Sjmur
-
Items
25 -
Registratiedatum
-
Laatst bezocht
Sjmur's prestaties
-
Gedaan CCcleaner gebruik ik overigens al regelmatig
-
Het ziet er naar uit dat hij weer goed is(?)
-
MBAM: Malwarebytes' Anti-Malware 1.50.1.1100 Malwarebytes : Free anti-malware, anti-virus and spyware removal download Databaseversie: 6734 Windows 6.0.6000 Internet Explorer 7.0.6000.16890 31-5-2011 20:37:35 mbam-log-2011-05-31 (20-37-35).txt Scantype: Snelle scan Objecten gescand: 150889 Verstreken tijd: 11 minuut/minuten, 41 seconde(n) Geheugenprocessen geïnfecteerd: 0 Geheugenmodulen geïnfecteerd: 0 Registersleutels geïnfecteerd: 1 Registerwaarden geïnfecteerd: 0 Registerdata geïnfecteerd: 0 Mappen geïnfecteerd: 0 Bestanden geïnfecteerd: 0 Geheugenprocessen geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Geheugenmodulen geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Registersleutels geïnfecteerd: HKEY_CURRENT_USER\SOFTWARE\wnxmal (Rogue.SecuritySuite) -> Quarantined and deleted successfully. Registerwaarden geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Registerdata geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Mappen geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Bestanden geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) HiJack: [ATTACH]11082[/ATTACH] hijackthis.log
-
Ah via de opgezochte map (C: etc..) kon ik hem nu wel als administrator runnen, dankjewel bijgevoegd de log: [ATTACH]11081[/ATTACH] HiJackkladblok.txt
-
Beste pc-helpforum, Mijn laptop doet de laatste tijd een beetje raar en ik wilde vragen of jullie aan de hand van het HiJack log kunnen zien of er ergens iets niet klopt en zoja, wat ik moet verwijderen. (kan hem niet als 'administrator' runnen dus hoop dat het zo ook goed is) Alvast enorm bedankt [ATTACH]11078[/ATTACH] HiJack.log
-
IK had voor combofix al geen meldingen meer maar die askdisbar (ofzoiets) die kon ik steeds niet vinden om te verwijderen dus ik neem aan dat die nu wel verwijderd is Moet ik nu nog meer dingen doen? (combofix ed. verwijderen?) In ieder geval al heel erg bedankt!
-
Gelukt (Heb overigens combofix weer in de veilige modus moeten laten lopen want hij deed het weer niet in de normale modus) Combofix logje: ComboFix 10-09-24.05 - 29416 26-09-2010 14:18:14.2.2 - x86 NETWORK Microsoft Windows XP Professional 5.1.2600.3.1252.31.1043.18.2043.1730 [GMT 2:00] Gestart vanuit: c:\documents and settings\Administrator.ACERTM\Bureaublad\ComboFix.exe gebruikte Opdracht switches :: c:\documents and settings\Administrator.ACERTM\Bureaublad\CFScript.txt AV: Sophos Anti-Virus *On-access scanning disabled* (Updated) {3F13C776-3CBE-4DE9-8BF6-09E5183CA2BD} . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\Administrator.ACERTM\Local Settings\Application Data\qeicjqlbk c:\program files\AskBarDis . (((((((((((((((((((( Bestanden Gemaakt van 2010-08-26 to 2010-09-26 )))))))))))))))))))))))))))))) . 2010-09-26 09:43 . 2010-09-26 09:43 -------- d-----r- c:\documents and settings\LocalService\Favorieten 2010-09-26 09:43 . 2010-09-26 09:43 -------- d--h--r- c:\documents and settings\LocalService\Onlangs geopend 2010-09-26 09:43 . 2010-09-26 09:43 -------- d-----w- c:\documents and settings\LocalService\Menu Start 2010-09-26 09:43 . 2010-09-26 09:43 -------- d-----w- c:\documents and settings\LocalService\Bureaublad 2010-09-24 21:19 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-09-12 12:38 . 2010-09-24 21:19 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-09-12 12:26 . 2010-09-12 12:26 388096 ----a-r- c:\documents and settings\Administrator.ACERTM\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe 2010-09-12 12:26 . 2010-09-12 12:26 -------- d-----w- c:\program files\Trend Micro 2010-09-12 10:29 . 2010-09-12 10:29 -------- d-sh--w- c:\windows\ftpcache 2010-09-11 20:43 . 2008-04-13 22:10 34688 -c--a-w- c:\windows\system32\dllcache\lbrtfdc.sys 2010-09-11 20:43 . 2008-04-13 22:10 34688 ----a-w- c:\windows\system32\drivers\lbrtfdc.sys 2010-09-11 20:43 . 2008-04-13 22:11 8576 -c--a-w- c:\windows\system32\dllcache\i2omgmt.sys 2010-09-11 20:43 . 2008-04-13 22:11 8576 ----a-w- c:\windows\system32\drivers\i2omgmt.sys 2010-09-11 20:43 . 2008-04-13 22:11 8192 -c--a-w- c:\windows\system32\dllcache\changer.sys 2010-09-11 20:43 . 2008-04-13 22:11 8192 ----a-w- c:\windows\system32\drivers\changer.sys . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-09-26 12:12 . 2008-12-02 15:51 -------- d-----w- c:\documents and settings\Administrator.ACERTM\Application Data\SoftGrid Client 2010-09-26 12:11 . 2009-04-29 13:57 -------- d-----w- c:\documents and settings\Administrator.ACERTM\Application Data\DNA 2010-09-26 10:37 . 2009-04-29 13:57 -------- d-----w- c:\program files\DNA 2010-09-25 10:06 . 2008-12-01 13:50 -------- d-----w- c:\program files\Launch Manager 2010-09-24 17:27 . 2009-10-12 17:30 -------- d-----w- c:\documents and settings\Administrator.ACERTM\Application Data\Microgaming 2010-09-16 15:36 . 2008-12-19 12:16 -------- d-----w- c:\documents and settings\Administrator.ACERTM\Application Data\U3 2010-09-12 12:17 . 2004-08-04 11:00 726566 ----a-w- c:\windows\system32\perfh013.dat 2010-09-12 12:17 . 2004-08-04 11:00 206444 ----a-w- c:\windows\system32\perfc013.dat 2010-09-12 01:57 . 2010-07-20 18:19 -------- d-----w- c:\program files\Microsoft Silverlight 2010-08-31 11:56 . 2009-04-29 13:57 -------- d-----w- c:\program files\BitTorrent 2010-08-30 17:09 . 2009-04-29 13:57 -------- d-----w- c:\documents and settings\Administrator.ACERTM\Application Data\BitTorrent 2010-08-19 15:34 . 2008-12-01 15:25 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help 2010-08-09 08:37 . 2009-01-06 08:19 -------- d-----w- c:\program files\Foxit Software 2010-08-09 08:36 . 2009-01-06 09:32 -------- d-----w- c:\program files\Google 2010-08-04 17:41 . 2010-06-29 23:27 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton 2010-08-04 13:32 . 2008-12-01 15:47 -------- d-----w- c:\program files\Common Files\Symantec Shared 2010-07-01 07:51 . 2010-07-01 07:51 501936 ----a-w- c:\documents and settings\All Users\Application Data\Google\Google Toolbar\Update\gtb2A6.tmp.exe 2010-06-30 12:33 . 2008-04-14 20:32 149504 ----a-w- c:\windows\system32\schannel.dll 2010-06-29 21:48 . 2010-06-29 21:48 501936 ----a-w- c:\documents and settings\All Users\Application Data\Google\Google Toolbar\Update\gtb296.tmp.exe 2010-06-28 16:12 . 2010-06-28 16:12 501936 ----a-w- c:\documents and settings\All Users\Application Data\Google\Google Toolbar\Update\gtb27E.tmp.exe . ------- Sigcheck ------- [-] 2008-11-21 . D9B2AA9ADACDE33FF18A010ADF2EBF18 . 1571840 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MsnMsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856] "igndlm.exe"="c:\program files\Download Manager\DLM.exe" [2008-08-01 1103216] "BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2009-10-17 323392] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-11-24 39408] "Pando Media Booster"="c:\program files\Pando Networks\Media Booster\PMB.exe" [2010-04-23 2938552] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "AzMixerSel"="c:\program files\Realtek\Audio\InstallShield\AzMixerSel.exe" [2008-08-05 53248] "RTHDCPL"="RTHDCPL.EXE" [2008-08-05 16862208] "LManager"="c:\progra~1\LAUNCH~1\QtZgAcer.EXE" [2008-08-05 858632] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-08-05 1028096] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-08-05 13541376] "nwiz"="nwiz.exe" [2008-08-05 1630208] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-08-05 86016] "NGClient"="c:\program files\Symantec\Ghost\ngctw32.exe" [2005-11-28 440000] "SoftGridTray"="c:\program files\Softricity\SoftGrid for Windows Desktops\SFTTray.exe" [2007-12-13 316440] "Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2006-11-03 866584] "Synchronization Manager"="c:\windows\system32\mobsync.exe" [2008-04-14 144384] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-09-04 417792] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-09-21 305440] "Freecorder FLV Service"="c:\program files\Freecorder\FLVSrvc.exe" [2009-11-15 158752] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-12-10 149280] "NACAgentUI"="c:\program files\Cisco\Cisco NAC Agent\NACAgentUI.exe" [2010-02-05 454400] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] "DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2008-11-04 435096] c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\ Microsoft Firewall Client Management.lnk - c:\program files\Microsoft Firewall Client 2004\FwcMgmt.exe [2006-12-9 117568] Sophos AutoUpdate Monitor.lnk - c:\program files\Sophos\AutoUpdate\ALMon.exe [2010-1-11 429096] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "NoPublishingWizard"= 0 (0x0) "NoWebServices"= 0 (0x0) "NoOnlinePrintsWizard"= 0 (0x0) [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Authentication Packages REG_MULTI_SZ msv1_0 nwprovau [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1645522239-562591055-839522115-3611\Scripts\Logoff\0\0] "Script"=\\edu.sintlucas.nl\NETLOGON\DiscoPrinters.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1645522239-562591055-839522115-3611\Scripts\Logoff\1\0] "Script"=\\edu.sintlucas.nl\NETLOGON\llogoff.vbs [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1645522239-562591055-839522115-3611\Scripts\Logon\0\0] "Script"=\\edu.sintlucas.nl\netlogon\logon_script.vbs [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1645522239-562591055-839522115-3611\Scripts\Logon\0\1] "Script"=\\edu.sintlucas.nl\netlogon\connect_printer.vbs [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1645522239-562591055-839522115-3611\Scripts\Logon\0\2] "Script"=regedit.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1645522239-562591055-839522115-3611\Scripts\Logon\1\0] "Script"=\\edu.sintlucas.nl\NETLOGON\llogin.vbs [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1645522239-562591055-839522115-3611\Scripts\Logon\2\0] "Script"=regedit.exe [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend] @="Service" [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SophosAntiVirus] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Symantec\\Ghost\\ngctw32.exe"= "c:\\Program Files\\DNA\\btdna.exe"= "c:\\Program Files\\BitTorrent\\bittorrent.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009 "57349:TCP"= 57349:TCP:Pando Media Booster "57349:UDP"= 57349:UDP:Pando Media Booster R0 GhMon;GhostMountMonitor - Boot Phase Driver;c:\windows\system32\drivers\GhMon.sys [28-11-2005 18:35 6560] R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [3-11-2006 20:19 13592] S0 GhPostConfig;GhostPostConfig - Boot Phase Driver;c:\windows\system32\drivers\ghpcw2k.sys [28-11-2005 18:36 199264] S1 SAVOnAccessControl;SAVOnAccessControl;c:\windows\system32\drivers\savonaccesscontrol.sys [1-12-2008 17:48 152192] S1 SAVOnAccessFilter;SAVOnAccessFilter;c:\windows\system32\drivers\savonaccessfilter.sys [1-12-2008 17:48 24064] S2 EQSharedEngine;EQ Shared Engine;c:\program files\Equitrac\Express\Client\EQSharedEngine.exe [19-2-2007 16:44 1521192] S2 FwcAgent;Firewall Client Agent;c:\program files\Microsoft Firewall Client 2004\FwcAgent.exe [9-12-2006 20:04 128832] S2 GhPostConfig_Auto;GhostPostConfig - Auto Phase Driver;c:\windows\system32\drivers\ghpcw2k.sys [28-11-2005 18:36 199264] S2 gupdate1ca701517d126cc;Google Updateservice (gupdate1ca701517d126cc);c:\program files\Google\Update\GoogleUpdate.exe [28-11-2009 12:25 133104] S2 NACAgent;Cisco NAC Agent;c:\program files\Cisco\Cisco NAC Agent\NACAgent.exe [5-2-2010 17:28 742144] S2 NGClient;Symantec Ghost Win32 Client Agent;c:\program files\Symantec\Ghost\ngctw32.exe [28-11-2005 19:26 440000] S2 SAVAdminService;Sophos Anti-Virus status reporter;c:\program files\Sophos\Sophos Anti-Virus\SAVAdminService.exe [11-1-2010 13:09 104488] S2 SAVService;Sophos Anti-Virus;c:\program files\Sophos\Sophos Anti-Virus\SavService.exe [11-1-2010 13:10 93736] S2 sftlist;SoftGrid Client;c:\program files\Softricity\SoftGrid for Windows Desktops\sftlist.exe [13-12-2007 20:02 549912] S3 cxbu0wdm;CardMan 3x21;c:\windows\system32\drivers\cxbu0wdm.sys [28-2-2007 10:38 91008] S3 JMCR;JMCR;c:\windows\system32\drivers\jmcr.sys [20-11-2008 13:50 80784] S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [15-1-2010 14:49 227232] S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32.sys [1-12-2008 15:22 39072] S3 sdcfilter;sdcfilter;c:\windows\system32\drivers\sdcfilter.sys [11-1-2010 13:09 23928] S3 sftfs;sftfs;c:\program files\Softricity\SoftGrid for Windows Desktops\drivers\SftFSXP.sys [13-12-2007 20:02 565784] S3 sftplay;sftplay;c:\program files\Softricity\SoftGrid for Windows Desktops\drivers\sftplayxp.sys [13-12-2007 20:01 149144] S3 sftvol;sftvol;c:\program files\Softricity\SoftGrid for Windows Desktops\drivers\SftVolXP.sys [13-12-2007 20:01 15896] S3 sftvsa;SoftGrid Virtual Service Agent;c:\program files\Softricity\SoftGrid for Windows Desktops\sftvsa.exe [13-12-2007 20:02 205848] S4 SophosBootDriver;SophosBootDriver;c:\windows\system32\drivers\SophosBootDriver.sys [1-12-2008 17:52 14976] --- Andere Services/Drivers In Geheugen --- *NewlyCreated* - MDMXSDK [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\aetsprov] 2008-06-02 08:32 81920 ----a-w- c:\windows\system32\aetsprov.dll . Inhoud van de 'Gedeelde Taken' map 2010-08-31 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34] 2010-09-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-11-28 10:25] 2010-09-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-11-28 10:25] 2010-09-26 c:\windows\Tasks\MP Scheduled Scan.job - c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 18:20] 2010-09-25 c:\windows\Tasks\New scan.job - c:\program files\Sophos\Sophos Anti-Virus\BackgroundScanClient.exe [2010-01-11 11:08] . . ------- Bijkomende Scan ------- . uStart Page = hxxp://www.google.nl/ uInternet Connection Wizard,ShellNext = iexplore uInternet Settings,ProxyOverride = <local> uSearchURL,(Default) = hxxp://g.msn.nl/0SENLNL/SAOS01?FORM=TOOLBR IE: Add to Windows &Live Favorites - Welcome to Windows Live IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html IE: Verzenden naar &Bluetooth-apparaat... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm LSP: c:\program files\Microsoft Firewall Client 2004\FwcWsp.dll DPF: {4D2D3A17-9B46-483C-A5F4-1DC471080009} - hxxps://cas.edu.sintlucas.nl/auth/taweb.cab DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://game06.zylom.com/activex/zylomgamesplayer.cab DPF: {C9D7D239-B502-48B3-BA25-9DF8C7264073} - hxxps://cas.edu.sintlucas.nl/auth/CCALogin.CAB . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover Rootkit scan 2010-09-26 14:21 Windows 5.1.2600 Service Pack 3 NTFS scannen van verborgen processen ... scannen van verborgen autostart items ... scannen van verborgen bestanden ... Scan succesvol afgerond verborgen bestanden: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Sophos Message Router] "ImagePath"="\"c:\program files\Sophos\Remote Management System\RouterNT.exe\" -service -name Router -ORBListenEndpoints iiop://:8193/ssl_port=8194" . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- [HKEY_USERS\S-1-5-21-329068152-220523388-682003330-500\Software\Microsoft\Internet Explorer\User Preferences] @Denied: (2) (Administrator) "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,96,61,ee,4c,ad,73,02,4a,ad,15,cd,\ "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,96,61,ee,4c,ad,73,02,4a,ad,15,cd,\ . --------------------- DLLs Geladen Onder Lopende Processen --------------------- - - - - - - - > 'winlogon.exe'(824) c:\windows\system32\aetgina1.dll . Voltooingstijd: 2010-09-26 14:22:35 ComboFix-quarantined-files.txt 2010-09-26 12:22 ComboFix2.txt 2010-09-26 10:42 Pre-Run: 24.227.610.624 bytes beschikbaar Post-Run: 24.272.211.968 bytes beschikbaar WindowsXP-KB310994-SP2-Pro-BootDisk-NLD.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons UnsupportedDebug="do not select this" /debug multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect - - End Of File - - D5332A0E7E44F3E9FA20F171435D6859 HiJack logje: Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 14:24:14, on 26-9-2010 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Safe mode with network support Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\explorer.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = Bing R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O2 - BHO: Sophos Web Content Scanner - {39EA7695-B3F2-4C44-A4BC-297ADA8FD235} - C:\Program Files\Sophos\Sophos Anti-Virus\SophosBHO.dll O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\Audio\InstallShield\AzMixerSel.exe O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [NGClient] C:\Program Files\Symantec\Ghost\ngctw32.exe O4 - HKLM\..\Run: [softGridTray] C:\Program Files\Softricity\SoftGrid for Windows Desktops\SFTTray.exe /autostart O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide O4 - HKLM\..\Run: [synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [Freecorder FLV Service] "C:\Program Files\Freecorder\FLVSrvc.exe" /run O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [NACAgentUI] C:\Program Files\Cisco\Cisco NAC Agent\NACAgentUI.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [igndlm.exe] C:\Program Files\Download Manager\DLM.exe /windowsstart /startifwork O4 - HKCU\..\Run: [bitTorrent DNA] "C:\Program Files\DNA\btdna.exe" O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" O4 - HKCU\..\Run: [Pando Media Booster] C:\Program Files\Pando Networks\Media Booster\PMB.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Microsoft Firewall Client Management.lnk = C:\Program Files\Microsoft Firewall Client 2004\FwcMgmt.exe O4 - Global Startup: Sophos AutoUpdate Monitor.lnk = C:\Program Files\Sophos\AutoUpdate\ALMon.exe O8 - Extra context menu item: Add to Windows &Live Favorites - Welcome to Windows Live O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html O8 - Extra context menu item: Verzenden naar &Bluetooth-apparaat... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra button: Unibet - {00000000-0000-0000-0000-000000000000} - C:\MicroGaming\Poker\unibetpokerMPP\MPPoker.exe (HKCU) O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll O16 - DPF: {15B782AF-55D8-11D1-B477-006097098764} (Macromedia Authorware Web Player Control) - http://www.bio.uu.nl/~cpio/modules/awswaxd.cab O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.7.109.cab O16 - DPF: {4D2D3A17-9B46-483C-A5F4-1DC471080009} (Cisco NAC Web Agent Control) - https://cas.edu.sintlucas.nl/auth/taweb.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1228218961597 O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game06.zylom.com/activex/zylomgamesplayer.cab O16 - DPF: {C9D7D239-B502-48B3-BA25-9DF8C7264073} (CCAWebLogin Control) - https://cas.edu.sintlucas.nl/auth/CCALogin.CAB O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = edu.sintlucas.nl O17 - HKLM\Software\..\Telephony: DomainName = edu.sintlucas.nl O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = edu.sintlucas.nl O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = edu.sintlucas.nl O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: Mobiel Apple apparaat (Apple Mobile Device) - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe O23 - Service: EQ Shared Engine (EQSharedEngine) - Equitrac - C:\Program Files\Equitrac\Express\Client\EQSharedEngine.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Google Updateservice (gupdate1ca701517d126cc) (gupdate1ca701517d126cc) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe O23 - Service: Cisco NAC Agent (NACAgent) - Cisco Systems, Inc. - C:\Program Files\Cisco\Cisco NAC Agent\NACAgent.exe O23 - Service: Symantec Ghost Win32 Client Agent (NGClient) - Symantec Corporation - C:\Program Files\Symantec\Ghost\ngctw32.exe O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Sophos Anti-Virus status reporter (SAVAdminService) - Sophos Plc - C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe O23 - Service: Sophos Anti-Virus (SAVService) - Sophos Plc - C:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe O23 - Service: SoftGrid Client (sftlist) - Softricity, Inc. - C:\Program Files\Softricity\SoftGrid for Windows Desktops\sftlist.exe O23 - Service: SoftGrid Virtual Service Agent (sftvsa) - Softricity, Inc. - C:\Program Files\Softricity\SoftGrid for Windows Desktops\sftvsa.exe O23 - Service: Sophos Agent - Sophos Plc - C:\Program Files\Sophos\Remote Management System\ManagementAgentNT.exe O23 - Service: Sophos AutoUpdate Service - Sophos Plc - C:\Program Files\Sophos\AutoUpdate\ALsvc.exe O23 - Service: Sophos Message Router - Sophos Plc - C:\Program Files\Sophos\Remote Management System\RouterNT.exe -- End of file - 10450 bytes
-
Gelukt ComboFix 10-09-24.05 - 29416 26-09-2010 11:43:12.1.2 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.31.1043.18.2043.1515 [GMT 2:00] Gestart vanuit: c:\documents and settings\Administrator.ACERTM\Bureaublad\ComboFix.exe AV: Sophos Anti-Virus *On-access scanning disabled* (Updated) {3F13C776-3CBE-4DE9-8BF6-09E5183CA2BD} WAARSCHUWING - DE RECOVERY CONSOLE IS NIET OP DIT SYSTEEM GEINSTALLEERD !! . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\Administrator.ACERTM\Application Data\.# c:\documents and settings\Administrator.ACERTM\Application Data\ShoppingReport c:\documents and settings\Administrator.ACERTM\Application Data\ShoppingReport\cs\Config.xml c:\documents and settings\Administrator.ACERTM\Application Data\ShoppingReport\cs\db\Aliases.dbs c:\documents and settings\Administrator.ACERTM\Application Data\ShoppingReport\cs\db\Sites.dbs c:\documents and settings\Administrator.ACERTM\Application Data\ShoppingReport\cs\dwld\WhiteList.xip c:\documents and settings\Administrator.ACERTM\Application Data\ShoppingReport\cs\report\aggr_storage.xml c:\documents and settings\Administrator.ACERTM\Application Data\ShoppingReport\cs\report\send_storage.xml c:\documents and settings\Administrator.ACERTM\Application Data\ShoppingReport\cs\res1\WhiteList.dbs c:\documents and settings\Administrator.ACERTM\Launcher.exe c:\documents and settings\Administrator.ACERTM\Menu Start\Programma's\Security Tool.lnk c:\documents and settings\Administrator.ACERTM\System c:\documents and settings\Administrator.ACERTM\System\win_qs8.jqx c:\program files\ShoppingReport Besmet exemplaar van c:\windows\system32\drivers\dmload.sys werd aangetroffen en gedesinfecteerd Hersteld exemplaar van - Kitty had a snack . (((((((((((((((((((( Bestanden Gemaakt van 2010-08-26 to 2010-09-26 )))))))))))))))))))))))))))))) . 2010-09-26 09:43 . 2010-09-26 09:43 -------- d-----r- c:\documents and settings\LocalService\Favorieten 2010-09-26 09:43 . 2010-09-26 09:43 -------- d--h--r- c:\documents and settings\LocalService\Onlangs geopend 2010-09-26 09:43 . 2010-09-26 09:43 -------- d-----w- c:\documents and settings\LocalService\Menu Start 2010-09-26 09:43 . 2010-09-26 09:43 -------- d-----w- c:\documents and settings\LocalService\Bureaublad 2010-09-24 21:19 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-09-12 12:38 . 2010-09-24 21:19 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-09-12 12:26 . 2010-09-12 12:26 388096 ----a-r- c:\documents and settings\Administrator.ACERTM\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe 2010-09-12 12:26 . 2010-09-12 12:26 -------- d-----w- c:\program files\Trend Micro 2010-09-12 10:29 . 2010-09-12 10:29 -------- d-sh--w- c:\windows\ftpcache 2010-09-11 20:43 . 2008-04-13 22:10 34688 -c--a-w- c:\windows\system32\dllcache\lbrtfdc.sys 2010-09-11 20:43 . 2008-04-13 22:10 34688 ----a-w- c:\windows\system32\drivers\lbrtfdc.sys 2010-09-11 20:43 . 2008-04-13 22:11 8576 -c--a-w- c:\windows\system32\dllcache\i2omgmt.sys 2010-09-11 20:43 . 2008-04-13 22:11 8576 ----a-w- c:\windows\system32\drivers\i2omgmt.sys 2010-09-11 20:43 . 2008-04-13 22:11 8192 -c--a-w- c:\windows\system32\dllcache\changer.sys 2010-09-11 20:43 . 2008-04-13 22:11 8192 ----a-w- c:\windows\system32\drivers\changer.sys 2010-09-11 20:42 . 2010-09-15 23:08 -------- d-----w- c:\documents and settings\Administrator.ACERTM\Local Settings\Application Data\qeicjqlbk . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-09-26 10:37 . 2009-04-29 13:57 -------- d-----w- c:\program files\DNA 2010-09-26 10:37 . 2009-04-29 13:57 -------- d-----w- c:\documents and settings\Administrator.ACERTM\Application Data\DNA 2010-09-26 10:33 . 2008-12-02 15:51 -------- d-----w- c:\documents and settings\Administrator.ACERTM\Application Data\SoftGrid Client 2010-09-25 10:06 . 2008-12-01 13:50 -------- d-----w- c:\program files\Launch Manager 2010-09-24 17:27 . 2009-10-12 17:30 -------- d-----w- c:\documents and settings\Administrator.ACERTM\Application Data\Microgaming 2010-09-16 15:36 . 2008-12-19 12:16 -------- d-----w- c:\documents and settings\Administrator.ACERTM\Application Data\U3 2010-09-12 12:17 . 2004-08-04 11:00 726566 ----a-w- c:\windows\system32\perfh013.dat 2010-09-12 12:17 . 2004-08-04 11:00 206444 ----a-w- c:\windows\system32\perfc013.dat 2010-09-12 12:11 . 2009-03-11 12:32 -------- d-----w- c:\program files\AskBarDis 2010-09-12 01:57 . 2010-07-20 18:19 -------- d-----w- c:\program files\Microsoft Silverlight 2010-08-31 11:56 . 2009-04-29 13:57 -------- d-----w- c:\program files\BitTorrent 2010-08-30 17:09 . 2009-04-29 13:57 -------- d-----w- c:\documents and settings\Administrator.ACERTM\Application Data\BitTorrent 2010-08-19 15:34 . 2008-12-01 15:25 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help 2010-08-09 08:37 . 2009-01-06 08:19 -------- d-----w- c:\program files\Foxit Software 2010-08-09 08:36 . 2009-01-06 09:32 -------- d-----w- c:\program files\Google 2010-08-04 17:41 . 2010-06-29 23:27 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton 2010-08-04 13:32 . 2008-12-01 15:47 -------- d-----w- c:\program files\Common Files\Symantec Shared 2010-07-01 07:51 . 2010-07-01 07:51 501936 ----a-w- c:\documents and settings\All Users\Application Data\Google\Google Toolbar\Update\gtb2A6.tmp.exe 2010-06-30 12:33 . 2008-04-14 20:32 149504 ----a-w- c:\windows\system32\schannel.dll 2010-06-29 21:48 . 2010-06-29 21:48 501936 ----a-w- c:\documents and settings\All Users\Application Data\Google\Google Toolbar\Update\gtb296.tmp.exe 2010-06-28 16:12 . 2010-06-28 16:12 501936 ----a-w- c:\documents and settings\All Users\Application Data\Google\Google Toolbar\Update\gtb27E.tmp.exe . ------- Sigcheck ------- [-] 2008-11-21 . D9B2AA9ADACDE33FF18A010ADF2EBF18 . 1571840 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1392b8d2-5c05-419f-a8f6-b9f15a596612}] 2010-09-09 19:19 2735200 ----a-w- c:\program files\Freecorder\tbFre0.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{1392b8d2-5c05-419f-a8f6-b9f15a596612}"= "c:\program files\Freecorder\tbFre0.dll" [2010-09-09 2735200] [HKEY_CLASSES_ROOT\clsid\{1392b8d2-5c05-419f-a8f6-b9f15a596612}] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser] "{1392B8D2-5C05-419F-A8F6-B9F15A596612}"= "c:\program files\Freecorder\tbFre0.dll" [2010-09-09 2735200] [HKEY_CLASSES_ROOT\clsid\{1392b8d2-5c05-419f-a8f6-b9f15a596612}] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MsnMsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856] "igndlm.exe"="c:\program files\Download Manager\DLM.exe" [2008-08-01 1103216] "BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2009-10-17 323392] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-11-24 39408] "Pando Media Booster"="c:\program files\Pando Networks\Media Booster\PMB.exe" [2010-04-23 2938552] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "AzMixerSel"="c:\program files\Realtek\Audio\InstallShield\AzMixerSel.exe" [2008-08-05 53248] "RTHDCPL"="RTHDCPL.EXE" [2008-08-05 16862208] "LManager"="c:\progra~1\LAUNCH~1\QtZgAcer.EXE" [2008-08-05 858632] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-08-05 1028096] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-08-05 13541376] "nwiz"="nwiz.exe" [2008-08-05 1630208] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-08-05 86016] "NGClient"="c:\program files\Symantec\Ghost\ngctw32.exe" [2005-11-28 440000] "SoftGridTray"="c:\program files\Softricity\SoftGrid for Windows Desktops\SFTTray.exe" [2007-12-13 316440] "Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2006-11-03 866584] "Synchronization Manager"="c:\windows\system32\mobsync.exe" [2008-04-14 144384] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-09-04 417792] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-09-21 305440] "Freecorder FLV Service"="c:\program files\Freecorder\FLVSrvc.exe" [2009-11-15 158752] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-12-10 149280] "NACAgentUI"="c:\program files\Cisco\Cisco NAC Agent\NACAgentUI.exe" [2010-02-05 454400] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] "DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2008-11-04 435096] c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\ Microsoft Firewall Client Management.lnk - c:\program files\Microsoft Firewall Client 2004\FwcMgmt.exe [2006-12-9 117568] Sophos AutoUpdate Monitor.lnk - c:\program files\Sophos\AutoUpdate\ALMon.exe [2010-1-11 429096] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "NoPublishingWizard"= 0 (0x0) "NoWebServices"= 0 (0x0) "NoOnlinePrintsWizard"= 0 (0x0) [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Authentication Packages REG_MULTI_SZ msv1_0 nwprovau [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1645522239-562591055-839522115-3611\Scripts\Logoff\0\0] "Script"=\\edu.sintlucas.nl\NETLOGON\DiscoPrinters.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1645522239-562591055-839522115-3611\Scripts\Logoff\1\0] "Script"=\\edu.sintlucas.nl\NETLOGON\llogoff.vbs [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1645522239-562591055-839522115-3611\Scripts\Logon\0\0] "Script"=\\edu.sintlucas.nl\netlogon\logon_script.vbs [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1645522239-562591055-839522115-3611\Scripts\Logon\0\1] "Script"=\\edu.sintlucas.nl\netlogon\connect_printer.vbs [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1645522239-562591055-839522115-3611\Scripts\Logon\0\2] "Script"=regedit.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1645522239-562591055-839522115-3611\Scripts\Logon\1\0] "Script"=\\edu.sintlucas.nl\NETLOGON\llogin.vbs [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1645522239-562591055-839522115-3611\Scripts\Logon\2\0] "Script"=regedit.exe [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend] @="Service" [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SophosAntiVirus] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Symantec\\Ghost\\ngctw32.exe"= "c:\\Program Files\\DNA\\btdna.exe"= "c:\\Program Files\\BitTorrent\\bittorrent.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009 "57349:TCP"= 57349:TCP:Pando Media Booster "57349:UDP"= 57349:UDP:Pando Media Booster R2 GhPostConfig_Auto;GhostPostConfig - Auto Phase Driver;c:\windows\system32\Drivers\ghpcw2k.sys [2005-11-28 199264] R2 gupdate1ca701517d126cc;Google Updateservice (gupdate1ca701517d126cc);c:\program files\Google\Update\GoogleUpdate.exe [2009-11-28 133104] R3 cxbu0wdm;CardMan 3x21;c:\windows\system32\DRIVERS\cxbu0wdm.sys [2007-02-28 91008] R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232] R3 sdcfilter;sdcfilter;c:\windows\system32\DRIVERS\sdcfilter.sys [2010-01-11 23928] R4 SophosBootDriver;SophosBootDriver;c:\windows\system32\DRIVERS\SophosBootDriver.sys [2009-05-20 14976] S0 GhMon;GhostMountMonitor - Boot Phase Driver;c:\windows\System32\Drivers\ghmon.sys [2005-11-28 6560] S0 GhPostConfig;GhostPostConfig - Boot Phase Driver;c:\windows\System32\Drivers\ghpcw2k.sys [2005-11-28 199264] S1 SAVOnAccessControl;SAVOnAccessControl;c:\windows\system32\DRIVERS\savonaccesscontrol.sys [2010-01-11 152192] S1 SAVOnAccessFilter;SAVOnAccessFilter;c:\windows\system32\DRIVERS\savonaccessfilter.sys [2010-01-11 24064] S2 EQSharedEngine;EQ Shared Engine;c:\program files\Equitrac\Express\Client\EQSharedEngine.exe [2007-02-19 1521192] S2 FwcAgent;Firewall Client Agent;c:\program files\Microsoft Firewall Client 2004\FwcAgent.exe [2006-12-09 128832] S2 NACAgent;Cisco NAC Agent;c:\program files\Cisco\Cisco NAC Agent\NACAgent.exe [2010-02-05 742144] S2 NGClient;Symantec Ghost Win32 Client Agent;c:\program files\Symantec\Ghost\ngctw32.exe [2005-11-28 440000] S2 SAVAdminService;Sophos Anti-Virus status reporter;c:\program files\Sophos\Sophos Anti-Virus\SAVAdminService.exe [2010-01-11 104488] S2 SAVService;Sophos Anti-Virus;c:\program files\Sophos\Sophos Anti-Virus\SavService.exe [2010-01-11 93736] S2 sftlist;SoftGrid Client;c:\program files\Softricity\SoftGrid for Windows Desktops\sftlist.exe [2007-12-13 549912] S2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [2006-11-03 13592] S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [2008-08-05 80784] S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32.sys [2008-08-05 39072] S3 sftfs;sftfs;c:\program files\Softricity\SoftGrid for Windows Desktops\drivers\sftfsXP.sys [2007-12-13 565784] S3 sftplay;sftplay;c:\program files\Softricity\SoftGrid for Windows Desktops\drivers\sftplayXP.sys [2007-12-13 149144] S3 sftvol;sftvol;c:\program files\Softricity\SoftGrid for Windows Desktops\drivers\sftvolXP.sys [2007-12-13 15896] S3 sftvsa;SoftGrid Virtual Service Agent;c:\program files\Softricity\SoftGrid for Windows Desktops\sftvsa.exe [2007-12-13 205848] --- Andere Services/Drivers In Geheugen --- *Deregistered* - uphcleanhlp [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\aetsprov] 2008-06-02 08:32 81920 ----a-w- c:\windows\system32\aetsprov.dll . Inhoud van de 'Gedeelde Taken' map 2010-08-31 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34] 2010-09-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-11-28 10:25] 2010-09-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-11-28 10:25] 2010-09-26 c:\windows\Tasks\MP Scheduled Scan.job - c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 18:20] 2010-09-25 c:\windows\Tasks\New scan.job - c:\program files\Sophos\Sophos Anti-Virus\BackgroundScanClient.exe [2010-01-11 11:08] . . ------- Bijkomende Scan ------- . uStart Page = hxxp://www.google.nl/ uInternet Connection Wizard,ShellNext = iexplore uInternet Settings,ProxyOverride = <local> uSearchURL,(Default) = hxxp://g.msn.nl/0SENLNL/SAOS01?FORM=TOOLBR IE: Add to Windows &Live Favorites - Welcome to Windows Live IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html IE: Verzenden naar &Bluetooth-apparaat... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm LSP: c:\program files\Microsoft Firewall Client 2004\FwcWsp.dll DPF: {4D2D3A17-9B46-483C-A5F4-1DC471080009} - hxxps://cas.edu.sintlucas.nl/auth/taweb.cab DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://game06.zylom.com/activex/zylomgamesplayer.cab DPF: {C9D7D239-B502-48B3-BA25-9DF8C7264073} - hxxps://cas.edu.sintlucas.nl/auth/CCALogin.CAB . - - - - ORPHANS VERWIJDERD - - - - WebBrowser-{3041D03E-FD4B-44E0-B742-2D9B88305F98} - c:\program files\AskBarDis\bar\bin\askBar.dll WebBrowser-{C3CD744D-2FAE-4640-8297-16B5DA423104} - (no file) AddRemove-Ask Toolbar_is1 - c:\program files\AskBarDis\unins000.exe ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover Rootkit scan 2010-09-26 12:36 Windows 5.1.2600 Service Pack 3 NTFS scannen van verborgen processen ... scannen van verborgen autostart items ... scannen van verborgen bestanden ... Scan succesvol afgerond verborgen bestanden: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Sophos Message Router] "ImagePath"="\"c:\program files\Sophos\Remote Management System\RouterNT.exe\" -service -name Router -ORBListenEndpoints iiop://:8193/ssl_port=8194" . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- [HKEY_USERS\S-1-5-21-329068152-220523388-682003330-500\Software\Microsoft\Internet Explorer\User Preferences] @Denied: (2) (Administrator) "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,96,61,ee,4c,ad,73,02,4a,ad,15,cd,\ "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,96,61,ee,4c,ad,73,02,4a,ad,15,cd,\ . --------------------- DLLs Geladen Onder Lopende Processen --------------------- - - - - - - - > 'winlogon.exe'(968) c:\windows\system32\aetgina1.dll - - - - - - - > 'explorer.exe'(2428) c:\documents and settings\Administrator.ACERTM\Local Settings\Application Data\FLVService\lib\FLVSrvLib.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\btncopy.dll c:\program files\Softricity\SoftGrid for Windows Desktops\sftshlx.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll c:\program files\Common Files\Adobe\Shell\idicon.dll c:\progra~1\MICROS~2\Office12\OLKFSTUB.DLL c:\program files\Common Files\Microsoft Shared\OFFICE12\MSOXEV.DLL . ------------------------ Andere Aktieve Processen ------------------------ . c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe c:\windows\System32\SCardSvr.exe c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe c:\program files\Bonjour\mDNSResponder.exe c:\program files\Java\jre6\bin\jqs.exe c:\program files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe c:\program files\CDBurnerXP\NMSAccessU.exe c:\windows\system32\nvsvc32.exe c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe c:\program files\Sophos\Remote Management System\ManagementAgentNT.exe c:\program files\Sophos\AutoUpdate\ALsvc.exe c:\program files\Sophos\Remote Management System\RouterNT.exe c:\program files\UPHClean\uphclean.exe c:\windows\system32\wbem\wmiapsrv.exe c:\program files\Softricity\SoftGrid for Windows Desktops\sftdcc.exe c:\windows\RTHDCPL.EXE c:\windows\system32\RUNDLL32.EXE c:\docume~1\ADMINI~1.ACE\LOCALS~1\Temp\RtkBtMnt.exe c:\program files\iPod\bin\iPodService.exe . ************************************************************************** . Voltooingstijd: 2010-09-26 12:42:29 - machine werd herstart ComboFix-quarantined-files.txt 2010-09-26 10:42 - - End Of File - - 403B2D1C3F2B61344125495ED17DFC56
-
Combofix werkt niet als ik hem start dan krijg ik een pop-up met de titel: 32788R22FWJF\iexplore.exe en de melding: kan geen toegang tot het opgegeven apparaat, pad of bestand krijgen. MOgelijk hebt u geen toegangsmachtigingen voor het item. En ik krijg het niet weggeklikt want hij komt meteen weer terug
-
Hmm nogsteeds hetzelfde probleem, hij stopt vanzelf tijdens het installeren Bijgevoegd de nieuwste HiJack log[ATTACH]6827[/ATTACH] Logfile of Trend Micro HijackThis v2.docx
-
Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Databaseversie: 4599 Windows 5.1.2600 Service Pack 2 Internet Explorer 8.0.6001.18702 13-9-2010 11:15:53 mbam-log-2010-09-13 (11-15-53).txt Scantype: Snelle scan Objecten gescand: 278430 Verstreken tijd: 40 minuut/minuten, 6 seconde(n) Geheugenprocessen geïnfecteerd: 0 Geheugenmodulen geïnfecteerd: 0 Registersleutels geïnfecteerd: 0 Registerwaarden geïnfecteerd: 0 Registerdata geïnfecteerd: 0 Mappen geïnfecteerd: 0 Bestanden geïnfecteerd: 0 Geheugenprocessen geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Geheugenmodulen geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Registersleutels geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Registerwaarden geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Registerdata geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Mappen geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Bestanden geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd)
-
HiJack: Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 10:34:30, on 13-9-2010 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Eset\nod32krn.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\HPZipm12.exe C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\SHVRTF.EXE C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe C:\Program Files\Eset\nod32kui.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqSTE08.exe C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Windows Live\Toolbar\wltuser.exe C:\Program Files\Internet Explorer\iexplore.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.home.nl/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer aangeboden door @Home R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy:8080 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll O2 - BHO: Softonic VLC EN Toolbar - {e6570cd8-9978-4621-b1f9-6a62436f0466} - C:\Program Files\Softonic_VLC_EN\tbSof1.dll O3 - Toolbar: Softonic VLC EN Toolbar - {e6570cd8-9978-4621-b1f9-6a62436f0466} - C:\Program Files\Softonic_VLC_EN\tbSof1.dll O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O4 - HKLM\..\Run: [ATIPTA] :C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [NeroFilterCheck] :C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [soundMan] :SOUNDMAN.EXE O4 - HKLM\..\Run: [Protect] SHVRTF.EXE O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe O4 - HKLM\..\Run: [HP Software Update] :C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [HP Component Manager] :"C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" O4 - HKLM\..\Run: [DeviceDiscovery] :C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe O4 - HKLM\..\Run: [nod32kui] C:\Program Files\Eset\nod32kui.exe /WAITSERVICE O4 - HKLM\..\Run: [CaretakerNotifier] :C:\Program Files\SurfRight\Caretaker\Notifier.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q O4 - HKCU\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe O4 - HKCU\..\Run: [trustreal] C:\DOCUME~1\ROBVAN~1\APPLIC~1\THISMA~1\16ViewCdrom.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice') O4 - HKUS\S-1-5-21-4290336544-1750476147-4027534363-1006\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Mirjam van Sambeek') O4 - HKUS\S-1-5-21-4290336544-1750476147-4027534363-1006\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe (User 'Mirjam van Sambeek') O4 - HKUS\S-1-5-21-4290336544-1750476147-4027534363-1006\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" (User 'Mirjam van Sambeek') O4 - HKUS\S-1-5-21-4290336544-1750476147-4027534363-1006\..\Run: [CTSyncU.exe] "C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe" (User 'Mirjam van Sambeek') O4 - HKUS\S-1-5-21-4290336544-1750476147-4027534363-1006\..\Run: [trustreal] C:\DOCUME~1\MIRJAM~1\APPLIC~1\THISMA~1\16ViewCdrom.exe (User 'Mirjam van Sambeek') O4 - HKUS\S-1-5-21-4290336544-1750476147-4027534363-1006\..\Run: [nvcoi] C:\Program Files\nvcoi\nvcoi.exe (User 'Mirjam van Sambeek') O4 - HKUS\S-1-5-21-4290336544-1750476147-4027534363-1006\..\Run: [JavaCore] C:\Program Files\\JavaCore\\JavaCore.exe (User 'Mirjam van Sambeek') O4 - HKUS\S-1-5-21-4290336544-1750476147-4027534363-1006\..\Run: [WinTouch] C:\Documents and Settings\Mirjam van Sambeek\Application Data\WinTouch\WinTouch.exe (User 'Mirjam van Sambeek') O4 - HKUS\S-1-5-21-4290336544-1750476147-4027534363-1006\..\Run: [sfKg6w] C:\Documents and Settings\Mirjam van Sambeek\Application Data\Microsoft\Windows\mtufnd.exe (User 'Mirjam van Sambeek') O4 - HKUS\S-1-5-21-4290336544-1750476147-4027534363-1006\..\Run: [Arrt] "C:\DOCUME~1\MIRJAM~1\APPLIC~1\FNTS~1\msdtc.exe" -vt yazb (User 'Mirjam van Sambeek') O4 - HKUS\S-1-5-21-4290336544-1750476147-4027534363-1006\..\Run: [Gingxrdx] "C:\Program Files\s?stem32\?hkntfs.exe" (User 'Mirjam van Sambeek') O4 - HKUS\S-1-5-21-4290336544-1750476147-4027534363-1006\..\Run: [Tskthy] "C:\Program Files\s?stem\r?gedit.exe" (User 'Mirjam van Sambeek') O4 - HKUS\S-1-5-21-4290336544-1750476147-4027534363-1006\..\Policies\Explorer\Run: [{B09672FC-0BB6-1043-0623-05030920001f}] "C:\Program Files\Common Files\{B09672FC-0BB6-1043-0623-05030920001f}\Update.exe" mc-110-12-0000904 (User 'Mirjam van Sambeek') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Default user') O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe O8 - Extra context menu item: Converteren naar Adobe PDF - res://D:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Converteren naar bestaand PDF-bestand - res://D:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Geselecteerde koppelingen converteren naar Adobe PDF - res://D:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Geselecteerde koppelingen converteren naar bestaand PDF-bestand - res://D:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html O8 - Extra context menu item: Koppelingdoel converteren naar Adobe PDF - res://D:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Koppelingdoel converteren naar bestaand PDF-bestand - res://D:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Selectie converteren naar Adobe PDF - res://D:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Selectie converteren naar bestaand PDF-bestand - res://D:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O9 - Extra button: In weblog opnemen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &In weblog opnemen met Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\WINDOWS\System32\shdocvw.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http://start.home.nl/ O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab30149.cab O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10/StagingUI.cab46479.cab O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab30149.cab O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://eu-housecall.trendmicro-europe.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab30149.cab O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (ZoneBuddy Class) - http://zone.msn.com/BinFrameWork/v10/ZBuddy.cab32846.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://mirriej88.spaces.msn.com//PhotoUpload/MsnPUpld.cab O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/binframework/v10/ZPAChat.cab32846.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab30149.cab O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://62.100.53.122/activex/AxisCamControl.cab O16 - DPF: {95B5D20C-BD31-4489-8ABF-F8C8BE748463} (ZPA_HRTZ Object) - http://zone.msn.com/bingame/zpagames/zpa_hrtz.cab40641.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab47946.cab O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai.net/7/532/6712/6c5b0a1ae398e3/player.virtools.com/downloads/player/Install2.5/Installer.exe O16 - DPF: {CE69F98F-2AF3-4306-BAC6-A79070EDA1B4} (Zylom Loader Object) - http://game11.zylomgames.com/activex/zylomloader.cab O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (StadiumProxy Class) - http://zone.msn.com/binframework/v10/StProxy.cab41227.cab O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://antu.popcap.com/games/popcaploader_v6.cab O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: Google Updateservice (gupdate1ca82f7f380806) (gupdate1ca82f7f380806) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: NOD32 Kernel Service (NOD32krn) - Unknown owner - C:\Program Files\Eset\nod32krn.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe -- End of file - 14186 bytes MalwareBytes krijg ik niet meer op tijd gerund, hopelijk in de loop van de dag, maar gisteren gaf MalwareBytes niets fouts meer aan
-
[ATTACH]6501[/ATTACH] Hmm MBAM wilt niet volledig installeren.. hij breekt uit zichzelf af tijdens het installeren (wellicht nog probleem met het virus?) dit is in ieder geval de nieuwe HiJack log (nu vanaf de security suite laptop ipv de 'niet besmette' computer) HiJack log.docx
-
Dat is inderdaad al een heleboel rotzooi opgeruimd daarvoor alvast heel erg bedankt! nieuwe HiJack log: Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 14:15:57, on 12-9-2010 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Eset\nod32krn.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\HPZipm12.exe C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\SHVRTF.EXE C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe C:\Program Files\Eset\nod32kui.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqSTE08.exe C:\Program Files\Windows Live\Toolbar\wltuser.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.home.nl/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer aangeboden door @Home R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy:8080 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll O2 - BHO: Softonic VLC EN Toolbar - {e6570cd8-9978-4621-b1f9-6a62436f0466} - C:\Program Files\Softonic_VLC_EN\tbSof0.dll O3 - Toolbar: Softonic VLC EN Toolbar - {e6570cd8-9978-4621-b1f9-6a62436f0466} - C:\Program Files\Softonic_VLC_EN\tbSof0.dll O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O4 - HKLM\..\Run: [ATIPTA] :C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [NeroFilterCheck] :C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [soundMan] :SOUNDMAN.EXE O4 - HKLM\..\Run: [Protect] SHVRTF.EXE O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe O4 - HKLM\..\Run: [HP Software Update] :C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [HP Component Manager] :"C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" O4 - HKLM\..\Run: [DeviceDiscovery] :C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe O4 - HKLM\..\Run: [nod32kui] C:\Program Files\Eset\nod32kui.exe /WAITSERVICE O4 - HKLM\..\Run: [bm(1)] :"C:\Program Files\Common Files\AntiVirusScherm\bm.exe" dm=http://antivirusscherm.com ad=http://antivirusscherm.com sd=http://arettich.antivirusscherm.com O4 - HKLM\..\Run: [CaretakerNotifier] :C:\Program Files\SurfRight\Caretaker\Notifier.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q O4 - HKCU\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe O4 - HKCU\..\Run: [trustreal] C:\DOCUME~1\ROBVAN~1\APPLIC~1\THISMA~1\16ViewCdrom.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Default user') O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe O8 - Extra context menu item: Converteren naar Adobe PDF - res://D:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Converteren naar bestaand PDF-bestand - res://D:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Geselecteerde koppelingen converteren naar Adobe PDF - res://D:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Geselecteerde koppelingen converteren naar bestaand PDF-bestand - res://D:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html O8 - Extra context menu item: Koppelingdoel converteren naar Adobe PDF - res://D:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Koppelingdoel converteren naar bestaand PDF-bestand - res://D:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Selectie converteren naar Adobe PDF - res://D:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Selectie converteren naar bestaand PDF-bestand - res://D:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O9 - Extra button: In weblog opnemen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &In weblog opnemen met Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\WINDOWS\System32\shdocvw.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http://start.home.nl/ O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab30149.cab O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10/StagingUI.cab46479.cab O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab30149.cab O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://eu-housecall.trendmicro-europe.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab30149.cab O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (ZoneBuddy Class) - http://zone.msn.com/BinFrameWork/v10/ZBuddy.cab32846.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://mirriej88.spaces.msn.com//PhotoUpload/MsnPUpld.cab O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/binframework/v10/ZPAChat.cab32846.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab30149.cab O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://62.100.53.122/activex/AxisCamControl.cab O16 - DPF: {95B5D20C-BD31-4489-8ABF-F8C8BE748463} (ZPA_HRTZ Object) - http://zone.msn.com/bingame/zpagames/zpa_hrtz.cab40641.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab47946.cab O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai.net/7/532/6712/6c5b0a1ae398e3/player.virtools.com/downloads/player/Install2.5/Installer.exe O16 - DPF: {CE69F98F-2AF3-4306-BAC6-A79070EDA1B4} (Zylom Loader Object) - http://game11.zylomgames.com/activex/zylomloader.cab O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (StadiumProxy Class) - http://zone.msn.com/binframework/v10/StProxy.cab41227.cab O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://antu.popcap.com/games/popcaploader_v6.cab O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab O20 - Winlogon Notify: rqRlJcBQ - rqRlJcBQ.dll (file missing) O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Adobe Version Cue CS2 - Unknown owner - D:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe (file missing) O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: Google Updateservice (gupdate1ca82f7f380806) (gupdate1ca82f7f380806) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: NOD32 Kernel Service (NOD32krn) - Unknown owner - C:\Program Files\Eset\nod32krn.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe -- End of file - 12406 bytes
-
MalwareBytes logje (nieuwe HiJack volgt zodra ik de computer opnieuw opgestart heb) Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Databaseversie: 4599 Windows 5.1.2600 Service Pack 2 Internet Explorer 8.0.6001.18702 12-9-2010 14:02:07 mbam-log-2010-09-12 (14-02-07).txt Scantype: Snelle scan Objecten gescand: 270633 Verstreken tijd: 37 minuut/minuten, 59 seconde(n) Geheugenprocessen geïnfecteerd: 0 Geheugenmodulen geïnfecteerd: 1 Registersleutels geïnfecteerd: 52 Registerwaarden geïnfecteerd: 8 Registerdata geïnfecteerd: 0 Mappen geïnfecteerd: 19 Bestanden geïnfecteerd: 89 Geheugenprocessen geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Geheugenmodulen geïnfecteerd: C:\WINDOWS\system32\dpwpcxdp.dll (Adware.BHO) -> Delete on reboot. Registersleutels geïnfecteerd: HKEY_CLASSES_ROOT\oincs.oinanalytics (Trojan.BHO) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\oincs.oinanalytics.1 (Trojan.BHO) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\quantic.plug (Trojan.BHO) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\quantic.plug.1 (Trojan.BHO) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\testcpv6.bho (Trojan.BHO) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\testcpv6.bho.1 (Trojan.BHO) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{1601d447-7424-4866-8dcc-acf98a2a41e1} (Trojan.BHO) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{1e404d48-670a-4085-a6a0-d195793ddd33} (Trojan.BHO) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{2e4a04a1-a24d-45ae-aca4-949778400813} (Trojan.BHO) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{9f593aac-ca4c-4a41-a7ff-a00812192d61} (Trojan.BHO) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{ceb9c60d-f0ad-4b73-a3ab-4fc822e38d66} (Trojan.BHO) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{cfcec0a5-e1da-4049-bdb6-8b461e7e1bf3} (Trojan.BHO) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\AppID\{a9722a0d-365f-47d2-b70b-37d046316d99} (Adware.EZlife) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\AppID\{8d71eeb8-a1a7-4733-8fa2-1cac015c967d} (Trojan.BHO) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\AppID\{f7fa36a4-3177-4b57-b9c1-e9c5b2e0d3a9} (Trojan.BHO) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\AppID\{ff46f4ab-a85f-487e-b399-3f191ac0fe23} (Trojan.BHO) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{15421b84-3488-49a7-ad18-cbf84a3efaf6} (Trojan.BHO) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{1e404d48-670a-4085-a6a0-d195793ddd33} (Trojan.BHO) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{ceb9c60d-f0ad-4b73-a3ab-4fc822e38d66} (Trojan.BHO) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Typelib\{2386c4d3-e53a-4fd6-952b-89cbca337c83} (Trojan.BHO) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Typelib\{63334394-3da3-4b29-a041-03535909d361} (Trojan.BHO) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Typelib\{749ec66f-a838-4b38-b8e5-e65d905fff74} (Trojan.BHO) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Typelib\{c3c0ec2c-2c1c-495c-9ad0-1f0ef833d7b5} (Trojan.BHO) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{15421b84-3488-49a7-ad18-cbf84a3efaf6} (Trojan.BHO) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{16b435f6-b6ce-4f24-a568-944b27ed919c} (Trojan.BHO) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6b221e01-f517-4959-8c41-81948e7f2f17} (Trojan.BHO) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{1a26f07f-0d60-4835-91cf-1e1766a0ec56} (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\oinanalytics (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\outerinfo (Adware.PurityScan) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\adproclient.adhlpr (Adware.SmartAds) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\adproclient.adhlpr.1 (Adware.SmartAds) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\AppID\OINAnalytics.dll (Trojan.BHO) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\AppID\Sidebar.dll (Trojan.BHO) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\AppID\testCPV6.dll (Trojan.BHO) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\BitDownload (Trojan.Swizzor) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\WR (Malware.Trace) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Quantic (Trojan.BHO) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Smart-Ads-Solutions (Adware.SmartAds) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Trymedia Systems (Adware.TryMedia) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\avsoft (Trojan.Fraudpack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\avsuite (Rogue.AntivirusSuite) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\dslcnnct (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\jkwslist (Malware.Trace) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Juan (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Smart-Ads-Solutions (Adware.SmartAds) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Smart-Ads-Solutions (Adware.SmartAds) -> Quarantined and deleted successfully. Registerwaarden geïnfecteerd: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\exploreupdsched (Trojan.AdSpy) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\adp (Rogue.Multiple) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\bf (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\bk (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\iu (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\mu (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\lsa shellu (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Products\prodname (Rogue.PCVirusless) -> Quarantined and deleted successfully. Registerdata geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Mappen geïnfecteerd: C:\Documents and Settings\All Users\Application Data\SalesMon (Rogue.Multiple) -> Quarantined and deleted successfully. C:\Documents and Settings\All Users\Application Data\SalesMon\Data (Rogue.Multiple) -> Quarantined and deleted successfully. C:\Documents and Settings\Rob van Sambeek\Application Data\Smart-Ads-Solutions (Adware.SmartAds) -> Quarantined and deleted successfully. C:\Documents and Settings\Rob van Sambeek\Application Data\Smart-Ads-Solutions\SmartAds (Adware.SmartAds) -> Quarantined and deleted successfully. C:\Documents and Settings\Johan van Sambeek\Application Data\Smart-Ads-Solutions (Adware.SmartAds) -> Quarantined and deleted successfully. C:\Documents and Settings\Johan van Sambeek\Application Data\Smart-Ads-Solutions\SmartAds (Adware.SmartAds) -> Quarantined and deleted successfully. C:\Documents and Settings\Mirjam van Sambeek\Application Data\WinTouch (Adware.WinPop) -> Quarantined and deleted successfully. C:\Program Files\CPV (Trojan.Downloader) -> Quarantined and deleted successfully. C:\Program Files\nvcoi (Trojan.Stars) -> Quarantined and deleted successfully. C:\Program Files\OINAnalytics (Trojan.Agent) -> Quarantined and deleted successfully. C:\Program Files\Outerinfo (Adware.PurityScan) -> Quarantined and deleted successfully. C:\Program Files\Outerinfo\FF (Adware.PurityScan) -> Quarantined and deleted successfully. C:\Program Files\Outerinfo\FF\components (Adware.PurityScan) -> Quarantined and deleted successfully. C:\Program Files\Temporary (Trojan.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\All Users\Menu Start\Programma's\AntiSpywareMaster (Rogue.AntiSpywareMaster) -> Quarantined and deleted successfully. C:\Documents and Settings\Johan van Sambeek\Menu Start\Programma's\MalwareAlarm (Rogue.Malware.Alarm) -> Quarantined and deleted successfully. C:\Documents and Settings\Mirjam van Sambeek\Menu Start\Programma's\Outerinfo (Malware.Trace) -> Quarantined and deleted successfully. C:\WINDOWS\system32\bharebio18 (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\Fonts\' (Worm.Archive) -> Files: 10458 -> Quarantined and deleted successfully. Bestanden geïnfecteerd: C:\WINDOWS\system32\dpwpcxdp.dll (Adware.BHO) -> Delete on reboot. C:\WINDOWS\system32\kcntqkdh.exe (Trojan.AdSpy) -> Quarantined and deleted successfully. C:\RECYCLER\S-1-5-21-4290336544-1750476147-4027534363-1007\Dc250.exe (Trojan.StartPage) -> Quarantined and deleted successfully. C:\WINDOWS\system32\pacxjnnv.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\eu1.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\l61.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\ldgoy.dll (Adware.PurityScan) -> Quarantined and deleted successfully. C:\WINDOWS\system32\mysidesearch_sidebar_uninstall.exe (Trojan.BHO) -> Quarantined and deleted successfully. C:\WINDOWS\system32\myss_sb_uninstall.exe (Trojan.BHO) -> Quarantined and deleted successfully. C:\WINDOWS\system32\rqRlJcBQ.dll__DELETE_ON_REBOOT (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\rwwnw64d.exe (Adware.ZenoSearch) -> Quarantined and deleted successfully. C:\WINDOWS\system32\sa27d.exe (Adware.EZlife) -> Quarantined and deleted successfully. C:\WINDOWS\system32\sa3d.exe (Adware.EZlife) -> Quarantined and deleted successfully. C:\WINDOWS\system32\u61.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\ucrbeeyg.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\gside.exe (Trojan.BHO) -> Quarantined and deleted successfully. C:\WINDOWS\system32\jpwnw64s.exe (Adware.ZenoSearch) -> Quarantined and deleted successfully. C:\WINDOWS\system32\buhkcbou.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\byXpOEww.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\wvUmjkIa.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\ati2cqa.dll (Malware.Packer.Gen) -> Quarantined and deleted successfully. C:\WINDOWS\system32\qswmcdfx.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\go28d.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\go32d.exe (Adware.BHO) -> Quarantined and deleted successfully. C:\WINDOWS\system32\yvocgped.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\kcntqkdj.exe (Trojan.AdSpy) -> Quarantined and deleted successfully. C:\WINDOWS\system32\kcntqkdm.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\kcntqkdn.exe (Adware.ZenoSearch) -> Quarantined and deleted successfully. C:\WINDOWS\system32\{c5dde060-2b85-cce8-2a5e-16737c31aa2e}.dll-uninst.exe (Trojan.BHO) -> Quarantined and deleted successfully. C:\WINDOWS\system32\ddcCRJba.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\Documents and Settings\Johan van Sambeek\Local Settings\Temp\s33c (Trojan.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Mirjam van Sambeek\Local Settings\Temp\Antiphishing Component Update 1 (Trojan.BHO) -> Quarantined and deleted successfully. C:\Documents and Settings\Mirjam van Sambeek\Local Settings\Temp\NDR3B10.tmp (Adware.PurityScan) -> Quarantined and deleted successfully. C:\Documents and Settings\Mirjam van Sambeek\Local Settings\Temp\tmpAE45.tmp (Trojan.BHO) -> Quarantined and deleted successfully. C:\Documents and Settings\Mirjam van Sambeek\Local Settings\Temp\tmpFAE.tmp (Trojan.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Rob van Sambeek\Local Settings\Temp\BrowserHotfix10.exe (Adware.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Rob van Sambeek\Local Settings\Temp\BrowserHotfix2.exe (Trojan.BHO) -> Quarantined and deleted successfully. C:\Documents and Settings\Rob van Sambeek\Local Settings\Temp\COM Security Update Level 10 (Adware.BHO) -> Quarantined and deleted successfully. C:\Documents and Settings\Rob van Sambeek\Local Settings\Temp\COM Security Update Level 9 (Adware.BHO) -> Quarantined and deleted successfully. C:\Documents and Settings\Johan van Sambeek\Local Settings\Temporary Internet Files\Content.IE5\NXCT6CNP\setup[1].exe (Trojan.BHO) -> Quarantined and deleted successfully. C:\Documents and Settings\Johan van Sambeek\Local Settings\Temporary Internet Files\Content.IE5\SVA1N9ZZ\get_file[1].php (Adware.BHO) -> Quarantined and deleted successfully. C:\Documents and Settings\Rob van Sambeek\Local Settings\Temporary Internet Files\Content.IE5\LAEX0ADU\setup[1].exe (Adware.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Mirjam van Sambeek\Application Data\WinTouch\wintouch.cfg (Adware.WinPop) -> Quarantined and deleted successfully. C:\Program Files\nvcoi\mst.stt (Trojan.Stars) -> Quarantined and deleted successfully. C:\Program Files\OINAnalytics\OINAnalytics2.dll (Trojan.Agent) -> Quarantined and deleted successfully. C:\Program Files\OINAnalytics\Uninstall.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\Program Files\Outerinfo\OiUninstaller.exe (Adware.PurityScan) -> Quarantined and deleted successfully. C:\Program Files\Outerinfo\outerinfo.ico (Adware.PurityScan) -> Quarantined and deleted successfully. C:\Program Files\Outerinfo\Terms.rtf (Adware.PurityScan) -> Quarantined and deleted successfully. C:\Program Files\Outerinfo\FF\chrome.manifest (Adware.PurityScan) -> Quarantined and deleted successfully. C:\Program Files\Outerinfo\FF\install.rdf (Adware.PurityScan) -> Quarantined and deleted successfully. C:\Program Files\Outerinfo\FF\components\FF.dll (Adware.PurityScan) -> Quarantined and deleted successfully. C:\Program Files\Outerinfo\FF\components\OuterinfoAds.xpt (Adware.PurityScan) -> Quarantined and deleted successfully. C:\Documents and Settings\All Users\Menu Start\Programma's\AntiSpywareMaster\AntiSpywareMaster.lnk (Rogue.AntiSpywareMaster) -> Quarantined and deleted successfully. C:\Documents and Settings\All Users\Menu Start\Programma's\AntiSpywareMaster\Uninstall AntiSpywareMaster.lnk (Rogue.AntiSpywareMaster) -> Quarantined and deleted successfully. C:\Documents and Settings\Johan van Sambeek\Menu Start\Programma's\MalwareAlarm\MalwareAlarm.lnk (Rogue.Malware.Alarm) -> Quarantined and deleted successfully. C:\Documents and Settings\Johan van Sambeek\Menu Start\Programma's\MalwareAlarm\Uninstall.lnk (Rogue.Malware.Alarm) -> Quarantined and deleted successfully. C:\Documents and Settings\Mirjam van Sambeek\Menu Start\Programma's\Outerinfo\Terms.lnk (Malware.Trace) -> Quarantined and deleted successfully. C:\Documents and Settings\Mirjam van Sambeek\Menu Start\Programma's\Outerinfo\Uninstall.lnk (Malware.Trace) -> Quarantined and deleted successfully. C:\WINDOWS\system32\bharebio18\bharebio182328.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Johan van Sambeek\Application Data\Microsoft\Internet Explorer\Quick Launch\AntiSpywareMaster.lnk (Rogue.AntiSpyware) -> Quarantined and deleted successfully. C:\Documents and Settings\Mirjam van Sambeek\Application Data\Microsoft\Internet Explorer\Quick Launch\AntiSpywareMaster.lnk (Rogue.AntiSpyware) -> Quarantined and deleted successfully. C:\Documents and Settings\Johan van Sambeek\Menu Start\Programma's\Opstarten\Deewoo.lnk (Malware.Links) -> Quarantined and deleted successfully. C:\Documents and Settings\Mirjam van Sambeek\Menu Start\Programma's\Opstarten\Deewoo.lnk (Malware.Links) -> Quarantined and deleted successfully. C:\Documents and Settings\Johan van Sambeek\Menu Start\Programma's\Opstarten\DW_Start.lnk (Malware.Links) -> Quarantined and deleted successfully. C:\Documents and Settings\Mirjam van Sambeek\Menu Start\Programma's\Opstarten\DW_Start.lnk (Malware.Links) -> Quarantined and deleted successfully. C:\WINDOWS\system32\byXNDsSI.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\cbswpbrk.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\cbXPhfEX.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\ClickToFindandFixErrorsIntl.ico (Malware.Trace) -> Quarantined and deleted successfully. C:\WINDOWS\system32\ClickToFindandFixErrors_Intl.ico (Malware.Trace) -> Quarantined and deleted successfully. C:\WINDOWS\system32\ClickToFindandFixErrors_RON.ico (Malware.Trace) -> Quarantined and deleted successfully. C:\WINDOWS\system32\efccdCSJ.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\geBspnMC.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\jkkHBSIx.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\jkkLbBUK.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\msnav32.ax (Malware.Trace) -> Quarantined and deleted successfully. C:\WINDOWS\system32\pac.txt (Malware.Trace) -> Quarantined and deleted successfully. C:\WINDOWS\system32\tuvUKcAs.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\tuvWnoNG.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\urqQgFXo.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\winpfz33.sys (Malware.Trace) -> Quarantined and deleted successfully. C:\WINDOWS\system32\xxyxVlMd.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\zxdnt3d.cfg (Malware.Trace) -> Quarantined and deleted successfully. C:\WINDOWS\system32\zxdnt3d.cfg. (Adware.ZenoSearch) -> Quarantined and deleted successfully. C:\WINDOWS\BMb3a541cf.txt (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\BMb3a541cf.xml (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\cookies.ini (Malware.Trace) -> Quarantined and deleted successfully. C:\WINDOWS\pskt.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
