Archief - bericht van trojan en spyware op pc

Het archief is een bevroren moment uit een vorige versie van dit forum, met andere regels en andere bazen. Deze posts weerspiegelen op geen enkele manier onze huidige ideeën, waarden of wereldbeelden en zijn op sommige plaatsen gecensureerd wegens ontoelaatbaar. Veel zijn in een andere tijdsgeest gemaakt, al dan niet ironisch - zoals in het ironische subforum Off-Topic - en zouden op dit moment niet meer gepost (mogen) worden. Toch bieden we dit archief nog graag aan als informatiedatabank en naslagwerk. Lees er hier meer over of start een gesprek met anderen.
g

guly

Legacy Member
hallo

ik krijg automatisch bericht dat mijn pc infected is kan iemand mijn probleem vaststellen en zeggen wat ik moet doen
J

Juisterr

Legacy Member
Ik kan niet iets doen zonder gegevens?

* Download Trend Micro Hijack This™
Dubbelklik HJTInstall.exe om HijackThis te installeren.
Standaard zal HijackThis in de Program Files\Trendmicro map geïnstalleerd worden en een snelkoppeling zal op je bureaublad komen te staan.
HijackThis zal openen na het installeren.
Klik de Scan knop onderaan.
Dit zal de scan starten en een log openen.
Kopieer en plak deze log in je volgende post.
g

guly

Legacy Member
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Launch Manager\LaunchAp.exe
C:\Program Files\Launch Manager\HotkeyApp.exe
C:\Program Files\Launch Manager\OSD.exe
C:\Program Files\Launch Manager\Wbutton.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Documents and Settings\All Users\Application Data\83710d8\WP8371.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
C:\Program Files\Executive Software\Diskeeper\DkService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Windows Live\Toolbar\wltuser.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Java\jre6\bin\jucheck.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
R3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O1 - Hosts: 74.125.45.100 4-open-davinci.com
O1 - Hosts: 74.125.45.100 securitysoftwarepayments.com
O1 - Hosts: 74.125.45.100 privatesecuredpayments.com
O1 - Hosts: 74.125.45.100 secure.privatesecuredpayments.com
O1 - Hosts: 74.125.45.100 getantivirusplusnow.com
O1 - Hosts: 74.125.45.100 secure-plus-payments.com
O1 - Hosts: 74.125.45.100 Antivirus Plus - KEEP YOUR SECURITY AND PRIVACY!
O1 - Hosts: 74.125.45.100 www.secure-plus-payments.com
O1 - Hosts: 74.125.45.100 Antivirus Plus - KEEP YOUR SECURITY AND PRIVACY!
O1 - Hosts: 74.125.45.100 Secured Home of securesoftwarebill.com
O1 - Hosts: 74.125.45.100 secure.paysecuresystem.com
O1 - Hosts: 74.125.45.100 paysoftbillsolution.com
O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)
O2 - BHO: PremiereAdvertisingPlatform - {547395D9-934A-CED6-B851-F238C86079E5} - C:\Program Files\PremiereAdvertisingPlatform\PremiereAdvertisingPlatform.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [LaunchAp] "C:\Program Files\Launch Manager\LaunchAp.exe"
O4 - HKLM\..\Run: [HotkeyApp] "C:\Program Files\Launch Manager\HotkeyApp.exe"
O4 - HKLM\..\Run: [CtrlVol] "C:\Program Files\Launch Manager\CtrlVol.exe"
O4 - HKLM\..\Run: [LMgrOSD] "C:\Program Files\Launch Manager\OSD.exe"
O4 - HKLM\..\Run: [Wbutton] "C:\Program Files\Launch Manager\Wbutton.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Windows PC Defender] "C:\Documents and Settings\All Users\Application Data\83710d8\WP8371.exe" /s /d
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Verzenden naar &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: In weblog opnemen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &In weblog opnemen met Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://virusscanner.telenet.be/fscax.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (file missing)
O23 - Service: Mobiel Apple apparaat (Apple Mobile Device) - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\Diskeeper\DkService.exe
O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

--
End of file - 10258 bytes
J

Juisterr

Legacy Member
Download HostsXpert en unzip HostsXpert naar een eigen map,
bijvoorbeeld C:\HostsXpert.

Start HostsXpert.exe

klik "restore microsoft's hosts files"

Sluit daarna het programma af.




Start Hijackthis op en kies voor 'Do a system scan only'
Selecteer alleen de items die hieronder zijn genoemd:

R3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O1 - Hosts: 74.125.45.100 4-open-davinci.com
O1 - Hosts: 74.125.45.100 securitysoftwarepayments.com
O1 - Hosts: 74.125.45.100 privatesecuredpayments.com
O1 - Hosts: 74.125.45.100 secure.privatesecuredpayments.com
O1 - Hosts: 74.125.45.100 getantivirusplusnow.com
O1 - Hosts: 74.125.45.100 secure-plus-payments.com
O1 - Hosts: 74.125.45.100 Antivirus Plus - KEEP YOUR SECURITY AND PRIVACY!
O1 - Hosts: 74.125.45.100 www.secure-plus-payments.com
O1 - Hosts: 74.125.45.100 Antivirus Plus - KEEP YOUR SECURITY AND PRIVACY!
O1 - Hosts: 74.125.45.100 Secured Home of securesoftwarebill.com
O1 - Hosts: 74.125.45.100 secure.paysecuresystem.com
O1 - Hosts: 74.125.45.100 paysoftbillsolution.com
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [Windows PC Defender] "C:\Documents and Settings\All Users\Application Data\83710d8\WP8371.exe" /s /d

Sluit alle vensters behalve Hijackthis
Klik op 'Fix checked' om de items te verwijderen.


LopSD (by eric 71)
De-activeer bij dit tooltje je antispyware en virusscanner
Download LopSD naar je Bureaublad
  • Kies Optie N en Enter
  • Klik OK bij het informatie venter
  • Kies Optie 2 en Enter
  • Aan het eind verschijnt een log ( LopR.txt ) plaats de inhoud ervan in je volgende antwoord
Vista gebruikers:rechtsklik op LopSD en kies voor "Als Administrator uitvoeren"
En een log van Hijack This
g

guly

Legacy Member
--------------------\\ Lop S&D 4.2.5-0 XP/Vista

Microsoft Windows XP Home Edition ( v5.1.2600 ) Service Pack 3
X86-based PC ( Uniprocessor Free : Intel(R) Pentium(R) M processor 1.73GHz )
BIOS : PhoenixBIOS 4.0 Release 6.1
USER : Eigenaar ( Administrator )
BOOT : Normal boot
Antivirus : Windows PC Defender (Activated)
Firewall : Windows PC Defender (Activated)
C:\ (Local Disk) - NTFS - Total:49 Go (Free:35 Go)
D:\ (Local Disk) - NTFS - Total:28 Go (Free:26 Go)
E:\ (Local Disk) - FAT32 - Total:14 Go (Free:9 Go)
F:\ (CD or DVD)

"C:\Lop SD" ( MAJ : 19-12-2008|23:40 )
Option : [2] ( do 01/10/2009|20:02 )


\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ HERSTEL

Verwijderd ! - C:\DOCUME~1\Eigenaar\LOCALS~1\Temp\nsg5.tmp
Verwijderd ! - C:\DOCUME~1\Eigenaar\LOCALS~1\Temp\nsm7.tmp

\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\


--------------------\\ Beschrijving van mappen in APPLIC~1

[12/08/2009|22:29] C:\DOCUME~1\ALLUSE~1\APPLIC~1\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[17/09/2009|21:14] C:\DOCUME~1\ALLUSE~1\APPLIC~1\83710d8
[01/09/2008|20:21] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe
[14/09/2008|10:39] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple
[14/09/2008|10:41] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer
[24/09/2009|22:14] C:\DOCUME~1\ALLUSE~1\APPLIC~1\AVG Security Toolbar
[24/09/2009|22:15] C:\DOCUME~1\ALLUSE~1\APPLIC~1\avg8
[01/09/2008|20:32] C:\DOCUME~1\ALLUSE~1\APPLIC~1\CyberLink
[07/09/2009|19:02] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google
[26/09/2009|21:29] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft
[01/09/2008|20:36] C:\DOCUME~1\ALLUSE~1\APPLIC~1\NOS
[06/09/2008|23:03] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
[17/09/2009|21:14] C:\DOCUME~1\ALLUSE~1\APPLIC~1\WPCDSys
[0|bestand(en)] C:\DOCUME~1\ALLUSE~1\APPLIC~1\bytes
[15|map(pen)] C:\DOCUME~1\ALLUSE~1\APPLIC~1\bytes beschikbaar

[24/09/2009|22:15] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft
[0|bestand(en)] C:\DOCUME~1\DEFAUL~1\APPLIC~1\bytes
[3|map(pen)] C:\DOCUME~1\DEFAUL~1\APPLIC~1\bytes beschikbaar

[07/09/2008|10:20] C:\DOCUME~1\Eigenaar\APPLIC~1\Adobe
[13/08/2009|21:17] C:\DOCUME~1\Eigenaar\APPLIC~1\Apple Computer
[01/09/2008|19:49] C:\DOCUME~1\Eigenaar\APPLIC~1\ATI
[15/02/2009|14:44] C:\DOCUME~1\Eigenaar\APPLIC~1\ConvertTemp
[07/09/2009|19:02] C:\DOCUME~1\Eigenaar\APPLIC~1\Google
[01/09/2008|19:37] C:\DOCUME~1\Eigenaar\APPLIC~1\Identities
[09/12/2008|20:26] C:\DOCUME~1\Eigenaar\APPLIC~1\Intel
[12/08/2009|23:21] C:\DOCUME~1\Eigenaar\APPLIC~1\LimeWire
[01/09/2008|20:01] C:\DOCUME~1\Eigenaar\APPLIC~1\Macromedia
[26/09/2009|21:30] C:\DOCUME~1\Eigenaar\APPLIC~1\Microsoft
[15/02/2009|14:43] C:\DOCUME~1\Eigenaar\APPLIC~1\Samsung
[01/09/2008|20:11] C:\DOCUME~1\Eigenaar\APPLIC~1\Sun
[19/08/2009|13:06] C:\DOCUME~1\Eigenaar\APPLIC~1\Temporary
[19/08/2009|13:06] C:\DOCUME~1\Eigenaar\APPLIC~1\TransRender
[17/09/2009|21:15] C:\DOCUME~1\Eigenaar\APPLIC~1\Windows PC Defender
[0|bestand(en)] C:\DOCUME~1\Eigenaar\APPLIC~1\bytes
[17|map(pen)] C:\DOCUME~1\Eigenaar\APPLIC~1\bytes beschikbaar

[24/09/2009|22:15] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft
[0|bestand(en)] C:\DOCUME~1\LOCALS~1\APPLIC~1\bytes
[3|map(pen)] C:\DOCUME~1\LOCALS~1\APPLIC~1\bytes beschikbaar

[24/09/2009|22:15] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft
[0|bestand(en)] C:\DOCUME~1\NETWOR~1\APPLIC~1\bytes
[3|map(pen)] C:\DOCUME~1\NETWOR~1\APPLIC~1\bytes beschikbaar

--------------------\\ Geplande Taken gelocaliseerd in C:\WINDOWS\Tasks

[28/09/2009 19:32][--a------] C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[01/10/2009 18:47][--a------] C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[01/10/2009 19:57][--a------] C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[01/10/2009 18:47][--ah-----] C:\WINDOWS\tasks\SA.DAT
[04/08/2004 14:00][-r-h-----] C:\WINDOWS\tasks\desktop.ini

--------------------\\ Beschrijving van mappen in C:\Program Files

[14/09/2008|10:28] C:\Program Files\Adobe
[01/09/2008|20:33] C:\Program Files\Ahead
[14/09/2008|10:40] C:\Program Files\Apple Software Update
[01/09/2008|19:45] C:\Program Files\ATI Technologies
[01/09/2008|20:51] C:\Program Files\AVG
[12/08/2009|22:19] C:\Program Files\Bonjour
[26/09/2009|21:20] C:\Program Files\Common Files
[01/09/2008|19:31] C:\Program Files\ComPlus Applications
[01/09/2008|20:32] C:\Program Files\CyberLink
[01/09/2008|20:25] C:\Program Files\Executive Software
[24/09/2009|22:29] C:\Program Files\Google
[15/02/2009|14:26] C:\Program Files\InstallShield Installation Information
[09/12/2008|19:54] C:\Program Files\Intel
[27/09/2009|20:03] C:\Program Files\Internet Explorer
[12/08/2009|22:29] C:\Program Files\iPod
[07/09/2009|19:01] C:\Program Files\IrfanView
[12/08/2009|22:29] C:\Program Files\iTunes
[13/12/2008|00:34] C:\Program Files\Java
[08/01/2009|12:07] C:\Program Files\Launch Manager
[19/08/2009|13:07] C:\Program Files\LimeWire
[19/01/2009|19:57] C:\Program Files\Messenger
[26/09/2009|21:34] C:\Program Files\Microsoft
[01/09/2008|19:33] C:\Program Files\microsoft frontpage
[01/09/2008|20:31] C:\Program Files\Microsoft Office
[26/09/2009|21:34] C:\Program Files\Microsoft Office Outlook Connector
[13/09/2009|18:36] C:\Program Files\Microsoft Silverlight
[26/09/2009|21:28] C:\Program Files\Microsoft SQL Server Compact Edition
[26/09/2009|21:29] C:\Program Files\Microsoft Sync Framework
[01/09/2008|20:28] C:\Program Files\Microsoft Visual Studio
[19/07/2009|23:24] C:\Program Files\Microsoft Works
[01/09/2008|20:28] C:\Program Files\Microsoft.NET
[19/01/2009|19:54] C:\Program Files\Movie Maker
[27/09/2009|20:05] C:\Program Files\MSBuild
[01/09/2008|20:31] C:\Program Files\MSECache
[01/09/2008|19:30] C:\Program Files\MSN Gaming Zone
[17/02/2009|19:23] C:\Program Files\MSXML 4.0
[19/01/2009|19:52] C:\Program Files\NetMeeting
[01/09/2008|20:36] C:\Program Files\NOS
[01/09/2008|19:32] C:\Program Files\Online Services
[12/08/2009|12:09] C:\Program Files\Outlook Express
[27/09/2009|18:38] C:\Program Files\Panda Security
[12/08/2009|21:55] C:\Program Files\PlayMP3z
[12/08/2009|21:55] C:\Program Files\PremiereAdvertisingPlatform
[12/08/2009|22:27] C:\Program Files\QuickTime
[01/09/2008|19:44] C:\Program Files\Realtek
[27/09/2009|20:05] C:\Program Files\Reference Assemblies
[12/08/2009|22:33] C:\Program Files\Safari
[07/09/2009|18:56] C:\Program Files\Samsung
[26/09/2009|21:12] C:\Program Files\Trend Micro
[01/09/2008|19:37] C:\Program Files\Uninstall Information
[01/09/2008|20:04] C:\Program Files\WIDCOMM
[26/09/2009|21:34] C:\Program Files\Windows Live
[26/09/2009|21:26] C:\Program Files\Windows Live SkyDrive
[06/09/2008|23:08] C:\Program Files\Windows Media Connect 2
[12/08/2009|21:55] C:\Program Files\Windows Media Player
[19/01/2009|19:52] C:\Program Files\Windows NT
[01/09/2008|19:32] C:\Program Files\WindowsUpdate
[01/09/2008|20:29] C:\Program Files\WinRAR
[01/09/2008|20:28] C:\Program Files\WinZip
[01/09/2008|19:33] C:\Program Files\xerox
[0|bestand(en)] C:\Program Files\bytes
[62|map(pen)] C:\Program Files\bytes beschikbaar

--------------------\\ Beschrijving van mappen in C:\Program Files\Common Files

[01/09/2008|20:21] C:\Program Files\Common Files\Adobe
[01/09/2008|20:33] C:\Program Files\Common Files\Ahead
[12/08/2009|22:29] C:\Program Files\Common Files\Apple
[01/09/2008|20:28] C:\Program Files\Common Files\DESIGNER
[01/09/2008|19:45] C:\Program Files\Common Files\InstallShield
[01/09/2008|20:10] C:\Program Files\Common Files\Java
[26/09/2009|21:27] C:\Program Files\Common Files\Microsoft Shared
[01/09/2008|19:31] C:\Program Files\Common Files\MSSoap
[03/06/2008|21:43] C:\Program Files\Common Files\ODBC
[01/09/2008|19:31] C:\Program Files\Common Files\Services
[03/06/2008|21:43] C:\Program Files\Common Files\SpeechEngines
[26/09/2009|21:34] C:\Program Files\Common Files\System
[26/09/2009|21:20] C:\Program Files\Common Files\Windows Live
[0|bestand(en)] C:\Program Files\Common Files\bytes
[15|map(pen)] C:\Program Files\Common Files\bytes beschikbaar

--------------------\\ Process

( 43 Processes )

... OK !

--------------------\\ Zoeken met S_Lop

Geen Lop mappen gevonden !

--------------------\\ Zoeken naar Lop Bestanden - Mappen

Geen Lop mappen gevonden !

--------------------\\ Zoeken doorheen het Register

..... OK !

--------------------\\ Nazicht van het Hosts bestand

Hosts bestand IN ORDE


--------------------\\ Zoeken naar verborgen bestanden met Catchme

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2009-10-01 20:03:51
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 1

--------------------\\ Zoeken naar andere infecties


Geen andere infecties gevonden !

[F:3526][D:58]-> C:\DOCUME~1\Eigenaar\LOCALS~1\Temp
[F:48][D:0]-> C:\DOCUME~1\Eigenaar\Cookies
[F:1349][D:9]-> C:\DOCUME~1\Eigenaar\LOCALS~1\TEMPOR~1\content.IE5

1 - "C:\Lop SD\LopR_1.txt" - do 01/10/2009|20:04 - Option : [2]

--------------------\\ Scan voltooid om 20:04:28
Het archief is een bevroren moment uit een vorige versie van dit forum, met andere regels en andere bazen. Deze posts weerspiegelen op geen enkele manier onze huidige ideeën, waarden of wereldbeelden en zijn op sommige plaatsen gecensureerd wegens ontoelaatbaar. Veel zijn in een andere tijdsgeest gemaakt, al dan niet ironisch - zoals in het ironische subforum Off-Topic - en zouden op dit moment niet meer gepost (mogen) worden. Toch bieden we dit archief nog graag aan als informatiedatabank en naslagwerk. Lees er hier meer over of start een gesprek met anderen.
Terug
Bovenaan