Ga naar inhoud

Aanbevolen berichten

Geplaatst:

Hallo, ik heb sinds een week of langer het Virtumonde virus. Ik kan hem wel verwijderen met Spybot Search And Destroy, maar hij komt telkens terug. IE gaat er trager door, de computer ook trouwens. Ook merk ik dan Explorer.exe soms uitvalt. Wie kan me van Virtumonde af helpen?

Hier even een HijackThis logje:

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 9:40:31, on 18/05/2008

Platform: Windows Vista SP1 (WinNT 6.00.1905)

MSIE: Internet Explorer v7.00 (7.00.6001.18000)

Boot mode: Normal

Running processes:

C:\Windows\system32\Dwm.exe

C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe

C:\Windows\system32\taskeng.exe

C:\Program Files\Windows Defender\MSASCui.exe

C:\hp\support\hpsysdrv.exe

C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe

C:\Windows\RtHDVCpl.exe

C:\Program Files\HP\HP Software Update\hpwuSchd2.exe

C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Windows\ehome\ehtray.exe

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\oude pc\System\Program Files\Bouwsoft\Bouwsoft Upgrade\Beheer.exe

C:\Windows\ehome\ehmsas.exe

C:\hp\kbd\kbd.exe

C:\Windows\System32\mobsync.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Windows\explorer.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

C:\Windows\system32\SearchFilterHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O1 - Hosts: ::1 localhost

O2 - BHO: (no name) - {02715E47-5A8E-495B-8F63-0D30470B8E72} - C:\Windows\system32\ddcAqomJ.dll

O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll

O2 - BHO: (no name) - {D4A72FE7-A197-42E7-BD4F-B8FB396427CB} - C:\Windows\system32\byXNhiHy.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll

O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe

O4 - HKLM\..\Run: [OsdMaestro] "C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe"

O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe

O4 - HKLM\..\Run: [CCUTRAYICON] FactoryMode

O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe

O4 - HKLM\..\Run: [HP Software Update] c:\Program Files\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KbdStub.EXE

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"

O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [MSServer] rundll32.exe C:\Windows\system32\ddcAqomJ.dll,#1

O4 - HKLM\..\Run: [ufSeAgnt.exe] "C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe"

O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe

O4 - HKLM\..\RunOnce: [spybot - Search & Destroy] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck

O4 - HKLM\..\RunOnce: [spybotDeletingA9639] command /c del "C:\Windows\System32\byXNhiHy.dll"

O4 - HKLM\..\RunOnce: [spybotDeletingC5916] cmd /c del "C:\Windows\System32\byXNhiHy.dll"

O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe

O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-21-3694928960-2974550801-1051636681-1003\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'postgres')

O4 - Startup: Bouwsoft Beheer.lnk = C:\oude pc\System\Program Files\Bouwsoft\Bouwsoft Upgrade\Beheer.exe

O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL

O13 - Gopher Prefix:

O16 - DPF: {6E984CC8-4987-40B9-B9AA-6728A957CA27} (PcVerChk Control) - http://jp.trendmicro.com/jp/support/personal/products/vistasp1/redirect/PcVerChk.cab

O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab

O16 - DPF: {A364AF35-0CDF-41E8-8F3B-E0E55E15EBA1} (Zenturi Active Programs Control) - http://www.programchecker.com/dll/nixon.cab

O16 - DPF: {B7D07999-2ADB-4AEB-997E-F61CB7B2E2CD} (TSEasyInstallX Control) - http://www.trendsecure.com/easy_install/_activex/nl/TSEasyInstallX.CAB

O22 - SharedTaskScheduler: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll

O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Intel® Alert Service (AlertService) - Intel® Corporation - C:\Program Files\Intel\IntelDH\CCU\AlertService.exe

O23 - Service: DQLWinService - Unknown owner - C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe

O23 - Service: HP Chasis Button Service (HPBtnSrv) - Unknown owner - c:\hp\HPEZBTN\HPBtnSrv.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: Intel DH Service (IntelDHSvcConf) - Intel® Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Tools\IntelDHSvcConf.exe

O23 - Service: Intel® Software Services Manager (ISSM) - Intel® Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

O23 - Service: Intel® Viiv Media Server (M1 Server) - Unknown owner - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe

O23 - Service: Intel® Application Tracker (MCLServiceATL) - Intel® Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe

O23 - Service: pg82 (pgsql-8.1) - PostgreSQL Global Development Group - C:\Program Files\PostgreSQL\8.1\bin\pg_ctl.exe

O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe

O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe

O23 - Service: Intel® Remoting Service (Remote UI Service) - Intel® Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe

O23 - Service: RoxMediaDB9 - Sonic Solutions - c:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe

O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe

O23 - Service: Trend Micro Centrale besturing (SfCtlCom) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe

O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe

O23 - Service: Trend Micro Unauthorized Change Prevention Service (TMBMServer) - Trend Micro Inc. - C:\Program Files\Trend Micro\BM\TMBMSRV.exe

O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe

O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmProxy.exe

O23 - Service: UseSocketService - Unknown owner - C:\Program Files\Bouwsoft\UseSocketService.exe

--

End of file - 9822 bytes

Geplaatst:

Download Combofix en zet het op je Bureaublad.

Indien je Combofix al eerder hebt gebruikt, gelieve die versie te verwijderen en Combofix opnieuw te downloaden via bovenstaande link, want Combofix wordt dagelijks geupdate.

Dubbelklik op Combofix.exe en volg de instructies, aanvaard de disclaimer door y te typen. Tijdens het runnen van de fix, NIET in het venster klikken, want dit zal je pc doen vasthangen.

Wanneer de fix voltooid is en na herstart, zal de log combofix.txt openen.

Indien je, tijdens of na het downloaden van Combofix of tijdens het gebruik van Combofix een melding krijgt van je antivirus- of een andere realtime scanner, schakel dan deze scanner uit en download Combofix opnieuw.

Sommige scanners zien bepaalde componenten die Combofix gebruikt als verdacht en gaan deze blokkeren of verwijderen!

Start Hijackthis op en kies voor 'Do a system scan only'. Selecteer alleen de items hieronder genoemd:

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O2 - BHO: (no name) - {02715E47-5A8E-495B-8F63-0D30470B8E72} - C:\Windows\system32\ddcAqomJ.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: (no name) - {D4A72FE7-A197-42E7-BD4F-B8FB396427CB} - C:\Windows\system32\byXNhiHy.dll

O4 - HKLM\..\Run: [MSServer] rundll32.exe C:\Windows\system32\ddcAqomJ.dll,#1

O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe

O4 - HKLM\..\RunOnce: [spybotDeletingA9639] command /c del "C:\Windows\System32\byXNhiHy.dll"

O4 - HKLM\..\RunOnce: [spybotDeletingC5916] cmd /c del "C:\Windows\System32\byXNhiHy.dll"

Klik op 'Fix checked' om de items te verwijderen.

Hang het log van Combofix en een nieuw log van HJT aan je volgende bericht.

Geplaatst:

Ik heb hier al het logje van Combofix. Later nog de HJT log.

ComboFix 08-05-15.3 - Gebruiker 2008-05-18 10:14:25.1 - NTFSx86

Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1043.18.1075 [GMT 2:00]

Gestart vanuit: C:\Users\Gebruiker\Downloads\ComboFix.exe

* Nieuw herstelpunt werd aangemaakt

.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\Windows\system32\byXNhiHy.dll

C:\Windows\system32\ddcAqomJ.dll

C:\Windows\system32\jusched.exe

C:\Windows\system32\mcrh.tmp

C:\Windows\System32\nhbjjasg.ini

C:\Windows\system32\nmbgabrj.ini

C:\Windows\system32\saqmejlg.dll

C:\Windows\system32\ssqOIAtU.dll

C:\Windows\System32\SsvDcfii.ini

C:\Windows\System32\SsvDcfii.ini2

C:\Windows\system32\yHihNXyb.ini

C:\Windows\System32\yHihNXyb.ini2

.

(((((((((((((((((((( Bestanden Gemaakt van 2008-04-18 to 2008-05-18 ))))))))))))))))))))))))))))))

.

2008-05-17 11:15 . 2008-05-17 11:15 5,843 --a------ C:\Windows\System32\wrvjkkpg.exe

2008-05-17 08:29 . 2008-05-17 08:29 5,851 --a------ C:\Windows\System32\xpsgvbnu.dll

2008-05-17 08:29 . 2008-05-17 08:29 5,823 --a------ C:\Windows\System32\ltyjhywy.dll

2008-05-15 06:53 . 2008-05-15 06:53 <DIR> d-------- C:\VundoFix Backups

2008-05-14 19:47 . 2008-05-17 17:05 430 --a------ C:\Windows\wininit.ini

2008-05-14 17:15 . 2008-05-14 17:16 <DIR> d-------- C:\Users\All Users\Spybot - Search & Destroy

2008-05-14 17:15 . 2008-05-14 17:16 <DIR> d-------- C:\ProgramData\Spybot - Search & Destroy

2008-05-14 17:15 . 2008-05-14 17:15 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy

2008-05-14 16:34 . 2008-05-14 16:34 <DIR> d-------- C:\Users\All Users\Macrovision

2008-05-14 16:34 . 2008-05-14 16:34 <DIR> d-------- C:\ProgramData\Macrovision

2008-05-14 16:34 . 2008-05-14 16:34 <DIR> d-------- C:\Program Files\Common Files\Adobe Systems Shared

2008-05-14 16:10 . 2008-05-14 16:10 5,807 --a------ C:\Windows\System32\bmsjcojk.dll

2008-05-14 16:07 . 2008-05-14 16:07 5,823 --a------ C:\Windows\System32\woxxmcon.dll

2008-05-14 12:06 . 2008-05-14 12:06 5,843 --a------ C:\Windows\System32\aitoftlb.exe

2008-05-13 16:08 . 2008-05-13 16:08 5,817 --a------ C:\Windows\System32\oeukhhjv.dll

2008-05-13 16:05 . 2008-05-13 16:05 5,823 --a------ C:\Windows\System32\jbpxfyhe.dll

2008-05-13 16:05 . 2008-05-13 16:05 5,807 --a------ C:\Windows\System32\woegcpcq.dll

2008-05-13 07:48 . 2008-05-18 09:40 <DIR> d-------- C:\Program Files\Trend Micro

2008-05-12 12:05 . 2008-05-12 12:05 6,745 --a------ C:\Windows\System32\oncbpjbt.exe

2008-05-12 12:00 . 2008-05-12 12:00 6,709 --a------ C:\Windows\System32\gqxxceaj.dll

2008-05-10 21:34 . 2008-05-10 21:34 6,719 --a------ C:\Windows\System32\rtaslpxu.dll

2008-05-10 08:59 . 2008-05-10 08:59 6,745 --a------ C:\Windows\System32\qqagjtbu.exe

2008-05-10 08:54 . 2008-05-10 08:54 6,709 --a------ C:\Windows\System32\yxpsbyae.dll

2008-05-05 21:18 . 2008-05-05 21:18 <DIR> d--h----- C:\Program Files\EA GAMES

2008-05-03 20:46 . 2008-05-03 20:46 <DIR> d-------- C:\Users\Gebruiker\AppData\Roaming\Atari

2008-05-03 20:46 . 2008-05-03 20:46 98,304 --a------ C:\Windows\System32\CmdLineExt.dll

2008-05-03 20:37 . 2008-05-03 20:37 <DIR> d-------- C:\Program Files\Common Files\PocketSoft

2008-05-03 20:37 . 2002-02-27 17:50 197,120 --a------ C:\Windows\patchw32.dll

2008-05-03 20:33 . 2008-05-03 20:33 <DIR> d--h----- C:\Program Files\Atari

2008-04-30 15:47 . 2008-05-17 15:55 9 --a------ C:\Users\Gebruiker\AppData\Roaming\mdb.bin

2008-04-30 15:43 . 2008-04-30 15:43 <DIR> d-------- C:\Program Files\Fuji Fotoservice

2008-04-30 09:24 . 2008-05-17 10:37 <DIR> d--h----- C:\Program Files\Wolfenstein - Enemy Territory

2008-04-26 08:36 . 2008-04-26 08:36 0 --ah----- C:\Windows\System32\drivers\Msft_User_WpdFs_01_00_00.Wdf

2008-04-24 16:33 . 2008-04-24 16:33 <DIR> d-------- C:\Program Files\Sun

2008-04-23 19:35 . 2008-04-23 19:35 <DIR> d-------- C:\Users\Gebruiker\AppData\Roaming\Autodesk

2008-04-23 19:33 . 2008-04-23 19:33 <DIR> d-------- C:\Users\All Users\Autodesk

2008-04-23 19:33 . 2008-04-23 19:33 <DIR> d-------- C:\ProgramData\Autodesk

2008-04-23 19:33 . 2008-04-23 19:35 <DIR> d-------- C:\Program Files\DWG TrueView 2009

2008-04-23 19:33 . 2008-04-23 19:35 <DIR> d-------- C:\Program Files\Common Files\Autodesk Shared

2008-04-23 19:33 . 2007-07-19 18:14 3,727,720 --a------ C:\Windows\System32\d3dx9_35.dll

2008-04-23 19:29 . 2008-04-23 19:29 <DIR> d-------- C:\install

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-05-17 15:07 --------- d-----w C:\Program Files\Bouwsoft

2008-05-17 08:43 22,328 ----a-w C:\Windows\system32\drivers\PnkBstrK.sys

2008-05-14 14:30 --------- d-----w C:\Program Files\Common Files\Adobe

2008-05-14 14:26 --------- d--h--w C:\Program Files\InstallShield Installation Information

2008-05-13 05:50 --------- d-----w C:\ProgramData\Trend Micro

2008-05-12 09:53 2,108 ----a-w C:\Users\Gebruiker\AppData\Roaming\wklnhst.dat

2008-05-10 06:54 --------- d-----w C:\ProgramData\NVIDIA

2008-04-30 17:09 --------- d-----w C:\Users\Gebruiker\AppData\Roaming\Roxio

2008-04-24 14:32 --------- d-----w C:\Program Files\Java

2008-04-17 20:20 174 --sha-w C:\Program Files\desktop.ini

2008-04-17 20:11 --------- d-----w C:\Program Files\Windows Sidebar

2008-04-17 20:11 --------- d-----w C:\Program Files\Windows Photo Gallery

2008-04-17 20:11 --------- d-----w C:\Program Files\Windows Mail

2008-04-17 20:11 --------- d-----w C:\Program Files\Windows Journal

2008-04-17 20:11 --------- d-----w C:\Program Files\Windows Defender

2008-04-17 20:11 --------- d-----w C:\Program Files\Windows Collaboration

2008-04-17 20:11 --------- d-----w C:\Program Files\Windows Calendar

2008-04-13 14:09 319,456 ----a-w C:\Windows\DIFxAPI.dll

2008-04-13 14:09 --------- d-----w C:\Program Files\Realtek

2008-04-11 14:57 2,025 ---ha-w C:\Program Files\Battlefield 2142 Demo.lnk

2008-04-11 14:52 --------- d--h--w C:\Program Files\Electronic Arts

2008-04-09 15:24 --------- d-----w C:\Program Files\Microsoft Silverlight

2008-04-09 13:03 --------- d-----w C:\ProgramData\Microsoft Help

2008-04-06 17:14 --------- d-----w C:\Users\Gebruiker\AppData\Roaming\muvee Technologies

2008-04-06 17:00 --------- d---a-w C:\Program Files\Common Files\LightScribe

2008-04-06 16:46 --------- d-----w C:\ProgramData\Zenturi

2008-04-06 14:26 --------- d-----w C:\ProgramData\Roxio

2008-04-06 14:09 --------- d-----w C:\Program Files\QuickTime

2008-04-06 14:08 --------- d-----w C:\ProgramData\Apple Computer

2008-04-06 14:08 --------- d-----w C:\ProgramData\Apple

2008-04-06 14:08 --------- d-----w C:\Program Files\Apple Software Update

2008-04-06 12:56 --------- d-----w C:\Program Files\Photo Story 3 for Windows

2008-03-30 17:07 36,368 ----a-w C:\Windows\system32\drivers\tmpreflt.sys

2008-03-30 17:07 204,816 ----a-w C:\Windows\system32\drivers\tmxpflt.sys

2008-03-30 16:50 1,169,240 ----a-w C:\Windows\system32\drivers\vsapint.sys

2008-03-25 06:44 22,328 ----a-w C:\Users\Gebruiker\AppData\Roaming\PnkBstrK.sys

2008-03-22 13:07 --------- d-----w C:\Program Files\Microsoft Games

2002-08-23 11:37 20,480 ----a-w C:\Program Files\Setup OCX.exe

2008-01-26 20:21 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

2008-01-26 20:21 32,768 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

2008-01-26 20:21 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

.

------- Sigcheck -------

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

REGEDIT4

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-18 23:33 1233920]

"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2008-01-18 23:33 125952]

"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2008-01-18 23:33 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2008-01-18 23:38 1008184]

"hpsysdrv"="c:\hp\support\hpsysdrv.exe" [2007-04-18 17:01 65536]

"OsdMaestro"="C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe" [2007-02-15 13:59 118784]

"RtHDVCpl"="RtHDVCpl.exe" [2008-01-15 11:26 4874240 C:\Windows\RtHDVCpl.exe]

"CCUTRAYICON"="FactoryMode" []

"HP Health Check Scheduler"="c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2007-05-24 13:13 71176]

"HP Software Update"="c:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 16:24 54840]

"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]

"KBD"="C:\HP\KBD\KbdStub.EXE" [2006-12-08 16:16 65536]

"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]

"NvSvc"="C:\Windows\system32\nvsvc.dll" [2008-01-10 19:57 92704]

"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2008-01-10 19:57 8530464]

"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2008-01-10 19:57 88608]

"UfSeAgnt.exe"="C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe" [2008-03-07 10:21 1398024]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

"Launcher"="%WINDIR%\SMINST\launcher.exe" [ ]

C:\Users\Gebruiker\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Bouwsoft Beheer.lnk - C:\oude pc\System\Program Files\Bouwsoft\Bouwsoft Upgrade\Beheer.exe [25-1-2008 16:38:21 10015392]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\

Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [14-5-2008 16:30:58 113664]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AutoUpdateDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-3694928960-2974550801-1051636681-1001]

"EnableNotificationsRef"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]

"{DE642749-01B6-4FC2-8B15-6A74F7173769}"= UDP:C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\TSHWMDTCP.exe:SPCM

"{20AF0041-6FA3-4DE1-86BF-27F2F7FD16C4}"= TCP:C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\TSHWMDTCP.exe:SPCM

"{DB36053B-F0BC-4179-91A0-8B755E4ECA4F}"= UDP:C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe:Intel® Viiv Media Server

"{4E3444E5-27E9-43E7-AC6B-93F74FE6AB9C}"= TCP:C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe:Intel® Viiv Media Server

"{13454464-D1F8-4323-9E59-314D00E502C5}"= UDP:C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe:Intel® Remoting Service

"{41B27A3A-8688-41DF-A757-561B4FC5574E}"= TCP:C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe:Intel® Remoting Service

"{15D4E102-7FDB-4F40-829B-4652E288E46A}"= TCP:9442:127.0.0.1:Intel® Viiv Media Server Discovery

"{7685D255-C159-4760-8696-88B18F67B360}"= TCP:1900:LocalSubnet:LocalSubnet:Intel® Viiv Media Server UPnP Discovery

"{6BD13F10-2D95-48D9-B4B2-EE76D5AB76D5}"= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook

"TCP Query User{1B60BDA7-E463-491B-A696-F9F3CFFF2188}C:\\program files\\windows sidebar\\sidebar.exe"= UDP:C:\program files\windows sidebar\sidebar.exe:Windows Sidebar

"UDP Query User{12D48E57-ADF7-4A8E-92BD-ECBDAB67156C}C:\\program files\\windows sidebar\\sidebar.exe"= TCP:C:\program files\windows sidebar\sidebar.exe:Windows Sidebar

"{E5A04F56-B8E9-44AB-8D55-1D0195D079D5}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)

"TCP Query User{C55F5D5F-6E1C-49AF-ADE8-7B7ADE73544A}C:\\program files\\sierra\\empire earth ii\\ee2.exe"= UDP:C:\program files\sierra\empire earth ii\ee2.exe:Empire Earth II

"UDP Query User{37DD5496-7E18-4BB2-B9B7-14BC61499270}C:\\program files\\sierra\\empire earth ii\\ee2.exe"= TCP:C:\program files\sierra\empire earth ii\ee2.exe:Empire Earth II

"{0B630055-7416-42BA-9619-9E73BBC13736}"= UDP:C:\Windows\System32\PnkBstrA.exe:PnkBstrA

"{316ABA47-91A3-465B-9904-6924E024495F}"= TCP:C:\Windows\System32\PnkBstrA.exe:PnkBstrA

"{99CCD721-0DF7-4335-9E37-41B144161AD9}"= UDP:C:\Windows\System32\PnkBstrB.exe:PnkBstrB

"{4324580A-28AB-4CA7-825D-574DC97513A4}"= TCP:C:\Windows\System32\PnkBstrB.exe:PnkBstrB

"{1F3CB6BA-650D-455C-8E0A-523CAFA2F709}"= UDP:C:\Program Files\Electronic Arts\Battlefield 2142\BF2142.exe:Battlefield 2

"{117F7807-CEAA-4B33-BF9B-EA2432BEE99C}"= TCP:C:\Program Files\Electronic Arts\Battlefield 2142\BF2142.exe:Battlefield 2

"{E1E5957B-F793-4DCE-AAB4-8E94D7069A3A}"= UDP:C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty® 4 - Modern Warfare

"{43063352-C39B-47A4-ACA5-36BE5C34A3BA}"= TCP:C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty® 4 - Modern Warfare

"TCP Query User{546E87A8-E7FB-4998-B019-73085EE67288}C:\\program files\\microsoft games\\fs2002\\fs2002.exe"= UDP:C:\program files\microsoft games\fs2002\fs2002.exe:Microsoft Flight Simulator Module

"UDP Query User{9B2F054B-AB04-4FE6-AFF5-63887ADA7AE8}C:\\program files\\microsoft games\\fs2002\\fs2002.exe"= TCP:C:\program files\microsoft games\fs2002\fs2002.exe:Microsoft Flight Simulator Module

"TCP Query User{7920E374-C72B-46B2-915A-53F361913F03}C:\\windows\\system32\\dplaysvr.exe"= UDP:C:\windows\system32\dplaysvr.exe:Microsoft DirectPlay Helper

"UDP Query User{10DBE611-8BBB-479E-A3BB-6A3A0173F446}C:\\windows\\system32\\dplaysvr.exe"= TCP:C:\windows\system32\dplaysvr.exe:Microsoft DirectPlay Helper

"{20791D52-89CA-47AB-BB40-C7D30E8A5E5A}"= UDP:C:\Program Files\Microsoft Games\FS2002\fs2000.exe:fs2000

"{9A5BCD6A-3250-45BB-B8B2-ABADA3C771CB}"= TCP:C:\Program Files\Microsoft Games\FS2002\fs2000.exe:fs2000

"TCP Query User{B47AC410-09FF-4C7D-AE59-1E68C9909F87}C:\\program files\\electronic arts\\battlefield 2142\\bf2142.exe"= UDP:C:\program files\electronic arts\battlefield 2142\bf2142.exe:BF2142

"UDP Query User{9F8B0B2D-64C8-4C03-8B35-35853B5E314C}C:\\program files\\electronic arts\\battlefield 2142\\bf2142.exe"= TCP:C:\program files\electronic arts\battlefield 2142\bf2142.exe:BF2142

"{F09D86ED-70F6-468E-B338-A3AEC43003B1}"= UDP:C:\Program Files\Electronic Arts\Battlefield 2142 Demo\BF2142.exe:Battlefield 2

"{A8ECB0EC-2326-44EF-B41B-858328A71AE7}"= TCP:C:\Program Files\Electronic Arts\Battlefield 2142 Demo\BF2142.exe:Battlefield 2

"TCP Query User{AACE6516-BE4C-4D5B-8E6B-97C35FB10C15}C:\\program files\\internet explorer\\iexplore.exe"= UDP:C:\program files\internet explorer\iexplore.exe:Internet Explorer

"UDP Query User{671BA2AF-E5C6-4C1F-905C-9BA32E20C36A}C:\\program files\\internet explorer\\iexplore.exe"= TCP:C:\program files\internet explorer\iexplore.exe:Internet Explorer

"{0AA75443-5A59-4256-9E56-CE3756518AB5}"= UDP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent

"{2E6C835B-65F8-4E2D-A559-FADD39CC1B48}"= TCP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent

"TCP Query User{6BA28BEC-173B-4CDA-B988-73149D585459}C:\\program files\\wolfenstein - enemy territory\\et.exe"= UDP:C:\program files\wolfenstein - enemy territory\et.exe:ET

"UDP Query User{070470BD-D8F5-4D79-9042-4A52AB513F5A}C:\\program files\\wolfenstein - enemy territory\\et.exe"= TCP:C:\program files\wolfenstein - enemy territory\et.exe:ET

"{969C9FCB-2849-4C58-8A32-3772835F2C3F}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]

"EnableFirewall"= 0 (0x0)

R3 HCW85BDA;Hauppauge WinTV 885 Video Capture;C:\Windows\system32\drivers\HCW85BDA.sys [2007-06-11 11:49]

R3 netr73;USB Wireless 802.11 b/g Adaptor Driver for Vista;C:\Windows\system32\DRIVERS\netr73.sys [2007-08-31 14:54]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]

"C:\Program Files\Common Files\LightScribe\LSRunOnce.exe"

.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-05-18 10:23:07

Windows 6.0.6001 Service Pack 1 NTFS

scannen van verborgen processen ...

scannen van verborgen autostart items ...

scannen van verborgen bestanden ...

Scan succesvol afgerond

verborgen bestanden: 0

**************************************************************************

.

------------------------ Other Running Processes ------------------------

.

C:\Windows\System32\audiodg.exe

C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe

C:\hp\HPEZBTN\HPBtnSrv.exe

C:\Program Files\Common Files\LightScribe\LSSrvc.exe

C:\Program Files\PostgreSQL\8.1\bin\pg_ctl.exe

C:\Windows\System32\PnkBstrA.exe

C:\Windows\System32\PnkBstrB.exe

C:\Program Files\PostgreSQL\8.1\bin\postmaster.exe

C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe

C:\Program Files\PostgreSQL\8.1\bin\postgres.exe

C:\Windows\System32\rundll32.exe

C:\Program Files\PostgreSQL\8.1\bin\postgres.exe

C:\Windows\System32\rundll32.exe

C:\Program Files\Bouwsoft\UseSocketService.exe

C:\Windows\ehome\ehmsas.exe

C:\Windows\System32\WUDFHost.exe

C:\Program Files\Trend Micro\BM\TMBMSRV.exe

C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe

C:\Program Files\Bouwsoft\UseSocketService.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\ehome\ehsched.exe

C:\Program Files\Trend Micro\Internet Security\TmPfw.exe

C:\Windows\ehome\ehrecvr.exe

C:\Program Files\Trend Micro\Internet Security\TmProxy.exe

C:\hp\KBD\kbd.exe

C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Service.exe

C:\Program Files\Trend Micro\Internet Security\UfUpdUi.exe

C:\Windows\servicing\TrustedInstaller.exe

C:\Windows\System32\VSSVC.exe

.

**************************************************************************

.

Voltooingstijd: 2008-05-18 10:34:04 - machine was rebooted

ComboFix-quarantined-files.txt 2008-05-18 08:33:30

Pre-Run: 209,803,472,896 bytes beschikbaar

Kan het bericht voor berichtnummer 0x2379 niet vinden in berichtenbestand voor Application.

253 --- E O F --- 2008-05-18 08:32:50

Geplaatst:

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 10:44:47, on 18/05/2008

Platform: Windows Vista SP1 (WinNT 6.00.1905)

MSIE: Internet Explorer v7.00 (7.00.6001.18000)

Boot mode: Normal

Running processes:

C:\Windows\system32\Dwm.exe

C:\Windows\system32\taskeng.exe

C:\Program Files\Windows Defender\MSASCui.exe

C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe

C:\hp\support\hpsysdrv.exe

C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe

C:\Windows\RtHDVCpl.exe

C:\Program Files\HP\HP Software Update\hpwuSchd2.exe

C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Windows\ehome\ehtray.exe

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\oude pc\System\Program Files\Bouwsoft\Bouwsoft Upgrade\Beheer.exe

C:\Windows\ehome\ehmsas.exe

C:\hp\kbd\kbd.exe

C:\Program Files\Trend Micro\Internet Security\UfUpdUi.exe

C:\Windows\Explorer.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

C:\Program Files\Internet Explorer\iexplore.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll

O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe

O4 - HKLM\..\Run: [OsdMaestro] "C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe"

O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe

O4 - HKLM\..\Run: [CCUTRAYICON] FactoryMode

O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe

O4 - HKLM\..\Run: [HP Software Update] c:\Program Files\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KbdStub.EXE

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"

O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [ufSeAgnt.exe] "C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe"

O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe

O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe

O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-21-3694928960-2974550801-1051636681-1003\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'postgres')

O4 - Startup: Bouwsoft Beheer.lnk = C:\oude pc\System\Program Files\Bouwsoft\Bouwsoft Upgrade\Beheer.exe

O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL

O13 - Gopher Prefix:

O16 - DPF: {6E984CC8-4987-40B9-B9AA-6728A957CA27} (PcVerChk Control) - http://jp.trendmicro.com/jp/support/personal/products/vistasp1/redirect/PcVerChk.cab

O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab

O16 - DPF: {A364AF35-0CDF-41E8-8F3B-E0E55E15EBA1} (Zenturi Active Programs Control) - http://www.programchecker.com/dll/nixon.cab

O16 - DPF: {B7D07999-2ADB-4AEB-997E-F61CB7B2E2CD} (TSEasyInstallX Control) - http://www.trendsecure.com/easy_install/_activex/nl/TSEasyInstallX.CAB

O22 - SharedTaskScheduler: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll

O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Intel® Alert Service (AlertService) - Intel® Corporation - C:\Program Files\Intel\IntelDH\CCU\AlertService.exe

O23 - Service: DQLWinService - Unknown owner - C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe

O23 - Service: HP Chasis Button Service (HPBtnSrv) - Unknown owner - c:\hp\HPEZBTN\HPBtnSrv.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: Intel DH Service (IntelDHSvcConf) - Intel® Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Tools\IntelDHSvcConf.exe

O23 - Service: Intel® Software Services Manager (ISSM) - Intel® Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

O23 - Service: Intel® Viiv Media Server (M1 Server) - Unknown owner - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe

O23 - Service: Intel® Application Tracker (MCLServiceATL) - Intel® Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe

O23 - Service: pg82 (pgsql-8.1) - PostgreSQL Global Development Group - C:\Program Files\PostgreSQL\8.1\bin\pg_ctl.exe

O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe

O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe

O23 - Service: Intel® Remoting Service (Remote UI Service) - Intel® Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe

O23 - Service: RoxMediaDB9 - Sonic Solutions - c:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe

O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe

O23 - Service: Trend Micro Centrale besturing (SfCtlCom) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe

O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe

O23 - Service: Trend Micro Unauthorized Change Prevention Service (TMBMServer) - Trend Micro Inc. - C:\Program Files\Trend Micro\BM\TMBMSRV.exe

O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe

O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmProxy.exe

O23 - Service: UseSocketService - Unknown owner - C:\Program Files\Bouwsoft\UseSocketService.exe

--

End of file - 8819 bytes

Geplaatst:
Ik kon geen een van jouw aangegeven dingen verwijderen. Ze stonden er allemaal niet meer in.
Dat klopt. Door eerst Combofix uit te voeren en dan pas HJT, waren de betreffende bestanden al netjes verwijderd door Combofix.

De rest van het verhaal komt er straks aan, want er is nog wat werk aan de winkel. Tot later :)

Geplaatst:

Start Hijackthis op en kies voor 'Do a system scan only'. Selecteer alleen de items hieronder genoemd:

O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe

Klik op 'Fix checked' om de items te verwijderen.

Open een kladblokbestand.

Kopieer en plak daarin de onderstaande vetgedrukte tekst.

File::

C:\Windows\System32\wrvjkkpg.exe

C:\Windows\System32\xpsgvbnu.dll

C:\Windows\System32\ltyjhywy.dll

C:\Windows\System32\bmsjcojk.dll

C:\Windows\System32\woxxmcon.dll

C:\Windows\System32\aitoftlb.exe

C:\Windows\System32\oeukhhjv.dll

C:\Windows\System32\jbpxfyhe.dll

C:\Windows\System32\woegcpcq.dll

C:\Windows\System32\oncbpjbt.exe

C:\Windows\System32\gqxxceaj.dll

C:\Windows\System32\rtaslpxu.dll

C:\Windows\System32\yxpsbyae.dll

C:\Windows\System32\qqagjtbu.exe

C:\Windows\System32\ltyjhywy.dll

Registry::

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

"Launcher"=-

Sla dit bestand op je bureaublad op als CFScript.txt.

Sleep CFScript.txt in ComboFix.exe

Dit zal ComboFix doen herstarten. Start opnieuw op als dat gevraagd wordt.

Post na herstart de inhoud van de Combofix.txt in je volgende bericht samen met een nieuw logje van HijackThis.

Geplaatst:

Oké, maar ik kan het nu niet doen. Want mijn pa mag nie weten dat ik op die PC zit. Dat heeft hij niet graag en hij is nu niet thuis. Maar, nog een vraagje. Kan het kwaat als ik bv. nu al op die PC zit op IE7 bijvoorbeeld? Of kan Virtumonde enz. dan weer terug komen omdat ik de rest nog niet gedaan heb? Want ik zag dat mijn pa daarnet op Outlook 2007 zat om zijn e-mails te lezen. In ieder geval al heel erg bedankt! Want ik merkte wel dat de PC al weer heel wat sneller ging!

Geplaatst:
Maar, nog een vraagje. Kan het kwaat als ik bv. nu al op die PC zit op IE7 bijvoorbeeld? Of kan Virtumonde enz. dan weer terug komen omdat ik de rest nog niet gedaan heb?
Kwaad kan het niet echt, maar het is niet aan te raden. Want dit heeft (mogelijk) weer een wijziging van de toestand van de PC tot gevolg, waardoor de vorige aanbevelingen niet meer (helemaal) kloppen. En dan moeten we weer opnieuw beginnen met de logjes om zeker te zijn wat we doen.

P.S. : ik verplaats dit onderwerp ondertussen ook even naar "Bestrijding Spyware/Virussen", want daar hoort het eigenlijk thuis.

Gast
Dit topic is nu gesloten voor nieuwe reacties.
×
×
  • Nieuwe aanmaken...

Belangrijke informatie

We hebben cookies geplaatst op je toestel om deze website voor jou beter te kunnen maken. Je kunt de cookie instellingen aanpassen, anders gaan we er van uit dat het goed is om verder te gaan.