[OPGELOST] controle hjt logje

geoffke001 · 25 april 2008

wil er iemand mijn hjt logje controleren voor de zekerheid. soms gaat internet traag. ik weet niet zeker of de discussie hier past. sorry als hij verkeerd staat.

dank bij voorbaat

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 21:07:01, on 25-4-2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16640)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe

C:\Program Files\Eset\nod32krn.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\PnkBstrA.exe

C:\Program Files\Spyware Doctor\pctsAuxs.exe

C:\Program Files\Spyware Doctor\pctsSvc.exe

C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe

C:\Program Files\Spyware Doctor\pctsTray.exe

C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\alg.exe

C:\WINDOWS\RTHDCPL.EXE

C:\WINDOWS\system32\winsys2.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Program Files\Eset\nod32kui.exe

C:\Program Files\Creative\Shared Files\CAMTRAY.EXE

C:\Program Files\HighCriteria\TotalRecorder\TotRecSched.exe

C:\Program Files\Pinnacle\Shared Files\Programs\Remote\Remoterm.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe

C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\DAEMON Tools Lite\daemon.exe

C:\Program Files\Windows Live\Messenger\usnsvc.exe

C:\WINDOWS\system32\drwtsn32.exe

C:\WINDOWS\explorer.exe

C:\Program Files\Windows Media Player\wmplayer.exe

C:\Program Files\Spyware Doctor\pctsGui.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen

O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [skyTel] SkyTel.EXE

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [WinSys2] C:\WINDOWS\system32\winsys2.exe

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE

O4 - HKLM\..\Run: [Creative WebCam Tray] C:\Program Files\Creative\Shared Files\CAMTRAY.EXE

O4 - HKLM\..\Run: [TotalRecorderScheduler] "C:\Program Files\HighCriteria\TotalRecorder\TotRecSched.exe"

O4 - HKLM\..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg

O4 - HKLM\..\Run: [Pinnacle WebUpdater] "C:\Program Files\Pinnacle\Shared Files\Programs\WebUpdater\WebUpdater.exe" -s -f=UpdateVersion.xml -url=http://cdn.pinnaclesys.com/SupportFiles

O4 - HKLM\..\Run: [PMCRemote] C:\Program Files\Pinnacle\Shared Files\Programs\Remote\Remoterm.exe

O4 - HKLM\..\Run: [iSTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart17.exe

O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1206556990062

O20 - Winlogon Notify: vtutqrq - vtutqrq.dll (file missing)

O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe

O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe

O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe

O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe

--

End of file - 8222 bytes

kape · 26 april 2008

Op zich zit er niet veel fout in je log, maar er zijn wel tekenen van een besmetting. Maak voor alle zekerheid eens een log met Combofix.

Download Combofix en zet het op je Bureaublad.

Dubbelklik op Combofix.exe en volg de instructies, aanvaard de disclaimer door y te typen. Tijdens het runnen van de fix, NIET in het venster klikken, want dit zal je pc doen vasthangen.

Wanneer de fix voltooid is en na herstart, zal de log combofix.txt openen.

NOTA: Indien je virusscanner reageert met een melding van een scriptuitvoering, moet je dit toestaan.

Start Hijackthis op en kies voor 'Do a system scan only'. Selecteer alleen de items hieronder genoemd:

O20 - Winlogon Notify: vtutqrq - vtutqrq.dll (file missing)

Klik op 'Fix checked' om de items te verwijderen.

Hang het log van Combofix aan je volgende bericht.

geoffke001 · 26 april 2008

ComboFix 08-04-24.1 - Geoffrey 2008-04-26 10:54:49.1 - NTFSx86

Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1043.18.1498 [GMT 2:00]

Gestart vanuit: C:\Documents and Settings\Geoffrey\Bureaublad\ComboFix.exe

* Nieuw herstelpunt werd aangemaakt

* Resident AV is active

WAARSCHUWING - DE RECOVERY CONSOLE IS NIET OP DIT SYSTEEM GEINSTALLEERD !!

.

(((((((((((((((((((( Bestanden Gemaakt van 2008-03-26 to 2008-04-26 ))))))))))))))))))))))))))))))

.

2008-04-26 10:54 . 2008-04-26 10:54 1,024 --ah----- C:\WINDOWS\system32\config\systemprofile\ntuser.dat.LOG

2008-04-25 21:18 . 2008-04-26 10:46 <DIR> d-------- C:\Program Files\RSSoft

2008-04-25 21:03 . 2008-04-25 21:51 <DIR> dr-h----- C:\Documents and Settings\Geoffrey\Onlangs geopend

2008-04-25 20:27 . 2008-04-25 20:27 <DIR> d-------- C:\Program Files\Driver-Soft

2008-04-25 20:22 . 2008-04-25 20:27 <DIR> d-------- C:\Program Files\SpeedOptimizer

2008-04-25 19:57 . 2008-04-25 20:27 <DIR> d-------- C:\Program Files\DAP

2008-04-25 17:25 . 2008-04-25 17:25 1,160 --a------ C:\WINDOWS\mozver.dat

2008-04-25 16:48 . 2008-04-25 20:27 <DIR> d-------- C:\Downloads

2008-04-24 20:54 . 2008-04-25 20:27 <DIR> d-------- C:\Program Files\FlashGet

2008-04-24 20:40 . 2008-04-24 20:40 0 --a------ C:\WINDOWS\nsreg.dat

2008-04-24 20:39 . 2008-04-25 20:27 <DIR> d-------- C:\Program Files\Mozilla Firefox(2)

2008-04-24 19:36 . 2008-04-24 19:37 <DIR> d-------- C:\WINDOWS\system32\Adobe

2008-04-23 16:45 . 2008-04-23 16:45 <DIR> d-------- C:\Documents and Settings\Nizar Mix\Bureau

2008-04-23 16:45 . 2008-04-23 16:45 <DIR> d-------- C:\Documents and Settings\Nizar Mix

2008-04-23 16:36 . 2004-06-14 14:56 427,864 --a------ C:\WINDOWS\system32\XceedZip.dll

2008-04-23 13:38 . 2008-04-23 13:54 <DIR> d-------- C:\Program Files\eMule

2008-04-23 13:34 . 2008-04-23 13:36 <DIR> d-------- C:\Program Files\Ares

2008-04-23 13:29 . 2008-04-23 13:29 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kazaa

2008-04-23 13:27 . 2008-04-23 13:27 <DIR> d-------- C:\My Shared Folder

2008-04-22 21:05 . 2008-04-22 21:05 <DIR> d-------- C:\Documents and Settings\Geoffrey\Application Data\Kazaa Lite

2008-04-22 20:49 . 2008-04-25 22:40 <DIR> d-------- C:\Documents and Settings\Geoffrey\Application Data\SlimBrowser

2008-04-22 20:48 . 2008-04-22 20:53 <DIR> d-------- C:\Program Files\SlimBrowser

2008-04-21 19:34 . 2003-03-19 06:28 2,179,072 --------- C:\WINDOWS\system32\mfc71d.dll

2008-04-21 19:03 . 2008-04-21 19:03 3,598 --a------ C:\WINDOWS\system32\PerfStringBackup.TMP

2008-04-21 19:02 . 2008-04-21 19:02 <DIR> d-------- C:\Program Files\MSXML 6.0

2008-04-21 19:02 . 2008-04-21 19:02 <DIR> d-------- C:\Program Files\Microsoft.NET

2008-04-21 19:01 . 2008-04-21 19:04 <DIR> d-------- C:\Program Files\Microsoft SQL Server

2008-04-21 18:55 . 2008-04-22 19:08 <DIR> d-------- C:\Program Files\Team MediaPortal

2008-04-21 18:55 . 2008-04-22 19:09 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Team MediaPortal

2008-04-21 18:45 . 2008-04-21 18:45 <DIR> d-------- C:\Documents and Settings\Geoffrey\Application Data\WebCompiler3

2008-04-20 21:03 . 2008-04-20 21:03 <DIR> d-------- C:\Program Files\Switch Off

2008-04-20 16:43 . 2008-04-20 16:43 <DIR> d-------- C:\Program Files\DAEMON Tools Lite

2008-04-20 16:35 . 2008-04-20 16:35 <DIR> d-------- C:\Documents and Settings\Geoffrey\Application Data\DAEMON Tools

2008-04-20 16:35 . 2008-04-20 16:35 717,296 --a------ C:\WINDOWS\system32\drivers\sptd.sys

2008-04-20 14:25 . 2008-04-21 18:35 <DIR> d-------- C:\Program Files\ChrisTV PVR

2008-04-20 14:25 . 2007-04-16 17:54 1,376 --a------ C:\WINDOWS\system32\xvida32z.dll

2008-04-18 18:57 . 2008-04-18 18:57 <DIR> d-------- C:\Program Files\XP Smoker

2008-04-16 17:26 . 2008-04-16 17:26 <DIR> d-------- C:\Program Files\MSXML 4.0

2008-04-16 17:25 . 2008-04-16 17:25 <DIR> d-------- C:\Program Files\Pinnacle

2008-04-16 17:25 . 2003-03-19 07:20 1,060,864 --------- C:\WINDOWS\system32\MFC71.dll

2008-04-16 17:25 . 2003-03-19 08:12 1,047,552 --------- C:\WINDOWS\system32\MFC71u.dll

2008-04-16 17:25 . 2002-01-05 13:40 487,424 --------- C:\WINDOWS\system32\MSVCP70.DLL

2008-04-16 17:25 . 2004-07-23 09:00 446,464 --------- C:\WINDOWS\system32\HHActiveX.dll

2008-04-16 17:25 . 2003-03-19 06:05 89,088 --------- C:\WINDOWS\system32\atl71.dll

2008-04-16 17:24 . 2008-04-16 17:24 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Pinnacle

2008-04-15 20:24 . 2008-04-20 20:32 <DIR> d-------- C:\Program Files\All Video Converter

2008-04-15 19:31 . 2008-04-15 19:33 <DIR> d-------- C:\Program Files\Total Video Converter

2008-04-15 18:00 . 2008-04-15 18:02 <DIR> d-------- C:\Documents and Settings\Geoffrey\Application Data\DivX

2008-04-15 17:34 . 2008-04-15 17:40 <DIR> d-------- C:\divx

2008-04-15 17:29 . 2008-04-23 17:05 <DIR> d-------- C:\Program Files\DivX

2008-04-14 19:08 . 2008-04-18 21:41 <DIR> d-------- C:\Program Files\Zattoo

2008-04-11 19:53 . 2008-04-11 19:53 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF

2008-04-11 19:53 . 2008-04-15 17:50 <DIR> d-------- C:\Program Files\Windows Media Connect 2

2008-04-10 20:59 . 2008-04-10 20:59 <DIR> d-------- C:\Program Files\Common Files\Adobe

2008-04-10 19:19 . 2008-04-10 19:19 <DIR> d-------- C:\Documents and Settings\Geoffrey\Application Data\Apple Computer

2008-04-10 19:18 . 2008-04-10 19:18 <DIR> d-------- C:\Program Files\Apple Software Update

2008-04-10 19:17 . 2008-04-10 19:17 <DIR> d-------- C:\Program Files\Common Files\Apple

2008-04-10 19:17 . 2008-04-10 19:17 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple

2008-04-10 19:11 . 2008-04-10 19:32 <DIR> d-------- C:\Program Files\QuickTime

2008-04-09 18:21 . 2008-04-14 19:17 <DIR> d-------- C:\Program Files\Ashampoo

2008-04-09 18:20 . 2008-04-15 20:52 484,352 ---hs---- C:\Program Files\Common Files\mscom.dll

2008-04-09 18:20 . 2008-04-09 18:20 259,072 ---hs---- C:\Program Files\Common Files\mscome.exe

2008-04-09 18:20 . 2008-04-15 17:14 20,480 ---hs---- C:\Program Files\Common Files\smsse.exe

2008-04-09 16:57 . 2008-04-09 16:57 <DIR> d-------- C:\Program Files\Lavalys

2008-04-08 20:16 . 2008-04-08 20:16 1,432 --a------ C:\WINDOWS\cgwpf32.ini

2008-04-08 17:38 . 2008-04-08 17:46 <DIR> d-------- C:\Program Files\AutoCAD 2007

2008-04-08 17:38 . 2008-04-08 17:39 <DIR> d-------- C:\Program Files\AnswerWorks 4.0

2008-04-08 17:38 . 2008-04-24 17:45 <DIR> d-------- C:\Documents and Settings\Geoffrey\Application Data\Autodesk

2008-04-08 17:38 . 2008-04-08 17:38 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Autodesk

2008-04-08 17:36 . 2008-04-08 17:39 <DIR> d-------- C:\Program Files\Common Files\Autodesk Shared

2008-04-08 17:36 . 2008-04-08 17:36 <DIR> d-------- C:\Program Files\Autodesk

2008-04-06 17:34 . 2008-04-06 17:34 <DIR> d-------- C:\Program Files\GameSpy

2008-04-06 17:33 . 2008-04-06 17:33 <DIR> d-------- C:\WINDOWS\system32\URTTEMP

2008-04-06 17:30 . 2008-04-06 17:30 669,184 --a------ C:\WINDOWS\system32\pbsvc.exe

2008-04-06 17:22 . 2008-04-06 17:22 <DIR> d-------- C:\Program Files\Electronic Arts

2008-04-06 17:11 . 2008-04-18 20:56 <DIR> d-------- C:\Program Files\The All-Seeing Eye

2008-04-06 16:33 . 2008-04-06 16:33 <DIR> d-------- C:\Documents and Settings\Geoffrey\Application Data\Media Player Classic

2008-04-06 14:38 . 2008-04-06 14:38 <DIR> d-------- C:\Program Files\K-Lite Codec Pack

2008-04-06 14:30 . 2008-04-06 14:30 <DIR> d-------- C:\Program Files\AviSynth 2.5

2008-04-06 14:30 . 2008-04-06 14:30 <DIR> d-------- C:\Program Files\AC3Filter

2008-04-06 14:30 . 2007-08-18 09:54 380,928 --a------ C:\WINDOWS\system32\ac3filter.acm

2008-04-04 20:12 . 2008-04-04 20:12 <DIR> d-------- C:\Program Files\AMD

2008-04-04 20:12 . 2007-06-29 14:47 34,304 --a------ C:\WINDOWS\system32\drivers\AmdLLD.sys

2008-04-04 19:21 . 2008-04-20 16:09 <DIR> d-------- C:\Documents and Settings\Geoffrey\Application Data\Azureus

2008-04-04 19:21 . 2008-04-04 19:21 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Azureus

2008-04-04 19:20 . 2008-04-04 19:34 <DIR> d-------- C:\Program Files\Azureus

2008-04-03 18:28 . 2008-04-03 18:28 0 --ah----- C:\Documents and Settings\NetworkService\NTUSER.DAT_TU_49324.LOG

2008-04-03 18:28 . 2008-04-03 18:28 0 --ah----- C:\Documents and Settings\LocalService\NTUSER.DAT_TU_13506.LOG

2008-04-03 18:28 . 2008-04-03 18:28 0 --ah----- C:\Documents and Settings\Geoffrey\NTUSER.DAT_TU_54941.LOG

2008-04-03 13:12 . 2008-04-03 13:13 <DIR> d-------- C:\Wallpapers

2008-04-03 01:26 . 2008-04-03 01:26 41,296 --a------ C:\WINDOWS\system32\xfcodec.dll

2008-04-02 18:45 . 2008-04-11 17:29 <DIR> d-------- C:\Program Files\TuneUp Utilities 2008

2008-04-02 18:45 . 2008-04-02 18:45 <DIR> d-------- C:\Documents and Settings\Geoffrey\Application Data\TuneUp Software

2008-04-02 18:45 . 2008-04-02 18:45 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\TuneUp Software

2008-04-02 18:45 . 2008-04-02 18:45 307,968 --a------ C:\WINDOWS\system32\TuneUpDefragService.exe

2008-04-02 18:45 . 2008-02-27 13:15 28,416 --a------ C:\WINDOWS\system32\uxtuneup.dll

2008-04-02 18:44 . 2008-04-02 18:44 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard

2008-04-02 11:35 . 2008-04-02 11:35 <DIR> d-------- C:\AudioConverter

2008-04-02 11:04 . 2006-05-11 10:48 106,496 --a------ C:\WINDOWS\system32\DrvTrNTl.dll

2008-04-02 11:04 . 2006-05-17 21:53 54,272 --a------ C:\WINDOWS\system32\DrvTrNTm.dll

2008-04-02 10:15 . 2008-04-02 10:15 <DIR> d-------- C:\Program Files\HighCriteria

2008-04-02 10:06 . 2008-04-02 10:06 <DIR> d-------- C:\Program Files\XAudioTools

2008-04-02 10:06 . 2002-04-09 23:13 1,093,632 --a------ C:\WINDOWS\system32\NCTAudioFile.dll

2008-04-02 10:06 . 2000-05-21 19:00 608,448 --a------ C:\WINDOWS\system32\comctl32.ocx

2008-04-02 10:06 . 1998-06-23 04:00 525,352 --a------ C:\WINDOWS\system32\Dbgrid32.ocx

2008-04-02 10:06 . 2002-04-03 19:47 356,352 --a------ C:\WINDOWS\system32\NCTWMAFile.dll

2008-04-02 10:06 . 2000-10-24 12:12 352,256 --a------ C:\WINDOWS\system32\ActiveSkin.ocx

2008-04-02 10:06 . 2002-04-03 19:43 274,432 --a------ C:\WINDOWS\system32\NCTAudioPlayer.dll

2008-04-02 10:06 . 2002-04-03 19:43 270,336 --a------ C:\WINDOWS\system32\NCTAudioRecord.dll

2008-04-02 10:06 . 2006-01-13 11:48 166,912 --------- C:\WINDOWS\system32\lame_enc.dll

2008-04-01 19:25 . 2008-04-01 19:25 <DIR> d-------- C:\Program Files\CCleaner

2008-04-01 12:43 . 2008-04-02 11:36 399 --a------ C:\WINDOWS\AudioConverter.INI

2008-04-01 12:33 . 2003-09-10 16:36 499,712 --------- C:\WINDOWS\system32\msvcp71.dll

2008-04-01 11:38 . 2008-04-12 07:43 <DIR> d-------- C:\Program Files\MP3Gain

2008-04-01 11:09 . 2008-04-01 11:09 <DIR> d-------- C:\Downloaded Videos

2008-04-01 11:08 . 2005-08-27 03:38 1,435,272 --a------ C:\WINDOWS\system32\Flash.ocx

2008-04-01 11:08 . 2004-03-09 00:00 131,856 --a------ C:\WINDOWS\system32\MSADODC.ocx

2008-04-01 11:08 . 2000-07-15 06:00 101,888 --a------ C:\WINDOWS\system32\VB6STKIT.DLL

2008-04-01 11:00 . 2008-04-01 11:03 <DIR> d-------- C:\Program Files\YouTube Downloader

2008-04-01 10:37 . 2008-04-01 10:37 <DIR> d-------- C:\Documents and Settings\Geoffrey\Application Data\Creative

2008-04-01 10:37 . 2004-03-08 23:00 662,288 --a------ C:\WINDOWS\system32\MSCOMCT2.OCX

2008-04-01 10:37 . 1999-10-11 03:00 41,984 --------- C:\WINDOWS\Ctregrun.exe

2008-04-01 10:30 . 2008-04-02 11:25 <DIR> d-------- C:\Program Files\Creative

2008-03-31 23:25 . 2008-03-31 23:25 831,488 --a------ C:\WINDOWS\system32\divx_xx0a.dll

2008-03-31 23:25 . 2008-03-31 23:25 161,096 --a------ C:\WINDOWS\system32\DivXCodecVersionChecker.exe

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-04-18 16:57 25,366 ----a-w C:\WINDOWS\system32\tcpipbak.reg

2008-04-16 15:25 --------- d--h--w C:\Program Files\InstallShield Installation Information

2008-04-01 11:41 --------- d-----w C:\Program Files\Common Files\InstallShield

2008-03-26 16:37 --------- d-----w C:\Documents and Settings\Geoffrey\Application Data\ESET

2008-03-26 16:37 --------- d-----w C:\Documents and Settings\All Users\Application Data\ESET

2008-03-26 16:31 315,392 ----a-w C:\WINDOWS\HideWin.exe

2008-03-26 16:31 --------- d-----w C:\Program Files\Realtek

2008-03-26 16:30 --------- d-----w C:\Documents and Settings\Geoffrey\Application Data\InstallShield

2008-03-26 16:29 --------- d-----w C:\Program Files\DIFX

2008-03-26 16:13 --------- d-----w C:\Program Files\microsoft frontpage

2008-03-21 20:30 9,464 ------w C:\WINDOWS\system32\drivers\cdralw2k.sys

2008-03-21 20:30 9,336 ------w C:\WINDOWS\system32\drivers\cdr4_xp.sys

2008-03-21 20:30 43,528 ------w C:\WINDOWS\system32\drivers\PxHelp20.sys

2008-03-21 20:30 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll

2008-03-21 20:30 129,784 ------w C:\WINDOWS\system32\pxafs.dll

2008-03-21 20:30 120,056 ------w C:\WINDOWS\system32\pxcpyi64.exe

2008-03-21 20:30 118,520 ------w C:\WINDOWS\system32\pxinsi64.exe

2008-03-21 20:30 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll

2008-03-21 20:28 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll

2008-03-21 20:28 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll

2008-03-21 20:28 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll

2008-03-20 08:10 1,845,376 ----a-w C:\WINDOWS\system32\win32k.sys

2008-03-05 15:03 479,752 ----a-w C:\WINDOWS\system32\XAudio2_0.dll

2008-03-05 15:03 238,088 ----a-w C:\WINDOWS\system32\xactengine3_0.dll

2008-03-05 15:00 25,608 ----a-w C:\WINDOWS\system32\X3DAudio1_3.dll

2008-03-05 14:56 3,786,760 ----a-w C:\WINDOWS\system32\D3DX9_37.dll

2008-03-05 14:56 1,420,824 ----a-w C:\WINDOWS\system32\D3DCompiler_37.dll

2008-03-04 10:33 7,680 ----a-w C:\WINDOWS\system32\ff_vfw.dll

2008-03-01 13:05 826,368 ----a-w C:\WINDOWS\system32\wininet.dll

2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll

2008-02-20 05:39 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll

2008-02-05 22:07 462,864 ----a-w C:\WINDOWS\system32\d3dx10_37.dll

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

REGEDIT4

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2006-03-02 14:00 15360]

"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 12:34 5724184]

"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-06-01 14:32 94208]

"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 18:24 1694208]

"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-04-02 10:18 68856]

"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [2008-04-01 11:39 486856]

"Red Swoosh"="C:\Program Files\RSSoft\RedSwoosh.exe" [2007-02-27 03:30 62436]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RTHDCPL"="RTHDCPL.EXE" [2007-01-30 12:54 16116224 C:\WINDOWS\RTHDCPL.exe]

"SkyTel"="SkyTel.EXE" [2006-05-16 12:04 2879488 C:\WINDOWS\SkyTel.exe]

"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-04-12 17:44 8429568]

"nwiz"="nwiz.exe" [2007-04-12 17:44 1626112 C:\WINDOWS\system32\nwiz.exe]

"WinSys2"="C:\WINDOWS\system32\winsys2.exe" [2006-12-15 04:59 217088]

"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-04-12 17:44 81920]

"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 17:40 155648]

"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2008-03-27 22:03 949376]

"Creative WebCam Tray"="C:\Program Files\Creative\Shared Files\CAMTRAY.EXE" [2004-04-29 10:59 245760]

"TotalRecorderScheduler"="C:\Program Files\HighCriteria\TotalRecorder\TotRecSched.exe" [2006-05-12 01:32 86016]

"amd_dc_opt"="C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2007-07-23 11:06 77824]

"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]

"PinnacleDriverCheck"="C:\WINDOWS\system32\PSDrvCheck.exe" [2003-11-10 17:06 406016]

"Pinnacle WebUpdater"="C:\Program Files\Pinnacle\Shared Files\Programs\WebUpdater\WebUpdater.exe" [2006-06-08 09:40 385024]

"PMCRemote"="C:\Program Files\Pinnacle\Shared Files\Programs\Remote\Remoterm.exe" [2006-06-08 09:40 90112]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2006-03-02 14:00 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"VIDC.XFR1"= xfcodec.dll

"mixer"= DrvTrNTm.dll

"wave"= DrvTrNTm.dll

"msacm.ac3filter"= ac3filter.acm

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"C:\\WINDOWS\\system32\\PnkBstrA.exe"=

"C:\\WINDOWS\\system32\\PnkBstrB.exe"=

"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"C:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=

"C:\\Program Files\\Xfire\\xfire.exe"=

"C:\\Program Files\\Azureus\\Azureus.exe"=

"C:\\WINDOWS\\system32\\ftp.exe"=

"C:\\Program Files\\Activision\\Call of Duty 2\\CoD2MP_s.exe"=

"C:\\Program Files\\The All-Seeing Eye\\eye.exe"=

"C:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\Crysis.exe"=

"C:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\CrysisDedicatedServer.exe"=

"C:\\Program Files\\Internet Explorer\\iexplore.exe"=

"C:\\Program Files\\Ares\\Ares.exe"=

"C:\\Program Files\\eMule\\emule.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"9420:TCP"= 9420:TCP:Red Swoosh

"5000:UDP"= 5000:UDP:Red Swoosh

R2 SQLWriter;SQL Server VSS Writer;"C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe" [2007-02-10 05:29]

R2 UxTuneUp;TuneUp Thema-uitbreiding;C:\WINDOWS\System32\svchost.exe [2006-03-02 14:00]

R3 3xHybrid;Pinnacle PCTV 110i service;C:\WINDOWS\system32\DRIVERS\3xHybrid.sys [2005-09-01 11:50]

S3 SetupNTGLM7X;SetupNTGLM7X;D:\NTGLM7X.sys []

S3 TuneUp.Defrag;TuneUp Drive Defrag Service;C:\WINDOWS\System32\TuneUpDefragService.exe [2008-04-02 18:45]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs

UxTuneUp

*Newly Created Service* - CATCHME

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{F62g62BC-4266-43f0-B6ED-9D76C4202C7E}]

C:\Program Files\Common Files\mscome.exe

.

Inhoud van de 'Gedeelde Taken' map

"2008-04-10 17:18:23 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"

- C:\Program Files\Apple Software Update\SoftwareUpdate.exe

"2008-04-26 08:46:03 C:\WINDOWS\Tasks\Easy Onderhoud.job"

- C:\Program Files\TuneUp Utilities 2008\OneClickStarter.exe

.

**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-04-26 10:57:31

Windows 5.1.2600 Service Pack 2 NTFS

scannen van verborgen processen ...

scannen van verborgen autostart items ...

scannen van verborgen bestanden ...

Scan succesvol afgerond

verborgen bestanden: 0

**************************************************************************

.

--------------------- DLLs Geladen Onder Lopende Processen ---------------------

PROCESS: C:\WINDOWS\system32\lsass.exe

-> C:\Program Files\Eset\pr_imon.dll

.

Voltooingstijd: 2008-04-26 10:58:17

ComboFix-quarantined-files.txt 2008-04-26 08:58:06

ComboFix2.txt 2008-03-28 09:28:00

Pre-Run: 47,908,442,112 bytes beschikbaar

Post-Run: 48,052,199,424 bytes beschikbaar

264 --- E O F --- 2008-04-22 19:09:44

kape · 27 april 2008

Deze twee vetgedrukte bestanden (indien nog aanwezig), mag je verwijderen via Windows Verkenner.

C:\WINDOWS\cgwpf32.ini

C:\WINDOWS\system32\PerfStringBackup.TMP

Maar dat zal het zo wat zijn.

Als je dit achter de rug hebt mag je Combofix verwijderen via Start -> Uitvoeren en typ: combofix /u

Combofix wordt verwijderd en een nieuw systeemherstelpunt wordt aangemaakt.

kape · 2 augustus 2009

Wegens gebrek aan reactie wordt dit topic afgesloten. Wil je dit onderwerp opnieuw openen, neem dan contact op met één van de moderatoren.

Inloggen

[OPGELOST] controle hjt logje

Aanbevolen berichten

geoffke001

Link naar reactie

Delen op andere sites

kape

Link naar reactie

Delen op andere sites

geoffke001

Link naar reactie

Delen op andere sites

kape

Link naar reactie

Delen op andere sites

kape

Link naar reactie

Delen op andere sites

Welkom op PC Helpforum

Leden statistieken

OVER ONS

SITEMAP

Home

Info

Handleidingen & Tips

Activiteit

Belangrijke informatie