Ga naar inhoud

Aanbevolen berichten

Geplaatst:

Hallo, ik heb eerst heel het forum afgezocht en het daarmee proberen te verhelpen, maar ik begrijp dat de procedure per pc/log verschillend is, dus bij deze toch mijn eigen topic. Ik heb last van veiligheidsagent/schijfbewaker/kuikenje (::::: Celldorado.com :::::) popups en een melding: Microsoft visual C++ detector. Ik kan nog wel internette, maar de pop ups zijn zeer irritant en soms loopt de boel vast.. Ik internet al jarennn zonder problemen dus dit is een taaie lijkt mij..

Ik heb een log gemaakt en hoop dat iemand me kan helpen!

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 19:48:34, on 14-4-2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\WINDOWS\eHome\ehRecvr.exe

C:\WINDOWS\eHome\ehSched.exe

C:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Sony\VAIO Event Service\VESMgr.exe

C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe

C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe

C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe

C:\Program Files\Apoint\Apoint.exe

C:\WINDOWS\ehome\ehtray.exe

C:\WINDOWS\system32\ICO.EXE

C:\Program Files\Sony\VAIO Camera Utility\VCUServe.exe

C:\Program Files\Sony\VAIO Power Management\SPMgr.exe

C:\Program Files\Sony\ISB Utility\ISBMgr.exe

C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe

C:\WINDOWS\system32\dllhost.exe

C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe

C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe

C:\WINDOWS\eHome\ehmsas.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Program Files\Apoint\Apntex.exe

C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\MSN Messenger\MsnMsgr.Exe

C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe

C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe

C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe

C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe

C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe

C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe

C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe

C:\Program Files\Winamp\winamp.exe

C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\MSN Messenger\usnsvc.exe

C:\WINDOWS\system32\rundll32.exe

C:\WINDOWS\system32\rundll32.exe

C:\Program Files\LimeWire\LimeWire.exe

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\WINDOWS\explorer.exe

C:\HTJ\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Club VAIO

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe

O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe

O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE

O4 - HKLM\..\Run: [VAIOCameraUtility] "C:\Program Files\Sony\VAIO Camera Utility\VCUServe.exe"

O4 - HKLM\..\Run: [sonyPowerCfg] "C:\Program Files\Sony\VAIO Power Management\SPMgr.exe"

O4 - HKLM\..\Run: [iSBMgr.exe] C:\Program Files\Sony\ISB Utility\ISBMgr.exe

O4 - HKLM\..\Run: [switcher.exe] C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe

O4 - HKLM\..\Run: [VAIO Update 2] "C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe" /Stationary

O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [LClock] C:\Program Files\LClock\LClock.exe

O4 - HKLM\..\Run: [EPSON Stylus DX3800 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE /F "C:\WINDOWS\TEMP\E_S83.tmp" /EF "HKLM"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"

O4 - HKLM\..\Run: [bM5796bdc3] Rundll32.exe "C:\WINDOWS\system32\uxxqgnrk.dll",s

O4 - HKLM\..\Run: [54a58e5f] rundll32.exe "C:\WINDOWS\system32\tpahgkfb.dll",b

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [ssAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe

O4 - HKCU\..\Run: [servUTrayIcon] C:\Program Files\RhinoSoft.com\Serv-U\ServUTray.exe

O4 - HKCU\..\Policies\Explorer\Run: [Windows Printing Driver] WinSpooler.exe

O4 - HKCU\..\Policies\Explorer\Run: [WinUpdating] WinUpdating.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: Bluetooth Manager.lnk = ?

O8 - Extra context menu item: Add RSS Support Site to VAIO Information FLOW - C:\Program Files\Sony\VAIO Information FLOW\aiesc.html

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file)

O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL

O14 - IERESET.INF: START_PAGE_URL=http://www.club-vaio.com/en/

O15 - Trusted Zone: *.sony-europe.com

O15 - Trusted Zone: *.sonystyle-europe.com

O15 - Trusted Zone: *.vaio-link.com

O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Adobe Active File Monitor V4 (AdobeActiveFileMonitor4.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe

O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe

O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe

O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe

O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe

O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe

O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe

O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe

O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe

O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe

O23 - Service: VAIO Entertainment File Import Service (VzFw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe

--

End of file - 9133 bytes

MvG, Tobias en vast bedankt voor de moeite!

Geplaatst:

@ Tobiasrapati

Download Combofix en zet het op je Bureaublad.

Start Hijackthis op en kies voor 'Do a system scan only'. Selecteer alleen de items hieronder genoemd:

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = *.local

O4 - HKLM\..\Run: [bM5796bdc3] Rundll32.exe "C:\WINDOWS\system32\uxxqgnrk.dll",s

O4 - HKLM\..\Run: [54a58e5f] rundll32.exe "C:\WINDOWS\system32\tpahgkfb.dll",b

O4 - HKCU\..\Policies\Explorer\Run: [Windows Printing Driver] WinSpooler.exe

O4 - HKCU\..\Policies\Explorer\Run: [WinUpdating] WinUpdating.exe

O4 - Global Startup: Bluetooth Manager.lnk = ?

O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file)

Klik op 'Fix checked' om de items te verwijderen.

Dubbelklik op Combofix.exe en volg de instructies, aanvaard de disclaimer door y te typen. Tijdens het runnen van de fix, NIET in het venster klikken, want dit zal je pc doen vasthangen.

Wanneer de fix voltooid is en na herstart, zal de log combofix.txt openen.

NOTA: Indien je virusscanner reageert met een melding van een scriptuitvoering, moet je dit toestaan.

Hang het log van Combofix en een nieuw log van HJT aan je volgende bericht.

Geplaatst:

Bedankt Kape!! Ik heb gedaan wat je zei... Onderstaand de logs waar je om vraagt!

MvG, Tobias

ComboFix 08-04-13.3 - Tob 2008-04-15 23:52:14.1 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.44.1033.18.1320 [GMT 2:00]

Running from: C:\Documents and Settings\Tob\Desktop\ComboFix.exe

* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\WINDOWS\cookies.ini

C:\WINDOWS\pskt.ini

C:\WINDOWS\system32\awtqpqRI.dll

C:\WINDOWS\system32\awtrRIBU.dll

C:\WINDOWS\system32\bfkghapt.ini

C:\WINDOWS\system32\bsuqqvll.dll

C:\WINDOWS\system32\byXOhIaW.dll

C:\WINDOWS\system32\cbXqOgGx.dll

C:\WINDOWS\system32\cudfgrae.dll

C:\WINDOWS\system32\daogvaxa.ini

C:\WINDOWS\system32\ddcaXPGv.dll

C:\WINDOWS\system32\eggrauxw.dll

C:\WINDOWS\system32\fmkamasv.ini

C:\WINDOWS\system32\gushfysi.dll

C:\WINDOWS\system32\ieuurwlo.dll

C:\WINDOWS\system32\iibqmcpp.dll

C:\WINDOWS\system32\iifgHBsQ.dll

C:\WINDOWS\system32\jiptoakb.dll

C:\WINDOWS\system32\jkkHXNed.dll

C:\WINDOWS\system32\jxmbkypp.dll

C:\WINDOWS\system32\kddhfgcw.dll

C:\WINDOWS\system32\khfCvSKd.dll

C:\WINDOWS\system32\llvqqusb.ini

C:\WINDOWS\system32\lmougvhm.dll

C:\WINDOWS\system32\mcrh.tmp

C:\WINDOWS\system32\mLeBsqoO.dll

C:\WINDOWS\system32\nhfypany.dll

C:\WINDOWS\system32\olwruuei.ini

C:\WINDOWS\system32\onyhwasy.dll

C:\WINDOWS\system32\opnOGaAq.dll

C:\WINDOWS\system32\opnomkIA.dll

C:\WINDOWS\system32\pmnlihgH.dll

C:\WINDOWS\system32\pmnnOHXR.dll

C:\WINDOWS\system32\qomliGaw.dll

C:\WINDOWS\system32\qwbxtihq.dll

C:\WINDOWS\system32\rmnmgglx.dll

C:\WINDOWS\system32\rqRJYqrS.dll

C:\WINDOWS\system32\sfhnbwan.dll

C:\WINDOWS\system32\ssqOHbYs.dll

C:\WINDOWS\system32\ssqQgDsQ.dll

C:\WINDOWS\system32\sxrusdnk.dll

C:\WINDOWS\system32\tkrlrlgb.dll

C:\WINDOWS\system32\ttiqykle.ini

C:\WINDOWS\system32\tuvTkllK.dll

C:\WINDOWS\system32\UBIRrtwa.ini

C:\WINDOWS\system32\UBIRrtwa.ini2

C:\WINDOWS\system32\ulwwynrv.ini

C:\WINDOWS\system32\uxxqgnrk.dll

C:\WINDOWS\system32\vtUmNecC.dll

C:\WINDOWS\system32\vtUomlkJ.dll

C:\WINDOWS\system32\wqsvxmsg.dll

C:\WINDOWS\system32\wsblawsb.dll

C:\WINDOWS\system32\yayyVmlM.dll

C:\WINDOWS\system32\yqsucskn.ini

.

((((((((((((((((((((((((( Files Created from 2008-03-15 to 2008-04-15 )))))))))))))))))))))))))))))))

.

2008-04-15 22:15 . 2008-04-15 22:15 <DIR> d-------- C:\Program Files\Panda Security

2008-04-15 15:09 . 2008-04-15 15:09 3,648 --a------ C:\WINDOWS\system32\obffruxe.dll

2008-04-14 20:46 . 2008-04-14 21:57 8,839,168 --a------ C:\wta-ffan-sample.avi

2008-04-14 20:41 . 2008-04-14 21:57 10,373,120 --a------ C:\wta-gbmsilkemaiden-sample.avi

2008-04-14 20:36 . 2008-04-14 21:58 8,742,912 --a------ C:\wta-dses-sample.avi

2008-04-14 20:32 . 2008-04-14 21:58 13,039,616 --a------ C:\wta-zf11-sample.avi

2008-04-14 19:37 . 2008-04-15 23:47 <DIR> d-------- C:\HTJ

2008-04-14 15:09 . 2008-04-14 15:09 3,648 --a------ C:\WINDOWS\system32\tsykluky.dll

2008-04-13 16:25 . 2008-04-14 22:04 10,690,560 --a------ C:\divxfactory-clmt-sample.avi

2008-04-13 15:42 . 2008-04-13 15:42 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard

2008-04-13 15:42 . 2008-04-13 15:44 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft

2008-04-13 15:41 . 2008-04-13 15:41 19,871,600 --a------ C:\aaw2007.exe

2008-04-13 15:10 . 2008-04-13 15:10 3,648 --a------ C:\WINDOWS\system32\bvsuyofc.dll

2008-04-13 15:04 . 2008-04-13 15:04 3,648 --a------ C:\WINDOWS\system32\jjsxjrth.dll

2008-04-13 14:40 . 2008-04-14 22:02 13,848,576 --a------ C:\nympho-worklat.sample.avi

2008-04-13 09:25 . 2008-04-14 22:03 6,969,344 --a------ C:\divxfactory-cwp11-sample.avi

2008-04-13 02:31 . 2008-04-14 22:03 13,586,432 --a------ C:\pl-oubb2-sample.avi

2008-04-12 14:12 . 2008-04-12 14:12 3,648 --a------ C:\WINDOWS\system32\vbdbjfqk.dll

2008-04-11 14:12 . 2008-04-11 14:12 3,648 --a------ C:\WINDOWS\system32\fthlqgdw.dll

2008-04-11 12:05 . 2008-04-11 12:05 3,648 --a------ C:\WINDOWS\system32\upinbnbo.dll

2008-04-09 21:40 . 2008-04-09 21:40 <DIR> d-------- C:\Documents and Settings\Tob\Application Data\Lavasoft

2008-04-09 21:31 . 2008-04-09 21:31 164 --a------ C:\install.dat

2008-04-09 21:29 . 2008-04-11 13:59 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy

2008-04-09 21:29 . 2008-04-11 12:32 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy

2008-04-09 21:28 . 2008-04-13 15:42 <DIR> d-------- C:\Program Files\Lavasoft

2008-04-09 21:27 . 2005-08-25 18:19 115,920 --a------ C:\WINDOWS\system32\MSINET.OCX

2008-04-09 21:26 . 2008-04-09 21:26 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Prevx

2008-04-09 21:25 . 2008-04-09 21:27 <DIR> d-------- C:\Temp

2008-04-09 21:12 . 2008-04-09 21:12 <DIR> d-------- C:\WINDOWS\system32\GroupPolicy

2008-04-09 21:12 . 2008-04-10 00:42 <DIR> d-------- C:\Program Files\Hitman Pro

2008-04-09 21:10 . 2008-04-09 21:10 4,011,208 --a------ C:\hitmanpro26.exe

2008-04-09 09:43 . 2008-04-11 12:03 1,413,763 --ahs---- C:\WINDOWS\system32\hxejrdpk.ini

2008-04-09 09:43 . 2008-04-15 21:22 101,120 --a------ C:\WINDOWS\BM5796bdc3.xml

2008-04-09 09:43 . 2008-04-09 09:43 3,648 --a------ C:\WINDOWS\system32\mqxamvbs.dll

2008-04-08 21:35 . 2008-04-08 21:35 36,864 --a------ C:\WINDOWS\system32\rqRLefCu.dll__DELETE_ON_REBOOT

2008-04-07 17:46 . 2008-04-13 15:19 <DIR> d-------- C:\pos

2008-04-05 03:37 . 2008-04-05 11:39 5,206 --a------ C:\lost.s4d2.nfo

2008-03-30 12:59 . 2008-03-31 14:13 16,854 --a------ C:\earth.pal.nfo

2008-03-25 19:02 . 2008-03-25 19:19 381 --a------ C:\WINDOWS\cdplayer.ini

2008-03-25 19:01 . 2008-03-25 19:01 <DIR> d-------- C:\Program Files\FreeRIP3

2008-03-25 19:01 . 2008-03-25 19:01 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\FreeRIP

2008-03-24 15:03 . 2008-04-15 20:40 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP

2008-03-24 15:03 . 2008-03-28 12:09 1,478,656 --a------ C:\WINDOWS\system32\WinSpooler.exe

2008-03-24 15:03 . 2008-03-28 12:26 37,888 --a------ C:\WINDOWS\system32\rar.exe

2008-03-22 20:05 . 2008-03-22 20:05 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\FLEXnet

2008-03-22 19:44 . 2008-03-22 19:44 <DIR> d-------- C:\Program Files\Bonjour

2008-03-22 19:32 . 2008-03-22 19:32 <DIR> d-------- C:\Program Files\Common Files\Macrovision Shared

2008-03-22 02:12 . 2008-03-27 17:57 5,752 --a------ C:\zwtiso.nfo

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-04-15 19:34 --------- d-----w C:\Program Files\FlashFXP

2008-04-13 21:07 --------- d-----w C:\Documents and Settings\Tob\Application Data\LimeWire

2008-04-11 12:04 --------- d-----w C:\Program Files\GreenBox

2008-04-09 16:57 --------- d--h--w C:\Program Files\InstallShield Installation Information

2008-04-09 16:57 --------- d-----w C:\Program Files\Sony

2008-04-09 16:41 --------- d-----w C:\Documents and Settings\All Users\Application Data\Sony Corporation

2008-04-04 21:17 --------- d-----w C:\Documents and Settings\Tob\Application Data\Sony Corporation

2008-03-24 12:49 --------- d-----w C:\Documents and Settings\All Users\Application Data\WinZip

2008-03-22 17:44 --------- d-----w C:\Program Files\Common Files\Adobe

2008-03-04 20:56 899,414 ----a-w C:\SetupDVDDecrypter_3.5.4.0.exe

2008-03-03 16:32 --------- d-----w C:\Program Files\Winamp

2008-02-27 22:41 --------- d-----w C:\Documents and Settings\Tob\Application Data\sony

2008-02-27 22:34 --------- d-----w C:\Documents and Settings\Tob\Application Data\Publish Providers

2008-02-27 22:34 --------- d-----w C:\Documents and Settings\Tob\Application Data\NetMedia Providers

2008-02-27 22:29 --------- d-----w C:\Documents and Settings\All Users\Application Data\Sony

2008-02-27 22:28 --------- d-----w C:\Program Files\VstPlugins

2008-02-22 09:53 --------- d-----w C:\Program Files\Belastingdienst

2007-04-27 20:15 518 ----a-w C:\Documents and Settings\Madelief\Application Data\wklnhst.dat

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 14:00 15360]

"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:54 5674352]

"SsAAD.exe"="C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe" [2006-05-08 06:17 81920]

"ServUTrayIcon"="C:\Program Files\RhinoSoft.com\Serv-U\ServUTray.exe" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-05-08 03:50 7561216]

"Apoint"="C:\Program Files\Apoint\Apoint.exe" [2004-11-17 13:47 118784]

"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-08-05 14:56 64512]

"Mouse Suite 98 Daemon"="ICO.EXE" [2002-03-14 17:46 45056 C:\WINDOWS\system32\ico.exe]

"VAIOCameraUtility"="C:\Program Files\Sony\VAIO Camera Utility\VCUServe.exe" [2005-12-27 14:58 69632]

"SonyPowerCfg"="C:\Program Files\Sony\VAIO Power Management\SPMgr.exe" [2006-06-27 19:24 217088]

"ISBMgr.exe"="C:\Program Files\Sony\ISB Utility\ISBMgr.exe" [2004-02-20 15:12 32768]

"Switcher.exe"="C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe" [2006-02-14 13:11 176128]

"VAIO Update 2"="C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe" [2005-10-11 22:36 151552]

"Acrobat Assistant 7.0"="C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2005-03-03 22:47 483328]

"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648]

"LClock"="C:\Program Files\LClock\LClock.exe" [ ]

"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 02:11 132496]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-10 14:00 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles

"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\iifgHBsQ]

iifgHBsQ.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\rqRLefCu]

rqRLefCu.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]

VESWinlogon.dll 2006-03-09 15:51 73728 C:\WINDOWS\system32\VESWinlogon.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"C:\\Program Files\\Adobe\\Photoshop Elements 4.0\\AdobePhotoshopElementsMediaServer.exe"=

"C:\\Program Files\\LimeWire\\LimeWire.exe"=

"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=

"C:\\Program Files\\MSN Messenger\\livecall.exe"=

"C:\\Program Files\\FlashFXP\\FlashFXP.exe"=

"D:\\eMuleDownloads\\emule.exe"=

"C:\\Program Files\\Internet Explorer\\iexplore.exe"=

"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=

R2 MSSQL$VAIO_VEDB;MSSQL$VAIO_VEDB;C:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe [2002-12-17 18:26]

R3 SonyImgF;Sony Image Conversion Filter Driver;C:\WINDOWS\system32\DRIVERS\SonyImgF.sys [2006-03-06 11:39]

R3 ti21sony;ti21sony;C:\WINDOWS\system32\drivers\ti21sony.sys [2006-02-21 11:32]

S3 SQLAgent$VAIO_VEDB;SQLAgent$VAIO_VEDB;C:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlagent.EXE [2002-12-17 18:23]

S3 ss_bus;SAMSUNG Mobile USB Device 1.0 driver (WDM);C:\WINDOWS\system32\DRIVERS\ss_bus.sys [2005-08-30 18:57]

S3 ss_mdfl;SAMSUNG Mobile USB Modem 1.0 Filter;C:\WINDOWS\system32\DRIVERS\ss_mdfl.sys [2005-08-30 18:58]

S3 ss_mdm;SAMSUNG Mobile USB Modem 1.0 Drivers;C:\WINDOWS\system32\DRIVERS\ss_mdm.sys [2005-08-30 18:59]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]

\Shell\AutoRun\command - G:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ea6c2b16-d358-11dc-a4ab-0002c7dda282}]

\Shell\AutoRun\command - G:\LaunchU3.exe -a

.

**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-04-16 00:01:28

Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

------------------------ Other Running Processes ------------------------

.

C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\WINDOWS\ehome\ehrecvr.exe

C:\WINDOWS\ehome\ehSched.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

C:\Program Files\Sony\VAIO Event Service\VESMgr.exe

C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe

C:\WINDOWS\ehome\mcrdsvc.exe

C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe

C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe

C:\WINDOWS\system32\dllhost.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\ehome\ehmsas.exe

C:\Program Files\Apoint\ApntEx.exe

.

**************************************************************************

.

Completion time: 2008-04-16 0:05:29 - machine was rebooted

ComboFix-quarantined-files.txt 2008-04-15 22:05:26

Pre-Run: 2,215,305,216 bytes free

Post-Run: 2,495,242,240 bytes free

.

2008-03-12 14:30:00 --- E O F ---

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 0:06:32, on 16-4-2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\WINDOWS\eHome\ehRecvr.exe

C:\WINDOWS\eHome\ehSched.exe

C:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Sony\VAIO Event Service\VESMgr.exe

C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe

C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe

C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe

C:\WINDOWS\system32\dllhost.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Program Files\Apoint\Apoint.exe

C:\WINDOWS\ehome\ehtray.exe

C:\WINDOWS\system32\ICO.EXE

C:\WINDOWS\eHome\ehmsas.exe

C:\Program Files\Sony\VAIO Camera Utility\VCUServe.exe

C:\Program Files\Sony\VAIO Power Management\SPMgr.exe

C:\Program Files\Sony\ISB Utility\ISBMgr.exe

C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe

C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe

C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe

C:\Program Files\Apoint\Apntex.exe

C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\MSN Messenger\MsnMsgr.Exe

C:\WINDOWS\system32\wuauclt.exe

C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\explorer.exe

C:\WINDOWS\system32\notepad.exe

C:\HTJ\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe

O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe

O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE

O4 - HKLM\..\Run: [VAIOCameraUtility] "C:\Program Files\Sony\VAIO Camera Utility\VCUServe.exe"

O4 - HKLM\..\Run: [sonyPowerCfg] "C:\Program Files\Sony\VAIO Power Management\SPMgr.exe"

O4 - HKLM\..\Run: [iSBMgr.exe] C:\Program Files\Sony\ISB Utility\ISBMgr.exe

O4 - HKLM\..\Run: [switcher.exe] C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe

O4 - HKLM\..\Run: [VAIO Update 2] "C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe" /Stationary

O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [LClock] C:\Program Files\LClock\LClock.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [ssAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe

O4 - HKCU\..\Run: [servUTrayIcon] C:\Program Files\RhinoSoft.com\Serv-U\ServUTray.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O8 - Extra context menu item: Add RSS Support Site to VAIO Information FLOW - C:\Program Files\Sony\VAIO Information FLOW\aiesc.html

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file)

O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL

O14 - IERESET.INF: START_PAGE_URL=http://www.club-vaio.com/en/

O15 - Trusted Zone: *.sony-europe.com

O15 - Trusted Zone: *.sonystyle-europe.com

O15 - Trusted Zone: *.vaio-link.com

O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab

O20 - Winlogon Notify: iifgHBsQ - iifgHBsQ.dll (file missing)

O20 - Winlogon Notify: rqRLefCu - rqRLefCu.dll (file missing)

O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Adobe Active File Monitor V4 (AdobeActiveFileMonitor4.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe

O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe

O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe

O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe

O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe

O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe

O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe

O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe

O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe

O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe

O23 - Service: VAIO Entertainment File Import Service (VzFw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe

--

End of file - 8626 bytes

Geplaatst:

Start Hijackthis op en kies voor 'Do a system scan only'. Selecteer alleen de items hieronder genoemd:

O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file)

O20 - Winlogon Notify: iifgHBsQ - iifgHBsQ.dll (file missing)

O20 - Winlogon Notify: rqRLefCu - rqRLefCu.dll (file missing)

Klik op 'Fix checked' om de items te verwijderen.

Vraagje : kan je mij eens vertellen of je deze mappen kent en wat er eventueel als bestanden in zit : C:\pos en C:\Program Files\Belastingdienst

Open dan een kladblokbestand.

Kopieer en plak daarin de onderstaande vetgedrukte tekst.

File::

C:\WINDOWS\system32\obffruxe.dll

C:\WINDOWS\system32\tsykluky.dll

C:\wta-ffan-sample.avi

C:\wta-gbmsilkemaiden-sample.avi

C:\wta-dses-sample.avi

C:\wta-zf11-sample.avi

C:\WINDOWS\system32\bvsuyofc.dll

C:\WINDOWS\system32\jjsxjrth.dll

C:\nympho-worklat.sample.avi

C:\divxfactory-cwp11-sample.avi

C:\divxfactory-clmt-sample.avi

C:\pl-oubb2-sample.avi

C:\WINDOWS\system32\vbdbjfqk.dll

C:\WINDOWS\system32\fthlqgdw.dll

C:\WINDOWS\system32\upinbnbo.dll

C:\hitmanpro26.exe

C:\WINDOWS\system32\hxejrdpk.ini

C:\WINDOWS\BM5796bdc3.xml

C:\WINDOWS\system32\mqxamvbs.dll

C:\lost.s4d2.nfo

Folder::

C:\Program Files\Hitman Pro

C:\WINDOWS\system32\rqRLefCu.dll__DELETE_ON_REBOOT

Registry::

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\iifgHBsQ]

iifgHBsQ.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\rqRLefCu]

rqRLefCu.dll

Sla dit bestand op je bureaublad op als CFScript.txt.

Sleep CFScript.txt in ComboFix.exe

Dit zal ComboFix doen herstarten. Start opnieuw op als dat gevraagd wordt.

Post na herstart de inhoud van de Combofix.txt in je volgende bericht samen met een nieuw logje van HijackThis.

Geplaatst:

Hoi Kape, dank voor je hulp! Ik heb alles weer gedaan wat je zegt. Die twee mappen waar je naar vraagt: de ene zitten wat filmpjes in die ik met mijn camera heb gemaakt, het andere is de map die de belastingdienst vanzelf aanmaakt als je aangifte gaat doen.

Hier de logjes:

ComboFix 08-04-13.3 - Tob 2008-04-16 16:29:42.2 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.44.1033.18.1550 [GMT 2:00]

Running from: C:\Documents and Settings\Tob\Desktop\ComboFix.exe

Command switches used :: C:\Documents and Settings\Tob\Desktop\CFScript.txt

* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::

C:\divxfactory-clmt-sample.avi

C:\divxfactory-cwp11-sample.avi

C:\hitmanpro26.exe

C:\lost.s4d2.nfo

C:\nympho-worklat.sample.avi

C:\pl-oubb2-sample.avi

C:\WINDOWS\BM5796bdc3.xml

C:\WINDOWS\system32\bvsuyofc.dll

C:\WINDOWS\system32\fthlqgdw.dll

C:\WINDOWS\system32\hxejrdpk.ini

C:\WINDOWS\system32\jjsxjrth.dll

C:\WINDOWS\system32\mqxamvbs.dll

C:\WINDOWS\system32\obffruxe.dll

C:\WINDOWS\system32\tsykluky.dll

C:\WINDOWS\system32\upinbnbo.dll

C:\WINDOWS\system32\vbdbjfqk.dll

C:\wta-dses-sample.avi

C:\wta-ffan-sample.avi

C:\wta-gbmsilkemaiden-sample.avi

C:\wta-zf11-sample.avi

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\hitmanpro26.exe

C:\lost.s4d2.nfo

C:\Program Files\Hitman Pro

C:\Program Files\Hitman Pro\alkep.dat

C:\Program Files\Hitman Pro\alrem.dat

C:\Program Files\Hitman Pro\downloads\aawsepersonal.exe

C:\Program Files\Hitman Pro\downloads\cwshredder.exe

C:\Program Files\Hitman Pro\downloads\defs.ref

C:\Program Files\Hitman Pro\downloads\downloads.bin

C:\Program Files\Hitman Pro\downloads\ewido_micro.exe

C:\Program Files\Hitman Pro\downloads\hitmanpro2.pak

C:\Program Files\Hitman Pro\downloads\PrevxcsiPP3642.EXE

C:\Program Files\Hitman Pro\downloads\sdsetup.exe

C:\Program Files\Hitman Pro\downloads\spybotsd14.exe

C:\Program Files\Hitman Pro\downloads\SpySweeperTrialSetup_NL.exe

C:\Program Files\Hitman Pro\downloads\spywareblastersetup351.exe

C:\Program Files\Hitman Pro\downloads\srhelper.exe

C:\Program Files\Hitman Pro\downloads\ssfsetup45.exe

C:\Program Files\Hitman Pro\hitmanpro2.exe

C:\Program Files\Hitman Pro\icons\ff-s.ico

C:\Program Files\Hitman Pro\icons\ff.ico

C:\Program Files\Hitman Pro\icons\ie-s.ico

C:\Program Files\Hitman Pro\icons\ie.ico

C:\Program Files\Hitman Pro\icons\msnmsgr.ico

C:\Program Files\Hitman Pro\icons\oe-s.ico

C:\Program Files\Hitman Pro\icons\oe.ico

C:\Program Files\Hitman Pro\icons\ol-s.ico

C:\Program Files\Hitman Pro\icons\ol.ico

C:\Program Files\Hitman Pro\logs\buynow.gif

C:\Program Files\Hitman Pro\logs\Hitman_Pro_2008-04-09_21-14-29.htm

C:\Program Files\Hitman Pro\logs\Hitman_Pro_2008-04-09_21-16-39.htm

C:\Program Files\Hitman Pro\logs\Hitman_Pro_2008-04-09_21-18-32.htm

C:\Program Files\Hitman Pro\logs\hitmanpro.jpg

C:\Program Files\Hitman Pro\pacomp.exe

C:\Program Files\Hitman Pro\pacrypt.exe

C:\Program Files\Hitman Pro\paext.exe

C:\Program Files\Hitman Pro\Registry.pol

C:\Program Files\Hitman Pro\sigcheck.exe

C:\Program Files\Hitman Pro\srhelper.exe

C:\Program Files\Hitman Pro\strider.bin

C:\Program Files\Hitman Pro\StriderCache.ini

C:\Program Files\Hitman Pro\surfright.exe

C:\Program Files\Hitman Pro\timeout.exe

C:\Program Files\Hitman Pro\unins000.dat

C:\Program Files\Hitman Pro\unins000.exe

C:\Program Files\Hitman Pro\uninstall.exe

C:\Program Files\Hitman Pro\unrar3.dll

C:\Program Files\Hitman Pro\update.exe

C:\Program Files\Hitman Pro\updates\Registry.pol

C:\Program Files\Hitman Pro\updates\uninstall.exe

C:\Program Files\Hitman Pro\updates\updates.pae

C:\Program Files\Hitman Pro\wget.exe

C:\Program Files\Hitman Pro\xphelper.exe

C:\WINDOWS\BM5796bdc3.xml

C:\WINDOWS\system32\bvsuyofc.dll

C:\WINDOWS\system32\fthlqgdw.dll

C:\WINDOWS\system32\hxejrdpk.ini

C:\WINDOWS\system32\jjsxjrth.dll

C:\WINDOWS\system32\mqxamvbs.dll

C:\WINDOWS\system32\obffruxe.dll

C:\WINDOWS\system32\rqRLefCu.dll__DELETE_ON_REBOOT\

C:\WINDOWS\system32\tsykluky.dll

C:\WINDOWS\system32\upinbnbo.dll

C:\WINDOWS\system32\vbdbjfqk.dll

.

((((((((((((((((((((((((( Files Created from 2008-03-16 to 2008-04-16 )))))))))))))))))))))))))))))))

.

2008-04-15 22:15 . 2008-04-15 22:15 <DIR> d-------- C:\Program Files\Panda Security

2008-04-14 19:37 . 2008-04-16 16:25 <DIR> d-------- C:\HTJ

2008-04-13 15:42 . 2008-04-13 15:42 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard

2008-04-13 15:42 . 2008-04-13 15:44 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft

2008-04-13 15:41 . 2008-04-13 15:41 19,871,600 --a------ C:\aaw2007.exe

2008-04-09 21:40 . 2008-04-09 21:40 <DIR> d-------- C:\Documents and Settings\Tob\Application Data\Lavasoft

2008-04-09 21:31 . 2008-04-09 21:31 164 --a------ C:\install.dat

2008-04-09 21:29 . 2008-04-11 13:59 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy

2008-04-09 21:29 . 2008-04-11 12:32 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy

2008-04-09 21:28 . 2008-04-13 15:42 <DIR> d-------- C:\Program Files\Lavasoft

2008-04-09 21:27 . 2005-08-25 18:19 115,920 --a------ C:\WINDOWS\system32\MSINET.OCX

2008-04-09 21:26 . 2008-04-09 21:26 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Prevx

2008-04-09 21:25 . 2008-04-09 21:27 <DIR> d-------- C:\Temp

2008-04-09 21:12 . 2008-04-09 21:12 <DIR> d-------- C:\WINDOWS\system32\GroupPolicy

2008-04-08 21:35 . 2008-04-08 21:35 36,864 --a------ C:\WINDOWS\system32\rqRLefCu.dll__DELETE_ON_REBOOT

2008-04-07 17:46 . 2008-04-13 15:19 <DIR> d-------- C:\pos

2008-03-30 12:59 . 2008-03-31 14:13 16,854 --a------ C:\earth.pal.nfo

2008-03-25 19:02 . 2008-03-25 19:19 381 --a------ C:\WINDOWS\cdplayer.ini

2008-03-25 19:01 . 2008-03-25 19:01 <DIR> d-------- C:\Program Files\FreeRIP3

2008-03-25 19:01 . 2008-03-25 19:01 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\FreeRIP

2008-03-24 15:03 . 2008-04-15 20:40 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP

2008-03-24 15:03 . 2008-03-28 12:09 1,478,656 --a------ C:\WINDOWS\system32\WinSpooler.exe

2008-03-24 15:03 . 2008-03-28 12:26 37,888 --a------ C:\WINDOWS\system32\rar.exe

2008-03-22 20:05 . 2008-03-22 20:05 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\FLEXnet

2008-03-22 19:44 . 2008-03-22 19:44 <DIR> d-------- C:\Program Files\Bonjour

2008-03-22 19:32 . 2008-03-22 19:32 <DIR> d-------- C:\Program Files\Common Files\Macrovision Shared

2008-03-22 02:12 . 2008-03-27 17:57 5,752 --a------ C:\zwtiso.nfo

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-04-16 14:21 --------- d-----w C:\Program Files\FlashFXP

2008-04-13 21:07 --------- d-----w C:\Documents and Settings\Tob\Application Data\LimeWire

2008-04-13 18:43 34,816 ----a-w C:\WINDOWS\system32\WinUpdating.exe

2008-04-11 12:04 --------- d-----w C:\Program Files\GreenBox

2008-04-09 16:57 --------- d--h--w C:\Program Files\InstallShield Installation Information

2008-04-09 16:57 --------- d-----w C:\Program Files\Sony

2008-04-09 16:41 --------- d-----w C:\Documents and Settings\All Users\Application Data\Sony Corporation

2008-04-04 21:17 --------- d-----w C:\Documents and Settings\Tob\Application Data\Sony Corporation

2008-03-24 12:49 --------- d-----w C:\Documents and Settings\All Users\Application Data\WinZip

2008-03-22 17:44 --------- d-----w C:\Program Files\Common Files\Adobe

2008-03-19 09:47 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys

2008-03-04 20:56 899,414 ----a-w C:\SetupDVDDecrypter_3.5.4.0.exe

2008-03-03 16:32 --------- d-----w C:\Program Files\Winamp

2008-02-27 22:41 --------- d-----w C:\Documents and Settings\Tob\Application Data\sony

2008-02-27 22:34 --------- d-----w C:\Documents and Settings\Tob\Application Data\Publish Providers

2008-02-27 22:34 --------- d-----w C:\Documents and Settings\Tob\Application Data\NetMedia Providers

2008-02-27 22:29 --------- d-----w C:\Documents and Settings\All Users\Application Data\Sony

2008-02-27 22:28 --------- d-----w C:\Program Files\VstPlugins

2008-02-22 09:53 --------- d-----w C:\Program Files\Belastingdienst

2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll

2008-02-20 05:32 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll

2008-02-16 09:32 666,112 ----a-w C:\WINDOWS\system32\wininet.dll

2007-04-27 20:15 518 ----a-w C:\Documents and Settings\Madelief\Application Data\wklnhst.dat

.

((((((((((((((((((((((((((((( snapshot@2008-04-16_ 0.05.13.60 )))))))))))))))))))))))))))))))))))))))))

.

- 2008-04-15 22:00:18 2,048 --s-a-w C:\WINDOWS\bootstat.dat

+ 2008-04-16 04:20:27 2,048 --s-a-w C:\WINDOWS\bootstat.dat

- 2007-12-07 00:44:30 1,024,000 ----a-w C:\WINDOWS\system32\browseui.dll

+ 2008-02-16 09:32:03 1,024,000 ----a-w C:\WINDOWS\system32\browseui.dll

- 2007-12-07 00:44:30 151,040 ----a-w C:\WINDOWS\system32\cdfview.dll

+ 2008-02-16 09:32:03 151,040 ----a-w C:\WINDOWS\system32\cdfview.dll

- 2008-04-10 14:46:59 16,384 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat

+ 2008-04-16 01:17:51 16,384 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat

- 2008-04-10 14:46:59 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat

+ 2008-04-16 01:17:51 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat

- 2008-04-10 14:46:59 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat

+ 2008-04-16 01:17:51 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat

- 2006-03-04 03:58:44 1,054,208 ----a-w C:\WINDOWS\system32\danim.dll

+ 2008-02-16 09:32:03 1,054,208 ----a-w C:\WINDOWS\system32\danim.dll

- 2007-12-07 00:44:30 1,024,000 -c----w C:\WINDOWS\system32\dllcache\browseui.dll

+ 2008-02-16 09:32:03 1,024,000 -c----w C:\WINDOWS\system32\dllcache\browseui.dll

- 2007-12-07 00:44:30 151,040 -c----w C:\WINDOWS\system32\dllcache\cdfview.dll

+ 2008-02-16 09:32:03 151,040 -c----w C:\WINDOWS\system32\dllcache\cdfview.dll

- 2006-03-04 03:58:44 1,054,208 -c----w C:\WINDOWS\system32\dllcache\danim.dll

+ 2008-02-16 09:32:03 1,054,208 -c----w C:\WINDOWS\system32\dllcache\danim.dll

+ 2008-02-20 05:32:43 148,992 -c----w C:\WINDOWS\system32\dllcache\dnsapi.dll

+ 2008-02-20 05:32:43 45,568 -c----w C:\WINDOWS\system32\dllcache\dnsrslvr.dll

- 2007-12-07 00:44:33 357,888 -c----w C:\WINDOWS\system32\dllcache\dxtmsft.dll

+ 2008-02-16 09:32:04 357,888 -c----w C:\WINDOWS\system32\dllcache\dxtmsft.dll

- 2007-12-07 00:44:33 205,824 -c----w C:\WINDOWS\system32\dllcache\dxtrans.dll

+ 2008-02-16 09:32:04 205,312 -c----w C:\WINDOWS\system32\dllcache\dxtrans.dll

- 2007-12-07 00:44:33 55,808 -c----w C:\WINDOWS\system32\dllcache\extmgr.dll

+ 2008-02-16 09:32:04 55,808 -c----w C:\WINDOWS\system32\dllcache\extmgr.dll

- 2007-06-19 13:31:19 282,112 -c----w C:\WINDOWS\system32\dllcache\gdi32.dll

+ 2008-02-20 06:51:05 282,624 -c----w C:\WINDOWS\system32\dllcache\gdi32.dll

- 2007-12-06 10:05:52 18,432 -c----w C:\WINDOWS\system32\dllcache\iedw.exe

+ 2008-02-15 09:07:53 18,432 -c----w C:\WINDOWS\system32\dllcache\iedw.exe

- 2007-12-07 00:44:33 251,904 -c----w C:\WINDOWS\system32\dllcache\iepeers.dll

+ 2008-02-16 09:32:04 251,904 -c----w C:\WINDOWS\system32\dllcache\iepeers.dll

- 2007-12-07 00:44:33 96,256 -c----w C:\WINDOWS\system32\dllcache\inseng.dll

+ 2008-02-16 09:32:04 96,256 -c----w C:\WINDOWS\system32\dllcache\inseng.dll

- 2007-11-14 07:26:56 450,560 -c----w C:\WINDOWS\system32\dllcache\jscript.dll

+ 2007-12-18 14:40:58 450,560 -c----w C:\WINDOWS\system32\dllcache\jscript.dll

- 2007-12-07 00:44:33 16,384 -c----w C:\WINDOWS\system32\dllcache\jsproxy.dll

+ 2008-02-16 09:32:04 16,384 -c----w C:\WINDOWS\system32\dllcache\jsproxy.dll

- 2007-12-07 00:44:35 3,066,368 -c----w C:\WINDOWS\system32\dllcache\mshtml.dll

+ 2008-02-16 09:32:06 3,066,880 -c----w C:\WINDOWS\system32\dllcache\mshtml.dll

- 2007-12-07 00:44:36 449,024 -c----w C:\WINDOWS\system32\dllcache\mshtmled.dll

+ 2008-02-16 09:32:06 449,024 -c----w C:\WINDOWS\system32\dllcache\mshtmled.dll

- 2007-12-07 00:44:36 146,432 -c----w C:\WINDOWS\system32\dllcache\msrating.dll

+ 2008-02-16 09:32:06 146,432 -c----w C:\WINDOWS\system32\dllcache\msrating.dll

- 2007-12-07 00:44:36 532,480 -c----w C:\WINDOWS\system32\dllcache\mstime.dll

+ 2008-02-16 09:32:07 532,480 -c----w C:\WINDOWS\system32\dllcache\mstime.dll

- 2007-12-07 00:44:36 39,424 -c----w C:\WINDOWS\system32\dllcache\pngfilt.dll

+ 2008-02-16 09:32:07 39,424 -c----w C:\WINDOWS\system32\dllcache\pngfilt.dll

- 2007-12-07 00:44:37 1,499,136 -c----w C:\WINDOWS\system32\dllcache\shdocvw.dll

+ 2008-02-16 09:32:08 1,499,136 -c----w C:\WINDOWS\system32\dllcache\shdocvw.dll

- 2007-12-07 00:44:38 474,112 -c----w C:\WINDOWS\system32\dllcache\shlwapi.dll

+ 2008-02-16 09:32:08 474,112 -c----w C:\WINDOWS\system32\dllcache\shlwapi.dll

- 2007-12-07 00:44:39 617,984 -c----w C:\WINDOWS\system32\dllcache\urlmon.dll

+ 2008-02-16 09:32:08 618,496 -c----w C:\WINDOWS\system32\dllcache\urlmon.dll

+ 2007-12-18 14:40:58 417,792 -c----w C:\WINDOWS\system32\dllcache\vbscript.dll

- 2007-03-08 13:47:48 1,843,584 -c----w C:\WINDOWS\system32\dllcache\win32k.sys

+ 2008-03-19 09:47:00 1,845,248 -c----w C:\WINDOWS\system32\dllcache\win32k.sys

- 2007-12-07 00:44:39 666,112 -c----w C:\WINDOWS\system32\dllcache\wininet.dll

+ 2008-02-16 09:32:09 666,112 -c----w C:\WINDOWS\system32\dllcache\wininet.dll

- 2006-06-26 17:37:10 148,480 ----a-w C:\WINDOWS\system32\dnsapi.dll

+ 2008-02-20 05:32:43 148,992 ----a-w C:\WINDOWS\system32\dnsapi.dll

- 2007-12-07 00:44:33 357,888 ----a-w C:\WINDOWS\system32\dxtmsft.dll

+ 2008-02-16 09:32:04 357,888 ----a-w C:\WINDOWS\system32\dxtmsft.dll

- 2007-12-07 00:44:33 205,824 ----a-w C:\WINDOWS\system32\dxtrans.dll

+ 2008-02-16 09:32:04 205,312 ----a-w C:\WINDOWS\system32\dxtrans.dll

- 2007-12-07 00:44:33 55,808 ----a-w C:\WINDOWS\system32\extmgr.dll

+ 2008-02-16 09:32:04 55,808 ----a-w C:\WINDOWS\system32\extmgr.dll

- 2008-03-22 18:29:24 1,474,656 ----a-w C:\WINDOWS\system32\FNTCACHE.DAT

+ 2008-04-16 01:08:21 1,474,656 ----a-w C:\WINDOWS\system32\FNTCACHE.DAT

- 2007-12-07 00:44:33 251,904 ----a-w C:\WINDOWS\system32\iepeers.dll

+ 2008-02-16 09:32:04 251,904 ----a-w C:\WINDOWS\system32\iepeers.dll

- 2007-12-07 00:44:33 96,256 ----a-w C:\WINDOWS\system32\inseng.dll

+ 2008-02-16 09:32:04 96,256 ----a-w C:\WINDOWS\system32\inseng.dll

- 2007-11-14 07:26:56 450,560 ----a-w C:\WINDOWS\system32\jscript.dll

+ 2007-12-18 14:40:58 450,560 ----a-w C:\WINDOWS\system32\jscript.dll

- 2007-12-07 00:44:33 16,384 ----a-w C:\WINDOWS\system32\jsproxy.dll

+ 2008-02-16 09:32:04 16,384 ----a-w C:\WINDOWS\system32\jsproxy.dll

+ 2008-04-05 20:56:22 19,836,024 ----a-w C:\WINDOWS\system32\MRT.exe

- 2007-12-07 00:44:35 3,066,368 ----a-w C:\WINDOWS\system32\mshtml.dll

+ 2008-02-16 09:32:06 3,066,880 ----a-w C:\WINDOWS\system32\mshtml.dll

- 2007-12-07 00:44:36 449,024 ----a-w C:\WINDOWS\system32\mshtmled.dll

+ 2008-02-16 09:32:06 449,024 ----a-w C:\WINDOWS\system32\mshtmled.dll

- 2007-12-07 00:44:36 146,432 ----a-w C:\WINDOWS\system32\msrating.dll

+ 2008-02-16 09:32:06 146,432 ----a-w C:\WINDOWS\system32\msrating.dll

- 2007-12-07 00:44:36 532,480 ----a-w C:\WINDOWS\system32\mstime.dll

+ 2008-02-16 09:32:07 532,480 ----a-w C:\WINDOWS\system32\mstime.dll

- 2007-12-07 00:44:36 39,424 ----a-w C:\WINDOWS\system32\pngfilt.dll

+ 2008-02-16 09:32:07 39,424 ----a-w C:\WINDOWS\system32\pngfilt.dll

- 2007-12-07 00:44:37 1,499,136 ----a-w C:\WINDOWS\system32\shdocvw.dll

+ 2008-02-16 09:32:08 1,499,136 ----a-w C:\WINDOWS\system32\shdocvw.dll

- 2007-12-07 00:44:38 474,112 ----a-w C:\WINDOWS\system32\shlwapi.dll

+ 2008-02-16 09:32:08 474,112 ----a-w C:\WINDOWS\system32\shlwapi.dll

- 2005-10-12 23:12:25 14,048 ----a-w C:\WINDOWS\system32\spmsg.dll

+ 2007-03-06 01:22:33 14,048 ------w C:\WINDOWS\system32\spmsg.dll

- 2007-12-07 00:44:39 617,984 ----a-w C:\WINDOWS\system32\urlmon.dll

+ 2008-02-16 09:32:08 618,496 ----a-w C:\WINDOWS\system32\urlmon.dll

- 2004-08-10 12:00:00 417,792 ----a-w C:\WINDOWS\system32\vbscript.dll

+ 2007-12-18 14:40:58 417,792 ----a-w C:\WINDOWS\system32\vbscript.dll

- 2007-12-06 09:38:31 350,720 ----a-w C:\WINDOWS\system32\xpsp3res.dll

+ 2008-02-15 09:06:21 351,744 ----a-w C:\WINDOWS\system32\xpsp3res.dll

+ 2008-04-16 04:20:40 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_3b4.dat

.

-- Snapshot reset to current date --

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 14:00 15360]

"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:54 5674352]

"SsAAD.exe"="C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe" [2006-05-08 06:17 81920]

"ServUTrayIcon"="C:\Program Files\RhinoSoft.com\Serv-U\ServUTray.exe" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-05-08 03:50 7561216]

"Apoint"="C:\Program Files\Apoint\Apoint.exe" [2004-11-17 13:47 118784]

"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-08-05 14:56 64512]

"Mouse Suite 98 Daemon"="ICO.EXE" [2002-03-14 17:46 45056 C:\WINDOWS\system32\ico.exe]

"VAIOCameraUtility"="C:\Program Files\Sony\VAIO Camera Utility\VCUServe.exe" [2005-12-27 14:58 69632]

"SonyPowerCfg"="C:\Program Files\Sony\VAIO Power Management\SPMgr.exe" [2006-06-27 19:24 217088]

"ISBMgr.exe"="C:\Program Files\Sony\ISB Utility\ISBMgr.exe" [2004-02-20 15:12 32768]

"Switcher.exe"="C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe" [2006-02-14 13:11 176128]

"VAIO Update 2"="C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe" [2005-10-11 22:36 151552]

"Acrobat Assistant 7.0"="C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2005-03-03 22:47 483328]

"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648]

"LClock"="C:\Program Files\LClock\LClock.exe" [ ]

"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 02:11 132496]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-10 14:00 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles

"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\iifgHBsQ]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\rqRLefCu]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]

VESWinlogon.dll 2006-03-09 15:51 73728 C:\WINDOWS\system32\VESWinlogon.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"C:\\Program Files\\Adobe\\Photoshop Elements 4.0\\AdobePhotoshopElementsMediaServer.exe"=

"C:\\Program Files\\LimeWire\\LimeWire.exe"=

"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=

"C:\\Program Files\\MSN Messenger\\livecall.exe"=

"C:\\Program Files\\FlashFXP\\FlashFXP.exe"=

"D:\\eMuleDownloads\\emule.exe"=

"C:\\Program Files\\Internet Explorer\\iexplore.exe"=

"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=

R2 MSSQL$VAIO_VEDB;MSSQL$VAIO_VEDB;C:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe [2002-12-17 18:26]

R3 SonyImgF;Sony Image Conversion Filter Driver;C:\WINDOWS\system32\DRIVERS\SonyImgF.sys [2006-03-06 11:39]

R3 ti21sony;ti21sony;C:\WINDOWS\system32\drivers\ti21sony.sys [2006-02-21 11:32]

S3 SQLAgent$VAIO_VEDB;SQLAgent$VAIO_VEDB;C:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlagent.EXE [2002-12-17 18:23]

S3 ss_bus;SAMSUNG Mobile USB Device 1.0 driver (WDM);C:\WINDOWS\system32\DRIVERS\ss_bus.sys [2005-08-30 18:57]

S3 ss_mdfl;SAMSUNG Mobile USB Modem 1.0 Filter;C:\WINDOWS\system32\DRIVERS\ss_mdfl.sys [2005-08-30 18:58]

S3 ss_mdm;SAMSUNG Mobile USB Modem 1.0 Drivers;C:\WINDOWS\system32\DRIVERS\ss_mdm.sys [2005-08-30 18:59]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]

\Shell\AutoRun\command - G:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ea6c2b16-d358-11dc-a4ab-0002c7dda282}]

\Shell\AutoRun\command - G:\LaunchU3.exe -a

.

**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-04-16 16:32:37

Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

Completion time: 2008-04-16 16:33:16

ComboFix-quarantined-files.txt 2008-04-16 14:33:00

ComboFix2.txt 2008-04-15 22:05:29

Pre-Run: 2,063,499,264 bytes free

Post-Run: 1,981,173,760 bytes free

.

2008-04-16 01:23:10 --- E O F ---

En de andere:

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 16:38:32, on 16-4-2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\WINDOWS\eHome\ehRecvr.exe

C:\WINDOWS\eHome\ehSched.exe

C:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Sony\VAIO Event Service\VESMgr.exe

C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe

C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe

C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe

C:\WINDOWS\system32\dllhost.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Program Files\Apoint\Apoint.exe

C:\WINDOWS\ehome\ehtray.exe

C:\WINDOWS\eHome\ehmsas.exe

C:\WINDOWS\system32\ICO.EXE

C:\Program Files\Sony\VAIO Camera Utility\VCUServe.exe

C:\Program Files\Sony\VAIO Power Management\SPMgr.exe

C:\Program Files\Sony\ISB Utility\ISBMgr.exe

C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe

C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe

C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe

C:\Program Files\Apoint\Apntex.exe

C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\MSN Messenger\MsnMsgr.Exe

C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\MSN Messenger\usnsvc.exe

C:\WINDOWS\system32\notepad.exe

C:\WINDOWS\explorer.exe

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\HTJ\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe

O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe

O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE

O4 - HKLM\..\Run: [VAIOCameraUtility] "C:\Program Files\Sony\VAIO Camera Utility\VCUServe.exe"

O4 - HKLM\..\Run: [sonyPowerCfg] "C:\Program Files\Sony\VAIO Power Management\SPMgr.exe"

O4 - HKLM\..\Run: [iSBMgr.exe] C:\Program Files\Sony\ISB Utility\ISBMgr.exe

O4 - HKLM\..\Run: [switcher.exe] C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe

O4 - HKLM\..\Run: [VAIO Update 2] "C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe" /Stationary

O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [LClock] C:\Program Files\LClock\LClock.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [ssAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe

O4 - HKCU\..\Run: [servUTrayIcon] C:\Program Files\RhinoSoft.com\Serv-U\ServUTray.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O8 - Extra context menu item: Add RSS Support Site to VAIO Information FLOW - C:\Program Files\Sony\VAIO Information FLOW\aiesc.html

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL

O14 - IERESET.INF: START_PAGE_URL=http://www.club-vaio.com/en/

O15 - Trusted Zone: *.sony-europe.com

O15 - Trusted Zone: *.sonystyle-europe.com

O15 - Trusted Zone: *.vaio-link.com

O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab

O20 - Winlogon Notify: iifgHBsQ - C:\WINDOWS\

O20 - Winlogon Notify: rqRLefCu - C:\WINDOWS\

O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Adobe Active File Monitor V4 (AdobeActiveFileMonitor4.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe

O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe

O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe

O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe

O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe

O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe

O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe

O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe

O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe

O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe

O23 - Service: VAIO Entertainment File Import Service (VzFw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe

--

End of file - 8571 bytes

Geplaatst:

Start Hijackthis op en kies voor 'Do a system scan only'. Selecteer alleen de items hieronder genoemd:

O20 - Winlogon Notify: iifgHBsQ - C:\WINDOWS\

O20 - Winlogon Notify: rqRLefCu - C:\WINDOWS\

Klik op 'Fix checked' om de items te verwijderen.

Download The Avenger en plaats het op je bureaublad:

Unzip het.

Start het programma door op avenger.exe te klikken.

In het venster "Input Script here", plak je het volgende (vetgedrukte):

Folders to delete:

C:\WINDOWS\system32\rqRLefCu.dll__DELETE_ON_REBOOT

Registry keys to delete:

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\iifgHBsQ

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\rqRLefCu

Klik daarna op de knop "Execute".

Avenger zal aangeven dat de computer gaat herstarten, sta dit toe.

Na nieuwe opstart opent een logfile (avenger.txt). Post de inhoud van de logfile, samen met een nieuw log van HJT. En weet ook eens te vertellen hoe het met de pop-ups gesteld staat ?

  • 1 maand later...
Geplaatst:

Bij gebrek aan reactie sluiten we dit onderwerp. Mocht je dit onderwerp toch nog terug willen openen, geef dan een seintje aan één van de moderators.

Gast
Dit topic is nu gesloten voor nieuwe reacties.
×
×
  • Nieuwe aanmaken...

Belangrijke informatie

We hebben cookies geplaatst op je toestel om deze website voor jou beter te kunnen maken. Je kunt de cookie instellingen aanpassen, anders gaan we er van uit dat het goed is om verder te gaan.