Ga naar inhoud

Sjmur

Lid
  • Items

    25
  • Registratiedatum

  • Laatst bezocht

Alles dat geplaatst werd door Sjmur

  1. Gedaan CCcleaner gebruik ik overigens al regelmatig
  2. Het ziet er naar uit dat hij weer goed is(?)
  3. MBAM: Malwarebytes' Anti-Malware 1.50.1.1100 Malwarebytes : Free anti-malware, anti-virus and spyware removal download Databaseversie: 6734 Windows 6.0.6000 Internet Explorer 7.0.6000.16890 31-5-2011 20:37:35 mbam-log-2011-05-31 (20-37-35).txt Scantype: Snelle scan Objecten gescand: 150889 Verstreken tijd: 11 minuut/minuten, 41 seconde(n) Geheugenprocessen geïnfecteerd: 0 Geheugenmodulen geïnfecteerd: 0 Registersleutels geïnfecteerd: 1 Registerwaarden geïnfecteerd: 0 Registerdata geïnfecteerd: 0 Mappen geïnfecteerd: 0 Bestanden geïnfecteerd: 0 Geheugenprocessen geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Geheugenmodulen geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Registersleutels geïnfecteerd: HKEY_CURRENT_USER\SOFTWARE\wnxmal (Rogue.SecuritySuite) -> Quarantined and deleted successfully. Registerwaarden geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Registerdata geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Mappen geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Bestanden geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) HiJack: [ATTACH]11082[/ATTACH] hijackthis.log
  4. Ah via de opgezochte map (C: etc..) kon ik hem nu wel als administrator runnen, dankjewel bijgevoegd de log: [ATTACH]11081[/ATTACH] HiJackkladblok.txt
  5. Beste pc-helpforum, Mijn laptop doet de laatste tijd een beetje raar en ik wilde vragen of jullie aan de hand van het HiJack log kunnen zien of er ergens iets niet klopt en zoja, wat ik moet verwijderen. (kan hem niet als 'administrator' runnen dus hoop dat het zo ook goed is) Alvast enorm bedankt [ATTACH]11078[/ATTACH] HiJack.log
  6. IK had voor combofix al geen meldingen meer maar die askdisbar (ofzoiets) die kon ik steeds niet vinden om te verwijderen dus ik neem aan dat die nu wel verwijderd is Moet ik nu nog meer dingen doen? (combofix ed. verwijderen?) In ieder geval al heel erg bedankt!
  7. Gelukt (Heb overigens combofix weer in de veilige modus moeten laten lopen want hij deed het weer niet in de normale modus) Combofix logje: ComboFix 10-09-24.05 - 29416 26-09-2010 14:18:14.2.2 - x86 NETWORK Microsoft Windows XP Professional 5.1.2600.3.1252.31.1043.18.2043.1730 [GMT 2:00] Gestart vanuit: c:\documents and settings\Administrator.ACERTM\Bureaublad\ComboFix.exe gebruikte Opdracht switches :: c:\documents and settings\Administrator.ACERTM\Bureaublad\CFScript.txt AV: Sophos Anti-Virus *On-access scanning disabled* (Updated) {3F13C776-3CBE-4DE9-8BF6-09E5183CA2BD} . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\Administrator.ACERTM\Local Settings\Application Data\qeicjqlbk c:\program files\AskBarDis . (((((((((((((((((((( Bestanden Gemaakt van 2010-08-26 to 2010-09-26 )))))))))))))))))))))))))))))) . 2010-09-26 09:43 . 2010-09-26 09:43 -------- d-----r- c:\documents and settings\LocalService\Favorieten 2010-09-26 09:43 . 2010-09-26 09:43 -------- d--h--r- c:\documents and settings\LocalService\Onlangs geopend 2010-09-26 09:43 . 2010-09-26 09:43 -------- d-----w- c:\documents and settings\LocalService\Menu Start 2010-09-26 09:43 . 2010-09-26 09:43 -------- d-----w- c:\documents and settings\LocalService\Bureaublad 2010-09-24 21:19 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-09-12 12:38 . 2010-09-24 21:19 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-09-12 12:26 . 2010-09-12 12:26 388096 ----a-r- c:\documents and settings\Administrator.ACERTM\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe 2010-09-12 12:26 . 2010-09-12 12:26 -------- d-----w- c:\program files\Trend Micro 2010-09-12 10:29 . 2010-09-12 10:29 -------- d-sh--w- c:\windows\ftpcache 2010-09-11 20:43 . 2008-04-13 22:10 34688 -c--a-w- c:\windows\system32\dllcache\lbrtfdc.sys 2010-09-11 20:43 . 2008-04-13 22:10 34688 ----a-w- c:\windows\system32\drivers\lbrtfdc.sys 2010-09-11 20:43 . 2008-04-13 22:11 8576 -c--a-w- c:\windows\system32\dllcache\i2omgmt.sys 2010-09-11 20:43 . 2008-04-13 22:11 8576 ----a-w- c:\windows\system32\drivers\i2omgmt.sys 2010-09-11 20:43 . 2008-04-13 22:11 8192 -c--a-w- c:\windows\system32\dllcache\changer.sys 2010-09-11 20:43 . 2008-04-13 22:11 8192 ----a-w- c:\windows\system32\drivers\changer.sys . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-09-26 12:12 . 2008-12-02 15:51 -------- d-----w- c:\documents and settings\Administrator.ACERTM\Application Data\SoftGrid Client 2010-09-26 12:11 . 2009-04-29 13:57 -------- d-----w- c:\documents and settings\Administrator.ACERTM\Application Data\DNA 2010-09-26 10:37 . 2009-04-29 13:57 -------- d-----w- c:\program files\DNA 2010-09-25 10:06 . 2008-12-01 13:50 -------- d-----w- c:\program files\Launch Manager 2010-09-24 17:27 . 2009-10-12 17:30 -------- d-----w- c:\documents and settings\Administrator.ACERTM\Application Data\Microgaming 2010-09-16 15:36 . 2008-12-19 12:16 -------- d-----w- c:\documents and settings\Administrator.ACERTM\Application Data\U3 2010-09-12 12:17 . 2004-08-04 11:00 726566 ----a-w- c:\windows\system32\perfh013.dat 2010-09-12 12:17 . 2004-08-04 11:00 206444 ----a-w- c:\windows\system32\perfc013.dat 2010-09-12 01:57 . 2010-07-20 18:19 -------- d-----w- c:\program files\Microsoft Silverlight 2010-08-31 11:56 . 2009-04-29 13:57 -------- d-----w- c:\program files\BitTorrent 2010-08-30 17:09 . 2009-04-29 13:57 -------- d-----w- c:\documents and settings\Administrator.ACERTM\Application Data\BitTorrent 2010-08-19 15:34 . 2008-12-01 15:25 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help 2010-08-09 08:37 . 2009-01-06 08:19 -------- d-----w- c:\program files\Foxit Software 2010-08-09 08:36 . 2009-01-06 09:32 -------- d-----w- c:\program files\Google 2010-08-04 17:41 . 2010-06-29 23:27 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton 2010-08-04 13:32 . 2008-12-01 15:47 -------- d-----w- c:\program files\Common Files\Symantec Shared 2010-07-01 07:51 . 2010-07-01 07:51 501936 ----a-w- c:\documents and settings\All Users\Application Data\Google\Google Toolbar\Update\gtb2A6.tmp.exe 2010-06-30 12:33 . 2008-04-14 20:32 149504 ----a-w- c:\windows\system32\schannel.dll 2010-06-29 21:48 . 2010-06-29 21:48 501936 ----a-w- c:\documents and settings\All Users\Application Data\Google\Google Toolbar\Update\gtb296.tmp.exe 2010-06-28 16:12 . 2010-06-28 16:12 501936 ----a-w- c:\documents and settings\All Users\Application Data\Google\Google Toolbar\Update\gtb27E.tmp.exe . ------- Sigcheck ------- [-] 2008-11-21 . D9B2AA9ADACDE33FF18A010ADF2EBF18 . 1571840 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MsnMsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856] "igndlm.exe"="c:\program files\Download Manager\DLM.exe" [2008-08-01 1103216] "BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2009-10-17 323392] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-11-24 39408] "Pando Media Booster"="c:\program files\Pando Networks\Media Booster\PMB.exe" [2010-04-23 2938552] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "AzMixerSel"="c:\program files\Realtek\Audio\InstallShield\AzMixerSel.exe" [2008-08-05 53248] "RTHDCPL"="RTHDCPL.EXE" [2008-08-05 16862208] "LManager"="c:\progra~1\LAUNCH~1\QtZgAcer.EXE" [2008-08-05 858632] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-08-05 1028096] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-08-05 13541376] "nwiz"="nwiz.exe" [2008-08-05 1630208] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-08-05 86016] "NGClient"="c:\program files\Symantec\Ghost\ngctw32.exe" [2005-11-28 440000] "SoftGridTray"="c:\program files\Softricity\SoftGrid for Windows Desktops\SFTTray.exe" [2007-12-13 316440] "Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2006-11-03 866584] "Synchronization Manager"="c:\windows\system32\mobsync.exe" [2008-04-14 144384] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-09-04 417792] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-09-21 305440] "Freecorder FLV Service"="c:\program files\Freecorder\FLVSrvc.exe" [2009-11-15 158752] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-12-10 149280] "NACAgentUI"="c:\program files\Cisco\Cisco NAC Agent\NACAgentUI.exe" [2010-02-05 454400] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] "DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2008-11-04 435096] c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\ Microsoft Firewall Client Management.lnk - c:\program files\Microsoft Firewall Client 2004\FwcMgmt.exe [2006-12-9 117568] Sophos AutoUpdate Monitor.lnk - c:\program files\Sophos\AutoUpdate\ALMon.exe [2010-1-11 429096] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "NoPublishingWizard"= 0 (0x0) "NoWebServices"= 0 (0x0) "NoOnlinePrintsWizard"= 0 (0x0) [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Authentication Packages REG_MULTI_SZ msv1_0 nwprovau [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1645522239-562591055-839522115-3611\Scripts\Logoff\0\0] "Script"=\\edu.sintlucas.nl\NETLOGON\DiscoPrinters.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1645522239-562591055-839522115-3611\Scripts\Logoff\1\0] "Script"=\\edu.sintlucas.nl\NETLOGON\llogoff.vbs [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1645522239-562591055-839522115-3611\Scripts\Logon\0\0] "Script"=\\edu.sintlucas.nl\netlogon\logon_script.vbs [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1645522239-562591055-839522115-3611\Scripts\Logon\0\1] "Script"=\\edu.sintlucas.nl\netlogon\connect_printer.vbs [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1645522239-562591055-839522115-3611\Scripts\Logon\0\2] "Script"=regedit.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1645522239-562591055-839522115-3611\Scripts\Logon\1\0] "Script"=\\edu.sintlucas.nl\NETLOGON\llogin.vbs [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1645522239-562591055-839522115-3611\Scripts\Logon\2\0] "Script"=regedit.exe [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend] @="Service" [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SophosAntiVirus] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Symantec\\Ghost\\ngctw32.exe"= "c:\\Program Files\\DNA\\btdna.exe"= "c:\\Program Files\\BitTorrent\\bittorrent.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009 "57349:TCP"= 57349:TCP:Pando Media Booster "57349:UDP"= 57349:UDP:Pando Media Booster R0 GhMon;GhostMountMonitor - Boot Phase Driver;c:\windows\system32\drivers\GhMon.sys [28-11-2005 18:35 6560] R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [3-11-2006 20:19 13592] S0 GhPostConfig;GhostPostConfig - Boot Phase Driver;c:\windows\system32\drivers\ghpcw2k.sys [28-11-2005 18:36 199264] S1 SAVOnAccessControl;SAVOnAccessControl;c:\windows\system32\drivers\savonaccesscontrol.sys [1-12-2008 17:48 152192] S1 SAVOnAccessFilter;SAVOnAccessFilter;c:\windows\system32\drivers\savonaccessfilter.sys [1-12-2008 17:48 24064] S2 EQSharedEngine;EQ Shared Engine;c:\program files\Equitrac\Express\Client\EQSharedEngine.exe [19-2-2007 16:44 1521192] S2 FwcAgent;Firewall Client Agent;c:\program files\Microsoft Firewall Client 2004\FwcAgent.exe [9-12-2006 20:04 128832] S2 GhPostConfig_Auto;GhostPostConfig - Auto Phase Driver;c:\windows\system32\drivers\ghpcw2k.sys [28-11-2005 18:36 199264] S2 gupdate1ca701517d126cc;Google Updateservice (gupdate1ca701517d126cc);c:\program files\Google\Update\GoogleUpdate.exe [28-11-2009 12:25 133104] S2 NACAgent;Cisco NAC Agent;c:\program files\Cisco\Cisco NAC Agent\NACAgent.exe [5-2-2010 17:28 742144] S2 NGClient;Symantec Ghost Win32 Client Agent;c:\program files\Symantec\Ghost\ngctw32.exe [28-11-2005 19:26 440000] S2 SAVAdminService;Sophos Anti-Virus status reporter;c:\program files\Sophos\Sophos Anti-Virus\SAVAdminService.exe [11-1-2010 13:09 104488] S2 SAVService;Sophos Anti-Virus;c:\program files\Sophos\Sophos Anti-Virus\SavService.exe [11-1-2010 13:10 93736] S2 sftlist;SoftGrid Client;c:\program files\Softricity\SoftGrid for Windows Desktops\sftlist.exe [13-12-2007 20:02 549912] S3 cxbu0wdm;CardMan 3x21;c:\windows\system32\drivers\cxbu0wdm.sys [28-2-2007 10:38 91008] S3 JMCR;JMCR;c:\windows\system32\drivers\jmcr.sys [20-11-2008 13:50 80784] S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [15-1-2010 14:49 227232] S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32.sys [1-12-2008 15:22 39072] S3 sdcfilter;sdcfilter;c:\windows\system32\drivers\sdcfilter.sys [11-1-2010 13:09 23928] S3 sftfs;sftfs;c:\program files\Softricity\SoftGrid for Windows Desktops\drivers\SftFSXP.sys [13-12-2007 20:02 565784] S3 sftplay;sftplay;c:\program files\Softricity\SoftGrid for Windows Desktops\drivers\sftplayxp.sys [13-12-2007 20:01 149144] S3 sftvol;sftvol;c:\program files\Softricity\SoftGrid for Windows Desktops\drivers\SftVolXP.sys [13-12-2007 20:01 15896] S3 sftvsa;SoftGrid Virtual Service Agent;c:\program files\Softricity\SoftGrid for Windows Desktops\sftvsa.exe [13-12-2007 20:02 205848] S4 SophosBootDriver;SophosBootDriver;c:\windows\system32\drivers\SophosBootDriver.sys [1-12-2008 17:52 14976] --- Andere Services/Drivers In Geheugen --- *NewlyCreated* - MDMXSDK [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\aetsprov] 2008-06-02 08:32 81920 ----a-w- c:\windows\system32\aetsprov.dll . Inhoud van de 'Gedeelde Taken' map 2010-08-31 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34] 2010-09-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-11-28 10:25] 2010-09-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-11-28 10:25] 2010-09-26 c:\windows\Tasks\MP Scheduled Scan.job - c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 18:20] 2010-09-25 c:\windows\Tasks\New scan.job - c:\program files\Sophos\Sophos Anti-Virus\BackgroundScanClient.exe [2010-01-11 11:08] . . ------- Bijkomende Scan ------- . uStart Page = hxxp://www.google.nl/ uInternet Connection Wizard,ShellNext = iexplore uInternet Settings,ProxyOverride = <local> uSearchURL,(Default) = hxxp://g.msn.nl/0SENLNL/SAOS01?FORM=TOOLBR IE: Add to Windows &Live Favorites - Welcome to Windows Live IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html IE: Verzenden naar &Bluetooth-apparaat... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm LSP: c:\program files\Microsoft Firewall Client 2004\FwcWsp.dll DPF: {4D2D3A17-9B46-483C-A5F4-1DC471080009} - hxxps://cas.edu.sintlucas.nl/auth/taweb.cab DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://game06.zylom.com/activex/zylomgamesplayer.cab DPF: {C9D7D239-B502-48B3-BA25-9DF8C7264073} - hxxps://cas.edu.sintlucas.nl/auth/CCALogin.CAB . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover Rootkit scan 2010-09-26 14:21 Windows 5.1.2600 Service Pack 3 NTFS scannen van verborgen processen ... scannen van verborgen autostart items ... scannen van verborgen bestanden ... Scan succesvol afgerond verborgen bestanden: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Sophos Message Router] "ImagePath"="\"c:\program files\Sophos\Remote Management System\RouterNT.exe\" -service -name Router -ORBListenEndpoints iiop://:8193/ssl_port=8194" . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- [HKEY_USERS\S-1-5-21-329068152-220523388-682003330-500\Software\Microsoft\Internet Explorer\User Preferences] @Denied: (2) (Administrator) "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,96,61,ee,4c,ad,73,02,4a,ad,15,cd,\ "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,96,61,ee,4c,ad,73,02,4a,ad,15,cd,\ . --------------------- DLLs Geladen Onder Lopende Processen --------------------- - - - - - - - > 'winlogon.exe'(824) c:\windows\system32\aetgina1.dll . Voltooingstijd: 2010-09-26 14:22:35 ComboFix-quarantined-files.txt 2010-09-26 12:22 ComboFix2.txt 2010-09-26 10:42 Pre-Run: 24.227.610.624 bytes beschikbaar Post-Run: 24.272.211.968 bytes beschikbaar WindowsXP-KB310994-SP2-Pro-BootDisk-NLD.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons UnsupportedDebug="do not select this" /debug multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect - - End Of File - - D5332A0E7E44F3E9FA20F171435D6859 HiJack logje: Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 14:24:14, on 26-9-2010 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Safe mode with network support Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\explorer.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = Bing R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O2 - BHO: Sophos Web Content Scanner - {39EA7695-B3F2-4C44-A4BC-297ADA8FD235} - C:\Program Files\Sophos\Sophos Anti-Virus\SophosBHO.dll O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\Audio\InstallShield\AzMixerSel.exe O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [NGClient] C:\Program Files\Symantec\Ghost\ngctw32.exe O4 - HKLM\..\Run: [softGridTray] C:\Program Files\Softricity\SoftGrid for Windows Desktops\SFTTray.exe /autostart O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide O4 - HKLM\..\Run: [synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [Freecorder FLV Service] "C:\Program Files\Freecorder\FLVSrvc.exe" /run O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [NACAgentUI] C:\Program Files\Cisco\Cisco NAC Agent\NACAgentUI.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [igndlm.exe] C:\Program Files\Download Manager\DLM.exe /windowsstart /startifwork O4 - HKCU\..\Run: [bitTorrent DNA] "C:\Program Files\DNA\btdna.exe" O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" O4 - HKCU\..\Run: [Pando Media Booster] C:\Program Files\Pando Networks\Media Booster\PMB.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Microsoft Firewall Client Management.lnk = C:\Program Files\Microsoft Firewall Client 2004\FwcMgmt.exe O4 - Global Startup: Sophos AutoUpdate Monitor.lnk = C:\Program Files\Sophos\AutoUpdate\ALMon.exe O8 - Extra context menu item: Add to Windows &Live Favorites - Welcome to Windows Live O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html O8 - Extra context menu item: Verzenden naar &Bluetooth-apparaat... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra button: Unibet - {00000000-0000-0000-0000-000000000000} - C:\MicroGaming\Poker\unibetpokerMPP\MPPoker.exe (HKCU) O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll O16 - DPF: {15B782AF-55D8-11D1-B477-006097098764} (Macromedia Authorware Web Player Control) - http://www.bio.uu.nl/~cpio/modules/awswaxd.cab O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.7.109.cab O16 - DPF: {4D2D3A17-9B46-483C-A5F4-1DC471080009} (Cisco NAC Web Agent Control) - https://cas.edu.sintlucas.nl/auth/taweb.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1228218961597 O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game06.zylom.com/activex/zylomgamesplayer.cab O16 - DPF: {C9D7D239-B502-48B3-BA25-9DF8C7264073} (CCAWebLogin Control) - https://cas.edu.sintlucas.nl/auth/CCALogin.CAB O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = edu.sintlucas.nl O17 - HKLM\Software\..\Telephony: DomainName = edu.sintlucas.nl O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = edu.sintlucas.nl O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = edu.sintlucas.nl O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: Mobiel Apple apparaat (Apple Mobile Device) - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe O23 - Service: EQ Shared Engine (EQSharedEngine) - Equitrac - C:\Program Files\Equitrac\Express\Client\EQSharedEngine.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Google Updateservice (gupdate1ca701517d126cc) (gupdate1ca701517d126cc) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe O23 - Service: Cisco NAC Agent (NACAgent) - Cisco Systems, Inc. - C:\Program Files\Cisco\Cisco NAC Agent\NACAgent.exe O23 - Service: Symantec Ghost Win32 Client Agent (NGClient) - Symantec Corporation - C:\Program Files\Symantec\Ghost\ngctw32.exe O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Sophos Anti-Virus status reporter (SAVAdminService) - Sophos Plc - C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe O23 - Service: Sophos Anti-Virus (SAVService) - Sophos Plc - C:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe O23 - Service: SoftGrid Client (sftlist) - Softricity, Inc. - C:\Program Files\Softricity\SoftGrid for Windows Desktops\sftlist.exe O23 - Service: SoftGrid Virtual Service Agent (sftvsa) - Softricity, Inc. - C:\Program Files\Softricity\SoftGrid for Windows Desktops\sftvsa.exe O23 - Service: Sophos Agent - Sophos Plc - C:\Program Files\Sophos\Remote Management System\ManagementAgentNT.exe O23 - Service: Sophos AutoUpdate Service - Sophos Plc - C:\Program Files\Sophos\AutoUpdate\ALsvc.exe O23 - Service: Sophos Message Router - Sophos Plc - C:\Program Files\Sophos\Remote Management System\RouterNT.exe -- End of file - 10450 bytes
  8. Gelukt ComboFix 10-09-24.05 - 29416 26-09-2010 11:43:12.1.2 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.31.1043.18.2043.1515 [GMT 2:00] Gestart vanuit: c:\documents and settings\Administrator.ACERTM\Bureaublad\ComboFix.exe AV: Sophos Anti-Virus *On-access scanning disabled* (Updated) {3F13C776-3CBE-4DE9-8BF6-09E5183CA2BD} WAARSCHUWING - DE RECOVERY CONSOLE IS NIET OP DIT SYSTEEM GEINSTALLEERD !! . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\Administrator.ACERTM\Application Data\.# c:\documents and settings\Administrator.ACERTM\Application Data\ShoppingReport c:\documents and settings\Administrator.ACERTM\Application Data\ShoppingReport\cs\Config.xml c:\documents and settings\Administrator.ACERTM\Application Data\ShoppingReport\cs\db\Aliases.dbs c:\documents and settings\Administrator.ACERTM\Application Data\ShoppingReport\cs\db\Sites.dbs c:\documents and settings\Administrator.ACERTM\Application Data\ShoppingReport\cs\dwld\WhiteList.xip c:\documents and settings\Administrator.ACERTM\Application Data\ShoppingReport\cs\report\aggr_storage.xml c:\documents and settings\Administrator.ACERTM\Application Data\ShoppingReport\cs\report\send_storage.xml c:\documents and settings\Administrator.ACERTM\Application Data\ShoppingReport\cs\res1\WhiteList.dbs c:\documents and settings\Administrator.ACERTM\Launcher.exe c:\documents and settings\Administrator.ACERTM\Menu Start\Programma's\Security Tool.lnk c:\documents and settings\Administrator.ACERTM\System c:\documents and settings\Administrator.ACERTM\System\win_qs8.jqx c:\program files\ShoppingReport Besmet exemplaar van c:\windows\system32\drivers\dmload.sys werd aangetroffen en gedesinfecteerd Hersteld exemplaar van - Kitty had a snack . (((((((((((((((((((( Bestanden Gemaakt van 2010-08-26 to 2010-09-26 )))))))))))))))))))))))))))))) . 2010-09-26 09:43 . 2010-09-26 09:43 -------- d-----r- c:\documents and settings\LocalService\Favorieten 2010-09-26 09:43 . 2010-09-26 09:43 -------- d--h--r- c:\documents and settings\LocalService\Onlangs geopend 2010-09-26 09:43 . 2010-09-26 09:43 -------- d-----w- c:\documents and settings\LocalService\Menu Start 2010-09-26 09:43 . 2010-09-26 09:43 -------- d-----w- c:\documents and settings\LocalService\Bureaublad 2010-09-24 21:19 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-09-12 12:38 . 2010-09-24 21:19 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-09-12 12:26 . 2010-09-12 12:26 388096 ----a-r- c:\documents and settings\Administrator.ACERTM\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe 2010-09-12 12:26 . 2010-09-12 12:26 -------- d-----w- c:\program files\Trend Micro 2010-09-12 10:29 . 2010-09-12 10:29 -------- d-sh--w- c:\windows\ftpcache 2010-09-11 20:43 . 2008-04-13 22:10 34688 -c--a-w- c:\windows\system32\dllcache\lbrtfdc.sys 2010-09-11 20:43 . 2008-04-13 22:10 34688 ----a-w- c:\windows\system32\drivers\lbrtfdc.sys 2010-09-11 20:43 . 2008-04-13 22:11 8576 -c--a-w- c:\windows\system32\dllcache\i2omgmt.sys 2010-09-11 20:43 . 2008-04-13 22:11 8576 ----a-w- c:\windows\system32\drivers\i2omgmt.sys 2010-09-11 20:43 . 2008-04-13 22:11 8192 -c--a-w- c:\windows\system32\dllcache\changer.sys 2010-09-11 20:43 . 2008-04-13 22:11 8192 ----a-w- c:\windows\system32\drivers\changer.sys 2010-09-11 20:42 . 2010-09-15 23:08 -------- d-----w- c:\documents and settings\Administrator.ACERTM\Local Settings\Application Data\qeicjqlbk . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-09-26 10:37 . 2009-04-29 13:57 -------- d-----w- c:\program files\DNA 2010-09-26 10:37 . 2009-04-29 13:57 -------- d-----w- c:\documents and settings\Administrator.ACERTM\Application Data\DNA 2010-09-26 10:33 . 2008-12-02 15:51 -------- d-----w- c:\documents and settings\Administrator.ACERTM\Application Data\SoftGrid Client 2010-09-25 10:06 . 2008-12-01 13:50 -------- d-----w- c:\program files\Launch Manager 2010-09-24 17:27 . 2009-10-12 17:30 -------- d-----w- c:\documents and settings\Administrator.ACERTM\Application Data\Microgaming 2010-09-16 15:36 . 2008-12-19 12:16 -------- d-----w- c:\documents and settings\Administrator.ACERTM\Application Data\U3 2010-09-12 12:17 . 2004-08-04 11:00 726566 ----a-w- c:\windows\system32\perfh013.dat 2010-09-12 12:17 . 2004-08-04 11:00 206444 ----a-w- c:\windows\system32\perfc013.dat 2010-09-12 12:11 . 2009-03-11 12:32 -------- d-----w- c:\program files\AskBarDis 2010-09-12 01:57 . 2010-07-20 18:19 -------- d-----w- c:\program files\Microsoft Silverlight 2010-08-31 11:56 . 2009-04-29 13:57 -------- d-----w- c:\program files\BitTorrent 2010-08-30 17:09 . 2009-04-29 13:57 -------- d-----w- c:\documents and settings\Administrator.ACERTM\Application Data\BitTorrent 2010-08-19 15:34 . 2008-12-01 15:25 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help 2010-08-09 08:37 . 2009-01-06 08:19 -------- d-----w- c:\program files\Foxit Software 2010-08-09 08:36 . 2009-01-06 09:32 -------- d-----w- c:\program files\Google 2010-08-04 17:41 . 2010-06-29 23:27 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton 2010-08-04 13:32 . 2008-12-01 15:47 -------- d-----w- c:\program files\Common Files\Symantec Shared 2010-07-01 07:51 . 2010-07-01 07:51 501936 ----a-w- c:\documents and settings\All Users\Application Data\Google\Google Toolbar\Update\gtb2A6.tmp.exe 2010-06-30 12:33 . 2008-04-14 20:32 149504 ----a-w- c:\windows\system32\schannel.dll 2010-06-29 21:48 . 2010-06-29 21:48 501936 ----a-w- c:\documents and settings\All Users\Application Data\Google\Google Toolbar\Update\gtb296.tmp.exe 2010-06-28 16:12 . 2010-06-28 16:12 501936 ----a-w- c:\documents and settings\All Users\Application Data\Google\Google Toolbar\Update\gtb27E.tmp.exe . ------- Sigcheck ------- [-] 2008-11-21 . D9B2AA9ADACDE33FF18A010ADF2EBF18 . 1571840 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1392b8d2-5c05-419f-a8f6-b9f15a596612}] 2010-09-09 19:19 2735200 ----a-w- c:\program files\Freecorder\tbFre0.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{1392b8d2-5c05-419f-a8f6-b9f15a596612}"= "c:\program files\Freecorder\tbFre0.dll" [2010-09-09 2735200] [HKEY_CLASSES_ROOT\clsid\{1392b8d2-5c05-419f-a8f6-b9f15a596612}] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser] "{1392B8D2-5C05-419F-A8F6-B9F15A596612}"= "c:\program files\Freecorder\tbFre0.dll" [2010-09-09 2735200] [HKEY_CLASSES_ROOT\clsid\{1392b8d2-5c05-419f-a8f6-b9f15a596612}] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MsnMsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856] "igndlm.exe"="c:\program files\Download Manager\DLM.exe" [2008-08-01 1103216] "BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2009-10-17 323392] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-11-24 39408] "Pando Media Booster"="c:\program files\Pando Networks\Media Booster\PMB.exe" [2010-04-23 2938552] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "AzMixerSel"="c:\program files\Realtek\Audio\InstallShield\AzMixerSel.exe" [2008-08-05 53248] "RTHDCPL"="RTHDCPL.EXE" [2008-08-05 16862208] "LManager"="c:\progra~1\LAUNCH~1\QtZgAcer.EXE" [2008-08-05 858632] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-08-05 1028096] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-08-05 13541376] "nwiz"="nwiz.exe" [2008-08-05 1630208] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-08-05 86016] "NGClient"="c:\program files\Symantec\Ghost\ngctw32.exe" [2005-11-28 440000] "SoftGridTray"="c:\program files\Softricity\SoftGrid for Windows Desktops\SFTTray.exe" [2007-12-13 316440] "Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2006-11-03 866584] "Synchronization Manager"="c:\windows\system32\mobsync.exe" [2008-04-14 144384] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-09-04 417792] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-09-21 305440] "Freecorder FLV Service"="c:\program files\Freecorder\FLVSrvc.exe" [2009-11-15 158752] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-12-10 149280] "NACAgentUI"="c:\program files\Cisco\Cisco NAC Agent\NACAgentUI.exe" [2010-02-05 454400] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] "DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2008-11-04 435096] c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\ Microsoft Firewall Client Management.lnk - c:\program files\Microsoft Firewall Client 2004\FwcMgmt.exe [2006-12-9 117568] Sophos AutoUpdate Monitor.lnk - c:\program files\Sophos\AutoUpdate\ALMon.exe [2010-1-11 429096] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "NoPublishingWizard"= 0 (0x0) "NoWebServices"= 0 (0x0) "NoOnlinePrintsWizard"= 0 (0x0) [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Authentication Packages REG_MULTI_SZ msv1_0 nwprovau [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1645522239-562591055-839522115-3611\Scripts\Logoff\0\0] "Script"=\\edu.sintlucas.nl\NETLOGON\DiscoPrinters.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1645522239-562591055-839522115-3611\Scripts\Logoff\1\0] "Script"=\\edu.sintlucas.nl\NETLOGON\llogoff.vbs [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1645522239-562591055-839522115-3611\Scripts\Logon\0\0] "Script"=\\edu.sintlucas.nl\netlogon\logon_script.vbs [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1645522239-562591055-839522115-3611\Scripts\Logon\0\1] "Script"=\\edu.sintlucas.nl\netlogon\connect_printer.vbs [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1645522239-562591055-839522115-3611\Scripts\Logon\0\2] "Script"=regedit.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1645522239-562591055-839522115-3611\Scripts\Logon\1\0] "Script"=\\edu.sintlucas.nl\NETLOGON\llogin.vbs [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1645522239-562591055-839522115-3611\Scripts\Logon\2\0] "Script"=regedit.exe [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend] @="Service" [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SophosAntiVirus] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Symantec\\Ghost\\ngctw32.exe"= "c:\\Program Files\\DNA\\btdna.exe"= "c:\\Program Files\\BitTorrent\\bittorrent.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009 "57349:TCP"= 57349:TCP:Pando Media Booster "57349:UDP"= 57349:UDP:Pando Media Booster R2 GhPostConfig_Auto;GhostPostConfig - Auto Phase Driver;c:\windows\system32\Drivers\ghpcw2k.sys [2005-11-28 199264] R2 gupdate1ca701517d126cc;Google Updateservice (gupdate1ca701517d126cc);c:\program files\Google\Update\GoogleUpdate.exe [2009-11-28 133104] R3 cxbu0wdm;CardMan 3x21;c:\windows\system32\DRIVERS\cxbu0wdm.sys [2007-02-28 91008] R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232] R3 sdcfilter;sdcfilter;c:\windows\system32\DRIVERS\sdcfilter.sys [2010-01-11 23928] R4 SophosBootDriver;SophosBootDriver;c:\windows\system32\DRIVERS\SophosBootDriver.sys [2009-05-20 14976] S0 GhMon;GhostMountMonitor - Boot Phase Driver;c:\windows\System32\Drivers\ghmon.sys [2005-11-28 6560] S0 GhPostConfig;GhostPostConfig - Boot Phase Driver;c:\windows\System32\Drivers\ghpcw2k.sys [2005-11-28 199264] S1 SAVOnAccessControl;SAVOnAccessControl;c:\windows\system32\DRIVERS\savonaccesscontrol.sys [2010-01-11 152192] S1 SAVOnAccessFilter;SAVOnAccessFilter;c:\windows\system32\DRIVERS\savonaccessfilter.sys [2010-01-11 24064] S2 EQSharedEngine;EQ Shared Engine;c:\program files\Equitrac\Express\Client\EQSharedEngine.exe [2007-02-19 1521192] S2 FwcAgent;Firewall Client Agent;c:\program files\Microsoft Firewall Client 2004\FwcAgent.exe [2006-12-09 128832] S2 NACAgent;Cisco NAC Agent;c:\program files\Cisco\Cisco NAC Agent\NACAgent.exe [2010-02-05 742144] S2 NGClient;Symantec Ghost Win32 Client Agent;c:\program files\Symantec\Ghost\ngctw32.exe [2005-11-28 440000] S2 SAVAdminService;Sophos Anti-Virus status reporter;c:\program files\Sophos\Sophos Anti-Virus\SAVAdminService.exe [2010-01-11 104488] S2 SAVService;Sophos Anti-Virus;c:\program files\Sophos\Sophos Anti-Virus\SavService.exe [2010-01-11 93736] S2 sftlist;SoftGrid Client;c:\program files\Softricity\SoftGrid for Windows Desktops\sftlist.exe [2007-12-13 549912] S2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [2006-11-03 13592] S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [2008-08-05 80784] S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32.sys [2008-08-05 39072] S3 sftfs;sftfs;c:\program files\Softricity\SoftGrid for Windows Desktops\drivers\sftfsXP.sys [2007-12-13 565784] S3 sftplay;sftplay;c:\program files\Softricity\SoftGrid for Windows Desktops\drivers\sftplayXP.sys [2007-12-13 149144] S3 sftvol;sftvol;c:\program files\Softricity\SoftGrid for Windows Desktops\drivers\sftvolXP.sys [2007-12-13 15896] S3 sftvsa;SoftGrid Virtual Service Agent;c:\program files\Softricity\SoftGrid for Windows Desktops\sftvsa.exe [2007-12-13 205848] --- Andere Services/Drivers In Geheugen --- *Deregistered* - uphcleanhlp [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\aetsprov] 2008-06-02 08:32 81920 ----a-w- c:\windows\system32\aetsprov.dll . Inhoud van de 'Gedeelde Taken' map 2010-08-31 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34] 2010-09-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-11-28 10:25] 2010-09-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-11-28 10:25] 2010-09-26 c:\windows\Tasks\MP Scheduled Scan.job - c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 18:20] 2010-09-25 c:\windows\Tasks\New scan.job - c:\program files\Sophos\Sophos Anti-Virus\BackgroundScanClient.exe [2010-01-11 11:08] . . ------- Bijkomende Scan ------- . uStart Page = hxxp://www.google.nl/ uInternet Connection Wizard,ShellNext = iexplore uInternet Settings,ProxyOverride = <local> uSearchURL,(Default) = hxxp://g.msn.nl/0SENLNL/SAOS01?FORM=TOOLBR IE: Add to Windows &Live Favorites - Welcome to Windows Live IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html IE: Verzenden naar &Bluetooth-apparaat... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm LSP: c:\program files\Microsoft Firewall Client 2004\FwcWsp.dll DPF: {4D2D3A17-9B46-483C-A5F4-1DC471080009} - hxxps://cas.edu.sintlucas.nl/auth/taweb.cab DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://game06.zylom.com/activex/zylomgamesplayer.cab DPF: {C9D7D239-B502-48B3-BA25-9DF8C7264073} - hxxps://cas.edu.sintlucas.nl/auth/CCALogin.CAB . - - - - ORPHANS VERWIJDERD - - - - WebBrowser-{3041D03E-FD4B-44E0-B742-2D9B88305F98} - c:\program files\AskBarDis\bar\bin\askBar.dll WebBrowser-{C3CD744D-2FAE-4640-8297-16B5DA423104} - (no file) AddRemove-Ask Toolbar_is1 - c:\program files\AskBarDis\unins000.exe ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover Rootkit scan 2010-09-26 12:36 Windows 5.1.2600 Service Pack 3 NTFS scannen van verborgen processen ... scannen van verborgen autostart items ... scannen van verborgen bestanden ... Scan succesvol afgerond verborgen bestanden: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Sophos Message Router] "ImagePath"="\"c:\program files\Sophos\Remote Management System\RouterNT.exe\" -service -name Router -ORBListenEndpoints iiop://:8193/ssl_port=8194" . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- [HKEY_USERS\S-1-5-21-329068152-220523388-682003330-500\Software\Microsoft\Internet Explorer\User Preferences] @Denied: (2) (Administrator) "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,96,61,ee,4c,ad,73,02,4a,ad,15,cd,\ "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,96,61,ee,4c,ad,73,02,4a,ad,15,cd,\ . --------------------- DLLs Geladen Onder Lopende Processen --------------------- - - - - - - - > 'winlogon.exe'(968) c:\windows\system32\aetgina1.dll - - - - - - - > 'explorer.exe'(2428) c:\documents and settings\Administrator.ACERTM\Local Settings\Application Data\FLVService\lib\FLVSrvLib.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\btncopy.dll c:\program files\Softricity\SoftGrid for Windows Desktops\sftshlx.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll c:\program files\Common Files\Adobe\Shell\idicon.dll c:\progra~1\MICROS~2\Office12\OLKFSTUB.DLL c:\program files\Common Files\Microsoft Shared\OFFICE12\MSOXEV.DLL . ------------------------ Andere Aktieve Processen ------------------------ . c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe c:\windows\System32\SCardSvr.exe c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe c:\program files\Bonjour\mDNSResponder.exe c:\program files\Java\jre6\bin\jqs.exe c:\program files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe c:\program files\CDBurnerXP\NMSAccessU.exe c:\windows\system32\nvsvc32.exe c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe c:\program files\Sophos\Remote Management System\ManagementAgentNT.exe c:\program files\Sophos\AutoUpdate\ALsvc.exe c:\program files\Sophos\Remote Management System\RouterNT.exe c:\program files\UPHClean\uphclean.exe c:\windows\system32\wbem\wmiapsrv.exe c:\program files\Softricity\SoftGrid for Windows Desktops\sftdcc.exe c:\windows\RTHDCPL.EXE c:\windows\system32\RUNDLL32.EXE c:\docume~1\ADMINI~1.ACE\LOCALS~1\Temp\RtkBtMnt.exe c:\program files\iPod\bin\iPodService.exe . ************************************************************************** . Voltooingstijd: 2010-09-26 12:42:29 - machine werd herstart ComboFix-quarantined-files.txt 2010-09-26 10:42 - - End Of File - - 403B2D1C3F2B61344125495ED17DFC56
  9. Combofix werkt niet als ik hem start dan krijg ik een pop-up met de titel: 32788R22FWJF\iexplore.exe en de melding: kan geen toegang tot het opgegeven apparaat, pad of bestand krijgen. MOgelijk hebt u geen toegangsmachtigingen voor het item. En ik krijg het niet weggeklikt want hij komt meteen weer terug
  10. Hmm nogsteeds hetzelfde probleem, hij stopt vanzelf tijdens het installeren Bijgevoegd de nieuwste HiJack log[ATTACH]6827[/ATTACH] Logfile of Trend Micro HijackThis v2.docx
  11. Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Databaseversie: 4599 Windows 5.1.2600 Service Pack 2 Internet Explorer 8.0.6001.18702 13-9-2010 11:15:53 mbam-log-2010-09-13 (11-15-53).txt Scantype: Snelle scan Objecten gescand: 278430 Verstreken tijd: 40 minuut/minuten, 6 seconde(n) Geheugenprocessen geïnfecteerd: 0 Geheugenmodulen geïnfecteerd: 0 Registersleutels geïnfecteerd: 0 Registerwaarden geïnfecteerd: 0 Registerdata geïnfecteerd: 0 Mappen geïnfecteerd: 0 Bestanden geïnfecteerd: 0 Geheugenprocessen geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Geheugenmodulen geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Registersleutels geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Registerwaarden geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Registerdata geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Mappen geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Bestanden geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd)
  12. HiJack: Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 10:34:30, on 13-9-2010 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Eset\nod32krn.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\HPZipm12.exe C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\SHVRTF.EXE C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe C:\Program Files\Eset\nod32kui.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqSTE08.exe C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Windows Live\Toolbar\wltuser.exe C:\Program Files\Internet Explorer\iexplore.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.home.nl/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer aangeboden door @Home R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy:8080 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll O2 - BHO: Softonic VLC EN Toolbar - {e6570cd8-9978-4621-b1f9-6a62436f0466} - C:\Program Files\Softonic_VLC_EN\tbSof1.dll O3 - Toolbar: Softonic VLC EN Toolbar - {e6570cd8-9978-4621-b1f9-6a62436f0466} - C:\Program Files\Softonic_VLC_EN\tbSof1.dll O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O4 - HKLM\..\Run: [ATIPTA] :C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [NeroFilterCheck] :C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [soundMan] :SOUNDMAN.EXE O4 - HKLM\..\Run: [Protect] SHVRTF.EXE O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe O4 - HKLM\..\Run: [HP Software Update] :C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [HP Component Manager] :"C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" O4 - HKLM\..\Run: [DeviceDiscovery] :C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe O4 - HKLM\..\Run: [nod32kui] C:\Program Files\Eset\nod32kui.exe /WAITSERVICE O4 - HKLM\..\Run: [CaretakerNotifier] :C:\Program Files\SurfRight\Caretaker\Notifier.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q O4 - HKCU\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe O4 - HKCU\..\Run: [trustreal] C:\DOCUME~1\ROBVAN~1\APPLIC~1\THISMA~1\16ViewCdrom.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice') O4 - HKUS\S-1-5-21-4290336544-1750476147-4027534363-1006\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Mirjam van Sambeek') O4 - HKUS\S-1-5-21-4290336544-1750476147-4027534363-1006\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe (User 'Mirjam van Sambeek') O4 - HKUS\S-1-5-21-4290336544-1750476147-4027534363-1006\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" (User 'Mirjam van Sambeek') O4 - HKUS\S-1-5-21-4290336544-1750476147-4027534363-1006\..\Run: [CTSyncU.exe] "C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe" (User 'Mirjam van Sambeek') O4 - HKUS\S-1-5-21-4290336544-1750476147-4027534363-1006\..\Run: [trustreal] C:\DOCUME~1\MIRJAM~1\APPLIC~1\THISMA~1\16ViewCdrom.exe (User 'Mirjam van Sambeek') O4 - HKUS\S-1-5-21-4290336544-1750476147-4027534363-1006\..\Run: [nvcoi] C:\Program Files\nvcoi\nvcoi.exe (User 'Mirjam van Sambeek') O4 - HKUS\S-1-5-21-4290336544-1750476147-4027534363-1006\..\Run: [JavaCore] C:\Program Files\\JavaCore\\JavaCore.exe (User 'Mirjam van Sambeek') O4 - HKUS\S-1-5-21-4290336544-1750476147-4027534363-1006\..\Run: [WinTouch] C:\Documents and Settings\Mirjam van Sambeek\Application Data\WinTouch\WinTouch.exe (User 'Mirjam van Sambeek') O4 - HKUS\S-1-5-21-4290336544-1750476147-4027534363-1006\..\Run: [sfKg6w] C:\Documents and Settings\Mirjam van Sambeek\Application Data\Microsoft\Windows\mtufnd.exe (User 'Mirjam van Sambeek') O4 - HKUS\S-1-5-21-4290336544-1750476147-4027534363-1006\..\Run: [Arrt] "C:\DOCUME~1\MIRJAM~1\APPLIC~1\FNTS~1\msdtc.exe" -vt yazb (User 'Mirjam van Sambeek') O4 - HKUS\S-1-5-21-4290336544-1750476147-4027534363-1006\..\Run: [Gingxrdx] "C:\Program Files\s?stem32\?hkntfs.exe" (User 'Mirjam van Sambeek') O4 - HKUS\S-1-5-21-4290336544-1750476147-4027534363-1006\..\Run: [Tskthy] "C:\Program Files\s?stem\r?gedit.exe" (User 'Mirjam van Sambeek') O4 - HKUS\S-1-5-21-4290336544-1750476147-4027534363-1006\..\Policies\Explorer\Run: [{B09672FC-0BB6-1043-0623-05030920001f}] "C:\Program Files\Common Files\{B09672FC-0BB6-1043-0623-05030920001f}\Update.exe" mc-110-12-0000904 (User 'Mirjam van Sambeek') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Default user') O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe O8 - Extra context menu item: Converteren naar Adobe PDF - res://D:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Converteren naar bestaand PDF-bestand - res://D:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Geselecteerde koppelingen converteren naar Adobe PDF - res://D:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Geselecteerde koppelingen converteren naar bestaand PDF-bestand - res://D:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html O8 - Extra context menu item: Koppelingdoel converteren naar Adobe PDF - res://D:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Koppelingdoel converteren naar bestaand PDF-bestand - res://D:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Selectie converteren naar Adobe PDF - res://D:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Selectie converteren naar bestaand PDF-bestand - res://D:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O9 - Extra button: In weblog opnemen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &In weblog opnemen met Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\WINDOWS\System32\shdocvw.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http://start.home.nl/ O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab30149.cab O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10/StagingUI.cab46479.cab O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab30149.cab O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://eu-housecall.trendmicro-europe.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab30149.cab O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (ZoneBuddy Class) - http://zone.msn.com/BinFrameWork/v10/ZBuddy.cab32846.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://mirriej88.spaces.msn.com//PhotoUpload/MsnPUpld.cab O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/binframework/v10/ZPAChat.cab32846.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab30149.cab O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://62.100.53.122/activex/AxisCamControl.cab O16 - DPF: {95B5D20C-BD31-4489-8ABF-F8C8BE748463} (ZPA_HRTZ Object) - http://zone.msn.com/bingame/zpagames/zpa_hrtz.cab40641.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab47946.cab O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai.net/7/532/6712/6c5b0a1ae398e3/player.virtools.com/downloads/player/Install2.5/Installer.exe O16 - DPF: {CE69F98F-2AF3-4306-BAC6-A79070EDA1B4} (Zylom Loader Object) - http://game11.zylomgames.com/activex/zylomloader.cab O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (StadiumProxy Class) - http://zone.msn.com/binframework/v10/StProxy.cab41227.cab O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://antu.popcap.com/games/popcaploader_v6.cab O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: Google Updateservice (gupdate1ca82f7f380806) (gupdate1ca82f7f380806) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: NOD32 Kernel Service (NOD32krn) - Unknown owner - C:\Program Files\Eset\nod32krn.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe -- End of file - 14186 bytes MalwareBytes krijg ik niet meer op tijd gerund, hopelijk in de loop van de dag, maar gisteren gaf MalwareBytes niets fouts meer aan
  13. [ATTACH]6501[/ATTACH] Hmm MBAM wilt niet volledig installeren.. hij breekt uit zichzelf af tijdens het installeren (wellicht nog probleem met het virus?) dit is in ieder geval de nieuwe HiJack log (nu vanaf de security suite laptop ipv de 'niet besmette' computer) HiJack log.docx
  14. Dat is inderdaad al een heleboel rotzooi opgeruimd daarvoor alvast heel erg bedankt! nieuwe HiJack log: Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 14:15:57, on 12-9-2010 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Eset\nod32krn.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\HPZipm12.exe C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\SHVRTF.EXE C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe C:\Program Files\Eset\nod32kui.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqSTE08.exe C:\Program Files\Windows Live\Toolbar\wltuser.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.home.nl/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer aangeboden door @Home R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy:8080 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll O2 - BHO: Softonic VLC EN Toolbar - {e6570cd8-9978-4621-b1f9-6a62436f0466} - C:\Program Files\Softonic_VLC_EN\tbSof0.dll O3 - Toolbar: Softonic VLC EN Toolbar - {e6570cd8-9978-4621-b1f9-6a62436f0466} - C:\Program Files\Softonic_VLC_EN\tbSof0.dll O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O4 - HKLM\..\Run: [ATIPTA] :C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [NeroFilterCheck] :C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [soundMan] :SOUNDMAN.EXE O4 - HKLM\..\Run: [Protect] SHVRTF.EXE O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe O4 - HKLM\..\Run: [HP Software Update] :C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [HP Component Manager] :"C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" O4 - HKLM\..\Run: [DeviceDiscovery] :C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe O4 - HKLM\..\Run: [nod32kui] C:\Program Files\Eset\nod32kui.exe /WAITSERVICE O4 - HKLM\..\Run: [bm(1)] :"C:\Program Files\Common Files\AntiVirusScherm\bm.exe" dm=http://antivirusscherm.com ad=http://antivirusscherm.com sd=http://arettich.antivirusscherm.com O4 - HKLM\..\Run: [CaretakerNotifier] :C:\Program Files\SurfRight\Caretaker\Notifier.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q O4 - HKCU\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe O4 - HKCU\..\Run: [trustreal] C:\DOCUME~1\ROBVAN~1\APPLIC~1\THISMA~1\16ViewCdrom.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Default user') O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe O8 - Extra context menu item: Converteren naar Adobe PDF - res://D:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Converteren naar bestaand PDF-bestand - res://D:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Geselecteerde koppelingen converteren naar Adobe PDF - res://D:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Geselecteerde koppelingen converteren naar bestaand PDF-bestand - res://D:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html O8 - Extra context menu item: Koppelingdoel converteren naar Adobe PDF - res://D:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Koppelingdoel converteren naar bestaand PDF-bestand - res://D:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Selectie converteren naar Adobe PDF - res://D:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Selectie converteren naar bestaand PDF-bestand - res://D:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O9 - Extra button: In weblog opnemen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &In weblog opnemen met Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\WINDOWS\System32\shdocvw.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http://start.home.nl/ O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab30149.cab O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10/StagingUI.cab46479.cab O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab30149.cab O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://eu-housecall.trendmicro-europe.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab30149.cab O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (ZoneBuddy Class) - http://zone.msn.com/BinFrameWork/v10/ZBuddy.cab32846.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://mirriej88.spaces.msn.com//PhotoUpload/MsnPUpld.cab O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/binframework/v10/ZPAChat.cab32846.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab30149.cab O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://62.100.53.122/activex/AxisCamControl.cab O16 - DPF: {95B5D20C-BD31-4489-8ABF-F8C8BE748463} (ZPA_HRTZ Object) - http://zone.msn.com/bingame/zpagames/zpa_hrtz.cab40641.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab47946.cab O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai.net/7/532/6712/6c5b0a1ae398e3/player.virtools.com/downloads/player/Install2.5/Installer.exe O16 - DPF: {CE69F98F-2AF3-4306-BAC6-A79070EDA1B4} (Zylom Loader Object) - http://game11.zylomgames.com/activex/zylomloader.cab O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (StadiumProxy Class) - http://zone.msn.com/binframework/v10/StProxy.cab41227.cab O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://antu.popcap.com/games/popcaploader_v6.cab O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab O20 - Winlogon Notify: rqRlJcBQ - rqRlJcBQ.dll (file missing) O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Adobe Version Cue CS2 - Unknown owner - D:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe (file missing) O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: Google Updateservice (gupdate1ca82f7f380806) (gupdate1ca82f7f380806) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: NOD32 Kernel Service (NOD32krn) - Unknown owner - C:\Program Files\Eset\nod32krn.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe -- End of file - 12406 bytes
  15. MalwareBytes logje (nieuwe HiJack volgt zodra ik de computer opnieuw opgestart heb) Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Databaseversie: 4599 Windows 5.1.2600 Service Pack 2 Internet Explorer 8.0.6001.18702 12-9-2010 14:02:07 mbam-log-2010-09-12 (14-02-07).txt Scantype: Snelle scan Objecten gescand: 270633 Verstreken tijd: 37 minuut/minuten, 59 seconde(n) Geheugenprocessen geïnfecteerd: 0 Geheugenmodulen geïnfecteerd: 1 Registersleutels geïnfecteerd: 52 Registerwaarden geïnfecteerd: 8 Registerdata geïnfecteerd: 0 Mappen geïnfecteerd: 19 Bestanden geïnfecteerd: 89 Geheugenprocessen geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Geheugenmodulen geïnfecteerd: C:\WINDOWS\system32\dpwpcxdp.dll (Adware.BHO) -> Delete on reboot. Registersleutels geïnfecteerd: HKEY_CLASSES_ROOT\oincs.oinanalytics (Trojan.BHO) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\oincs.oinanalytics.1 (Trojan.BHO) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\quantic.plug (Trojan.BHO) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\quantic.plug.1 (Trojan.BHO) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\testcpv6.bho (Trojan.BHO) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\testcpv6.bho.1 (Trojan.BHO) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{1601d447-7424-4866-8dcc-acf98a2a41e1} (Trojan.BHO) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{1e404d48-670a-4085-a6a0-d195793ddd33} (Trojan.BHO) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{2e4a04a1-a24d-45ae-aca4-949778400813} (Trojan.BHO) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{9f593aac-ca4c-4a41-a7ff-a00812192d61} (Trojan.BHO) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{ceb9c60d-f0ad-4b73-a3ab-4fc822e38d66} (Trojan.BHO) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{cfcec0a5-e1da-4049-bdb6-8b461e7e1bf3} (Trojan.BHO) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\AppID\{a9722a0d-365f-47d2-b70b-37d046316d99} (Adware.EZlife) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\AppID\{8d71eeb8-a1a7-4733-8fa2-1cac015c967d} (Trojan.BHO) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\AppID\{f7fa36a4-3177-4b57-b9c1-e9c5b2e0d3a9} (Trojan.BHO) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\AppID\{ff46f4ab-a85f-487e-b399-3f191ac0fe23} (Trojan.BHO) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{15421b84-3488-49a7-ad18-cbf84a3efaf6} (Trojan.BHO) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{1e404d48-670a-4085-a6a0-d195793ddd33} (Trojan.BHO) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{ceb9c60d-f0ad-4b73-a3ab-4fc822e38d66} (Trojan.BHO) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Typelib\{2386c4d3-e53a-4fd6-952b-89cbca337c83} (Trojan.BHO) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Typelib\{63334394-3da3-4b29-a041-03535909d361} (Trojan.BHO) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Typelib\{749ec66f-a838-4b38-b8e5-e65d905fff74} (Trojan.BHO) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Typelib\{c3c0ec2c-2c1c-495c-9ad0-1f0ef833d7b5} (Trojan.BHO) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{15421b84-3488-49a7-ad18-cbf84a3efaf6} (Trojan.BHO) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{16b435f6-b6ce-4f24-a568-944b27ed919c} (Trojan.BHO) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6b221e01-f517-4959-8c41-81948e7f2f17} (Trojan.BHO) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{1a26f07f-0d60-4835-91cf-1e1766a0ec56} (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\oinanalytics (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\outerinfo (Adware.PurityScan) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\adproclient.adhlpr (Adware.SmartAds) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\adproclient.adhlpr.1 (Adware.SmartAds) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\AppID\OINAnalytics.dll (Trojan.BHO) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\AppID\Sidebar.dll (Trojan.BHO) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\AppID\testCPV6.dll (Trojan.BHO) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\BitDownload (Trojan.Swizzor) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\WR (Malware.Trace) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Quantic (Trojan.BHO) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Smart-Ads-Solutions (Adware.SmartAds) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Trymedia Systems (Adware.TryMedia) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\avsoft (Trojan.Fraudpack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\avsuite (Rogue.AntivirusSuite) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\dslcnnct (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\jkwslist (Malware.Trace) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Juan (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Smart-Ads-Solutions (Adware.SmartAds) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Smart-Ads-Solutions (Adware.SmartAds) -> Quarantined and deleted successfully. Registerwaarden geïnfecteerd: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\exploreupdsched (Trojan.AdSpy) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\adp (Rogue.Multiple) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\bf (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\bk (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\iu (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\mu (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\lsa shellu (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Products\prodname (Rogue.PCVirusless) -> Quarantined and deleted successfully. Registerdata geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Mappen geïnfecteerd: C:\Documents and Settings\All Users\Application Data\SalesMon (Rogue.Multiple) -> Quarantined and deleted successfully. C:\Documents and Settings\All Users\Application Data\SalesMon\Data (Rogue.Multiple) -> Quarantined and deleted successfully. C:\Documents and Settings\Rob van Sambeek\Application Data\Smart-Ads-Solutions (Adware.SmartAds) -> Quarantined and deleted successfully. C:\Documents and Settings\Rob van Sambeek\Application Data\Smart-Ads-Solutions\SmartAds (Adware.SmartAds) -> Quarantined and deleted successfully. C:\Documents and Settings\Johan van Sambeek\Application Data\Smart-Ads-Solutions (Adware.SmartAds) -> Quarantined and deleted successfully. C:\Documents and Settings\Johan van Sambeek\Application Data\Smart-Ads-Solutions\SmartAds (Adware.SmartAds) -> Quarantined and deleted successfully. C:\Documents and Settings\Mirjam van Sambeek\Application Data\WinTouch (Adware.WinPop) -> Quarantined and deleted successfully. C:\Program Files\CPV (Trojan.Downloader) -> Quarantined and deleted successfully. C:\Program Files\nvcoi (Trojan.Stars) -> Quarantined and deleted successfully. C:\Program Files\OINAnalytics (Trojan.Agent) -> Quarantined and deleted successfully. C:\Program Files\Outerinfo (Adware.PurityScan) -> Quarantined and deleted successfully. C:\Program Files\Outerinfo\FF (Adware.PurityScan) -> Quarantined and deleted successfully. C:\Program Files\Outerinfo\FF\components (Adware.PurityScan) -> Quarantined and deleted successfully. C:\Program Files\Temporary (Trojan.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\All Users\Menu Start\Programma's\AntiSpywareMaster (Rogue.AntiSpywareMaster) -> Quarantined and deleted successfully. C:\Documents and Settings\Johan van Sambeek\Menu Start\Programma's\MalwareAlarm (Rogue.Malware.Alarm) -> Quarantined and deleted successfully. C:\Documents and Settings\Mirjam van Sambeek\Menu Start\Programma's\Outerinfo (Malware.Trace) -> Quarantined and deleted successfully. C:\WINDOWS\system32\bharebio18 (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\Fonts\' (Worm.Archive) -> Files: 10458 -> Quarantined and deleted successfully. Bestanden geïnfecteerd: C:\WINDOWS\system32\dpwpcxdp.dll (Adware.BHO) -> Delete on reboot. C:\WINDOWS\system32\kcntqkdh.exe (Trojan.AdSpy) -> Quarantined and deleted successfully. C:\RECYCLER\S-1-5-21-4290336544-1750476147-4027534363-1007\Dc250.exe (Trojan.StartPage) -> Quarantined and deleted successfully. C:\WINDOWS\system32\pacxjnnv.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\eu1.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\l61.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\ldgoy.dll (Adware.PurityScan) -> Quarantined and deleted successfully. C:\WINDOWS\system32\mysidesearch_sidebar_uninstall.exe (Trojan.BHO) -> Quarantined and deleted successfully. C:\WINDOWS\system32\myss_sb_uninstall.exe (Trojan.BHO) -> Quarantined and deleted successfully. C:\WINDOWS\system32\rqRlJcBQ.dll__DELETE_ON_REBOOT (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\rwwnw64d.exe (Adware.ZenoSearch) -> Quarantined and deleted successfully. C:\WINDOWS\system32\sa27d.exe (Adware.EZlife) -> Quarantined and deleted successfully. C:\WINDOWS\system32\sa3d.exe (Adware.EZlife) -> Quarantined and deleted successfully. C:\WINDOWS\system32\u61.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\ucrbeeyg.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\gside.exe (Trojan.BHO) -> Quarantined and deleted successfully. C:\WINDOWS\system32\jpwnw64s.exe (Adware.ZenoSearch) -> Quarantined and deleted successfully. C:\WINDOWS\system32\buhkcbou.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\byXpOEww.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\wvUmjkIa.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\ati2cqa.dll (Malware.Packer.Gen) -> Quarantined and deleted successfully. C:\WINDOWS\system32\qswmcdfx.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\go28d.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\go32d.exe (Adware.BHO) -> Quarantined and deleted successfully. C:\WINDOWS\system32\yvocgped.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\kcntqkdj.exe (Trojan.AdSpy) -> Quarantined and deleted successfully. C:\WINDOWS\system32\kcntqkdm.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\kcntqkdn.exe (Adware.ZenoSearch) -> Quarantined and deleted successfully. C:\WINDOWS\system32\{c5dde060-2b85-cce8-2a5e-16737c31aa2e}.dll-uninst.exe (Trojan.BHO) -> Quarantined and deleted successfully. C:\WINDOWS\system32\ddcCRJba.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\Documents and Settings\Johan van Sambeek\Local Settings\Temp\s33c (Trojan.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Mirjam van Sambeek\Local Settings\Temp\Antiphishing Component Update 1 (Trojan.BHO) -> Quarantined and deleted successfully. C:\Documents and Settings\Mirjam van Sambeek\Local Settings\Temp\NDR3B10.tmp (Adware.PurityScan) -> Quarantined and deleted successfully. C:\Documents and Settings\Mirjam van Sambeek\Local Settings\Temp\tmpAE45.tmp (Trojan.BHO) -> Quarantined and deleted successfully. C:\Documents and Settings\Mirjam van Sambeek\Local Settings\Temp\tmpFAE.tmp (Trojan.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Rob van Sambeek\Local Settings\Temp\BrowserHotfix10.exe (Adware.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Rob van Sambeek\Local Settings\Temp\BrowserHotfix2.exe (Trojan.BHO) -> Quarantined and deleted successfully. C:\Documents and Settings\Rob van Sambeek\Local Settings\Temp\COM Security Update Level 10 (Adware.BHO) -> Quarantined and deleted successfully. C:\Documents and Settings\Rob van Sambeek\Local Settings\Temp\COM Security Update Level 9 (Adware.BHO) -> Quarantined and deleted successfully. C:\Documents and Settings\Johan van Sambeek\Local Settings\Temporary Internet Files\Content.IE5\NXCT6CNP\setup[1].exe (Trojan.BHO) -> Quarantined and deleted successfully. C:\Documents and Settings\Johan van Sambeek\Local Settings\Temporary Internet Files\Content.IE5\SVA1N9ZZ\get_file[1].php (Adware.BHO) -> Quarantined and deleted successfully. C:\Documents and Settings\Rob van Sambeek\Local Settings\Temporary Internet Files\Content.IE5\LAEX0ADU\setup[1].exe (Adware.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Mirjam van Sambeek\Application Data\WinTouch\wintouch.cfg (Adware.WinPop) -> Quarantined and deleted successfully. C:\Program Files\nvcoi\mst.stt (Trojan.Stars) -> Quarantined and deleted successfully. C:\Program Files\OINAnalytics\OINAnalytics2.dll (Trojan.Agent) -> Quarantined and deleted successfully. C:\Program Files\OINAnalytics\Uninstall.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\Program Files\Outerinfo\OiUninstaller.exe (Adware.PurityScan) -> Quarantined and deleted successfully. C:\Program Files\Outerinfo\outerinfo.ico (Adware.PurityScan) -> Quarantined and deleted successfully. C:\Program Files\Outerinfo\Terms.rtf (Adware.PurityScan) -> Quarantined and deleted successfully. C:\Program Files\Outerinfo\FF\chrome.manifest (Adware.PurityScan) -> Quarantined and deleted successfully. C:\Program Files\Outerinfo\FF\install.rdf (Adware.PurityScan) -> Quarantined and deleted successfully. C:\Program Files\Outerinfo\FF\components\FF.dll (Adware.PurityScan) -> Quarantined and deleted successfully. C:\Program Files\Outerinfo\FF\components\OuterinfoAds.xpt (Adware.PurityScan) -> Quarantined and deleted successfully. C:\Documents and Settings\All Users\Menu Start\Programma's\AntiSpywareMaster\AntiSpywareMaster.lnk (Rogue.AntiSpywareMaster) -> Quarantined and deleted successfully. C:\Documents and Settings\All Users\Menu Start\Programma's\AntiSpywareMaster\Uninstall AntiSpywareMaster.lnk (Rogue.AntiSpywareMaster) -> Quarantined and deleted successfully. C:\Documents and Settings\Johan van Sambeek\Menu Start\Programma's\MalwareAlarm\MalwareAlarm.lnk (Rogue.Malware.Alarm) -> Quarantined and deleted successfully. C:\Documents and Settings\Johan van Sambeek\Menu Start\Programma's\MalwareAlarm\Uninstall.lnk (Rogue.Malware.Alarm) -> Quarantined and deleted successfully. C:\Documents and Settings\Mirjam van Sambeek\Menu Start\Programma's\Outerinfo\Terms.lnk (Malware.Trace) -> Quarantined and deleted successfully. C:\Documents and Settings\Mirjam van Sambeek\Menu Start\Programma's\Outerinfo\Uninstall.lnk (Malware.Trace) -> Quarantined and deleted successfully. C:\WINDOWS\system32\bharebio18\bharebio182328.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Johan van Sambeek\Application Data\Microsoft\Internet Explorer\Quick Launch\AntiSpywareMaster.lnk (Rogue.AntiSpyware) -> Quarantined and deleted successfully. C:\Documents and Settings\Mirjam van Sambeek\Application Data\Microsoft\Internet Explorer\Quick Launch\AntiSpywareMaster.lnk (Rogue.AntiSpyware) -> Quarantined and deleted successfully. C:\Documents and Settings\Johan van Sambeek\Menu Start\Programma's\Opstarten\Deewoo.lnk (Malware.Links) -> Quarantined and deleted successfully. C:\Documents and Settings\Mirjam van Sambeek\Menu Start\Programma's\Opstarten\Deewoo.lnk (Malware.Links) -> Quarantined and deleted successfully. C:\Documents and Settings\Johan van Sambeek\Menu Start\Programma's\Opstarten\DW_Start.lnk (Malware.Links) -> Quarantined and deleted successfully. C:\Documents and Settings\Mirjam van Sambeek\Menu Start\Programma's\Opstarten\DW_Start.lnk (Malware.Links) -> Quarantined and deleted successfully. C:\WINDOWS\system32\byXNDsSI.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\cbswpbrk.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\cbXPhfEX.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\ClickToFindandFixErrorsIntl.ico (Malware.Trace) -> Quarantined and deleted successfully. C:\WINDOWS\system32\ClickToFindandFixErrors_Intl.ico (Malware.Trace) -> Quarantined and deleted successfully. C:\WINDOWS\system32\ClickToFindandFixErrors_RON.ico (Malware.Trace) -> Quarantined and deleted successfully. C:\WINDOWS\system32\efccdCSJ.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\geBspnMC.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\jkkHBSIx.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\jkkLbBUK.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\msnav32.ax (Malware.Trace) -> Quarantined and deleted successfully. C:\WINDOWS\system32\pac.txt (Malware.Trace) -> Quarantined and deleted successfully. C:\WINDOWS\system32\tuvUKcAs.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\tuvWnoNG.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\urqQgFXo.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\winpfz33.sys (Malware.Trace) -> Quarantined and deleted successfully. C:\WINDOWS\system32\xxyxVlMd.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\zxdnt3d.cfg (Malware.Trace) -> Quarantined and deleted successfully. C:\WINDOWS\system32\zxdnt3d.cfg. (Adware.ZenoSearch) -> Quarantined and deleted successfully. C:\WINDOWS\BMb3a541cf.txt (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\BMb3a541cf.xml (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\cookies.ini (Malware.Trace) -> Quarantined and deleted successfully. C:\WINDOWS\pskt.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
  16. [ATTACH]6500[/ATTACH] Wordbestandje van Hijack Log gemaakt want die kon ik wél uploaden hoop dat hij te openen is, lijkt erop van wel Poging in de veilige modus lukte niet, kreeg raar menu met de opties: 1st Floppy drive PM Toshiba ODD-DVD SD-R5272 3M-Moxtor 6y160M0 :/ HiJack Log.doc
  17. Ik heb het logje op stick gezet en alles wat ik hier plaats gebeurt via een niet besmette pc' Uploaden lukt ook niet maar ik zal de veilige modus eens proberen
  18. In veilige modus is het gelukt Het lukt me nu alleen niet om de log te plaatsen zodra ik het bericht wil plaatsen zegt hij: webpagina kan niet worden weergegeven :/
  19. Geprobeerd maar ik kan hem niet laten runnen. Ik krijg meteen een pop-up dat HiJack geïnfecteerd is en mijn virus zorgt ervoor dat het meteen afsluit nog voordat hij kan runnen om vervolgens zichzelf weer te openen. Dit doet het virus overigens met heel veel andere dingen zoals configuratiescherm-software.. in principe alles zodat ik het niet kan verwijderen... althans daar lijkt het op. [edit] ik lees in een andere discussie mbt dit virus dat je evt moet opstarten in 'veilige modus zonder netwerkondersteuning' Ik kan die optie niet kiezen in dat menu. Ik heb wel evt: - veilige modus - veilige modus met netwerkmogelijkheden - veilige modus met opdrachtprompt
  20. op 2 van de 3 accounts op de computer doet sinds een tijdje internet het niet. Vanalles al geprobeerd maar internet beperkt zich nog steeds maar tot die ene account. Kunnen jullie aan deze HiJackThis log zien of er dingen niet kloppen? Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 11:04:53, on 12-9-2010 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Eset\nod32krn.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\HPZipm12.exe C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe C:\Program Files\Eset\nod32kui.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\WINDOWS\System32\regsvr32.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe C:\WINDOWS\system32\jpwnw64s.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\WINDOWS\system32\kcntqkdh.exe C:\Program Files\Windows Live\Toolbar\wltuser.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqSTE08.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\WINDOWS\System32\dllhost.exe C:\WINDOWS\system32\msiexec.exe C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.home.nl/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer aangeboden door @Home R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy:8080 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O2 - BHO: (no name) - {08A8068E-53D1-42B2-B197-6D568843721F} - :C:\WINDOWS\system32\rqRlJcBQ.dll (file missing) O2 - BHO: targettedbanner.biz browser enhancer - {16B435F6-B6CE-4F24-A568-944B27ED919C} - :C:\WINDOWS\system32\atgban.dll (file missing) O2 - BHO: hotrevenue browser enhancer - {4228AAB7-CE8F-C451-C5D7-ACFA1C240793} - C:\WINDOWS\system32\alhnqpuzgug.dll O2 - BHO: (no name) - {676DC8C6-027D-73FC-0460-2E00B9B48EBB} - :C:\WINDOWS\system32\pnctkgcn.dll (file missing) O2 - BHO: OIN Analytics - {6B221E01-F517-4959-8C41-81948E7F2F17} - :C:\Program Files\OINAnalytics\OINAnalytics2.dll (file missing) O2 - BHO: (no name) - {6DDACD11-5EAE-7B2A-DF48-2CC0042E8DE8} - :C:\WINDOWS\system32\ldgoy.dll (file missing) O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - :C:\Program Files\Java\jre6\bin\ssv.dll (file missing) O2 - BHO: SmartAds browser enhancer dpwpcxdp - {822BC761-AA46-48AE-BCE0-2EC963072919} - C:\WINDOWS\system32\dpwpcxdp.dll O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll O2 - BHO: (no name) - {B5B6CE0B-C1C2-426A-99BE-4EB4624B4AAF} - :C:\WINDOWS\system32\avifil3.dll (file missing) O2 - BHO: {20705740-265e-224b-59f4-c8b060ae33cc} - {cc33ea06-0b8c-4f95-b422-e56204750702} - :C:\WINDOWS\system32\buhkcbou.dll (file missing) O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll O2 - BHO: Softonic VLC EN Toolbar - {e6570cd8-9978-4621-b1f9-6a62436f0466} - C:\Program Files\Softonic_VLC_EN\tbSof0.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - :C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (file missing) O2 - BHO: (no name) - {EAD6D2B2-6C64-4EEF-87EA-FDEBA697B421} - :C:\WINDOWS\system32\fccbXQjg.dll (file missing) O3 - Toolbar: Softonic VLC EN Toolbar - {e6570cd8-9978-4621-b1f9-6a62436f0466} - C:\Program Files\Softonic_VLC_EN\tbSof0.dll O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O4 - HKLM\..\Run: [ATIPTA] :C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [NeroFilterCheck] :C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [soundMan] :SOUNDMAN.EXE O4 - HKLM\..\Run: [Protect] SHVRTF.EXE O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe O4 - HKLM\..\Run: [HP Software Update] :C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [HP Component Manager] :"C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" O4 - HKLM\..\Run: [DeviceDiscovery] :C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe O4 - HKLM\..\Run: [DXM6Patch_981116] C:\WINDOWS\p_981116.exe /Q:A O4 - HKLM\..\Run: [nod32kui] C:\Program Files\Eset\nod32kui.exe /WAITSERVICE O4 - HKLM\..\Run: [{67-72-2F-FC-DW}] :C:\WINDOWS\system32\jpwnw64s.exe DWram O4 - HKLM\..\Run: [LSA Shellu] :C:\Documents and Settings\Idi van Sambeek\lsass.exe O4 - HKLM\..\Run: [bm(1)] :"C:\Program Files\Common Files\AntiVirusScherm\bm.exe" dm=http://antivirusscherm.com ad=http://antivirusscherm.com sd=http://arettich.antivirusscherm.com O4 - HKLM\..\Run: [b0967253] :rundll32.exe "C:\WINDOWS\system32\ksbhjalc.dll",b O4 - HKLM\..\Run: [CaretakerNotifier] :C:\Program Files\SurfRight\Caretaker\Notifier.exe O4 - HKLM\..\Run: [ExploreUpdSched] C:\WINDOWS\system32\kcntqkdh.exe DWram O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [kjjjwcdd] C:\Documents and Settings\Idi van Sambeek\Local Settings\Application Data\qxnqtuyni\giaimtqtssd.exe O4 - HKLM\..\Run: [bMb3a541cf] Rundll32.exe "C:\WINDOWS\system32\ucrbeeyg.dll",s O4 - HKLM\..\Run: [rwwsqyvadsklf] C:\WINDOWS\System32\regsvr32.exe /s "C:\WINDOWS\system32\alhnqpuzgug.dll" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q O4 - HKCU\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe O4 - HKCU\..\Run: [trustreal] C:\DOCUME~1\ROBVAN~1\APPLIC~1\THISMA~1\16ViewCdrom.exe O4 - HKCU\..\Run: [Windows update loader] C:\Windows\xpupdate.exe O4 - HKCU\..\Policies\Explorer\Run: [{B09672FC-0BB6-1043-0623-05030920001f}] "C:\Program Files\Common Files\{B09672FC-0BB6-1043-0623-05030920001f}\Update.exe" mc-110-12-0000904 O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Default user') O4 - Startup: Deewoo.lnk = C:\WINDOWS\system32\kcntqkdh.exe O4 - Startup: DW_Start.lnk = C:\WINDOWS\system32\jpwnw64s.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: ~Disabled O8 - Extra context menu item: Converteren naar Adobe PDF - res://D:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Converteren naar bestaand PDF-bestand - res://D:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Geselecteerde koppelingen converteren naar Adobe PDF - res://D:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Geselecteerde koppelingen converteren naar bestaand PDF-bestand - res://D:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html O8 - Extra context menu item: Koppelingdoel converteren naar Adobe PDF - res://D:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Koppelingdoel converteren naar bestaand PDF-bestand - res://D:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Selectie converteren naar Adobe PDF - res://D:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Selectie converteren naar bestaand PDF-bestand - res://D:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O9 - Extra button: In weblog opnemen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &In weblog opnemen met Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\WINDOWS\System32\shdocvw.dll O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing) O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing) O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file) O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http://start.home.nl/ O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab30149.cab O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10/StagingUI.cab46479.cab O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab30149.cab O16 - DPF: {1A26F07F-0D60-4835-91CF-1E1766A0EC56} - http://scanner2.malware-scan.com/setup/webinst.cab O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://eu-housecall.trendmicro-europe.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab30149.cab O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (ZoneBuddy Class) - http://zone.msn.com/BinFrameWork/v10/ZBuddy.cab32846.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://mirriej88.spaces.msn.com//PhotoUpload/MsnPUpld.cab O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/binframework/v10/ZPAChat.cab32846.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab30149.cab O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://62.100.53.122/activex/AxisCamControl.cab O16 - DPF: {95B5D20C-BD31-4489-8ABF-F8C8BE748463} (ZPA_HRTZ Object) - http://zone.msn.com/bingame/zpagames/zpa_hrtz.cab40641.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab47946.cab O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai.net/7/532/6712/6c5b0a1ae398e3/player.virtools.com/downloads/player/Install2.5/Installer.exe O16 - DPF: {CE69F98F-2AF3-4306-BAC6-A79070EDA1B4} (Zylom Loader Object) - http://game11.zylomgames.com/activex/zylomloader.cab O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (StadiumProxy Class) - http://zone.msn.com/binframework/v10/StProxy.cab41227.cab O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://antu.popcap.com/games/popcaploader_v6.cab O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab O20 - Winlogon Notify: rqRlJcBQ - rqRlJcBQ.dll (file missing) O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Adobe Version Cue CS2 - Unknown owner - D:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe (file missing) O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: Google Updateservice (gupdate1ca82f7f380806) (gupdate1ca82f7f380806) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: NOD32 Kernel Service (NOD32krn) - Unknown owner - C:\Program Files\Eset\nod32krn.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe -- End of file - 16020 bytes Alvast bedankt!
  21. Oke, maar daarbij komt meteen het probleem kijken dat ik op de geïnfecteerde computer internet explorer niet meer kan openen (Blocked request: location contains malicious content. Threat: Mal/FakeAvHm-A) en er staat geen firefox op. Mijn echte anti-virus scanner (sophos) staat het niet toe maar tegelijkertijd kan ik sophos niet openen of wat dan ook want dat staat windows security (die me dan naar Security Suite leidt) weer niet toe. Is het mogelijk om hijackthis op een andere computer te downloaden en vervolgens met usb-stick naar de geïnfecteerde computer over te brengen?
  22. Beste pc-helpforum, het security suite virus heeft zich geïnstalleerd op mijn laptop en nu kan ik oa. niet meer op internet (ik heb dit vanaf een andere computer gestuurd aangezien ik internet hiervoor nodig had). Ik hoop dat jullie mij kunnen helpen.
  23. Ik geloof van niet moet ik nu hijack, malwarebytes & combofix verwijderen of maakt dat niet uit? Heel erg bedankt in ieder geval!
  24. Oke, gedaan Logje van Combofix: ComboFix 10-08-15.02 - prive 16-08-2010 10:49:39.1.2 - x86 Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.31.1043.18.766.213 [GMT 2:00] Gestart vanuit: c:\users\prive\Desktop\ComboFix.exe AV: ESET NOD32 antivirus systeem 2.70 *On-access scanning disabled* (Outdated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0} AV: Norton Internet Security *On-access scanning enabled* (Outdated) {E10A9785-9598-4754-B552-92431C1C35F8} FW: Norton Internet Security *disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220} SP: Norton Internet Security *enabled* (Outdated) {CBB7EE13-8244-4DAB-8B55-D5C7AA91E59A} SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46} . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\users\prive\AppData\Local\vlmtsflsc c:\users\prive\AppData\Local\vlmtsflsc\axltlktshdw.exe c:\users\prive\AppData\Local\Windows Server c:\users\prive\AppData\Local\Windows Server\flags.ini c:\users\prive\AppData\Local\Windows Server\hlp.dat c:\users\prive\AppData\Local\Windows Server\server.dat c:\users\prive\AppData\Local\Windows Server\uses32.dat c:\users\prive\AppData\Roaming\10266F7C7771A46C6F6B2600D3A2CFB0 c:\users\prive\AppData\Roaming\10266F7C7771A46C6F6B2600D3A2CFB0\enemies-names.txt c:\users\prive\AppData\Roaming\10266F7C7771A46C6F6B2600D3A2CFB0\local.ini c:\users\prive\AppData\Roaming\10266F7C7771A46C6F6B2600D3A2CFB0\lsrslt.ini c:\users\prive\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Antimalware Doctor c:\users\prive\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Antimalware Doctor\Antimalware Doctor.lnk c:\users\prive\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Antimalware Doctor\Uninstall.lnk c:\users\prive\AppData\Roaming\Microsoft\Windows\Templates\memory.tmp . (((((((((((((((((((( Bestanden Gemaakt van 2010-07-16 to 2010-08-16 )))))))))))))))))))))))))))))) . 2010-08-16 09:01 . 2010-08-16 09:01 -------- d-----w- c:\users\prive\AppData\Local\temp 2010-08-15 20:28 . 2010-08-15 20:28 388096 ----a-r- c:\users\prive\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe 2010-08-15 20:20 . 2010-08-15 20:20 -------- d-----w- c:\users\prive\AppData\Roaming\Malwarebytes 2010-08-15 20:19 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-08-15 20:19 . 2010-08-15 20:19 -------- d-----w- c:\programdata\Malwarebytes 2010-08-15 20:19 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-08-15 20:19 . 2010-08-15 20:20 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-08-15 20:11 . 2010-08-15 20:11 -------- d-----w- c:\program files\Trend Micro 2010-08-15 19:16 . 2010-08-15 21:17 -------- d-----w- c:\users\prive\AppData\Local\Windows . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-08-16 08:45 . 2007-10-21 20:40 -------- d-----w- c:\program files\Norton Security Scan 2010-08-15 18:48 . 2007-09-19 10:39 -------- d-----w- c:\users\prive\AppData\Roaming\LimeWire 2010-08-15 18:43 . 2009-09-08 17:45 -------- d-----w- c:\users\prive\AppData\Roaming\BitTorrent 2010-08-15 01:07 . 2007-03-28 08:13 -------- d-----w- c:\programdata\Microsoft Help 2010-07-07 22:32 . 2006-11-02 16:11 689618 ----a-w- c:\windows\system32\perfh013.dat 2010-07-07 22:32 . 2006-11-02 16:11 122796 ----a-w- c:\windows\system32\perfc013.dat 2010-05-21 12:14 . 2009-10-05 14:24 221568 ------w- c:\windows\system32\MpSigStub.exe . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2007-09-15 1006264] "RtHDVCpl"="RtHDVCpl.exe" [2006-12-01 4186112] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-10-23 815104] "eDataSecurity Loader"="c:\acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2007-02-06 464168] "eDSMSNfix"="c:\acer\Empowering Technology\eDSMSNfix.exe" [2007-02-09 13312] "LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2006-12-08 614400] "WarReg_PopUp"="c:\acer\WR_PopUp\WarReg_PopUp.exe" [2006-11-05 57344] "Acer Tour Reminder"="c:\acer\AcerTour\Reminder.exe" [2007-01-17 151552] "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072] "nod32kui"="c:\program files\Eset\nod32kui.exe" [2007-09-13 949376] "RealTray"="c:\program files\Real\RealPlayer\RealPlay.exe" [2007-09-15 26112] "BigDogPath"="c:\windows\VM_STI.EXE" [2003-01-21 40960] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-12-06 149280] "CTCheck"="c:\program files\Creative\Creative ZEN\ZEN Media Explorer\CTCheck.exe" [2007-11-06 397312] "Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-04-29 1090952] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112] c:\users\prive\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664] LimeWire On Startup.lnk - c:\program files\LimeWire\LimeWire.exe [2009-9-30 503808] OneNote 2007 Schermopname en Snel starten.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680] c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=c:\windows\System32\eNetHook.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend] @="Service" [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc] "AntiVirusOverride"=dword:00000001 R3 SMSCIRDA;SMSC Infrared Device Driver;c:\windows\system32\DRIVERS\SMSCirda.sys [2006-10-18 31232] S1 nod32drv;nod32drv;c:\windows\system32\drivers\nod32drv.sys [2007-09-13 15424] . Inhoud van de 'Gedeelde Taken' map 2010-04-16 c:\windows\Tasks\Norton Security Scan.job - c:\program files\Norton Security Scan\Nss.exe [2007-04-19 20:42] . . ------- Bijkomende Scan ------- . uStart Page = hxxp://www.google.nl/ uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7 mStart Page = hxxp://nl.intl.acer.yahoo.com uInternet Settings,ProxyOverride = <local> uSearchURL,(Default) = hxxp://g.msn.nl/0SENLNL/SAOS01?FORM=TOOLBR IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 Trusted Zone: bio.uu.nl\www FF - ProfilePath - c:\users\prive\AppData\Roaming\Mozilla\Firefox\Profiles\i32w0ix6.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.google.nl/|Camphell FF - prefs.js: network.proxy.type - 1 FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ ---- FIREFOX POLICIES ---- c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.count", 24); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096); c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45); c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", ""); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false); . - - - - ORPHANS VERWIJDERD - - - - HKLM-Run-Acer Tour - (no file) HKLM-Run-SetPanel - c:\acer\APanel\APanel.cmd HKLM-Run-eRecoveryService - (no file) ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover Rootkit scan 2010-08-16 11:01 Windows 6.0.6000 NTFS scannen van verborgen processen ... scannen van verborgen autostart items ... scannen van verborgen bestanden ... Scan succesvol afgerond verborgen bestanden: 0 ************************************************************************** . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . --------------------- DLLs Geladen Onder Lopende Processen --------------------- - - - - - - - > 'winlogon.exe'(716) c:\windows\system32\eNetHook.dll - - - - - - - > 'lsass.exe'(636) c:\windows\system32\eNetHook.dll . Voltooingstijd: 2010-08-16 11:07:04 ComboFix-quarantined-files.txt 2010-08-16 09:07 Pre-Run: 4.609.875.968 bytes beschikbaar Post-Run: 5.543.501.824 bytes beschikbaar - - End Of File - - B2C3E62C2DB285526C566920D4A805DB Hijack logje: Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 11:10:44, on 16-8-2010 Platform: Windows Vista (WinNT 6.00.1904) MSIE: Internet Explorer v7.00 (7.00.6000.16890) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\system32\taskeng.exe C:\Program Files\Windows Defender\MSASCui.exe C:\Windows\RtHDVCpl.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe C:\Acer\Empowering Technology\eDSMSNfix.exe C:\Program Files\Launch Manager\LManager.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\Program Files\Real\RealPlayer\realplay.exe C:\Windows\Vm_sti.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Acer\Empowering Technology\ENET\ENMTRAY.EXE C:\Acer\Empowering Technology\EPOWER\EPOWER_DMC.EXE C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE C:\Program Files\Eset\nod32kui.exe C:\Windows\system32\wuauclt.exe C:\Windows\system32\conime.exe C:\Windows\system32\notepad.exe C:\Windows\explorer.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\plugin-container.exe C:\Windows\system32\NOTEPAD.EXE C:\Users\prive\Downloads\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Yahoo! UK & Ireland R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = Bing R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Windows\system32\ActiveToolBand.dll O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe O4 - HKLM\..\Run: [eDSMSNfix] C:\Acer\Empowering Technology\eDSMSNfix.exe O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe O4 - HKLM\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER O4 - HKLM\..\Run: [bigDogPath] C:\Windows\VM_STI.EXE Pro Cam O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [CTCheck] C:\Program Files\Creative\Creative ZEN\ZEN Media Explorer\CTCheck.exe O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript O4 - HKUS\S-1-5-18\..\Run: [startCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (User 'SYSTEEM') O4 - HKUS\.DEFAULT\..\Run: [startCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (User 'Default user') O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe O4 - Startup: OneNote 2007 Schermopname en Snel starten.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: In weblog opnemen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &In weblog opnemen met Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\Windows\system32\Shdocvw.dll O15 - Trusted Zone: Faculteit Bètawetenschappen: Departement Biologie - Onderwijs & Onderzoek O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll O20 - AppInit_DLLs: C:\Windows\System32\eNetHook.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\Windows\system32\CTsvcCDA.exe O23 - Service: eDSService.exe (eDataSecurity Service) - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe O23 - Service: eLock Service (eLockService) - Acer Inc. - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe O23 - Service: eNet Service - Acer Inc. - C:\Acer\Empowering Technology\eNet\eNet Service.exe O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe O23 - Service: Planner voor Automatische LiveUpdate - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing) O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: ePower Service (WMIService) - acer - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe -- End of file - 8897 bytes
  25. Hoi, ik zit met eenzelfde probleem namelijk malware doctor die ineens opdook. Heb er Hijackthis & malwarebytes op losgelaten maar verder verstand heb ik er helaas niet van. Zouden jullie mij alstublieft ook kunnen helpen? Hieronder de logjes: Hijack: R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Bing R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Yahoo! UK & Ireland R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Yahoo! UK & Ireland R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = Bing R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:6522 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O1 - Hosts: ::1 localhost O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Windows\system32\ActiveToolBand.dll O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe O4 - HKLM\..\Run: [eDSMSNfix] C:\Acer\Empowering Technology\eDSMSNfix.exe O4 - HKLM\..\Run: [setPanel] C:\Acer\APanel\APanel.cmd O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe O4 - HKLM\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER O4 - HKLM\..\Run: [bigDogPath] C:\Windows\VM_STI.EXE Pro Cam O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [CTCheck] C:\Program Files\Creative\Creative ZEN\ZEN Media Explorer\CTCheck.exe O4 - HKCU\..\Run: [12CFG214-K641-12SF-N85P] C:\RECYCLER\S-1-5-21-0243936033-3052116371-381863308-1811\vsbntlo.exe O4 - HKCU\..\Run: [secureapp70700.exe] C:\Users\prive\AppData\Roaming\10266F7C7771A46C6F6B2600D3A2CFB0\secureapp70700.exe O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [] (User 'SYSTEEM') O4 - HKUS\.DEFAULT\..\Run: [] (User 'Default user') O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe O4 - Startup: OneNote 2007 Schermopname en Snel starten.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE O4 - User Startup: Antimalware Doctor.lnk = C:\Users\prive\AppData\Roaming\10266F7C7771A46C6F6B2600D3A2CFB0\secureapp70700.exe O4 - User Startup: winhelp.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Empowering Technology Launcher.lnk = ? O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: In weblog opnemen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &In weblog opnemen met Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\Windows\system32\Shdocvw.dll O15 - Trusted Zone: Faculteit Bètawetenschappen: Departement Biologie - Onderwijs & Onderzoek O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll O20 - AppInit_DLLs: eNetHook.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\Windows\system32\CTsvcCDA.exe O23 - Service: eDSService.exe (eDataSecurity Service) - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe O23 - Service: eLock Service (eLockService) - Acer Inc. - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe O23 - Service: eNet Service - Acer Inc. - C:\Acer\Empowering Technology\eNet\eNet Service.exe O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe O23 - Service: Planner voor Automatische LiveUpdate - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing) O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: ePower Service (WMIService) - acer - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe Malwarebytes: Scantype: Snelle scan Objecten gescand: 136341 Verstreken tijd: 15 minuut/minuten, 59 seconde(n) Geheugenprocessen geïnfecteerd: 1 Geheugenmodulen geïnfecteerd: 0 Registersleutels geïnfecteerd: 1 Registerwaarden geïnfecteerd: 3 Registerdata geïnfecteerd: 0 Mappen geïnfecteerd: 2 Bestanden geïnfecteerd: 15 Geheugenprocessen geïnfecteerd: C:\Users\prive\AppData\Roaming\10266F7C7771A46C6F6B2600D3A2CFB0\secureapp70700.exe (Malware.Packer.Gen) -> Unloaded process successfully. Geheugenmodulen geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Registersleutels geïnfecteerd: HKEY_CURRENT_USER\Software\Antimalware Doctor Inc (Rogue.AntimalwareDoctor) -> Quarantined and deleted successfully. Registerwaarden geïnfecteerd: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\secureapp70700.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\shell (Worm.Palevo) -> Delete on reboot. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\12cfg214-k641-12sf-n85p (Worm.AutoRun) -> Quarantined and deleted successfully. Registerdata geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Mappen geïnfecteerd: C:\RECYCLER\S-1-5-21-0243936033-3052116371-381863308-1811 (Trojan.Agent) -> Quarantined and deleted successfully. C:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013 (Trojan.Agent) -> Quarantined and deleted successfully. Bestanden geïnfecteerd: C:\Users\prive\AppData\Roaming\10266F7C7771A46C6F6B2600D3A2CFB0\secureapp70700.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully. C:\Users\prive\AppData\Local\Windows\winhelp.exe (Spyware.Passwords) -> Quarantined and deleted successfully. C:\Users\prive\AppData\Local\Temp\ukdoi.exe (Adware.BHO) -> Quarantined and deleted successfully. C:\Users\prive\AppData\Local\Temp\811598.exe (Backdoor.Agent) -> Quarantined and deleted successfully. C:\Users\prive\AppData\Local\Temp\ncsxmwoera.exe (Trojan.Dropper) -> Quarantined and deleted successfully. C:\Users\prive\AppData\Local\Temp\nlweuqi.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully. C:\Users\prive\AppData\Local\Temp\xaowernsmc.exe (Rootkit.Dropper) -> Quarantined and deleted successfully. C:\Users\prive\AppData\Local\Temp\xjhjqiu.exe (Adware.BHO) -> Quarantined and deleted successfully. C:\Users\prive\AppData\Local\Temp\otnnhn.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully. C:\RECYCLER\S-1-5-21-0243936033-3052116371-381863308-1811\Desktop.ini (Trojan.Agent) -> Quarantined and deleted successfully. C:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\Desktop.ini (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\prive\AppData\Roaming\ohydy.exe (Worm.Palevo) -> Delete on reboot. C:\Users\prive\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Antimalware Doctor.lnk (Rogue.AntimalwareDoctor) -> Quarantined and deleted successfully. C:\Users\prive\AppData\Roaming\Microsoft\Windows\Start Menu\Antimalware Doctor.lnk (Rogue.AntimalwareDoctor) -> Quarantined and deleted successfully. C:\Users\prive\Local Settings\Application Data\Windows Server\admin.txt (Malware.Trace) -> Quarantined and deleted successfully.
×
×
  • Nieuwe aanmaken...

Belangrijke informatie

We hebben cookies geplaatst op je toestel om deze website voor jou beter te kunnen maken. Je kunt de cookie instellingen aanpassen, anders gaan we er van uit dat het goed is om verder te gaan.