Archief - check

Het archief is een bevroren moment uit een vorige versie van dit forum, met andere regels en andere bazen. Deze posts weerspiegelen op geen enkele manier onze huidige ideeën, waarden of wereldbeelden en zijn op sommige plaatsen gecensureerd wegens ontoelaatbaar. Veel zijn in een andere tijdsgeest gemaakt, al dan niet ironisch - zoals in het ironische subforum Off-Topic - en zouden op dit moment niet meer gepost (mogen) worden. Toch bieden we dit archief nog graag aan als informatiedatabank en naslagwerk. Lees er hier meer over of start een gesprek met anderen.

coewem

Legacy Member
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 0:22:04, on 26/07/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\Windows\System32\smss.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\spoolsv.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\NMSSvc.exe
C:\Windows\system32\oodag.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\wscntfy.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
c:\program files\avira\antivir personaledition classic\avcenter.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avscan.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\Ad-Aware2007.exe
C:\Program Files\QuickTime\qttask.exe
F:\varia\+++programma's coewem+++\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.telenet.be
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://pac.telenet.be:8080
R3 - URLSearchHook: HyperSearchHook - {91B3CCC4-EE88-4096-BD84-02C23930A0AD} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\RunServices: [Office XP hack] c:\office_patch.exe hack
O4 - HKLM\..\RunServices: [Task manager] taskmenaagr.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\Windows\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\Windows\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Task manager] taskmenaagr.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\Windows\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\MSOffice\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\Windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\Windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.telenet.be
O16 - DPF: {A92E0798-BFA4-4FEE-BB48-8E2C69B2B0C5} (PageDive Control) - http://www.pagedive.com/pagedive5811/PageDive5.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{FE9CC7D8-7543-4252-B3B4-E0B44C2DC5E2}: NameServer = 192.168.1.1
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) NMS (NMSSvc) - Intel Corporation - C:\Windows\System32\NMSSvc.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\Windows\system32\oodag.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O24 - Desktop Component 0: (no name) - http://users.pandora.be/rockmusic/fake-id/images/index.gif

--
End of file - 6146 bytes

Jurgenv1

Legacy Member
* Download en bewaar SDFix
op je bureaublad.

Dubbelklik op SDFix.exe en kies voor Install om het tooltje uit te pakken in een eigen map op je bureaubad. Herstart dan je pc in Veilige modus

  • In veilige modus, open de SDFix map op je bureaublad en dubbelklik op RunThis.bat om het tooltje te starten.
  • Typ Y om het clean proces te starten.
  • het verwijdert alle Trojan Services of Registry Entries die met deze infectie te maken hebben, als het tooltje klaar is zal het jou vertellen om eender welke toets te drukken om je pc te herstarten, doe dit ook.
  • Wanneer de pc herstart zal het tooltje opnieuw runnen en het opruimproces be�indigen en je de melding Finished tonen, druk dan op eender welke toets om het scriptje te be�indigen en je bureaublad zullen tevoorschijn komen.
  • Wanneer je bureaublad icoontjes verschijnen zal het rapportje van SDFix openen en ook in de map bewaren onder de naam Report.txt.
  • Kopieer en plak nu de inhoud van dat rapportje hier met een nieuw hijackthis logje.

coewem

Legacy Member
ik heb na men eerste log nog gescant met avg en cureit , misschien daarom dat die niks meer vind:)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:13:01, on 27/07/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\Windows\System32\smss.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\spoolsv.exe
C:\Windows\Explorer.EXE
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Windows\System32\NMSSvc.exe
C:\Windows\system32\oodag.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Windows\System32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Windows\system32\wscntfy.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\notepad.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Windows\system32\ctfmon.exe
G:\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.telenet.be
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://pac.telenet.be:8080
R3 - URLSearchHook: HyperSearchHook - {91B3CCC4-EE88-4096-BD84-02C23930A0AD} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\RunServices: [Office XP hack] c:\office_patch.exe hack
O4 - HKCU\..\Run: [ctfmon.exe] C:\Windows\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\Windows\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Task manager] taskmenaagr.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\Windows\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\MSOffice\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\Windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\Windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.telenet.be
O16 - DPF: {A92E0798-BFA4-4FEE-BB48-8E2C69B2B0C5} (PageDive Control) - http://www.pagedive.com/pagedive5811/PageDive5.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{FE9CC7D8-7543-4252-B3B4-E0B44C2DC5E2}: NameServer = 192.168.1.1
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) NMS (NMSSvc) - Intel Corporation - C:\Windows\System32\NMSSvc.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\Windows\system32\oodag.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O24 - Desktop Component 0: (no name) - http://users.pandora.be/rockmusic/fake-id/images/index.gif

--
End of file - 5307 bytes

SDFix: Version 1.208
Run by Administrator on zo 27/07/2008 at 18:58

Microsoft Windows XP [Version 5.1.2600]
Running From: C:\DOCUME~1\ADMINI~1\Desktop\SDFix

Checking Services :


Restoring Default Security Values
Restoring Default Hosts File

Rebooting


Checking Files :

No Trojan Files Found






Removing Temp Files

ADS Check :



Final Check :

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-27 19:07:19
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

scanning hidden registry entries ...

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\System]
"OODEFRAG10.00.00.01WORKSTATION"="821FFDD47CB52443B40537FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC79339DB7CE019D40AA5CA6171C11EC38DE3DA6171C11EC38DE3DBD22988DA898B2E7B6CA683190219DB92961E8AB5D97812BADBF32BD92959B5DCFEA2862D4E1F59C7086A1460E079FBA2716AB069E3AEDBDC20BD5451E9BD85A53A68F173132DC45412B98ADE95074477BD98160B9359D32B146337F770871199BF5937A6C9E47DBD64D35D4FA186E874FD70F66D145F37F3BD05173285F79F9A4093E13988F9A500413A0DC7ECC6317EB4AC175E8FD570C4299FBDC1EF70A548AA65C97AD414186C038499C13AD2E074402C6A1E8C5B4385227462C29003F7211A87EF483C529D3278C601C3BD22E5AEA6213309D58FA51179202830175BA909C7E7A4BD981438376F25D195FA5C58896E5DC9C37C31E9FE18947BA3C2CA0E238A968F0D3AC84D491627A854AE25B7F25171F154A69165A27CBF25EDACC998D91C1276CF65369FBFE65B407AB9C5A1E95961A7BCE02DD2F7FB024AC3CD1D1ACF9EED57BACD8EB9EE99C4FF617B9B0388B19CE662218F43F289FC099278C7A4CE7705B8DC5EE11D8213CCF6383F251954E6687A1040A5F9E8297EF4DC49F486FF318E048F2A05CB79708808CCDD6B173CBDACBAA190A26D614A81EA2A183F28CDDCDD105C9C9D74165DE70E833454E0114676E35EA21526583F7FAA83083B88B870A614D479B11E9C2AEEFA2D7F62563588F00256327753B1F3FFAA4C53F58CC75DB0364C71B1B1E90F9179544733831F16BD71755CCA3BC584D568B1B2C98A2D165F0BD0F1F0ABBD1D83E54E1190FF6DC28125AF21472C3C201898BCD8F41516B5D27824257F7962CF683258299B334B8050EEED654FD9C19D05482DF861E13338C680D6D4282F56C13CB7FD77B355ECAD76D0DFB376788B5C4B984B601011640D338F0FCB54B94007FBA92F897A6DBF807191F423CD13D9B7C04D89AC2BD7DCA23617144D9F721F8A5BA40E21C9D89D010BAC3EFB6E3636F273EFAB963AD5EB202F007792CB23E10FEFA9BF30BB5B70003C2CC2C4D4A17790B389BA5CDAC42F789365DB7FCA884209B6DF0EFB98C2A5D84634183F93469A681879C53431CA8426948567C718BFD271EC6BBFDD245185E4B945CE68C5561077783169C566182DAE2FE062B02902AC73F02AF2952872FA0A5110A2AA665F5516D4754BDEFE236ADCD78B4097BF2FB4AC95F2FE18BFC8DE272D76F85BF2016DEF9B3565A4B0E9CCF9215DE417FED59189BDCD77A2453490AA62C63952245212A476DCE75F6D50675307AB46201C51EC029C4732B953F681DC915EE5BED98EB5510DCA6F9D82BB2F8B8921C5DC9BE1A77791F068F2E766848795E503B94614025262DF835278A5AD75388AD0B"

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


Remaining Services :




Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Ares\\Ares.exe"="C:\\Program Files\\Ares\\Ares.exe:*:Enabled:Ares"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Program Files\\WebRebates\\WebRebates.exe"="C:\\Program Files\\WebRebates\\WebRebates.exe:*:Enabled:WebRebates"
"C:\\WINDOWS\\system32\\wjview.exe"="C:\\WINDOWS\\system32\\wjview.exe:*:Enabled:Microsoft© VM Command Line Interpreter"
"C:\\Program Files\\Blubster\\Blubster.exe"="C:\\Program Files\\Blubster\\Blubster.exe:*:Enabled:MP2P servent main executable"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

Remaining Files :



Files with Hidden Attributes :

Mon 28 Jan 2008 1,404,240 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SDUpdate.exe"
Mon 28 Jan 2008 5,146,448 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe"
Mon 28 Jan 2008 2,097,488 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe"
Wed 1 Jun 2005 56 ..SHR --- "C:\WINDOWS\system32\E467C5D777.sys"
Wed 1 Jun 2005 1,682 A.SH. --- "C:\WINDOWS\system32\KGyGaAvL.sys"
Sun 21 Mar 2004 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Fri 12 Nov 2004 400 A.SH. --- "C:\Documents and Settings\All Users\DRM\v2ks.bla.bak"
Fri 12 Nov 2004 48 A.SH. --- "C:\Documents and Settings\All Users\DRM\v2ks.sec.bak"
Fri 12 Nov 2004 400 A.SH. --- "C:\Documents and Settings\All Users\DRM\v3ks.bla.bak"
Mon 11 Dec 2006 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
Thu 19 Feb 2004 1,206 A..HR --- "C:\Program Files\Common Files\Symantec Shared\Registry Backup\ccReg.reg"
Thu 19 Feb 2004 1,206 A..HR --- "C:\Program Files\Common Files\Symantec Shared\Registry Backup\ccReg_old.reg"
Thu 19 Feb 2004 12,368 A..HR --- "C:\Program Files\Common Files\Symantec Shared\Registry Backup\CommonClient_old.reg"
Thu 19 Feb 2004 12,368 A..HR --- "C:\Program Files\Common Files\Symantec Shared\Registry Backup\CommonClient.reg"
Wed 7 May 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\385cb67dda0ffd4dea8c0d990dc65796\BIT2.tmp"
Thu 15 May 2008 918,016 A..H. --- "C:\Documents and Settings\Administrator\Desktop\niet verwijderen\(B)ENGELTJES\~WRL1184.tmp"

Finished!

Jurgenv1

Legacy Member
* Fix de volgende regels in hijackthis en post dan een nieuw logje hier:

R3 - URLSearchHook: HyperSearchHook - {91B3CCC4-EE88-4096-BD84-02C23930A0AD} - (no file)
O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\RunServices: [Office XP hack] c:\office_patch.exe hack
Het archief is een bevroren moment uit een vorige versie van dit forum, met andere regels en andere bazen. Deze posts weerspiegelen op geen enkele manier onze huidige ideeën, waarden of wereldbeelden en zijn op sommige plaatsen gecensureerd wegens ontoelaatbaar. Veel zijn in een andere tijdsgeest gemaakt, al dan niet ironisch - zoals in het ironische subforum Off-Topic - en zouden op dit moment niet meer gepost (mogen) worden. Toch bieden we dit archief nog graag aan als informatiedatabank en naslagwerk. Lees er hier meer over of start een gesprek met anderen.
Terug
Bovenaan