Het is nu ma jul 28, 2014 6:24 pm

Forumoverzicht » RSIT/DDS/HijackThis logfiles » Opgeloste RSIT/DDS/HijackThis logfiles




Dit onderwerp is gesloten, je kunt geen berichten wijzigen of nieuwe antwoorden plaatsen  [ 22 berichten ]  Ga naar pagina Vorige  1, 2
Auteur Bericht
BerichtGeplaatst: zo feb 27, 2011 7:42 pm 
Offline
Site Admin
Avatar gebruiker

Geregistreerd: wo feb 08, 2006 12:42 pm
Berichten: 11921
Hoe loopt het nu?

Maak met optie A van zoek.exe even een log en post deze.

_________________
Browsercheck --- Je computer malwarevrij? Wat nu?


Omhoog
 Profiel  
 
BerichtGeplaatst: zo maart 06, 2011 1:38 pm 
Offline
Lid

Geregistreerd: zo feb 20, 2011 1:05 pm
Berichten: 15
Besturingssysteem: Windows XP servicepack 3
Bescherming: Malwarebites
Heb het idee dat het systeem nu prima loopt.

==================
Zoek.exe by smeenk
Updated 09-02-2011
==================
Windows: Windows XP Home Edition Service Pack 3 (Build 2600)
Internet Explorer: 8.0.6001.18702
Memory (RAM): 1016 MB
CPU Info: Intel(R) Atom(TM) CPU 230 @ 1.60GHz
CPU Speed: 1593,5 MHz
Sound Card: Altec Lansing - FX5051
Display Adapters: Intel(R) 82945G Express Chipset Family | NetMeeting driver | RDPDD Chained DD
Monitors: 1x; Plug en Play-monitor |
Screen Resolution: 1440 X 900 - 32 bit
Network: Network Present
Network Adapters: Realtek RTL8102E Family PCI-E Fast Ethernet NIC - Pakketplanner-minipoort
CD / DVD Drives: E: HL-DT-STDVD-RAM GH40L
Ports: NOT Present NOT Present
Mouse: 3 Button Wheel Mouse Present
Hard Disks: C: 139,3GB | D: 9,8GB | G: 1396,9GB
Hard Disks - Free: C: 102,1GB | D: 6,2GB | G: 1259,3GB
USB Controllers: 4 host controllers.
Firewire (1394): Not Detected
Manufacturer: American Megatrends Inc.
Product Make: NM785AA-ABH CQ2100NL NL920
AC Power Status: OnLine
BIOS Info: AT/AT COMPATIBLE | 11/27/08 | HP-CPC - 20081127
Time Zone: West-Europa (standaardtijd)
Battery: No Battery
Motherboard: FOXCONN CALI
Sun Java version: 1.6.0_22
Country: Nederland
Language: NLD

Files recently created/modified:
======C:\WINDOWS====
2011-02-19 14:15:44 1374 ----a-w- C:\WINDOWS\imsins.BAK
======C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp====
======C:\WINDOWS\system32=====
2011-02-27 11:31:42 735744 ----a-w- C:\WINDOWS\System32\ntdll.dll.oud
2011-02-27 11:31:42 33280 ----a-w- C:\WINDOWS\System32\csrsrv.dll.oud
2011-02-27 11:31:42 11080192 ----a-w- C:\WINDOWS\System32\ieframe.dll.oud
2011-02-27 11:31:41 916480 ----a-w- C:\WINDOWS\System32\wininet.dll.oud
2011-02-27 11:31:41 8509440 ----a-w- C:\WINDOWS\System32\shell32.dll.oud
2011-02-27 11:31:41 735232 ----a-w- C:\WINDOWS\System32\lsasrv.dll.oud
2011-02-27 11:31:41 301568 ----a-w- C:\WINDOWS\System32\kerberos.dll.oud
2011-02-27 11:31:41 285824 ----a-w- C:\WINDOWS\System32\atmfd.dll.oud
2011-02-27 11:31:41 1986560 ----a-w- C:\WINDOWS\System32\iertutil.dll.oud
2011-02-27 11:31:41 1852928 ----a-w- C:\WINDOWS\System32\win32k.sys.oud
2011-02-27 11:31:41 1210880 ----a-w- C:\WINDOWS\System32\urlmon.dll.oud
2011-02-12 06:34:43 664 ----a-w- C:\WINDOWS\System32\d3d9caps.dat
======C:\WINDOWS\system32\drivers=====
======C:\WINDOWS\Tasks======
======C:\WINDOWS\Temp======
=======C:\Program Files=====
2011-02-25 11:53:43 -------- d-----w- C:\Program Files\Trend Micro
2011-02-05 15:17:30 -------- d-----w- C:\Program Files\JVC
=======C:=====
======C:\Documents and Settings\HP_Administrator\Application Data======
2011-02-25 11:34:21 -------- d-----w- C:\Documents and Settings\HP_Administrator\Application Data\WinRAR
2011-02-12 16:40:44 39866 ----a-w- C:\Documents and Settings\HP_Administrator\Application Data\3FD6.F5C
======C:\Documents and Settings\HP_Administrator======
2011-02-13 15:00:23 3407872 ----a-w- C:\Documents and Settings\HP_Administrator\ntuser.dat
======C:\WINDOWS\Downloaded Program Files====
=============

======C:==exe-files==
===C:=other files==
==================
"Silent Runners.vbs", revision 63, http://www.silentrunners.org/
Output limited to non-default values, except where indicated by "{++}"


Startup items buried in registry:
---------------------------------

HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
"CTFMON.EXE" = "C:\WINDOWS\system32\ctfmon.exe" [MS]
"msnmsgr" = ""C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background" [MS]
"MSMSGS" = ""C:\Program Files\Messenger\msmsgs.exe" /background" [MS]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"RTHDCPL" = "RTHDCPL.EXE" ["Realtek Semiconductor Corp."]
"Alcmtr" = "ALCMTR.EXE" ["Realtek Semiconductor Corp."]
"IgfxTray" = "C:\WINDOWS\system32\igfxtray.exe" ["Intel Corporation"]
"HotKeysCmds" = "C:\WINDOWS\system32\hkcmd.exe" ["Intel Corporation"]
"Persistence" = "C:\WINDOWS\system32\igfxpers.exe" ["Intel Corporation"]
"UpdateP2GoShortCut" = ""C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"" ["CyberLink Corp."]
"HP Software Update" = "C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" ["Hewlett-Packard"]
"(Default)" = "(empty string)" [file not found]
"Adobe Reader Speed Launcher" = ""C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"" ["Adobe Systems Incorporated"]
"SunJavaUpdateSched" = ""C:\Program Files\Common Files\Java\Java Update\jusched.exe"" ["Sun Microsystems, Inc."]
"AdobeAAMUpdater-1.0" = ""C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"" ["Adobe Systems Incorporated"]
"SwitchBoard" = "C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" ["Adobe Systems Incorporated"]
"QuickTime Task" = ""C:\Program Files\QuickTime\qttask.exe" -atboottime" ["Apple Inc."]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\

{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Adobe PDF Reader Help bij koppelingen"
\InProcServer32\(Default) = "C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"]

{9030D464-4C02-4ABF-8ECC-5164760863C6}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Windows Live Aanmelden - Help"
\InProcServer32\(Default) = "C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll" [MS]

{DBC80044-A445-435b-BC74-9C25C1C588A9}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Java(tm) Plug-In 2 SSV Helper"
\InProcServer32\(Default) = "C:\Program Files\Java\jre6\bin\jp2ssv.dll" ["Sun Microsystems, Inc."]

{E7E6F031-17CE-4C07-BC86-EABFE594F69C}\(Default) = "JQSIEStartDetectorImpl"
-> {HKLM...CLSID} = "JQSIEStartDetectorImpl Class"
\InProcServer32\(Default) = "C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll" ["Sun Microsystems, Inc."]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\

"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Configuratiescherm-uitbreiding Beeldscherm-panning"
-> {HKLM...CLSID} = "Configuratiescherm-uitbreiding Beeldscherm-panning"
\InProcServer32\(Default) = "deskpan.dll" [file not found]

"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "HyperTerminal-pictogramuitbreiding"
-> {HKLM...CLSID} = "HyperTerminal Icon Ext"
\InProcServer32\(Default) = "C:\WINDOWS\system32\hticons.dll" ["Hilgraeve, Inc."]

"{5FCD4425-CA3A-48F4-A57C-B8A75C32ACB1}" = "NSE_WithSubFld"
-> {HKLM...CLSID} = "NSE_WithSubFld"
\InProcServer32\(Default) = "C:\Windows\SMINST\Protect.dll" [null data]

"{E0D79304-84BE-11CE-9641-444553540000}" = "WinZip"
-> {HKLM...CLSID} = "WinZip"
\InProcServer32\(Default) = "C:\Program Files\WinZip\wzshlstb.dll" ["WinZip Computing LP"]

"{E0D79305-84BE-11CE-9641-444553540000}" = "WinZip"
-> {HKLM...CLSID} = "WinZip"
\InProcServer32\(Default) = "C:\Program Files\WinZip\wzshlstb.dll" ["WinZip Computing LP"]

"{E0D79306-84BE-11CE-9641-444553540000}" = "WinZip"
-> {HKLM...CLSID} = "WinZip"
\InProcServer32\(Default) = "C:\Program Files\WinZip\wzshlstb.dll" ["WinZip Computing LP"]

"{E0D79307-84BE-11CE-9641-444553540000}" = "WinZip"
-> {HKLM...CLSID} = "WinZip"
\InProcServer32\(Default) = "C:\Program Files\WinZip\wzshlstb.dll" ["WinZip Computing LP"]

"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" ["Alexander Roshal"]

"{00F33137-EE26-412F-8D71-F84E4C2C6625}" = (no title provided)
-> {HKLM...CLSID} = "Windows Live Photo Gallery Viewer Autoplay Shim"
\InProcServer32\(Default) = "C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll" [MS]

"{00F346CB-35A4-465B-8B8F-65A29DBAB1F6}" = "Windows Live Photo Gallery Viewer Drop Target Shim"
-> {HKLM...CLSID} = "Windows Live Photo Gallery Viewer Shim"
\InProcServer32\(Default) = "C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll" [MS]

"{00F3712A-CA79-45B4-9E4D-D7891E7F8B9D}" = "Windows Live Photo Gallery Editor Drop Target Shim"
-> {HKLM...CLSID} = "Windows Live Photo Gallery Editor Shim"
\InProcServer32\(Default) = "C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll" [MS]

"{00F30F90-3E96-453B-AFCD-D71989ECC2C7}" = "Windows Live Photo Gallery Autoplay Drop Target Shim"
-> {HKLM...CLSID} = "Windows Live Photo Gallery Viewer Autoplay Shim"
\InProcServer32\(Default) = "C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll" [MS]

"{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF}" = "iTunes"
-> {HKLM...CLSID} = "iTunes"
\InProcServer32\(Default) = "C:\Program Files\iTunes\iTunesMiniPlayer.dll" ["Apple Inc."]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\

"WPDShServiceObj" = "{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"
-> {HKLM...CLSID} = "WPDShServiceObj Class"
\InProcServer32\(Default) = "C:\WINDOWS\system32\WPDShServiceObj.dll" [MS]

<<!>> igfxcui\DLLName = "igfxdev.dll" ["Intel Corporation"]

HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\

<<!>> livecall\CLSID = "{828030A1-22C1-4009-854F-8E305202313F}"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL" [MS]

<<!>> msnim\CLSID = "{828030A1-22C1-4009-854F-8E305202313F}"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL" [MS]

HKLM\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\

WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" ["Alexander Roshal"]

WinZip\(Default) = "{E0D79304-84BE-11CE-9641-444553540000}"
-> {HKLM...CLSID} = "WinZip"
\InProcServer32\(Default) = "C:\Program Files\WinZip\wzshlstb.dll" ["WinZip Computing LP"]

HKLM\SOFTWARE\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers\

MBAMShlExt\(Default) = "{57CE581A-0CB6-4266-9CA0-19364C90A0B3}"
-> {HKLM...CLSID} = "MBAMShlExt Class"
\InProcServer32\(Default) = "C:\Program Files\Malwarebytes' Anti-Malware\mbamext.dll" ["Malwarebytes Corporation"]

HKLM\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\

WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" ["Alexander Roshal"]

WinZip\(Default) = "{E0D79304-84BE-11CE-9641-444553540000}"
-> {HKLM...CLSID} = "WinZip"
\InProcServer32\(Default) = "C:\Program Files\WinZip\wzshlstb.dll" ["WinZip Computing LP"]

HKLM\SOFTWARE\Classes\Directory\shellex\DragDropHandlers\

WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" ["Alexander Roshal"]

WinZip\(Default) = "{E0D79305-84BE-11CE-9641-444553540000}"
-> {HKLM...CLSID} = "WinZip"
\InProcServer32\(Default) = "C:\Program Files\WinZip\wzshlstb.dll" ["WinZip Computing LP"]

HKLM\SOFTWARE\Classes\Directory\Background\shellex\ContextMenuHandlers\

igfxcui\(Default) = "{3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4}"
-> {HKLM...CLSID} = "GraphicsShellExt Class"
\InProcServer32\(Default) = "C:\WINDOWS\system32\igfxpph.dll" ["Intel Corporation"]

HKLM\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\

{F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = "PDF Column Info"
-> {HKLM...CLSID} = "PDF Shell Extension"
\InProcServer32\(Default) = "C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll" ["Adobe Systems, Inc."]

HKLM\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\

MBAMShlExt\(Default) = "{57CE581A-0CB6-4266-9CA0-19364C90A0B3}"
-> {HKLM...CLSID} = "MBAMShlExt Class"
\InProcServer32\(Default) = "C:\Program Files\Malwarebytes' Anti-Malware\mbamext.dll" ["Malwarebytes Corporation"]

WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" ["Alexander Roshal"]

WinZip\(Default) = "{E0D79304-84BE-11CE-9641-444553540000}"
-> {HKLM...CLSID} = "WinZip"
\InProcServer32\(Default) = "C:\Program Files\WinZip\wzshlstb.dll" ["WinZip Computing LP"]

HKLM\SOFTWARE\Classes\Folder\shellex\DragDropHandlers\

WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" ["Alexander Roshal"]

WinZip\(Default) = "{E0D79305-84BE-11CE-9641-444553540000}"
-> {HKLM...CLSID} = "WinZip"
\InProcServer32\(Default) = "C:\Program Files\WinZip\wzshlstb.dll" ["WinZip Computing LP"]


Group Policies {GPedit.msc branch and setting}:
-----------------------------------------------

Note: detected settings may not have any effect.

HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop\

"NoChangingWallpaper" = (REG_DWORD) dword:0x00000000
{User Configuration|Administrative Templates|Control Panel|Display|
Prevent changing wallpaper}

HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\

"NoSMBalloonTip" = (REG_DWORD) dword:0x00000001
{unrecognized setting}

"NoSMConfigurePrograms" = (REG_DWORD) dword:0x00000001
{unrecognized setting}

"Start_NotifyNewApps" = (REG_DWORD) dword:0x00000000
{unrecognized setting}

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\

"NoInternetOpenWith" = (REG_DWORD) dword:0x00000001
{unrecognized setting}


Active Desktop and Wallpaper:
-----------------------------

Active Desktop may be disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState

Displayed if Active Desktop enabled and wallpaper not set by Group Policy:
HKCU\Software\Microsoft\Internet Explorer\Desktop\General\
"Wallpaper" = "C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Wallpaper1.bmp"

Displayed if Active Desktop disabled and wallpaper not set by Group Policy:
HKCU\Control Panel\Desktop\
"Wallpaper" = "C:\Documents and Settings\HP_Administrator\Application Data\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp"


Enabled Screen Saver:
---------------------

HKCU\Control Panel\Desktop\


Windows Portable Device AutoPlay Handlers
-----------------------------------------

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\

BridgeCS5ImportMediaOnArrival\
"Provider" = "Adobe Bridge CS5"
"InvokeProgID" = "Adobe.adobebridgeCS5"
"InvokeVerb" = "launch"
HKLM\SOFTWARE\Classes\Adobe.adobebridgeCS5\shell\launch\command\(Default) = "C:\Program Files\Adobe\Adobe Bridge CS5\bridgeproxy.exe -v %1" ["Adobe Systems, Inc."]

BridgeCS5NonVolumeHandler\
"Provider" = "Adobe Bridge CS5"
"ProgID" = "Adobe.adobebridgeMTP_1"
HKLM\SOFTWARE\Classes\Adobe.adobebridgeMTP_1\CLSID\(Default) = "{1E6C711B-6D70-4a65-8AB6-745DC19BE2A6}"
-> {HKLM...CLSID} = "Adobe Bridge CS5"
\LocalServer32\(Default) = "C:\Program Files\Adobe\Adobe Bridge CS5\bridgeproxy.exe -m" ["Adobe Systems, Inc."]

ImgBurnBDBurningOnArrival_BuildImage\
"Provider" = "ImgBurn"
"InvokeProgID" = "ImgBurn.AutoPlay.1"
"InvokeVerb" = "HandleBDBurningOnArrival_BuildImage"
HKLM\SOFTWARE\Classes\ImgBurn.AutoPlay.1\shell\HandleBDBurningOnArrival_BuildImage\command\(Default) = ""C:\Program Files\ImgBurn\ImgBurn.exe" /MODE BUILD /OUTPUTMODE DEVICE /DEST "%1"" ["LIGHTNING UK!"]

ImgBurnBDBurningOnArrival_BurnImage\
"Provider" = "ImgBurn"
"InvokeProgID" = "ImgBurn.AutoPlay.1"
"InvokeVerb" = "HandleBDBurningOnArrival_BurnImage"
HKLM\SOFTWARE\Classes\ImgBurn.AutoPlay.1\shell\HandleBDBurningOnArrival_BurnImage\command\(Default) = ""C:\Program Files\ImgBurn\ImgBurn.exe" /MODE WRITE /DEST "%1"" ["LIGHTNING UK!"]

ImgBurnCDBurningOnArrival_BuildImage\
"Provider" = "ImgBurn"
"InvokeProgID" = "ImgBurn.AutoPlay.1"
"InvokeVerb" = "HandleCDBurningOnArrival_BuildImage"
HKLM\SOFTWARE\Classes\ImgBurn.AutoPlay.1\shell\HandleCDBurningOnArrival_BuildImage\command\(Default) = ""C:\Program Files\ImgBurn\ImgBurn.exe" /MODE BUILD /OUTPUTMODE DEVICE /DEST "%1"" ["LIGHTNING UK!"]

ImgBurnCDBurningOnArrival_BurnImage\
"Provider" = "ImgBurn"
"InvokeProgID" = "ImgBurn.AutoPlay.1"
"InvokeVerb" = "HandleCDBurningOnArrival_BurnImage"
HKLM\SOFTWARE\Classes\ImgBurn.AutoPlay.1\shell\HandleCDBurningOnArrival_BurnImage\command\(Default) = ""C:\Program Files\ImgBurn\ImgBurn.exe" /MODE WRITE /DEST "%1"" ["LIGHTNING UK!"]

ImgBurnDVDBurningOnArrival_BuildImage\
"Provider" = "ImgBurn"
"InvokeProgID" = "ImgBurn.AutoPlay.1"
"InvokeVerb" = "HandleDVDBurningOnArrival_BuildImage"
HKLM\SOFTWARE\Classes\ImgBurn.AutoPlay.1\shell\HandleDVDBurningOnArrival_BuildImage\command\(Default) = ""C:\Program Files\ImgBurn\ImgBurn.exe" /MODE BUILD /OUTPUTMODE DEVICE /DEST "%1"" ["LIGHTNING UK!"]

ImgBurnDVDBurningOnArrival_BurnImage\
"Provider" = "ImgBurn"
"InvokeProgID" = "ImgBurn.AutoPlay.1"
"InvokeVerb" = "HandleDVDBurningOnArrival_BurnImage"
HKLM\SOFTWARE\Classes\ImgBurn.AutoPlay.1\shell\HandleDVDBurningOnArrival_BurnImage\command\(Default) = ""C:\Program Files\ImgBurn\ImgBurn.exe" /MODE WRITE /DEST "%1"" ["LIGHTNING UK!"]

ImgBurnHDDVDBurningOnArrival_BuildImage\
"Provider" = "ImgBurn"
"InvokeProgID" = "ImgBurn.AutoPlay.1"
"InvokeVerb" = "HandleHDDVDBurningOnArrival_BuildImage"
HKLM\SOFTWARE\Classes\ImgBurn.AutoPlay.1\shell\HandleHDDVDBurningOnArrival_BuildImage\command\(Default) = ""C:\Program Files\ImgBurn\ImgBurn.exe" /MODE BUILD /OUTPUTMODE DEVICE /DEST "%1"" ["LIGHTNING UK!"]

ImgBurnHDDVDBurningOnArrival_BurnImage\
"Provider" = "ImgBurn"
"InvokeProgID" = "ImgBurn.AutoPlay.1"
"InvokeVerb" = "HandleHDDVDBurningOnArrival_BurnImage"
HKLM\SOFTWARE\Classes\ImgBurn.AutoPlay.1\shell\HandleHDDVDBurningOnArrival_BurnImage\command\(Default) = ""C:\Program Files\ImgBurn\ImgBurn.exe" /MODE WRITE /DEST "%1"" ["LIGHTNING UK!"]

ImgBurnPlayBluRayOnArrival_ReadDisc\
"Provider" = "ImgBurn"
"InvokeProgID" = "ImgBurn.AutoPlay.1"
"InvokeVerb" = "PlayBluRayOnArrival_ReadDisc"
HKLM\SOFTWARE\Classes\ImgBurn.AutoPlay.1\shell\PlayBluRayOnArrival_ReadDisc\command\(Default) = ""C:\Program Files\ImgBurn\ImgBurn.exe" /MODE READ /SRC "%1"" ["LIGHTNING UK!"]

ImgBurnPlayCDAudioOnArrival_ReadDisc\
"Provider" = "ImgBurn"
"InvokeProgID" = "ImgBurn.AutoPlay.1"
"InvokeVerb" = "PlayCDAudioOnArrival_ReadDisc"
HKLM\SOFTWARE\Classes\ImgBurn.AutoPlay.1\shell\PlayCDAudioOnArrival_ReadDisc\command\(Default) = ""C:\Program Files\ImgBurn\ImgBurn.exe" /MODE READ /SRC "%1"" ["LIGHTNING UK!"]

ImgBurnPlayDVDMovieOnArrival_ReadDisc\
"Provider" = "ImgBurn"
"InvokeProgID" = "ImgBurn.AutoPlay.1"
"InvokeVerb" = "PlayDVDMovieOnArrival_ReadDisc"
HKLM\SOFTWARE\Classes\ImgBurn.AutoPlay.1\shell\PlayDVDMovieOnArrival_ReadDisc\command\(Default) = ""C:\Program Files\ImgBurn\ImgBurn.exe" /MODE READ /SRC "%1"" ["LIGHTNING UK!"]

ImgBurnPlayHDDVDOnArrival_ReadDisc\
"Provider" = "ImgBurn"
"InvokeProgID" = "ImgBurn.AutoPlay.1"
"InvokeVerb" = "PlayHDDVDOnArrival_ReadDisc"
HKLM\SOFTWARE\Classes\ImgBurn.AutoPlay.1\shell\PlayHDDVDOnArrival_ReadDisc\command\(Default) = ""C:\Program Files\ImgBurn\ImgBurn.exe" /MODE READ /SRC "%1"" ["LIGHTNING UK!"]

iTunesBurnCDOnArrival\
"Provider" = "iTunes"
"InvokeProgID" = "iTunes.BurnCD"
"InvokeVerb" = "burn"
HKLM\SOFTWARE\Classes\iTunes.BurnCD\shell\burn\command\(Default) = ""C:\Program Files\iTunes\iTunes.exe" /AutoPlayBurn "%L"" ["Apple Inc."]

iTunesImportSongsOnArrival\
"Provider" = "iTunes"
"InvokeProgID" = "iTunes.ImportSongsOnCD"
"InvokeVerb" = "import"
HKLM\SOFTWARE\Classes\iTunes.ImportSongsOnCD\shell\import\command\(Default) = ""C:\Program Files\iTunes\iTunes.exe" /AutoPlayImportSongs "%L"" ["Apple Inc."]

iTunesPlaySongsOnArrival\
"Provider" = "iTunes"
"InvokeProgID" = "iTunes.PlaySongsOnCD"
"InvokeVerb" = "play"
HKLM\SOFTWARE\Classes\iTunes.PlaySongsOnCD\shell\play\command\(Default) = ""C:\Program Files\iTunes\iTunes.exe" /playCD "%L"" ["Apple Inc."]

iTunesShowSongsOnArrival\
"Provider" = "iTunes"
"InvokeProgID" = "iTunes.ShowSongsOnCD"
"InvokeVerb" = "showsongs"
HKLM\SOFTWARE\Classes\iTunes.ShowSongsOnCD\shell\showsongs\command\(Default) = ""C:\Program Files\iTunes\iTunes.exe" /AutoPlayShowSongs "%L"" ["Apple Inc."]

MPCPlayCDAudioOnArrival\
"Provider" = "Media Player Classic"
"InvokeProgID" = "MediaPlayerClassic.Autorun"
"InvokeVerb" = "PlayCDAudio"
HKLM\SOFTWARE\Classes\MediaPlayerClassic.Autorun\shell\PlayCDAudio\command\(Default) = ""C:\Program Files\K-Lite Codec Pack\Media Player Classic\mpc-hc.exe" %1 /cd" ["MPC-HC Team"]

MPCPlayDVDMovieOnArrival\
"Provider" = "Media Player Classic"
"InvokeProgID" = "MediaPlayerClassic.Autorun"
"InvokeVerb" = "PlayDVDMovie"
HKLM\SOFTWARE\Classes\MediaPlayerClassic.Autorun\shell\PlayDVDMovie\command\(Default) = ""C:\Program Files\K-Lite Codec Pack\Media Player Classic\mpc-hc.exe" %1 /dvd" ["MPC-HC Team"]

MPCPlayMusicFilesOnArrival\
"Provider" = "Media Player Classic"
"InvokeProgID" = "MediaPlayerClassic.Autorun"
"InvokeVerb" = "PlayMusicFiles"
HKLM\SOFTWARE\Classes\MediaPlayerClassic.Autorun\shell\PlayMusicFiles\command\(Default) = ""C:\Program Files\K-Lite Codec Pack\Media Player Classic\mpc-hc.exe" %1" ["MPC-HC Team"]

MPCPlayVideoFilesOnArrival\
"Provider" = "Media Player Classic"
"InvokeProgID" = "MediaPlayerClassic.Autorun"
"InvokeVerb" = "PlayVideoFiles"
HKLM\SOFTWARE\Classes\MediaPlayerClassic.Autorun\shell\PlayVideoFiles\command\(Default) = ""C:\Program Files\K-Lite Codec Pack\Media Player Classic\mpc-hc.exe" %1" ["MPC-HC Team"]

MSLivePhotoAcqHWEventHandler\
"Provider" = "@%ProgramFiles%\Windows Live\Photo Gallery\regres.dll,-10"
"ProgID" = "Microsoft.LivePhotoAcqHWEventHandler"
HKLM\SOFTWARE\Classes\Microsoft.LivePhotoAcqHWEventHandler\CLSID\(Default) = "{3BD0ACD1-71CA-4475-92CC-E0AA0AAF843F}"
-> {HKLM...CLSID} = (no title provided)
\LocalServer32\(Default) = "C:\Program Files\Windows Live\Photo Gallery\WLXPhotoAcquireWizard.exe" [MS]

MSLivePhotoAcquireDropHandler\
"Provider" = "@%ProgramFiles%\Windows Live\Photo Gallery\regres.dll,-10"
"InvokeProgID" = "Microsoft.LivePhotoAcqDTShim.1"
"InvokeVerb" = "open"
HKLM\SOFTWARE\Classes\Microsoft.LivePhotoAcqDTShim.1\shell\open\DropTarget\CLSID = "{00F33137-EE26-412F-8D71-F84E4C2C6625}"
-> {HKLM...CLSID} = "Windows Live Photo Gallery Viewer Autoplay Shim"
\InProcServer32\(Default) = "C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll" [MS]

MSLiveShowPicturesOnArrival\
"Provider" = "@%ProgramFiles%\Windows Live\Photo Gallery\regres.dll,-10"
"InvokeProgID" = "Microsoft.Photos.LiveAutoplayShim.1"
"InvokeVerb" = "open"
HKLM\SOFTWARE\Classes\Microsoft.Photos.LiveAutoplayShim.1\shell\open\DropTarget\CLSID = "{00F30F90-3E96-453B-AFCD-D71989ECC2C7}"
-> {HKLM...CLSID} = "Windows Live Photo Gallery Viewer Autoplay Shim"
\InProcServer32\(Default) = "C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll" [MS]

MSLiveVideoCameraArrivalCaptureWizard\
"Provider" = "@%ProgramFiles%\Windows Live\Photo Gallery\regres.dll,-10"
"ProgID" = "WLXAutoPlayMgr.WLXHWEventHandler"
"InitCmdLine" = "WLXVideoAcquireWizard"
HKLM\SOFTWARE\Classes\WLXAutoPlayMgr.WLXHWEventHandler\CLSID\(Default) = "{9B5C97F6-B3A5-4A6D-8B03-993EC7291A22}"
-> {HKLM...CLSID} = "WLXWEventHandler Class"
\LocalServer32\(Default) = ""C:\Program Files\Windows Live\Photo Gallery\WLXVideoCameraAutoPlayManager.exe"" [MS]

MSWPDShellNamespaceHandler\
"Provider" = "@%SystemRoot%\System32\WPDShextRes.dll,-501"
"CLSID" = "{A55803CC-4D53-404c-8557-FD63DBA95D24}"
"InitCmdLine" = " "
-> {HKLM...CLSID} = "WPDShextAutoplay"
\LocalServer32\(Default) = "C:\WINDOWS\system32\WPDShextAutoplay.exe" [MS]

P2GCDBurningOnArrival\
"Provider" = "Power2Go"
"InvokeProgID" = "BlankCD"
"InvokeVerb" = "OpenWithPower2Go"
HKLM\SOFTWARE\Classes\BlankCD\shell\OpenWithPower2Go\Command\(Default) = ""C:\Program Files\CyberLink\Power2Go\Power2Go.exe" "%L"" ["CyberLink Corp."]

P2GDVDBurningOnArrival\
"Provider" = "Power2Go"
"InvokeProgID" = "BlankDVD"
"InvokeVerb" = "OpenWithPower2Go"
HKLM\SOFTWARE\Classes\BlankDVD\shell\OpenWithPower2Go\Command\(Default) = ""C:\Program Files\CyberLink\Power2Go\Power2Go.exe" "%L"" ["CyberLink Corp."]

Power2GoPlayCDAudioOnArrival\
"Provider" = "Power2Go"
"InvokeProgID" = "AudioCD"
"InvokeVerb" = "PlayWithPower2Go"
HKLM\SOFTWARE\Classes\AudioCD\shell\PlayWithPower2Go\Command\(Default) = ""C:\Program Files\CyberLink\Power2Go\Power2Go.exe" /AudioRipper "%L"" ["CyberLink Corp."]

WinampMTPHandler\
"Provider" = "Winamp"
"ProgID" = "Shell.HWEventHandlerShellExecute"
"InitCmdLine" = "C:\Program Files\Winamp\winamp.exe"
HKLM\SOFTWARE\Classes\Shell.HWEventHandlerShellExecute\CLSID\(Default) = "{FFB8655F-81B9-4fce-B89C-9A6BA76D13E7}"
-> {HKLM...CLSID} = "ShellExecute HW Event Handler"
\LocalServer32\(Default) = "rundll32.exe shell32.dll,SHCreateLocalServerRunDll {FFB8655F-81B9-4fce-B89C-9A6BA76D13E7}" [MS]


Enabled Scheduled Tasks:
------------------------

"AppleSoftwareUpdate" -> launches: "C:\Program Files\Apple Software Update\SoftwareUpdate.exe -task" ["Apple Inc."]
"User_Feed_Synchronization-{A26F0658-5D78-4190-99B8-7254C0055043}" -> launches: "C:\WINDOWS\system32\msfeedssync.exe sync" [MS]


Winsock2 Service Provider DLLs:
-------------------------------

Namespace Service Providers

000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000004\LibraryPath = "C:\Program Files\Bonjour\mdnsNSP.dll" ["Apple Inc."]

Transport Service Providers

%SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 13
%SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05


Toolbars, Explorer Bars, Extensions:
------------------------------------

Extensions (Tools menu items, main toolbar menu buttons)

HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\
{E2E2DD38-D088-4134-82B7-F2BA38496583}\
"MenuText" = "@xpsp3res.dll,-20001"
"Exec" = "%windir%\Network Diagnostic\xpnetdiag.exe" [MS]

{FB5F1910-F110-11D2-BB9E-00C04F795683}\
"ButtonText" = "Messenger"
"MenuText" = "Windows Messenger"
"Exec" = "C:\Program Files\Messenger\msmsgs.exe" [MS]


Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------

Bonjour-service, Bonjour Service, ""C:\Program Files\Bonjour\mDNSResponder.exe"" ["Apple Inc."]
Firebird Guardian - DefaultInstance, FirebirdGuardianDefaultInstance, "C:\Program Files\Firebird\Firebird_2_1\bin\fbguard.exe -s DefaultInstance" ["FirebirdSQL Project"]
Firebird Server - DefaultInstance, FirebirdServerDefaultInstance, "C:\Program Files\Firebird\Firebird_2_1\bin\fbserver.exe -s DefaultInstance" ["FirebirdSQL Project"]
Java Quick Starter, JavaQuickStarterService, ""C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf"" ["Sun Microsystems, Inc."]
Mobiel Apple apparaat, Apple Mobile Device, ""C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe"" ["Apple Inc."]


Omhoog
 Profiel  
 
BerichtGeplaatst: zo maart 06, 2011 2:05 pm 
Offline
Site Admin
Avatar gebruiker

Geregistreerd: wo feb 08, 2006 12:42 pm
Berichten: 11921
OK, die hernoemde bestanden mogen weg, dat waren backups voor het geval de wijzigingen problemen zouden opleveren :wink:

Dubbelklik zoek.exe opnieuw om hem te starten.
Typ C gevolgd door Enter om "Delete files/folders" te starten.
Een bestand met de naam "input.txt" zal openen.
Kopieer hier de volgende code in:
Code:
c:\windows\system32\*.*.oud;

Als je de code in het bestand geplaatst hebt mag je input.txt sluiten, laat wijzigingen opslaan.
Hierna begint de verwijderscan te lopen, wacht geduldig tot een log opent en post het resultaat in je volgende bericht.

Groeten smeenk :)

_________________
Browsercheck --- Je computer malwarevrij? Wat nu?


Omhoog
 Profiel  
 
BerichtGeplaatst: zo maart 06, 2011 3:01 pm 
Offline
Lid

Geregistreerd: zo feb 20, 2011 1:05 pm
Berichten: 15
Besturingssysteem: Windows XP servicepack 3
Bescherming: Malwarebites
==================
Zoek.exe by smeenk
Updated 09-02-2011
==================
Deleting files\folders

"c:\windows\system32\atmfd.dll.oud" deleted
"c:\windows\system32\csrsrv.dll.oud" deleted
"c:\windows\system32\ieframe.dll.oud" deleted
"c:\windows\system32\iertutil.dll.oud" deleted
"c:\windows\system32\kerberos.dll.oud" deleted
"c:\windows\system32\lsasrv.dll.oud" deleted
"c:\windows\system32\ntdll.dll.oud" deleted
"c:\windows\system32\shell32.dll.oud" deleted
"c:\windows\system32\urlmon.dll.oud" deleted
"c:\windows\system32\win32k.sys.oud" deleted
"c:\windows\system32\wininet.dll.oud" deleted


Omhoog
 Profiel  
 
BerichtGeplaatst: zo maart 06, 2011 3:43 pm 
Offline
Site Admin
Avatar gebruiker

Geregistreerd: wo feb 08, 2006 12:42 pm
Berichten: 11921
Je Java software is verouderd.
Oudere versies hebben lekken die malware de kans geeft om zich te installeren op je systeem.

Doe eerst deze stappen om Java te de-installeren en de nieuwere versie te installeren:

    Download Java Runtime Environment (JRE) 6 Update 24.
    • Sla het bestand jre-6u24-windows-i586-s.exe op je Bureaublad op.
    • Sluit alle programma's die eventueel open zijn - Zeker je web browser!
    • Ga dan naar Start > Configuratiescherm > Software of Start > Configuratiescherm > Programma's en onderdelen (bij Vista) en verwijder alle oudere versies van Java uit de Softwarelijst.
    • Vink alles aan met Java Runtime Environment (JRE of J2SE) in de naam.
    • Klik dan op Verwijderen of op de Wijzig/Verwijder knop.
    • Herhaal dit tot alle oudere versies verdwenen zijn.
    • Na het verwijderen van alle oudere versies, herstart je pc.
    • Dubbelklik vervolgens op jre-6u24-windows-i586-s.exe op je Bureaublad om de nieuwste versie van Java te installeren.

Dan denk ik dat we klaar zijn :)

_________________
Browsercheck --- Je computer malwarevrij? Wat nu?


Omhoog
 Profiel  
 
BerichtGeplaatst: zo maart 06, 2011 4:08 pm 
Offline
Lid

Geregistreerd: zo feb 20, 2011 1:05 pm
Berichten: 15
Besturingssysteem: Windows XP servicepack 3
Bescherming: Malwarebites
Oude Java verwijderd en de nieuwe erop.
Hartelijk dank voor alle hulp! :D


Omhoog
 Profiel  
 
BerichtGeplaatst: zo maart 06, 2011 5:35 pm 
Offline
Site Admin
Avatar gebruiker

Geregistreerd: wo feb 08, 2006 12:42 pm
Berichten: 11921
Graag gedaan hoor :)

Doe het volgende nog:
Zet systeemherstel uit, herstart je computer en zet na de herstart systeemherstel weer aan.
Lees hier hoe en waarom je dit moet doen na een infectie:
http://users.telenet.be/marcvn/spyware/1852808.htm

Ik zet nu een slotje op je topic.
Zijn er toch nog problemen en wil je dit topic heropend hebben, stuur dan een PB naar mij of één van de moderators met een verzoek hiertoe.
Zijn het echter nieuwe problemen of betreft het een andere computer, maak dan een nieuw topic aan.

Groeten smeenk 8)

_________________
Browsercheck --- Je computer malwarevrij? Wat nu?


Omhoog
 Profiel  
 
Geef de vorige berichten weer:  Sorteer op  
Dit onderwerp is gesloten, je kunt geen berichten wijzigen of nieuwe antwoorden plaatsen  [ 22 berichten ]  Ga naar pagina Vorige  1, 2

Forumoverzicht » RSIT/DDS/HijackThis logfiles » Opgeloste RSIT/DDS/HijackThis logfiles


Wie is er online

Gebruikers op dit forum: Bing [Bot], Google [Bot] en 2 gasten


Je mag geen nieuwe onderwerpen in dit forum plaatsen
Je mag niet antwoorden op een onderwerp in dit forum
Je mag je berichten in dit forum niet wijzigen
Je mag je berichten niet uit dit forum verwijderen
Je mag geen bijlagen toevoegen in dit forum

Ga naar:  
Powered by phpBB® Forum Software © phpBB Group
phpBB.nl Vertaling