Ardamax keylogger krijg ik niet verwijderd *

Ik heb deze shit op mn computer gekregen,

ardamax keylogger 2.8

met proces fhpf.exe

ik heb dit al verwijderd maar denk niet dat dit genoeg is.

Als ik opstart zie ik ook een scherm met keylogger,http://img165.imageshack.us/my.php?image=naamloosep2.png

Ik wil geen virusscanner installeren, dus zoek speciefiek hoe ik dit manueel kan removen.

ik heb wel met spybotje gescant die vind wel wat :

aangezien deze keyloggers nogal eens invisible zijn vertrouw ik hier niet helemaal op, hoe kan ik het zeker weten? C:\WINDOWS\system32\28643 is namelijk niet bereikbaar via verkenner lijkt wel v erborgen ofzo.

GENETX schreef op zondag 10 februari 2008 @ 11:03:
Hint: Verborgen mappen en bestanden weergeven

Bovenstaande vindt je bij mapopties.

heb ik standaard aanstaan, nee ik krijg keihard een error als ik die map wil openen

http://img232.imageshack.us/my.php?image=naamloos2ad9.png

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 11:25:15, on 10-2-2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe
C:\WINDOWS\system32\Rundll32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Documents and Settings\Christian\Bureaublad\Snelkoppelingen\W3XCustomKick12001.exe
C:\Documents and Settings\Christian\Bureaublad\Snelkoppelingen\W3XMapHack12101.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\Documents and Settings\Christian\Local Settings\Temporary Internet Files\Content.IE5\ENQFJW6I\Prevxcsi[1].EXE
C:\DOCUME~1\CHRIST~1\LOCALS~1\Temp\Tmp___2837\prevxcsi.exe
C:\Documents and Settings\Christian\Bureaublad\HiJackThis_v2.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.nl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 217.172.56.132:82
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O4 - HKLM\..\Run: [CTAPR2] "C:\Program Files\Creative\Sound Blaster X-Fi\Console Launcher\CTAPR2.exe" /r
O4 - HKLM\..\Run: [VolPanel] "C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" /r
O4 - HKLM\..\Run: [SPIRun] Rundll32 SPIRun.dll,RunDLLEntry
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [FHPF Agent] C:\WINDOWS\system32\28463\FHPF.exe
O4 - HKLM\..\RunOnce: [SpybotDeletingA7146] command /c del "C:\WINDOWS\system32\28463\FHPF.009.tmp"
O4 - HKLM\..\RunOnce: [SpybotDeletingC2350] cmd /c del "C:\WINDOWS\system32\28463\FHPF.009.tmp"
O4 - HKLM\..\RunOnce: [SpybotDeletingA2787] command /c del "C:\WINDOWS\system32\28463\FHPF.001"
O4 - HKLM\..\RunOnce: [SpybotDeletingC8383] cmd /c del "C:\WINDOWS\system32\28463\FHPF.001"
O4 - HKLM\..\RunOnce: [SpybotDeletingA8307] command /c del "C:\WINDOWS\system32\28463\FHPF.002"
O4 - HKLM\..\RunOnce: [SpybotDeletingC3679] cmd /c del "C:\WINDOWS\system32\28463\FHPF.002"
O4 - HKLM\..\RunOnce: [SpybotDeletingA5983] command /c del "C:\WINDOWS\system32\28463\FHPF.006"
O4 - HKLM\..\RunOnce: [SpybotDeletingC7988] cmd /c del "C:\WINDOWS\system32\28463\FHPF.006"
O4 - HKLM\..\RunOnce: [SpybotDeletingA3310] command /c del "C:\WINDOWS\system32\28463\FHPF.007"
O4 - HKLM\..\RunOnce: [SpybotDeletingC2465] cmd /c del "C:\WINDOWS\system32\28463\FHPF.007"
O4 - HKCU\..\Run: [Creative MediaSource Go] "C:\Program Files\Creative\MediaSource5\Go\CTCMSGoU.exe" /SCB
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O8 - Extra context menu item: Download All Files by HiDownload - C:\Program Files\HiDownload\HDGetAll.htm
O8 - Extra context menu item: Download by HiDownload - C:\Program Files\HiDownload\HDGet.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file)
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Christian\Menu Start\Programma's\IMVU\Run IMVU.lnk
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: HiDownload - {F4FBA929-A891-492C-A0F6-5C79CC4F1742} - C:\Program Files\HiDownload\hidownload.exe (HKCU)
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su2/CTL_V02002/ocx/15033/CTPID.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{76BBB3DC-196D-419C-932F-BAFFCE2E749F}: NameServer = 212.83.64.140,212.83.64.141
O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Application Layer Gateway-service (ALG) - Unknown owner - C:\WINDOWS\System32\alg.exe (file missing)
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Process Monitor (LVPrcSrv) - Unknown owner - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe (file missing)
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - Unknown owner - C:\WINDOWS\system32\nvsvc32.exe (file missing)
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe

--
End of file - 7537 bytes

dank je voor die remover!

en nee hitman pro werkt niet bij mij.