graag eventjes een nazicht aub

urbain · 11 feb 2008

beste mensen ik zit hier met iets waarover ik vermoed dat het een trojan is,daarom deze hijackthis.
de trojan draagt de naam .... iets zoals click trojan het verschijnt af en toe op het scherm dat mijn virusscanner op mijn pc laat zien.bedankt voor het kijken

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:00:29, on 19/01/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16575)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\TomTom HOME 2\HOMERunner.exe
C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\Program Files\D-Link\D-Link Wireless N DWA-140\AirNCFG.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\BullGuard Software\BullGuard\BullGuard.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\SuperCleaner\SuperCleaner.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Acesoft\Tracks Eraser Pro\te.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Internet Explorer\IEUser.exe
C:\Windows\system32\taskeng.exe
C:\PROGRA~1\MICROS~2\Office12\OUTLOOK.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\Explorer.exe
C:\Windows\system32\notepad.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\SearchFilterHost.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O3 - Toolbar: SYSTRAN Web Translator 5.0 - {A5899B52-3AF9-4F56-85FE-AD7B3BE8490F} - C:\Program Files\SYSTRAN\5.0\Personal\IEPlugIn.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun
O4 - HKLM\..\Run: [BullGuard] "C:\Program Files\BullGuard Software\BullGuard\bullguard.exe" -boot
O4 - HKLM\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\HOMERunner.exe" -s
O4 - HKLM\..\Run: [MSConfig] "C:\Windows\system32\msconfig.exe" /auto
O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKLM\..\Run: [D-Link D-Link Wireless N DWA-140] C:\Program Files\D-Link\D-Link Wireless N DWA-140\AirNCFG.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Gadwin PrintScreen 3.5] C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe /nosplash
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector
O4 - HKCU\..\Run: [BullGuard] "C:\Program Files\BullGuard Software\BullGuard\BullGuard.exe"
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SuperCleaner] "C:\Program Files\SuperCleaner\SuperCleaner.exe" /h/b
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [Tracks Eraser Pro] C:\Program Files\Acesoft\Tracks Eraser Pro\te.exe min
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O8 - Extra context menu item: DiaryOne: Save full text - C:\Program Files\DiaryOne\Script\fullcatcher.htm
O8 - Extra context menu item: DiaryOne: Save selected text - C:\Program Files\DiaryOne\Script\catcher.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.5.0) - http://javadl-esd.sun.com/update/1.5.0/jinstall-1_5_0-windows-i586.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://fdl.msn.com/public/chat/msnchat45.cab
O23 - Service: BullGuard LiveUpdate (BGLiveSvc) - BullGuard Software - C:\Program Files\BullGuard Software\BullGuard\BullGuardUpdate.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\Windows\system32\PSIService.exe
O23 - Service: SiSoftware Database Agent Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XI.SP1a\Win32\RpcDataSrv.exe
O23 - Service: SiSoftware Sandra Agent Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XI.SP1a\RpcSandraSrv.exe
O23 - Service: UPnPService - Magix AG - C:\Program Files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe
--
End of file - 8677 bytes

gast99 · 13 feb 2008

Download Combofix naar je Bureaublad.
Indien je Combofix al eerder hebt gebruikt, gelieve die versie te verwijderen en Combofix opnieuw te downloaden via bovenstaande link, want Combofix wordt dagelijks geupdate.

OPMERKING: indien je, tijdens of na het downloaden van Combofix of tijdens het gebruik van Combofix een melding krijgt van je Antivirus- of een andere realtime scanner, schakel dan deze scanner uit en download Combofix opnieuw. Sommige scanners zien bepaalde componenten die Combofix gebruikt als verdacht en gaan deze blokkeren of verwijderen!

Dubbelklik op Combofix.exe
Volg de instructies, aanvaard de disclaimer door 1 (continue) te typen, gevolgd door ENTER.
Tijdens het runnen van de fix, NIET in het venster klikken, want dit zal je pc doen vasthangen.

Wanneer de fix voltooid is en na herstart, zal de log combofix.txt openen.
Plaats deze log in je volgende post samen met een nieuw HijackThis log.

urbain · 13 feb 2008

PHP:

ComboFix 08-02-13.2 - Gebruiker 2008-02-13 17:27:30.3 - NTFSx86
Microsoft® Windows Vista™ Home Premium   6.0.6000.0.1252.1.1043.18.1229 [GMT 1:00]
Gestart vanuit: C:\Users\Gebruiker\Desktop\ComboFix.exe
 * Nieuw herstelpunt werd aangemaakt
.
((((((((((((((((((((   Bestanden Gemaakt van 2008-01-13 to 2008-02-13  ))))))))))))))))))))))))))))))
.
2008-02-10 22:35 . 2008-02-10 22:35 <DIR> d-------- C:\Program Files\images
2008-02-10 22:35 . 2008-02-10 22:35 <DIR> d-------- C:\Program Files\config
2008-02-10 21:32 . 2008-02-10 21:59 <DIR> d-------- C:\Users\Gebruiker\ares
2008-02-09 20:03 . 2008-02-09 20:03 <DIR> d-------- C:\Program Files\Mp3 My Mp3 2.0
2008-02-08 19:53 . 2008-02-08 19:53 <DIR> d-------- C:\Program Files\Anark
2008-02-08 19:53 . 2006-11-22 14:27 212,992 --a------ C:\Windows\System32\AKCPanel.cpl
2008-02-08 14:57 . 2008-02-08 15:00 <DIR> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller
2008-02-08 14:56 . 2008-02-13 17:05 <DIR> d-------- C:\Users\All Users\WLInstaller
2008-02-08 14:56 . 2008-02-13 17:05 <DIR> d-------- C:\ProgramData\WLInstaller
2008-02-08 14:56 . 2008-02-08 15:00 <DIR> d-------- C:\Program Files\Windows Live
2008-02-07 20:50 . 2008-02-07 20:50 31 --a------ C:\Windows\warhead.ini
2008-02-07 20:49 . 2008-02-07 20:50 <DIR> d-------- C:\Program Files\Logitech
2008-02-07 20:49 . 2008-02-07 20:49 <DIR> d-------- C:\Program Files\Common Files\Logitech
2008-02-07 20:49 . 2002-11-23 12:15 322,832 --a------ C:\Windows\System32\MFC30.DLL
2008-02-04 11:30 . 2008-02-04 11:30 <DIR> d-------- C:\Program Files\Easy Read
2008-02-04 11:30 . 2008-02-04 11:30 134,059 --a------ C:\Windows\Easy Read Uninstaller.exe
2008-02-03 23:13 . 2008-02-03 23:13 <DIR> d-------- C:\Program Files\Auslogics
2008-02-03 21:52 . 2008-02-03 21:54 <DIR> d-------- C:\Windows\$regcmp$
2008-02-03 18:51 . 2007-04-09 13:23 28,040 --a------ C:\Windows\System32\mdimon.dll
2008-02-03 18:51 . 2008-02-03 18:51 392 --a------ C:\Windows\ODBC.INI
2008-02-03 18:49 . 2008-02-03 18:49 <DIR> d-------- C:\Windows\PCHEALTH
2008-02-03 18:49 . 2008-02-03 18:49 <DIR> d-------- C:\Program Files\Microsoft.NET
2008-02-02 10:35 . 2008-02-02 10:35 <DIR> d-------- C:\Users\Gebruiker\AppData\Roaming\Qtrax1
2008-02-02 10:35 . 2008-02-02 10:35 <DIR> d-------- C:\Users\All Users\SongbirdVLC
2008-02-02 10:35 . 2008-02-02 10:35 <DIR> d-------- C:\ProgramData\SongbirdVLC
2008-01-30 09:41 . 2008-01-30 09:41 <DIR> d-------- C:\Users\All Users\My Music
2008-01-30 09:41 . 2008-01-30 09:41 <DIR> d-------- C:\ProgramData\My Music
2008-01-30 09:40 . 2008-01-30 09:40 <DIR> d-------- C:\Program Files\Corel
2008-01-27 19:18 . 2008-01-27 19:18 <DIR> d-------- C:\Games
2008-01-25 20:36 . 2008-01-27 20:50 <DIR> d-------- C:\Users\Gebruiker\AppData\Roaming\Ten Thumbs Typing Tutor
2008-01-24 21:16 . 2008-01-24 21:16 <DIR> d-------- C:\Users\Gebruiker\AppData\Roaming\PCToolsFirewallPlus
2008-01-24 21:12 . 2008-02-01 19:24 <DIR> d-------- C:\Program Files\PC Tools Firewall Plus
2008-01-24 21:12 . 2008-01-26 09:40 100,448 --a------ C:\Windows\System32\drivers\pctfw1.sys
2008-01-24 21:12 . 2008-01-26 09:40 55,904 --a------ C:\Windows\System32\drivers\pctfw.sys
2008-01-24 20:55 . 2008-01-27 19:44 <DIR> d-------- C:\Program Files\Eusing Free Registry Cleaner
2008-01-24 20:48 . 2008-01-24 20:48 <DIR> d-------- C:\Program Files\Registry Clean Expert
2008-01-24 20:45 . 2008-01-24 20:45 <DIR> d-------- C:\Program Files\FuturixImager
2008-01-24 19:37 . 2008-01-24 19:37 <DIR> d-------- C:\Program Files\Ten Thumbs Typing Tutor 4.6
2008-01-23 19:11 . 2007-11-01 11:27 49,262 --a------ C:\Windows\System32\jpicpl32.cpl
2008-01-20 12:15 . 2008-01-20 12:15 <DIR> d-------- C:\Program Files\Photo Story 3 for Windows
2008-01-20 12:10 . 2008-01-20 12:10 <DIR> d-------- C:\Program Files\Microsoft Silverlight
2008-01-18 15:05 . 2008-01-18 15:05 <DIR> d-------- C:\Program Files\Trend Micro
2008-01-13 21:09 . 2008-01-17 13:23 88 -r-hs---- C:\Windows\System32\D9D8A27311.sys
2008-01-13 00:18 . 2008-01-13 00:18 <DIR> d-------- C:\Windows\Corel
2008-01-13 00:18 . 2008-01-13 00:18 <DIR> d-------- C:\Program Files\KnockOut 2
2008-01-13 00:15 . 2008-01-17 12:54 <DIR> d-------- C:\Users\Gebruiker\AppData\Roaming\Ashampoo Photo Commander 4
.
(((((((((((((((((((((((((((((((((((((((   Find3M Rapport   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-13 16:22 --------- d-----w C:\ProgramData\BullGuard
2008-02-13 14:56 --------- d-----w C:\ProgramData\Google Updater
2008-02-10 21:35 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-02-03 22:52 --------- d-----w C:\Users\Gebruiker\AppData\Roaming\Corel
2008-02-03 22:51 11,164 --sha-w C:\Windows\System32\KGyGaAvL.sys
2008-02-03 22:26 --------- d-----w C:\ProgramData\NVIDIA
2008-02-03 22:17 --------- d-----w C:\Users\Gebruiker\AppData\Roaming\Auslogics
2008-02-03 18:04 --------- d---a-w C:\ProgramData\TEMP
2008-02-03 16:55 --------- d-----w C:\ProgramData\Microsoft Help
2008-02-03 16:54 --------- d-----w C:\Program Files\MSBuild
2008-02-03 16:54 --------- d-----w C:\Program Files\Microsoft Works
2008-01-30 09:03 --------- d-----w C:\Program Files\Common Files\Ahead
2008-01-30 08:40 --------- d-----w C:\Program Files\Common Files\Corel
2008-01-24 13:26 --------- d-----w C:\ProgramData\Spybot - Search & Destroy
2008-01-23 18:11 --------- d-----w C:\Program Files\Java
2008-01-19 19:28 40,960 ----a-w C:\Windows\DelPiv.exe
2008-01-18 19:25 --------- d-----w C:\Users\Gebruiker\AppData\Roaming\BullGuard
2008-01-18 19:25 --------- d-----w C:\Program Files\Acesoft
2008-01-17 21:19 --------- d-----w C:\Program Files\Directory Lister
2008-01-17 21:14 --------- d-----w C:\Program Files\WashAndGo
2008-01-13 20:13 --------- d-----w C:\ProgramData\Corel
2008-01-12 21:52 --------- d-----w C:\Program Files\Prismatic Software
2008-01-12 21:50 --------- d-----w C:\Program Files\VisiPics
2008-01-12 21:46 --------- d-----w C:\Users\Gebruiker\AppData\Roaming\Obsidium
2008-01-12 21:46 --------- d-----w C:\Program Files\ImageComparer
2008-01-11 16:33 --------- d-----w C:\Program Files\AusLogics Disk Defrag
2008-01-11 12:17 --------- d-----w C:\ProgramData\MAGIX
2008-01-11 12:17 --------- d-----w C:\Program Files\MAGIX
2008-01-10 14:41 --------- d-----w C:\Program Files\RGBmachine 3.7
2008-01-10 10:05 --------- d-----w C:\Program Files\Windows Sidebar
2008-01-10 10:05 --------- d-----w C:\Program Files\Windows Mail
2008-01-10 10:02 802,816 ----a-w C:\Windows\system32\drivers\tcpip.sys
2008-01-10 10:02 24,064 ----a-w C:\Windows\System32\netcfg.exe
2008-01-10 10:02 22,016 ----a-w C:\Windows\System32\netiougc.exe
2008-01-10 10:02 216,760 ----a-w C:\Windows\system32\drivers\netio.sys
2008-01-10 10:02 167,424 ----a-w C:\Windows\System32\tcpipcfg.dll
2008-01-10 10:01 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll
2008-01-10 10:01 45,112 ----a-w C:\Windows\system32\drivers\pciidex.sys
2008-01-10 10:01 449,024 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2008-01-10 10:01 4,247,552 ----a-w C:\Windows\System32\GameUXLegacyGDFs.dll
2008-01-10 10:01 211,000 ----a-w C:\Windows\system32\drivers\volsnap.sys
2008-01-10 10:01 21,560 ----a-w C:\Windows\system32\drivers\atapi.sys
2008-01-10 10:01 2,143,744 ----a-w C:\Windows\AppPatch\AcGenral.dll
2008-01-10 10:01 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2008-01-10 10:01 154,624 ----a-w C:\Windows\system32\drivers\nwifi.sys
2008-01-10 10:01 15,928 ----a-w C:\Windows\system32\drivers\pciide.sys
2008-01-10 10:01 109,624 ----a-w C:\Windows\system32\drivers\ataport.sys
2008-01-10 10:01 1,686,016 ----a-w C:\Windows\System32\gameux.dll
2008-01-10 10:01 1,060,920 ----a-w C:\Windows\system32\drivers\ntfs.sys
2008-01-10 10:00 11,776 ----a-w C:\Windows\System32\sbunattend.exe
2008-01-09 02:03 --------- d-----w C:\Users\Gebruiker\AppData\Roaming\PCF-VLC
2008-01-09 01:36 --------- d-----w C:\Users\Gebruiker\AppData\Roaming\GrabIt
2008-01-06 21:18 --------- d-----w C:\Program Files\Common Files\ACD Systems
2008-01-06 13:07 --------- d-----w C:\Program Files\GrabIt
2008-01-04 01:05 --------- d-----w C:\Program Files\PureImage
2008-01-02 22:25 --------- d-----w C:\Program Files\Greeting Card Studio
2008-01-02 21:39 --------- d-----w C:\Program Files\AIMP2
2008-01-02 21:21 --------- d-----w C:\Program Files\MASC Software BV
2008-01-02 21:21 --------- d-----w C:\Program Files\Masc software
2008-01-02 20:37 --------- d-----w C:\Program Files\MemoriesOnTV3
2007-12-30 12:30 --------- d-----w C:\Program Files\SuperCleaner
2007-12-29 23:18 --------- d-----w C:\Program Files\Winspy
2007-12-25 11:22 --------- d-----w C:\Users\Gebruiker\AppData\Roaming\Vso
2007-12-24 19:03 --------- d-----w C:\Program Files\Teorex
2007-12-24 16:41 --------- d-----w C:\Program Files\DivX
2007-12-22 11:51 --------- d-----w C:\Program Files\PhotoMix
2007-12-17 23:24 --------- d-----w C:\Program Files\DiaryOne
2007-12-16 11:21 --------- d-----w C:\Users\Gebruiker\AppData\Roaming\Yahoo!
2007-12-15 22:59 --------- d-----w C:\Users\Gebruiker\AppData\Roaming\ACD Systems
2007-12-15 22:04 --------- d-----w C:\Users\Gebruiker\AppData\Roaming\Ashampoo Photo Commander 5
2007-12-15 15:37 --------- d-----w C:\ProgramData\Genie-Soft
2007-12-15 15:36 --------- d-----w C:\Users\Gebruiker\AppData\Roaming\Genie-Soft
2007-12-14 19:14 --------- d-----w C:\Users\Gebruiker\AppData\Roaming\dvdcss
2007-12-14 18:53 --------- d-----w C:\Users\Gebruiker\AppData\Roaming\DivX
2007-12-13 02:03 9,728 ----a-w C:\Windows\System32\LAPRXY.DLL
2007-12-13 02:03 223,232 ----a-w C:\Windows\System32\WMASF.DLL
2007-12-13 02:03 1,327,104 ----a-w C:\Windows\System32\quartz.dll
2007-12-13 02:02 84,992 ----a-w C:\Windows\system32\drivers\srvnet.sys
2007-12-13 02:02 824,832 ----a-w C:\Windows\System32\wininet.dll
2007-12-13 02:02 58,368 ----a-w C:\Windows\system32\drivers\mrxsmb20.sys
2007-12-13 02:02 56,320 ----a-w C:\Windows\System32\iesetup.dll
2007-12-13 02:02 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2007-12-13 02:02 26,624 ----a-w C:\Windows\System32\ieUnatt.exe
2007-12-13 02:02 130,048 ----a-w C:\Windows\system32\drivers\srv2.sys
2007-12-13 02:02 101,888 ----a-w C:\Windows\system32\drivers\mrxsmb.sys
2007-12-13 02:01 3,504,824 ----a-w C:\Windows\System32\ntkrnlpa.exe
2007-12-13 02:01 3,470,520 ----a-w C:\Windows\System32\ntoskrnl.exe
2007-12-11 22:34 200,704 ----a-w C:\Windows\System32\ssldivx.dll
2007-12-11 22:34 1,044,480 ----a-w C:\Windows\System32\libdivx.dll
2007-12-04 18:38 524,288 ----a-w C:\Windows\System32\DivXsm.exe
2007-12-04 18:38 3,596,288 ----a-w C:\Windows\System32\qt-dx331.dll
2007-12-04 18:36 823,296 ----a-w C:\Windows\System32\divx_xx0c.dll
2007-12-04 18:36 823,296 ----a-w C:\Windows\System32\divx_xx07.dll
2007-12-04 18:36 81,920 ----a-w C:\Windows\System32\dpl100.dll
2007-12-04 18:36 802,816 ----a-w C:\Windows\System32\divx_xx11.dll
2007-12-04 18:36 682,496 ----a-w C:\Windows\System32\DivX.dll
2007-12-04 18:36 593,920 ----a-w C:\Windows\System32\dpuGUI11.dll
2007-12-04 18:36 57,344 ----a-w C:\Windows\System32\dpv11.dll
2007-12-04 18:36 53,248 ----a-w C:\Windows\System32\dpuGUI10.dll
2007-12-04 18:36 344,064 ----a-w C:\Windows\System32\dpus11.dll
2007-09-19 23:09 8 --sh--r C:\Windows\System32\B2B425D033.sys
.
(((((((((((((((((((((((((((((((((((((   Reg Opstartpunten   )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-10 11:00 1232896]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-12-23 17:05 143360]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 13:35 125440]
"BullGuard"="C:\Program Files\BullGuard Software\BullGuard\BullGuard.exe" [2007-10-21 23:33 308552]
"LightScribe Control Panel"="C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe" [2007-07-18 17:55 451872]
"SuperCleaner"="C:\Program Files\SuperCleaner\SuperCleaner.exe" [2007-12-30 13:26 565248]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2007-08-31 16:46 1460560]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-11-27 15:45 68856]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2007-09-19 11:28 1006264]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-09-11 21:28 86016]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-09-11 21:28 8497696]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-09-11 21:28 81920]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 18:51 39792]
"BrMfcWnd"="C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe" [2007-02-15 14:29 622592]
"ControlCenter3"="C:\Program Files\Brother\ControlCenter3\brctrcen.exe" [2006-07-19 14:51 65536]
"BullGuard"="C:\Program Files\BullGuard Software\BullGuard\bullguard.exe" [2007-10-21 23:33 308552]
"TomTomHOME.exe"="C:\Program Files\TomTom HOME 2\HOMERunner.exe" [2007-10-31 10:19 378784]
"MSConfig"="C:\Windows\System32\msconfig.exe" [2006-11-02 10:45 222208]
"ANIWZCS2Service"="C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe" [2007-01-19 11:49 49152]
"D-Link D-Link Wireless N DWA-140"="C:\Program Files\D-Link\D-Link Wireless N DWA-140\AirNCFG.exe" [2007-03-14 18:29 1388544]
"00PCTFW"="C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe" [2008-01-26 09:40 2610744]
"Corel Photo Downloader"="C:\Program Files\Corel\Corel Snapfire Plus\Corel Photo Downloader.exe" [2007-02-06 11:20 478800]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 15:40 155648]
"zBrowser Launcher"="C:\Program Files\Logitech\iTouch\iTouch.exe" [2002-11-23 02:15 631362]
"WireLessMouse"="C:\Program Files\StartAutorun.exe" [2005-11-30 12:48 94208]
"WireLessKeyboard"="C:\Program Files\StartAutorun.exe" [2005-11-30 12:48 94208]

R2 BdFileSpy;BullGuard File Monitor Driver;C:\Windows\system32\drivers\BdFileSpy.sys [2007-10-21 23:33]
R2 BsFileScan;BullGuard File Scan Service;C:\Windows\System32\svchost.exe [2006-11-02 10:45]
R3 AtcL001;NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Controller;C:\Windows\system32\DRIVERS\atl01v32.sys [2007-04-12 08:29]
R3 netr28u;RT2870 USB Wireless LAN Card Driver for Vista;C:\Windows\system32\DRIVERS\netr28u.sys [2007-04-02 14:59]
R3 Reconn;BullGuard Email Monitor;C:\Program Files\BullGuard Software\BullGuard\reconn.sys [2007-04-18 07:44]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe [2005-11-17 15:18]
S3 KMWDFILTER;HIDUASDesc;C:\Windows\system32\DRIVERS\KMWDFILTER.sys [2007-04-29 16:58]
S3 rt2870;Ralink 802.11n USB Wireless LAN Card Driver;C:\Windows\system32\DRIVERS\rt2870.sys [2007-03-13 05:35]
S3 UPnPService;UPnPService;C:\Program Files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe [2006-12-14 17:00]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
rsmsvcs REG_MULTI_SZ    ntmssvc
BullGuard REG_MULTI_SZ    BgMainSvc BsFileScan BsMailProxy
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{724aa650-66c6-11dc-b374-806e6f6e6963}]
\shell\AutoRun\command - E:\setup.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{724aa651-66c6-11dc-b374-806e6f6e6963}]
\shell\AutoRun\command - F:\Autorun\Autorun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ac3fcd48-8c6f-11dc-800f-806e6f6e6963}]
\shell\AutoRun\command - G:\setup.exe

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"C:\Program Files\Common Files\LightScribe\LSRunOnce.exe"
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [URL]http://www.gmer.net[/URL]
Rootkit scan 2008-02-13 17:29:35
Windows 6.0.6000  NTFS
scannen van verborgen processen ...
scannen van verborgen autostart items ...
scannen van verborgen bestanden ...
Scan succesvol afgerond 
verborgen bestanden: 0 
**************************************************************************
.
Voltooingstijd: 2008-02-13 17:30:16
ComboFix2.txt  2008-01-24 01:24:47
.
2008-02-08 08:00:07 --- E O F ---  
 
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:00:29, on 19/01/2008
Platform: Windows Vista  (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16575)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\TomTom HOME 2\HOMERunner.exe
C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\Program Files\D-Link\D-Link Wireless N DWA-140\AirNCFG.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\BullGuard Software\BullGuard\BullGuard.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\SuperCleaner\SuperCleaner.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Acesoft\Tracks Eraser Pro\te.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Internet Explorer\IEUser.exe
C:\Windows\system32\taskeng.exe
C:\PROGRA~1\MICROS~2\Office12\OUTLOOK.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\Explorer.exe
C:\Windows\system32\notepad.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\SearchFilterHost.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [url=http://go.microsoft.com/fwlink/?LinkId=69157]MSN.com[/url]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [url=http://go.microsoft.com/fwlink/?LinkId=69157]MSN.com[/url]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [url=http://go.microsoft.com/fwlink/?LinkId=54896]Live Search[/url]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [url=http://go.microsoft.com/fwlink/?LinkId=54896]Live Search[/url]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [url=http://go.microsoft.com/fwlink/?LinkId=69157]MSN.com[/url]
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O3 - Toolbar: SYSTRAN Web Translator 5.0  - {A5899B52-3AF9-4F56-85FE-AD7B3BE8490F} - C:\Program Files\SYSTRAN\5.0\Personal\IEPlugIn.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun
O4 - HKLM\..\Run: [BullGuard] "C:\Program Files\BullGuard Software\BullGuard\bullguard.exe" -boot
O4 - HKLM\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\HOMERunner.exe" -s
O4 - HKLM\..\Run: [MSConfig] "C:\Windows\system32\msconfig.exe" /auto
O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKLM\..\Run: [D-Link D-Link Wireless N DWA-140] C:\Program Files\D-Link\D-Link Wireless N DWA-140\AirNCFG.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Gadwin PrintScreen 3.5] C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe /nosplash
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector
O4 - HKCU\..\Run: [BullGuard] "C:\Program Files\BullGuard Software\BullGuard\BullGuard.exe"
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SuperCleaner] "C:\Program Files\SuperCleaner\SuperCleaner.exe" /h/b
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [Tracks Eraser Pro] C:\Program Files\Acesoft\Tracks Eraser Pro\te.exe min
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O8 - Extra context menu item: DiaryOne: Save full text - C:\Program Files\DiaryOne\Script\fullcatcher.htm
O8 - Extra context menu item: DiaryOne: Save selected text - C:\Program Files\DiaryOne\Script\catcher.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix: 
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - [URL]http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab[/URL]
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - [URL]http://download.divx.com/player/DivXBrowserPlugin.cab[/URL]
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.5.0) - [URL]http://javadl-esd.sun.com/update/1.5.0/jinstall-1_5_0-windows-i586.cab[/URL]
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - [URL]http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab[/URL]
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - [URL]http://fdl.msn.com/public/chat/msnchat45.cab[/URL]
O23 - Service: BullGuard LiveUpdate (BGLiveSvc) - BullGuard Software - C:\Program Files\BullGuard Software\BullGuard\BullGuardUpdate.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\Windows\system32\PSIService.exe
O23 - Service: SiSoftware Database Agent Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XI.SP1a\Win32\RpcDataSrv.exe
O23 - Service: SiSoftware Sandra Agent Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XI.SP1a\RpcSandraSrv.exe
O23 - Service: UPnPService - Magix AG - C:\Program Files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe
--
End of file - 8677 bytes

urbain · 14 feb 2008

Zou er al iemand iets gevonden hebben dat van enige betekenis is ?

Ik zie wel dat het hier raar gepost is maar ik kan er dus niets aan doen hé.

Heb gewoon een kopie gemaakt en het hierin geplakt , meer niet.

Ivan · 14 feb 2008

Ik heb het goed geplaats urbain

gast99 · 14 feb 2008

Die zien er goed uit hoor!!
Waar zou die trojan zich ergens bevinden?

urbain · 14 feb 2008

Ik ben naar een forum geweest en daar was iets te downloaden het was niet via rapidshare maar iets anders en als ik op downloaden klikte kwam mijn virussanner met een venster waarin vermeld stond dat het een trojan heeft verwijderd met de naam trojan click .... en nog twee letters maar welke weet ik niet zeker.
Nu is het zo dat is verwijderd maar als ik dan na een tijdje aan het werken ben op de pc , verschijnt terug het venster met die melding.
Daarom mijn vraag om eens na te kijken wat er gaande is.
Ik moet wel zeggen dat ik de laatste tijd deze melding niet meer zie , maar dat is wel nadat ik de vraag hier heb gesteld .

gast99 · 14 feb 2008

Dan zal ze niet meer aanwezig zijn denk ik.
Maar om zeker te zijn doe eens volgende:

Download en installeer AVG Anti-Spyware.
Na de installatie open je AVG Anti-Spyware.
Onder 'Status' klik je naast 'Resident shield' op Change state. (deze moet op 'Inactive' komen te staan)
Wil je het Resident shield gebruiken in de toekomst, dan laat je dit op "Active" staan.
Onder 'Status' klik je bij Last Update op Update now.
Lukt dit niet, dan ga je in het menu naar 'Update' en klik je bij 'Manual update' op de knop Start update.
Onder 'Scanner' ga je naar de tab 'Settings' en zorg je voor de volgende instellingen:
- onder 'How to act?', klik je op 'Recommended actions' en selecteer je Quarantine.
- onder 'How to scan?', zorg je dat alle opties geselecteerd zijn.
- onder 'Possibly unwanted software:', zorg je dat alle opties geselecteerd zijn.
- onder 'Reports:', selecteer je Automatically generate report after every scan.
- onder 'Reports:', verwijder je het vinkje bij Only if threats were found.
- onder 'What to scan?', selecteer je Scan every file.
Sluit AVG Anti-Spyware. Laat het nog niet scannen.
Start de computer op in veilige modus. Hoe je dit doet kan je hier lezen.
Start AVG Anti-Spyware.
Klik in het menu op 'Scanner'
Kies Complete system scan.
AVG Anti-Spyware gaat nu je volledige computer scannen.
Als de scan beëindigd is, klik je onderaan op de knop Apply all Actions.
Wacht to je de melding krijgt 'All actions have been applied'.
Ga in het menu naar 'Reports', en klik op de knop 'Save report as' en sla het rapport van de scan op op je bureaublad.
Sluit AVG Anti-Spyware af.
Herstart de computer in normale modus en post het rapport van AVG Anti-Spyware.

Indien je het rapport niet kan vinden start dan AVG Anti-Spyware opnieuw.
Kies het menu Reports.
In het linkse venster krijg je een overzicht van de gemaakte rapporten.
Selecteer de meest recente (opbouw is datum - uur), en in het rechtse venster zie je nu de inhoud van het scanrapport verschijnen.
Kopieer de inhoud van dit venster en plak het in je volgende post.

urbain · 14 feb 2008

Het is niet te doen.
Ik heb dus anti spyware gedownload en de instellingen aangepast die je hebt aangegeven en daarna de pc opgestart in veilige modus en dat was het dan.
De pc bevriest en doet geen enkele handeling meer.
Tot 4x toe heb ik het geprobeerd , eerst met de toets f8 2x en dan volgens de uitleg via msconf ook 2x.
Telkens bevriest de pc en kan ik dus niets doen.

gast99 · 15 feb 2008

Download Deckard's System Scanner en plaats het op je Bureaublad.

Sluit alle toepassingen en vensters.
Dubbelklik op dss.exe om het te programma te starten, en volg de aanwijzingen.
Wanneer de scan klaar is, zal het tekstbestand main.txt openen.
Kopiëer en plak de inhoud van main.txt in je volgende bericht.

Opmerking: Sommige firewalls kunnen waarschuwen dat sigcheck.exe probeert verbinding te maken met het internet. Indien dit gebeurt, zorg dat sigcheck.exe toestemming krijgt om dit te doen.
Het kan gebeuren dat je Antivirusprogramma DSS als verdacht aangeeft, of zelfs probeert te verwijderen.
Laat je Antivirusprogramma dit niet verwijderen!

urbain · 15 feb 2008

Ik heb anti spyware dus verwijderd en alles loopt naar mijn gevoel goed.
Zeker weet ik dat nog niet , dat zal na enige tijd wel aan het licht komen.
Dus hier dan de scan (gaat dat altijd zo snel ???)

Deckard's System Scanner v20071014.68
Run by Gebruiker on 2008-02-15 19:35:32
Computer is in Normal Mode.
--------------------------------------------------------------------------------
-- Last 5 Restore Point(s) --
9: 2008-02-15 14:51:51 UTC - RP282 - Gepland herstelpunt
8: 2008-02-14 18:46:41 UTC - RP281 - Windows Update
7: 2008-02-13 19:01:06 UTC - RP280 - Windows Update
6: 2008-02-13 16:56:00 UTC - RP279 - Windows Update
5: 2008-02-13 16:27:01 UTC - RP278 - ComboFix created restore point

-- First Restore Point --
1: 2008-02-10 21:33:16 UTC - RP273 - Configured Rainbow Multimedia Keyboard & Mouse Driver

Backed up registry hives.
Performed disk cleanup.

-- HijackThis (run as Gebruiker.exe) -------------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:36, on 2008-02-15
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16609)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\TomTom HOME 2\HOMERunner.exe
C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\Program Files\D-Link\D-Link Wireless N DWA-140\AirNCFG.exe
C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe
C:\Program Files\Corel\Corel Snapfire Plus\Corel Photo Downloader.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\BullGuard Software\BullGuard\BullGuard.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\PS2USBKbdDrv.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\PROGRA~1\MICROS~2\OFFICE11\OUTLOOK.EXE
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\Internet Explorer\IEUser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Users\Gebruiker\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Gebruiker.exe
R1 - HKCU\Software\Microsoft\Internet Explorer,(Default) = Download Directory
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O3 - Toolbar: SYSTRAN Web Translator 5.0 - {A5899B52-3AF9-4F56-85FE-AD7B3BE8490F} - C:\Program Files\SYSTRAN\5.0\Personal\IEPlugIn.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun
O4 - HKLM\..\Run: [BullGuard] "C:\Program Files\BullGuard Software\BullGuard\bullguard.exe" -boot
O4 - HKLM\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\HOMERunner.exe" -s
O4 - HKLM\..\Run: [MSConfig] "C:\Windows\system32\msconfig.exe" /auto
O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKLM\..\Run: [D-Link D-Link Wireless N DWA-140] C:\Program Files\D-Link\D-Link Wireless N DWA-140\AirNCFG.exe
O4 - HKLM\..\Run: [00PCTFW] "C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe" -s
O4 - HKLM\..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Snapfire Plus\Corel Photo Downloader.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [WireLessMouse] C:\Program Files\StartAutorun.exe MouseDrv.exe
O4 - HKLM\..\Run: [WireLessKeyboard] C:\Program Files\StartAutorun.exe PS2USBKbdDrv.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [BullGuard] "C:\Program Files\BullGuard Software\BullGuard\BullGuard.exe"
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [SuperCleaner] "C:\Program Files\SuperCleaner\SuperCleaner.exe" /h/b
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O8 - Extra context menu item: DiaryOne: Save full text - C:\Program Files\DiaryOne\Script\fullcatcher.htm
O8 - Extra context menu item: DiaryOne: Save selected text - C:\Program Files\DiaryOne\Script\catcher.htm
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Zoom In - {A0E6D3BD-A661-447D-8634-0751467857F3} - C:\Program Files\Easy Read\ZoomIn.js
O9 - Extra button: Zoom Out - {AEBB571B-4C48-438D-808D-999F168CDECE} - C:\Program Files\Easy Read\ZoomOut.js
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
O16 - DPF: {051D0E35-F4E3-4C8D-B411-AB0875F4C683} (Anark Client 4.0 ActiveX Control) - http://install.anark.com/client/version4/windows-ie/en/AMClient.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {C9A703E2-3145-11D8-813C-005022E14DE2} (Installer Class) - http://img.lnm.eu/be.lnm.eu/client/LNMClientInstaller.cab
O23 - Service: BullGuard LiveUpdate (BGLiveSvc) - BullGuard Software - C:\Program Files\BullGuard Software\BullGuard\BullGuardUpdate.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: PC Tools Firewall Plus (PCToolsFirewallPlus) - PC Tools - C:\Program Files\PC Tools Firewall Plus\FWService.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\Windows\system32\PSIService.exe
O23 - Service: SiSoftware Database Agent Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XI.SP1a\Win32\RpcDataSrv.exe
O23 - Service: SiSoftware Sandra Agent Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XI.SP1a\RpcSandraSrv.exe
O23 - Service: UPnPService - Magix AG - C:\Program Files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe
--
End of file - 9467 bytes
-- HijackThis Fixed Entries (C:\PROGRA~1\TRENDM~1\HIJACK~1\backups\) -----------
backup-20080119-114730-164 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
backup-20080119-114730-313 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
backup-20080119-114730-533 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
backup-20080119-114730-708 O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
-- File Associations -----------------------------------------------------------
.cpl - cplfile - shell\cplopen\command - rundll32.exe shell32.dll,Control_RunDLL "%1",%*

-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------
R1 BANTExt (Belarc SMBios Access) - c:\windows\system32\drivers\bantext.sys
R2 ANIO (ANIO Service) - \??\c:\windows\system32\anio.sys
R3 pfc (Padus ASPI Shell) - c:\windows\system32\drivers\pfc.sys <Not Verified; Padus, Inc.; Padus(R) ASPI Shell>

-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------
R2 ProtexisLicensing - c:\windows\system32\psiservice.exe <Not Verified; ; PSIService>
R3 NMIndexingService - "c:\program files\common files\ahead\lib\nmindexingservice.exe" <Not Verified; Nero AG; Nero Home>
S3 FirebirdServerMAGIXInstance (Firebird Server - MAGIX Instance) - c:\program files\magix\common\database\bin\fbserver.exe <Not Verified; MAGIX®; Firebird SQL Server - MAGIX Edition>
S3 UPnPService - c:\program files\common files\magix shared\upnpservice\upnpservice.exe <Not Verified; Magix AG; UPnPService Module>

-- Device Manager: Disabled ----------------------------------------------------
Class GUID: {745a17a0-74d3-11d0-b6fe-00a0c90f57da}
Description: Wireless Keyboard & Mouse
Device ID: USB\VID_062A&PID_0102&MI_01\6&39B860E1&0&0001
Manufacturer: MLKTEK
Name: Wireless Keyboard & Mouse
PNP Device ID: USB\VID_062A&PID_0102&MI_01\6&39B860E1&0&0001
Service: HidUsb
Class GUID: {4d36e96b-e325-11ce-bfc1-08002be10318}
Description: Standaard-PS/2-toetsenbord
Device ID: ACPI\PNP0303\4&20D7719E&0
Manufacturer: (standaardtoetsenbord)
Name: Standaard-PS/2-toetsenbord
PNP Device ID: ACPI\PNP0303\4&20D7719E&0
Service: i8042prt
Class GUID: {eec5ad98-8080-425f-922a-dabf3de3f69a}
Description: Windows Mobile-based device
Device ID: ROOT\WPD\0000
Manufacturer: (Standard Windows Mobile devices)
Name: Windows Mobile-based device
PNP Device ID: ROOT\WPD\0000
Service: WUDFRd

-- Files created between 2008-01-15 and 2008-02-15 -----------------------------
2008-02-14 20:04:27 0 d-------- C:\Windows\pss
2008-02-14 19:40:19 0 d-------- C:\Users\All Users\Grisoft
2008-02-14 13:05:49 0 d-------- C:\Users\Gebruiker\torrent
2008-02-13 17:26:42 68096 --a------ C:\Windows\system32\zip.exe
2008-02-13 17:26:42 98816 --a------ C:\Windows\system32\sed.exe
2008-02-13 17:26:42 80412 --a------ C:\Windows\system32\grep.exe
2008-02-13 17:26:42 73728 --a------ C:\Windows\system32\fdsv.exe <Not Verified; Smallfrogs Studio; >
2008-02-10 22:35:14 0 d-------- C:\Program Files\images
2008-02-10 22:35:14 0 d-------- C:\Program Files\config
2008-02-09 20:03:04 0 d-------- C:\Program Files\Mp3 My Mp3 2.0
2008-02-08 19:53:06 0 d-------- C:\Program Files\Anark
2008-02-08 14:57:03 0 d--hs--c- C:\Program Files\Common Files\WindowsLiveInstaller
2008-02-08 14:56:59 0 d-------- C:\Program Files\Windows Live
2008-02-08 14:56:37 0 d-------- C:\Users\All Users\WLInstaller
2008-02-07 20:49:22 0 d-------- C:\Program Files\Common Files\Logitech
2008-02-07 20:49:19 0 d-------- C:\Program Files\Logitech
2008-02-04 11:30:26 134059 --a------ C:\Windows\Easy Read Uninstaller.exe
2008-02-04 11:30:25 0 d-------- C:\Program Files\Easy Read
2008-02-03 23:13:19 0 d-------- C:\Program Files\Auslogics
2008-02-03 21:52:55 0 d-------- C:\Windows\$regcmp$
2008-02-03 18:49:34 0 d-------- C:\Windows\PCHEALTH
2008-02-03 18:49:34 0 d-------- C:\Program Files\Microsoft.NET
2008-02-02 10:35:14 0 d-------- C:\Users\All Users\SongbirdVLC
2008-01-30 09:41:27 0 d-------- C:\Users\All Users\My Music
2008-01-30 09:40:37 0 d-------- C:\Program Files\Corel
2008-01-27 19:18:35 0 d-------- C:\Games
2008-01-24 21:12:10 0 d-------- C:\Program Files\PC Tools Firewall Plus
2008-01-24 20:55:35 0 d-------- C:\Program Files\Eusing Free Registry Cleaner
2008-01-24 20:48:42 0 d-------- C:\Program Files\Registry Clean Expert
2008-01-24 20:45:22 0 d-------- C:\Program Files\FuturixImager
2008-01-24 19:37:32 0 d-------- C:\Program Files\Ten Thumbs Typing Tutor 4.6
2008-01-20 12:15:12 0 d-------- C:\Program Files\Photo Story 3 for Windows
2008-01-20 12:10:04 0 d-------- C:\Program Files\Microsoft Silverlight
2008-01-18 15:05:33 0 d-------- C:\Program Files\Trend Micro

-- Find3M Report ---------------------------------------------------------------
2008-02-15 16:21:38 706744 --a------ C:\Windows\system32\perfh013.dat
2008-02-15 16:21:38 128144 --a------ C:\Windows\system32\perfc013.dat
2008-02-15 16:07:39 11164 --ahs---- C:\Windows\system32\KGyGaAvL.sys
2008-02-15 16:07:39 0 d-------- C:\Users\Gebruiker\AppData\Roaming\Corel
2008-02-10 22:35:19 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-02-08 14:57:03 0 d-------- C:\Program Files\Common Files
2008-02-03 23:17:04 0 d-------- C:\Users\Gebruiker\AppData\Roaming\Auslogics
2008-02-03 17:54:52 0 d-------- C:\Program Files\Microsoft Works
2008-02-03 17:54:13 0 d-------- C:\Program Files\MSBuild
2008-02-03 17:46:58 38464 --a------ C:\Users\Gebruiker\AppData\Roaming\Door tabs gescheiden waarden (Windows).ADR
2008-02-02 10:35:24 0 d-------- C:\Users\Gebruiker\AppData\Roaming\Qtrax1
2008-01-30 10:03:46 0 d-------- C:\Program Files\Common Files\Ahead
2008-01-30 09:40:37 0 d-------- C:\Program Files\Common Files\Corel
2008-01-27 20:50:26 0 d-------- C:\Users\Gebruiker\AppData\Roaming\Ten Thumbs Typing Tutor
2008-01-24 21:16:04 0 d-------- C:\Users\Gebruiker\AppData\Roaming\PCToolsFirewallPlus
2008-01-23 19:11:53 0 d-------- C:\Program Files\Java
2008-01-19 20:28:22 40960 --a------ C:\Windows\DelPiv.exe
2008-01-18 20:25:46 0 d-------- C:\Users\Gebruiker\AppData\Roaming\BullGuard
2008-01-18 20:25:46 0 d-------- C:\Program Files\Acesoft
2008-01-17 22:19:14 0 d-------- C:\Program Files\Directory Lister
2008-01-17 22:14:57 0 d-------- C:\Program Files\WashAndGo
2008-01-17 13:23:03 88 -r-hs---- C:\Windows\system32\D9D8A27311.sys
2008-01-17 12:54:54 0 d-------- C:\Users\Gebruiker\AppData\Roaming\Ashampoo Photo Commander 4
2008-01-13 00:19:14 291 --a------ C:\Windows\PowerReg.dat
2008-01-13 00:18:27 0 d-------- C:\Program Files\KnockOut 2
2008-01-12 22:52:38 0 d-------- C:\Program Files\Prismatic Software
2008-01-12 22:50:07 0 d-------- C:\Program Files\VisiPics
2008-01-12 22:46:14 0 d-------- C:\Users\Gebruiker\AppData\Roaming\Obsidium
2008-01-12 22:46:08 0 d-------- C:\Program Files\ImageComparer
2008-01-11 17:33:16 0 d-------- C:\Program Files\AusLogics Disk Defrag
2008-01-11 13:17:46 0 d-------- C:\Program Files\MAGIX
2008-01-10 15:41:00 0 d-------- C:\Program Files\RGBmachine 3.7
2008-01-10 11:05:16 0 d-------- C:\Program Files\Windows Mail
2008-01-10 11:05:15 0 d-------- C:\Program Files\Windows Sidebar
2008-01-09 03:03:10 0 d-------- C:\Users\Gebruiker\AppData\Roaming\PCF-VLC
2008-01-09 02:36:38 0 d-------- C:\Users\Gebruiker\AppData\Roaming\GrabIt
2008-01-08 20:17:30 0 d-------- C:\Users\Gebruiker\AppData\Roaming\Adobe
2008-01-06 22:18:28 0 d-------- C:\Program Files\Common Files\ACD Systems
2008-01-06 14:07:22 0 d-------- C:\Program Files\GrabIt
2008-01-04 02:05:49 0 d-------- C:\Program Files\PureImage
2008-01-02 23:25:16 0 d-------- C:\Program Files\Greeting Card Studio
2008-01-02 22:39:42 0 d-------- C:\Program Files\AIMP2
2008-01-02 22:21:55 0 d-------- C:\Program Files\Masc software
2008-01-02 22:21:24 0 d-------- C:\Program Files\MASC Software BV
2008-01-02 21:37:51 0 d-------- C:\Program Files\MemoriesOnTV3
2007-12-30 13:30:58 0 d-------- C:\Program Files\SuperCleaner
2007-12-30 00:18:02 0 d-------- C:\Program Files\Winspy
2007-12-25 12:22:20 0 d-------- C:\Users\Gebruiker\AppData\Roaming\Vso
2007-12-24 20:03:15 0 d-------- C:\Program Files\Teorex
2007-12-24 17:41:40 0 d-------- C:\Program Files\DivX
2007-12-22 12:51:12 0 d-------- C:\Program Files\PhotoMix
2007-12-18 00:24:30 0 d-------- C:\Program Files\DiaryOne
2007-12-16 12:21:33 0 d-------- C:\Users\Gebruiker\AppData\Roaming\Yahoo!
2007-12-15 23:59:18 0 d-------- C:\Users\Gebruiker\AppData\Roaming\ACD Systems
2007-12-15 23:04:10 0 d-------- C:\Users\Gebruiker\AppData\Roaming\Ashampoo Photo Commander 5
2007-12-15 16:36:16 0 d-------- C:\Users\Gebruiker\AppData\Roaming\Genie-Soft
2007-12-12 13:05:45 16 --ah----- C:\Users\Gebruiker\AppData\Roaming\mxfilerelatedcache.mxc2 <MXFILE~1.MXC>
2007-12-12 10:25:52 50 --a------ C:\Windows\system32\bridf05a.dat
2007-12-11 12:22:38 10 --a------ C:\Windows\system32\ANIWZCSUSERNAME{71F053E3-0D22-4B74-BC8C-5717395F5D6B}
2007-12-04 19:38:12 3596288 --a------ C:\Windows\system32\qt-dx331.dll
2007-12-04 19:36:22 196608 --a------ C:\Windows\system32\dtu100.dll <Not Verified; DivX, Inc.; DivX, Inc. dtu100>
2007-12-04 19:36:22 81920 --a------ C:\Windows\system32\dpl100.dll <Not Verified; DivX, Inc.; DivX, Inc. dpl100>
2007-12-04 19:36:14 802816 --a------ C:\Windows\system32\divx_xx11.dll <Not Verified; DivX, Inc.; DivX?>
2007-12-04 19:36:14 823296 --a------ C:\Windows\system32\divx_xx0c.dll <Not Verified; DivX, Inc.; DivX®>
2007-12-04 19:36:14 823296 --a------ C:\Windows\system32\divx_xx07.dll <Not Verified; DivX, Inc.; DivX®>
2007-12-04 19:36:14 682496 --a------ C:\Windows\system32\DivX.dll <Not Verified; DivX, Inc.; DivX®>
2007-12-04 19:35:32 12288 --a------ C:\Windows\system32\DivXWMPExtType.dll

-- Registry Dump ---------------------------------------------------------------
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2007-09-19 11:28]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-09-11 21:28]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-09-11 21:28]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-09-11 21:28]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 18:51]
"BrMfcWnd"="C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe" [2007-02-15 14:29]
"ControlCenter3"="C:\Program Files\Brother\ControlCenter3\brctrcen.exe" [2006-07-19 14:51]
"BullGuard"="C:\Program Files\BullGuard Software\BullGuard\bullguard.exe" [2007-10-21 23:33]
"TomTomHOME.exe"="C:\Program Files\TomTom HOME 2\HOMERunner.exe" [2007-10-31 10:19]
"MSConfig"="C:\Windows\system32\msconfig.exe" [2006-11-02 10:45]
"ANIWZCS2Service"="C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe" [2007-01-19 11:49]
"D-Link D-Link Wireless N DWA-140"="C:\Program Files\D-Link\D-Link Wireless N DWA-140\AirNCFG.exe" [2007-03-14 18:29]
"00PCTFW"="C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe" [2008-01-26 09:40]
"Corel Photo Downloader"="C:\Program Files\Corel\Corel Snapfire Plus\Corel Photo Downloader.exe" [2007-02-06 11:20]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 15:40]
"zBrowser Launcher"="C:\Program Files\Logitech\iTouch\iTouch.exe" [2002-11-23 02:15]
"WireLessMouse"="C:\Program Files\StartAutorun.exe" [2005-11-30 12:48]
"WireLessKeyboard"="C:\Program Files\StartAutorun.exe" [2005-11-30 12:48]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-10 11:00]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-12-23 17:05]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 13:35]
"BullGuard"="C:\Program Files\BullGuard Software\BullGuard\BullGuard.exe" [2007-10-21 23:33]
"LightScribe Control Panel"="C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe" [2007-07-18 17:55]
"SuperCleaner"="C:\Program Files\SuperCleaner\SuperCleaner.exe" [2007-12-30 13:26]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2007-08-31 16:46]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-11-27 15:45]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"=2 (0x2)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]
@="IEEE 1394 Bus host controllers"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]
@="SBP2 IEEE 1394 Devices"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]
@="SecurityDevices"
(Data not defined)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalSystemNetworkRestricted hidserv UxSms WdiSystemHost Netman trkwks AudioEndpointBuilder WUDFSvc irmon sysmain IPBusEnum dot3svc PcaSvc EMDMgmt TabletInputService wlansvc WPDBusEnum
rsmsvcs ntmssvc
BullGuard BgMainSvc BsFileScan BsMailProxy

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{724aa651-66c6-11dc-b374-806e6f6e6963}]
AutoRun\command- F:\Autorun\Autorun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ac3fcd48-8c6f-11dc-800f-806e6f6e6963}]
AutoRun\command- G:\setup.exe

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
C:\Windows\system32\unregmp2.exe /ShowWMP
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"C:\Program Files\Common Files\LightScribe\LSRunOnce.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
%SystemRoot%\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI

-- End of Deckard's System Scanner: finished at 2008-02-15 19:37:46 ------------

gast99 · 20 feb 2008

Nog problemen?

urbain · 20 feb 2008

Rosty zei:
Nog problemen?

Hoe bedoel je ?????

Wil dit zeggen dat de log die ik heb verstuurd geen problemen te melden heeft .

gast99 · 20 feb 2008

urbain zei:
Hoe bedoel je ?????

Ik bedoel, krijg je dit nog:

de trojan draagt de naam .... iets zoals click trojan het verschijnt af en toe op het scherm dat mijn virusscanner op mijn pc laat zien

Wil dit zeggen dat de log die ik heb verstuurd geen problemen te melden heeft .

Inderdaad.

urbain · 20 feb 2008

Dan heb ik verder geen problemen meer tegen gekomen.
Bedankt voor jullie hulp .

graag eventjes een nazicht aub

Oprichter