zitten van 30 dagen,
deze werken in het begin leuk maar daarna vertragen ze het systeem
alleen maar: http://www.vragenforum.nl/bv2.php?article=30
Download ATF Cleaner (by Atribune)
Dubbelklik op ATF cleaner om het programma te starten.
Op het tabblad "Main", plaats je een vinkje bij [b:21e7a4685c]Select All[/b:21e7a4685c].
Klik op de knop [b:21e7a4685c]Empty Selected[/b:21e7a4685c].
Het volgende doen als je ook [u:21e7a4685c]FireFox[/u:21e7a4685c] als browser hebt:
Klik op tabblad "Firefox", plaats een vinkje bij [b:21e7a4685c]Select All[/b:21e7a4685c].
Wil je de door Firefox opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op "No".
(dit haalt het vinkje weer weg bij "Firefox saved passwords"
Klik op de knop [b:21e7a4685c]Empty Selected.[/b:21e7a4685c]
Het volgende doen als je ook [u:21e7a4685c]Opera[/u:21e7a4685c] als browser hebt:
Klik op tabblad "Opera", plaats een vinkje bij [b:21e7a4685c]Select All[/b:21e7a4685c].
Wil je de door Opera opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op "No".
Klik op de knop [b:21e7a4685c]Empty Selected[/b:21e7a4685c].
Ga naar het tabblad "Main" en klik op de knop [b:21e7a4685c]Exit[/b:21e7a4685c] om het programma af te sluiten.
Download Dr.Web Cureit naar je bureaublad.
[list:21e7a4685c]
* Dubbelklik [b:21e7a4685c]drweb-cureit.exe[/b:21e7a4685c] en sta het toe om de express scan te starten.
* Indien een popup verschijnt met het voorstel tot kopen/50% korting,
mag je deze sluiten met het kruisje.
* Dit zal de bestanden scannen die momenteel in het geheugen geladen zijn en wanneer er iets gevonden wordt,
klik de [b:21e7a4685c]Yes to all[/b:21e7a4685c] knop bij de vraag 'cure it?'. Dit is enkel een korte scan.
* Kies bovenaan in het menu voor [b:21e7a4685c]Language/Taal[/b:21e7a4685c] en wijzig deze naar [b:21e7a4685c]Dutch (Nederlands)[/b:21e7a4685c] indien deze bij jou anders staat ingesteld.
* Druk op [b:21e7a4685c]F9[/b:21e7a4685c] en kies daarna voor [b:21e7a4685c]Acties[/b:21e7a4685c] en stel daar het volgende in onder [b:21e7a4685c]Malware[/b:21e7a4685c] :
o Adware: [b:21e7a4685c]Verplaats[/b:21e7a4685c]
Dialers: [b:21e7a4685c]Verplaats[/b:21e7a4685c]
Jokes: [b:21e7a4685c]Rapportage[/b:21e7a4685c]
Riskware: [b:21e7a4685c]Rapportage[/b:21e7a4685c]
Hacktools: [b:21e7a4685c]Verplaats[/b:21e7a4685c]
Haal dan het [b:21e7a4685c]vinkje weg bij "Prompt bij actie"[/b:21e7a4685c].
Druk dan op [b:21e7a4685c]OK[/b:21e7a4685c].
* Druk op [b:21e7a4685c]F9[/b:21e7a4685c] en kies daarna voor [b:21e7a4685c]Scan[/b:21e7a4685c] en verwijder het vinkje bij [b:21e7a4685c]Heuristische analyse[/b:21e7a4685c] en klik op [b:21e7a4685c]OK[/b:21e7a4685c].
* Eenmaal de korte scan is beeïndigd, kan je de drives selecteren die je wilt laten scannen (Selecteer stations).
* Selecteer hier [b:21e7a4685c]alle stations[/b:21e7a4685c]. Een rood bolletje zal dan tevoorschijn komen op de drives die je laat scannen.
* Klik daarna de - Alle spyware is er al vanaf
En de pc doet gewoon weer normaal thx!!
Is het dan nog persé nodig dat ik hetgene nog doe wat je in je laatste post hebt staan? - Graag gedaan alvast :wink:
Die Drweb scan wou ik voor de zekerheid even laten uitvoeren, omdat er toch aardig wat spyware opzat. Opzich hoef je deze niet te doen, maar ter controle is het opzich wel handig! Het is je eigen keus natuurlijk :wink:
Wel moet je dringend je Java even updaten:
De Java software op je computer is verouderd.
Oudere versies hebben lekken die malware de kans geeft om zich te installeren.
Voer eerst onderstaane stappen uit om Java te deïnstalleren en de nieuwste versie te installeren:
* Download Java Runtime Environment (JRE) 6u3
* Scroll omlaag naar : "Java Runtime Environment (JRE) 6u3".
* Klik op de "[b:39e5f2f1d2]Download[/b:39e5f2f1d2]" knop aan de rechterkant.
* Vink aan: "[b:39e5f2f1d2]Accept[/b:39e5f2f1d2] License Agreement".
* De pagina zal herladen.
* Klik op de link om Windows [b:39e5f2f1d2]Offline[/b:39e5f2f1d2] Installation te downloaden met Meerdere-talen, en bewaar het naar je Bureaublad.
* Sluit alle programma's die eventueel open zijn - Zeker je web browser!
* Ga dan naar [b:39e5f2f1d2]Start > Configuratiescherm > Software[/b:39e5f2f1d2] en verwijder alle oudere versies van Java uit de Softwarelijst.
* Vink alles aan met Java Runtime Environment (JRE of J2SE) in de naam.
* Klik dan op [b:39e5f2f1d2]Verwijderen[/b:39e5f2f1d2] of op de [b:39e5f2f1d2]Wijzig/Verwijder[/b:39e5f2f1d2] knop.
* Herhaal dit tot alle oudere versies verdwenen zijn.
* Na het verwijderen van alle oudere versies, [b:39e5f2f1d2]herstart[/b:39e5f2f1d2] je pc.
* Dubbelklik vervolgens op [b:39e5f2f1d2]jre-6u3-windows-i586-p.exe[/b:39e5f2f1d2] op je Bureaublad om de nieuwste versie van Java te installeren.
Beantwoord deze vraag
Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.