Travel Fans
Go Back   Computer Juice Computersoftware Virus, Spyware & Security
Reload this Page

Wat ik ook doe ik kan niet ontdoen van Trojan.Vundo.H

Registreer Spy Site De Lijst Donate Zoeken Berichten van vandaag Markeer forums als gelezen Forumregels

Register

 Default 

Wat ik ook doe ik kan niet ontdoen van Trojan.Vundo.H




Reply
Pagina 1 van 3 1 23
 
Discussietools
  #1  
Old 16 oktober 2008, 09:51
Full Member
Berichten: 19
 
Ik heb geprobeerd vele malen met Malwarebytes het verwijderen van de VUNDO.H virus. Het instructies om opnieuw op te starten en ik lopen Malwarebytes weer alleen te vinden is het nog steeds op het systeem. Ik heb ook uitgeschakeld systemen te herstellen voordat u deze.

Bedankt voor uw hulp!
Bijgevoegde bestanden
File Type: txt mbam-log-2008-10-16 (12-33-23). txt (1.2 KB, 126 views)
File Type: txt hijackthis.txt (7.3 KB, 118 views)

  #2  
Old 16 oktober 2008, 11:27
Moderator
Berichten: 7.561
 
Open HijackThis en selecteer Doe een systeem scan.

Plaats een vinkje naast de volgende vermeldingen: (indien aanwezig)
  • O2 - BHO: (no name) - (D6EEB0C3-825E-4FBC-BE0F-38CD08E932FE) - c: \\ windows \\ system32 \\ digestp.dll
  • O20 - Winlogon Notify: paubftzz - C: \\ WINDOWS \\ system32 \\ digestp.dll
Belangrijk Sluit alle vensters behalve HijackThis en klik op Fix gecontroleerd.

Exit HijackThis.

----------

Downloaden OTMoveIt2 door Oldtimer en sla het op uw Desktop.

Opmerking: Als u werkt op Vista, klik met de rechtermuisknop op en kies OTMoveIt2.exe Als administrator uitvoeren.

1. Dubbelklik OTMoveIt2.exe te voeren.
2. Kopieer de lijnen in de codebox hieronder.

Code:
[doden explorer] "C: \\ WINDOWS \\ system32 \\ digestp.dll EmptyTemp [start explorer]
3. Terug naar OTMoveIt2, rechts klik in de Plakken Lijst van bestanden / mappen te verplaatsen venster (onder de gele balk) en kies Plakken
4. Klik op de rode Moveit! knop.
5. Kopieer alles in het Resultaten venster (onder de groene balk) en plak het in je volgende antwoord.
6. Sluiten OTMoveIt2

Opmerking: Als een bestand of map niet kan worden verplaatst u onmiddellijk kan worden gevraagd om uw computer opnieuw opstarten om de verhuizing proces te voltooien. Als gevraagd om opnieuw op te starten, kiest Ja. Zo niet, herstart anyway.
__________________
  #3  
Old 16 oktober 2008, 12:39
Full Member
Berichten: 19
 
Nou ik liep alles wat je gepost. De Hijack ging prima en de 2 bestanden worden verwijderd.

De OTMOVEIT2 programma - ik gekopieerd van de 4 regels
[doden explorer]
C: \\ WINDOWS \\ system32 \\ digestp.dll
EmptyTemp
[start explorer

onder de gele balk en geselecteerde MOVEIT.

Onder het groene vak de programma's met succes zei echter verkennen gedood kreeg ik een fout dialoogvenster.

Said OTMOVEIT2 OTMOVEIT2.EXE - Bad image

De toepassing of DLL-bestand c: \\ windows \\ rakxhfy.dll is geen geldige Windows Image. Vink dit tegen uw installtion schijf.

Ik moest rebooten en OTMOVEIT kwam weer en ik kwam met dezelfde fout dialoogvenster als hierboven. Hoe kan ik ontdoen van deze OTMOVEIT2 wanneer het herstart. Is er iets anders dat gedaan moet worden?
  #4  
Old 16 oktober 2008, 12:45
Moderator
Berichten: 7.561
 
Ja er is meer te doen. Maak je geen zorgen over de foutmelding ...

Downloaden willekeurig systeem van informatie-instrument (RSIT) door random / willekeurig uit en sla het op uw bureaublad.
  • Dubbelklik op RSIT.exe lopen.
  • Klik Doorgaan op de disclaimer scherm.
  • Zodra het klaar is, zullen twee logs openen.
  • log.txt <zal worden gemaximaliseerd en info.txt <zal geminimaliseerd
  • Please post de inhoud van beide logs in het volgende antwoord.
__________________
  #5  
Old 16 oktober 2008, 13:26
Full Member
Berichten: 19
 
log.txt:
Uw bestand van 28,7 kB bytes overschrijdt grens van het forum van 19,5 KB voor dit bestandstype. Ik moest het logbestand WinZip om het contact met u doen om cdonstraints van COMPUTER JUICE gehechtheid van bestanden.
Bijgevoegde bestanden
File Type: txt info.txt (12.5 KB, 28 views)
File Type: zip ziplog file.zip (7.5 KB, 10 views)
  #6  
Old 16 oktober 2008, 13:34
Full Member
Berichten: 19
 
LOGBOEKBESTAND

Logfile van willekeurige systeem van informatie-instrument 1,04 (geschreven door random / random)
Geleid door de eigenaar op 2008-10-16 15:56:08
Microsoft Windows XP Home Edition Service Pack 3
Systeem station C: is 136 GB (92%) vrij van 149 GB
Totaal RAM: 382 MB (30% gratis)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:56:33 PM, op 10.16.2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal
Running processes:
C: \\ WINDOWS \\ System32 \\ smss.exe
C: \\ WINDOWS \\ system32 \\ winlogon.exe
C: \\ WINDOWS \\ system32 \\ services.exe
C: \\ WINDOWS \\ system32 \\ lsass.exe
C: \\ WINDOWS \\ system32 \\ Ati2evxx.exe
C: \\ WINDOWS \\ system32 \\ svchost.exe
C: \\ WINDOWS \\ System32 \\ svchost.exe
C: \\ Program Files \\ Common Files \\ Symantec Shared \\ ccSvcHst.exe
C: \\ WINDOWS \\ system32 \\ Ati2evxx.exe
C: \\ WINDOWS \\ explorer.exe
C: \\ WINDOWS \\ system32 \\ spoolsv.exe
C: \\ Program Files \\ Symantec \\ LiveUpdate \\ AluSchedulerSvc.exe
C: \\ Program Files \\ Google \\ Common \\ Google Updater \\ GoogleUpdaterService.exe
C: \\ Program Files \\ Ahead \\ InCD \\ InCDsrv.exe
C: \\ Program Files \\ Common Files \\ Microsoft Shared \\ VS7DEBUG \\ Mdm.exe
C: \\ Program Files \\ Common Files \\ New Boundary \\ PrismXL \\ PRISMXL.SYS
C: \\ Program Files \\ QuickTime \\ qttask.exe
C: \\ Program Files \\ Adobe \\ Photoshop Album Starter Edition \\ 3.0 \\ Apps \\ apdproxy.exe
C: \\ Program Files \\ Common Files \\ Real \\ \\ jusched.exe
C: \\ Program Files \\ Common Files \\ Symantec Shared \\ ccSvcHst.exe
C: \\ Program Files \\ Messenger \\ msmsgs.exe
C: \\ WINDOWS \\ system32 \\ ctfmon.exe
C: \\ Program Files \\ \\ WMPNSCFG.exe
C: \\ Program Files \\ Olympus \\ DeviceDetector \\ DevDtct2.exe
C: \\ Program Files \\ Google \\ Google Updater \\ GoogleUpdater.exe
C: \\ WINDOWS \\ system32 \\ svchost.exe
C: \\ Program Files \\ Internet Explorer \\ iexplore.exe
C: \\ Documents and Settings \\ Eigenaar \\ Local Settings \\ Temporary Internet Files \\ Content.IE5 \\ 6QBVSP54 \\ RSIT [1]. Exe
C: \\ Program Files \\ Common Files \\ Symantec Shared \\ COH \\ coh32.exe
C: \\ Program Files \\ Trend Micro \\ HijackThis \\ Owner.exe
R0 - HKLM \\ Software \\ Microsoft \\ Internet Explorer \\ Main, Start Page = http://www.emachines.com/
R1 - HKLM \\ Software \\ Microsoft \\ Internet Explorer \\ Main, Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM \\ Software \\ Microsoft \\ Internet Explorer \\ Main, Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM \\ Software \\ Microsoft \\ Internet Explorer \\ Main, Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM \\ Software \\ Microsoft \\ Internet Explorer \\ Main, Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - (06849E9F-C8D7-4D59-B87D-784B7D6BE0B3) - C: \\ Program Files \\ Common Files \\ Adobe \\ Acrobat \\ ActiveX \\ AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin voor Internet Explorer - (3049C3E9-B461-4BC5-8870-4C09146192CA) - C: \\ Program Files \\ Real \\ RealPlayer \\ rpbrowserrecordplugin.dll
O2 - BHO: NCO 2.0 IE BHO - (602ADB0E-4AFF-4217-8AA1-95DAC4DFA408) - C: \\ Program Files \\ Common Files \\ Symantec Shared \\ coShared \\ Browser \\ 2.6 \\ coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - (6D53EC84-6AAE-4787-AEEE-F4628F01010C) - C: \\ PROGRA ~ 1 \\ COMMON ~ 1 \\ SYMNET ~ 1 \\ IDS \\ IPSBHO.dll
O2 - BHO: Google Toolbar Helper - (AA58ED58-01DD-4d91-8333-CF10577473F7) - c: \\ program files \\ google \\ googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - (AF69DE43-7D58-4638-B6FA-CE66B5AD205D) - C: \\ Program Files \\ Google \\ GoogleToolbarNotifier \\ 3.1.807.1746 \\ swg.dll
O2 - BHO: (no name) - (D6EEB0C3-825E-4FBC-BE0F-38CD08E932FE) - c: \\ windows \\ system32 \\ digestp.dll
O3 - Toolbar: Yahoo! Toolbar - (EF99BD32-C1FB-11D2-892F-0090271D4F88) - C: \\ Program Files \\ Yahoo! \\ Companion \\ Installs \\ cpn \\ yt.dll
O3 - Toolbar: & Google - (2318C2B1-4965-11d4-9B18-009027A5CD4F) - c: \\ program files \\ google \\ googletoolbar1.dll
O3 - Toolbar: Show Norton Toolbar - (7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA) - C: \\ Program Files \\ Common Files \\ Symantec Shared \\ coShared \\ Browser \\ 2.6 \\ CoIEPlg.dll
O4 - HKLM \\ .. \\ Run: [QuickTime Task] "C: \\ Program Files \\ QuickTime \\ qttask.exe"-atboottime
O4 - HKLM \\ .. \\ Run: [Adobe Photo Downloader] "C: \\ Program Files \\ Adobe \\ Photoshop Album Starter Edition \\ 3.0 \\ Apps \\ apdproxy.exe"
O4 - HKLM \\ .. \\ Run: [Adobe Reader Speed Launcher] "C: \\ Program Files \\ Adobe \\ Reader 8.0 \\ Reader \\ Reader_sl.exe"
O4 - HKLM \\ .. \\ Run: [SunJavaUpdateSched] "C: \\ Program Files \\ Common Files \\ Real \\ \\ jusched.exe"-atboottime
O4 - HKLM \\ .. \\ Run: [SunJavaUpdateSched] "C: \\ Program Files \\ Common Files \\ Symantec Shared \\ ccApp.exe"
O4 - HKLM \\ .. \\ Run: [Adobe Reader Speed Launcher] "C: \\ Program Files \\ Norton 360 \\ ctfmon.exe"
O4 - HKLM \\ .. \\ Run: [MsnMsgr] "C: \\ Program Files \\ Messenger \\ msmsgs.exe" / background
O4 - HKLM \\ .. \\ Run: [CTFMON.EXE] C: \\ WINDOWS \\ system32 \\ ctfmon.exe
O4 - HKLM \\ .. \\ Run: [CTFMON.EXE] C: \\ Program Files \\ \\ WMPNSCFG.exe
O4 - Global Startup: Device Detector 3.lnk = C: \\ Program Files \\ Olympus \\ DeviceDetector \\ DevDtct2.exe
O4 - Global Startup: Google Updater.lnk = C: \\ Program Files \\ Google \\ Google Updater \\ GoogleUpdater.exe
O4 - Global Startup: Microsoft Office.lnk = C: \\ Program Files \\ Microsoft Office \\ Office \\ OSA9.exe
O8 - Extra context menu item: E & xporteren naar Microsoft Excel - res: / / C: \\ PROGRA ~ 1 \\ MICROS ~ 2 \\ OFFICE11 \\ EXCEL.EXE/3000
O9 - Extra button: Onderzoek - (92780B25-18CC-41C8-B9BE-3C9C571A8263) - C: \\ PROGRA ~ 1 \\ MICROS ~ 2 \\ OFFICE11 \\ REFIEBAR.DLL
O9 - Extra button: Real.com - (CD67F990-D8E9-11d2-98FE-00C0F0318AFE) - C: \\ WINDOWS \\ system32 \\ Shdocvw.dll
O9 - Extra button: (no name) - (e2e2dd38-d088-4134-82b7-f2ba38496583) - C: \\ WINDOWS \\ Network Diagnostic \\ xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @ xpsp3res.dll, -20001 - (e2e2dd38-d088-4134-82b7-f2ba38496583) - C: \\ WINDOWS \\ Network Diagnostic \\ xpnetdiag.exe
O9 - Extra button: Messenger - (FB5F1910-F110-11d2-BB9E-00C04F795683) - C: \\ Program Files \\ Messenger \\ msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - (FB5F1910-F110-11d2-BB9E-00C04F795683) - C: \\ Program Files \\ Messenger \\ msmsgs.exe
O16 - DPF: (215B8138-A3CF-44c5-803F-8226143CFC0A) (Trend Micro ActiveX Scan Agent 6.6) -- http://housecall65.trendmicro.com/ho...vex/hcImpl.cab
O16 - DPF: (2D8ED06D-3C30-438b-96AE-4D110FDC1FB8) (ActiveScan 2.0 Installer Class) -- http://acs.pandasoftware.com/actives.../as2stubie.cab
O16 - DPF: (6414512B-B978-451D-A0D8-FCFDF33E833C) (WUWebControl Class) -- http://www.update.microsoft.com/wind...?1211623928390
O16 - DPF: (6E32070A-766D-4EE6-879C-DC1FA91D2FC3) (MUWebControl Class) -- http://www.update.microsoft.com/micr...?1211630845500
O16 - DPF: (D27CDB6E-AE6D-11CF-96B8-444553540000) (Shockwave Flash Object) -- http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O20 - Winlogon Notify:! - C: \\ Program Files \\ Bonjour \\ mDNSResponder.exe
O20 - Winlogon Notify: paubftzz - C: \\ WINDOWS \\ system32 \\ digestp.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc - C: \\ WINDOWS \\ system32 \\ Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C: \\ Program Files \\ Symantec \\ LiveUpdate \\ AluSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C: \\ Program Files \\ Common Files \\ Symantec Shared \\ ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C: \\ Program Files \\ Common Files \\ Symantec Shared \\ ccSvcHst.exe
O23 - Service: Symantec Lic netconnect service (CLTNetCnService) - Symantec Corporation - C: \\ Program Files \\ Common Files \\ Symantec Shared \\ ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C: \\ Program Files \\ Common Files \\ Symantec Shared \\ VAScanner \\ comHost.exe
O23 - Service: Google Updater Service (gusvc) - Google - C: \\ Program Files \\ Google \\ Common \\ Google Updater \\ GoogleUpdaterService.exe
O23 - Service: InCD File System Service (InCDsrv) - Ahead Software - C: \\ Program Files \\ Ahead \\ InCD \\ InCDsrv.exe
O23 - Service: LiveUpdate - Symantec Corporation - C: \\ Program Files \\ Symantec \\ LiveUpdate \\ LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C: \\ Program Files \\ Common Files \\ Symantec Shared \\ ccSvcHst.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc - C: \\ Program Files \\ Common Files \\ New Boundary \\ PrismXL \\ PRISMXL.SYS
O23 - Service: Symantec Core LC - Unknown owner - C: \\ PROGRA ~ 1 \\ COMMON ~ 1 \\ SYMNET ~ 1 \\ CCPD-LC \\ symlcsvc.exe
--
End of file - 7993 bytes
Geplande taken map ====== ======
C: \\ WINDOWS \\ Tasks \\ Automatic Backup.job
C: \\ WINDOWS \\ Tasks \\ Daily Changed Files.job
C: \\ WINDOWS \\ Tasks \\ PEACTREE WEEKLY TERUG UP.job
====== Registry dump ======
[HKEY_LOCAL_MACHINE \\ SOFTWARE \\ Microsoft \\ Windows \\ CurrentVersion \\ Explorer \\ Browser Helper Objects \\ (06849E9F-C8D7-4D59-B87D-784B7D6BE0B3)]
Adobe PDF Reader Link Helper - C: \\ Program Files \\ \\ Adobe \\ Acrobat \\ ActiveX \\ AcroIEHelper.dll [2006-10-23 62080]
[HKEY_LOCAL_MACHINE \\ SOFTWARE \\ Microsoft \\ Windows \\ CurrentVersion \\ Explorer \\ Browser Helper Objects \\ (3049C3E9-B461-4BC5-8870-4C09146192CA)]
RealPlayer Download and Record Plugin voor Internet Explorer - C: \\ Program Files \\ Real \\ RealPlayer \\ rpbrowserrecordplugin.dll [2008-04-19 308856]
[HKEY_LOCAL_MACHINE \\ SOFTWARE \\ Microsoft \\ Windows \\ CurrentVersion \\ Explorer \\ Browser Helper Objects \\ (602ADB0E-4AFF-4217-8AA1-95DAC4DFA408)]
C: \\ Program Files \\ Common Files \\ Symantec Shared \\ coShared \\ Browser \\ 2.6 \\ coIEPlg.dll [2008-06-30 349552]
[HKEY_LOCAL_MACHINE \\ SOFTWARE \\ Microsoft \\ Windows \\ CurrentVersion \\ Explorer \\ Browser Helper Objects \\ (6D53EC84-6AAE-4787-AEEE-F4628F01010C)]
Symantec Intrusion Prevention - C: \\ PROGRA ~ 1 \\ COMMON ~ 1 \\ SYMNET ~ 1 \\ IDS \\ IPSBHO.dll [2008-10-16 116088]
[HKEY_LOCAL_MACHINE \\ SOFTWARE \\ Microsoft \\ Windows \\ CurrentVersion \\ Explorer \\ Browser Helper Objects \\ (AA58ED58-01DD-4d91-8333-CF10577473F7)]
Google Toolbar Helper - c: \\ program files \\ google \\ googletoolbar1.dll [2007-06-04 2554944]
[HKEY_LOCAL_MACHINE \\ SOFTWARE \\ Microsoft \\ Windows \\ CurrentVersion \\ Explorer \\ Browser Helper Objects \\ (AF69DE43-7D58-4638-B6FA-CE66B5AD205D)]
Google Toolbar Notifier BHO - C: \\ Program Files \\ Google \\ GoogleToolbarNotifier \\ 3.1.807.1746 \\ swg.dll [2008-09-26 737776]
[HKEY_LOCAL_MACHINE \\ SOFTWARE \\ Microsoft \\ Windows \\ CurrentVersion \\ Explorer \\ Browser Helper Objects \\ (D6EEB0C3-825E-4FBC-BE0F-38CD08E932FE)]
c: \\ windows \\ system32 \\ digestp.dll [2004-08-04 105984]
[HKEY_LOCAL_MACHINE \\ SOFTWARE \\ Microsoft \\ Internet Explorer \\ Toolbar]
(EF99BD32-C1FB-11D2-892F-0090271D4F88) - Yahoo! Toolbar - C: \\ Program Files \\ Yahoo! \\ Companion \\ Installs \\ cpn \\ yt.dll [2005-08-04 343112]
(2318C2B1-4965-11d4-9B18-009027A5CD4F) - & Google - c: \\ program files \\ google \\ googletoolbar1.dll [2007-06-04 2554944]
ID
(7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA) - Show Norton Toolbar - C: \\ Program Files \\ Common Files \\ Symantec Shared \\ coShared \\ Browser \\ 2.6 \\ CoIEPlg.dll [2008-06-30 349552]
[HKEY_LOCAL_MACHINE \\ Software \\ Microsoft \\ Windows \\ CurrentVersion \\ Run]
"QuickTime Task" = "C: \\ Program Files \\ QuickTime \\ qttask.exe [2005-01-28 98304]
"Adobe Photo Downloader" = "C: \\ Program Files \\ Adobe \\ Photoshop Album Starter Edition \\ 3.0 \\ Apps \\ apdproxy.exe [2005-06-06 57344]
"Adobe Reader Speed Launcher" = "C: \\ Program Files \\ Adobe \\ Reader 8.0 \\ Reader \\ Reader_sl.exe [2008-01-11 39792]
"SunJavaUpdateSched" = "C: \\ Program Files \\ Common Files \\ Real \\ \\ jusched.exe [2008-04-19 185896]
"ccApp" = "C: \\ Program Files \\ Common Files \\ QuickTime \\ qttask.exe [2008-02-18 51048]
"SunJavaUpdateSched" = "C: \\ Program Files \\ Norton 360 \\ ctfmon.exe [2008-02-26 988512]
[HKEY_CURRENT_USER \\ Software \\ Microsoft \\ Windows \\ CurrentVersion \\ Run]
"Swg" = C: \\ Program Files \\ Messenger \\ msmsgs.exe [2008-04-13 1695232]
"ctfmon.exe" = "C: \\ WINDOWS \\ system32 \\ ctfmon.exe [2008-04-13 15360]
"SUPERAntiSpyware" = "C: \\ Program Files \\ \\ WMPNSCFG.exe [2008-05-28 1506544]
[HKEY_LOCAL_MACHINE \\ Software \\ Microsoft \\ shared tools \\ msconfig \\ startupreg \\ ATIPTA]
C: \\ Program Files \\ ATI Technologies \\ ATI Control Panel \\ jusched.exe [2004-11-12 344064]
[HKEY_LOCAL_MACHINE \\ Software \\ Microsoft \\ shared tools \\ msconfig \\ startupreg \\ SunJavaUpdateSched]
C: \\ Program Files \\ \\ QuickTime \\ qttask.exe [2008-02-18 51048]
[HKEY_LOCAL_MACHINE \\ Software \\ Microsoft \\ shared tools \\ msconfig \\ startupreg \\ CHotkey]
C: \\ WINDOWS \\ zHotkey.exe [2004-05-17 543232]
[HKEY_LOCAL_MACHINE \\ Software \\ Microsoft \\ shared tools \\ msconfig \\ startupreg \\ CTFMON.EXE]
C: \\ WINDOWS \\ system32 \\ ctfmon.exe [2008-04-13 15360]
[HKEY_LOCAL_MACHINE \\ Software \\ Microsoft \\ shared tools \\ msconfig \\ startupreg \\ InCD]
C: \\ Program Files \\ Ahead \\ InCD \\ InCD.exe [2003-09-01 1200178]
[HKEY_LOCAL_MACHINE \\ Software \\ Microsoft \\ shared tools \\ msconfig \\ startupreg \\ swg]
C: \\ Program Files \\ Messenger \\ msmsgs.exe [2008-04-13 1695232]
[HKEY_LOCAL_MACHINE \\ Software \\ Microsoft \\ shared tools \\ msconfig \\ startupreg \\ TkBellExe]
C: \\ WINDOWS \\ system32 \\ \\ ctfmon.exe [2001-07-09 155648]
[HKEY_LOCAL_MACHINE \\ Software \\ Microsoft \\ shared tools \\ msconfig \\ startupreg \\ NeroFilterCheck]
C: \\ WINDOWS \\ system32 \\ ctfmon.exe [2001-07-09 155648]
[HKEY_LOCAL_MACHINE \\ Software \\ Microsoft \\ shared tools \\ msconfig \\ startupreg \\ osCheck]
C: \\ WINDOWS \\ SMINST \\ NvStartup [2002-09-13 212992]
[HKEY_LOCAL_MACHINE \\ Software \\ Microsoft \\ shared tools \\ msconfig \\ startupreg \\ NeroFilterCheck]
C: \\ Program Files \\ CyberLink \\ TeaTimer.exe [2003-10-31 32768]
[HKEY_LOCAL_MACHINE \\ Software \\ Microsoft \\ shared tools \\ msconfig \\ startupreg \\ ShowWnd]
C: \\ WINDOWS \\ ShowWnd.exe [2003-09-19 36864]
[HKEY_LOCAL_MACHINE \\ Software \\ Microsoft \\ shared tools \\ msconfig \\ startupreg \\ Cmaudio]
C: \\ WINDOWS \\ AGRSMMSG.exe [2004-11-15 77824]
[HKEY_LOCAL_MACHINE \\ Software \\ Microsoft \\ shared tools \\ msconfig \\ startupreg \\ SunKistEM]
C: \\ Program Files \\ Digital Media Reader \\ shwiconem.exe [2004-11-15 135168]
[HKEY_LOCAL_MACHINE \\ Software \\ Microsoft \\ shared tools \\ msconfig \\ startupreg \\ Software Update]
C: \\ Program Files \\ Common Files \\ Sonic \\ Update Manager \\ sgtray.exe [2003-08-19 110592]
[HKEY_LOCAL_MACHINE \\ Software \\ Microsoft \\ shared tools \\ msconfig \\ startupfolder \\ C: ^ Documents and Settings ^ All Users ^ Menu Start ^ Programma's ^ Opstarten ^ BigFix.lnk]
C: \\ PROGRA ~ 1 \\ BigFix \\ BigFix.exe [2002-07-31 1742384]
[HKEY_LOCAL_MACHINE \\ Software \\ Microsoft \\ shared tools \\ msconfig \\ startupfolder \\ C: ^ Documents and Settings ^ All Users ^ Menu Start ^ Programma's ^ Opstarten ^ Microsoft Office.lnk]
C: \\ PROGRA ~ 1 \\ MICROS ~ 2 \\ Office \\ OSA9.exe [2000-01-21 65588]
C: \\ Documents and Settings \\ All Users \\ Start Menu \\ Programs \\ Startup
Device Detector 3.lnk - C: \\ Program Files \\ Olympus \\ DeviceDetector \\ DevDtct2.exe
Google Updater.lnk - C: \\ Program Files \\ Google \\ Google Updater \\ GoogleUpdater.exe
Microsoft Office.lnk - C: \\ Program Files \\ Microsoft Office \\ Office \\ OSA9.exe
[HKEY_LOCAL_MACHINE \\ SOFTWARE \\ Microsoft \\ Windows NT \\ CurrentVersion \\ Winlogon \\ Notify \\! SASWinLogon]
C: \\ Program Files \\ Bonjour \\ mDNSResponder.exe [2007-04-19 294912]
[HKEY_LOCAL_MACHINE \\ SOFTWARE \\ Microsoft \\ Windows NT \\ CurrentVersion \\ Winlogon \\ Notify \\ AtiExtEvent]
C: \\ WINDOWS \\ system32 \\ Ati2evxx.dll [2006-02-21 61440]
[HKEY_LOCAL_MACHINE \\ SOFTWARE \\ Microsoft \\ Windows NT \\ CurrentVersion \\ Winlogon \\ Notify \\ paubftzz]
C: \\ WINDOWS \\ system32 \\ digestp.dll [2004-08-04 105984]
[HKEY_LOCAL_MACHINE \\ SOFTWARE \\ Microsoft \\ Windows \\ CurrentVersion \\ ShellServiceObjectDelayLoad]
UPnPMonitor - (e57ce738-33e8-4c51-8354-bb4de9d215d1) - C: \\ WINDOWS \\ system32 \\ upnpui.dll [2008-04-13 239616]
WPDShServiceObj - (AAA288BA-9A4C-45B0-95D7-94D524869DB5) - C: \\ WINDOWS \\ system32 \\ WPDShServiceObj.dll [2006-10-18 133632]
[HKEY_LOCAL_MACHINE \\ SOFTWARE \\ Microsoft \\ Windows \\ CurrentVersion \\ Explorer \\ ShellExecuteHooks]
"(5AE067D3-9AFB-48E0-853A-EBB7F4A000DA)" = C: \\ Program Files \\ Bonjour \\ SASSEH.DLL [2008-05-13 77824]
[HKEY_LOCAL_MACHINE \\ Software \\ Microsoft \\ Windows \\ CurrentVersion \\ Policies \\ System]
"dontdisplaylastusername" = 0
"LegalNoticeCaption" =
"LegalNoticeText" =
"shutdownwithoutlogon" = 1
"undockwithoutlogon" = 1
[HKEY_CURRENT_USER \\ Software \\ Microsoft \\ Windows \\ CurrentVersion \\ Policies \\ Explorer]
"NoDriveTypeAutoRun" = 145
[HKEY_LOCAL_MACHINE \\ SYSTEM \\ CurrentControlSet \\ Services \\ SharedAccess \\ Parameters \\ firewallpolicy \\ standardprofile \\ AuthorizedApplications \\ list]
"% windir% \\ system32 \\ Sessmgr.exe" = "% windir% \\ system32 \\ Sessmgr.exe: *: enabled: @ Xpsp2res.dll, -22019"
"C: \\ Program Files \\ Common Files \\ AOL \\ ACS \\ AOLDial.exe" = "C: \\ Program Files \\ Common Files \\ AOL \\ ACS \\ AOLDial.exe: *: Enabled: AOL"
"C: \\ Program Files \\ Common Files \\ AOL \\ ACS \\ AOLacsd.exe" = "C: \\ Program Files \\ Common Files \\ AOL \\ ACS \\ AOLacsd.exe: *: Enabled: AOL"
"C: \\ Program Files \\ America Online 9.0 \\ waol.exe" = "C: \\ Program Files \\ America Online 9.0 \\ waol.exe: *: Enabled: America Online 9.0"
"% windir% \\ Network Diagnostic \\ xpnetdiag.exe" = "% windir% \\ Network Diagnostic \\ xpnetdiag.exe: *: Enabled: @ xpsp3res.dll, -20000"
"C: \\ Program Files \\ Internet Explorer \\ iexplore.exe" = "C: \\ Program Files \\ Internet Explorer \\ iexplore.exe: *: Disabled: Internet Explorer"
"C: \\ WINDOWS \\ LMI42.tmp \\ lmi_rescue.exe" = "C: \\ WINDOWS \\ LMI42.tmp \\ lmi_rescue.exe: *: Enabled: LogMeIn Rescue"
[HKEY_LOCAL_MACHINE \\ SYSTEM \\ CurrentControlSet \\ Services \\ SharedAccess \\ Parameters \\ firewallpolicy \\ domainprofile \\ AuthorizedApplications \\ list]
"% windir% \\ system32 \\ Sessmgr.exe" = "% windir% \\ system32 \\ Sessmgr.exe: *: enabled: @ Xpsp2res.dll, -22019"
"C: \\ Program Files \\ Common Files \\ AOL \\ ACS \\ AOLDial.exe" = "C: \\ Program Files \\ Common Files \\ AOL \\ ACS \\ AOLDial.exe: *: Enabled: AOL"
"C: \\ Program Files \\ Common Files \\ AOL \\ ACS \\ AOLacsd.exe" = "C: \\ Program Files \\ Common Files \\ AOL \\ ACS \\ AOLacsd.exe: *: Enabled: AOL"
"C: \\ Program Files \\ America Online 9.0 \\ waol.exe" = "C: \\ Program Files \\ America Online 9.0 \\ waol.exe: *: Enabled: America Online 9.0"
"% windir% \\ Network Diagnostic \\ xpnetdiag.exe" = "% windir% \\ Network Diagnostic \\ xpnetdiag.exe: *: Enabled: @ xpsp3res.dll, -20000"
[HKEY_CURRENT_USER \\ Software \\ Microsoft \\ Windows \\ CurrentVersion \\ Explorer \\ mountpoints2 \\ (4f63278d-8557-11d9-BE24-806d6172696f)]
shell \\ AutoRun \\ command - C: \\ WINDOWS \\ system32 \\ rundll32.exe shell32.dll, ShellExec_RunDLL Info.exe Folder.htt 480 480
[HKEY_CURRENT_USER \\ Software \\ Microsoft \\ Windows \\ CurrentVersion \\ Explorer \\ mountpoints2 \\ (e1ec6b61-710 bis-11d9-b301-806d6172696f)]
shell \\ AutoRun \\ command - C: \\ WINDOWS \\ system32 \\ rundll32.exe shell32.dll, ShellExec_RunDLL Info.exe Folder.htt 480 480

====== Lijst van bestanden / mappen aangemaakt in de laatste 1 maand ======
2008-10-16 15:56:08 ---- D ---- C: \\ rsit
2008-10-16 15:19:05 ---- D ---- C: \\ _OTMoveIt
2008-10-16 14:07:16 ---- D ---- C: \\ Program Files \\ Panda Security
2008-10-16 13:48:04 ---- A ---- C: \\ WINDOWS \\ system32 \\ CF23987.exe
2008-10-16 13:47:57 ---- A ---- C: \\ Bug.txt
2008-10-16 13:20:06 ---- D ---- C: \\ VundoFix Backups
2008-10-16 13:20:06 ---- A ---- C: \\ VundoFix.txt
2008-10-16 12:26:25 ---- D ---- C: \\ Documents and Settings \\ All Users \\ Application Data \\ SUPERAntiSpyware.com
2008-10-16 12:25:40 ---- D ---- C: \\ Program Files \\ SUPERAntiSpyware
2008-10-16 12:25:39 ---- D ---- C: \\ Documents and Settings \\ Eigenaar \\ Application Data \\ SUPERAntiSpyware.com
2008-10-16 12:25:12 ---- D ---- C: \\ Program Files \\ Common Files \\ Wise Installation Wizard
2008-10-16 11:20:45 ---- HDC ---- C: \\ WINDOWS \\ $ NtUninstallKB956803 $
2008-10-16 11:20:36 ---- HDC ---- C: \\ WINDOWS \\ $ NtUninstallKB956391 $
2008-10-16 11:20:27 ---- HDC ---- C: \\ WINDOWS \\ $ NtUninstallKB957095 $
2008-10-16 11:17:11 ---- HDC ---- C: \\ WINDOWS \\ $ NtUninstallKB954211 $
2008-10-16 11:16:54 ---- HDC ---- C: \\ WINDOWS \\ $ NtUninstallKB956841 $
2008-10-16 11:08:22 ---- D ---- C: \\ WINDOWS \\ system32 \\ N360_BACKUP
2008-10-16 10:48:03 ---- DC ---- C: \\ WINDOWS \\ system32 \\ DRVSTORE
2008-10-16 10:47:42 ---- D ---- C: \\ Documents and Settings \\ All Users \\ Application Data \\ () 3276BE95_AF08_429F_A64F_CA64CB79BCF6
2008-10-16 10:24:37 ---- D ---- C: \\ Program Files \\ Windows Sidebar
2008-10-16 10:24:06 ---- D ---- C: \\ Program Files \\ Norton 360
2008-10-16 10:22:49 ---- A ---- C: \\ WINDOWS \\ system32 \\ S32EVNT1.DLL
2008-10-15 17:26:20 ---- D ---- C: \\ Program Files \\ NoNAV
2008-10-15 16:41:28 ---- D ---- C: \\ SymNoNav
2008-10-15 16:22:38 ---- D ---- C: \\ WINDOWS \\ LMI42.tmp
2008-10-15 15:10:33 ---- D ---- C: \\ Program Files \\ Trend Micro
2008-10-11 12:25:41 ---- D ---- C: \\ WINDOWS \\ zon
2008-10-11 12:25:41 ---- D ---- C: \\ Documents and Settings \\ Eigenaar \\ Application Data \\ zon
2008-10-11 12:00:57 ---- D ---- C: \\ Program Files \\ CCleaner
2008-10-11 11:38:42 ---- D ---- C: \\ Documents and Settings \\ Eigenaar \\ Application Data \\ Malwarebytes
2008-10-11 11:38:37 ---- D ---- C: \\ Program Files \\ Malwarebytes 'Anti-Malware
2008-10-11 11:38:37 ---- D ---- C: \\ Documents and Settings \\ All Users \\ Application Data \\ Malwarebytes
====== Lijst van bestanden / mappen gewijzigd in de laatste 1 maand ======
2008-10-16 15:44:12 ---- D ---- C: \\ Program Files \\ Common Files \\ Symantec Shared
2008-10-16 15:43:38 ---- D ---- C: \\ WINDOWS \\ Temp
2008-10-16 15:27:24 ---- D ---- C: \\ WINDOWS \\ system32 \\ CatRoot2
2008-10-16 15:25:42 ---- A ---- C: \\ WINDOWS \\ SchedLgU.txt
2008-10-16 15:12:27 ---- A ---- C: \\ WINDOWS \\ hpbafd.ini
2008-10-16 15:12:19 ---- A ---- C: \\ WINDOWS \\ system32 \\ NTS5CSET.INI
2008-10-16 15:05:13 ---- D ---- C: \\ WINDOWS
2008-10-16 14:13:35 ---- D ---- C: \\ WINDOWS \\ system32 \\ drivers
2008-10-16 14:07:16 ---- RD ---- C: \\ Program Files
2008-10-16 14:07:16 ---- HD ---- C: \\ WINDOWS \\ inf
2008-10-16 14:06:35 ---- SD ---- C: \\ WINDOWS \\ Downloaded Program Files
2008-10-16 13:49:56 ---- D ---- C: \\ Documents and Settings \\ All Users \\ Application Data \\ Google Updater
2008-10-16 13:48:11 ---- D ---- C: \\ WINDOWS \\ system32
2008-10-16 12:26:10 ---- SHD ---- C: \\ WINDOWS \\ Installer
2008-10-16 12:25:12 ---- D ---- C: \\ Program Files \\
2008-10-16 11:50:16 ---- D ---- C: \\ WINDOWS \\ Minidump
2008-10-16 11:50:16 ---- D ---- C: \\ WINDOWS \\ Debug
2008-10-16 11:20:47 ---- RSHDC ---- C: \\ WINDOWS \\ system32 \\ dllcache
2008-10-16 11:20:43 ---- HD ---- C: \\ WINDOWS \\ $ hf_mig $
2008-10-16 11:20:07 ---- D ---- C: \\ Program Files \\ Internet Explorer
2008-10-16 11:19:54 ---- D ---- C: \\ WINDOWS \\ ie7updates
2008-10-16 11:19:07 ---- A ---- C: \\ WINDOWS \\ win.ini
2008-10-16 11:08:11 ---- D ---- C: \\ Documents and Settings \\ Eigenaar \\ Application Data \\ Symantec
2008-10-16 11:04:17 ---- D ---- C: \\ Program Files \\ Symantec
2008-10-16 11:01:12 ---- D ---- C: \\ Documents and Settings \\ All Users \\ Application Data \\ Symantec
2008-10-16 10:46:55 ---- D ---- C: \\ WINDOWS \\ Prefetch
2008-10-15 17:42:01 ---- D ---- C: \\ Documents and Settings
2008-10-15 15:38:45 ---- D ---- C: \\ WINDOWS \\ WinSxS
2008-10-15 15:38:45 ---- D ---- C: \\ Program Files \\ Common Files \\ Microsoft Shared
2008-10-15 14:55:27 ---- D ---- C: \\ WINDOWS \\ system32 \\ Restore
2008-10-15 13:23:32 ---- A ---- C: \\ WINDOWS \\ PCW120.ini
2008-10-15 13:23:22 ---- D ---- C: \\ SHAREDAT
2008-10-14 14:58:10 ---- D ---- C: \\ Shardata
2008-10-11 11:30:23 ---- SHD ---- C: \\ System Volume Information
2008-10-07 15:19:40 ---- A ---- C: \\ WINDOWS \\ system32 \\ Mrt.exe
2008-10-03 13:41:15 ---- A ---- C: \\ WINDOWS \\ system32 \\ ieframe.dll
2008-09-24 08:36:56 ---- D ---- C: \\ Program Files \\ \\ Peach
====== List of drivers (R = Running, S = Stopped, 0 = Boot, 1 = System, 2 = Auto, 3 = Demand, 4 = Disabled )======
R1 AmdPPM; HwPState AMD Processor Driver; C: \\ WINDOWS \\ system32 \\ drivers \\ AmdPPM.sys [2007-04-16 33792]
R1 eeCtrl; Symantec Eraser Control driver; \\? \\ C: \\ Program Files \\ Common Files \\ Symantec Shared \\ EENGINE \\ eeCtrl.sys []
R1 InCDPass; InCDPass C: \\ WINDOWS \\ system32 \\ drivers \\ InCDPass.sys [2003-09-01 28528]
R1 incdrm; InCD EasyWrite Reader C: \\ WINDOWS \\ system32 \\ drivers \\ incdrm.sys [2003-08-21 25520]
R1 SASDIFSV; SASDIFSV; \\? \\ C: \\ Program Files \\ Bonjour \\ SASDIFSV.SYS []
R1 SASKUTIL; SASKUTIL; \\? \\ C: \\ Program Files \\ Bonjour \\ SASKUTIL.sys []
R1 SPBBCDrv; SPBBCDrv; \\? \\ C: \\ Program Files \\ Common Files \\ Symantec Shared \\ SPBBC \\ SPBBCDrv.sys []
R1 SRTSPX; SRTSPX C: \\ WINDOWS \\ System32 \\ Drivers \\ SRTSPX.SYS [2008-01-31 43696]
R1 SYMTDI; SYMTDI C: \\ WINDOWS \\ System32 \\ Drivers \\ SYMTDI.SYS [2008-06-13 184240]
R2 CO_Mon; CO_Mon; \\? \\ C: \\ WINDOWS \\ system32 \\ drivers \\ CO_Mon.sys []
R2 mdmxsdk; mdmxsdk C: \\ WINDOWS \\ system32 \\ drivers \\ mdmxsdk.sys [2004-03-17 13059]
R2 tmcomm; tmcomm; \\? \\ C: \\ WINDOWS \\ system32 \\ drivers \\ tmcomm.sys []
R3 ALCXWDM; Dienst voor Realtek AC97 Audio (WDM), C: \\ WINDOWS \\ system32 \\ drivers \\ Alcxwdm.sys [2004-11-18 2297664]
R3 Arp1394; 1394 ARP Client Protocol C: \\ WINDOWS \\ system32 \\ drivers \\ arp1394.sys [2008-04-13 60800]
R3 ati2mtag; ati2mtag C: \\ WINDOWS \\ system32 \\ drivers \\ ati2mtag.sys [2006-02-21 1505792]
R3 COH_Mon; COH_Mon; \\? \\ C: \\ WINDOWS \\ system32 \\ Drivers \\ COH_Mon.sys []
R3 EraserUtilRebootDrv; EraserUtilRebootDrv; \\? \\ C: \\ Program Files \\ Common Files \\ Symantec Shared \\ EENGINE \\ EraserUtilRebootDrv.sys []
R3 GEARAspiWDM; GEAR ASPI Filter Driver; C: \\ WINDOWS \\ System32 \\ Drivers \\ GEARAspiWDM.sys [2008-04-17 15464]
R3 HSF_DP; HSF_DP C: \\ WINDOWS \\ system32 \\ drivers \\ HSF_DP.sys [2004-06-17 1041536]
R3 HSFHWBS2; HSFHWBS2 C: \\ WINDOWS \\ system32 \\ drivers \\ HSFHWBS2.sys [2004-06-17 220032]
R3 NAVENG; NAVENG; \\? \\ C: \\ PROGRA ~ 1 \\ COMMON ~ 1 \\ SYMNET ~ 1 \\ VIRUSD ~ 1 \\ 20081016.004 \\ NAVENG.SYS []
R3 NAVEX15; NAVEX15; \\? \\ C: \\ PROGRA ~ 1 \\ COMMON ~ 1 \\ SYMNET ~ 1 \\ VIRUSD ~ 1 \\ 20081016.004 \\ NAVEX15.SYS []
R3 NIC1394; 1394 Net Driver; C: \\ WINDOWS \\ system32 \\ drivers \\ nic1394.sys [2008-04-13 61824]
R3 RTL8139; Realtek RTL8139 (A / B / C)-based PCI Fast Ethernet Adapter NT Driver; C: \\ WINDOWS \\ system32 \\ drivers \\ RTL8139.sys [2004-08-04 20992]
R3 SASENUM; SASENUM; \\? \\ C: \\ Program Files \\ Bonjour \\ SASENUM.SYS []
R3 SRTSP; SRTSP C: \\ WINDOWS \\ System32 \\ Drivers \\ SRTSP.SYS [2008-01-31 279088]
R3 SunkFilt; Alcor Micro Corp Reader; \\? \\ C: \\ WINDOWS \\ System32 \\ Drivers \\ sunkfilt.sys []
R3 SYMDNS; SYMDNS C: \\ WINDOWS \\ System32 \\ Drivers \\ SYMDNS.SYS [2008-06-13 13616]
R3 SymEvent; SymEvent; \\? \\ C: \\ WINDOWS \\ system32 \\ Drivers \\ SYMEVENT.SYS []
R3 SYMFW; SYMFW C: \\ WINDOWS \\ System32 \\ Drivers \\ SYMFW.SYS [2008-06-13 96432]
R3 SYMIDS; SYMIDS C: \\ WINDOWS \\ System32 \\ Drivers \\ SYMIDS.SYS [2008-06-13 38576]
R3 SYMIDSCO; SYMIDSCO; \\? \\ C: \\ PROGRA ~ 1 \\ COMMON ~ 1 \\ SYMNET ~ 1 \\ SymcData \\ ipsdefs \\ 20081014.001 \\ SymIDSCo.sys []
R3 SymIMMP; SymIMMP C: \\ WINDOWS \\ system32 \\ drivers \\ SymIM.sys [2008-06-13 31280]
R3 SYMNDIS; SYMNDIS C: \\ WINDOWS \\ System32 \\ Drivers \\ SYMNDIS.SYS [2008-06-13 37424]
R3 SYMREDRV; SYMREDRV C: \\ WINDOWS \\ System32 \\ Drivers \\ SYMREDRV.SYS [2008-06-13 22320]
R3 usbehci; Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C: \\ WINDOWS \\ system32 \\ drivers \\ Usbehci.sys [2008-04-13 30208]
R3 usbhub; USB2 Enabled Hub; C: \\ WINDOWS \\ system32 \\ drivers \\ usbhub.sys [2008-04-13 59520]
R3 usbohci; Microsoft USB Open Host Controller Miniport Driver; C: \\ WINDOWS \\ system32 \\ drivers \\ Usbohci.sys [2008-04-13 17152]
R3 USBSTOR; USB Mass Storage Driver; C: \\ WINDOWS \\ system32 \\ drivers \\ USBSTOR.SYS [2008-04-13 26368]
R3 winachsf; winachsf C: \\ WINDOWS \\ system32 \\ drivers \\ HSF_CNXT.sys [2004-06-17 685056]
R4 InCDfs; InCD File System C: \\ WINDOWS \\ system32 \\ drivers \\ InCDfs.sys [2003-09-01 88800]
S1 P3; PentiumIII Intel Processor Driver; C: \\ WINDOWS \\ system32 \\ drivers \\ P3.sys [2008-04-13 42752]
S3 Bridge; MAC Bridge; C: \\ WINDOWS \\ system32 \\ drivers \\ bridge.sys [2008-04-13 71552]
S3 BridgeMP; MAC Bridge Miniport C: \\ WINDOWS \\ system32 \\ drivers \\ bridge.sys [2008-04-13 71552]
S3 mxnic; Macronix MX987xx Family Fast Ethernet NT Driver; C: \\ WINDOWS \\ system32 \\ drivers \\ mxnic.sys [2001-08-17 19968]
S3 NV; nv C: \\ WINDOWS \\ system32 \\ drivers \\ nv4_mini.sys [2004-08-04 1897408]
S3 SRTSPL; SRTSPL C: \\ WINDOWS \\ System32 \\ Drivers \\ SRTSPL.SYS [2008-01-31 317616]
S3 SymIM; Symantec Network Security Intermediate Filter Service; C: \\ WINDOWS \\ system32 \\ drivers \\ SymIM.sys [2008-06-13 31280]
S3 usbuhci; Microsoft USB Universal Host Controller Miniport Driver; C: \\ WINDOWS \\ system32 \\ drivers \\ Usbuhci.sys [2008-04-13 20608]
S3 VNUSB; VN Series Device; C: \\ WINDOWS \\ system32 \\ drivers \\ VNUSB.sys [2003-12-15 38448]
S3 wanatw; WAN-minipoort (ATW), C: \\ WINDOWS \\ system32 \\ drivers \\ wanatw4.sys []
S3 WudfPf; Windows Driver Foundation - User-mode Driver Framework Platform Driver; C: \\ WINDOWS \\ system32 \\ drivers \\ WudfPf.sys [2006-09-28 77568]
S3 WudfRd; Windows Driver Foundation - User-mode Driver Framework Reflector C: \\ WINDOWS \\ system32 \\ drivers \\ wudfrd.sys [2006-09-28 82944]
S4 sr; Systeemherstel Filter Driver; C: \\ WINDOWS \\ system32 \\ drivers \\ sr.sys [2008-04-13 73472]
====== List of services (R = Running, S = Stopped, 0 = Boot, 1 = System, 2 = Auto, 3 = Demand, 4 = Disabled )======
R2 Ati HotKey Poller, Ati HotKey Poller C: \\ WINDOWS \\ system32 \\ Ati2evxx.exe [2006-02-21 405504]
R2 Automatic LiveUpdate Scheduler, Automatic LiveUpdate Scheduler C: \\ Program Files \\ Symantec \\ LiveUpdate \\ AluSchedulerSvc.exe [2008-02-21 238968]
R2 ccEvtMgr; Symantec Event Manager C: \\ Program Files \\ Common Files \\ Symantec Shared \\ ccSvcHst.exe [2008-02-18 149352]
R2 ccSetMgr; Symantec Settings Manager C: \\ Program Files \\ Common Files \\ Symantec Shared \\ ccSvcHst.exe [2008-02-18 149352]
R2 CLTNetCnService; Symantec Lic netconnect service; C: \\ Program Files \\ \\ Symantec Shared \\ ccSvcHst.exe [2008-02-18 149352]
R2 gusvc; Google Updater Service; C: \\ Program Files \\ Google \\ Common \\ Google Updater \\ GoogleUpdaterService.exe [2007-06-04 138680]
R2 InCDsrv; InCD File System Service C: \\ Program Files \\ Ahead \\ InCD \\ InCDsrv.exe [2003-09-01 798772]
R2 LiveUpdate Notice; LiveUpdate Notice C: \\ Program Files \\ Common Files \\ Symantec Shared \\ ccSvcHst.exe [2008-02-18 149352]
R2 MDM; Machine Debug Manager; C: \\ Program Files \\ Common Files \\ Microsoft Shared \\ VS7DEBUG \\ Mdm.exe [2003-06-19 322120]
R2 PrismXL; PrismXL C: \\ Program Files \\ Common Files \\ New Boundary \\ PrismXL \\ PRISMXL.SYS [2005-01-28 172032]
S3 aspnet_state; ASP.NET State Service; C: \\ WINDOWS \\ Microsoft.NET \\ Framework \\ v1.1.4322 \\ aspnet_state.exe [2004-07-15 32768]
S3 comHost, COM Host C: \\ Program Files \\ Common Files \\ Symantec Shared \\ VAScanner \\ comHost.exe [2007-08-22 55640]
S3 LiveUpdate; LiveUpdate C: \\ Program Files \\ Symantec \\ LiveUpdate \\ LuComServer_3_4.EXE [2008-09-05 3220856]
S3 ose; Office Source Engine; C: \\ Program Files \\ Common Files \\ Microsoft Shared \\ Source Engine \\ OSE.EXE [2003-07-28 89136]
S3 Symantec Core LC; Symantec Core LC; C: \\ PROGRA ~ 1 \\ COMMON ~ 1 \\ SYMNET ~ 1 \\ CCPD-LC \\ symlcsvc.exe [2008-10-16 1245064]
S3 WMPNetworkSvc; Windows Media Player Network Sharing Service; C: \\ Program Files \\ Windows Media Player \\ WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc; Windows Driver Foundation - User-mode Driver Framework, C: \\ WINDOWS \\ system32 \\ svchost.exe [2008-04-13 14336]
----------------- EOF -----------------
  #7  
Old 16 oktober 2008, 13:50
Moderator
Berichten: 7.561
 
De digestp.dll is nog steeds niet verdwenen.

Eerste:

Downloaden Disable / Remove Windows Messenger naar het bureaublad te verwijderen Windows Messenger.

Verwar Windows Messenger met Messenger want ze zijn niet hetzelfde. Windows Messenger is een veel voorkomende oorzaak van pop-ups.

Pak het bestand op het bureaublad. Open MessengerDisable.exe en kies het onderste vak -- Uninstall Windows Messenger en klik Aanvragen.

Afsluiten van MessengerDisable verwijder vervolgens de twee bestanden die zijn gezet op het bureaublad.

----------

Opmerking: de onderstaande instructies werden speciaal gemaakt voor deze gebruiker. Als u niet deze gebruiker NIET Volg deze aanwijzingen als ze de werking van je systeem kan beschadigen

Naar Start> Uitvoeren en type notepad.exe klik OK

Kopieer en plak de onderstaande in Kladblok en opslaan als fixme.reg aan Uw Desktop

Code:
REGEDIT4 [-HKEY_LOCAL_MACHINE \\ SOFTWARE \\ Microsoft \\ Windows \\ CurrentVersion \\ Explorer \\ Browser Helper Objects \\ (D6EEB0C3-825E-4FBC-BE0F-38CD08E932FE)] [-HKEY_LOCAL_MACHINE \\ SOFTWARE \\ Microsoft \\ Windows \\ shared tools \\ msconfig \\ startupreg \\ CTFMON.EXE] [-- HKEY_LOCAL_MACHINE \\ SOFTWARE \\ Microsoft \\ Windows NT \\ CurrentVersion \\ Winlogon \\ Notify \\ paubftzz]
Zoek fixme.reg op je bureaublad en dubbelklik erop. Antwoord Ja wanneer wordt gevraagd om te fuseren met de griffie.

Zorg ervoor dat u mij vertellen als je een succes bericht ontvangen over het toevoegen van de hierboven aan het register. Als u niet een succes boodschap krijgt, heeft zij niet werken.

Verwijder de fixme.reg van het bureaublad.

----------

Uw Java is verouderd.

Oudere versies hebben lekken die kwaadaardige sites kunt gebruiken om je systeem te infecteren.

Installeer eerst de nieuwe Sun Java Runtime Environment

Zorg dat u alle browservensters sluiten voor het begin van de installatie.

Verwijder de oude versie (s)

Downloaden JavaRa
  • Pak het bestand en open de JavaRa.exe
  • Klik Oudere versies
  • JavaRa zal zoeken naar en verwijderen van een verouderde versie van Java en verwijder die zijn gevonden.
  • Klik Extra Taken
  • Plaats een vinkje naast Verwijder Useless JRE Bestanden en klik Gaan
  • Exit JavaRa
  • Verwijder de JavaRa bestanden van de Desktop
----------

Verdachte bestanden te scannen

Ga naar VirSCAN.org GRATIS on-line scan service
(Indien meer dan een bestand moet ze apart gescand moet worden gedaan en logs geplaatst voor elk een)

1. Kopieer en plak het volgende bestand in de weg Verdachte bestanden te scannen vak aan de bovenkant van de pagina.
Code:
C: \\ WINDOWS \\ system32 \\ CF23987.exe
2. Op de upload site, klik eenmaal in het venster naast Bladeren.
3. Druk Ctrl + V op het toetsenbord (zowel op dezelfde tijd) om te plakken het pad in het venster.
4. Klik op Upload knop.
Dit zal een scan meerdere verschillende virus scanning engines.
Uw bestand zal mogelijk worden opgenomen in een wachtrij die normaal in minder dan een minuut duidelijk.
Belangrijk Wacht tot alle motoren van het scannen te voltooien.
5. Zodra de scan is voltooid, scroll naar beneden en klik op de Kopiëren naar Klembord knop. Dit kopieert de link van het verslag in het Klembord.
6. Plak de inhoud van het Klembord in je volgende antwoord.

----------

Na de publicatie van de VirSCAN.org resultaten.

Downloaden ATF Cleaner door Atribune op uw bureaublad.

Alternatieve download link

Opmerking: Vista-gebruikers moeten Als administrator uitvoeren
  • Onder Main: Selecteer bestanden om te verwijderen kiezen: Alles selecteren.
  • Klik op Empty Selected knop.
  • Als u Firefox-browser klik Firefox aan de top en kies: Alles selecteren
  • Klik op Empty Selected knop.
    Als u graag om uw opgeslagen wachtwoorden klik Nee op de prompt.
  • Als u Opera browser klik Opera aan de top en kies: Alles selecteren
  • Klik op Empty Selected knop.
    Als u graag om uw opgeslagen wachtwoorden klik Nee op de prompt.
  • Klik Exit op het hoofdmenu om het programma afsluiten.
Merk op dat uw systeem trager zal een reboot of twee lopen na dit hulpmiddel gebruikt dus geen paniek.

Belangrijk Herstart de computer voordat u verdergaat.
__________________
  #8  
Old 16 oktober 2008, 14:39
Full Member
Berichten: 19
 
1. Succes in Fixme.reg

2. Dan zijn hier de 2 log bestanden die u wilde dat ik sturen

A. JavaRa 1,11 Removal Log.
Verslag volgt na regel.
------------------------------------
De JavaRa verwijdering proces is begonnen op Sat Oct 16 17:23:09 2008
Gevonden en verwijderd: C: \\ Windows \\ System32 \\ jpicpl32.cpl
Gevonden en verwijderd: C: \\ Windows \\ Installer \\ (7148F0A8-6813-11D6-A77B-00B0D0142000)
Gevonden en verwijderd: SOFTWARE \\ JavaSoft \\ Java Runtime Environment \\ 1.4
Gevonden en verwijderd: SOFTWARE \\ Microsoft \\ Windows \\ CurrentVersion \\ Uninstall \\ (7148F0A8-6813-11D6-A77B-00B0D0142000)
Gevonden en verwijderd: SOFTWARE \\ Classes \\ CLSID \\ (CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA)
Gevonden en verwijderd: SOFTWARE \\ Classes \\ CLSID \\ (CAFEEFAC-0014-0002-0000-ABCDEFFEDCBB)
Gevonden en verwijderd: SOFTWARE \\ Classes \\ Installer \\ Products \\ 8A0F841731866D117AB7000B0D410200
Gevonden en verwijderd: SOFTWARE \\ Microsoft \\ Windows \\ CurrentVersion \\ Installer \\ UserData \\ S-1-5-18 \\ Products \\ 8A0F841731866D117AB7000B0D410200
Gevonden en verwijderd: SOFTWARE \\ Classes \\ JavaPlugin.142
Gevonden en verwijderd: SOFTWARE \\ JavaSoft \\ Java Plug-in \\ 1.4.2
Gevonden en verwijderd: SOFTWARE \\ JavaSoft \\ Java Runtime Environment \\ 1.4.2
Gevonden en verwijderd: SOFTWARE \\ JavaSoft \\ Java Web Start \\ 1.4.2
Gevonden en verwijderd: SOFTWARE \\ JavaSoft \\ Java Web Start \\ 1.0.1
Gevonden en verwijderd: SOFTWARE \\ JavaSoft \\ Java Web Start \\ 1.0.1_02
Gevonden en verwijderd: SOFTWARE \\ JavaSoft \\ Java Web Start \\ 1.0.1_03
Gevonden en verwijderd: SOFTWARE \\ JavaSoft \\ Java Web Start \\ 1.0.1_04
Gevonden en verwijderd: SOFTWARE \\ JavaSoft \\ Java Web Start \\ 1.2
Gevonden en verwijderd: SOFTWARE \\ JavaSoft \\ Java Web Start \\ 1.2.0_01
------------------------------------
Finished rapportage.

JavaRa 1,11 Removal Log.
Verslag volgt na regel.
------------------------------------
De JavaRa verwijdering proces is begonnen op Sat Oct 16 17:23:18 2008
------------------------------------
Finished rapportage.



B. VirSCAN. Org Gescanned Verslag:
Gescande tijd: 2008/10/16 17:27:59 (CEST)
Scanner resultaten: alle scanners gemeld malware niet vinden!
Bestandsnaam: CF23987.exe
Bestandsgrootte: 389120 bytes
File Type: PE32 uitvoerbaar voor MS Windows (console) Intel 80386 32-bit
MD5: b65faf059812f22a1058ecfcb520e47b
SHA1: 8148c039b0f0a166bc1a1801fe6d14716bdcec1f
Online verslag http://virscan.org/report/36cd3be0f2...66947033e.html
Scanner Engine Ver Ver Sig Sig Datum Tijd Scan resultaat
a-squared 4.0.0.16 2008.10.15 2008-10-15 1,54 --
AhnLab V3 ... .. - 0.18 --
AntiVir 7.9.0.5 7.0.7.51 2008-10-16 0,08 --
Antiy 2.0.18 20081016,1488960 2008-10-16 0,12 --
ArcaVir 1.0.5 200810161244 2008-10-16 1,23 --
Authentium 5.1.1 200810150216 2008-10-15 1,17 --
AVAST! 3.0.1 081015-0 2008-10-15 0,72 --
AVG 7.5.52.442 270.8.1/1728 2008-10-16 1,68 --
BitDefender 7.60825.1875439 7,21294 2008-10-17 3,13 --
CA (VET) 9.0.0.143 31.6.6151 2008-10-16 5,37 --
ClamAV 0,94 8435 2008 -10-17 0,13 --
Comodo 2,11 2.0.0.678 2008-10-16 0,44 --
CP Secure 1.1.0.715 2008.10.17 2008-10-17 6,26 --
Dr.Web 4.44.0.9170 2008.10.16 2008-10-16 3,41 --
Ewido 4.0.0.2 2008.10.16 2008-10-16 2,90 --
F-Prot 4.4.4.56 20081016 2008-10-16 1,19 --
F-Secure 5.51.6100 2008 .10.16.09 2008-10-16 3,55 --
Fortinet 2.81-3.113 9,647 2008-10-15 0,23 --
GData 19.1058/19.65 20081016 2008-10-16 2,65 --
ViRobot 20081016 2008.10.16 2008-10-16 0,40 --
Ikarus T3.1.01.34 2008.10.16.71662 2008-10-16 3,99 --
Jiangmin 11.0.706 2008.10.16 2008-10-16 1,26 --
Kaspersky 5.5.10 2008.10.16 2008-10-16 0,04 --
Kingsoft 2008.9.8.18 2008.10.16.17 2008-10-16 0,66 --
McAfee 5.3.00 5406 2008-10-15 2,13 --
Microsoft 1,4005 2008.10.16 2008-10-16 3,93 --
mks_vir 2,01 2008.10.16 2008-10-16 2,75 --
Norman 5.93.01 5.93.00 2008-10-16 5,21 --
Panda 9.05.01 2008.10.16 2008-10-16 2,28 --
Trend Micro 8.700-1004 5.604.11 2008-10-16 0,03 --
Quick Heal 9,50 2008.10.16 2008-10-16 1,99 --
Rising 20,0 20.66.32.00 2008-10-16 0,77 --
Sophos 2.79.0 4,34 2008-10-17 1,86 --
Sunbelt 3.1.1728.1 2317 2008-10-16 0,48 --
Symantec 1.3.0.24 20081016,004 2008-10-16 0,05 --
nProtect 2008-10-16.00 2247055 2008-10-16 4,22 --
The Hacker 6.3.1.0 v00116 2008-10-16 0,45 --
VBA32 3.12.8.7 20081016,1009 2008-10-16 1,43 --
VirusBuster 4.5.11.10 10.90.4/651643 2008-10-16 0,99 --
  #9  
Old 16 oktober 2008, 14:41
Moderator
Berichten: 7.561
 
Download ComboFix door Juisterr uit een van de onderstaande links. Zorg top sla het op in de Desktop.

Link # 1
Link # 2

** Opmerking: Het is belangrijk dat het direct wordt opgeslagen op uw bureaublad

Sluit alle geopende webbrowsers. (Firefox, Internet Explorer, enz.) voordat ComboFix.

Tijdelijk uitschakelen je antivirusEn eventuele antispyware real-time bescherming voordat het uitvoeren van een scan. Klik deze link om een lijst van programma's die de veiligheid moeten worden uitgeschakeld en hoe ze te schakelen.

Dubbelklik ComboFix.exe en volg de instructies.
Wanneer u klaar bent ComboFix zal een log te produceren voor je.
Post de ComboFix log in je volgende antwoord.

Belangrijk Don't muisklik niet ComboFix venster, terwijl het draait. Dat kan ervoor zorgen dat kraam.

Vergeet niet om opnieuw inschakelen van uw antivirus-en antispyware-bescherming wanneer ComboFix is voltooid.
__________________
  #10  
Old 16 oktober 2008, 15:11
Full Member
Berichten: 19
 
ComboFix 08-10-16.01 - Eigenaar 2008-10-16 17:52:25.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.95 [GMT -4:00]
Running from: C: \\ Documents and Settings \\ Eigenaar \\ Desktop \\ ComboFix.exe
* Een nieuw herstelpunt
.
((((((((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))) ))))))))))))))))))))))))))))))))))))))))
.
C: \\ WINDOWS \\ jestertb.dll
D: \\ Autorun.inf
.
((((((((((((((((((((((((( Bestanden Gemaakt van 2008-09-16 tot 2008-10-16 ))))))))))) ))))))))))))))))))))
.
2008-10-16 16:16. 2008-10-16 16:17 <DIR> d -------- C: \\ Documents and Settings \\ All Users \\ Application Data \\ WinZip
2008-10-16 15:56. 2008-10-16 16:23 <DIR> d -------- C: \\ rsit
2008-10-16 15:19. 2008-10-16 15:19 <DIR> d -------- C: \\ _OTMoveIt
2008-10-16 14:07. 2008-10-16 14:07 <DIR> d -------- C: \\ Program Files \\ Panda Security
2008-10-16 14:07. 2008-06-19 17:24 28.544 - a ------ C: \\ WINDOWS \\ system32 \\ drivers \\ pavboot.sys
2008-10-16 13:20. 2008-10-16 13:20 <DIR> d -------- C: \\ VundoFix Backups
2008-10-16 12:26. 2008-10-16 12:26 <DIR> d -------- C: \\ Documents and Settings \\ All Users \\ Application Data \\ SUPERAntiSpyware.com
2008-10-16 12:25. 2008-10-16 13:40 <DIR> d -------- C: \\ Program Files \\ SUPERAntiSpyware
2008-10-16 12:25. 2008-10-16 12:25 <DIR> d -------- C: \\ Program Files \\ Common Files \\ Wise Installation Wizard
2008-10-16 12:25. 2008-10-16 12:25 <DIR> d -------- C: \\ Documents and Settings \\ Eigenaar \\ Application Data \\ SUPERAntiSpyware.com
2008-10-16 11:08. 2008-10-16 11:08 <DIR> d -------- C: \\ WINDOWS \\ system32 \\ N360_BACKUP
2008-10-16 10:48. 2008-10-16 10:48 <DIR> d ---- c --- C: \\ WINDOWS \\ system32 \\ DRVSTORE
2008-10-16 10:47. 2008-10-16 10:47 <DIR> d -------- C: \\ Documents and Settings \\ All Users \\ Application Data \\ () 3276BE95_AF08_429F_A64F_CA64CB79BCF6
2008-10-16 10:24. 2008-10-16 10:24 <DIR> d -------- C: \\ Program Files \\ Windows Sidebar
2008-10-16 10:24. 2008-10-16 11:44 <DIR> d -------- C: \\ Program Files \\ Norton 360
2008-10-16 10:22. 2008-10-16 11:04 123.952 - a ------ C: \\ WINDOWS \\ system32 \\ drivers \\ SYMEVENT.SYS
2008-10-16 10:22. 2008-10-16 11:04 60.800 - a ------ C: \\ WINDOWS \\ system32 \\ S32EVNT1.DLL
2008-10-16 10:22. 2008-10-16 11:04 10.671 - a ------ C: \\ WINDOWS \\ system32 \\ drivers \\ SYMEVENT.CAT
2008-10-16 10:22. 2008-10-16 11:04 805 - a ------ C: \\ WINDOWS \\ system32 \\ drivers \\ SYMEVENT.INF
2008-10-16 10:16. 2008-09-08 06:41 333.824 ----- c --- C: \\ WINDOWS \\ system32 \\ dllcache \\ Srv.sys
2008-10-16 10:15. 2008-08-14 06:11 2.189.184 ----- c --- C: \\ WINDOWS \\ system32 \\ dllcache \\ ntoskrnl.exe
2008-10-16 10:15. 2008-08-14 06:09 2.145.280 ----- c --- C: \\ WINDOWS \\ system32 \\ dllcache \\ Ntkrnlmp.exe
2008-10-16 10:15. 2008-08-14 05:33 2.066.048 ----- c --- C: \\ WINDOWS \\ system32 \\ dllcache \\ ntkrnlpa.exe
2008-10-16 10:15. 2008-08-14 05:33 2.023.936 ----- c --- C: \\ WINDOWS \\ system32 \\ dllcache \\ Ntkrpamp.exe
2008-10-16 10:15. 2008-09-15 08:12 1.846.400 ----- c --- C: \\ WINDOWS \\ system32 \\ dllcache \\ win32k.sys
2008-10-16 10:09. 2008-10-16 10:10 <DIR> d -------- C: \\ Documents and Settings \\ Administrator \\. Housecall6.6
2008-10-15 17:42. 2004-08-27 05:54 <DIR> d -------- C: \\ Documents and Settings \\ Administrator \\ WINDOWS
2008-10-15 17:42. 2005-01-28 05:22 <DIR> d -------- C: \\ Documents and Settings \\ Administrator \\ Application Data \\ SampleView
2008-10-15 17:42. 2005-01-28 05:26 <DIR> d -------- C: \\ Documents and Settings \\ Administrator \\ Application Data \\ McAfee
2008-10-15 17:42. 2008-10-15 17:42 <DIR> d -------- C: \\ Documents and Settings \\ Administrator \\ Application Data \\ Malwarebytes
2008-10-15 17:42. 2008-10-16 10:09 <DIR> d -------- C: \\ Documents and Settings \\ Administrator
2008-10-15 17:26. 2008-10-15 17:26 <DIR> d -------- C: \\ Program Files \\ NoNAV
2008-10-15 16:41. 2008-10-15 17:26 <DIR> d -------- C: \\ SymNoNav
2008-10-15 16:22. 2008-10-15 17:27 <DIR> d -------- C: \\ WINDOWS \\ LMI42.tmp
2008-10-15 15:10. 2008-10-15 15:10 <DIR> d -------- C: \\ Program Files \\ Trend Micro
2008-10-11 13:05. 2008-10-11 12:33 102.664 - a ------ C: \\ WINDOWS \\ system32 \\ drivers \\ tmcomm.sys
2008-10-11 12:33. 2008-10-15 15:21 <DIR> d -------- C: \\ Documents and Settings \\ Eigenaar \\. Housecall6.6
2008-10-11 12:25. 2008-10-11 12:25 <DIR> d -------- C: \\ WINDOWS \\ zon
2008-10-11 12:00. 2008-10-11 12:01 <DIR> d -------- C: \\ Program Files \\ CCleaner
2008-10-11 11:38. 2008-10-11 11:38 <DIR> d -------- C: \\ Program Files \\ Malwarebytes 'Anti-Malware
2008-10-11 11:38. 2008-10-11 11:38 <DIR> d -------- C: \\ Documents and Settings \\ Eigenaar \\ Application Data \\ Malwarebytes
2008-10-11 11:38. 2008-10-11 11:38 <DIR> d -------- C: \\ Documents and Settings \\ All Users \\ Application Data \\ Malwarebytes
2008-10-11 11:38. 2008-09-10 00:04 38.528 - a ------ C: \\ WINDOWS \\ system32 \\ drivers \\ mbamswissarmy.sys
2008-10-11 11:38. 2008-09-10 00:03 17.200 - a ------ C: \\ WINDOWS \\ system32 \\ drivers \\ mbam.sys
2008-09-23 13:17. 2008-09-23 13:17 133 - a ------ C: \\ Documents and Settings \\ All Users \\ Application Data \\ ustore.dat
.
(((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))) ))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-16 21:53 --------- d ----- w C: \\ Program Files \\ Common Files \\ Symantec Shared
2008-10-16 17:49 --------- d ----- w C: \\ Documents and Settings \\ All Users \\ Application Data \\ Google Updater
2008-10-16 15:08 --------- d ----- w C: \\ Documents and Settings \\ Eigenaar \\ Application Data \\ Symantec
2008-10-16 15:04 --------- d ----- w C: \\ Program Files \\ Symantec
2008-10-16 15:01 --------- d ----- w C: \\ Documents and Settings \\ All Users \\ Application Data \\ Symantec
2008-09-24 12:36 --------- d ----- w C: \\ Program Files \\ \\ Peach
2008-09-08 10:41 333.824 ---- aw C: \\ WINDOWS \\ system32 \\ drivers \\ Srv.sys
2008-08-19 10:32 --------- d ----- w C: \\ Program Files \\ Microsoft Silverlight
2005-10-20 18:06 76-c ---- w C: \\ Documents and Settings \\ Eigenaar \\ Application Data \\ wklnhst.dat
2005-05-27 00:43 0-csha-w C: \\ WINDOWS \\ SMINST \\ HPCD.sys
2008-05-24 13:39 32.768-csha-w C: \\ WINDOWS \\ system32 \\ config \\ systemprofile \\ Local Settings \\ Geschiedenis \\ History.IE5 \\ MSHist012008052420080525 \\ index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))) ))))))))))))))))))))))))))))))))))))))))
.
.
* Nota * lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
[HKEY_LOCAL_MACHINE \\ ~ \\ Browser Helper Objects \\ (D6EEB0C3-825E-4FBC-BE0F-38CD08E932FE)]
2004-08-04 15:00 105984 - a ------ c: \\ windows \\ system32 \\ digestp.dll
[HKEY_LOCAL_MACHINE \\ Software \\ Microsoft \\ Windows \\ CurrentVersion \\ Explorer \\ shelliconoverlayidentifiers \\ OverlayExcluded]
@ = "(4433A54A-1AC8-432f-90FC-85F045CF383C)"
[HKEY_CLASSES_ROOT \\ CLSID \\ (4433A54A-1AC8-432f-90FC-85F045CF383C)]
2008-02-26 04:34 576352 - a ------ C: \\ Program Files \\ \\ Symantec Shared \\ Backup \\ buShell.dll
[HKEY_LOCAL_MACHINE \\ Software \\ Microsoft \\ Windows \\ CurrentVersion \\ Explorer \\ shelliconoverlayidentifiers \\ OverlayPending]
@ = "(F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225)"
[HKEY_CLASSES_ROOT \\ CLSID \\ (F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225)]
2008-02-26 04:34 576352 - a ------ C: \\ Program Files \\ \\ Symantec Shared \\ Backup \\ buShell.dll
[HKEY_LOCAL_MACHINE \\ Software \\ Microsoft \\ Windows \\ CurrentVersion \\ Explorer \\ shelliconoverlayidentifiers \\ OverlayProtected]
@ = "(476D0EA3-80F9-48B5-B70B-05E677C9C148)"
[HKEY_CLASSES_ROOT \\ CLSID \\ (476D0EA3-80F9-48B5-B70B-05E677C9C148)]
2008-02-26 04:34 576352 - a ------ C: \\ Program Files \\ \\ Symantec Shared \\ Backup \\ buShell.dll
[HKEY_CURRENT_USER \\ SOFTWARE \\ Microsoft \\ Windows \\ CurrentVersion \\ Run]
"ctfmon.exe" = "C: \\ WINDOWS \\ system32 \\ ctfmon.exe" [2008-04-13 15360]
"SUPERAntiSpyware" = "C: \\ Program Files \\ \\ WMPNSCFG.exe" [2008-05-28 1506544]
[HKEY_LOCAL_MACHINE \\ SOFTWARE \\ Microsoft \\ Windows \\ CurrentVersion \\ Run]
"QuickTime Task" = "C: \\ Program Files \\ QuickTime \\ qttask.exe" [2005-01-28 98304]
"Adobe Photo Downloader" = "C: \\ Program Files \\ Adobe \\ Photoshop Album Starter Edition \\ 3.0 \\ Apps \\ apdproxy.exe" [2005-06-06 57344]
"Adobe Reader Speed Launcher" = "C: \\ Program Files \\ Adobe \\ Reader 8.0 \\ Reader \\ Reader_sl.exe" [2008-01-11 39792]
"NvMediaCenter" = "C: \\ Program Files \\ Common Files \\ Real \\ \\ jusched.exe" [2008-04-19 185896]
"ccApp" = "C: \\ Program Files \\ \\ Symantec Shared \\ ccApp.exe" [2008-02-18 51048]
"SunJavaUpdateSched" = "C: \\ Program Files \\ Norton 360 \\ ctfmon.exe" [2008-02-26 988512]
C: \\ Documents and Settings \\ All Users \\ Start Menu \\ Programs \\ Startup \\
Device Detector 3.lnk - C: \\ Program Files \\ Olympus \\ DeviceDetector \\ DevDtct2.exe [2007-06-27 114688]
Google Updater.lnk - C: \\ Program Files \\ Google \\ Google Updater \\ GoogleUpdater.exe [2007-06-04 125624]
Microsoft Office.lnk - C: \\ Program Files \\ Microsoft Office \\ Office \\ OSA9.exe [2000-01-21 65588]
WinZip Quick Pick.lnk - C: \\ Program Files \\ WinZip \\ WZQKPICK.EXE [2008-09-11 525664]
[HKEY_LOCAL_MACHINE \\ Software \\ Microsoft \\ Windows \\ CurrentVersion \\ Explorer \\ ShellExecuteHooks]
"(5AE067D3-9AFB-48E0-853A-EBB7F4A000DA)" = "C: \\ Program Files \\ Bonjour \\ SASSEH.DLL" [2008-05-13 77824]
[HKEY_LOCAL_MACHINE \\ Software \\ Microsoft \\ Windows NT \\ CurrentVersion \\ Winlogon \\ Notify \\! SASWinLogon]
2007-04-19 13:41 294912 C: \\ Program Files \\ Bonjour \\ mDNSResponder.exe
[HKEY_LOCAL_MACHINE \\ Software \\ Microsoft \\ Windows NT \\ CurrentVersion \\ Winlogon \\ Notify \\ paubftzz]
2004-08-04 15:00 105984 C: \\ WINDOWS \\ system32 \\ digestp.dll
[HKLM \\ ~ \\ startupfolder \\ C: ^ Documents and Settings ^ All Users ^ Menu Start ^ Programma's ^ Opstarten ^ BigFix.lnk]
path = C: \\ Documents and Settings \\ All Users \\ Start Menu \\ Programs \\ Startup \\ BigFix.lnk
backup = C: \\ WINDOWS \\ pss \\ Startup BigFix.lnkCommon
[HKLM \\ ~ \\ startupfolder \\ C: ^ Documents and Settings ^ All Users ^ Menu Start ^ Programma's ^ Opstarten ^ Microsoft Office.lnk]
path = C: \\ Documents and Settings \\ All Users \\ Start Menu \\ Programs \\ Startup \\ Microsoft Office.lnk
backup = C: \\ WINDOWS \\ pss \\ Microsoft Office.lnkCommon Startup
[HKEY_LOCAL_MACHINE \\ Software \\ Microsoft \\ shared tools \\ msconfig \\ startupreg \\ ATIPTA]
- a - c --- 2004-11-12 01:10 344064 C: \\ Program Files \\ ATI Technologies \\ ATI Control Panel \\ atiptaxx.exe
[HKEY_LOCAL_MACHINE \\ Software \\ Microsoft \\ shared tools \\ msconfig \\ startupreg \\ SunJavaUpdateSched]
- a ------ 2008-02-18 15:37 51048 C: \\ Program Files \\ \\ Symantec Shared \\ ccApp.exe
[HKEY_LOCAL_MACHINE \\ Software \\ Microsoft \\ shared tools \\ msconfig \\ startupreg \\ CTFMON.EXE]
- a ------ 2008-04-13 20:12 15360 C: \\ WINDOWS \\ system32 \\ ctfmon.exe
[HKEY_LOCAL_MACHINE \\ Software \\ Microsoft \\ shared tools \\ msconfig \\ startupreg \\ InCD]
- a ------ 2003-09-01 09:32 1200178 C: \\ Program Files \\ Ahead \\ InCD \\ InCD.exe
[HKEY_LOCAL_MACHINE \\ Software \\ Microsoft \\ shared tools \\ msconfig \\ startupreg \\ TkBellExe]
- a ------ 2001-07-09 15:50 155648 C: \\ WINDOWS \\ system32 \\ ctfmon.exe
[HKEY_LOCAL_MACHINE \\ Software \\ Microsoft \\ shared tools \\ msconfig \\ startupreg \\ NeroFilterCheck]
- a ------ 2001-07-09 15:50 155648 C: \\ WINDOWS \\ system32 \\ ctfmon.exe
[HKEY_LOCAL_MACHINE \\ Software \\ Microsoft \\ shared tools \\ msconfig \\ startupreg \\ osCheck]
- a - c --- 2002-09-13 16:42 212992 C: \\ WINDOWS \\ SMINST \\ NvStartup
[HKEY_LOCAL_MACHINE \\ Software \\ Microsoft \\ shared tools \\ msconfig \\ startupreg \\ NeroFilterCheck]
- a - c --- 2003-10-31 23:42 32768 C: \\ Program Files \\ CyberLink \\ TeaTimer.exe
[HKEY_LOCAL_MACHINE \\ Software \\ Microsoft \\ shared tools \\ msconfig \\ startupreg \\ SunKistEM]
- a - c --- 2004-11-15 19:04 135168 C: \\ Program Files \\ Digital Media Reader \\ shwiconEM.exe
[HKEY_LOCAL_MACHINE \\ Software \\ Microsoft \\ shared tools \\ msconfig \\ startupreg \\ Software Update]
- a - c --- 2003-08-19 01:01 110592 C: \\ Program Files \\ Common Files \\ Sonic \\ Update Manager \\ sgtray.exe
[HKEY_LOCAL_MACHINE \\ Software \\ Microsoft \\ shared tools \\ msconfig \\ startupreg \\ CHotkey]
- a - c --- 2004-05-17 22:30 543232 C: \\ WINDOWS \\ zHotkey.exe
[HKEY_LOCAL_MACHINE \\ Software \\ Microsoft \\ shared tools \\ msconfig \\ startupreg \\ ShowWnd]
- a - c --- 2003-09-19 13:09 36864 C: \\ WINDOWS \\ ShowWnd.exe
[HKEY_LOCAL_MACHINE \\ Software \\ Microsoft \\ shared tools \\ msconfig \\ startupreg \\ Cmaudio]
- a - c --- 2004-11-15 23:20 77824 C: \\ WINDOWS \\ AGRSMMSG.exe
[HKEY_LOCAL_MACHINE \\ Software \\ Microsoft \\ Security Center \\ Monitoring]
"DisableMonitoring" = dword: 00000001
[HKEY_LOCAL_MACHINE \\ Software \\ Microsoft \\ Security Center \\ Monitoring \\ SymantecAntiVirus]
"DisableMonitoring" = dword: 00000001
[HKEY_LOCAL_MACHINE \\ Software \\ Microsoft \\ Security Center \\ Monitoring \\ SymantecFirewall]
"DisableMonitoring" = dword: 00000001
[HKLM \\ ~ \\ services \\ sharedaccess \\ parameters \\ firewallpolicy \\ standardprofile]
"EnableFirewall" = 0 (0x0)
[HKLM \\ ~ \\ services \\ sharedaccess \\ parameters \\ firewallpolicy \\ standardprofile \\ AuthorizedApplications \\ List]
"% windir% \\ \\ system32 \\ \\ Sessmgr.exe" =
"% windir% \\ \\ Network Diagnostic \\ \\ xpnetdiag.exe" =
R0 pavboot; pavboot C: \\ WINDOWS \\ system32 \\ drivers \\ pavboot.sys [2008-06-19 28544]
R0 shsizubv; shsizubv C: \\ WINDOWS \\ system32 \\ drivers \\ shsizubv.sys [2004-08-04 23424]
S3 COH_Mon; COH_Mon C: \\ WINDOWS \\ system32 \\ Drivers \\ COH_Mon.sys [2008-07-30 23888]
S3 VNUSB; VN Series Device; C: \\ WINDOWS \\ system32 \\ drivers \\ VNUSB.sys [2003-12-15 38448]
HKEY_LOCAL_MACHINE \\ SOFTWARE \\ Microsoft \\ Windows NT \\ CurrentVersion \\ Svchost - netsvcs
qfbydciq
[HKEY_CURRENT_USER \\ Software \\ Microsoft \\ Windows \\ CurrentVersion \\ Explorer \\ mountpoints2 \\ (4f63278d-8557-11d9-BE24-806d6172696f)]
\\ Shell \\ AutoRun \\ command - C: \\ WINDOWS \\ system32 \\ rundll32.exe shell32.dll, ShellExec_RunDLL Info.exe Folder.htt 480 480
[HKEY_CURRENT_USER \\ Software \\ Microsoft \\ Windows \\ CurrentVersion \\ Explorer \\ mountpoints2 \\ (e1ec6b61-710 bis-11d9-b301-806d6172696f)]
\\ Shell \\ AutoRun \\ command - C: \\ WINDOWS \\ system32 \\ rundll32.exe shell32.dll, ShellExec_RunDLL Info.exe Folder.htt 480 480
* Newly Created Service * - COMHOST
* Newly Created Service * - PROCEXP90
.
Inhoud van de map 'Geplande taken'
2008-10-12 C: \\ WINDOWS \\ Tasks \\ Automatic Backup.job
- C: \\ Program Files \\ Stomp \\ Backup MijnPC \\ System \\ bestart.exe [2003-10-30 04:10]
2008-10-15 C: \\ WINDOWS \\ Tasks \\ Daily Changed Files.job
- C: \\ Program Files \\ Stomp \\ Backup MijnPC \\ System \\ bestart.exe [2003-10-30 04:10]
2008-10-11 C: \\ WINDOWS \\ Tasks \\ PEACTREE WEEKLY TERUG UP.job
- C: \\ Program Files \\ Stomp \\ Backup MijnPC \\ System \\ bestart.exe [2003-10-30 04:10]
.
- - - - WEZEN VERWIJDERD - - - --
Toolbar-ID - (no file)

.
------- Bijkomende Scan -------
.
R0 -: HKLM-Main, Start Page = hxxp: / / www.emachines.com/
R0 -: HKLM-Main, SearchMigratedDefaultURL = hxxp: / / www.google.com/search?q searchTerms = () & sourceid = ie7 & rls = com.microsoft: en-US & ie = utf8 & oe = utf8
R1 -: HKCU-searchUrl, (Default) = hxxp: / / www.google.com/search?q =% s
O8 -: E & xporteren naar Microsoft Excel - C: \\ PROGRA ~ 1 \\ MICROS ~ 2 \\ OFFICE11 \\ EXCEL.EXE/3000
.
************************************************** ************************
catchme 0.3.1361 W2K/XP/Vista - rootkit / stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-16 17:54:24
Windows 5.1.2600 Service Pack 3 NTFS
scannen van verborgen processen ...
scannen van verborgen autostart items ...
scannen van verborgen bestanden ...
scan succesvol afgerond
verborgen bestanden: 0
************************************************** ************************
.
Voltooingstijd: 2008-10-16 17:56:31
ComboFix-quarantined-files.txt 2008-10-16 21:56:27
Pre-Run: 142914838528 bytes vrij
Post-Run: 142911078400 bytes vrij
WindowsXP-KB310994-SP2-Home-Bootdisk-NLD.exe
[boot loader]
timeout = 2
default = multi (0) disk (0) rdisk (0) partition (1) \\ WINDOWS
[operating systems]
C: \\ cmdcons \\ BOOTSECT.DAT = "Microsoft Windows Recovery Console" / cmdcons
multi (0) disk (0) rdisk (0) partition (1) \\ WINDOWS = "Microsoft Windows XP Home Edition" / noexecute = optin / fastdetect
208 --- EOF --- 2008-10-16 15:20:49
Reply
Pagina 1 van 3 1 23

Register

Similar Threads
Draad Thread Starter Forum Antwoorden Last Post
Trojan Vundo.H Won't Go Away. jbrac25 Virus, Spyware & Security 6 15 mei 2009 13:12
Need Help ... Can't Get Rid Of Trojan.Vundo. sukun Virus, Spyware & Security 1 2 mei 2009 16:27
I Can't Get Rid of Trojan.Vundo van mijn PC theprodigycmb Virus, Spyware & Security 13 16 maart 2009 16:40
Need Help w / Trojan.Vundo H! Nicholas02 Virus, Spyware & Security 22 22 december 2008 17:59
Trojan.Vundo, Trojan.Agent, adware.mirar + MORE! : ( sillyarfer Virus, Spyware & Security 1 14 december 2008 09:59
Discussietools



Translations powered by Powered by Google
Arabic Bulgarian Chinese Croatian Czech Danish Dutch English Finnish French German Greek Hebrew Hungarian Italian Japanese Korean Latvian Lithuanian Norwegian Polish Portuguese Romanian Russian Serbian Slovak Spanish Swedish Taiwanese Thai Turkish Ukrainian

Copyright © 2006 - 2010 Computer Juice.
Contact -- Privacy -- Sitemap -- Top

Powered by vBulletin ® Copyright © 2000 - 2010 Jelsoft Enterprises Ltd SEO by vBSEO © 2009, Crawlability, Inc