Trager

**RB211** · #1 De 4 april 2008, 10:57

Na het downloaden van sommige dingen mijn computer wordt steeds trager wordt met vervelende spyware / malware toevoegen opduiken dat ik cant get kwijt. Please help guys ..

**Hybr! D** · #2 4 april 2008, 11:02

Start hier: http://www.computer-juice.com/forums...-posting-7476/

**RB211** · #3 4 april 2008, 14:51

ok dit is de eerste log. Ik neem aan dat ik gewoon doorgaan?

SUPERAntiSpyware Scan Log
http://www.superantispyware.com
Generated 04/04/2008 at 10:06 PM
Toepassing Versie: 4.0.1154
Core Rules Database Version: 3431
Trace Rules Database Version: 1423
Scan type: Volledige Scan
Total Scan Time: 01:41:45
Geheugen objecten gescand: 703
Geheugen bedreigingen gedetecteerd: 1
Register objecten gescand: 5826
Register gedetecteerde bedreigingen: 43
Bestand objecten gescand: 289779
Bestand gedetecteerde bedreigingen: 158
Adware.Vundo Variant / Resident
C: \ WINDOWS \ system32 \ MLJJJ.DLL
C: \ WINDOWS \ system32 \ MLJJJ.DLL
Trojan.WinFixer
HKLM \ Software \ Classes \ CLSID \ (09888678-51D6-42FC-9437-CBBFDA0B86EA)
HKCR \ CLSID \ (09888678-51D6-42FC-9437-CBBFDA0B86EA)
HKCR \ CLSID \ (09888678-51D6-42FC-9437-CBBFDA0B86EA) \ InprocServer32
HKCR \ CLSID \ (09888678-51D6-42FC-9437-CBBFDA0B86EA) \ InprocServer32 # ThreadingModel
HKLM \ Software \ Classes \ CLSID \ (6800D574-80D6-4F0F-B6C9-E590AF2F999B)
HKCR \ CLSID \ (6800D574-80D6-4F0F-B6C9-E590AF2F999B)
HKCR \ CLSID \ (6800D574-80D6-4F0F-B6C9-E590AF2F999B) \ InprocServer32
HKCR \ CLSID \ (6800D574-80D6-4F0F-B6C9-E590AF2F999B) \ InprocServer32 # ThreadingModel
C: \ WINDOWS \ system32 \ JKKLL.DLL
HKLM \ Software \ Microsoft \ Windows \ CurrentVersion \ Exp lorer \ Browser Helper Objects \ (09888678-51D6-42FC-9437-CBBFDA0B86EA)
Adware.Vundo Variant
HKLM \ Software \ Classes \ CLSID \ (3FECA576-7AD2-4E11-A6AD-6B59D4FB5DB9)
HKCR \ CLSID \ (3FECA576-7AD2-4E11-A6AD-6B59D4FB5DB9)
HKCR \ CLSID \ (3FECA576-7AD2-4E11-A6AD-6B59D4FB5DB9) \ InprocServer32
HKCR \ CLSID \ (3FECA576-7AD2-4E11-A6AD-6B59D4FB5DB9) \ InprocServer32 # ThreadingModel
C: \ WINDOWS \ system32 \ TUVSQPQ.DLL
HKLM \ Software \ Classes \ CLSID \ (D85530E8-D39D-49D0-9F36-300D594556D2)
HKCR \ CLSID \ (D85530E8-D39D-49D0-9F36-300D594556D2)
HKCR \ CLSID \ (D85530E8-D39D-49D0-9F36-300D594556D2) \ InprocServer32
HKCR \ CLSID \ (D85530E8-D39D-49D0-9F36-300D594556D2) \ InprocServer32 # ThreadingModel
C: \ WINDOWS \ system32 \ YAYWUVW.DLL
HKLM \ Software \ Microsoft \ Windows \ CurrentVersion \ Exp lorer \ Browser Helper Objects \ (3FECA576-7AD2-4E11-A6AD-6B59D4FB5DB9)
HKLM \ Software \ Microsoft \ Windows \ CurrentVersion \ Exp lorer \ ShellExecuteHooks # (D85530E8-D39D-49D0-9F36-300D594556D2)
HKLM \ Software \ Microsoft \ Windows \ CurrentVersion \ Exp lorer \ ShellExecuteHooks # (3FECA576-7AD2-4E11-A6AD-6B59D4FB5DB9)
HKCR \ CLSID \ (3FECA576-7AD2-4E11-A6AD-6B59D4FB5DB9)
HKCR \ CLSID \ (D85530E8-D39D-49D0-9F36-300D594556D2)
Unclassified.Unknown Oorsprong
HKLM \ Software \ Classes \ CLSID \ (F4F10C1D-87C7-404A-B4B3-000000000000)
HKCR \ CLSID \ (F4F10C1D-87C7-404A-B4B3-000000000000)
HKCR \ CLSID \ (F4F10C1D-87C7-404A-B4B3-000000000000)
HKCR \ CLSID \ (F4F10C1D-87C7-404A-B4B3-000000000000) \ InprocServer32
HKCR \ CLSID \ (F4F10C1D-87C7-404A-B4B3-000000000000) \ InprocServer32 # ThreadingModel
HKCR \ CLSID \ (F4F10C1D-87C7-404A-B4B3-000000000000) \ ProgID
HKCR \ CLSID \ (F4F10C1D-87C7-404A-B4B3-000000000000) \ Programmable
HKCR \ CLSID \ (F4F10C1D-87C7-404A-B4B3-000000000000) \ TypeLib
HKCR \ CLSID \ (F4F10C1D-87C7-404A-B4B3-000000000000) \ VersionIndependentProgID
C: \ PROGRA ~ 1 \ DAP \ SBSEARCH.DLL
HKU \ S-1-5-21-73586283-1326574676-839522115-1004 \ Software \ Microsoft \ Internet Explorer \ URLSearchHooks # (F4F10C1D-87C7-404A-B4B3-000000000000)
HKCR \ SearchHook.SrchHook.1
HKCR \ SearchHook.SrchHook
HKCR \ TypeLib \ (95EFB171-F3DF-4BEC-9EF7-829A800203E6)
HKCR \ TypeLib \ (95EFB171-F3DF-4BEC-9EF7-829A800203E6) \ 1.0
HKCR \ TypeLib \ (95EFB171-F3DF-4BEC-9EF7-829A800203E6) \ 1.0 \ 0
HKCR \ TypeLib \ (95EFB171-F3DF-4BEC-9EF7-829A800203E6) \ 1.0 \ 0 \ win32
HKCR \ TypeLib \ (95EFB171-F3DF-4BEC-9EF7-829A800203E6) \ 1.0 \ FLAGS
HKCR \ TypeLib \ (95EFB171-F3DF-4BEC-9EF7-829A800203E6) \ 1.0 \ HELPDIR
Adware.Tracking Cookie
C: \ Documents and Settings \ Danny \ Cookies \ danny @ portie-sys [1]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny @ tribalfusion [1]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny @ doubleclick [1]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny@bs.serving-sys [1]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny@bs.serving-sys [2]. Txt
C: \ Documents and Settings \ Roz \ Cookies \ roz@ad.yieldmanager [2]. Txt
C: \ Documents and Settings \ Roz \ Cookies \ roz@ad.zanox [1]. Txt
C: \ Documents and Settings \ Roz \ Cookies \ roz @ adnetserver [1]. Txt
C: \ Documents and Settings \ Roz \ Cookies \ roz@ads.alpharooms [2]. Txt
C: \ Documents and Settings \ Roz \ Cookies \ roz@ads1.alpharooms [2]. Txt
C: \ Documents and Settings \ Roz \ Cookies \ roz@ads2.alpharooms [1]. Txt
C: \ Documents and Settings \ Roz \ Cookies \ roz@ads3.alpharooms [1]. Txt
C: \ Documents and Settings \ Roz \ Cookies \ roz@ads4.alpharooms [1]. Txt
C: \ Documents and Settings \ Roz \ Cookies \ roz @ AdultFriendFinder [2]. Txt
C: \ Documents and Settings \ Roz \ Cookies \ roz @ GoStats [2]. Txt
C: \ Documents and Settings \ Roz \ Cookies \ roz @ hornymatches [2]. Txt
C: \ Documents and Settings \ Roz \ Cookies \ roz @ indexstats [1]. Txt
C: \ Documents and Settings \ Roz \ Cookies \ roz @ indexstats [3]. Txt
C: \ Documents and Settings \ Roz \ Cookies \ roz @ linksynergy [1]. Txt
C: \ Documents and Settings \ Roz \ Cookies \ roz@media2.mediafileshost [2]. Txt
C: \ Documents and Settings \ Roz \ Cookies \ roz @ statcounter [1]. Txt
C: \ Documents and Settings \ Roz \ Cookies \ roz@statse.webtrendslive [2]. Txt
C: \ Documents and Settings \ Roz \ Cookies \ roz@tracking.summitmedia.co [1]. Txt
C: \ Documents and Settings \ Roz \ Cookies \ roz@webstats.wthosting.co [2]. Txt
C: \ Documents and Settings \ Roz \ Cookies \ roz@www.admedia365 [2]. Txt
C: \ Documents and Settings \ Roz \ Cookies \ roz@www.admedia365 [3]. Txt
C: \ Documents and Settings \ Roz \ Cookies \ roz@www.hxtrack [2]. Txt
H: \ Documents and Settings \ Rozzie \ Cookies \ rozzie @ indexstats [2]. Txt
H: \ Documents and Settings \ Rozzie \ Cookies \ rozzie@pc-finder.co [2]. Txt
H: \ Documents and Settings \ Rozzie \ Cookies \ rozzie@www.pc-finder.co [2]. Txt
H: \ Nieuwer Docs & Sets \ Rozzie \ Cookies \ rozzie @ indexstats [2]. Txt
H: \ Nieuwer Docs & Sets \ Rozzie \ Cookies \ rozzie@pc-finder.co [2]. Txt
H: \ Nieuwer Docs & Sets \ Rozzie \ Cookies \ rozzie@www.pc-finder.co [2]. Txt
H: \ Rozzie \ Cookies \ rozzie @ indexstats [2]. Txt
H: \ Rozzie \ Cookies \ rozzie@pc-finder.co [2]. Txt
H: \ Rozzie \ Cookies \ rozzie@www.pc-finder.co [2]. Txt
Trojan.Unknown Oorsprong
C: \ WINDOWS \ system32 \ nGpxx01
HKLM \ Software \ xpre
HKLM \ Software \ xpre # execount
Adware.VXGame-Trace
HKU \ S-1-5-21-73586283-1326574676-839522115-1005 \ Software \ kernelexe
Adware.Vundo Variant / Rel
C: \ WINDOWS \ system32 \ ACCDD.INI
C: \ WINDOWS \ system32 \ ACCDD.INI2
C: \ WINDOWS \ system32 \ ILKKJ.INI
C: \ WINDOWS \ system32 \ ILKKJ.INI2
C: \ WINDOWS \ system32 \ JJJLM.INI
C: \ WINDOWS \ system32 \ JJJLM.INI2
C: \ WINDOWS \ system32 \ LLKKJ.INI
C: \ WINDOWS \ system32 \ LLKKJ.INI2
C: \ WINDOWS \ system32 \ LNNMP.INI2
C: \ WINDOWS \ system32 \ MCRH.TMP
C: \ WINDOWS \ system32 \ RRQSS.INI
C: \ WINDOWS \ system32 \ VVVWA.INI2
Adware.Vundo-Variant
C: \ WINDOWS \ system32 \ DDCCA.DLL
C: \ WINDOWS \ system32 \ SSQRR.DLL
Trace.Known Threat Bronnen
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ W9AJSLIB \ index [1]. Htm
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ WTAN0PYF \ onderkant [2]. Gif
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ WTAN0PYF \ i53b_t1 [1]. Gif
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ 4P6RS5MF \ CAXOO75T.htm
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ WTAN0PYF \ xrest [1]. Gif
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ W9AJSLIB \ ajax [1]. Htm
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ CTY381ER \ verx [1]. Gif
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ WTAN0PYF \ i701_brd-top-1 [1]. Gif
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ WTAN0PYF \ managers [1]. Htm
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ WTAN0PYF \ errorhandler [2]. Htm
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ CTY381ER \ i701_line2 [1]. Jpg
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ W9AJSLIB \ i701_boton1 [1]. Gif
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ WTAN0PYF \ errorhandler [1]. Htm
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ WTAN0PYF \ niz [1]. Gif
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ 4P6RS5MF \ errorhandler [1]. Htm
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ CTY381ER \ i53b_btn-kenmerken [1]. Gif
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ W9AJSLIB \ i701_cor links-1-[1]. Gif
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ CTY381ER \ i53b_icon3 [1]. Gif
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ 4P6RS5MF \ crypt [1]. Htm
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ 4P6RS5MF \ venster [1]. JS
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ W9AJSLIB \ schone [1]. Htm
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ W9AJSLIB \ i53b_bg1 [1]. Gif
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ W9AJSLIB \ stats [1]. Gif
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ W9AJSLIB \ top [1]. Gif
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ SDWBGNOV \ main_02 [1]. Gif
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ W9AJSLIB \ CASL6F4X.htm
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ W9AJSLIB \ i53b_line2 [1]. Gif
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ 4P6RS5MF \ i701_cor-rechts-1 [1]. Gif
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ AHGZAXI5 \ raden [1]. Gif
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ W9AJSLIB \ i53b_icon5 [1]. Gif
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ W9AJSLIB \ stijlen [5]. Css
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ ZLGK0BFB \ off_2 [1]. Gif
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ 4P6RS5MF \ i701_bg2 [1]. Gif
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ W9AJSLIB \ vooruitgang [1]. Gif
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ CTY381ER \ i53b_btn-overzicht [1]. Gif
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ CTY381ER \ index [5]. Htm
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ CTY381ER \ stats [1]. Gif
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ W9AJSLIB \ i701_bg3 [1]. Jpg
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ 8NKJEV4R \ bottom_r_2 [1]. Gif
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ 4P6RS5MF \ urgent [1]. Gif
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ W9AJSLIB \ errorhandler [1]. Htm
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ 4P6RS5MF \ AC_RunActiveContent [1]. Htm
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ 4P6RS5MF \ midle [1]. Gif
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ QX8BMXM5 \ stijlen [2]. Css
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ 4P6RS5MF \ i53b_boton4 [1]. Gif
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ WTAN0PYF \ i53b_btn-aankoop [1]. Gif
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ W9AJSLIB \ spacer [4]. Gif
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ 4P6RS5MF \ ajax [1]. Htm
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ G92ZKB2T \ Mark [1]. Gif
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ CX8VSB4B \ bottom_r [1]. Gif
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ CTY381ER \ crypt [1]. Htm
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ LO76ZR17 \ errsnd [1]. Swf
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ CX8VSB4B \ bottom_l [1]. Gif
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ CTY381ER \ i53b_brd-top-1 [1]. Gif
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ CTY381ER \ crypt [2]. Htm
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ AHGZAXI5 \ secpan [1]. Gif
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ W9AJSLIB \ i53b_btn-home [1]. Gif
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ CTY381ER \ CAUJABA1.htm
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ WTAN0PYF \ AC_ActiveX [1]. Htm
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ 4P6RS5MF \ i53b_line3 [1]. Gif
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ 4P6RS5MF \ CHEC [1]. Gif
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ WTAN0PYF \ i53b_icon1 [1]. Gif
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ WTAN0PYF \ ajax [1]. Htm
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ 4P6RS5MF \ i53b_btn-download [1]. Gif
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ ZLGK0BFB \ x [2]. Gif
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ CTY381ER \ CA3MKJZH.htm
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ WTAN0PYF \ i701_BG [1]. Jpg
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ W9AJSLIB \ i701_line1 [1]. Jpg
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ W9AJSLIB \ i701_brd-bot-1 [1]. Gif
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ WTAN0PYF \ i701_pc [1]. Jpg
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ 4P6RS5MF \ i53b_boton2 [1]. Gif
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ W9AJSLIB \ i53b_brd-bot-1 [1]. Gif
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ WTAN0PYF \ i701_bg4 [1]. Jpg
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ 4P6RS5MF \ managers [1]. Htm
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ 4P6RS5MF \ i53b_btn-updates [1]. Gif
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ W9AJSLIB \ managers [1]. Htm
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ UR2NQ1UR \ signalering [1]. Gif
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ WTAN0PYF \ flash [1]. JS
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ 4P6RS5MF \ i701_spacer [1]. Gif
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ AL6HK9M7 \ main_06 [1]. Gif
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ W9AJSLIB \ head_r_back [1]. Gif
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ LO76ZR17 \ schild [1]. Gif
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ WTAN0PYF \ i701_line3 [1]. Gif
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ CTY381ER \ i701_boton2 [1]. Gif
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ CTY381ER \ flash_detect [1]. Htm
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ M1Q5EV4X \ spelen [1]. JS
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ UR2NQ1UR \ main_10 [1]. Gif
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ M1Q5EV4X \ main_05 [1]. Gif
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ QX8BMXM5 \ cross [1]. Gif
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ G92ZKB2T \ main_07 [1]. Gif
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ EJ23EDUF \ CloseButton [1]. Gif
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ 8NKJEV4R \ main_03 [1]. Gif
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ CTY381ER \ ban_2 [1]. Swf
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ CTY381ER \ logo2 [1]. Gif
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ WTAN0PYF \ data [1]. Htm
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ LO76ZR17 \ off_back [1]. Gif
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ AL6HK9M7 \ download [1]. Gif
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ M1Q5EV4X \ main_04 [1]. Gif
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ W9AJSLIB \ popup [1]. Gif
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ CTY381ER \ left_3 [1]. Gif
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ QX8BMXM5 \ bottom_l_2 [1]. Gif
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ Z81HJ8WK \ right_2 [1]. Gif

**evilfantasy** · #4 4 april 2008, 19:20

Ja graag verder met de rest van de stappen. Elke stap wordt gezocht naar oplossingen en verschillende bedreigingen.

**RB211** · #5 5 april 2008, 00:13

OK Heres het tweede log ..

Malwarebytes' Anti-Malware 1.10
Database versie: 592
Scan type: Volledige Scan (A: \ | C: \ | D: \ | E: \ | H: \ | I: \ | J: \ |)
Objecten gescand: 336027
Verstreken tijd: 1 hour (s), 8 minute (s), 1 second (s)
Geheugenprocessen geïnfecteerd: 5
Memory Modules Infected: 0
Registry Keys Infected: 10
Registerwaarden geïnfecteerd: 7
Registry Data Items Infected: 0
Folders Infected: 0
Geïnfecteerde bestanden: 11
Memory Processes Infected:
C: \ WINDOWS \ system32 \ drivers \ ctfmon.exe (Trojan.Agent) -> Unloaded process successfully.
C: \ WINDOWS \ system32 \ drivers \ ctfmon.exe (Trojan.Agent) -> Unloaded process successfully.
C: \ Documents and Settings \ Danny \ Local Settings \ Application Data \ spool.exe (Trojan.Agent) -> Unloaded process successfully.
C: \ Documents and Settings \ Danny \ Local Settings \ Application Data \ spool.exe (Trojan.Agent) -> Unloaded process successfully.
C: \ Documents and Settings \ Danny \ Local Settings \ Application Data \ spool.exe (Trojan.Agent) -> Unloaded process successfully.
Memory Modules Infected:
(Geen kwaadaardige items gedetecteerd)
Registry Keys Infected:
HKEY_LOCAL_MACHINE \ SYSTEM \ ControlSet001 \ Services \ s chedule (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE \ SYSTEM \ ControlSet002 \ Services \ s chedule (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Servic es \ schema (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER \ Software \ Microsoft \ affri (Malware.Trace) -> quarantaine en verwijderd.
HKEY_CURRENT_USER \ Software \ Microsoft \ affltid (Malware.Trace) -> quarantaine en verwijderd.
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ affltid (Malware.Trace) -> quarantaine en verwijderd.
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ affri (Malware.Trace) -> quarantaine en verwijderd.
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ MS Juan (Malware.Trace) -> quarantaine en verwijderd.
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ FCOVM (Trojan.Vundo) -> quarantaine en verwijderd.
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ RemoveRP (Trojan.Vundo) -> quarantaine en verwijderd.
Registry Values Infected:
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Run \ BMafb2445c (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Run \ CTFMON.EXE (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Run \ CTFMON.EXE (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_USERS \. DEFAULT \ SOFTWARE \ Microsoft \ Windows \ Cur rentVersion \ Run \ CTFMON.EXE (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_USERS \. DEFAULT \ SOFTWARE \ Microsoft \ Windows \ Cur rentVersion \ Run \ automatische toevoer (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Run \ automatische toevoer (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Run \ automatische toevoer (Trojan.Agent) -> Quarantined and deleted successfully.
Registry Data Items Infected:
(Geen kwaadaardige items gedetecteerd)
Folders Infected:
(Geen kwaadaardige items gedetecteerd)
Geïnfecteerde bestanden:
C: \ Documents and Settings \ LocalService \ Local Settings \ Temporary Internet Files \ Content.IE5 \ GHIJKLMN \ rondes [1]. Jpg (Trojan.Madcode) -> Quarantined and deleted successfully.
C: \ System Volume Information \ _restore (B4EDD13F-A6F1-41A1-814E-E5C94DDA45B5) \ RP8 \ A0002994.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C: \ WINDOWS \ system32 \ iupdate.exe (Trojan.Madcode) -> Quarantined and deleted successfully.
C: \ WINDOWS \ system32 \ kchkioor.dll (Trojan.Agent) -> Delete on reboot.
C: \ WINDOWS \ system32 \ drivers \ ctfmon.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C: \ WINDOWS \ system32 \ pac.txt (Malware.Trace) -> quarantaine en verwijderd.
C: \ WINDOWS \ system32 \ drivers \ spools.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C: \ Documents and Settings \ Danny \ cftmon.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C: \ Documents and Settings \ Roz \ Local Settings \ Application Data \ spool.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C: \ Documents and Settings \ LocalService \ Local Settings \ Application Data \ spool.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C: \ Documents and Settings \ Danny \ Local Settings \ Application Data \ spool.exe (Trojan.Agent) -> Quarantined and deleted successfully.

**RB211** · #6 5 april 2008, 00:51

Oh OK I didnt realiseren moest ik ze allemaal bij elkaar te plaatsen. Sorry jongens ... Hier zijn ze:

SUPERAntiSpyware Scan Log
http://www.superantispyware.com
Generated 04/04/2008 at 10:06 PM
Toepassing Versie: 4.0.1154
Core Rules Database Version: 3431
Trace Rules Database Version: 1423
Scan type: Volledige Scan
Total Scan Time: 01:41:45
Geheugen objecten gescand: 703
Geheugen bedreigingen gedetecteerd: 1
Register objecten gescand: 5826
Register gedetecteerde bedreigingen: 43
Bestand objecten gescand: 289779
Bestand gedetecteerde bedreigingen: 158
Adware.Vundo Variant / Resident
C: \ WINDOWS \ system32 \ MLJJJ.DLL
C: \ WINDOWS \ system32 \ MLJJJ.DLL
Trojan.WinFixer
HKLM \ Software \ Classes \ CLSID \ (09888678-51D6-42FC-9437-CBBFDA0B86EA)
HKCR \ CLSID \ (09888678-51D6-42FC-9437-CBBFDA0B86EA)
HKCR \ CLSID \ (09888678-51D6-42FC-9437-CBBFDA0B86EA) \ InprocServer32
HKCR \ CLSID \ (09888678-51D6-42FC-9437-CBBFDA0B86EA) \ InprocServer32 # ThreadingModel
HKLM \ Software \ Classes \ CLSID \ (6800D574-80D6-4F0F-B6C9-E590AF2F999B)
HKCR \ CLSID \ (6800D574-80D6-4F0F-B6C9-E590AF2F999B)
HKCR \ CLSID \ (6800D574-80D6-4F0F-B6C9-E590AF2F999B) \ InprocServer32
HKCR \ CLSID \ (6800D574-80D6-4F0F-B6C9-E590AF2F999B) \ InprocServer32 # ThreadingModel
C: \ WINDOWS \ system32 \ JKKLL.DLL
HKLM \ Software \ Microsoft \ Windows \ CurrentVersion \ Exp lorer \ Browser Helper Objects \ (09888678-51D6-42FC-9437-CBBFDA0B86EA)
Adware.Vundo Variant
HKLM \ Software \ Classes \ CLSID \ (3FECA576-7AD2-4E11-A6AD-6B59D4FB5DB9)
HKCR \ CLSID \ (3FECA576-7AD2-4E11-A6AD-6B59D4FB5DB9)
HKCR \ CLSID \ (3FECA576-7AD2-4E11-A6AD-6B59D4FB5DB9) \ InprocServer32
HKCR \ CLSID \ (3FECA576-7AD2-4E11-A6AD-6B59D4FB5DB9) \ InprocServer32 # ThreadingModel
C: \ WINDOWS \ system32 \ TUVSQPQ.DLL
HKLM \ Software \ Classes \ CLSID \ (D85530E8-D39D-49D0-9F36-300D594556D2)
HKCR \ CLSID \ (D85530E8-D39D-49D0-9F36-300D594556D2)
HKCR \ CLSID \ (D85530E8-D39D-49D0-9F36-300D594556D2) \ InprocServer32
HKCR \ CLSID \ (D85530E8-D39D-49D0-9F36-300D594556D2) \ InprocServer32 # ThreadingModel
C: \ WINDOWS \ system32 \ YAYWUVW.DLL
HKLM \ Software \ Microsoft \ Windows \ CurrentVersion \ Exp lorer \ Browser Helper Objects \ (3FECA576-7AD2-4E11-A6AD-6B59D4FB5DB9)
HKLM \ Software \ Microsoft \ Windows \ CurrentVersion \ Exp lorer \ ShellExecuteHooks # (D85530E8-D39D-49D0-9F36-300D594556D2)
HKLM \ Software \ Microsoft \ Windows \ CurrentVersion \ Exp lorer \ ShellExecuteHooks # (3FECA576-7AD2-4E11-A6AD-6B59D4FB5DB9)
HKCR \ CLSID \ (3FECA576-7AD2-4E11-A6AD-6B59D4FB5DB9)
HKCR \ CLSID \ (D85530E8-D39D-49D0-9F36-300D594556D2)
Unclassified.Unknown Oorsprong
HKLM \ Software \ Classes \ CLSID \ (F4F10C1D-87C7-404A-B4B3-000000000000)
HKCR \ CLSID \ (F4F10C1D-87C7-404A-B4B3-000000000000)
HKCR \ CLSID \ (F4F10C1D-87C7-404A-B4B3-000000000000)
HKCR \ CLSID \ (F4F10C1D-87C7-404A-B4B3-000000000000) \ InprocServer32
HKCR \ CLSID \ (F4F10C1D-87C7-404A-B4B3-000000000000) \ InprocServer32 # ThreadingModel
HKCR \ CLSID \ (F4F10C1D-87C7-404A-B4B3-000000000000) \ ProgID
HKCR \ CLSID \ (F4F10C1D-87C7-404A-B4B3-000000000000) \ Programmable
HKCR \ CLSID \ (F4F10C1D-87C7-404A-B4B3-000000000000) \ TypeLib
HKCR \ CLSID \ (F4F10C1D-87C7-404A-B4B3-000000000000) \ VersionIndependentProgID
C: \ PROGRA ~ 1 \ DAP \ SBSEARCH.DLL
HKU \ S-1-5-21-73586283-1326574676-839522115-1004 \ Software \ Microsoft \ Internet Explorer \ URLSearchHooks # (F4F10C1D-87C7-404A-B4B3-000000000000)
HKCR \ SearchHook.SrchHook.1
HKCR \ SearchHook.SrchHook
HKCR \ TypeLib \ (95EFB171-F3DF-4BEC-9EF7-829A800203E6)
HKCR \ TypeLib \ (95EFB171-F3DF-4BEC-9EF7-829A800203E6) \ 1.0
HKCR \ TypeLib \ (95EFB171-F3DF-4BEC-9EF7-829A800203E6) \ 1.0 \ 0
HKCR \ TypeLib \ (95EFB171-F3DF-4BEC-9EF7-829A800203E6) \ 1.0 \ 0 \ win32
HKCR \ TypeLib \ (95EFB171-F3DF-4BEC-9EF7-829A800203E6) \ 1.0 \ FLAGS
HKCR \ TypeLib \ (95EFB171-F3DF-4BEC-9EF7-829A800203E6) \ 1.0 \ HELPDIR
Adware.Tracking Cookie
C: \ Documents and Settings \ Danny \ Cookies \ danny @ portie-sys [1]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny @ tribalfusion [1]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny @ doubleclick [1]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny@bs.serving-sys [1]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny@bs.serving-sys [2]. Txt
C: \ Documents and Settings \ Roz \ Cookies \ roz@ad.yieldmanager [2]. Txt
C: \ Documents and Settings \ Roz \ Cookies \ roz@ad.zanox [1]. Txt
C: \ Documents and Settings \ Roz \ Cookies \ roz @ adnetserver [1]. Txt
C: \ Documents and Settings \ Roz \ Cookies \ roz@ads.alpharooms [2]. Txt
C: \ Documents and Settings \ Roz \ Cookies \ roz@ads1.alpharooms [2]. Txt
C: \ Documents and Settings \ Roz \ Cookies \ roz@ads2.alpharooms [1]. Txt
C: \ Documents and Settings \ Roz \ Cookies \ roz@ads3.alpharooms [1]. Txt
C: \ Documents and Settings \ Roz \ Cookies \ roz@ads4.alpharooms [1]. Txt
C: \ Documents and Settings \ Roz \ Cookies \ roz @ AdultFriendFinder [2]. Txt
C: \ Documents and Settings \ Roz \ Cookies \ roz @ GoStats [2]. Txt
C: \ Documents and Settings \ Roz \ Cookies \ roz @ hornymatches [2]. Txt
C: \ Documents and Settings \ Roz \ Cookies \ roz @ indexstats [1]. Txt
C: \ Documents and Settings \ Roz \ Cookies \ roz @ indexstats [3]. Txt
C: \ Documents and Settings \ Roz \ Cookies \ roz @ linksynergy [1]. Txt
C: \ Documents and Settings \ Roz \ Cookies \ roz@media2.mediafileshost [2]. Txt
C: \ Documents and Settings \ Roz \ Cookies \ roz @ statcounter [1]. Txt
C: \ Documents and Settings \ Roz \ Cookies \ roz@statse.webtrendslive [2]. Txt
C: \ Documents and Settings \ Roz \ Cookies \ roz@tracking.summitmedia.co [1]. Txt
C: \ Documents and Settings \ Roz \ Cookies \ roz@webstats.wthosting.co [2]. Txt
C: \ Documents and Settings \ Roz \ Cookies \ roz@www.admedia365 [2]. Txt
C: \ Documents and Settings \ Roz \ Cookies \ roz@www.admedia365 [3]. Txt
C: \ Documents and Settings \ Roz \ Cookies \ roz@www.hxtrack [2]. Txt
H: \ Documents and Settings \ Rozzie \ Cookies \ rozzie @ indexstats [2]. Txt
H: \ Documents and Settings \ Rozzie \ Cookies \ rozzie@pc-finder.co [2]. Txt
H: \ Documents and Settings \ Rozzie \ Cookies \ rozzie@www.pc-finder.co [2]. Txt
H: \ Nieuwer Docs & Sets \ Rozzie \ Cookies \ rozzie @ indexstats [2]. Txt
H: \ Nieuwer Docs & Sets \ Rozzie \ Cookies \ rozzie@pc-finder.co [2]. Txt
H: \ Nieuwer Docs & Sets \ Rozzie \ Cookies \ rozzie@www.pc-finder.co [2]. Txt
H: \ Rozzie \ Cookies \ rozzie @ indexstats [2]. Txt
H: \ Rozzie \ Cookies \ rozzie@pc-finder.co [2]. Txt
H: \ Rozzie \ Cookies \ rozzie@www.pc-finder.co [2]. Txt
Trojan.Unknown Oorsprong
C: \ WINDOWS \ system32 \ nGpxx01
HKLM \ Software \ xpre
HKLM \ Software \ xpre # execount
Adware.VXGame-Trace
HKU \ S-1-5-21-73586283-1326574676-839522115-1005 \ Software \ kernelexe
Adware.Vundo Variant / Rel
C: \ WINDOWS \ system32 \ ACCDD.INI
C: \ WINDOWS \ system32 \ ACCDD.INI2
C: \ WINDOWS \ system32 \ ILKKJ.INI
C: \ WINDOWS \ system32 \ ILKKJ.INI2
C: \ WINDOWS \ system32 \ JJJLM.INI
C: \ WINDOWS \ system32 \ JJJLM.INI2
C: \ WINDOWS \ system32 \ LLKKJ.INI
C: \ WINDOWS \ system32 \ LLKKJ.INI2
C: \ WINDOWS \ system32 \ LNNMP.INI2
C: \ WINDOWS \ system32 \ MCRH.TMP
C: \ WINDOWS \ system32 \ RRQSS.INI
C: \ WINDOWS \ system32 \ VVVWA.INI2
Adware.Vundo-Variant
C: \ WINDOWS \ system32 \ DDCCA.DLL
C: \ WINDOWS \ system32 \ SSQRR.DLL
Trace.Known Threat Bronnen
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ W9AJSLIB \ index [1]. Htm
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ WTAN0PYF \ onderkant [2]. Gif
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ WTAN0PYF \ i53b_t1 [1]. Gif
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ 4P6RS5MF \ CAXOO75T.htm
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ WTAN0PYF \ xrest [1]. Gif
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ W9AJSLIB \ ajax [1]. Htm
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ CTY381ER \ verx [1]. Gif
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ WTAN0PYF \ i701_brd-top-1 [1]. Gif
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ WTAN0PYF \ managers [1]. Htm
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ WTAN0PYF \ errorhandler [2]. Htm
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ CTY381ER \ i701_line2 [1]. Jpg
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ W9AJSLIB \ i701_boton1 [1]. Gif
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ WTAN0PYF \ errorhandler [1]. Htm
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ WTAN0PYF \ niz [1]. Gif
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ 4P6RS5MF \ errorhandler [1]. Htm
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ CTY381ER \ i53b_btn-kenmerken [1]. Gif
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ W9AJSLIB \ i701_cor links-1-[1]. Gif
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ CTY381ER \ i53b_icon3 [1]. Gif
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ 4P6RS5MF \ crypt [1]. Htm
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ 4P6RS5MF \ venster [1]. JS
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ W9AJSLIB \ schone [1]. Htm
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ W9AJSLIB \ i53b_bg1 [1]. Gif
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ W9AJSLIB \ stats [1]. Gif
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ W9AJSLIB \ top [1]. Gif
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ SDWBGNOV \ main_02 [1]. Gif
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ W9AJSLIB \ CASL6F4X.htm
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ W9AJSLIB \ i53b_line2 [1]. Gif
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ 4P6RS5MF \ i701_cor-rechts-1 [1]. Gif
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ AHGZAXI5 \ raden [1]. Gif
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ W9AJSLIB \ i53b_icon5 [1]. Gif
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ W9AJSLIB \ stijlen [5]. Css
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ ZLGK0BFB \ off_2 [1]. Gif
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ 4P6RS5MF \ i701_bg2 [1]. Gif
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ W9AJSLIB \ vooruitgang [1]. Gif
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ CTY381ER \ i53b_btn-overzicht [1]. Gif
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ CTY381ER \ index [5]. Htm
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ CTY381ER \ stats [1]. Gif
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ W9AJSLIB \ i701_bg3 [1]. Jpg
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ 8NKJEV4R \ bottom_r_2 [1]. Gif
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ 4P6RS5MF \ urgent [1]. Gif
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ W9AJSLIB \ errorhandler [1]. Htm
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ 4P6RS5MF \ AC_RunActiveContent [1]. Htm
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ 4P6RS5MF \ midle [1]. Gif
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ QX8BMXM5 \ stijlen [2]. Css
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ 4P6RS5MF \ i53b_boton4 [1]. Gif
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ WTAN0PYF \ i53b_btn-aankoop [1]. Gif
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ W9AJSLIB \ spacer [4]. Gif
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ 4P6RS5MF \ ajax [1]. Htm
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ G92ZKB2T \ Mark [1]. Gif
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ CX8VSB4B \ bottom_r [1]. Gif
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ CTY381ER \ crypt [1]. Htm
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ LO76ZR17 \ errsnd [1]. Swf
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ CX8VSB4B \ bottom_l [1]. Gif
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ CTY381ER \ i53b_brd-top-1 [1]. Gif
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ CTY381ER \ crypt [2]. Htm
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ AHGZAXI5 \ secpan [1]. Gif
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ W9AJSLIB \ i53b_btn-home [1]. Gif
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ CTY381ER \ CAUJABA1.htm
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ WTAN0PYF \ AC_ActiveX [1]. Htm
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ 4P6RS5MF \ i53b_line3 [1]. Gif
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ 4P6RS5MF \ CHEC [1]. Gif
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ WTAN0PYF \ i53b_icon1 [1]. Gif
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ WTAN0PYF \ ajax [1]. Htm
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ 4P6RS5MF \ i53b_btn-download [1]. Gif
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ ZLGK0BFB \ x [2]. Gif
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ CTY381ER \ CA3MKJZH.htm
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ WTAN0PYF \ i701_BG [1]. Jpg
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ W9AJSLIB \ i701_line1 [1]. Jpg
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ W9AJSLIB \ i701_brd-bot-1 [1]. Gif
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ WTAN0PYF \ i701_pc [1]. Jpg
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ 4P6RS5MF \ i53b_boton2 [1]. Gif
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ W9AJSLIB \ i53b_brd-bot-1 [1]. Gif
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ WTAN0PYF \ i701_bg4 [1]. Jpg
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ 4P6RS5MF \ managers [1]. Htm
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ 4P6RS5MF \ i53b_btn-updates [1]. Gif
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ W9AJSLIB \ managers [1]. Htm
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ UR2NQ1UR \ signalering [1]. Gif
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ WTAN0PYF \ flash [1]. JS
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ 4P6RS5MF \ i701_spacer [1]. Gif
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ AL6HK9M7 \ main_06 [1]. Gif
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ W9AJSLIB \ head_r_back [1]. Gif
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ LO76ZR17 \ schild [1]. Gif
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ WTAN0PYF \ i701_line3 [1]. Gif
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ CTY381ER \ i701_boton2 [1]. Gif
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ CTY381ER \ flash_detect [1]. Htm
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ M1Q5EV4X \ spelen [1]. JS
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ UR2NQ1UR \ main_10 [1]. Gif
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ M1Q5EV4X \ main_05 [1]. Gif
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ QX8BMXM5 \ cross [1]. Gif
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ G92ZKB2T \ main_07 [1]. Gif
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ EJ23EDUF \ CloseButton [1]. Gif
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ 8NKJEV4R \ main_03 [1]. Gif
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ CTY381ER \ ban_2 [1]. Swf
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ CTY381ER \ logo2 [1]. Gif
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ WTAN0PYF \ data [1]. Htm
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ LO76ZR17 \ off_back [1]. Gif
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ AL6HK9M7 \ download [1]. Gif
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ M1Q5EV4X \ main_04 [1]. Gif
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ W9AJSLIB \ popup [1]. Gif
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ CTY381ER \ left_3 [1]. Gif
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ QX8BMXM5 \ bottom_l_2 [1]. Gif
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ Z81HJ8WK \ right_2 [1]. Gif

Malwarebytes' Anti-Malware 1.10
Database versie: 592
Scan type: Volledige Scan (A: \ | C: \ | D: \ | E: \ | H: \ | I: \ | J: \ |)
Objecten gescand: 336027
Verstreken tijd: 1 hour (s), 8 minute (s), 1 second (s)
Geheugenprocessen geïnfecteerd: 5
Memory Modules Infected: 0
Registry Keys Infected: 10
Registerwaarden geïnfecteerd: 7
Registry Data Items Infected: 0
Folders Infected: 0
Geïnfecteerde bestanden: 11
Memory Processes Infected:
C: \ WINDOWS \ system32 \ drivers \ ctfmon.exe (Trojan.Agent) -> Unloaded process successfully.
C: \ WINDOWS \ system32 \ drivers \ ctfmon.exe (Trojan.Agent) -> Unloaded process successfully.
C: \ Documents and Settings \ Danny \ Local Settings \ Application Data \ spool.exe (Trojan.Agent) -> Unloaded process successfully.
C: \ Documents and Settings \ Danny \ Local Settings \ Application Data \ spool.exe (Trojan.Agent) -> Unloaded process successfully.
C: \ Documents and Settings \ Danny \ Local Settings \ Application Data \ spool.exe (Trojan.Agent) -> Unloaded process successfully.
Memory Modules Infected:
(Geen kwaadaardige items gedetecteerd)
Registry Keys Infected:
HKEY_LOCAL_MACHINE \ SYSTEM \ ControlSet001 \ Services \ s chedule (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE \ SYSTEM \ ControlSet002 \ Services \ s chedule (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Servic es \ schema (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER \ Software \ Microsoft \ affri (Malware.Trace) -> quarantaine en verwijderd.
HKEY_CURRENT_USER \ Software \ Microsoft \ affltid (Malware.Trace) -> quarantaine en verwijderd.
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ affltid (Malware.Trace) -> quarantaine en verwijderd.
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ affri (Malware.Trace) -> quarantaine en verwijderd.
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ MS Juan (Malware.Trace) -> quarantaine en verwijderd.
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ FCOVM (Trojan.Vundo) -> quarantaine en verwijderd.
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ RemoveRP (Trojan.Vundo) -> quarantaine en verwijderd.
Registry Values Infected:
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Run \ BMafb2445c (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Run \ CTFMON.EXE (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Run \ CTFMON.EXE (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_USERS \. DEFAULT \ SOFTWARE \ Microsoft \ Windows \ Cur rentVersion \ Run \ CTFMON.EXE (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_USERS \. DEFAULT \ SOFTWARE \ Microsoft \ Windows \ Cur rentVersion \ Run \ automatische toevoer (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Run \ automatische toevoer (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Run \ automatische toevoer (Trojan.Agent) -> Quarantined and deleted successfully.
Registry Data Items Infected:
(Geen kwaadaardige items gedetecteerd)
Folders Infected:
(Geen kwaadaardige items gedetecteerd)
Geïnfecteerde bestanden:
C: \ Documents and Settings \ LocalService \ Local Settings \ Temporary Internet Files \ Content.IE5 \ GHIJKLMN \ rondes [1]. Jpg (Trojan.Madcode) -> Quarantined and deleted successfully.
C: \ System Volume Information \ _restore (B4EDD13F-A6F1-41A1-814E-E5C94DDA45B5) \ RP8 \ A0002994.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C: \ WINDOWS \ system32 \ iupdate.exe (Trojan.Madcode) -> Quarantined and deleted successfully.
C: \ WINDOWS \ system32 \ kchkioor.dll (Trojan.Agent) -> Delete on reboot.
C: \ WINDOWS \ system32 \ drivers \ ctfmon.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C: \ WINDOWS \ system32 \ pac.txt (Malware.Trace) -> quarantaine en verwijderd.
C: \ WINDOWS \ system32 \ drivers \ spools.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C: \ Documents and Settings \ Danny \ cftmon.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C: \ Documents and Settings \ Roz \ Local Settings \ Application Data \ spool.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C: \ Documents and Settings \ LocalService \ Local Settings \ Application Data \ spool.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C: \ Documents and Settings \ Danny \ Local Settings \ Application Data \ spool.exe (Trojan.Agent) -> Quarantined and deleted successfully.

Logbestand van Trend Micro HijackThis v2.0.2
Scan saved at 08:45:34, op 05/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Draaiende processen:
C: \ WINDOWS \ System32 \ Smss.exe
C: \ WINDOWS \ system32 \ winlogon.exe
C: \ WINDOWS \ system32 \ Services.exe
C: \ WINDOWS \ system32 \ lsass.exe
C: \ WINDOWS \ system32 \ Ati2evxx.exe
C: \ WINDOWS \ system32 \ svchost.exe
C: \ WINDOWS \ System32 \ svchost.exe
C: \ WINDOWS \ system32 \ Ati2evxx.exe
C: \ WINDOWS \ system32 \ Spoolsv.exe
C: \ WINDOWS \ explorer.exe
C: \ Program Files \ AMD \ RAIDXpert \ jetty \ extra \ win32 \ Wrapper.exe
C: \ Program Files \ Common Files \ Apple \ Mobile Device Support \ bin \ AppleMobileDeviceService.exe
C: \ Program Files \ Grisoft \ AVG Anti-Spyware 7.5 \ guard.exe
C: \ Program Files \ AMD \ RAIDXpert \ _jvm \ bin \ java.exe
C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgamsvr.exe
C: \ WINDOWS \ system32 \ Rundll32.exe
C: \ Program Files \ btbb_wcm \ McciTrayApp.exe
C: \ PROGRA ~ 1 \ Yahoo! \ Browser \ ybrwicon.exe
C: \ Program Files \ HP \ HP Software Update \ HPWuSchd2.exe
C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgupsvc.exe
C: \ Program Files \ MediaLife \ MediaLifeService.exe
C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgemc.exe
C: \ WINDOWS \ Samsung \ LaserSMMgr \ ssmmgr.exe
C: \ PROGRA ~ 1 \ Yahoo! \ YOP \ yop.exe
C: \ PROGRA ~ 1 \ Yahoo! \ Browser \ ycommon.exe
C: \ Program Files \ SPAMfighter \ SFAgent.exe
C: \ Program Files \ BT Broadband Desktop Help \ bin \ BTHelpNotifier.exe
C: \ Program Files \ Bonjour \ mDNSResponder.exe
C: \ Program Files \ Google \ Common \ Google Updater \ GoogleUpdaterService.exe
C: \ Program Files \ SPAMfighter \ sfus.exe
C: \ Program Files \ ATI Technologies \ ATI.ACE \ Core-Static \ MOM.EXE
C: \ WINDOWS \ system32 \ svchost.exe
C: \ WINDOWS \ system32 \ spool \ drivers \ w32x86 \ 3 \ hpztsb0 4.exe
C: \ WINDOWS \ System32 \ wltrysvc.exe
C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgcc.exe
C: \ PROGRA ~ 1 \ MI948F ~ 1 \ GAMECO ~ 1 \ Common \ SWTrayV4.exe
C: \ WINDOWS \ System32 \ bcmwltry.exe
C: \ Program Files \ iTunes \ iTunesHelper.exe
C: \ Program Files \ Microsoft IntelliType Pro \ itype.exe
C: \ Program Files \ Microsoft IntelliPoint \ ipoint.exe
C: \ Program Files \ Grisoft \ AVG Anti-Spyware 7.5 \ avgas.exe
C: \ Program Files \ Microsoft IntelliType Pro \ dpupdchk.exe
C: \ Program Files \ Java \ jre1.6.0_05 \ bin \ jusched.exe
C: \ WINDOWS \ system32 \ Ctfmon.exe
C: \ Program Files \ Google \ GoogleToolbarNotifier \ GoogleToolbarNo tifier.exe
C: \ Program Files \ DNA \ btdna.exe
C: \ Program Files \ Messenger \ msmsgs.exe
C: \ PROGRA ~ 1 \ Yahoo! \ YOP \ SSDK02.exe
C: \ Program Files \ SUPERAntiSpyware \ SUPERAntiSpyware.exe
C: \ WINDOWS \ system32 \ msiexec.exe
C: \ Program Files \ iPod \ bin \ iPodService.exe
C: \ Program Files \ HP \ Digital Imaging \ bin \ hpqtra08.exe
C: \ Program Files \ NETGEAR WG311v2 Adapter \ wlancfg5.exe
C: \ Program Files \ BT Broadband Desktop Help \ bin \ mpbtn.exe
C: \ WINDOWS \ System32 \ svchost.exe
C: \ Program Files \ Java \ jre1.6.0_05 \ bin \ javaw.exe
C: \ WINDOWS \ system32 \ wuauclt.exe
C: \ WINDOWS \ system32 \ wuauclt.exe
C: \ Program Files \ ATI Technologies \ ATI.ACE \ Core-Static \ ccc.exe
C: \ Program Files \ Internet Explorer \ iexplore.exe
C: \ Program Files \ Trend Micro \ HijackThis \ HijackThis.exe
R0 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Start Page = http://news.bbc.co.uk/sport1/hi/football/default.stm
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Search Bar = http://uk.red.clientapps.yahoo.com/c...o/bt_side.html
R1 - HKLM \ Software \ Microsoft \ Windows \ CurrentVersion \ Int ernet Settings, ProxyOverride = 127.0.0.1; *. lokale
R3 - URLSearchHook: Yahoo! Toolbar - (EF99BD32-C1FB-11D2-892F-0090271D4F88) - C: \ Program Files \ Yahoo! \ Companion \ installs \ cpn0 \ yt.dll
O2 - BHO: (geen naam) - (3CAB59B4-55A3-4737-9FD5-B93C6430BF75) - C: \ WINDOWS \ system32 \ sjmxcfmu.dll
O2 - BHO: SSVHelper Class - (761497BB-D6F0-462C-B6EB-D4DAF1D92D43) - C: \ Program Files \ Java \ jre1.6.0_05 \ bin \ ssv.dll
O3 - Toolbar: Yahoo! Toolbar - (EF99BD32-C1FB-11D2-892F-0090271D4F88) - C: \ Program Files \ Yahoo! \ Companion \ installs \ cpn0 \ yt.dll
O3 - Toolbar: & Google - (2318C2B1-4965-11D4-9B18-009027A5CD4F) - c: \ Program Files \ Google \ googletoolbar1.dll
O3 - Toolbar: Ask Toolbar - (F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA) - C: \ Program Files \ AskSBar \ bar \ 1.bin \ ASKSBAR.DLL
O4 - HKLM \ .. \ Run: [C6501Sound] RunDll32 c6501.cpl, jusched.exe
O4 - HKLM \ .. \ Run: [btbb_wcm_McciTrayApp] C: \ Program Files \ btbb_wcm \ McciTrayApp.exe
O4 - HKLM \ .. \ Run: [YBrowser] C: \ PROGRA ~ 1 \ Yahoo! \ Browser \ ybrwicon.exe
O4 - HKLM \ .. \ Run: [HPHUPD08] C: \ Program Files \ HP \ Digital Imaging \ (33D6CC28-9F75-4d1b-A11D-98895B3A3729) \ hphupd08.exe
O4 - HKLM \ .. \ Run: [HP Software Update] C: \ Program Files \ HP \ HP Software Update \ HPWuSchd2.exe
O4 - HKLM \ .. \ Run: [MediaLifeService] "C: \ Program Files \ MediaLife \ MediaLifeService.exe"
O4 - HKLM \ .. \ Run: [Samsung LBP SM] "C: \ WINDOWS \ Samsung \ LaserSMMgr \ ssmmgr.exe" / autorun
O4 - HKLM \ .. \ Run: [YOP] C: \ PROGRA ~ 1 \ Yahoo! \ YOP \ yop.exe / autostart
O4 - HKLM \ .. \ Run: [SPAMfighter Agent] "C: \ Program Files \ SPAMfighter \ SFAgent.exe" update vertraging 60
O4 - HKLM \ .. \ Run: [btbb_McciTrayApp] C: \ Program Files \ BT Broadband Desktop Help \ bin \ BTHelpNotifier.exe
O4 - HKLM \ .. \ Run: [StartCCC] "C: \ Program Files \ ATI Technologies \ ATI.ACE \ Core-Static \ CLIStart.exe"
O4 - HKLM \ .. \ Run: [amd_dc_opt] C: \ Program Files \ AMD \ Dual-Core Optimizer \ amd_dc_opt.exe
O4 - HKLM \ .. \ Run: [HPDJ Taskbar Utility] C: \ WINDOWS \ system32 \ spool \ drivers \ w32x86 \ 3 \ hpztsb0 4.exe
O4 - HKLM \ .. \ Run: [AVG7_CC] C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgcc.exe / STARTUP
O4 - HKLM \ .. \ Run: [SideWinderTrayV4] "C: \ PROGRA ~ 1 \ MI948F ~ 1 \ GAMECO ~ 1 \ Common \ SWTrayV4.exe
O4 - HKLM \ .. \ Run: [QuickTime Task] "C: \ Program Files \ QuickTime \ qttask.exe"-atboottime
O4 - HKLM \ .. \ Run: [iTunesHelper] "C: \ Program Files \ iTunes \ iTunesHelper.exe"
O4 - HKLM \ .. \ Run: [itype] "C: \ Program Files \ Microsoft IntelliType Pro \ itype.exe"
O4 - HKLM \ .. \ Run: [IntelliPoint] "C: \ Program Files \ Microsoft IntelliPoint \ ipoint.exe"
O4 - HKLM \ .. \ Run: [! AVG Anti-Spyware] "C: \ Program Files \ Grisoft \ AVG Anti-Spyware 7.5 \ avgas.exe" / geminimaliseerd
O4 - HKLM \ .. \ Run: [SunJavaUpdateSched] "C: \ Program Files \ Java \ jre1.6.0_05 \ bin \ jusched.exe"
O4 - HKCU \ .. \ Run: [Ctfmon.exe] C: \ WINDOWS \ system32 \ Ctfmon.exe
O4 - HKCU \ .. \ Run: [SWG] C: \ Program Files \ Google \ GoogleToolbarNotifier \ GoogleToolbarNo tifier.exe
O4 - HKCU \ .. \ Run: [BitTorrent DNA] "C: \ Program Files \ DNA \ btdna.exe"
O4 - HKCU \ .. \ Run: [msmsgs] "C: \ Program Files \ Messenger \ msmsgs.exe" / achtergrond
O4 - HKCU \ .. \ Run: [SUPERAntiSpyware] C: \ Program Files \ SUPERAntiSpyware \ SUPERAntiSpyware.exe
O4 - HKUS \ S-1-5-19 \ .. \ Run: [Ctfmon.exe] C: \ WINDOWS \ system32 \ Ctfmon.exe (User 'LOCAL SERVICE')
O4 - HKUS \ S-1-5-19 \ .. \ Run: [AVG7_Run] C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgw.exe / RunOnce (User 'LOCAL SERVICE')
O4 - HKUS \ S-1-5-20 \ .. \ Run: [Ctfmon.exe] C: \ WINDOWS \ system32 \ Ctfmon.exe (User 'NETWORK SERVICE')
O4 - HKUS \ S-1-5-18 \ .. \ Run: [Ctfmon.exe] C: \ WINDOWS \ system32 \ Ctfmon.exe (User 'SYSTEM')
O4 - HKUS \. DEFAULT \ .. \ Run: [Ctfmon.exe] C: \ WINDOWS \ system32 \ Ctfmon.exe (User 'Default user')
O4 - Startup: MP3 Rocket (geminimaliseerd). Lnk = C: \ Program Files \ MP3 Rocket \ MP3Rocket.exe
O4 - Global Startup: BT Broadband Desktop Help.lnk = "C: \ Program Files \ BT Broadband Desktop Help \ bin \ matcli.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C: \ Program Files \ HP \ Digital Imaging \ bin \ hpqtra08.exe
O4 - Global Startup: NETGEAR WG311v2 Smart Configuration.lnk = "C: \ Program Files \ NETGEAR WG311v2 Adapter \ wlancfg5.exe
O8 - Extra context menu item: & Clean Traces - C: \ Program Files \ DAP \ Privacy Package \ dapcleanerie.htm
O8 - Extra context menu item: & Download met & DAP - C: \ Program Files \ DAP \ dapextie.htm
O8 - Extra context menu item: Download & allemaal met DAP - C: \ Program Files \ DAP \ dapextie2.htm
O9 - Extra button: (geen naam) - (08B0E5C0-4FCB-11CF-AAA5-00401C608501) - C: \ Program Files \ Java \ jre1.6.0_05 \ bin \ ssv.dll
O9 - Extra 'Tools' MENUITEM: Sun Java Console - (08B0E5C0-4FCB-11CF-AAA5-00401C608501) - C: \ Program Files \ Java \ jre1.6.0_05 \ bin \ ssv.dll
O9 - Extra button: BT Yahoo! Services - (5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897) - C: \ PROGRA ~ 1 \ Yahoo! \ Common \ yiesrvc.dll
O9 - Extra button: Messenger - (FB5F1910-F110-11d2-BB9E-00C04F795683) - C: \ Program Files \ Messenger \ msmsgs.exe
O9 - Extra 'Tools' MENUITEM: Windows Messenger - (FB5F1910-F110-11d2-BB9E-00C04F795683) - C: \ Program Files \ Messenger \ msmsgs.exe
O16 - DPF: (17492023-C23A-453E-A040-C7C580BBF700) (Windows Genuine Advantage Validation Tool) -- http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: (30528230-99f7-4bb4-88d8-fa1d4f56a2ab) (Installation Support) - C: \ Program Files \ Yahoo! \ Common \ Yinsthelper20073151.dll
O16 - DPF: (6F15128C-E66A-490C-B848-5000B5ABEEAC) (HP Download Manager) -- https: / / h20436.www2.hp.com/ediags/de...e/HPDEXAXO.cab
O16 - DPF: (BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B) (Zylom Games Player) -- http://game07.zylom.com/activex/zylomgamesplayer.cab
O16 - DPF: (D27CDB6E-AE6D-11CF-96B8-444553540000) (Shockwave Flash Object) -- http://fpdownload2.macromedia.com/ge...nt/swflash.cab
O20 - Winlogon Notify:! SASWinLogon - C: \ Program Files \ SUPERAntiSpyware \ SASWINLO.dll
O20 - Winlogon Notify: tuvsqpq - tuvsqpq.dll (bestand ontbreekt)
O20 - Winlogon Notify: yaywuvw - yaywuvw.dll (bestand ontbreekt)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C: \ Program Files \ Lavasoft \ Ad-Aware 2007 \ aawservice.exe
O23 - Service: AMD RAIDXpert (AMDRAIDXpert) - Unknown owner - C: \ Program Files \ AMD \ RAIDXpert \ jetty \ extra \ win32 \ Wrapper.exe
O23 - Service: Apple Mobile Device - Apple, Inc - C: \ Program Files \ Common Files \ Apple \ Mobile Device Support \ bin \ AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc - C: \ WINDOWS \ system32 \ Ati2evxx.exe
O23 - Service: ATI Smart - Onbekende eigenaar - C: \ WINDOWS \ system32 \ ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - Grisoft sro - C: \ Program Files \ Grisoft \ AVG Anti-Spyware 7.5 \ guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - Grisoft, sro - C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - Grisoft, sro - C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - Grisoft, sro - C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgemc.exe
O23 - Service: Bonjour Service - Apple Inc - C: \ Program Files \ Bonjour \ mDNSResponder.exe
O23 - Service: Google Updater Service (gusvc) - Google - C: \ Program Files \ Google \ Common \ Google Updater \ GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C: \ Program Files \ Common Files \ InstallShield \ Driver \ 11 \ Intel 32 \ IDriverT.exe
O23 - Service: iPod Service - Apple Inc - C: \ Program Files \ iPod \ bin \ iPodService.exe
O23 - Service: PML Driver HPZ12 - Onbekende eigenaar - C: \ WINDOWS \ system32 \ HPZipm12.exe (ontbreekt)
O23 - Service: SPAMfighter Update Service - SPAMfighter ApS - C: \ Program Files \ SPAMfighter \ sfus.exe
O23 - Service: WLTRYSVC - Unknown owner - C: \ WINDOWS \ System32 \ wltrysvc.exe
O23 - Service: YPCService - Yahoo! Inc - C: \ WINDOWS \ system32 \ YPCSER ~ 1.exe
--
End of file - 10856 bytes

Many thanks

**evilfantasy** · #7 5 april 2008, 01:27

Het lijkt erop dat er een hoop verwijderd, er zijn nog steeds twijfelachtig vermeldingen in de HijackThis log dus moeten we een aantal verschillende instrumenten lopen.

Downloaden Vundofix.exe op uw bureaublad.

Dubbelklik op VundoFix.exe om het uit te voeren.
Wanneer VundoFix opent, klikt u op de Scannen op Vundo knop.
Zodra dit is gebeurd scannen, klikt u op de Verwijder Vundo knop.
U ontvangt een snelle vraag of u wilt verwijderen van de bestanden, klikt u op JA
Zodra u klikt op ja, je desktop gaan leeg als het begint te verwijderen Vundo.
Bij voltooiing zal prompt dat het afsluiten van de computer, klikt u op OK.
Zet de computer weer aan.
Please post de inhoud van C: \vundofix.txt en een nieuwe HijackThis log.

Opmerking: Het is mogelijk dat VundoFix een bestand zich niet kon verwijderen. In dit geval zal VundoFix draaien op reboot, volgt u de bovenstaande instructies vanaf "Klik op de scan voor Vundo knop" wanneer VundoFix verschijnt reboot.

Laat Vundo afwerking, soms kan het meerdere doorgangen

----------

Downloaden SDFix.exe en sla het op uw bureaublad.

Dubbelklik op SDFix.exe en het zal extract de bestanden naar% systemdrive%
(Station met de Windows-map, meestal C: \ SDFix)

Gelieve vervolgens herstart uw computer in Veilige modus door het doen van de volgende:

Herstart uw computer
Gehoord computer pieptoon eenmaal tijdens het opstarten, maar voordat het Windows-pictogram verschijnt, tikt u op de F8-toets voortdurend;
In plaats van Windows laden als normaal, het menu Geavanceerde opties wordt weergegeven;
Selecteer de eerste optie om Windows in de Veilige modus en druk vervolgens op Voer.
Kies uw normale account.
Open de uitgepakte SDFix map en dubbelklik RunThis.bat om te beginnen met het script.
Type Y om te beginnen met de schoonmaak proces.
Het verwijdert alle Trojan Services en registervermeldingen die zij constateert vervolgens prompt u drukt op een toets om opnieuw op te starten.
Druk op een toets en het herstarten van de pc.
Wanneer de pc opnieuw is de Fixtool loopt weer en het verwijderen te voltooien vervolgens elkaar AfgewerktDruk op een willekeurige toets om het script en laadt uw bureaublad pictogrammen.
Zodra de bureaubladpictogrammen laadt de SDFix verslag zal openen op het scherm en ook opslaan in de SDFix map als Report.txt
(Report.txt zal ook worden gekopieerd naar klembord).
Ten slotte voeg de inhoud van de Report.txt in je volgende post.

----------

Start nu een nieuwe HijackThis scan en post veel log samen met de anderen.

Ook laat het me weten hoe de zaken nu staan.

**RB211** · #8 5 april 2008, 02:23

OK volgende twee.

VundoFix V7.0.3
Scan started at 10:07:05 05/04/2008
Aanbiedings bestanden gevonden tijdens het scannen van ....
C: \ WINDOWS \ system32 \ anthkpru.dll
Begin verwijderen ...
Proberen te verwijderen C: \ WINDOWS \ system32 \ anthkpru.dll
C: \ WINDOWS \ system32 \ anthkpru.dll is verwijderd!
Het uitvoeren van Reparaties aan het register.
Gedaan!

Logbestand van Trend Micro HijackThis v2.0.2
Scan saved at 10:18:53, op 05/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Draaiende processen:
C: \ WINDOWS \ System32 \ Smss.exe
C: \ WINDOWS \ system32 \ winlogon.exe
C: \ WINDOWS \ system32 \ Services.exe
C: \ WINDOWS \ system32 \ lsass.exe
C: \ WINDOWS \ system32 \ Ati2evxx.exe
C: \ WINDOWS \ system32 \ svchost.exe
C: \ WINDOWS \ System32 \ svchost.exe
C: \ WINDOWS \ system32 \ Ati2evxx.exe
C: \ WINDOWS \ system32 \ Spoolsv.exe
C: \ WINDOWS \ explorer.exe
C: \ Program Files \ AMD \ RAIDXpert \ jetty \ extra \ win32 \ Wrapper.exe
C: \ Program Files \ Common Files \ Apple \ Mobile Device Support \ bin \ AppleMobileDeviceService.exe
C: \ Program Files \ Grisoft \ AVG Anti-Spyware 7.5 \ guard.exe
C: \ Program Files \ AMD \ RAIDXpert \ _jvm \ bin \ java.exe
C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgamsvr.exe
C: \ WINDOWS \ system32 \ Rundll32.exe
C: \ Program Files \ btbb_wcm \ McciTrayApp.exe
C: \ PROGRA ~ 1 \ Yahoo! \ Browser \ ybrwicon.exe
C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgupsvc.exe
C: \ Program Files \ HP \ HP Software Update \ HPWuSchd2.exe
C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgemc.exe
C: \ Program Files \ MediaLife \ MediaLifeService.exe
C: \ PROGRA ~ 1 \ Yahoo! \ Browser \ ycommon.exe
C: \ WINDOWS \ Samsung \ LaserSMMgr \ ssmmgr.exe
C: \ Program Files \ Bonjour \ mDNSResponder.exe
C: \ PROGRA ~ 1 \ Yahoo! \ YOP \ yop.exe
C: \ Program Files \ Google \ Common \ Google Updater \ GoogleUpdaterService.exe
C: \ Program Files \ SPAMfighter \ SFAgent.exe
C: \ Program Files \ SPAMfighter \ sfus.exe
C: \ WINDOWS \ system32 \ svchost.exe
C: \ WINDOWS \ System32 \ wltrysvc.exe
C: \ WINDOWS \ System32 \ bcmwltry.exe
C: \ Program Files \ BT Broadband Desktop Help \ bin \ BTHelpNotifier.exe
C: \ Program Files \ ATI Technologies \ ATI.ACE \ Core-Static \ MOM.EXE
C: \ WINDOWS \ system32 \ spool \ drivers \ w32x86 \ 3 \ hpztsb0 4.exe
C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgcc.exe
C: \ PROGRA ~ 1 \ MI948F ~ 1 \ GAMECO ~ 1 \ Common \ SWTrayV4.exe
C: \ Program Files \ Microsoft IntelliType Pro \ itype.exe
C: \ Program Files \ Microsoft IntelliPoint \ ipoint.exe
C: \ Program Files \ Microsoft IntelliPoint \ dpupdchk.exe
C: \ Program Files \ Grisoft \ AVG Anti-Spyware 7.5 \ avgas.exe
C: \ Program Files \ Java \ jre1.6.0_05 \ bin \ jusched.exe
C: \ PROGRA ~ 1 \ Yahoo! \ YOP \ SSDK02.exe
C: \ Program Files \ iTunes \ iTunesHelper.exe
C: \ WINDOWS \ system32 \ Ctfmon.exe
C: \ Program Files \ Google \ GoogleToolbarNotifier \ GoogleToolbarNo tifier.exe
C: \ Program Files \ DNA \ btdna.exe
C: \ WINDOWS \ system32 \ msiexec.exe
C: \ Program Files \ iPod \ bin \ iPodService.exe
C: \ Program Files \ Messenger \ msmsgs.exe
C: \ Program Files \ SUPERAntiSpyware \ SUPERAntiSpyware.exe
C: \ Program Files \ ATI Technologies \ ATI.ACE \ Core-Static \ ccc.exe
C: \ Program Files \ HP \ Digital Imaging \ bin \ hpqtra08.exe
C: \ WINDOWS \ System32 \ svchost.exe
C: \ Program Files \ BT Broadband Desktop Help \ bin \ mpbtn.exe
C: \ Program Files \ NETGEAR WG311v2 Adapter \ wlancfg5.exe
C: \ Program Files \ Java \ jre1.6.0_05 \ bin \ javaw.exe
C: \ WINDOWS \ system32 \ wuauclt.exe
C: \ Program Files \ Internet Explorer \ iexplore.exe
C: \ WINDOWS \ system32 \ wuauclt.exe
C: \ Program Files \ Trend Micro \ HijackThis \ HijackThis.exe
R0 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Start Page = http://news.bbc.co.uk/sport1/hi/football/default.stm
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Search Bar = http://uk.red.clientapps.yahoo.com/c...o/bt_side.html
R1 - HKLM \ Software \ Microsoft \ Windows \ CurrentVersion \ Int ernet Settings, ProxyOverride = 127.0.0.1; *. lokale
R3 - URLSearchHook: Yahoo! Toolbar - (EF99BD32-C1FB-11D2-892F-0090271D4F88) - C: \ Program Files \ Yahoo! \ Companion \ installs \ cpn0 \ yt.dll
O2 - BHO: (geen naam) - (3CAB59B4-55A3-4737-9FD5-B93C6430BF75) - C: \ WINDOWS \ system32 \ sjmxcfmu.dll
O2 - BHO: SSVHelper Class - (761497BB-D6F0-462C-B6EB-D4DAF1D92D43) - C: \ Program Files \ Java \ jre1.6.0_05 \ bin \ ssv.dll
O3 - Toolbar: Yahoo! Toolbar - (EF99BD32-C1FB-11D2-892F-0090271D4F88) - C: \ Program Files \ Yahoo! \ Companion \ installs \ cpn0 \ yt.dll
O3 - Toolbar: & Google - (2318C2B1-4965-11D4-9B18-009027A5CD4F) - c: \ Program Files \ Google \ googletoolbar1.dll
O3 - Toolbar: Ask Toolbar - (F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA) - C: \ Program Files \ AskSBar \ bar \ 1.bin \ ASKSBAR.DLL
O4 - HKLM \ .. \ Run: [C6501Sound] RunDll32 c6501.cpl, jusched.exe
O4 - HKLM \ .. \ Run: [btbb_wcm_McciTrayApp] C: \ Program Files \ btbb_wcm \ McciTrayApp.exe
O4 - HKLM \ .. \ Run: [YBrowser] C: \ PROGRA ~ 1 \ Yahoo! \ Browser \ ybrwicon.exe
O4 - HKLM \ .. \ Run: [HPHUPD08] C: \ Program Files \ HP \ Digital Imaging \ (33D6CC28-9F75-4d1b-A11D-98895B3A3729) \ hphupd08.exe
O4 - HKLM \ .. \ Run: [HP Software Update] C: \ Program Files \ HP \ HP Software Update \ HPWuSchd2.exe
O4 - HKLM \ .. \ Run: [MediaLifeService] "C: \ Program Files \ MediaLife \ MediaLifeService.exe"
O4 - HKLM \ .. \ Run: [Samsung LBP SM] "C: \ WINDOWS \ Samsung \ LaserSMMgr \ ssmmgr.exe" / autorun
O4 - HKLM \ .. \ Run: [YOP] C: \ PROGRA ~ 1 \ Yahoo! \ YOP \ yop.exe / autostart
O4 - HKLM \ .. \ Run: [SPAMfighter Agent] "C: \ Program Files \ SPAMfighter \ SFAgent.exe" update vertraging 60
O4 - HKLM \ .. \ Run: [btbb_McciTrayApp] C: \ Program Files \ BT Broadband Desktop Help \ bin \ BTHelpNotifier.exe
O4 - HKLM \ .. \ Run: [StartCCC] "C: \ Program Files \ ATI Technologies \ ATI.ACE \ Core-Static \ CLIStart.exe"
O4 - HKLM \ .. \ Run: [amd_dc_opt] C: \ Program Files \ AMD \ Dual-Core Optimizer \ amd_dc_opt.exe
O4 - HKLM \ .. \ Run: [HPDJ Taskbar Utility] C: \ WINDOWS \ system32 \ spool \ drivers \ w32x86 \ 3 \ hpztsb0 4.exe
O4 - HKLM \ .. \ Run: [AVG7_CC] C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgcc.exe / STARTUP
O4 - HKLM \ .. \ Run: [SideWinderTrayV4] "C: \ PROGRA ~ 1 \ MI948F ~ 1 \ GAMECO ~ 1 \ Common \ SWTrayV4.exe
O4 - HKLM \ .. \ Run: [itype] "C: \ Program Files \ Microsoft IntelliType Pro \ itype.exe"
O4 - HKLM \ .. \ Run: [IntelliPoint] "C: \ Program Files \ Microsoft IntelliPoint \ ipoint.exe"
O4 - HKLM \ .. \ Run: [! AVG Anti-Spyware] "C: \ Program Files \ Grisoft \ AVG Anti-Spyware 7.5 \ avgas.exe" / geminimaliseerd
O4 - HKLM \ .. \ Run: [SunJavaUpdateSched] "C: \ Program Files \ Java \ jre1.6.0_05 \ bin \ jusched.exe"
O4 - HKLM \ .. \ Run: [QuickTime Task] "C: \ Program Files \ QuickTime \ QTTask.exe"-atboottime
O4 - HKLM \ .. \ Run: [iTunesHelper] "C: \ Program Files \ iTunes \ iTunesHelper.exe"
O4 - HKCU \ .. \ Run: [Ctfmon.exe] C: \ WINDOWS \ system32 \ Ctfmon.exe
O4 - HKCU \ .. \ Run: [SWG] C: \ Program Files \ Google \ GoogleToolbarNotifier \ GoogleToolbarNo tifier.exe
O4 - HKCU \ .. \ Run: [BitTorrent DNA] "C: \ Program Files \ DNA \ btdna.exe"
O4 - HKCU \ .. \ Run: [msmsgs] "C: \ Program Files \ Messenger \ msmsgs.exe" / achtergrond
O4 - HKCU \ .. \ Run: [SUPERAntiSpyware] C: \ Program Files \ SUPERAntiSpyware \ SUPERAntiSpyware.exe
O4 - HKUS \ S-1-5-19 \ .. \ Run: [Ctfmon.exe] C: \ WINDOWS \ system32 \ Ctfmon.exe (User 'LOCAL SERVICE')
O4 - HKUS \ S-1-5-19 \ .. \ Run: [AVG7_Run] C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgw.exe / RunOnce (User 'LOCAL SERVICE')
O4 - HKUS \ S-1-5-20 \ .. \ Run: [Ctfmon.exe] C: \ WINDOWS \ system32 \ Ctfmon.exe (User 'NETWORK SERVICE')
O4 - HKUS \ S-1-5-18 \ .. \ Run: [Ctfmon.exe] C: \ WINDOWS \ system32 \ Ctfmon.exe (User 'SYSTEM')
O4 - HKUS \. DEFAULT \ .. \ Run: [Ctfmon.exe] C: \ WINDOWS \ system32 \ Ctfmon.exe (User 'Default user')
O4 - Startup: MP3 Rocket (geminimaliseerd). Lnk = C: \ Program Files \ MP3 Rocket \ MP3Rocket.exe
O4 - Global Startup: BT Broadband Desktop Help.lnk = "C: \ Program Files \ BT Broadband Desktop Help \ bin \ matcli.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C: \ Program Files \ HP \ Digital Imaging \ bin \ hpqtra08.exe
O4 - Global Startup: NETGEAR WG311v2 Smart Configuration.lnk = "C: \ Program Files \ NETGEAR WG311v2 Adapter \ wlancfg5.exe
O8 - Extra context menu item: & Clean Traces - C: \ Program Files \ DAP \ Privacy Package \ dapcleanerie.htm
O8 - Extra context menu item: & Download met & DAP - C: \ Program Files \ DAP \ dapextie.htm
O8 - Extra context menu item: Download & allemaal met DAP - C: \ Program Files \ DAP \ dapextie2.htm
O9 - Extra button: (geen naam) - (08B0E5C0-4FCB-11CF-AAA5-00401C608501) - C: \ Program Files \ Java \ jre1.6.0_05 \ bin \ ssv.dll
O9 - Extra 'Tools' MENUITEM: Sun Java Console - (08B0E5C0-4FCB-11CF-AAA5-00401C608501) - C: \ Program Files \ Java \ jre1.6.0_05 \ bin \ ssv.dll
O9 - Extra button: BT Yahoo! Services - (5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897) - C: \ PROGRA ~ 1 \ Yahoo! \ Common \ yiesrvc.dll
O9 - Extra button: Messenger - (FB5F1910-F110-11d2-BB9E-00C04F795683) - C: \ Program Files \ Messenger \ msmsgs.exe
O9 - Extra 'Tools' MENUITEM: Windows Messenger - (FB5F1910-F110-11d2-BB9E-00C04F795683) - C: \ Program Files \ Messenger \ msmsgs.exe
O16 - DPF: (17492023-C23A-453E-A040-C7C580BBF700) (Windows Genuine Advantage Validation Tool) -- http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: (30528230-99f7-4bb4-88d8-fa1d4f56a2ab) (Installation Support) - C: \ Program Files \ Yahoo! \ Common \ Yinsthelper20073151.dll
O16 - DPF: (6F15128C-E66A-490C-B848-5000B5ABEEAC) (HP Download Manager) -- https: / / h20436.www2.hp.com/ediags/de...e/HPDEXAXO.cab
O16 - DPF: (BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B) (Zylom Games Player) -- http://game07.zylom.com/activex/zylomgamesplayer.cab
O16 - DPF: (D27CDB6E-AE6D-11CF-96B8-444553540000) (Shockwave Flash Object) -- http://fpdownload2.macromedia.com/ge...nt/swflash.cab
O20 - Winlogon Notify:! SASWinLogon - C: \ Program Files \ SUPERAntiSpyware \ SASWINLO.dll
O20 - Winlogon Notify: tuvsqpq - tuvsqpq.dll (bestand ontbreekt)
O20 - Winlogon Notify: yaywuvw - yaywuvw.dll (bestand ontbreekt)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C: \ Program Files \ Lavasoft \ Ad-Aware 2007 \ aawservice.exe
O23 - Service: AMD RAIDXpert (AMDRAIDXpert) - Unknown owner - C: \ Program Files \ AMD \ RAIDXpert \ jetty \ extra \ win32 \ Wrapper.exe
O23 - Service: Apple Mobile Device - Apple, Inc - C: \ Program Files \ Common Files \ Apple \ Mobile Device Support \ bin \ AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc - C: \ WINDOWS \ system32 \ Ati2evxx.exe
O23 - Service: ATI Smart - Onbekende eigenaar - C: \ WINDOWS \ system32 \ ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - Grisoft sro - C: \ Program Files \ Grisoft \ AVG Anti-Spyware 7.5 \ guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - Grisoft, sro - C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - Grisoft, sro - C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - Grisoft, sro - C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgemc.exe
O23 - Service: Bonjour Service - Apple Inc - C: \ Program Files \ Bonjour \ mDNSResponder.exe
O23 - Service: Google Updater Service (gusvc) - Google - C: \ Program Files \ Google \ Common \ Google Updater \ GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C: \ Program Files \ Common Files \ InstallShield \ Driver \ 11 \ Intel 32 \ IDriverT.exe
O23 - Service: iPod Service - Apple Inc - C: \ Program Files \ iPod \ bin \ iPodService.exe
O23 - Service: PML Driver HPZ12 - Onbekende eigenaar - C: \ WINDOWS \ system32 \ HPZipm12.exe (ontbreekt)
O23 - Service: SPAMfighter Update Service - SPAMfighter ApS - C: \ Program Files \ SPAMfighter \ sfus.exe
O23 - Service: WLTRYSVC - Unknown owner - C: \ WINDOWS \ System32 \ wltrysvc.exe
O23 - Service: YPCService - Yahoo! Inc - C: \ WINDOWS \ system32 \ YPCSER ~ 1.exe
--
End of file - 10853 bytes

**evilfantasy** · #9 5 april 2008, 02:36

SDFix log?

**RB211** · #10 5 april 2008, 02:51

OK SDFix en laatste sniper:

Sante

SDFix: Version 1.166
Geleid door Danny op 05/04/2008 om 10:38
Microsoft Windows XP [Version 5.1.2600]
Running From: C: \ SDFix \ SDFix
Controle Services :

Herstel Windows-register Waarden
Herstel Windows Default Hosts File
Rebooten

Controle Files :
Trojan Files Gevonden:
C: \ WINDOWS \ Temp \ 1852.tmp.lst - Deleted
C: \ WINDOWS \ Temp \ 2723.tmp.lst - Deleted
C: \ WINDOWS \ Temp \ 2F76.tmp.lst - Deleted
C: \ WINDOWS \ Temp \ 541A.tmp.lst - Deleted
C: \ WINDOWS \ Temp \ 580D.tmp.lst - Deleted
C: \ WINDOWS \ Temp \ 6E54.tmp.lst - Deleted
C: \ WINDOWS \ fetchuserid.exe - Deleted

Map C: \ Program Files \ drmupgds - Removed

Het verwijderen van tijdelijke bestanden
ADS Check :

Final Check :
CatchMe 0.3.1344.2 W2K/XP/Vista - rootkit / stealth malware detector, Gmer, http://www.gmer.net
Rootkit scan 2008-04-05 10:44:19
Windows 5.1.2600 Service Pack 2 NTFS
het scannen van verborgen processen ...
scanning hidden services & systeemcomponent ...
scanning hidden registry entries ...
het scannen van verborgen bestanden ...
scannen is voltooid
verborgen processen: 0
verborgen diensten: 0
verborgen bestanden: 0

Overige diensten :

Authorized Application Key Export:
[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Servic es \ SharedAccess \ Parameters \ firewallpolicy \ standaard profiel \ authorizedapplications \ list]
"C: \ \ Program Files \ \ BitTorrent \ \ bittorrent.exe" = "C: \ \ Program Files \ \ BitTorrent \ \ bittorrent.exe: *: Enabled: BitTor huur"
"C: \ \ Program Files \ \ DNA \ \ btdna.exe" = "C: \ \ Program Files \ \ DNA \ \ btdna.exe: *: Enabled: DNA"
"C: \ \ Program Files \ \ ICQ \ \ Icq.exe" = "C: \ \ Program Files \ \ ICQ \ \ Icq.exe: *: Enabled: ICQ"
"C: \ \ Program Files \ \ Yahoo! \ \ Messenger \ \ YahooMessenger.exe" = "C: \ \ Program Files \ \ Yahoo! \ \ Messenger \ \ YahooMessenger.exe: *: Ena verbloede: Yahoo! Messenger"
"C: \ \ Program Files \ \ LimeWire \ \ LimeWire.exe" = "C: \ \ Program Files \ \ LimeWire \ \ LimeWire.exe: *: Enabled: LimeWire"
"D: \ \ Program Files \ \ Microsoft Games \ \ Flight Simulator 9 \ \ fs9.exe" = "C: \ \ Program Files \ \ Microsoft Games \ \ Flight Simulator 9 \ \ fs9.exe: *: Enabled: Microsoft Flight Simulator "
"C: \ \ WINDOWS \ system32 \ \ dpnsvr.exe" = "C: \ \ WINDOWS \ system32 \ \ dpnsvr.exe: *: Enabled: Microsoft DirectPlay8 Server"
"C: \ \ Program Files \ \ Kontiki \ \ KService.exe" = "C: \ \ Program Files \ \ Kontiki \ \ KService.exe: *: Enabled: Delivery Manager Service"
"C: \ \ Program Files \ \ Ubisoft \ \ Gearbox Software \ \ BrothersInArmsEiB \ \ System \ \ EiB.exe" = "C: \ \ Program Files \ \ Ubisoft \ \ Gearbox Software \ \ BrothersInArmsEiB \ \ System \ \ EIB . exe: *: Ena bled: Brothers In Arms Earned in Blood "
"C: \ \ Valve \ \ Condition Zero \ \ czero.exe" = "C: \ \ Valve \ \ Condition Zero \ \ czero.exe: *: Enabled: Condition Zero Launcher"
"C: \ \ Program Files \ \ Java \ \ jre1.6.0_04 \ \ bin \ \ javaw.exe" = "C: \ \ pro gram Files \ \ Java \ \ jre1.6.0_04 \ \ bin \ \ javaw. exe: *: Enabled: Java (TM) Platform SE binary "
"C: \ \ Program Files \ \ DAP \ \ DAP.exe" = "C: \ \ Program Files \ \ DAP \ \ DAP.exe: *: Enabled: Download Accelerator Plus (DAP)"
"% windir% \ \ system32 \ \ sessmgr.exe" = "% windir% \ \ systematische M32 \ \ sessmgr.exe: *: Enabled: @ Xpsp2res.dll, -22019"
"C: \ \ Program Files \ \ SpeedBit Video Accelerator \ \ VideoAccelerator.exe" = "C: \ \ Program Files \ \ SpeedBit Video Accelerator \ \ VideoAccelerator.exe: *: Enabled: VideoA ccelerator"
"C: \ \ Program Files \ \ SpeedBit Video Accelerator \ \ VideoAcceleratorEngine.exe" = "C: \ \ Prog ram Files \ \ SpeedBit Video Accelerator \ \ VideoAcceleratorEngine.exe: *: Enabled: VideoAcceleratorService"
"C: \ \ Program Files \ \ Java \ \ jre1.6.0_05 \ \ bin \ \ javaw.exe" = "C: \ \ pro gram Files \ \ Java \ \ jre1.6.0_05 \ \ bin \ \ javaw. exe: *: Enabled: Java (TM) Platform SE binary "
"C: \ \ Program Files \ \ iTunes \ \ iTunes.exe" = "C: \ \ Program Files \ \ iTunes \ \ iTunes.exe: *: Enabled: iTunes"
[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Servic es \ SharedAccess \ Parameters \ firewallpolicy \ domainpr ofile \ authorizedapplications \ list]
"% windir% \ \ system32 \ \ sessmgr.exe" = "% windir% \ \ systematische M32 \ \ sessmgr.exe: *: Enabled: @ Xpsp2res.dll, -22019"
Resterende bestanden :

File Backups: - C: \ SDFix \ SDFix \ backups \ backups.zip
Verborgen bestanden met attributen :
Dins 5 februari 2008 4348 A.SH. --- "C: \ Documents and Settings \ All Users \ DRM \ DRMv1.bak"
Ma 28 jan 2008 0 A.SH. --- "C: \ Documents and Settings \ All Users \ DRM \ Cache \ Indiv01.tmp"
Klaar!

en

Logbestand van Trend Micro HijackThis v2.0.2
Scan saved at 10:48:43, op 05/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Draaiende processen:
C: \ WINDOWS \ System32 \ Smss.exe
C: \ WINDOWS \ system32 \ Csrss.exe
C: \ WINDOWS \ system32 \ winlogon.exe
C: \ WINDOWS \ system32 \ Services.exe
C: \ WINDOWS \ system32 \ lsass.exe
C: \ WINDOWS \ system32 \ Ati2evxx.exe
C: \ WINDOWS \ system32 \ svchost.exe
C: \ WINDOWS \ system32 \ svchost.exe
C: \ WINDOWS \ System32 \ svchost.exe
C: \ WINDOWS \ system32 \ svchost.exe
C: \ WINDOWS \ system32 \ Ati2evxx.exe
C: \ WINDOWS \ system32 \ svchost.exe
C: \ WINDOWS \ system32 \ Spoolsv.exe
C: \ Program Files \ AMD \ RAIDXpert \ jetty \ extra \ win32 \ Wrapper.exe
C: \ Program Files \ Common Files \ Apple \ Mobile Device Support \ bin \ AppleMobileDeviceService.exe
C: \ Program Files \ Grisoft \ AVG Anti-Spyware 7.5 \ guard.exe
C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgamsvr.exe
C: \ Program Files \ AMD \ RAIDXpert \ _jvm \ bin \ java.exe
C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgupsvc.exe
C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgemc.exe
C: \ Program Files \ Bonjour \ mDNSResponder.exe
C: \ Program Files \ Google \ Common \ Google Updater \ GoogleUpdaterService.exe
C: \ Program Files \ SPAMfighter \ sfus.exe
C: \ WINDOWS \ system32 \ svchost.exe
C: \ WINDOWS \ System32 \ wltrysvc.exe
C: \ WINDOWS \ System32 \ bcmwltry.exe
C: \ WINDOWS \ explorer.exe
C: \ WINDOWS \ System32 \ alg.exe
C: \ WINDOWS \ system32 \ wuauclt.exe
C: \ WINDOWS \ system32 \ Rundll32.exe
C: \ Program Files \ btbb_wcm \ McciTrayApp.exe
C: \ WINDOWS \ system32 \ wuauclt.exe
C: \ WINDOWS \ System32 \ svchost.exe
C: \ PROGRA ~ 1 \ Yahoo! \ Browser \ ybrwicon.exe
C: \ PROGRA ~ 1 \ Yahoo! \ Browser \ ycommon.exe
C: \ Program Files \ HP \ HP Software Update \ HPWuSchd2.exe
C: \ Program Files \ MediaLife \ MediaLifeService.exe
C: \ WINDOWS \ Samsung \ LaserSMMgr \ ssmmgr.exe
C: \ PROGRA ~ 1 \ Yahoo! \ YOP \ yop.exe
C: \ Program Files \ SPAMfighter \ SFAgent.exe
C: \ Program Files \ BT Broadband Desktop Help \ bin \ BTHelpNotifier.exe
C: \ Program Files \ ATI Technologies \ ATI.ACE \ Core-Static \ MOM.EXE
C: \ WINDOWS \ system32 \ msiexec.exe
C: \ WINDOWS \ system32 \ spool \ drivers \ w32x86 \ 3 \ hpztsb0 4.exe
C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgcc.exe
C: \ PROGRA ~ 1 \ MI948F ~ 1 \ GAMECO ~ 1 \ Common \ SWTrayV4.exe
C: \ Program Files \ Microsoft IntelliType Pro \ itype.exe
C: \ Program Files \ Microsoft IntelliPoint \ ipoint.exe
C: \ Program Files \ Microsoft IntelliType Pro \ dpupdchk.exe
C: \ PROGRA ~ 1 \ Yahoo! \ YOP \ SSDK02.exe
C: \ Program Files \ Grisoft \ AVG Anti-Spyware 7.5 \ avgas.exe
C: \ Program Files \ Java \ jre1.6.0_05 \ bin \ jusched.exe
C: \ WINDOWS \ system32 \ wbem \ wmiprvse.exe
C: \ Program Files \ iTunes \ iTunesHelper.exe
C: \ WINDOWS \ system32 \ Ctfmon.exe
C: \ Program Files \ Google \ GoogleToolbarNotifier \ GoogleToolbarNo tifier.exe
C: \ Program Files \ iPod \ bin \ iPodService.exe
C: \ Program Files \ DNA \ btdna.exe
C: \ Program Files \ Messenger \ msmsgs.exe
C: \ Program Files \ SUPERAntiSpyware \ SUPERAntiSpyware.exe
C: \ Program Files \ BT Broadband Desktop Help \ bin \ mpbtn.exe
C: \ Program Files \ HP \ Digital Imaging \ bin \ hpqtra08.exe
C: \ Program Files \ NETGEAR WG311v2 Adapter \ wlancfg5.exe
C: \ Program Files \ Java \ jre1.6.0_05 \ bin \ javaw.exe
C: \ Program Files \ ATI Technologies \ ATI.ACE \ Core-Static \ ccc.exe
C: \ Program Files \ Trend Micro \ HijackThis \ HijackThis.exe
C: \ WINDOWS \ system32 \ wbem \ wmiprvse.exe
R0 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Start Page = http://news.bbc.co.uk/sport1/hi/football/default.stm
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Search Bar = http://uk.red.clientapps.yahoo.com/c...o/bt_side.html
R1 - HKLM \ Software \ Microsoft \ Windows \ CurrentVersion \ Int ernet Settings, ProxyOverride = 127.0.0.1; *. lokale
R3 - URLSearchHook: Yahoo! Toolbar - (EF99BD32-C1FB-11D2-892F-0090271D4F88) - C: \ Program Files \ Yahoo! \ Companion \ installs \ cpn0 \ yt.dll
O2 - BHO: (geen naam) - (3CAB59B4-55A3-4737-9FD5-B93C6430BF75) - C: \ WINDOWS \ system32 \ sjmxcfmu.dll
O2 - BHO: SSVHelper Class - (761497BB-D6F0-462C-B6EB-D4DAF1D92D43) - C: \ Program Files \ Java \ jre1.6.0_05 \ bin \ ssv.dll
O3 - Toolbar: Yahoo! Toolbar - (EF99BD32-C1FB-11D2-892F-0090271D4F88) - C: \ Program Files \ Yahoo! \ Companion \ installs \ cpn0 \ yt.dll
O3 - Toolbar: & Google - (2318C2B1-4965-11D4-9B18-009027A5CD4F) - c: \ Program Files \ Google \ googletoolbar1.dll
O3 - Toolbar: Ask Toolbar - (F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA) - C: \ Program Files \ AskSBar \ bar \ 1.bin \ ASKSBAR.DLL
O4 - HKLM \ .. \ Run: [C6501Sound] RunDll32 c6501.cpl, jusched.exe
O4 - HKLM \ .. \ Run: [btbb_wcm_McciTrayApp] C: \ Program Files \ btbb_wcm \ McciTrayApp.exe
O4 - HKLM \ .. \ Run: [YBrowser] C: \ PROGRA ~ 1 \ Yahoo! \ Browser \ ybrwicon.exe
O4 - HKLM \ .. \ Run: [HPHUPD08] C: \ Program Files \ HP \ Digital Imaging \ (33D6CC28-9F75-4d1b-A11D-98895B3A3729) \ hphupd08.exe
O4 - HKLM \ .. \ Run: [HP Software Update] C: \ Program Files \ HP \ HP Software Update \ HPWuSchd2.exe
O4 - HKLM \ .. \ Run: [MediaLifeService] "C: \ Program Files \ MediaLife \ MediaLifeService.exe"
O4 - HKLM \ .. \ Run: [Samsung LBP SM] "C: \ WINDOWS \ Samsung \ LaserSMMgr \ ssmmgr.exe" / autorun
O4 - HKLM \ .. \ Run: [YOP] C: \ PROGRA ~ 1 \ Yahoo! \ YOP \ yop.exe / autostart
O4 - HKLM \ .. \ Run: [SPAMfighter Agent] "C: \ Program Files \ SPAMfighter \ SFAgent.exe" update vertraging 60
O4 - HKLM \ .. \ Run: [btbb_McciTrayApp] C: \ Program Files \ BT Broadband Desktop Help \ bin \ BTHelpNotifier.exe
O4 - HKLM \ .. \ Run: [StartCCC] "C: \ Program Files \ ATI Technologies \ ATI.ACE \ Core-Static \ CLIStart.exe"
O4 - HKLM \ .. \ Run: [amd_dc_opt] C: \ Program Files \ AMD \ Dual-Core Optimizer \ amd_dc_opt.exe
O4 - HKLM \ .. \ Run: [HPDJ Taskbar Utility] C: \ WINDOWS \ system32 \ spool \ drivers \ w32x86 \ 3 \ hpztsb0 4.exe
O4 - HKLM \ .. \ Run: [AVG7_CC] C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgcc.exe / STARTUP
O4 - HKLM \ .. \ Run: [SideWinderTrayV4] "C: \ PROGRA ~ 1 \ MI948F ~ 1 \ GAMECO ~ 1 \ Common \ SWTrayV4.exe
O4 - HKLM \ .. \ Run: [itype] "C: \ Program Files \ Microsoft IntelliType Pro \ itype.exe"
O4 - HKLM \ .. \ Run: [IntelliPoint] "C: \ Program Files \ Microsoft IntelliPoint \ ipoint.exe"
O4 - HKLM \ .. \ Run: [! AVG Anti-Spyware] "C: \ Program Files \ Grisoft \ AVG Anti-Spyware 7.5 \ avgas.exe" / geminimaliseerd
O4 - HKLM \ .. \ Run: [SunJavaUpdateSched] "C: \ Program Files \ Java \ jre1.6.0_05 \ bin \ jusched.exe"
O4 - HKLM \ .. \ Run: [QuickTime Task] "C: \ Program Files \ QuickTime \ QTTask.exe"-atboottime
O4 - HKLM \ .. \ Run: [iTunesHelper] "C: \ Program Files \ iTunes \ iTunesHelper.exe"
O4 - HKCU \ .. \ Run: [Ctfmon.exe] C: \ WINDOWS \ system32 \ Ctfmon.exe
O4 - HKCU \ .. \ Run: [SWG] C: \ Program Files \ Google \ GoogleToolbarNotifier \ GoogleToolbarNo tifier.exe
O4 - HKCU \ .. \ Run: [BitTorrent DNA] "C: \ Program Files \ DNA \ btdna.exe"
O4 - HKCU \ .. \ Run: [msmsgs] "C: \ Program Files \ Messenger \ msmsgs.exe" / achtergrond
O4 - HKCU \ .. \ Run: [SUPERAntiSpyware] C: \ Program Files \ SUPERAntiSpyware \ SUPERAntiSpyware.exe
O4 - HKUS \ S-1-5-19 \ .. \ Run: [Ctfmon.exe] C: \ WINDOWS \ system32 \ Ctfmon.exe (User 'LOCAL SERVICE')
O4 - HKUS \ S-1-5-19 \ .. \ Run: [AVG7_Run] C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgw.exe / RunOnce (User 'LOCAL SERVICE')
O4 - HKUS \ S-1-5-20 \ .. \ Run: [Ctfmon.exe] C: \ WINDOWS \ system32 \ Ctfmon.exe (User 'NETWORK SERVICE')
O4 - HKUS \ S-1-5-18 \ .. \ Run: [Ctfmon.exe] C: \ WINDOWS \ system32 \ Ctfmon.exe (User 'SYSTEM')
O4 - HKUS \. DEFAULT \ .. \ Run: [Ctfmon.exe] C: \ WINDOWS \ system32 \ Ctfmon.exe (User 'Default user')
O4 - Startup: MP3 Rocket (geminimaliseerd). Lnk = C: \ Program Files \ MP3 Rocket \ MP3Rocket.exe
O4 - Global Startup: BT Broadband Desktop Help.lnk = "C: \ Program Files \ BT Broadband Desktop Help \ bin \ matcli.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C: \ Program Files \ HP \ Digital Imaging \ bin \ hpqtra08.exe
O4 - Global Startup: NETGEAR WG311v2 Smart Configuration.lnk = "C: \ Program Files \ NETGEAR WG311v2 Adapter \ wlancfg5.exe
O8 - Extra context menu item: & Clean Traces - C: \ Program Files \ DAP \ Privacy Package \ dapcleanerie.htm
O8 - Extra context menu item: & Download met & DAP - C: \ Program Files \ DAP \ dapextie.htm
O8 - Extra context menu item: Download & allemaal met DAP - C: \ Program Files \ DAP \ dapextie2.htm
O9 - Extra button: (geen naam) - (08B0E5C0-4FCB-11CF-AAA5-00401C608501) - C: \ Program Files \ Java \ jre1.6.0_05 \ bin \ ssv.dll
O9 - Extra 'Tools' MENUITEM: Sun Java Console - (08B0E5C0-4FCB-11CF-AAA5-00401C608501) - C: \ Program Files \ Java \ jre1.6.0_05 \ bin \ ssv.dll
O9 - Extra button: BT Yahoo! Services - (5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897) - C: \ PROGRA ~ 1 \ Yahoo! \ Common \ yiesrvc.dll
O9 - Extra button: Messenger - (FB5F1910-F110-11d2-BB9E-00C04F795683) - C: \ Program Files \ Messenger \ msmsgs.exe
O9 - Extra 'Tools' MENUITEM: Windows Messenger - (FB5F1910-F110-11d2-BB9E-00C04F795683) - C: \ Program Files \ Messenger \ msmsgs.exe
O16 - DPF: (17492023-C23A-453E-A040-C7C580BBF700) (Windows Genuine Advantage Validation Tool) -- http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: (30528230-99f7-4bb4-88d8-fa1d4f56a2ab) (Installation Support) - C: \ Program Files \ Yahoo! \ Common \ Yinsthelper20073151.dll
O16 - DPF: (6F15128C-E66A-490C-B848-5000B5ABEEAC) (HP Download Manager) -- https: / / h20436.www2.hp.com/ediags/de...e/HPDEXAXO.cab
O16 - DPF: (BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B) (Zylom Games Player) -- http://game07.zylom.com/activex/zylomgamesplayer.cab
O16 - DPF: (D27CDB6E-AE6D-11CF-96B8-444553540000) (Shockwave Flash Object) -- http://fpdownload2.macromedia.com/ge...nt/swflash.cab
O20 - Winlogon Notify:! SASWinLogon - C: \ Program Files \ SUPERAntiSpyware \ SASWINLO.dll
O20 - Winlogon Notify: tuvsqpq - tuvsqpq.dll (bestand ontbreekt)
O20 - Winlogon Notify: yaywuvw - yaywuvw.dll (bestand ontbreekt)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C: \ Program Files \ Lavasoft \ Ad-Aware 2007 \ aawservice.exe
O23 - Service: AMD RAIDXpert (AMDRAIDXpert) - Unknown owner - C: \ Program Files \ AMD \ RAIDXpert \ jetty \ extra \ win32 \ Wrapper.exe
O23 - Service: Apple Mobile Device - Apple, Inc - C: \ Program Files \ Common Files \ Apple \ Mobile Device Support \ bin \ AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc - C: \ WINDOWS \ system32 \ Ati2evxx.exe
O23 - Service: ATI Smart - Onbekende eigenaar - C: \ WINDOWS \ system32 \ ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - Grisoft sro - C: \ Program Files \ Grisoft \ AVG Anti-Spyware 7.5 \ guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - Grisoft, sro - C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - Grisoft, sro - C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - Grisoft, sro - C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgemc.exe
O23 - Service: Bonjour Service - Apple Inc - C: \ Program Files \ Bonjour \ mDNSResponder.exe
O23 - Service: Google Updater Service (gusvc) - Google - C: \ Program Files \ Google \ Common \ Google Updater \ GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C: \ Program Files \ Common Files \ InstallShield \ Driver \ 11 \ Intel 32 \ IDriverT.exe
O23 - Service: iPod Service - Apple Inc - C: \ Program Files \ iPod \ bin \ iPodService.exe
O23 - Service: PML Driver HPZ12 - Onbekende eigenaar - C: \ WINDOWS \ system32 \ HPZipm12.exe (ontbreekt)
O23 - Service: SPAMfighter Update Service - SPAMfighter ApS - C: \ Program Files \ SPAMfighter \ sfus.exe
O23 - Service: WLTRYSVC - Unknown owner - C: \ WINDOWS \ System32 \ wltrysvc.exe
O23 - Service: YPCService - Yahoo! Inc - C: \ WINDOWS \ system32 \ YPCSER ~ 1.exe
--
End of file - 11044 bytes

Gelijkaardige Draden
Draad	Thread Starter	Forum	Antwoorden	Last Post
Trager internet snelheden in 's avonds op de kabel	kojowilliams	Netwerken, modems & VoIP	1	25 mei 2009 14:18
Fast Moving games verbetert vaardigheden voor langzamere bewegende games!	NeuroDrive	PC & Gaming Console	1	De 4 februari 2009 04:19
PC trager is dan de wereld van de langzaamste ding!	slijm	Virus, spyware & Security	40	20 nov 2008 06:35
Zijn externe hardrives trager dan de interne?	dubs89	Drives & Removable Media	3	29 dec 2007 14:05