Ga naar inhoud

Aanbevolen berichten

Geplaatst:

Hallo iedereen,

Ik heb de laatste tijd nogal problemen met men pc. Zo komt er heel vaak plots in het scherm iets van 'security system warning' en 'system integrity scan wizard', ook al wil ik dit dus totaal niet. Verder krijg ik vaak een scherm waarin staat dat ik iets zou moeten downloaden (ik moet daar dan wel ook nog voor betalen) omdat c:\WINDOWS\wml.exe iets besmet zou zijn. Dus volgens mij zit ik ier met veel virussen of spyware ofzo en ik weet niet echt wat hieraan te doen :s. Ik heb AVG, ad-aware personal, en spybot search and destroy al laten lopen, maar ik krijg nog steeds deze meldingen icon_frown.gif

voorbeelden van de meldingen: zie bijlage ! :)

Geplaatst:

Je hebt inderdaad spyware/adware aan boord van je PC. Maak een log met HiJackThis en hand dit aan een volgend bericht. Dan kijken we even mee of we de oorzaak kunnen opsporen.

Geplaatst:

HiJackThis logje:

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 23:03:03, on 22/03/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16608)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\WINDOWS\arservice.exe

C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe

C:\WINDOWS\eHome\ehRecvr.exe

C:\WINDOWS\eHome\ehSched.exe

C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Common Files\LightScribe\LSSrvc.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\PnkBstrA.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\dllhost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\ehome\ehtray.exe

C:\windows\system\hpsysdrv.exe

C:\WINDOWS\RTHDCPL.EXE

C:\WINDOWS\eHome\ehmsas.exe

C:\WINDOWS\ARPWRMSG.EXE

C:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe

C:\HP\KBD\KBD.EXE

C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe

C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe

C:\Program Files\D-Link\AirPlus G\AirGCFG.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe

C:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\Program Files\Search Settings\SearchSettings.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\hwcwonum.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe

C:\Program Files\Google\Google Updater\GoogleUpdater.exe

C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

C:\Program Files\Logitech\SetPoint\SetPoint.exe

C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE

C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe

C:\Program Files\Java\jre1.5.0_06\bin\jucheck.exe

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\Program Files\Windows Live\Messenger\usnsvc.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\PrevxCSI\PrevxCSI.exe

C:\Program Files\PrevxCSI\PrevxCSI.exe

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\WINDOWS\System32\Rundll32.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\distnoted.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Yahoo! Nederland

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Yahoo! Zoeken - zoeken op het web

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Live Search:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Yahoo! Zoeken - zoeken op het web

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = Customize Your Settings

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen

R3 - URLSearchHook: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb126\SearchSettings.dll

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: GNX Bingo - {837A022B-C2C0-4EE3-B2AC-6B896C38B030} - C:\WINDOWS\drnpfdxlwn.dll (file missing)

O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: cpmsky.biz browser optimizer - {BCA95E31-1FBF-4F84-8F23-1BA653007A1E} - C:\WINDOWS\system32\cpmsky.dll

O2 - BHO: System - {D1C8F9CE-563E-11D8-813C-005022E14DE2} - (no file)

O2 - BHO: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb126\SearchSettings.dll

O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe

O4 - HKLM\..\Run: [ftutil2] rundll32.exe ftutil2.dll,SetWriteCacheMode

O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [AlwaysReady Power Message APP] ARPWRMSG.EXE

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [DMAScheduler] "c:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe"

O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE

O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE

O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run

O4 - HKLM\..\Run: [_SetRes] c:\hp\bin\cloaker c:\hp\bin\res.bat

O4 - HKLM\..\Run: [PMLreset] c:\hp\bin\cloaker.exe cmd /c c:\hp\drivers\pmlreset.bat

O4 - HKLM\..\Run: [HPSUreset] c:\hp\bin\cloaker.exe cmd /c c:\hp\drivers\hpsu\HPSULastRunReset.bat

O4 - HKLM\..\Run: [RBreset] c:\hp\bin\cloaker.exe cmd /c c:\hp\drivers\hpsu\RBLastRunReset.bat

O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe"

O4 - HKLM\..\Run: [regcmdcons] c:\hp\bin\cloaker.exe c:\hp\bin\cmdcons.cmd

O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe

O4 - HKLM\..\Run: [D-Link AirPlus G] C:\Program Files\D-Link\AirPlus G\AirGCFG.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE

O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE

O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"

O4 - HKLM\..\Run: [LVCOMSX] "C:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exe"

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [searchSettings] C:\Program Files\Search Settings\SearchSettings.exe

O4 - HKLM\..\Run: [evfdhsgs] C:\WINDOWS\system32\evfdhsgs.exe

O4 - HKLM\..\Run: [iSTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"

O4 - HKLM\..\Run: [hwcwonum] C:\WINDOWS\system32\hwcwonum.exe

O4 - HKLM\..\Run: [PostSetupCheck] C:\WINDOWS\System32\Rundll32.exe "C:\WINDOWS\system32\cpmsky.dll" DllStart

O4 - HKLM\..\Run: [PrevxCSI] "C:\Program Files\PrevxCSI\prevxcsi.exe" /bootupreg

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKLM\..\Policies\Explorer\Run: [ENmanKFGP0] C:\WINDOWS\ylozqzox.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')

O4 - S-1-5-18 Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'SYSTEM')

O4 - S-1-5-18 Startup: PinMcLnk.lnk = C:\hp\bin\cloaker.exe (User 'SYSTEM')

O4 - .DEFAULT Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')

O4 - .DEFAULT Startup: PinMcLnk.lnk = C:\hp\bin\cloaker.exe (User 'Default user')

O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')

O4 - .DEFAULT User Startup: PinMcLnk.lnk = C:\hp\bin\cloaker.exe (User 'Default user')

O4 - Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE

O4 - Startup: PinMcLnk.lnk = C:\hp\bin\cloaker.exe

O4 - Global Startup: Adobe Reader Snelle start.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe

O4 - Global Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Verbindingshelp - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm

O9 - Extra 'Tools' menuitem: Verbindingshelp - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab

O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab

O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-US/a-UNO1/GAME_UNO1.cab

O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab

O16 - DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} (GoPetsWeb Control) - https://secure.gopetslive.com/dev/GoPetsWeb.cab

O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll

O21 - SSODL: BootMon - {9b226db0-4a0a-41c4-95fc-3b3947d4cac4} - C:\WINDOWS\Installer\{9b226db0-4a0a-41c4-95fc-3b3947d4cac4}\BootMon.dll (file missing)

O21 - SSODL: CDCheck - {f4b304b5-2573-4845-a1ed-9fba3809db2e} - C:\WINDOWS\Installer\{f4b304b5-2573-4845-a1ed-9fba3809db2e}\CDCheck.dll (file missing)

O21 - SSODL: SysAlrt - {1e68d4bb-362f-41c1-9b88-88583c6985d6} - C:\WINDOWS\Installer\{1e68d4bb-362f-41c1-9b88-88583c6985d6}\SysAlrt.dll (file missing)

O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe

O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Capture Device Service - InterVideo Inc. - C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe

O23 - Service: CSIScanner - Prevx - C:\Program Files\PrevxCSI\\PrevxCSI.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

O23 - Service: PC Tools Auxiliary Service (sdAuxService) - Unknown owner - C:\Program Files\Spyware Doctor\pctsAuxs.exe (file missing)

O23 - Service: PC Tools Security Service (sdCoreService) - Unknown owner - C:\Program Files\Spyware Doctor\pctsSvc.exe (file missing)

--

End of file - 14792 bytes

Geplaatst:

Download Combofix en zet het op je Bureaublad.

Start Hijackthis op en kies voor 'Do a system scan only'. Selecteer alleen de items hieronder genoemd:

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R3 - URLSearchHook: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb126\SearchSettings.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: GNX Bingo - {837A022B-C2C0-4EE3-B2AC-6B896C38B030} - C:\WINDOWS\drnpfdxlwn.dll (file missing)

O2 - BHO: cpmsky.biz browser optimizer - {BCA95E31-1FBF-4F84-8F23-1BA653007A1E} - C:\WINDOWS\system32\cpmsky.dll

O2 - BHO: System - {D1C8F9CE-563E-11D8-813C-005022E14DE2} - (no file)

O2 - BHO: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb126\SearchSettings.dll

O4 - HKLM\..\Run: [searchSettings] C:\Program Files\Search Settings\SearchSettings.exe

O4 - HKLM\..\Run: [evfdhsgs] C:\WINDOWS\system32\evfdhsgs.exe

O4 - HKLM\..\Run: [hwcwonum] C:\WINDOWS\system32\hwcwonum.exe

O4 - HKLM\..\Run: [PostSetupCheck] C:\WINDOWS\System32\Rundll32.exe "C:\WINDOWS\system32\cpmsky.dll" DllStart

O4 - HKLM\..\Policies\Explorer\Run: [ENmanKFGP0] C:\WINDOWS\ylozqzox.exe

Klik op 'Fix checked' om de items te verwijderen.

Verwijder volgende vetgedrukte mappen of bestanden via Windows Verkenner.

C:\Program Files\Search Settings

C:\WINDOWS\system32\hwcwonum.exe

Dubbelklik op Combofix.exe en volg de instructies, aanvaard de disclaimer door y te typen. Tijdens het runnen van de fix, NIET in het venster klikken, want dit zal je pc doen vasthangen.

Wanneer de fix voltooid is en na herstart, zal de log combofix.txt openen.

NOTA: Indien je virusscanner reageert met een melding van een scriptuitvoering, moet je dit toestaan.

Hang het log van Combofix en een nieuw log van HJT aan je volgend bericht.

Geplaatst:

log van combofix:

ComboFix 08-03-22.3 - FBI Protected 2008-03-23 10:51:07.1 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1043.18.549 [GMT 1:00]

Gestart vanuit: C:\Documents and Settings\FBI Protected\Bureaublad\ComboFix.exe

* Nieuw herstelpunt werd aangemaakt

.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\WINDOWS\Fonts\acrsecB.fon

C:\WINDOWS\Fonts\acrsecI.fon

D:\Autorun.inf

.

(((((((((((((((((((( Bestanden Gemaakt van 2008-02-23 to 2008-03-23 ))))))))))))))))))))))))))))))

.

2008-03-22 23:07 . 2008-03-22 23:07 <DIR> d-------- C:\Program Files\LimeWire

2008-03-22 20:28 . 2008-03-22 20:28 <DIR> d-------- C:\Documents and Settings\HP_Administrator\Mijn documenten

2008-03-22 19:22 . 2008-03-22 19:22 1,158 --a------ C:\WINDOWS\mozver.dat

2008-03-22 18:05 . 2008-03-22 18:05 <DIR> d-------- C:\Documents and Settings\FBI Protected\Application Data\Talkback

2008-03-22 17:26 . 2008-03-22 17:26 <DIR> d-------- C:\Documents and Settings\FBI Protected\Application Data\Lavasoft

2008-03-22 16:29 . 2008-03-22 17:26 <DIR> d-------- C:\Program Files\Lavasoft

2008-03-22 16:29 . 2008-03-22 16:30 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft

2008-03-22 16:28 . 2008-03-22 16:28 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard

2008-03-22 14:54 . 2008-03-22 14:54 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\AVG7

2008-03-22 14:54 . 2008-03-22 14:57 <DIR> d-------- C:\Documents and Settings\FBI Protected\Application Data\AVG7

2008-03-22 14:54 . 2008-03-22 14:54 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft

2008-03-22 14:54 . 2008-03-22 14:57 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg7

2008-03-22 14:35 . 2008-03-22 14:35 <DIR> d-------- C:\Program Files\NT Registry Optimizer

2008-03-22 01:23 . 2008-03-23 01:56 <DIR> dr-h----- C:\Documents and Settings\FBI Protected\Onlangs geopend

2008-03-22 00:47 . 2008-03-21 18:16 258,048 --a------ C:\WINDOWS\altvxvm.dll

2008-03-22 00:24 . 2008-03-22 00:24 <DIR> d-------- C:\Documents and Settings\FBI Protected\Application Data\Symantec

2008-03-21 22:00 . 2008-03-21 22:01 <DIR> d-------- C:\Documents and Settings\FBI Protected\Application Data\PC-Cleaner

2008-03-21 19:37 . 2008-03-21 19:40 <DIR> d-------- C:\Documents and Settings\FBI Protected\Application Data\Ulead Systems

2008-03-21 19:28 . 2008-03-21 19:28 40,713 --a------ C:\WINDOWS\system32\cpmsky-uninst.exe

2008-03-21 19:24 . 2008-03-21 22:39 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\part dead amok eggs

2008-03-21 19:16 . 2008-03-21 19:16 <DIR> d-------- C:\Program Files\Common Files\InterVideo

2008-03-21 19:15 . 2008-03-21 19:15 <DIR> d-------- C:\Program Files\Windows Media Components

2008-03-21 19:14 . 2008-03-21 20:40 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Ulead Systems

2008-03-18 13:39 . 2008-03-18 13:39 <DIR> d-------- C:\Documents and Settings\jan\Application Data\Apple Computer

2008-03-18 13:35 . 2004-08-03 23:07 59,264 --a------ C:\WINDOWS\system32\drivers\USBAUDIO.sys

2008-03-18 13:35 . 2004-08-03 23:07 59,264 --a------ C:\WINDOWS\system32\dllcache\usbaudio.sys

2008-03-18 13:33 . 2008-03-18 13:33 <DIR> d-------- C:\Documents and Settings\jan\Application Data\Logitech

2008-03-17 20:40 . 2008-03-17 20:40 <DIR> d-------- C:\Documents and Settings\FBI Protected\Application Data\Printer Info Cache

2008-03-17 20:40 . 2008-03-17 20:40 <DIR> d-------- C:\Documents and Settings\FBI Protected\Application Data\Image Zone Express

2008-03-10 20:06 . 2008-03-10 20:06 <DIR> d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2

2008-03-10 19:46 . 2008-03-18 22:57 <DIR> d-------- C:\Documents and Settings\FBI Protected\Application Data\U3

2008-03-10 16:12 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll

2008-03-10 16:12 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll

2008-03-10 16:12 . 2007-07-30 19:18 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui

2008-03-09 20:10 . 2008-03-09 20:23 <DIR> d-------- C:\Program Files\Free FLV Converter

2008-03-09 19:59 . 2008-03-09 19:59 <DIR> d-------- C:\Documents and Settings\FBI Protected\Application Data\Moyea

2008-03-09 17:34 . 2008-03-09 17:34 <DIR> d-------- C:\Program Files\Real

2008-03-09 17:34 . 2008-03-09 17:34 <DIR> d-------- C:\Program Files\Common Files\xing shared

2008-03-09 14:09 . 2008-03-09 14:10 <DIR> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller

2008-03-09 14:09 . 2008-03-09 14:09 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller

2008-03-07 22:03 . 2008-03-07 22:03 <DIR> d-------- C:\Documents and Settings\FBI Protected\Application Data\HPQ

2008-03-07 17:36 . 2008-03-07 17:36 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\LogiShrd

2008-03-07 17:32 . 2008-03-07 17:32 0 --ah----- C:\WINDOWS\system32\drivers\Msft_Kernel_LHidFilt_01005.Wdf

2008-03-07 17:31 . 2008-03-07 17:31 <DIR> d-------- C:\Documents and Settings\FBI Protected\Application Data\InstallShield

2008-03-07 17:31 . 2008-01-09 12:26 301,656 --a------ C:\WINDOWS\system32\BtCoreIf.dll

2008-03-07 17:28 . 2008-03-07 17:28 <DIR> d-------- C:\Documents and Settings\FBI Protected\Application Data\Logitech

2008-03-07 17:26 . 2008-03-07 17:31 <DIR> d-------- C:\Program Files\Common Files\LogiShrd

2008-03-07 17:26 . 2008-03-07 17:25 127,034 -r------- C:\WINDOWS\bwUnin-8.1.1.50-8876480SL.exe

2008-03-07 17:25 . 2008-03-07 17:25 0 --ah----- C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf

2008-03-07 17:25 . 2008-03-07 17:25 0 --ah----- C:\WINDOWS\system32\drivers\Msft_Kernel_LMouFilt_01005.Wdf

2008-03-07 17:23 . 2008-03-07 17:25 <DIR> d-------- C:\Program Files\Logitech

2008-03-07 17:23 . 2008-03-07 17:31 <DIR> d-------- C:\Program Files\Common Files\Logitech

2008-03-07 17:23 . 2008-03-07 17:23 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Logitech

2008-03-07 17:12 . 2004-08-04 01:03 21,504 --a------ C:\WINDOWS\system32\hidserv.dll

2008-03-07 17:12 . 2004-08-04 01:03 21,504 --a------ C:\WINDOWS\system32\dllcache\hidserv.dll

2008-03-07 17:12 . 2004-08-04 00:57 14,848 --a------ C:\WINDOWS\system32\drivers\kbdhid.sys

2008-03-07 17:12 . 2004-08-04 00:57 14,848 --a------ C:\WINDOWS\system32\dllcache\kbdhid.sys

2008-03-07 17:12 . 2001-09-06 19:04 12,288 --a------ C:\WINDOWS\system32\drivers\mouhid.sys

2008-03-07 17:12 . 2001-09-06 19:04 12,288 --a------ C:\WINDOWS\system32\dllcache\mouhid.sys

2008-03-07 17:11 . 2001-08-17 22:02 9,600 --a------ C:\WINDOWS\system32\drivers\hidusb.sys

2008-03-07 17:11 . 2001-08-17 22:02 9,600 --a------ C:\WINDOWS\system32\dllcache\hidusb.sys

2008-03-07 14:58 . 2008-03-07 14:58 60,416 --a------ C:\WINDOWS\system32\cpmsky.dll

2008-03-05 21:24 . 2008-03-05 21:24 <DIR> d-------- C:\Documents and Settings\FBI Protected\Application Data\AdobeUM

2008-02-24 23:44 . 2008-03-22 23:07 <DIR> d-------- C:\Documents and Settings\FBI Protected\Application Data\LimeWire

2008-02-24 23:32 . 2008-02-24 23:32 <DIR> d-------- C:\Program Files\Microsoft Silverlight

2008-02-24 23:01 . 2008-02-24 23:01 268 --ah----- C:\sqmdata00.sqm

2008-02-24 23:01 . 2008-02-24 23:01 244 --ah----- C:\sqmnoopt01.sqm

2008-02-24 23:01 . 2008-02-24 23:01 244 --ah----- C:\sqmnoopt00.sqm

2008-02-24 23:01 . 2008-02-24 23:01 232 --ah----- C:\sqmdata01.sqm

2008-02-24 16:23 . 2008-03-22 12:58 <DIR> d-------- C:\Documents and Settings\FBI Protected\Contacts

2008-02-24 15:48 . 2008-02-24 15:48 664 --a------ C:\WINDOWS\system32\d3d9caps.dat

2008-02-24 14:24 . 2008-02-24 14:24 <DIR> d-------- C:\Program Files\iPod

2008-02-24 14:20 . 2008-03-07 22:08 <DIR> d-------- C:\Documents and Settings\FBI Protected\Application Data\Apple Computer

2008-02-24 14:10 . 2008-03-17 20:38 <DIR> d-------- C:\Documents and Settings\FBI Protected\Application Data\HP

2008-02-24 14:08 . 2006-09-15 01:37 <DIR> d-------- C:\Documents and Settings\FBI Protected\WINDOWS

2008-02-24 14:08 . 2006-01-30 19:49 <DIR> d--h----- C:\Documents and Settings\FBI Protected\Sjablonen

2008-02-24 14:08 . 2006-01-27 21:51 <DIR> d--h----- C:\Documents and Settings\FBI Protected\Netwerkprinteromgeving

2008-02-24 14:08 . 2008-03-23 01:54 <DIR> dr------- C:\Documents and Settings\FBI Protected\Mijn documenten

2008-02-24 14:08 . 2007-09-03 08:30 <DIR> dr------- C:\Documents and Settings\FBI Protected\Menu Start

2008-02-24 14:08 . 2008-03-21 22:39 <DIR> dr------- C:\Documents and Settings\FBI Protected\Favorieten

2008-02-24 14:08 . 2008-03-23 10:43 <DIR> d-------- C:\Documents and Settings\FBI Protected\Bureaublad

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-03-23 00:18 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater

2008-03-22 15:34 --------- d-----w C:\Program Files\Common Files\Symantec Shared

2008-03-22 15:34 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec

2008-03-22 15:31 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP

2008-03-22 15:11 --------- d-----w C:\Program Files\Google

2008-03-22 00:23 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy

2008-03-21 19:41 --------- d--h--w C:\Program Files\InstallShield Installation Information

2008-03-09 16:34 --------- d-----w C:\Program Files\Common Files\Real

2008-03-09 13:11 --------- d-----w C:\Program Files\MSN Messenger

2008-03-09 13:09 --------- d-----w C:\Program Files\Windows Live

2008-03-08 14:39 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys

2008-03-08 14:37 107,832 ----a-w C:\WINDOWS\system32\PnkBstrB.exe

2008-02-24 13:24 --------- d-----w C:\Program Files\iTunes

2008-02-19 16:55 --------- d-----w C:\Program Files\Common Files\InstallShield

2008-02-18 20:23 --------- d-----w C:\Program Files\QuickTime

2008-02-09 18:06 --------- d-----w C:\Program Files\Picasa2

2008-01-11 05:52 44,544 ----a-w C:\WINDOWS\system32\dllcache\pngfilt.dll

2008-01-09 11:28 76,304 ----a-w C:\WINDOWS\system32\KemXML.dll

2008-01-09 11:28 141,840 ----a-w C:\WINDOWS\system32\KemUtil.dll

2008-01-09 11:28 117,264 ----a-w C:\WINDOWS\system32\KemWnd.dll

2008-01-09 11:27 170,512 ----a-w C:\WINDOWS\system32\kemutb.dll

2006-02-19 08:28 12,288 ----a-w C:\WINDOWS\Fonts\RandFont.dll

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

REGEDIT4

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-09-02 12:00 15360]

"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe" [2005-09-03 14:18 94208]

"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-11-01 23:38 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-08-18 04:40 64512]

"ftutil2"="ftutil2.dll" [2004-06-07 14:05 106496 C:\WINDOWS\system32\ftutil2.dll]

"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 17:04 52736]

"RTHDCPL"="RTHDCPL.EXE" [2006-07-22 00:56 16261632 C:\WINDOWS\RTHDCPL.EXE]

"AlwaysReady Power Message APP"="ARPWRMSG.EXE" [2005-08-02 22:19 77312 C:\WINDOWS\arpwrmsg.exe]

"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-05-09 23:50 7311360]

"nwiz"="nwiz.exe" [2006-05-09 23:50 1519616 C:\WINDOWS\system32\nwiz.exe]

"DMAScheduler"="c:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe" [2006-04-13 08:05 90112]

"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2005-07-22 21:14 237568]

"KBD"="C:\HP\KBD\KBD.EXE" [2005-02-03 00:44 61440]

"PCDrProfiler"="" []

"HPBootOp"="C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2006-02-15 21:34 249856]

"_SetRes"="c:\hp\bin\cloaker c:\hp\bin\res.bat" [ ]

"PMLreset"="c:\hp\bin\cloaker.exe" [1999-11-07 08:11 27136]

"HPSUreset"="c:\hp\bin\cloaker.exe" [1999-11-07 08:11 27136]

"RBreset"="c:\hp\bin\cloaker.exe" [1999-11-07 08:11 27136]

"Reminder"="C:\Windows\Creator\Remind_XP.exe" [2004-12-14 01:23 663552]

"regcmdcons"="c:\hp\bin\cloaker.exe" [1999-11-07 08:11 27136]

"ANIWZCS2Service"="C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe" [2005-10-19 18:19 49152]

"NWEReboot"="" []

"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50 155648]

"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2006-12-10 20:52 49152]

"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe" [2005-11-10 19:03 36975]

"D-Link AirPlus G"="C:\Program Files\D-Link\AirPlus G\AirGCFG.exe" [2005-11-23 15:04 1544192]

"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-01-31 23:13 385024]

"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-02-19 13:10 267048]

"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-11-29 02:17 55824 C:\WINDOWS\KHALMNPR.Exe]

"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-11-29 02:17 55824 C:\WINDOWS\KHALMNPR.Exe]

"LogitechCommunicationsManager"="C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-01-12 03:09 488984]

"LVCOMSX"="C:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exe" [2007-01-12 03:12 244512]

"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-03-09 17:34 185896]

"ISTray"="C:\Program Files\Spyware Doctor\pctsTray.exe" [ ]

C:\Documents and Settings\jan\Menu Start\Programma's\Opstarten\

Pin.lnk - C:\hp\bin\CLOAKER.EXE [2006-09-15 00:59:34 27136]

PinMcLnk.lnk - C:\hp\bin\cloaker.exe [2006-09-15 00:59:34 27136]

C:\Documents and Settings\FBI Protected\Menu Start\Programma's\Opstarten\

Pin.lnk - C:\hp\bin\CLOAKER.EXE [2006-09-15 00:59:34 27136]

PinMcLnk.lnk - C:\hp\bin\cloaker.exe [2006-09-15 00:59:34 27136]

C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\

Adobe Reader Snelle start.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 21:05:26 29696]

Google Updater.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2007-11-01 23:38:20 126136]

HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2007-01-02 20:40:10 210520]

Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2008-03-07 17:26:03 67128]

Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2008-03-07 17:24:02 789008]

Microsoft Office OneNote 2003 Quick Launch.lnk - C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE [2003-08-06 12:23:32 51776]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles

"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]

"BootMon"= {9b226db0-4a0a-41c4-95fc-3b3947d4cac4} - C:\WINDOWS\Installer\{9b226db0-4a0a-41c4-95fc-3b3947d4cac4}\BootMon.dll [ ]

"CDCheck"= {f4b304b5-2573-4845-a1ed-9fba3809db2e} - C:\WINDOWS\Installer\{f4b304b5-2573-4845-a1ed-9fba3809db2e}\CDCheck.dll [ ]

"SysAlrt"= {1e68d4bb-362f-41c1-9b88-88583c6985d6} - C:\WINDOWS\Installer\{1e68d4bb-362f-41c1-9b88-88583c6985d6}\SysAlrt.dll [ ]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]

c:\program files\common files\logitech\bluetooth\LBTWlgn.dll 2008-01-09 12:30 72208 c:\Program Files\Common Files\Logitech\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"C:\\Program Files\\LimeWire\\LimeWire.exe"=

"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=

"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

"C:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

S3 ovt530;TM507A USB Camera;C:\WINDOWS\system32\Drivers\ov530vid.sys [2005-03-15 17:04]

S3 SymIM;Symantec Network Security Intermediate Filter Service;C:\WINDOWS\system32\DRIVERS\SymIM.sys []

S3 SymIMMP;SymIMMP;C:\WINDOWS\system32\DRIVERS\SymIM.sys []

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\K]

\Shell\AutoRun\command - K:\LaunchU3.exe -a

.

Inhoud van de 'Gedeelde Taken' map

"2008-03-21 20:28:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"

- C:\Program Files\Apple Software Update\SoftwareUpdate.exe

"2008-03-22 15:52:00 C:\WINDOWS\Tasks\WebReg Deskjet F2100 series.job"

- C:\Program Files\HP\Digital Imaging\bin\hpqwrg.exe

.

**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-03-23 10:52:46

Windows 5.1.2600 Service Pack 2 NTFS

scannen van verborgen processen ...

scannen van verborgen autostart items ...

scannen van verborgen bestanden ...

Scan succesvol afgerond

verborgen bestanden: 0

**************************************************************************

.

Voltooingstijd: 2008-03-23 10:53:13

ComboFix-quarantined-files.txt 2008-03-23 09:53:05

.

2008-03-17 22:59:21 --- E O F ---

Geplaatst:

log van HiJackThis:

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 10:56:17, on 23/03/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16608)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\WINDOWS\arservice.exe

C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe

C:\WINDOWS\eHome\ehRecvr.exe

C:\WINDOWS\eHome\ehSched.exe

C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Common Files\LightScribe\LSSrvc.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\PnkBstrA.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\dllhost.exe

C:\WINDOWS\ehome\ehtray.exe

C:\windows\system\hpsysdrv.exe

C:\WINDOWS\RTHDCPL.EXE

C:\WINDOWS\ARPWRMSG.EXE

C:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe

C:\HP\KBD\KBD.EXE

C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe

C:\WINDOWS\eHome\ehmsas.exe

C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe

C:\Program Files\D-Link\AirPlus G\AirGCFG.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe

C:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe

C:\Program Files\Google\Google Updater\GoogleUpdater.exe

C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

C:\Program Files\Logitech\SetPoint\SetPoint.exe

C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE

C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe

C:\Program Files\Java\jre1.5.0_06\bin\jucheck.exe

C:\WINDOWS\system32\msiexec.exe

C:\WINDOWS\explorer.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Yahoo! Zoeken - zoeken op het web

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = Customize Your Settings

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll

O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe

O4 - HKLM\..\Run: [ftutil2] rundll32.exe ftutil2.dll,SetWriteCacheMode

O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [AlwaysReady Power Message APP] ARPWRMSG.EXE

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [DMAScheduler] "c:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe"

O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE

O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE

O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run

O4 - HKLM\..\Run: [_SetRes] c:\hp\bin\cloaker c:\hp\bin\res.bat

O4 - HKLM\..\Run: [PMLreset] c:\hp\bin\cloaker.exe cmd /c c:\hp\drivers\pmlreset.bat

O4 - HKLM\..\Run: [HPSUreset] c:\hp\bin\cloaker.exe cmd /c c:\hp\drivers\hpsu\HPSULastRunReset.bat

O4 - HKLM\..\Run: [RBreset] c:\hp\bin\cloaker.exe cmd /c c:\hp\drivers\hpsu\RBLastRunReset.bat

O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe"

O4 - HKLM\..\Run: [regcmdcons] c:\hp\bin\cloaker.exe c:\hp\bin\cmdcons.cmd

O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe

O4 - HKLM\..\Run: [D-Link AirPlus G] C:\Program Files\D-Link\AirPlus G\AirGCFG.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE

O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE

O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"

O4 - HKLM\..\Run: [LVCOMSX] "C:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exe"

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [iSTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')

O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')

O4 - .DEFAULT User Startup: PinMcLnk.lnk = C:\hp\bin\cloaker.exe (User 'Default user')

O4 - Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE

O4 - Startup: PinMcLnk.lnk = C:\hp\bin\cloaker.exe

O4 - Global Startup: Adobe Reader Snelle start.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe

O4 - Global Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Verbindingshelp - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm

O9 - Extra 'Tools' menuitem: Verbindingshelp - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab

O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab

O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-US/a-UNO1/GAME_UNO1.cab

O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab

O16 - DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} (GoPetsWeb Control) - https://secure.gopetslive.com/dev/GoPetsWeb.cab

O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll

O21 - SSODL: BootMon - {9b226db0-4a0a-41c4-95fc-3b3947d4cac4} - C:\WINDOWS\Installer\{9b226db0-4a0a-41c4-95fc-3b3947d4cac4}\BootMon.dll (file missing)

O21 - SSODL: CDCheck - {f4b304b5-2573-4845-a1ed-9fba3809db2e} - C:\WINDOWS\Installer\{f4b304b5-2573-4845-a1ed-9fba3809db2e}\CDCheck.dll (file missing)

O21 - SSODL: SysAlrt - {1e68d4bb-362f-41c1-9b88-88583c6985d6} - C:\WINDOWS\Installer\{1e68d4bb-362f-41c1-9b88-88583c6985d6}\SysAlrt.dll (file missing)

O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe

O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Capture Device Service - InterVideo Inc. - C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

O23 - Service: PC Tools Auxiliary Service (sdAuxService) - Unknown owner - C:\Program Files\Spyware Doctor\pctsAuxs.exe (file missing)

O23 - Service: PC Tools Security Service (sdCoreService) - Unknown owner - C:\Program Files\Spyware Doctor\pctsSvc.exe (file missing)

--

End of file - 12236 bytes

Geplaatst:

Open een kladblokbestand.

Kopieer en plak daarin de onderstaande vetgedrukte tekst.

File::

C:\WINDOWS\altvxvm.dll

C:\WINDOWS\system32\cpmsky.dll

C:\sqmdata00.sqm

C:\sqmnoopt01.sqm

C:\sqmnoopt00.sqm

C:\sqmdata01.sqm

C:\WINDOWS\Fonts\RandFont.dll

Sla dit bestand op je bureaublad op als CFScript.txt.

Sleep CFScript.txt in ComboFix.exe

Dit zal ComboFix doen herstarten. Start opnieuw op als dat gevraagd wordt.

Post na herstart de inhoud van de Combofix.txt in je volgende antwoord. En laat ook eens weten hoe het met de pop-ups momenteel gesteld is ?

Geplaatst:

ComboFix 08-03-22.3 - FBI Protected 2008-03-23 11:38:22.2 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1043.18.500 [GMT 1:00]

Gestart vanuit: C:\Documents and Settings\FBI Protected\Bureaublad\ComboFix.exe

Command switches used :: C:\Documents and Settings\FBI Protected\Bureaublad\CFScript.txt

* Nieuw herstelpunt werd aangemaakt

FILE ::

C:\sqmdata00.sqm

C:\sqmdata01.sqm

C:\sqmnoopt00.sqm

C:\sqmnoopt01.sqm

C:\WINDOWS\altvxvm.dll

C:\WINDOWS\Fonts\RandFont.dll

C:\WINDOWS\system32\cpmsky.dll

.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\sqmdata00.sqm

C:\sqmdata01.sqm

C:\sqmnoopt00.sqm

C:\sqmnoopt01.sqm

C:\WINDOWS\altvxvm.dll

C:\WINDOWS\Fonts\RandFont.dll

C:\WINDOWS\system32\cpmsky.dll

.

(((((((((((((((((((( Bestanden Gemaakt van 2008-02-23 to 2008-03-23 ))))))))))))))))))))))))))))))

.

2008-03-22 23:07 . 2008-03-22 23:07 <DIR> d-------- C:\Program Files\LimeWire

2008-03-22 20:28 . 2008-03-22 20:28 <DIR> d-------- C:\Documents and Settings\HP_Administrator\Mijn documenten

2008-03-22 19:22 . 2008-03-22 19:22 1,158 --a------ C:\WINDOWS\mozver.dat

2008-03-22 18:05 . 2008-03-22 18:05 <DIR> d-------- C:\Documents and Settings\FBI Protected\Application Data\Talkback

2008-03-22 17:26 . 2008-03-22 17:26 <DIR> d-------- C:\Documents and Settings\FBI Protected\Application Data\Lavasoft

2008-03-22 16:29 . 2008-03-22 17:26 <DIR> d-------- C:\Program Files\Lavasoft

2008-03-22 16:29 . 2008-03-22 16:30 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft

2008-03-22 16:28 . 2008-03-22 16:28 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard

2008-03-22 14:54 . 2008-03-22 14:54 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\AVG7

2008-03-22 14:54 . 2008-03-22 14:57 <DIR> d-------- C:\Documents and Settings\FBI Protected\Application Data\AVG7

2008-03-22 14:54 . 2008-03-22 14:54 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft

2008-03-22 14:54 . 2008-03-22 14:57 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg7

2008-03-22 14:35 . 2008-03-22 14:35 <DIR> d-------- C:\Program Files\NT Registry Optimizer

2008-03-22 01:23 . 2008-03-23 11:37 <DIR> dr-h----- C:\Documents and Settings\FBI Protected\Onlangs geopend

2008-03-22 00:24 . 2008-03-22 00:24 <DIR> d-------- C:\Documents and Settings\FBI Protected\Application Data\Symantec

2008-03-21 22:00 . 2008-03-21 22:01 <DIR> d-------- C:\Documents and Settings\FBI Protected\Application Data\PC-Cleaner

2008-03-21 19:37 . 2008-03-21 19:40 <DIR> d-------- C:\Documents and Settings\FBI Protected\Application Data\Ulead Systems

2008-03-21 19:28 . 2008-03-21 19:28 40,713 --a------ C:\WINDOWS\system32\cpmsky-uninst.exe

2008-03-21 19:24 . 2008-03-21 22:39 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\part dead amok eggs

2008-03-21 19:16 . 2008-03-21 19:16 <DIR> d-------- C:\Program Files\Common Files\InterVideo

2008-03-21 19:15 . 2008-03-21 19:15 <DIR> d-------- C:\Program Files\Windows Media Components

2008-03-21 19:14 . 2008-03-21 20:40 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Ulead Systems

2008-03-18 13:39 . 2008-03-18 13:39 <DIR> d-------- C:\Documents and Settings\jan\Application Data\Apple Computer

2008-03-18 13:35 . 2004-08-03 23:07 59,264 --a------ C:\WINDOWS\system32\drivers\USBAUDIO.sys

2008-03-18 13:35 . 2004-08-03 23:07 59,264 --a------ C:\WINDOWS\system32\dllcache\usbaudio.sys

2008-03-18 13:33 . 2008-03-18 13:33 <DIR> d-------- C:\Documents and Settings\jan\Application Data\Logitech

2008-03-17 20:40 . 2008-03-17 20:40 <DIR> d-------- C:\Documents and Settings\FBI Protected\Application Data\Printer Info Cache

2008-03-17 20:40 . 2008-03-17 20:40 <DIR> d-------- C:\Documents and Settings\FBI Protected\Application Data\Image Zone Express

2008-03-10 20:06 . 2008-03-10 20:06 <DIR> d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2

2008-03-10 19:46 . 2008-03-18 22:57 <DIR> d-------- C:\Documents and Settings\FBI Protected\Application Data\U3

2008-03-10 16:12 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll

2008-03-10 16:12 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll

2008-03-10 16:12 . 2007-07-30 19:18 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui

2008-03-09 20:10 . 2008-03-09 20:23 <DIR> d-------- C:\Program Files\Free FLV Converter

2008-03-09 19:59 . 2008-03-09 19:59 <DIR> d-------- C:\Documents and Settings\FBI Protected\Application Data\Moyea

2008-03-09 17:34 . 2008-03-09 17:34 <DIR> d-------- C:\Program Files\Real

2008-03-09 17:34 . 2008-03-09 17:34 <DIR> d-------- C:\Program Files\Common Files\xing shared

2008-03-09 14:09 . 2008-03-09 14:10 <DIR> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller

2008-03-09 14:09 . 2008-03-09 14:09 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller

2008-03-07 22:03 . 2008-03-07 22:03 <DIR> d-------- C:\Documents and Settings\FBI Protected\Application Data\HPQ

2008-03-07 17:36 . 2008-03-07 17:36 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\LogiShrd

2008-03-07 17:32 . 2008-03-07 17:32 0 --ah----- C:\WINDOWS\system32\drivers\Msft_Kernel_LHidFilt_01005.Wdf

2008-03-07 17:31 . 2008-03-07 17:31 <DIR> d-------- C:\Documents and Settings\FBI Protected\Application Data\InstallShield

2008-03-07 17:31 . 2008-01-09 12:26 301,656 --a------ C:\WINDOWS\system32\BtCoreIf.dll

2008-03-07 17:28 . 2008-03-07 17:28 <DIR> d-------- C:\Documents and Settings\FBI Protected\Application Data\Logitech

2008-03-07 17:26 . 2008-03-07 17:31 <DIR> d-------- C:\Program Files\Common Files\LogiShrd

2008-03-07 17:26 . 2008-03-07 17:25 127,034 -r------- C:\WINDOWS\bwUnin-8.1.1.50-8876480SL.exe

2008-03-07 17:25 . 2008-03-07 17:25 0 --ah----- C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf

2008-03-07 17:25 . 2008-03-07 17:25 0 --ah----- C:\WINDOWS\system32\drivers\Msft_Kernel_LMouFilt_01005.Wdf

2008-03-07 17:23 . 2008-03-07 17:25 <DIR> d-------- C:\Program Files\Logitech

2008-03-07 17:23 . 2008-03-07 17:31 <DIR> d-------- C:\Program Files\Common Files\Logitech

2008-03-07 17:23 . 2008-03-07 17:23 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Logitech

2008-03-07 17:12 . 2004-08-04 01:03 21,504 --a------ C:\WINDOWS\system32\hidserv.dll

2008-03-07 17:12 . 2004-08-04 01:03 21,504 --a------ C:\WINDOWS\system32\dllcache\hidserv.dll

2008-03-07 17:12 . 2004-08-04 00:57 14,848 --a------ C:\WINDOWS\system32\drivers\kbdhid.sys

2008-03-07 17:12 . 2004-08-04 00:57 14,848 --a------ C:\WINDOWS\system32\dllcache\kbdhid.sys

2008-03-07 17:12 . 2001-09-06 19:04 12,288 --a------ C:\WINDOWS\system32\drivers\mouhid.sys

2008-03-07 17:12 . 2001-09-06 19:04 12,288 --a------ C:\WINDOWS\system32\dllcache\mouhid.sys

2008-03-07 17:11 . 2001-08-17 22:02 9,600 --a------ C:\WINDOWS\system32\drivers\hidusb.sys

2008-03-07 17:11 . 2001-08-17 22:02 9,600 --a------ C:\WINDOWS\system32\dllcache\hidusb.sys

2008-03-05 21:24 . 2008-03-05 21:24 <DIR> d-------- C:\Documents and Settings\FBI Protected\Application Data\AdobeUM

2008-02-24 23:44 . 2008-03-22 23:07 <DIR> d-------- C:\Documents and Settings\FBI Protected\Application Data\LimeWire

2008-02-24 23:32 . 2008-02-24 23:32 <DIR> d-------- C:\Program Files\Microsoft Silverlight

2008-02-24 16:23 . 2008-03-23 11:07 <DIR> d-------- C:\Documents and Settings\FBI Protected\Contacts

2008-02-24 15:48 . 2008-02-24 15:48 664 --a------ C:\WINDOWS\system32\d3d9caps.dat

2008-02-24 14:24 . 2008-02-24 14:24 <DIR> d-------- C:\Program Files\iPod

2008-02-24 14:20 . 2008-03-07 22:08 <DIR> d-------- C:\Documents and Settings\FBI Protected\Application Data\Apple Computer

2008-02-24 14:10 . 2008-03-17 20:38 <DIR> d-------- C:\Documents and Settings\FBI Protected\Application Data\HP

2008-02-24 14:08 . 2006-09-15 01:37 <DIR> d-------- C:\Documents and Settings\FBI Protected\WINDOWS

2008-02-24 14:08 . 2006-01-30 19:49 <DIR> d--h----- C:\Documents and Settings\FBI Protected\Sjablonen

2008-02-24 14:08 . 2006-01-27 21:51 <DIR> d--h----- C:\Documents and Settings\FBI Protected\Netwerkprinteromgeving

2008-02-24 14:08 . 2008-03-23 01:54 <DIR> dr------- C:\Documents and Settings\FBI Protected\Mijn documenten

2008-02-24 14:08 . 2007-09-03 08:30 <DIR> dr------- C:\Documents and Settings\FBI Protected\Menu Start

2008-02-24 14:08 . 2008-03-21 22:39 <DIR> dr------- C:\Documents and Settings\FBI Protected\Favorieten

2008-02-24 14:08 . 2008-03-23 11:38 <DIR> d-------- C:\Documents and Settings\FBI Protected\Bureaublad

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-03-23 00:18 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater

2008-03-22 15:34 --------- d-----w C:\Program Files\Common Files\Symantec Shared

2008-03-22 15:34 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec

2008-03-22 15:31 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP

2008-03-22 15:11 --------- d-----w C:\Program Files\Google

2008-03-22 00:23 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy

2008-03-21 19:41 --------- d--h--w C:\Program Files\InstallShield Installation Information

2008-03-09 16:34 --------- d-----w C:\Program Files\Common Files\Real

2008-03-09 13:11 --------- d-----w C:\Program Files\MSN Messenger

2008-03-09 13:09 --------- d-----w C:\Program Files\Windows Live

2008-03-08 14:39 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys

2008-03-08 14:37 107,832 ----a-w C:\WINDOWS\system32\PnkBstrB.exe

2008-02-24 13:24 --------- d-----w C:\Program Files\iTunes

2008-02-19 16:55 --------- d-----w C:\Program Files\Common Files\InstallShield

2008-02-18 20:23 --------- d-----w C:\Program Files\QuickTime

2008-02-09 18:06 --------- d-----w C:\Program Files\Picasa2

2008-01-11 05:52 44,544 ----a-w C:\WINDOWS\system32\dllcache\pngfilt.dll

2008-01-09 11:28 76,304 ----a-w C:\WINDOWS\system32\KemXML.dll

2008-01-09 11:28 141,840 ----a-w C:\WINDOWS\system32\KemUtil.dll

2008-01-09 11:28 117,264 ----a-w C:\WINDOWS\system32\KemWnd.dll

2008-01-09 11:27 170,512 ----a-w C:\WINDOWS\system32\kemutb.dll

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

REGEDIT4

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-09-02 12:00 15360]

"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe" [2005-09-03 14:18 94208]

"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-11-01 23:38 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-08-18 04:40 64512]

"ftutil2"="ftutil2.dll" [2004-06-07 14:05 106496 C:\WINDOWS\system32\ftutil2.dll]

"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 17:04 52736]

"RTHDCPL"="RTHDCPL.EXE" [2006-07-22 00:56 16261632 C:\WINDOWS\RTHDCPL.EXE]

"AlwaysReady Power Message APP"="ARPWRMSG.EXE" [2005-08-02 22:19 77312 C:\WINDOWS\arpwrmsg.exe]

"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-05-09 23:50 7311360]

"nwiz"="nwiz.exe" [2006-05-09 23:50 1519616 C:\WINDOWS\system32\nwiz.exe]

"DMAScheduler"="c:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe" [2006-04-13 08:05 90112]

"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2005-07-22 21:14 237568]

"KBD"="C:\HP\KBD\KBD.EXE" [2005-02-03 00:44 61440]

"PCDrProfiler"="" []

"HPBootOp"="C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2006-02-15 21:34 249856]

"_SetRes"="c:\hp\bin\cloaker c:\hp\bin\res.bat" [ ]

"PMLreset"="c:\hp\bin\cloaker.exe" [1999-11-07 08:11 27136]

"HPSUreset"="c:\hp\bin\cloaker.exe" [1999-11-07 08:11 27136]

"RBreset"="c:\hp\bin\cloaker.exe" [1999-11-07 08:11 27136]

"Reminder"="C:\Windows\Creator\Remind_XP.exe" [2004-12-14 01:23 663552]

"regcmdcons"="c:\hp\bin\cloaker.exe" [1999-11-07 08:11 27136]

"ANIWZCS2Service"="C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe" [2005-10-19 18:19 49152]

"NWEReboot"="" []

"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50 155648]

"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2006-12-10 20:52 49152]

"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe" [2005-11-10 19:03 36975]

"D-Link AirPlus G"="C:\Program Files\D-Link\AirPlus G\AirGCFG.exe" [2005-11-23 15:04 1544192]

"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-01-31 23:13 385024]

"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-02-19 13:10 267048]

"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-11-29 02:17 55824 C:\WINDOWS\KHALMNPR.Exe]

"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-11-29 02:17 55824 C:\WINDOWS\KHALMNPR.Exe]

"LogitechCommunicationsManager"="C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-01-12 03:09 488984]

"LVCOMSX"="C:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exe" [2007-01-12 03:12 244512]

"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-03-09 17:34 185896]

"ISTray"="C:\Program Files\Spyware Doctor\pctsTray.exe" [ ]

C:\Documents and Settings\jan\Menu Start\Programma's\Opstarten\

Pin.lnk - C:\hp\bin\CLOAKER.EXE [2006-09-15 00:59:34 27136]

PinMcLnk.lnk - C:\hp\bin\cloaker.exe [2006-09-15 00:59:34 27136]

C:\Documents and Settings\FBI Protected\Menu Start\Programma's\Opstarten\

Pin.lnk - C:\hp\bin\CLOAKER.EXE [2006-09-15 00:59:34 27136]

PinMcLnk.lnk - C:\hp\bin\cloaker.exe [2006-09-15 00:59:34 27136]

C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\

Adobe Reader Snelle start.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 21:05:26 29696]

Google Updater.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2007-11-01 23:38:20 126136]

HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2007-01-02 20:40:10 210520]

Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2008-03-07 17:26:03 67128]

Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2008-03-07 17:24:02 789008]

Microsoft Office OneNote 2003 Quick Launch.lnk - C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE [2003-08-06 12:23:32 51776]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles

"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]

"BootMon"= {9b226db0-4a0a-41c4-95fc-3b3947d4cac4} - C:\WINDOWS\Installer\{9b226db0-4a0a-41c4-95fc-3b3947d4cac4}\BootMon.dll [ ]

"CDCheck"= {f4b304b5-2573-4845-a1ed-9fba3809db2e} - C:\WINDOWS\Installer\{f4b304b5-2573-4845-a1ed-9fba3809db2e}\CDCheck.dll [ ]

"SysAlrt"= {1e68d4bb-362f-41c1-9b88-88583c6985d6} - C:\WINDOWS\Installer\{1e68d4bb-362f-41c1-9b88-88583c6985d6}\SysAlrt.dll [ ]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]

c:\program files\common files\logitech\bluetooth\LBTWlgn.dll 2008-01-09 12:30 72208 c:\Program Files\Common Files\Logitech\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"C:\\Program Files\\LimeWire\\LimeWire.exe"=

"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=

"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

"C:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

S3 ovt530;TM507A USB Camera;C:\WINDOWS\system32\Drivers\ov530vid.sys [2005-03-15 17:04]

S3 SymIM;Symantec Network Security Intermediate Filter Service;C:\WINDOWS\system32\DRIVERS\SymIM.sys []

S3 SymIMMP;SymIMMP;C:\WINDOWS\system32\DRIVERS\SymIM.sys []

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\K]

\Shell\AutoRun\command - K:\LaunchU3.exe -a

.

Inhoud van de 'Gedeelde Taken' map

"2008-03-21 20:28:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"

- C:\Program Files\Apple Software Update\SoftwareUpdate.exe

"2008-03-22 15:52:00 C:\WINDOWS\Tasks\WebReg Deskjet F2100 series.job"

- C:\Program Files\HP\Digital Imaging\bin\hpqwrg.exe

.

**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-03-23 11:39:17

Windows 5.1.2600 Service Pack 2 NTFS

scannen van verborgen processen ...

scannen van verborgen autostart items ...

scannen van verborgen bestanden ...

Scan succesvol afgerond

verborgen bestanden: 0

**************************************************************************

.

Voltooingstijd: 2008-03-23 11:39:44

ComboFix-quarantined-files.txt 2008-03-23 10:39:36

ComboFix2.txt 2008-03-23 09:53:14

.

2008-03-17 22:59:21 --- E O F ---

Tot nu toe, heb ik geen pop-ups meer gekregen :D

Geplaatst:

Perfect :laugh: Nu nog even de gebruikte programma’s verwijderen, even alles cleanen, de besmette herstelpunten verwijderen en je JAVA updaten (want die is verouderd) … en dan ben je er helemaal door.

Verwijder Combofix: Start -> Uitvoeren en typ: combofix /u

Combofix wordt verwijderd en een nieuw systeemherstelpunt wordt aangemaakt.

Download CCleaner.

Installeer het en start het op. Klik in de linkse kolom op “Opties”. Selecteer het tabblad ‘Geavanceerd’ en haal het vinkje weg voor “Verwijder alleen tijdelijke bestanden in de Windows systeemmap die ouder zijn dan 48 uur” en sluit hierna het programma.

Start CCleaner op en klik in de linkse kolom op “Cleaner”. Klik achtereenvolgens op ‘Analyseren’ en 'Opschonen'. Klik vervolgens in de linkse kolom op “Register” en klik op ‘Scannen voor fouten’. Als er fouten gevonden worden klik je op ”alle fouten herstellen” en ”OK”. Sluit hierna CCleaner terug af.

Je Java software is verouderd. Oudere versies hebben lekken die malware de kans geeft om zich te installeren op je systeem. Doe eerst deze stappen om Java te de-installeren en de nieuwere versie te installeren.

Download Java Runtime Environment (JRE) 6u5.

  • Scroll omlaag naar : "Java Runtime Environment (JRE) 6u5".
  • Klik op de "Download" knop aan de rechterkant.
  • In het uitklapmenu rechts naast Platform, selecteer “Windows”.
  • Vink aan: "I agree to the Java SE Runtime Environment 6 License Agreement", en klik op “Continue”.
  • De pagina zal herladen.
  • Klik op de jre-6u5-windows-i586-p.exe link ONDER Windows Offline Installation en bewaar het naar je Bureaublad.
  • Sluit alle programma's die eventueel open zijn, zeker je webbrowser.
  • Ga dan naar Start -> Configuratiescherm -> Software en verwijder alle oudere versies van Java uit de Softwarelijst.
  • Vink alles aan met Java Runtime Environment (JRE of J2SE) in de naam.
  • Klik dan op “Verwijderen” of op de “Wijzig/Verwijder” knop.
  • Herhaal dit tot alle oudere versies verdwenen zijn.
  • Na het verwijderen van alle oudere versies, herstart je pc.
  • Dubbelklik vervolgens op jre-6u5-windows-i586-p.exe op je Bureaublad om de nieuwste versie van Java te installeren.

Het is aangewezen om de bestaande herstelpunten te verwijderen (daar zitten besmette herstelpunten tussen die je eventueel zou kunnen terugzetten) door systeemherstel tijdelijk uit te schakelen.

- Ga naar Start/Alle programma's/Bureau-accessoires/Systeemwerkset/Systeemherstel.

- Klik in de linkerhelft van het venster op "Instellingen van systeemherstel".

- Zet een vinkje voor "Systeemherstel uitschakelen".

- Klik "Toepassen".

- Windows vraagt of je dat zeker weet.

- Klik "Ja".

- Klik "OK".

- Start de pc opnieuw op.

- Ga weer naar Start/Alle programma's/Bureau-accessoires/Systeemwerkset/Systeemherstel.

- Je krijgt de melding: "Systeemherstel is uitgeschakeld. Wilt u systeemherstel nu inschakelen?"

- Klik "Ja".

- Verwijder het vinkje voor "Systeemherstel uitschakelen".

- Klik "Toepassen".

- Klik "OK".

- Start de pc opnieuw op

- Er is nu een nieuw herstelpunt aangemaakt.

That's it !

Gast
Dit topic is nu gesloten voor nieuwe reacties.
×
×
  • Nieuwe aanmaken...

Belangrijke informatie

We hebben cookies geplaatst op je toestel om deze website voor jou beter te kunnen maken. Je kunt de cookie instellingen aanpassen, anders gaan we er van uit dat het goed is om verder te gaan.