Hotmail is gekraakt

• 

  fazantje

  27-05-2011 09:33

  Hoi Henk,

  Ben helpt je met de logjes verder, maar nu het eigenlijke probleem:

  Als je zeker bent dat jou hotmail is gekraakt, (of wachtwoord vergeten), doe dan het volgende:

  Ga naar:

  https://windowslivehelp.com/PasswordReset.aspx

  Er opent nu een formulier waarin o.a. gevraagd wordt naar mappen en contactpersonen die je zelf hebt aangemaakt. Geef precies antwoord op de gestelde vragen.

  Geef alleen de gegevens door die je zeker weet.

  Als de MSN helpdesk op deze manier je identiteit kan controleren wordt het account hersteld.

  Succes,

  Huib;)

  

  Rapporteren
• 

  Henk

  27-05-2011 23:55

  ik heb het programma spyware terminator laten scannen en die gaf het volgende aan:

  GenericFf-1(trojan detected by clamAv)

  Worm.autorun-6216

  Heuristics.broken.executable

  Deze heb ik laten verwijderen door het programma

  Maar Generic Ff-1 kon niet verwijderd worden.

  Zie volgende regels:

  Verwijderen GenericFF-1

  Verwijderen bestand mislukt (User Access Denied) : drivers\USBCAMD.sys

  Verwijderen bestand mislukt: drivers\USBCAMD.sys

  Verwijderen bestand mislukt (User Access Denied) : drivers\USBCAMD2.sys

  Verwijderen bestand mislukt: drivers\USBCAMD2.sys

  Bestand verwijderen: DriverStore\FileRepository\netw2.inf_cfad6bd0\NETw2v32.sys

  Verwijderen bestand mislukt (User Access Denied) : wscript.exe

  Verwijderen bestand mislukt: wscript.exe

  Bestand verwijderen: c:\Program Files\Common Files\Windows Live\.cache\e0fbb9511cbf23b08\crt90.msi

  Bestand verwijderen: c:\Windows\SoftwareDistribution\Download\90ba5f809a5ea316ef5082f29b483181305d25d5

  Verwijderen bestand mislukt (User Access Denied) : c:\Windows\winsxs\x86_microsoft-windows-rasbase-raspptp_31bf3856ad364e35_6.0.6000.16386_none_97b85cdceaebcc48\raspptp.sys

  Verwijderen bestand mislukt: c:\Windows\winsxs\x86_microsoft-windows-rasbase-raspptp_31bf3856ad364e35_6.0.6000.16386_none_97b85cdceaebcc48\raspptp.sys

  Bestand verwijderen: c:\Windows\winsxs\x86_microsoft.vc90.openmp_1fc8b3b9a1e18e3b_9.0.21022.8_none_ecdf8c290e547f39\vcomp90.dll

  Bestand verwijderen: c:\Windows\winsxs\x86_microsoft.vc90.openmp_1fc8b3b9a1e18e3b_9.0.30729.5570_none_80bb811d1e9a4ed2\vcomp90.dll

  Verwijderen Worm.Autorun-6216

  Bestand verwijderen: c:\Henk\Programma's\Vuze_Installer.exe

  Verwijderen Heuristics.Broken.Executable

  Bestand verwijderen: c:\Program Files\Common Files\Windows Live\.cache\3311aba11cbf23c10\Contacts.msi

  Bestand verwijderen: c:\Program Files\Common Files\Windows Live\.cache\3e6bb4f11cbf23c12\pimt.msi

  Bestand verwijderen: c:\Program Files\Common Files\Windows Live\.cache\d28a5de11cbf23b07\WLXSuite.msi

  Bestand verwijderen: c:\Program Files\Common Files\Windows Live\.cache\fadc2cb11cbf23b0a\d3dx10-x86.msi

  Bestand verwijderen: c:\Users\Lueks\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PGZHBFNX\SmitfraudFix.exe

  Systeemherstelpunt sluiten

  Voltooid

  daarna heb ik de volgende hijjackthis log gemaakt:Logfile of Trend Micro HijackThis v2.0.4

  Scan saved at 23:53:37, on 27-5-2011

  Platform: Windows Vista SP2 (WinNT 6.00.1906)

  MSIE: Internet Explorer v9.00 (9.00.8112.16421)

  Boot mode: Normal

  Running processes:

  C:\Windows\system32\Dwm.exe

  C:\Windows\Explorer.EXE

  C:\Windows\system32\taskeng.exe

  C:\Program Files\Trend Micro\UniClient\UiFrmWrk\uiSeAgnt.exe

  C:\Windows\system32\igfxsrvc.exe

  C:\Program Files\Windows Defender\MSASCui.exe

  C:\Windows\System32\igfxtray.exe

  C:\Windows\System32\hkcmd.exe

  C:\Windows\System32\igfxpers.exe

  C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe

  C:\Program Files\Windows Sidebar\sidebar.exe

  C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe

  C:\Program Files\Windows Media Player\wmpnscfg.exe

  C:\Program Files\Windows Sidebar\sidebar.exe

  C:\Users\Lueks\AppData\Local\Temp\RtkBtMnt.exe

  C:\Program Files\Trend Micro\Titanium\UIFramework\uiWinMgr.exe

  C:\Program Files\Internet Explorer\iexplore.exe

  C:\Program Files\Internet Explorer\iexplore.exe

  C:\Windows\system32\Macromed\Flash\FlashUtil10q_ActiveX.exe

  C:\Program Files\Internet Explorer\iexplore.exe

  C:\Program Files\Internet Explorer\iexplore.exe

  C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

  C:\Windows\system32\DllHost.exe

  R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

  R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.nl.msn.com/

  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

  R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

  R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

  O1 - Hosts: ::1 localhost

  O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

  O2 - BHO: Trend Micro NSC BHO - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1464\6.6.1079\TmIEPlg.dll

  O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

  O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion\companioncore.dll

  O2 - BHO: TmBpIeBHO - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\Module\20002\6.5.1234\6.5.1234\TmBpIe32.dll

  O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

  O4 - HKLM\..\Run: %ProgramFiles%\Windows Defender\MSASCui.exe -hide

  O4 - HKLM\..\Run: C:\Windows\system32\igfxtray.exe

  O4 - HKLM\..\Run: C:\Windows\system32\hkcmd.exe

  O4 - HKLM\..\Run: C:\Windows\system32\igfxpers.exe

  O4 - HKLM\..\Run: C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s

  O4 - HKLM\..\Run: “C:\Program Files\Trend Micro\Titanium\UIFramework\uiWinMgr.exe” -set Silent “1” SplashURL “”

  O4 - HKLM\..\Run: “C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe”

  O4 - HKLM\..\Run: “C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe”

  O4 - HKLM\..\Run: “C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe”

  O4 - HKLM\..\Run: “C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe”

  O4 - HKCU\..\Run: C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

  O4 - HKCU\..\Run: “C:\Program Files\Windows Live\Messenger\msnmsgr.exe” /background

  O4 - HKCU\..\Run: C:\Program Files\Windows Media Player\WMPNSCFG.exe

  O4 - HKCU\..\Run: “C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe”

  O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

  O9 - Extra button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files\Windows Live\Companion\companioncore.dll

  O11 - Options group: Accelerated graphics

  O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos-beta/OnlineScanner.cab

  O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

  O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

  O18 - Protocol: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\Module\20002\6.5.1234\6.5.1234\TmBpIe32.dll

  O18 - Protocol: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1464\6.6.1079\TmIEPlg.dll

  O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

  O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll

  O23 - Service: Trend Micro Solution Platform (Amsp) - Trend Micro Inc. - C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe

  O23 - Service: @C:\Program Files\Nero\Update\NASvc.exe,-200 (NAUpdate) - Nero AG - C:\Program Files\Nero\Update\NASvc.exe

  O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe

  –

  End of file - 5937 bytes

  Rapporteren
• 

  Henk

  28-05-2011 00:00

  De Jotti's malwarescan geeft niks aan zie resultaat hieronder

  2011-05-27 Niets gevonden

  2011-05-27 Niets gevonden

  2011-05-27 Niets gevonden

  2011-05-27 Niets gevonden

  2011-05-27 Niets gevonden

  2011-05-27 Niets gevonden

  2011-05-27 Niets gevonden

  2011-05-27 Niets gevonden

  2011-05-27 Niets gevonden

  2011-05-27 Niets gevonden

  2011-05-27 Niets gevonden

  2011-05-27 Niets gevonden

  2011-05-27 Niets gevonden

  2011-05-27 Niets gevonden

  2011-05-27 Niets gevonden

  2011-05-27 Niets gevonden

  2011-05-27 Niets gevonden

  2011-05-26 Niets gevonden

  2011-05-26 Niets gevonden

  2011-05-27 Niets gevonden

  Rapporteren
• 

  Ben

  28-05-2011 10:16

  Hallo Henk,

  Doe deze stap (na goed keuring van fazantje)

  Download Combofix naar je Bureaublad:

  http://download.bleepingcomputer.com/sUBs/ComboFix.exe

  Indien je Combofix al eerder hebt gebruikt, gelieve die versie te verwijderen en Combofix opnieuw te downloaden via bovenstaande link,

  want Combofix wordt dagelijks geupdate.

  OPMERKING: indien je, tijdens of na het downloaden van Combofix of tijdens het gebruik van Combofix een melding krijgt van je Antivirus- of een andere realtime scanner, schakel dan deze scanner uit en download Combofix opnieuw.

  Sommige scanners zien bepaalde componenten die Combofix gebruikt als verdacht en gaan deze blokkeren of verwijderen!

  Dubbelklik op Combofix.exe

  Volg de instructies, aanvaard de disclaimer.

  Tijdens het runnen van de fix, NIET in het venster klikken, want dit zal je pc doen vasthangen.

  Wanneer de fix voltooid is en na herstart, zal de log combofix.txt openen.

  Indien het log niet opstart, is dit terug tevinden in C:\ComboFix.txt

  Plaats deze log in je volgende post samen met een nieuw HijackThis logje

  Ben

  Rapporteren
• 

  fazantje

  28-05-2011 14:33

  Voer maar uit;)

  Succes,

  Huib;)

  

  Rapporteren
• 

  Henk

  28-05-2011 16:06

  ComboFix 11-05-27.02 - Lueks 28-05-2011 15:36:15.1.1 - x86

  Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.31.1043.18.2037.959

  Gestart vanuit: c:\users\Lueks\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6XT52EXJ\ComboFix.exe

  AV: Trend Micro Titanium *Disabled/Updated* {68F968AC-2AA0-091D-848C-803E83E35902}

  SP: Trend Micro Titanium *Disabled/Updated* {D3988948-0C9A-0693-BE3C-BB4CF86413BF}

  SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

  .

  .

  (((((((((((((((((((( Bestanden Gemaakt van 2011-04-28 to 2011-05-28 ))))))))))))))))))))))))))))))

  .

  .

  2011-05-28 13:50 . 2011-05-28 13:50 ——– d—–w- c:\users\Lueks\AppData\Local\temp

  2011-05-28 13:50 . 2011-05-28 13:50 ——– d—–w- c:\users\Default\AppData\Local\temp

  2011-05-28 08:06 . 2011-05-28 08:07 ——– d—–w- c:\users\Lueks\AppData\Local\{488ECC92-781D-4FE2-AA0D-3F21EC738588}

  2011-05-27 17:35 . 2011-05-27 17:36 ——– d—–w- c:\users\Lueks\AppData\Local\{38B9CD52-77B0-47D1-BCAF-0B1CFA4B6C62}

  2011-05-26 18:18 . 2011-05-26 18:18 ——– d—–w- c:\users\Lueks\AppData\Local\{34BDE0FA-F95D-49DC-B9E1-6F2A5C99FE83}

  2011-05-26 18:17 . 2011-05-27 17:37 ——– d—–w- c:\program files\WinClamAVShield

  2011-05-24 19:23 . 2011-05-24 19:23 142592 —-a-w- c:\windows\system32\drivers\sp_rsdrv2.sys

  2011-05-24 19:23 . 2011-05-27 18:13 ——– d—–w- c:\users\Lueks\AppData\Roaming\Spyware Terminator

  2011-05-24 19:23 . 2011-05-27 21:50 ——– d—–w- c:\programdata\Spyware Terminator

  2011-05-24 19:22 . 2011-05-27 21:49 ——– d—–w- c:\program files\Spyware Terminator

  2011-05-24 17:25 . 2011-05-24 17:25 ——– d—–w- c:\users\Lueks\AppData\Local\{7A70A85B-57F9-43E5-8BAF-39BE38A150C6}

  2011-05-23 20:20 . 2011-05-24 17:19 ——– d—–w- c:\programdata\Spybot - Search & Destroy

  2011-05-23 20:16 . 2011-05-10 18:19 770384 —-a-w- c:\windows\system32\msvcr100.dll

  2011-05-23 20:16 . 2011-01-07 13:39 421200 —-a-w- c:\windows\system32\msvcp100.dll

  2011-05-23 19:45 . 2011-05-23 19:45 ——– d—–w- c:\users\Lueks\AppData\Roaming\AVG10

  2011-05-23 19:23 . 2011-05-23 19:23 ——– d—–w- c:\program files\CCleaner

  2011-05-23 19:03 . 1999-12-17 08:13 86016 —-a-w- c:\windows\unvise32.exe

  2011-05-23 19:02 . 2011-05-23 19:02 ——– d—–w- c:\program files\ToniArts

  2011-05-23 19:02 . 2004-07-15 22:20 69715 —-a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\01\Intel32\ctor.dll

  2011-05-23 19:02 . 2004-07-15 22:19 266240 —-a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\01\Intel32\iscript.dll

  2011-05-23 19:02 . 2004-07-15 22:18 172032 —-a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\01\Intel32\iuser.dll

  2011-05-23 19:02 . 2004-07-15 22:18 5632 —-a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\01\Intel32\DotNetInstaller.exe

  2011-05-23 19:02 . 2004-07-15 22:20 733184 —-a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\01\Intel32\iKernel.dll

  2011-05-23 19:02 . 2011-05-23 19:02 303236 —-a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\01\Intel32\setup.dll

  2011-05-23 19:02 . 2011-05-23 19:02 180356 —-a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\01\Intel32\iGdi.dll

  2011-05-23 18:47 . 2011-05-23 18:47 ——– d–h–w- c:\programdata\Common Files

  2011-05-23 18:28 . 2011-05-23 18:29 ——– d—–w- c:\users\Lueks\AppData\Local\{FC65EB2E-A6A8-45DD-9CC3-4D8575D72778}

  2011-05-23 18:10 . 2011-05-23 20:39 17480 —-a-w- c:\windows\system32\drivers\hitmanpro35.sys

  2011-05-22 21:05 . 2011-05-27 18:32 ——– d—–w- c:\programdata\AVG10

  2011-05-22 21:01 . 2011-05-22 21:01 ——– d—–w- c:\program files\AVG

  2011-05-22 20:42 . 2011-05-22 20:42 98392 —-a-w- c:\windows\system32\drivers\SBREDrv.sys

  2011-05-22 20:38 . 2011-05-22 20:38 ——– d—–w- c:\program files\ESET

  2011-05-22 20:29 . 2011-05-26 18:48 ——– dc—-w- c:\windows\system32\DRVSTORE

  2011-05-22 20:28 . 2011-05-26 18:48 ——– d—–w- c:\programdata\Lavasoft

  2011-05-22 20:28 . 2011-05-27 18:18 ——– d—–w- c:\programdata\MFAData

  2011-05-22 20:19 . 2011-05-22 20:19 ——– d—–w- c:\users\Lueks\AppData\Local\{20E07D26-293D-4C0B-A5E7-8F69BF065971}

  2011-05-21 19:38 . 2011-05-21 19:38 ——– d—–w- c:\users\Lueks\AppData\Roaming\Thinstall

  2011-05-21 19:35 . 2011-05-21 19:35 ——– d—–w- c:\users\Lueks\AppData\Roaming\ATCBOXlive!

  2011-05-21 19:34 . 2011-05-21 19:36 ——– d—–w- c:\users\Lueks\AppData\Local\Deployment

  2011-05-21 19:34 . 2011-05-21 19:34 ——– d—–w- c:\users\Lueks\AppData\Local\Apps

  2011-05-21 17:05 . 2011-05-21 17:05 ——– d—–w- c:\users\Lueks\AppData\Roaming\Malwarebytes

  2011-05-21 17:05 . 2011-05-18 11:41 39984 —-a-w- c:\windows\system32\drivers\mbamswissarmy.sys

  2011-05-21 17:05 . 2011-05-21 17:05 ——– d—–w- c:\programdata\Malwarebytes

  2011-05-21 17:05 . 2011-05-21 17:05 ——– d—–w- c:\program files\Malwarebytes' Anti-Malware

  2011-05-21 17:05 . 2011-05-18 11:41 22712 —-a-w- c:\windows\system32\drivers\mbam.sys

  2011-05-21 16:21 . 2011-05-21 16:21 388096 —-a-r- c:\users\Lueks\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

  2011-05-21 09:58 . 2011-05-21 09:59 ——– d—–w- c:\users\Lueks\AppData\Local\{B1317E17-09EE-4DD0-954A-0D886C287123}

  2011-05-20 20:54 . 2011-05-20 20:55 ——– d—–w- c:\users\Lueks\AppData\Local\{DFD72EE7-B35A-4AF7-B8EA-BC3155F959E3}

  2011-05-18 18:11 . 2011-05-18 18:12 ——– d—–w- c:\users\Lueks\AppData\Local\{E433229E-637F-4F4A-93F8-33A588B1A516}

  2011-05-15 17:38 . 2011-05-15 17:38 404640 —-a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

  2011-05-15 17:36 . 2011-05-15 17:38 ——– d—–w- c:\users\Lueks\AppData\Local\{FE98436E-E8F1-48BF-8AE3-D5070782B2E6}

  2011-05-14 21:26 . 2011-04-07 12:01 2409784 —-a-w- c:\program files\Windows Mail\OESpamFilter.dat

  2011-05-14 21:13 . 2011-05-14 21:14 ——– d—–w- c:\users\Lueks\AppData\Local\{FD333603-8EA6-471E-9F42-479A23DD72E4}

  2011-05-07 18:47 . 2011-05-07 18:47 ——– d—–w- c:\users\Lueks\AppData\Local\{76AE5FF8-1984-4AB0-B9FF-30ACD4825AC8}

  2011-05-04 18:27 . 2004-09-10 18:12 49152 —-a-w- c:\windows\system32\E_DCINST.DLL

  2011-05-04 18:26 . 2007-12-07 00:08 86528 —-a-w- c:\windows\system32\E_FLBCAE.DLL

  2011-05-04 18:26 . 2007-12-07 00:01 78848 —-a-w- c:\windows\system32\E_FD4BCAE.DLL

  2011-05-04 18:26 . 2011-05-04 18:33 ——– d—–w- c:\programdata\EPSON

  2011-05-04 17:34 . 2011-05-04 17:34 ——– d—–w- c:\users\Lueks\AppData\Local\{346CAAB5-34FD-4B22-A06D-0CC43C9AB013}

  2011-05-03 20:50 . 2011-05-03 20:50 ——– d—–w- c:\programdata\Apple Computer

  2011-05-03 20:30 . 2011-05-03 20:30 ——– d—–w- c:\program files\FLV to AVI WMV MPEG Free Converter

  2011-05-03 20:25 . 2011-05-03 20:25 ——– d—–w- C:\FlashVideos

  2011-05-03 20:21 . 2008-10-08 08:16 139264 —-a-w- c:\windows\system32\xvid.ax

  2011-05-03 20:13 . 2011-05-03 20:13 ——– d—–w- c:\program files\ImTOO

  2011-05-03 19:54 . 2011-05-03 19:54 ——– d—–w- c:\users\Lueks\AppData\Roaming\Anvsoft

  2011-05-03 18:51 . 2011-05-03 18:51 ——– d—–w- c:\users\Lueks\AppData\Local\{2CDB402A-C22B-4E83-B696-88E51F9DF6BB}

  2011-05-03 18:42 . 2006-03-03 08:02 658432 —-a-w- c:\windows\system32\cc3270mt.dll

  2011-05-03 18:40 . 2003-02-21 03:42 348160 —-a-w- c:\windows\system32\msvcr71.dll

  2011-05-03 18:40 . 2002-01-05 13:40 487424 —-a-w- c:\windows\system32\msvcp70.dll

  2011-05-03 18:40 . 2002-01-05 01:37 344064 —-a-w- c:\windows\system32\msvcr70.dll

  2011-05-03 07:45 . 2011-05-03 18:44 ——– d—–w- c:\users\Lueks\AppData\Roaming\AVS4YOU

  2011-05-03 07:41 . 2011-05-03 18:51 ——– d—–w- c:\program files\Common Files\AVSMedia

  2011-05-03 07:41 . 2010-12-02 08:12 24576 —-a-w- c:\windows\system32\msxml3a.dll

  2011-05-03 07:41 . 2010-12-02 08:12 1700352 —-a-w- c:\windows\system32\GdiPlus.dll

  2011-05-03 07:41 . 2011-05-03 18:51 ——– d—–w- c:\program files\AVS4YOU

  2011-05-03 07:41 . 2011-05-03 07:45 ——– d—–w- c:\programdata\AVS4YOU

  2011-05-03 07:17 . 2011-05-03 19:55 ——– d—–w- c:\users\Lueks\AppData\Local\FLVService

  2011-05-03 07:17 . 2011-05-03 07:17 ——– d—–w- c:\windows\Freecorder

  2011-05-03 06:49 . 2011-05-03 06:50 ——– d—–w- c:\users\Lueks\AppData\Local\{729717E1-3D46-40C2-98EE-E3FE22597BBB}

  2011-05-02 07:05 . 2011-03-03 15:40 28672 —-a-w- c:\windows\system32\Apphlpdm.dll

  2011-05-02 07:05 . 2011-03-03 13:35 4240384 —-a-w- c:\windows\system32\GameUXLegacyGDFs.dll

  2011-05-02 07:04 . 2011-03-12 21:55 876032 —-a-w- c:\windows\system32\XpsPrint.dll

  2011-05-02 06:24 . 2011-05-02 06:25 ——– d—–w- c:\users\Lueks\AppData\Local\{5A858668-E288-4523-91EA-FEC3AC6CF378}

  .

  .

  .

  ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

  .

  2011-04-09 21:35 . 2011-04-09 21:35 161792 —-a-w- c:\windows\system32\msls31.dll

  2011-04-09 21:35 . 2011-04-09 21:35 1126912 —-a-w- c:\windows\system32\wininet.dll

  2011-04-09 21:35 . 2011-04-09 21:35 76800 —-a-w- c:\windows\system32\SetIEInstalledDate.exe

  2011-04-09 21:35 . 2011-04-09 21:35 74752 —-a-w- c:\windows\system32\RegisterIEPKEYs.exe

  2011-04-09 21:35 . 2011-04-09 21:35 48640 —-a-w- c:\windows\system32\mshtmler.dll

  2011-04-09 21:35 . 2011-04-09 21:35 86528 —-a-w- c:\windows\system32\iesysprep.dll

  2011-04-09 21:35 . 2011-04-09 21:35 63488 —-a-w- c:\windows\system32\tdc.ocx

  2011-04-09 21:35 . 2011-04-09 21:35 367104 —-a-w- c:\windows\system32\html.iec

  2011-04-09 21:35 . 2011-04-09 21:35 74752 —-a-w- c:\windows\system32\iesetup.dll

  2011-04-09 21:35 . 2011-04-09 21:35 23552 —-a-w- c:\windows\system32\licmgr10.dll

  2011-04-09 21:35 . 2011-04-09 21:35 1427456 —-a-w- c:\windows\system32\inetcpl.cpl

  2011-04-09 21:35 . 2011-04-09 21:35 152064 —-a-w- c:\windows\system32\wextract.exe

  2011-04-09 21:35 . 2011-04-09 21:35 150528 —-a-w- c:\windows\system32\iexpress.exe

  2011-04-09 21:35 . 2011-04-09 21:35 420864 —-a-w- c:\windows\system32\vbscript.dll

  2011-04-09 21:35 . 2011-04-09 21:35 2382848 —-a-w- c:\windows\system32\mshtml.tlb

  2011-04-09 21:35 . 2011-04-09 21:35 142848 —-a-w- c:\windows\system32\ieUnatt.exe

  2011-04-09 21:35 . 2011-04-09 21:35 11776 —-a-w- c:\windows\system32\mshta.exe

  2011-04-09 21:35 . 2011-04-09 21:35 101888 —-a-w- c:\windows\system32\admparse.dll

  2011-04-09 21:35 . 2011-04-09 21:35 35840 —-a-w- c:\windows\system32\imgutil.dll

  2011-04-09 21:35 . 2011-04-09 21:35 1797632 —-a-w- c:\windows\system32\jscript9.dll

  2011-04-09 21:35 . 2011-04-09 21:35 110592 —-a-w- c:\windows\system32\IEAdvpack.dll

  2011-04-03 20:16 . 2010-06-24 09:33 18328 —-a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll

  2011-03-26 17:05 . 2006-11-02 10:32 101888 —-a-w- c:\windows\system32\ifxcardm.dll

  2011-03-26 17:05 . 2006-11-02 10:32 82432 —-a-w- c:\windows\system32\axaltocm.dll

  2011-03-24 19:25 . 2011-03-24 19:41 472808 —-a-w- c:\windows\system32\deployJava1.dll

  2011-03-16 17:49 . 2011-03-26 18:55 82816 —-a-w- c:\windows\system32\drivers\dvdfab.sys

  2011-03-16 16:50 . 2011-03-16 16:50 377344 —-a-w- c:\windows\system32\winhttp.dll

  2011-03-16 16:48 . 2011-03-16 16:48 411648 —-a-w- c:\windows\system32\drivers\http.sys

  2011-03-16 16:48 . 2011-03-16 16:48 40960 —-a-w- c:\windows\system32\drivers\nl-NL\http.sys.mui

  2011-03-16 16:48 . 2011-03-16 16:48 30720 —-a-w- c:\windows\system32\httpapi.dll

  2011-03-16 16:48 . 2011-03-16 16:48 24064 —-a-w- c:\windows\system32\nshhttp.dll

  2011-03-16 16:32 . 2011-03-16 16:32 23552 —-a-w- c:\windows\system32\lpk.dll

  2011-03-16 16:32 . 2011-03-16 16:32 10240 —-a-w- c:\windows\system32\dciman32.dll

  2011-03-16 16:32 . 2011-03-16 16:32 2048 —-a-w- c:\windows\system32\msxml3r.dll

  2011-03-16 16:32 . 2011-03-16 16:32 1401856 —-a-w- c:\windows\system32\msxml6.dll

  2011-03-16 16:32 . 2011-03-16 16:32 2048 —-a-w- c:\windows\system32\msxml6r.dll

  2011-03-16 16:31 . 2011-03-16 16:31 71680 —-a-w- c:\windows\system32\atl.dll

  2011-03-16 16:30 . 2011-03-16 16:30 160256 —-a-w- c:\windows\system32\wkssvc.dll

  2011-03-16 16:27 . 2011-03-16 16:27 623616 —-a-w- c:\windows\system32\localspl.dll

  2011-03-16 16:26 . 2011-03-16 16:26 499712 —-a-w- c:\windows\system32\kerberos.dll

  2011-03-16 16:24 . 2011-03-16 16:24 1808896 —-a-w- c:\windows\system32\NlsLexicons0046.dll

  2011-03-16 16:24 . 2011-03-16 16:24 1793536 —-a-w- c:\windows\system32\NlsLexicons0045.dll

  2011-03-16 16:24 . 2011-03-16 16:24 1411072 —-a-w- c:\windows\system32\NlsLexicons0047.dll

  2011-03-16 16:24 . 2011-03-16 16:24 1558016 —-a-w- c:\windows\system32\NlsLexicons0049.dll

  2011-03-16 16:24 . 2011-03-16 16:24 5499904 —-a-w- c:\windows\system32\NlsLexicons0022.dll

  2011-03-16 16:24 . 2011-03-16 16:24 2136064 —-a-w- c:\windows\system32\NlsLexicons0021.dll

  2011-03-16 16:24 . 2011-03-16 16:24 1782272 —-a-w- c:\windows\system32\NlsLexicons0039.dll

  2011-03-16 16:24 . 2011-03-16 16:24 1236992 —-a-w- c:\windows\system32\NlsLexicons0020.dll

  2011-03-16 16:24 . 2011-03-16 16:24 7964672 —-a-w- c:\windows\system32\NlsLexicons0024.dll

  2011-03-16 16:24 . 2011-03-16 16:24 6224896 —-a-w- c:\windows\system32\NlsLexicons0027.dll

  2011-03-16 16:24 . 2011-03-16 16:24 5791232 —-a-w- c:\windows\system32\NlsLexicons0026.dll

  2011-03-16 16:24 . 2011-03-16 16:24 4175872 —-a-w- c:\windows\system32\NlsLexicons0010.dll

  2011-03-16 16:24 . 2011-03-16 16:24 4981248 —-a-w- c:\windows\system32\NlsLexicons0013.dll

  2011-03-16 16:24 . 2011-03-16 16:24 3331072 —-a-w- c:\windows\system32\NlsLexicons0018.dll

  2011-03-16 16:24 . 2011-03-16 16:24 2466816 —-a-w- c:\windows\system32\NlsLexicons0011.dll

  2011-03-16 16:24 . 2011-03-16 16:24 6781440 —-a-w- c:\windows\system32\NlsLexicons0019.dll

  2011-03-16 16:24 . 2011-03-16 16:24 11722752 —-a-w- c:\windows\system32\NlsLexicons0001.dll

  2011-03-16 16:24 . 2011-03-16 16:24 4164096 —-a-w- c:\windows\system32\NlsLexicons0002.dll

  2011-03-16 16:24 . 2011-03-16 16:24 1452544 —-a-w- c:\windows\system32\NlsLexicons0003.dll

  2011-03-16 16:24 . 2011-03-16 16:24 4093440 —-a-w- c:\windows\system32\NlsLexicons004c.dll

  2011-03-16 16:24 . 2011-03-16 16:24 3419136 —-a-w- c:\windows\system32\NlsLexicons004a.dll

  2011-03-16 16:24 . 2011-03-16 16:24 1972736 —-a-w- c:\windows\system32\NlsLexicons004e.dll

  2011-03-16 16:24 . 2011-03-16 16:24 1702912 —-a-w- c:\windows\system32\NlsLexicons004b.dll

  2011-03-16 16:24 . 2011-03-16 16:24 4045824 —-a-w- c:\windows\system32\NlsLexicons003e.dll

  2011-03-16 16:24 . 2011-03-16 16:24 6014976 —-a-w- c:\windows\system32\NlsLexicons001a.dll

  2011-03-16 16:24 . 2011-03-16 16:24 4096 —-a-w- c:\windows\system32\NlsLexicons002a.dll

  2011-03-16 16:24 . 2011-03-16 16:24 6585856 —-a-w- c:\windows\system32\NlsLexicons001b.dll

  2011-03-16 16:24 . 2011-03-16 16:24 9892864 —-a-w- c:\windows\system32\NlsLexicons000a.dll

  2011-03-16 16:24 . 2011-03-16 16:24 6346240 —-a-w- c:\windows\system32\NlsLexicons001d.dll

  2011-03-16 16:24 . 2011-03-16 16:24 6237696 —-a-w- c:\windows\system32\NlsLexicons000c.dll

  2011-03-16 16:24 . 2011-03-16 16:24 5654528 —-a-w- c:\windows\system32\NlsLexicons000f.dll

  2011-03-16 16:24 . 2011-03-16 16:24 1722368 —-a-w- c:\windows\system32\NlsLexicons000d.dll

  2011-03-16 16:24 . 2011-03-16 16:24 4616192 —-a-w- c:\windows\system32\NlsLexicons0414.dll

  2011-03-16 16:24 . 2011-03-16 16:24 5090816 —-a-w- c:\windows\system32\NlsLexicons0416.dll

  2011-03-16 16:24 . 2011-03-16 16:24 5031936 —-a-w- c:\windows\system32\NlsLexicons0816.dll

  2011-03-16 16:24 . 2011-03-16 16:24 7042560 —-a-w- c:\windows\system32\NlsLexicons081a.dll

  2011-03-16 16:24 . 2011-03-16 16:24 5071872 —-a-w- c:\windows\system32\NlsModels0011.dll

  2011-03-16 16:24 . 2011-03-16 16:24 3104768 —-a-w- c:\windows\system32\NlsData0046.dll

  2011-03-16 16:24 . 2011-03-16 16:24 3104768 —-a-w- c:\windows\system32\NlsData0045.dll

  2011-03-16 16:24 . 2011-03-16 16:24 3104768 —-a-w- c:\windows\system32\NlsData0047.dll

  2011-03-16 16:24 . 2011-03-16 16:24 3104768 —-a-w- c:\windows\system32\NlsData0049.dll

  2011-03-16 16:24 . 2011-03-16 16:24 3104768 —-a-w- c:\windows\system32\NlsData0039.dll

  2011-03-16 16:24 . 2011-03-16 16:24 3104768 —-a-w- c:\windows\system32\NlsData0020.dll

  2011-03-16 16:24 . 2011-03-16 16:24 1801216 —-a-w- c:\windows\system32\NlsData0021.dll

  2011-03-16 16:24 . 2011-03-16 16:24 4495360 —-a-w- c:\windows\system32\NlsData0010.dll

  2011-03-16 16:24 . 2011-03-16 16:24 1966592 —-a-w- c:\windows\system32\NlsData0027.dll

  2011-03-16 16:24 . 2011-03-16 16:24 1965056 —-a-w- c:\windows\system32\NlsData0026.dll

  2011-03-16 16:24 . 2011-03-16 16:24 1965056 —-a-w- c:\windows\system32\NlsData0024.dll

  2011-03-16 16:24 . 2011-03-16 16:24 1801216 —-a-w- c:\windows\system32\NlsData0022.dll

  2011-03-16 16:24 . 2011-03-16 16:24 3466752 —-a-w- c:\windows\system32\NlsData0013.dll

  2011-03-16 16:24 . 2011-03-16 16:24 2657280 —-a-w- c:\windows\system32\NlsData0011.dll

  2011-03-16 16:24 . 2011-03-16 16:24 1965056 —-a-w- c:\windows\system32\NlsData0018.dll

  2011-03-16 16:24 . 2011-03-16 16:24 1523712 —-a-w- c:\windows\system32\NlsData0000.dll

  2011-03-16 16:24 . 2011-03-16 16:24 4497408 —-a-w- c:\windows\system32\NlsData0019.dll

  2011-03-16 16:24 . 2011-03-16 16:24 2599936 —-a-w- c:\windows\system32\NlsData0001.dll

  2011-03-16 16:24 . 2011-03-16 16:24 1965056 —-a-w- c:\windows\system32\NlsData0003.dll

  2011-03-16 16:24 . 2011-03-16 16:24 1965056 —-a-w- c:\windows\system32\NlsData0002.dll

  2011-03-16 16:24 . 2011-03-16 16:24 2243072 —-a-w- c:\windows\system32\NlsData0007.dll

  2011-03-16 16:24 . 2011-03-16 16:24 4875776 —-a-w- c:\windows\system32\NlsData0009.dll

  2011-03-16 16:24 . 2011-03-16 16:24 3104768 —-a-w- c:\windows\system32\NlsData004a.dll

  .

  .

  ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

  .

  .

  *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

  REGEDIT4

  .

  “Sidebar”=“c:\program files\Windows Sidebar\sidebar.exe”

  “msnmsgr”=“c:\program files\Windows Live\Messenger\msnmsgr.exe”

  “WMPNSCFG”=“c:\program files\Windows Media Player\WMPNSCFG.exe”

  “SpywareTerminatorUpdate”=“c:\program files\Spyware Terminator\SpywareTerminatorUpdate.exe”

  .

  “IgfxTray”=“c:\windows\system32\igfxtray.exe”

  “HotKeysCmds”=“c:\windows\system32\hkcmd.exe”

  “Persistence”=“c:\windows\system32\igfxpers.exe”

  “RtHDVCpl”=“c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe”

  “Trend Micro Titanium”=“c:\program files\Trend Micro\Titanium\UIFramework\uiWinMgr.exe”

  “Trend Micro Client Framework”=“c:\program files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe”

  “Adobe Reader Speed Launcher”=“c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe”

  “Adobe ARM”=“c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe”

  “SpywareTerminator”=“c:\program files\Spyware Terminator\SpywareTerminatorShield.exe”

  .

  c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

  Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

  .

  “EnableUIADesktopToggle”= 0 (0x0)

  “EnableLinkedConnections”= 1 (0x1)

  .

  “aux”=wdmaud.drv

  .

  BootExecute REG_MULTI_SZ autocheck autochk *\0sdnclean.exe

  .

  2011-03-17 17:08 1007608 —-a-w- c:\program files\DVDFab Passkey\DVDFabPasskey.exe

  .

  2010-11-10 00:54 4240760 —-a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe

  .

  2010-02-22 15:17 1226024 —-a-w- c:\program files\Nero\Nero 10\Nero BackItUp\NBAgent.exe

  .

  2010-10-29 13:49 249064 —-a-w- c:\program files\Common Files\Java\Java Update\jusched.exe

  .

  “AntiVirusOverride”=dword:00000001

  .

  R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

  R3 hitmanpro3;Hitman Pro 3 Support Driver;c:\windows\system32\drivers\hitmanpro3.sys

  R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys

  R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe

  S1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys

  S2 Amsp;Trend Micro Solution Platform;c:\program files\Trend Micro\AMSP\coreServiceShell.exe coreFrameworkHost.exe

  S2 NAUpdate;Nero Update;c:\program files\Nero\Update\NASvc.exe

  S2 tmevtmgr;tmevtmgr;c:\windows\system32\DRIVERS\tmevtmgr.sys

  S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\b57nd60x.sys

  S3 dvdfab;dvdfab;c:\windows\system32\drivers\dvdfab.sys

  .

  .

  LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc

  LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache

  .

  .

  ——- Bijkomende Scan ——-

  .

  TCP: DhcpNameServer = 192.168.2.254

  .

  .

  **************************************************************************

  .

  catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

  Rootkit scan 2011-05-28 15:50

  Windows 6.0.6002 Service Pack 2 NTFS

  .

  scannen van verborgen processen …

  .

  scannen van verborgen autostart items …

  .

  scannen van verborgen bestanden …

  .

  Scan succesvol afgerond

  verborgen bestanden: 0

  .

  **************************************************************************

  .

  ——————— VERGRENDELDE REGISTER SLEUTELS ———————

  .

  @Denied: (A) (Users)

  @Denied: (A) (Everyone)

  @Allowed: (B 1 2 3 4 5) (S-1-5-20)

  “BlindDial”=dword:00000000

  .

  Voltooingstijd: 2011-05-28 15:56:38

  ComboFix-quarantined-files.txt 2011-05-28 13:56

  .

  Pre-Run: 14.118.715.392 bytes beschikbaar

  Post-Run: 13.212.450.816 bytes beschikbaar

  .

  - - End Of File - - 626965B66C59AE98F974B1A24C2E553F

  hijjack this log:

  Logfile of Trend Micro HijackThis v2.0.4

  Scan saved at 16:05:45, on 28-5-2011

  Platform: Windows Vista SP2 (WinNT 6.00.1906)

  MSIE: Internet Explorer v9.00 (9.00.8112.16421)

  Boot mode: Normal

  Running processes:

  C:\Windows\system32\Dwm.exe

  C:\Windows\system32\taskeng.exe

  C:\Program Files\Windows Defender\MSASCui.exe

  C:\Windows\System32\igfxtray.exe

  C:\Windows\System32\hkcmd.exe

  C:\Windows\System32\igfxpers.exe

  C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe

  C:\Program Files\Windows Sidebar\sidebar.exe

  C:\Program Files\Windows Media Player\wmpnscfg.exe

  C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe

  C:\Windows\system32\igfxsrvc.exe

  C:\Program Files\Windows Sidebar\sidebar.exe

  C:\Program Files\Trend Micro\UniClient\UiFrmWrk\uiSeAgnt.exe

  C:\Windows\Explorer.exe

  C:\Program Files\Internet Explorer\iexplore.exe

  C:\Program Files\Internet Explorer\iexplore.exe

  C:\Windows\system32\Macromed\Flash\FlashUtil10q_ActiveX.exe

  C:\Program Files\Internet Explorer\iexplore.exe

  C:\Program Files\Internet Explorer\iexplore.exe

  C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

  C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe

  C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe

  C:\Windows\system32\DllHost.exe

  R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.nl.msn.com/

  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

  R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

  R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

  O1 - Hosts: ::1 localhost

  O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

  O2 - BHO: Trend Micro NSC BHO - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1464\6.6.1079\TmIEPlg.dll

  O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

  O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion\companioncore.dll

  O2 - BHO: TmBpIeBHO - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\Module\20002\6.5.1234\6.5.1234\TmBpIe32.dll

  O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

  O4 - HKLM\..\Run: C:\Windows\system32\igfxtray.exe

  O4 - HKLM\..\Run: C:\Windows\system32\hkcmd.exe

  O4 - HKLM\..\Run: C:\Windows\system32\igfxpers.exe

  O4 - HKLM\..\Run: C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s

  O4 - HKLM\..\Run: “C:\Program Files\Trend Micro\Titanium\UIFramework\uiWinMgr.exe” -set Silent “1” SplashURL “”

  O4 - HKLM\..\Run: “C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe”

  O4 - HKLM\..\Run: “C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe”

  O4 - HKLM\..\Run: “C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe”

  O4 - HKLM\..\Run: “C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe”

  O4 - HKCU\..\Run: C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

  O4 - HKCU\..\Run: “C:\Program Files\Windows Live\Messenger\msnmsgr.exe” /background

  O4 - HKCU\..\Run: C:\Program Files\Windows Media Player\WMPNSCFG.exe

  O4 - HKCU\..\Run: “C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe”

  O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

  O9 - Extra button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files\Windows Live\Companion\companioncore.dll

  O11 - Options group: Accelerated graphics

  O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos-beta/OnlineScanner.cab

  O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab

  O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

  O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

  O18 - Protocol: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\Module\20002\6.5.1234\6.5.1234\TmBpIe32.dll

  O18 - Protocol: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1464\6.6.1079\TmIEPlg.dll

  O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

  O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll

  O23 - Service: Trend Micro Solution Platform (Amsp) - Trend Micro Inc. - C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe

  O23 - Service: @C:\Program Files\Nero\Update\NASvc.exe,-200 (NAUpdate) - Nero AG - C:\Program Files\Nero\Update\NASvc.exe

  O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe

  –

  End of file - 5846 bytes

  Rapporteren
• 

  Ben

  28-05-2011 21:03

  Hallo Henk,

  De logjes zien er nu goed uit (tu)

  Verwijder Combofix: Start -> Uitvoeren en typ: combofix /u

  Dit zal Combofix verwijderen

  Hoe staat het nu met je pc problemen ??

  Heb je de stappen nog uit gevoerd die fazantje aan gaf (en zo ja wat is daar de uitslag van)

  http://antivirus.startpagina.nl/prikbord/14066010/14074924/re-help-mijn-pc-is-gekraakt#msg-14074924

  http://2.bp.blogspot.com/_NAn8-ZItaHE/Scq3w6FaicI/AAAAAAAACVY/QqPkGy7EU7U/s320/school69.gif

  Ben

  Rapporteren
• 

  Henk

  31-05-2011 10:16

  de pc reageerd nu wel weer normaal en is ook wel weer snel maar als ik de pc laat scannen met spyware terminator dan vindt ie in een aantal bestanden een virus

  Generic FF-1 wscript.exe

  Generic FF-1 drivers\USBCAMD.sys

  Generic FF-1 drivers\USBCAMD2.sys

  als ik in de veilige modus scan geeft ie ze niet aan en ook via Jotti's filescanner zijn ze aangegeven als veilig??

  toch vertrouw ik het niet helemaal..

  Rapporteren
• 

  Ben

  31-05-2011 10:30

  hallo Henk,

  Spyware terminater staat niet zo goed aangescheven als betrouwbaar!!

  Lees dit maar eens door;

  http://sites.google.com/site/philipberthels/anti-spyware-let-op-lees-dit

  En beslis daarna of je hem aanhoud.

  Beters kun je MBAM en Spyware Blaster nemen.

  MBAM 1x in de week updaten en laten scannen (snelle scan, ongeveer 5 minuutjes)

  Spyware blaster alleen 1x in de week updaten.

  na update klik op enable all protection

  En hoe staat het met je hotmail(probleem)

  http://2.bp.blogspot.com/_NAn8-ZItaHE/Scq3w6FaicI/AAAAAAAACVY/QqPkGy7EU7U/s320/school69.gif

  Ben

  Rapporteren
• 

  Henk

  31-05-2011 20:32

  mijn hotmail kan ik niet met de informatie die ik hun kan geven terug krijgen dus denk dat ik die maar als opgegeven moet gaan beschouwen.

  verder heb ik spyware terminator verwijderd.

  toch vertrouw ik het niet helemaal nog

  is er geen manier om het register te controleren op aanwezige sleutels die er niet in thuis horen?

  Rapporteren