[OPGELOST] gehacked?

[kape]

Reuze bedankt en niet ***lig bedoeld hoor, maar hopelijk niet tot ziens haha ;-}

Volledig mee eens

[Manado]

Hoi :ciao:Kape,

Helaas kan ik onze laatste afspraak niet nakomen :bawling:na het fixen van mijn laptop afgelopen weekend.

Na je hulp en na een hoop leeswerk cq extra beveiliging etc heb ik besloten om AVG Internet Security aan te schaffe en te instaleren.

Heerlijk programma kan niet anders zeggen.

Echter de firewall optie heeft een mooi overzicht van alle netwerkverbindingen dreigend of niet en geeft daarvan ook mooi de details van bv welke poort enz.

Nu heb ik het vermoeden dat hij wel bijna alles tegen houdt maar toch niet alles, ik heb dat opgemerkt aan bepaalde toepassingen, exe's die lopende waren waaronder weer die van iexplore.exe en nog 1 van explorer.exe.

De laatste is volgens mij degene die 'normaal' is en telkens opstart (bureaublad etc) maar die andere heb ik een screenshot van genomen want soms zijn het er wel 15 connectie's tegelijk welke ook daadwerkelijk open gaan en meteen na enkele sec. zijn ze weer weg ook, dus wat er precies gebeurt weet ik niet of wat ze doen, en als ik ff snel kijk dan heeft ie nu binnen 1,5 uur ook 683 pogingen gewaagd. Dus wou ik die screenshot graag laten zien hier maar ik weet niet hoe te plaatsten hier.

Zou je voor mij nog maals een checkup kunnen doen aan de hand vd logfile's om te kijken of het alweer raak is ofdat er weer die bedreigingen zijn, want anders overweeg ik toch echt een clean instal.

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 12:18:48, on 10-3-2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16791)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

C:\WINDOWS\system32\spoolsv.exe

C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

C:\PROGRA~1\AVG\AVG8\avgfws8.exe

C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe

C:\WINDOWS\eHome\ehRecvr.exe

C:\WINDOWS\eHome\ehSched.exe

C:\PROGRA~1\AVG\AVG8\avgam.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\PROGRA~1\AVG\AVG8\avgrsx.exe

C:\PROGRA~1\AVG\AVG8\avgnsx.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\HPZipm12.exe

C:\WINDOWS\system32\PnkBstrA.exe

C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Toshiba\TOSHIBA Applet\TAPPSRV.exe

C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe

C:\PROGRA~1\AVG\AVG8\avgemc.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\AVG\AVG8\avgcsrvx.exe

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\WINDOWS\system32\dllhost.exe

C:\WINDOWS\ehome\ehtray.exe

C:\WINDOWS\eHome\ehmsas.exe

C:\WINDOWS\system32\rundll32.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\Synaptics\SynTP\Toshiba.exe

C:\WINDOWS\system32\rundll32.exe

C:\WINDOWS\RTHDCPL.EXE

C:\WINDOWS\AGRSMMSG.exe

C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe

C:\WINDOWS\system32\TPSMain.exe

C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe

C:\Program Files\TOSHIBA\Tvs\TvsTray.exe

C:\Program Files\TOSHIBA\TOSHIBA-zoomutility\SmoothView.exe

C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe

C:\WINDOWS\System32\DLA\DLACTRLW.EXE

C:\WINDOWS\system32\TPSBattM.exe

C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe

C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe

C:\Program Files\TOSHIBA\ConfigFree\CFSServ.exe

C:\Program Files\Logitech\MouseWare\system\em_exec.exe

C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe

C:\PROGRA~1\AVG\AVG8\avgtray.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe

C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe

C:\Program Files\Windows Media Player\WMPNSCFG.exe

C:\Program Files\internet explorer\iexplore.exe

C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe

C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe

C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe

C:\Program Files\AVG\AVG8\avgui.exe

C:\WINDOWS\system32\igfxsrvc.exe

C:\Documents and Settings\Nancy\Bureaublad\hijackthis\HijackThis.exe

C:\Program Files\AVG\AVG8\avgcsrvx.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen

O2 - BHO: dsWebAllowBHO Class - {2F85D76C-0569-466F-A488-493E6BD0E955} - C:\Program Files\Windows Desktop Search\dsWebAllow.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll

O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll

O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect

O4 - HKLM\..\Run: [NVRotateSysTray] rundll32.exe C:\WINDOWS\system32\nvsysrot.dll,Enable

O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe

O4 - HKLM\..\Run: [THotkey] C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe

O4 - HKLM\..\Run: [TPSMain] TPSMain.exe

O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe

O4 - HKLM\..\Run: [Tvs] C:\Program Files\TOSHIBA\Tvs\TvsTray.exe

O4 - HKLM\..\Run: [smoothView] C:\Program Files\TOSHIBA\TOSHIBA-zoomutility\SmoothView.exe

O4 - HKLM\..\Run: [TFncKy] TFncKy.exe

O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE

O4 - HKLM\..\Run: [intelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"

O4 - HKLM\..\Run: [intelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless

O4 - HKLM\..\Run: [CFSServ.exe] CFSServ.exe -NoClient

O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"

O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\HOMERunner.exe"

O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Startup: Mediacontrole Picture Motion Browser.lnk = C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe

O4 - Startup: Sitecom Wireless LAN Utility.lnk = ?

O4 - Global Startup: Adobe Reader Snelle start.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe

O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: In weblog opnemen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &In weblog opnemen met Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/NL-NL/a-UNO1/GAME_UNO1.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1176802922343

O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab

O16 - DPF: {745395C8-D0E1-4227-8586-624CA9A10A8D} - http://80.61.30.131:3000//activex/AMC.cab

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll

O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe

O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

O23 - Service: AVG8 Firewall (avgfws8) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgfws8.exe

O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe

O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - C:\Program Files\Toshiba\TOSHIBA Applet\TAPPSRV.exe

O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe

--

End of file - 11726 bytes

Hier de Mbam log;

Malwarebytes' Anti-Malware 1.34

Database versie: 1831

Windows 5.1.2600 Service Pack 3

10-3-2009 12:27:55

mbam-log-2009-03-10 (12-27-55).txt

Scan type: Snelle Scan

Objecten gescand: 75966

Verstreken tijd: 5 minute(s), 20 second(s)

Geheugenprocessen geïnfecteerd: 0

Geheugenmodulen geïnfecteerd: 0

Registersleutels geïnfecteerd: 0

Registerwaarden geïnfecteerd: 0

Registerdata bestanden geïnfecteerd: 0

Mappen geïnfecteerd: 0

Bestanden geïnfecteerd: 0

Geheugenprocessen geïnfecteerd:

(Geen kwaadaardige items gevonden)

Geheugenmodulen geïnfecteerd:

(Geen kwaadaardige items gevonden)

Registersleutels geïnfecteerd:

(Geen kwaadaardige items gevonden)

Registerwaarden geïnfecteerd:

(Geen kwaadaardige items gevonden)

Registerdata bestanden geïnfecteerd:

(Geen kwaadaardige items gevonden)

Mappen geïnfecteerd:

(Geen kwaadaardige items gevonden)

Bestanden geïnfecteerd:

(Geen kwaadaardige items gevonden)

Bvd Martin

[Manado]

Ok gevonden hier is mijn screenshot ook erbij:-)

[Manado]

inmiddels zijn er 2042 pakketten geblokkeerd,pfff het meeste wordt gelukkig tegengehouden.

De regel waar het mij voornaamste om gaat is; CPE- 75-8371-191. socal.res.rr.com:3072

deze is degene die telkens weer veelvuldig terugkomt, zodar ik een instelling wil wijzigen van me firewall springt ie meteen open vermenigvuldigt zich met stuk of 10 dan.

Groet Martin

[kape]

Logjes zijn absoluut clean.

En dat bewuste lijntje is een verbinding naar operator Orange ? Kan dat je geruststellen ?

[Manado]

Beste Kape, ik ben erachter gekomen dat als ik mijn pc herstart dan is alles ok, als ik dan ga kijken bij de status van avg zegt ie in eerste instantie dat alles wordt beveiligd net als bij de firewall instellingen van avg. Maar nu komt het...

zodra ik vervolgens iets van internet aanraak bv int.expl. of msn mail of wat dan ook, schiet het netwerk (iexplore.exe stuk of 15) als een gek omhoog dan veranderen mijn firewall instellingen van avg uitzichzelf of met behulp van een derde in de status "alles toestaan" daaronder ook "gamersmode" aangevinkt terwijl ik hem uiteraard anders ingesteld heb standaard.

Zodra ik dan meteen de juiste instellingen weer terugzet in avg dan is het weer goed te overzien en blijven die "aanvallen" wel alleen beperkt.

Mvg Martin

Orange? Huh is dat dan spam of zo ik heb niks met orange lopen en na alles wat ik schoongemaakt heb hoe komt dat er dan nog in?

[kape]

Laat er dit dan nog eens even op los :

Download Combofix naar je Bureaublad.

OPMERKING: indien je, tijdens of na het downloaden van Combofix of tijdens het gebruik van Combofix een melding krijgt van je Antivirus- of een andere realtime scanner, schakel dan deze scanner uit en download Combofix opnieuw.

Sommige scanners zien bepaalde componenten die Combofix gebruikt als verdacht en gaan deze blokkeren of verwijderen!

• 
  Dubbelklik op Combofix.exe om het te starten.
  Indien je Combofix al eerder hebt gebruikt, kan je een waarschuwing krijgen dat een update beschikbaar is. Sta toe dat ComboFix wordt geupdate.
  Volg de instructies, aanvaard de disclaimer door op Ja te klikken.
  Indien de Recovery Console niet geïnstalleerd is, wordt je gevraagd om dit alsnog te doen door op JA te klikken in het "Query - Recovery Console" venster (enkel voor XP, niet voor VISTA).
  Klik op OK en Ja om automatisch de Recovery Console te laten installeren.
  Klik na afloop terug op Ja om het scannen op malware te starten.
  Tijdens het runnen van de fix, NIET in het venster klikken, want dit zal je pc doen vasthangen.
  

Wanneer de fix voltooid is en na herstart, zal de log Combofix.txt openen.

Post dit logje in je volgende antwoord.

[Manado]

Hier de combo logfile, toen combofix helemaal klaar was ben ik even de comp. weer opnieuw op wezen starten en het was nog niet onveranderd, zodra ik iets van internet aanraak veranderd mijn firewall instellingen automatisch tot "alles toestaan".

ComboFix 09-03-06.02 - Nancy 2009-03-10 18:10:20.3 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1043.18.1022.478 [GMT 1:00]

Gestart vanuit: c:\documents and settings\Nancy\Bureaublad\ComboFix.exe

AV: AVG Internet Security 3-pack *On-access scanning enabled* (Updated)

FW: AVG Firewall *enabled*

* Resident AV is active

.

(((((((((((((((((((( Bestanden Gemaakt van 2009-02-10 to 2009-03-10 ))))))))))))))))))))))))))))))

.

2009-03-10 14:22 . 2009-03-10 14:22 <DIR> dr-h----- c:\documents and settings\Nancy\Onlangs geopend

2009-03-09 12:03 . 2009-03-10 12:06 <DIR> d--h----- C:\$AVG8.VAULT$

2009-03-08 18:00 . 2009-03-10 14:18 <DIR> d-------- c:\program files\PokerStars

2009-03-08 17:13 . 2009-03-10 12:04 <DIR> d-------- c:\windows\system32\drivers\Avg

2009-03-08 17:13 . 2009-03-08 17:13 325,640 --a------ c:\windows\system32\drivers\avgldx86.sys

2009-03-08 17:13 . 2009-03-08 17:13 107,912 --a------ c:\windows\system32\drivers\avgtdix.sys

2009-03-08 17:13 . 2009-03-08 17:13 12,552 --a------ c:\windows\system32\drivers\avgrkx86.sys

2009-03-08 17:13 . 2009-03-08 17:13 10,520 --a------ c:\windows\system32\avgrsstx.dll

2009-03-08 17:11 . 2009-03-08 17:11 <DIR> d-------- c:\program files\AVG

2009-03-08 17:11 . 2009-03-08 17:11 <DIR> d-------- c:\documents and settings\All Users\Application Data\avg8

2009-03-08 17:11 . 2009-03-08 17:11 50,968 --a------ c:\windows\system32\avgfwdx.dll

2009-03-08 17:11 . 2009-03-08 17:11 29,208 --a------ c:\windows\system32\drivers\avgfwdx.sys

2009-03-08 14:18 . 2009-03-08 14:18 <DIR> d-------- c:\program files\CCleaner

2009-03-07 19:26 . 2009-03-07 19:26 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware

2009-03-07 19:26 . 2009-03-07 19:26 <DIR> d-------- c:\documents and settings\Nancy\Application Data\Malwarebytes

2009-03-07 19:26 . 2009-03-07 19:26 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes

2009-03-07 19:26 . 2009-02-11 10:19 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys

2009-03-07 19:26 . 2009-02-11 10:19 15,504 --a------ c:\windows\system32\drivers\mbam.sys

2009-03-06 18:14 . 2005-12-03 03:14 <DIR> d-------- c:\documents and settings\postgres\WINDOWS

2009-03-06 18:14 . 2005-12-03 03:14 <DIR> d--h----- c:\documents and settings\postgres\Sjablonen

2009-03-06 18:14 . 2005-12-03 03:14 <DIR> dr-h----- c:\documents and settings\postgres\Onlangs geopend

2009-03-06 18:14 . 2006-09-26 17:18 <DIR> d--h----- c:\documents and settings\postgres\Netwerkprinteromgeving

2009-03-06 18:14 . 2005-12-03 03:14 <DIR> dr------- c:\documents and settings\postgres\Mijn documenten

2009-03-06 18:14 . 2005-12-03 03:14 <DIR> dr------- c:\documents and settings\postgres\Menu Start

2009-03-06 18:14 . 2005-12-03 03:13 <DIR> dr------- c:\documents and settings\postgres\Favorieten

2009-03-06 18:14 . 2006-09-26 17:18 <DIR> d-------- c:\documents and settings\postgres\Bureaublad

2009-03-06 18:14 . 2005-12-03 03:13 <DIR> d-------- c:\documents and settings\postgres\Application Data\Windows Desktop Search

2009-03-06 18:14 . 2005-12-03 03:13 <DIR> d-------- c:\documents and settings\postgres\Application Data\toshiba

2009-03-06 18:14 . 2005-12-03 03:13 <DIR> d-------- c:\documents and settings\postgres\Application Data\Sonic

2009-03-06 18:14 . 2007-04-07 09:39 <DIR> d-------- c:\documents and settings\postgres\Application Data\Intel

2009-03-06 18:14 . 2009-03-08 17:14 <DIR> d-------- c:\documents and settings\postgres

2009-03-06 17:58 . 2009-03-01 07:39 31,685,120 --a------ c:\windows\PT-Install-v3.00.4.pgsql.exe

2009-02-20 21:52 . 2009-02-20 21:52 <DIR> d-------- c:\documents and settings\All Users\Application Data\ESET

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-03-10 12:56 --------- d-----w c:\documents and settings\Nancy\Application Data\Amsterdams Poker

2009-03-10 00:06 202,008 ----a-w c:\windows\system32\PnkBstrB.exe

2009-03-10 00:06 139,096 ----a-w c:\windows\system32\drivers\PnkBstrK.sys

2009-01-16 11:31 73,216 ----a-w c:\windows\ST6UNST.EXE

2009-01-16 11:31 249,856 ------w c:\windows\Setup1.exe

2008-12-20 23:03 826,368 ----a-w c:\windows\system32\wininet.dll

2004-12-01 16:18 62,865 ----a-w c:\windows\inf\IM\odysseyIM3.sys

2004-12-01 16:18 45,056 ----a-w c:\windows\inf\IM\imdinst.exe

2004-12-01 16:18 12,739 ----a-w c:\windows\inf\IM\odNetInstall.dll

2008-08-07 19:42 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\Geschiedenis\History.IE5\MSHist012008080720080808\index.dat

.

((((((((((((((((((((((((((((( SnapShot@2009-03-08_10.49.16,20 )))))))))))))))))))))))))))))))))))))))))

.

+ 2009-02-02 17:07:40 1,914,440 ----a-w c:\windows\Downloaded Program Files\FP_AX_CAB_INSTALLER.exe

+ 2009-03-08 16:13:53 27,656 ----a-w c:\windows\system32\drivers\avgmfx86.sys

+ 2009-02-03 02:07:18 240,544 ----a-r c:\windows\system32\Macromed\Flash\FlashUtil10b.exe

- 2008-07-08 08:33:15 74,137 ----a-w c:\windows\system32\Macromed\Flash\uninstall_activeX.exe

+ 2009-03-08 18:50:40 89,102 ----a-w c:\windows\system32\Macromed\Flash\uninstall_activeX.exe

+ 2009-03-10 13:45:33 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_348.dat

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

"TOSCDSPD"="c:\program files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2005-04-12 65536]

"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-05-16 153136]

"TomTomHOME.exe"="c:\program files\TomTom HOME 2\HOMERunner.exe" [2008-12-09 234856]

"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 204288]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-17 64512]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-05-01 7557120]

"NVRotateSysTray"="c:\windows\system32\nvsysrot.dll" [2006-05-01 49152]

"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-03 761948]

"THotkey"="c:\program files\Toshiba\Toshiba Applet\thotkey.exe" [2006-08-25 356352]

"Tvs"="c:\program files\TOSHIBA\Tvs\TvsTray.exe" [2006-02-02 73728]

"SmoothView"="c:\program files\TOSHIBA\TOSHIBA-zoomutility\SmoothView.exe" [2005-05-12 118784]

"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-10-06 122940]

"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2006-08-01 802816]

"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2006-08-01 696320]

"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-11-10 136600]

"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-03-08 1932568]

"nwiz"="nwiz.exe" [2006-05-01 c:\windows\system32\nwiz.exe]

"RTHDCPL"="RTHDCPL.EXE" [2006-05-05 c:\windows\RTHDCPL.exe]

"AGRSMMSG"="AGRSMMSG.exe" [2005-12-13 c:\windows\agrsmmsg.exe]

"TPSMain"="TPSMain.exe" [2005-08-03 c:\windows\system32\TPSMain.exe]

"NDSTray.exe"="NDSTray.exe" [bU]

"TFncKy"="TFncKy.exe" [bU]

"CFSServ.exe"="CFSServ.exe" [bU]

"Logitech Utility"="Logi_MwX.Exe" [2003-12-11 c:\windows\LOGI_MWX.EXE]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-08-24 437160]

c:\documents and settings\Nancy\Menu Start\Programma's\Opstarten\

Mediacontrole Picture Motion Browser.lnk - c:\program files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe [2007-12-01 344064]

Sitecom Wireless LAN Utility.lnk - c:\program files\Sitecom Wireless LAN\WLANUTL.exe [2007-04-12 3829760]

c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\

Adobe Reader Snelle start.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-04-23 29696]

Windows Desktop Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2006-03-26 257752]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2006-03-13 233472]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]

2009-03-08 17:13 10520 c:\windows\system32\avgrsstx.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Bluetooth Manager.lnk]

path=c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\Bluetooth Manager.lnk

backup=c:\windows\pss\Bluetooth Manager.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]

--a------ 2007-10-18 11:34 5724184 c:\program files\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

--a------ 2007-03-01 14:57 153136 c:\program files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]

--a------ 2007-07-25 22:44 68856 c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"c:\\Program Files\\IncrediMail\\bin\\IMApp.exe"=

"c:\\Program Files\\IncrediMail\\bin\\IncMail.exe"=

"c:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe"=

"c:\\Program Files\\Messenger\\msmsgs.exe"=

"c:\\Program Files\\Toshiba\\ConfigFree\\CFXFER.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Soldier of Fortune II - Double Helix GOLD\\SoF2MP.exe"=

"c:\\WINDOWS\\system32\\sessmgr.exe"=

"c:\\WINDOWS\\ehome\\ehExtHost.exe"=

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=

"c:\\Program Files\\IncrediMail\\bin\\ImLc.exe"=

"c:\\Program Files\\AVG\\AVG8\\avgam.exe"=

"c:\\Program Files\\AVG\\AVG8\\avgdiag.exe"=

"c:\\Program Files\\AVG\\AVG8\\avgdiagex.exe"=

"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=

"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=

"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=

R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [2009-03-08 12552]

R0 xmasbus;xmasbus;c:\windows\system32\drivers\xmasbus.sys [2007-11-19 140800]

R0 xmasscsi;xmasscsi;c:\windows\system32\drivers\xmasscsi.sys [2007-11-19 5248]

R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-03-08 325640]

R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-03-08 107912]

R2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2009-03-08 908056]

R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-03-08 298264]

R2 avgfws8;AVG8 Firewall;c:\progra~1\AVG\AVG8\avgfws8.exe [2009-03-08 1362784]

R3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [2009-03-08 29208]

R3 X10Hid;X10 Hid Device;c:\windows\system32\drivers\x10hid.sys [2006-09-27 7040]

S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [2009-03-08 29208]

S3 ST100MXP;Sitecom 100M Driver;c:\windows\system32\drivers\WLANCTG.SYS [2007-04-12 386688]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6787E26F-A9E8-75DE-1120-18B0CEADD844}]

c:\docume~1\Nancy\LOCALS~1\Temp\AVG8.5\activation_disable.exe

.

.

------- Bijkomende Scan -------

.

uStart Page = hxxp://www.google.nl/

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}

uInternet Connection Wizard,ShellNext = iexplore

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-03-10 18:13:07

Windows 5.1.2600 Service Pack 3 NTFS

scannen van verborgen processen ...

scannen van verborgen autostart items ...

scannen van verborgen bestanden ...

Scan succesvol afgerond

verborgen bestanden: 0

**************************************************************************

.

--------------------- DLLs Geladen Onder Lopende Processen ---------------------

- - - - - - - > 'winlogon.exe'(1800)

c:\windows\system32\Ati2evxx.dll

.

Voltooingstijd: 2009-03-10 18:14:41

ComboFix-quarantined-files.txt 2009-03-10 17:14:38

ComboFix2.txt 2009-03-08 13:23:40

ComboFix3.txt 2009-03-08 09:50:05

Pre-Run: 33.000.964.096 bytes beschikbaar

Post-Run: 33,080,934,400 bytes beschikbaar

189 --- E O F --- 2009-03-05 18:01:58

ComboFix 09-03-06.02 - Nancy 2009-03-10 18:10:20.3 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1043.18.1022.478 [GMT 1:00]

Gestart vanuit: c:\documents and settings\Nancy\Bureaublad\ComboFix.exe

AV: AVG Internet Security 3-pack *On-access scanning enabled* (Updated)

FW: AVG Firewall *enabled*

* Resident AV is active

.

(((((((((((((((((((( Bestanden Gemaakt van 2009-02-10 to 2009-03-10 ))))))))))))))))))))))))))))))

.

2009-03-10 14:22 . 2009-03-10 14:22 <DIR> dr-h----- c:\documents and settings\Nancy\Onlangs geopend

2009-03-09 12:03 . 2009-03-10 12:06 <DIR> d--h----- C:\$AVG8.VAULT$

2009-03-08 18:00 . 2009-03-10 14:18 <DIR> d-------- c:\program files\PokerStars

2009-03-08 17:13 . 2009-03-10 12:04 <DIR> d-------- c:\windows\system32\drivers\Avg

2009-03-08 17:13 . 2009-03-08 17:13 325,640 --a------ c:\windows\system32\drivers\avgldx86.sys

2009-03-08 17:13 . 2009-03-08 17:13 107,912 --a------ c:\windows\system32\drivers\avgtdix.sys

2009-03-08 17:13 . 2009-03-08 17:13 12,552 --a------ c:\windows\system32\drivers\avgrkx86.sys

2009-03-08 17:13 . 2009-03-08 17:13 10,520 --a------ c:\windows\system32\avgrsstx.dll

2009-03-08 17:11 . 2009-03-08 17:11 <DIR> d-------- c:\program files\AVG

2009-03-08 17:11 . 2009-03-08 17:11 <DIR> d-------- c:\documents and settings\All Users\Application Data\avg8

2009-03-08 17:11 . 2009-03-08 17:11 50,968 --a------ c:\windows\system32\avgfwdx.dll

2009-03-08 17:11 . 2009-03-08 17:11 29,208 --a------ c:\windows\system32\drivers\avgfwdx.sys

2009-03-08 14:18 . 2009-03-08 14:18 <DIR> d-------- c:\program files\CCleaner

2009-03-07 19:26 . 2009-03-07 19:26 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware

2009-03-07 19:26 . 2009-03-07 19:26 <DIR> d-------- c:\documents and settings\Nancy\Application Data\Malwarebytes

2009-03-07 19:26 . 2009-03-07 19:26 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes

2009-03-07 19:26 . 2009-02-11 10:19 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys

2009-03-07 19:26 . 2009-02-11 10:19 15,504 --a------ c:\windows\system32\drivers\mbam.sys

2009-03-06 18:14 . 2005-12-03 03:14 <DIR> d-------- c:\documents and settings\postgres\WINDOWS

2009-03-06 18:14 . 2005-12-03 03:14 <DIR> d--h----- c:\documents and settings\postgres\Sjablonen

2009-03-06 18:14 . 2005-12-03 03:14 <DIR> dr-h----- c:\documents and settings\postgres\Onlangs geopend

2009-03-06 18:14 . 2006-09-26 17:18 <DIR> d--h----- c:\documents and settings\postgres\Netwerkprinteromgeving

2009-03-06 18:14 . 2005-12-03 03:14 <DIR> dr------- c:\documents and settings\postgres\Mijn documenten

2009-03-06 18:14 . 2005-12-03 03:14 <DIR> dr------- c:\documents and settings\postgres\Menu Start

2009-03-06 18:14 . 2005-12-03 03:13 <DIR> dr------- c:\documents and settings\postgres\Favorieten

2009-03-06 18:14 . 2006-09-26 17:18 <DIR> d-------- c:\documents and settings\postgres\Bureaublad

2009-03-06 18:14 . 2005-12-03 03:13 <DIR> d-------- c:\documents and settings\postgres\Application Data\Windows Desktop Search

2009-03-06 18:14 . 2005-12-03 03:13 <DIR> d-------- c:\documents and settings\postgres\Application Data\toshiba

2009-03-06 18:14 . 2005-12-03 03:13 <DIR> d-------- c:\documents and settings\postgres\Application Data\Sonic

2009-03-06 18:14 . 2007-04-07 09:39 <DIR> d-------- c:\documents and settings\postgres\Application Data\Intel

2009-03-06 18:14 . 2009-03-08 17:14 <DIR> d-------- c:\documents and settings\postgres

2009-03-06 17:58 . 2009-03-01 07:39 31,685,120 --a------ c:\windows\PT-Install-v3.00.4.pgsql.exe

2009-02-20 21:52 . 2009-02-20 21:52 <DIR> d-------- c:\documents and settings\All Users\Application Data\ESET

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-03-10 12:56 --------- d-----w c:\documents and settings\Nancy\Application Data\Amsterdams Poker

2009-03-10 00:06 202,008 ----a-w c:\windows\system32\PnkBstrB.exe

2009-03-10 00:06 139,096 ----a-w c:\windows\system32\drivers\PnkBstrK.sys

2009-01-16 11:31 73,216 ----a-w c:\windows\ST6UNST.EXE

2009-01-16 11:31 249,856 ------w c:\windows\Setup1.exe

2008-12-20 23:03 826,368 ----a-w c:\windows\system32\wininet.dll

2004-12-01 16:18 62,865 ----a-w c:\windows\inf\IM\odysseyIM3.sys

2004-12-01 16:18 45,056 ----a-w c:\windows\inf\IM\imdinst.exe

2004-12-01 16:18 12,739 ----a-w c:\windows\inf\IM\odNetInstall.dll

2008-08-07 19:42 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\Geschiedenis\History.IE5\MSHist012008080720080808\index.dat

.

((((((((((((((((((((((((((((( SnapShot@2009-03-08_10.49.16,20 )))))))))))))))))))))))))))))))))))))))))

.

+ 2009-02-02 17:07:40 1,914,440 ----a-w c:\windows\Downloaded Program Files\FP_AX_CAB_INSTALLER.exe

+ 2009-03-08 16:13:53 27,656 ----a-w c:\windows\system32\drivers\avgmfx86.sys

+ 2009-02-03 02:07:18 240,544 ----a-r c:\windows\system32\Macromed\Flash\FlashUtil10b.exe

- 2008-07-08 08:33:15 74,137 ----a-w c:\windows\system32\Macromed\Flash\uninstall_activeX.exe

+ 2009-03-08 18:50:40 89,102 ----a-w c:\windows\system32\Macromed\Flash\uninstall_activeX.exe

+ 2009-03-10 13:45:33 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_348.dat

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

"TOSCDSPD"="c:\program files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2005-04-12 65536]

"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-05-16 153136]

"TomTomHOME.exe"="c:\program files\TomTom HOME 2\HOMERunner.exe" [2008-12-09 234856]

"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 204288]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-17 64512]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-05-01 7557120]

"NVRotateSysTray"="c:\windows\system32\nvsysrot.dll" [2006-05-01 49152]

"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-03 761948]

"THotkey"="c:\program files\Toshiba\Toshiba Applet\thotkey.exe" [2006-08-25 356352]

"Tvs"="c:\program files\TOSHIBA\Tvs\TvsTray.exe" [2006-02-02 73728]

"SmoothView"="c:\program files\TOSHIBA\TOSHIBA-zoomutility\SmoothView.exe" [2005-05-12 118784]

"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-10-06 122940]

"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2006-08-01 802816]

"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2006-08-01 696320]

"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-11-10 136600]

"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-03-08 1932568]

"nwiz"="nwiz.exe" [2006-05-01 c:\windows\system32\nwiz.exe]

"RTHDCPL"="RTHDCPL.EXE" [2006-05-05 c:\windows\RTHDCPL.exe]

"AGRSMMSG"="AGRSMMSG.exe" [2005-12-13 c:\windows\agrsmmsg.exe]

"TPSMain"="TPSMain.exe" [2005-08-03 c:\windows\system32\TPSMain.exe]

"NDSTray.exe"="NDSTray.exe" [bU]

"TFncKy"="TFncKy.exe" [bU]

"CFSServ.exe"="CFSServ.exe" [bU]

"Logitech Utility"="Logi_MwX.Exe" [2003-12-11 c:\windows\LOGI_MWX.EXE]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-08-24 437160]

c:\documents and settings\Nancy\Menu Start\Programma's\Opstarten\

Mediacontrole Picture Motion Browser.lnk - c:\program files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe [2007-12-01 344064]

Sitecom Wireless LAN Utility.lnk - c:\program files\Sitecom Wireless LAN\WLANUTL.exe [2007-04-12 3829760]

c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\

Adobe Reader Snelle start.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-04-23 29696]

Windows Desktop Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2006-03-26 257752]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2006-03-13 233472]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]

2009-03-08 17:13 10520 c:\windows\system32\avgrsstx.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Bluetooth Manager.lnk]

path=c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\Bluetooth Manager.lnk

backup=c:\windows\pss\Bluetooth Manager.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]

--a------ 2007-10-18 11:34 5724184 c:\program files\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

--a------ 2007-03-01 14:57 153136 c:\program files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]

--a------ 2007-07-25 22:44 68856 c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"c:\\Program Files\\IncrediMail\\bin\\IMApp.exe"=

"c:\\Program Files\\IncrediMail\\bin\\IncMail.exe"=

"c:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe"=

"c:\\Program Files\\Messenger\\msmsgs.exe"=

"c:\\Program Files\\Toshiba\\ConfigFree\\CFXFER.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Soldier of Fortune II - Double Helix GOLD\\SoF2MP.exe"=

"c:\\WINDOWS\\system32\\sessmgr.exe"=

"c:\\WINDOWS\\ehome\\ehExtHost.exe"=

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=

"c:\\Program Files\\IncrediMail\\bin\\ImLc.exe"=

"c:\\Program Files\\AVG\\AVG8\\avgam.exe"=

"c:\\Program Files\\AVG\\AVG8\\avgdiag.exe"=

"c:\\Program Files\\AVG\\AVG8\\avgdiagex.exe"=

"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=

"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=

"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=

R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [2009-03-08 12552]

R0 xmasbus;xmasbus;c:\windows\system32\drivers\xmasbus.sys [2007-11-19 140800]

R0 xmasscsi;xmasscsi;c:\windows\system32\drivers\xmasscsi.sys [2007-11-19 5248]

R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-03-08 325640]

R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-03-08 107912]

R2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2009-03-08 908056]

R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-03-08 298264]

R2 avgfws8;AVG8 Firewall;c:\progra~1\AVG\AVG8\avgfws8.exe [2009-03-08 1362784]

R3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [2009-03-08 29208]

R3 X10Hid;X10 Hid Device;c:\windows\system32\drivers\x10hid.sys [2006-09-27 7040]

S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [2009-03-08 29208]

S3 ST100MXP;Sitecom 100M Driver;c:\windows\system32\drivers\WLANCTG.SYS [2007-04-12 386688]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6787E26F-A9E8-75DE-1120-18B0CEADD844}]

c:\docume~1\Nancy\LOCALS~1\Temp\AVG8.5\activation_disable.exe

.

.

------- Bijkomende Scan -------

.

uStart Page = hxxp://www.google.nl/

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}

uInternet Connection Wizard,ShellNext = iexplore

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-03-10 18:13:07

Windows 5.1.2600 Service Pack 3 NTFS

scannen van verborgen processen ...

scannen van verborgen autostart items ...

scannen van verborgen bestanden ...

Scan succesvol afgerond

verborgen bestanden: 0

**************************************************************************

.

--------------------- DLLs Geladen Onder Lopende Processen ---------------------

- - - - - - - > 'winlogon.exe'(1800)

c:\windows\system32\Ati2evxx.dll

.

Voltooingstijd: 2009-03-10 18:14:41

ComboFix-quarantined-files.txt 2009-03-10 17:14:38

ComboFix2.txt 2009-03-08 13:23:40

ComboFix3.txt 2009-03-08 09:50:05

Pre-Run: 33.000.964.096 bytes beschikbaar

Post-Run: 33,080,934,400 bytes beschikbaar

189 --- E O F --- 2009-03-05 18:01:58

[kape]

Geen idee wat de oorzaak kan zijn van die wijzigingen in firewall, e.d. ... want al deze logjes zien er perfect uit :s

[Manado]

Geen idee wat de oorzaak kan zijn van die wijzigingen in firewall, e.d. ... want al deze logjes zien er perfect uit :s

Tja dan zal ik verlopig even wakker blijven bij het opnieuw opstarten en denk ik dat ik maar vast voorbereidingen ga treffen voor een clean instal.

Zomaar even wat me te binnen schiet en dan laat ik dit topic weer voor wat het is ; Kan het zo zijn dat er ergens een file'tje is tussengezet die geactiveerd wordt zodra je bv weer pokerstars gaat instaleren op je computer.

Dus eigenlijk hoe groot is de kans dat die knackerbróod:D een file'tje heeft achtergelaten die wij dus niet kunnen vinden maar die dus nog wel achtergebleven is en zodra bv pokerstars geinstaleerd wordt dat dat file'tje dan dus meteen geactiveerd wordt en de ellende weer begint.

Bedankt weer voor je hulp,Kape.

Groetjes Martin

Ps. kan dit topic nog bij mijn vorige gekoppeld worden, ik zag namelijk te laat dat ik me oude topic ook weer heropend kan worden:argh: excuses en vast wel weer tot ziens :Dhaha