Verbindingsproblemen

**rocker9455** · #1 De 5 nov 2008, 12:37

Hoi,
Ik werd verteld om een kaping dit logbestand door serverguy van dit bericht:
http://www.computer-juice.com/forums...998/ # post90830

Hier is het:
Logbestand van Trend Micro HijackThis v2.0.2
Scan opgeslagen om 19:36:22 op 05.11.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer versie!
Boot mode: Normal

Draaiende processen:
C: \ WINDOWS \ System32 \ Smss.exe
C: \ WINDOWS \ system32 \ winlogon.exe
C: \ WINDOWS \ system32 \ Services.exe
C: \ WINDOWS \ system32 \ lsass.exe
C: \ WINDOWS \ system32 \ svchost.exe
C: \ WINDOWS \ System32 \ svchost.exe
C: \ WINDOWS \ system32 \ Spoolsv.exe
C: \ WINDOWS \ explorer.exe
C: \ Program Files \ Common Files \ Apple \ Mobile Device Support \ bin \ AppleMobileDeviceService.exe
C: \ Program Files \ Bonjour \ mDNSResponder.exe
C: \ Program Files \ ESET \ ESET NOD32 Antivirus \ ekrn.exe
C: \ Program Files \ Java \ jre6 \ bin \ jqs.exe
C: \ WINDOWS \ system32 \ svchost.exe
C: \ Program Files \ iTunes \ iTunesHelper.exe
C: \ Program Files \ ESET \ ESET NOD32 Antivirus \ egui.exe
C: \ Program Files \ Java \ jre6 \ bin \ jusched.exe
C: \ Program Files \ PeerGuardian2 \ pg2.exe
C: \ Program Files \ POP begluurder \ POPPeeper.exe
C: \ Program Files \ uTorrent \ utorrent.exe
C: \ Program Files \ Windows Live \ Messenger \ msnmsgr.exe
C: \ Documents and Settings \ Administrator \ Local Settings \ Application Data \ Google \ Update \ GoogleUpdate.exe
C: \ Program Files \ filehippo.com \ UpdateChecker.exe
C: \ Program Files \ SlySoft \ AnyDVD \ AnyDVDtray.exe
C: \ WINDOWS \ system32 \ sistray.exe
C: \ Program Files \ CalcFire \ CalcFire.exe
C: \ Program Files \ FreshIP \ FreshIP.exe
C: \ Program Files \ iPod \ bin \ iPodService.exe
C: \ Program Files \ Mozilla Firefox \ firefox.exe
C: \ Program Files \ Trend Micro \ HijackThis \ HijackThis.exe
C: \ Program Files \ Trend Micro \ HijackThis \ Sniper.exe

R0 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Local Page =
R0 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Local Page =
R1 - HKCU \ Software \ Microsoft \ Windows \ CurrentVersion \ Int ernet Settings, ProxyOverride = *. lokale
R0 - HKCU \ Software \ Microsoft \ Internet Explorer \ Toolbar, LinksFolderName =
O2 - BHO: Click-to-Call BHO - (5C255C8A-E604-49b4-9D64-90988571CECB) - C: \ Program Files \ Windows Live \ Messenger \ wlchtc.dll
O2 - BHO: Java (tm) Plug-In SSV Helper - (761497BB-D6F0-462C-B6EB-D4DAF1D92D43) - C: \ Program Files \ Java \ jre6 \ bin \ ssv.dll
O2 - BHO: Windows Live Sign-in Helper - (9030D464-4C02-4ABF-8ECC-5164760863C6) - C: \ Program Files \ Common Files \ Microsoft Shared \ Windows Live \ WindowsLiveLogin.dll
O2 - BHO: Java (tm) Plug-In 2 SSV Helper - (DBC80044-A445-435b-BC74-9C25C1C588A9) - C: \ Program Files \ Java \ jre6 \ bin \ jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - (E7E6F031-17CE-4C07-BC86-EABFE594F69C) - C: \ Program Files \ Java \ jre6 \ lib \ implementeren \ jqs \ IE \ jqs_plugin.dll
O4 - HKLM \ .. \ Run: [SiSPower] Rundll32.exe SiSPower.dll, ModeAgent
O4 - HKLM \ .. \ Run: [QuickTime Task] "C: \ Program Files \ QuickTime \ QTTask.exe"-atboottime
O4 - HKLM \ .. \ Run: [iTunesHelper] "C: \ Program Files \ iTunes \ iTunesHelper.exe"
O4 - HKLM \ .. \ Run: [egui] "C: \ Program Files \ ESET \ ESET NOD32 Antivirus \ egui.exe" / hide / waitservice
O4 - HKLM \ .. \ Run: [SunJavaUpdateSched] "C: \ Program Files \ Java \ jre6 \ bin \ jusched.exe"
O4 - HKCU \ .. \ Run: [PeerGuardian] C: \ Program Files \ PeerGuardian2 \ pg2.exe
O4 - HKCU \ .. \ Run: [POP begluurder] "C: \ Program Files \ POP begluurder \ POPPeeper.exe"-min
O4 - HKCU \ .. \ Run: [μTorrent] "C: \ Program Files \ uTorrent \ utorrent.exe"
O4 - HKCU \ .. \ Run: [uTorrent] "C: \ Program Files \ uTorrent \ utorrent.exe"
O4 - HKCU \ .. \ Run: [msnmsgr] "C: \ Program Files \ Windows Live \ Messenger \ msnmsgr.exe" / achtergrond
O4 - HKCU \ .. \ Run: [Google Update] "C: \ Documents and Settings \ Administrator \ Local Settings \ Application Data \ Google \ Update \ GoogleUpdate.exe" / c
O4 - HKCU \ .. \ Run: [filehippo.com] "C: \ Program Files \ filehippo.com \ UpdateChecker.exe" / achtergrond
O4 - HKCU \ .. \ Run: [AnyDVD] C: \ Program Files \ SlySoft \ AnyDVD \ AnyDVDtray.exe
O4 - HKUS \ S-1-5-19 \ .. \ RunOnce: [nltide_2] regsvr32 / s / n / i: U shell32 (User 'LOCAL SERVICE')
O4 - HKUS \ S-1-5-19 \ .. \ RunOnce: [nltide_3] rundll32 Advpack.dll, LaunchINFSectionEx nLite.inf, C,, 4, N (User 'LOCAL SERVICE')
O4 - HKUS \ S-1-5-20 \ .. \ RunOnce: [nltide_2] regsvr32 / s / n / i: U shell32 (User 'NETWORK SERVICE')
O4 - HKUS \ S-1-5-18 \ .. \ RunOnce: [nltide_2] regsvr32 / s / n / i: U shell32 (User 'SYSTEM')
O4 - HKUS \. DEFAULT \ .. \ RunOnce: [nltide_2] regsvr32 / s / n / i: U shell32 (User 'Default user')
O4 - Startup: CalcFire.lnk = C: \ Program Files \ CalcFire \ CalcFire.exe
O4 - Startup: FreshIP.lnk = C: \ Program Files \ FreshIP \ FreshIP.exe
O4 - Global Startup: Utility Tray.lnk = C: \ WINDOWS \ system32 \ sistray.exe
O6 - HKCU \ Software \ Policies \ Microsoft \ Internet Explorer \ Restrictions aanwezig
O6 - HKLM \ Software \ Policies \ Microsoft \ Internet Explorer \ Restrictions aanwezig
O8 - Extra context menu item: E & xporteren naar Microsoft Excel - res: / / C: \ PROGRA ~ 1 \ MICROS ~ 1 \ Office11 \ EXCEL.EXE/3000
O9 - Extra button: Onderzoek - (92780B25-18CC-41C8-B9BE-3C9C571A8263) - C: \ PROGRA ~ 1 \ MICROS ~ 1 \ Office11 \ REFIEBAR.DLL
O9 - Extra button: (geen naam) - (e2e2dd38-d088-4134-82b7-f2ba38496583) - C: \ WINDOWS \ Network Diagnostic \ xpnetdiag.exe
O9 - Extra 'Tools' MENUITEM: @ xpsp3res.dll, -20001 - (e2e2dd38-d088-4134-82b7-f2ba38496583) - C: \ WINDOWS \ Network Diagnostic \ xpnetdiag.exe
O13 - DefaultPrefix:
O13 - WWW Prefix:
O13 - Home Prefix:
O13 - Mosaic Prefix:
O13 - FTP Prefix:
O13 - Gopher Prefix:
O23 - Service: Apple Mobile Device - Apple Inc - C: \ Program Files \ Common Files \ Apple \ Mobile Device Support \ bin \ AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc - C: \ Program Files \ Bonjour \ mDNSResponder.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C: \ Program Files \ ESET \ ESET NOD32 Antivirus \ EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C: \ Program Files \ ESET \ ESET NOD32 Antivirus \ ekrn.exe
O23 - Service: iPod Service - Apple Inc - C: \ Program Files \ iPod \ bin \ iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc - C: \ Program Files \ Java \ jre6 \ bin \ jqs.exe
O23 - Service: lxcf_device - - C: \ WINDOWS \ system32 \ lxcfcoms.exe

--
End of file - 5869 bytes

**evilfantasy** · #2 5 november 2008, 15:27

Downloaden Malwarebytes' Anti-Malware (MBAM)

Dubbelklik op mbam-setup.exe en volg de instructies om het programma te installeren.
Aan het eind, moet u een vinkje is geplaatst naast het volgende:
- Update Malwarebytes' Anti-Malware
- Start Malwarebytes' Anti-Malware
Klik vervolgens op Voltooien.
Als een update wordt gevonden, zal het downloaden en installeren van de nieuwste versie.
Zodra het programma is geladen, selecteert u Voeren quick scanKlik vervolgens op Scan.
Wanneer de scan is voltooid, klikt u op OK, Dan Toon resultaten om de resultaten.
Zorg ervoor dat alles wordt gecontroleerd, en klik op Verwijder Geselecteerde.
Wanneer ontsmettingswerkzaamheden voltooid is, een log zal openen in Kladblok en u wordt gevraagd opnieuw op te starten. (Zie extra opmerking)
Het log wordt automatisch bewaard door MBAM en kan bekeken worden door te klikken op de Logs tab in MBAM.
Kopieer en plak de hele rapport in je volgende antwoord.

Extra Opmerking: Indien MBAM ontmoetingen een bestand dat is moeilijk te verwijderen, wordt u aangeboden met 1 of 2 wordt gevraagd, klikt u op OK om beide en laat MBAM gaan met de ontsmetting proces, indien gevraagd om de computer te herstarten, doe dat dan meteen.

**rocker9455** · #3 6 november 2008, 01:01

Malwarebytes' Anti-Malware 1.30
Database versie: 1368
Windows 5.1.2600 Service Pack 2

06/11/2008 07:44:27
mbam-log-2008-11-06 (07-44-27). txt

Scan type: Quick Scan
Objecten gescand: 43086
Verstreken tijd: 3 minuten (s), 25 seconde (n)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 3
Folders Infected: 0
Geïnfecteerde bestanden: 1

Memory Processes Infected:
(Geen kwaadaardige items gedetecteerd)

Memory Modules Infected:
(Geen kwaadaardige items gedetecteerd)

Registry Keys Infected:
(Geen kwaadaardige items gedetecteerd)

Registry Values Infected:
(Geen kwaadaardige items gedetecteerd)

Registry Data Items Infected:
HKEY_CURRENT_USER \ SOFTWARE \ Microsoft \ Windows \ Curre ntVersion \ Explorer \ Advanced \ Start_ShowSearch (Hijack.StartMenu) -> Bad: (0) Good: (1) -> quarantaine en verwijderd.
HKEY_CURRENT_USER \ SOFTWARE \ Microsoft \ Windows \ Curre ntVersion \ Explorer \ Advanced \ Start_ShowHelp (Hijack.StartMenu) -> Bad: (0) Good: (1) -> quarantaine en verwijderd.
HKEY_CURRENT_USER \ SOFTWARE \ Microsoft \ Windows \ Curre ntVersion \ Explorer \ Advanced \ StartMenuLogOff (Hijack.StartMenu) -> Bad: (1) Good: (0) -> quarantaine en verwijderd.

Folders Infected:
(Geen kwaadaardige items gedetecteerd)

Geïnfecteerde bestanden:
C: \ WINDOWS \ run32.sys (Trojan.Agent) -> quarantaine en verwijderd.

**evilfantasy** · #4 6 november 2008, 09:35

Download ComboFix door subs uit een van de onderstaande links. Wees er zeker boven op te slaan op de Desktop.

Link # 1
Link # 2

** Opmerking: Het is belangrijk dat het is opgeslagen rechtstreeks op uw bureaublad

Sluit alle open web browsers. (Firefox, Internet Explorer, enz.) voordat u begint ComboFix.

Tijdelijk uitschakelen je antivirus, En eventuele antispyware real-time bescherming voordat het uitvoeren van een scan. Klik op deze link om een lijst van programma's die de veiligheid moeten worden uitgeschakeld en het uitschakelen van hen.

Dubbelklik op combofix.exe en volg de instructies.

Voor Windows XP-systemen installeren van de herstelconsole:

- Als u Windows XP gebruikt en niet al de Recovery Console geïnstalleerd, zorg dan dat uw Internet-verbinding actief is (indien mogelijk) en klik op Ja.
- Indien om een of andere reden uw Internet niet werkt klik Nee.
-- Als u Windows XP niet gebruikt, zult u niet worden gevraagd.
- Wanneer u wordt gevraagd om de EULA klik OK.
- Accepteer Microsoft EULA (Klik Ja).
- Als u verteld dat de RC correct is geïnstalleerd klikt u op JA om verder te gaan scannen voor malware.

Wanneer u klaar bent ComboFix zal een log voor je.
Post de ComboFix log en een nieuwe HijackThis log in je volgende antwoord.

Belangrijk: Niet muisklik ComboFix het venster terwijl het draait. Dat kan leiden tot stilstand.

Vergeet niet om opnieuw inschakelen van uw antivirus-en antispyware-bescherming wanneer ComboFix is voltooid.

**rocker9455** · #5 6 november 2008, 10:56

ComboFix 08-11-05.02 - Administrator 2008-11-06 17:52:06.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.607 [GMT 0:00]
Running from: C: \ Documents and Settings \ Administrator \ Desktop \ ComboFix.exe
.

((((((((((((((((((((((((( Bestanden Gemaakt van 2008-10-06 tot 2008-11-06 ))))))))))) ))))))))))))))))))))
.

2008-11-06 07:59. 2008-11-06 07:59 236 - a ------ C: \ sqmdata02.sqm
2008-11-06 07:59. 2008-11-06 07:59 200 - a ------ C: \ sqmnoopt02.sqm
2008-11-06 07:39. 2008-11-06 07:39 236 - a ------ C: \ sqmdata01.sqm
2008-11-06 07:39. 2008-11-06 07:39 200 - a ------ C: \ sqmnoopt01.sqm
2008-11-05 22:36. 2008-11-05 22:36 <DIR> d -------- c: \ Documents and Settings \ Administrator \ Application Data \ Malwarebytes
2008-11-05 22:35. 2008-11-05 22:35 <DIR> d -------- C: \ Program Files \ Malwarebytes' Anti-Malware
2008-11-05 22:35. 2008-11-05 22:35 <DIR> d -------- c: \ Documents and Settings \ All Users \ Application Data \ Malwarebytes
2008-11-05 22:35. 2008-10-22 16:10 38,496 - a ------ c: \ windows \ system32 \ drivers \ mbamswissarmy.sys
2008-11-05 22:35. 2008-10-22 16:10 15,504 - a ------ c: \ windows \ system32 \ drivers \ mbam.sys
2008-11-05 19:35. 2008-11-05 19:35 <DIR> d -------- C: \ Program Files \ Trend Micro
2008-11-04 22:07. 2008-11-04 22:07 <DIR> d -------- c: \ program files \ Cabos
2008-11-04 22:07. 2008-11-04 22:07 <DIR> d -------- c: \ Documents and Settings \ Administrator \ Shared
2008-11-04 22:07. 2008-11-04 22:09 <DIR> d -------- c: \ Documents and Settings \ Administrator \ Application Data \ Cabos
2008-11-04 17:50. 2008-11-04 17:50 <DIR> d -------- C: \ CloneDVDTemp
2008-11-04 17:49. 2008-11-04 17:49 <DIR> d -------- c: \ Documents and Settings \ All Users \ Application Data \ Uitwerking Bytes
2008-11-04 17:37. 2008-11-04 17:37 <DIR> d -------- c: \ Documents and Settings \ All Users \ Application Data \ SlySoft
2008-11-04 17:33. 2008-11-04 17:33 <DIR> d -------- c: \ program files \ Uitwerking Bytes
2008-11-04 17:31. 2008-11-04 17:31 <DIR> d -------- c: \ program files \ SlySoft
2008-11-03 17:05. 2008-11-03 17:05 2560 - a ------ c: \ windows \ _MSRSTRT.EXE
2008-11-03 17:05. 2008-11-03 17:05 236 - a ------ C: \ sqmdata00.sqm
2008-11-03 17:05. 2008-11-03 17:05 200 - a ------ C: \ sqmnoopt00.sqm
2008-11-03 17:04. 2008-11-03 17:05 <DIR> d -------- C: \ Program Files \ Your Uninstaller 2008
2008-11-03 17:04. 2008-11-03 17:05 <DIR> da ------ c: \ Documents and Settings \ All Users \ Application Data \ TEMP
2008-11-03 17:04. 2008-11-03 17:04 <DIR> d -------- c: \ Documents and Settings \ Administrator \ Application Data \ URSoft
2008-11-03 17:01. 2008-11-03 17:09 158 - a ------ c: \ windows \ nurtab.bat
2008-11-03 07:53. 2008-11-03 07:53 <DIR> d -------- c: \ Documents and Settings \ Administrator \ Application Data \ ImgBurn
2008-11-03 07:50. 2008-11-03 07:50 0 --------- c: \ windows \ WB.ini
2008-11-02 13:19. 2008-11-02 13:36 64 - a ------ c: \ windows \ prio.ini
2008-11-01 22:23. 2008-11-01 22:23 <DIR> d -------- c: \ Documents and Settings \ Administrator \ Application Data \ vlc
2008-11-01 18:49. 2008-11-01 18:49 410,976 - a ------ c: \ windows \ system32 \ deploytk.dll
2008-11-01 11:04. 2008-11-06 07:46 <DIR> d -------- c: \ Documents and Settings \ Administrator \ Tracing
2008-11-01 11:00. 2008-11-01 11:03 <DIR> d -------- C: \ Program Files \ Mozilla Firefox 3.1 Beta 1
2008-11-01 10:59. 2008-11-01 10:59 <DIR> d -------- C: \ Program Files \ Microsoft
2008-11-01 10:57. 2008-11-01 10:58 <DIR> d -------- C: \ Program Files \ Windows Live
2008-11-01 10:54. 2008-11-01 10:54 <DIR> d -------- c: \ program files \ filehippo.com
2008-11-01 10:51. 2008-11-01 10:51 <DIR> d -------- C: \ Program Files \ Common Files \ Windows Live
2008-10-31 13:40. 2008-11-04 21:34 <DIR> d -------- c: \ program files \ DupeEliminator
2008-10-31 10:32. 2008-10-31 10:32 <DIR> d -------- C: \ Program Files \ Foxit Software
2008-10-30 23:21. 2008-10-30 23:21 <DIR> d -------- c: \ windows \ zondag
2008-10-30 22:55. 2008-10-30 23:00 <DIR> d -------- C: \ Program Files \ Free Music Zilla
2008-10-30 22:55. 2008-10-30 22:59 <DIR> d -------- C: \ downloads
2008-10-30 22:55. 2008-10-30 22:55 <DIR> d -------- c: \ Documents and Settings \ Administrator \ Application Data \ FMZilla
2008-10-30 22:38. 2008-10-31 22:55 <DIR> d -------- C: \ DVDVideoSoft
2008-10-30 21:03. 2008-10-30 21:03 <DIR> d -------- c: \ program files \ Belkin
2008-10-30 21:03. 2005-10-03 09:49 204,800 - a ------ c: \ windows \ system32 \ UploadDLL.dll
2008-10-30 21:03. 2005-11-20 04:31 192,512 - a ------ c: \ windows \ system32 \ blkwcd.dll
2008-10-30 21:03. 2005-10-03 09:50 167,936 - a ------ c: \ windows \ system32 \ BelkinwcuiDLL.dll
2008-10-30 21:03. 2005-10-03 09:50 101,888 - a ------ c: \ windows \ system32 \ CrashRpt.dll
2008-10-30 21:03. 2005-10-03 09:49 81.920 - a ------ c: \ windows \ system32 \ brdcm2k.dll
2008-10-30 21:03. 2005-10-03 09:49 61.440 - a ------ c: \ windows \ system32 \ BelkinHWStatus.dll
2008-10-30 21:03. 2004-10-29 12:09 53.248 - a ------ c: \ windows \ system32 \ preflib.dll
2008-10-30 20:23. 2008-10-30 20:23 20,747 - a ------ c: \ windows \ system32 \ drivers \ AegisP.sys
2008-10-30 20:23. 2003-07-24 12:10 17.149 - a ------ c: \ windows \ system32 \ DNINDIS5.SYS
2008-10-30 20:21. 2008-10-30 20:21 <DIR> d -------- c: \ program files \ DVDVideoSoft
2008-10-30 20:21. 2008-10-30 20:22 <DIR> d -------- C: \ Program Files \ Common Files \ DVDVideoSoft
2008-10-30 20:21. 2002-01-05 14:37 344,064 - a ------ c: \ windows \ system32 \ msvcr70.dll
2008-10-30 11:23. 2008-10-30 11:23 <DIR> d -------- c: \ Documents and Settings \ All Users \ Application Data \ vsosdk
2008-10-30 09:53. 2008-11-02 16:08 <DIR> d -------- c: \ Documents and Settings \ Administrator \ Application Data \ VSO
2008-10-30 09:53. 2008-10-30 09:53 47,360 - a ------ c: \ windows \ system32 \ drivers \ pcouffin.sys
2008-10-30 09:53. 2008-10-30 09:53 47,360 - a ------ c: \ Documents and Settings \ Administrator \ Application Data \ pcouffin.sys
2008-10-30 09:52. 2008-10-30 09:52 <DIR> d -------- c: \ program files \ VSO
2008-10-30 09:52. 2004-05-04 12:53 1,645,320 - a ------ c: \ windows \ Gdiplus.dll
2008-10-30 09:52. 2006-05-20 17:16 1,184,984 - a ------ c: \ windows \ system32 \ wvc1dmod.dll
2008-10-30 09:52. 2006-05-11 20:21 626,688 - a ------ c: \ windows \ system32 \ vp7vfw.dll
2008-10-30 09:52. 2006-09-29 13:24 217,127 - a ------ c: \ windows \ system32 \ drv43260.dll
2008-10-30 09:52. 2006-09-29 13:25 208,935 - a ------ c: \ windows \ system32 \ drv33260.dll
2008-10-30 09:52. 2006-09-29 13:26 176,165 - a ------ c: \ windows \ system32 \ drv23260.dll
2008-10-30 09:52. 2007-03-18 21:37 65,602 - a ------ c: \ windows \ system32 \ cook3260.dll
2008-10-29 14:11. 2008-10-29 15:48 <DIR> d -------- c: \ Documents and Settings \ Administrator \ Application Data \ dvdcss
2008-10-29 13:17. 2008-10-29 13:17 376 - a ------ c: \ windows \ ODBC.INI
2008-10-29 13:16. 2003-06-18 17:31 17,920 - a ------ c: \ windows \ system32 \ mdimon.dll
2008-10-29 13:13. 2008-10-29 13:13 <DIR> d -------- C: \ Program Files \ Microsoft ActiveSync
2008-10-29 13:10. 2008-10-29 13:10 <DIR> d -------- c: \ windows \ SHELLNEW
2008-10-29 13:10. 2008-10-29 13:10 <DIR> d -------- C: \ Program Files \ Microsoft.NET
2008-10-29 13:08. 2008-10-29 13:08 <DIR> dr-h ----- C: \ MSOCACHE
2008-10-29 11:53. 2008-10-29 11:53 12,670 - a ------ c: \ windows \ system32 \ LexFiles.ulf
2008-10-29 11:52. 2008-10-30 09:38 <DIR> d -------- c: \ temp \ (9F5FBC24-EFE2-4f90-B498-EC0FB7D47D15)
2008-10-29 11:52. 2008-10-29 11:53 <DIR> d -------- c: \ program files \ Lexmark 730 Series
2008-10-29 11:17. 2008-10-31 13:03 <DIR> d -------- c: \ program files \ Handremvergrendeling
2008-10-29 09:27. 2008-10-29 09:27 <DIR> d -------- c: \ program files \ FreshIP
2008-10-29 09:27. 2008-10-29 09:27 <DIR> d -------- c: \ program files \ Ejector
2008-10-29 09:27. 2008-10-29 09:27 <DIR> d -------- c: \ program files \ CalcFire
2008-10-29 09:26. 2008-10-29 09:26 <DIR> d -------- c: \ windows \ SIS
2008-10-29 09:26. 2008-10-29 09:26 <DIR> d -------- c: \ program files \ sisagp
2008-10-29 09:26. 2008-10-29 09:26 <DIR> d -------- C: \ Program Files \ SiS VGA Utilities V3.81
2008-10-29 09:26. 2008-10-30 21:03 <DIR> d - h ----- C: \ Program Files \ InstallShield Installation Information
2008-10-29 09:26. 2008-10-30 21:03 <DIR> d -------- C: \ Program Files \ Common Files \ InstallShield
2008-10-29 09:26. 2007-06-25 16:45 262,144 - a ------ c: \ windows \ system32 \ sistray.exe
2008-10-29 09:26. 2006-04-12 19:35 208,896 - a ------ c: \ windows \ Progress.exe
2008-10-29 09:26. 2007-06-25 16:44 135,168 --------- c: \ windows \ system32 \ SiSApCom.dll
2008-10-29 09:26. 2007-06-25 16:46 110,592 --------- c: \ windows \ system32 \ TVMode.dll
2008-10-29 09:26. 2007-06-29 21:04 92,761 - a ------ c: \ windows \ VGAsetup.ini
2008-10-29 09:26. 2008-10-29 09:26 78,664 - a ------ c: \ windows \ system32 \ VGAunistlog.ini
2008-10-29 09:26. 2007-06-25 16:46 65,536 --------- c: \ windows \ system32 \ SiSHook.dll
2008-10-29 09:25. 2007-06-25 16:46 9728 - a ------ c: \ windows \ system32 \ SiSPIns2.dll
2008-10-28 20:06. 2004-08-03 22:58 5504 - a ------ c: \ windows \ system32 \ drivers \ MSTEE.sys
2008-10-28 20:05. 2004-08-03 23:10 85,376 - a ------ c: \ windows \ system32 \ drivers \ NABTSFEC.sys
2008-10-28 20:05. 2004-08-03 23:10 19,328 - a ------ c: \ windows \ system32 \ drivers \ WSTCODEC.SYS
2008-10-28 20:05. 2004-08-03 23:10 17,024 - a ------ c: \ windows \ system32 \ drivers \ CCDECODE.sys
2008-10-28 20:05. 2004-08-04 00:56 16.384 - a ------ c: \ windows \ system32 \ ipsink.ax
2008-10-28 20:05. 2004-08-03 23:10 15,360 - a ------ c: \ windows \ system32 \ drivers \ StreamIP.sys
2008-10-28 20:05. 2004-08-03 23:10 11,136 - a ------ c: \ windows \ system32 \ drivers \ SLIP.sys
2008-10-28 20:05. 2004-08-03 23:10 10,880 - a ------ c: \ windows \ system32 \ drivers \ NdisIP.sys
2008-10-28 19:49. 2008-10-28 19:49 <DIR> d -------- c: \ Documents and Settings \ Administrator \ WINDOWS
2008-10-28 19:49. 1998-01-23 12:22 304,128 - a ------ c: \ windows \ IsUninst.exe
2008-10-28 19:49. 2002-08-20 14:58 139,264 - a ------ c: \ windows \ system32 \ IDEproperty.dll
2008-10-28 19:49. 2002-10-17 15:14 49,024 - a ------ c: \ windows \ system32 \ drivers \ sisidex.sys
2008-10-28 19:49. 2002-08-20 17:19 9472 - a ------ c: \ windows \ system32 \ drivers \ sisperf.sys
2008-10-28 19:49. 2003-03-25 17:50 4096 - a ------ c: \ windows \ system32 \ drivers \ siside.sys
2008-10-28 18:36. 2008-10-28 18:36 <DIR> d -------- c: \ Documents and Settings \ Administrator \ Application Data \ Media Player Classic
2008-10-28 18:19. 2008-10-28 18:49 <DIR> d -------- c: \ windows \ system32 \ Adobe
2008-10-28 18:19. 2008-08-06 15:27 499,712 - a ------ c: \ windows \ system32 \ msvcp71.dll
2008-10-28 18:10. 2008-10-28 18:10 822 - a ------ c: \ windows \ langorig.ini
2008-10-28 17:58. 2008-03-03 14:25 5,702 - ah ----- c: \ windows \ nod32restoretemdono.reg
2008-10-28 17:58. 2008-03-03 18:21 568 - ah ----- c: \ windows \ nod32fixtemdono.reg
2008-10-28 17:57. 2008-10-28 17:57 <DIR> d -------- c: \ program files \ ESET
2008-10-28 17:57. 2008-10-28 17:57 <DIR> d -------- c: \ Documents and Settings \ All Users \ Application Data \ ESET
2008-10-28 17:49. 2008-10-28 17:49 <DIR> d -------- c: \ Documents and Settings \ Administrator \ Contacts
2008-10-28 17:07. 2008-10-28 17:07 <DIR> d -------- c: \ program files \ POP bespieder
2008-10-28 17:07. 2008-11-04 20:22 <DIR> d -------- c: \ Documents and Settings \ Administrator \ Application Data \ POP bespieder
2008-10-28 17:02. 2008-10-28 17:02 <DIR> d -------- c: \ Documents and Settings \ Administrator \ dwhelper
2008-10-28 17:01. 2008-10-28 17:01 <DIR> d -------- c: \ Documents and Settings \ Administrator \ Application Data \ Apple Computer
2008-10-28 17:01. 2008-04-17 13:12 107,368 - a ------ c: \ windows \ system32 \ GEARAspi.dll
2008-10-28 17:01. 2008-04-17 13:12 15,464 - a ------ c: \ windows \ system32 \ drivers \ GEARAspiWDM.sys
2008-10-28 17:00. 2008-10-28 17:00 <DIR> d -------- C: \ Program Files \ QuickTime

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))) ))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-28 15:52 --------- d ----- wc: \ program files \ Opera
2008-10-23 15:07 99,904 ---- aw c: \ windows \ system32 \ drivers \ AnyDVD.sys
2008-09-09 00:03 51.712 ---- aw c: \ windows \ system32 \ sirenacm.dll
2008-08-29 10:18 87,336 ---- aw c: \ windows \ system32 \ dns-sd.exe
2008-08-29 09:53 61.440 ---- aw c: \ windows \ system32 \ dnssd.dll
2007-07-31 12:00 34.048 ---- ar c: \ program files \ mozilla firefox \ plugins \ upd62i9x.dll
2007-07-31 12:00 45.056 ---- ar c: \ program files \ mozilla firefox \ plugins \ upd62int.dll
2007-07-31 12:00 34.048 ---- ar C: \ Program Files \ Opera \ program \ Plugins \ upd62i9x.dll
2007-07-31 12:00 45.056 ---- ar C: \ Program Files \ Opera \ program \ Plugins \ upd62int.dll
.

------- ------- Sigcheck

2007-07-31 12:00 360576 c7be59b07c6eb74bea6fd67c1b164015 c: \ windows \ system32 \ drivers \ tcpip.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))) ))))))))))))))))))))))))))))))))))))))))
.
.
* Note * empty entries & legit default entries worden niet weergegeven
REGEDIT4

[HKEY_CURRENT_USER \ SOFTWARE \ Microsoft \ Windows \ Curre ntVersion \ Run]
"PeerGuardian" = "C: \ Program Files \ PeerGuardian2 \ pg2.exe" [2007-01-30 1432064]
"POP begluurder" = "C: \ Program Files \ POP begluurder \ POPPeeper.exe" [2008-07-18 1437696]
"μTorrent" = "C: \ Program Files \ uTorrent \ utorrent.exe" [2008-10-28 270128]
"uTorrent" = "C: \ Program Files \ uTorrent \ utorrent.exe" [2008-10-28 270128]
"msnmsgr" = "C: \ Program Files \ Windows Live \ Messenger \ msnmsgr.exe" [2008-09-09 3513344]
"Google Update" = "C: \ Documents and Settings \ Administrator \ Local Settings \ Application Data \ Google \ Update \ GoogleUpdate.exe" [2008-11-01 133104]
"filehippo.com" = "C: \ Program Files \ filehippo.com \ UpdateChecker.exe" [2008-10-22 147968]
"AnyDVD" = "C: \ Program Files \ SlySoft \ AnyDVD \ AnyDVDtray.exe" [2008-11-04 2259904]

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entVersion \ Run]
"QuickTime Task" = "C: \ Program Files \ QuickTime \ QTTask.exe" [2008-09-06 413696]
"iTunesHelper" = "C: \ Program Files \ iTunes \ iTunesHelper.exe" [2008-10-01 289576]
"egui" = "C: \ Program Files \ ESET \ ESET NOD32 Antivirus \ egui.exe" [2008-02-20 1443072]
"SunJavaUpdateSched" = "C: \ Program Files \ Java \ jre6 \ bin \ jusched.exe" [2008-11-01 136600]
"SiSPower" = "SiSPower.dll" [2007-06-25 c: \ windows \ system32 \ SiSPower.dll]

[HKEY_USERS \. DEFAULT \ Software \ Microsoft \ Windows \ Cur rentVersion \ RunOnce]
"nltide_2" = "shell32" [X]
"nltide_3" = "Advpack.dll" [2007-07-31 c: \ windows \ system32 \ Advpack.dll]

c: \ Documents and Settings \ Administrator \ Start Menu \ Programs \ Startup \
CalcFire.lnk - c: \ program files \ CalcFire \ CalcFire.exe [2008-09-04 283529]
FreshIP.lnk - c: \ program files \ FreshIP \ FreshIP.exe [2008-09-15 232891]

c: \ Documents and Settings \ All Users \ Start Menu \ Programs \ Startup \
Utility Tray.lnk - c: \ windows \ system32 \ sistray.exe [2008-10-29 262144]

[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Windows \ valuta entversion \ Policies \ Explorer]
"MemCheckBoxInRunDlg" = 1 (0x1)
"StartMenuFavorites" = 0 (0x0)
"Start_ShowMyComputer" = 1 (0x1)
"Start_ShowMyDocs" = 1 (0x1)
"Start_ShowMyMusic" = 0 (0x0)
"Start_ShowRun" = 1 (0x1)
"Start_ShowSearch" = 0 (0x0)

[HKEY_CURRENT_USER \ Software \ Microsoft \ Windows \ curre ntversion \ Policies \ Explorer]
"NoSMHelp" = 1 (0x1)
"ForceClassicControlPanel" = 1 (0x1)
"NoResolveTrack" = 1 (0x1)
"NoResolveSearch" = 1 (0x1)
"NoSMMyPictures" = 1 (0x1)
"NoSMConfigurePrograms" = 1 (0x1)
"MemCheckBoxInRunDlg" = 1 (0x1)

[HKEY_USERS \. DEFAULT \ Software \ Microsoft \ Windows \ huidig rentversion \ Policies \ Explorer]
"NoInternetIcon" = 1 (0x1)
"NoSMHelp" = 1 (0x1)
"ForceClassicControlPanel" = 1 (0x1)
"NoResolveTrack" = 1 (0x1)
"NoResolveSearch" = 1 (0x1)
"NoSMMyPictures" = 1 (0x1)
"NoSMConfigurePrograms" = 1 (0x1)
"MemCheckBoxInRunDlg" = 1 (0x1)

[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Windows NT \ CurrentVersion \ Winlogon \ Notify \ WBSrv]
2008-09-16 08:44 174328 C: \ Program Files \ Stardock \ Object Desktop \ WindowBlinds \ WbSrv.dll

[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Windows NT \ CurrentVersion \ Windows]
"AppInit_DLLs" = wbsys.dll

[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ contro l \ SecurityProviders]
SecurityProviders Schannel.dll, digest.dll

[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Security Center]
"UpdatesDisableNotify" = dword: 00000001
"AntiVirusDisableNotify" = dword: 00000001
"AntiVirusOverride" = dword: 00000001
"FirewallOverride" = dword: 00000001

[HKLM \ ~ \ Services \ SharedAccess \ Parameters \ firewallpo antonny \ standardprofile \ AuthorizedApplications \ List]
"% windir% \ \ system32 \ \ sessmgr.exe" =
"% windir% \ \ Network Diagnostic \ \ xpnetdiag.exe" =
"c: \ \ Program Files \ \ Bonjour \ \ mDNSResponder.exe" =
"c: \ \ Program Files \ \ iTunes \ \ iTunes.exe" =
"c: \ \ Program Files \ \ uTorrent \ \ utorrent.exe" =
"c: \ \ Program Files \ \ Free Music Zilla \ \ FMZilla.exe" =
"c: \ \ Program Files \ \ Windows Live \ \ Messenger \ \ wlcsdk.exe" =
"c: \ \ Program Files \ \ Windows Live \ \ Messenger \ \ msnmsgr.exe" =
"c: \ \ WINDOWS \ \ system32 \ \ java.exe" =

[HKLM \ ~ \ Services \ SharedAccess \ Parameters \ firewallpo antonny \ standardprofile \ IcmpSettings]
"AllowInboundEchoRequest" = 1 (0x1)

R1 epfwtdir; epfwtdir, c: \ windows \ system32 \ drivers \ epfw tdir.sys [2008-02-20 33800]
R1 lusbaudio; Logitech USB-microfoon; c: \ windows \ system32 \ drivers \ OVSound2.sy s [2001-08-17 25216]
R2 JavaQuickStarterService; Java Quick Starter; C: \ Program Files \ Java \ jre6 \ bin \ jqs.exe [2008-11-01 152984]
R3 QCEmerald; Logitech QuickCam Web; c: \ windows \ system32 \ drivers \ OVCE.sys [2001-08-17 31872]
S2 NOD32FiXTemDono; Eset NOD32 Boot, c: \ windows \ system32 \ regedt32.exe [2007-07-31 3584]
S3 DNINDIS5; DNINDIS5 NDIS Protocol Driver; c: \ progra ~ 1 \ Belkin \ BELKIN ~ 1.11G \ DNINDIS5.SY S [2003-07-24 17149]

NETSVCS VERLANGT REPARATIES - lopende tekst getoond
6to4
AppMgmt
AudioSrv
Browser
CryptSvc
DMServer
DHCP
EventSystem
FastUserSwitchingCompatibility
HidServ
Ias
Iprip
Irmon
LanmanServer
LanmanWorkstation
NETMAN
NLA
Ntmssvc
NWCWorkstation
Nwsapagent
Rasauto
RasMan
RemoteAccess
Schema
Seclogon
SENS
Sharedaccess
SRService
TapiSrv
Thema's
TrkWks
W32Time
Wzcsvc
WMI
WmdmPmSp
winmgmt
xmlprov
ShellHWDetection

HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ Svchost - NetSvcs

* Newly Created Service * - CatchMe
* Newly Created Service * - PROCEXP90
.
Inhoud van de 'Geplande taken' map

2008-11-03 c: \ windows \ Tasks \ AppleSoftwareUpdate.job
- C: \ Program Files \ Apple Software Update \ SoftwareUpdate.exe [2008-07-30 12:34]

2008-11-06 c: \ windows \ Opdrachten \ GoogleUpdateTaskUser.job
- C: \ Documents and Settings \ Administrator \ Local Settings \ Application Data \ Google \ Update \ GoogleUpdate.exe [2008-11-01 10:54]
.
.
------- Bijkomende Scan -------
.
FireFox -: Profile - C: \ Documents and Settings \ Administrator \ Application Data \ Mozilla \ Firefox \ Profiles \ p2eog6ij.default \
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp: / / www.google.com/
FF -: plugin - c: \ Documents and Settings \ Administrator \ Local Settings \ Application Data \ Google \ Update \ 1.2.131.25 \ npGoogleOneClick6.dl l
FF -: plugin - c: \ program files \ iTunes \ Mozilla Plugins \ npitunes.dll
FF -: plugin - C: \ Program Files \ Java \ jre6 \ bin \ new_plugin \ npdeploytk.dll
FF -: plugin - C: \ Program Files \ Java \ jre6 \ bin \ new_plugin \ npjp2.dll
FF -: plugin - C: \ Program Files \ K-Lite Codec Pack \ Real \ browser \ plugins \ nppl3260.dll
FF -: plugin - C: \ Program Files \ K-Lite Codec Pack \ Real \ browser \ plugins \ nprpjplug.dll
.

************************************************** ************************

CatchMe 0.3.1367 W2K/XP/Vista - rootkit / stealth malware detector, Gmer, http://www.gmer.net
Rootkit scan 2008-11-06 17:53:46
Windows 5.1.2600 Service Pack 2 NTFS

het scannen van verborgen processen ...

het scannen van verborgen autostart items ...

het scannen van verborgen bestanden ...

scannen is voltooid
verborgen bestanden: 0

************************************************** ************************
.
Afronding tijd: 2008-11-06 17:55:07
ComboFix-quarantaine-files.txt 2008-11-06 17:54:43
ComboFix2.txt 2008-11-06 17:44:22

Pre-Run: 71168983040 bytes vrij
Post-Run: 71160324096 bytes vrij

306

**rocker9455** · #6 6 november 2008, 10:56

Logbestand van Trend Micro HijackThis v2.0.2
Scan opgeslagen om 17:56:55 op 06.11.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer versie!
Boot mode: Normal

Draaiende processen:
C: \ WINDOWS \ System32 \ Smss.exe
C: \ WINDOWS \ system32 \ winlogon.exe
C: \ WINDOWS \ system32 \ Services.exe
C: \ WINDOWS \ system32 \ lsass.exe
C: \ WINDOWS \ system32 \ svchost.exe
C: \ WINDOWS \ System32 \ svchost.exe
C: \ WINDOWS \ system32 \ Spoolsv.exe
C: \ Program Files \ Common Files \ Apple \ Mobile Device Support \ bin \ AppleMobileDeviceService.exe
C: \ Program Files \ Bonjour \ mDNSResponder.exe
C: \ Program Files \ ESET \ ESET NOD32 Antivirus \ ekrn.exe
C: \ Program Files \ Java \ jre6 \ bin \ jqs.exe
C: \ WINDOWS \ system32 \ svchost.exe
C: \ Program Files \ iTunes \ iTunesHelper.exe
C: \ Program Files \ ESET \ ESET NOD32 Antivirus \ egui.exe
C: \ Program Files \ Java \ jre6 \ bin \ jusched.exe
C: \ Program Files \ POP begluurder \ POPPeeper.exe
C: \ Documents and Settings \ Administrator \ Local Settings \ Application Data \ Google \ Update \ GoogleUpdate.exe
C: \ Program Files \ filehippo.com \ UpdateChecker.exe
C: \ Program Files \ SlySoft \ AnyDVD \ AnyDVDtray.exe
C: \ Program Files \ iPod \ bin \ iPodService.exe
C: \ Program Files \ iTunes \ iTunes.exe
C: \ WINDOWS \ explorer.exe
C: \ Program Files \ Mozilla Firefox \ firefox.exe
C: \ Program Files \ Trend Micro \ HijackThis \ Sniper.exe

R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Local Page =
R0 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Local Page =
R1 - HKCU \ Software \ Microsoft \ Windows \ CurrentVersion \ Int ernet Settings, ProxyOverride = *. lokale
R0 - HKCU \ Software \ Microsoft \ Internet Explorer \ Toolbar, LinksFolderName =
O2 - BHO: Click-to-Call BHO - (5C255C8A-E604-49b4-9D64-90988571CECB) - C: \ Program Files \ Windows Live \ Messenger \ wlchtc.dll
O2 - BHO: Java (tm) Plug-In SSV Helper - (761497BB-D6F0-462C-B6EB-D4DAF1D92D43) - C: \ Program Files \ Java \ jre6 \ bin \ ssv.dll
O2 - BHO: Windows Live Sign-in Helper - (9030D464-4C02-4ABF-8ECC-5164760863C6) - C: \ Program Files \ Common Files \ Microsoft Shared \ Windows Live \ WindowsLiveLogin.dll
O2 - BHO: Java (tm) Plug-In 2 SSV Helper - (DBC80044-A445-435b-BC74-9C25C1C588A9) - C: \ Program Files \ Java \ jre6 \ bin \ jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - (E7E6F031-17CE-4C07-BC86-EABFE594F69C) - C: \ Program Files \ Java \ jre6 \ lib \ implementeren \ jqs \ IE \ jqs_plugin.dll
O4 - HKLM \ .. \ Run: [SiSPower] Rundll32.exe SiSPower.dll, ModeAgent
O4 - HKLM \ .. \ Run: [QuickTime Task] "C: \ Program Files \ QuickTime \ QTTask.exe"-atboottime
O4 - HKLM \ .. \ Run: [iTunesHelper] "C: \ Program Files \ iTunes \ iTunesHelper.exe"
O4 - HKLM \ .. \ Run: [egui] "C: \ Program Files \ ESET \ ESET NOD32 Antivirus \ egui.exe" / hide / waitservice
O4 - HKLM \ .. \ Run: [SunJavaUpdateSched] "C: \ Program Files \ Java \ jre6 \ bin \ jusched.exe"
O4 - HKCU \ .. \ Run: [PeerGuardian] C: \ Program Files \ PeerGuardian2 \ pg2.exe
O4 - HKCU \ .. \ Run: [POP begluurder] "C: \ Program Files \ POP begluurder \ POPPeeper.exe"-min
O4 - HKCU \ .. \ Run: [μTorrent] "C: \ Program Files \ uTorrent \ utorrent.exe"
O4 - HKCU \ .. \ Run: [uTorrent] "C: \ Program Files \ uTorrent \ utorrent.exe"
O4 - HKCU \ .. \ Run: [msnmsgr] "C: \ Program Files \ Windows Live \ Messenger \ msnmsgr.exe" / achtergrond
O4 - HKCU \ .. \ Run: [Google Update] "C: \ Documents and Settings \ Administrator \ Local Settings \ Application Data \ Google \ Update \ GoogleUpdate.exe" / c
O4 - HKCU \ .. \ Run: [filehippo.com] "C: \ Program Files \ filehippo.com \ UpdateChecker.exe" / achtergrond
O4 - HKCU \ .. \ Run: [AnyDVD] C: \ Program Files \ SlySoft \ AnyDVD \ AnyDVDtray.exe
O4 - HKUS \ S-1-5-19 \ .. \ RunOnce: [nltide_2] regsvr32 / s / n / i: U shell32 (User 'LOCAL SERVICE')
O4 - HKUS \ S-1-5-19 \ .. \ RunOnce: [nltide_3] rundll32 Advpack.dll, LaunchINFSectionEx nLite.inf, C,, 4, N (User 'LOCAL SERVICE')
O4 - HKUS \ S-1-5-20 \ .. \ RunOnce: [nltide_2] regsvr32 / s / n / i: U shell32 (User 'NETWORK SERVICE')
O4 - HKUS \ S-1-5-18 \ .. \ RunOnce: [nltide_2] regsvr32 / s / n / i: U shell32 (User 'SYSTEM')
O4 - HKUS \. DEFAULT \ .. \ RunOnce: [nltide_2] regsvr32 / s / n / i: U shell32 (User 'Default user')
O4 - Startup: CalcFire.lnk = C: \ Program Files \ CalcFire \ CalcFire.exe
O4 - Startup: FreshIP.lnk = C: \ Program Files \ FreshIP \ FreshIP.exe
O4 - Global Startup: Utility Tray.lnk = C: \ WINDOWS \ system32 \ sistray.exe
O6 - HKLM \ Software \ Policies \ Microsoft \ Internet Explorer \ Restrictions aanwezig
O8 - Extra context menu item: E & xporteren naar Microsoft Excel - res: / / C: \ PROGRA ~ 1 \ MICROS ~ 1 \ Office11 \ EXCEL.EXE/3000
O9 - Extra button: Onderzoek - (92780B25-18CC-41C8-B9BE-3C9C571A8263) - C: \ PROGRA ~ 1 \ MICROS ~ 1 \ Office11 \ REFIEBAR.DLL
O13 - DefaultPrefix:
O13 - WWW Prefix:
O13 - Home Prefix:
O13 - Mosaic Prefix:
O13 - FTP Prefix:
O13 - Gopher Prefix:
O23 - Service: Apple Mobile Device - Apple Inc - C: \ Program Files \ Common Files \ Apple \ Mobile Device Support \ bin \ AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc - C: \ Program Files \ Bonjour \ mDNSResponder.exe
O23 - Service: Indexing Service (CiSvc) - Onbekende eigenaar - C: \ WINDOWS \ system32 \ cisvc.exe (file missing)
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C: \ Program Files \ ESET \ ESET NOD32 Antivirus \ EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C: \ Program Files \ ESET \ ESET NOD32 Antivirus \ ekrn.exe
O23 - Service: iPod Service - Apple Inc - C: \ Program Files \ iPod \ bin \ iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc - C: \ Program Files \ Java \ jre6 \ bin \ jqs.exe
O23 - Service: lxcf_device - - C: \ WINDOWS \ system32 \ lxcfcoms.exe

--
End of file - 5724 bytes

**evilfantasy** · #7 6 november 2008, 11:30

Open HijackThis en selecteer Doe een systeemscan alleen.

Plaats een vinkje naast de volgende items: (indien aanwezig)

O13 - DefaultPrefix:
O13 - WWW Prefix:
O13 - Home Prefix:
O13 - Mosaic Prefix:
O13 - FTP Prefix:
O13 - Gopher Prefix:

Belangrijk: Sluit alle vensters behalve HijackThis en klik op Fix gecontroleerd.

Afsluiten HijackThis.

----------

Downloaden CCleaner Slim en sla het op uw bureaublad .- Alternatieve download link
Wanneer het bestand is opgeslagen, gaat u naar uw bureaublad en dubbelklik op ccsetupxxx_slim.exe
Volg de aanwijzingen om het programma te installeren.
Dubbelklik op het CCleaner snelkoppeling op het bureaublad om het programma te starten.

Klik op de Opties blok aan de linkerkant, kies dan Cookies.
Onder Cookies verwijderenMarkeer alle cookies die u wilt behouden permanent

Klik op de pijl naar rechts > om ze te verplaatsen naar de Cookies om Bewaar venster.

Ga naar Opties > Geavanceerd uncontroleren Alleen verwijderen van bestanden in Windows Temp mappen die ouder zijn dan 48 uur

Klik op Cleaner aan de linkerkant dan Run Cleaner inzake het recht op het programma.

Belangrijk: Zorg ervoor dat ALLE browservensters gesloten zijn voordat de selectie Run Cleaner

Let op: Gebruik alleen de Griffie functie als u zeer vertrouwd met het register.
Altijd back-up van uw register voordat maken van eventuele wijzigingen.
Afsluiten CCleaner nadat deze is voltooid is het proces.

----------

Downloaden SUPERAntiSpyware.exe

Alternatieve download link 1
Alternatieve download link 2

Dubbelklik op het pictogram op uw bureaublad naar het installatieprogramma.
Gevraagd naar Update het programma definities, klik Ja
Als u problemen ondervindt tijdens het downloaden van de updates handmatig te downloaden en unzip ze uit hier
Vervolgens klikt u op de Voorkeuren knop.

Onder Start-Up Opties vinkje uit het volgende:

SUPERAntiSpyware starten wanneer Windows wordt gestart

Tonen SUPERAntiSpyware pictogram in het systeemvak

Toon splash screen bij het opstarten

Klik op de Scanning Control tabblad.
Onder Scanner Opties Zorg ervoor dat alleen de volgende worden gecontroleerd:

Sluiten browsers voor het scannen

Scan voor het bijhouden van cookies

Terminate geheugen bedreigingen voordat quarantainemaatregelen

Scan Alternate Data Streams

Laat de anderen uitgeschakeld.

Klik op de Sluiten knop om de Control Center scherm.

Op het hoofdscherm klikt u op Scan uw computer

Aan de linkerkant vink het vakje voor het station dat u scant.

Aan de rechterkant kiezen Perform Complete Scan

Klik op Volgende om te beginnen met de scan. Even geduld terwijl hij scant uw computer.

Na de scan is een samenvatting weergegeven. Klik op OK

Zorg ervoor dat alles in het witte vak heeft een vinkje naast deze, en klik vervolgens op Volgende

Het zal quarantaine wat zij vinden en als hij vraagt of je opnieuw wilt opstarten, klikt u op Ja

Om de verwijdering informatie kunt u het volgende doen:

Na de herstart, dubbelklik op de SUPERAntiSpyware pictogram op uw bureaublad.

Klik op Voorkeuren. Klik op de Statistieken / Logs tabblad.

Onder Scanner Logs, dubbel-klik SUPERAntiSpyware Scan Logboek.

Het wordt geopend in uw standaard tekstverwerker (bij voorkeur Kladblok).

Sla het Kladblok-bestand op uw bureaublad op door te klikken (in notepad) Bestand > Opslaan als...

Sla de log ergens kunt u gemakkelijk vinden. (doorgaans de desktop)
Klik op Sluiten en sluit het opnieuw aan het programma te verlaten.
Kopiëren en Plakken de log in je post.