Gllod.com wijzigt mijn startpagina van google

fransefreule

18-03-2010 00:40

Hallo,
Willen jullie naar mijn logjes kijken, ik ben al dagen bezig om die ongein uit mn laptop te krijgen.
Leuk kado-tje van iemand op msn die mij een foto had gestuurd met mijn naam erin vermeldt.
Ongewild verstuurt dit virus/trojan naar andere personen hetzelfde bericht met hun naam er in vermeldt.
Volgens Onecare voor Vista blijkt het dat ik iets heb opgelopen en doorgeef.
Vir tool: win32/CEEInject-gen!BE
Backdoor: win32/ Trenk!RTS
Op internet gezocht wat Gllod.com is, als antwoord kreeg ik: Backdoor: win32/Geaertob.A Trojan.
Alle 7 stappen doorlopen.
Malwarebytes' Anti-Malware 1.44
Database versie: 3878
Windows 6.0.6001 Service Pack 1
Internet Explorer 8.0.6001.18882
17-3-2010 23:50:46
mbam-log-2010-03-17 (23-50-46).txt
Scan type: Snelle Scan
Objecten gescand: 122613
Verstreken tijd: 10 minute(s), 46 second(s)
Geheugenprocessen geïnfecteerd: 0
Geheugenmodulen geïnfecteerd: 0
Registersleutels geïnfecteerd: 0
Registerwaarden geïnfecteerd: 0
Registerdata bestanden geïnfecteerd: 0
Mappen geïnfecteerd: 0
Bestanden geïnfecteerd: 0
Geheugenprocessen geïnfecteerd:
(Geen kwaadaardige items gevonden)
Geheugenmodulen geïnfecteerd:
(Geen kwaadaardige items gevonden)
Registersleutels geïnfecteerd:
(Geen kwaadaardige items gevonden)
Registerwaarden geïnfecteerd:
(Geen kwaadaardige items gevonden)
Registerdata bestanden geïnfecteerd:
(Geen kwaadaardige items gevonden)
Mappen geïnfecteerd:
(Geen kwaadaardige items gevonden)
Bestanden geïnfecteerd:
(Geen kwaadaardige items gevonden)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 0:16:09, on 18-3-2010
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18882)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe
C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe
C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\PLFSetI.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Launch Manager\LManager.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe
C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe
C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
C:\Program Files\AVG\AVG9\avgtray.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\InstantEyedropper\InstantEyedropper.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\PrivacyEraser Computing\Privacy Eraser Pro\PrivacyEraser.exe
C:\Program Files\Logitech\Logitech Vid\Vid.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\KPN Dashboard\Mobiel Internet Dashboard\AutoUpdateSrv.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Windows\ehome\ehmsas.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\AVG\AVG9\avgui.exe
C:\Program Files\AVG\AVG9\avgscanx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\SearchFilterHost.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.nl/ig
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.findarticlesblog.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
R3 - URLSearchHook: (no name) - *{E312764E-7706-43F1-8DAB-FCDD2B1E416D} - (no file)
R3 - URLSearchHook: (no name) - *{EEE6C35D-6118-11DC-9C72-001320C79847} - (no file)
R3 - URLSearchHook: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\pdfforge Toolbar\SearchSettings.dll
R3 - URLSearchHook: SearchHelper Class - {91C18ED5-5E1C-4AE5-A148-A861DE8C8E16} - C:\Program Files\SGPSA\mtwb3sh.dll
R3 - URLSearchHook: 4shared.com Toolbar - {09ec805c-cb2e-4d53-b0d3-a75a428b81c7} - C:\Program Files\4shared.com\tb4sha.dll
R3 - URLSearchHook: Zynga Toolbar - {7b13ec3e-999a-4b70-b9cb-2617b8323822} - C:\Program Files\Zynga\tbZyng.dll
O1 - Hosts: ::1 localhost
O2 - BHO: 4shared.com Toolbar - {09ec805c-cb2e-4d53-b0d3-a75a428b81c7} - C:\Program Files\4shared.com\tb4sha.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Zynga Toolbar - {7b13ec3e-999a-4b70-b9cb-2617b8323822} - C:\Program Files\Zynga\tbZyng.dll
O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll
O2 - BHO: Aanmeldhulp voor Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll
O2 - BHO: pdfforge Toolbar - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\WidgiToolbarIE.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O2 - BHO: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\pdfforge Toolbar\SearchSettings.dll
O2 - BHO: Search Assistant - {F0626A63-410B-45E2-99A1-3F2475B2D695} - C:\Program Files\SGPSA\BHO.dll
O2 - BHO: XBTBPos00 - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - (no file)
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll
O3 - Toolbar: pdfforge Toolbar - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\WidgiToolbarIE.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O3 - Toolbar: (no name) - {1BB22D38-A411-4B13-A746-C2A4F4EC7344} - (no file)
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: 4shared.com Toolbar - {09ec805c-cb2e-4d53-b0d3-a75a428b81c7} - C:\Program Files\4shared.com\tb4sha.dll
O3 - Toolbar: Zynga Toolbar - {7b13ec3e-999a-4b70-b9cb-2617b8323822} - C:\Program Files\Zynga\tbZyng.dll
O4 - HKLM\..\Run: %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: “C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe”
O4 - HKLM\..\Run: “C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe”
O4 - HKLM\..\Run: “C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe”
O4 - HKLM\..\Run: “C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe” MSRun
O4 - HKLM\..\Run: RtHDVCpl.exe
O4 - HKLM\..\Run: C:\Windows\PLFSetI.exe
O4 - HKLM\..\Run: C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe
O4 - HKLM\..\Run: C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe
O4 - HKLM\..\Run: C:\Program Files\Acer\WR_PopUp\WarReg_PopUp.exe
O4 - HKLM\..\Run: “C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe” /startup
O4 - HKLM\..\Run: “C:\Program Files\Logitech\QuickCam\Quickcam.exe” /hide
O4 - HKLM\..\Run: C:\Program Files\pdfforge Toolbar\SearchSettings.exe
O4 - HKLM\..\Run: C:\Program Files\FTD Watchdog\FtdMonitor.exe
O4 - HKLM\..\Run: C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
O4 - HKLM\..\Run: C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: “C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe” /s
O4 - HKLM\..\Run: “C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe”
O4 - HKLM\..\Run: C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon
O4 - HKLM\..\Run: C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: “C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe”
O4 - HKLM\..\Run: “C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe”
O4 - HKLM\..\Run: C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKLM\..\Run: “C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe”
O4 - HKLM\..\Run: “C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe”
O4 - HKLM\..\Run: “C:\Program Files\QuickTime\QTTask.exe” -atboottime
O4 - HKLM\..\RunOnce: C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: “C:\Program Files\InstantEyedropper\InstantEyedropper.exe”
O4 - HKCU\..\Run: C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: “C:\Program Files\CCleaner\CCleaner.exe” /AUTO
O4 - HKCU\..\Run: C:\Program Files\PrivacyEraser Computing\Privacy Eraser Pro\PrivacyEraser.exe /Startup
O4 - HKCU\..\Run: “C:\Program Files\Logitech\Logitech Vid\vid.exe” -bootmode
O4 - HKCU\..\Run: C:\Program Files\Webroot\Washer\wwDisp.exe
O4 - HKCU\..\Run: “C:\Program Files\4shared Desktop\desktop.exe” “startup”
O4 - HKCU\..\Run: “C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe” ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User ‘LOCAL SERVICE’)
O4 - HKUS\S-1-5-19\..\Run: rundll32.exe oobefldr.dll,ShowWelcomeCenter (User ‘LOCAL SERVICE’)
O4 - HKUS\S-1-5-20\..\Run: %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User ‘NETWORK SERVICE’)
O4 - Startup: OpenOffice.org 3.0 .lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
O4 - Global Startup: BlueSoleil.lnk = C:\Program Files\IVT Corporation\BlueSoleil\gprs.exe
O4 - Global Startup: Update-functie.lnk = ?
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: In weblog opnemen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra ‘Tools’ menuitem: &In weblog opnemen met Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra ‘Tools’ menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} (Windows Live OneCare safety scanner control) - http://cdn.scan.onecare.live.com/resource/download/scanner/nl-NL/wlscctrl2.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Windows\system32\Skype4COM.dll
O20 - AppInit_DLLs: avgrsstx.dll c:\progra~1\google\google~1\goec62~1.dll avgrsstx.dll
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: AVG Free E-mail Scanner (avg9emc) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgemc.exe
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: NTI Backup Now 5 Agent Service (BUNAgentSvc) - NewTech Infosystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
O23 - Service: CLHNService - Unknown owner - C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe
O23 - Service: eDataSecurity Service - Egis Incorporated - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
O23 - Service: Empowering Technology Service (ETService) - Unknown owner - C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
O23 - Service: Google Desktop Manager 5.9.909.30391 (GoogleDesktopManager-093009-130223) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Unknown owner - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe (file missing)
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NTI Backup Now 5 Backup Service (NTIBackupSvc) - NewTech InfoSystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
O23 - Service: NTI Backup Now 5 Scheduler Service (NTISchedulerSvc) - Unknown owner - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\system32\IoctlSvc.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Spiceworks (spiceworks) - Unknown owner - C:\Program Files\Spiceworks\bin\spiceworks.exe
O23 - Service: Start BT in service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\StartSkysolSvc.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\Windows\System32\ZoneLabs\vsmon.exe
O23 - Service: Window Washer Engine (wwEngineSvc) - Webroot Software, Inc. - C:\Program Files\Webroot\Washer\WasherSvc.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
–
End of file - 16546 bytes
fransefreule

18-03-2010 00:57

Ik vergeet te melden dat de startlink van Google steeds wordt aangepast.
Waar ik normaal http://www.google.nl had staan, komt nu steeds http://www.gllod.com te staan.
Ik had een screendump hiervan gemaakt, maar volgens mij kan dit niet aan dit bericht vastgeplakt worden!
Wil ik in mn internetopties google terugzetten, dan staat daar waar normaal http://www.google.nl staat, http://www.findarticlesblog.com/
Iedere keer wijzigt dit terug!
Argus

18-03-2010 01:38

Sluit alle vensters en start Hijack This
Vista+Windows 7
Klik met de rechtermuis op het programma Hijackthis en Kies voor uitvoeren als administrator en dan
Klik : Do a Systemscan only
Zet een vinkje in het hokje voor:
R3 - URLSearchHook: (no name) - *{E312764E-7706-43F1-8DAB-FCDD2B1E416D} - (no file)
R3 - URLSearchHook: (no name) - *{EEE6C35D-6118-11DC-9C72-001320C79847} - (no file)
R3 - URLSearchHook: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\pdfforge Toolbar\SearchSettings.dll
R3 - URLSearchHook: SearchHelper Class - {91C18ED5-5E1C-4AE5-A148-A861DE8C8E16} - C:\Program Files\SGPSA\mtwb3sh.dll
R3 - URLSearchHook: 4shared.com Toolbar - {09ec805c-cb2e-4d53-b0d3-a75a428b81c7} - C:\Program Files\4shared.com\tb4sha.dll
R3 - URLSearchHook: Zynga Toolbar - {7b13ec3e-999a-4b70-b9cb-2617b8323822} - C:\Program Files\Zynga\tbZyng.dll
O2 - BHO: 4shared.com Toolbar - {09ec805c-cb2e-4d53-b0d3-a75a428b81c7} - C:\Program Files\4shared.com\tb4sha.dll
O2 - BHO: Zynga Toolbar - {7b13ec3e-999a-4b70-b9cb-2617b8323822} - C:\Program Files\Zynga\tbZyng.dll
O2 - BHO: pdfforge Toolbar - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\WidgiToolbarIE.dll
O2 - BHO: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\pdfforge Toolbar\SearchSettings.dll
O2 - BHO: Search Assistant - {F0626A63-410B-45E2-99A1-3F2475B2D695} - C:\Program Files\SGPSA\BHO.dll
O2 - BHO: XBTBPos00 - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - (no file)
O3 - Toolbar: pdfforge Toolbar - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\WidgiToolbarIE.dll
O3 - Toolbar: (no name) - {1BB22D38-A411-4B13-A746-C2A4F4EC7344} - (no file)
O3 - Toolbar: 4shared.com Toolbar - {09ec805c-cb2e-4d53-b0d3-a75a428b81c7} - C:\Program Files\4shared.com\tb4sha.dll
O3 - Toolbar: Zynga Toolbar - {7b13ec3e-999a-4b70-b9cb-2617b8323822} - C:\Program Files\Zynga\tbZyng.dll
O4 - HKLM\..\Run: C:\Program Files\pdfforge Toolbar\SearchSettings.exe
O4 - HKCU\..\Run: “C:\Program Files\4shared Desktop\desktop.exe” “startup”
Internet Explorer moet gesloten zijn als je Fix Checked klikt
Download Combofix naar je Bureaublad.
OPMERKING: indien je, tijdens of na het downloaden van Combofix of tijdens het gebruik van Combofix een melding krijgt van je Antivirus- of een andere realtime scanner, schakel dan deze scanner uit en download Combofix opnieuw.
Sommige scanners zien bepaalde componenten die Combofix gebruikt als verdacht en gaan deze blokkeren of verwijderen!
Dubbelklik op Combofix.exe om het te starten.
Indien je Combofix al eerder hebt gebruikt, kan je een waarschuwing krijgen dat een update beschikbaar is. Sta toe dat ComboFix wordt geupdate.
Klik op OK in het “NirCmd” venstertje.
Klik na afloop terug op Ja om het scannen op malware te starten.
Tijdens het runnen van de fix, NIET in het venster klikken, want dit zal je pc doen vasthangen.
Wanneer de fix voltooid is en na herstart, zal de log Combofix.txt openen.
Post het logje van ComboFix
* Bezoek volgende pagina met de instructies voor het downloaden en gebruiken van Combofix.
http://www.bleepingcomputer.com/combofix/nl/hoe-dient-combofix-gebruikt-te-worden
Download List_Kill’em
* Dubbelklik List_Kill’em.exe
* Vista gebruikers:rechtsklik op List_Kill’em.exe en kies voor "Als Administrator uitvoeren”
* Kies in het venster “Choice” choose: E =English
* Kies in het venster “Choice” choose a number and Enter 1 =Search mode
* De scan wordt gestart. Note: De scan bij "Test Rootkits"kan enige tijd duren
* Aan het eind van de scan komen er twee logfiles
* Catchme.log en C:\List’em.txt post de inhoud van beide in je volgende antwoord
fransefreule

18-03-2010 23:09

Hallo Argus,
Nog bedankt voor je snelle reaktie!
Ben er vanavond mee aan de slag gegaan!
Combofixlog.txt
ComboFix 10-03-17.07 - Anita 18-03-2010 21:34:27.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.31.1043.18.3037.1991
Gestart vanuit: c:\users\Anita\Downloads\ComboFix.exe
AV: ZoneAlarm Security Suite Antivirus *On-access scanning disabled* (Updated) {5D467B10-818C-4CAB-9FF7-6893B5B8F3CF}
FW: ZoneAlarm Security Suite Firewall *disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
SP: ZoneAlarm Security Suite Anti-Spyware *disabled* (Updated) {F245A209-1085-48B4-B927-35D56015EC60}
.
(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\program files\Fast Browser Search
c:\program files\INSTALL.LOG
c:\program files\Search Guard Plus
c:\program files\Search Guard Plus\fbsProtection.xml
c:\program files\Search Guard Plus\fbsProtectionI.xml
c:\program files\Search Guard Plus\fbsSearchProvider.xml
c:\program files\Search Guard Plus\FbsSearchProviderIE8.exe
c:\program files\Search Guard Plus\SearchGuardPlus.exe
c:\program files\Search Guard Plus\SearchGuardPlus.ico
c:\program files\Search Guard Plus\uninstalSGP.exe
c:\program files\Search Guard PlusU
c:\program files\Search Guard PlusU\SGPU.ico
c:\program files\Search Guard PlusU\sgpUpdater.exe
c:\program files\Search Guard PlusU\sgpUpdater.xml
c:\program files\Search Guard PlusU\sgpUpdaters.exe
c:\program files\Search Guard PlusU\uninstalSGPU.exe
c:\program files\SGPSA
c:\program files\SGPSA\ie3sh.exe
c:\program files\SGPSA\mtwb3sh.dll
c:\users\Anita\AppData\Roaming\inst.exe
c:\users\Anita\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.0 .lnk
.
(((((((((((((((((((( Bestanden Gemaakt van 2010-02-18 to 2010-03-18 ))))))))))))))))))))))))))))))
.
2010-03-18 20:50 . 2010-03-18 20:50 ——– d—–w- c:\users\Default\AppData\Local\temp
2010-03-17 23:15 . 2010-03-17 23:15 ——– d—–w- c:\program files\Trend Micro
2010-03-17 22:36 . 2010-03-17 22:36 ——– d—–w- c:\users\Anita\AppData\Roaming\Malwarebytes
2010-03-17 22:36 . 2010-01-07 15:07 38224 —-a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-03-17 22:36 . 2010-03-17 22:36 ——– d—–w- c:\programdata\Malwarebytes
2010-03-17 22:36 . 2010-03-17 22:36 ——– d—–w- c:\program files\Malwarebytes' Anti-Malware
2010-03-17 22:36 . 2010-01-07 15:07 19160 —-a-w- c:\windows\system32\drivers\mbam.sys
2010-03-17 21:46 . 2010-02-20 23:39 24064 —-a-w- c:\windows\system32\nshhttp.dll
2010-03-17 21:46 . 2010-02-20 21:18 411136 —-a-w- c:\windows\system32\drivers\http.sys
2010-03-17 21:46 . 2010-02-20 23:37 31232 —-a-w- c:\windows\system32\httpapi.dll
2010-03-17 07:22 . 2010-03-17 07:22 360584 —-a-w- c:\programdata\avg9\update\backup\avgtdix.sys
2010-03-17 07:22 . 2010-03-17 07:22 28424 —-a-w- c:\programdata\avg9\update\backup\avgmfx86.sys
2010-03-17 07:22 . 2010-03-17 07:22 333192 —-a-w- c:\programdata\avg9\update\backup\avgldx86.sys
2010-03-17 07:21 . 2010-03-17 07:21 12464 —-a-w- c:\windows\system32\avgrsstx.dll
2010-03-16 20:54 . 2010-03-17 21:34 ——– d—–w- c:\program files\Windows Live Safety Center
2010-03-15 22:43 . 2010-03-15 21:45 15880 —-a-w- c:\windows\system32\lsdelete.exe
2010-03-15 21:41 . 2010-03-15 21:41 ——– dc-h–w- c:\programdata\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}
2010-03-15 21:41 . 2010-02-04 15:53 2954656 -c–a-w- c:\programdata\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}\Ad-AwareInstaller.exe
2010-03-15 21:40 . 2010-03-15 21:41 ——– d—–w- c:\program files\Lavasoft
2010-03-15 21:40 . 2010-03-15 21:45 ——– d—–w- c:\programdata\Lavasoft
2010-03-08 18:24 . 2010-01-23 09:44 2048 —-a-w- c:\windows\system32\tzres.dll
2010-03-08 18:23 . 2010-01-25 08:35 523776 —-a-w- c:\windows\system32\RMActivate_isv.exe
2010-03-08 18:23 . 2010-01-25 08:34 511488 —-a-w- c:\windows\system32\RMActivate.exe
2010-03-08 18:23 . 2010-01-25 08:34 347136 —-a-w- c:\windows\system32\RMActivate_ssp.exe
2010-03-08 18:23 . 2010-01-25 12:48 472576 —-a-w- c:\windows\system32\secproc_isv.dll
2010-03-08 18:23 . 2010-01-25 12:48 472064 —-a-w- c:\windows\system32\secproc.dll
2010-03-08 18:23 . 2010-01-25 08:35 346624 —-a-w- c:\windows\system32\RMActivate_ssp_isv.exe
2010-03-08 18:23 . 2010-01-25 12:48 151040 —-a-w- c:\windows\system32\secproc_ssp_isv.dll
2010-03-08 18:23 . 2010-01-25 12:48 151040 —-a-w- c:\windows\system32\secproc_ssp.dll
2010-03-08 18:23 . 2010-01-25 12:45 329216 —-a-w- c:\windows\system32\msdrm.dll
2010-03-07 11:59 . 2010-03-18 20:08 ——– d—–w- c:\program files\Zynga
2010-02-22 18:29 . 2008-01-09 11:28 27632 —-a-w- c:\windows\system32\drivers\seehcri.sys
2010-02-22 18:27 . 2010-02-22 18:27 ——– d—–w- c:\program files\Avanquest update
2010-02-22 18:25 . 2010-02-22 18:25 ——– d—–w- c:\programdata\BVRP Software
2010-02-22 18:07 . 2010-02-22 18:07 ——– d—–w- c:\users\Anita\AppData\Roaming\Sony
2010-02-22 18:07 . 2010-02-22 18:07 ——– d—–w- c:\programdata\Sony
2010-02-22 18:05 . 2010-02-22 18:05 ——– d—–w- c:\users\Anita\AppData\Local\Sony
2010-02-22 18:02 . 2010-02-22 18:02 ——– d—–w- c:\program files\Common Files\Sony Shared
2010-02-22 18:02 . 2010-02-22 18:02 ——– d—–w- c:\program files\Sony
2010-02-22 17:56 . 2010-02-22 17:58 ——– d—–w- c:\program files\QuickTime
2010-02-22 17:56 . 2010-02-22 17:56 ——– d—–w- c:\programdata\Apple Computer
2010-02-22 17:54 . 2010-02-22 17:54 ——– d—–w- c:\users\Anita\AppData\Local\Apple
2010-02-22 17:54 . 2010-02-22 17:54 ——– d—–w- c:\program files\Apple Software Update
2010-02-22 17:54 . 2010-02-22 17:54 ——– d—–w- c:\programdata\Apple
2010-02-22 17:27 . 2010-02-22 18:47 ——– d—–w- c:\program files\Sony Ericsson
2010-02-22 17:26 . 2010-02-22 17:26 ——– d—–w- c:\users\Anita\AppData\Roaming\InstallShield
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-18 20:51 . 2009-07-01 23:41 653952800 –sha-w- c:\windows\system32\drivers\fidbox.dat
2010-03-18 20:27 . 2009-07-01 23:41 8761700 –sha-w- c:\windows\system32\drivers\fidbox.idx
2010-03-18 20:08 . 2010-01-01 21:24 ——– d—–w- c:\program files\4shared.com
2010-03-18 20:08 . 2009-02-15 21:26 ——– d—–w- c:\program files\pdfforge Toolbar
2010-03-18 19:46 . 2010-01-01 21:24 ——– d—–w- c:\users\Anita\AppData\Roaming\4shared Desktop
2010-03-17 22:22 . 2008-09-04 13:14 680070 —-a-w- c:\windows\system32\perfh013.dat
2010-03-17 22:22 . 2008-09-04 13:14 132988 —-a-w- c:\windows\system32\perfc013.dat
2010-03-17 22:08 . 2006-11-02 11:18 ——– d—–w- c:\program files\Windows Mail
2010-03-17 22:03 . 2008-09-04 03:50 ——– d—–w- c:\programdata\Microsoft Help
2010-03-17 07:21 . 2009-11-13 23:16 242696 —-a-w- c:\windows\system32\drivers\avgtdix.sys
2010-03-17 07:21 . 2009-11-13 23:15 29512 —-a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-03-17 07:20 . 2009-11-13 23:15 216200 —-a-w- c:\windows\system32\drivers\avgldx86.sys
2010-03-15 21:43 . 2009-01-28 21:33 ——– d—–w- c:\program files\Google
2010-03-11 09:36 . 2009-02-02 08:22 0 —-a-w- c:\windows\system32\drivers\lvuvc.hs
2010-03-08 21:09 . 2009-01-29 00:12 106920 —-a-w- c:\users\Anita\AppData\Local\GDIPFONTCACHEV1.DAT
2010-02-22 18:27 . 2008-08-19 02:02 ——– d–h–w- c:\program files\InstallShield Installation Information
2010-02-15 17:12 . 2010-02-15 17:12 ——– d—–w- c:\users\Supervisor\AppData\Roaming\Nero
2010-02-15 17:12 . 2009-01-28 21:11 106352 —-a-w- c:\users\Supervisor\AppData\Local\GDIPFONTCACHEV1.DAT
2010-02-06 10:45 . 2009-01-31 01:59 ——– d—–w- c:\programdata\Messenger Plus!
2010-02-06 10:45 . 2009-01-31 01:00 ——– d—–w- c:\program files\Messenger Plus! Live
2010-02-04 15:53 . 2010-03-15 21:45 64288 —-a-w- c:\windows\system32\drivers\Lbd.sys
2010-02-03 16:03 . 2009-09-19 21:46 ——– d—–w- c:\program files\Microsoft Silverlight
2010-01-20 22:02 . 2006-11-02 12:37 ——– d—–w- c:\program files\MSBuild
2010-01-20 21:54 . 2010-01-20 21:54 ——– d—–w- c:\program files\Microsoft Visual Studio 8
2010-01-02 06:38 . 2010-02-02 22:47 916480 —-a-w- c:\windows\system32\wininet.dll
2010-01-02 06:32 . 2010-02-02 22:47 109056 —-a-w- c:\windows\system32\iesysprep.dll
2010-01-02 06:32 . 2010-02-02 22:47 71680 —-a-w- c:\windows\system32\iesetup.dll
2010-01-02 04:57 . 2010-02-02 22:47 133632 —-a-w- c:\windows\system32\ieUnatt.exe
2009-12-31 17:29 . 2009-07-06 18:47 680 —-a-w- c:\users\Anita\AppData\Local\d3d9caps.dat
2009-12-31 17:13 . 2009-09-24 20:11 1 —-a-w- c:\users\Anita\AppData\Roaming\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2009-12-28 12:35 . 2010-02-10 21:29 11776 —-a-w- c:\windows\system32\tsbyuv.dll
2009-12-28 12:35 . 2010-02-10 21:29 1314816 —-a-w- c:\windows\system32\quartz.dll
2009-12-28 12:32 . 2010-02-10 21:29 22528 —-a-w- c:\windows\system32\msyuv.dll
2009-12-28 12:32 . 2010-02-10 21:29 31744 —-a-w- c:\windows\system32\msvidc32.dll
2009-12-28 12:32 . 2010-02-10 21:28 123904 —-a-w- c:\windows\system32\msvfw32.dll
2009-12-28 12:32 . 2010-02-10 21:29 13312 —-a-w- c:\windows\system32\msrle32.dll
2009-12-28 12:31 . 2010-02-10 21:29 82944 —-a-w- c:\windows\system32\mciavi32.dll
2009-12-28 12:31 . 2010-02-10 21:29 50176 —-a-w- c:\windows\system32\iyuv_32.dll
2009-12-28 12:28 . 2010-02-10 21:29 65024 —-a-w- c:\windows\system32\avicap32.dll
2009-12-28 12:28 . 2010-02-10 21:28 91136 —-a-w- c:\windows\system32\avifil32.dll
2009-12-24 21:39 . 2009-12-24 21:39 970504 —-a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2006-05-03 09:06 . 2009-11-08 22:48 163328 –sh–r- c:\windows\System32\flvDX.dll
2007-02-21 10:47 . 2009-11-08 22:48 31232 –sh–r- c:\windows\System32\msfDX.dll
2008-03-16 12:30 . 2009-11-08 22:48 216064 –sh–r- c:\windows\System32\nbDX.dll
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
“{A3BC75A2-1F87-4686-AA43-5347D756017C}”= “c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll”
2009-10-16 11:12 1119488 —-a-w- c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll
“{CCC7A320-B3CA-4199-B1A6-9F516DD69829}”= “c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll”
“{CCC7A320-B3CA-4199-B1A6-9F516DD69829}”= “c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll”
@=“{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}”
2008-05-14 16:05 121392 —-a-w- c:\program files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll
“instanteyedropper”=“c:\program files\InstantEyedropper\InstantEyedropper.exe”
“ehTray.exe”=“c:\windows\ehome\ehTray.exe”
“ccleaner”=“c:\program files\CCleaner\CCleaner.exe”
“Privacy Eraser Pro”=“c:\program files\PrivacyEraser Computing\Privacy Eraser Pro\PrivacyEraser.exe”
“Logitech Vid”=“c:\program files\Logitech\Logitech Vid\vid.exe”
“Window Washer”=“c:\program files\Webroot\Washer\wwDisp.exe”
“4shared Desktop”=“c:\program files\4shared Desktop\desktop.exe”
“IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}”=“c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe”
“WMPNSCFG”=“c:\program files\Windows Media Player\WMPNSCFG.exe”
“Index Washer”=“c:\program files\Webroot\Washer\WashIdx.exe”
“Windows Defender”=“c:\program files\Windows Defender\MSASCui.exe”
“SynTPEnh”=“c:\program files\Synaptics\SynTP\SynTPEnh.exe”
“BkupTray”=“c:\program files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe”
“ArcadeDeluxeAgent”=“c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe”
“PlayMovie”=“c:\program files\Acer Arcade Deluxe\PlayMovie\PMVService.exe”
“StartCCC”=“c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe”
“RtHDVCpl”=“RtHDVCpl.exe”
“PLFSetI”=“c:\windows\PLFSetI.exe”
“LManager”=“c:\progra~1\LAUNCH~1\LManager.exe”
“eDataSecurity Loader”=“c:\program files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe”
“ePower_DMC”=“c:\program files\Acer\Empowering Technology\ePower\ePower_DMC.exe”
“WarReg_PopUp”=“c:\program files\Acer\WR_PopUp\WarReg_PopUp.exe”
“Google Desktop Search”=“c:\program files\Google\Google Desktop Search\GoogleDesktop.exe”
“LogitechQuickCamRibbon”=“c:\program files\Logitech\QuickCam\Quickcam.exe”
“FTD Watchdog Monitor”=“c:\program files\FTD Watchdog\FtdMonitor.exe”
“AnyDVD”=“c:\program files\SlySoft\AnyDVD\AnyDVD.exe”
“PWRISOVM.EXE”=“c:\program files\PowerISO\PWRISOVM.EXE”
“CloneCDTray”=“c:\program files\SlySoft\CloneCD\CloneCDTray.exe”
“CLMLServer”=“c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe”
“CanonSolutionMenu”=“c:\program files\Canon\SolutionMenu\CNSLMAIN.exe”
“CanonMyPrinter”=“c:\program files\Canon\MyPrinter\BJMyPrt.exe”
“Adobe Reader Speed Launcher”=“c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe”
“Adobe ARM”=“c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe”
“NBKeyScan”=“c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe”
“GrooveMonitor”=“c:\program files\Microsoft Office\Office12\GrooveMonitor.exe”
“QuickTime Task”=“c:\program files\QuickTime\QTTask.exe”
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
BlueSoleil.lnk - c:\program files\IVT Corporation\BlueSoleil\gprs.exe
Update-functie.lnk - c:\program files\KPN Dashboard\Mobiel Internet Dashboard\AutoUpdateSrv.exe
“EnableUIADesktopToggle”= 0 (0x0)
“AppInit_DLLs”=c:\windows\System32\avgrsstx.dll c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll c:\windows\System32\avgrsstx.dll
“mixer3”=wdmaud.drv
@=“Service”
@=“Service”
“DisableMonitoring”=dword:00000001
“DisableMonitoring”=dword:00000001
“AntiVirusOverride”=dword:00000001
R0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys
R2 gupdate;Google Updateservice (gupdate);c:\program files\Google\Update\GoogleUpdate.exe
R2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
R3 btnetBUs;Bluetooth PAN Bus Service;c:\windows\system32\Drivers\btnetBus.sys
R3 GoogleDesktopManager-093009-130223;Google Desktop Manager 5.9.909.30391;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe
R3 IvtBtBUs;IVT Bluetooth Bus Service;c:\windows\system32\Drivers\IvtBtBus.sys
R3 wrssweep;Webroots Volume Access Driver;c:\program files\Webroot\Washer\wrssweep.sys
S0 BtHidBus;Bluetooth HID Bus Service;c:\windows\System32\Drivers\BtHidBus.sys
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys
S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\Drivers\avgldx86.sys
S1 AvgTdiX;AVG Free Network Redirector;c:\windows\System32\Drivers\avgtdix.sys
S2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};{49DE1C67-83F8-4102-99E0-C16DCC7EEC796};c:\program files\Acer Arcade Deluxe\PlayMovie\000.fcl
S2 avg9emc;AVG Free E-mail Scanner;c:\program files\AVG\AVG9\avgemc.exe
S2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe
S2 BUNAgentSvc;NTI Backup Now 5 Agent Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
S2 CLHNService;CLHNService;c:\program files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe
S2 ETService;Empowering Technology Service;c:\program files\Acer\Empowering Technology\Service\ETService.exe
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe
S2 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
S2 NTIPPKernel;NTIPPKernel;c:\program files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\NTIPPKernel.sys
S2 spiceworks;spiceworks;c:\program files\Spiceworks\bin\spiceworks.exe service
S2 Start BT in service;Start BT in service;c:\program files\IVT Corporation\BlueSoleil\StartSkysolSvc.exe
S2 wwEngineSvc;Window Washer Engine;c:\program files\Webroot\Washer\WasherSvc.exe
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\b57nd60x.sys
S3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\DRIVERS\seehcri.sys
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys
getPlusHelper REG_MULTI_SZ getPlusHelper
.
Inhoud van de ‘Gedeelde Taken’ map
2010-03-18 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe
2010-03-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe
2010-03-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe
.
.
——- Bijkomende Scan ——-
.
uStart Page = hxxp://www.findarticlesblog.com/
IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
Trusted Zone: hotmail.com
Trusted Zone: live.com\mail
.
- - - - ORPHANS VERWIJDERD - - - -
WebBrowser-{09EC805C-CB2E-4D53-B0D3-A75A428B81C7} - (no file)
WebBrowser-{7B13EC3E-999A-4B70-B9CB-2617B8323822} - (no file)
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-03-18 21:50
Windows 6.0.6001 Service Pack 1 NTFS
scannen van verborgen processen …
scannen van verborgen autostart items …
scannen van verborgen bestanden …
Scan succesvol afgerond
verborgen bestanden: 0
**************************************************************************
“ImagePath”=“\??\c:\program files\Acer Arcade Deluxe\PlayMovie\000.fcl”
.
——————— VERGRENDELDE REGISTER SLEUTELS ———————
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
“BlindDial”=dword:00000000
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
“BlindDial”=dword:00000000
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
“BlindDial”=dword:00000000
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
“BlindDial”=dword:00000000
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
“BlindDial”=dword:00000000
.
Voltooingstijd: 2010-03-18 21:56:39
ComboFix-quarantined-files.txt 2010-03-18 20:56
Pre-Run: 35.445.739.520 bytes beschikbaar
Post-Run: 35.373.912.064 bytes beschikbaar
Current=1 Default=1 Failed=0 LastKnownGood=45 Sets=1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45
- - End Of File - - 11B2018C7C7F3715DE6CA6456F5CA5CB
List'em.txt
List'em by g3n-h@ckm@n 1.6.0.2
User : Anita (Gebruikers)
Update on 18/03/2010 by g3n-h@ckm@n ::::: 12.30
Start at: 22:18:33 | 18-3-2010
Contact : http://www.commentcamarche.net/forum/forum-7-virus-securite
AMD Athlon™ X2 Dual-Core QL-60
Microsoft® Windows Vista™ Home Premium (6.0.6001 32-bit) # Service Pack 1
Internet Explorer 8.0.6001.18882
Windows Firewall Status : Enabled
AV : ZoneAlarm Security Suite Antivirus 8.0.400.020
FW : ZoneAlarm Security Suite Firewall8.0.400.020
C:\ -> Lokale vaste schijf | 111,57 Go (32,99 Go free) | NTFS
D:\ -> Lokale vaste schijf | 111,55 Go (88,92 Go free) | NTFS
E:\ -> Cd-rom-schijf
Boot: Normal
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Processes running
C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\winlogon.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\Ati2evxx.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe
C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
C:\Windows\system32\IoctlSvc.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Spiceworks\bin\spiceworks.exe
C:\Program Files\IVT Corporation\BlueSoleil\StartSkysolSvc.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Webroot\Washer\WasherSvc.exe
C:\Program Files\AVG\AVG9\avgemc.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\System32\alg.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
C:\Windows\system32\conime.exe
C:\Windows\explorer.exe
C:\Program Files\KPN Dashboard\Mobiel Internet Dashboard\AutoUpdateSrv.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\List_Kill'em\List_Kill'em.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\List_Kill'em\pv.exe
======================
Keys “Run”
======================
instanteyedropper REG_SZ “C:\Program Files\InstantEyedropper\InstantEyedropper.exe”
ehTray.exe REG_SZ C:\Windows\ehome\ehTray.exe
ccleaner REG_SZ “C:\Program Files\CCleaner\CCleaner.exe” /AUTO
Privacy Eraser Pro REG_SZ C:\Program Files\PrivacyEraser Computing\Privacy Eraser Pro\PrivacyEraser.exe /Startup
Logitech Vid REG_SZ “C:\Program Files\Logitech\Logitech Vid\vid.exe” -bootmode
Window Washer REG_SZ C:\Program Files\Webroot\Washer\wwDisp.exe
4shared Desktop REG_SZ “C:\Program Files\4shared Desktop\desktop.exe” “startup”
IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} REG_SZ “C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe” ASO-616B5711-6DAE-4795-A05F-39A1E5104020
WMPNSCFG REG_SZ C:\Program Files\Windows Media Player\WMPNSCFG.exe
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run\Disabled
Windows Defender REG_EXPAND_SZ %ProgramFiles%\Windows Defender\MSASCui.exe -hide
SynTPEnh REG_SZ C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
BkupTray REG_SZ “C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe”
ArcadeDeluxeAgent REG_SZ “C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe”
PlayMovie REG_SZ “C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe”
StartCCC REG_SZ “C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe” MSRun
RtHDVCpl REG_SZ RtHDVCpl.exe
PLFSetI REG_SZ C:\Windows\PLFSetI.exe
LManager REG_SZ C:\PROGRA~1\LAUNCH~1\LManager.exe
eDataSecurity Loader REG_SZ C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe
ePower_DMC REG_SZ C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe
WarReg_PopUp REG_SZ C:\Program Files\Acer\WR_PopUp\WarReg_PopUp.exe
Google Desktop Search REG_SZ “C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe” /startup
LogitechQuickCamRibbon REG_SZ “C:\Program Files\Logitech\QuickCam\Quickcam.exe” /hide
FTD Watchdog Monitor REG_SZ C:\Program Files\FTD Watchdog\FtdMonitor.exe
AnyDVD REG_SZ C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
PWRISOVM.EXE REG_SZ C:\Program Files\PowerISO\PWRISOVM.EXE
CloneCDTray REG_SZ “C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe” /s
CLMLServer REG_SZ “C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe”
CanonSolutionMenu REG_SZ C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon
CanonMyPrinter REG_SZ C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
Adobe Reader Speed Launcher REG_SZ “C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe”
Adobe ARM REG_SZ “C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe”
NBKeyScan REG_SZ “C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe”
GrooveMonitor REG_SZ “C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe”
QuickTime Task REG_SZ “C:\Program Files\QuickTime\QTTask.exe” -atboottime
=====================
Other Keys
=====================
ConsentPromptBehaviorAdmin REG_DWORD 2 (0x2)
ConsentPromptBehaviorUser REG_DWORD 1 (0x1)
EnableInstallerDetection REG_DWORD 1 (0x1)
EnableLUA REG_DWORD 1 (0x1)
EnableSecureUIAPaths REG_DWORD 1 (0x1)
EnableVirtualization REG_DWORD 1 (0x1)
PromptOnSecureDesktop REG_DWORD 1 (0x1)
ValidateAdminCodeSignatures REG_DWORD 0 (0x0)
dontdisplaylastusername REG_DWORD 0 (0x0)
legalnoticecaption REG_SZ
legalnoticetext REG_SZ
scforceoption REG_DWORD 0 (0x0)
shutdownwithoutlogon REG_DWORD 1 (0x1)
undockwithoutlogon REG_DWORD 1 (0x1)
FilterAdministratorToken REG_DWORD 0 (0x0)
EnableUIADesktopToggle REG_DWORD 0 (0x0)
DisableRegistryTools REG_DWORD 0 (0x0)
===============
NoDrives REG_DWORD 0 (0x0)
===============
NoDrives REG_DWORD 0 (0x0)
===============
AppInit_DLLS REG_SZ C:\Windows\System32\avgrsstx.dll c:\PROGRA~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll C:\Windows\System32\avgrsstx.dll
===============
ReportBootOk REG_SZ 1
Shell REG_SZ Explorer.exe
Userinit REG_SZ C:\Windows\system32\userinit.exe,
VmApplet REG_SZ rundll32 shell32,Control_RunDLL “sysdm.cpl”
AutoRestartShell REG_DWORD 1 (0x1)
LegalNoticeCaption REG_SZ
LegalNoticeText REG_SZ
PowerdownAfterShutdown REG_SZ 0
ShutdownWithoutLogon REG_SZ 0
cachedlogonscount REG_SZ 10
forceunlocklogon REG_DWORD 0 (0x0)
passwordexpirywarning REG_DWORD 14 (0xe)
Background REG_SZ 0 0 0
DebugServerCommand REG_SZ no
WinStationsDisabled REG_SZ 0
DisableCAD REG_DWORD 1 (0x1)
scremoveoption REG_SZ 0
ShutdownFlags REG_DWORD 39 (0x27)
SFCDisable REG_DWORD 0 (0x0)
System REG_SZ
===============
===============
{B5A7F190-DDA6-4420-B3BA-52453494E6CD} REG_SZ Groove GFS Stub Execution Hook
{AEB6717E-7E19-11d0-97EE-00C04FD91972} REG_SZ
===============
C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSfsu.exe REG_SZ C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSfsu.exe:*:Enabled:eDSfsu
C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\encryption.exe REG_SZ C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\encryption.exe:*:Enabled:encryption
C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\decryption.exe REG_SZ C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\decryption.exe:*:Enabled:decryption
C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSMgr.exe REG_SZ C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSMgr.exe:*:Enabled:eDSMgr
C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStbmngr.exe REG_SZ C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStbmngr.exe:*:Enabled:eDStbmngr
C:\Program Files\Acer\Empowering Technology\eDataSecurity\x64\eDSfsu.exe REG_SZ C:\Program Files\Acer\Empowering Technology\eDataSecurity\x64\eDSfsu.exe:*:Enabled:eDSfsu
C:\Program Files\Acer\Empowering Technology\eDataSecurity\x64\encryption.exe REG_SZ C:\Program Files\Acer\Empowering Technology\eDataSecurity\x64\encryption.exe:*:Enabled:encryption
C:\Program Files\Acer\Empowering Technology\eDataSecurity\x64\decryption.exe REG_SZ C:\Program Files\Acer\Empowering Technology\eDataSecurity\x64\decryption.exe:*:Enabled:decryption
C:\Program Files\Acer\Empowering Technology\eDataSecurity\x64\eDSMgr.exe REG_SZ C:\Program Files\Acer\Empowering Technology\eDataSecurity\x64\eDSMgr.exe:*:Enabled:eDSMgr
C:\Program Files\Acer\Empowering Technology\eDataSecurity\x64\eDStbmngr.exe REG_SZ C:\Program Files\Acer\Empowering Technology\eDataSecurity\x64\eDStbmngr.exe:*:Enabled:eDStbmngr
===============
ActivX controls
===============
===============
==============
BHO :
======
===
DNS
===
DNS Server Search Order: 82.197.196.182
DNS Server Search Order: 82.197.196.183
HKLM\SYSTEM\CCS\Services\Tcpip\..\{B35E0AB4-924A-461B-A87D-5BBDBA985F85}: DhcpNameServer=192.168.2.1 192.168.2.1 82.197.196.182 82.197.196.183
HKLM\SYSTEM\CS1\Services\Tcpip\..\{B35E0AB4-924A-461B-A87D-5BBDBA985F85}: DhcpNameServer=192.168.2.1 192.168.2.1 82.197.196.182 82.197.196.183
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.2.1 192.168.2.1 82.197.196.182 82.197.196.183
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.2.1 192.168.2.1 82.197.196.182 82.197.196.183
================
Internet Explorer :
================
Start Page REG_SZ http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
Start Page REG_SZ http://www.findarticlesblog.com/
========
Services
========
Ndisuio : 0x3 ( OK = 3 )
EapHost : 0x3 ( OK = 2 )
Wlansvc : 0x2 ( OK = 2 )
SharedAccess : 0x2 ( OK = 2 )
windefend : 0x2 ( OK = 2 )
wuauserv : 0x2 ( OK = 2 )
wscsvc : 0x2 ( OK = 2 )
=========
Atapi.sys
=========
%%%% HASHDEEP-1.0
%%%% size,md5,sha256,filename
## Invoked from: C:\Program Files\List_Kill'em
## C:\> hashdeep.exe C:\Windows\ERDNT\cache\atapi.sys
##
21560,2d9c903dc76a66813d350a562de40ed9,82609f01a08c6842e4c17c077bb641c1429c0e6657964b7f2d114035e1bdcbf3,C:\Windows\ERDNT\cache\atapi.sys
%%%% HASHDEEP-1.0
%%%% size,md5,sha256,filename
## Invoked from: C:\Program Files\List_Kill'em
## C:\> hashdeep.exe C:\Windows\SoftwareDistribution\Download\15d05090e6f876555f2419af621dda9f\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
##
19944,1f05b78ab91c9075565a9d8a4b880bc4,737be9f9376dab0ccdfed93ea6d67f0c432367ea63cd772a453485be769af3bd,C:\Windows\SoftwareDistribution\Download\15d05090e6f876555f2419af621dda9f\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
%%%% HASHDEEP-1.0
%%%% size,md5,sha256,filename
## Invoked from: C:\Program Files\List_Kill'em
## C:\> hashdeep.exe C:\Windows\System32\drivers\atapi.sys
##
21560,2d9c903dc76a66813d350a562de40ed9,82609f01a08c6842e4c17c077bb641c1429c0e6657964b7f2d114035e1bdcbf3,C:\Windows\System32\drivers\atapi.sys
%%%% HASHDEEP-1.0
%%%% size,md5,sha256,filename
## Invoked from: C:\Program Files\List_Kill'em
## C:\> hashdeep.exe C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
##
19048,4f4fcb8b6ea06784fb6d475b7ec7300f,6202d85c9a75e3f01f5f94f069c4cd8a2b9295a182301eae5940ec3bc2c1d896,C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
%%%% HASHDEEP-1.0
%%%% size,md5,sha256,filename
## Invoked from: C:\Program Files\List_Kill'em
## C:\> hashdeep.exe C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
##
21560,2d9c903dc76a66813d350a562de40ed9,82609f01a08c6842e4c17c077bb641c1429c0e6657964b7f2d114035e1bdcbf3,C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
%%%% HASHDEEP-1.0
%%%% size,md5,sha256,filename
## Invoked from: C:\Program Files\List_Kill'em
## C:\> hashdeep.exe C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
##
21560,2d9c903dc76a66813d350a562de40ed9,82609f01a08c6842e4c17c077bb641c1429c0e6657964b7f2d114035e1bdcbf3,C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
Référence :
==========
Win 2000_SP2 : ff953a8f08ca3f822127654375786bbe
Win 2000_SP4 : 8c718aa8c77041b3285d55a0ce980867
Win XP_32b : a64013e98426e1877cb653685c5c0009
Win XP_SP2_32b : CDFE4411A69C224BD1D11B2DA92DAC51
Win XP_SP3_32b : 9F3A2F5AA6875C72BF062C712CFA2674
Vista_32b : e03e8c99d15d0381e02743c36afc7c6f
Vista_SP1_32b : 2d9c903dc76a66813d350a562de40ed9
Vista_SP2_32b : 1F05B78AB91C9075565A9D8A4B880BC4
Vista_SP2_64b : 1898FAE8E07D97F2F6C2D5326C633FAC
Windows 7_32b : 80C40F7FDFC376E4C5FEEC28B41C119E
Windows 7_64b : 02062C0B390B7729EDC9E69C680A6F3C
Windows 7_32b_Ultimate : 338c86357871c167a96ab976519bf59e
=======
Drive :
=======
Windows Schijfdefragmentatie
Copyright © 2006 Microsoft Corp.
Analyserapport voor volume C: ACER
Volumegrootte = 112 GB
Beschikbare ruimte = 33.00 GB
Grootste hoeveelheid vrije ruimte = 13.23 GB
Percentage bestandsfragmentatie = 2 %
Opmerking: op NTFS-volumes worden bestandsfragmenten groter dan 64 MB niet opgenomen in de fragmentatiestatistieken
U hoeft dit volume niet te defragmenteren.
¤¤¤¤¤¤¤¤¤¤ Files/folders :
Present !! : C:\Windows\System32\ACER.exe
¤¤¤¤¤¤¤¤¤¤ Keys :
Present !! : HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDrives
Present !! : HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDrives
Present !! : HKEY_USERS\S-1-5-21-1514063325-3281619299-2884210226-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDrives
Present !! : “HKCU\Software\Microsoft\Internet Explorer\LowRegistry\Search Settings”
Present !! : “HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}”
Present !! : “HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}”
Present !! : “HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B922D405-6D13-4A2B-AE89-08A030DA4402}”
Present !! : “HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}”
Present !! : “HKLM\Software\Search Settings”
Present !! : HKCR\CLSID\{248dd896-bb45-11cf-9abc-0080c7e7b78d}
Present !! : HKCR\CLSID\{248dd897-bb45-11cf-9abc-0080c7e7b78d}
Present !! : HKCR\Installer\UpgradeCodes\789034A89BAC50E4782F0A7BDBF75632
Present !! : HKCR\Installer\UpgradeCodes\A97CEC23332751B47BA4B95BAA50C9D0
Present !! : HKCR\Interface\{248dd892-bb45-11cf-9abc-0080c7e7b78d}
Present !! : HKCR\Interface\{248dd893-bb45-11cf-9abc-0080c7e7b78d}
Present !! : HKCR\Interface\{4897bba6-48d9-468c-8efa-846275d7701b}
Present !! : HKCR\TypeLib\{248dd890-bb45-11cf-9abc-0080c7e7b78d}
Present !! : HKCU\Software\AppDataLow\Software\pdfforge
Present !! : HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{83ff80f4-8c74-4b80-b5ba-c8ddd434e5c4}
Present !! : HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35B-6118-11DC-9C72-001320C79847}
Present !! : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35C-6118-11DC-9C72-001320C79847}
Present !! : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\A97CEC23332751B47BA4B95BAA50C9D0
Present !! : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\789034A89BAC50E4782F0A7BDBF75632
Present !! : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\07D5290CDBDAE4242926B8E6CA650501
Present !! : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\08E33F7B61DEFF24BB9673ED7D467636
Present !! : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\0E3D8A5B48622A445A7DF73FEFF32C3F
Present !! : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\1AC67655DD68F8240B2860F2D511EBD8
Present !! : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\34EDDB1BFB3A2D448845F3EFD0F15A43
Present !! : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\351716A953E21214898904032EAE2E81
Present !! : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\397C771A7BCAC904697C3EC629ED33ED
Present !! : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\4318DF19719275242801CBE292063A4C
Present !! : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\45FC115D1FEAEF849A4E1610D6EC8BF0
Present !! : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\46A5861A389ADB844AF89E31BC9DF0A1
Present !! : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\49B0E1A6FF50BBE4289E4E23DE6EA0C7
Present !! : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\4CCCAC049F34D0540AAC13011398BEDB
Present !! : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\5C4389D0BFB302C479DE4178BD5D9EBA
Present !! : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\5D19F074C042AD34BAB463D4175A062E
Present !! : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\5D2B09BDEF4FE54418E6F3373CDBC7AC
Present !! : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\61B65D3397A1FBF4CB1571B5E4F6B5B0
Present !! : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\68E8A05C60DD9254591DBD16C94EDDBF
Present !! : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\697E782CF574CC34CBB9566440BA12BC
Present !! : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\6AE27A8613CF7EA4782F2886F67295E5
Present !! : HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\76DA9915C36F3D742951F63351CF5C97
Present !! : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\7CE172051F585E04187BCB97570BFA74
Present !! : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\86A901BA5265452499DCBF719C378EE3
Present !! : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\88ABD1CD5C40EC84789A7F6EF86DAC5E
Present !! : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\980289C22F80A7C4BB9323DC61255E4E
Present !! : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\98CC8BF5A4A6E6C4ABF7051DDAB8B058
Present !! : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\9A4B7EF3789F871419D9302583B20C15
Present !! : HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\9B0B0584E80456A4FB98DA3973B1EB3F
Present !! : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\A189D17A469616C4688D23E192996267
Present !! : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\A6C53B0F76C44004A8F36716213017DB
Present !! : HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\A89F1E0FE544529429C8BF82FE74CE39
Present !! : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\B59F2D8189784CC46A4597F2842480B0
Present !! : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\BD746FB95FB8E5B45BF66BE54D5FD91F
Present !! : HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\C9667115F6A9CE340B31B63B680FF26F
Present !! : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\CCF399FCD6D2D3F46BF02A1378654FC9
Present !! : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\D149C1355C98DE24E82CEFBD996FE06A
Present !! : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\D15DAF33C220F91468A1D7D57C31ACD7
Present !! : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\D3BA76A44C779424889063D5098ED2D6
Present !! : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\D6D0EB9FDBD90C04D92A7E729058F10D
Present !! : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\DB59FDB786388EA4D897F3EE715683AC
Present !! : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\DB8DAD19CFBCC2049A4477183787E8C5
Present !! : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\E337925F629CF4C4FB08F3D9674DD839
Present !! : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\E4748F9A4181FCE46A23C13B517B9420
Present !! : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\EC65F200D112357449C8B1BC3CFA03D0
Present !! : HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\EFB70E89C3D6D354596520DE424F89D6
Present !! : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\F327D0C73C0973644A21E8CC852267A0
Present !! : HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\F49A213B5069AC348994D03F81B56C19
Present !! : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\FA96423FE2B98E248A3B23548D1E22D9
Present !! : HKLM\Software\pdfforge
Present !! : HKLM\SYSTEM\ControlSet001\Services\Irmon
Present !! : HKLM\SYSTEM\CurrentControlSet\Services\Irmon
============
catchme 0.3.1398.3 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-03-18 22:38:02
Windows 6.0.6001 Service Pack 1 FAT NTAPI
scanning hidden processes …
scanning hidden services …
scanning hidden autostart entries …
scanning hidden files …
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net
device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll storport.sys ahcix86s.sys tcpip.sys NETIO.SYS win32k.sys
kernel: MBR read successfully
user & kernel MBR OK
¤¤¤¤¤¤¤¤¤¤ Cracks | Keygens | Serials
C:\Users\Anita\Downloads\GrabIt Downloads\Chives - Nero8.3.6.0 Nederlands\Chives - Nero 8.3.6.0 Nederlands\Keygen.exe
C:\Users\Anita\Downloads\GrabIt Downloads\NortonGhost12\Install.rar
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤( EOF )¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
Download List_Kill’em
* Dubbelklik List_Kill’em.exe
* Vista gebruikers:rechtsklik op List_Kill’em.exe en kies voor "Als Administrator uitvoeren”
* Kies in het venster “Choice” choose: E =English
Vanaf hier een andere optie gekregen!!!
* Kies in het venster “Choice” choose a number and Enter 1 =Search mode
* De scan wordt gestart. Note: De scan bij “Test Rootkits”kan enige tijd duren
* Aan het eind van de scan komen er twee logfiles
* Catchme.log en C:\List’em.txt post de inhoud van beide in je volgende antwoord
Ik moest het programma opnieuw installeren.
Test rootkits komt niet voor!
Catchme.log ook niet na gedane arbeid!
C:\list'em.txt wel
Argus

19-03-2010 01:10

ComboFix verwijderen
Ga naar Start - Uitvoeren en kopïeer het volgende er in:
Combofix /Uninstall
Klik daarna op OK.
Dit zal combofix deïnstalleren
Start Kill’em nog een keer
Kies in het venster “Choice” choose: E =English
Kies in het venster “Choice” choose a number and Enter 2 =Destruction mode
De scan wordt gestart
Aan het eind van de scan komt er een logfile(C:\kill’em.txt)
post de inhoud in je volgende antwoord
Download TDSSKiller naar je bureaublad en pak het bestand vervolgens uit
* Dubbelklik op TDSSKiller.exe om het programma te starten.
* Wanneer het programma klaar is, zal er een log op de C:\ schijf worden aangemaakt. De bestandsnaam van dat logje begint met TDSSKiller.
* Post de inhoud van het logje in je volgende bericht.
fransefreule

20-03-2010 02:13

Gedaan wat je schreef! Echter, niet alles wil lukken!
Argus Schreef:
——————————————————-
> ComboFix verwijderen
> Ga naar Start - Uitvoeren en kopïeer het volgende
> er in:
> Combofix /Uninstall
> Klik daarna op OK.
> Dit zal combofix deïnstalleren
>
> Start Kill’em nog een keer
> Kies in het venster “Choice” choose: E
> =English
TOT HIER KOM IK!
Dan de optie's 1 en 2
1= Internet explorer
2=
Kies ik 1 krijg ik een scherm met knoppen met de volgende opties:
Search
Clean
Reinit AppInit_DLLs
Restore MBR
Manual Delete
Safemode clean
ADD Key
Download last version
File recover
Remove Key
MD5
Command Lines
Folder List
Root List
Uninstall
Exit
Destruction mode komt niet voor!
Als ik op Search klik, wordt de lijst gemaakt met de naam: List_Kill'em.txt
> Kies in het venster “Choice” choose a number
> and Enter 2 =Destruction mode
> De scan wordt gestart
> Aan het eind van de scan komt er een
> logfile(C:\kill’em.txt)
> post de inhoud in je volgende antwoord
>
Kan nu Internet explorer niet meer starten, fout in dll library.
Nog niet kunnen downloaden!
> Download TDSSKiller naar je bureaublad en pak het
> bestand vervolgens uit
> * Dubbelklik op TDSSKiller.exe om het programma te
> starten.
> * Wanneer het programma klaar is, zal er een log
> op de C:\ schijf worden aangemaakt. De
> bestandsnaam van dat logje begint met TDSSKiller.
> * Post de inhoud van het logje in je volgende
> bericht.
fransefreule

20-03-2010 23:09

Destrucion mode is niet aanwezig als keuze.
Zie mijn berichtje van gisteren!
Ik kom niet verder dan English!
List'em by g3n-h@ckm@n 1.6.0.2
User : Anita (Gebruikers)
Update on 18/03/2010 by g3n-h@ckm@n ::::: 12.30
Start at: 1:24:55 | 20-3-2010
Contact : http://www.commentcamarche.net/forum/forum-7-virus-securite
AMD Athlon™ X2 Dual-Core QL-60
Microsoft® Windows Vista™ Home Premium (6.0.6001 32-bit) # Service Pack 1
Internet Explorer 8.0.6001.18882
Windows Firewall Status : Enabled
AV : ZoneAlarm Security Suite Antivirus 8.0.400.020
FW : ZoneAlarm Security Suite Firewall8.0.400.020
C:\ -> Lokale vaste schijf | 111,57 Go (33,1 Go free) | NTFS
D:\ -> Lokale vaste schijf | 111,55 Go (88,92 Go free) | NTFS
E:\ -> Cd-rom-schijf
F:\ -> Cd-rom-schijf
Boot: Normal
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Processes running
C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\Ati2evxx.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe
C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Acer\Mobility Center\MobilityService.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
C:\Windows\system32\IoctlSvc.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Spiceworks\bin\spiceworks.exe
C:\Program Files\IVT Corporation\BlueSoleil\StartSkysolSvc.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Webroot\Washer\WasherSvc.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Program Files\AVG\AVG9\avgemc.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\alg.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\conime.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe
C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe
C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\PLFSetI.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Launch Manager\LManager.exe
C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe
C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe
C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\InstantEyedropper\InstantEyedropper.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\PrivacyEraser Computing\Privacy Eraser Pro\PrivacyEraser.exe
C:\Program Files\Logitech\Logitech Vid\Vid.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\KPN Dashboard\Mobiel Internet Dashboard\AutoUpdateSrv.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\List_Kill'em\List_Kill'em.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\List_Kill'em\pv.exe
======================
Keys “Run”
======================
instanteyedropper REG_SZ “C:\Program Files\InstantEyedropper\InstantEyedropper.exe”
ehTray.exe REG_SZ C:\Windows\ehome\ehTray.exe
ccleaner REG_SZ “C:\Program Files\CCleaner\CCleaner.exe” /AUTO
Privacy Eraser Pro REG_SZ C:\Program Files\PrivacyEraser Computing\Privacy Eraser Pro\PrivacyEraser.exe /Startup
Logitech Vid REG_SZ “C:\Program Files\Logitech\Logitech Vid\vid.exe” -bootmode
Window Washer REG_SZ C:\Program Files\Webroot\Washer\wwDisp.exe
4shared Desktop REG_SZ “C:\Program Files\4shared Desktop\desktop.exe” “startup”
IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} REG_SZ “C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe” ASO-616B5711-6DAE-4795-A05F-39A1E5104020
WMPNSCFG REG_SZ C:\Program Files\Windows Media Player\WMPNSCFG.exe
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run\Disabled
Windows Defender REG_EXPAND_SZ %ProgramFiles%\Windows Defender\MSASCui.exe -hide
SynTPEnh REG_SZ C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
BkupTray REG_SZ “C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe”
ArcadeDeluxeAgent REG_SZ “C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe”
PlayMovie REG_SZ “C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe”
StartCCC REG_SZ “C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe” MSRun
RtHDVCpl REG_SZ RtHDVCpl.exe
PLFSetI REG_SZ C:\Windows\PLFSetI.exe
LManager REG_SZ C:\PROGRA~1\LAUNCH~1\LManager.exe
eDataSecurity Loader REG_SZ C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe
ePower_DMC REG_SZ C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe
WarReg_PopUp REG_SZ C:\Program Files\Acer\WR_PopUp\WarReg_PopUp.exe
Google Desktop Search REG_SZ “C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe” /startup
LogitechQuickCamRibbon REG_SZ “C:\Program Files\Logitech\QuickCam\Quickcam.exe” /hide
FTD Watchdog Monitor REG_SZ C:\Program Files\FTD Watchdog\FtdMonitor.exe
AnyDVD REG_SZ C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
PWRISOVM.EXE REG_SZ C:\Program Files\PowerISO\PWRISOVM.EXE
CloneCDTray REG_SZ “C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe” /s
CLMLServer REG_SZ “C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe”
CanonSolutionMenu REG_SZ C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon
CanonMyPrinter REG_SZ C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
Adobe Reader Speed Launcher REG_SZ “C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe”
Adobe ARM REG_SZ “C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe”
NBKeyScan REG_SZ “C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe”
GrooveMonitor REG_SZ “C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe”
QuickTime Task REG_SZ “C:\Program Files\QuickTime\QTTask.exe” -atboottime
combofix REG_SZ “C:\ComboFix\CF23921.cfxxe” /c “C:\ComboFix\C.bat”
=====================
Other Keys
=====================
ConsentPromptBehaviorAdmin REG_DWORD 2 (0x2)
ConsentPromptBehaviorUser REG_DWORD 1 (0x1)
EnableInstallerDetection REG_DWORD 1 (0x1)
EnableLUA REG_DWORD 1 (0x1)
EnableSecureUIAPaths REG_DWORD 1 (0x1)
EnableVirtualization REG_DWORD 1 (0x1)
PromptOnSecureDesktop REG_DWORD 1 (0x1)
ValidateAdminCodeSignatures REG_DWORD 0 (0x0)
dontdisplaylastusername REG_DWORD 0 (0x0)
legalnoticecaption REG_SZ
legalnoticetext REG_SZ
scforceoption REG_DWORD 0 (0x0)
shutdownwithoutlogon REG_DWORD 1 (0x1)
undockwithoutlogon REG_DWORD 1 (0x1)
FilterAdministratorToken REG_DWORD 0 (0x0)
EnableUIADesktopToggle REG_DWORD 0 (0x0)
DisableRegistryTools REG_DWORD 0 (0x0)
===============
NoDrives REG_DWORD 0 (0x0)
===============
NoDrives REG_DWORD 0 (0x0)
===============
AppInit_DLLS REG_SZ C:\Windows\System32\avgrsstx.dll c:\PROGRA~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll C:\Windows\System32\avgrsstx.dll
===============
ReportBootOk REG_SZ 1
Shell REG_SZ Explorer.exe
Userinit REG_SZ C:\Windows\system32\userinit.exe,
VmApplet REG_SZ rundll32 shell32,Control_RunDLL “sysdm.cpl”
AutoRestartShell REG_DWORD 1 (0x1)
LegalNoticeCaption REG_SZ
LegalNoticeText REG_SZ
PowerdownAfterShutdown REG_SZ 0
ShutdownWithoutLogon REG_SZ 0
cachedlogonscount REG_SZ 10
forceunlocklogon REG_DWORD 0 (0x0)
passwordexpirywarning REG_DWORD 14 (0xe)
Background REG_SZ 0 0 0
DebugServerCommand REG_SZ no
WinStationsDisabled REG_SZ 0
DisableCAD REG_DWORD 1 (0x1)
scremoveoption REG_SZ 0
ShutdownFlags REG_DWORD 39 (0x27)
SFCDisable REG_DWORD 0 (0x0)
System REG_SZ
===============
===============
{B5A7F190-DDA6-4420-B3BA-52453494E6CD} REG_SZ Groove GFS Stub Execution Hook
{AEB6717E-7E19-11d0-97EE-00C04FD91972} REG_SZ
===============
C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSfsu.exe REG_SZ C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSfsu.exe:*:Enabled:eDSfsu
C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\encryption.exe REG_SZ C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\encryption.exe:*:Enabled:encryption
C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\decryption.exe REG_SZ C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\decryption.exe:*:Enabled:decryption
C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSMgr.exe REG_SZ C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSMgr.exe:*:Enabled:eDSMgr
C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStbmngr.exe REG_SZ C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStbmngr.exe:*:Enabled:eDStbmngr
C:\Program Files\Acer\Empowering Technology\eDataSecurity\x64\eDSfsu.exe REG_SZ C:\Program Files\Acer\Empowering Technology\eDataSecurity\x64\eDSfsu.exe:*:Enabled:eDSfsu
C:\Program Files\Acer\Empowering Technology\eDataSecurity\x64\encryption.exe REG_SZ C:\Program Files\Acer\Empowering Technology\eDataSecurity\x64\encryption.exe:*:Enabled:encryption
C:\Program Files\Acer\Empowering Technology\eDataSecurity\x64\decryption.exe REG_SZ C:\Program Files\Acer\Empowering Technology\eDataSecurity\x64\decryption.exe:*:Enabled:decryption
C:\Program Files\Acer\Empowering Technology\eDataSecurity\x64\eDSMgr.exe REG_SZ C:\Program Files\Acer\Empowering Technology\eDataSecurity\x64\eDSMgr.exe:*:Enabled:eDSMgr
C:\Program Files\Acer\Empowering Technology\eDataSecurity\x64\eDStbmngr.exe REG_SZ C:\Program Files\Acer\Empowering Technology\eDataSecurity\x64\eDStbmngr.exe:*:Enabled:eDStbmngr
===============
ActivX controls
===============
===============
==============
BHO :
======
===
DNS
===
DNS Server Search Order: 82.197.196.182
DNS Server Search Order: 82.197.196.183
HKLM\SYSTEM\CCS\Services\Tcpip\..\{B35E0AB4-924A-461B-A87D-5BBDBA985F85}: DhcpNameServer=192.168.2.1 192.168.2.1 82.197.196.182 82.197.196.183
HKLM\SYSTEM\CS1\Services\Tcpip\..\{B35E0AB4-924A-461B-A87D-5BBDBA985F85}: DhcpNameServer=192.168.2.1 192.168.2.1 82.197.196.182 82.197.196.183
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.2.1 192.168.2.1 82.197.196.182 82.197.196.183
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.2.1 192.168.2.1 82.197.196.182 82.197.196.183
================
Internet Explorer :
================
Start Page REG_SZ http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
Start Page REG_SZ http://www.findarticlesblog.com/
========
Services
========
Ndisuio : 0x3 ( OK = 3 )
EapHost : 0x3 ( OK = 2 )
Wlansvc : 0x2 ( OK = 2 )
SharedAccess : 0x2 ( OK = 2 )
windefend : 0x2 ( OK = 2 )
wuauserv : 0x2 ( OK = 2 )
wscsvc : 0x2 ( OK = 2 )
=========
Atapi.sys
=========
%%%% HASHDEEP-1.0
%%%% size,md5,sha256,filename
## Invoked from: C:\Program Files\List_Kill'em
## C:\> hashdeep.exe C:\Windows\ERDNT\cache\atapi.sys
##
21560,2d9c903dc76a66813d350a562de40ed9,82609f01a08c6842e4c17c077bb641c1429c0e6657964b7f2d114035e1bdcbf3,C:\Windows\ERDNT\cache\atapi.sys
%%%% HASHDEEP-1.0
%%%% size,md5,sha256,filename
## Invoked from: C:\Program Files\List_Kill'em
## C:\> hashdeep.exe C:\Windows\SoftwareDistribution\Download\15d05090e6f876555f2419af621dda9f\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
##
19944,1f05b78ab91c9075565a9d8a4b880bc4,737be9f9376dab0ccdfed93ea6d67f0c432367ea63cd772a453485be769af3bd,C:\Windows\SoftwareDistribution\Download\15d05090e6f876555f2419af621dda9f\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
%%%% HASHDEEP-1.0
%%%% size,md5,sha256,filename
## Invoked from: C:\Program Files\List_Kill'em
## C:\> hashdeep.exe C:\Windows\System32\drivers\atapi.sys
##
21560,2d9c903dc76a66813d350a562de40ed9,82609f01a08c6842e4c17c077bb641c1429c0e6657964b7f2d114035e1bdcbf3,C:\Windows\System32\drivers\atapi.sys
%%%% HASHDEEP-1.0
%%%% size,md5,sha256,filename
## Invoked from: C:\Program Files\List_Kill'em
## C:\> hashdeep.exe C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
##
19048,4f4fcb8b6ea06784fb6d475b7ec7300f,6202d85c9a75e3f01f5f94f069c4cd8a2b9295a182301eae5940ec3bc2c1d896,C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
%%%% HASHDEEP-1.0
%%%% size,md5,sha256,filename
## Invoked from: C:\Program Files\List_Kill'em
## C:\> hashdeep.exe C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
##
21560,2d9c903dc76a66813d350a562de40ed9,82609f01a08c6842e4c17c077bb641c1429c0e6657964b7f2d114035e1bdcbf3,C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
%%%% HASHDEEP-1.0
%%%% size,md5,sha256,filename
## Invoked from: C:\Program Files\List_Kill'em
## C:\> hashdeep.exe C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
##
21560,2d9c903dc76a66813d350a562de40ed9,82609f01a08c6842e4c17c077bb641c1429c0e6657964b7f2d114035e1bdcbf3,C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
Référence :
==========
Win 2000_SP2 : ff953a8f08ca3f822127654375786bbe
Win 2000_SP4 : 8c718aa8c77041b3285d55a0ce980867
Win XP_32b : a64013e98426e1877cb653685c5c0009
Win XP_SP2_32b : CDFE4411A69C224BD1D11B2DA92DAC51
Win XP_SP3_32b : 9F3A2F5AA6875C72BF062C712CFA2674
Vista_32b : e03e8c99d15d0381e02743c36afc7c6f
Vista_SP1_32b : 2d9c903dc76a66813d350a562de40ed9
Vista_SP2_32b : 1F05B78AB91C9075565A9D8A4B880BC4
Vista_SP2_64b : 1898FAE8E07D97F2F6C2D5326C633FAC
Windows 7_32b : 80C40F7FDFC376E4C5FEEC28B41C119E
Windows 7_64b : 02062C0B390B7729EDC9E69C680A6F3C
Windows 7_32b_Ultimate : 338c86357871c167a96ab976519bf59e
=======
Drive :
=======
Windows Schijfdefragmentatie
Copyright © 2006 Microsoft Corp.
Analyserapport voor volume C: ACER
Volumegrootte = 112 GB
Beschikbare ruimte = 33.10 GB
Grootste hoeveelheid vrije ruimte = 13.23 GB
Percentage bestandsfragmentatie = 2 %
Opmerking: op NTFS-volumes worden bestandsfragmenten groter dan 64 MB niet opgenomen in de fragmentatiestatistieken
U hoeft dit volume niet te defragmenteren.
¤¤¤¤¤¤¤¤¤¤ Files/folders :
Present !! : C:\Windows\System32\ACER.exe
¤¤¤¤¤¤¤¤¤¤ Keys :
Present !! : HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDrives
Present !! : HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDrives
Present !! : HKEY_USERS\S-1-5-21-1514063325-3281619299-2884210226-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDrives
Present !! : HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDrives
Present !! : HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDrives
Present !! : HKEY_USERS\S-1-5-21-1514063325-3281619299-2884210226-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDrives
Present !! : HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDrives
Present !! : HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDrives
Present !! : HKEY_USERS\S-1-5-21-1514063325-3281619299-2884210226-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDrives
Present !! : HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools
Present !! : “HKCU\Software\Microsoft\Internet Explorer\LowRegistry\Search Settings”
Present !! : “HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}”
Present !! : “HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}”
Present !! : “HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B922D405-6D13-4A2B-AE89-08A030DA4402}”
Present !! : “HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}”
Present !! : “HKLM\Software\Search Settings”
Present !! : HKCR\CLSID\{248dd896-bb45-11cf-9abc-0080c7e7b78d}
Present !! : HKCR\CLSID\{248dd897-bb45-11cf-9abc-0080c7e7b78d}
Present !! : HKCR\Installer\UpgradeCodes\789034A89BAC50E4782F0A7BDBF75632
Present !! : HKCR\Installer\UpgradeCodes\A97CEC23332751B47BA4B95BAA50C9D0
Present !! : HKCR\Interface\{248dd892-bb45-11cf-9abc-0080c7e7b78d}
Present !! : HKCR\Interface\{248dd893-bb45-11cf-9abc-0080c7e7b78d}
Present !! : HKCR\Interface\{4897bba6-48d9-468c-8efa-846275d7701b}
Present !! : HKCR\TypeLib\{248dd890-bb45-11cf-9abc-0080c7e7b78d}
Present !! : HKCU\Software\AppDataLow\Software\pdfforge
Present !! : HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{83ff80f4-8c74-4b80-b5ba-c8ddd434e5c4}
Present !! : HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35B-6118-11DC-9C72-001320C79847}
Present !! : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35C-6118-11DC-9C72-001320C79847}
Present !! : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\A97CEC23332751B47BA4B95BAA50C9D0
Present !! : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\789034A89BAC50E4782F0A7BDBF75632
Present !! : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\07D5290CDBDAE4242926B8E6CA650501
Present !! : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\08E33F7B61DEFF24BB9673ED7D467636
Present !! : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\0E3D8A5B48622A445A7DF73FEFF32C3F
Present !! : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\1AC67655DD68F8240B2860F2D511EBD8
Present !! : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\34EDDB1BFB3A2D448845F3EFD0F15A43
Present !! : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\351716A953E21214898904032EAE2E81
Present !! : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\397C771A7BCAC904697C3EC629ED33ED
Present !! : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\4318DF19719275242801CBE292063A4C
Present !! : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\45FC115D1FEAEF849A4E1610D6EC8BF0
Present !! : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\46A5861A389ADB844AF89E31BC9DF0A1
Present !! : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\49B0E1A6FF50BBE4289E4E23DE6EA0C7
Present !! : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\4CCCAC049F34D0540AAC13011398BEDB
Present !! : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\5C4389D0BFB302C479DE4178BD5D9EBA
Present !! : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\5D19F074C042AD34BAB463D4175A062E
Present !! : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\5D2B09BDEF4FE54418E6F3373CDBC7AC
Present !! : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\61B65D3397A1FBF4CB1571B5E4F6B5B0
Present !! : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\68E8A05C60DD9254591DBD16C94EDDBF
Present !! : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\697E782CF574CC34CBB9566440BA12BC
Present !! : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\6AE27A8613CF7EA4782F2886F67295E5
Present !! : HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\76DA9915C36F3D742951F63351CF5C97
Present !! : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\7CE172051F585E04187BCB97570BFA74
Present !! : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\86A901BA5265452499DCBF719C378EE3
Present !! : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\88ABD1CD5C40EC84789A7F6EF86DAC5E
Present !! : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\980289C22F80A7C4BB9323DC61255E4E
Present !! : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\98CC8BF5A4A6E6C4ABF7051DDAB8B058
Present !! : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\9A4B7EF3789F871419D9302583B20C15
Present !! : HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\9B0B0584E80456A4FB98DA3973B1EB3F
Present !! : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\A189D17A469616C4688D23E192996267
Present !! : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\A6C53B0F76C44004A8F36716213017DB
Present !! : HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\A89F1E0FE544529429C8BF82FE74CE39
Present !! : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\B59F2D8189784CC46A4597F2842480B0
Present !! : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\BD746FB95FB8E5B45BF66BE54D5FD91F
Present !! : HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\C9667115F6A9CE340B31B63B680FF26F
Present !! : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\CCF399FCD6D2D3F46BF02A1378654FC9
Present !! : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\D149C1355C98DE24E82CEFBD996FE06A
Present !! : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\D15DAF33C220F91468A1D7D57C31ACD7
Present !! : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\D3BA76A44C779424889063D5098ED2D6
Present !! : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\D6D0EB9FDBD90C04D92A7E729058F10D
Present !! : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\DB59FDB786388EA4D897F3EE715683AC
Present !! : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\DB8DAD19CFBCC2049A4477183787E8C5
Present !! : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\E337925F629CF4C4FB08F3D9674DD839
Present !! : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\E4748F9A4181FCE46A23C13B517B9420
Present !! : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\EC65F200D112357449C8B1BC3CFA03D0
Present !! : HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\EFB70E89C3D6D354596520DE424F89D6
Present !! : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\F327D0C73C0973644A21E8CC852267A0
Present !! : HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\F49A213B5069AC348994D03F81B56C19
Present !! : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\FA96423FE2B98E248A3B23548D1E22D9
Present !! : HKLM\Software\pdfforge
Present !! : HKLM\SYSTEM\ControlSet001\Services\Irmon
Present !! : HKLM\SYSTEM\CurrentControlSet\Services\Irmon
============
catchme 0.3.1398.3 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-03-20 01:52:48
Windows 6.0.6001 Service Pack 1 FAT NTAPI
scanning hidden processes …
?
?
scanning hidden services …
scanning hidden autostart entries …
scanning hidden files …
scan completed successfully
hidden processes: 2
hidden services: 0
hidden files: 0
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net
device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll AnyDVD.sys storport.sys ahcix86s.sys tcpip.sys NETIO.SYS usbhub.sys ntkrnlpa.exe
kernel: MBR read successfully
user & kernel MBR OK
¤¤¤¤¤¤¤¤¤¤ Cracks | Keygens | Serials
C:\Users\Anita\Downloads\GrabIt Downloads\Chives - Nero8.3.6.0 Nederlands\Chives - Nero 8.3.6.0 Nederlands\Keygen.exe
C:\Users\Anita\Downloads\GrabIt Downloads\NortonGhost12\Install.rar
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤( EOF )¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
End of scan : 1:53:56,91
23:00:03:685 4684 TDSS rootkit removing tool 2.2.8 Mar 10 2010 15:53:20
23:00:03:686 4684 ================================================================================
23:00:03:686 4684 SystemInfo:
23:00:03:686 4684 OS Version: 6.0.6001 ServicePack: 1.0
23:00:03:686 4684 Product type: Workstation
23:00:03:687 4684 ComputerName: LAPTOP-ANITA
23:00:03:688 4684 UserName: Anita
23:00:03:688 4684 Windows directory: C:\Windows
23:00:03:688 4684 Processor architecture: Intel x86
23:00:03:688 4684 Number of processors: 2
23:00:03:688 4684 Page size: 0x1000
23:00:03:693 4684 Boot type: Normal boot
23:00:03:693 4684 ================================================================================
23:00:03:706 4684 UnloadDriverW: NtUnloadDriver error 2
23:00:03:706 4684 ForceUnloadDriverW: UnloadDriverW(klmd21) error 2
23:00:28:808 4684 wfopen_ex: Trying to open file C:\Windows\system32\config\system
23:00:28:841 4684 wfopen_ex: MyNtCreateFileW error 32 (C0000043)
23:00:28:841 4684 wfopen_ex: Trying to KLMD file open
23:00:28:841 4684 wfopen_ex: File opened ok (Flags 2)
23:00:28:842 4684 wfopen_ex: Trying to open file C:\Windows\system32\config\software
23:00:28:849 4684 wfopen_ex: MyNtCreateFileW error 32 (C0000043)
23:00:28:849 4684 wfopen_ex: Trying to KLMD file open
23:00:28:850 4684 wfopen_ex: File opened ok (Flags 2)
23:00:28:850 4684 Initialize success
23:00:28:850 4684
23:00:28:851 4684 Scanning Services …
23:00:29:927 4684 GetAdvancedServicesInfo: Raw services enum returned 495 services
23:00:29:939 4684
23:00:29:940 4684 Scanning Kernel memory …
23:00:29:941 4684 Devices to scan: 1
23:00:29:941 4684
23:00:29:941 4684 Driver Name: ahcix86s
23:00:29:941 4684 IRP_MJ_CREATE : 8AB8160A
23:00:29:942 4684 IRP_MJ_CREATE_NAMED_PIPE : 8283F013
23:00:29:942 4684 IRP_MJ_CLOSE : 8AB81565
23:00:29:942 4684 IRP_MJ_READ : 8283F013
23:00:29:942 4684 IRP_MJ_WRITE : 8283F013
23:00:29:942 4684 IRP_MJ_QUERY_INFORMATION : 8283F013
23:00:29:942 4684 IRP_MJ_SET_INFORMATION : 8283F013
23:00:29:942 4684 IRP_MJ_QUERY_EA : 8283F013
23:00:29:942 4684 IRP_MJ_SET_EA : 8283F013
23:00:29:942 4684 IRP_MJ_FLUSH_BUFFERS : 8283F013
23:00:29:942 4684 IRP_MJ_QUERY_VOLUME_INFORMATION : 8283F013
23:00:29:942 4684 IRP_MJ_SET_VOLUME_INFORMATION : 8283F013
23:00:29:942 4684 IRP_MJ_DIRECTORY_CONTROL : 8283F013
23:00:29:943 4684 IRP_MJ_FILE_SYSTEM_CONTROL : 8283F013
23:00:29:943 4684 IRP_MJ_DEVICE_CONTROL : 8EDEA228
23:00:29:943 4684 IRP_MJ_INTERNAL_DEVICE_CONTROL : 8EDEA450
23:00:29:943 4684 IRP_MJ_SHUTDOWN : 8283F013
23:00:29:943 4684 IRP_MJ_LOCK_CONTROL : 8283F013
23:00:29:943 4684 IRP_MJ_CLEANUP : 8283F013
23:00:29:943 4684 IRP_MJ_CREATE_MAILSLOT : 8283F013
23:00:29:943 4684 IRP_MJ_QUERY_SECURITY : 8283F013
23:00:29:943 4684 IRP_MJ_SET_SECURITY : 8283F013
23:00:29:943 4684 IRP_MJ_POWER : 8AB5698F
23:00:29:943 4684 IRP_MJ_SYSTEM_CONTROL : 8AB818FE
23:00:29:943 4684 IRP_MJ_DEVICE_CHANGE : 8283F013
23:00:29:943 4684 IRP_MJ_QUERY_QUOTA : 8283F013
23:00:29:943 4684 IRP_MJ_SET_QUOTA : 8283F013
23:00:29:966 4684 C:\Windows\system32\DRIVERS\ahcix86s.sys - Verdict: 1
23:00:29:966 4684
23:00:29:967 4684 Completed
23:00:29:968 4684
23:00:29:968 4684 Results:
23:00:29:969 4684 Memory objects infected / cured / cured on reboot: 0 / 0 / 0
23:00:29:969 4684 Registry objects infected / cured / cured on reboot: 0 / 0 / 0
23:00:29:970 4684 File objects infected / cured / cured on reboot: 0 / 0 / 0
23:00:29:971 4684
23:00:29:971 4684 fclose_ex: Trying to close file C:\Windows\system32\config\system
23:00:29:972 4684 fclose_ex: Trying to close file C:\Windows\system32\config\software
23:00:29:978 4684 KLMD(ARK) unloaded successfully
lente

28-03-2010 09:27

dag,kan iemand mij helpen gllod virus verwijderen?dank u
Luca

28-03-2010 13:30

Volg de stappen van de onderstaande link en plaats de twee gevraagde logjes in een eigen topic. Je wordt dan vanzelf door iemand van het prikbord geholpen:
http://antivirus.startpagina.nl/prikbord/4625317/voer-dit-eerst-uit-voordat-je-de-logjes-plaatst!!#msg-4625317
hajo

29-03-2010 17:43

ik heb hetzelfde probleem maar ik weet niet hoe ik dit kan oplossen
kan er mij iemand helpen aub
grtz hajo
help me aub

Gllod.com wijzigt mijn startpagina van google

fransefreule

fransefreule

Argus

fransefreule

Argus

fransefreule

fransefreule

lente

Luca

hajo