Ga naar inhoud

[OPGELOST] hijackthis log


Aanbevolen berichten

kan er iemand controleren als alles in orde is, want heb problemen had met een zwaar virus. alvast bedankt!

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 17:08:11, on 10/05/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Sygate\SPF\smc.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Eset\nod32krn.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Program Files\Eset\nod32kui.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\WINDOWS\system32\rundll32.exe

C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

C:\Program Files\SpywareGuard\sgmain.exe

C:\Program Files\Telenet EasyCare\bin\mpbtn.exe

C:\Program Files\SpywareGuard\sgbhp.exe

C:\WINDOWS\explorer.exe

C:\WINDOWS\system32\notepad.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

C:\Program Files\Windows Live\Messenger\usnsvc.exe

C:\Program Files\Internet Explorer\iexplore.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;*.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll

O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll

O4 - HKLM\..\Run: [smcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [iSTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"

O4 - HKLM\..\RunOnce: [wextract_cleanup0] rundll32.exe C:\WINDOWS\system32\advpack.dll,DelNodeRunDLL32 "C:\DOCUME~1\user\LOCALS~1\Temp\IXP000.TMP\"

O4 - HKLM\..\RunOnce: [spybot - Search & Destroy] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe

O4 - Global Startup: Telenet EasyCare.lnk = C:\Program Files\Telenet EasyCare\bin\matcli.exe

O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: Easy-WebPrint Afdrukken - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html

O8 - Extra context menu item: Easy-WebPrint Afdrukvoorbeeld - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html

O8 - Extra context menu item: Easy-WebPrint Toevoegen aan afdruklijst - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html

O8 - Extra context menu item: Easy-WebPrint Versneld afdrukken - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O14 - IERESET.INF: START_PAGE_URL=www.google.be

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab

O16 - DPF: {3E90FFF5-1347-45B9-91F6-DA47926E9697} (PlaNet SysInfo Agent) - http://www.telenet.be/sys/tisp/ocx/PlaNetSysInfo.cab

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by109fd.bay109.hotmail.msn.com/resources/MsnPUpld.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1159107806500

O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab

O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab

O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} (Java Plug-in 1.6.0_01) -

O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} (Java Plug-in 1.6.0_02) -

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: Machine Debug Manager (MDM) - Unknown owner - C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE (file missing)

O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe

O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

--

End of file - 7592 bytes

Link naar reactie
Delen op andere sites

  • Reacties 21
  • Aangemaakt
  • Laatste reactie

Beste reacties in dit topic

Dit mag weg uit je logje.

Start Hijackthis op en kies voor 'Do a system scan only'. Selecteer alleen de items hieronder genoemd:

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

O4 - HKLM\..\RunOnce: [wextract_cleanup0] rundll32.exe C:\WINDOWS\system32\advpack.dll,DelNodeRunDLL32 "C:\DOCUME~1\user\LOCALS~1\Temp\IXP000.TMP\"

Klik op 'Fix checked' om de items te verwijderen.

Heb je verder nog problemen ?

Link naar reactie
Delen op andere sites

hier mijn combofixlog:

ComboFix 08-05-09.1 - user 2008-05-10 16:34:38.1 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1043.18.101 [GMT 2:00]

Gestart vanuit: C:\Documents and Settings\user\Bureaublad\ComboFix.exe

* Nieuw herstelpunt werd aangemaakt

* Resident AV is active

WAARSCHUWING - DE RECOVERY CONSOLE IS NIET OP DIT SYSTEEM GEINSTALLEERD !!

.

ADS - svchost.exe: deleted 68 bytes in 1 streams.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\WINDOWS\pskt.ini

C:\WINDOWS\system32\akqjjlby.dll

C:\WINDOWS\system32\bchpqkev.ini

C:\WINDOWS\system32\eddgoqpx.ini

C:\WINDOWS\system32\eddgoqpx.ini2

C:\WINDOWS\system32\efgywfmh.ini

C:\WINDOWS\system32\efgywfmh.ini2

C:\WINDOWS\system32\egPrrqru.ini

C:\WINDOWS\system32\egPrrqru.ini2

C:\WINDOWS\system32\LorrAJlm.ini

C:\WINDOWS\system32\LorrAJlm.ini2

C:\WINDOWS\system32\lymgdtqr.ini

C:\WINDOWS\system32\mcrh.tmp

C:\WINDOWS\system32\sultvprk.dll

C:\WINDOWS\system32\urqNgffg.dll

C:\WINDOWS\system32\urqrrPge.dll

C:\WINDOWS\system32\xbqgqiew.ini

C:\WINDOWS\system32\xxywXRii.dll

C:\WINDOWS\system32\ybljjqka.ini

C:\WINDOWS\system32\YFPorBeg.ini

C:\WINDOWS\system32\YFPorBeg.ini2

C:\WINDOWS\system32\yghlcvqp.ini

C:\WINDOWS\system32\yoetewxd.ini

C:\WINDOWS\system32\yoetewxd.ini2

.

(((((((((((((((((((( Bestanden Gemaakt van 2008-04-10 to 2008-05-10 ))))))))))))))))))))))))))))))

.

2008-05-10 16:19 . 2008-03-25 02:37 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl

2008-05-10 16:15 . 2008-05-10 16:15 <DIR> d-------- C:\Program Files\Common Files\Java

2008-05-10 13:49 . 2008-05-10 13:49 2,112 --a------ C:\WINDOWS\system32\cwqrohjo.exe

2008-05-10 13:42 . 2008-05-10 13:42 2,112 --a------ C:\WINDOWS\system32\njllouns.exe

2008-05-10 12:43 . 2008-05-10 15:42 <DIR> dr-h----- C:\Documents and Settings\user\Onlangs geopend

2008-05-10 12:14 . 2008-05-10 12:14 2,112 --a------ C:\WINDOWS\system32\vagwtevk.exe

2008-05-10 12:13 . 2008-05-10 12:13 100,416 --------- C:\WINDOWS\system32\pcisnklf.dll_old

2008-05-10 12:13 . 2008-05-10 12:13 91,712 --------- C:\WINDOWS\system32\rqtdgmyl.dll_old

2008-05-10 10:26 . 2008-05-10 10:26 2,112 --a------ C:\WINDOWS\system32\qdqdnegn.exe

2008-05-10 10:20 . 2008-05-10 10:20 2,112 --a------ C:\WINDOWS\system32\vuigciwk.exe

2008-05-10 10:17 . 2008-05-10 10:17 277,504 --------- C:\WINDOWS\system32\geBroPFY.dll_old

2008-05-09 15:59 . 2008-05-09 15:59 2,112 --a------ C:\WINDOWS\system32\myrwfrjp.exe

2008-05-09 14:26 . 2008-05-09 14:26 2,112 --a------ C:\WINDOWS\system32\nlohvqmn.exe

2008-05-09 14:24 . 2008-05-10 16:25 109,807 --a------ C:\WINDOWS\BMbf19ea25.xml

2008-05-08 18:43 . 2008-05-10 10:52 51,355 --a------ C:\WINDOWS\system32\muzika.xm

2008-05-08 16:17 . 2008-05-08 19:29 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP

2008-05-06 23:47 . 2008-05-06 23:47 54,156 --ah----- C:\WINDOWS\QTFont.qfn

2008-05-06 23:47 . 2008-05-06 23:47 1,409 --a------ C:\WINDOWS\QTFont.for

2008-05-06 18:01 . 2008-05-06 18:01 <DIR> d-------- C:\Documents and Settings\user\Application Data\Pegasys Inc

2008-05-03 19:42 . 2008-05-06 19:31 <DIR> d-------- C:\divx

2008-05-03 19:40 . 2008-05-03 22:17 <DIR> d-------- C:\Documents and Settings\user\Application Data\DivX

2008-05-03 19:35 . 2008-05-06 17:59 <DIR> d-------- C:\Program Files\DivX

2008-05-03 19:35 . 2007-11-30 00:30 120,056 --------- C:\WINDOWS\system32\pxcpyi64.exe

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-05-10 14:19 --------- d-----w C:\Program Files\Java

2008-05-10 13:54 --------- d-----w C:\Documents and Settings\user\Application Data\uTorrent

2008-05-10 12:46 --------- d-----w C:\Program Files\Soulseek

2008-05-10 10:48 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy

2008-05-09 14:09 --------- d-----w C:\Program Files\SpywareGuard

2008-05-08 17:52 --------- d-----w C:\Program Files\Trend Micro

2008-05-08 17:44 --------- d--h--w C:\Program Files\InstallShield Installation Information

2008-05-08 17:41 --------- d-----w C:\Program Files\Webteh

2008-05-08 17:41 --------- d-----w C:\Documents and Settings\user\Application Data\BSplayer

2008-05-08 14:09 --------- d-----w C:\Program Files\Lavasoft

2008-05-08 14:04 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft

2008-05-08 13:50 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard

2008-05-03 14:28 --------- d-----w C:\Documents and Settings\All Users\Application Data\nView_Profiles

2008-04-23 13:55 --------- d-----w C:\Program Files\Winamp

2008-03-21 08:23 --------- d-----w C:\Documents and Settings\user\Application Data\AccurateRip

2008-03-21 08:01 --------- d-----w C:\Program Files\iTunes

2008-03-21 08:01 --------- d-----w C:\Program Files\iPod

2008-03-21 07:59 --------- d-----w C:\Program Files\QuickTime

2008-03-21 07:59 --------- d-----w C:\Program Files\Bonjour

2008-03-21 07:58 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer

2008-03-21 07:57 --------- d-----w C:\Program Files\Apple Software Update

2008-03-21 07:56 --------- d-----w C:\Program Files\Common Files\Apple

2008-03-21 07:56 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple

2008-03-21 07:33 --------- d-----w C:\Program Files\Illustrate

2008-02-27 16:42 691,545 ----a-w C:\WINDOWS\unins000.exe

2007-09-10 14:42 87,608 ----a-w C:\Documents and Settings\user\Application Data\inst.exe

2007-09-10 14:42 47,360 ----a-w C:\Documents and Settings\user\Application Data\pcouffin.sys

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

REGEDIT4

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{00B24A31-527C-4827-A6BA-E79FA17A1B95}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0F5E9CA7-A273-4A1A-893A-DB9BE5D94543}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{271AE199-6A99-4EB7-A112-029271B3F228}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{28BD1860-4C41-4F96-AAAC-B2FB8373BB33}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2AFC5FA1-2721-4479-91C8-1B0D09FF4DBD}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{348F9E5C-4647-436E-A395-F4BDF4286F56}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6029CD72-1BDC-45DB-A78D-F08621140487}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{81787365-563B-4886-947F-09550D64967C}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B3102264-D09D-4322-B625-503FBF18DD7E}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C3A8B9EC-5375-490E-B1FD-65C77B844FE2}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D475293C-D49D-4FE1-ACE7-D14AD1CF97EB}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 02:03 15360]

"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 12:43 2097488]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SmcService"="C:\PROGRA~1\Sygate\SPF\smc.exe" [2004-10-15 19:40 2577632]

"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-10-04 18:14 8491008]

"nwiz"="nwiz.exe" [2007-10-04 18:14 1626112 C:\WINDOWS\system32\nwiz.exe]

"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2007-12-30 20:25 949376]

"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-10-04 18:14 81920]

"ISTray"="C:\Program Files\Spyware Doctor\pctsTray.exe" [ ]

"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 04:28 144784]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

"wextract_cleanup0"="C:\WINDOWS\system32\advpack.dll" [2004-08-04 02:03 100864]

"Spybot - Search & Destroy"="C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" [2008-01-28 12:43 5146448]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 02:03 15360]

C:\Documents and Settings\user\Menu Start\Programma's\Opstarten\

SpywareGuard.lnk - C:\Program Files\SpywareGuard\sgmain.exe [2003-08-29 19:05:35 360448]

C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\

Telenet EasyCare.lnk - C:\Program Files\Telenet EasyCare\bin\matcli.exe [2007-08-31 09:29:50 217088]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\xxywXRii]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"VIDC.I420"= i420vfw.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Logitech Desktop Messenger.lnk]

backup=C:\WINDOWS\pss\Logitech Desktop Messenger.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^user^Menu Start^Programma's^Opstarten^Adobe Gamma.lnk]

backup=C:\WINDOWS\pss\Adobe Gamma.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^user^Menu Start^Programma's^Opstarten^Anapod Manager.lnk]

[HKLM\~\startupfolder\C:^Documents and Settings^user^Menu Start^Programma's^Opstarten^MagicDisc.lnk]

backup=C:\WINDOWS\pss\MagicDisc.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

--a------ 2007-10-10 20:51 39792 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AudioDeck]

--a------ 2005-03-04 08:20 512000 C:\Program Files\VIAudioi\SBADeck\ADeck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent DNA]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]

--a------ 2007-08-29 17:09 171464 C:\Program Files\DAEMON Tools\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools-1033]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISTray]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]

C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]

--a------ 2005-02-16 16:15 81920 C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

--a------ 2008-02-19 14:10 267048 C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KAVPersonal50]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechGalleryRepair]

--a------ 2002-12-10 19:32 155648 C:\Program Files\Logitech\ImageStudio\ISStart.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechImageStudioTray]

--a------ 2002-12-10 19:31 61440 C:\Program Files\Logitech\ImageStudio\LogiTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MessengerPlus3]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Motive SmartBridge]

--a------ 2006-04-21 15:41 438359 C:\PROGRA~1\TELENE~1\SMARTB~1\MotiveSB.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]

--a------ 2004-10-13 18:24 1694208 C:\Program Files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

--a------ 2001-07-09 10:50 155648 C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OpwareSE4]

--a------ 2006-10-11 12:45 75304 C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]

--a------ 2007-04-09 14:23 200704 C:\Program Files\PowerISO\PWRISOVM.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

--a------ 2008-02-01 00:13 385024 C:\Program Files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RaidTool]

-ra------ 2005-11-23 04:12 1060864 C:\Program Files\VIA\RAID\raid_tool.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RegistryMechanic]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite]

-ra------ 2005-10-26 18:17 159744 C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]

--a------ 2006-09-28 13:16 185896 C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]

--a------ 2007-11-19 13:58 185896 C:\Program Files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\User Enc Proc Curb]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]

--a------ 2007-10-10 07:28 36352 C:\Program Files\Winamp\winampa.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]

--a------ 2006-04-03 18:12 777424 C:\Program Files\Windows Defender\MSASCui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ZSScheduler]

C:\Program Files\FBM Software\ZeroSpyware\ZSScheduler.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"svcWRSSSDK"=2 (0x2)

"SDhelper"=3 (0x3)

"iPodService"=3 (0x3)

"Adobe LM Service"=3 (0x3)

"Bonjour Service"=2 (0x2)

"Apple Mobile Device"=2 (0x2)

"aawservice"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"C:\\Program Files\\Soulseek\\slsk.exe"=

"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=

"C:\\Program Files\\Microsoft Games\\Age of Mythology\\aom.exe"=

"C:\\WINDOWS\\system32\\dpvsetup.exe"=

"C:\\WINDOWS\\system32\\rundll32.exe"=

"C:\\Program Files\\Ahead\\Nero ShowTime\\ShowTime.exe"=

"C:\\Program Files\\uTorrent\\uTorrent.exe"=

"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"C:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"3724:TCP"= 3724:TCP:Blizzard Downloader

"6112:TCP"= 6112:TCP:Blizzard Downloader

S0 stwlfbus;stwlfbus;C:\WINDOWS\system32\DRIVERS\stwlfbus.sys []

S3 iatmunin;iatmunin;C:\DOCUME~1\user\LOCALS~1\Temp\iatmunin.sys []

S3 k600bus;Sony Ericsson 600i driver (WDM);C:\WINDOWS\system32\DRIVERS\k600bus.sys [2005-03-04 19:08]

S3 k600mdfl;Sony Ericsson 600i USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\k600mdfl.sys [2005-03-04 19:11]

S3 k600mdm;Sony Ericsson 600i USB WMC Modem Drivers;C:\WINDOWS\system32\DRIVERS\k600mdm.sys [2005-03-04 19:11]

S3 k600mgmt;Sony Ericsson 600i USB WMC Device Management Drivers;C:\WINDOWS\system32\DRIVERS\k600mgmt.sys [2005-03-04 19:13]

S3 k600obex;Sony Ericsson 600i USB WMC OBEX Interface Drivers;C:\WINDOWS\system32\DRIVERS\k600obex.sys [2005-03-04 19:15]

S3 MA_CMIDI;%EVOL_USB.SvcDesc%;C:\WINDOWS\system32\drivers\ma_cmidi.sys []

S3 st3wolf;st3wolf;C:\WINDOWS\system32\DRIVERS\st3wolf.sys []

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{30785b76-838d-11dc-9956-003018ffffff}]

\Shell\AutoRun\command - J:\AutoTransfer.exe

.

Inhoud van de 'Gedeelde Taken' map

"2008-05-09 15:15:00 C:\WINDOWS\Tasks\1-Click Maintenance.job"

- C:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe

"2008-05-08 16:45:08 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"

- C:\Program Files\Apple Software Update\SoftwareUpdate.exe

"2008-05-10 15:00:00 C:\WINDOWS\Tasks\B13FDACA90A44C1A.job"

- c:\docume~1\user\applic~1\bagsse~1\dentcampmpeg.exe

"2008-05-09 15:15:00 C:\WINDOWS\Tasks\Easy Onderhoud.job"

- C:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe

"2008-05-10 00:12:09 C:\WINDOWS\Tasks\MP Scheduled Scan.job"

- C:\Program Files\Windows Defender\MpCmdRun.exe

.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-05-10 16:48:15

Windows 5.1.2600 Service Pack 2 NTFS

scannen van verborgen processen ...

scannen van verborgen autostart items ...

scannen van verborgen bestanden ...

Scan succesvol afgerond

verborgen bestanden: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\vsdatant]

"ImagePath"=""

.

--------------------- DLLs Geladen Onder Lopende Processen ---------------------

PROCESS: C:\WINDOWS\explorer.exe

-> C:\WINDOWS\system32\nview.dll

.

------------------------ Other Running Processes ------------------------

.

C:\Program Files\Sygate\SPF\Smc.exe

C:\Program Files\ESET\nod32krn.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

C:\WINDOWS\system32\wdfmgr.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\system32\rundll32.exe

C:\WINDOWS\system32\rundll32.exe

C:\Program Files\Telenet EasyCare\bin\mpbtn.exe

C:\Program Files\SpywareGuard\sgbhp.exe

.

**************************************************************************

.

Voltooingstijd: 2008-05-10 17:03:11 - machine was rebooted

ComboFix-quarantined-files.txt 2008-05-10 15:02:56

Pre-Run: 3,653,853,184 bytes beschikbaar

Post-Run: 3,558,514,688 bytes beschikbaar

275 --- E O F --- 2007-09-01 08:14:51

ook zit er nog een ander tekstbestand bij: ComboFix-quarantined-files:

2008-05-08 15:50 43520 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\xxywXRii.dll.vir

2008-05-08 16:14 43520 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\urqNgffg.dll.vir

2008-05-09 15:58 1504983 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\yghlcvqp.ini.vir

2008-05-09 15:59 1505043 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\efgywfmh.ini2.vir

2008-05-09 16:00 1505043 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\efgywfmh.ini.vir

2008-05-09 20:58 187251 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\LorrAJlm.ini2.vir

2008-05-09 20:59 187251 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\LorrAJlm.ini.vir

2008-05-10 10:25 1504983 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\xbqgqiew.ini.vir

2008-05-10 10:28 294 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\eddgoqpx.ini2.vir

2008-05-10 10:29 1505043 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\eddgoqpx.ini.vir

2008-05-10 11:56 187881 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\YFPorBeg.ini2.vir

2008-05-10 11:59 187881 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\YFPorBeg.ini.vir

2008-05-10 12:12 277504 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\urqrrPge.dll.vir

2008-05-10 12:14 1504923 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\lymgdtqr.ini.vir

2008-05-10 13:42 1504983 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\bchpqkev.ini.vir

2008-05-10 13:46 294 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\yoetewxd.ini2.vir

2008-05-10 13:49 1505043 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\yoetewxd.ini.vir

2008-05-10 16:03 143 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\mcrh.tmp.vir

2008-05-10 16:25 100416 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\sultvprk.dll.vir

2008-05-10 16:25 91712 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\akqjjlby.dll.vir

2008-05-10 16:26 22 --a------ C:\Qoobox\Quarantine\C\WINDOWS\pskt.ini.vir

2008-05-10 16:35 1504983 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\ybljjqka.ini.vir

2008-05-10 16:35 183371 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\egPrrqru.ini2.vir

2008-05-10 16:35 183599 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\egPrrqru.ini.vir

2008-05-13 11:53 108 --a------ C:\Qoobox\Quarantine\catchme.log

Link naar reactie
Delen op andere sites

Open een kladblokbestand.

Kopieer en plak daarin de onderstaande vetgedrukte tekst.

File::

C:\WINDOWS\system32\cwqrohjo.exe

C:\WINDOWS\system32\njllouns.exe

C:\WINDOWS\system32\vagwtevk.exe

C:\WINDOWS\system32\pcisnklf.dll_old

C:\WINDOWS\system32\rqtdgmyl.dll_old

C:\WINDOWS\system32\qdqdnegn.exe

C:\WINDOWS\system32\vuigciwk.exe

C:\WINDOWS\system32\geBroPFY.dll_old

C:\WINDOWS\system32\myrwfrjp.exe

C:\WINDOWS\system32\nlohvqmn.exe

C:\WINDOWS\BMbf19ea25.xml

C:\WINDOWS\system32\muzika.xm

Registry::

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{00B24A31-527C-4827-A6BA-E79FA17A1B95}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0F5E9CA7-A273-4A1A-893A-DB9BE5D94543}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{271AE199-6A99-4EB7-A112-029271B3F228}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{28BD1860-4C41-4F96-AAAC-B2FB8373BB33}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2AFC5FA1-2721-4479-91C8-1B0D09FF4DBD}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{348F9E5C-4647-436E-A395-F4BDF4286F56}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6029CD72-1BDC-45DB-A78D-F08621140487}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{81787365-563B-4886-947F-09550D64967C}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B3102264-D09D-4322-B625-503FBF18DD7E}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C3A8B9EC-5375-490E-B1FD-65C77B844FE2}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D475293C-D49D-4FE1-ACE7-D14AD1CF97EB}]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\xxywXRii]

Sla dit bestand op je bureaublad op als CFScript.txt.

Sleep CFScript.txt in ComboFix.exe

Dit zal ComboFix doen herstarten. Start opnieuw op als dat gevraagd wordt.

Post na herstart de inhoud van de Combofix.txt in je volgende bericht samen met een nieuw logje van HijackThis.

En wil je eens bekijken of je al deze taken zelf geprogrammeerd hebt ?

C:\WINDOWS\Tasks\1-Click Maintenance.job

- C:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe

C:\WINDOWS\Tasks\AppleSoftwareUpdate.job

- C:\Program Files\Apple Software Update\SoftwareUpdate.exe

C:\WINDOWS\Tasks\B13FDACA90A44C1A.job

- c:\docume~1\user\applic~1\bagsse~1\dentcampmpeg.exe

C:\WINDOWS\Tasks\Easy Onderhoud.job

- C:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe

C:\WINDOWS\Tasks\MP Scheduled Scan.job

- C:\Program Files\Windows Defender\MpCmdRun.exe

Laat dan ook even weten hoe het nu met je problemen gesteld is ?

Link naar reactie
Delen op andere sites

ComboFix 08-05-09.1 - user 2008-05-10 16:34:38.1 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1043.18.101 [GMT 2:00]

Gestart vanuit: C:\Documents and Settings\user\Bureaublad\ComboFix.exe

* Nieuw herstelpunt werd aangemaakt

* Resident AV is active

WAARSCHUWING - DE RECOVERY CONSOLE IS NIET OP DIT SYSTEEM GEINSTALLEERD !!

.

ADS - svchost.exe: deleted 68 bytes in 1 streams.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\WINDOWS\pskt.ini

C:\WINDOWS\system32\akqjjlby.dll

C:\WINDOWS\system32\bchpqkev.ini

C:\WINDOWS\system32\eddgoqpx.ini

C:\WINDOWS\system32\eddgoqpx.ini2

C:\WINDOWS\system32\efgywfmh.ini

C:\WINDOWS\system32\efgywfmh.ini2

C:\WINDOWS\system32\egPrrqru.ini

C:\WINDOWS\system32\egPrrqru.ini2

C:\WINDOWS\system32\LorrAJlm.ini

C:\WINDOWS\system32\LorrAJlm.ini2

C:\WINDOWS\system32\lymgdtqr.ini

C:\WINDOWS\system32\mcrh.tmp

C:\WINDOWS\system32\sultvprk.dll

C:\WINDOWS\system32\urqNgffg.dll

C:\WINDOWS\system32\urqrrPge.dll

C:\WINDOWS\system32\xbqgqiew.ini

C:\WINDOWS\system32\xxywXRii.dll

C:\WINDOWS\system32\ybljjqka.ini

C:\WINDOWS\system32\YFPorBeg.ini

C:\WINDOWS\system32\YFPorBeg.ini2

C:\WINDOWS\system32\yghlcvqp.ini

C:\WINDOWS\system32\yoetewxd.ini

C:\WINDOWS\system32\yoetewxd.ini2

.

(((((((((((((((((((( Bestanden Gemaakt van 2008-04-10 to 2008-05-10 ))))))))))))))))))))))))))))))

.

2008-05-10 16:19 . 2008-03-25 02:37 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl

2008-05-10 16:15 . 2008-05-10 16:15 <DIR> d-------- C:\Program Files\Common Files\Java

2008-05-10 13:49 . 2008-05-10 13:49 2,112 --a------ C:\WINDOWS\system32\cwqrohjo.exe

2008-05-10 13:42 . 2008-05-10 13:42 2,112 --a------ C:\WINDOWS\system32\njllouns.exe

2008-05-10 12:43 . 2008-05-10 15:42 <DIR> dr-h----- C:\Documents and Settings\user\Onlangs geopend

2008-05-10 12:14 . 2008-05-10 12:14 2,112 --a------ C:\WINDOWS\system32\vagwtevk.exe

2008-05-10 12:13 . 2008-05-10 12:13 100,416 --------- C:\WINDOWS\system32\pcisnklf.dll_old

2008-05-10 12:13 . 2008-05-10 12:13 91,712 --------- C:\WINDOWS\system32\rqtdgmyl.dll_old

2008-05-10 10:26 . 2008-05-10 10:26 2,112 --a------ C:\WINDOWS\system32\qdqdnegn.exe

2008-05-10 10:20 . 2008-05-10 10:20 2,112 --a------ C:\WINDOWS\system32\vuigciwk.exe

2008-05-10 10:17 . 2008-05-10 10:17 277,504 --------- C:\WINDOWS\system32\geBroPFY.dll_old

2008-05-09 15:59 . 2008-05-09 15:59 2,112 --a------ C:\WINDOWS\system32\myrwfrjp.exe

2008-05-09 14:26 . 2008-05-09 14:26 2,112 --a------ C:\WINDOWS\system32\nlohvqmn.exe

2008-05-09 14:24 . 2008-05-10 16:25 109,807 --a------ C:\WINDOWS\BMbf19ea25.xml

2008-05-08 18:43 . 2008-05-10 10:52 51,355 --a------ C:\WINDOWS\system32\muzika.xm

2008-05-08 16:17 . 2008-05-08 19:29 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP

2008-05-06 23:47 . 2008-05-06 23:47 54,156 --ah----- C:\WINDOWS\QTFont.qfn

2008-05-06 23:47 . 2008-05-06 23:47 1,409 --a------ C:\WINDOWS\QTFont.for

2008-05-06 18:01 . 2008-05-06 18:01 <DIR> d-------- C:\Documents and Settings\user\Application Data\Pegasys Inc

2008-05-03 19:42 . 2008-05-06 19:31 <DIR> d-------- C:\divx

2008-05-03 19:40 . 2008-05-03 22:17 <DIR> d-------- C:\Documents and Settings\user\Application Data\DivX

2008-05-03 19:35 . 2008-05-06 17:59 <DIR> d-------- C:\Program Files\DivX

2008-05-03 19:35 . 2007-11-30 00:30 120,056 --------- C:\WINDOWS\system32\pxcpyi64.exe

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-05-10 14:19 --------- d-----w C:\Program Files\Java

2008-05-10 13:54 --------- d-----w C:\Documents and Settings\user\Application Data\uTorrent

2008-05-10 12:46 --------- d-----w C:\Program Files\Soulseek

2008-05-10 10:48 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy

2008-05-09 14:09 --------- d-----w C:\Program Files\SpywareGuard

2008-05-08 17:52 --------- d-----w C:\Program Files\Trend Micro

2008-05-08 17:44 --------- d--h--w C:\Program Files\InstallShield Installation Information

2008-05-08 17:41 --------- d-----w C:\Program Files\Webteh

2008-05-08 17:41 --------- d-----w C:\Documents and Settings\user\Application Data\BSplayer

2008-05-08 14:09 --------- d-----w C:\Program Files\Lavasoft

2008-05-08 14:04 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft

2008-05-08 13:50 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard

2008-05-03 14:28 --------- d-----w C:\Documents and Settings\All Users\Application Data\nView_Profiles

2008-04-23 13:55 --------- d-----w C:\Program Files\Winamp

2008-03-21 08:23 --------- d-----w C:\Documents and Settings\user\Application Data\AccurateRip

2008-03-21 08:01 --------- d-----w C:\Program Files\iTunes

2008-03-21 08:01 --------- d-----w C:\Program Files\iPod

2008-03-21 07:59 --------- d-----w C:\Program Files\QuickTime

2008-03-21 07:59 --------- d-----w C:\Program Files\Bonjour

2008-03-21 07:58 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer

2008-03-21 07:57 --------- d-----w C:\Program Files\Apple Software Update

2008-03-21 07:56 --------- d-----w C:\Program Files\Common Files\Apple

2008-03-21 07:56 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple

2008-03-21 07:33 --------- d-----w C:\Program Files\Illustrate

2008-02-27 16:42 691,545 ----a-w C:\WINDOWS\unins000.exe

2007-09-10 14:42 87,608 ----a-w C:\Documents and Settings\user\Application Data\inst.exe

2007-09-10 14:42 47,360 ----a-w C:\Documents and Settings\user\Application Data\pcouffin.sys

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

REGEDIT4

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{00B24A31-527C-4827-A6BA-E79FA17A1B95}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0F5E9CA7-A273-4A1A-893A-DB9BE5D94543}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{271AE199-6A99-4EB7-A112-029271B3F228}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{28BD1860-4C41-4F96-AAAC-B2FB8373BB33}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2AFC5FA1-2721-4479-91C8-1B0D09FF4DBD}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{348F9E5C-4647-436E-A395-F4BDF4286F56}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6029CD72-1BDC-45DB-A78D-F08621140487}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{81787365-563B-4886-947F-09550D64967C}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B3102264-D09D-4322-B625-503FBF18DD7E}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C3A8B9EC-5375-490E-B1FD-65C77B844FE2}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D475293C-D49D-4FE1-ACE7-D14AD1CF97EB}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 02:03 15360]

"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 12:43 2097488]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SmcService"="C:\PROGRA~1\Sygate\SPF\smc.exe" [2004-10-15 19:40 2577632]

"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-10-04 18:14 8491008]

"nwiz"="nwiz.exe" [2007-10-04 18:14 1626112 C:\WINDOWS\system32\nwiz.exe]

"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2007-12-30 20:25 949376]

"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-10-04 18:14 81920]

"ISTray"="C:\Program Files\Spyware Doctor\pctsTray.exe" [ ]

"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 04:28 144784]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

"wextract_cleanup0"="C:\WINDOWS\system32\advpack.dll" [2004-08-04 02:03 100864]

"Spybot - Search & Destroy"="C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" [2008-01-28 12:43 5146448]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 02:03 15360]

C:\Documents and Settings\user\Menu Start\Programma's\Opstarten\

SpywareGuard.lnk - C:\Program Files\SpywareGuard\sgmain.exe [2003-08-29 19:05:35 360448]

C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\

Telenet EasyCare.lnk - C:\Program Files\Telenet EasyCare\bin\matcli.exe [2007-08-31 09:29:50 217088]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\xxywXRii]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"VIDC.I420"= i420vfw.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Logitech Desktop Messenger.lnk]

backup=C:\WINDOWS\pss\Logitech Desktop Messenger.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^user^Menu Start^Programma's^Opstarten^Adobe Gamma.lnk]

backup=C:\WINDOWS\pss\Adobe Gamma.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^user^Menu Start^Programma's^Opstarten^Anapod Manager.lnk]

[HKLM\~\startupfolder\C:^Documents and Settings^user^Menu Start^Programma's^Opstarten^MagicDisc.lnk]

backup=C:\WINDOWS\pss\MagicDisc.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

--a------ 2007-10-10 20:51 39792 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AudioDeck]

--a------ 2005-03-04 08:20 512000 C:\Program Files\VIAudioi\SBADeck\ADeck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent DNA]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]

--a------ 2007-08-29 17:09 171464 C:\Program Files\DAEMON Tools\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools-1033]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISTray]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]

C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]

--a------ 2005-02-16 16:15 81920 C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

--a------ 2008-02-19 14:10 267048 C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KAVPersonal50]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechGalleryRepair]

--a------ 2002-12-10 19:32 155648 C:\Program Files\Logitech\ImageStudio\ISStart.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechImageStudioTray]

--a------ 2002-12-10 19:31 61440 C:\Program Files\Logitech\ImageStudio\LogiTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MessengerPlus3]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Motive SmartBridge]

--a------ 2006-04-21 15:41 438359 C:\PROGRA~1\TELENE~1\SMARTB~1\MotiveSB.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]

--a------ 2004-10-13 18:24 1694208 C:\Program Files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

--a------ 2001-07-09 10:50 155648 C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OpwareSE4]

--a------ 2006-10-11 12:45 75304 C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]

--a------ 2007-04-09 14:23 200704 C:\Program Files\PowerISO\PWRISOVM.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

--a------ 2008-02-01 00:13 385024 C:\Program Files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RaidTool]

-ra------ 2005-11-23 04:12 1060864 C:\Program Files\VIA\RAID\raid_tool.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RegistryMechanic]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite]

-ra------ 2005-10-26 18:17 159744 C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]

--a------ 2006-09-28 13:16 185896 C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]

--a------ 2007-11-19 13:58 185896 C:\Program Files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\User Enc Proc Curb]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]

--a------ 2007-10-10 07:28 36352 C:\Program Files\Winamp\winampa.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]

--a------ 2006-04-03 18:12 777424 C:\Program Files\Windows Defender\MSASCui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ZSScheduler]

C:\Program Files\FBM Software\ZeroSpyware\ZSScheduler.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"svcWRSSSDK"=2 (0x2)

"SDhelper"=3 (0x3)

"iPodService"=3 (0x3)

"Adobe LM Service"=3 (0x3)

"Bonjour Service"=2 (0x2)

"Apple Mobile Device"=2 (0x2)

"aawservice"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"C:\\Program Files\\Soulseek\\slsk.exe"=

"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=

"C:\\Program Files\\Microsoft Games\\Age of Mythology\\aom.exe"=

"C:\\WINDOWS\\system32\\dpvsetup.exe"=

"C:\\WINDOWS\\system32\\rundll32.exe"=

"C:\\Program Files\\Ahead\\Nero ShowTime\\ShowTime.exe"=

"C:\\Program Files\\uTorrent\\uTorrent.exe"=

"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"C:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"3724:TCP"= 3724:TCP:Blizzard Downloader

"6112:TCP"= 6112:TCP:Blizzard Downloader

S0 stwlfbus;stwlfbus;C:\WINDOWS\system32\DRIVERS\stwlfbus.sys []

S3 iatmunin;iatmunin;C:\DOCUME~1\user\LOCALS~1\Temp\iatmunin.sys []

S3 k600bus;Sony Ericsson 600i driver (WDM);C:\WINDOWS\system32\DRIVERS\k600bus.sys [2005-03-04 19:08]

S3 k600mdfl;Sony Ericsson 600i USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\k600mdfl.sys [2005-03-04 19:11]

S3 k600mdm;Sony Ericsson 600i USB WMC Modem Drivers;C:\WINDOWS\system32\DRIVERS\k600mdm.sys [2005-03-04 19:11]

S3 k600mgmt;Sony Ericsson 600i USB WMC Device Management Drivers;C:\WINDOWS\system32\DRIVERS\k600mgmt.sys [2005-03-04 19:13]

S3 k600obex;Sony Ericsson 600i USB WMC OBEX Interface Drivers;C:\WINDOWS\system32\DRIVERS\k600obex.sys [2005-03-04 19:15]

S3 MA_CMIDI;%EVOL_USB.SvcDesc%;C:\WINDOWS\system32\drivers\ma_cmidi.sys []

S3 st3wolf;st3wolf;C:\WINDOWS\system32\DRIVERS\st3wolf.sys []

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{30785b76-838d-11dc-9956-003018ffffff}]

\Shell\AutoRun\command - J:\AutoTransfer.exe

.

Inhoud van de 'Gedeelde Taken' map

"2008-05-09 15:15:00 C:\WINDOWS\Tasks\1-Click Maintenance.job"

- C:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe

"2008-05-08 16:45:08 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"

- C:\Program Files\Apple Software Update\SoftwareUpdate.exe

"2008-05-10 15:00:00 C:\WINDOWS\Tasks\B13FDACA90A44C1A.job"

- c:\docume~1\user\applic~1\bagsse~1\dentcampmpeg.exe

"2008-05-09 15:15:00 C:\WINDOWS\Tasks\Easy Onderhoud.job"

- C:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe

"2008-05-10 00:12:09 C:\WINDOWS\Tasks\MP Scheduled Scan.job"

- C:\Program Files\Windows Defender\MpCmdRun.exe

.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-05-10 16:48:15

Windows 5.1.2600 Service Pack 2 NTFS

scannen van verborgen processen ...

scannen van verborgen autostart items ...

scannen van verborgen bestanden ...

Scan succesvol afgerond

verborgen bestanden: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\vsdatant]

"ImagePath"=""

.

--------------------- DLLs Geladen Onder Lopende Processen ---------------------

PROCESS: C:\WINDOWS\explorer.exe

-> C:\WINDOWS\system32\nview.dll

.

------------------------ Other Running Processes ------------------------

.

C:\Program Files\Sygate\SPF\Smc.exe

C:\Program Files\ESET\nod32krn.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

C:\WINDOWS\system32\wdfmgr.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\system32\rundll32.exe

C:\WINDOWS\system32\rundll32.exe

C:\Program Files\Telenet EasyCare\bin\mpbtn.exe

C:\Program Files\SpywareGuard\sgbhp.exe

.

**************************************************************************

.

Voltooingstijd: 2008-05-10 17:03:11 - machine was rebooted

ComboFix-quarantined-files.txt 2008-05-10 15:02:56

Pre-Run: 3,653,853,184 bytes beschikbaar

Post-Run: 3,558,514,688 bytes beschikbaar

275 --- E O F --- 2007-09-01 08:14:51

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 12:33:52, on 15/05/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Sygate\SPF\smc.exe

C:\WINDOWS\system32\spoolsv.exe

C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Eset\nod32krn.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\svchost.exe

C:\PROGRA~1\AVG\AVG8\avgrsx.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\system32\rundll32.exe

C:\Program Files\Eset\nod32kui.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

C:\Program Files\SpywareGuard\sgmain.exe

C:\Program Files\SpywareGuard\sgbhp.exe

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Windows Live\Messenger\usnsvc.exe

C:\PROGRA~1\MOZILL~1\FIREFOX.EXE

C:\WINDOWS\system32\NOTEPAD.EXE

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;*.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll

O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll

O4 - HKLM\..\Run: [smcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"

O4 - HKLM\..\Run: [iSTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"

O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe

O4 - HKLM\..\RunOnce: [spybot - Search & Destroy] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck

O4 - HKLM\..\RunOnce: [wextract_cleanup0] rundll32.exe C:\WINDOWS\system32\advpack.dll,DelNodeRunDLL32 "C:\DOCUME~1\user\LOCALS~1\Temp\IXP000.TMP\"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe

O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: Easy-WebPrint Afdrukken - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html

O8 - Extra context menu item: Easy-WebPrint Afdrukvoorbeeld - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html

O8 - Extra context menu item: Easy-WebPrint Toevoegen aan afdruklijst - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html

O8 - Extra context menu item: Easy-WebPrint Versneld afdrukken - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll

O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe

O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O14 - IERESET.INF: START_PAGE_URL=www.google.be

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab

O16 - DPF: {3E90FFF5-1347-45B9-91F6-DA47926E9697} (PlaNet SysInfo Agent) - http://www.telenet.be/sys/tisp/ocx/PlaNetSysInfo.cab

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by109fd.bay109.hotmail.msn.com/resources/MsnPUpld.cab

O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1159107806500

O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab

O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab

O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} (Java Plug-in 1.6.0_01) -

O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} (Java Plug-in 1.6.0_02) -

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll

O20 - AppInit_DLLs: avgrsstx.dll

O20 - Winlogon Notify: xxywXRii - C:\WINDOWS\

O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: Machine Debug Manager (MDM) - Unknown owner - C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE (file missing)

O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe

--

End of file - 7913 bytes

mijn pc gaat nog altijd extreem traag.. ik zou echt niet weten wat het probleem is, die taken heb ik zelf ook niet geprogrammeerd.

Link naar reactie
Delen op andere sites

mijn pc gaat nog altijd extreem traag.. ik zou echt niet weten wat het probleem is, die taken heb ik zelf ook niet geprogrammeerd.
Dat kan kloppen, want de bestanden en registersleutels die moesten verdwijnen, zijn - om één of andere reden - door Combofix niet verwijderd.

Tweede poging (maar een beetje anders) :

Start Hijackthis op en kies voor 'Do a system scan only'. Selecteer alleen de items hieronder genoemd:

O4 - HKLM\..\RunOnce: [wextract_cleanup0] rundll32.exe C:\WINDOWS\system32\advpack.dll,DelNodeRunDLL32 "C:\DOCUME~1\user\LOCALS~1\Temp\IXP000.TMP\"

O20 - Winlogon Notify: xxywXRii - C:\WINDOWS\

Klik op 'Fix checked' om de items te verwijderen.

Verwijder de inhoud uit volgende vetgedrukte mappen :

C:\WINDOWS\Tasks (niet de map zelf, maar wel de inhoud).

C:\Qoobox\Quarantine (niet de map zelf, maar wel de inhoud).

Download The Avenger en plaats het op je bureaublad:

Unzip het.

Start het programma door op avenger.exe te klikken.

In het venster "Input Script here", plak je het volgende (vetgedrukte):

Files to delete:

C:\WINDOWS\system32\cwqrohjo.exe

C:\WINDOWS\system32\njllouns.exe

C:\WINDOWS\system32\vagwtevk.exe

C:\WINDOWS\system32\pcisnklf.dll_old

C:\WINDOWS\system32\rqtdgmyl.dll_old

C:\WINDOWS\system32\qdqdnegn.exe

C:\WINDOWS\system32\vuigciwk.exe

C:\WINDOWS\system32\geBroPFY.dll_old

C:\WINDOWS\system32\myrwfrjp.exe

C:\WINDOWS\system32\nlohvqmn.exe

C:\WINDOWS\BMbf19ea25.xml

C:\WINDOWS\system32\muzika.xm

C:\WINDOWS\system32\cwqrohjo.exe

C:\WINDOWS\system32\njllouns.exe

C:\WINDOWS\system32\cwqrohjo.exe

C:\WINDOWS\system32\cwqrohjo.exe

C:\WINDOWS\system32\njllouns.exe

C:\WINDOWS\system32\vagwtevk.exe

C:\WINDOWS\system32\pcisnklf.dll_old

C:\WINDOWS\system32\rqtdgmyl.dll_old

C:\WINDOWS\system32\qdqdnegn.exe

C:\WINDOWS\system32\vuigciwk.exe

C:\WINDOWS\system32\geBroPFY.dll_old

C:\WINDOWS\system32\myrwfrjp.exe

C:\WINDOWS\system32\nlohvqmn.exe

C:\WINDOWS\BMbf19ea25.xml

C:\WINDOWS\system32\muzika.xm

Registry keys to delete:

HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{00B24A31-527C-4827-A6BA-E79FA17A1B95}

HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0F5E9CA7-A273-4A1A-893A-DB9BE5D94543}

HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{271AE199-6A99-4EB7-A112-029271B3F228}

HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{28BD1860-4C41-4F96-AAAC-B2FB8373BB33}

HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2AFC5FA1-2721-4479-91C8-1B0D09FF4DBD}

HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{348F9E5C-4647-436E-A395-F4BDF4286F56}

HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6029CD72-1BDC-45DB-A78D-F08621140487}

HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{81787365-563B-4886-947F-09550D64967C}

HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B3102264-D09D-4322-B625-503FBF18DD7E}

HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C3A8B9EC-5375-490E-B1FD-65C77B844FE2}

HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D475293C-D49D-4FE1-ACE7-D14AD1CF97EB}

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\xxywXRii

Klik daarna op de knop "Execute".

Avenger zal aangeven dat de computer gaat herstarten, sta dit toe.

Na nieuwe opstart opent een logfile (avenger.txt).

Post de inhoud van de logfile, samen met een nieuw log van HJT.

Link naar reactie
Delen op andere sites

Logfile of The Avenger Version 2.0, © by Swandog46

Swandog46's Public Anti-Malware Tools

Platform: Windows XP

*******************

Script file opened successfully.

Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.

No rootkits found!

Error: file "C:\WINDOWS\system32\cwqrohjo.exe" not found!

Deletion of file "C:\WINDOWS\system32\cwqrohjo.exe" failed!

Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)

--> the object does not exist

Error: file "C:\WINDOWS\system32\njllouns.exe" not found!

Deletion of file "C:\WINDOWS\system32\njllouns.exe" failed!

Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)

--> the object does not exist

Error: file "C:\WINDOWS\system32\vagwtevk.exe" not found!

Deletion of file "C:\WINDOWS\system32\vagwtevk.exe" failed!

Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)

--> the object does not exist

Error: file "C:\WINDOWS\system32\pcisnklf.dll_old" not found!

Deletion of file "C:\WINDOWS\system32\pcisnklf.dll_old" failed!

Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)

--> the object does not exist

Error: file "C:\WINDOWS\system32\rqtdgmyl.dll_old" not found!

Deletion of file "C:\WINDOWS\system32\rqtdgmyl.dll_old" failed!

Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)

--> the object does not exist

Error: file "C:\WINDOWS\system32\qdqdnegn.exe" not found!

Deletion of file "C:\WINDOWS\system32\qdqdnegn.exe" failed!

Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)

--> the object does not exist

Error: file "C:\WINDOWS\system32\vuigciwk.exe" not found!

Deletion of file "C:\WINDOWS\system32\vuigciwk.exe" failed!

Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)

--> the object does not exist

Error: file "C:\WINDOWS\system32\geBroPFY.dll_old" not found!

Deletion of file "C:\WINDOWS\system32\geBroPFY.dll_old" failed!

Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)

--> the object does not exist

Error: file "C:\WINDOWS\system32\myrwfrjp.exe" not found!

Deletion of file "C:\WINDOWS\system32\myrwfrjp.exe" failed!

Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)

--> the object does not exist

Error: file "C:\WINDOWS\system32\nlohvqmn.exe" not found!

Deletion of file "C:\WINDOWS\system32\nlohvqmn.exe" failed!

Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)

--> the object does not exist

Error: file "C:\WINDOWS\BMbf19ea25.xml" not found!

Deletion of file "C:\WINDOWS\BMbf19ea25.xml" failed!

Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)

--> the object does not exist

Error: file "C:\WINDOWS\system32\muzika.xm" not found!

Deletion of file "C:\WINDOWS\system32\muzika.xm" failed!

Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)

--> the object does not exist

Error: file "C:\WINDOWS\system32\cwqrohjo.exe" not found!

Deletion of file "C:\WINDOWS\system32\cwqrohjo.exe" failed!

Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)

--> the object does not exist

Error: file "C:\WINDOWS\system32\njllouns.exe" not found!

Deletion of file "C:\WINDOWS\system32\njllouns.exe" failed!

Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)

--> the object does not exist

Error: file "C:\WINDOWS\system32\cwqrohjo.exe" not found!

Deletion of file "C:\WINDOWS\system32\cwqrohjo.exe" failed!

Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)

--> the object does not exist

Error: file "C:\WINDOWS\system32\cwqrohjo.exe" not found!

Deletion of file "C:\WINDOWS\system32\cwqrohjo.exe" failed!

Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)

--> the object does not exist

Error: file "C:\WINDOWS\system32\njllouns.exe" not found!

Deletion of file "C:\WINDOWS\system32\njllouns.exe" failed!

Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)

--> the object does not exist

Error: file "C:\WINDOWS\system32\vagwtevk.exe" not found!

Deletion of file "C:\WINDOWS\system32\vagwtevk.exe" failed!

Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)

--> the object does not exist

Error: file "C:\WINDOWS\system32\pcisnklf.dll_old" not found!

Deletion of file "C:\WINDOWS\system32\pcisnklf.dll_old" failed!

Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)

--> the object does not exist

Error: file "C:\WINDOWS\system32\rqtdgmyl.dll_old" not found!

Deletion of file "C:\WINDOWS\system32\rqtdgmyl.dll_old" failed!

Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)

--> the object does not exist

Error: file "C:\WINDOWS\system32\qdqdnegn.exe" not found!

Deletion of file "C:\WINDOWS\system32\qdqdnegn.exe" failed!

Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)

--> the object does not exist

Error: file "C:\WINDOWS\system32\vuigciwk.exe" not found!

Deletion of file "C:\WINDOWS\system32\vuigciwk.exe" failed!

Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)

--> the object does not exist

Error: file "C:\WINDOWS\system32\geBroPFY.dll_old" not found!

Deletion of file "C:\WINDOWS\system32\geBroPFY.dll_old" failed!

Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)

--> the object does not exist

Error: file "C:\WINDOWS\system32\myrwfrjp.exe" not found!

Deletion of file "C:\WINDOWS\system32\myrwfrjp.exe" failed!

Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)

--> the object does not exist

Error: file "C:\WINDOWS\system32\nlohvqmn.exe" not found!

Deletion of file "C:\WINDOWS\system32\nlohvqmn.exe" failed!

Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)

--> the object does not exist

Error: file "C:\WINDOWS\BMbf19ea25.xml" not found!

Deletion of file "C:\WINDOWS\BMbf19ea25.xml" failed!

Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)

--> the object does not exist

Error: file "C:\WINDOWS\system32\muzika.xm" not found!

Deletion of file "C:\WINDOWS\system32\muzika.xm" failed!

Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)

--> the object does not exist

Error: registry key "HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{00B24A31-527C-4827-A6BA-E79FA17A1B95}" not found!

Deletion of registry key "HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{00B24A31-527C-4827-A6BA-E79FA17A1B95}" failed!

Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)

--> the object does not exist

Error: registry key "HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0F5E9CA7-A273-4A1A-893A-DB9BE5D94543}" not found!

Deletion of registry key "HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0F5E9CA7-A273-4A1A-893A-DB9BE5D94543}" failed!

Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)

--> the object does not exist

Error: registry key "HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{271AE199-6A99-4EB7-A112-029271B3F228}" not found!

Deletion of registry key "HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{271AE199-6A99-4EB7-A112-029271B3F228}" failed!

Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)

--> the object does not exist

Error: registry key "HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{28BD1860-4C41-4F96-AAAC-B2FB8373BB33}" not found!

Deletion of registry key "HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{28BD1860-4C41-4F96-AAAC-B2FB8373BB33}" failed!

Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)

--> the object does not exist

Error: registry key "HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2AFC5FA1-2721-4479-91C8-1B0D09FF4DBD}" not found!

Deletion of registry key "HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2AFC5FA1-2721-4479-91C8-1B0D09FF4DBD}" failed!

Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)

--> the object does not exist

Error: registry key "HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{348F9E5C-4647-436E-A395-F4BDF4286F56}" not found!

Deletion of registry key "HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{348F9E5C-4647-436E-A395-F4BDF4286F56}" failed!

Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)

--> the object does not exist

Error: registry key "HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6029CD72-1BDC-45DB-A78D-F08621140487}" not found!

Deletion of registry key "HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6029CD72-1BDC-45DB-A78D-F08621140487}" failed!

Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)

--> the object does not exist

Error: registry key "HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{81787365-563B-4886-947F-09550D64967C}" not found!

Deletion of registry key "HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{81787365-563B-4886-947F-09550D64967C}" failed!

Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)

--> the object does not exist

Error: registry key "HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B3102264-D09D-4322-B625-503FBF18DD7E}" not found!

Deletion of registry key "HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B3102264-D09D-4322-B625-503FBF18DD7E}" failed!

Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)

--> the object does not exist

Error: registry key "HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C3A8B9EC-5375-490E-B1FD-65C77B844FE2}" not found!

Deletion of registry key "HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C3A8B9EC-5375-490E-B1FD-65C77B844FE2}" failed!

Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)

--> the object does not exist

Error: registry key "HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D475293C-D49D-4FE1-ACE7-D14AD1CF97EB}" not found!

Deletion of registry key "HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D475293C-D49D-4FE1-ACE7-D14AD1CF97EB}" failed!

Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)

--> the object does not exist

Error: registry key "HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\xxywXRii" not found!

Deletion of registry key "HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\xxywXRii" failed!

Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)

--> the object does not exist

Completed script processing.

*******************

Finished! Terminate.

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 14:46:42, on 15/05/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Sygate\SPF\smc.exe

C:\WINDOWS\system32\spoolsv.exe

C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

C:\Program Files\Eset\nod32krn.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\svchost.exe

C:\PROGRA~1\AVG\AVG8\avgrsx.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\system32\NOTEPAD.EXE

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\Eset\nod32kui.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe

C:\WINDOWS\system32\rundll32.exe

C:\WINDOWS\system32\ctfmon.exe

C:\PROGRA~1\AVG\AVG8\avgupd.exe

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

C:\PROGRA~1\MOZILL~1\FIREFOX.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;*.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll

O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll

O4 - HKLM\..\Run: [smcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"

O4 - HKLM\..\Run: [iSTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"

O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: Easy-WebPrint Afdrukken - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html

O8 - Extra context menu item: Easy-WebPrint Afdrukvoorbeeld - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html

O8 - Extra context menu item: Easy-WebPrint Toevoegen aan afdruklijst - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html

O8 - Extra context menu item: Easy-WebPrint Versneld afdrukken - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll

O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe

O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe

O14 - IERESET.INF: START_PAGE_URL=www.google.be

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab

O16 - DPF: {3E90FFF5-1347-45B9-91F6-DA47926E9697} (PlaNet SysInfo Agent) - http://www.telenet.be/sys/tisp/ocx/PlaNetSysInfo.cab

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by109fd.bay109.hotmail.msn.com/resources/MsnPUpld.cab

O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1159107806500

O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab

O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab

O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} (Java Plug-in 1.6.0_01) -

O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} (Java Plug-in 1.6.0_02) -

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll

O20 - AppInit_DLLs: avgrsstx.dll

O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: Machine Debug Manager (MDM) - Unknown owner - C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE (file missing)

O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe

--

End of file - 6778 bytes

ik heb ook spywareguard en spybot verwijderd, want die gaven constant meldingen..

Link naar reactie
Delen op andere sites

Maak eens een actueel log van Combofix. Want het vorige dat je hebt geplaatst was - zo valt me nu plots op - van 10.05.2008. En dat is dus absoluut geen accurate toestand van je PC om nu mee te werken.

Je HJT-log is wél van 15.05.2008 en is nu volledig clean.

Link naar reactie
Delen op andere sites

ComboFix 08-05-09.1 - user 2008-05-15 15:46:00.4 - NTFSx86

Gestart vanuit: C:\Documents and Settings\user\Bureaublad\ComboFix.exe

* Resident AV is active

WAARSCHUWING - DE RECOVERY CONSOLE IS NIET OP DIT SYSTEEM GEINSTALLEERD !!

.

(((((((((((((((((((( Bestanden Gemaakt van 2008-04-15 to 2008-05-15 ))))))))))))))))))))))))))))))

.

2008-05-15 14:57 . 2008-05-15 14:57 <DIR> dr-h----- C:\Documents and Settings\user\Onlangs geopend

2008-05-14 12:20 . 2008-05-15 14:46 <DIR> d-------- C:\WINDOWS\system32\drivers\Avg

2008-05-14 12:20 . 2008-05-14 12:20 96,520 --a------ C:\WINDOWS\system32\drivers\avgldx86.sys

2008-05-14 12:20 . 2008-05-14 12:20 10,520 --a------ C:\WINDOWS\system32\avgrsstx.dll

2008-05-14 12:19 . 2008-05-14 12:19 <DIR> d-------- C:\Program Files\AVG

2008-05-14 12:18 . 2008-05-14 12:18 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg8

2008-05-13 12:13 . 2008-05-13 12:14 <DIR> d-------- C:\Program Files\Panda Security

2008-05-13 09:56 . 2008-05-13 09:56 <DIR> d-------- C:\Documents and Settings\user\Application Data\Malwarebytes

2008-05-13 09:56 . 2008-05-13 09:56 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes

2008-05-13 09:56 . 2008-05-05 20:46 27,048 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys

2008-05-13 09:55 . 2008-05-13 09:56 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware

2008-05-13 09:55 . 2008-05-05 20:46 15,864 --a------ C:\WINDOWS\system32\drivers\mbam.sys

2008-05-10 17:18 . 2008-05-10 17:18 1,099,839 --a------ C:\WINDOWS\system32\TmpA1954125

2008-05-10 16:19 . 2008-03-25 02:37 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl

2008-05-10 16:15 . 2008-05-10 16:15 <DIR> d-------- C:\Program Files\Common Files\Java

2008-05-08 16:17 . 2008-05-08 19:29 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP

2008-05-06 23:47 . 2008-05-11 14:09 54,156 --ah----- C:\WINDOWS\QTFont.qfn

2008-05-06 23:47 . 2008-05-06 23:47 1,409 --a------ C:\WINDOWS\QTFont.for

2008-05-06 18:01 . 2008-05-06 18:01 <DIR> d-------- C:\Documents and Settings\user\Application Data\Pegasys Inc

2008-05-03 19:42 . 2008-05-06 19:31 <DIR> d-------- C:\divx

2008-05-03 19:40 . 2008-05-03 22:17 <DIR> d-------- C:\Documents and Settings\user\Application Data\DivX

2008-05-03 19:35 . 2008-05-06 17:59 <DIR> d-------- C:\Program Files\DivX

2008-05-03 19:35 . 2007-11-30 00:30 120,056 --------- C:\WINDOWS\system32\pxcpyi64.exe

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-05-15 12:38 --------- d-----w C:\Program Files\Spybot - Search & Destroy

2008-05-15 11:58 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy

2008-05-15 11:57 --------- d-----w C:\Program Files\SpywareGuard

2008-05-12 19:34 --------- d-----w C:\Documents and Settings\user\Application Data\uTorrent

2008-05-10 19:00 --------- d-----w C:\Program Files\Soulseek

2008-05-10 15:18 --------- d-----w C:\Program Files\Absolute MP3 Splitter

2008-05-10 15:18 --------- d-----w C:\Program Files\Ableton

2008-05-10 14:19 --------- d-----w C:\Program Files\Java

2008-05-08 17:52 --------- d-----w C:\Program Files\Trend Micro

2008-05-08 17:44 --------- d--h--w C:\Program Files\InstallShield Installation Information

2008-05-08 17:41 --------- d-----w C:\Program Files\Webteh

2008-05-08 17:41 --------- d-----w C:\Documents and Settings\user\Application Data\BSplayer

2008-05-08 14:09 --------- d-----w C:\Program Files\Lavasoft

2008-05-08 14:04 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft

2008-05-08 14:03 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe

2008-05-08 13:50 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard

2008-05-03 14:28 --------- d-----w C:\Documents and Settings\All Users\Application Data\nView_Profiles

2008-04-23 13:55 --------- d-----w C:\Program Files\Winamp

2008-03-31 21:25 831,488 ----a-w C:\WINDOWS\system32\divx_xx0a.dll

2008-03-31 21:25 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll

2008-03-31 21:25 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll

2008-03-31 21:25 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll

2008-03-31 21:25 682,496 ----a-w C:\WINDOWS\system32\DivX.dll

2008-03-31 21:25 161,096 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe

2008-03-21 20:30 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe

2008-03-21 20:30 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll

2008-03-21 20:30 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll

2008-03-21 20:28 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll

2008-03-21 20:28 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll

2008-03-21 20:28 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll

2008-03-21 20:28 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll

2008-03-21 20:28 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll

2008-03-21 20:28 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll

2008-03-21 08:23 --------- d-----w C:\Documents and Settings\user\Application Data\AccurateRip

2008-03-21 08:22 4,230,520 ----a-w C:\WINDOWS\system32\SpoonUninstall.exe

2008-03-21 08:01 --------- d-----w C:\Program Files\iTunes

2008-03-21 08:01 --------- d-----w C:\Program Files\iPod

2008-03-21 07:59 --------- d-----w C:\Program Files\QuickTime

2008-03-21 07:59 --------- d-----w C:\Program Files\Bonjour

2008-03-21 07:58 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer

2008-03-21 07:57 --------- d-----w C:\Program Files\Apple Software Update

2008-03-21 07:56 --------- d-----w C:\Program Files\Common Files\Apple

2008-03-21 07:56 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple

2008-03-21 07:33 --------- d-----w C:\Program Files\Illustrate

2007-09-10 14:42 47,360 ----a-w C:\Documents and Settings\user\Application Data\pcouffin.sys

.

((((((((((((((((((((((((((((( snapshot_2008-05-14_15.41.57,76 )))))))))))))))))))))))))))))))))))))))))

.

- 2008-05-14 09:27:21 2,048 --s-a-w C:\WINDOWS\bootstat.dat

+ 2008-05-15 12:39:14 2,048 --s-a-w C:\WINDOWS\bootstat.dat

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

REGEDIT4

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 02:03 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SmcService"="C:\PROGRA~1\Sygate\SPF\smc.exe" [2004-10-15 19:40 2577632]

"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-10-04 18:14 8491008]

"nwiz"="nwiz.exe" [2007-10-04 18:14 1626112 C:\WINDOWS\system32\nwiz.exe]

"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2007-12-30 20:25 949376]

"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-10-04 18:14 81920]

"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 04:28 144784]

"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-05-14 12:19 1177368]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 02:03 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"VIDC.I420"= i420vfw.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Logitech Desktop Messenger.lnk]

backup=C:\WINDOWS\pss\Logitech Desktop Messenger.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Telenet EasyCare.lnk]

path=C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\Telenet EasyCare.lnk

backup=C:\WINDOWS\pss\Telenet EasyCare.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^user^Menu Start^Programma's^Opstarten^Adobe Gamma.lnk]

backup=C:\WINDOWS\pss\Adobe Gamma.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^user^Menu Start^Programma's^Opstarten^Anapod Manager.lnk]

[HKLM\~\startupfolder\C:^Documents and Settings^user^Menu Start^Programma's^Opstarten^MagicDisc.lnk]

backup=C:\WINDOWS\pss\MagicDisc.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

--a------ 2007-10-10 20:51 39792 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AudioDeck]

--a------ 2005-03-04 08:20 512000 C:\Program Files\VIAudioi\SBADeck\ADeck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent DNA]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]

--a------ 2007-08-29 17:09 171464 C:\Program Files\DAEMON Tools\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools-1033]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISTray]

C:\Program Files\Spyware Doctor\pctsTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]

C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]

--a------ 2005-02-16 16:15 81920 C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

--a------ 2008-02-19 14:10 267048 C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KAVPersonal50]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechGalleryRepair]

--a------ 2002-12-10 19:32 155648 C:\Program Files\Logitech\ImageStudio\ISStart.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechImageStudioTray]

--a------ 2002-12-10 19:31 61440 C:\Program Files\Logitech\ImageStudio\LogiTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MessengerPlus3]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Motive SmartBridge]

--a------ 2006-04-21 15:41 438359 C:\PROGRA~1\TELENE~1\SMARTB~1\MotiveSB.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]

--a------ 2004-10-13 18:24 1694208 C:\Program Files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

--a------ 2001-07-09 10:50 155648 C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OpwareSE4]

--a------ 2006-10-11 12:45 75304 C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]

--a------ 2007-04-09 14:23 200704 C:\Program Files\PowerISO\PWRISOVM.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

--a------ 2008-02-01 00:13 385024 C:\Program Files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RaidTool]

-ra------ 2005-11-23 04:12 1060864 C:\Program Files\VIA\RAID\raid_tool.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RegistryMechanic]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite]

-ra------ 2005-10-26 18:17 159744 C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]

--a------ 2006-09-28 13:16 185896 C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]

--a------ 2007-11-19 13:58 185896 C:\Program Files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\User Enc Proc Curb]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]

--a------ 2007-10-10 07:28 36352 C:\Program Files\Winamp\winampa.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]

--a------ 2006-04-03 18:12 777424 C:\Program Files\Windows Defender\MSASCui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ZSScheduler]

C:\Program Files\FBM Software\ZeroSpyware\ZSScheduler.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"svcWRSSSDK"=2 (0x2)

"SDhelper"=3 (0x3)

"iPodService"=3 (0x3)

"Adobe LM Service"=3 (0x3)

"Bonjour Service"=2 (0x2)

"Apple Mobile Device"=2 (0x2)

"aawservice"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"C:\\Program Files\\Soulseek\\slsk.exe"=

"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=

"C:\\Program Files\\Microsoft Games\\Age of Mythology\\aom.exe"=

"C:\\WINDOWS\\system32\\dpvsetup.exe"=

"C:\\WINDOWS\\system32\\rundll32.exe"=

"C:\\Program Files\\Ahead\\Nero ShowTime\\ShowTime.exe"=

"C:\\Program Files\\uTorrent\\uTorrent.exe"=

"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"C:\\Program Files\\iTunes\\iTunes.exe"=

"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"3724:TCP"= 3724:TCP:Blizzard Downloader

"6112:TCP"= 6112:TCP:Blizzard Downloader

R1 AvgLdx86;AVG AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-05-14 12:20]

R2 avg8wd;AVG8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-05-14 12:19]

S0 stwlfbus;stwlfbus;C:\WINDOWS\system32\DRIVERS\stwlfbus.sys []

S3 iatmunin;iatmunin;C:\DOCUME~1\user\LOCALS~1\Temp\iatmunin.sys []

S3 k600bus;Sony Ericsson 600i driver (WDM);C:\WINDOWS\system32\DRIVERS\k600bus.sys [2005-03-04 19:08]

S3 k600mdfl;Sony Ericsson 600i USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\k600mdfl.sys [2005-03-04 19:11]

S3 k600mdm;Sony Ericsson 600i USB WMC Modem Drivers;C:\WINDOWS\system32\DRIVERS\k600mdm.sys [2005-03-04 19:11]

S3 k600mgmt;Sony Ericsson 600i USB WMC Device Management Drivers;C:\WINDOWS\system32\DRIVERS\k600mgmt.sys [2005-03-04 19:13]

S3 k600obex;Sony Ericsson 600i USB WMC OBEX Interface Drivers;C:\WINDOWS\system32\DRIVERS\k600obex.sys [2005-03-04 19:15]

S3 MA_CMIDI;%EVOL_USB.SvcDesc%;C:\WINDOWS\system32\drivers\ma_cmidi.sys []

S3 st3wolf;st3wolf;C:\WINDOWS\system32\DRIVERS\st3wolf.sys []

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{30785b76-838d-11dc-9956-003018ffffff}]

\Shell\AutoRun\command - J:\AutoTransfer.exe

.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-05-15 15:53:43

Windows 5.1.2600 Service Pack 2 NTFS

scannen van verborgen processen ...

scannen van verborgen autostart items ...

scannen van verborgen bestanden ...

Scan succesvol afgerond

verborgen bestanden: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\vsdatant]

"ImagePath"=""

.

--------------------- DLLs Geladen Onder Lopende Processen ---------------------

PROCESS: C:\WINDOWS\explorer.exe

-> C:\WINDOWS\system32\nview.dll

.

Voltooingstijd: 2008-05-15 16:05:25

ComboFix-quarantined-files.txt 2008-05-15 14:05:01

ComboFix2.txt 2008-05-14 13:44:23

ComboFix3.txt 2008-05-13 10:08:43

ComboFix4.txt 2008-05-10 15:03:12

Pre-Run: 3,467,149,312 bytes beschikbaar

Post-Run: 3,459,719,168 bytes beschikbaar

233 --- E O F --- 2007-09-01 08:14:51

Link naar reactie
Delen op andere sites

Dat ziet er al héél anders - en veel beter - uit. Problemen van de baan, lijkt mij. En dan is het tijd voor de “grote schoonmaak” : verwijderen van gebruikte programma’s, een cleaning en het verwijderen van de besmette herstelpunten.

Verwijder Combofix: Start -> Uitvoeren en typ: combofix /u

Combofix wordt verwijderd en een nieuw systeemherstelpunt wordt aangemaakt.

Verwijder Malwarebytes & The Avenger.

Download CCleaner.

Installeer het en start het op.

Start CCleaner op en klik in de linkse kolom op “Cleaner”. Klik achtereenvolgens op ‘Analyseren’ en 'Opschonen'. Klik vervolgens in de linkse kolom op “Register” en klik op ‘Scannen voor fouten’. Als er fouten gevonden worden klik je op ”alle fouten herstellen” en ”OK”. Sluit hierna CCleaner terug af.

Het is aangewezen om de bestaande herstelpunten te verwijderen (daar zitten besmette herstelpunten tussen die je eventueel zou kunnen terugzetten) door systeemherstel tijdelijk uit te schakelen. Doe dit via Start -> Configuratiescherm -> Systeem -> Systeemherstel -> "Systeemherstel op alle stations uitschakelen" aanvinken. Toepassen en OK. PC herstarten en het vinkje terug weg halen.

That's it ! Tenzij jij nog problemen hebt opgemerkt ondertussen ... dan had ik dat graag van je gehoord ?

Link naar reactie
Delen op andere sites

Gast
Dit topic is nu gesloten voor nieuwe reacties.

×
×
  • Nieuwe aanmaken...

Belangrijke informatie

We hebben cookies geplaatst op je toestel om deze website voor jou beter te kunnen maken. Je kunt de cookie instellingen aanpassen, anders gaan we er van uit dat het goed is om verder te gaan.