Heb de Hijackdingen verwijderd met, toen kon ik gelukkig weer normaal opstarten, daarna Malware eroverheen gedraait en een stuk of 10 'fake trojans' oid verwijderd.
Toen Combofix geinstalleerd, Nod32 uitgezet en toen kreeg ik een melding van 'rootkit activiteit'. Ik heb wat dingen op moeten schrijven (.dll en .dat in system32), hij moest opnieuw opstarten en dit is de uitkomst van het combofix:
omboFix 09-07-20.01 - Marien 20-07-2009 23:05.1.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.31.1043.18.1013.731 [GMT 2:00]
Gestart vanuit: I:\ComboFix.exe
AV: ESET NOD32 Antivirus 3.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
* Aanwezig AV is actief
.
(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\docume~1\ALLUSE~1\APPLIC~1\12457184
c:\docume~1\ALLUSE~1\APPLIC~1\12457184\12457184
c:\docume~1\ALLUSE~1\APPLIC~1\12457184\12457184.exe
c:\docume~1\ALLUSE~1\APPLIC~1\Microsoft\Network\Downloader\qmgr0.dat
c:\docume~1\ALLUSE~1\APPLIC~1\Microsoft\Network\Downloader\qmgr1.dat
c:\windows\Installer\2440e.msp
c:\windows\Installer\3017d1.msi
c:\windows\system32\drivers\geyekrrgrxdorg.sys
c:\windows\system32\geyekriltbbrox.dll
c:\windows\system32\geyekrjxcevrwo.dat
c:\windows\system32\geyekrrsqtqwuh.dll
c:\windows\system32\geyekrsvpxuwqi.dat
----- BITS: Mogelijk geïnfecteerde sites -----
hxxp://binuser.fileave.com
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Service_geyekrtfubqakl
(((((((((((((((((((( Bestanden Gemaakt van 2009-06-20 to 2009-07-20 ))))))))))))))))))))))))))))))
.
2009-07-20 20:49 . 2009-07-20 20:49 -------- d-sh--w- c:\documents and settings\Marien\Onlangs geopend
2009-07-20 20:26 . 2009-07-20 20:26 -------- d-----w- c:\documents and settings\Marien\Application Data\Malwarebytes
2009-07-20 20:12 . 2009-07-20 20:12 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2009-07-20 20:11 . 2009-07-13 11:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-20 20:11 . 2009-07-20 20:12 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-07-20 20:11 . 2009-07-20 20:11 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\Malwarebytes
2009-07-20 20:11 . 2009-07-13 11:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-07-20 19:57 . 2009-07-20 19:57 -------- d-----w- c:\program files\Trend Micro
2009-07-20 18:12 . 2009-07-20 18:13 8192 ----a-w- C:\qlhbde.exe
2009-07-20 18:10 . 2009-07-20 18:10 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\ESET
2009-07-20 17:35 . 2009-07-20 17:35 -------- d-----w- c:\program files\Elaborate Bytes
2009-07-20 17:30 . 2009-07-20 17:30 -------- d-----w- c:\documents and settings\Marien\Application Data\ArcSoft
2009-07-20 17:12 . 2009-07-20 17:46 -------- d-----w- c:\windows\ehome
2009-07-20 17:09 . 2009-07-20 17:09 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\ArcSoft
2009-07-20 17:09 . 2009-07-20 17:45 -------- d-----w- c:\program files\ArcSoft
2009-07-20 17:08 . 2009-07-20 17:08 -------- d-----w- c:\windows\Downloaded Installations
2009-07-20 16:47 . 2009-07-20 16:47 -------- d-----w- c:\documents and settings\Marien\Local Settings\Application Data\Cyberlink
2009-07-20 16:45 . 2009-07-20 16:45 -------- d-----w- c:\program files\Common Files\CyberLink
2009-07-20 16:42 . 2009-07-20 16:41 29480 ----a-w- c:\windows\system32\msxml3a.dll
2009-07-20 16:42 . 2009-07-20 16:41 353576 ----a-w- c:\windows\system32\msvcr71.dll
2009-07-20 16:41 . 2009-07-20 16:41 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\Temp
2009-07-20 16:26 . 2009-07-20 16:26 -------- d-----w- c:\documents and settings\Marien\Application Data\dvdcss
2009-07-06 12:54 . 2008-03-21 11:57 14640 ------w- c:\windows\system32\spmsgXP_2k3.dll
2009-07-06 10:37 . 2009-07-06 10:36 25512 ----a-w- c:\windows\system32\drivers\ggsemc.sys
2009-07-06 10:37 . 2009-07-06 10:36 13224 ----a-w- c:\windows\system32\drivers\ggflt.sys
2009-07-06 10:37 . 2009-07-06 10:36 1112288 ----a-w- c:\windows\system32\WdfCoInstaller01007.dll
2009-07-06 10:33 . 2009-07-06 10:33 -------- d-----w- c:\program files\Sony Ericsson
2009-06-22 20:44 . 2009-06-23 15:49 -------- d-----w- c:\documents and settings\Marien\Local Settings\Application Data\ApplicationHistory
2009-06-22 20:44 . 2009-06-22 20:44 129 ----a-w- c:\documents and settings\Marien\Local Settings\Application Data\fusioncache.dat
2009-06-22 20:38 . 2009-06-22 20:38 -------- d-----w- c:\program files\Common Files\SpellEx
2009-06-22 20:38 . 2004-02-04 08:27 49536 ----a-w- c:\windows\system32\drivers\tiehdusb.sys
2009-06-22 20:38 . 2004-01-28 13:03 21456 ----a-w- c:\windows\system32\drivers\SilvrLnk.sys
2009-06-22 20:37 . 2009-06-22 20:37 -------- d-----w- c:\program files\Common Files\TI Shared
2009-06-22 20:37 . 2009-06-22 20:38 -------- d-----w- c:\program files\TI Education
2009-06-22 20:34 . 2009-06-22 20:34 -------- d-----w- c:\windows\system32\URTTEMP
2009-06-22 20:30 . 2009-06-22 20:36 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-20 18:11 . 2008-08-26 11:01 -------- d-----w- c:\program files\Common Files\InstallShield
2009-07-20 17:45 . 2008-08-26 11:01 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-07-20 16:47 . 2008-10-24 20:21 -------- d-----w- c:\documents and settings\Marien\Application Data\CyberLink
2009-07-20 16:47 . 2008-10-24 19:25 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\CyberLink
2009-07-20 16:41 . 2007-12-12 14:41 505128 ----a-w- c:\windows\system32\msvcp71.dll
2009-07-20 15:01 . 2008-10-20 18:45 -------- d-----w- c:\documents and settings\Marien\Application Data\GrabIt
2009-07-06 12:54 . 2009-07-06 12:54 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_ggsemc_01007.Wdf
2009-07-06 12:54 . 2009-07-06 12:54 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
2009-06-23 09:11 . 2008-08-26 15:25 82680 ----a-w- c:\windows\system32\perfc013.dat
2009-06-23 09:11 . 2008-08-26 15:25 468780 ----a-w- c:\windows\system32\perfh013.dat
2009-06-22 20:41 . 2008-10-20 15:39 71912 ----a-w- c:\documents and settings\Marien\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-06-17 17:20 . 2009-06-16 21:43 -------- d-----w- c:\program files\Pinnacle
2009-06-16 21:40 . 2009-06-16 21:40 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\Pinnacle
2009-06-16 14:40 . 2008-08-26 15:25 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-16 14:40 . 2008-08-26 15:25 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-06-03 21:02 . 2009-02-20 16:10 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\pdf995
2009-06-03 21:02 . 2009-02-20 16:10 59 ----a-w- c:\windows\wpd99.drv
2009-06-03 19:11 . 2008-08-26 15:25 1295360 ----a-w- c:\windows\system32\quartz.dll
2009-06-03 17:08 . 2009-06-03 17:07 -------- d-----w- c:\program files\iTunes
2009-06-03 17:08 . 2009-06-03 17:07 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-06-03 17:07 . 2009-06-03 17:07 -------- d-----w- c:\program files\iPod
2009-06-03 17:07 . 2008-10-20 18:52 -------- d-----w- c:\program files\Common Files\Apple
2009-06-03 17:03 . 2009-06-03 17:02 -------- d-----w- c:\program files\QuickTime
2009-06-01 11:42 . 2009-06-01 11:42 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\Advanced Chemistry Development
2009-06-01 11:42 . 2009-06-01 11:40 -------- d-----w- c:\documents and settings\Marien\Application Data\Advanced Chemistry Development
2009-06-01 11:42 . 2009-06-01 11:41 -------- d-----w- c:\program files\ACDFREE12
2009-05-25 12:16 . 2009-05-25 12:16 134312 ----a-w- c:\windows\system32\ElbyVCD.dll
2009-05-25 12:01 . 2009-05-25 12:01 89256 ----a-w- c:\windows\system32\ElbyCDIO.dll
2009-05-22 23:08 . 2009-05-22 23:08 29696 ----a-w- c:\windows\system32\drivers\VClone.sys
2009-05-22 18:32 . 2009-03-20 18:12 73728 ----a-w- c:\windows\system32\MMCEDT3.exe
2009-05-22 13:49 . 2009-02-19 12:22 91392 ----a-w- c:\windows\system32\drivers\ArcHlp.sys
2009-05-15 18:19 . 2008-10-21 14:47 721904 ----a-w- c:\windows\system32\drivers\sptd.sys
2009-05-07 15:34 . 2008-08-26 15:25 347136 ----a-w- c:\windows\system32\localspl.dll
2009-04-29 04:46 . 2008-08-26 15:25 669696 ----a-w- c:\windows\system32\wininet.dll
2009-04-29 04:46 . 2008-08-26 15:25 81920 ----a-w- c:\windows\system32\ieencode.dll
2009-06-14 21:22 . 2008-10-20 16:36 134648 ----a-w- c:\program files\mozilla firefox\components\brwsrcmp.dll
.
------- Sigcheck -------
[-] 2008-04-15 12:00 979456 0667A612D847BD87667F3CB1FC4C0D6C c:\windows\explorer.exe
[-] 2008-04-15 12:00 979456 0667A612D847BD87667F3CB1FC4C0D6C c:\windows\system32\dllcache\explorer.exe
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2009-02-06 3885408]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-12-19 135168]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-12-19 159744]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-12-19 131072]
"MGSysCtrl"="c:\program files\System Control Manager\MGSysCtrl.exe" [2008-07-29 684032]
"ITSecMng"="c:\program files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe" [2007-09-28 75136]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2008-03-13 1443072]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-05-30 292136]
"VirtualCloneDrive"="c:\program files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2009-05-26 85160]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2008-05-08 16862208]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-15 15360]
c:\documents and settings\Marien\Menu Start\Programma's\Opstarten\
RocketDock.lnk - c:\windows\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe [2007-3-19 630784]
c:\docume~1\ALLUSE~1\MENUST~1\PROGRA~1\OPSTAR~1\
Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2008-2-22 2938184]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
R1 archlp;archlp;c:\windows\system32\drivers\ArcHlp.sys [19-2-2009 14:22 91392]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [13-3-2008 17:52 33800]
R2 ekrn;Eset Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [13-3-2008 17:49 472320]
R2 Micro Star SCM;Micro Star SCM;c:\program files\System Control Manager\MSIService.exe [26-8-2008 13:13 159744]
R3 RSUSBSTOR;RTS5121.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RTS5121.sys [26-8-2008 13:07 156160]
R3 RT80x86;Ralink 802.11n Wireless Driver;c:\windows\system32\drivers\rt2860.sys [20-10-2008 23:29 625792]
S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [6-7-2009 12:37 13224]
S3 Razerlow;Razerlow USB Filter Driver;c:\windows\system32\drivers\Razerlow.sys [22-10-2008 15:49 13225]
S3 rtl8187Se;Realtek RTL8187SE Wireless LAN PCIE Network Adapter;c:\windows\system32\drivers\rtl8187Se.sys [26-8-2008 13:09 306176]
.
.
------- Bijkomende Scan -------
.
uStart Page = hxxp://www.msi.com.tw
uInternet Settings,ProxyOverride = *.local
IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: {443BF7F4-DBCB-486F-A486-91E162D5D912} = 62.177.144.11,82.204.127.40
FF - ProfilePath - c:\docume~1\Marien\APPLIC~1\Mozilla\Firefox\Profiles\qibidabu.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.symbaloo.com/
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2009-07-20 23:10
Windows 5.1.2600 Service Pack 3 NTFS
scannen van verborgen processen ...
scannen van verborgen autostart items ...
scannen van verborgen bestanden ...
Scan succesvol afgerond
verborgen bestanden: 0
**************************************************************************
.
--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"cd042efbbd7f7af1647644e76e06692b"=hex:c8,28,51,af,b0,29,a3,98,d1,a2,f2,c4,6f,
36,85,be,c8,28,51,af,b0,29,a3,98,f0,52,69,8c,a1,ea,47,9e,e2,63,26,f1,3f,c8,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"bca643cdc5c2726b20d2ecedcc62c59b"=hex:6a,9c,d6,61,af,45,84,18,2a,f4,f0,22,12,
e5,fa,94,71,3b,04,66,8b,46,0d,96,39,f6,8a,65,f1,ca,63,81,6a,9c,d6,61,af,45,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"2c81e34222e8052573023a60d06dd016"=hex:25,da,ec,7e,55,20,c9,26,2a,57,b6,f0,6d,
ba,89,f0,25,da,ec,7e,55,20,c9,26,1f,1f,6a,0f,1d,24,b4,39,ff,7c,85,e0,43,d4,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"2582ae41fb52324423be06337561aa48"=hex:3e,1e,9e,e0,57,5a,93,61,76,c7,43,6c,44,
54,9a,ba,3e,1e,9e,e0,57,5a,93,61,99,ad,bb,e1,6e,4a,37,f3,86,8c,21,01,be,91,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"caaeda5fd7a9ed7697d9686d4b818472"=hex:f5,1d,4d,73,a8,13,5c,05,68,48,1d,34,cf,
c7,1a,85,cd,44,cd,b9,a6,33,6c,cd,a0,fd,25,bc,5d,f0,91,a2,f5,1d,4d,73,a8,13,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"a4a1bcf2cc2b8bc3716b74b2b4522f5d"=hex:df,20,58,62,78,6b,cf,c8,e7,3a,cb,db,7a,
89,2d,94,b0,18,ed,a7,3f,8d,37,a4,49,2c,16,8d,34,54,e0,7b,df,20,58,62,78,6b,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"4d370831d2c43cd13623e232fed27b7b"=hex:fb,a7,78,e6,12,2f,9a,ea,dd,4c,06,e0,9e,
93,0e,8d,31,77,e1,ba,b1,f8,68,02,c7,5e,20,33,4c,ad,1d,27,fb,a7,78,e6,12,2f,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"1d68fe701cdea33e477eb204b76f993d"=hex:83,6c,56,8b,a0,85,96,ab,2c,a5,55,54,48,
8b,bd,0f,83,6c,56,8b,a0,85,96,ab,d9,ab,92,fd,03,45,f3,c3,01,3a,48,fc,e8,04,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"1fac81b91d8e3c5aa4b0a51804d844a3"=hex:f6,0f,4e,58,98,5b,89,c9,26,a1,45,8a,ed,
59,6e,fb,51,fa,6e,91,28,9e,14,cc,17,ad,2e,e1,ba,98,d0,a4,f6,0f,4e,58,98,5b,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"f5f62a6129303efb32fbe080bb27835b"=hex:3d,ce,ea,26,2d,45,aa,78,d2,06,f7,1e,52,
8b,f3,c4,b1,cd,45,5a,a8,c4,f8,b9,07,31,a3,36,38,e9,83,8a,3d,ce,ea,26,2d,45,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"fd4e2e1a3940b94dceb5a6a021f2e3c6"=hex:e3,0e,66,d5,eb,bc,2f,6b,35,54,28,f3,1f,
3c,5f,06,e3,0e,66,d5,eb,bc,2f,6b,24,bd,88,b9,4b,24,01,0d,2a,b7,cc,b5,b9,7f,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"8a8aec57dd6508a385616fbc86791ec2"=hex:fa,ea,66,7f,d4,3b,6b,70,54,c7,7d,62,1b,
d3,1d,9e,fa,ea,66,7f,d4,3b,6b,70,e9,c2,00,8c,69,73,f0,63,6c,43,2d,1e,aa,22,\
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\h–€|ÿÿÿÿ¤•€|ù•9~*]
"3140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
.
Voltooingstijd: 2009-07-20 23:11
ComboFix-quarantined-files.txt 2009-07-20 21:11
Pre-Run: 24.458.145.792 bytes beschikbaar
Post-Run: 24.504.045.568 bytes beschikbaar
WindowsXP-KB310994-SP2-Home-BootDisk-NLD.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
250 --- E O F --- 2009-07-16 14:48
Daarna, nog eens Hijackthis eroverheen:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:15:14, on 20-7-2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\System Control Manager\MSIService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\System Control Manager\MGSysCtrl.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msi.com.tw
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [MGSysCtrl] C:\Program Files\System Control Manager\MGSysCtrl.exe
O4 - HKLM\..\Run: [iTSecMng] %ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
O4 - Global Startup: Bluetooth Manager.lnk = ?
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.msi.com.tw
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/resources/MSNPUpld.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{443BF7F4-DBCB-486F-A486-91E162D5D912}: NameServer = 62.177.144.11,82.204.127.40
O23 - Service: Mobiel Apple apparaat (Apple Mobile Device) - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Micro Star SCM - Unknown owner - C:\Program Files\System Control Manager\MSIService.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
--
End of file - 6406 bytes
Ziet dit er al beter uit??
Alles doet het verder, (bureaublad)instellingen zijn een beetje overhoop maar alles doet het gelukkig weer
