Weergegeven resultaten: 1 t/m 9 van 9

Discussie: Keylogged

  1. 14 June 2009, 18:57 #1
    Khalkaroth
    Khalkaroth is offline
    Beginner  
    Geregistreerd
    14 June 2009
    Berichten
    4
    Bedankjes
    0
    Bedankt
    0 keer in 0 posts

    Keylogged

    Mijn computer is gekeylogged geweest waardoor iemand toegang heeft gekregen tot mijn World of Warcraft account en op die manier al mijn karakter's spullen kon verkopen, alsook me mijn toegang tot het spel heeft weten te ontzeggen. Het voornaamste is dus dat ik weet of die keylogger nog aanwezig is of niet, en hoe hem te verwijderen.

    De scans die ik ondertussen al heb gedaan zijn met de programma's:
    - ATF Cleaner
    - Ad-Aware
    - Spybot Search & Destroy
    - MBAM
    - Virusscan met de internetscanner van Bitdefender

    Hijackthis log:
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 18:45:14, on 14/06/2009
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
    C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLCapSvc.exe
    C:\Program Files\Home Cinema\PowerCinema\Kernel\CLML_NTService\CLMLServe r.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\CA\eTrust Antivirus\InoRpc.exe
    C:\Program Files\CA\eTrust Antivirus\InoRT.exe
    C:\Program Files\CyberLink\Shared Files\RichVideo.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\WINDOWS\AGRSMMSG.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\Launch Manager\LaunchAp.exe
    C:\Program Files\Launch Manager\HotkeyApp.exe
    C:\Program Files\Launch Manager\OSD.exe
    C:\Program Files\Launch Manager\Wbutton.exe
    C:\PROGRA~1\CA\ETRUST~1\realmon.exe
    C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
    C:\Program Files\Home Cinema\PowerDVD\PDVDServ.exe
    C:\Program Files\Home Cinema\PowerCinema\PCMService.exe
    C:\WINDOWS\system32\fxssvc.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\PROGRA~1\AVG\AVG8\avgtray.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\PROGRA~1\AVG\AVG8\avgrsx.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLSched.exe
    C:\PROGRA~1\AVG\AVG8\avgnsx.exe
    C:\Program Files\Windows Media Player\WMPNSCFG.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Voipwise.com\Voipwise\Voipwise.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\system32\wbem\wmiapsrv.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\Program Files\Microsoft Office\Office12\WINWORD.EXE
    C:\Program Files\AVG\AVG8\avgcsrvx.exe
    C:\Program Files\Microsoft Works\WkDStore.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.aldi.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.aldi.com/
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.aldi.com/
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O1 - Hosts: 216.107.250.194 nprotect.lineage2.com ## Game Guard by pass ##
    O1 - Hosts: 67.205.77.113 L2testauthd.lineage2.com ## L2Sirius x45##
    O1 - Hosts: 67.205.77.113 L2authd.lineage2.com ## L2Sirius x45##
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
    O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
    O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime
    O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
    O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
    O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [LaunchAp] "C:\Program Files\Launch Manager\LaunchAp.exe"
    O4 - HKLM\..\Run: [HotkeyApp] "C:\Program Files\Launch Manager\HotkeyApp.exe"
    O4 - HKLM\..\Run: [CtrlVol] "C:\Program Files\Launch Manager\CtrlVol.exe"
    O4 - HKLM\..\Run: [LMgrOSD] "C:\Program Files\Launch Manager\OSD.exe"
    O4 - HKLM\..\Run: [Wbutton] "C:\Program Files\Launch Manager\Wbutton.exe"
    O4 - HKLM\..\Run: [AntivirusRegistration] C:\Program Files\CA\Etrust Antivirus\Register.exe
    O4 - HKLM\..\Run: [Realtime Monitor] C:\PROGRA~1\CA\ETRUST~1\realmon.exe -s
    O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
    O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
    O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
    O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\Home Cinema\PowerDVD\PDVDServ.exe"
    O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Home Cinema\PowerCinema\PCMService.exe"
    O4 - HKLM\..\Run: [InstantOn] "C:\Programme\CyberLink\PowerCinema Linux\ion_install.exe /c "
    O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
    O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [Voipwise] "C:\Program Files\Voipwise.com\Voipwise\Voipwise.exe" -nosplash -minimized
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Startup: PowerReg Scheduler V3.exe
    O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm
    O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
    O8 - Extra context menu item: Verzenden naar &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
    O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
    O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
    O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O14 - IERESET.INF: START_PAGE_URL=http://www.aldi.com/
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary...r.cab56986.cab
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/reso...an8/oscan8.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1124454307790
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary...o.cab56649.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab
    O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab57176.cab
    O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
    O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
    O23 - Service: Mobiel Apple apparaat (Apple Mobile Device) - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
    O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLCapSvc.exe
    O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLSched.exe
    O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\Home Cinema\PowerCinema\Kernel\CLML_NTService\CLMLServe r.exe
    O23 - Service: eTrust Antivirus RPC Server (InoRPC) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoRpc.exe
    O23 - Service: eTrust Antivirus Realtime Server (InoRT) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoRT.exe
    O23 - Service: eTrust Antivirus Job Server (InoTask) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoTask.exe
    O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
    O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
    O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe

    --
    End of file - 12129 bytes
  2. 14 June 2009, 23:19 #2
    EdGi
    EdGi is offline
    Gevorderd  
    Geregistreerd
    1 August 2008
    Locatie
    Wuustwezel (Antwerpen)
    Berichten
    118
    Bedankjes
    311
    Bedankt
    64 keer in 30 posts
    Hoi,
    Al geprobeerd met AVG 8 freeware?
    Groetjes EdGi
  3. 15 June 2009, 03:21 #3
    namaste
    namaste is offline
    Gevorderd   namaste's schermafbeelding
    Geregistreerd
    3 July 2005
    Berichten
    265
    Bedankjes
    200
    Bedankt
    307 keer in 150 posts
    Boeie, als je ziet welke scanners hij al heeft gebruikt, zal avg er niet veel toedoen.

    Gewoon wachten op reactie van de spywareslayers, zij kunnen normaal aan de hand van die log zien of er nog onregelmatigheden op je pc zitten.

    Nog een scan doen zal niet veel meer opleveren en wie weet is hij er al afgeflikkerd.
    Alhoewel die anti malware progjes dan hadden moeten zeggen dat ze een keylogger of dergelijke gevonden hadden...(dit heb je niet vermeld).

  4. De volgende gebruiker bedankt namaste voor deze nuttige post:

    EdGi (15 June 2009)
  5. 15 June 2009, 07:15 #4
    Khalkaroth
    Khalkaroth is offline
    Beginner  
    Geregistreerd
    14 June 2009
    Berichten
    4
    Bedankjes
    0
    Bedankt
    0 keer in 0 posts
    De programma's hebben nergens expliciet vermeld dat het om een keylogger ging wanneer ze iets detecteerden. Ze hebben wel een aantal dingen gevonden, en die zijn verwijderd of hersteld. Maar ik weet niet wat voor iets ze waren.
  6. 15 June 2009, 13:37 #5
    Juisterr
    Juisterr is offline
    Erelid   Juisterr's schermafbeelding
    Geregistreerd
    31 July 2006
    Locatie
    kotje aan de kust
    Berichten
    3.653
    Bedankjes
    1.008
    Bedankt
    2.268 keer in 1.411 posts
    Start Hijackthis op en kies voor 'Do a system scan only'
    Selecteer alleen de items die hieronder zijn genoemd:

    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
    O4 - Startup: PowerReg Scheduler V3.exe

    Sluit alle vensters behalve Hijackthis
    Klik op 'Fix checked' om de items te verwijderen.


    Volg deze instructies om Combofix te downloaden. Is er iets niet duidelijk, dan vraag je het.
    Voer de instructies op de BleepingComputer pagina uit, inclusief het installeren van de XP Recovery Console.
    Indien je combofix al eerder gebruikt hebt en de recovery console al geïnstalleerd hebt mag je die stap overslaan.

    OPMERKING:
    Indien je, tijdens of na het downloaden van Combofix of tijdens het gebruik van Combofix een melding krijgt van je Antivirus- of een andere realtime scanner,
    schakel dan deze scanner uit en download Combofix opnieuw.
    Sommige scanners zien bepaalde componenten die Combofix gebruikt als verdacht en gaan deze blokkeren of verwijderen!

    Dubbelklik op Combofix.exe, als Combofix aangeeft dat er een nieuwere versie beschikbaar is, dan sta je toe dat deze gedownload wordt.
    Volg de instructies en aanvaard de disclaimer.
    Tijdens het runnen van de fix, NIET in het venster klikken, want dit zal je pc doen vasthangen.
    Wanneer de fix voltooid is en na herstart, zal de log Combofix.txt openen.

    Post de inhoud van dit bestandje samen met een nieuwe hijackthislog.
    "
    "
  7. 15 June 2009, 14:04 #6
    Khalkaroth
    Khalkaroth is offline
    Beginner  
    Geregistreerd
    14 June 2009
    Berichten
    4
    Bedankjes
    0
    Bedankt
    0 keer in 0 posts
    ComboFix 09-06-14.02 - Michel 15/06/2009 13:52.1 - NTFSx86
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.32.1043.18.1022.445 [GMT 2:00]
    Gestart vanuit: c:\documents and settings\Michel\Bureaublad\ComboFix.exe
    AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
    .

    (((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\program files\INSTALL.LOG
    J:\Autorun.inf

    .
    (((((((((((((((((((( Bestanden Gemaakt van 2009-05-15 to 2009-06-15 ))))))))))))))))))))))))))))))
    .

    2009-06-15 11:49 . 2009-06-15 11:49 -------- d-----w- C:\32788R22FWJFW
    2009-06-14 20:16 . 2009-06-14 20:16 -------- d-----w- c:\documents and settings\Michel\Local Settings\Application Data\Blizzard Entertainment
    2009-06-14 16:42 . 2009-06-14 16:42 -------- d-----w- c:\program files\Trend Micro
    2009-06-14 12:07 . 2009-06-14 15:59 -------- d-----w- c:\windows\BDOSCAN8
    2009-06-14 08:39 . 2009-06-14 08:39 -------- d-----w- c:\documents and settings\Michel\Application Data\Malwarebytes
    2009-06-14 08:39 . 2009-05-26 11:20 40160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2009-06-14 08:39 . 2009-06-14 08:39 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2009-06-14 08:39 . 2009-06-14 08:39 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
    2009-06-14 08:39 . 2009-05-26 11:19 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
    2009-06-13 21:12 . 2009-06-13 21:19 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
    2009-06-13 21:12 . 2009-06-13 21:17 -------- d-----w- c:\program files\Spybot - Search & Destroy
    2009-06-11 17:04 . 2009-06-14 10:20 -------- d--h--w- C:\$AVG8.VAULT$
    2009-06-11 16:34 . 2009-06-11 16:34 11952 ----a-w- c:\windows\system32\avgrsstx.dll
    2009-06-11 16:34 . 2009-06-11 16:34 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys
    2009-06-11 16:33 . 2009-06-11 16:33 327688 ----a-w- c:\windows\system32\drivers\avgldx86.sys
    2009-06-11 16:33 . 2009-06-11 16:33 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
    2009-06-11 16:33 . 2009-06-15 11:34 -------- d-----w- c:\windows\system32\drivers\Avg
    2009-06-11 16:33 . 2009-06-14 07:10 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8
    2009-06-11 16:31 . 2009-06-11 16:33 -------- d-----w- c:\program files\AVG
    2009-06-11 12:30 . 2009-06-11 12:30 -------- d-----w- c:\program files\Sierra
    2009-06-10 20:24 . 2009-06-10 20:28 -------- d-----w- c:\documents and settings\Michel\Application Data\Voipwise
    2009-06-10 20:23 . 2009-06-10 20:23 -------- d-----w- c:\program files\Voipwise.com
    2009-06-09 18:57 . 2009-06-09 18:57 -------- d-----w- c:\program files\Combined Community Codec Pack
    2009-06-05 15:55 . 2009-06-05 15:55 -------- d-----w- c:\program files\Activision
    2009-06-01 13:52 . 2009-06-01 13:52 -------- d-----w- c:\program files\iPod
    2009-06-01 13:52 . 2009-06-01 13:53 -------- d-----w- c:\program files\iTunes
    2009-06-01 13:52 . 2009-06-01 13:53 -------- d-----w- c:\documents and settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
    2009-06-01 13:50 . 2009-06-01 13:50 -------- d-----w- c:\program files\Bonjour
    2009-06-01 13:48 . 2009-06-01 13:49 -------- d-----w- c:\program files\QuickTime
    2009-06-01 13:43 . 2009-06-01 13:43 75048 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 8.1.1.10\SetupAdmin.exe
    2009-05-28 15:48 . 2009-05-28 15:48 -------- d-----w- c:\documents and settings\Michel\Application Data\MyRo
    2009-05-28 15:47 . 2009-05-28 15:50 -------- d-----w- c:\program files\Puntenboek
    2009-05-22 10:00 . 2009-06-13 18:59 15688 ----a-w- c:\windows\system32\lsdelete.exe
    2009-05-22 09:11 . 2009-05-22 09:11 -------- d-----w- c:\documents and settings\LocalService\Bureaublad
    2009-05-22 09:04 . 2009-05-22 09:04 64160 ----a-w- c:\windows\system32\drivers\Lbd.sys
    2009-05-22 09:04 . 2009-05-22 09:04 64160 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Drivers\32\lbd.sys
    2009-05-22 09:04 . 2009-05-22 09:04 73064 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Drivers\32\AAWDriverTool.exe
    2009-05-22 09:03 . 2009-05-22 09:03 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{83C91755-2546-441D-AC40-9A6B4B860800}
    2009-05-22 09:03 . 2009-01-18 21:43 2892112 -c--a-w- c:\documents and settings\All Users\Application Data\{83C91755-2546-441D-AC40-9A6B4B860800}\Ad-AwareAE.exe
    2009-05-22 09:02 . 2009-05-22 09:04 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
    2009-05-22 09:02 . 2009-05-22 09:02 -------- d-----w- c:\program files\Lavasoft
    2009-05-21 08:58 . 2009-05-21 08:58 -------- d-----w- c:\program files\Alarm

    .
    ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))) ))
    .
    2009-06-14 19:54 . 2007-07-06 13:52 35864 ----a-w- c:\documents and settings\Michel\Application Data\wklnhst.dat
    2009-06-13 18:09 . 2007-10-30 11:03 43520 ----a-w- c:\windows\system32\CmdLineExt03.dll
    2009-06-11 12:40 . 2007-10-30 10:48 -------- d--h--w- c:\program files\InstallJammer Registry
    2009-06-08 16:29 . 2007-07-06 13:52 78112 ----a-w- c:\documents and settings\Michel\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
    2009-06-01 13:52 . 2008-10-05 16:41 -------- d-----w- c:\program files\Common Files\Apple
    2009-05-31 11:51 . 2008-09-29 22:04 -------- d-----w- c:\program files\Maple 11
    2009-05-31 10:39 . 2008-09-08 13:38 -------- d-----w- c:\program files\OpenVPN
    2009-05-17 06:12 . 2009-05-07 13:18 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
    2009-05-07 15:34 . 2005-08-19 10:31 347136 ----a-w- c:\windows\system32\localspl.dll
    2009-05-07 13:25 . 2005-09-13 18:26 -------- d-----w- c:\program files\Microsoft Works
    2009-05-07 13:23 . 2009-05-07 13:23 -------- d-----w- c:\program files\Microsoft.NET
    2009-04-29 10:36 . 2009-04-29 10:36 -------- d-----w- c:\documents and settings\Michel\Application Data\teamspeak2
    2009-04-29 10:36 . 2009-04-29 10:35 -------- d-----w- c:\program files\Teamspeak2_RC2
    2009-04-29 04:46 . 2005-08-19 10:31 669696 ----a-w- c:\windows\system32\wininet.dll
    2009-04-29 04:46 . 2005-08-19 10:31 81920 ----a-w- c:\windows\system32\ieencode.dll
    2009-04-23 15:59 . 2009-04-23 12:18 -------- d-----w- c:\program files\Common Files\Blizzard Entertainment
    2009-04-23 12:19 . 2009-04-23 12:19 -------- d-----w- c:\documents and settings\All Users\Application Data\Blizzard
    2009-04-23 12:08 . 2005-08-19 03:21 -------- d--h--w- c:\program files\InstallShield Installation Information
    2009-04-23 12:00 . 2008-12-08 20:44 -------- d-----w- c:\documents and settings\All Users\Application Data\2DBoy
    2009-04-19 19:51 . 2005-08-19 10:31 1847296 ----a-w- c:\windows\system32\win32k.sys
    2009-04-18 07:15 . 2005-08-19 10:31 71334 ----a-w- c:\windows\system32\perfc013.dat
    2009-04-18 07:15 . 2005-08-19 10:31 444710 ----a-w- c:\windows\system32\perfh013.dat
    2009-04-15 14:55 . 2005-08-19 10:31 585216 ----a-w- c:\windows\system32\rpcrt4.dll
    2009-03-19 14:32 . 2009-03-19 14:32 23400 ----a-w- c:\documents and settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}\x86\x86\GEARAspiWDM.sys
    2009-03-19 14:32 . 2008-10-05 16:44 23400 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
    2003-12-18 09:33 . 2009-06-11 12:36 20102 ----a-w- c:\program files\Readme.txt
    2003-09-03 05:46 . 2009-06-11 12:36 10960 ----a-w- c:\program files\EULA.txt
    2005-09-14 09:18 . 2005-09-14 09:18 8 --sh--r- c:\windows\system32\6F4823E4A3.sys
    2005-09-14 09:18 . 2005-09-14 09:18 5224 --sha-w- c:\windows\system32\KGyGaAvL.sys
    .

    ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))) )
    .
    .
    *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
    "msnmsgr"="c:\program files\MSN Messenger\msnmsgr.exe" [2007-01-19 5674352]
    "MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
    "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 204288]
    "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
    "Voipwise"="c:\program files\Voipwise.com\Voipwise\Voipwise.exe" [2008-12-08 8974128]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
    "ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2005-08-30 57344]
    "AzMixerSel"="c:\program files\Realtek\InstallShield\AzMixerSel.exe" [2005-06-11 53248]
    "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-08-25 737369]
    "LaunchAp"="c:\program files\Launch Manager\LaunchAp.exe" [2005-07-25 32768]
    "HotkeyApp"="c:\program files\Launch Manager\HotkeyApp.exe" [2005-08-17 61440]
    "CtrlVol"="c:\program files\Launch Manager\CtrlVol.exe" [2003-09-16 20480]
    "LMgrOSD"="c:\program files\Launch Manager\OSD.exe" [2005-03-16 204800]
    "Wbutton"="c:\program files\Launch Manager\Wbutton.exe" [2005-09-02 81920]
    "AntivirusRegistration"="c:\program files\CA\Etrust Antivirus\Register.exe" [2005-01-31 458752]
    "Realtime Monitor"="c:\progra~1\CA\ETRUST~1\realmon.exe" [2004-04-06 504080]
    "IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.E XE" [2004-08-04 208952]
    "MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScI nst.exe" [2004-08-04 59392]
    "PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT \TINTSETP.EXE" [2004-08-04 455168]
    "PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TIN TSETP.EXE" [2004-08-04 455168]
    "RemoteControl"="c:\program files\Home Cinema\PowerDVD\PDVDServ.exe" [2004-11-02 32768]
    "PCMService"="c:\program files\Home Cinema\PowerCinema\PCMService.exe" [2005-09-15 139264]
    "InstantOn"="c:\programme\CyberLink\PowerCinem a Linux\ion_install.exe" [2005-03-25 93640]
    "AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-11-07 111936]
    "Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-06-13 518488]
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-04-02 342312]
    "AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-06-11 1948440]
    "High Definition Audio Property Page Shortcut"="HDAShCut.exe" - c:\windows\system32\HdAShCut.exe [2005-01-07 61952]
    "RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.EXE [2005-08-18 14820864]
    "AGRSMMSG"="AGRSMMSG.exe" - c:\windows\AGRSMMSG.exe [2005-08-24 88203]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Run]
    "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
    2009-06-11 16:34 11952 ----a-w- c:\windows\system32\avgrsstx.dll

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
    @="Service"

    [HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "%ProgramFiles%\\Messenger\\msmsgs.exe"=
    "%WinDir%\\system32\\fxsclnt.exe"=
    "%ProgramFiles%\\CA\\eTrust Antivirus\\InocIT.exe"=
    "%ProgramFiles%\\CA\\eTrust Antivirus\\Realmon.exe"=
    "%ProgramFiles%\\CA\\eTrust Antivirus\\InoRpc.exe"=
    "%ProgramFiles%\\WIDCOMM\\Bluetooth Software\\BTTray.exe"=
    "c:\\Program Files\\Microsoft Games\\Age of Empires II\\age2_x1\\AGE2_X1.ICD"=
    "c:\\WINDOWS\\system32\\dplaysvr.exe"=
    "c:\\WINDOWS\\system32\\dpnsvr.exe"=
    "c:\\Program Files\\Microsoft Games\\Age of Empires II\\age2_x1\\age2_x1.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
    "c:\\Program Files\\MSN Messenger\\livecall.exe"=
    "c:\\Program Files\\FlashGet\\flashget.exe"=
    "d:\\World of Warcraft\\Launcher.exe"=
    "d:\\World of Warcraft\\WoW-3.0.9.9551-to-3.1.0.9767-enGB-downloader.exe"=
    "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "c:\\Program Files\\iTunes\\iTunes.exe"=
    "c:\\Program Files\\Voipwise.com\\Voipwise\\Voipwise.exe"=
    "c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
    "c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\GloballyOpenPorts\List]
    "8800:TCP"= 8800:TCP:AOEpoort
    "6112:TCP"= 6112:TCP:Blizzard Downloader
    "3724:TCP"= 3724:TCP:Blizzard Downloader: 3724

    [HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\IcmpSettings]
    "AllowInboundEchoRequest"= 1 (0x1)
    "AllowInboundMaskRequest"= 1 (0x1)

    R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [22/05/2009 11:04 64160]
    R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [11/06/2009 18:33 327688]
    R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [11/06/2009 18:34 108552]
    R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [11/06/2009 18:33 298776]
    S1 mailKmd;mailKmd; [x]
    S2 safeKis;safeKis;\??\c:\docume~1\Michel\LOCALS~1\Te mp\tmp1A.tmp --> c:\docume~1\Michel\LOCALS~1\Temp\tmp1A.tmp [?]
    S3 3xHybrid;3xHybrid service;c:\windows\system32\drivers\3xHybrid.sys [13/09/2005 18:20 799744]
    S3 ewdmaudn;ewdmaudn;\??\c:\docume~1\Michel\LOCALS~1\ Temp\ewdmaudn.sys --> c:\docume~1\Michel\LOCALS~1\Temp\ewdmaudn.sys [?]
    S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [18/01/2009 23:34 1005904]
    S3 tap0801;TAP-Win32 Adapter V8;c:\windows\system32\drivers\tap0801.sys [1/10/2006 14:37 26624]
    .
    Inhoud van de 'Gedeelde Taken' map

    2009-06-01 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]
    .
    .
    ------- Bijkomende Scan -------
    .
    uStart Page = hxxp://www.aldi.com/
    uInternet Connection Wizard,ShellNext = hxxp://www.aldi.com/
    uInternet Settings,ProxyOverride = *.local
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    IE: &Download All with FlashGet - c:\program files\FlashGet\jc_all.htm
    IE: &Download with FlashGet - c:\program files\FlashGet\jc_link.htm
    IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
    IE: Verzenden naar &Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
    FF - ProfilePath -
    .

    ************************************************** ************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2009-06-15 13:55
    Windows 5.1.2600 Service Pack 3 NTFS

    scannen van verborgen processen ...

    scannen van verborgen autostart items ...

    scannen van verborgen bestanden ...

    Scan succesvol afgerond
    verborgen bestanden: 0

    ************************************************** ************************

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\s afeKis]
    "ImagePath"="\??\c:\docume~1\Michel\LOCALS~1\Temp\ tmp1A.tmp"
    .
    --------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------

    [HKEY_USERS\S-1-5-21-3193352444-2278212301-2031957364-1006\Software\SecuROM\License information*]
    "datasecu"=hex:b2,37,59,03,b0,2a,b8,bd,41,72,c3,52 ,45,ba,4c,a3,43,bf,7d,16,07,
    9d,0d,c5,b6,80,ab,b2,ba,9a,be,8f,02,e3,f4,cd,f8,5c ,30,63,78,c4,59,69,f8,e3,\
    "rkeysecu"=hex:cb,bd,f2,61,5a,4e,c6,95,f2,29,8b,82 ,ba,6b,3d,44
    .
    --------------------- DLLs Geladen Onder Lopende Processen ---------------------

    - - - - - - - > 'winlogon.exe'(772)
    c:\windows\system32\Ati2evxx.dll
    .
    Voltooingstijd: 2009-06-15 13:58
    ComboFix-quarantined-files.txt 2009-06-15 11:58

    Pre-Run: 9.885.667.328 bytes beschikbaar
    Post-Run: 9.979.240.448 bytes beschikbaar

    WindowsXP-KB310994-SP2-Home-BootDisk-NLD.exe
    [boot loader]
    timeout=2
    default=multi(0)disk(0)rdisk(0)partition(1)\WINDOW S
    [operating systems]
    c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
    multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Micro soft Windows XP Home Edition" /noexecute=optin /fastdetect

    225 --- E O F --- 2009-06-10 05:40










    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 14:02:57, on 15/06/2009
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
    C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLCapSvc.exe
    C:\Program Files\Home Cinema\PowerCinema\Kernel\CLML_NTService\CLMLServe r.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\CA\eTrust Antivirus\InoRpc.exe
    C:\Program Files\CA\eTrust Antivirus\InoRT.exe
    C:\Program Files\CyberLink\Shared Files\RichVideo.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\WINDOWS\AGRSMMSG.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\Launch Manager\LaunchAp.exe
    C:\Program Files\Launch Manager\HotkeyApp.exe
    C:\Program Files\Launch Manager\OSD.exe
    C:\Program Files\Launch Manager\Wbutton.exe
    C:\Program Files\Home Cinema\PowerDVD\PDVDServ.exe
    C:\Program Files\Home Cinema\PowerCinema\PCMService.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\PROGRA~1\AVG\AVG8\avgrsx.exe
    C:\PROGRA~1\AVG\AVG8\avgnsx.exe
    C:\Program Files\Windows Media Player\WMPNSCFG.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Voipwise.com\Voipwise\Voipwise.exe
    C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLSched.exe
    C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\system32\wbem\wmiapsrv.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\Program Files\MSN Messenger\usnsvc.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\system32\notepad.exe
    C:\WINDOWS\system32\imapi.exe
    C:\WINDOWS\explorer.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Microsoft Office\Office12\WINWORD.EXE
    C:\Program Files\AVG\AVG8\avgcsrvx.exe
    C:\Program Files\Microsoft Works\WkDStore.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.aldi.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.aldi.com/
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O1 - Hosts: 216.107.250.194 nprotect.lineage2.com ## Game Guard by pass ##
    O1 - Hosts: 67.205.77.113 L2testauthd.lineage2.com ## L2Sirius x45##
    O1 - Hosts: 67.205.77.113 L2authd.lineage2.com ## L2Sirius x45##
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
    O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
    O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
    O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime
    O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
    O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [LaunchAp] "C:\Program Files\Launch Manager\LaunchAp.exe"
    O4 - HKLM\..\Run: [HotkeyApp] "C:\Program Files\Launch Manager\HotkeyApp.exe"
    O4 - HKLM\..\Run: [CtrlVol] "C:\Program Files\Launch Manager\CtrlVol.exe"
    O4 - HKLM\..\Run: [LMgrOSD] "C:\Program Files\Launch Manager\OSD.exe"
    O4 - HKLM\..\Run: [Wbutton] "C:\Program Files\Launch Manager\Wbutton.exe"
    O4 - HKLM\..\Run: [AntivirusRegistration] C:\Program Files\CA\Etrust Antivirus\Register.exe
    O4 - HKLM\..\Run: [Realtime Monitor] C:\PROGRA~1\CA\ETRUST~1\realmon.exe -s
    O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
    O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
    O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
    O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\Home Cinema\PowerDVD\PDVDServ.exe"
    O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Home Cinema\PowerCinema\PCMService.exe"
    O4 - HKLM\..\Run: [InstantOn] "C:\Programme\CyberLink\PowerCinema Linux\ion_install.exe /c "
    O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
    O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [Voipwise] "C:\Program Files\Voipwise.com\Voipwise\Voipwise.exe" -nosplash -minimized
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm
    O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
    O8 - Extra context menu item: Verzenden naar &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
    O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
    O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
    O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O14 - IERESET.INF: START_PAGE_URL=http://www.aldi.com/
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary...r.cab56986.cab
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/reso...an8/oscan8.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1124454307790
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary...o.cab56649.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab
    O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab57176.cab
    O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
    O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
    O23 - Service: Mobiel Apple apparaat (Apple Mobile Device) - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
    O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLCapSvc.exe
    O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLSched.exe
    O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\Home Cinema\PowerCinema\Kernel\CLML_NTService\CLMLServe r.exe
    O23 - Service: eTrust Antivirus RPC Server (InoRPC) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoRpc.exe
    O23 - Service: eTrust Antivirus Realtime Server (InoRT) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoRT.exe
    O23 - Service: eTrust Antivirus Job Server (InoTask) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoTask.exe
    O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
    O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
    O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe

    --
    End of file - 11992 bytes
  8. 15 June 2009, 14:40 #7
    Juisterr
    Juisterr is offline
    Erelid   Juisterr's schermafbeelding
    Geregistreerd
    31 July 2006
    Locatie
    kotje aan de kust
    Berichten
    3.653
    Bedankjes
    1.008
    Bedankt
    2.268 keer in 1.411 posts
    Je Java software is verouderd.
    Oudere versies hebben lekken die malware de kans geeft om zich te installeren op je systeem.
    Doe eerst deze stappen om Java te de-installeren en de nieuwere versie te installeren:
    • Download Java Runtime Environment (JRE) 6u14 en bewaar het naar je Bureaublad.
    • Sluit alle programma's die eventueel open zijn - Zeker je web browser!
    • Ga dan naar Start > Configuratiescherm > Software en verwijder alle oudere versies van Java uit de Softwarelijst.
    • Vink alles aan met Java Runtime Environment (JRE of J2SE) in de naam.
    • Klik dan op Verwijderen of op de Wijzig/Verwijder knop.
    • Herhaal dit tot alle oudere versies verdwenen zijn.
    • Na het verwijderen van alle oudere versies, herstart je pc.
    • Dubbelklik vervolgens op jre-6u14-windows-i586-p-s.exe op je Bureaublad om de nieuwste versie van Java te installeren.
    "
    "
  9. 16 June 2009, 07:23 #8
    Khalkaroth
    Khalkaroth is offline
    Beginner  
    Geregistreerd
    14 June 2009
    Berichten
    4
    Bedankjes
    0
    Bedankt
    0 keer in 0 posts
    Allereerst bedankt voor de hulp.

    Kan ik er nu van uitgaan dat het terug veilig is om in te loggen op accounts e.d.?
  10. 16 June 2009, 12:29 #9
    Juisterr
    Juisterr is offline
    Erelid   Juisterr's schermafbeelding
    Geregistreerd
    31 July 2006
    Locatie
    kotje aan de kust
    Berichten
    3.653
    Bedankjes
    1.008
    Bedankt
    2.268 keer in 1.411 posts
    ja hoor.
    "
    "
« Vorige discussie | Volgende discussie »

Discussie informatie

Users Browsing this Thread

Momenteel bekijken 1 gebruikers deze discussie. (0 leden en 1 gasten)

Favorieten/bladwijzers

Favorieten/bladwijzers

Regels voor berichten

  • Je mag geen nieuwe discussies starten
  • Je mag niet reageren op berichten
  • Je mag geen bijlagen versturen
  • Je mag niet je berichten bewerken
  •  

Forumregels