Vraag & Antwoord
trojan infectie
13 antwoorden
- Ik ben tevens geinfecteerd met een trojan generic 18.
HiJackThis geeft dit:
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:16:21, on 12-6-2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18904)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\SMINST\scheduler.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\pthosttr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\SMINST\scheduler.exe
C:\Windows\system32\conime.exe
C:\Program Files\AVG\AVG9\avgui.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.spitsnieuws.nl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=NL_NL&c=none&bd=smb&pf=laptop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=NL_NL&c=none&bd=smb&pf=laptop
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: ThreeShips IEHelper - {17FDB9F8-DCC4-4F6A-AE07-B16018A48469} - C:\Program Files\Common Files\Threeships Shared\DLL\ThreeShipsIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Aanmeldhulp voor Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Credential Manager for HP ProtectTools - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - C:\Program Files\Hewlett-Packard\IAM\Bin\ItIEAddIn.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [PTHOSTTR] C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE /Start
O4 - HKLM\..\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
O4 - HKLM\..\Run: [HP Health Check Scheduler] C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [CognizanceTS] rundll32.exe C:\PROGRA~1\HEWLET~1\IAM\Bin\ASTSVCC.dll,RegisterModule
O4 - HKLM\..\Run: [WatchDog] C:\Program Files\InterVideo\DVD Check\DVDCheck .exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKLM\..\Run: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKLM\..\RunOnce: [ST Recovery Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [StartCCC] c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr .exe" /background
O4 - HKCU\..\Run: [SoftAuto.exe] "C:\Program Files\Creative\Software Update 3\SoftAuto.exe"
O4 - HKCU\..\Run: [M5T8QL3YW3] C:\Users\Diego\AppData\Local\Temp\Wsd.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden (User 'SYSTEEM')
O4 - HKUS\.DEFAULT\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden (User 'Default user')
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: DVD Check.lnk = C:\Program Files\InterVideo\DVD Check\DVDCheck.exe
O8 - Extra context menu item: Afbeelding verzenden naar &Bluetooth-apparaat… - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Pagina verzenden naar &Bluetooth-apparaat… - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~2.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~2.0_0\bin\ssv.dll
O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O20 - AppInit_DLLs: APSHook.dll,avgrsstx.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Andrea ADI Filters Service (AEADIFilters) - Andrea Electronics Corporation - C:\Windows\system32\AEADISRV.EXE
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
O23 - Service: CT Device Query service (CTDevice_Srv) - Creative Technology Ltd - C:\Program Files\Creative\Shared Files\CTDevSrv.exe
O23 - Service: Creative Centrale Media Server (CTUPnPSv) - Creative Technology Ltd - C:\Program Files\Creative\Creative Centrale\CTUPnPSv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - c:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: SonicStage Back-End Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SsBeSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe
–
End of file - 11777 bytes
Hopenlijk kan iemand mij helpen.
Alvast bedankt - Hallo diegotham,
doe het volgende: - HiJackThis Log:
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 19:40:54, on 14-6-2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18904)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Program Files\Hewlett-Packard\IAM\bin\asghost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\SMINST\scheduler.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\pthosttr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray .exe
C:\Program Files\Windows Live\Messenger\MsnMsgr .exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain .exe
C:\Program Files\Analog Devices\Core\smax4pnp .exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched .exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor .exe
C:\Program Files\Creative\Software Update 3\SoftAuto .exe
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2 .exe
C:\Windows\WindowsMobile\wmdc .exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\System32\mobsync.exe
C:\Windows\system32\conime.exe
C:\Program Files\Java\jre1.6.0_07\bin\jucheck.exe
C:\Program Files\AVG\AVG9\avgtray.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.spitsnieuws.nl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=NL_NL&c=none&bd=smb&pf=laptop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=NL_NL&c=none&bd=smb&pf=laptop
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: ThreeShips IEHelper - {17FDB9F8-DCC4-4F6A-AE07-B16018A48469} - C:\Program Files\Common Files\Threeships Shared\DLL\ThreeShipsIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Aanmeldhulp voor Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Credential Manager for HP ProtectTools - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - C:\Program Files\Hewlett-Packard\IAM\Bin\ItIEAddIn.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [PTHOSTTR] C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE /Start
O4 - HKLM\..\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
O4 - HKLM\..\Run: [HP Health Check Scheduler] C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [CognizanceTS] rundll32.exe C:\PROGRA~1\HEWLET~1\IAM\Bin\ASTSVCC.dll,RegisterModule
O4 - HKLM\..\Run: [WatchDog] C:\Program Files\InterVideo\DVD Check\DVDCheck .exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKLM\..\Run: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKLM\..\RunOnce: [ST Recovery Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [StartCCC] c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr .exe" /background
O4 - HKCU\..\Run: [SoftAuto.exe] "C:\Program Files\Creative\Software Update 3\SoftAuto.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden (User 'SYSTEEM')
O4 - HKUS\.DEFAULT\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden (User 'Default user')
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: DVD Check.lnk = C:\Program Files\InterVideo\DVD Check\DVDCheck.exe
O8 - Extra context menu item: Afbeelding verzenden naar &Bluetooth-apparaat… - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Pagina verzenden naar &Bluetooth-apparaat… - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~2.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~2.0_0\bin\ssv.dll
O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O20 - AppInit_DLLs: APSHook.dll,avgrsstx.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Andrea ADI Filters Service (AEADIFilters) - Andrea Electronics Corporation - C:\Windows\system32\AEADISRV.EXE
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
O23 - Service: CT Device Query service (CTDevice_Srv) - Creative Technology Ltd - C:\Program Files\Creative\Shared Files\CTDevSrv.exe
O23 - Service: Creative Centrale Media Server (CTUPnPSv) - Creative Technology Ltd - C:\Program Files\Creative\Creative Centrale\CTUPnPSv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - c:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: SonicStage Back-End Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SsBeSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe
–
End of file - 12277 bytes
Uninstall log
Aangifte inkomstenbelasting 2009
Activation Assistant for the 2007 Microsoft Office suites
Ad-Aware
Ad-Aware
Adobe Flash Player 10 ActiveX
Adobe Reader 8.2.2 - Nederlands
Age of Empires III
Age of Empires III - The Asian Dynasties
Age of Empires III - The WarChiefs
Agere Systems HDA Modem
Application Installer 4.00.B14
ATI Uninstaller
AVG Free 9.0
Business Contact Manager voor Outlook 2007 SP2
Business Contact Manager voor Outlook 2007 SP2
ccc-Branding
Creative Centrale
Creative Centrale
Creative Software Update
Creative ZEN X-Fi Video Converter
Creative ZEN X-Fi Video Converter
Creative ZEN X-Fi-Gebruikershandleiding
Credential Manager for HP ProtectTools
CutePDF Writer 2.7
ESU for Microsoft Vista
Euroglot Professional 4.5 (remove only)
GDR 4053 for SQL Server Database Services 2005 ENU (KB970892)
Google Toolbar for Internet Explorer
Google Toolbar for Internet Explorer
Hewlett-Packard Active Check
Hewlett-Packard Asset Agent
HiJackThis
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP Active Support Library
HP Active Support Library 32 bit components
HP Backup & Recovery Manager Installer
HP BIOS Configuration for ProtectTools
HP Customer Experience Enhancements
HP Doc Viewer
HP Easy Setup - Core
HP Easy Setup - Frontend
HP Help and Support
HP Integrated Module with Bluetooth wireless technology 6.0.1.4900
HP Notebook Accessories Product Tour
HP ProtectTools Security Manager
HP Quick Launch Buttons 6.40 B2
HP Update
HP User Guides 0064
HP Wireless Assistant
Huur- en zorgtoeslag 2009
InterVideo DVD Check
InterVideo WinDVD
Japanese Fonts Support For Adobe Reader 8
Java(TM) 6 Update 5
Java(TM) 6 Update 7
Java(TM) SE Runtime Environment 6
Junk Mail filter update
K-Lite Codec Pack 3.9.0 Standard
LG USB Modem driver
Malwarebytes' Anti-Malware
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Dutch Language Pack
Microsoft .NET Framework 1.1 Security Update (KB953297)
Microsoft .NET Framework 3.5 Language Pack SP1 - nld
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1
Microsoft Choice Guard
Microsoft Office 2003 Web Components
Microsoft Office 2007 Primary Interop Assemblies
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (Dutch) 2007
Microsoft Office Enterprise 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (Dutch) 2007
Microsoft Office Groove MUI (Dutch) 2007
Microsoft Office InfoPath MUI (Dutch) 2007
Microsoft Office Live Add-in 1.4
Microsoft Office OneNote MUI (Dutch) 2007
Microsoft Office Outlook MUI (Dutch) 2007
Microsoft Office PowerPoint MUI (Dutch) 2007
Microsoft Office Project 2007 Service Pack 2 (SP2)
Microsoft Office Project 2007 Service Pack 2 (SP2)
Microsoft Office Project MUI (Dutch) 2007
Microsoft Office Project Professional 2007
Microsoft Office Project Professional 2007
Microsoft Office Proof (Dutch) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (German) 2007
Microsoft Office Proofing (Dutch) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (Dutch) 2007
Microsoft Office Shared MUI (Dutch) 2007
Microsoft Office Small Business-verbindingsonderdelen
Microsoft Office Visio 2007 Service Pack 2 (SP2)
Microsoft Office Visio 2007 Service Pack 2 (SP2)
Microsoft Office Visio MUI (Dutch) 2007
Microsoft Office Visio Professional 2007
Microsoft Office Visio Professional 2007
Microsoft Office Word MUI (Dutch) 2007
Microsoft Reader
Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs
Microsoft Silverlight
Microsoft SQL Server 2005
Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
Microsoft SQL Server Native Client
Microsoft SQL Server Setup-ondersteuningsbestanden (Engels)
Microsoft SQL Server VSS Writer
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
MSCU for Microsoft Vista
MSVCRT
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB941833)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Need for Speed™ Most Wanted
OpenMG Limited Patch 4.7-07-14-05-01
OpenMG Secure Module 4.7.00
Roxio Creator Audio
Roxio Creator Basic v9
Roxio Creator Copy
Roxio Creator Data
Roxio Creator Tools
Roxio Express Labeler 3
Roxio MyDVD Basic v9
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for 2007 Microsoft Office System (KB978380)
Security Update for CAPICOM (KB931906)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft Office Excel 2007 (KB978382)
Security Update for Microsoft Office Outlook 2007 (KB972363)
Security Update for Microsoft Office PowerPoint 2007 (KB957789)
Security Update for Microsoft Office Publisher 2007 (KB980470)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB969613)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio 2007 (KB979365)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Sonic Activation Module
SonicStage 4.3
SopCast 3.2.9
SoundMAX
Spelling Dictionaries Support For Adobe Reader 8
SPSS 16.0 for Windows
Synaptics Pointing Device Driver
Taalpakket voor Microsoft .NET Framework 3.5 SP1 - NL
Three Ships Browser Plugin
Total Commander (Remove or Repair)
Update for 2007 Microsoft Office System (KB967642)
Update for 2007 Microsoft Office System (KB967642)
Update for 2007 Microsoft Office System (KB967642)
Update for 2007 Microsoft Office System (KB981715)
Update for 2007 Microsoft Office System (KB981715)
Update for 2007 Microsoft Office System (KB981715)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office InfoPath 2007 (KB976416)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Microsoft Office Word 2007 (KB974561)
Update for Outlook 2007 Junk Email Filter (kb981726)
Update voor Microsoft Office Excel 2007 Help (KB963678)
Update voor Microsoft Office Powerpoint 2007 Help (KB963669)
Update voor Microsoft Office Word 2007 Help (KB963665)
Vista Default Settings
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
Vuze
Windows Live - Hulpprogramma voor uploaden
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Mail
Windows Live Messenger
Windows Mobile Apparaatcentrum
Windows Mobile Device Center Driver Update
WinRAR archiver
MBAM log
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Databaseversie: 4197
Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18904
14-6-2010 18:43:24
mbam-log-2010-06-14 (18-43-24).txt
Scantype: Snelle scan
Objecten gescand: 137251
Verstreken tijd: 8 minuut/minuten, 47 seconde(n)
Geheugenprocessen geïnfecteerd: 0
Geheugenmodulen geïnfecteerd: 0
Registersleutels geïnfecteerd: 6
Registerwaarden geïnfecteerd: 0
Registerdata geïnfecteerd: 0
Mappen geïnfecteerd: 2
Bestanden geïnfecteerd: 4
Geheugenprocessen geïnfecteerd:
(Geen kwaadaardige objecten gedetecteerd)
Geheugenmodulen geïnfecteerd:
(Geen kwaadaardige objecten gedetecteerd)
Registersleutels geïnfecteerd:
HKEY_CURRENT_USER\Software\M5T8QL3YW3 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Handle (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\QZAIB7KITK (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\AV Care (Rogue.AVCare) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AV Care (Rogue.AVCare) -> Quarantined and deleted successfully.
Registerwaarden geïnfecteerd:
(Geen kwaadaardige objecten gedetecteerd)
Registerdata geïnfecteerd:
(Geen kwaadaardige objecten gedetecteerd)
Mappen geïnfecteerd:
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AV Care (Rogue.AVCare) -> Quarantined and deleted successfully.
C:\Users\Diego\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AV Care (Rogue.AVCare) -> Quarantined and deleted successfully.
Bestanden geïnfecteerd:
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AV Care\AV Care.lnk (Rogue.AVCare) -> Quarantined and deleted successfully.
C:\ProgramData\sysReserve.ini (Malware.Trace) -> Quarantined and deleted successfully.
C:\Windows\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\Tasks\{8C3FDD81-7AE0-4605-A46A-2488B179F2A3}.job (Trojan.Downloader) -> Quarantined and deleted successfully. - Hallo diegotham, hoe gaat het ondertussen met jouw Windows?
Je hebt een aantal zeer antieke Java runtimes in jouw Windows.
Malware vindt dat geweldige fijn!
[b:4167ac7d63]Java(TM) 6 Update 5
Java(TM) 6 Update 7
Java(TM) SE Runtime Environment 6[/b:4167ac7d63]
https://cds.sun.com/is-bin/INTERSHOP.enfinity/WFS/CDS-CDS_Developer-Site/en_US/-/USD/ViewProductDetail-Start?ProductRef=jre-6u20-oth-JPR@CDS-CDS_Developer
Via deze link is de nieuwste Java versie te downloaden.
Het betreft een meertalige versie!
Bovendien zijn er nu dus Java Runtime versies voor zowel Windows 32 bit(x86) en Windows 64 bit(x64).
1) Selekteer dus de juiste versie, vink daarna bij [b:4167ac7d63]I agree to the Java SE Runtime Environment 6u20 with JavaFX 1 License Agreement.[/b:4167ac7d63] het hokje aan en klik vervolgens op de rode knop [b:4167ac7d63]Continue[/b:4167ac7d63]
2) Kies vervolgens deze versie (in dit voorbeeld heb ik dus de downloadversie voor 32bits gekozen):
[b:4167ac7d63]Windows Offline Installation jre-6u20-windows-i586.exe 15.54 MB [/b:4167ac7d63] en download het bestand naar je bureaublad.
3) Ga nu eerst naar (in Windows 2000/XP) [b:4167ac7d63]Start\Configuratiescherm\Software[/b:4167ac7d63] of (Windows Vista en Windows 7) naar [b:4167ac7d63]Start\Configuratiescherm\Programma’s en onderdelen[/b:4167ac7d63] en verwijder daar alle versies van Java uit de Softwarelijst.
Ter verduidelijking: verwijder dus alles met Java Runtime Environment ([b:4167ac7d63]JRE of J2SE[/b:4167ac7d63]) in de naam.
Hierna de computer opnieuw opstarten en daarna mag dan de nieuwste versie van Java Runtime geïnstalleerd worden!
Hoe het in het vervolg maar op één geïnsalleerde Java runtime - en dan altijd de nieuwste!
Je Adobe reader is ook verouderd en een veiligheidsrisico!
Deïnstalleren is het advies.
De nieuwste versie vindt je hier: http://get.adobe.com/nl/reader/
Na installatie is de updater al aktief - je krijgt op gegeven moment een bericht boven de systray, dat de update gereed voor installatie is.
Dubbelklik dan op het update-icoon in de systray!
[b:4167ac7d63]Zo wordt Adobe Reader veilig:[/b:4167ac7d63]
na starten van de reader klik je in de menubalk op [b:4167ac7d63]Bewerken[/b:4167ac7d63] en verolgens in het uitklapmenu op [b:4167ac7d63]Voorkeuren…[/b:4167ac7d63]
Klik in het venster Voorkeuren op [b:4167ac7d63]Betrouwbaarheidsbeheer[/b:4167ac7d63] en dan onder [b:4167ac7d63]PDF-bestandsbijlagen[/b:4167ac7d63] het vinkje weghalen voor [b:4167ac7d63]Het openen van niet PDF-bijlagen in externe toepassingen toestaan.[/b:4167ac7d63]; klik vervolgens op [b:4167ac7d63]OK[/b:4167ac7d63] en mag de reader gesloten worden.
Dit zorgt ervoor dat vanuit een PDF niet automatisch een applikatie kan worden opgestart.
Dus eventuele malware in een PDF-dokument kan dan niks doen! - Volgens AVG heb ik nog steeds last van een Trojaans Paard Generic 18.JNL.
Dit was een Tornjaans Paard Generic 18.ENE - Wat geeft AVG aan met betrekking tot de lokatie van dat bestand?
En heb je datgene gedaan wat in mijn vorige bericht stond? - Alles wat in het bericht stond heb ik gedaan. Volgens AVG gaat het om:
"C:\SwSetup\HPTools\PTBIOS\Disk1\Setup.exe";"Trojaans paard Generic18.JNL"; - Doe het volgende: [b:62bcfb391e]Laat Combofix jouw Windows scannen[/b:62bcfb391e] (klik).
[b:62bcfb391e]Hoe Combofix goed te gebruiken[/b:62bcfb391e] (klik)
[b:62bcfb391e]Aanvulling: om Combofix te kunnen gebruiken geldt het volgende: - ComboFix 10-06-15.01 - Diego 15-06-2010 19:47:18.1.2 - x86
Microsoft® Windows Vista™ Business 6.0.6002.2.1252.31.1043.18.1919.831 [GMT 2:00]
Gestart vanuit: c:\users\Diego\Desktop\ComboFix.exe
SP: Lavasoft Ad-Watch Live! *disabled* (Updated) {67844DAE-4F77-4D69-9457-98E8CFFDAA22}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.
(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe
c:\program files\Analog Devices\Core\smax4pnp.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
c:\program files\Creative\Software Update 3\SoftAuto.exe
c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
c:\program files\Hp\HP Software Update\HPWuSchd2.exe
c:\program files\InterVideo\DVD Check\DVDCheck .exe
c:\program files\InterVideo\DVD Check\DVDCheck .exe
c:\program files\InterVideo\DVD Check\DVDCheck.exe
c:\program files\Java\jre1.6.0_07\bin\jusched.exe
c:\program files\Lavasoft\Ad-Aware\AAWTray.exe
c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
c:\program files\Windows Live\Messenger\MsnMsgr .exe
c:\program files\Windows Live\Messenger\MsnMsgr .exe
c:\program files\Windows Live\Messenger\MsnMsgr .exe
c:\program files\Windows Live\Messenger\MsnMsgr .exe
c:\programdata\0AhF4d3.exe
c:\users\Diego\AppData\Local\0AhF4d3.exe
c:\windows\Fonts\0AhF4d3.com
c:\windows\system32\config\systemprofile\AppData\Local\0AhF4d3.exe
c:\windows\Tasks\At1.job
c:\windows\xpsp1hfm.log
F:\Autorun.inf
[code:1:ece92fa460] <pre>
c:\program files\Adobe\Reader 8.0\Reader\Reader_sl .exe —^> c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe
c:\program files\Analog Devices\Core\smax4pnp .exe —^> c:\program files\Analog Devices\Core\smax4pnp.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart .exe —^> c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM .exe —^> c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
c:\program files\Creative\Software Update 3\SoftAuto .exe —^> c:\program files\Creative\Software Update 3\SoftAuto.exe
c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler .exe —^> c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
c:\program files\Hp\HP Software Update\HPWuSchd2 .exe —^> c:\program files\Hp\HP Software Update\HPWuSchd2.exe
c:\program files\InterVideo\DVD Check\DVDCheck .exe —^> c:\program files\InterVideo\DVD Check\DVDCheck.exe
c:\program files\Java\jre1.6.0_07\bin\jusched .exe —^> c:\program files\Java\jre1.6.0_07\bin\jusched.exe
c:\program files\Lavasoft\Ad-Aware\AAWTray .exe —^> c:\program files\Lavasoft\Ad-Aware\AAWTray.exe
c:\program files\Microsoft Office\Office12\GrooveMonitor .exe —^> c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
c:\program files\Windows Live\Messenger\MsnMsgr .exe —^> c:\program files\Windows Live\Messenger\MsnMsgr.exe
</pre> [/code:1:ece92fa460]
.
Besmet exemplaar van c:\windows\system32\drivers\disk.sys werd aangetroffen en gedesinfecteerd
Hersteld exemplaar van - Kitty had a snack :p
.
(((((((((((((((((((( Bestanden Gemaakt van 2010-05-15 to 2010-06-15 ))))))))))))))))))))))))))))))
.
2010-06-15 18:00 . 2010-06-15 18:05 ——– d—–w- c:\users\Diego\AppData\Local\temp
2010-06-15 18:00 . 2010-06-15 18:00 ——– d—–w- c:\windows\system32\config\systemprofile\AppData\Local\temp
2010-06-15 18:00 . 2010-06-15 18:00 ——– d—–w- c:\users\Default\AppData\Local\temp
2010-06-15 15:41 . 2010-06-15 16:00 ——– d—–w- c:\windows\system32\config\systemprofile\AppData\Local\Google
2010-06-15 11:21 . 2010-06-15 11:21 ——– d—–w- c:\program files\Enigma Software Group
2010-06-15 10:59 . 2010-06-15 10:59 ——– d—–w- C:\$AVG
2010-06-14 17:57 . 2010-06-14 17:57 ——– d—–w- c:\windows\system32\config\systemprofile\Tracing
2010-06-14 17:22 . 2010-06-06 16:55 38916 —-a-w- c:\windows\system32\0AhF4d3.com
2010-06-14 16:32 . 2010-06-14 16:32 ——– d—–w- c:\users\Diego\AppData\Roaming\Malwarebytes
2010-06-14 16:32 . 2010-04-29 13:39 38224 —-a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-06-14 16:32 . 2010-06-16 02:40 ——– d—–w- c:\program files\Malwarebytes' Anti-Malware
2010-06-14 16:32 . 2010-06-14 16:32 ——– d—–w- c:\programdata\Malwarebytes
2010-06-14 16:32 . 2010-04-29 13:39 20952 —-a-w- c:\windows\system32\drivers\mbam.sys
2010-06-14 16:05 . 2010-06-14 16:05 ——– d—–w- c:\windows\system32\config\systemprofile\Bluetooth Software
2010-06-14 15:56 . 2010-06-14 19:18 ——– d—–w- c:\windows\system32\config\systemprofile\AppData\Local\Adobe
2010-06-12 16:43 . 2010-06-12 16:44 ——– d—–w- c:\windows\system32\config\systemprofile\AppData\Roaming\Azureus
2010-06-12 08:52 . 2010-06-12 08:52 ——– d—–w- c:\program files\Trend Micro
2010-06-11 20:37 . 2009-07-14 17:45 445008 —-a-w- c:\windows\system32\drivers\Wdf01000.sys
2010-06-11 20:37 . 2009-07-14 17:45 38480 —-a-w- c:\windows\system32\drivers\WdfLdr.sys
2010-06-11 20:34 . 2009-08-07 07:49 1461992 —-a-w- c:\windows\system32\WdfCoInstaller01009.dll
2010-06-11 20:34 . 2009-08-28 08:32 120104 —-a-w- c:\windows\system32\SynTPCo4.dll
2010-06-11 20:34 . 2009-08-28 08:32 206120 —-a-w- c:\windows\system32\SynCtrl.dll
2010-06-11 20:34 . 2009-08-28 08:32 169256 —-a-w- c:\windows\system32\SynCOM.dll
2010-06-11 20:34 . 2009-08-28 08:33 228784 —-a-w- c:\windows\system32\drivers\SynTP.sys
2010-06-11 20:34 . 2009-08-28 08:32 161064 —-a-w- c:\windows\system32\SynTPAPI.dll
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-16 02:41 . 2006-11-02 12:37 ——– d—–w- c:\program files\Windows Photo Gallery
2010-06-16 02:40 . 2008-05-27 19:53 ——– d—–w- c:\users\Diego\AppData\Roaming\Azureus
2010-06-16 02:40 . 2008-05-27 16:53 ——– d—–w- c:\program files\Google
2010-06-16 02:40 . 2008-05-27 19:07 ——– d—–w- c:\program files\Azureus
2010-06-16 02:40 . 2007-07-18 14:03 ——– d—–w- c:\program files\Common Files\Java
2010-06-16 02:40 . 2008-06-22 14:43 ——– d—–w- c:\program files\Common Files\Adobe
2010-06-15 18:01 . 2006-11-21 16:07 12 —-a-w- c:\windows\bthservsdp.dat
2010-06-15 17:51 . 2006-11-02 16:06 736688 —-a-w- c:\windows\system32\perfh013.dat
2010-06-15 17:51 . 2006-11-02 16:06 157480 —-a-w- c:\windows\system32\perfc013.dat
2010-06-15 17:13 . 2010-04-19 16:29 ——– d—–w- c:\programdata\avg9
2010-06-15 15:41 . 2010-06-06 16:57 112 —-a-w- c:\programdata\qdWUKsm.dat
2010-06-15 09:43 . 2007-07-18 14:03 ——– d—–w- c:\program files\Java
2010-06-14 18:30 . 2007-07-18 12:59 ——– d–h–w- c:\program files\InstallShield Installation Information
2010-06-14 18:30 . 2010-04-27 17:32 ——– d—–w- c:\program files\Giant
2010-06-14 17:52 . 2010-06-14 17:52 29512 —-a-w- c:\programdata\avg9\update\backup\avgmfx86.sys
2010-06-14 17:52 . 2010-06-14 17:52 242896 —-a-w- c:\programdata\avg9\update\backup\avgtdix.sys
2010-06-14 16:01 . 2008-05-27 16:24 119560 —-a-w- c:\windows\system32\config\systemprofile\AppData\Local\GDIPFONTCACHEV1.DAT
2010-06-12 08:52 . 2010-06-12 08:52 388096 —-a-r- c:\users\Diego\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-06-11 20:40 . 2010-06-11 20:40 0 —ha-w- c:\windows\system32\drivers\Msft_Kernel_SynTP_01009.Wdf
2010-06-11 20:39 . 2010-06-11 20:39 0 —ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf
2010-05-12 22:42 . 2006-11-02 11:18 ——– d—–w- c:\program files\Windows Mail
2010-05-12 22:42 . 2007-07-18 13:24 ——– d—–w- c:\programdata\Microsoft Help
2010-05-06 08:36 . 2009-10-02 16:28 221568 —-a-w- c:\windows\system32\MpSigStub.exe
2010-04-19 16:29 . 2010-04-19 16:29 ——– d—–w- c:\program files\AVG
2008-06-20 22:49 . 2008-06-20 22:49 22 –sha-w- c:\windows\SMINST\HPCD.sys
.
[code:1:ece92fa460]<pre>
c:\program files\AVG\AVG9\avgtray .exe
c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain .exe
c:\program files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg .exe
c:\program files\Synaptics\SynTP\SynTPEnh .exe
c:\windows\WindowsMobile\wmdc .exe
</pre>[/code:1:ece92fa460]
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2007-04-19 484904]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr .exe" [N/A]
"SoftAuto.exe"="c:\program files\Creative\Software Update 3\SoftAuto.exe" [2008-08-13 405504]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]
"PTHOSTTR"="c:\program files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE" [2007-01-09 145184]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-08-28 1557800]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2010-06-06 38916]
"WAWifiMessage"="c:\program files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [N/A]
"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2007-03-12 50696]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-11-06 177456]
"CognizanceTS"="c:\progra~1\HEWLET~1\IAM\Bin\ASTSVCC.dll" [2003-12-22 17920]
"WatchDog"="c:\program files\InterVideo\DVD Check\DVDCheck.exe" [2007-05-23 192512]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2010-03-01 524632]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2010-06-06 38916]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2007-02-21 1183744]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2010-04-02 40368]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"ST Recovery Launcher"="c:\windows\SMINST\launcher.exe" [2007-03-09 44168]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2007-04-19 484904]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
BTTray.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-3-29 719664]
DVD Check.lnk - c:\program files\InterVideo\DVD Check\DVDCheck.exe [2008-5-27 192512]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\APSHook.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Canaveral]
c:\windows\system32\sshnas21.dll [N/A]
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):d6,21,8d,0e,77,56,ca,01
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-3794467398-4075155546-3649200515-1006]
"EnableNotificationsRef"=dword:00000001
R3 CTUPnPSv;Creative Centrale Media Server;c:\program files\Creative\Creative Centrale\CTUPnPSv.exe [2008-05-21 64000]
R4 sptd;sptd;c:\windows\system32\Drivers\sptd.sys [2008-05-27 717296]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2009-05-18 64160]
S2 ASBroker;Logon Session Broker;c:\windows\System32\svchost.exe [2008-01-19 21504]
S2 ASChannel;Local Communication Channel;c:\windows\System32\svchost.exe [2008-01-19 21504]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2010-03-01 1029456]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\b57nd60x.sys [2007-02-26 179712]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
bthsvcs REG_MULTI_SZ BthServ
Cognizance REG_MULTI_SZ ASBroker ASChannel
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\ccc-core-static]
msiexec [N/A]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2007-04-19 11:23 452136 —-a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Inhoud van de 'Gedeelde Taken' map
2010-05-24 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-03-09 12:58]
2010-06-14 c:\windows\Tasks\At101.job
- c:\windows\system32\0AhF4d3.com [2010-06-14 16:55]
2010-06-14 c:\windows\Tasks\At103.job
- c:\windows\system32\0AhF4d3.com [2010-06-14 16:55]
2010-06-14 c:\windows\Tasks\At105.job
- c:\windows\system32\0AhF4d3.com [2010-06-14 16:55]
2010-06-14 c:\windows\Tasks\At107.job
- c:\windows\system32\0AhF4d3.com [2010-06-14 16:55]
2010-06-14 c:\windows\Tasks\At109.job
- c:\windows\system32\0AhF4d3.com [2010-06-14 16:55]
2010-06-15 c:\windows\Tasks\At111.job
- c:\windows\system32\0AhF4d3.com [2010-06-14 16:55]
2010-06-14 c:\windows\Tasks\At113.job
- c:\windows\system32\0AhF4d3.com [2010-06-14 16:55]
2010-06-14 c:\windows\Tasks\At115.job
- c:\windows\system32\0AhF4d3.com [2010-06-14 16:55]
2010-06-14 c:\windows\Tasks\At117.job
- c:\windows\system32\0AhF4d3.com [2010-06-14 16:55]
2010-06-14 c:\windows\Tasks\At119.job
- c:\windows\system32\0AhF4d3.com [2010-06-14 16:55]
2010-06-10 c:\windows\Tasks\At16.job
- c:\windows\Fonts\0AhF4d3.com [2010-06-15 16:55]
2010-06-10 c:\windows\Tasks\At17.job
- c:\windows\Fonts\0AhF4d3.com [2010-06-15 16:55]
2010-06-10 c:\windows\Tasks\At18.job
- c:\windows\Fonts\0AhF4d3.com [2010-06-15 16:55]
2010-06-14 c:\windows\Tasks\At19.job
- c:\windows\Fonts\0AhF4d3.com [2010-06-15 16:55]
2010-06-10 c:\windows\Tasks\At2.job
- c:\windows\Fonts\0AhF4d3.com [2010-06-15 16:55]
2010-06-15 c:\windows\Tasks\At20.job
- c:\windows\Fonts\0AhF4d3.com [2010-06-15 16:55]
2010-06-14 c:\windows\Tasks\At21.job
- c:\windows\Fonts\0AhF4d3.com [2010-06-15 16:55]
2010-06-10 c:\windows\Tasks\At22.job
- c:\windows\Fonts\0AhF4d3.com [2010-06-15 16:55]
2010-06-11 c:\windows\Tasks\At23.job
- c:\windows\Fonts\0AhF4d3.com [2010-06-15 16:55]
2010-06-06 c:\windows\Tasks\At24.job
- c:\windows\Fonts\0AhF4d3.com [2010-06-15 16:55]
2010-06-14 c:\windows\Tasks\At25.job
- c:\windows\Fonts\0AhF4d3.com [2010-06-15 16:55]
2010-06-14 c:\windows\Tasks\At26.job
- c:\windows\Fonts\0AhF4d3.com [2010-06-15 16:55]
2010-06-14 c:\windows\Tasks\At27.job
- c:\windows\Fonts\0AhF4d3.com [2010-06-15 16:55]
2010-06-14 c:\windows\Tasks\At28.job
- c:\windows\Fonts\0AhF4d3.com [2010-06-15 16:55]
2010-06-14 c:\windows\Tasks\At29.job
- c:\windows\Fonts\0AhF4d3.com [2010-06-15 16:55]
2010-06-10 c:\windows\Tasks\At3.job
- c:\windows\Fonts\0AhF4d3.com [2010-06-15 16:55]
2010-06-14 c:\windows\Tasks\At30.job
- c:\windows\Fonts\0AhF4d3.com [2010-06-15 16:55]
2010-06-14 c:\windows\Tasks\At31.job
- c:\windows\Fonts\0AhF4d3.com [2010-06-15 16:55]
2010-06-14 c:\windows\Tasks\At32.job
- c:\windows\Fonts\0AhF4d3.com [2010-06-15 16:55]
2010-06-14 c:\windows\Tasks\At33.job
- c:\windows\Fonts\0AhF4d3.com [2010-06-15 16:55]
2010-06-14 c:\windows\Tasks\At34.job
- c:\windows\Fonts\0AhF4d3.com [2010-06-15 16:55]
2010-06-14 c:\windows\Tasks\At35.job
- c:\windows\Fonts\0AhF4d3.com [2010-06-15 16:55]
2010-06-14 c:\windows\Tasks\At36.job
- c:\windows\Fonts\0AhF4d3.com [2010-06-15 16:55]
2010-06-14 c:\windows\Tasks\At37.job
- c:\windows\Fonts\0AhF4d3.com [2010-06-15 16:55]
2010-06-14 c:\windows\Tasks\At38.job
- c:\windows\Fonts\0AhF4d3.com [2010-06-15 16:55]
2010-06-14 c:\windows\Tasks\At39.job
- c:\windows\Fonts\0AhF4d3.com [2010-06-15 16:55]
2010-06-10 c:\windows\Tasks\At4.job
- c:\windows\Fonts\0AhF4d3.com [2010-06-15 16:55]
2010-06-14 c:\windows\Tasks\At40.job
- c:\windows\Fonts\0AhF4d3.com [2010-06-15 16:55]
2010-06-14 c:\windows\Tasks\At41.job
- c:\windows\Fonts\0AhF4d3.com [2010-06-15 16:55]
2010-06-14 c:\windows\Tasks\At42.job
- c:\windows\Fonts\0AhF4d3.com [2010-06-15 16:55]
2010-06-14 c:\windows\Tasks\At43.job
- c:\windows\Fonts\0AhF4d3.com [2010-06-15 16:55]
2010-06-14 c:\windows\Tasks\At44.job
- c:\windows\Fonts\0AhF4d3.com [2010-06-15 16:55]
2010-06-14 c:\windows\Tasks\At45.job
- c:\windows\Fonts\0AhF4d3.com [2010-06-15 16:55]
2010-06-14 c:\windows\Tasks\At46.job
- c:\windows\Fonts\0AhF4d3.com [2010-06-15 16:55]
2010-06-14 c:\windows\Tasks\At47.job
- c:\windows\Fonts\0AhF4d3.com [2010-06-15 16:55]
2010-06-14 c:\windows\Tasks\At48.job
- c:\windows\Fonts\0AhF4d3.com [2010-06-15 16:55]
2010-06-14 c:\windows\Tasks\At49.job
- c:\windows\Fonts\0AhF4d3.com [2010-06-15 16:55]
2010-06-10 c:\windows\Tasks\At5.job
- c:\windows\Fonts\0AhF4d3.com [2010-06-15 16:55]
2010-06-14 c:\windows\Tasks\At50.job
- c:\windows\Fonts\0AhF4d3.com [2010-06-15 16:55]
2010-06-14 c:\windows\Tasks\At51.job
- c:\windows\Fonts\0AhF4d3.com [2010-06-15 16:55]
2010-06-14 c:\windows\Tasks\At52.job
- c:\windows\Fonts\0AhF4d3.com [2010-06-15 16:55]
2010-06-14 c:\windows\Tasks\At53.job
- c:\windows\Fonts\0AhF4d3.com [2010-06-15 16:55]
2010-06-14 c:\windows\Tasks\At54.job
- c:\windows\Fonts\0AhF4d3.com [2010-06-15 16:55]
2010-06-14 c:\windows\Tasks\At55.job
- c:\windows\Fonts\0AhF4d3.com [2010-06-15 16:55]
2010-06-14 c:\windows\Tasks\At56.job
- c:\windows\Fonts\0AhF4d3.com [2010-06-15 16:55]
2010-06-14 c:\windows\Tasks\At57.job
- c:\windows\Fonts\0AhF4d3.com [2010-06-15 16:55]
2010-06-14 c:\windows\Tasks\At58.job
- c:\windows\Fonts\0AhF4d3.com [2010-06-15 16:55]
2010-06-14 c:\windows\Tasks\At59.job
- c:\windows\Fonts\0AhF4d3.com [2010-06-15 16:55]
2010-06-10 c:\windows\Tasks\At6.job
- c:\windows\Fonts\0AhF4d3.com [2010-06-15 16:55]
2010-06-14 c:\windows\Tasks\At60.job
- c:\windows\Fonts\0AhF4d3.com [2010-06-15 16:55]
2010-06-14 c:\windows\Tasks\At61.job
- c:\windows\Fonts\0AhF4d3.com [2010-06-15 16:55]
2010-06-14 c:\windows\Tasks\At62.job
- c:\windows\Fonts\0AhF4d3.com [2010-06-15 16:55]
2010-06-15 c:\windows\Tasks\At63.job
- c:\windows\Fonts\0AhF4d3.com [2010-06-15 16:55]
2010-06-15 c:\windows\Tasks\At64.job
- c:\windows\Fonts\0AhF4d3.com [2010-06-15 16:55]
2010-06-14 c:\windows\Tasks\At65.job
- c:\windows\Fonts\0AhF4d3.com [2010-06-15 16:55]
2010-06-14 c:\windows\Tasks\At66.job
- c:\windows\Fonts\0AhF4d3.com [2010-06-15 16:55]
2010-06-14 c:\windows\Tasks\At67.job
- c:\windows\Fonts\0AhF4d3.com [2010-06-15 16:55]
2010-06-14 c:\windows\Tasks\At68.job
- c:\windows\Fonts\0AhF4d3.com [2010-06-15 16:55]
2010-06-14 c:\windows\Tasks\At69.job
- c:\windows\Fonts\0AhF4d3.com [2010-06-15 16:55]
2010-06-10 c:\windows\Tasks\At7.job
- c:\windows\Fonts\0AhF4d3.com [2010-06-15 16:55]
2010-06-14 c:\windows\Tasks\At70.job
- c:\windows\Fonts\0AhF4d3.com [2010-06-15 16:55]
2010-06-14 c:\windows\Tasks\At71.job
- c:\windows\Fonts\0AhF4d3.com [2010-06-15 16:55]
2010-06-14 c:\windows\Tasks\At72.job
- c:\windows\Fonts\0AhF4d3.com [2010-06-15 16:55]
2010-06-14 c:\windows\Tasks\At73.job
- c:\windows\system32\0AhF4d3.com [2010-06-14 16:55]
2010-06-14 c:\windows\Tasks\At75.job
- c:\windows\system32\0AhF4d3.com [2010-06-14 16:55]
2010-06-14 c:\windows\Tasks\At77.job
- c:\windows\system32\0AhF4d3.com [2010-06-14 16:55]
2010-06-14 c:\windows\Tasks\At79.job
- c:\windows\system32\0AhF4d3.com [2010-06-14 16:55]
2010-06-10 c:\windows\Tasks\At8.job
- c:\windows\Fonts\0AhF4d3.com [2010-06-15 16:55]
2010-06-14 c:\windows\Tasks\At81.job
- c:\windows\system32\0AhF4d3.com [2010-06-14 16:55]
2010-06-14 c:\windows\Tasks\At83.job
- c:\windows\system32\0AhF4d3.com [2010-06-14 16:55]
2010-06-14 c:\windows\Tasks\At85.job
- c:\windows\system32\0AhF4d3.com [2010-06-14 16:55]
2010-06-14 c:\windows\Tasks\At87.job
- c:\windows\system32\0AhF4d3.com [2010-06-14 16:55]
2010-06-14 c:\windows\Tasks\At89.job
- c:\windows\system32\0AhF4d3.com [2010-06-14 16:55]
2010-06-10 c:\windows\Tasks\At9.job
- c:\windows\Fonts\0AhF4d3.com [2010-06-15 16:55]
2010-06-14 c:\windows\Tasks\At91.job
- c:\windows\system32\0AhF4d3.com [2010-06-14 16:55]
2010-06-14 c:\windows\Tasks\At93.job
- c:\windows\system32\0AhF4d3.com [2010-06-14 16:55]
2010-06-14 c:\windows\Tasks\At95.job
- c:\windows\system32\0AhF4d3.com [2010-06-14 16:55]
2010-06-14 c:\windows\Tasks\At97.job
- c:\windows\system32\0AhF4d3.com [2010-06-14 16:55]
2010-06-14 c:\windows\Tasks\At99.job
- c:\windows\system32\0AhF4d3.com [2010-06-14 16:55]
.
.
——- Bijkomende Scan ——-
.
uStart Page = hxxp://www.spitsnieuws.nl/
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=NL_NL&c=none&bd=smb&pf=laptop
IE: Afbeelding verzenden naar &Bluetooth-apparaat… - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
IE: Pagina verzenden naar &Bluetooth-apparaat… - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
.
- - - - ORPHANS VERWIJDERD - - - -
AddRemove-Agere Systems Soft Modem - c:\windows\agrsmdel
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-06-15 20:04
Windows 6.0.6002 Service Pack 2 NTFS
scannen van verborgen processen …
scannen van verborgen autostart items …
scannen van verborgen bestanden …
Scan succesvol afgerond
verborgen bestanden: 0
**************************************************************************
.
——————— VERGRENDELDE REGISTER SLEUTELS ———————
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
——————— DLLs Geladen Onder Lopende Processen ———————
- - - - - - - > 'Explorer.exe'(5388)
c:\windows\system32\APSHook.dll
c:\program files\Hewlett-Packard\IAM\bin\ItClient.dll
c:\windows\system32\btmmhook.dll
c:\windows\system32\btncopy.dll
.
———————— Andere Aktieve Processen ————————
.
c:\program files\Hewlett-Packard\IAM\bin\asghost.exe
c:\windows\system32\AEADISRV.EXE
c:\windows\system32\agrsmsvc.exe
c:\program files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
c:\program files\Creative\Shared Files\CTDevSrv.exe
c:\program files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Hewlett-Packard\Shared\hpqWmiEx.exe
c:\windows\SMINST\scheduler.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain .exe
c:\windows\WindowsMobile\wmdc .exe
c:\program files\Synaptics\SynTP\SynTPHelper.exe
c:\program files\Hewlett-Packard\Shared\HpqToaster.exe
c:\program files\WIDCOMM\Bluetooth Software\BtStackServer.exe
c:\program files\Hewlett-Packard\HP Health Check\hphc_service.exe
c:\program files\Java\jre1.6.0_07\bin\jucheck.exe
.
**************************************************************************
.
Voltooingstijd: 2010-06-15 20:27:55 - machine werd herstart
ComboFix-quarantined-files.txt 2010-06-15 18:27
Pre-Run: 21.890.551.808 bytes beschikbaar
Post-Run: 21.767.708.672 bytes beschikbaar
- - End Of File - - D87D18048E86E5668DDA938F04601ABB - Hallo diegotham, na de laatste scan door Combofix - hoe gaat het nu met jouw Windows?
- Nog steeds geinfecteerd, laatste detectie:
c:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
Geeft aan dat het nog steeds de Generic18.ENE betreft. - Welke scanner geeft nu aan dat in c:\Program Files\Lavasoft\Ad-Aware het bestand [b:f3a96e9649]AAWTray.exe [/b:f3a96e9649] geïnfecteerd is?
- AVG geeft het aan.
Beantwoord deze vraag
Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.
