Hallo,

Zou iemand naar mijn HijackThis-log en MBAM kunnen kijken aub?

Alvast bedankt voor de genomen moeite!

Greetz:)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:18:48, on 11-9-2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\stsystra.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\Program Files\D-Link\D-Link Wireless N DWA-140\AirNCFG.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Orbitdownloader\orbitdm.exe
C:\Program Files\Orbitdownloader\orbitnet.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Windows NT\Bureau-accessoires\WORDPAD.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O2 - BHO: Octh Class - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users.WINDOWS\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrow serrecordplugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKLM\..\Run: [D-Link D-Link Wireless N DWA-140] C:\Program Files\D-Link\D-Link Wireless N DWA-140\AirNCFG.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Orbit.lnk = C:\Program Files\Orbitdownloader\orbitdm.exe
O9 - Extra button: In weblog opnemen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &In weblog opnemen met Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Bodog Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - C:\Program Files\Bodog Poker\BPGame.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://software.kuaiche.com
O16 - DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Wireless Service - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: Mobiel Apple apparaat (Apple Mobile Device) - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: dlcc_device - Unknown owner - C:\WINDOWS\system32\dlcccoms.exe
O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies, Inc. - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
--
End of file - 7873 bytes


Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org (http://www.malwarebytes.org)
Databaseversie: 4571
Windows 5.1.2600 Service Pack 2
Internet Explorer 6.0.2900.2180
8-9-2010 21:05:39
mbam-log-2010-09-08 (21-05-39).txt
Scantype: Volledige scan (C:\|)
Objecten gescand: 427454
Verstreken tijd: 2 uur/uren, 42 minuut/minuten, 28 seconde(n)
Geheugenprocessen geïnfecteerd: 0
Geheugenmodulen geïnfecteerd: 0
Registersleutels geïnfecteerd: 0
Registerwaarden geïnfecteerd: 0
Registerdata geïnfecteerd: 0
Mappen geïnfecteerd: 0
Bestanden geïnfecteerd: 0
Geheugenprocessen geïnfecteerd:
(Geen kwaadaardige objecten gedetecteerd)
Geheugenmodulen geïnfecteerd:
(Geen kwaadaardige objecten gedetecteerd)
Registersleutels geïnfecteerd:
(Geen kwaadaardige objecten gedetecteerd)
Registerwaarden geïnfecteerd:
(Geen kwaadaardige objecten gedetecteerd)
Registerdata geïnfecteerd:
(Geen kwaadaardige objecten gedetecteerd)
Mappen geïnfecteerd:
(Geen kwaadaardige objecten gedetecteerd)
Bestanden geïnfecteerd:
(Geen kwaadaardige objecten gedetecteerd)

Hallo,

Download Combofix (http://download.bleepingcomputer.com/sUBs/ComboFix.exe) naar je Bureaublad en gebruik het volgens deze handleiding (http://www.bleepingcomputer.com/combofix/nl/hoe-dient-combofix-gebruikt-te-worden).

OPMERKING: indien je, tijdens of na het downloaden van Combofix of tijdens het gebruik van Combofix een melding krijgt van je Antivirus- of een andere realtime scanner, schakel dan deze scanner uit en download Combofix opnieuw.
Sommige scanners zien bepaalde componenten die Combofix gebruikt als verdacht en gaan deze blokkeren of verwijderen!

Dubbelklik op Combofix.exe om het te starten.
Indien je Combofix al eerder hebt gebruikt, kan je een waarschuwing krijgen dat een update beschikbaar is. Sta toe dat ComboFix wordt geupdate.
Klik op OK in het "NirCmd" venstertje.
Klik na afloop terug op Ja om het scannen op malware te starten.
Tijdens het runnen van de fix, NIET in het venster klikken, want dit zal je pc doen vasthangen.
Wanneer de fix voltooid is en na herstart, zal de log Combofix.txt openen.

Post dit logje in je volgende antwoord.

Ga naar start>configuratiescherm>software of programma's en onderdelen en verwijder daar de huidige (oude) versie van HijackThis.

Download HijackThis Install (http://go.trendmicro.com/free-tools/hijackthis/HiJackThis.msi) naar je bureaublad.
Dubbelklik op HijackThisInstaller.exe om de installatie te starten.

Dubbelklik op het programma HijackThis en klik op de optie "Main Menu", en kies voor Do a system scan and save a logfile. Plaats vervolgens de inhoud van het log dat verschijnt in je volgende post.

Let op!!! Windows Vista & 7 gebruikers dienen HijackThis als administrator uit te voeren "Rechtermuisknop uitvoeren als", indien dit via de snelkoppeling niet lukt voert u HijackThis als administrator uit in de volgende directory (C:\Program Files\Trend Micro\HiJackThis)

Woudje100

Hallo, ten eerste srry voor late reactie. Was plots een paar dagen naar kennissen geweest ;)
Maar heb het inmiddels uitgevoerd en hierbij de logs:

ComboFix 10-09-14.05 - Ming Khe 15-09-2010 19:08:54.2.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.31.1043.18.1022.569 [GMT 2:00]
Gestart vanuit: c:\documents and settings\Ming Khe\Bureaublad\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: Sygate Personal Firewall *enabled* {BE898FE3-CD0B-4014-85A9-03DB9923DDB6}
.
(((((((((((((((((((( Bestanden Gemaakt van 2010-08-15 to 2010-09-15 ))))))))))))))))))))))))))))))
.
2010-08-21 16:09 . 2010-08-21 16:09 -------- d-----w- c:\program files\Trend Micro
2010-08-20 14:53 . 2009-06-30 07:37 28552 ----a-w- c:\windows\system32\drivers\pavboot.sys
2010-08-20 14:52 . 2010-08-20 14:52 -------- d-----w- c:\program files\Panda Security
2010-08-19 15:21 . 2010-09-07 16:07 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy
2010-08-19 15:21 . 2010-08-19 15:26 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-08-18 19:34 . 2010-09-06 19:39 63488 ----a-w- c:\documents and settings\Ming Khe\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\ SD10006.dll
2010-08-18 19:34 . 2010-08-18 19:34 52224 ----a-w- c:\documents and settings\Ming Khe\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\ SD10005.dll
2010-08-18 19:34 . 2010-09-06 19:39 117760 ----a-w- c:\documents and settings\Ming Khe\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\ UIREPAIR.DLL
2010-08-18 19:33 . 2010-08-18 19:33 -------- d-----w- c:\documents and settings\Ming Khe\Application Data\SUPERAntiSpyware.com
2010-08-18 19:33 . 2010-08-18 19:33 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\SUPERAntiSpyware.com
2010-08-18 19:33 . 2010-08-18 19:33 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-08-18 19:17 . 2010-08-18 19:17 -------- d-----w- c:\program files\CCleaner
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2010-09-15 17:02 . 2007-10-13 00:37 -------- d-----w- c:\documents and settings\Ming Khe\Application Data\Orbit
2010-09-06 12:29 . 2005-09-28 17:36 -------- d-----w- c:\documents and settings\KK.MKL-86F46318184\Application Data\Orbit
2010-09-02 14:48 . 2008-06-19 14:15 -------- d-----w- c:\program files\FlashGet
2010-09-02 13:45 . 2010-09-02 13:45 -------- d-----w- c:\program files\Smallvideosoft
2010-09-01 15:45 . 2007-09-04 17:07 -------- d-----w- c:\program files\World of Warcraft
2010-08-18 21:02 . 2009-10-17 15:28 -------- d-----w- c:\documents and settings\Ming Khe\Application Data\FlashgetSetup
2010-08-12 15:59 . 2009-10-18 00:17 -------- d-----w- c:\program files\pipi
2010-08-06 12:58 . 2008-11-14 18:07 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\avg8
2010-07-31 10:52 . 2009-10-19 09:29 -------- d-----w- c:\program files\Microsoft Silverlight
2007-12-14 02:21 . 2007-12-14 02:21 2788214 ----a-w- c:\program files\klitekpp243n.exe
2007-12-14 02:04 . 2007-12-14 02:04 669799 ----a-w- c:\program files\voxware_audio.zip
2009-09-26 01:12 . 2005-09-28 18:08 67696 ----a-w- c:\program files\mozilla firefox\components\jar50.dll
2009-09-26 01:12 . 2005-09-28 18:08 54376 ----a-w- c:\program files\mozilla firefox\components\jsd3250.dll
2009-09-26 01:12 . 2005-09-28 18:08 34952 ----a-w- c:\program files\mozilla firefox\components\myspell.dll
2009-09-26 01:12 . 2005-09-28 18:08 46720 ----a-w- c:\program files\mozilla firefox\components\spellchk.dll
2009-09-26 01:12 . 2005-09-28 18:08 172144 ----a-w- c:\program files\mozilla firefox\components\xpinstal.dll
.
------- Sigcheck -------
[7] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
[7] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3GDR\tcpip.sys
[7] 2008-06-20 . 2A5554FC5B1E04E131230E3CE035C3F9 . 360320 . . [5.1.2600.3394] . . c:\windows\system32\dllcache\tcpip.sys
[-] 2008-06-20 . 01D5EAAFF224415A7FF513E4C882BE30 . 360320 . . [5.1.2600.3394] . . c:\windows\system32\drivers\tcpip.sys
[7] 2008-06-20 . 744E57C99232201AE98C49168B918F48 . 360960 . . [5.1.2600.3394] . . c:\windows\$hf_mig$\KB951748\SP2QFE\tcpip.sys
[-] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\822ceb233 1d0360bde8948c432c9beec\tcpip.sys
[7] 2007-10-30 . 90CAFF4B094573449A0872A0F919B178 . 360064 . . [5.1.2600.3244] . . c:\windows\$NtUninstallKB951748$\tcpip.sys
[7] 2007-10-30 . 64798ECFA43D78C7178375FCDD16D8C8 . 360832 . . [5.1.2600.3244] . . c:\windows\$hf_mig$\KB941644\SP2QFE\tcpip.sys
[7] 2006-04-20 . B2220C618B42A2212A59D91EBD6FC4B4 . 360576 . . [5.1.2600.2892] . . c:\windows\$hf_mig$\KB917953\SP2QFE\tcpip.sys
[7] 2006-04-20 . 1DBF125862891817F374F407626967F4 . 359808 . . [5.1.2600.2892] . . c:\windows\$NtUninstallKB941644$\tcpip.sys
[7] 2004-08-04 . 9F4B36614A0FC234525BA224957DE55C . 359040 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB917953$\tcpip.sys
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))) )
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-11-25 1230080]
[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2009-11-25 12:01 1230080 ----a-w- c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-11-25 1230080]
[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-11-25 1230080]
[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-07-19 2403568]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-04-14 344064]
"SigmatelSysTrayApp"="stsystra.exe" [2005-03-22 339968]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]
"SmcService"="c:\progra~1\Sygate\SPF\smc.exe" [2004-10-15 2577632]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2010-07-08 2048352]
"ANIWZCS2Service"="c:\program files\ANI\ANIWZCS2 Service\WZCSLDR2.exe" [2007-01-19 49152]
"D-Link D-Link Wireless N DWA-140"="c:\program files\D-Link\D-Link Wireless N DWA-140\AirNCFG.exe" [2007-03-14 1388544]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-05-26 413696]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-06-03 202256]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]
c:\documents and settings\All Users.WINDOWS\Menu Start\Programma's\Opstarten\
Orbit.lnk - c:\program files\Orbitdownloader\orbitdm.exe [2008-6-19 1690824]
[hkey_local_machine\software\microsoft\windows\curr entversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-08-28 15:18 11952 ----a-w- c:\windows\system32\avgrsstx.dll
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\BitTorrent_DNA\\dna.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\FlashGet\\FlashGet.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Downloads\\flashget_17978_1.exe"=
"$INSTDIR\\FlvDetector.exe"= c:\\Program Files\\FlashGet Network\\FlashGet 3\\FlvDetector.exe
"c:\\Program Files\\pipi\\jfCacheMgr.exe"=
"c:\\Program Files\\pipi\\PIPIPlayer.exe"=
"c:\\Program Files\\pipi\\KmLiveUpdate.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Documents and Settings\\Ming Khe\\Application Data\\FlashgetSetup\\fgmini.exe"=
R0 pavboot;pavboot;c:\windows\system32\drivers\pavboo t.sys [20-8-2010 16:53 28552]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [14-11-2008 20:08 335240]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [14-11-2008 20:08 108552]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [17-2-2010 20:25 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [10-5-2010 20:41 67656]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [14-11-2008 20:07 908056]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [14-11-2008 20:07 297752]
S2 gupdate;Google Updateservice (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [3-6-2010 14:15 136176]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [22-5-2008 1:57 34576]
S4 3D513C92;3D513C92;c:\windows\system32\F3C4B1DD.EXE -k --> c:\windows\system32\F3C4B1DD.EXE -k [?]
.
Inhoud van de 'Gedeelde Taken' map
2010-09-06 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]
2010-09-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-06-03 12:15]
2010-09-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-06-03 12:15]
2010-09-15 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1935655697-299502267-725345543-1005.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-24 20:09]
2010-09-15 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1935655697-299502267-725345543-1006.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-24 20:09]
2010-09-06 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1935655697-299502267-725345543-1005.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-24 20:09]
2010-09-15 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1935655697-299502267-725345543-1006.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-24 20:09]
.
.
------- Bijkomende Scan -------
.
uStart Page = hxxp://www.google.nl/
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: ????3?? - c:\documents and settings\Ming Khe\Application Data\FlashGetBHO\GetUrl.htm
IE: ????3?????? - c:\documents and settings\Ming Khe\Application Data\FlashGetBHO\GetAllUrl.htm
Trusted Zone: kuaiche.com\software
FF - ProfilePath - c:\documents and settings\Ming Khe\Application Data\Mozilla\Firefox\Profiles\s6ontgwv.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo! Search
FF - component: c:\documents and settings\All Users.WINDOWS\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\E xt\components\nprpffbrowserrecordext.dll
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\compone nts\IGeared_tavgp_xputils2.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\compone nts\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\compone nts\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\compone nts\xpavgtbapi.dll
FF - component: c:\program files\Mozilla Firefox\components\xpinstal.dll
FF - component: c:\program files\Mozilla Firefox\extensions\{DB9127A2-3381-41ec-82B3-1B6ED4C6F29A}\components\FlashgetXpi.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
************************************************** ************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-09-15 19:18
Windows 5.1.2600 Service Pack 2 NTFS
scannen van verborgen processen ...
scannen van verborgen autostart items ...
scannen van verborgen bestanden ...
Scan succesvol afgerond
verborgen bestanden: 0
************************************************** ************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\v sdatant]
"ImagePath"=""
.
--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------
[HKEY_USERS\S-1-5-21-1935655697-299502267-725345543-1006\Software\Microsoft\Internet Explorer\MenuExt\O(uë_f3*N}]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
@="c:\\Documents and Settings\\Ming Khe\\Application Data\\FlashGetBHO\\GetUrl.htm"
"contexts"=dword:00000022
[HKEY_USERS\S-1-5-21-1935655697-299502267-725345543-1006\Software\Microsoft\Internet Explorer\MenuExt\O(uë_f3*N}hQèþ”¥c]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
@="c:\\Documents and Settings\\Ming Khe\\Application Data\\FlashGetBHO\\GetAllUrl.htm"
"contexts"=dword:000000f3
.
--------------------- DLLs Geladen Onder Lopende Processen ---------------------
- - - - - - - > 'winlogon.exe'(852)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
- - - - - - - > 'explorer.exe'(2948)
c:\windows\system32\SSSensor.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Voltooingstijd: 2010-09-15 19:22:27
ComboFix-quarantined-files.txt 2010-09-15 17:22
ComboFix2.txt 2010-08-22 15:34
Pre-Run: 77.446.348.800 bytes beschikbaar
Post-Run: 79.005.401.088 bytes beschikbaar
- - End Of File - - 2D21D4C4968D89E113906BF9072C8A51


Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 20:37:55, on 15-9-2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\Program Files\D-Link\D-Link Wireless N DWA-140\AirNCFG.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Trend Micro\HijackThis\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O2 - BHO: Octh Class - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users.WINDOWS\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrow serrecordplugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKLM\..\Run: [D-Link D-Link Wireless N DWA-140] C:\Program Files\D-Link\D-Link Wireless N DWA-140\AirNCFG.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Orbit.lnk = C:\Program Files\Orbitdownloader\orbitdm.exe
O9 - Extra button: In weblog opnemen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &In weblog opnemen met Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Bodog Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - C:\Program Files\Bodog Poker\BPGame.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://software.kuaiche.com
O16 - DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O20 - Winlogon Notify: avgrsstarter - avgrsstx.dll (file missing)
O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Wireless Service - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: Mobiel Apple apparaat (Apple Mobile Device) - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: dlcc_device - Unknown owner - C:\WINDOWS\system32\dlcccoms.exe
O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies, Inc. - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
--
End of file - 7807 bytes

Hallo,

Start HijackThis op. Klik op "Do a system scan only". Selecteer, indien aanwezig, het volgende:

O9 - Extra button: Bodog Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - C:\Program Files\Bodog Poker\BPGame.exe (file missing)
O20 - Winlogon Notify: avgrsstarter - avgrsstx.dll (file missing)


Klik op "Fix checked" en sluit HijackThis

Let op!!! Windows Vista & 7 gebruikers dienen HijackThis als administrator uit te voeren "Rechtermuisknop uitvoeren als", indien dit via de snelkoppeling niet lukt voert u HijackThis als administrator uit in de volgende directory (C:\Program Files\Trend Micro\HiJackThis)

Open Kladblok, kopiëer en plak het volgende (vetgedrukte, blauwe tekst) in een leeg venster:

File::
c:\windows\system32\F3C4B1DD.EXE

Driver::
3D513C92



Sla dit op op je Bureaublad als CFScript.txt

Sleep CFScript.txt in ComboFix.exe zoals getoond in onderstaand voorbeeld :

http://img517.imageshack.us/img517/8662/cfscript10uc2.gif

Dit zal ComboFix doen herstarten.
Start opnieuw op als daarom gevraagd wordt,
en post de inhoud van de Combofix.txt in je volgende antwoord samen met een nieuw HijackThislogje.

Woudje100

Hallo,

De stappen uitgevoerd en hierbij de logs:

ComboFix 10-09-14.05 - Ming Khe 19-09-2010 18:29:37.3.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.31.1043.18.1022.533 [GMT 2:00]
Gestart vanuit: c:\documents and settings\Ming Khe\Bureaublad\ComboFix.exe
gebruikte Opdracht switches :: c:\documents and settings\Ming Khe\Bureaublad\CFScript.txt
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: Sygate Personal Firewall *enabled* {BE898FE3-CD0B-4014-85A9-03DB9923DDB6}
* Nieuw herstelpunt werd aangemaakt
FILE ::
"c:\windows\system32\F3C4B1DD.EXE"
.
(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_3D513C92
-------\Service_3D513C92

(((((((((((((((((((( Bestanden Gemaakt van 2010-08-19 to 2010-09-19 ))))))))))))))))))))))))))))))
.
2010-09-06 19:36 . 2010-09-19 16:26 -------- d--h--r- c:\documents and settings\Ming Khe\Onlangs geopend
2010-09-02 13:45 . 2010-09-02 13:56 -------- d-----w- C:\Mp3 Output
2010-09-02 13:45 . 2010-09-02 13:45 -------- d-----w- c:\program files\Smallvideosoft
2010-09-02 13:45 . 2009-06-08 13:33 8676883 ----a-w- c:\windows\system32\mp3Media2.dll
2010-08-21 16:09 . 2010-08-21 16:09 -------- d-----w- c:\program files\Trend Micro
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2010-09-19 16:43 . 2007-10-13 00:37 -------- d-----w- c:\documents and settings\Ming Khe\Application Data\Orbit
2010-09-16 15:40 . 2007-09-04 17:07 -------- d-----w- c:\program files\World of Warcraft
2010-09-15 18:37 . 2010-09-15 18:37 388096 ----a-r- c:\documents and settings\Ming Khe\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-09-07 16:07 . 2010-08-19 15:21 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy
2010-09-06 19:39 . 2010-08-18 19:34 63488 ----a-w- c:\documents and settings\Ming Khe\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\ SD10006.dll
2010-09-06 19:39 . 2010-08-18 19:34 117760 ----a-w- c:\documents and settings\Ming Khe\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\ UIREPAIR.DLL
2010-09-06 12:29 . 2005-09-28 17:36 -------- d-----w- c:\documents and settings\KK.MKL-86F46318184\Application Data\Orbit
2010-09-02 14:48 . 2008-06-19 14:15 -------- d-----w- c:\program files\FlashGet
2010-08-20 14:52 . 2010-08-20 14:52 -------- d-----w- c:\program files\Panda Security
2010-08-19 15:26 . 2010-08-19 15:21 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-08-18 21:02 . 2009-10-17 15:28 -------- d-----w- c:\documents and settings\Ming Khe\Application Data\FlashgetSetup
2010-08-18 19:34 . 2010-08-18 19:34 52224 ----a-w- c:\documents and settings\Ming Khe\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\ SD10005.dll
2010-08-18 19:33 . 2010-08-18 19:33 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-08-18 19:33 . 2010-08-18 19:33 -------- d-----w- c:\documents and settings\Ming Khe\Application Data\SUPERAntiSpyware.com
2010-08-18 19:33 . 2010-08-18 19:33 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\SUPERAntiSpyware.com
2010-08-18 19:17 . 2010-08-18 19:17 -------- d-----w- c:\program files\CCleaner
2010-08-12 15:59 . 2009-10-18 00:17 -------- d-----w- c:\program files\pipi
2010-08-06 12:58 . 2008-11-14 18:07 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\avg8
2010-07-31 10:52 . 2009-10-19 09:29 -------- d-----w- c:\program files\Microsoft Silverlight
2007-12-14 02:21 . 2007-12-14 02:21 2788214 ----a-w- c:\program files\klitekpp243n.exe
2007-12-14 02:04 . 2007-12-14 02:04 669799 ----a-w- c:\program files\voxware_audio.zip
2009-09-26 01:12 . 2005-09-28 18:08 67696 ----a-w- c:\program files\mozilla firefox\components\jar50.dll
2009-09-26 01:12 . 2005-09-28 18:08 54376 ----a-w- c:\program files\mozilla firefox\components\jsd3250.dll
2009-09-26 01:12 . 2005-09-28 18:08 34952 ----a-w- c:\program files\mozilla firefox\components\myspell.dll
2009-09-26 01:12 . 2005-09-28 18:08 46720 ----a-w- c:\program files\mozilla firefox\components\spellchk.dll
2009-09-26 01:12 . 2005-09-28 18:08 172144 ----a-w- c:\program files\mozilla firefox\components\xpinstal.dll
.
------- Sigcheck -------
[7] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
[7] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3GDR\tcpip.sys
[7] 2008-06-20 . 2A5554FC5B1E04E131230E3CE035C3F9 . 360320 . . [5.1.2600.3394] . . c:\windows\system32\dllcache\tcpip.sys
[-] 2008-06-20 . 01D5EAAFF224415A7FF513E4C882BE30 . 360320 . . [5.1.2600.3394] . . c:\windows\system32\drivers\tcpip.sys
[7] 2008-06-20 . 744E57C99232201AE98C49168B918F48 . 360960 . . [5.1.2600.3394] . . c:\windows\$hf_mig$\KB951748\SP2QFE\tcpip.sys
[-] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\822ceb233 1d0360bde8948c432c9beec\tcpip.sys
[7] 2007-10-30 . 90CAFF4B094573449A0872A0F919B178 . 360064 . . [5.1.2600.3244] . . c:\windows\$NtUninstallKB951748$\tcpip.sys
[7] 2007-10-30 . 64798ECFA43D78C7178375FCDD16D8C8 . 360832 . . [5.1.2600.3244] . . c:\windows\$hf_mig$\KB941644\SP2QFE\tcpip.sys
[7] 2006-04-20 . B2220C618B42A2212A59D91EBD6FC4B4 . 360576 . . [5.1.2600.2892] . . c:\windows\$hf_mig$\KB917953\SP2QFE\tcpip.sys
[7] 2006-04-20 . 1DBF125862891817F374F407626967F4 . 359808 . . [5.1.2600.2892] . . c:\windows\$NtUninstallKB941644$\tcpip.sys
[7] 2004-08-04 . 9F4B36614A0FC234525BA224957DE55C . 359040 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB917953$\tcpip.sys
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))) )
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-11-25 1230080]
[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2009-11-25 12:01 1230080 ----a-w- c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-11-25 1230080]
[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-11-25 1230080]
[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-07-19 2403568]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-04-14 344064]
"SigmatelSysTrayApp"="stsystra.exe" [2005-03-22 339968]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]
"SmcService"="c:\progra~1\Sygate\SPF\smc.exe" [2004-10-15 2577632]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2010-07-08 2048352]
"ANIWZCS2Service"="c:\program files\ANI\ANIWZCS2 Service\WZCSLDR2.exe" [2007-01-19 49152]
"D-Link D-Link Wireless N DWA-140"="c:\program files\D-Link\D-Link Wireless N DWA-140\AirNCFG.exe" [2007-03-14 1388544]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-05-26 413696]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-06-03 202256]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]
c:\documents and settings\All Users.WINDOWS\Menu Start\Programma's\Opstarten\
Orbit.lnk - c:\program files\Orbitdownloader\orbitdm.exe [2008-6-19 1690824]
[hkey_local_machine\software\microsoft\windows\curr entversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\BitTorrent_DNA\\dna.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\FlashGet\\FlashGet.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Downloads\\flashget_17978_1.exe"=
"$INSTDIR\\FlvDetector.exe"= c:\\Program Files\\FlashGet Network\\FlashGet 3\\FlvDetector.exe
"c:\\Program Files\\pipi\\jfCacheMgr.exe"=
"c:\\Program Files\\pipi\\PIPIPlayer.exe"=
"c:\\Program Files\\pipi\\KmLiveUpdate.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Documents and Settings\\Ming Khe\\Application Data\\FlashgetSetup\\fgmini.exe"=
R0 pavboot;pavboot;c:\windows\system32\drivers\pavboo t.sys [20-8-2010 16:53 28552]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [14-11-2008 20:08 335240]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [14-11-2008 20:08 108552]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [17-2-2010 20:25 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [10-5-2010 20:41 67656]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [14-11-2008 20:07 908056]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [14-11-2008 20:07 297752]
S2 gupdate;Google Updateservice (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [3-6-2010 14:15 136176]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [22-5-2008 1:57 34576]
.
Inhoud van de 'Gedeelde Taken' map
2010-09-06 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]
2010-09-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-06-03 12:15]
2010-09-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-06-03 12:15]
2010-09-19 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1935655697-299502267-725345543-1005.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-24 20:09]
2010-09-19 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1935655697-299502267-725345543-1006.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-24 20:09]
2010-09-06 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1935655697-299502267-725345543-1005.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-24 20:09]
2010-09-16 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1935655697-299502267-725345543-1006.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-24 20:09]
.
.
------- Bijkomende Scan -------
.
uStart Page = hxxp://www.google.nl/
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: ????3?? - c:\documents and settings\Ming Khe\Application Data\FlashGetBHO\GetUrl.htm
IE: ????3?????? - c:\documents and settings\Ming Khe\Application Data\FlashGetBHO\GetAllUrl.htm
Trusted Zone: kuaiche.com\software
FF - ProfilePath - c:\documents and settings\Ming Khe\Application Data\Mozilla\Firefox\Profiles\s6ontgwv.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo! Search
FF - component: c:\documents and settings\All Users.WINDOWS\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\E xt\components\nprpffbrowserrecordext.dll
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\compone nts\IGeared_tavgp_xputils2.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\compone nts\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\compone nts\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\compone nts\xpavgtbapi.dll
FF - component: c:\program files\Mozilla Firefox\components\xpinstal.dll
FF - component: c:\program files\Mozilla Firefox\extensions\{DB9127A2-3381-41ec-82B3-1B6ED4C6F29A}\components\FlashgetXpi.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
************************************************** ************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-09-19 18:42
Windows 5.1.2600 Service Pack 2 NTFS
scannen van verborgen processen ...
scannen van verborgen autostart items ...
scannen van verborgen bestanden ...
Scan succesvol afgerond
verborgen bestanden: 0
************************************************** ************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\v sdatant]
"ImagePath"=""
.
--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------
[HKEY_USERS\S-1-5-21-1935655697-299502267-725345543-1006\Software\Microsoft\Internet Explorer\MenuExt\O(uë_f3*N}]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
@="c:\\Documents and Settings\\Ming Khe\\Application Data\\FlashGetBHO\\GetUrl.htm"
"contexts"=dword:00000022
[HKEY_USERS\S-1-5-21-1935655697-299502267-725345543-1006\Software\Microsoft\Internet Explorer\MenuExt\O(uë_f3*N}hQèþ”¥c]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
@="c:\\Documents and Settings\\Ming Khe\\Application Data\\FlashGetBHO\\GetAllUrl.htm"
"contexts"=dword:000000f3
.
--------------------- DLLs Geladen Onder Lopende Processen ---------------------
- - - - - - - > 'winlogon.exe'(860)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
- - - - - - - > 'explorer.exe'(3244)
c:\windows\system32\SSSensor.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Andere Aktieve Processen ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\program files\Sygate\SPF\smc.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\progra~1\AVG\AVG8\avgrsx.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
c:\program files\AVG\AVG8\avgcsrvx.exe
c:\windows\system32\wscntfy.exe
c:\windows\stsystra.exe
c:\program files\Orbitdownloader\orbitnet.exe
.
************************************************** ************************
.
Voltooingstijd: 2010-09-19 18:51:05 - machine werd herstart
ComboFix-quarantined-files.txt 2010-09-19 16:51
ComboFix2.txt 2010-09-15 17:22
ComboFix3.txt 2010-08-22 15:34
Pre-Run: 78.676.770.816 bytes beschikbaar
Post-Run: 78.775.726.080 bytes beschikbaar
- - End Of File - - 54693CB705B94167DD8BB4EE421BF9CD

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 18:53:43, on 19-9-2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\Program Files\D-Link\D-Link Wireless N DWA-140\AirNCFG.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Orbitdownloader\orbitdm.exe
C:\Program Files\Orbitdownloader\orbitnet.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O2 - BHO: Octh Class - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users.WINDOWS\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrow serrecordplugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKLM\..\Run: [D-Link D-Link Wireless N DWA-140] C:\Program Files\D-Link\D-Link Wireless N DWA-140\AirNCFG.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Orbit.lnk = C:\Program Files\Orbitdownloader\orbitdm.exe
O9 - Extra button: In weblog opnemen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &In weblog opnemen met Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://software.kuaiche.com
O16 - DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Wireless Service - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: Mobiel Apple apparaat (Apple Mobile Device) - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: dlcc_device - Unknown owner - C:\WINDOWS\system32\dlcccoms.exe
O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies, Inc. - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
--
End of file - 7664 bytes

Ondervind je nog problemen?

Woudje100

sorry, maar wat bedoel je daarmee?

greetz

Zoals ik het zeg ;)

Loopt je computer weer goed?

Woudje100

Ahzo :)
Pc loopt prima, alleen zo nu en dan wel eens dat de pc ergens blijft hangen (hoor de ratel/tik geluiden van pc).
En gisteravond had ik een paar keer dat ik niet op internet kon komen. Kreeg de melding dat ik geen verbinding had met een server(?). Na herstarten pc kreeg ik de melding niet meer :)

Het is zo dat mijn account van een online game is geblokkeerd omdat ik waarschijnlijk trojan/virus/keylogger op mijn pc heb. Op aanraden van een game-master ben ik hier om dat te controleren en verwijderen.
Ik weet niet of mijn pc nu "clean" is zodat ik mijn account van online game weer kan laten activeren.

Greetz

Scan voor de zekerheid nog even met Bitdefender:

Open a.u.b. Internet Explorer.
Ga nu naar deze site: http://www.bitdefender.com/scanner/online/free.html

Klik onderaan de pagina op "Analyseren"
Klik op de groene knop met "Start scanner"
Er verschijnt nu een klein venstertje, vink "I agree with the Terms and Conditions" aan en klik op "Start here"
Je gaat nu een melding krijgen dat Bitdefender een invoegtoepassing wil installeren. Klik hier op en kies voor "Deze invoegtoepssing installeren voor alle gebruikers van deze computer..."
Er verschijnt weer een nieuw venstertje, klik hier op "Installeren".
Klik nu op "Start scan". Bitdefender wordt nu geüpdate en gaat scannen.
Sluit het venster als de scan gedaan is.
Daarna komt er een nieuw schermje met de keuze om de log naar bitdefender te sturen, als je dit wil mag dit, maar het is niet noodzakelijk.
Open verkenner (rechtsklik op Start), ga naar "C:\WINDOWS\BDOSCAN8" en post de inhoud van het bestandje genaamd "bdoscan.log" in je volgende bericht.


Woudje100

Na een paar pogingen hierbij de "bdoscan.log": (enigste bestand met een kladblok)

[General]
App = "楂䑴晥湥敤⁲湏楬敮匠慣湮牥 v8"
Date = 27:09:2010
Time = 23:44:42
Scan Path = C:\;E:\;F:\;G:\;H:\;I:\;J:\;
[Engines Info]
Virus Definitions = 6485431
Engine build = "AVCORE v2.1 Windows/i386 11.0.0.33 (Aug 31 2010)"
Scan plugins = 18
Archive plugins = 44
Unpack plugins = 10
E-mail plugins = 6
System plugins = 4
[Scan Statistics]
Folders = 11473
Files = 412043
Archives = 5183
Packed files = 13507
Identified viruses = 13
Infected files = 72
Warnings = 0
Suspect files = 0
Disinfected files = 0
Deleted files = 98
Copied files = 0
Moved files = 0
Renamed files = 0
I/O Errors = 24
[Scan Settings]
SecondAction = Delete
FirstAction = Disinfect
Heuristics = 1
Enable Warnings = 1
Exclude Ext =
Extensions = *;
Scan Emails = 1
Scan Archives = 1
Scan Packed = 1
Scan Files = 1
Scan Boot = 1
Verify Memory = 0
[Scan Results]
Line00000215 = "C:\Documents and Settings\Ming Khe\Bureaublad\Ming Khe Map\mingkhe\Everest Poker.exe=>(Embedded EXE o) Detected with: Adware.Casino.CV"
Line00000214 = "C:\Documents and Settings\Ming Khe\Bureaublad\Ming Khe Map\mingkhe\Everest Poker.exe=>(Embedded EXE o) Disinfection failed"
Line00000213 = "C:\Documents and Settings\Ming Khe\Bureaublad\Ming Khe Map\mingkhe\Everest Poker.exe=>(Embedded EXE o) Delete failed"
Line00000212 = "C:\System Volume Information\_restore{3DE8B63E-04C0-4590-A869-357497E116EF}\RP11\A0001475.exe=>(Embedded EXE o) Detected with: Adware.Casino.CV"
Line00000211 = "C:\System Volume Information\_restore{3DE8B63E-04C0-4590-A869-357497E116EF}\RP11\A0001475.exe=>(Embedded EXE o) Disinfection failed"
Line00000210 = "C:\System Volume Information\_restore{3DE8B63E-04C0-4590-A869-357497E116EF}\RP11\A0001475.exe=>(Embedded EXE o) Delete failed"
Line00000209 = "C:\System Volume Information\_restore{3DE8B63E-04C0-4590-A869-357497E116EF}\RP17\A0002706.exe=>(Embedded EXE o) Detected with: Adware.Casino.CV"
Line00000208 = "C:\System Volume Information\_restore{3DE8B63E-04C0-4590-A869-357497E116EF}\RP17\A0002706.exe=>(Embedded EXE o) Disinfection failed"
Line00000207 = "C:\System Volume Information\_restore{3DE8B63E-04C0-4590-A869-357497E116EF}\RP17\A0002706.exe=>(Embedded EXE o) Delete failed"
Line00000206 = "C:\System Volume Information\_restore{3DE8B63E-04C0-4590-A869-357497E116EF}\RP27\A0004739.exe=>(Embedded EXE o) Detected with: Adware.Casino.CV"
Line00000205 = "C:\System Volume Information\_restore{3DE8B63E-04C0-4590-A869-357497E116EF}\RP27\A0004739.exe=>(Embedded EXE o) Disinfection failed"
Line00000204 = "C:\System Volume Information\_restore{3DE8B63E-04C0-4590-A869-357497E116EF}\RP27\A0004739.exe=>(Embedded EXE o) Delete failed"
Line00000203 = "C:\System Volume Information\_restore{3DE8B63E-04C0-4590-A869-357497E116EF}\RP37\A0007405.exe=>(Embedded EXE o) Detected with: Adware.Casino.CV"
Line00000202 = "C:\System Volume Information\_restore{3DE8B63E-04C0-4590-A869-357497E116EF}\RP37\A0007405.exe=>(Embedded EXE o) Disinfection failed"
Line00000201 = "C:\System Volume Information\_restore{3DE8B63E-04C0-4590-A869-357497E116EF}\RP37\A0007405.exe=>(Embedded EXE o) Delete failed"
Line00000200 = "C:\System Volume Information\_restore{53D55BB8-B566-4C10-9D46-7A91F67F9D28}\RP18\A0007620.exe=>(Embedded EXE o) Detected with: Adware.Casino.CV"
Line00000199 = "C:\System Volume Information\_restore{53D55BB8-B566-4C10-9D46-7A91F67F9D28}\RP18\A0007620.exe=>(Embedded EXE o) Disinfection failed"
Line00000198 = "C:\System Volume Information\_restore{53D55BB8-B566-4C10-9D46-7A91F67F9D28}\RP18\A0007620.exe=>(Embedded EXE o) Delete failed"
Line00000197 = "C:\System Volume Information\_restore{7A46F006-3A92-4F9A-B728-6FC4819C0516}\RP64\A0018801.exe=>(VISE Installer s)=>Gain_Trickler.exe Detected with: Gen:Adware.Heur.mq1@Re@qaVbi"
Line00000196 = "C:\System Volume Information\_restore{7A46F006-3A92-4F9A-B728-6FC4819C0516}\RP64\A0018801.exe=>(VISE Installer s)=>Gain_Trickler.exe Disinfection failed"
Line00000195 = "C:\System Volume Information\_restore{7A46F006-3A92-4F9A-B728-6FC4819C0516}\RP64\A0018801.exe=>(VISE Installer s)=>Gain_Trickler.exe Delete failed"
Line00000194 = "C:\System Volume Information\_restore{7A46F006-3A92-4F9A-B728-6FC4819C0516}\RP83\A0021100.exe=>(Instyler o)=>(Instyler Module 12) Detected with: Adware.Whenu.Savenow.A"
Line00000193 = "C:\System Volume Information\_restore{7A46F006-3A92-4F9A-B728-6FC4819C0516}\RP83\A0021100.exe=>(Instyler o)=>(Instyler Module 12) Disinfection failed"
Line00000192 = "C:\System Volume Information\_restore{7A46F006-3A92-4F9A-B728-6FC4819C0516}\RP83\A0021100.exe=>(Instyler o)=>(Instyler Module 12) Delete failed"
Line00000191 = "C:\System Volume Information\_restore{7A46F006-3A92-4F9A-B728-6FC4819C0516}\RP83\A0021100.exe=>(Instyler o)=>(Instyler Module 13) Detected with: Adware.NewDotNet.BJ"
Line00000190 = "C:\System Volume Information\_restore{7A46F006-3A92-4F9A-B728-6FC4819C0516}\RP83\A0021100.exe=>(Instyler o)=>(Instyler Module 13) Disinfection failed"
Line00000189 = "C:\System Volume Information\_restore{7A46F006-3A92-4F9A-B728-6FC4819C0516}\RP83\A0021100.exe=>(Instyler o)=>(Instyler Module 13) Delete failed"
Line00000188 = "C:\System Volume Information\_restore{7A46F006-3A92-4F9A-B728-6FC4819C0516}\RP83\A0022180.exe=>(Instyler o)=>(Instyler Module 12) Detected with: Adware.Whenu.Savenow.A"
Line00000187 = "C:\System Volume Information\_restore{7A46F006-3A92-4F9A-B728-6FC4819C0516}\RP83\A0022180.exe=>(Instyler o)=>(Instyler Module 12) Disinfection failed"
Line00000186 = "C:\System Volume Information\_restore{7A46F006-3A92-4F9A-B728-6FC4819C0516}\RP83\A0022180.exe=>(Instyler o)=>(Instyler Module 12) Delete failed"
Line00000185 = "C:\System Volume Information\_restore{7A46F006-3A92-4F9A-B728-6FC4819C0516}\RP83\A0022180.exe=>(Instyler o)=>(Instyler Module 13) Detected with: Adware.NewDotNet.BJ"
Line00000184 = "C:\System Volume Information\_restore{7A46F006-3A92-4F9A-B728-6FC4819C0516}\RP83\A0022180.exe=>(Instyler o)=>(Instyler Module 13) Disinfection failed"
Line00000183 = "C:\System Volume Information\_restore{7A46F006-3A92-4F9A-B728-6FC4819C0516}\RP83\A0022180.exe=>(Instyler o)=>(Instyler Module 13) Delete failed"
Line00000182 = "C:\System Volume Information\_restore{7A46F006-3A92-4F9A-B728-6FC4819C0516}\RP86\A0022732.exe=>(Embedded EXE o) Detected with: Adware.Casino.AE"
Line00000181 = "C:\System Volume Information\_restore{7A46F006-3A92-4F9A-B728-6FC4819C0516}\RP86\A0022732.exe=>(Embedded EXE o) Disinfection failed"
Line00000180 = "C:\System Volume Information\_restore{7A46F006-3A92-4F9A-B728-6FC4819C0516}\RP86\A0022732.exe=>(Embedded EXE o) Delete failed"
Line00000179 = "C:\System Volume Information\_restore{8BC6C540-35F1-4BA3-9DF8-1CFBCCC6AE66}\RP107\A0045810.exe=>wise0017 Detected with: Gen:Adware.Heur.hq1@R0TqtToi"
Line00000178 = "C:\System Volume Information\_restore{8BC6C540-35F1-4BA3-9DF8-1CFBCCC6AE66}\RP107\A0045810.exe=>wise0017 Disinfection failed"
Line00000177 = "C:\System Volume Information\_restore{8BC6C540-35F1-4BA3-9DF8-1CFBCCC6AE66}\RP107\A0045810.exe=>wise0017 Delete failed"
Line00000176 = "C:\System Volume Information\_restore{8BC6C540-35F1-4BA3-9DF8-1CFBCCC6AE66}\RP107\A0045817.exe=>(Embedded EXE o) Detected with: Application.Generic.113750"
Line00000175 = "C:\System Volume Information\_restore{8BC6C540-35F1-4BA3-9DF8-1CFBCCC6AE66}\RP107\A0045817.exe=>(Embedded EXE o) Disinfection failed"
Line00000174 = "C:\System Volume Information\_restore{8BC6C540-35F1-4BA3-9DF8-1CFBCCC6AE66}\RP107\A0045817.exe=>(Embedded EXE o) Delete failed"
Line00000173 = "C:\System Volume Information\_restore{8BC6C540-35F1-4BA3-9DF8-1CFBCCC6AE66}\RP128\A0113787.exe=>(Embedded EXE o) Detected with: Adware.Casino.CV"
Line00000172 = "C:\System Volume Information\_restore{8BC6C540-35F1-4BA3-9DF8-1CFBCCC6AE66}\RP128\A0113787.exe=>(Embedded EXE o) Disinfection failed"
Line00000171 = "C:\System Volume Information\_restore{8BC6C540-35F1-4BA3-9DF8-1CFBCCC6AE66}\RP128\A0113787.exe=>(Embedded EXE o) Delete failed"
Line00000170 = "C:\System Volume Information\_restore{8BC6C540-35F1-4BA3-9DF8-1CFBCCC6AE66}\RP128\A0113793.exe=>wise0017 Detected with: Application.Browser.Modifier.Navexcel.Search.Toolb ar.R"
Line00000169 = "C:\System Volume Information\_restore{8BC6C540-35F1-4BA3-9DF8-1CFBCCC6AE66}\RP128\A0113793.exe=>wise0017 Disinfection failed"
Line00000168 = "C:\System Volume Information\_restore{8BC6C540-35F1-4BA3-9DF8-1CFBCCC6AE66}\RP128\A0113793.exe=>wise0017 Delete failed"
Line00000167 = "C:\System Volume Information\_restore{8BC6C540-35F1-4BA3-9DF8-1CFBCCC6AE66}\RP128\A0113793.exe=>wise0018 Infected with: Trojan.Downloader.Adload.A"
Line00000166 = "C:\System Volume Information\_restore{8BC6C540-35F1-4BA3-9DF8-1CFBCCC6AE66}\RP128\A0113793.exe=>wise0018 Disinfection failed"
Line00000165 = "C:\System Volume Information\_restore{8BC6C540-35F1-4BA3-9DF8-1CFBCCC6AE66}\RP128\A0113793.exe=>wise0018 Delete failed"
Line00000164 = "C:\System Volume Information\_restore{8BC6C540-35F1-4BA3-9DF8-1CFBCCC6AE66}\RP128\A0113793.exe=>wise0019 Detected with: Gen:Adware.Heur.gq1@R0KVdygi"
Line00000163 = "C:\System Volume Information\_restore{8BC6C540-35F1-4BA3-9DF8-1CFBCCC6AE66}\RP128\A0113793.exe=>wise0019 Disinfection failed"
Line00000162 = "C:\System Volume Information\_restore{8BC6C540-35F1-4BA3-9DF8-1CFBCCC6AE66}\RP128\A0113793.exe=>wise0019 Delete failed"
Line00000161 = "C:\System Volume Information\_restore{8BC6C540-35F1-4BA3-9DF8-1CFBCCC6AE66}\RP26\A0002301.exe=>(VISE Installer s)=>Gain_Trickler.exe Detected with: Gen:Adware.Heur.mq1@Re@qaVbi"
Line00000160 = "C:\System Volume Information\_restore{8BC6C540-35F1-4BA3-9DF8-1CFBCCC6AE66}\RP26\A0002301.exe=>(VISE Installer s)=>Gain_Trickler.exe Disinfection failed"
Line00000159 = "C:\System Volume Information\_restore{8BC6C540-35F1-4BA3-9DF8-1CFBCCC6AE66}\RP26\A0002301.exe=>(VISE Installer s)=>Gain_Trickler.exe Delete failed"
Line00000158 = "C:\System Volume Information\_restore{8BC6C540-35F1-4BA3-9DF8-1CFBCCC6AE66}\RP47\A0006522.exe=>(VISE Installer s)=>Gain_Trickler.exe Detected with: Gen:Adware.Heur.mq1@Re@qaVbi"
Line00000157 = "C:\System Volume Information\_restore{8BC6C540-35F1-4BA3-9DF8-1CFBCCC6AE66}\RP47\A0006522.exe=>(VISE Installer s)=>Gain_Trickler.exe Disinfection failed"
Line00000156 = "C:\System Volume Information\_restore{8BC6C540-35F1-4BA3-9DF8-1CFBCCC6AE66}\RP47\A0006522.exe=>(VISE Installer s)=>Gain_Trickler.exe Delete failed"
Line00000155 = "C:\System Volume Information\_restore{98E33272-BC59-45FA-8BE4-ABD944A1CD30}\RP1\A0000477.exe=>(Embedded EXE o) Detected with: Adware.Casino.CV"
Line00000154 = "C:\System Volume Information\_restore{98E33272-BC59-45FA-8BE4-ABD944A1CD30}\RP1\A0000477.exe=>(Embedded EXE o) Disinfection failed"
Line00000153 = "C:\System Volume Information\_restore{98E33272-BC59-45FA-8BE4-ABD944A1CD30}\RP1\A0000477.exe=>(Embedded EXE o) Delete failed"
Line00000152 = "C:\System Volume Information\_restore{BB303A57-0ECC-45F3-8D65-743481DED653}\RP81\A0015937.exe=>(Instyler o)=>(Instyler Module 5)=>(Embedded EXE o) Infected with: Win32.Worm.Viking.C"
Line00000151 = "C:\System Volume Information\_restore{BB303A57-0ECC-45F3-8D65-743481DED653}\RP81\A0015937.exe=>(Instyler o)=>(Instyler Module 5)=>(Embedded EXE o) Disinfection failed"
Line00000150 = "C:\System Volume Information\_restore{BB303A57-0ECC-45F3-8D65-743481DED653}\RP81\A0015937.exe=>(Instyler o)=>(Instyler Module 5)=>(Embedded EXE o) Delete failed"
Line00000149 = "C:\System Volume Information\_restore{BB303A57-0ECC-45F3-8D65-743481DED653}\RP81\A0015937.exe=>(Instyler o)=>(Instyler Module 11)=>(Embedded EXE o) Infected with: Win32.Worm.Viking.C"
Line00000148 = "C:\System Volume Information\_restore{BB303A57-0ECC-45F3-8D65-743481DED653}\RP81\A0015937.exe=>(Instyler o)=>(Instyler Module 11)=>(Embedded EXE o) Disinfection failed"
Line00000147 = "C:\System Volume Information\_restore{BB303A57-0ECC-45F3-8D65-743481DED653}\RP81\A0015937.exe=>(Instyler o)=>(Instyler Module 11)=>(Embedded EXE o) Delete failed"
Line00000146 = "C:\WINDOWS\system32\llk1191590201.h=>(unicode) Infected with: Trojan.Downloader.Agent.YVW"
Line00000145 = "C:\WINDOWS\system32\llk1191590201.h=>(unicode) Deleted"
Line00000144 = "C:\WINDOWS\system32\llk1191590201.h Deleted"
Line00000143 = "C:\WINDOWS\system32\llk1191593834.h=>(unicode) Infected with: Trojan.Downloader.Agent.YVW"
Line00000142 = "C:\WINDOWS\system32\llk1191593834.h=>(unicode) Deleted"
Line00000141 = "C:\WINDOWS\system32\llk1191593834.h Deleted"
Line00000140 = "C:\WINDOWS\system32\llk1191597468.h=>(unicode) Infected with: Trojan.Downloader.Agent.YVW"
Line00000139 = "C:\WINDOWS\system32\llk1191597468.h=>(unicode) Deleted"
Line00000138 = "C:\WINDOWS\system32\llk1191597468.h Deleted"
Line00000137 = "C:\WINDOWS\system32\llk1191634109.h=>(unicode) Infected with: Trojan.Downloader.Agent.YVW"
Line00000136 = "C:\WINDOWS\system32\llk1191634109.h=>(unicode) Deleted"
Line00000135 = "C:\WINDOWS\system32\llk1191634109.h Deleted"
Line00000134 = "C:\WINDOWS\system32\llk1191634278.h=>(unicode) Infected with: Trojan.Downloader.Agent.YVW"
Line00000133 = "C:\WINDOWS\system32\llk1191634278.h=>(unicode) Deleted"
Line00000132 = "C:\WINDOWS\system32\llk1191634278.h Deleted"
Line00000131 = "C:\WINDOWS\system32\llk1191637923.h=>(unicode) Infected with: Trojan.Downloader.Agent.YVW"
Line00000130 = "C:\WINDOWS\system32\llk1191637923.h=>(unicode) Deleted"
Line00000129 = "C:\WINDOWS\system32\llk1191637923.h Deleted"
Line00000128 = "C:\WINDOWS\system32\llk1191637937.h=>(unicode) Infected with: Trojan.Downloader.Agent.YVW"
Line00000127 = "C:\WINDOWS\system32\llk1191637937.h=>(unicode) Deleted"
Line00000126 = "C:\WINDOWS\system32\llk1191637937.h Deleted"
Line00000125 = "C:\WINDOWS\system32\llk1191641601.h=>(unicode) Infected with: Trojan.Downloader.Agent.YVW"
Line00000124 = "C:\WINDOWS\system32\llk1191641601.h=>(unicode) Deleted"
Line00000123 = "C:\WINDOWS\system32\llk1191641601.h Deleted"
Line00000122 = "C:\WINDOWS\system32\llk1191645232.h=>(unicode) Infected with: Trojan.Downloader.Agent.YVW"
Line00000121 = "C:\WINDOWS\system32\llk1191645232.h=>(unicode) Deleted"
Line00000120 = "C:\WINDOWS\system32\llk1191645232.h Deleted"
Line00000119 = "C:\WINDOWS\system32\llk1191648863.h=>(unicode) Infected with: Trojan.Downloader.Agent.YVW"
Line00000118 = "C:\WINDOWS\system32\llk1191648863.h=>(unicode) Deleted"
Line00000117 = "C:\WINDOWS\system32\llk1191648863.h Deleted"
Line00000116 = "C:\WINDOWS\system32\llk1191668847.h=>(unicode) Infected with: Trojan.Downloader.Agent.YVW"
Line00000115 = "C:\WINDOWS\system32\llk1191668847.h=>(unicode) Deleted"
Line00000114 = "C:\WINDOWS\system32\llk1191668847.h Deleted"
Line00000113 = "C:\WINDOWS\system32\llk1191672492.h=>(unicode) Infected with: Trojan.Downloader.Agent.YVW"
Line00000112 = "C:\WINDOWS\system32\llk1191672492.h=>(unicode) Deleted"
Line00000111 = "C:\WINDOWS\system32\llk1191672492.h Deleted"
Line00000110 = "C:\WINDOWS\system32\llk1191675633.h=>(unicode) Infected with: Trojan.Downloader.Agent.YVW"
Line00000109 = "C:\WINDOWS\system32\llk1191675633.h=>(unicode) Deleted"
Line00000108 = "C:\WINDOWS\system32\llk1191675633.h Deleted"
Line00000107 = "C:\WINDOWS\system32\llk1191677037.h=>(unicode) Infected with: Trojan.Downloader.Agent.YVW"
Line00000106 = "C:\WINDOWS\system32\llk1191677037.h=>(unicode) Deleted"
Line00000105 = "C:\WINDOWS\system32\llk1191677037.h Deleted"
Line00000104 = "C:\WINDOWS\system32\llk1191677200.h=>(unicode) Infected with: Trojan.Downloader.Agent.YVW"
Line00000103 = "C:\WINDOWS\system32\llk1191677200.h=>(unicode) Deleted"
Line00000102 = "C:\WINDOWS\system32\llk1191677200.h Deleted"
Line00000101 = "C:\WINDOWS\system32\llk1191677226.h=>(unicode) Infected with: Trojan.Downloader.Agent.YVW"
Line00000100 = "C:\WINDOWS\system32\llk1191677226.h=>(unicode) Deleted"
Line00000099 = "C:\WINDOWS\system32\llk1191677226.h Deleted"
Line00000098 = "C:\WINDOWS\system32\llk1191680885.h=>(unicode) Infected with: Trojan.Downloader.Agent.YVW"
Line00000097 = "C:\WINDOWS\system32\llk1191680885.h=>(unicode) Deleted"
Line00000096 = "C:\WINDOWS\system32\llk1191680885.h Deleted"
Line00000095 = "C:\WINDOWS\system32\llk1191684519.h=>(unicode) Infected with: Trojan.Downloader.Agent.YVW"
Line00000094 = "C:\WINDOWS\system32\llk1191684519.h=>(unicode) Deleted"
Line00000093 = "C:\WINDOWS\system32\llk1191684519.h Deleted"
Line00000092 = "C:\WINDOWS\system32\llk1191702907.h=>(unicode) Infected with: Trojan.Downloader.Agent.YVW"
Line00000091 = "C:\WINDOWS\system32\llk1191702907.h=>(unicode) Deleted"
Line00000090 = "C:\WINDOWS\system32\llk1191702907.h Deleted"
Line00000089 = "C:\WINDOWS\system32\llk1191706550.h=>(unicode) Infected with: Trojan.Downloader.Agent.YVW"
Line00000088 = "C:\WINDOWS\system32\llk1191706550.h=>(unicode) Deleted"
Line00000087 = "C:\WINDOWS\system32\llk1191706550.h Deleted"
Line00000086 = "C:\WINDOWS\system32\llk1191710181.h=>(unicode) Infected with: Trojan.Downloader.Agent.YVW"
Line00000085 = "C:\WINDOWS\system32\llk1191710181.h=>(unicode) Deleted"
Line00000084 = "C:\WINDOWS\system32\llk1191710181.h Deleted"
Line00000083 = "C:\WINDOWS\system32\llk1191713816.h=>(unicode) Infected with: Trojan.Downloader.Agent.YVW"
Line00000082 = "C:\WINDOWS\system32\llk1191713816.h=>(unicode) Deleted"
Line00000081 = "C:\WINDOWS\system32\llk1191713816.h Deleted"
Line00000080 = "C:\WINDOWS\system32\llk1191714560.h=>(unicode) Infected with: Trojan.Downloader.Agent.YVW"
Line00000079 = "C:\WINDOWS\system32\llk1191714560.h=>(unicode) Deleted"
Line00000078 = "C:\WINDOWS\system32\llk1191714560.h Deleted"
Line00000077 = "C:\WINDOWS\system32\llk1191714699.h=>(unicode) Infected with: Trojan.Downloader.Agent.YVW"
Line00000076 = "C:\WINDOWS\system32\llk1191714699.h=>(unicode) Deleted"
Line00000075 = "C:\WINDOWS\system32\llk1191714699.h Deleted"
Line00000074 = "C:\WINDOWS\system32\llk1191718341.h=>(unicode) Infected with: Trojan.Downloader.Agent.YVW"
Line00000073 = "C:\WINDOWS\system32\llk1191718341.h=>(unicode) Deleted"
Line00000072 = "C:\WINDOWS\system32\llk1191718341.h Deleted"
Line00000071 = "C:\WINDOWS\system32\llk1191722193.h=>(unicode) Infected with: Trojan.Downloader.Agent.YVW"
Line00000070 = "C:\WINDOWS\system32\llk1191722193.h=>(unicode) Deleted"
Line00000069 = "C:\WINDOWS\system32\llk1191722193.h Deleted"
Line00000068 = "C:\WINDOWS\system32\llk1191724328.h=>(unicode) Infected with: Trojan.Downloader.Agent.YVW"
Line00000067 = "C:\WINDOWS\system32\llk1191724328.h=>(unicode) Deleted"
Line00000066 = "C:\WINDOWS\system32\llk1191724328.h Deleted"
Line00000065 = "C:\WINDOWS\system32\llk1191898274.h=>(unicode) Infected with: Trojan.Downloader.INI.B"
Line00000064 = "C:\WINDOWS\system32\llk1191898274.h=>(unicode) Deleted"
Line00000063 = "C:\WINDOWS\system32\llk1191898274.h Deleted"
Line00000062 = "C:\WINDOWS\system32\llk1191905519.h=>(unicode) Infected with: Trojan.Downloader.INI.B"
Line00000061 = "C:\WINDOWS\system32\llk1191905519.h=>(unicode) Deleted"
Line00000060 = "C:\WINDOWS\system32\llk1191905519.h Deleted"
Line00000059 = "C:\WINDOWS\system32\llk1191932202.h=>(unicode) Infected with: Trojan.Downloader.Agent.YVW"
Line00000058 = "C:\WINDOWS\system32\llk1191932202.h=>(unicode) Deleted"
Line00000057 = "C:\WINDOWS\system32\llk1191932202.h Deleted"
Line00000056 = "C:\WINDOWS\system32\llk1191935847.h=>(unicode) Infected with: Trojan.Downloader.Agent.YVW"
Line00000055 = "C:\WINDOWS\system32\llk1191935847.h=>(unicode) Deleted"
Line00000054 = "C:\WINDOWS\system32\llk1191935847.h Deleted"
Line00000053 = "C:\WINDOWS\system32\llk1191939485.h=>(unicode) Infected with: Trojan.Downloader.Agent.YVW"
Line00000052 = "C:\WINDOWS\system32\llk1191939485.h=>(unicode) Deleted"
Line00000051 = "C:\WINDOWS\system32\llk1191939485.h Deleted"
Line00000050 = "C:\WINDOWS\system32\llk1191943118.h=>(unicode) Infected with: Trojan.Downloader.Agent.YVW"
Line00000049 = "C:\WINDOWS\system32\llk1191943118.h=>(unicode) Deleted"
Line00000048 = "C:\WINDOWS\system32\llk1191943118.h Deleted"
Line00000047 = "C:\WINDOWS\system32\llk1191946748.h=>(unicode) Infected with: Trojan.Downloader.Agent.YVW"
Line00000046 = "C:\WINDOWS\system32\llk1191946748.h=>(unicode) Deleted"
Line00000045 = "C:\WINDOWS\system32\llk1191946748.h Deleted"
Line00000044 = "C:\WINDOWS\system32\llk1191959350.h=>(unicode) Infected with: Trojan.Downloader.Agent.YVW"
Line00000043 = "C:\WINDOWS\system32\llk1191959350.h=>(unicode) Deleted"
Line00000042 = "C:\WINDOWS\system32\llk1191959350.h Deleted"
Line00000041 = "C:\WINDOWS\system32\llk1191963065.h=>(unicode) Infected with: Trojan.Downloader.Agent.YVW"
Line00000040 = "C:\WINDOWS\system32\llk1191963065.h=>(unicode) Deleted"
Line00000039 = "C:\WINDOWS\system32\llk1191963065.h Deleted"
Line00000038 = "C:\WINDOWS\system32\llk1191972496.h=>(unicode) Infected with: Trojan.Downloader.Agent.YVW"
Line00000037 = "C:\WINDOWS\system32\llk1191972496.h=>(unicode) Deleted"
Line00000036 = "C:\WINDOWS\system32\llk1191972496.h Deleted"
Line00000035 = "C:\WINDOWS\system32\llk1191981150.h=>(unicode) Infected with: Trojan.Downloader.Agent.YVW"
Line00000034 = "C:\WINDOWS\system32\llk1191981150.h=>(unicode) Deleted"
Line00000033 = "C:\WINDOWS\system32\llk1191981150.h Deleted"
Line00000032 = "C:\WINDOWS\system32\llk1191984793.h=>(unicode) Infected with: Trojan.Downloader.Agent.YVW"
Line00000031 = "C:\WINDOWS\system32\llk1191984793.h=>(unicode) Deleted"
Line00000030 = "C:\WINDOWS\system32\llk1191984793.h Deleted"
Line00000029 = "C:\WINDOWS\system32\llk1192019707.h=>(unicode) Infected with: Trojan.Downloader.INI.B"
Line00000028 = "C:\WINDOWS\system32\llk1192019707.h=>(unicode) Deleted"
Line00000027 = "C:\WINDOWS\system32\llk1192019707.h Deleted"
Line00000026 = "C:\WINDOWS\system32\llk1192021422.h=>(unicode) Infected with: Trojan.Downloader.INI.B"
Line00000025 = "C:\WINDOWS\system32\llk1192021422.h=>(unicode) Deleted"
Line00000024 = "C:\WINDOWS\system32\llk1192021422.h Deleted"
Line00000023 = "C:\WINDOWS\system32\llk1192028669.h=>(unicode) Infected with: Trojan.Downloader.INI.B"
Line00000022 = "C:\WINDOWS\system32\llk1192028669.h=>(unicode) Deleted"
Line00000021 = "C:\WINDOWS\system32\llk1192028669.h Deleted"
Line00000020 = "C:\WINDOWS\system32\llk1192035906.h=>(unicode) Infected with: Trojan.Downloader.INI.B"
Line00000019 = "C:\WINDOWS\system32\llk1192035906.h=>(unicode) Deleted"
Line00000018 = "C:\WINDOWS\system32\llk1192035906.h Deleted"
Line00000017 = "C:\WINDOWS\system32\llk1192036597.h=>(unicode) Infected with: Trojan.Downloader.INI.B"
Line00000016 = "C:\WINDOWS\system32\llk1192036597.h=>(unicode) Deleted"
Line00000015 = "C:\WINDOWS\system32\llk1192036597.h Deleted"
Line00000014 = "C:\WINDOWS\system32\llk1192036797.h=>(unicode) Infected with: Trojan.Downloader.INI.B"
Line00000013 = "C:\WINDOWS\system32\llk1192036797.h=>(unicode) Deleted"
Line00000012 = "C:\WINDOWS\system32\llk1192036797.h Deleted"
Line00000011 = "C:\WINDOWS\system32\llk1192044037.h=>(unicode) Infected with: Trojan.Downloader.INI.B"
Line00000010 = "C:\WINDOWS\system32\llk1192044037.h=>(unicode) Deleted"
Line00000009 = "C:\WINDOWS\system32\llk1192044037.h Deleted"
Line00000008 = "C:\WINDOWS\system32\llk1192068779.h=>(unicode) Infected with: Trojan.Downloader.INI.B"
Line00000007 = "C:\WINDOWS\system32\llk1192068779.h=>(unicode) Deleted"
Line00000006 = "C:\WINDOWS\system32\llk1192068779.h Deleted"
Line00000005 = "C:\WINDOWS\system32\llk1192076037.h=>(unicode) Infected with: Trojan.Downloader.INI.B"
Line00000004 = "C:\WINDOWS\system32\llk1192076037.h=>(unicode) Deleted"
Line00000003 = "C:\WINDOWS\system32\llk1192076037.h Deleted"
Line00000002 = "C:\WINDOWS\system32\llk1192102751.h=>(unicode) Infected with: Trojan.Downloader.INI.B"
Line00000001 = "C:\WINDOWS\system32\llk1192102751.h=>(unicode) Deleted"
Line00000000 = "C:\WINDOWS\system32\llk1192102751.h Deleted"

Hallo,

* Download en unzip Killbox (http://www.downloads.subratam.org/KillBox.exe) naar je bureaublad.
Klik op killbox.exe.
Selecteer de optie "Delete on reboot".
In het veld "Full Path of File to Delete" kopieer en plak je het volgende:

C:\Documents and Settings\Ming Khe\Bureaublad\Ming Khe Map\mingkhe\Everest Poker.exe

Klik op de knop: single file (!Belangrijk!)

Daarna, Klik op de rode cirkel met het wit kruisje erin.
Killbox zal zeggen dat deze file zal verwijderd worden on reboot.. vraagt om nu te rebooten. Klik YES.

Je pc moet nu rebooten.


- Ga naar Start/Alle programma's/Bureau-accessoires/Systeemwerkset/Systeemherstel.
- Klik in de linkerhelft van het venster op "Instellingen van systeemherstel".
- Zet een vinkje voor "Systeemherstel uitschakelen".
- Klik "Toepassen".
- Windows vraagt of je dat zeker weet.
- Klik "Ja".
- Klik "OK".
- Start de pc opnieuw op.
- Ga weer naar Start/Alle programma's/Bureau-accessoires/Systeemwerkset/Systeemherstel.
- Je krijgt de melding: "Systeemherstel is uitgeschakeld. Wilt u systeemherstel nu inschakelen?"
- Klik "Ja".
- Verwijder het vinkje voor "Systeemherstel uitschakelen".
- Klik "Toepassen".
- Klik "OK".
- Start de pc opnieuw op
- Er is nu een nieuw schoon herstel punt aangemaakt

Ik heb nog een paar tips op een rij gezet:

1.) Installeren van essentiële updates.
Hoe u uw besturingssysteem en overige software up to date houdt kunt u hier (http://www.malwareinfo.nl/handigetips/updates.html) lezen.
Door middel van het programma Secunia PSI wordt u automatisch gewaarschuwd indien er updates voor de geïnstalleerde software beschikbaar is, meer informatie leest u hier (http://www.malwareinfo.nl/handleidingen/secunia.html)

2.) Installeren van de MVPs (hosts) file
Door middel van het aanpassen van het "hosts" bestand kunt u uw computer nog beter beschermen, meer informatie over het aanpassen van het hosts bestand leest u hier (http://www.malwareinfo.nl/handleidingen/mvpshosts.html)

3.) Risico's bij het downloaden
Peer to Peer (P2P) netwerken en ook Usenet (nieuwsgroepen) zijn een grote bron op het internet wat betreft het verspreiden van malware, het aanbieden van 'gevaarlijke' software (malware) gebeurt vrijwel anoniem waardoor dit een veel gebruikte methode is voor het verspreiden van malware.
Meer informatie hierover leest u hier (http://www.malwareinfo.nl/artikelen/p2pnetwerken.html)

4.) Preventie informatie & het gebruik van beveiligings software.
Hier (http://www.malwareinfo.nl/malware/malwarepreventie.html) en hier (http://users.telenet.be/marcvn/spyware/1564073.htm) staat informatie hoe u een infectie kunt voorkomen, lees dit eens op uw gemak door.

Meer informatie over het gebruik van "beveiligings software" en "valse (nep) software" (rogueware) leest u hier (http://www.malwareinfo.nl/diversen/beveiligingssoftware.html)

Woudje100