Ga naar inhoud

[OPGELOST] Trojan Horse Generic9.XKD


Aanbevolen berichten

beste,

download het progamma hijack this eventjes naar uw bureaublad.

installeer dit dan op de pc.

start het programma op, doe een scan en save log.

kopier de inhoud van het logbestandje hier in een post zodat wij hem kunnen bekijken.

Mv.Gr

Yannick

Link naar reactie
Delen op andere sites

Heb juist een scan met Hijack This gedaan, en dit is het resultaat

Logfile of Trend Micro HijackThis v2.0.0 (BETA)

Scan saved at 12:48:08, on 5/03/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Windows Defender\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\ZoneLabs\vsmon.exe

C:\WINDOWS\System32\wltrysvc.exe

C:\WINDOWS\System32\bcmwltry.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

C:\Program Files\Dell Network Assistant\hnm_svc.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Photodex\ProShowGold\ScsiAccess.exe

C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

C:\WINDOWS\system32\svchost.exe

C:\PROGRA~1\AVG\AVG8\avgam.exe

C:\PROGRA~1\AVG\AVG8\avgrsx.exe

C:\PROGRA~1\AVG\AVG8\avgemc.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxpers.exe

C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe

C:\WINDOWS\stsystra.exe

C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe

C:\Program Files\Dell\Media Experience\DMXLauncher.exe

C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

C:\WINDOWS\System32\DLA\DLACTRLW.EXE

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Windows Defender\MSASCui.exe

C:\Program Files\PowerISO\PWRISOVM.EXE

C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe

C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\PROGRA~1\AVG\AVG8\avgtray.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Skype\Phone\Skype.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe

C:\Program Files\Skype\Plugin Manager\skypePM.exe

C:\Program Files\Windows Live\Messenger\usnsvc.exe

C:\Program Files\AVG\AVG8\avgui.exe

C:\PROGRA~1\AVG\AVG8\avgnsx.exe

C:\Program Files\iTunes\iTunes.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceHelper.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\distnoted.exe

C:\Program Files\PeerGuardian2\pg2.exe

C:\Program Files\Windows Live\Mail\wlmail.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Documents and Settings\PieterVl\Bureaublad\HiJackThis_v2.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Gepersonaliseerde startpagina

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Het Nieuwsblad Online

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = Gepersonaliseerde startpagina

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = Gepersonaliseerde startpagina

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)

O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dll

O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll

O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll (file missing)

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"

O4 - HKLM\..\Run: [sigmatelSysTrayApp] stsystra.exe

O4 - HKLM\..\Run: [iAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe

O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe

O4 - HKLM\..\Run: [iSUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup

O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start

O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE

O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall

O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide

O4 - HKLM\..\Run: [PKR Pal] "C:\Program Files\PKR\pkrpal.exe" -osboot

O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE

O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount

O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: Belkin Wireless Utility.lnk = ?

O4 - Global Startup: Dell Network Assistant.lnk = ?

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra button: HP Clipboek - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll

O9 - Extra button: HP Slim selecteren - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll

O9 - Extra button: Unibet Guest Poker - {830BB968-4445-4a18-946B-D8582D09D678} - C:\Microgaming\Poker\UnibetguestpokerMPP\MPPoker.exe

O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL

O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)

O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O20 - AppInit_DLLs: avgrsstx.dll

O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll

O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll

O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe

O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: Advanced Networking Service (hnmsvc) - SingleClick Systems - C:\Program Files\Dell Network Assistant\hnm_svc.exe

O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: ScsiAccess - Unknown owner - C:\Program Files\Photodex\ProShowGold\ScsiAccess.exe

O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe

--

End of file - 12954 bytes

Link naar reactie
Delen op andere sites

Download Combofix.exe en zet het op je Bureaublad.

Start Hijackthis op en kies voor 'Do a system scan only'. Selecteer alleen de items hieronder genoemd:

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll (file missing)

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)

O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)

O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)

O20 - AppInit_DLLs: avgrsstx.dll

Klik op 'Fix checked' om de items te verwijderen.

Verwijder volgende vetgedrukte map via Windows Verkenner

C:\Program Files\PartyGaming\PartyPoker

Dubbelklik op Combofix.exe en volg de instructies, aanvaard de disclaimer door y te typen. Tijdens het runnen van de fix, NIET in het venster klikken, want dit zal je pc doen vasthangen.

Wanneer de fix voltooid is en na herstart, zal de log combofix.txt openen.

NOTA: Indien je virusscanner reageert met een melding van een scriptuitvoering, moet je dit toestaan.

Hang het log van Combofix en een nieuw log van HiJackThis aan een volgend bericht.

Link naar reactie
Delen op andere sites

Ik heb alles gedaan wat er in de vorige post stond (de virusscanner reageerde niet op de scriptuitvoering)

ComboFix Log:

ComboFix 08-03-05.1 - PieterVl 2008-03-05 17:10:50.1 - NTFSx86

Microsoft Windows XP Home Edition 5.1.2600.2.1252.31.1043.18.385 [GMT 1:00]

Gestart vanuit: C:\Documents and Settings\PieterVl\Bureaublad\ComboFix.exe

* Nieuw herstelpunt werd aangemaakt

WAARSCHUWING - DE RECOVERY CONSOLE IS NIET OP DIT SYSTEEM GEINSTALLEERD !!

.

ADS - system32: deleted 20790 bytes in 2 streams.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\WINDOWS\system32\AutoRun.inf

C:\WINDOWS\system32\x64

.

(((((((((((((((((((( Bestanden Gemaakt van 2008-02-05 to 2008-03-05 ))))))))))))))))))))))))))))))

.

2008-03-05 17:07 . 2008-03-05 17:07 <DIR> d-------- C:\ComboFix(2)

2008-03-04 19:39 . 2008-03-05 17:16 <DIR> d-------- C:\Program Files\PeerGuardian2

2008-03-04 07:55 . 2008-03-04 07:55 <DIR> d-------- C:\WINDOWS\LastGood

2008-03-04 07:55 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll

2008-03-04 07:55 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll

2008-03-04 07:55 . 2007-07-30 19:18 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui

2008-03-03 03:01 . 2008-03-03 03:01 <DIR> d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2

2008-03-02 23:49 . 2008-03-05 13:52 <DIR> d-------- C:\WINDOWS\system32\drivers\Avg

2008-03-02 23:49 . 2008-03-02 23:49 <DIR> d-------- C:\Program Files\AVG

2008-03-02 23:49 . 2008-03-04 17:22 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg8

2008-03-02 23:49 . 2008-03-02 23:49 96,520 --a------ C:\WINDOWS\system32\drivers\avgldx86.sys

2008-03-02 23:49 . 2008-03-02 23:49 73,864 --a------ C:\WINDOWS\system32\drivers\avgtdix.sys

2008-03-02 23:49 . 2008-03-02 23:49 14,104 --a------ C:\WINDOWS\system32\avgrsstx.dll

2008-03-02 23:49 . 2008-03-02 23:49 12,424 --a------ C:\WINDOWS\system32\drivers\avgrkx86.sys

2008-03-02 10:32 . 2008-03-02 10:42 <DIR> d-------- C:\Program Files\Windows Live

2008-03-02 10:32 . 2008-03-02 10:42 <DIR> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller

2008-03-02 10:32 . 2008-03-02 10:32 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller

2008-02-25 20:37 . 2008-02-25 20:37 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Muzzy Lane Software

2008-02-25 20:33 . 2008-02-25 20:33 <DIR> d-------- C:\Program Files\Strategy First

2008-02-16 20:37 . 2008-02-16 20:37 <DIR> d-------- C:\Program Files\Common Files\SupportSoft

2008-02-12 19:04 . 2008-02-12 19:04 <DIR> d-------- C:\Program Files\Photodex Presenter

2008-02-12 19:04 . 2008-02-12 19:04 <DIR> d-------- C:\Program Files\Photodex

2008-02-12 19:04 . 2008-02-12 19:04 <DIR> d-------- C:\Documents and Settings\PieterVl\Application Data\Netscape

2008-02-12 19:03 . 2008-02-12 19:03 <DIR> d-------- C:\Documents and Settings\PieterVl\Application Data\Photodex

2008-02-11 23:03 . 2008-02-11 23:05 <DIR> d-------- C:\Program Files\Clo

2008-02-11 22:54 . 2008-02-11 22:54 <DIR> d-------- C:\Program Files\Core Design

2008-02-11 22:54 . 1997-08-14 16:17 117,248 --a------ C:\WINDOWS\system32\Edec.dll

2008-02-11 22:54 . 1997-08-14 16:31 98,816 --a------ C:\WINDOWS\system32\Dec130.dll

2008-02-11 22:54 . 1997-08-14 16:24 89,600 --a------ C:\WINDOWS\system32\Winsdec.dll

2008-02-11 22:54 . 1997-08-14 11:10 80,896 --a------ C:\WINDOWS\system32\Winstr.dll

2008-02-11 22:54 . 1997-08-14 16:06 60,416 --a------ C:\WINDOWS\system32\Winplay.dll

2008-02-10 11:14 . 2008-02-10 11:35 <DIR> d-------- C:\divx

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-03-05 16:14 --------- d-----w C:\Documents and Settings\PieterVl\Application Data\Skype

2008-03-05 16:04 --------- d-----w C:\Program Files\PartyGaming

2008-03-05 15:07 --------- d-----w C:\Documents and Settings\PieterVl\Application Data\skypePM

2008-03-04 23:08 --------- d-----w C:\Documents and Settings\PieterVl\Application Data\uTorrent

2008-03-02 09:24 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP

2008-03-01 22:48 1,214,976 ----a-w C:\WINDOWS\Internet Logs\xDBE.tmp

2008-02-29 14:00 --------- d-----w C:\Program Files\Norton Security Scan

2008-02-06 11:03 --------- d-----w C:\Program Files\DivX

2008-02-05 11:58 --------- d-----w C:\Program Files\Mystery Case Files - Prime Suspects

2008-02-05 10:48 --------- d-----w C:\Program Files\Common Files\Symantec Shared

2008-02-04 22:13 --------- d-----w C:\Documents and Settings\PieterVl\Application Data\Microgaming

2008-02-01 09:10 --------- d-----w C:\Program Files\Mozilla Firefox 3 Beta 2

2008-01-27 10:05 --------- d-----w C:\Documents and Settings\PieterVl\Application Data\HPAppData

2008-01-20 04:41 246,784 ----a-w C:\WINDOWS\Internet Logs\xDBD.tmp

2008-01-19 23:39 --------- d-----w C:\Program Files\iTunes

2008-01-19 23:39 --------- d-----w C:\Program Files\iPod

2008-01-19 23:38 --------- d-----w C:\Program Files\QuickTime

2008-01-19 20:47 --------- d-----w C:\Program Files\BFG

2008-01-19 13:23 32 ----a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat

2008-01-19 13:22 --------- d-----w C:\Program Files\Skype

2008-01-19 13:22 --------- d-----w C:\Program Files\Common Files\Skype

2008-01-19 13:22 --------- d-----w C:\Documents and Settings\All Users\Application Data\Skype

2008-01-14 11:32 --------- d-----w C:\Program Files\Zone.com Deluxe Games

2008-01-13 12:59 --------- d-----w C:\Program Files\ReflexiveArcade

2008-01-12 22:13 1,981,952 ----a-w C:\WINDOWS\Internet Logs\xDBC.tmp

2008-01-11 05:52 44,544 ----a-w C:\WINDOWS\system32\dllcache\pngfilt.dll

2008-01-05 19:50 --------- d-----w C:\Documents and Settings\All Users\Application Data\WEBREG

2008-01-05 19:49 --------- d-----w C:\Documents and Settings\All Users\Application Data\Hewlett-Packard

2008-01-05 19:46 --------- d-----w C:\Documents and Settings\All Users\Application Data\HPSSUPPLY

2008-01-05 19:45 --------- d-----w C:\Program Files\Hewlett-Packard

2008-01-05 19:45 --------- d-----w C:\Program Files\Common Files\HP

2008-01-05 19:45 --------- d-----w C:\Documents and Settings\All Users\Application Data\HP Product Assistant

2008-01-05 19:45 --------- d-----w C:\Documents and Settings\All Users\Application Data\HP

2008-01-05 19:44 --------- d-----w C:\Program Files\Common Files\Hewlett-Packard

2007-12-19 22:57 347,136 ----a-w C:\WINDOWS\system32\dllcache\dxtmsft.dll

2007-12-18 23:43 2,684,416 ----a-w C:\WINDOWS\Internet Logs\xDBB.tmp

2007-12-18 09:51 179,584 ------w C:\WINDOWS\system32\dllcache\mrxdav.sys

2007-12-15 21:02 2,254,463 ----a-w C:\WINDOWS\Internet Logs\tvDebug.zip

2007-12-08 05:18 3,592,192 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll

2007-12-06 11:04 70,656 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe

2007-12-06 11:04 625,664 ------w C:\WINDOWS\system32\dllcache\iexplore.exe

2007-12-06 11:00 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe

2007-12-06 04:59 161,792 ------w C:\WINDOWS\system32\dllcache\ieakui.dll

2007-11-30 17:47 2,804,224 ----a-w C:\WINDOWS\Internet Logs\xDBA.tmp

2007-11-23 16:00 2,704,384 ----a-w C:\WINDOWS\Internet Logs\xDB9.tmp

2007-11-23 11:04 2,699,776 ----a-w C:\WINDOWS\Internet Logs\xDB8.tmp

2007-11-13 22:36 2,614,784 ----a-w C:\WINDOWS\Internet Logs\xDB7.tmp

2007-11-13 22:36 1,165,824 ----a-w C:\WINDOWS\Internet Logs\xDB6.tmp

2007-10-30 21:57 2,444,800 ----a-w C:\WINDOWS\Internet Logs\xDB5.tmp

2007-10-30 21:57 1,056,768 ----a-w C:\WINDOWS\Internet Logs\xDB4.tmp

2007-10-19 18:33 2,276,864 ----a-w C:\WINDOWS\Internet Logs\xDB3.tmp

2007-10-19 18:33 153,600 ----a-w C:\WINDOWS\Internet Logs\xDB2.tmp

2007-10-18 22:36 509,440 ----a-w C:\WINDOWS\Internet Logs\xDB1.tmp

2007-09-29 18:08 17,554,781 ----a-w C:\WINDOWS\Internet Logs\vsmon_on_demand_2007_09_29_19_44_20_full.dmp.zip

2007-09-29 18:07 90,055 ----a-w C:\WINDOWS\Internet Logs\vsmon_2nd_2007_09_29_19_44_03_small.dmp.zip

2007-09-29 18:07 17,294,410 ----a-w C:\WINDOWS\Internet Logs\vsmon_on_demand_2007_09_29_19_43_43_full.dmp.zip

2007-09-29 18:07 115,416 ----a-w C:\WINDOWS\Internet Logs\vsmon_2nd_2007_09_29_16_55_02_small.dmp.zip

2007-07-30 08:52 17,161,589 ----a-w C:\WINDOWS\Internet Logs\vsmon_on_demand_2007_07_30_10_46_42_full.dmp.zip

2007-07-30 08:52 115,254 ----a-w C:\WINDOWS\Internet Logs\vsmon_2nd_2007_07_30_05_36_05_small.dmp.zip

2007-06-06 13:41 8 --sh--w C:\Program Files\.drv120405.dat

2007-06-06 13:41 8 --sh--w C:\Program Files\.data211204.dat

2007-06-06 13:41 8 --sh--w C:\Program Files\.data211004.dat

2007-06-06 13:41 8 --sh--w C:\Program Files\.data110704.dat

2007-06-06 13:41 8 --sh--w C:\Program Files\.dat000002.dat

2007-06-06 13:41 8 --sh--w C:\Program Files\.dat000001.dat

2007-06-06 13:41 8 --sh--w C:\Documents and Settings\PieterVl\Application Data\.drv190904.dat

2007-06-06 13:41 8 --sh--w C:\Documents and Settings\PieterVl\Application Data\.drv120205.dat

2007-06-06 13:41 8 --sh--w C:\Documents and Settings\PieterVl\Application Data\.data001.dat

2007-06-06 13:41 8 --sh--w C:\Documents and Settings\PieterVl\Application Data\.data000.dat

2007-06-06 13:41 8 --sh--w C:\Documents and Settings\PieterVl\Application Data\.app190905.dat

2007-06-06 13:41 8 --sh--w C:\Documents and Settings\PieterVl\Application Data\.addit001.dat

2007-04-10 09:08 122,363 ----a-w C:\WINDOWS\Internet Logs\vsmon_2nd_2007_04_09_06_08_01_small.dmp.zip

2007-02-24 13:32 86,027 ----a-w C:\WINDOWS\Internet Logs\vsmon_2nd_2007_02_24_14_17_11_small.dmp.zip

2007-02-11 13:20 93,868 ----a-w C:\WINDOWS\Internet Logs\vsmon_2nd_2007_02_10_21_38_55_small.dmp.zip

2006-11-27 18:45 178 ----a-w C:\Documents and Settings\PieterVl\Application Data\wklnhst.dat

2007-04-12 22:57 88 --sh--r C:\WINDOWS\system32\05E0BB1DD6.sys

2007-03-13 19:16 56 --sh--r C:\WINDOWS\system32\AA572468BE.sys

2007-05-08 18:22 6,424 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys

2007-02-26 22:14 5,343,776 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat

2007-02-26 22:14 207,136 --sha-w C:\WINDOWS\system32\drivers\fidbox2.dat

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

REGEDIT4

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-04-19 19:18 68856]

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 12:00 15360]

"AlcoholAutomount"="C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" [2007-07-02 11:27 219520]

"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2008-02-01 17:22 21898024]

"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2006-07-21 23:48 98304]

"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2006-07-21 23:50 86016]

"Persistence"="C:\WINDOWS\system32\igfxpers.exe" [2006-07-21 23:47 81920]

"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11 132496]

"SigmatelSysTrayApp"="stsystra.exe" [2006-07-24 17:20 282624 C:\WINDOWS\stsystra.exe]

"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2006-07-06 07:15 151552]

"DMXLauncher"="C:\Program Files\Dell\Media Experience\DMXLauncher.exe" [2005-10-05 03:12 94208]

"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 10:44 249856]

"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 10:44 81920]

"DLA"="C:\WINDOWS\System32\DLA\DLACTRLW.EXE" [2005-09-08 05:20 122940]

"MSKDetectorExe"="C:\Program Files\McAfee\SpamKiller\MSKDetct.exe" [2005-07-12 19:05 1117184]

"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 18:20 866584]

"PKR Pal"="C:\Program Files\PKR\pkrpal.exe" [ ]

"PWRISOVM.EXE"="C:\Program Files\PowerISO\PWRISOVM.EXE" [2007-08-07 01:05 200704]

"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-11-14 16:05 919016]

"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-11 21:34 49152]

"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-01-10 15:27 385024]

"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-01-15 03:22 267048]

"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-03-02 23:49 899864]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 12:00 15360]

"DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2005-04-25 13:45 36040]

C:\Documents and Settings\PieterVl\Menu Start\Programma's\Opstarten\

Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 19:16:50 113664]

Mopy Points Collector.lnk - C:\MOPYFISH\GETPOINT.EXE [2007-08-03 23:13:59 39612]

C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\

Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26 29696]

Belkin Wireless Utility.lnk - C:\Program Files\Belkin\F5D7001v2000\Belkinwcui.exe [2007-02-06 18:33:18 1572864]

Dell Network Assistant.lnk - C:\WINDOWS\Installer\{0240BDFB-2995-4A3F-8C96-18D41282B716}\Icon0240BDFB3.exe [2006-10-20 00:14:57 7168]

HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2007-03-11 21:26:24 210520]

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]

"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"C:\\Program Files\\Messenger\\msmsgs.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"C:\\Program Files\\Sports Interactive\\Football Manager 2008\\fm.exe"=

"C:\\Program Files\\iTunes\\iTunes.exe"=

"C:\\Program Files\\Dell Network Assistant\\ezi_hnm2.exe"=

"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"=

"C:\\Program Files\\AVG\\AVG8\\avgemc.exe"=

"C:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=

"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"18912:TCP"= 18912:TCP:hgf

"18912:UDP"= 18912:UDP:hgf

"10421:UDP"= 10421:UDP:SingleClick Discovery Protocol

"10426:UDP"= 10426:UDP:SingleClick ICC

R0 AvgRkx86;avgrkx86.sys;C:\WINDOWS\system32\Drivers\avgrkx86.sys [2008-03-02 23:49]

R1 AvgLdx86;AVG AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-03-02 23:49]

R2 avg8emc;AVG8 E-mail Scanner;C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-03-02 23:49]

R2 avg8wd;AVG8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-03-02 23:49]

R2 AvgTdiX;AVG8 Network Redirector;C:\WINDOWS\system32\Drivers\avgtdix.sys [2008-03-02 23:49]

S3 NAL;Nal Service ;C:\WINDOWS\system32\Drivers\iqvw32.sys [2006-06-05 03:39]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

*Newly Created Service* - AVG8EMC

*Newly Created Service* - AVG8WD

*Newly Created Service* - AVGLDX86

*Newly Created Service* - AVGMFX86

*Newly Created Service* - AVGTDIX

*Newly Created Service* - PGFILTER

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{638FF2CC-2969-CDE7-2F97-90A44864A71F}]

C:\WINDOWS\system32:svchost.exe

.

Inhoud van de 'Gedeelde Taken' map

"2008-03-03 17:30:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"

- C:\Program Files\Apple Software Update\SoftwareUpdate.exe

"2008-03-05 00:59:59 C:\WINDOWS\Tasks\MP Scheduled Scan.job"

- C:\Program Files\Windows Defender\MpCmdRun.exe

"2008-02-29 14:08:53 C:\WINDOWS\Tasks\Norton Security Scan.job"

- C:\Program Files\Norton Security Scan\Nss.exe

"2008-03-05 04:05:18 C:\WINDOWS\Tasks\User_Feed_Synchronization-{FB3B5A2F-BAB6-4D20-97E4-D54B14322D2C}.job"

- C:\WINDOWS\system32\msfeedssync.exe

.

**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-03-05 17:16:44

Windows 5.1.2600 Service Pack 2 NTFS

scannen van verborgen processen ...

scannen van verborgen autostart items ...

scannen van verborgen bestanden ...

Scan succesvol afgerond

verborgen bestanden: 0

**************************************************************************

.

Voltooingstijd: 2008-03-05 17:18:08

ComboFix-quarantined-files.txt 2008-03-05 16:17:33

.

2008-03-03 02:01:22 --- E O F ---

HijackThis Log:

Logfile of Trend Micro HijackThis v2.0.0 (BETA)

Scan saved at 18:21:47, on 5/03/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Windows Defender\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\ZoneLabs\vsmon.exe

C:\WINDOWS\System32\wltrysvc.exe

C:\WINDOWS\System32\bcmwltry.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

C:\Program Files\Dell Network Assistant\hnm_svc.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Photodex\ProShowGold\ScsiAccess.exe

C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

C:\WINDOWS\system32\svchost.exe

C:\PROGRA~1\AVG\AVG8\avgam.exe

C:\PROGRA~1\AVG\AVG8\avgrsx.exe

C:\PROGRA~1\AVG\AVG8\avgemc.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxpers.exe

C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe

C:\WINDOWS\stsystra.exe

C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe

C:\Program Files\Dell\Media Experience\DMXLauncher.exe

C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

C:\WINDOWS\System32\DLA\DLACTRLW.EXE

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Windows Defender\MSASCui.exe

C:\Program Files\PowerISO\PWRISOVM.EXE

C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe

C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\PROGRA~1\AVG\AVG8\avgtray.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Skype\Phone\Skype.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Skype\Plugin Manager\skypePM.exe

C:\Program Files\Windows Live\Messenger\usnsvc.exe

C:\PROGRA~1\AVG\AVG8\avgnsx.exe

C:\Program Files\iTunes\iTunes.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceHelper.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\distnoted.exe

C:\Program Files\PeerGuardian2\pg2.exe

C:\WINDOWS\system32\notepad.exe

C:\WINDOWS\explorer.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Documents and Settings\Pieter Vlekken\Bureaublad\HiJackThis_v2.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Het Nieuwsblad Online

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = Gepersonaliseerde startpagina

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = Gepersonaliseerde startpagina

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen

O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dll

O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"

O4 - HKLM\..\Run: [sigmatelSysTrayApp] stsystra.exe

O4 - HKLM\..\Run: [iAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe

O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe

O4 - HKLM\..\Run: [iSUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup

O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start

O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE

O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall

O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide

O4 - HKLM\..\Run: [PKR Pal] "C:\Program Files\PKR\pkrpal.exe" -osboot

O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE

O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount

O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Startup: Mopy Points Collector.lnk = C:\MOPYFISH\GETPOINT.EXE

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: Belkin Wireless Utility.lnk = ?

O4 - Global Startup: Dell Network Assistant.lnk = ?

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra button: HP Clipboek - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll

O9 - Extra button: HP Slim selecteren - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll

O9 - Extra button: Unibet Guest Poker - {830BB968-4445-4a18-946B-D8582D09D678} - C:\Microgaming\Poker\UnibetguestpokerMPP\MPPoker.exe

O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll

O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll

O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe

O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: Advanced Networking Service (hnmsvc) - SingleClick Systems - C:\Program Files\Dell Network Assistant\hnm_svc.exe

O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: ScsiAccess - Unknown owner - C:\Program Files\Photodex\ProShowGold\ScsiAccess.exe

O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe

--

End of file - 11744 bytes

Ik heb ook ineens C:\WINDOWS\system32 nog eens gescand en er kwam geen virus meer tevoorschijn.

Link naar reactie
Delen op andere sites

Gast
Dit topic is nu gesloten voor nieuwe reacties.
×
×
  • Nieuwe aanmaken...

Belangrijke informatie

We hebben cookies geplaatst op je toestel om deze website voor jou beter te kunnen maken. Je kunt de cookie instellingen aanpassen, anders gaan we er van uit dat het goed is om verder te gaan.