[OPGELOST] hijackthis werkt niet

[kape]

Open een kladblokbestand.

Kopieer en plak daarin de onderstaande vetgedrukte tekst.

Driver::

npggsvc

nProtect GameGuard Service

Registry::

[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\npggsvc]

Sla dit bestand op je bureaublad op als CFScript.txt.

Sleep CFScript.txt in ComboFix.exe

Dit zal ComboFix doen herstarten. Start opnieuw op als dat gevraagd wordt.

Post na herstart de inhoud van de Combofix.txt in je volgende bericht samen met een nieuw logje van HijackThis.

[axel321]

wel niet simpel het staad er in maar het doet niets

[ATTACH]2628[/ATTACH]

ik heb het op het bureaublad opgeslagen en daar in gesleept ik heb wel geen snelkopeleing van combifix heefd dat er ook iets mee te maken ?

ik ben een lastpak mag je wel zeggen :-p

[kape]

Het is inderdaad de bedoeling dat je dat bestandje IN de snelkoppeling sleept op het bureaublad, om het programma automatisch te doen opstarten. Om zo de aangeduide ingrepen te kunnen uitvoeren.

[axel321]

wel ik heb dan een snelkopeling gemaakt en het doet ook niets of moet dat een snelkopeling zijn die combifix zelf heefd opgezet of maakt dat niets uit

of moet ik combifix miss niet verwijderen en opnieuw instaleren ?

[kape]

In dit geval is het inderdaad het beste dat je eerst de oude Combofix verwijderd via Start -> Uitvoeren -> typ combofix /u ... en dan een nieuwe Combofix download rechtstreeks naar het bureaublad. Dan kan je daarna het txt-bestand in de snelkoppeling slepen om te laten opstarten.

[axel321]

oke het is opnieuw geinstaleerd en ik heb er nu onmiddelijk een snelkoppeling bij gekregen maar ik heb het logje stom weg verwijderd :-s in plaats van hier op te zetten

wel dan wil ik de CFScript.txt. in zetten maar het zegt

je wilde CFScript.txt. gebruiken

maar CFScript.txt. lijkt verkeerd gespeld te zijn

dan annuleerd die de werking van combofix

---------- Post toegevoegd om 11:01 ---------- Vorige post was om 10:56 ----------

wel nee het logje is terug gevonden in de prullebak was vergeten dat we dat ook nog hebben maar het txt bestandje lukt nog niet

ComboFix 09-08-10.06 - sabaj 17/08/2009 12:27.2.2 - NTFSx86

Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.32.1043.18.3002.1840 [GMT 2:00]

Gestart vanuit: c:\users\sabaj\Desktop\ComboFix.exe

SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

.

(((((((((((((((((((( Bestanden Gemaakt van 2009-07-17 to 2009-08-17 ))))))))))))))))))))))))))))))

.

2009-08-17 10:34 . 2009-08-17 10:34 -------- d-----w- c:\users\Public\AppData\Local\temp

2009-08-17 10:34 . 2009-08-17 10:34 -------- d-----w- c:\users\Default\AppData\Local\temp

2009-08-17 10:02 . 2009-07-13 08:00 87888 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090816.022\NAVENG.SYS

2009-08-17 10:02 . 2009-07-13 08:00 875728 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090816.022\NAVEX15.SYS

2009-08-17 10:02 . 2009-04-15 08:00 177520 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090816.022\NAVENG32.DLL

2009-08-17 10:02 . 2009-04-15 08:00 1181040 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090816.022\NAVEX32A.DLL

2009-08-17 10:02 . 2009-04-15 08:00 371248 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090816.022\EECTRL.SYS

2009-08-17 10:02 . 2009-04-15 08:00 259368 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090816.022\ECMSVR32.DLL

2009-08-17 10:02 . 2009-04-15 08:00 2414128 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090816.022\CCERASER.DLL

2009-08-17 10:02 . 2009-04-15 08:00 101936 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090816.022\ERASER.SYS

2009-08-14 10:59 . 2009-08-17 10:34 -------- d-----w- c:\users\sabaj\AppData\Local\temp

2009-08-12 12:02 . 2009-07-17 14:35 71680 ----a-w- c:\windows\system32\atl.dll

2009-08-12 12:02 . 2009-07-11 19:34 276344 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090810.001\IDSXpx86.sys

2009-08-12 12:02 . 2009-07-11 19:34 293424 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090810.001\IDSvix86.sys

2009-08-12 12:02 . 2009-07-11 19:34 533880 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090810.001\Scxpx86.dll

2009-08-12 12:02 . 2009-07-11 19:34 451960 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090810.001\IDSxpx86.dll

2009-08-12 12:02 . 2009-07-11 19:34 397360 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090810.001\IDSviA64.sys

2009-08-12 12:02 . 2009-06-10 12:12 160256 ----a-w- c:\windows\system32\wkssvc.dll

2009-08-12 12:01 . 2009-07-14 13:00 313344 ----a-w- c:\windows\system32\wmpdxm.dll

2009-08-12 12:01 . 2009-07-14 12:58 7680 ----a-w- c:\windows\system32\spwmp.dll

2009-08-12 12:01 . 2009-07-14 12:59 4096 ----a-w- c:\windows\system32\dxmasf.dll

2009-08-12 12:01 . 2009-07-14 10:59 8147456 ----a-w- c:\windows\system32\wmploc.DLL

2009-08-12 12:01 . 2009-06-10 12:07 91136 ----a-w- c:\windows\system32\avifil32.dll

2009-08-12 12:01 . 2009-06-04 12:34 2066432 ----a-w- c:\windows\system32\mstscax.dll

2009-07-31 07:21 . 2009-07-11 19:34 533880 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090730.003\Scxpx86.dll

2009-07-31 07:21 . 2009-07-11 19:34 276344 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090730.003\IDSXpx86.sys

2009-07-31 07:21 . 2009-07-11 19:34 293424 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090730.003\IDSvix86.sys

2009-07-31 07:21 . 2009-07-11 19:34 451960 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090730.003\IDSxpx86.dll

2009-07-31 07:21 . 2009-07-11 19:34 397360 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090730.003\IDSviA64.sys

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-08-17 10:17 . 2008-11-21 21:18 667352 ----a-w- c:\windows\system32\perfh013.dat

2009-08-17 10:17 . 2008-11-21 21:18 126854 ----a-w- c:\windows\system32\perfc013.dat

2009-08-17 10:17 . 2008-11-21 21:13 659180 ----a-w- c:\windows\system32\perfh00C.dat

2009-08-17 10:17 . 2008-11-21 21:13 122976 ----a-w- c:\windows\system32\perfc00C.dat

2009-08-13 10:39 . 2009-04-16 14:48 -------- d-----w- c:\programdata\Microsoft Help

2009-08-13 10:37 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail

2009-07-28 18:33 . 2008-11-21 14:16 -------- d-----w- c:\programdata\CyberLink

2009-07-21 21:52 . 2009-07-29 10:42 915456 ----a-w- c:\windows\system32\wininet.dll

2009-07-21 21:47 . 2009-07-29 10:42 109056 ----a-w- c:\windows\system32\iesysprep.dll

2009-07-21 21:47 . 2009-07-29 10:42 71680 ----a-w- c:\windows\system32\iesetup.dll

2009-07-21 20:13 . 2009-07-29 10:42 133632 ----a-w- c:\windows\system32\ieUnatt.exe

2009-07-11 19:34 . 2009-07-11 19:34 276344 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\BinHub\IDSXpx86.sys

2009-07-11 19:34 . 2009-07-11 19:34 293424 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\BinHub\IDSvix86.sys

2009-07-11 19:34 . 2009-07-11 19:34 533880 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\BinHub\Scxpx86.dll

2009-07-11 19:34 . 2009-07-11 19:34 451960 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\BinHub\IDSxpx86.dll

2009-07-11 19:34 . 2009-07-11 19:34 397360 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\BinHub\IDSviA64.sys

2009-06-30 13:36 . 2009-07-25 11:08 18696 ----a-w- c:\windows\Help\OEM\scripts\HC_BatteryReplaceNew.exe

2009-06-30 13:10 . 2009-07-25 11:08 18696 ----a-w- c:\windows\Help\OEM\scripts\HC_BatteryNoTravel.exe

2009-06-30 13:03 . 2009-07-25 11:08 18696 ----a-w- c:\windows\Help\OEM\scripts\HC_BatteryAccessories.exe

2009-06-30 10:44 . 2009-07-25 11:08 18184 ----a-w- c:\windows\Help\OEM\scripts\HC_BatteryWeakNew.exe

2009-06-26 16:36 . 2009-07-25 11:08 18184 ----a-w- c:\windows\Help\OEM\scripts\HC_BatteryUpgrade.exe

2009-06-24 10:07 . 2009-06-24 10:07 -------- d-----w- c:\users\sabaj\AppData\Roaming\WildTangent

2009-06-24 10:07 . 2008-11-21 13:37 -------- d-----w- c:\programdata\WildTangent

2009-06-15 15:24 . 2009-07-15 09:53 156672 ----a-w- c:\windows\system32\t2embed.dll

2009-06-15 15:20 . 2009-07-15 09:53 72704 ----a-w- c:\windows\system32\fontsub.dll

2009-06-15 15:20 . 2009-07-15 09:53 10240 ----a-w- c:\windows\system32\dciman32.dll

2009-06-15 12:52 . 2009-07-15 09:53 289792 ----a-w- c:\windows\system32\atmfd.dll

2009-06-14 13:55 . 2009-04-16 14:56 106944 ----a-w- c:\users\sabaj\AppData\Local\GDIPFONTCACHEV1.DAT

2009-06-13 17:34 . 2009-06-13 17:34 5741 ----a-w- c:\program files\hijackthis.log

2009-06-12 17:47 . 2009-06-09 17:25 410984 ----a-w- c:\windows\system32\deploytk.dll

2009-05-26 15:52 . 2009-05-26 15:49 167676 ----a-w- c:\windows\hpqins00.dat

2008-11-21 21:39 . 2008-11-21 21:20 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"msnmsgr"="c:\program files\MSN Messenger\msnmsgr.exe" [2007-01-19 5674352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-12-10 49152]

"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-06-12 148888]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2008-3-25 214360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]

@="FSFilter Activity Monitor"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]

"{C6D2729D-494C-40FC-B23A-AE625D0F31F1}"= c:\program files\CyberLink\PowerDirector\PDR.EXE:CyberLink PowerDirector

"{FD377D93-E596-4C3A-9D27-4577F49B0ACB}"= c:\program files\HP\QuickPlay\QP.exe:Quick Play

"{132871EA-9DA8-4493-9010-F58E076B2733}"= c:\program files\HP\QuickPlay\QPService.exe:Quick Play Resident Program

"{04F1C3AD-92DB-44E8-8E2A-F8A0BD41E61E}"= c:\program files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)

"{79FD76AB-D9E6-4F42-88FC-3C3BEEF889DC}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote

"{48311FBA-7398-4C3B-8D53-9D11E1F29F83}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote

"{9C55AD3F-C721-4A78-A818-554C43601287}"= UDP:c:\program files\Pando Networks\Media Booster\PMB.exe:Pando Media Booster

"{9A231432-D50C-4EFB-8D94-61A2BD4CF9BE}"= TCP:c:\program files\Pando Networks\Media Booster\PMB.exe:Pando Media Booster

"{1050392E-B175-4131-8DAA-5164423679FC}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]

"EnableFirewall"= 0 (0x0)

"DoNotAllowExceptions"= 1 (0x1)

R0 SymEFA;Symantec Extended File Attributes;c:\windows\System32\drivers\NAV\1005000.086\SymEFA.sys [20/04/2009 18:07 310320]

R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\System32\drivers\NAV\1005000.086\BHDrvx86.sys [20/04/2009 18:07 258608]

R1 ccHP;Symantec Hash Provider;c:\windows\System32\drivers\NAV\1005000.086\cchpx86.sys [20/04/2009 18:06 482352]

R1 IDSVix86;IDSVix86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090810.001\IDSvix86.sys [12/08/2009 14:02 293424]

R2 ezSharedSvc;Easybits Shared Services for Windows;c:\windows\system32\svchost.exe -k netsvcs [21/01/2008 4:23 21504]

R2 Norton AntiVirus;Norton AntiVirus;c:\program files\Norton AntiVirus\Engine\16.5.0.134\ccSvcHst.exe [20/04/2009 18:06 115560]

R2 Recovery Service for Windows;Recovery Service for Windows;c:\program files\SMINST\BLService.exe [21/11/2008 17:08 365952]

R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2/06/2009 22:16 101936]

R3 IntcHdmiAddService;Intel® High Definition Audio HDMI;c:\windows\System32\drivers\IntcHdmi.sys [29/06/2008 16:52 112128]

R3 OA004Ufd;Creative Camera OA004 Upper Filter Driver;c:\windows\System32\drivers\OA004Ufd.sys [3/06/2008 9:30 144672]

R3 OA004Vid;Creative Camera OA004 Function Driver;c:\windows\System32\drivers\OA004Vid.sys [17/07/2008 17:01 269760]

R3 SYMNDISV;Symantec Network Filter Driver;c:\windows\System32\drivers\NAV\1005000.086\symndisv.sys [20/04/2009 18:07 39984]

S3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [21/11/2008 15:34 193840]

S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs

ezSharedSvc

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]

"c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]

"c:\program files\Common Files\LightScribe\LSRunOnce.exe"

.

Inhoud van de 'Gedeelde Taken' map

2009-08-09 c:\windows\Tasks\OGADaily.job

- c:\windows\system32\OGAVerify.exe [2008-12-31 15:04]

2009-08-17 c:\windows\Tasks\OGALogon.job

- c:\windows\system32\OGAVerify.exe [2008-12-31 15:04]

.

.

------- Bijkomende Scan -------

.

uStart Page = hxxp://www.google.be/

mStart Page = hxxp://www.shareware-ne.com/nl/index.php?rvs=hompag

IE: &AOL-werkbalk Zoeken - c:\programdata\AOL\ieToolbar\resources\nl-BE\local\search.html

IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

Trusted Zone: dogsoftheseas.com\realm01

Trusted Zone: dogsoftheseas.com\www

.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover

Rootkit scan 2009-08-17 12:34

Windows 6.0.6001 Service Pack 1 NTFS

scannen van verborgen processen ...

scannen van verborgen autostart items ...

scannen van verborgen bestanden ...

Scan succesvol afgerond

verborgen bestanden: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Norton AntiVirus]

"ImagePath"="\"c:\program files\Norton AntiVirus\Engine\16.5.0.134\ccSvcHst.exe\" /s \"Norton AntiVirus\" /m \"c:\program files\Norton AntiVirus\Engine\16.5.0.134\diMaster.dll\" /prefetch:1"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\npggsvc]

"ImagePath"="c:\windows\system32\GameMon.des -service"

.

--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

Voltooingstijd: 2009-08-17 12:38

ComboFix-quarantined-files.txt 2009-08-17 10:38

Pre-Run: 230.989.664.256 bytes beschikbaar

Post-Run: 230.957.432.832 bytes beschikbaar

171 --- E O F --- 2009-08-13 10:40

[kape]

Dit is inderdaad een nieuw log van Combofix, maar niet het log dat je moet bekomen na het slepen van het tekstbestand in de snelkoppeling. Nog een poging wagen, misschien

[axel321]

oke hier is de nieuwe als het is gelukt wand na het uitvoeren van dat ding

kreeg ik op alles wat ik aan klikte

de bewering is ongeldig omdat hij gemareerd is als verwijderen

wel zo iets ongeveer dat kwam als ik op het internet klikte op word paint

maar dat bij computer kwam dat niet

dan heb ik de pc moeten afsluiten nu hoop ik dat het heefd gewerkt

ComboFix 09-08-10.06 - sabaj 17/08/2009 17:59.3.2 - NTFSx86

Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.32.1043.18.3002.1983 [GMT 2:00]

Gestart vanuit: c:\users\sabaj\Desktop\ComboFix.exe

gebruikte Opdracht switches :: c:\users\sabaj\Desktop\CFScript.txt

SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

.

(((((((((((((((((((( Bestanden Gemaakt van 2009-07-17 to 2009-08-17 ))))))))))))))))))))))))))))))

.

2009-08-17 16:07 . 2009-08-17 16:07 -------- d-----w- c:\users\sabaj\AppData\Local\temp

2009-08-17 16:07 . 2009-08-17 16:07 -------- d-----w- c:\users\Public\AppData\Local\temp

2009-08-17 16:07 . 2009-08-17 16:07 -------- d-----w- c:\users\Default\AppData\Local\temp

2009-08-17 10:02 . 2009-07-13 08:00 87888 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090816.022\NAVENG.SYS

2009-08-17 10:02 . 2009-07-13 08:00 875728 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090816.022\NAVEX15.SYS

2009-08-17 10:02 . 2009-04-15 08:00 177520 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090816.022\NAVENG32.DLL

2009-08-17 10:02 . 2009-04-15 08:00 1181040 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090816.022\NAVEX32A.DLL

2009-08-17 10:02 . 2009-04-15 08:00 371248 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090816.022\EECTRL.SYS

2009-08-17 10:02 . 2009-04-15 08:00 259368 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090816.022\ECMSVR32.DLL

2009-08-17 10:02 . 2009-04-15 08:00 2414128 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090816.022\CCERASER.DLL

2009-08-17 10:02 . 2009-04-15 08:00 101936 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090816.022\ERASER.SYS

2009-08-12 12:02 . 2009-07-17 14:35 71680 ----a-w- c:\windows\system32\atl.dll

2009-08-12 12:02 . 2009-07-11 19:34 276344 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090810.001\IDSXpx86.sys

2009-08-12 12:02 . 2009-07-11 19:34 293424 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090810.001\IDSvix86.sys

2009-08-12 12:02 . 2009-07-11 19:34 533880 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090810.001\Scxpx86.dll

2009-08-12 12:02 . 2009-07-11 19:34 451960 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090810.001\IDSxpx86.dll

2009-08-12 12:02 . 2009-07-11 19:34 397360 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090810.001\IDSviA64.sys

2009-08-12 12:02 . 2009-06-10 12:12 160256 ----a-w- c:\windows\system32\wkssvc.dll

2009-08-12 12:01 . 2009-07-14 13:00 313344 ----a-w- c:\windows\system32\wmpdxm.dll

2009-08-12 12:01 . 2009-07-14 12:58 7680 ----a-w- c:\windows\system32\spwmp.dll

2009-08-12 12:01 . 2009-07-14 12:59 4096 ----a-w- c:\windows\system32\dxmasf.dll

2009-08-12 12:01 . 2009-07-14 10:59 8147456 ----a-w- c:\windows\system32\wmploc.DLL

2009-08-12 12:01 . 2009-06-10 12:07 91136 ----a-w- c:\windows\system32\avifil32.dll

2009-08-12 12:01 . 2009-06-04 12:34 2066432 ----a-w- c:\windows\system32\mstscax.dll

2009-07-31 07:21 . 2009-07-11 19:34 533880 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090730.003\Scxpx86.dll

2009-07-31 07:21 . 2009-07-11 19:34 276344 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090730.003\IDSXpx86.sys

2009-07-31 07:21 . 2009-07-11 19:34 293424 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090730.003\IDSvix86.sys

2009-07-31 07:21 . 2009-07-11 19:34 451960 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090730.003\IDSxpx86.dll

2009-07-31 07:21 . 2009-07-11 19:34 397360 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090730.003\IDSviA64.sys

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-08-17 15:55 . 2008-11-21 21:18 667352 ----a-w- c:\windows\system32\perfh013.dat

2009-08-17 15:55 . 2008-11-21 21:18 126854 ----a-w- c:\windows\system32\perfc013.dat

2009-08-17 15:55 . 2008-11-21 21:13 659180 ----a-w- c:\windows\system32\perfh00C.dat

2009-08-17 15:55 . 2008-11-21 21:13 122976 ----a-w- c:\windows\system32\perfc00C.dat

2009-08-13 10:39 . 2009-04-16 14:48 -------- d-----w- c:\programdata\Microsoft Help

2009-08-13 10:37 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail

2009-07-28 18:33 . 2008-11-21 14:16 -------- d-----w- c:\programdata\CyberLink

2009-07-21 21:52 . 2009-07-29 10:42 915456 ----a-w- c:\windows\system32\wininet.dll

2009-07-21 21:47 . 2009-07-29 10:42 109056 ----a-w- c:\windows\system32\iesysprep.dll

2009-07-21 21:47 . 2009-07-29 10:42 71680 ----a-w- c:\windows\system32\iesetup.dll

2009-07-21 20:13 . 2009-07-29 10:42 133632 ----a-w- c:\windows\system32\ieUnatt.exe

2009-07-11 19:34 . 2009-07-11 19:34 276344 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\BinHub\IDSXpx86.sys

2009-07-11 19:34 . 2009-07-11 19:34 293424 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\BinHub\IDSvix86.sys

2009-07-11 19:34 . 2009-07-11 19:34 533880 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\BinHub\Scxpx86.dll

2009-07-11 19:34 . 2009-07-11 19:34 451960 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\BinHub\IDSxpx86.dll

2009-07-11 19:34 . 2009-07-11 19:34 397360 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\BinHub\IDSviA64.sys

2009-06-30 13:36 . 2009-07-25 11:08 18696 ----a-w- c:\windows\Help\OEM\scripts\HC_BatteryReplaceNew.exe

2009-06-30 13:10 . 2009-07-25 11:08 18696 ----a-w- c:\windows\Help\OEM\scripts\HC_BatteryNoTravel.exe

2009-06-30 13:03 . 2009-07-25 11:08 18696 ----a-w- c:\windows\Help\OEM\scripts\HC_BatteryAccessories.exe

2009-06-30 10:44 . 2009-07-25 11:08 18184 ----a-w- c:\windows\Help\OEM\scripts\HC_BatteryWeakNew.exe

2009-06-26 16:36 . 2009-07-25 11:08 18184 ----a-w- c:\windows\Help\OEM\scripts\HC_BatteryUpgrade.exe

2009-06-24 10:07 . 2009-06-24 10:07 -------- d-----w- c:\users\sabaj\AppData\Roaming\WildTangent

2009-06-24 10:07 . 2008-11-21 13:37 -------- d-----w- c:\programdata\WildTangent

2009-06-15 15:24 . 2009-07-15 09:53 156672 ----a-w- c:\windows\system32\t2embed.dll

2009-06-15 15:20 . 2009-07-15 09:53 72704 ----a-w- c:\windows\system32\fontsub.dll

2009-06-15 15:20 . 2009-07-15 09:53 10240 ----a-w- c:\windows\system32\dciman32.dll

2009-06-15 12:52 . 2009-07-15 09:53 289792 ----a-w- c:\windows\system32\atmfd.dll

2009-06-14 13:55 . 2009-04-16 14:56 106944 ----a-w- c:\users\sabaj\AppData\Local\GDIPFONTCACHEV1.DAT

2009-06-13 17:34 . 2009-06-13 17:34 5741 ----a-w- c:\program files\hijackthis.log

2009-06-12 17:47 . 2009-06-09 17:25 410984 ----a-w- c:\windows\system32\deploytk.dll

2009-05-26 15:52 . 2009-05-26 15:49 167676 ----a-w- c:\windows\hpqins00.dat

2008-11-21 21:39 . 2008-11-21 21:20 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT

.

((((((((((((((((((((((((((((( SnapShot@2009-08-17_10.34.28 )))))))))))))))))))))))))))))))))))))))))

.

+ 2008-01-21 01:58 . 2009-08-17 15:50 42976 c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin

+ 2006-11-02 13:05 . 2009-08-17 15:50 92054 c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin

- 2009-01-29 13:26 . 2009-08-17 09:51 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2009-01-29 13:26 . 2009-08-17 15:48 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

- 2009-01-29 13:26 . 2009-08-17 09:51 65536 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

+ 2009-01-29 13:26 . 2009-08-17 15:48 65536 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

+ 2009-01-29 13:26 . 2009-08-17 15:48 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

- 2009-01-29 13:26 . 2009-08-17 09:51 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

- 2009-04-16 14:47 . 2009-08-17 09:53 7482 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1909669116-3038768439-1391123093-1000_UserData.bin

+ 2009-04-16 14:47 . 2009-08-17 15:50 7482 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1909669116-3038768439-1391123093-1000_UserData.bin

+ 2009-08-17 15:48 . 2009-08-17 15:48 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

- 2009-08-17 09:51 . 2009-08-17 09:51 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

- 2009-08-17 09:51 . 2009-08-17 09:51 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

+ 2009-08-17 15:48 . 2009-08-17 15:48 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

+ 2006-11-02 10:33 . 2009-08-17 15:55 587178 c:\windows\System32\perfh009.dat

- 2006-11-02 10:33 . 2009-08-17 10:17 587178 c:\windows\System32\perfh009.dat

+ 2006-11-02 10:33 . 2009-08-17 15:55 101250 c:\windows\System32\perfc009.dat

- 2006-11-02 10:33 . 2009-08-17 10:17 101250 c:\windows\System32\perfc009.dat

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"msnmsgr"="c:\program files\MSN Messenger\msnmsgr.exe" [2007-01-19 5674352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-12-10 49152]

"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-06-12 148888]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2008-3-25 214360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]

@="FSFilter Activity Monitor"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]

"{C6D2729D-494C-40FC-B23A-AE625D0F31F1}"= c:\program files\CyberLink\PowerDirector\PDR.EXE:CyberLink PowerDirector

"{FD377D93-E596-4C3A-9D27-4577F49B0ACB}"= c:\program files\HP\QuickPlay\QP.exe:Quick Play

"{132871EA-9DA8-4493-9010-F58E076B2733}"= c:\program files\HP\QuickPlay\QPService.exe:Quick Play Resident Program

"{04F1C3AD-92DB-44E8-8E2A-F8A0BD41E61E}"= c:\program files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)

"{79FD76AB-D9E6-4F42-88FC-3C3BEEF889DC}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote

"{48311FBA-7398-4C3B-8D53-9D11E1F29F83}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote

"{9C55AD3F-C721-4A78-A818-554C43601287}"= UDP:c:\program files\Pando Networks\Media Booster\PMB.exe:Pando Media Booster

"{9A231432-D50C-4EFB-8D94-61A2BD4CF9BE}"= TCP:c:\program files\Pando Networks\Media Booster\PMB.exe:Pando Media Booster

"{1050392E-B175-4131-8DAA-5164423679FC}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]

"EnableFirewall"= 0 (0x0)

"DoNotAllowExceptions"= 1 (0x1)

R0 SymEFA;Symantec Extended File Attributes;c:\windows\System32\drivers\NAV\1005000.086\SymEFA.sys [20/04/2009 18:07 310320]

R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\System32\drivers\NAV\1005000.086\BHDrvx86.sys [20/04/2009 18:07 258608]

R1 ccHP;Symantec Hash Provider;c:\windows\System32\drivers\NAV\1005000.086\cchpx86.sys [20/04/2009 18:06 482352]

R1 IDSVix86;IDSVix86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090810.001\IDSvix86.sys [12/08/2009 14:02 293424]

R2 ezSharedSvc;Easybits Shared Services for Windows;c:\windows\system32\svchost.exe -k netsvcs [21/01/2008 4:23 21504]

R2 Norton AntiVirus;Norton AntiVirus;c:\program files\Norton AntiVirus\Engine\16.5.0.134\ccSvcHst.exe [20/04/2009 18:06 115560]

R2 Recovery Service for Windows;Recovery Service for Windows;c:\program files\SMINST\BLService.exe [21/11/2008 17:08 365952]

R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2/06/2009 22:16 101936]

R3 IntcHdmiAddService;Intel® High Definition Audio HDMI;c:\windows\System32\drivers\IntcHdmi.sys [29/06/2008 16:52 112128]

R3 OA004Ufd;Creative Camera OA004 Upper Filter Driver;c:\windows\System32\drivers\OA004Ufd.sys [3/06/2008 9:30 144672]

R3 OA004Vid;Creative Camera OA004 Function Driver;c:\windows\System32\drivers\OA004Vid.sys [17/07/2008 17:01 269760]

R3 SYMNDISV;Symantec Network Filter Driver;c:\windows\System32\drivers\NAV\1005000.086\symndisv.sys [20/04/2009 18:07 39984]

S3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [21/11/2008 15:34 193840]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs

ezSharedSvc

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]

"c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]

"c:\program files\Common Files\LightScribe\LSRunOnce.exe"

.

Inhoud van de 'Gedeelde Taken' map

2009-08-09 c:\windows\Tasks\OGADaily.job

- c:\windows\system32\OGAVerify.exe [2008-12-31 15:04]

2009-08-17 c:\windows\Tasks\OGALogon.job

- c:\windows\system32\OGAVerify.exe [2008-12-31 15:04]

.

.

------- Bijkomende Scan -------

.

uStart Page = hxxp://www.google.be/

mStart Page = hxxp://www.shareware-ne.com/nl/index.php?rvs=hompag

IE: &AOL-werkbalk Zoeken - c:\programdata\AOL\ieToolbar\resources\nl-BE\local\search.html

IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

Trusted Zone: dogsoftheseas.com\realm01

Trusted Zone: dogsoftheseas.com\www

.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover

Rootkit scan 2009-08-17 18:07

Windows 6.0.6001 Service Pack 1 NTFS

scannen van verborgen processen ...

scannen van verborgen autostart items ...

scannen van verborgen bestanden ...

Scan succesvol afgerond

verborgen bestanden: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Norton AntiVirus]

"ImagePath"="\"c:\program files\Norton AntiVirus\Engine\16.5.0.134\ccSvcHst.exe\" /s \"Norton AntiVirus\" /m \"c:\program files\Norton AntiVirus\Engine\16.5.0.134\diMaster.dll\" /prefetch:1"

.

--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

Voltooingstijd: 2009-08-17 18:11

ComboFix-quarantined-files.txt 2009-08-17 16:11

ComboFix2.txt 2009-08-17 10:38

combofix logje.txt 2009-08-17 10:58

Pre-Run: 230.984.232.960 bytes beschikbaar

Post-Run: 230.446.796.800 bytes beschikbaar

192 --- E O F --- 2009-08-13 10:40

[kape]

Nu is de switch met het tekstbestand inderdaad perfect gelukt Nog problemen nu ... anders kunnen we aan de opruiming beginnen ?

[axel321]

wel nu niet maar de eerste keer dat ik het combofix heb binnen gehaald en de voleedige download voleedig was kreeg ik wel problemen op alles wat ik aan klikte ik kon niets meer doen

en bij de tweede keer het switch had ik dat ook dan moet ik elkens keer pc pc afsluiten en dan is er niets meer aan de hand is dit normaal ?