Op deze website gebruiken we cookies om content en advertenties te personaliseren, om functies voor social media te bieden en om ons websiteverkeer te analyseren. Ook delen we informatie over uw gebruik van onze site met onze partners voor social media, adverteren en analyse. Deze partners kunnen deze gegevens combineren met andere informatie die u aan ze heeft verstrekt of die ze hebben verzameld op basis van uw gebruik van hun services. Meer informatie.

Akkoord

Vraag & Antwoord

Beveiliging & privacy

pc probleem,hijackthis log

Anoniem
kloassie
7 antwoorden
  • hoi mijn pc start laatste tijd soms uit zichzelf opnieuw op,heb even een hijackthis log gemaakt misschien ziet iemand een probleem.


    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 15:51:34, on 25-2-2009
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    C:\Program Files\Windows Live\Family Safety\fsssvc.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\Program Files\Network Associates\VirusScan\Mcshield.exe
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\Program Files\Logitech\iTouch\iTouch.exe
    C:\Program Files\Logitech\MouseWare\system\em_exec.exe
    C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
    C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
    C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe
    C:\Program Files\Winamp\winampa.exe
    C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
    C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\Program Files\Windows Live\Family Safety\fsui.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\DAEMON Tools\daemon.exe
    C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
    C:\Program Files\UPHClean\uphclean.exe
    C:\Program Files\Registry Mechanic\RegMech.exe
    C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
    C:\Program Files\WinZip\WZQKPICK.EXE
    C:\Program Files\OpenOffice.org 2.4\program\soffice.exe
    C:\PROGRA~1\GADWIN~1\PRINTS~1\PrintScreen.exe
    C:\Program Files\OpenOffice.org 2.4\program\soffice.BIN
    C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
    C:\Program Files\Windows Live\Contacts\wlcomm.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Windows Live\Toolbar\wltuser.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: Windows Live Family Safety Browser Helper - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll
    O2 - BHO: Click-to-Call BHO - {5C255C8A-E604-49b4-9D64-90988571CECB} - C:\Program Files\Windows Live\Messenger\wlchtc.dll
    O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
    O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
    O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
    O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
    O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
    O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe"
    O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
    O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
    O4 - HKLM\..\Run: [fssui] "C:\Program Files\Windows Live\Family Safety\fsui.exe" -autorun
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_0
    O4 - HKCU\..\Run: [RegistryMechanic] C:\Program Files\Registry Mechanic\RegMech.exe /H
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Startup: OpenOffice.org 2.4 .lnk = C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe
    O4 - Startup: PrintScreen.lnk = C:\Program Files\Gadwin Systems\PrintScreen\UNWISE.EXE
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
    O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: In weblog opnemen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: &In weblog opnemen met Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
    O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/NL-NL/a-UNO1/GAME_UNO1.cab
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl.sun.com/webapps/download/AutoDL?BundleId=26688
    O16 - DPF: {AE2B937E-EA7D-4A8D-888C-B68D7F72A3C4} (IPSUploader4 Control) - http://as.photoprintit.de/ips-opdata/74914090/activex/IPSUploader4.cab
    O16 - DPF: {BD8667B7-38D8-4C77-B580-18C3E146372C} (Creative Toolbox Plug-in) - http://kiw.imgag.com/imgag/cp/install/crusher-kiwen.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    O16 - DPF: {E55FD215-A32E-43FE-A777-A7E8F165F551} (Flatcast Viewer 4.15) - http://www.flatcast-data.com/data/objects/NpFv415.dll
    O16 - DPF: {E55FD215-A32E-43FE-A777-A7E8F165F557} (Flatcast Viewer 5.0) - http://data.myflatcast.com/data/objects/NpFv501.dll
    O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
    O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
    O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
    O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe


    End of file - 10487 bytes
  • Download [b:8ad74d2d95] en sla het op je bureaublad op.
    Dubbelklik op [b:8ad74d2d95]mbam-setup.exe[/b:8ad74d2d95] om het programma te installeren.

    Zorg dat er na de installatie een vinkje is geplaatst bij:[list:8ad74d2d95]
    [*:8ad74d2d95]Update MalwareBytes' Anti-Malware
    [*:8ad74d2d95]Start MalwareBytes' Anti-Malware
    [/list:u:8ad74d2d95]Klik daarna op "[b:8ad74d2d95]Voltooien[/b:8ad74d2d95]".
    Indien een update gevonden wordt, zal die gedownload en geïnstalleerd worden.[list:8ad74d2d95]
    [*:8ad74d2d95]Zodra het programma gestart is, ga dan naar het tabblad "[b:8ad74d2d95]Instellingen[/b:8ad74d2d95]".
    [*:8ad74d2d95]Vink hier aan: "[b:8ad74d2d95]Sluit Internet Explorer tijdens verwijdering van malware[/b:8ad74d2d95]".
    [*:8ad74d2d95]Ga daarna naar het tabblad "[b:8ad74d2d95]Scanner[/b:8ad74d2d95]", kies hier voor "[b:8ad74d2d95]Snelle Scan[/b:8ad74d2d95]".
    [*:8ad74d2d95]Druk vervolgens op "[b:8ad74d2d95]Scannen[/b:8ad74d2d95]" om de scan te starten.
    [*:8ad74d2d95]Het scannen kan een tijdje duren, dus wees geduldig.

    [*:8ad74d2d95]Wanneer de scan voltooid is, klik op [b:8ad74d2d95]OK[/b:8ad74d2d95], daarna "[b:8ad74d2d95]Bekijk Resultaten[/b:8ad74d2d95]" om de resultaten te zien.
    [*:8ad74d2d95]Zorg ervoor dat daar alles aangevinkt is, daarna klik op: "[b:8ad74d2d95]Verwijder geselecteerde[/b:8ad74d2d95]".
    [*:8ad74d2d95]Na het verwijderen zal een log openen en zal er gevraagd worden om de computer opnieuw op te starten.
    [/list:u:8ad74d2d95]Het log wordt automatisch bewaard door MalwareBytes' Anti-Malware en kan je terugvinden door op de "[b:8ad74d2d95]Logs[/b:8ad74d2d95]" tab te klikken in het programma.

    Plaats dit logje





    Download [b:8ad74d2d95] naar je Bureaublad en gebruik het volgens deze handleiding.
    [i:8ad74d2d95]
  • hoi de malware kan niets vinden ,en de log van combofix kan ik niet plaatsen omdat bij mij explorer dan vastloopt, ik zal proberen het te uploaden en post het dan!!
  • hier de combofix log

    http://www.sendspace.com/file/qg9ta9
  • Download ATF cleaner (mirror)(gemaakt door Atribune)

    Belangrijk: Sluit al je browservensters(IE en/of Firefox en/of Opera) om de tool goed te kunnen laten werken.

    Dubbelklik op

    ATF cleaner om het programma te starten.
    Op het tabblad Main, plaats je een vinkje bij Select All.
    Klik op de knop Empty Selected.

    Het volgende doen als je ook FireFox als browser hebt:

    Klik op tabblad Firefox, plaats een vinkje bij Select All.
    Wil je de door Firefox opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op No.
    (dit haalt het vinkje weer weg bij Firefox saved passwords)
    Klik op de knop Empty Selected.

    Het volgende doen als je ook Opera als browser hebt:

    Klik op tabblad Opera, plaats een vinkje bij Select All.
    Wil je de door Opera opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op No.
    Klik op de knop Empty Selected.
    Ga naar het tabblad Main en klik op de knop Exit om het programma af te sluiten.




    Download Flash_Disinfector.exe en plaats hem op je bureaublad: http://download.bleepingcomputer.com/sUBs/Flash_Disinfector.exe
    Zorg dat de flasdrives / usbsticks / externe harde schijven ook ingestoken zijn.
    Dubbelklik op Flash_Disinfector.exe om de tool te starten.
    Als de tool klaar is, zal de computer opnieuw starten.



    Open een kladblokbestand.
    Kopieer de onderstaande code, en plak deze in het kladblokbestand.

  • hier de combofix log,

    ComboFix 09-02-24.02 - Administrator 2009-02-25 18:18:31.4 - NTFSx86
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1043.18.1023.464 [GMT 1:00]
    Gestart vanuit: c:\documents and settings\Administrator\Bureaublad\ComboFix.exe
    gebruikte Opdracht switches :: c:\documents and settings\Administrator\Bureaublad\CFScript.txt
    AV: AVG 7.5.552 *On-access scanning enabled* (Updated)
    * Nieuw herstelpunt werd aangemaakt
    * Resident AV is active

    .

    (((((((((((((((((((( Bestanden Gemaakt van 2009-01-25 to 2009-02-25 ))))))))))))))))))))))))))))))
    .

    2009-02-25 16:26 . 2009-02-25 16:26 <DIR> d——– c:\program files\Malwarebytes' Anti-Malware
    2009-02-25 16:26 . 2009-02-11 10:19 38,496 –a—— c:\windows\system32\drivers\mbamswissarmy.sys
    2009-02-25 16:26 . 2009-02-11 10:19 15,504 –a—— c:\windows\system32\drivers\mbam.sys
    2009-02-23 15:07 . 2009-02-23 15:07 <DIR> d——– c:\documents and settings\All Users\Application Data\Azureus
    2009-02-23 15:07 . 2009-02-23 16:54 <DIR> d——– c:\documents and settings\Administrator\Application Data\Azureus
    2009-02-21 01:14 . 2009-02-25 18:16 <DIR> dr-h—– c:\documents and settings\Administrator\Onlangs geopend
    2009-02-06 19:55 . 2009-02-06 19:55 308,616 –a—— c:\windows\WLXPGSS.SCR
    2009-02-06 18:52 . 2009-02-06 18:52 49,504 –a—— c:\windows\system32\sirenacm.dll
    2009-01-29 15:00 . 2009-01-29 15:00 <DIR> d——– c:\program files\SpacialAudio
    2009-01-29 15:00 . 2005-08-15 20:43 1,726,973 –a—— c:\program files\simplecast.exe

    .
    ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2009-02-25 15:23 ——— d—–w c:\documents and settings\Administrator\Application Data\OpenOffice.org2
    2009-02-25 15:22 ——— d—a-w c:\documents and settings\All Users\Application Data\TEMP
    2009-02-25 15:22 ——— d—–w c:\documents and settings\Administrator\Application Data\AdobeUM
    2009-02-25 14:10 ——— d—–w c:\documents and settings\All Users\Application Data\avg7
    2009-02-24 06:58 ——— d—–w c:\documents and settings\Administrator\Application Data\LimeWire
    2009-02-21 10:20 ——— d—–w c:\program files\Windows Live
    2009-01-31 07:45 ——— d—–w c:\program files\Radio Toolbox
    2009-01-29 12:39 ——— d—–w c:\program files\CCleaner
    2009-01-09 08:19 ——— d—–w c:\program files\Steinberg
    2009-01-09 07:04 ——— d—–w c:\program files\Microsoft Office Outlook Connector
    2009-01-09 07:02 ——— d—–w c:\program files\Microsoft Sync Framework
    2009-01-09 06:59 ——— d—–w c:\program files\Windows Live SkyDrive
    2009-01-08 13:07 ——— d—–w c:\documents and settings\Administrator\Application Data\Steinberg
    2009-01-08 13:03 ——— d—–w c:\program files\VOB
    2008-12-28 18:11 ——— d—–w c:\program files\Anubis - Het geheim van Osiris
    2008-12-28 18:11 ——— d—–w c:\documents and settings\Administrator\Application Data\be.studio100.anubis.geheimosiris.EDBFCDA94497EF95492B29109E223D9FF9591DDB.1
    2008-12-28 18:10 ——— d—–w c:\program files\Common Files\Adobe AIR
    2008-12-26 09:32 ——— d—–w c:\program files\Best Friends - Mijn Paard
    2008-12-07 21:28 410,984 —-a-w c:\windows\system32\deploytk.dll
    2008-12-07 20:44 7,513,456 —-a-w C:\rminstall.exe
    2008-12-07 08:11 1,649,976 —-a-w C:\mbam-setup.exe
    2008-12-06 23:25 812,344 —-a-w C:\HJTInstall.exe
    2008-11-25 17:41 1,751,795 —-a-w c:\program files\P2MSetup.exe
    2008-11-13 17:19 362,312 —-a-w c:\program files\rtbsetup-1-1-1.exe
    2008-10-20 14:39 846,679 —-a-w c:\program files\undercoverxp.zip
    2008-10-15 18:11 2,416,301 —-a-w c:\program files\SetupFTD3.8.4.zip
    2008-10-12 16:48 2,459,395 —-a-w c:\program files\SetupFTD3.8.4.exe
    2008-08-29 12:11 2,085,280 —-a-w c:\program files\mbam-setup.exe
    2007-09-03 10:08 2,320,867 —-a-w c:\program files\SetupFTD3.8.zip
    2004-03-11 11:27 40,960 —-a-w c:\program files\Uninstall_CDS.exe
    .

    ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
    "DAEMON Tools"="c:\program files\DAEMON Tools\daemon.exe" [2006-11-12 157592]
    "MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2009-02-06 3885408]
    "updateMgr"="c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2004-11-22 307200]
    "RegistryMechanic"="c:\program files\Registry Mechanic\RegMech.exe" [2008-07-08 2828184]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-02-22 339968]
    "zBrowser Launcher"="c:\program files\Logitech\iTouch\iTouch.exe" [2003-12-01 892928]
    "NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
    "ShStatEXE"="c:\program files\Network Associates\VirusScan\SHSTAT.EXE" [2004-08-18 94208]
    "McAfeeUpdaterUI"="c:\program files\Network Associates\Common Framework\UpdaterUI.exe" [2004-08-06 139320]
    "Network Associates Error Reporting Service"="c:\program files\Common Files\Network Associates\TalkBack\TBMon.exe" [2003-10-07 147514]
    "WinampAgent"="c:\program files\Winamp\winampa.exe" [2007-05-14 35328]
    "PCSuiteTrayApplication"="c:\program files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2007-03-23 227328]
    "!AVG Anti-Spyware"="c:\program files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 6731312]
    "AVG7_CC"="c:\progra~1\Grisoft\AVG7\avgcc.exe" [2008-10-17 590848]
    "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-07 136600]
    "fssui"="c:\program files\Windows Live\Family Safety\fsui.exe" [2009-02-06 454000]
    "SoundMan"="SOUNDMAN.EXE" [2002-12-31 c:\windows\SOUNDMAN.EXE]
    "Logitech Utility"="Logi_MwX.Exe" [2003-11-07 c:\windows\LOGI_MWX.EXE]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
    "Nokia.PCSync"="c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-03-27 1744896]
    "AVG7_Run"="c:\progra~1\Grisoft\AVG7\avgw.exe" [2008-02-13 219136]

    c:\documents and settings\Administrator\Menu Start\Programma's\Opstarten\
    OpenOffice.org 2.4 .lnk - c:\program files\OpenOffice.org 2.4\program\quickstart.exe [2008-01-21 393216]
    PrintScreen.lnk - c:\program files\Gadwin Systems\PrintScreen\UNWISE.EXE [2007-06-25 164864]

    c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\
    Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]
    InterVideo WinCinema Manager.lnk - c:\program files\InterVideo\Common\Bin\WinCinemaMgr.exe [2007-06-24 98304]
    WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2007-06-25 106560]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "msacm.l3acm"= l3codecp.acm

    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "AntiVirusOverride"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\Grisoft\\AVG7\\avginet.exe"=
    "c:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"=
    "c:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"=
    "c:\\Program Files\\LimeWire\\LimeWire.exe"=
    "c:\\Program Files\\Radio Toolbox\\rtb.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=

    R1 Asapi;Asapi;c:\windows\system32\drivers\asapi.sys [2009-01-08 11264]
    R1 NaiAvTdi1;NaiAvTdi1;c:\windows\system32\drivers\mvstdi5x.sys [2007-06-25 58464]
    R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2009-01-09 55136]
    R2 fsssvc;Windows Live Family Safety;c:\program files\Windows Live\Family Safety\fsssvc.exe [2009-02-06 533360]
    R2 SeaPort;SeaPort;c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2009-01-14 226656]
    R3 LCcfltr;Logitech USB Filter Driver;c:\windows\system32\drivers\LCCFLTR.SYS [2007-06-24 14092]
    S3 Ndisprot;ArcNet NDIS Protocol Driver;c:\windows\system32\drivers
    disprot.sys [2008-12-04 27904]

    — Andere Services/Drivers In Geheugen —

    *Deregistered* - uphcleanhlp
    .
    .
    ——- Bijkomende Scan ——-
    .
    uStart Page = hxxp://www.google.com/
    IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    DPF: {AE2B937E-EA7D-4A8D-888C-B68D7F72A3C4} - hxxp://as.photoprintit.de/ips-opdata/74914090/activex/IPSUploader4.cab
    DPF: {E55FD215-A32E-43FE-A777-A7E8F165F551} - hxxp://www.flatcast-data.com/data/objects/NpFv415.dll
    DPF: {E55FD215-A32E-43FE-A777-A7E8F165F557} - hxxp://data.myflatcast.com/data/objects/NpFv501.dll
    .

    **************************************************************************

    catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2009-02-25 18:20:24
    Windows 5.1.2600 Service Pack 3 NTFS

    scannen van verborgen processen …

    scannen van verborgen autostart items …

    scannen van verborgen bestanden …

    Scan succesvol afgerond
    verborgen bestanden: 0

    **************************************************************************
    .
    ——————— VERGRENDELDE REGISTER SLEUTELS ———————

    [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|é•9~*]
    "3140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
    .
    ——————— DLLs Geladen Onder Lopende Processen ———————

    - - - - - - - > 'winlogon.exe'(704)
    c:\windows\system32\Ati2evxx.dll
    .
    Voltooingstijd: 2009-02-25 18:22:53
    ComboFix-quarantined-files.txt 2009-02-25 17:22:50
    ComboFix2.txt 2009-02-25 15:53:12
    ComboFix3.txt 2008-12-09 15:30:25
    ComboFix4.txt 2008-12-09 14:47:09

    Pre-Run: 23.246.278.656 bytes beschikbaar
    Post-Run: 23,231,827,968 bytes beschikbaar

    Current=8 Default=8 Failed=7 LastKnownGood=10 Sets=1,2,3,4,5,6,7,8,9,10
    151 — E O F — 2009-02-25 14:00:58
  • Hoe staat het met de problemen?

Beantwoord deze vraag

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.