Ga naar inhoud

Aanbevolen berichten

Geplaatst:

Hallo iedereen,

Als ik even kijk naar de recente topics hier niet de enige die hier last van heeft . :argh:

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 21:26:33, on 17/03/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16608)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\ZoneLabs\vsmon.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

C:\WINDOWS\system32\spoolsv.exe

C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe

C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe

C:\PROGRA~1\Grisoft\AVG7\avgemc.exe

C:\WINDOWS\System32\nvsvc32.exe

C:\WINDOWS\RTHDCPL.EXE

C:\WINDOWS\System32\winsys2.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe

C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe

C:\PROGRA~1\Grisoft\AVG7\avgcc.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\WINDOWS\system32\Rundll32.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\PROGRA~1\Grisoft\AVG7\avgwb.dat

C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe

C:\Program Files\Lavasoft\Ad-Aware 2007\Ad-Aware2007.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com

O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (file missing)

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE

O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\WINDOWS\RaidTool\xInsIDE.exe

O4 - HKLM\..\Run: [36X Raid Configurer] C:\WINDOWS\System32\xRaidSetup.exe boot

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [sW20] C:\WINDOWS\System32\sw20.exe

O4 - HKLM\..\Run: [sW24] C:\WINDOWS\System32\sw24.exe

O4 - HKLM\..\Run: [WinSys2] C:\WINDOWS\System32\winsys2.exe

O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"

O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033

O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP

O4 - HKLM\..\Run: [MSN Messenger] live.messenger.com

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [688702f8] rundll32.exe "C:\WINDOWS\system32\ifwyhxev.dll",b

O4 - HKLM\..\Run: [bM6bb43164] Rundll32.exe "C:\WINDOWS\system32\rraojjrb.dll",s

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [bitTorrent DNA] "C:\Program Files\DNA\btdna.exe"

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1194039297078

O16 - DPF: {6E718D87-6909-4FCE-92D4-EDCB2F725727} (Navigram Control) - http://www.navigram.com/engine/v906/Navigram.cab

O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe

O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe

O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe (file missing)

O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe (file missing)

O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--

End of file - 6820 bytes

Geplaatst:
Als ik even kijk naar de recente topics hier niet de enige die hier last van heeft.
Neen, dat lijkt een echte plaag te worden :laugh:

Download Combofix en zet het op je Bureaublad.

Start Hijackthis op en kies voor 'Do a system scan only'. Selecteer alleen de items hieronder genoemd:

O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (file missing)

O4 - HKLM\..\Run: [MSN Messenger] live.messenger.com

O4 - HKLM\..\Run: [688702f8] rundll32.exe "C:\WINDOWS\system32\ifwyhxev.dll",b

O4 - HKLM\..\Run: [bM6bb43164] Rundll32.exe "C:\WINDOWS\system32\rraojjrb.dll",s

O4 - HKCU\..\Run: [bitTorrent DNA] "C:\Program Files\DNA\btdna.exe"

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)

Klik op 'Fix checked' om de items te verwijderen.

Verwijder volgend vetgedrukt bestand via Windows Verkenner.

C:\WINDOWS\System32\winsys2.exe

Dubbelklik op Combofix.exe en volg de instructies, aanvaard de disclaimer door y te typen. Tijdens het runnen van de fix, NIET in het venster klikken, want dit zal je pc doen vasthangen.

Wanneer de fix voltooid is en na herstart, zal de log combofix.txt openen.

NOTA: Indien je virusscanner reageert met een melding van een scriptuitvoering, moet je dit toestaan

Hang een nieuw log van HJT en het log van Combofix aan je volgend bericht.

Geplaatst:

Combofix :

ComboFix 08-03-17.1 - Tom Peys 2008-03-18 17:57:12.1 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1592 [GMT 1:00]

Running from: C:\Documents and Settings\Tom Peys\Desktop\ComboFix.exe

* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\Documents and Settings\Tom Peys\Application Data\macromedia\Flash Player\#SharedObjects\EL6R39EC\iforex.com

C:\Documents and Settings\Tom Peys\Application Data\macromedia\Flash Player\#SharedObjects\EL6R39EC\iforex.com\Emerp\Events\flash_object.swf\user_data.sol

C:\Documents and Settings\Tom Peys\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#iforex.com

C:\Documents and Settings\Tom Peys\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#iforex.com\settings.sol

C:\WINDOWS\BM6bb43164.xml

C:\WINDOWS\pskt.ini

C:\WINDOWS\system32\awtrqrr.dll

C:\WINDOWS\system32\bbuiqion.dll

C:\WINDOWS\system32\bccdd.ini

C:\WINDOWS\system32\bccdd.ini2

C:\WINDOWS\system32\efccbya.dll

C:\WINDOWS\system32\fccddby.dll

C:\WINDOWS\system32\ihhkj.ini

C:\WINDOWS\system32\ihhkj.ini2

C:\WINDOWS\system32\mljgday.dll

C:\WINDOWS\system32\mljihge.dll

C:\WINDOWS\system32\rnfqjnfe.dll

C:\WINDOWS\system32\rqtss.ini

C:\WINDOWS\system32\rqtss.ini2

C:\WINDOWS\system32\rraojjrb.dll

C:\WINDOWS\system32\ssqnmnn.dll

C:\WINDOWS\system32\sstqr.dll

C:\WINDOWS\system32\ttutv.ini

C:\WINDOWS\system32\ttutv.ini2

C:\WINDOWS\system32\winsys.exe

C:\WINDOWS\system32\wvuspnn.dll

.

((((((((((((((((((((((((( Files Created from 2008-02-18 to 2008-03-18 )))))))))))))))))))))))))))))))

.

2008-03-17 21:25 . 2008-03-17 21:25 <DIR> d-------- C:\Program Files\Trend Micro

2008-03-17 20:55 . 2008-03-17 20:55 294 ---hs---- C:\WINDOWS\system32\vexhywfi.ini

2008-03-17 20:17 . 2008-03-17 20:18 <DIR> d-------- C:\Program Files\Windows Live

2008-03-17 18:12 . 2008-03-17 18:13 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\AVG7

2008-03-16 11:09 . 2008-03-16 11:09 <DIR> d-------- C:\Program Files\iPod

2008-03-16 09:54 . 2007-12-07 03:21 6,066,176 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll

2008-03-16 09:54 . 2007-07-01 04:31 2,455,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dat

2008-03-16 09:54 . 2007-07-01 04:36 991,232 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll.mui

2008-03-16 09:54 . 2007-12-07 03:21 459,264 -----c--- C:\WINDOWS\system32\dllcache\msfeeds.dll

2008-03-16 09:54 . 2007-12-07 03:21 383,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dll

2008-03-16 09:54 . 2007-12-07 03:21 267,776 -----c--- C:\WINDOWS\system32\dllcache\iertutil.dll

2008-03-16 09:54 . 2007-12-07 03:21 63,488 -----c--- C:\WINDOWS\system32\dllcache\icardie.dll

2008-03-16 09:54 . 2007-12-07 03:21 52,224 -----c--- C:\WINDOWS\system32\dllcache\msfeedsbs.dll

2008-03-16 09:54 . 2007-08-13 18:54 33,792 --a--c--- C:\WINDOWS\system32\dllcache\custsat.dll

2008-03-16 09:54 . 2007-12-06 12:00 13,824 -----c--- C:\WINDOWS\system32\dllcache\ieudinit.exe

2008-03-14 08:02 . 2008-03-16 23:17 234 --a------ C:\WINDOWS\wininit.ini

2008-03-13 17:58 . 2008-03-13 17:58 <DIR> d--h----- C:\WINDOWS\PIF

2008-03-05 17:49 . 2008-03-18 17:43 <DIR> d-------- C:\Documents and Settings\Tom Peys\Application Data\AVG7

2008-03-05 17:48 . 2008-03-05 17:48 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\AVG7

2008-03-05 17:48 . 2008-03-05 17:48 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft

2008-03-05 17:44 . 2008-03-17 21:05 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Avg7

2008-03-05 07:16 . 2008-03-05 07:15 691,545 --a------ C:\WINDOWS\unins000.exe

2008-03-05 07:16 . 2008-03-05 07:16 2,541 --a------ C:\WINDOWS\unins000.dat

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-03-18 17:00 55,345,184 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat

2008-03-18 16:59 650,648 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx

2008-03-17 19:17 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller

2008-03-17 06:28 2,234,368 ----a-w C:\WINDOWS\Internet Logs\xDB10.tmp

2008-03-16 19:06 --------- d-----w C:\Program Files\Soulseek-Test

2008-03-16 14:04 2,226,176 ----a-w C:\WINDOWS\Internet Logs\xDBF.tmp

2008-03-16 10:09 --------- d-----w C:\Program Files\iTunes

2008-03-16 09:28 --------- d-----w C:\Documents and Settings\Tom Peys\Application Data\DNA

2008-03-16 03:23 --------- d-----w C:\Program Files\Java

2008-03-05 17:11 --------- d-----w C:\Program Files\Spybot - Search & Destroy

2008-03-04 19:51 2,160,128 ----a-w C:\WINDOWS\Internet Logs\xDBE.tmp

2008-03-04 19:51 1,624,064 ----a-w C:\WINDOWS\Internet Logs\xDBD.tmp

2008-03-04 16:42 2,158,080 ----a-w C:\WINDOWS\Internet Logs\xDBC.tmp

2008-02-28 18:43 3,568,128 ----a-w C:\WINDOWS\Internet Logs\xDBA.tmp

2008-02-28 18:43 2,154,496 ----a-w C:\WINDOWS\Internet Logs\xDBB.tmp

2008-02-28 18:31 2,153,984 ----a-w C:\WINDOWS\Internet Logs\xDB9.tmp

2008-02-24 21:45 --------- d--h--w C:\Program Files\InstallShield Installation Information

2008-02-24 21:45 --------- d-----w C:\Program Files\Activision

2008-02-19 18:47 2,136,064 ----a-w C:\WINDOWS\Internet Logs\xDB8.tmp

2008-02-19 17:26 3,617,706 ----a-w C:\WINDOWS\Internet Logs\tvDebug.zip

2008-02-18 12:58 1,800,192 ----a-w C:\WINDOWS\Internet Logs\xDB7.tmp

2008-02-17 12:44 1,734,656 ----a-w C:\WINDOWS\Internet Logs\xDB6.tmp

2008-02-16 23:10 --------- d-----w C:\Documents and Settings\Tom Peys\Application Data\BitTorrent

2008-02-14 19:21 --------- d-----w C:\Program Files\D-Tools

2008-02-14 07:14 --------- d-----w C:\Program Files\SystemRequirementsLab

2008-02-14 07:14 --------- d-----w C:\Documents and Settings\Tom Peys\Application Data\SystemRequirementsLab

2008-02-14 06:35 --------- d-----w C:\Program Files\Starcraft

2008-02-13 19:40 22,328 ----a-w C:\Documents and Settings\Tom Peys\Application Data\PnkBstrK.sys

2008-02-13 17:26 --------- d-----w C:\Documents and Settings\Tom Peys\Application Data\WinMount

2008-02-08 21:24 --------- d-----w C:\Program Files\Common Files\Ahead

2008-02-08 21:24 --------- d-----w C:\Program Files\Ahead

2008-02-07 20:35 --------- d-----w C:\Program Files\QuickTime

2008-02-05 19:19 43,520 ----a-w C:\WINDOWS\system32\CmdLineExt03.dll

2008-02-05 19:19 --------- d-----w C:\Program Files\Diablo 2

2008-02-04 17:34 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft

2008-01-13 12:09 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe

2007-12-18 17:52 1,524,224 ----a-w C:\WINDOWS\Internet Logs\xDB5.tmp

2007-10-27 08:37 671,232 ----a-w C:\WINDOWS\Internet Logs\xDB3.tmp

2007-10-27 08:37 128,087 ----a-w C:\WINDOWS\Internet Logs\vsmon_2nd_2007_10_27_10_37_03_small.dmp.zip

2007-10-24 05:05 135,001 ----a-w C:\WINDOWS\Internet Logs\vsmon_2nd_2007_10_24_07_05_04_small.dmp.zip

2007-10-24 05:05 1,810,944 ----a-w C:\WINDOWS\Internet Logs\xDB1.tmp

2006-06-23 22:48 32,768 ----a-r C:\WINDOWS\inf\UpdateUSB.exe

2001-12-31 23:01 1,496,064 ----a-w C:\WINDOWS\Internet Logs\xDB4.tmp

2001-12-31 22:01 37,376 ----a-w C:\WINDOWS\Internet Logs\xDB2.tmp

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0CB230D6-B00B-4BFF-AB9B-0CD95DAABD68}]

C:\WINDOWS\system32\jkhhi.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{175829ac-8ade-491e-999c-f8d3fc45ee7a}]

C:\WINDOWS\system32\oubsmdgs.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A0820972-8181-4EDC-8D05-93452221BD88}]

C:\WINDOWS\system32\vtutt.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C401A6C0-CAD3-4F8E-9962-03B9BD36666F}]

C:\WINDOWS\system32\ddccb.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:56 15360]

"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RTHDCPL"="RTHDCPL.EXE" [2007-03-21 15:49 16126464 C:\WINDOWS\RTHDCPL.exe]

"JMB36X IDE Setup"="C:\WINDOWS\RaidTool\xInsIDE.exe" [2007-03-20 15:36 36864]

"36X Raid Configurer"="C:\WINDOWS\System32\xRaidSetup.exe" [2007-03-21 17:23 1953792]

"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2007-09-17 00:07 8491008]

"nwiz"="nwiz.exe" [2007-04-12 16:44 1626112 C:\WINDOWS\system32\nwiz.exe]

"SW20"="C:\WINDOWS\System32\sw20.exe" [2006-12-15 03:58 208896]

"SW24"="C:\WINDOWS\System32\sw24.exe" [2006-12-15 03:58 69632]

"WinSys2"="C:\WINDOWS\System32\winsys2.exe" [ ]

"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [ ]

"NvMediaCenter"="C:\WINDOWS\System32\NvMcTray.dll" [2007-09-17 00:07 81920]

"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]

"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-11-14 16:05 919016]

"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-01-31 23:13 385024]

"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648]

"DAEMON Tools-1033"="C:\Program Files\D-Tools\daemon.exe" [2004-08-22 17:05 81920]

"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-03-05 17:49 579072]

"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-02-19 13:10 267048]

"688702f8"="C:\WINDOWS\system32\ifwyhxev.dll" [ ]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-04 00:56 15360]

"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2008-03-05 17:48 219136]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\fccddby]

fccddby.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]

"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"C:\\Program Files\\Soulseek-Test\\slsk.exe"=

"C:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=

"C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"=

"C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"=

"C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"=

"C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"C:\\Program Files\\iTunes\\iTunes.exe"=

"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

R3 AtcL001;NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Controller;C:\WINDOWS\system32\DRIVERS\atl01_xp.sys [2007-03-15 15:12]

.

Contents of the 'Scheduled Tasks' folder

"2007-10-16 16:38:12 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"

- C:\Program Files\Apple Software Update\SoftwareUpdate.exe

"2008-03-18 06:32:00 C:\WINDOWS\Tasks\Controleren op updates voor Windows Live Toolbar.job"

- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE

.

**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-03-18 18:01:00

Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

------------------------ Other Running Processes ------------------------

.

C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe

C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe

C:\PROGRA~1\Grisoft\AVG7\avgemc.exe

C:\WINDOWS\System32\nvsvc32.exe

C:\WINDOWS\System32\wdfmgr.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Program Files\iPod\bin\iPodService.exe

.

**************************************************************************

.

Completion time: 2008-03-18 18:02:28 - machine was rebooted

ComboFix-quarantined-files.txt 2008-03-18 17:02:25

.

2008-03-17 19:45:08 --- E O F ---

HJT :

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 18:04:16, on 18/03/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16608)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\ZoneLabs\vsmon.exe

C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\RTHDCPL.EXE

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe

C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe

C:\Program Files\D-Tools\daemon.exe

C:\PROGRA~1\Grisoft\AVG7\avgcc.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe

C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe

C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe

C:\PROGRA~1\Grisoft\AVG7\avgemc.exe

C:\WINDOWS\System32\nvsvc32.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\WINDOWS\explorer.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {0CB230D6-B00B-4BFF-AB9B-0CD95DAABD68} - C:\WINDOWS\system32\jkhhi.dll (file missing)

O2 - BHO: {a7ee54cf-3d8f-c999-e194-eda8ca928571} - {175829ac-8ade-491e-999c-f8d3fc45ee7a} - C:\WINDOWS\system32\oubsmdgs.dll (file missing)

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: (no name) - {A0820972-8181-4EDC-8D05-93452221BD88} - C:\WINDOWS\system32\vtutt.dll (file missing)

O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (file missing)

O2 - BHO: (no name) - {C401A6C0-CAD3-4F8E-9962-03B9BD36666F} - C:\WINDOWS\system32\ddccb.dll (file missing)

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\WINDOWS\RaidTool\xInsIDE.exe

O4 - HKLM\..\Run: [36X Raid Configurer] C:\WINDOWS\System32\xRaidSetup.exe boot

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [sW20] C:\WINDOWS\System32\sw20.exe

O4 - HKLM\..\Run: [sW24] C:\WINDOWS\System32\sw24.exe

O4 - HKLM\..\Run: [WinSys2] C:\WINDOWS\System32\winsys2.exe

O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"

O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033

O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [688702f8] rundll32.exe "C:\WINDOWS\system32\ifwyhxev.dll",b

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1194039297078

O16 - DPF: {6E718D87-6909-4FCE-92D4-EDCB2F725727} (Navigram Control) - http://www.navigram.com/engine/v906/Navigram.cab

O20 - Winlogon Notify: fccddby - fccddby.dll (file missing)

O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe

O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe

O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe (file missing)

O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe (file missing)

O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--

End of file - 7361 bytes

Geplaatst:

Start Hijackthis op en kies voor 'Do a system scan only'. Selecteer alleen de items hieronder genoemd:

O2 - BHO: (no name) - {0CB230D6-B00B-4BFF-AB9B-0CD95DAABD68} - C:\WINDOWS\system32\jkhhi.dll (file missing)

O2 - BHO: {a7ee54cf-3d8f-c999-e194-eda8ca928571} - {175829ac-8ade-491e-999c-f8d3fc45ee7a} - C:\WINDOWS\system32\oubsmdgs.dll (file missing)

O2 - BHO: (no name) - {A0820972-8181-4EDC-8D05-93452221BD88} - C:\WINDOWS\system32\vtutt.dll (file missing)

O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (file missing)

O2 - BHO: (no name) - {C401A6C0-CAD3-4F8E-9962-03B9BD36666F} - C:\WINDOWS\system32\ddccb.dll (file missing)

O4 - HKLM\..\Run: [688702f8] rundll32.exe "C:\WINDOWS\system32\ifwyhxev.dll",b

O20 - Winlogon Notify: fccddby - fccddby.dll (file missing)

O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe (file missing)

O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe (file missing)

Klik op 'Fix checked' om de items te verwijderen.

Open een kladblokbestand.

Kopieer en plak daarin de onderstaande vetgedrukte tekst.

File::

C:\WINDOWS\system32\vexhywfi.ini

Registry::

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0CB230D6-B00B-4BFF-AB9B-0CD95DAABD68}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{175829ac-8ade-491e-999c-f8d3fc45ee7a}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A0820972-8181-4EDC-8D05-93452221BD88}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C401A6C0-CAD3-4F8E-9962-03B9BD36666F}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C401A6C0-CAD3-4F8E-9962-03B9BD36666F}]

"WinSys2"="C:\WINDOWS\System32\winsys2.exe" [ ]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\fccddby]

Sla dit bestand op je bureaublad op als CFScript.txt.

Sleep CFScript.txt in ComboFix.exe

Dit zal ComboFix doen herstarten. Start opnieuw op als dat gevraagd wordt.

Post na herstart de inhoud van de Combofix.txt in je volgende antwoord samen met een nieuw logje van HijackThis.

Geplaatst:

Combo :

ComboFix 08-03-17.1 - Tom Peys 2008-03-18 22:37:49.2 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1655 [GMT 1:00]

Running from: C:\Documents and Settings\Tom Peys\Desktop\ComboFix.exe

Command switches used :: C:\Documents and Settings\Tom Peys\Desktop\CFScript.txt

* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::

C:\WINDOWS\system32\vexhywfi.ini

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\WINDOWS\system32\vexhywfi.ini

.

((((((((((((((((((((((((( Files Created from 2008-02-18 to 2008-03-18 )))))))))))))))))))))))))))))))

.

2008-03-17 21:25 . 2008-03-17 21:25 <DIR> d-------- C:\Program Files\Trend Micro

2008-03-17 20:17 . 2008-03-17 20:18 <DIR> d-------- C:\Program Files\Windows Live

2008-03-17 18:12 . 2008-03-17 18:13 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\AVG7

2008-03-16 11:09 . 2008-03-16 11:09 <DIR> d-------- C:\Program Files\iPod

2008-03-16 09:54 . 2007-12-07 03:21 6,066,176 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll

2008-03-16 09:54 . 2007-07-01 04:31 2,455,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dat

2008-03-16 09:54 . 2007-07-01 04:36 991,232 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll.mui

2008-03-16 09:54 . 2007-12-07 03:21 459,264 -----c--- C:\WINDOWS\system32\dllcache\msfeeds.dll

2008-03-16 09:54 . 2007-12-07 03:21 383,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dll

2008-03-16 09:54 . 2007-12-07 03:21 267,776 -----c--- C:\WINDOWS\system32\dllcache\iertutil.dll

2008-03-16 09:54 . 2007-12-07 03:21 63,488 -----c--- C:\WINDOWS\system32\dllcache\icardie.dll

2008-03-16 09:54 . 2007-12-07 03:21 52,224 -----c--- C:\WINDOWS\system32\dllcache\msfeedsbs.dll

2008-03-16 09:54 . 2007-08-13 18:54 33,792 --a--c--- C:\WINDOWS\system32\dllcache\custsat.dll

2008-03-16 09:54 . 2007-12-06 12:00 13,824 -----c--- C:\WINDOWS\system32\dllcache\ieudinit.exe

2008-03-14 08:02 . 2008-03-16 23:17 234 --a------ C:\WINDOWS\wininit.ini

2008-03-13 17:58 . 2008-03-13 17:58 <DIR> d--h----- C:\WINDOWS\PIF

2008-03-05 17:49 . 2008-03-18 17:43 <DIR> d-------- C:\Documents and Settings\Tom Peys\Application Data\AVG7

2008-03-05 17:48 . 2008-03-05 17:48 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\AVG7

2008-03-05 17:48 . 2008-03-05 17:48 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft

2008-03-05 17:44 . 2008-03-17 21:05 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Avg7

2008-03-05 07:16 . 2008-03-05 07:15 691,545 --a------ C:\WINDOWS\unins000.exe

2008-03-05 07:16 . 2008-03-05 07:16 2,541 --a------ C:\WINDOWS\unins000.dat

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-03-18 21:39 55,406,624 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat

2008-03-18 16:59 650,648 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx

2008-03-17 19:17 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller

2008-03-17 06:28 2,234,368 ----a-w C:\WINDOWS\Internet Logs\xDB10.tmp

2008-03-16 19:06 --------- d-----w C:\Program Files\Soulseek-Test

2008-03-16 14:04 2,226,176 ----a-w C:\WINDOWS\Internet Logs\xDBF.tmp

2008-03-16 10:09 --------- d-----w C:\Program Files\iTunes

2008-03-16 09:28 --------- d-----w C:\Documents and Settings\Tom Peys\Application Data\DNA

2008-03-16 03:23 --------- d-----w C:\Program Files\Java

2008-03-05 17:11 --------- d-----w C:\Program Files\Spybot - Search & Destroy

2008-03-04 19:51 2,160,128 ----a-w C:\WINDOWS\Internet Logs\xDBE.tmp

2008-03-04 19:51 1,624,064 ----a-w C:\WINDOWS\Internet Logs\xDBD.tmp

2008-03-04 16:42 2,158,080 ----a-w C:\WINDOWS\Internet Logs\xDBC.tmp

2008-02-28 18:43 3,568,128 ----a-w C:\WINDOWS\Internet Logs\xDBA.tmp

2008-02-28 18:43 2,154,496 ----a-w C:\WINDOWS\Internet Logs\xDBB.tmp

2008-02-28 18:31 2,153,984 ----a-w C:\WINDOWS\Internet Logs\xDB9.tmp

2008-02-24 21:45 --------- d--h--w C:\Program Files\InstallShield Installation Information

2008-02-24 21:45 --------- d-----w C:\Program Files\Activision

2008-02-19 18:47 2,136,064 ----a-w C:\WINDOWS\Internet Logs\xDB8.tmp

2008-02-19 17:26 3,617,706 ----a-w C:\WINDOWS\Internet Logs\tvDebug.zip

2008-02-18 12:58 1,800,192 ----a-w C:\WINDOWS\Internet Logs\xDB7.tmp

2008-02-17 12:44 1,734,656 ----a-w C:\WINDOWS\Internet Logs\xDB6.tmp

2008-02-16 23:10 --------- d-----w C:\Documents and Settings\Tom Peys\Application Data\BitTorrent

2008-02-14 19:21 --------- d-----w C:\Program Files\D-Tools

2008-02-14 07:14 --------- d-----w C:\Program Files\SystemRequirementsLab

2008-02-14 07:14 --------- d-----w C:\Documents and Settings\Tom Peys\Application Data\SystemRequirementsLab

2008-02-14 06:35 --------- d-----w C:\Program Files\Starcraft

2008-02-13 19:40 22,328 ----a-w C:\Documents and Settings\Tom Peys\Application Data\PnkBstrK.sys

2008-02-13 17:26 --------- d-----w C:\Documents and Settings\Tom Peys\Application Data\WinMount

2008-02-08 21:24 --------- d-----w C:\Program Files\Common Files\Ahead

2008-02-08 21:24 --------- d-----w C:\Program Files\Ahead

2008-02-07 20:35 --------- d-----w C:\Program Files\QuickTime

2008-02-05 19:19 43,520 ----a-w C:\WINDOWS\system32\CmdLineExt03.dll

2008-02-05 19:19 --------- d-----w C:\Program Files\Diablo 2

2008-02-04 17:34 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft

2008-01-13 12:09 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe

2007-12-18 17:52 1,524,224 ----a-w C:\WINDOWS\Internet Logs\xDB5.tmp

2007-10-27 08:37 671,232 ----a-w C:\WINDOWS\Internet Logs\xDB3.tmp

2007-10-27 08:37 128,087 ----a-w C:\WINDOWS\Internet Logs\vsmon_2nd_2007_10_27_10_37_03_small.dmp.zip

2007-10-24 05:05 135,001 ----a-w C:\WINDOWS\Internet Logs\vsmon_2nd_2007_10_24_07_05_04_small.dmp.zip

2007-10-24 05:05 1,810,944 ----a-w C:\WINDOWS\Internet Logs\xDB1.tmp

2006-06-23 22:48 32,768 ----a-r C:\WINDOWS\inf\UpdateUSB.exe

2001-12-31 23:01 1,496,064 ----a-w C:\WINDOWS\Internet Logs\xDB4.tmp

2001-12-31 22:01 37,376 ----a-w C:\WINDOWS\Internet Logs\xDB2.tmp

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:56 15360]

"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RTHDCPL"="RTHDCPL.EXE" [2007-03-21 15:49 16126464 C:\WINDOWS\RTHDCPL.exe]

"JMB36X IDE Setup"="C:\WINDOWS\RaidTool\xInsIDE.exe" [2007-03-20 15:36 36864]

"36X Raid Configurer"="C:\WINDOWS\System32\xRaidSetup.exe" [2007-03-21 17:23 1953792]

"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2007-09-17 00:07 8491008]

"nwiz"="nwiz.exe" [2007-04-12 16:44 1626112 C:\WINDOWS\system32\nwiz.exe]

"SW20"="C:\WINDOWS\System32\sw20.exe" [2006-12-15 03:58 208896]

"SW24"="C:\WINDOWS\System32\sw24.exe" [2006-12-15 03:58 69632]

"WinSys2"="C:\WINDOWS\System32\winsys2.exe" [ ]

"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [ ]

"NvMediaCenter"="C:\WINDOWS\System32\NvMcTray.dll" [2007-09-17 00:07 81920]

"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]

"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-11-14 16:05 919016]

"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-01-31 23:13 385024]

"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648]

"DAEMON Tools-1033"="C:\Program Files\D-Tools\daemon.exe" [2004-08-22 17:05 81920]

"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-03-05 17:49 579072]

"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-02-19 13:10 267048]

"688702f8"="C:\WINDOWS\system32\ifwyhxev.dll" [ ]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-04 00:56 15360]

"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2008-03-05 17:48 219136]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\fccddby]

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]

"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"C:\\Program Files\\Soulseek-Test\\slsk.exe"=

"C:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=

"C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"=

"C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"=

"C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"=

"C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"C:\\Program Files\\iTunes\\iTunes.exe"=

"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

R3 AtcL001;NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Controller;C:\WINDOWS\system32\DRIVERS\atl01_xp.sys [2007-03-15 15:12]

.

Contents of the 'Scheduled Tasks' folder

"2007-10-16 16:38:12 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"

- C:\Program Files\Apple Software Update\SoftwareUpdate.exe

"2008-03-18 21:32:00 C:\WINDOWS\Tasks\Controleren op updates voor Windows Live Toolbar.job"

- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE

.

**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-03-18 22:39:11

Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

Completion time: 2008-03-18 22:39:34

ComboFix-quarantined-files.txt 2008-03-18 21:39:32

ComboFix2.txt 2008-03-18 17:02:29

.

2008-03-17 19:45:08 --- E O F ---

HJT :

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 22:40:36, on 18/03/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16608)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\ZoneLabs\vsmon.exe

C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

C:\WINDOWS\system32\spoolsv.exe

C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe

C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe

C:\PROGRA~1\Grisoft\AVG7\avgemc.exe

C:\WINDOWS\System32\nvsvc32.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe

C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\explorer.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (file missing)

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\WINDOWS\RaidTool\xInsIDE.exe

O4 - HKLM\..\Run: [36X Raid Configurer] C:\WINDOWS\System32\xRaidSetup.exe boot

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [sW20] C:\WINDOWS\System32\sw20.exe

O4 - HKLM\..\Run: [sW24] C:\WINDOWS\System32\sw24.exe

O4 - HKLM\..\Run: [WinSys2] C:\WINDOWS\System32\winsys2.exe

O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"

O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033

O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [688702f8] rundll32.exe "C:\WINDOWS\system32\ifwyhxev.dll",b

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1194039297078

O16 - DPF: {6E718D87-6909-4FCE-92D4-EDCB2F725727} (Navigram Control) - http://www.navigram.com/engine/v906/Navigram.cab

O20 - Winlogon Notify: fccddby - C:\WINDOWS\

O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe

O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe

O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--

End of file - 6361 bytes

Geplaatst:

Dat ziet er al beter uit, maar we zijn er nog niet :

Download VundoFix naar je bureaublad.

[*]Dubbelklik VundoFix.exe om het te starten.

[*]Klik op de Scan for Vundo knop.

[*]Eenmaal gedaan met scannen, klik op de Remove Vundo knop.

[*]Je zal een melding krijgen of je de bestanden wilt laten verwijderen, klik YES

[*]Nadat je Yes hebt geklikt, zullen de icoontjes op je Bureaublad verdwijnen tijdens het verwijderen van Vundo.

[*]Wanneer voltooid zal je de melding krijgen dat het je PC zal afsluiten, klik OK.

[*]Start je pc terug opnieuw op.

Nota: Het is mogelijk dat VundoFix een bestand vindt dat niet kan verwijderd worden. In dit geval zal VundoFix na het heropstarten van je pc nog eens opstarten. Dan moet je de instructies van hierboven nog eens uitvoeren vanaf: "Klik op Scan for Vundo."

Post de inhoud van C:\vundofix.txt en een nieuwe hijackthislog in je volgende post.

Geplaatst:

Zeer zeker :

VundoFix V7.0.3

Scan started at 23:33:44 18/03/2008

Listing files found while scanning....

No infected files were found.

VundoFix V7.0.3

Scan started at 23:40:18 18/03/2008

Listing files found while scanning....

No infected files were found.

VundoFix V7.0.3

Scan started at 23:48:58 18/03/2008

Listing files found while scanning....

No infected files were found.

VundoFix V7.0.3

Scan started at 23:58:45 18/03/2008

Listing files found while scanning....

No infected files were found.

VundoFix V7.0.3

Scan started at 18:02:06 19/03/2008

Listing files found while scanning....

No infected files were found.

HJT :

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 18:09:29, on 19/03/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16608)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\ZoneLabs\vsmon.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

C:\WINDOWS\system32\spoolsv.exe

C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe

C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe

C:\PROGRA~1\Grisoft\AVG7\avgemc.exe

C:\WINDOWS\System32\nvsvc32.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\RTHDCPL.EXE

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe

C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe

C:\PROGRA~1\Grisoft\AVG7\avgcc.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (file missing)

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\WINDOWS\RaidTool\xInsIDE.exe

O4 - HKLM\..\Run: [36X Raid Configurer] C:\WINDOWS\System32\xRaidSetup.exe boot

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [sW20] C:\WINDOWS\System32\sw20.exe

O4 - HKLM\..\Run: [sW24] C:\WINDOWS\System32\sw24.exe

O4 - HKLM\..\Run: [WinSys2] C:\WINDOWS\System32\winsys2.exe

O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"

O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033

O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [688702f8] rundll32.exe "C:\WINDOWS\system32\ifwyhxev.dll",b

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1194039297078

O16 - DPF: {6E718D87-6909-4FCE-92D4-EDCB2F725727} (Navigram Control) - http://www.navigram.com/engine/v906/Navigram.cab

O20 - Winlogon Notify: fccddby - C:\WINDOWS\

O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe

O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe

O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--

End of file - 6516 bytes

Geplaatst:

Volgende stap :

Zet een snelkoppeling naar Panda ActiveScan op je bureaublad.

Start Hijackthis op en kies voor 'Do a system scan only'. Selecteer alleen de items hieronder genoemd:

O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (file missing)

O4 - HKLM\..\Run: [688702f8] rundll32.exe "C:\WINDOWS\system32\ifwyhxev.dll",b

O20 - Winlogon Notify: fccddby - C:\WINDOWS\

Klik op 'Fix checked' om de items te verwijderen.

Verwijder met Windows Verkenner volgend vetgedrukt bestand

C:\WINDOWS\system32\ifwyhxev.dll

Dubbelklik op de snelkoppeling van Panda ActiveScan en doe een Full Systemscan

Zet de resultaten van deze scan en een nieuw log van HJT in een volgend bericht.

Gast
Dit topic is nu gesloten voor nieuwe reacties.
×
×
  • Nieuwe aanmaken...

Belangrijke informatie

We hebben cookies geplaatst op je toestel om deze website voor jou beter te kunnen maken. Je kunt de cookie instellingen aanpassen, anders gaan we er van uit dat het goed is om verder te gaan.