GerdadH
-
Items
12 -
Registratiedatum
-
Laatst bezocht
Inhoudstype
Profielen
Forums
Store
Berichten die geplaatst zijn door GerdadH
-
-
En bij het opstarten krijg ik meldingen van virusscannen bij toegang, over
bufferloop in Windows\Explorer.EXE.KERNEL32CreateProcessA (in allerlei varianten). En dat ze nu geblokkeerd zijn door bufferoverloop. Maar die mededeling blijft steeds opnieuw op puppen.
Ik ben er dus meerdere keren uitgegooid, waarbij je een blauw scherm krijgt met witte letters, waarop gewaarschuwd wordt dat je opnieuw op moet starten als dit de eerste keer is dat je die melding krijgt, en bij volgende keren technische steun moet vragen. Maar dat valt niet te printen of kopièren
-
Ik stuur ze stukje bij beetje, want ik heb al een paar keer gehad, dat ik een heleboel had opgeschreven en dat windows werd afgesloten; Dan krijg ik de volgende mededeling:
Computer is hersteld van een ernstige fout in microsoft windows (was ook afgesloten bij vorige poging op te starten.
En dit is de inhoud van foutenrapport dat voor microsoft is opgesteld:
C:\DOCUME~1\GERDAD~1\LOCALS~1\Temp\WERca0e.dir00\Mini011409-01.dmp
C:\DOCUME~1\GERDAD~1\LOCALS~1\Temp\WERca0e.dir00\sysdata.xml
-
help allerlei dingen die ik opstuur lijken niet aan te komen.
Na vorige noodkreet nog 1 x combofix gedaan. hier log
ComboFix 09-01-13.04 - Gerda den Hollander 2009-01-14 16:29:27.4 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.31.1043.18.511.209 [GMT 1:00]
Gestart vanuit: c:\documents and settings\Gerda den Hollander\Bureaublad\ComboFix.exe
AV: McAfee VirusScan Enterprise *On-access scanning disabled* (Outdated)
* Resident AV is active
.
(((((((((((((((((((( Bestanden Gemaakt van 2008-12-14 to 2009-01-14 ))))))))))))))))))))))))))))))
.
2009-01-14 12:43 . 2009-01-14 12:43 <DIR> dr-h----- c:\documents and settings\Gerda den Hollander\Onlangs geopend
2009-01-14 12:34 . 2009-01-14 12:34 <DIR> d-------- c:\program files\CCleaner
2009-01-13 13:20 . 2009-01-13 13:20 <DIR> d-------- c:\documents and settings\Gerda den Hollander\Application Data\Malwarebytes
2009-01-13 13:19 . 2009-01-13 13:20 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-01-13 13:19 . 2009-01-13 13:19 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-01-13 13:19 . 2009-01-04 18:38 38,496 --a------ c:\windows\SYSTEM32\DRIVERS\mbamswissarmy.sys
2009-01-13 13:19 . 2009-01-04 18:38 15,504 --a------ c:\windows\SYSTEM32\DRIVERS\mbam.sys
2009-01-13 12:12 . 2009-01-14 11:53 <DIR> d-------- c:\program files\Spyware Doctor
2009-01-13 12:12 . 2009-01-13 12:12 <DIR> d-------- c:\documents and settings\Gerda den Hollander\Application Data\PC Tools
2009-01-13 12:12 . 2009-01-14 16:14 <DIR> d-a------ c:\documents and settings\All Users\Application Data\TEMP
2009-01-13 12:12 . 2008-08-25 12:36 81,288 --a------ c:\windows\SYSTEM32\DRIVERS\iksyssec.sys
2009-01-13 12:12 . 2008-08-25 12:36 66,952 --a------ c:\windows\SYSTEM32\DRIVERS\iksysflt.sys
2009-01-13 12:12 . 2008-08-25 12:36 40,840 --a------ c:\windows\SYSTEM32\DRIVERS\ikfilesec.sys
2009-01-13 12:12 . 2008-06-02 16:19 29,576 --a------ c:\windows\SYSTEM32\DRIVERS\kcom.sys
2009-01-05 23:22 . 2009-01-08 21:42 <DIR> d-------- c:\program files\Fighters
2009-01-05 23:22 . 2009-01-05 23:22 <DIR> d-------- c:\documents and settings\All Users\Application Data\Fighters
2009-01-05 23:10 . 2009-01-05 23:10 <DIR> d-------- c:\program files\Trend Micro
2008-12-17 10:49 . 2008-12-17 10:48 410,984 --a------ c:\windows\SYSTEM32\deploytk.dll
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-14 15:14 --------- d-----w c:\program files\SPAMfighter
2009-01-13 23:21 --------- d-----w c:\program files\Google
2009-01-08 20:42 --------- d-----w c:\program files\Common Files\Symantec Shared
2009-01-05 22:15 12,288 ----a-w c:\program files\hijackthis logboek.txt
2008-12-17 09:48 --------- d-----w c:\program files\Java
2008-12-12 17:03 3,088,896 ------w c:\windows\SYSTEM32\DLLCACHE\mshtml.dll
2008-12-11 10:57 333,952 ----a-w c:\windows\system32\drivers\srv.sys
2008-12-11 10:57 333,952 ------w c:\windows\SYSTEM32\DLLCACHE\srv.sys
2008-12-09 20:28 --------- d-----w c:\program files\Ricochet
2008-12-01 11:40 --------- d-----w c:\documents and settings\Gerda den Hollander\Application Data\Apple Computer
2008-12-01 08:47 --------- d-----w c:\program files\iTunes
2008-12-01 08:47 --------- d-----w c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-12-01 08:46 --------- d-----w c:\program files\iPod
2008-12-01 08:46 --------- d-----w c:\program files\Common Files\Apple
2008-12-01 08:42 --------- d-----w c:\program files\QuickTime
2008-12-01 08:29 --------- d-----w c:\program files\Safari
2008-11-30 12:11 --------- d-----w c:\program files\Adobe Media Player
2008-11-30 12:10 --------- d-----w c:\program files\Common Files\Adobe AIR
2008-11-18 10:01 15,496 ----a-w c:\windows\system32\drivers\vffilter.sys
2008-11-16 12:20 --------- d-----w c:\documents and settings\Gerda den Hollander\Application Data\MSN6
2008-10-24 11:21 455,296 ------w c:\windows\SYSTEM32\DLLCACHE\mrxsmb.sys
2008-10-23 12:43 286,720 ----a-w c:\windows\SYSTEM32\gdi32.dll
2008-10-23 12:43 286,720 ------w c:\windows\SYSTEM32\DLLCACHE\gdi32.dll
2008-10-16 13:13 202,776 ----a-w c:\windows\SYSTEM32\wuweb.dll
2008-10-16 13:13 202,776 ----a-w c:\windows\SYSTEM32\DLLCACHE\wuweb.dll
2008-10-16 13:13 1,809,944 ----a-w c:\windows\SYSTEM32\wuaueng.dll
2008-10-16 13:13 1,809,944 ----a-w c:\windows\SYSTEM32\DLLCACHE\wuaueng.dll
2008-10-16 13:12 561,688 ----a-w c:\windows\SYSTEM32\wuapi.dll
2008-10-16 13:12 561,688 ----a-w c:\windows\SYSTEM32\DLLCACHE\wuapi.dll
2008-10-16 13:12 323,608 ----a-w c:\windows\SYSTEM32\wucltui.dll
2008-10-16 13:12 323,608 ----a-w c:\windows\SYSTEM32\DLLCACHE\wucltui.dll
2008-10-16 13:09 92,696 ----a-w c:\windows\SYSTEM32\DLLCACHE\cdm.dll
2008-10-16 13:09 92,696 ----a-w c:\windows\SYSTEM32\cdm.dll
2008-10-16 13:09 51,224 ----a-w c:\windows\SYSTEM32\wuauclt.exe
2008-10-16 13:09 51,224 ----a-w c:\windows\SYSTEM32\DLLCACHE\wuauclt.exe
2008-10-16 13:09 43,544 ----a-w c:\windows\SYSTEM32\wups2.dll
2008-10-16 13:08 34,328 ----a-w c:\windows\SYSTEM32\wups.dll
2008-10-16 13:08 34,328 ----a-w c:\windows\SYSTEM32\DLLCACHE\wups.dll
2008-10-16 13:06 268,648 ----a-w c:\windows\SYSTEM32\mucltui.dll
2008-10-16 13:06 208,744 ----a-w c:\windows\SYSTEM32\muweb.dll
2008-10-16 01:02 669,184 ----a-w c:\windows\SYSTEM32\wininet.dll
2008-10-16 01:02 669,184 ------w c:\windows\SYSTEM32\DLLCACHE\wininet.dll
2008-10-16 01:02 620,032 ------w c:\windows\SYSTEM32\DLLCACHE\urlmon.dll
2008-10-16 01:02 1,499,136 ------w c:\windows\SYSTEM32\DLLCACHE\shdocvw.dll
2008-10-15 16:37 337,408 ------w c:\windows\SYSTEM32\DLLCACHE\netapi32.dll
2008-04-17 19:54 32,768 ----a-w c:\documents and settings\Gerda den Hollander\WebVpnRegKey6-pintix-rnw-nl.dll
2005-09-25 15:16 0 ---ha-w c:\documents and settings\Gerda den Hollander\Application Data\hpothb07.dat
.
((((((((((((((((((((((((((((( snapshot@2009-01-13_23.50.50,90 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-12-10 20:37:06 12,288 ----a-r c:\windows\Installer\{91130413-6000-11D3-8CFE-0150048383C9}\cagicon.exe
+ 2009-01-14 12:01:20 12,288 ----a-r c:\windows\Installer\{91130413-6000-11D3-8CFE-0150048383C9}\cagicon.exe
- 2008-12-10 20:37:06 135,168 ----a-r c:\windows\Installer\{91130413-6000-11D3-8CFE-0150048383C9}\misc.exe
+ 2009-01-14 12:01:20 135,168 ----a-r c:\windows\Installer\{91130413-6000-11D3-8CFE-0150048383C9}\misc.exe
- 2008-12-10 20:37:06 11,264 ----a-r c:\windows\Installer\{91130413-6000-11D3-8CFE-0150048383C9}\mspicons.exe
+ 2009-01-14 12:01:21 11,264 ----a-r c:\windows\Installer\{91130413-6000-11D3-8CFE-0150048383C9}\mspicons.exe
- 2008-12-10 20:37:06 27,136 ----a-r c:\windows\Installer\{91130413-6000-11D3-8CFE-0150048383C9}\oisicon.exe
+ 2009-01-14 12:01:21 27,136 ----a-r c:\windows\Installer\{91130413-6000-11D3-8CFE-0150048383C9}\oisicon.exe
- 2008-12-10 20:37:06 4,096 ----a-r c:\windows\Installer\{91130413-6000-11D3-8CFE-0150048383C9}\opwicon.exe
+ 2009-01-14 12:01:22 4,096 ----a-r c:\windows\Installer\{91130413-6000-11D3-8CFE-0150048383C9}\opwicon.exe
- 2008-12-10 20:37:06 794,624 ----a-r c:\windows\Installer\{91130413-6000-11D3-8CFE-0150048383C9}\outicon.exe
+ 2009-01-14 12:01:22 794,624 ----a-r c:\windows\Installer\{91130413-6000-11D3-8CFE-0150048383C9}\outicon.exe
- 2008-12-10 20:37:06 23,040 ----a-r c:\windows\Installer\{91130413-6000-11D3-8CFE-0150048383C9}\unbndico.exe
+ 2009-01-14 12:01:23 23,040 ----a-r c:\windows\Installer\{91130413-6000-11D3-8CFE-0150048383C9}\unbndico.exe
- 2008-12-10 20:37:06 286,720 ----a-r c:\windows\Installer\{91130413-6000-11D3-8CFE-0150048383C9}\wordicon.exe
+ 2009-01-14 12:01:19 286,720 ----a-r c:\windows\Installer\{91130413-6000-11D3-8CFE-0150048383C9}\wordicon.exe
- 2008-12-10 20:37:06 409,600 ----a-r c:\windows\Installer\{91130413-6000-11D3-8CFE-0150048383C9}\xlicons.exe
+ 2009-01-14 12:01:19 409,600 ----a-r c:\windows\Installer\{91130413-6000-11D3-8CFE-0150048383C9}\xlicons.exe
- 2008-12-09 23:24:37 17,593,280 ----a-w c:\windows\SYSTEM32\MRT.exe
+ 2009-01-10 01:35:28 20,853,704 ----a-w c:\windows\SYSTEM32\MRT.exe
+ 2009-01-14 13:33:28 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_71c.dat
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"TomTomHOME.exe"="c:\program files\TomTom HOME 2\HOMERunner.exe" [2008-11-25 234856]
"MsnMsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2003-08-24 335872]
"diagent"="c:\program files\Creative\SBLive\Diagnostics\diagent.exe" [2002-04-03 135264]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2003-08-06 114741]
"StorageGuard"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-02-13 155648]
"PCMService"="c:\program files\Dell\Media Experience\PCMService.exe" [2003-08-26 204800]
"DVDSentry"="c:\windows\System32\DSentry.exe" [2003-08-13 28672]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-17 136600]
"McAfeeUpdaterUI"="c:\program files\McAfee\Common Framework\UdaterUI.exe" [2006-12-19 136768]
"ShStatEXE"="c:\program files\McAfee\VirusScan Enterprise\SHSTAT.EXE" [2007-02-22 112216]
"SPAMfighter Agent"="c:\program files\SPAMfighter\SFAgent.exe" [2008-07-29 321672]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-11-07 111936]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-11-04 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"spywarefighterguard"="c:\program files\Fighters\spywarefighter\SpywarefighterUser.exe" [2008-11-18 180872]
"ISTray"="c:\program files\Spyware Doctor\pctsTray.exe" [2008-08-25 1168264]
"ATIModeChange"="Ati2mdxx.exe" [2001-09-04 c:\windows\SYSTEM32\Ati2mdxx.exe]
"PD0630 STISvc"="P0630Pin.dll" [2005-06-05 c:\windows\SYSTEM32\P0630Pin.dll]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2008-04-14 c:\windows\SYSTEM32\narrator.exe]
c:\documents and settings\Gerda den Hollander\Menu Start\Programma's\Opstarten\
Mediacontrole Cyber-shot Viewer.lnk - c:\program files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe [2007-08-11 155648]
c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\
hpoddt01.exe.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [2004-06-16 28672]
officejet 6100.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hposol08.exe [2004-06-16 147456]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.ctmp3"= c:\windows\System32\ctmp3.acm
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\SightSpeed\\SightSpeed.exe"=
"c:\\Program Files\\McAfee\\Common Framework\\FrameworkService.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
R3 Vfscan;Vfscan;c:\windows\SYSTEM32\DRIVERS\vffilter.sys [2008-11-18 15496]
R3 wlags51b;Agere Wireless USB Driver;c:\windows\SYSTEM32\DRIVERS\WLAGS51B.sys [2004-11-07 178688]
R4 PTK License-FIGHTERS-297811811;PTK License-FIGHTERS-297811811;c:\program files\Fighters\LicenseService.exe [2008-11-18 283272]
R4 PTK Live Update-FIGHTERS-297811811;PTK Live Update-FIGHTERS-297811811;c:\program files\Fighters\UpdateService.exe [2008-11-18 307848]
R4 PTK Scanner-FIGHTERS-297811811;PTK Scanner-FIGHTERS-297811811;c:\program files\Fighters\ScannerService.exe [2008-11-18 311944]
R4 PTK SharedAccess-FIGHTERS-297811811;PTK SharedAccess-FIGHTERS-297811811;c:\program files\Fighters\ConfigService.exe [2008-11-18 139912]
R4 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [2009-01-13 356920]
R4 SPAMfighter Update Service;SPAMfighter Update Service;c:\program files\SPAMfighter\sfus.exe [2008-07-29 184968]
S3 getPlus® Helper;getPlus® Helper;c:\program files\NOS\bin\getPlus_HelperSvc.exe [2008-09-30 33752]
S3 P0630VID;Creative WebCam Live!;c:\windows\SYSTEM32\DRIVERS\P0630Vid.sys [2007-01-23 91841]
--- Andere Services/Drivers In Geheugen ---
*Deregistered* - mchInjDrv
.
Inhoud van de 'Gedeelde Taken' map
2009-01-10 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
2009-01-14 c:\windows\Tasks\Controleren op updates voor Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 11:20]
2005-09-16 c:\windows\Tasks\FRU Task #Hewlett-Packard#hp officejet 6100 series#1106417417.job
- c:\program files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe [2004-06-16 18:06]
2009-01-14 c:\windows\Tasks\Schijfopruiming.job
- c:\windows\SYSTEM32\cleanmgr.exe [2008-04-14 18:02]
.
.
------- Bijkomende Scan -------
.
uStart Page = hxxp://www.omroep.nl/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mStart Page = hxxp://www.euro.dell.com/
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm
IE: Add to Windows &Live Favorites - Add to Windows Live Favorites
IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
c:\windows\Downloaded Program Files\InstallerControl.dll - O16 -: CabBuilder
hxxp://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
c:\windows\Downloaded Program Files\OSDED4D.OSD
c:\windows\Downloaded Program Files\AddrBookATL.dll - O16 -: {426784E5-24B2-4708-820D-117342FAD009}
hxxp://hyves.nl/cab/outlookaddressbook.cab
c:\windows\Downloaded Program Files\imglib.dll - c:\windows\Downloaded Program Files\screenshot.ocx
O16 -: {558714D6-8AC5-11D2-BCB7-00A024A866A5}
hxxp://www.ob.gouda.nl/Components/screenshot.cab
c:\windows\Downloaded Program Files\screenshot.inf
O16 -: {745395C8-D0E1-4227-8586-624CA9A10A8D} - hxxp://internethuis.rnw.nl/activex/AMC.cab
c:\windows\Downloaded Program Files\setup.inf
FF - ProfilePath - c:\documents and settings\Gerda den Hollander\Application Data\Mozilla\Firefox\Profiles\kzg9xpfx.default\
FF - plugin: c:\documents and settings\All Users\Application Data\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-14 16:36:09
Windows 5.1.2600 Service Pack 3 NTFS
detected NTDLL code modification:
ZwClose
scannen van verborgen processen ...
scannen van verborgen autostart items ...
scannen van verborgen bestanden ...
c:\windows\system32\e6e943de6d2e2d8c33d5130c1ccdd3ac.sys 39936 bytes executable
c:\windows\system32\_e6e943de6d2e2d8c33d5130c1ccdd3ac.sys_.vir 39936 bytes executable
Scan succesvol afgerond
verborgen bestanden: 2
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\e6e943de6d2e2d8c33d5130c1ccdd3ac]
"ImagePath"="system32\e6e943de6d2e2d8c33d5130c1ccdd3ac.sys"
.
--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|ù•9~*]
"3140311900063D11C8EF10054038389C"="C?\\WINDOWS\\System32\\FM20ENU.DLL"
.
--------------------- DLLs Geladen Onder Lopende Processen ---------------------
- - - - - - - > 'explorer.exe'(236)
c:\program files\SPAMfighter\Clients\Outlook Express\SFOE0001.dll
c:\progra~1\WINDOW~2\wmpband.dll
.
Voltooingstijd: 2009-01-14 16:42:18
ComboFix-quarantined-files.txt 2009-01-14 15:42:10
ComboFix2.txt 2009-01-14 11:09:13
ComboFix3.txt 2009-01-13 23:12:12
ComboFix4.txt 2009-01-13 22:53:08
Pre-Run: 88.231.084.032 bytes beschikbaar
Post-Run: 88,210,739,200 bytes beschikbaar
233 --- E O F --- 2009-01-14 12:01:28
-
Na vorige noodkreet is het gelukt nog 1 keer combofix te draaien. Hier is de log
ComboFix 09-01-13.04 - Gerda den Hollander 2009-01-14 16:29:27.4 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.31.1043.18.511.209 [GMT 1:00]
Gestart vanuit: c:\documents and settings\Gerda den Hollander\Bureaublad\ComboFix.exe
AV: McAfee VirusScan Enterprise *On-access scanning disabled* (Outdated)
* Resident AV is active
.
(((((((((((((((((((( Bestanden Gemaakt van 2008-12-14 to 2009-01-14 ))))))))))))))))))))))))))))))
.
2009-01-14 12:43 . 2009-01-14 12:43 <DIR> dr-h----- c:\documents and settings\Gerda den Hollander\Onlangs geopend
2009-01-14 12:34 . 2009-01-14 12:34 <DIR> d-------- c:\program files\CCleaner
2009-01-13 13:20 . 2009-01-13 13:20 <DIR> d-------- c:\documents and settings\Gerda den Hollander\Application Data\Malwarebytes
2009-01-13 13:19 . 2009-01-13 13:20 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-01-13 13:19 . 2009-01-13 13:19 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-01-13 13:19 . 2009-01-04 18:38 38,496 --a------ c:\windows\SYSTEM32\DRIVERS\mbamswissarmy.sys
2009-01-13 13:19 . 2009-01-04 18:38 15,504 --a------ c:\windows\SYSTEM32\DRIVERS\mbam.sys
2009-01-13 12:12 . 2009-01-14 11:53 <DIR> d-------- c:\program files\Spyware Doctor
2009-01-13 12:12 . 2009-01-13 12:12 <DIR> d-------- c:\documents and settings\Gerda den Hollander\Application Data\PC Tools
2009-01-13 12:12 . 2009-01-14 16:14 <DIR> d-a------ c:\documents and settings\All Users\Application Data\TEMP
2009-01-13 12:12 . 2008-08-25 12:36 81,288 --a------ c:\windows\SYSTEM32\DRIVERS\iksyssec.sys
2009-01-13 12:12 . 2008-08-25 12:36 66,952 --a------ c:\windows\SYSTEM32\DRIVERS\iksysflt.sys
2009-01-13 12:12 . 2008-08-25 12:36 40,840 --a------ c:\windows\SYSTEM32\DRIVERS\ikfilesec.sys
2009-01-13 12:12 . 2008-06-02 16:19 29,576 --a------ c:\windows\SYSTEM32\DRIVERS\kcom.sys
2009-01-05 23:22 . 2009-01-08 21:42 <DIR> d-------- c:\program files\Fighters
2009-01-05 23:22 . 2009-01-05 23:22 <DIR> d-------- c:\documents and settings\All Users\Application Data\Fighters
2009-01-05 23:10 . 2009-01-05 23:10 <DIR> d-------- c:\program files\Trend Micro
2008-12-17 10:49 . 2008-12-17 10:48 410,984 --a------ c:\windows\SYSTEM32\deploytk.dll
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-14 15:14 --------- d-----w c:\program files\SPAMfighter
2009-01-13 23:21 --------- d-----w c:\program files\Google
2009-01-08 20:42 --------- d-----w c:\program files\Common Files\Symantec Shared
2009-01-05 22:15 12,288 ----a-w c:\program files\hijackthis logboek.txt
2008-12-17 09:48 --------- d-----w c:\program files\Java
2008-12-12 17:03 3,088,896 ------w c:\windows\SYSTEM32\DLLCACHE\mshtml.dll
2008-12-11 10:57 333,952 ----a-w c:\windows\system32\drivers\srv.sys
2008-12-11 10:57 333,952 ------w c:\windows\SYSTEM32\DLLCACHE\srv.sys
2008-12-09 20:28 --------- d-----w c:\program files\Ricochet
2008-12-01 11:40 --------- d-----w c:\documents and settings\Gerda den Hollander\Application Data\Apple Computer
2008-12-01 08:47 --------- d-----w c:\program files\iTunes
2008-12-01 08:47 --------- d-----w c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-12-01 08:46 --------- d-----w c:\program files\iPod
2008-12-01 08:46 --------- d-----w c:\program files\Common Files\Apple
2008-12-01 08:42 --------- d-----w c:\program files\QuickTime
2008-12-01 08:29 --------- d-----w c:\program files\Safari
2008-11-30 12:11 --------- d-----w c:\program files\Adobe Media Player
2008-11-30 12:10 --------- d-----w c:\program files\Common Files\Adobe AIR
2008-11-18 10:01 15,496 ----a-w c:\windows\system32\drivers\vffilter.sys
2008-11-16 12:20 --------- d-----w c:\documents and settings\Gerda den Hollander\Application Data\MSN6
2008-10-24 11:21 455,296 ------w c:\windows\SYSTEM32\DLLCACHE\mrxsmb.sys
2008-10-23 12:43 286,720 ----a-w c:\windows\SYSTEM32\gdi32.dll
2008-10-23 12:43 286,720 ------w c:\windows\SYSTEM32\DLLCACHE\gdi32.dll
2008-10-16 13:13 202,776 ----a-w c:\windows\SYSTEM32\wuweb.dll
2008-10-16 13:13 202,776 ----a-w c:\windows\SYSTEM32\DLLCACHE\wuweb.dll
2008-10-16 13:13 1,809,944 ----a-w c:\windows\SYSTEM32\wuaueng.dll
2008-10-16 13:13 1,809,944 ----a-w c:\windows\SYSTEM32\DLLCACHE\wuaueng.dll
2008-10-16 13:12 561,688 ----a-w c:\windows\SYSTEM32\wuapi.dll
2008-10-16 13:12 561,688 ----a-w c:\windows\SYSTEM32\DLLCACHE\wuapi.dll
2008-10-16 13:12 323,608 ----a-w c:\windows\SYSTEM32\wucltui.dll
2008-10-16 13:12 323,608 ----a-w c:\windows\SYSTEM32\DLLCACHE\wucltui.dll
2008-10-16 13:09 92,696 ----a-w c:\windows\SYSTEM32\DLLCACHE\cdm.dll
2008-10-16 13:09 92,696 ----a-w c:\windows\SYSTEM32\cdm.dll
2008-10-16 13:09 51,224 ----a-w c:\windows\SYSTEM32\wuauclt.exe
2008-10-16 13:09 51,224 ----a-w c:\windows\SYSTEM32\DLLCACHE\wuauclt.exe
2008-10-16 13:09 43,544 ----a-w c:\windows\SYSTEM32\wups2.dll
2008-10-16 13:08 34,328 ----a-w c:\windows\SYSTEM32\wups.dll
2008-10-16 13:08 34,328 ----a-w c:\windows\SYSTEM32\DLLCACHE\wups.dll
2008-10-16 13:06 268,648 ----a-w c:\windows\SYSTEM32\mucltui.dll
2008-10-16 13:06 208,744 ----a-w c:\windows\SYSTEM32\muweb.dll
2008-10-16 01:02 669,184 ----a-w c:\windows\SYSTEM32\wininet.dll
2008-10-16 01:02 669,184 ------w c:\windows\SYSTEM32\DLLCACHE\wininet.dll
2008-10-16 01:02 620,032 ------w c:\windows\SYSTEM32\DLLCACHE\urlmon.dll
2008-10-16 01:02 1,499,136 ------w c:\windows\SYSTEM32\DLLCACHE\shdocvw.dll
2008-10-15 16:37 337,408 ------w c:\windows\SYSTEM32\DLLCACHE\netapi32.dll
2008-04-17 19:54 32,768 ----a-w c:\documents and settings\Gerda den Hollander\WebVpnRegKey6-pintix-rnw-nl.dll
2005-09-25 15:16 0 ---ha-w c:\documents and settings\Gerda den Hollander\Application Data\hpothb07.dat
.
((((((((((((((((((((((((((((( snapshot@2009-01-13_23.50.50,90 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-12-10 20:37:06 12,288 ----a-r c:\windows\Installer\{91130413-6000-11D3-8CFE-0150048383C9}\cagicon.exe
+ 2009-01-14 12:01:20 12,288 ----a-r c:\windows\Installer\{91130413-6000-11D3-8CFE-0150048383C9}\cagicon.exe
- 2008-12-10 20:37:06 135,168 ----a-r c:\windows\Installer\{91130413-6000-11D3-8CFE-0150048383C9}\misc.exe
+ 2009-01-14 12:01:20 135,168 ----a-r c:\windows\Installer\{91130413-6000-11D3-8CFE-0150048383C9}\misc.exe
- 2008-12-10 20:37:06 11,264 ----a-r c:\windows\Installer\{91130413-6000-11D3-8CFE-0150048383C9}\mspicons.exe
+ 2009-01-14 12:01:21 11,264 ----a-r c:\windows\Installer\{91130413-6000-11D3-8CFE-0150048383C9}\mspicons.exe
- 2008-12-10 20:37:06 27,136 ----a-r c:\windows\Installer\{91130413-6000-11D3-8CFE-0150048383C9}\oisicon.exe
+ 2009-01-14 12:01:21 27,136 ----a-r c:\windows\Installer\{91130413-6000-11D3-8CFE-0150048383C9}\oisicon.exe
- 2008-12-10 20:37:06 4,096 ----a-r c:\windows\Installer\{91130413-6000-11D3-8CFE-0150048383C9}\opwicon.exe
+ 2009-01-14 12:01:22 4,096 ----a-r c:\windows\Installer\{91130413-6000-11D3-8CFE-0150048383C9}\opwicon.exe
- 2008-12-10 20:37:06 794,624 ----a-r c:\windows\Installer\{91130413-6000-11D3-8CFE-0150048383C9}\outicon.exe
+ 2009-01-14 12:01:22 794,624 ----a-r c:\windows\Installer\{91130413-6000-11D3-8CFE-0150048383C9}\outicon.exe
- 2008-12-10 20:37:06 23,040 ----a-r c:\windows\Installer\{91130413-6000-11D3-8CFE-0150048383C9}\unbndico.exe
+ 2009-01-14 12:01:23 23,040 ----a-r c:\windows\Installer\{91130413-6000-11D3-8CFE-0150048383C9}\unbndico.exe
- 2008-12-10 20:37:06 286,720 ----a-r c:\windows\Installer\{91130413-6000-11D3-8CFE-0150048383C9}\wordicon.exe
+ 2009-01-14 12:01:19 286,720 ----a-r c:\windows\Installer\{91130413-6000-11D3-8CFE-0150048383C9}\wordicon.exe
- 2008-12-10 20:37:06 409,600 ----a-r c:\windows\Installer\{91130413-6000-11D3-8CFE-0150048383C9}\xlicons.exe
+ 2009-01-14 12:01:19 409,600 ----a-r c:\windows\Installer\{91130413-6000-11D3-8CFE-0150048383C9}\xlicons.exe
- 2008-12-09 23:24:37 17,593,280 ----a-w c:\windows\SYSTEM32\MRT.exe
+ 2009-01-10 01:35:28 20,853,704 ----a-w c:\windows\SYSTEM32\MRT.exe
+ 2009-01-14 13:33:28 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_71c.dat
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"TomTomHOME.exe"="c:\program files\TomTom HOME 2\HOMERunner.exe" [2008-11-25 234856]
"MsnMsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2003-08-24 335872]
"diagent"="c:\program files\Creative\SBLive\Diagnostics\diagent.exe" [2002-04-03 135264]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2003-08-06 114741]
"StorageGuard"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-02-13 155648]
"PCMService"="c:\program files\Dell\Media Experience\PCMService.exe" [2003-08-26 204800]
"DVDSentry"="c:\windows\System32\DSentry.exe" [2003-08-13 28672]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-17 136600]
"McAfeeUpdaterUI"="c:\program files\McAfee\Common Framework\UdaterUI.exe" [2006-12-19 136768]
"ShStatEXE"="c:\program files\McAfee\VirusScan Enterprise\SHSTAT.EXE" [2007-02-22 112216]
"SPAMfighter Agent"="c:\program files\SPAMfighter\SFAgent.exe" [2008-07-29 321672]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-11-07 111936]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-11-04 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"spywarefighterguard"="c:\program files\Fighters\spywarefighter\SpywarefighterUser.exe" [2008-11-18 180872]
"ISTray"="c:\program files\Spyware Doctor\pctsTray.exe" [2008-08-25 1168264]
"ATIModeChange"="Ati2mdxx.exe" [2001-09-04 c:\windows\SYSTEM32\Ati2mdxx.exe]
"PD0630 STISvc"="P0630Pin.dll" [2005-06-05 c:\windows\SYSTEM32\P0630Pin.dll]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2008-04-14 c:\windows\SYSTEM32\narrator.exe]
c:\documents and settings\Gerda den Hollander\Menu Start\Programma's\Opstarten\
Mediacontrole Cyber-shot Viewer.lnk - c:\program files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe [2007-08-11 155648]
c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\
hpoddt01.exe.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [2004-06-16 28672]
officejet 6100.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hposol08.exe [2004-06-16 147456]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.ctmp3"= c:\windows\System32\ctmp3.acm
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\SightSpeed\\SightSpeed.exe"=
"c:\\Program Files\\McAfee\\Common Framework\\FrameworkService.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
R3 Vfscan;Vfscan;c:\windows\SYSTEM32\DRIVERS\vffilter.sys [2008-11-18 15496]
R3 wlags51b;Agere Wireless USB Driver;c:\windows\SYSTEM32\DRIVERS\WLAGS51B.sys [2004-11-07 178688]
R4 PTK License-FIGHTERS-297811811;PTK License-FIGHTERS-297811811;c:\program files\Fighters\LicenseService.exe [2008-11-18 283272]
R4 PTK Live Update-FIGHTERS-297811811;PTK Live Update-FIGHTERS-297811811;c:\program files\Fighters\UpdateService.exe [2008-11-18 307848]
R4 PTK Scanner-FIGHTERS-297811811;PTK Scanner-FIGHTERS-297811811;c:\program files\Fighters\ScannerService.exe [2008-11-18 311944]
R4 PTK SharedAccess-FIGHTERS-297811811;PTK SharedAccess-FIGHTERS-297811811;c:\program files\Fighters\ConfigService.exe [2008-11-18 139912]
R4 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [2009-01-13 356920]
R4 SPAMfighter Update Service;SPAMfighter Update Service;c:\program files\SPAMfighter\sfus.exe [2008-07-29 184968]
S3 getPlus® Helper;getPlus® Helper;c:\program files\NOS\bin\getPlus_HelperSvc.exe [2008-09-30 33752]
S3 P0630VID;Creative WebCam Live!;c:\windows\SYSTEM32\DRIVERS\P0630Vid.sys [2007-01-23 91841]
--- Andere Services/Drivers In Geheugen ---
*Deregistered* - mchInjDrv
.
Inhoud van de 'Gedeelde Taken' map
2009-01-10 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
2009-01-14 c:\windows\Tasks\Controleren op updates voor Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 11:20]
2005-09-16 c:\windows\Tasks\FRU Task #Hewlett-Packard#hp officejet 6100 series#1106417417.job
- c:\program files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe [2004-06-16 18:06]
2009-01-14 c:\windows\Tasks\Schijfopruiming.job
- c:\windows\SYSTEM32\cleanmgr.exe [2008-04-14 18:02]
.
.
------- Bijkomende Scan -------
.
uStart Page = hxxp://www.omroep.nl/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mStart Page = hxxp://www.euro.dell.com/
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm
IE: Add to Windows &Live Favorites - Add to Windows Live Favorites
IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
c:\windows\Downloaded Program Files\InstallerControl.dll - O16 -: CabBuilder
hxxp://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
c:\windows\Downloaded Program Files\OSDED4D.OSD
c:\windows\Downloaded Program Files\AddrBookATL.dll - O16 -: {426784E5-24B2-4708-820D-117342FAD009}
hxxp://hyves.nl/cab/outlookaddressbook.cab
c:\windows\Downloaded Program Files\imglib.dll - c:\windows\Downloaded Program Files\screenshot.ocx
O16 -: {558714D6-8AC5-11D2-BCB7-00A024A866A5}
hxxp://www.ob.gouda.nl/Components/screenshot.cab
c:\windows\Downloaded Program Files\screenshot.inf
O16 -: {745395C8-D0E1-4227-8586-624CA9A10A8D} - hxxp://internethuis.rnw.nl/activex/AMC.cab
c:\windows\Downloaded Program Files\setup.inf
FF - ProfilePath - c:\documents and settings\Gerda den Hollander\Application Data\Mozilla\Firefox\Profiles\kzg9xpfx.default\
FF - plugin: c:\documents and settings\All Users\Application Data\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-14 16:36:09
Windows 5.1.2600 Service Pack 3 NTFS
detected NTDLL code modification:
ZwClose
scannen van verborgen processen ...
scannen van verborgen autostart items ...
scannen van verborgen bestanden ...
c:\windows\system32\e6e943de6d2e2d8c33d5130c1ccdd3ac.sys 39936 bytes executable
c:\windows\system32\_e6e943de6d2e2d8c33d5130c1ccdd3ac.sys_.vir 39936 bytes executable
Scan succesvol afgerond
verborgen bestanden: 2
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\e6e943de6d2e2d8c33d5130c1ccdd3ac]
"ImagePath"="system32\e6e943de6d2e2d8c33d5130c1ccdd3ac.sys"
.
--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|ù•9~*]
"3140311900063D11C8EF10054038389C"="C?\\WINDOWS\\System32\\FM20ENU.DLL"
.
--------------------- DLLs Geladen Onder Lopende Processen ---------------------
- - - - - - - > 'explorer.exe'(236)
c:\program files\SPAMfighter\Clients\Outlook Express\SFOE0001.dll
c:\progra~1\WINDOW~2\wmpband.dll
.
Voltooingstijd: 2009-01-14 16:42:18
ComboFix-quarantined-files.txt 2009-01-14 15:42:10
ComboFix2.txt 2009-01-14 11:09:13
ComboFix3.txt 2009-01-13 23:12:12
ComboFix4.txt 2009-01-13 22:53:08
Pre-Run: 88.231.084.032 bytes beschikbaar
Post-Run: 88,210,739,200 bytes beschikbaar
233 --- E O F --- 2009-01-14 12:01:28
-
er gaat van alles mis nu, nadat ik combo fix (zie boven) en CCleaner had gedaan. krijg steeds stopfout windows, wordt eruit gegooid kan amper opstarten.
krijg steeds meldingen van virusscanner bij start.
Kortom, komt dit ooit nog goed
-
Zo daar ben ik weer met een nieuwe combofix.txt. (overigens kreeg in na het herstarten drie waarschuwingen van de virusscan, herstel inmiddels vier, 1 van een verwijderd Paard van Troje en drie van bufferoverloop- en microsoft outlook start erg traag op).
En zodra ik dit verzonden heb ik ga met CCleaner aan de slag
ComboFix 09-01-13.04 - Gerda den Hollander 2009-01-14 11:59:58.3 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.31.1043.18.511.104 [GMT 1:00]
Gestart vanuit: c:\documents and settings\Gerda den Hollander\Bureaublad\ComboFix.exe
gebruikte Opdracht switches :: c:\documents and settings\Gerda den Hollander\Bureaublad\CFScript.txt
AV: McAfee VirusScan Enterprise *On-access scanning disabled* (Outdated)
* Nieuw herstelpunt werd aangemaakt
* Resident AV is active
FILE ::
C:\HijackThis.exe
c:\program files\HijackThis.zip
.
(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\HijackThis.exe
c:\program files\HijackThis.zip
.
(((((((((((((((((((( Bestanden Gemaakt van 2008-12-14 to 2009-01-14 ))))))))))))))))))))))))))))))
.
2009-01-13 13:20 . 2009-01-13 13:20 <DIR> d-------- c:\documents and settings\Gerda den Hollander\Application Data\Malwarebytes
2009-01-13 13:19 . 2009-01-13 13:20 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-01-13 13:19 . 2009-01-13 13:19 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-01-13 13:19 . 2009-01-04 18:38 38,496 --a------ c:\windows\SYSTEM32\DRIVERS\mbamswissarmy.sys
2009-01-13 13:19 . 2009-01-04 18:38 15,504 --a------ c:\windows\SYSTEM32\DRIVERS\mbam.sys
2009-01-13 12:12 . 2009-01-14 11:53 <DIR> d-------- c:\program files\Spyware Doctor
2009-01-13 12:12 . 2009-01-13 12:12 <DIR> d-------- c:\documents and settings\Gerda den Hollander\Application Data\PC Tools
2009-01-13 12:12 . 2009-01-14 11:49 <DIR> d-a------ c:\documents and settings\All Users\Application Data\TEMP
2009-01-13 12:12 . 2008-08-25 12:36 81,288 --a------ c:\windows\SYSTEM32\DRIVERS\iksyssec.sys
2009-01-13 12:12 . 2008-08-25 12:36 66,952 --a------ c:\windows\SYSTEM32\DRIVERS\iksysflt.sys
2009-01-13 12:12 . 2008-08-25 12:36 40,840 --a------ c:\windows\SYSTEM32\DRIVERS\ikfilesec.sys
2009-01-13 12:12 . 2008-06-02 16:19 29,576 --a------ c:\windows\SYSTEM32\DRIVERS\kcom.sys
2009-01-05 23:22 . 2009-01-08 21:42 <DIR> d-------- c:\program files\Fighters
2009-01-05 23:22 . 2009-01-05 23:22 <DIR> d-------- c:\documents and settings\All Users\Application Data\Fighters
2009-01-05 23:10 . 2009-01-05 23:10 <DIR> d-------- c:\program files\Trend Micro
2008-12-17 10:49 . 2008-12-17 10:48 410,984 --a------ c:\windows\SYSTEM32\deploytk.dll
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-14 10:35 --------- d-----w c:\program files\SPAMfighter
2009-01-13 23:21 --------- d-----w c:\program files\Google
2009-01-08 20:42 --------- d-----w c:\program files\Common Files\Symantec Shared
2009-01-05 22:15 12,288 ----a-w c:\program files\hijackthis logboek.txt
2008-12-17 09:48 --------- d-----w c:\program files\Java
2008-12-12 17:03 3,088,896 ------w c:\windows\SYSTEM32\DLLCACHE\mshtml.dll
2008-12-09 20:28 --------- d-----w c:\program files\Ricochet
2008-12-01 11:40 --------- d-----w c:\documents and settings\Gerda den Hollander\Application Data\Apple Computer
2008-12-01 08:47 --------- d-----w c:\program files\iTunes
2008-12-01 08:47 --------- d-----w c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-12-01 08:46 --------- d-----w c:\program files\iPod
2008-12-01 08:46 --------- d-----w c:\program files\Common Files\Apple
2008-12-01 08:42 --------- d-----w c:\program files\QuickTime
2008-12-01 08:29 --------- d-----w c:\program files\Safari
2008-11-30 12:11 --------- d-----w c:\program files\Adobe Media Player
2008-11-30 12:10 --------- d-----w c:\program files\Common Files\Adobe AIR
2008-11-18 10:01 15,496 ----a-w c:\windows\system32\drivers\vffilter.sys
2008-11-16 12:20 --------- d-----w c:\documents and settings\Gerda den Hollander\Application Data\MSN6
2008-10-24 11:21 455,296 ------w c:\windows\SYSTEM32\DLLCACHE\mrxsmb.sys
2008-10-23 12:43 286,720 ----a-w c:\windows\SYSTEM32\gdi32.dll
2008-10-23 12:43 286,720 ------w c:\windows\SYSTEM32\DLLCACHE\gdi32.dll
2008-10-16 13:13 202,776 ----a-w c:\windows\SYSTEM32\wuweb.dll
2008-10-16 13:13 202,776 ----a-w c:\windows\SYSTEM32\DLLCACHE\wuweb.dll
2008-10-16 13:13 1,809,944 ----a-w c:\windows\SYSTEM32\wuaueng.dll
2008-10-16 13:13 1,809,944 ----a-w c:\windows\SYSTEM32\DLLCACHE\wuaueng.dll
2008-10-16 13:12 561,688 ----a-w c:\windows\SYSTEM32\wuapi.dll
2008-10-16 13:12 561,688 ----a-w c:\windows\SYSTEM32\DLLCACHE\wuapi.dll
2008-10-16 13:12 323,608 ----a-w c:\windows\SYSTEM32\wucltui.dll
2008-10-16 13:12 323,608 ----a-w c:\windows\SYSTEM32\DLLCACHE\wucltui.dll
2008-10-16 13:09 92,696 ----a-w c:\windows\SYSTEM32\DLLCACHE\cdm.dll
2008-10-16 13:09 92,696 ----a-w c:\windows\SYSTEM32\cdm.dll
2008-10-16 13:09 51,224 ----a-w c:\windows\SYSTEM32\wuauclt.exe
2008-10-16 13:09 51,224 ----a-w c:\windows\SYSTEM32\DLLCACHE\wuauclt.exe
2008-10-16 13:09 43,544 ----a-w c:\windows\SYSTEM32\wups2.dll
2008-10-16 13:08 34,328 ----a-w c:\windows\SYSTEM32\wups.dll
2008-10-16 13:08 34,328 ----a-w c:\windows\SYSTEM32\DLLCACHE\wups.dll
2008-10-16 13:06 268,648 ----a-w c:\windows\SYSTEM32\mucltui.dll
2008-10-16 13:06 208,744 ----a-w c:\windows\SYSTEM32\muweb.dll
2008-10-16 01:02 669,184 ----a-w c:\windows\SYSTEM32\wininet.dll
2008-10-16 01:02 669,184 ------w c:\windows\SYSTEM32\DLLCACHE\wininet.dll
2008-10-16 01:02 620,032 ------w c:\windows\SYSTEM32\DLLCACHE\urlmon.dll
2008-10-16 01:02 1,499,136 ------w c:\windows\SYSTEM32\DLLCACHE\shdocvw.dll
2008-10-15 16:37 337,408 ------w c:\windows\SYSTEM32\DLLCACHE\netapi32.dll
2008-04-17 19:54 32,768 ----a-w c:\documents and settings\Gerda den Hollander\WebVpnRegKey6-pintix-rnw-nl.dll
2005-09-25 15:16 0 ---ha-w c:\documents and settings\Gerda den Hollander\Application Data\hpothb07.dat
.
((((((((((((((((((((((((((((( snapshot@2009-01-13_23.50.50,90 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-01-14 10:29:14 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_71c.dat
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"TomTomHOME.exe"="c:\program files\TomTom HOME 2\HOMERunner.exe" [2008-11-25 234856]
"MsnMsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2003-08-24 335872]
"diagent"="c:\program files\Creative\SBLive\Diagnostics\diagent.exe" [2002-04-03 135264]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2003-08-06 114741]
"StorageGuard"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-02-13 155648]
"PCMService"="c:\program files\Dell\Media Experience\PCMService.exe" [2003-08-26 204800]
"DVDSentry"="c:\windows\System32\DSentry.exe" [2003-08-13 28672]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-17 136600]
"McAfeeUpdaterUI"="c:\program files\McAfee\Common Framework\UdaterUI.exe" [2006-12-19 136768]
"ShStatEXE"="c:\program files\McAfee\VirusScan Enterprise\SHSTAT.EXE" [2007-02-22 112216]
"SPAMfighter Agent"="c:\program files\SPAMfighter\SFAgent.exe" [2008-07-29 321672]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-11-07 111936]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-11-04 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"spywarefighterguard"="c:\program files\Fighters\spywarefighter\SpywarefighterUser.exe" [2008-11-18 180872]
"ISTray"="c:\program files\Spyware Doctor\pctsTray.exe" [2008-08-25 1168264]
"ATIModeChange"="Ati2mdxx.exe" [2001-09-04 c:\windows\SYSTEM32\Ati2mdxx.exe]
"PD0630 STISvc"="P0630Pin.dll" [2005-06-05 c:\windows\SYSTEM32\P0630Pin.dll]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2008-04-14 c:\windows\SYSTEM32\narrator.exe]
c:\documents and settings\Gerda den Hollander\Menu Start\Programma's\Opstarten\
Mediacontrole Cyber-shot Viewer.lnk - c:\program files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe [2007-08-11 155648]
c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\
hpoddt01.exe.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [2004-06-16 28672]
officejet 6100.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hposol08.exe [2004-06-16 147456]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.ctmp3"= c:\windows\System32\ctmp3.acm
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\SightSpeed\\SightSpeed.exe"=
"c:\\Program Files\\McAfee\\Common Framework\\FrameworkService.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
R3 Vfscan;Vfscan;c:\windows\SYSTEM32\DRIVERS\vffilter.sys [2008-11-18 15496]
R3 wlags51b;Agere Wireless USB Driver;c:\windows\SYSTEM32\DRIVERS\WLAGS51B.sys [2004-11-07 178688]
R4 PTK License-FIGHTERS-297811811;PTK License-FIGHTERS-297811811;c:\program files\Fighters\LicenseService.exe [2008-11-18 283272]
R4 PTK Live Update-FIGHTERS-297811811;PTK Live Update-FIGHTERS-297811811;c:\program files\Fighters\UpdateService.exe [2008-11-18 307848]
R4 PTK Scanner-FIGHTERS-297811811;PTK Scanner-FIGHTERS-297811811;c:\program files\Fighters\ScannerService.exe [2008-11-18 311944]
R4 PTK SharedAccess-FIGHTERS-297811811;PTK SharedAccess-FIGHTERS-297811811;c:\program files\Fighters\ConfigService.exe [2008-11-18 139912]
R4 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [2009-01-13 356920]
R4 SPAMfighter Update Service;SPAMfighter Update Service;c:\program files\SPAMfighter\sfus.exe [2008-07-29 184968]
S3 getPlus® Helper;getPlus® Helper;c:\program files\NOS\bin\getPlus_HelperSvc.exe [2008-09-30 33752]
S3 P0630VID;Creative WebCam Live!;c:\windows\SYSTEM32\DRIVERS\P0630Vid.sys [2007-01-23 91841]
--- Andere Services/Drivers In Geheugen ---
*Deregistered* - mchInjDrv
.
Inhoud van de 'Gedeelde Taken' map
2009-01-10 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
2009-01-13 c:\windows\Tasks\Controleren op updates voor Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 11:20]
2005-09-16 c:\windows\Tasks\FRU Task #Hewlett-Packard#hp officejet 6100 series#1106417417.job
- c:\program files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe [2004-06-16 18:06]
2009-01-14 c:\windows\Tasks\Schijfopruiming.job
- c:\windows\SYSTEM32\cleanmgr.exe [2008-04-14 18:02]
.
- - - - ORPHANS VERWIJDERD - - - -
HKCU-Run-swg - c:\program files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
.
------- Bijkomende Scan -------
.
uStart Page = hxxp://www.omroep.nl/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mStart Page = hxxp://www.euro.dell.com/
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm
IE: Add to Windows &Live Favorites - Add to Windows Live Favorites
IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
c:\windows\Downloaded Program Files\InstallerControl.dll - O16 -: CabBuilder
hxxp://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
c:\windows\Downloaded Program Files\OSDED4D.OSD
c:\windows\Downloaded Program Files\AddrBookATL.dll - O16 -: {426784E5-24B2-4708-820D-117342FAD009}
hxxp://hyves.nl/cab/outlookaddressbook.cab
c:\windows\Downloaded Program Files\imglib.dll - c:\windows\Downloaded Program Files\screenshot.ocx
O16 -: {558714D6-8AC5-11D2-BCB7-00A024A866A5}
hxxp://www.ob.gouda.nl/Components/screenshot.cab
c:\windows\Downloaded Program Files\screenshot.inf
O16 -: {745395C8-D0E1-4227-8586-624CA9A10A8D} - hxxp://internethuis.rnw.nl/activex/AMC.cab
c:\windows\Downloaded Program Files\setup.inf
FF - ProfilePath - c:\documents and settings\Gerda den Hollander\Application Data\Mozilla\Firefox\Profiles\kzg9xpfx.default\
FF - plugin: c:\documents and settings\All Users\Application Data\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-14 12:05:51
Windows 5.1.2600 Service Pack 3 NTFS
detected NTDLL code modification:
ZwClose
scannen van verborgen processen ...
scannen van verborgen autostart items ...
scannen van verborgen bestanden ...
c:\windows\system32\e6e943de6d2e2d8c33d5130c1ccdd3ac.sys 39936 bytes executable
c:\windows\system32\_e6e943de6d2e2d8c33d5130c1ccdd3ac.sys_.vir 39936 bytes executable
Scan succesvol afgerond
verborgen bestanden: 2
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\e6e943de6d2e2d8c33d5130c1ccdd3ac]
"ImagePath"="system32\e6e943de6d2e2d8c33d5130c1ccdd3ac.sys"
.
--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|ù•9~*]
"3140311900063D11C8EF10054038389C"="C?\\WINDOWS\\System32\\FM20ENU.DLL"
.
Voltooingstijd: 2009-01-14 12:09:09
ComboFix-quarantined-files.txt 2009-01-14 11:09:03
ComboFix2.txt 2009-01-13 23:12:12
ComboFix3.txt 2009-01-13 22:53:08
Pre-Run: 88.003.657.728 bytes beschikbaar
Post-Run: 87,986,098,176 bytes beschikbaar
215 --- E O F --- 2008-12-18 14:18:28
-
Goed, comboFix ook uitgevoerd, en hier is de log. Het CCLeaner verhaal zal ik morgen uitvoeren, tenzij ik andere instructies krijg. Ik ben erg blij met je hulp & ongetwijfeld tot later.
ComboFix 09-01-13.03 - Gerda den Hollander 2009-01-13 23:59:26.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.31.1043.18.511.148 [GMT 1:00]
Gestart vanuit: c:\documents and settings\Gerda den Hollander\Bureaublad\ComboFix.exe
AV: McAfee VirusScan Enterprise *On-access scanning disabled* (Outdated)
* Resident AV is active
.
(((((((((((((((((((( Bestanden Gemaakt van 2008-12-13 to 2009-01-13 ))))))))))))))))))))))))))))))
.
2009-01-13 22:10 . 2009-01-13 22:10 <DIR> d-------- c:\program files\Peer2Peer-NE
2009-01-13 22:10 . 2009-01-13 22:10 <DIR> d-------- c:\program files\Conduit
2009-01-13 13:20 . 2009-01-13 13:20 <DIR> d-------- c:\documents and settings\Gerda den Hollander\Application Data\Malwarebytes
2009-01-13 13:19 . 2009-01-13 13:20 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-01-13 13:19 . 2009-01-13 13:19 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-01-13 13:19 . 2009-01-04 18:38 38,496 --a------ c:\windows\SYSTEM32\DRIVERS\mbamswissarmy.sys
2009-01-13 13:19 . 2009-01-04 18:38 15,504 --a------ c:\windows\SYSTEM32\DRIVERS\mbam.sys
2009-01-13 12:25 . 2009-01-13 12:25 314,054 --a------ c:\program files\HijackThis.zip
2009-01-13 12:12 . 2009-01-13 12:14 <DIR> d-------- c:\program files\Spyware Doctor
2009-01-13 12:12 . 2009-01-13 12:12 <DIR> d-------- c:\documents and settings\Gerda den Hollander\Application Data\PC Tools
2009-01-13 12:12 . 2009-01-13 22:06 <DIR> d-a------ c:\documents and settings\All Users\Application Data\TEMP
2009-01-13 12:12 . 2008-08-25 12:36 81,288 --a------ c:\windows\SYSTEM32\DRIVERS\iksyssec.sys
2009-01-13 12:12 . 2008-08-25 12:36 66,952 --a------ c:\windows\SYSTEM32\DRIVERS\iksysflt.sys
2009-01-13 12:12 . 2008-08-25 12:36 40,840 --a------ c:\windows\SYSTEM32\DRIVERS\ikfilesec.sys
2009-01-13 12:12 . 2008-06-02 16:19 29,576 --a------ c:\windows\SYSTEM32\DRIVERS\kcom.sys
2009-01-13 12:08 . 2009-01-13 12:08 396,288 --a------ C:\HijackThis.exe
2009-01-05 23:22 . 2009-01-08 21:42 <DIR> d-------- c:\program files\Fighters
2009-01-05 23:22 . 2009-01-05 23:22 <DIR> d-------- c:\documents and settings\All Users\Application Data\Fighters
2009-01-05 23:10 . 2009-01-05 23:10 <DIR> d-------- c:\program files\Trend Micro
2008-12-17 10:49 . 2008-12-17 10:48 410,984 --a------ c:\windows\SYSTEM32\deploytk.dll
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-13 20:25 --------- d-----w c:\program files\SPAMfighter
2009-01-08 20:42 --------- d-----w c:\program files\Common Files\Symantec Shared
2009-01-05 22:15 12,288 ----a-w c:\program files\hijackthis logboek.txt
2008-12-17 09:48 --------- d-----w c:\program files\Java
2008-12-12 17:03 3,088,896 ------w c:\windows\SYSTEM32\DLLCACHE\mshtml.dll
2008-12-09 20:28 --------- d-----w c:\program files\Ricochet
2008-12-01 11:40 --------- d-----w c:\documents and settings\Gerda den Hollander\Application Data\Apple Computer
2008-12-01 08:47 --------- d-----w c:\program files\iTunes
2008-12-01 08:47 --------- d-----w c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-12-01 08:46 --------- d-----w c:\program files\iPod
2008-12-01 08:46 --------- d-----w c:\program files\Common Files\Apple
2008-12-01 08:42 --------- d-----w c:\program files\QuickTime
2008-12-01 08:29 --------- d-----w c:\program files\Safari
2008-11-30 12:11 --------- d-----w c:\program files\Adobe Media Player
2008-11-30 12:10 --------- d-----w c:\program files\Common Files\Adobe AIR
2008-11-18 10:01 15,496 ----a-w c:\windows\system32\drivers\vffilter.sys
2008-11-16 12:20 --------- d-----w c:\documents and settings\Gerda den Hollander\Application Data\MSN6
2008-10-24 11:21 455,296 ------w c:\windows\SYSTEM32\DLLCACHE\mrxsmb.sys
2008-10-23 12:43 286,720 ----a-w c:\windows\SYSTEM32\gdi32.dll
2008-10-23 12:43 286,720 ------w c:\windows\SYSTEM32\DLLCACHE\gdi32.dll
2008-10-16 13:13 202,776 ----a-w c:\windows\SYSTEM32\wuweb.dll
2008-10-16 13:13 202,776 ----a-w c:\windows\SYSTEM32\DLLCACHE\wuweb.dll
2008-10-16 13:13 1,809,944 ----a-w c:\windows\SYSTEM32\wuaueng.dll
2008-10-16 13:13 1,809,944 ----a-w c:\windows\SYSTEM32\DLLCACHE\wuaueng.dll
2008-10-16 13:12 561,688 ----a-w c:\windows\SYSTEM32\wuapi.dll
2008-10-16 13:12 561,688 ----a-w c:\windows\SYSTEM32\DLLCACHE\wuapi.dll
2008-10-16 13:12 323,608 ----a-w c:\windows\SYSTEM32\wucltui.dll
2008-10-16 13:12 323,608 ----a-w c:\windows\SYSTEM32\DLLCACHE\wucltui.dll
2008-10-16 13:09 92,696 ----a-w c:\windows\SYSTEM32\DLLCACHE\cdm.dll
2008-10-16 13:09 92,696 ----a-w c:\windows\SYSTEM32\cdm.dll
2008-10-16 13:09 51,224 ----a-w c:\windows\SYSTEM32\wuauclt.exe
2008-10-16 13:09 51,224 ----a-w c:\windows\SYSTEM32\DLLCACHE\wuauclt.exe
2008-10-16 13:09 43,544 ----a-w c:\windows\SYSTEM32\wups2.dll
2008-10-16 13:08 34,328 ----a-w c:\windows\SYSTEM32\wups.dll
2008-10-16 13:08 34,328 ----a-w c:\windows\SYSTEM32\DLLCACHE\wups.dll
2008-10-16 13:06 268,648 ----a-w c:\windows\SYSTEM32\mucltui.dll
2008-10-16 13:06 208,744 ----a-w c:\windows\SYSTEM32\muweb.dll
2008-10-16 01:02 669,184 ----a-w c:\windows\SYSTEM32\wininet.dll
2008-10-16 01:02 669,184 ------w c:\windows\SYSTEM32\DLLCACHE\wininet.dll
2008-10-16 01:02 620,032 ------w c:\windows\SYSTEM32\DLLCACHE\urlmon.dll
2008-10-16 01:02 1,499,136 ------w c:\windows\SYSTEM32\DLLCACHE\shdocvw.dll
2008-10-15 16:37 337,408 ------w c:\windows\SYSTEM32\DLLCACHE\netapi32.dll
2008-04-17 19:54 32,768 ----a-w c:\documents and settings\Gerda den Hollander\WebVpnRegKey6-pintix-rnw-nl.dll
2005-09-25 15:16 0 ---ha-w c:\documents and settings\Gerda den Hollander\Application Data\hpothb07.dat
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{c0d70ed8-d984-40c3-9666-8939ce76ea13}"= "c:\program files\Peer2Peer-NE\tbPeer.dll" [2008-09-15 1784856]
[HKEY_CLASSES_ROOT\clsid\{c0d70ed8-d984-40c3-9666-8939ce76ea13}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{c0d70ed8-d984-40c3-9666-8939ce76ea13}]
2008-09-15 06:47 1784856 --a------ c:\program files\Peer2Peer-NE\tbPeer.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{c0d70ed8-d984-40c3-9666-8939ce76ea13}"= "c:\program files\Peer2Peer-NE\tbPeer.dll" [2008-09-15 1784856]
[HKEY_CLASSES_ROOT\clsid\{c0d70ed8-d984-40c3-9666-8939ce76ea13}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"TomTomHOME.exe"="c:\program files\TomTom HOME 2\HOMERunner.exe" [2008-11-25 234856]
"MsnMsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184]
"swg"="c:\program files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2008-09-05 171448]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2003-08-24 335872]
"diagent"="c:\program files\Creative\SBLive\Diagnostics\diagent.exe" [2002-04-03 135264]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2003-08-06 114741]
"StorageGuard"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-02-13 155648]
"PCMService"="c:\program files\Dell\Media Experience\PCMService.exe" [2003-08-26 204800]
"DVDSentry"="c:\windows\System32\DSentry.exe" [2003-08-13 28672]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-17 136600]
"McAfeeUpdaterUI"="c:\program files\McAfee\Common Framework\UdaterUI.exe" [2006-12-19 136768]
"ShStatEXE"="c:\program files\McAfee\VirusScan Enterprise\SHSTAT.EXE" [2007-02-22 112216]
"SPAMfighter Agent"="c:\program files\SPAMfighter\SFAgent.exe" [2008-07-29 321672]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-11-07 111936]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-11-04 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"spywarefighterguard"="c:\program files\Fighters\spywarefighter\SpywarefighterUser.exe" [2008-11-18 180872]
"ISTray"="c:\program files\Spyware Doctor\pctsTray.exe" [2008-08-25 1168264]
"ATIModeChange"="Ati2mdxx.exe" [2001-09-04 c:\windows\SYSTEM32\Ati2mdxx.exe]
"PD0630 STISvc"="P0630Pin.dll" [2005-06-05 c:\windows\SYSTEM32\P0630Pin.dll]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2008-04-14 c:\windows\SYSTEM32\narrator.exe]
c:\documents and settings\Gerda den Hollander\Menu Start\Programma's\Opstarten\
Mediacontrole Cyber-shot Viewer.lnk - c:\program files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe [2007-08-11 155648]
c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\
hpoddt01.exe.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [2004-06-16 28672]
officejet 6100.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hposol08.exe [2004-06-16 147456]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.ctmp3"= c:\windows\System32\ctmp3.acm
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\SightSpeed\\SightSpeed.exe"=
"c:\\Program Files\\McAfee\\Common Framework\\FrameworkService.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
R3 Vfscan;Vfscan;c:\windows\SYSTEM32\DRIVERS\vffilter.sys [2008-11-18 15496]
R3 wlags51b;Agere Wireless USB Driver;c:\windows\SYSTEM32\DRIVERS\WLAGS51B.sys [2004-11-07 178688]
R4 PTK License-FIGHTERS-297811811;PTK License-FIGHTERS-297811811;c:\program files\Fighters\LicenseService.exe [2008-11-18 283272]
R4 PTK Live Update-FIGHTERS-297811811;PTK Live Update-FIGHTERS-297811811;c:\program files\Fighters\UpdateService.exe [2008-11-18 307848]
R4 PTK Scanner-FIGHTERS-297811811;PTK Scanner-FIGHTERS-297811811;c:\program files\Fighters\ScannerService.exe [2008-11-18 311944]
R4 PTK SharedAccess-FIGHTERS-297811811;PTK SharedAccess-FIGHTERS-297811811;c:\program files\Fighters\ConfigService.exe [2008-11-18 139912]
R4 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [2009-01-13 356920]
R4 SPAMfighter Update Service;SPAMfighter Update Service;c:\program files\SPAMfighter\sfus.exe [2008-07-29 184968]
S3 getPlus® Helper;getPlus® Helper;c:\program files\NOS\bin\getPlus_HelperSvc.exe [2008-09-30 33752]
S3 P0630VID;Creative WebCam Live!;c:\windows\SYSTEM32\DRIVERS\P0630Vid.sys [2007-01-23 91841]
--- Andere Services/Drivers In Geheugen ---
*Deregistered* - mchInjDrv
.
Inhoud van de 'Gedeelde Taken' map
2009-01-10 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
2009-01-13 c:\windows\Tasks\Controleren op updates voor Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 11:20]
2005-09-16 c:\windows\Tasks\FRU Task #Hewlett-Packard#hp officejet 6100 series#1106417417.job
- c:\program files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe [2004-06-16 18:06]
2009-01-13 c:\windows\Tasks\Schijfopruiming.job
- c:\windows\SYSTEM32\cleanmgr.exe [2008-04-14 18:02]
.
.
------- Bijkomende Scan -------
.
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2046702
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mStart Page = hxxp://www.euro.dell.com/
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm
IE: Add to Windows &Live Favorites - Add to Windows Live Favorites
IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
c:\windows\Downloaded Program Files\InstallerControl.dll - O16 -: CabBuilder
hxxp://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
c:\windows\Downloaded Program Files\OSDED4D.OSD
c:\windows\Downloaded Program Files\AddrBookATL.dll - O16 -: {426784E5-24B2-4708-820D-117342FAD009}
hxxp://hyves.nl/cab/outlookaddressbook.cab
c:\windows\Downloaded Program Files\imglib.dll - c:\windows\Downloaded Program Files\screenshot.ocx
O16 -: {558714D6-8AC5-11D2-BCB7-00A024A866A5}
hxxp://www.ob.gouda.nl/Components/screenshot.cab
c:\windows\Downloaded Program Files\screenshot.inf
O16 -: {745395C8-D0E1-4227-8586-624CA9A10A8D} - hxxp://internethuis.rnw.nl/activex/AMC.cab
c:\windows\Downloaded Program Files\setup.inf
FF - ProfilePath - c:\documents and settings\Gerda den Hollander\Application Data\Mozilla\Firefox\Profiles\kzg9xpfx.default\
FF - plugin: c:\documents and settings\All Users\Application Data\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-14 00:06:51
Windows 5.1.2600 Service Pack 3 NTFS
detected NTDLL code modification:
ZwClose
scannen van verborgen processen ...
scannen van verborgen autostart items ...
scannen van verborgen bestanden ...
c:\windows\system32\e6e943de6d2e2d8c33d5130c1ccdd3ac.sys 39936 bytes executable
c:\windows\system32\_e6e943de6d2e2d8c33d5130c1ccdd3ac.sys_.vir 39936 bytes executable
Scan succesvol afgerond
verborgen bestanden: 2
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\e6e943de6d2e2d8c33d5130c1ccdd3ac]
"ImagePath"="system32\e6e943de6d2e2d8c33d5130c1ccdd3ac.sys"
.
--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|ù•9~*]
"3140311900063D11C8EF10054038389C"="C?\\WINDOWS\\System32\\FM20ENU.DLL"
.
--------------------- DLLs Geladen Onder Lopende Processen ---------------------
- - - - - - - > 'explorer.exe'(1592)
c:\progra~1\WINDOW~2\wmpband.dll
.
Voltooingstijd: 2009-01-14 0:12:03
ComboFix-quarantined-files.txt 2009-01-13 23:11:48
ComboFix2.txt 2009-01-13 22:53:08
Pre-Run: 88.040.964.096 bytes beschikbaar
Post-Run: 88,021,233,664 bytes beschikbaar
WindowsXP-KB310994-SP2-Home-BootDisk-NLD.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn
221 --- E O F --- 2008-12-18 14:18:28
-
Ik ben blij dat jij zo optimistisch bent: eerder op de avond liep alles vast, kon ik geen programma meer normaal afsluiten.
Wat die CCleaner betreft:
Er staan een heleboel downloads op die link. Welke bedoel je: Driver cleaner de CCleaner Slim (no toolbar) of de CCleaner download de nieuwe en laatste versie 2009, En als ik die laatste neem, moet ik dan de toolbar wel of niet aanvinken?
-
Wil ik graag doen, maar elke keer als ik HiJack via de snelkoppeling open krijg ik een mededeling die begint met:
Hijjack This appears to have been started from a temporary folder. Since temp folders tend to be emptied regurlarly, it is wise to copy HihackThis.exe to a folder of its own, for instance C:\ProgramFiles\HijackThis\ (en zo verder)
Ik heb hem nu in ProgramFiles in een gecomprimeerde map en als ik hem daar uitpak en open krijg ik de mededeling niet meer. Daarna heb ik de volgende scanlog gemaakt. Ik hoop dat hij nu wel volledig is.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:36:45, on 13-1-2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\McAfee\Common Framework\naPrdMgr.exe
C:\Program Files\Fighters\configservice.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Program Files\SPAMfighter\sfus.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Fighters\licenseservice.exe
C:\Program Files\Fighters\updateservice.exe
C:\Program Files\Fighters\ScannerService.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\McAfee\Common Framework\UdaterUI.exe
C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE
C:\WINDOWS\system32\RunDLL32.exe
C:\Program Files\SPAMfighter\SFAgent.exe
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Fighters\spywarefighter\SpywarefighterUser.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\TomTom HOME 2\HOMERunner.exe
c:\program files\fighters\spywarefighter\SPYWAREfighterTray.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposol08.exe
C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\DOCUME~1\GERDAD~1\LOCALS~1\Temp\Tijdelijke map 1 voor HijackThis.zip\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Dell Nederland -startpagina - Computers, computerapparatuur, electronics en services.
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Omroep.nl
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Dell Nederland -startpagina - Computers, computerapparatuur, electronics en services.
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\scriptcl.dll
O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [diagent] "C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe" startup
O4 - HKLM\..\Run: [updReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [storageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [shStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [CostAware] C:\Program Files\NetInternals\CostAware\niIPCApp.exe
O4 - HKLM\..\Run: [PD0630 STISvc] RunDLL32.exe P0630Pin.dll,RunDLL32EP 513
O4 - HKLM\..\Run: [sPAMfighter Agent] "C:\Program Files\SPAMfighter\SFAgent.exe" update delay 60
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [spywarefighterguard] C:\Program Files\Fighters\spywarefighter\SpywarefighterUser.exe
O4 - HKLM\..\Run: [iSTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\HOMERunner.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Startup: Mediacontrole Cyber-shot Viewer.lnk = C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: officejet 6100.lnk = ?
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - Add to Windows Live Favorites
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: CabBuilder - http://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
O16 - DPF: {426784E5-24B2-4708-820D-117342FAD009} (Cimporter Object) - http://hyves.nl/cab/outlookaddressbook.cab
O16 - DPF: {558714D6-8AC5-11D2-BCB7-00A024A866A5} (ScreenShot Control) - http://www.ob.gouda.nl/Components/screenshot.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase8300.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1150318829140
O16 - DPF: {745395C8-D0E1-4227-8586-624CA9A10A8D} (AxisMediaControl Class) - http://internethuis.rnw.nl/activex/AMC.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://wwwimages.adobe.com/www.adobe.com/products/acrobat/nos/gp.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: Mobiel Apple apparaat (Apple Mobile Device) - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: getPlus® Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PTK License-FIGHTERS-297811811 - SPAMfighter - C:\Program Files\Fighters\licenseservice.exe
O23 - Service: PTK Live Update-FIGHTERS-297811811 - SPAMfighter - C:\Program Files\Fighters\updateservice.exe
O23 - Service: PTK Scanner-FIGHTERS-297811811 - SPAMfighter - C:\Program Files\Fighters\ScannerService.exe
O23 - Service: PTK SharedAccess-FIGHTERS-297811811 - SPAMfighter - C:\Program Files\Fighters\configservice.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: SPAMfighter Update Service - SPAMfighter ApS - C:\Program Files\SPAMfighter\sfus.exe
--
End of file - 12842 bytes
-
Dank Kape voor je snelle reactie. Ik ben er meteen mee aan de slag gegaan.
Hier eerst de MBAB log:
Malwarebytes' Anti-Malware 1.32
Database versie: 1648
Windows 5.1.2600 Service Pack 3
13-1-2009 13:44:13
mbam-log-2009-01-13 (13-44-13).txt
Scan type: Snelle Scan
Objecten gescand: 74770
Verstreken tijd: 21 minute(s), 47 second(s)
Geheugenprocessen geïnfecteerd: 0
Geheugenmodulen geïnfecteerd: 0
Registersleutels geïnfecteerd: 18
Registerwaarden geïnfecteerd: 1
Registerdata bestanden geïnfecteerd: 0
Mappen geïnfecteerd: 2
Bestanden geïnfecteerd: 4
Geheugenprocessen geïnfecteerd:
(Geen kwaadaardige items gevonden)
Geheugenmodulen geïnfecteerd:
(Geen kwaadaardige items gevonden)
Registersleutels geïnfecteerd:
HKEY_CLASSES_ROOT\orb.ta (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\orb.ta.1 (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{21eeb010-57f3-11dd-b116-dad055d89593} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{b33de756-deee-4d7a-87db-1d905ba2aa21} (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{1b7f9329-aaf9-4e34-8ecf-c363fd3c60cf} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{ada8c222-95d2-47b5-950b-aebc0a508839} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\.exe\shellex\ContextMenuHandlers\secure_del (Rogue.SecurePCCleaner) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\.lnk\ShellEx\ContextMenuHandlers\secure_del (Rogue.SecurePCCleaner) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\Shell\Secure Delete (Rogue.SecurePCCleaner) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Directory\Background\shellex\ContextMenuHandlers\secure_del (Rogue.SecurePCCleaner) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Directory\shellex\ContextMenuHandlers\secure_del (Rogue.SecurePCCleaner) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Drive\shellex\ContextMenuHandlers\secure_del (Rogue.SecurePCCleaner) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\exefile\shellex\ContextMenuHandlers\secure_del (Rogue.SecurePCCleaner) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Folder\shellex\ContextMenuHandlers\secure_del (Rogue.SecurePCCleaner) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\lnkfile\shellex\ContextMenuHandlers\secure_del (Rogue.SecurePCCleaner) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\SystemFileAssociations\Directory.Audio\shellex\ContextMenuHandlers\secure_del (Rogue.SecurePCCleaner) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\SystemFileAssociations\Directory.Image\shellex\ContextMenuHandlers\secure_del (Rogue.SecurePCCleaner) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\SystemFileAssociations\Directory.Video\shellex\ContextMenuHandlers\secure_del (Rogue.SecurePCCleaner) -> Quarantined and deleted successfully.
Registerwaarden geïnfecteerd:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{b33de756-deee-4d7a-87db-1d905ba2aa21} (Rogue.Multiple) -> Quarantined and deleted successfully.
Registerdata bestanden geïnfecteerd:
(Geen kwaadaardige items gevonden)
Mappen geïnfecteerd:
C:\Documents and Settings\All Users\Application Data\SalesMonitor (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\SalesMonitor\Data (Rogue.Multiple) -> Quarantined and deleted successfully.
Bestanden geïnfecteerd:
C:\Documents and Settings\Rens den Hollander\Local Settings\Temporary Internet Files\Content.IE5\0TIBWTUB\u927[1].msg (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Rens den Hollander\Local Settings\Temporary Internet Files\Content.IE5\8PM705IF\g584[1].msg (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Rens den Hollander\Local Settings\Temporary Internet Files\Content.IE5\A3IMHV5Z\u406[1].msg (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Rens den Hollander\Bureaublad\System Security.lnk (Rogue.SystemSecurity) -> Quarantined and deleted successfully.
en de daarna uitgevoerde HijackThis log volgt hieronder
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:16:36, on 13-1-2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\McAfee\Common Framework\naPrdMgr.exe
C:\Program Files\Fighters\configservice.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Program Files\SPAMfighter\sfus.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Fighters\licenseservice.exe
C:\Program Files\Fighters\updateservice.exe
C:\Program Files\Fighters\ScannerService.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\McAfee\Common Framework\UdaterUI.exe
C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE
C:\WINDOWS\system32\RunDLL32.exe
C:\Program Files\SPAMfighter\SFAgent.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Fighters\spywarefighter\SpywarefighterUser.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\TomTom HOME 2\HOMERunner.exe
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposol08.exe
c:\program files\fighters\spywarefighter\SPYWAREfighterTray.exe
C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZSTC07.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\HijackThis\HijackThis.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: SPAMfighter Update Service - SPAMfighter ApS - C:\Program Files\SPAMfighter\sfus.exe
--
End of file - 3591 bytes
-
Beste mensen,
Hier weer een gevalletje System security, op een Dell computer met Windows XP. Schrale troost dat ik niet de enige ben. Ik heb Hijack al gedownload en de log hierbij gedaan.
Daarnaast geeft mijn spywarefighter een aan dat ik een geinfecteerd bestand heb, Not-A-Virus.Downloader.Win32.WinFixer.ax
En het zou zich bevinden in C:\Program Files\Common Files\TrashEraser\mc.exe (die ik ook in het log aantref).
Heb geen idee wat ik verder moet doen, kan dus elke hulp gebruiken. Wel graag in duidelijke woorden-stappen want ik ben behoorlijk digibeet.
Alvast bedankt voor alle moeite,
Gerda den Hollander
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:36:43, on 12-1-2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\brss01a.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Fighters\configservice.exe
C:\Program Files\SPAMfighter\sfus.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Fighters\licenseservice.exe
C:\Program Files\Fighters\updateservice.exe
C:\Program Files\Fighters\ScannerService.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\McAfee\Common Framework\UdaterUI.exe
C:\Program Files\Common Files\TrashEraser\mc.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\Program Files\SPAMfighter\SFAgent.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Fighters\spywarefighter\SpywarefighterUser.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\TomTom HOME 2\HOMERunner.exe
C:\Program Files\McAfee\Common Framework\McTray.exe
c:\program files\fighters\spywarefighter\SPYWAREfighterTray.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposol08.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Dell Nederland -startpagina - Computers, computerapparatuur, electronics en services.
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Omroep.nl
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Dell Nederland -startpagina - Computers, computerapparatuur, electronics en services.
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: (no name) - {086F0D71-B8A5-69FD-D3EE-045D0C3089DC} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\scriptcl.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: ORBta - {ADA8C222-95D2-47B5-950B-AEBC0A508839} - C:\WINDOWS\system32\spria.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [diagent] "C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe" startup
O4 - HKLM\..\Run: [updReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [storageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [userFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [shStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [salestart] "C:\Program Files\Common Files\TrashEraser\mc.exe" dm=http://trasheraser.com; ad=http://trasheraser.com
O4 - HKLM\..\Run: [CostAware] C:\Program Files\NetInternals\CostAware\niIPCApp.exe
O4 - HKLM\..\Run: [PD0630 STISvc] RunDLL32.exe P0630Pin.dll,RunDLL32EP 513
O4 - HKLM\..\Run: [sPAMfighter Agent] "C:\Program Files\SPAMfighter\SFAgent.exe" update delay 60
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [spywarefighterguard] C:\Program Files\Fighters\spywarefighter\SpywarefighterUser.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\HOMERunner.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Startup: Mediacontrole Cyber-shot Viewer.lnk = C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: officejet 6100.lnk = ?
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - Add to Windows Live Favorites
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: CabBuilder - http://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
O16 - DPF: {426784E5-24B2-4708-820D-117342FAD009} (Cimporter Object) - http://hyves.nl/cab/outlookaddressbook.cab
O16 - DPF: {558714D6-8AC5-11D2-BCB7-00A024A866A5} (ScreenShot Control) - http://www.ob.gouda.nl/Components/screenshot.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase8300.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1150318829140
O16 - DPF: {745395C8-D0E1-4227-8586-624CA9A10A8D} (AxisMediaControl Class) - http://internethuis.rnw.nl/activex/AMC.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://wwwimages.adobe.com/www.adobe.com/products/acrobat/nos/gp.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O20 - Winlogon Notify: bececcfdafabf - C:\WINDOWS\system32\bececcfdafabf.dll (file missing)
O23 - Service: Mobiel Apple apparaat (Apple Mobile Device) - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: getPlus® Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PTK License-FIGHTERS-297811811 - SPAMfighter - C:\Program Files\Fighters\licenseservice.exe
O23 - Service: PTK Live Update-FIGHTERS-297811811 - SPAMfighter - C:\Program Files\Fighters\updateservice.exe
O23 - Service: PTK Scanner-FIGHTERS-297811811 - SPAMfighter - C:\Program Files\Fighters\ScannerService.exe
O23 - Service: PTK SharedAccess-FIGHTERS-297811811 - SPAMfighter - C:\Program Files\Fighters\configservice.exe
O23 - Service: SPAMfighter Update Service - SPAMfighter ApS - C:\Program Files\SPAMfighter\sfus.exe
--
End of file - 12644 bytes
[OPGELOST] System Security helaas...
in Archief Bestrijding malware & virussen
Geplaatst:
Ben er zojuist weer uitgegooid in het blauwe scherm stond onder meer:
STOP:0x00000005, 0xF8503ABA, 0xBODBCAE4, 0x00000000
(NB alle eerste 0's kunnen ook O's zijn)
fltmgr.sys-adress F8503ABA base at F84FE000 Datestamp 480251da