Ga naar inhoud

[OPGELOST] PC traag + ongewenste exe-bestanden...


Aanbevolen berichten

Hoi

Sinds een paar dagen is mijn pc heel traag. Ik heb het vermoeden dat er een virusbesmetting of iets dergelijks is. Trojans?

Hoe dan, ik heb CC Cleaner laten lopen, en Malwarebytes Anti-Malware, maar het probleem blijft. Momenteel lijk ik niet sneller dan pakweg 2kb/s te kunnen downloaden...

Ik heb via Hijakthis een scan gedaan, hieronder de logdata. Hopelijk kan iemand helpen!! Grtn

P

Log

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 23:35:50, on 24/07/2009

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\System32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe

C:\Program Files\Java\jre1.5.0\bin\jusched.exe

C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\WINDOWS\system32\RunDLL32.exe

C:\Program Files\Java\jre1.5.0\bin\jucheck.exe

C:\Program Files\Search Settings\SearchSettings.exe

C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\MSN Messenger\MsnMsgr.Exe

C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe

C:\Program Files\WinZip\WZQKPICK.EXE

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe

C:\WINDOWS\system32\10571.exe

C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe

C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\WINDOWS\system32\taskmgr.exe

c:\iPe.exe

C:\PROGRA~1\COMMON~1\MICROS~1\Msinfo\OFFPROV.EXE

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

c:\iPe.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = De Standaard Online

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.coften.be

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R3 - URLSearchHook: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb127\SearchSettings.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O2 - BHO: (no name) - {5AF4B996-C96C-41A2-8678-5F5A46E01EE8} - C:\PROGRA~1\DOWNLO~1\DETECT~1.DLL

O2 - BHO: DealioBHO Class - {6A87B991-A31F-4130-AE72-6D0C294BF082} - C:\Program Files\Dealio\kb127\Dealio.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll

O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll

O2 - BHO: (no name) - {C90DBB52-46E0-4E65-92BC-799ADEE54C86} - C:\PROGRA~1\Flash2X\FLASHP~1\FLASHP~1.DLL

O2 - BHO: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb127\SearchSettings.dll

O3 - Toolbar: Dealio - {E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F} - C:\Program Files\Dealio\kb127\Dealio.dll

O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll

O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0\bin\jusched.exe

O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [PD0620 STISvc] RunDLL32.exe P0620Pin.dll,RunDLL32EP 513

O4 - HKLM\..\Run: [au] C:\Program Files\Dealio\DealioAU.exe

O4 - HKLM\..\Run: [searchSettings] C:\Program Files\Search Settings\SearchSettings.exe

O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe"

O4 - HKLM\..\RunOnce: [NSSInstallation] C:\WINDOWS\system32\Adobe\Shockwave 11\nssstub.exe /RunOnce

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe"

O4 - HKCU\..\Run: [shareaza] "C:\Program Files\Shareaza\Shareaza.exe" -tray

O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized

O4 - HKCU\..\Run: [Cognac] C:\DOCUME~1\Pieter\LOCALS~1\Temp\11103.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\Policies\Explorer\Run: [Msn] c:\iPe.exe (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\Policies\Explorer\Run: [MsnMessendger] c:\iPe.exe (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')

O4 - HKUS\.DEFAULT\..\Policies\Explorer\Run: [Msn] c:\iPe.exe (User 'Default user')

O4 - Startup: is-16TD9.lnk = C:\Documents and Settings\Pieter\Desktop\Virus Removal Tool\is-16TD9\startup.exe

O4 - Startup: is-C133G.lnk = C:\Documents and Settings\Pieter\Desktop\Virus Removal Tool1\is-C133G\startup.exe

O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE

O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE

O8 - Extra context menu item: Compare Prices with &Dealio - C:\Documents and Settings\Pieter\Application Data\Dealio\kb127\res\DealioSearch.html

O8 - Extra context menu item: Download &Youtube Free - C:\Program Files\Download Youtube Free\save.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll

O9 - Extra button: Antivirus Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\scieplugin.dll

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O9 - Extra button: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\Program Files\Dealio\kb127\Dealio.dll

O9 - Extra 'Tools' menuitem: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\Program Files\Dealio\kb127\Dealio.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra button: Download Youtube Free - {655A0B37-3AD2-429D-BF2F-0C8EE4ACA08A} - C:\Program Files\Download Youtube Free\save.htm (file missing) (HKCU)

O9 - Extra 'Tools' menuitem: &Launch Download Youtube Free - {655A0B37-3AD2-429D-BF2F-0C8EE4ACA08A} - C:\Program Files\Download Youtube Free\save.htm (file missing) (HKCU)

O14 - IERESET.INF: START_PAGE_URL=www.coften.be

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {3BFFE033-BF43-11D5-A271-00A024A51325} (iNotes6 Class) - https://mailserv.sofico.be/iNotes6W.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1181295815703

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll

O20 - AppInit_DLLs: "c:\progra~1\kasper~1\kasper~1.0\adialhk.dll"

O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: Kaspersky Internet Security 6.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe

O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: ipfw_helper (ipfw) - Unknown owner - C:\WINDOWS\system32\10571.exe

O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe

O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

O23 - Service: TomTomHOMEService - TomTom - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe

--

End of file - 10921 bytes

Link naar reactie
Delen op andere sites

Ga naar Start - Uitvoeren en tik in: sc stop ipfw

Druk op Enter.

Ga naar Start - Uitvoeren en tik in: sc delete ipfw

Druk op Enter.

Start Hijackthis op. Ben je gebruiker van Vista kies dan voor “Run as administrator" of "Uitvoeren als administrator". Selecteer “Do a system scan only”. Selecteer alleen de items die hieronder zijn genoemd:

R3 - URLSearchHook: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb127\SearchSettings.dll

O2 - BHO: (no name) - {5AF4B996-C96C-41A2-8678-5F5A46E01EE8} - C:\PROGRA~1\DOWNLO~1\DETECT~1.DLL

O2 - BHO: DealioBHO Class - {6A87B991-A31F-4130-AE72-6D0C294BF082} - C:\Program Files\Dealio\kb127\Dealio.dll

O2 - BHO: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb127\SearchSettings.dll

O4 - HKLM\..\Run: [au] C:\Program Files\Dealio\DealioAU.exe

O4 - HKLM\..\Run: [searchSettings] C:\Program Files\Search Settings\SearchSettings.exe

O4 - HKLM\..\RunOnce: [NSSInstallation] C:\WINDOWS\system32\Adobe\Shockwave 11\nssstub.exe /RunOnce

O4 - HKCU\..\Run: [Cognac] C:\DOCUME~1\Pieter\LOCALS~1\Temp\11103.exe

O4 - HKUS\S-1-5-18\..\Policies\Explorer\Run: [Msn] c:\iPe.exe (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\Policies\Explorer\Run: [MsnMessendger] c:\iPe.exe (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Policies\Explorer\Run: [Msn] c:\iPe.exe (User 'Default user')

O9 - Extra button: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\Program Files\Dealio\kb127\Dealio.dll

O9 - Extra 'Tools' menuitem: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\Program Files\Dealio\kb127\Dealio.dll

O9 - Extra button: Download Youtube Free - {655A0B37-3AD2-429D-BF2F-0C8EE4ACA08A} - C:\Program Files\Download Youtube Free\save.htm (file missing) (HKCU)

O9 - Extra 'Tools' menuitem: &Launch Download Youtube Free - {655A0B37-3AD2-429D-BF2F-0C8EE4ACA08A} - C:\Program Files\Download Youtube Free\save.htm (file missing) (HKCU)

Klik op 'Fix checked' om de items te verwijderen.

Download MBAM (Malwarebytes' Anti-Malware).

Dubbelklik op mbam-setup.exe om het programma te installeren.

Zorg ervoor dat er een vinkje geplaatst is voor Update Malwarebytes' Anti-Malware en Start Malwarebytes' Anti-Malware, Klik daarna op "Voltooien".

Indien een update gevonden werd, zal die gedownload en geïnstalleerd worden.

Wanneer het programma volledig up to date is, selecteer dan in het tabblad Scanner : "Snelle Scan", daarna klik op Scan.

Het scannen kan een tijdje duren, dus wees geduldig.

Wanneer de scan voltooid is, klik op OK, daarna "Bekijk Resultaten" om de resultaten te zien.

Zorg ervoor dat daar alles aangevinkt is, daarna klik op: Verwijder geselecteerde.

Na het verwijderen zal een log openen en zal er gevraagd worden om de computer opnieuw op te starten. (Zie verder). De log wordt automatisch bewaard door MBAM en kan je terugvinden door op de "Logs" tab te klikken in MBAM.

Indien MBAM moeilijkheden heeft met het verwijderen van bepaalde bestanden zal het enkele meldingen geven waar je OK moet klikken. Daarna zal het vragen om de computeropnieuw op te starten... dus sta toe dat MBAM de computer opnieuw opstart.

Plak de inhoud van het logje in je volgende bericht, samen met een nieuw HijackThis log.

Link naar reactie
Delen op andere sites

Bedankt voor de info.

Hieronder de Malwarebyte-logfile

Malwarebytes' Anti-Malware 1.39

Database versie: 2498

Windows 5.1.2600 Service Pack 2

25/07/2009 16:53:49

mbam-log-2009-07-25 (16-53-48).txt

Scan type: Volledige Scan (A:\|C:\|D:\|E:\|)

Objecten gescand: 359890

Verstreken tijd: 4 hour(s), 42 minute(s), 4 second(s)

Geheugenprocessen geïnfecteerd: 3

Geheugenmodulen geïnfecteerd: 1

Registersleutels geïnfecteerd: 2

Registerwaarden geïnfecteerd: 1

Registerdata bestanden geïnfecteerd: 1

Mappen geïnfecteerd: 1

Bestanden geïnfecteerd: 150

Geheugenprocessen geïnfecteerd:

c:\IQQeRfuc.exe (Trojan.Downloader) -> Unloaded process successfully.

c:\IQQeRfuc.exe (Trojan.Downloader) -> Unloaded process successfully.

c:\IQQeRfuc.exe (Trojan.Downloader) -> Unloaded process successfully.

Geheugenmodulen geïnfecteerd:

C:\Program Files\MSN Messenger\msimg32.dll (Adware.MyWebSearch) -> Delete on reboot.

Registersleutels geïnfecteerd:

HKEY_CLASSES_ROOT\Typelib\{b6ae55bf-4617-93ef-6ea4-4e52199ca591} (Trojan.BHO) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Registerwaarden geïnfecteerd:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\CmdMapping\{9034a523-d068-4be8-a284-9df278be776e} (Trojan.Zlob) -> Quarantined and deleted successfully.

Registerdata bestanden geïnfecteerd:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SecurityProviders (Broken.SecurityProviders) -> Bad: (msapsspc.dll schannel.dll digest.dll msnsspc.dll) Good: (msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll) -> Quarantined and deleted successfully.

Mappen geïnfecteerd:

C:\WINDOWS\system32\lowsec (Stolen.data) -> Delete on reboot.

Bestanden geïnfecteerd:

C:\Program Files\MSN Messenger\msimg32.dll (Adware.MyWebSearch) -> Delete on reboot.

c:\IQQeRfuc.exe (Trojan.Downloader) -> Delete on reboot.

c:\Af1f.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

c:\iPe.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

c:\iPQ.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

c:\iTk.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

c:\iuu2X.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

c:\IVFT0y.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

c:\HBek.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

c:\pWFYFR.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

c:\RP5Ew.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

c:\sttHVUr.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

c:\bDFXB7y.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

c:\BOf.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

c:\PLlghL.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

c:\pmfhI26.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

c:\Pnw5Wn.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

c:\pTx77u.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

c:\MiKx.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

c:\mit.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

c:\Mledux.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

c:\MRcW1x2.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

c:\MTBjRYsc.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

c:\mx67Q.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

c:\wg2dwIp.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

c:\WnTwA.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

c:\WUCIAWWZ.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

c:\WXi4CQ4S.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

c:\E1tWb.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

c:\E5xL.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

c:\EB6fl.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

c:\R3rKPalK.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

c:\R5cyQRf.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

c:\r7Jza.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

c:\rnehGjI.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

c:\gHMm.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

c:\gLM5fCu.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

c:\H0V8wzM.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

c:\H2eTaatP.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

c:\kaFEhAjb.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

c:\kGKTwiB8.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

c:\kLF2.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

c:\KRqnk.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

c:\KWK8s.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

c:\kxWA8.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

c:\kzSeAa0l.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

c:\L8AB.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

c:\L9uK1bL.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

c:\nzqa.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

c:\OD6DHA63.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

c:\OD6WO.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

c:\Od8.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

c:\TtqJG.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

c:\tvxzWhD.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

c:\U64.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

c:\uLAMd4Px.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

c:\ULyA.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

c:\uM5Q8.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

c:\UYdH.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

c:\xXDtdG.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

c:\yhpr5hnV.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

c:\yWY7UrH.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

c:\CvxqZ7.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

c:\d3zw.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

c:\DBrF.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

c:\Df9Wi.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

c:\pYPs.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

c:\qaBkV1X.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

c:\qEqb.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

c:\qmR.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

c:\qOZog.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

c:\qPN.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

c:\qrvECnXR.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

c:\rs5nj3G.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

c:\Rzx4FPm4.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

c:\s75oK.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

c:\SEJ9i.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

c:\Si2om.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

c:\SJv8hM.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

c:\sKmL3o9X.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

c:\HJ4m.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

c:\HsX2GyhA.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

c:\hW1pJ2.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

c:\i6kNH.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

c:\i87WI.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

c:\ICW.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

c:\ieu2e.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

c:\IEY1.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

c:\vAHjetzv.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

c:\vAr.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

c:\vH0Xt5ZB.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

c:\VMawCl.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

c:\vp5.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

c:\vPmyUMhl.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

c:\vv3WpG.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

c:\LHuP1cQ.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

c:\ltP.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

c:\lx2pi.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

c:\mB84.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

c:\mEo.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

c:\meYoyRVk.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

c:\MGDud7C.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

c:\FnO3mtgS.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

c:\fWNcBXL.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

c:\FZOVjeF.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

c:\NaWPh2.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

c:\nbFu.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

c:\NcvzpkH.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

c:\NDoW.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

c:\NGNNWu3.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

c:\JtY3.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

c:\Jzol.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

c:\oPRqm.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

c:\orNy.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

c:\OUZI.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

c:\oY6oBz.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

c:\P3SXJ.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

c:\Pi0Ky.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

c:\zhcrEZk.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

c:\ZzxrLVxN.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

c:\tdD.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

c:\tfjPF.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

c:\THKQKcsT.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

c:\TKVQs.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

c:\TOL.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

c:\BOXcKO3u.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

c:\brhAhAj.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

c:\bTSgxIK2.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

c:\C4wqnOC3.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

c:\CAq0a.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

c:\Cdx.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

c:\Cel3c.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

c:\x79.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

c:\xKXLgn.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

c:\dpZ.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

c:\dy0.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

c:\system volume information\_restore{2a193827-01de-469a-ba43-4711819d1e09}\RP157\A0008367.DLL (Adware.FunWeb) -> Quarantined and deleted successfully.

c:\system volume information\_restore{2a193827-01de-469a-ba43-4711819d1e09}\RP197\A0017088.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

c:\system volume information\_restore{2a193827-01de-469a-ba43-4711819d1e09}\RP197\A0017091.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

c:\system volume information\_restore{2a193827-01de-469a-ba43-4711819d1e09}\RP197\A0017100.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

c:\system volume information\_restore{2a193827-01de-469a-ba43-4711819d1e09}\RP197\A0017103.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

c:\system volume information\_restore{2a193827-01de-469a-ba43-4711819d1e09}\RP197\A0017106.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

c:\system volume information\_restore{2a193827-01de-469a-ba43-4711819d1e09}\RP200\A0017992.dll (Adware.MyWeb) -> Quarantined and deleted successfully.

c:\WINDOWS\system32\10571.exe (Trojan.Waledac) -> Quarantined and deleted successfully.

c:\WINDOWS\system32\4920.exe (Trojan.Waledac) -> Quarantined and deleted successfully.

c:\WINDOWS\system32\drivers\ip_fw.sys (Trojan.Backdoor) -> Quarantined and deleted successfully.

c:\documents and settings\Pieter\Desktop\softwarefortubeview.40019.exe (Trojan.Dropper) -> Quarantined and deleted successfully.

c:\documents and settings\Pieter\Desktop\verzameling harde schijf\my shared folder\Chuzzle_Deluxe_1.0_GH_crack.exe (Malware.Packer) -> Quarantined and deleted successfully.

c:\documents and settings\Pieter\my documents\documents and settings\all users\application data\{1b0cc100-80e7-4108-844f-6244f1fcfcc1}\offline\ifgmgcemrafaknxeimmaxfnsdrffff0\memman.vxd (Rogue.sysCleanerPro) -> Quarantined and deleted successfully.

C:\WINDOWS\msa.exe (Trojan.Agent) -> Quarantined and deleted successfully.

En dit is de nieuwe Hijack-logfile

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 17:03:57, on 25/07/2009

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\System32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe

C:\Program Files\Java\jre1.5.0\bin\jusched.exe

C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\WINDOWS\system32\RunDLL32.exe

C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\Java\jre1.5.0\bin\jucheck.exe

C:\Program Files\MSN Messenger\MsnMsgr.Exe

C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe

C:\Program Files\Shareaza\Shareaza.exe

C:\Program Files\Skype\Phone\Skype.exe

C:\Program Files\WinZip\WZQKPICK.EXE

C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe

C:\Documents and Settings\Pieter\Desktop\Virus Removal Tool\is-16TD9\is-16TD9.exe

C:\Documents and Settings\Pieter\Desktop\Virus Removal Tool1\is-C133G\is-C133G.exe

C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Program Files\Skype\Plugin Manager\skypePM.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\system32\SNDVOL32.EXE

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe

C:\WINDOWS\system32\taskmgr.exe

C:\WINDOWS\system32\NOTEPAD.EXE

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe

C:\WINDOWS\System32\msiexec.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = De Standaard Online

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.coften.be

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll

O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll

O2 - BHO: (no name) - {C90DBB52-46E0-4E65-92BC-799ADEE54C86} - C:\PROGRA~1\Flash2X\FLASHP~1\FLASHP~1.DLL

O3 - Toolbar: Dealio - {E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F} - C:\Program Files\Dealio\kb127\Dealio.dll (file missing)

O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll

O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0\bin\jusched.exe

O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [PD0620 STISvc] RunDLL32.exe P0620Pin.dll,RunDLL32EP 513

O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe"

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe"

O4 - HKCU\..\Run: [shareaza] "C:\Program Files\Shareaza\Shareaza.exe" -tray

O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\Policies\Explorer\Run: [MsnHost] c:\IHIX9te3.exe (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\Policies\Explorer\Run: [MsnMessendger] c:\IHIX9te3.exe (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')

O4 - HKUS\.DEFAULT\..\Policies\Explorer\Run: [MsnHost] c:\IHIX9te3.exe (User 'Default user')

O4 - Startup: is-16TD9.lnk = C:\Documents and Settings\Pieter\Desktop\Virus Removal Tool\is-16TD9\startup.exe

O4 - Startup: is-C133G.lnk = C:\Documents and Settings\Pieter\Desktop\Virus Removal Tool1\is-C133G\startup.exe

O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE

O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE

O8 - Extra context menu item: Ajouter à Kaspersky Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\ie_banner_deny.htm

O8 - Extra context menu item: Compare Prices with &Dealio - C:\Documents and Settings\Pieter\Application Data\Dealio\kb127\res\DealioSearch.html

O8 - Extra context menu item: Download &Youtube Free - C:\Program Files\Download Youtube Free\save.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll

O9 - Extra button: Antivirus Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\scieplugin.dll

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O14 - IERESET.INF: START_PAGE_URL=www.coften.be

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {3BFFE033-BF43-11D5-A271-00A024A51325} (iNotes6 Class) - https://mailserv.sofico.be/iNotes6W.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1181295815703

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll

O20 - AppInit_DLLs: "c:\progra~1\kasper~1\kasper~1.0\adialhk.dll"

O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: Kaspersky Internet Security 6.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe

O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe

O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

O23 - Service: TomTomHOMEService - TomTom - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe

--

End of file - 9935 bytes

Link naar reactie
Delen op andere sites

150 geïnfecteerde bestanden bij Malwarebytes ... dat is al een mooie collectie:-)

Maar die ben je dan ook al kwijt. Toch zijn we er nog niet helemaal :

Start Hijackthis op. Ben je gebruiker van Vista kies dan voor “Run as administrator" of "Uitvoeren als administrator". Selecteer “Do a system scan only”. Selecteer alleen de items die hieronder zijn genoemd:

O3 - Toolbar: Dealio - {E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F} - C:\Program Files\Dealio\kb127\Dealio.dll (file missing)

O4 - HKUS\S-1-5-18\..\Policies\Explorer\Run: [MsnHost] c:\IHIX9te3.exe (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\Policies\Explorer\Run: [MsnMessendger] c:\IHIX9te3.exe (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Policies\Explorer\Run: [MsnHost] c:\IHIX9te3.exe (User 'Default user')

Klik op 'Fix checked' om de items te verwijderen.

Download Combofix naar je Bureaublad.

Lees hier meer over correct gebruik van Combofix.

OPMERKING: indien je, tijdens of na het downloaden van Combofix of tijdens het gebruik van Combofix een melding krijgt van je Antivirus- of een andere realtime scanner, schakel dan deze scanner uit en download Combofix opnieuw.

Sommige scanners zien bepaalde componenten die Combofix gebruikt als verdacht en gaan deze blokkeren of verwijderen!

  • Dubbelklik op Combofix.exe om het te starten.
    Indien je Combofix al eerder hebt gebruikt, kan je een waarschuwing krijgen dat een update beschikbaar is. Sta toe dat ComboFix wordt geupdate.
    Volg de instructies, aanvaard de disclaimer door op Ja te klikken.
    Indien de Recovery Console niet geïnstalleerd is, wordt je gevraagd om dit alsnog te doen door op JA te klikken in het "Query - Recovery Console" venster (enkel voor XP, niet voor VISTA).
    Klik op OK en Ja om automatisch de Recovery Console te laten installeren.
    Klik na afloop terug op Ja om het scannen op malware te starten.
    Tijdens het runnen van de fix, NIET in het venster klikken, want dit zal je pc doen vasthangen.

Wanneer de fix voltooid is en na herstart, zal de log Combofix.txt openen.

Post dit logje in je volgende antwoord.

Link naar reactie
Delen op andere sites

Le voilà!

ComboFix 09-07-24.01 - Pieter 25/07/2009 18:33.1.1 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.32.1033.18.511.214 [GMT 2:00]

Running from: c:\documents and settings\Pieter\Desktop\ComboFix.exe

AV: Kaspersky Internet Security *On-access scanning disabled* (Outdated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}

FW: Kaspersky Internet Security *disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\program files\Search Settings

c:\program files\Search Settings\kb127\SearchSettingsRes409.dll

c:\program files\Search Settings\SearchSettings.exe

c:\windows\Installer\26f8af.msi

c:\windows\Tasks\At1.job

c:\windows\Tasks\At10.job

c:\windows\Tasks\At11.job

c:\windows\Tasks\At12.job

c:\windows\Tasks\At13.job

c:\windows\Tasks\At14.job

c:\windows\Tasks\At15.job

c:\windows\Tasks\At16.job

c:\windows\Tasks\At17.job

c:\windows\Tasks\At18.job

c:\windows\Tasks\At19.job

c:\windows\Tasks\At2.job

c:\windows\Tasks\At20.job

c:\windows\Tasks\At21.job

c:\windows\Tasks\At22.job

c:\windows\Tasks\At23.job

c:\windows\Tasks\At24.job

c:\windows\Tasks\At25.job

c:\windows\Tasks\At26.job

c:\windows\Tasks\At27.job

c:\windows\Tasks\At28.job

c:\windows\Tasks\At29.job

c:\windows\Tasks\At3.job

c:\windows\Tasks\At30.job

c:\windows\Tasks\At31.job

c:\windows\Tasks\At32.job

c:\windows\Tasks\At33.job

c:\windows\Tasks\At34.job

c:\windows\Tasks\At35.job

c:\windows\Tasks\At36.job

c:\windows\Tasks\At37.job

c:\windows\Tasks\At38.job

c:\windows\Tasks\At39.job

c:\windows\Tasks\At4.job

c:\windows\Tasks\At40.job

c:\windows\Tasks\At41.job

c:\windows\Tasks\At42.job

c:\windows\Tasks\At43.job

c:\windows\Tasks\At44.job

c:\windows\Tasks\At45.job

c:\windows\Tasks\At46.job

c:\windows\Tasks\At47.job

c:\windows\Tasks\At48.job

c:\windows\Tasks\At49.job

c:\windows\Tasks\At5.job

c:\windows\Tasks\At50.job

c:\windows\Tasks\At51.job

c:\windows\Tasks\At52.job

c:\windows\Tasks\At53.job

c:\windows\Tasks\At54.job

c:\windows\Tasks\At55.job

c:\windows\Tasks\At56.job

c:\windows\Tasks\At57.job

c:\windows\Tasks\At58.job

c:\windows\Tasks\At59.job

c:\windows\Tasks\At6.job

c:\windows\Tasks\At60.job

c:\windows\Tasks\At61.job

c:\windows\Tasks\At62.job

c:\windows\Tasks\At63.job

c:\windows\Tasks\At64.job

c:\windows\Tasks\At65.job

c:\windows\Tasks\At66.job

c:\windows\Tasks\At67.job

c:\windows\Tasks\At68.job

c:\windows\Tasks\At69.job

c:\windows\Tasks\At7.job

c:\windows\Tasks\At70.job

c:\windows\Tasks\At71.job

c:\windows\Tasks\At72.job

c:\windows\Tasks\At73.job

c:\windows\Tasks\At74.job

c:\windows\Tasks\At75.job

c:\windows\Tasks\At76.job

c:\windows\Tasks\At77.job

c:\windows\Tasks\At78.job

c:\windows\Tasks\At79.job

c:\windows\Tasks\At8.job

c:\windows\Tasks\At80.job

c:\windows\Tasks\At9.job

D:\Autorun.inf

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

-------\Legacy_IP_FW

-------\Legacy_MYWEBSEARCHSERVICE

-------\Service_ip_fw

((((((((((((((((((((((((( Files Created from 2009-06-25 to 2009-07-25 )))))))))))))))))))))))))))))))

.

2009-07-25 15:03 . 2009-07-25 15:03 -------- d-----w- c:\program files\Common Files\Symantec Shared

2009-07-25 15:02 . 2009-07-25 15:02 -------- d-----w- c:\program files\Norton Security Scan

2009-07-25 13:08 . 2009-07-25 13:08 329216 ----a-w- C:\IHIX9te3.exe

2009-07-25 13:08 . 2009-07-25 13:08 6998 ----a-w- C:\mAaeZc.bat

2009-07-25 13:08 . 2009-07-25 13:08 273 ----a-w- C:\GPeI5.bat

2009-07-25 13:00 . 2009-07-25 13:00 6998 ----a-w- C:\Jpqc.bat

2009-07-25 13:00 . 2009-07-25 13:00 242 ----a-w- C:\xLvtj.bat

2009-07-25 12:44 . 2009-07-25 12:44 329216 ----a-w- C:\d0mgELZU.exe

2009-07-25 12:44 . 2009-07-25 12:44 6998 ----a-w- C:\jm30Q.bat

2009-07-25 12:44 . 2009-07-25 12:44 269 ----a-w- C:\j9yXWvPz.bat

2009-07-25 12:04 . 2009-07-25 12:04 329216 ----a-w- C:\lQsZ4.exe

2009-07-25 12:04 . 2009-07-25 12:04 6998 ----a-w- C:\XD9L.bat

2009-07-25 12:04 . 2009-07-25 12:04 248 ----a-w- C:\vhk.bat

2009-07-25 11:49 . 2009-07-25 11:49 329216 ----a-w- C:\SGN5cWw.exe

2009-07-25 11:49 . 2009-07-25 11:49 6998 ----a-w- C:\fqY5iX.bat

2009-07-25 11:49 . 2009-07-25 11:49 266 ----a-w- C:\DdZr.bat

2009-07-25 11:40 . 2009-07-25 11:41 329216 ----a-w- C:\Qu8l.exe

2009-07-25 11:40 . 2009-07-25 11:40 6998 ----a-w- C:\mnvvz.bat

2009-07-25 11:40 . 2009-07-25 11:40 239 ----a-w- C:\OpzS.bat

2009-07-25 11:20 . 2009-07-25 11:20 329216 ----a-w- C:\kraj0D3r.exe

2009-07-25 11:20 . 2009-07-25 11:20 6998 ----a-w- C:\aQf5O.bat

2009-07-25 11:20 . 2009-07-25 11:20 272 ----a-w- C:\UFuRg.bat

2009-07-25 11:15 . 2009-07-25 11:15 6998 ----a-w- C:\JOjDfaOG.bat

2009-07-25 11:15 . 2009-07-25 11:15 267 ----a-w- C:\jgFFUX.bat

2009-07-25 11:04 . 2009-07-25 11:04 6998 ----a-w- C:\QZ8Ux8y.bat

2009-07-25 11:04 . 2009-07-25 11:04 258 ----a-w- C:\VA6u.bat

2009-07-25 10:54 . 2009-07-25 10:54 329216 ----a-w- C:\UuRc.exe

2009-07-25 10:54 . 2009-07-25 10:54 6998 ----a-w- C:\KkxCdU.bat

2009-07-25 10:54 . 2009-07-25 10:54 238 ----a-w- C:\WfSXoq.bat

2009-07-25 10:50 . 2009-07-25 10:50 329216 ----a-w- C:\fHyrL6.exe

2009-07-25 10:50 . 2009-07-25 10:50 6998 ----a-w- C:\FqQ.bat

2009-07-25 10:50 . 2009-07-25 10:50 255 ----a-w- C:\bRx.bat

2009-07-25 10:46 . 2009-07-25 10:46 329216 ----a-w- C:\o1at.exe

2009-07-25 10:46 . 2009-07-25 10:46 6998 ----a-w- C:\tL0is2Un.bat

2009-07-25 10:46 . 2009-07-25 10:46 239 ----a-w- C:\wpPF.bat

2009-07-25 10:35 . 2009-07-25 10:35 6998 ----a-w- C:\F80.bat

2009-07-25 10:35 . 2009-07-25 10:35 275 ----a-w- C:\ZpHJel.bat

2009-07-25 10:28 . 2009-07-25 10:28 329216 ----a-w- C:\qTt1Dy.exe

2009-07-25 10:28 . 2009-07-25 10:28 6998 ----a-w- C:\vl8kp.bat

2009-07-25 10:28 . 2009-07-25 10:28 253 ----a-w- C:\MpSU.bat

2009-07-25 10:06 . 2009-07-25 10:06 6998 ----a-w- C:\Ao4X.bat

2009-07-25 10:06 . 2009-07-25 10:06 258 ----a-w- C:\fumle.bat

2009-07-25 10:00 . 2009-07-25 10:00 6998 ----a-w- C:\P9iFwrk.bat

2009-07-25 10:00 . 2009-07-25 10:00 272 ----a-w- C:\yW2yb.bat

2009-07-25 00:04 . 2009-07-25 00:04 6998 ----a-w- C:\t7MRgqbu.bat

2009-07-25 00:01 . 2009-07-25 00:01 6998 ----a-w- C:\NohijG0p.bat

2009-07-25 00:01 . 2009-07-25 00:01 240 ----a-w- C:\GRdlJOsM.bat

2009-07-25 00:00 . 2009-07-25 00:00 6998 ----a-w- C:\Pti.bat

2009-07-25 00:00 . 2009-07-25 00:00 239 ----a-w- C:\wzH.bat

2009-07-24 23:55 . 2009-07-24 23:55 6998 ----a-w- C:\Zfw7.bat

2009-07-24 23:55 . 2009-07-24 23:55 246 ----a-w- C:\P73z.bat

2009-07-24 23:44 . 2009-07-24 23:44 6998 ----a-w- C:\TUzHjd.bat

2009-07-24 23:35 . 2009-07-24 23:35 6998 ----a-w- C:\aE8L4nXW.bat

2009-07-24 23:35 . 2009-07-24 23:35 257 ----a-w- C:\B8HQ.bat

2009-07-24 23:08 . 2009-07-24 23:08 259 ----a-w- C:\Fp69.bat

2009-07-24 23:04 . 2009-07-24 23:04 6998 ----a-w- C:\DpGorEDG.bat

2009-07-24 23:04 . 2009-07-24 23:04 231 ----a-w- C:\dDAh4W.bat

2009-07-24 22:54 . 2009-07-24 22:54 6998 ----a-w- C:\Hj7.bat

2009-07-24 22:54 . 2009-07-24 22:54 249 ----a-w- C:\aNeQg.bat

2009-07-24 22:34 . 2009-07-24 22:34 6998 ----a-w- C:\NjEBL.bat

2009-07-24 22:19 . 2009-07-24 22:19 6998 ----a-w- C:\lm3.bat

2009-07-24 22:19 . 2009-07-24 22:19 231 ----a-w- C:\SC7f1.bat

2009-07-24 22:08 . 2009-07-24 22:08 6998 ----a-w- C:\YfB5.bat

2009-07-24 22:08 . 2009-07-24 22:08 263 ----a-w- C:\W7Qj9.bat

2009-07-24 21:43 . 2009-07-24 21:43 6998 ----a-w- C:\vpsHr.bat

2009-07-24 21:36 . 2009-07-24 21:36 6998 ----a-w- C:\jLGE.bat

2009-07-24 21:36 . 2009-07-24 21:36 255 ----a-w- C:\mBG6v2Po.bat

2009-07-24 21:26 . 2009-07-24 21:26 6998 ----a-w- C:\q67czbZn.bat

2009-07-24 21:26 . 2009-07-24 21:26 230 ----a-w- C:\FJI8mEgY.bat

2009-07-23 22:21 . 2009-07-23 22:21 57920 ----a-w- C:\nDKqA.exe

2009-07-23 22:21 . 2009-07-23 22:21 6998 ----a-w- C:\sJfZdw.bat

2009-07-23 22:21 . 2009-07-23 22:21 249 ----a-w- C:\mNDHr.bat

2009-07-23 22:09 . 2009-07-23 22:09 6998 ----a-w- C:\maDcoB.bat

2009-07-23 22:09 . 2009-07-23 22:09 273 ----a-w- C:\Ov0Vr.bat

2009-07-23 21:43 . 2009-07-23 21:43 6998 ----a-w- C:\g3TPaV5p.bat

2009-07-23 21:22 . 2009-07-23 21:22 320008 ----a-w- C:\OLvt.exe

2009-07-23 21:22 . 2009-07-23 21:22 6998 ----a-w- C:\PvR.bat

2009-07-23 21:22 . 2009-07-23 21:22 240 ----a-w- C:\IfgaJxjt.bat

2009-07-23 21:20 . 2009-07-23 21:20 6998 ----a-w- C:\QZC.bat

2009-07-23 21:20 . 2009-07-23 21:20 262 ----a-w- C:\eFbl.bat

2009-07-23 21:09 . 2009-07-23 21:00 6998 ----a-w- C:\aim3k6Wn.bat

2009-07-23 21:09 . 2009-07-23 21:00 241 ----a-w- C:\enL.bat

2009-07-23 20:55 . 2009-07-23 20:55 6998 ----a-w- C:\cC6.bat

2009-07-23 20:55 . 2009-07-23 20:55 232 ----a-w- C:\TmfUSOtf.bat

2009-07-23 20:50 . 2009-07-23 20:50 6998 ----a-w- C:\GOL1vM.bat

2009-07-23 20:50 . 2009-07-23 20:50 265 ----a-w- C:\Bv5.bat

2009-07-23 20:49 . 2009-07-23 20:49 6998 ----a-w- C:\nWTV8Pdy.bat

2009-07-23 20:43 . 2009-07-23 20:43 6998 ----a-w- C:\it2fWy.bat

2009-07-23 20:35 . 2009-07-23 20:35 6998 ----a-w- C:\lWzKZ.bat

2009-07-23 20:35 . 2009-07-23 20:35 269 ----a-w- C:\Nr7Ng71q.bat

2009-07-23 20:34 . 2009-07-23 20:34 6998 ----a-w- C:\e1EO2.bat

2009-07-23 20:34 . 2009-07-23 20:34 258 ----a-w- C:\VzTqL.bat

2009-07-23 20:32 . 2009-07-23 20:32 6998 ----a-w- C:\bAG.bat

2009-07-23 20:32 . 2009-07-23 20:32 252 ----a-w- C:\Bh86xd.bat

2009-07-23 20:05 . 2009-07-23 20:05 6998 ----a-w- C:\uJKCYK.bat

2009-07-23 20:05 . 2009-07-23 20:05 265 ----a-w- C:\ZKSYCi.bat

2009-07-23 20:01 . 2009-07-23 20:01 263 ----a-w- C:\uDo.bat

2009-07-23 19:40 . 2009-07-23 19:40 6998 ----a-w- C:\Ol4.bat

2009-07-23 19:40 . 2009-07-23 19:40 271 ----a-w- C:\Tboipi.bat

2009-07-23 19:29 . 2009-07-23 19:29 255 ----a-w- C:\DVTZ7C.bat

2009-07-23 19:22 . 2009-07-23 19:22 6998 ----a-w- C:\jZwu.bat

2009-07-23 19:22 . 2009-07-23 19:22 275 ----a-w- C:\YqJOQVHj.bat

2009-07-23 19:07 . 2009-07-23 19:07 6998 ----a-w- C:\Kxk.bat

2009-07-23 19:07 . 2009-07-23 19:07 271 ----a-w- C:\kSEnJ.bat

2009-07-23 19:04 . 2009-07-23 19:04 6998 ----a-w- C:\Vh3Y.bat

2009-07-23 19:04 . 2009-07-23 19:04 243 ----a-w- C:\StkwpSkb.bat

2009-07-23 18:58 . 2009-07-23 18:58 266 ----a-w- C:\FiUV.bat

2009-07-23 18:54 . 2009-07-23 18:54 6998 ----a-w- C:\xq4Y.bat

2009-07-23 18:54 . 2009-07-23 18:54 265 ----a-w- C:\qvZV2y.bat

2009-07-23 18:25 . 2009-07-23 18:25 6998 ----a-w- C:\v1Z.bat

2009-07-23 18:25 . 2009-07-23 18:25 244 ----a-w- C:\sZWnr.bat

2009-07-23 18:02 . 2009-07-23 18:02 6998 ----a-w- C:\nrz5.bat

2009-07-23 18:02 . 2009-07-23 18:02 257 ----a-w- C:\GWX.bat

2009-07-23 18:00 . 2009-07-23 18:00 6998 ----a-w- C:\r1FvE.bat

2009-07-23 18:00 . 2009-07-23 18:00 274 ----a-w- C:\vTknFX.bat

2009-07-23 17:50 . 2009-07-23 17:50 240 ----a-w- C:\oWJDKb.bat

2009-07-23 17:42 . 2009-07-23 17:42 236 ----a-w- C:\M17.bat

2009-07-23 17:20 . 2009-07-23 17:20 6998 ----a-w- C:\IGdfjg.bat

2009-07-23 17:20 . 2009-07-23 17:20 232 ----a-w- C:\e30CEh.bat

2009-07-23 17:07 . 2009-07-23 17:07 6998 ----a-w- C:\WHl.bat

2009-07-23 17:07 . 2009-07-23 17:07 239 ----a-w- C:\fPp.bat

2009-07-23 16:59 . 2009-07-23 16:59 256 ----a-w- C:\Waf.bat

2009-07-23 16:56 . 2009-07-23 16:56 6998 ----a-w- C:\xv6oB.bat

2009-07-23 16:56 . 2009-07-23 16:56 248 ----a-w- C:\XWTUD8fl.bat

2009-07-23 16:55 . 2009-07-23 16:55 6998 ----a-w- C:\uIY1JbKS.bat

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-07-25 17:06 . 2007-06-08 11:11 142041120 --sha-w- c:\windows\system32\drivers\fidbox.dat

2009-07-25 17:02 . 2008-10-01 19:12 -------- d-----w- c:\documents and settings\Pieter\Application Data\Skype

2009-07-25 17:00 . 2007-06-08 11:11 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab

2009-07-25 16:58 . 2007-06-08 11:11 1662980 --sha-w- c:\windows\system32\drivers\fidbox.idx

2009-07-25 16:58 . 2007-06-08 11:11 1661472 --sha-w- c:\windows\system32\drivers\fidbox2.dat

2009-07-25 16:58 . 2007-06-08 11:11 158396 --sha-w- c:\windows\system32\drivers\fidbox2.idx

2009-07-25 14:56 . 2007-10-04 19:39 -------- d-----w- c:\program files\MSN Messenger

2009-07-25 14:06 . 2008-10-01 19:12 -------- d-----w- c:\documents and settings\Pieter\Application Data\skypePM

2009-07-25 09:45 . 2008-08-25 18:20 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2009-07-25 09:37 . 2009-03-03 23:00 -------- d-----w- c:\program files\Download Youtube Free

2009-07-24 21:16 . 2009-01-28 19:50 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater

2009-07-13 11:36 . 2008-08-25 18:21 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2009-07-13 11:36 . 2008-08-25 18:24 19096 ----a-w- c:\windows\system32\drivers\mbam.sys

2009-06-16 14:55 . 2001-08-23 12:00 82432 ----a-w- c:\windows\system32\fontsub.dll

2009-06-16 14:55 . 2001-08-23 12:00 119808 ----a-w- c:\windows\system32\t2embed.dll

2009-06-03 19:27 . 2005-08-30 04:02 1290752 ----a-w- c:\windows\system32\quartz.dll

2009-05-27 19:12 . 2009-05-27 19:12 -------- d-----w- c:\documents and settings\All Users\Application Data\SpinTop Games

2009-05-07 15:44 . 2002-08-29 02:41 344064 ----a-w- c:\windows\system32\localspl.dll

2009-04-29 04:52 . 2006-08-30 18:42 616448 ----a-w- c:\windows\system32\urlmon(3).dll

2009-04-29 04:52 . 2006-06-23 09:33 659456 ----a-w- c:\windows\system32\wininet.dll

2009-04-29 04:52 . 2006-06-23 09:33 659456 ----a-w- c:\windows\system32\wininet(3).dll

2009-04-29 04:52 . 2004-08-04 07:56 81920 ----a-w- c:\windows\system32\ieencode.dll

2009-07-16 00:37 . 2009-07-25 09:49 137208 ----a-w- c:\program files\mozilla firefox\components\brwsrcmp.dll

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]

"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-05-16 153136]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-21 68856]

"MsnMsgr"="c:\program files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 5674352]

"TomTomHOME.exe"="c:\program files\TomTom HOME 2\TomTomHOMERunner.exe" [2009-04-08 251240]

"Shareaza"="c:\program files\Shareaza\Shareaza.exe" [2005-10-27 3887104]

"Skype"="c:\program files\Skype\Phone\Skype.exe" [2008-09-29 21755688]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 63712]

"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]

"SunJavaUpdateSched"="c:\program files\Java\jre1.5.0\bin\jusched.exe" [2007-08-28 36972]

"PCSuiteTrayApplication"="c:\program files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2006-11-28 222720]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-05-02 413696]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-03-30 267048]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]

"PD0620 STISvc"="P0620Pin.dll" - c:\windows\system32\P0620Pin.dll [2005-05-10 36864]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2004-08-04 15360]

"PcSync"="c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2006-11-09 1634304]

c:\documents and settings\Pieter\Start Menu\Programs\Startup\

is-16TD9.lnk - c:\documents and settings\Pieter\Desktop\Virus Removal Tool\is-16TD9\startup.exe [2009-7-11 65536]

is-C133G.lnk - c:\documents and settings\Pieter\Desktop\Virus Removal Tool1\is-C133G\startup.exe [2009-7-11 65536]

c:\documents and settings\All Users\Start Menu\Programs\Startup\

Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2007-6-11 110592]

Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [2000-1-21 65588]

WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2009-3-4 389120]

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]

"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Messenger\\msmsgs.exe"=

"c:\\Program Files\\NetMeeting\\conf.exe"=

"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=

"c:\\Program Files\\MSN Messenger\\livecall.exe"=

"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=

"c:\\Program Files\\mIRC\\mirc.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

"c:\\Program Files\\Shareaza\\Shareaza.exe"=

"c:\\Documents and Settings\\All Users\\Application Data\\Kaspersky Lab Setup Files\\Kaspersky Internet Security 2009\\English\\setup.exe"=

"c:\\Program Files\\SightSpeed\\SightSpeed.exe"=

"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [26/08/2008 19:43 32784]

R1 is-16TD9drv;is-16TD9drv;c:\windows\system32\drivers\38813292.sys [11/07/2009 13:19 148496]

R2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [8/04/2009 12:38 92008]

R3 KLFLTDEV;Kaspersky Lab KLFltDev;c:\windows\system32\drivers\klfltdev.sys [26/08/2008 19:43 26640]

R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [26/08/2008 19:43 24592]

.

Contents of the 'Scheduled Tasks' folder

2009-05-21 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 12:57]

2009-07-25 c:\windows\Tasks\Google Software Updater.job

- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-06-11 22:17]

2009-07-25 c:\windows\Tasks\Norton Security Scan for Pieter.job

- c:\program files\Norton Security Scan\Nss.exe [2009-03-13 03:53]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.standaard.be/

uSearch Page = hxxp://www.google.com

uSearchMigratedDefaultURL = 687474703a2f2f7777772e676f6f676c652e636f6d2f

uDefault_Search_URL = 687474703a2f2f7777772e676f6f676c652e636f6d2f

uSearch Bar = hxxp://www.google.com/ie

mDefault_Search_URL = hxxp://www.google.com/ie

mSearch Bar = 687474703a2f2f7777772e676f6f676c652e636f6d2f

mSearchMigratedDefaultURL = 687474703a2f2f7777772e676f6f676c652e636f6d2f

uInternet Settings,ProxyOverride = *.local

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

mSearchURL = 687474703a2f2f7777772e676f6f676c652e636f6d2f

mSearchAssistant = hxxp://www.google.com/ie

IE: &Search

IE: Download &Youtube Free - c:\program files\Download Youtube Free\save.htm

DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab

DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab

FF - ProfilePath - c:\documents and settings\Pieter\Application Data\Mozilla\Firefox\Profiles\jtjnlzxc.default\

FF - plugin: c:\documents and settings\All Users\Application Data\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll

FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll

FF - plugin: c:\program files\Java\jre1.5.0\bin\NPJava11.dll

FF - plugin: c:\program files\Java\jre1.5.0\bin\NPJava12.dll

FF - plugin: c:\program files\Java\jre1.5.0\bin\NPJava13.dll

FF - plugin: c:\program files\Java\jre1.5.0\bin\NPJava14.dll

FF - plugin: c:\program files\Java\jre1.5.0\bin\NPJava32.dll

FF - plugin: c:\program files\Java\jre1.5.0\bin\NPJPI150.dll

FF - plugin: c:\program files\Java\jre1.5.0\bin\NPOJI610.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\npzylomgamesplayer.dll

---- FIREFOX POLICIES ----

c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.cache_size", 51200);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.ogg.enabled", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.wave.enabled", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.autoplay.enabled", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");

c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.dpi", -1);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("geo.enabled", true);

c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");

c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");

.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover

Rootkit scan 2009-07-25 19:00

Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(860)

c:\windows\system32\Ati2evxx.dll

c:\windows\System32\klogon.dll

.

------------------------ Other Running Processes ------------------------

.

c:\windows\system32\ati2evxx.exe

c:\windows\system32\ati2evxx.exe

c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

c:\program files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe

c:\program files\Bonjour\mDNSResponder.exe

c:\windows\system32\rundll32.exe

c:\program files\Java\jre1.5.0\bin\jucheck.exe

c:\program files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe

c:\progra~1\WinZip\WZQKPICK.EXE

c:\windows\system32\wdfmgr.exe

c:\program files\PC Connectivity Solution\ServiceLayer.exe

c:\program files\Common Files\Ahead\Lib\NMIndexingService.exe

c:\program files\iPod\bin\iPodService.exe

c:\windows\system32\wscntfy.exe

c:\program files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe

.

**************************************************************************

.

Completion time: 2009-07-25 19:15 - machine was rebooted

ComboFix-quarantined-files.txt 2009-07-25 17:15

Pre-Run: 1.629.229.056 bytes free

Post-Run: 3.403.808.768 bytes free

437 --- E O F --- 2009-07-14 20:16

Link naar reactie
Delen op andere sites

Eerst even een vraagje : Kaspersky lijkt me je actieve virusscanner. Is er dan nog een reden waarom bij je geplande taken een scan van Norton/Symantec dagelijks gepland staat ?

Open een kladblokbestand.

Kopieer en plak daarin de onderstaande vetgedrukte tekst.

File::

c:\windows\system32\drivers\38813292.sys

C:\IHIX9te3.exe

C:\mAaeZc.bat

C:\GPeI5.bat

C:\Jpqc.bat

C:\xLvtj.bat

C:\d0mgELZU.exe

C:\jm30Q.bat

C:\j9yXWvPz.bat

C:\lQsZ4.exe

C:\XD9L.bat

C:\vhk.bat

C:\SGN5cWw.exe

C:\fqY5iX.bat

C:\DdZr.bat

C:\Qu8l.exe

C:\mnvvz.bat

C:\OpzS.bat

C:\kraj0D3r.exe

C:\aQf5O.bat

C:\UFuRg.bat

C:\JOjDfaOG.bat

C:\jgFFUX.bat

C:\QZ8Ux8y.bat

C:\VA6u.bat

C:\UuRc.exe

C:\KkxCdU.bat

C:\WfSXoq.bat

C:\fHyrL6.exe

C:\FqQ.bat

C:\bRx.bat

C:\o1at.exe

C:\tL0is2Un.bat

C:\wpPF.bat

C:\F80.bat

C:\ZpHJel.bat

C:\qTt1Dy.exe

C:\vl8kp.bat

C:\MpSU.bat

C:\Ao4X.bat

C:\fumle.bat

C:\P9iFwrk.bat

C:\yW2yb.bat

C:\t7MRgqbu.bat

C:\NohijG0p.bat

C:\GRdlJOsM.bat

C:\Pti.bat

C:\wzH.bat

C:\Zfw7.bat

C:\P73z.bat

C:\TUzHjd.bat

C:\aE8L4nXW.bat

C:\B8HQ.bat

C:\Fp69.bat

C:\DpGorEDG.bat

C:\dDAh4W.bat

C:\Hj7.bat

C:\aNeQg.bat

C:\NjEBL.bat

C:\lm3.bat

C:\SC7f1.bat

C:\YfB5.bat

C:\W7Qj9.bat

C:\vpsHr.bat

C:\jLGE.bat

C:\mBG6v2Po.bat

C:\q67czbZn.bat

C:\FJI8mEgY.bat

C:\nDKqA.exe

C:\sJfZdw.bat

C:\mNDHr.bat

C:\maDcoB.bat

C:\Ov0Vr.bat

C:\g3TPaV5p.bat

C:\OLvt.exe

C:\PvR.bat

C:\IfgaJxjt.bat

C:\QZC.bat

C:\eFbl.bat

C:\aim3k6Wn.bat

C:\enL.bat

C:\cC6.bat

C:\TmfUSOtf.bat

C:\GOL1vM.bat

C:\Bv5.bat

C:\nWTV8Pdy.bat

C:\it2fWy.bat

C:\lWzKZ.bat

C:\Nr7Ng71q.bat

C:\e1EO2.bat

C:\VzTqL.bat

C:\bAG.bat

C:\Bh86xd.bat

C:\uJKCYK.bat

C:\ZKSYCi.bat

C:\uDo.bat

C:\Ol4.bat

C:\Tboipi.bat

C:\DVTZ7C.bat

C:\jZwu.bat

C:\YqJOQVHj.bat

C:\Kxk.bat

C:\kSEnJ.bat

C:\Vh3Y.bat

C:\StkwpSkb.bat

C:\FiUV.bat

C:\xq4Y.bat

C:\qvZV2y.bat

C:\v1Z.bat

C:\sZWnr.bat

C:\nrz5.bat

C:\GWX.bat

C:\r1FvE.bat

C:\vTknFX.bat

C:\oWJDKb.bat

C:\M17.bat

C:\IGdfjg.bat

C:\e30CEh.bat

C:\WHl.bat

C:\fPp.bat

C:\Waf.bat

C:\xv6oB.bat

C:\XWTUD8fl.bat

C:\uIY1JbKS.bat

Driver::

38813292

Sla dit bestand op je bureaublad op als CFScript.txt.

Sleep CFScript.txt in ComboFix.exe

Dit zal ComboFix doen herstarten. Start opnieuw op als dat gevraagd wordt.

Post na herstart de inhoud van de Combofix.txt in je volgende bericht samen met een nieuw logje van HijackThis.

Link naar reactie
Delen op andere sites

Hallo

Ik heb geen specifieke reden hiervoor... vermoedelijk 'historische vervuiling'. Wat mij betreft, mag dat eraf.

Soit, ik heb gedaan wat je voorstelde... hier de logs:

ComboFix

ComboFix 09-07-24.01 - Pieter 25/07/2009 21:33.2.1 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.32.1033.18.511.141 [GMT 2:00]

Running from: c:\documents and settings\Pieter\Desktop\ComboFix.exe

Command switches used :: c:\documents and settings\Pieter\Desktop\CFScript.txt

AV: Kaspersky Internet Security *On-access scanning disabled* (Outdated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}

FW: Kaspersky Internet Security *disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::

"C:\aE8L4nXW.bat"

"C:\aim3k6Wn.bat"

"C:\aNeQg.bat"

"C:\Ao4X.bat"

"C:\aQf5O.bat"

"C:\B8HQ.bat"

"C:\bAG.bat"

"C:\Bh86xd.bat"

"C:\bRx.bat"

"C:\Bv5.bat"

"C:\cC6.bat"

"C:\d0mgELZU.exe"

"C:\dDAh4W.bat"

"C:\DdZr.bat"

"C:\DpGorEDG.bat"

"C:\DVTZ7C.bat"

"C:\e1EO2.bat"

"C:\e30CEh.bat"

"C:\eFbl.bat"

"C:\enL.bat"

"C:\F80.bat"

"C:\fHyrL6.exe"

"C:\FiUV.bat"

"C:\FJI8mEgY.bat"

"C:\Fp69.bat"

"C:\fPp.bat"

"C:\FqQ.bat"

"C:\fqY5iX.bat"

"C:\fumle.bat"

"C:\g3TPaV5p.bat"

"C:\GOL1vM.bat"

"C:\GPeI5.bat"

"C:\GRdlJOsM.bat"

"C:\GWX.bat"

"C:\Hj7.bat"

"C:\IfgaJxjt.bat"

"C:\IGdfjg.bat"

"C:\IHIX9te3.exe"

"C:\it2fWy.bat"

"C:\j9yXWvPz.bat"

"C:\jgFFUX.bat"

"C:\jLGE.bat"

"C:\jm30Q.bat"

"C:\JOjDfaOG.bat"

"C:\Jpqc.bat"

"C:\jZwu.bat"

"C:\KkxCdU.bat"

"C:\kraj0D3r.exe"

"C:\kSEnJ.bat"

"C:\Kxk.bat"

"C:\lm3.bat"

"C:\lQsZ4.exe"

"C:\lWzKZ.bat"

"C:\M17.bat"

"C:\mAaeZc.bat"

"C:\maDcoB.bat"

"C:\mBG6v2Po.bat"

"C:\mNDHr.bat"

"C:\mnvvz.bat"

"C:\MpSU.bat"

"C:\nDKqA.exe"

"C:\NjEBL.bat"

"C:\NohijG0p.bat"

"C:\Nr7Ng71q.bat"

"C:\nrz5.bat"

"C:\nWTV8Pdy.bat"

"C:\o1at.exe"

"C:\Ol4.bat"

"C:\OLvt.exe"

"C:\OpzS.bat"

"C:\Ov0Vr.bat"

"C:\oWJDKb.bat"

"C:\P73z.bat"

"C:\P9iFwrk.bat"

"C:\Pti.bat"

"C:\PvR.bat"

"C:\q67czbZn.bat"

"C:\qTt1Dy.exe"

"C:\Qu8l.exe"

"C:\qvZV2y.bat"

"C:\QZ8Ux8y.bat"

"C:\QZC.bat"

"C:\r1FvE.bat"

"C:\SC7f1.bat"

"C:\SGN5cWw.exe"

"C:\sJfZdw.bat"

"C:\StkwpSkb.bat"

"C:\sZWnr.bat"

"C:\t7MRgqbu.bat"

"C:\Tboipi.bat"

"C:\tL0is2Un.bat"

"C:\TmfUSOtf.bat"

"C:\TUzHjd.bat"

"C:\uDo.bat"

"C:\UFuRg.bat"

"C:\uIY1JbKS.bat"

"C:\uJKCYK.bat"

"C:\UuRc.exe"

"C:\v1Z.bat"

"C:\VA6u.bat"

"C:\Vh3Y.bat"

"C:\vhk.bat"

"C:\vl8kp.bat"

"C:\vpsHr.bat"

"C:\vTknFX.bat"

"C:\VzTqL.bat"

"C:\W7Qj9.bat"

"C:\Waf.bat"

"C:\WfSXoq.bat"

"C:\WHl.bat"

"c:\windows\system32\drivers\38813292.sys"

"C:\wpPF.bat"

"C:\wzH.bat"

"C:\XD9L.bat"

"C:\xLvtj.bat"

"C:\xq4Y.bat"

"C:\xv6oB.bat"

"C:\XWTUD8fl.bat"

"C:\YfB5.bat"

"C:\YqJOQVHj.bat"

"C:\yW2yb.bat"

"C:\Zfw7.bat"

"C:\ZKSYCi.bat"

"C:\ZpHJel.bat"

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\aE8L4nXW.bat

C:\aim3k6Wn.bat

C:\aNeQg.bat

C:\Ao4X.bat

C:\aQf5O.bat

C:\B8HQ.bat

C:\bAG.bat

C:\Bh86xd.bat

C:\bRx.bat

C:\Bv5.bat

C:\cC6.bat

C:\d0mgELZU.exe

C:\dDAh4W.bat

C:\DdZr.bat

C:\DpGorEDG.bat

C:\DVTZ7C.bat

C:\e1EO2.bat

C:\e30CEh.bat

C:\eFbl.bat

C:\enL.bat

C:\F80.bat

C:\fHyrL6.exe

C:\FiUV.bat

C:\FJI8mEgY.bat

C:\Fp69.bat

C:\fPp.bat

C:\FqQ.bat

C:\fqY5iX.bat

C:\fumle.bat

C:\g3TPaV5p.bat

C:\GOL1vM.bat

C:\GPeI5.bat

C:\GRdlJOsM.bat

C:\GWX.bat

C:\Hj7.bat

C:\IfgaJxjt.bat

C:\IGdfjg.bat

C:\IHIX9te3.exe

C:\it2fWy.bat

C:\j9yXWvPz.bat

C:\jgFFUX.bat

C:\jLGE.bat

C:\jm30Q.bat

C:\JOjDfaOG.bat

C:\Jpqc.bat

C:\jZwu.bat

C:\KkxCdU.bat

C:\kraj0D3r.exe

C:\kSEnJ.bat

C:\Kxk.bat

C:\lm3.bat

C:\lQsZ4.exe

C:\lWzKZ.bat

C:\M17.bat

C:\mAaeZc.bat

C:\maDcoB.bat

C:\mBG6v2Po.bat

C:\mNDHr.bat

C:\mnvvz.bat

C:\MpSU.bat

C:\nDKqA.exe

C:\NjEBL.bat

C:\NohijG0p.bat

C:\Nr7Ng71q.bat

C:\nrz5.bat

C:\nWTV8Pdy.bat

C:\o1at.exe

C:\Ol4.bat

C:\OLvt.exe

C:\OpzS.bat

C:\Ov0Vr.bat

C:\oWJDKb.bat

C:\P73z.bat

C:\P9iFwrk.bat

C:\Pti.bat

C:\PvR.bat

C:\q67czbZn.bat

C:\qTt1Dy.exe

C:\Qu8l.exe

C:\qvZV2y.bat

C:\QZ8Ux8y.bat

C:\QZC.bat

C:\r1FvE.bat

C:\SC7f1.bat

C:\SGN5cWw.exe

C:\sJfZdw.bat

C:\StkwpSkb.bat

C:\sZWnr.bat

C:\t7MRgqbu.bat

C:\Tboipi.bat

C:\tL0is2Un.bat

C:\TmfUSOtf.bat

C:\TUzHjd.bat

C:\uDo.bat

C:\UFuRg.bat

C:\uIY1JbKS.bat

C:\uJKCYK.bat

C:\UuRc.exe

C:\v1Z.bat

C:\VA6u.bat

C:\Vh3Y.bat

C:\vhk.bat

C:\vl8kp.bat

C:\vpsHr.bat

C:\vTknFX.bat

C:\VzTqL.bat

C:\W7Qj9.bat

C:\Waf.bat

C:\WfSXoq.bat

C:\WHl.bat

c:\windows\system32\drivers\38813292.sys

C:\wpPF.bat

C:\wzH.bat

C:\XD9L.bat

C:\xLvtj.bat

C:\xq4Y.bat

C:\xv6oB.bat

C:\XWTUD8fl.bat

C:\YfB5.bat

C:\YqJOQVHj.bat

C:\yW2yb.bat

C:\Zfw7.bat

C:\ZKSYCi.bat

C:\ZpHJel.bat

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

-------\Legacy_is-16TD9drv

-------\Service_is-16TD9drv

((((((((((((((((((((((((( Files Created from 2009-06-25 to 2009-07-25 )))))))))))))))))))))))))))))))

.

2009-07-25 15:03 . 2009-07-25 15:03 -------- d-----w- c:\program files\Common Files\Symantec Shared

2009-07-25 15:02 . 2009-07-25 15:02 -------- d-----w- c:\program files\Norton Security Scan

2009-07-23 16:55 . 2009-07-23 16:55 242 ----a-w- C:\K0vXD.bat

2009-07-23 16:45 . 2009-07-23 16:45 6998 ----a-w- C:\BFT.bat

2009-07-23 16:45 . 2009-07-23 16:45 247 ----a-w- C:\hPZ.bat

2009-07-23 16:38 . 2009-07-23 16:38 6998 ----a-w- C:\NGC2.bat

2009-07-23 16:38 . 2009-07-23 16:38 243 ----a-w- C:\Gon6zjn9.bat

2009-07-23 16:35 . 2009-07-23 16:35 6998 ----a-w- C:\QIJnZ.bat

2009-07-23 16:35 . 2009-07-23 16:35 250 ----a-w- C:\v6l5ipEN.bat

2009-07-22 20:25 . 2009-07-22 20:25 6998 ----a-w- C:\oytH3.bat

2009-07-22 20:25 . 2009-07-22 20:25 246 ----a-w- C:\O9V.bat

2009-07-22 20:24 . 2009-07-22 20:24 6998 ----a-w- C:\E87D.bat

2009-07-22 20:24 . 2009-07-22 20:24 247 ----a-w- C:\E931.bat

2009-07-22 20:06 . 2009-07-22 20:06 273 ----a-w- C:\fRVw.bat

2009-07-22 20:01 . 2009-07-22 20:01 275 ----a-w- C:\zSe.bat

2009-07-22 19:55 . 2009-07-22 19:55 6998 ----a-w- C:\foQqpI.bat

2009-07-22 19:55 . 2009-07-22 19:55 233 ----a-w- C:\aYIbBT.bat

2009-07-22 19:42 . 2009-07-22 19:42 6998 ----a-w- C:\c1ud.bat

2009-07-22 19:42 . 2009-07-22 19:42 273 ----a-w- C:\mKzkZY.bat

2009-07-22 19:23 . 2009-07-22 19:23 6998 ----a-w- C:\Qua.bat

2009-07-22 19:23 . 2009-07-22 19:23 247 ----a-w- C:\zyf.bat

2009-07-22 19:02 . 2009-07-22 19:02 6998 ----a-w- C:\hyVa3.bat

2009-07-22 19:02 . 2009-07-22 19:02 248 ----a-w- C:\QjzMie.bat

2009-07-22 19:01 . 2009-07-22 19:01 6998 ----a-w- C:\gMnF.bat

2009-07-22 19:01 . 2009-07-22 19:01 250 ----a-w- C:\xJFx9qMt.bat

2009-07-22 18:55 . 2009-07-22 18:55 242 ----a-w- C:\dglPkM.bat

2009-07-22 18:44 . 2009-07-22 18:44 6998 ----a-w- C:\rGqFK1.bat

2009-07-22 18:44 . 2009-07-22 18:44 261 ----a-w- C:\hDQg5.bat

2009-07-22 18:38 . 2009-07-22 18:38 6998 ----a-w- C:\JSKRTSw7.bat

2009-07-22 18:38 . 2009-07-22 18:38 260 ----a-w- C:\UBmemIuB.bat

2009-07-22 18:31 . 2009-07-22 18:31 6998 ----a-w- C:\jrVC0Q.bat

2009-07-22 18:31 . 2009-07-22 18:31 259 ----a-w- C:\nVNJiE.bat

2009-07-22 18:21 . 2009-07-22 18:21 6998 ----a-w- C:\cktm.bat

2009-07-22 18:21 . 2009-07-22 18:21 232 ----a-w- C:\NIGwLD.bat

2009-07-22 18:05 . 2009-07-22 18:05 6998 ----a-w- C:\HF2.bat

2009-07-22 18:05 . 2009-07-22 18:05 273 ----a-w- C:\qxw.bat

2009-07-22 18:02 . 2009-07-22 18:02 6998 ----a-w- C:\lYTu.bat

2009-07-22 17:58 . 2009-07-22 17:58 6998 ----a-w- C:\P5Fw.bat

2009-07-22 17:58 . 2009-07-22 17:58 271 ----a-w- C:\wK2x0L.bat

2009-07-22 12:24 . 2009-07-22 12:24 6998 ----a-w- C:\bmZ.bat

2009-07-22 12:24 . 2009-07-22 12:24 262 ----a-w- C:\M3hL39ij.bat

2009-07-22 12:16 . 2009-07-22 12:16 6998 ----a-w- C:\odXBTWNJ.bat

2009-07-22 12:09 . 2009-07-22 12:09 6998 ----a-w- C:\I53JSdlw.bat

2009-07-22 12:09 . 2009-07-22 12:09 272 ----a-w- C:\Lsf9.bat

2009-07-22 11:57 . 2009-07-22 11:57 6998 ----a-w- C:\XhL.bat

2009-07-22 11:57 . 2009-07-22 11:57 248 ----a-w- C:\n0NF.bat

2009-07-22 11:44 . 2009-07-22 11:44 6998 ----a-w- C:\MrGR5.bat

2009-07-22 11:44 . 2009-07-22 11:44 274 ----a-w- C:\Kgjwo.bat

2009-07-22 11:29 . 2009-07-22 11:29 6998 ----a-w- C:\DrKymJPg.bat

2009-07-22 11:29 . 2009-07-22 11:29 231 ----a-w- C:\w5cJd.bat

2009-07-22 11:22 . 2009-07-22 11:22 238 ----a-w- C:\SYhaOf.bat

2009-07-22 11:18 . 2009-07-22 11:18 256 ----a-w- C:\Z2M.bat

2009-07-22 11:03 . 2009-07-22 11:03 6998 ----a-w- C:\kdce8.bat

2009-07-22 11:03 . 2009-07-22 11:03 236 ----a-w- C:\ISoaVQ.bat

2009-07-22 10:54 . 2009-07-22 10:54 6998 ----a-w- C:\GQpS4.bat

2009-07-22 10:54 . 2009-07-22 10:54 261 ----a-w- C:\iW67.bat

2009-07-22 10:42 . 2009-07-22 10:42 6998 ----a-w- C:\CX1ToA.bat

2009-07-22 10:42 . 2009-07-22 10:42 235 ----a-w- C:\GEUOzh.bat

2009-07-22 10:35 . 2009-07-22 10:35 6998 ----a-w- C:\septX.bat

2009-07-22 10:35 . 2009-07-22 10:35 272 ----a-w- C:\Yta8.bat

2009-07-22 10:24 . 2009-07-22 10:24 6998 ----a-w- C:\RV5.bat

2009-07-22 10:24 . 2009-07-22 10:24 257 ----a-w- C:\xEO.bat

2009-07-22 10:17 . 2009-07-22 10:17 6998 ----a-w- C:\DDp.bat

2009-07-22 10:17 . 2009-07-22 10:17 241 ----a-w- C:\jz4g4jqR.bat

2009-07-22 10:07 . 2009-07-22 10:07 6998 ----a-w- C:\JzVq.bat

2009-07-22 10:07 . 2009-07-22 10:07 242 ----a-w- C:\eH8l5.bat

2009-07-22 10:05 . 2009-07-22 10:05 241 ----a-w- C:\WSf.bat

2009-07-22 10:00 . 2009-07-22 10:00 6998 ----a-w- C:\WYew.bat

2009-07-22 10:00 . 2009-07-22 10:00 234 ----a-w- C:\Omx18.bat

2009-07-22 09:57 . 2009-07-22 09:57 6998 ----a-w- C:\t3BQVL.bat

2009-07-22 09:57 . 2009-07-22 09:57 262 ----a-w- C:\jrYGQ.bat

2009-07-22 09:56 . 2009-07-22 09:56 6998 ----a-w- C:\V8d7yWui.bat

2009-07-22 09:56 . 2009-07-22 09:56 266 ----a-w- C:\LhvSVcYC.bat

2009-07-21 21:06 . 2009-07-21 21:06 6998 ----a-w- C:\G9qTcZRP.bat

2009-07-21 21:04 . 2009-07-21 21:04 6998 ----a-w- C:\E9C.bat

2009-07-21 21:04 . 2009-07-21 21:04 254 ----a-w- C:\oYEz65rb.bat

2009-07-21 19:08 . 2009-07-21 19:08 6998 ----a-w- C:\FvOSlasK.bat

2009-07-21 19:08 . 2009-07-21 19:08 246 ----a-w- C:\fPWoRFFt.bat

2009-07-21 18:49 . 2009-07-21 18:49 6998 ----a-w- C:\dT9sKfAr.bat

2009-07-21 18:49 . 2009-07-21 18:49 247 ----a-w- C:\hq2kB.bat

2009-07-21 18:44 . 2009-07-21 18:44 6998 ----a-w- C:\jDG.bat

2009-07-21 18:44 . 2009-07-21 18:44 239 ----a-w- C:\g84e1.bat

2009-07-21 18:29 . 2009-07-21 18:29 6998 ----a-w- C:\nDre.bat

2009-07-21 18:06 . 2009-07-21 18:06 6998 ----a-w- C:\lBsr1uBX.bat

2009-07-21 18:06 . 2009-07-21 18:06 273 ----a-w- C:\BIDPL.bat

2009-07-21 18:05 . 2009-07-21 18:05 6998 ----a-w- C:\BA8U8yMo.bat

2009-07-21 18:05 . 2009-07-21 18:05 240 ----a-w- C:\Ll4.bat

2009-07-21 17:55 . 2009-07-21 17:55 6998 ----a-w- C:\m9OHJv.bat

2009-07-21 17:55 . 2009-07-21 17:55 248 ----a-w- C:\Fo5pPC.bat

2009-07-21 17:43 . 2009-07-21 17:43 6998 ----a-w- C:\gR6KxiIG.bat

2009-07-21 17:43 . 2009-07-21 17:43 248 ----a-w- C:\QR8Qssad.bat

2009-07-21 17:28 . 2009-07-21 17:28 6998 ----a-w- C:\UKlB1.bat

2009-07-21 17:25 . 2009-07-21 17:25 6998 ----a-w- C:\SUf9.bat

2009-07-21 17:25 . 2009-07-21 17:25 238 ----a-w- C:\B36m0Y.bat

2009-07-21 17:07 . 2009-07-21 17:07 6998 ----a-w- C:\FEg.bat

2009-07-21 17:07 . 2009-07-21 17:07 231 ----a-w- C:\OhF.bat

2009-07-21 16:58 . 2009-07-21 16:58 6998 ----a-w- C:\ASNwscar.bat

2009-07-21 16:58 . 2009-07-21 16:58 265 ----a-w- C:\PM5.bat

2009-07-21 16:37 . 2009-07-21 16:37 6998 ----a-w- C:\okCnlq.bat

2009-07-21 16:37 . 2009-07-21 16:37 243 ----a-w- C:\ASLvBD.bat

2009-07-21 16:31 . 2009-07-21 16:31 6998 ----a-w- C:\YgeAa.bat

2009-07-21 16:31 . 2009-07-21 16:31 230 ----a-w- C:\vm6.bat

2009-07-21 16:28 . 2009-07-21 16:28 6998 ----a-w- C:\VVUOs6.bat

2009-07-21 16:28 . 2009-07-21 16:28 230 ----a-w- C:\THcxgyec.bat

2009-07-21 16:17 . 2009-07-21 16:17 6998 ----a-w- C:\Py4ax.bat

2009-07-21 16:17 . 2009-07-21 16:17 266 ----a-w- C:\wRiQnRSg.bat

2009-07-21 16:08 . 2009-07-21 16:08 6998 ----a-w- C:\QgzR.bat

2009-07-21 16:08 . 2009-07-21 16:08 245 ----a-w- C:\DFhvRZXO.bat

2009-07-21 15:56 . 2009-07-21 15:56 6998 ----a-w- C:\JHjGPkAE.bat

2009-07-21 15:56 . 2009-07-21 15:56 233 ----a-w- C:\YOekYS.bat

2009-07-21 15:53 . 2009-07-21 15:53 6998 ----a-w- C:\XLkm.bat

2009-07-21 15:51 . 2009-07-21 15:51 6998 ----a-w- C:\AaK.bat

2009-07-21 15:51 . 2009-07-21 15:51 250 ----a-w- C:\uKpT4sLW.bat

2009-07-20 22:41 . 2009-07-20 22:41 6998 ----a-w- C:\OZo.bat

2009-07-20 22:41 . 2009-07-20 22:41 266 ----a-w- C:\AF7I.bat

2009-07-20 22:15 . 2009-07-20 22:15 6998 ----a-w- C:\WrZxjH.bat

2009-07-20 22:15 . 2009-07-20 22:15 250 ----a-w- C:\w2V.bat

2009-07-20 22:07 . 2009-07-20 22:07 6998 ----a-w- C:\r6jsXI.bat

2009-07-20 22:07 . 2009-07-20 22:07 263 ----a-w- C:\BeaX.bat

2009-07-20 22:00 . 2009-07-20 22:00 273 ----a-w- C:\n4Md.bat

2009-07-20 21:51 . 2009-07-20 21:51 248 ----a-w- C:\EEFbU36t.bat

2009-07-20 21:32 . 2009-07-20 21:32 6998 ----a-w- C:\DxhgtO.bat

2009-07-20 21:32 . 2009-07-20 21:32 273 ----a-w- C:\Xkogd.bat

2009-07-20 21:17 . 2009-07-20 21:17 261 ----a-w- C:\wGiKFu.bat

2009-07-20 21:04 . 2009-07-20 21:04 6998 ----a-w- C:\wlaFykOF.bat

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-07-25 20:11 . 2008-10-01 19:12 -------- d-----w- c:\documents and settings\Pieter\Application Data\Skype

2009-07-25 20:11 . 2008-10-01 19:12 -------- d-----w- c:\documents and settings\Pieter\Application Data\skypePM

2009-07-25 20:10 . 2007-06-08 11:11 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab

2009-07-25 19:45 . 2007-06-08 11:11 1701860 --sha-w- c:\windows\system32\drivers\fidbox.idx

2009-07-25 19:45 . 2007-06-08 11:11 145133600 --sha-w- c:\windows\system32\drivers\fidbox.dat

2009-07-25 19:45 . 2007-06-08 11:11 158396 --sha-w- c:\windows\system32\drivers\fidbox2.idx

2009-07-25 19:45 . 2007-06-08 11:11 1661472 --sha-w- c:\windows\system32\drivers\fidbox2.dat

2009-07-25 14:56 . 2007-10-04 19:39 -------- d-----w- c:\program files\MSN Messenger

2009-07-25 09:45 . 2008-08-25 18:20 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2009-07-25 09:37 . 2009-03-03 23:00 -------- d-----w- c:\program files\Download Youtube Free

2009-07-24 21:16 . 2009-01-28 19:50 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater

2009-07-13 11:36 . 2008-08-25 18:21 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2009-07-13 11:36 . 2008-08-25 18:24 19096 ----a-w- c:\windows\system32\drivers\mbam.sys

2009-06-16 14:55 . 2001-08-23 12:00 82432 ----a-w- c:\windows\system32\fontsub.dll

2009-06-16 14:55 . 2001-08-23 12:00 119808 ----a-w- c:\windows\system32\t2embed.dll

2009-06-03 19:27 . 2005-08-30 04:02 1290752 ----a-w- c:\windows\system32\quartz.dll

2009-05-27 19:12 . 2009-05-27 19:12 -------- d-----w- c:\documents and settings\All Users\Application Data\SpinTop Games

2009-05-07 15:44 . 2002-08-29 02:41 344064 ----a-w- c:\windows\system32\localspl.dll

2009-04-29 04:52 . 2006-08-30 18:42 616448 ----a-w- c:\windows\system32\urlmon(3).dll

2009-04-29 04:52 . 2006-06-23 09:33 659456 ----a-w- c:\windows\system32\wininet.dll

2009-04-29 04:52 . 2006-06-23 09:33 659456 ----a-w- c:\windows\system32\wininet(3).dll

2009-04-29 04:52 . 2004-08-04 07:56 81920 ----a-w- c:\windows\system32\ieencode.dll

2009-07-16 00:37 . 2009-07-25 09:49 137208 ----a-w- c:\program files\mozilla firefox\components\brwsrcmp.dll

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]

"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-05-16 153136]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-21 68856]

"MsnMsgr"="c:\program files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 5674352]

"TomTomHOME.exe"="c:\program files\TomTom HOME 2\TomTomHOMERunner.exe" [2009-04-08 251240]

"Shareaza"="c:\program files\Shareaza\Shareaza.exe" [2005-10-27 3887104]

"Skype"="c:\program files\Skype\Phone\Skype.exe" [2008-09-29 21755688]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 63712]

"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]

"SunJavaUpdateSched"="c:\program files\Java\jre1.5.0\bin\jusched.exe" [2007-08-28 36972]

"PCSuiteTrayApplication"="c:\program files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2006-11-28 222720]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-05-02 413696]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-03-30 267048]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]

"PD0620 STISvc"="P0620Pin.dll" - c:\windows\system32\P0620Pin.dll [2005-05-10 36864]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2004-08-04 15360]

"PcSync"="c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2006-11-09 1634304]

c:\documents and settings\Pieter\Start Menu\Programs\Startup\

is-16TD9.lnk - c:\documents and settings\Pieter\Desktop\Virus Removal Tool\is-16TD9\startup.exe [2009-7-11 65536]

is-C133G.lnk - c:\documents and settings\Pieter\Desktop\Virus Removal Tool1\is-C133G\startup.exe [2009-7-11 65536]

c:\documents and settings\All Users\Start Menu\Programs\Startup\

Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2007-6-11 110592]

Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [2000-1-21 65588]

WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2009-3-4 389120]

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]

"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Messenger\\msmsgs.exe"=

"c:\\Program Files\\NetMeeting\\conf.exe"=

"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=

"c:\\Program Files\\MSN Messenger\\livecall.exe"=

"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=

"c:\\Program Files\\mIRC\\mirc.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

"c:\\Program Files\\Shareaza\\Shareaza.exe"=

"c:\\Documents and Settings\\All Users\\Application Data\\Kaspersky Lab Setup Files\\Kaspersky Internet Security 2009\\English\\setup.exe"=

"c:\\Program Files\\SightSpeed\\SightSpeed.exe"=

"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [26/08/2008 19:43 32784]

R3 KLFLTDEV;Kaspersky Lab KLFltDev;c:\windows\system32\drivers\klfltdev.sys [26/08/2008 19:43 26640]

R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [26/08/2008 19:43 24592]

.

Contents of the 'Scheduled Tasks' folder

2009-05-21 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 12:57]

2009-07-25 c:\windows\Tasks\Google Software Updater.job

- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-06-11 22:17]

2009-07-25 c:\windows\Tasks\Norton Security Scan for Pieter.job

- c:\program files\Norton Security Scan\Nss.exe [2009-03-13 03:53]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.standaard.be/

uSearch Page = hxxp://www.google.com

uSearchMigratedDefaultURL = 687474703a2f2f7777772e676f6f676c652e636f6d2f

uDefault_Search_URL = 687474703a2f2f7777772e676f6f676c652e636f6d2f

uSearch Bar = hxxp://www.google.com/ie

mDefault_Search_URL = hxxp://www.google.com/ie

mSearch Bar = 687474703a2f2f7777772e676f6f676c652e636f6d2f

mSearchMigratedDefaultURL = 687474703a2f2f7777772e676f6f676c652e636f6d2f

uInternet Settings,ProxyOverride = *.local

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

mSearchURL = 687474703a2f2f7777772e676f6f676c652e636f6d2f

mSearchAssistant = hxxp://www.google.com/ie

IE: &Search

IE: Download &Youtube Free - c:\program files\Download Youtube Free\save.htm

DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab

DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab

FF - ProfilePath - c:\documents and settings\Pieter\Application Data\Mozilla\Firefox\Profiles\jtjnlzxc.default\

FF - plugin: c:\documents and settings\All Users\Application Data\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll

FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll

FF - plugin: c:\program files\Java\jre1.5.0\bin\NPJava11.dll

FF - plugin: c:\program files\Java\jre1.5.0\bin\NPJava12.dll

FF - plugin: c:\program files\Java\jre1.5.0\bin\NPJava13.dll

FF - plugin: c:\program files\Java\jre1.5.0\bin\NPJava14.dll

FF - plugin: c:\program files\Java\jre1.5.0\bin\NPJava32.dll

FF - plugin: c:\program files\Java\jre1.5.0\bin\NPJPI150.dll

FF - plugin: c:\program files\Java\jre1.5.0\bin\NPOJI610.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\npzylomgamesplayer.dll

---- FIREFOX POLICIES ----

c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.cache_size", 51200);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.ogg.enabled", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.wave.enabled", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.autoplay.enabled", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");

c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.dpi", -1);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("geo.enabled", true);

c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");

c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");

.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover

Rootkit scan 2009-07-25 22:09

Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(856)

c:\windows\system32\Ati2evxx.dll

c:\windows\System32\klogon.dll

.

------------------------ Other Running Processes ------------------------

.

c:\windows\system32\ati2evxx.exe

c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

c:\program files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe

c:\program files\Bonjour\mDNSResponder.exe

c:\program files\TomTom HOME 2\TomTomHOMEService.exe

c:\windows\system32\wdfmgr.exe

c:\windows\system32\ati2evxx.exe

c:\windows\system32\wscntfy.exe

c:\windows\system32\rundll32.exe

c:\program files\Java\jre1.5.0\bin\jucheck.exe

c:\progra~1\WinZip\WZQKPICK.EXE

c:\program files\PC Connectivity Solution\ServiceLayer.exe

c:\documents and settings\Pieter\Desktop\Virus Removal Tool\is-16TD9\is-16TD9.exe

c:\documents and settings\Pieter\Desktop\Virus Removal Tool1\is-C133G\is-C133G.exe

c:\program files\Common Files\Ahead\Lib\NMIndexingService.exe

c:\program files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe

c:\program files\iPod\bin\iPodService.exe

c:\program files\Skype\Plugin Manager\skypePM.exe

.

**************************************************************************

.

Completion time: 2009-07-25 22:24 - machine was rebooted

ComboFix-quarantined-files.txt 2009-07-25 20:24

ComboFix2.txt 2009-07-25 17:15

Pre-Run: 3.454.140.416 bytes free

Post-Run: 3.422.359.552 bytes free

603 --- E O F --- 2009-07-14 20:16

HijackThis

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 23:07:24, on 25/07/2009

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\System32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe

C:\Program Files\Java\jre1.5.0\bin\jusched.exe

C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\WINDOWS\system32\RunDLL32.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Java\jre1.5.0\bin\jucheck.exe

C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\MSN Messenger\MsnMsgr.Exe

C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe

C:\Program Files\Shareaza\Shareaza.exe

C:\Program Files\Skype\Phone\Skype.exe

C:\Program Files\WinZip\WZQKPICK.EXE

C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

C:\Documents and Settings\Pieter\Desktop\Virus Removal Tool\is-16TD9\is-16TD9.exe

C:\Documents and Settings\Pieter\Desktop\Virus Removal Tool1\is-C133G\is-C133G.exe

C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe

C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Skype\Plugin Manager\skypePM.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\explorer.exe

C:\WINDOWS\system32\notepad.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = De Standaard Online

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll

O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll

O2 - BHO: (no name) - {C90DBB52-46E0-4E65-92BC-799ADEE54C86} - C:\PROGRA~1\Flash2X\FLASHP~1\FLASHP~1.DLL

O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll

O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0\bin\jusched.exe

O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [PD0620 STISvc] RunDLL32.exe P0620Pin.dll,RunDLL32EP 513

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe"

O4 - HKCU\..\Run: [shareaza] "C:\Program Files\Shareaza\Shareaza.exe" -tray

O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')

O4 - Startup: is-16TD9.lnk = C:\Documents and Settings\Pieter\Desktop\Virus Removal Tool\is-16TD9\startup.exe

O4 - Startup: is-C133G.lnk = C:\Documents and Settings\Pieter\Desktop\Virus Removal Tool1\is-C133G\startup.exe

O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE

O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE

O8 - Extra context menu item: Download &Youtube Free - C:\Program Files\Download Youtube Free\save.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll

O9 - Extra button: Antivirus Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\scieplugin.dll

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O14 - IERESET.INF: START_PAGE_URL=www.coften.be

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {3BFFE033-BF43-11D5-A271-00A024A51325} (iNotes6 Class) - https://mailserv.sofico.be/iNotes6W.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1181295815703

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll

O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: Kaspersky Internet Security 6.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe

O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe

O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

O23 - Service: TomTomHOMEService - TomTom - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe

--

End of file - 9006 bytes

Link naar reactie
Delen op andere sites

Zo kunnen we nog wel enkelen dagen verder gaan ... want dit is een GIGANTISCHE vervuiling in je C:-map :s

Hieronder kan je nog een aanpassing vinden die je zo mag uitvoeren ... maar je kan dit ook zelf beter manueel én in één keer opruimen. Open de C:-map en verwijder daar alle bestanden die van vorm gelijkaardig zijn aan deze in onderstaande lijst (zoiets alsC:\wGiKFu.bat bvb).

Weet wel even te vertellen wanneer (welke datum ?) je het eerste bestand met deze vorm hebt tegengekomen in deze map. Kan interressant zijn bij het vervolg van de opschoonactie.

Eerst dus dit nog :

Open een kladblokbestand.

Kopieer en plak daarin de onderstaande vetgedrukte tekst.

File::

c:\windows\Tasks\Norton Security Scan for Pieter.job

C:\K0vXD.bat

C:\BFT.bat

C:\hPZ.bat

C:\NGC2.bat

C:\Gon6zjn9.bat

C:\QIJnZ.bat

C:\v6l5ipEN.bat

C:\oytH3.bat

C:\O9V.bat

C:\E87D.bat

C:\E931.bat

C:\fRVw.bat

C:\zSe.bat

C:\foQqpI.bat

C:\aYIbBT.bat

C:\c1ud.bat

C:\mKzkZY.bat

C:\Qua.bat

C:\zyf.bat

C:\hyVa3.bat

C:\QjzMie.bat

C:\gMnF.bat

C:\xJFx9qMt.bat

C:\dglPkM.bat

C:\rGqFK1.bat

C:\hDQg5.bat

C:\JSKRTSw7.bat

C:\UBmemIuB.bat

C:\jrVC0Q.bat

C:\nVNJiE.bat

C:\cktm.bat

C:\NIGwLD.bat

C:\HF2.bat

C:\qxw.bat

C:\lYTu.bat

C:\P5Fw.bat

C:\wK2x0L.bat

C:\bmZ.bat

C:\M3hL39ij.bat

C:\odXBTWNJ.bat

C:\I53JSdlw.bat

C:\Lsf9.bat

C:\XhL.bat

C:\n0NF.bat

C:\MrGR5.bat

C:\Kgjwo.bat

C:\DrKymJPg.bat

C:\w5cJd.bat

C:\SYhaOf.bat

C:\Z2M.bat

C:\kdce8.bat

C:\ISoaVQ.bat

C:\GQpS4.bat

C:\iW67.bat

C:\CX1ToA.bat

C:\GEUOzh.bat

C:\septX.bat

C:\Yta8.bat

C:\RV5.bat

C:\xEO.bat

C:\DDp.bat

C:\jz4g4jqR.bat

C:\JzVq.bat

C:\eH8l5.bat

C:\WSf.bat

C:\WYew.bat

C:\Omx18.bat

C:\t3BQVL.bat

C:\jrYGQ.bat

C:\V8d7yWui.bat

C:\LhvSVcYC.bat

C:\G9qTcZRP.bat

C:\E9C.bat

C:\oYEz65rb.bat

C:\FvOSlasK.bat

C:\fPWoRFFt.bat

C:\dT9sKfAr.bat

C:\hq2kB.bat

C:\jDG.bat

C:\g84e1.bat

C:\nDre.bat

C:\lBsr1uBX.bat

C:\BIDPL.bat

C:\BA8U8yMo.bat

C:\Ll4.bat

C:\m9OHJv.bat

C:\Fo5pPC.bat

C:\gR6KxiIG.bat

C:\QR8Qssad.bat

C:\UKlB1.bat

C:\SUf9.bat

C:\B36m0Y.bat

C:\FEg.bat

C:\OhF.bat

C:\ASNwscar.bat

C:\PM5.bat

C:\okCnlq.bat

C:\ASLvBD.bat

C:\YgeAa.bat

C:\vm6.bat

C:\VVUOs6.bat

C:\THcxgyec.bat

C:\Py4ax.bat

C:\wRiQnRSg.bat

C:\QgzR.bat

C:\DFhvRZXO.bat

C:\JHjGPkAE.bat

C:\YOekYS.bat

C:\XLkm.bat

C:\AaK.bat

C:\uKpT4sLW.bat

C:\OZo.bat

C:\AF7I.bat

C:\WrZxjH.bat

C:\w2V.bat

C:\r6jsXI.bat

C:\BeaX.bat

C:\n4Md.bat

C:\EEFbU36t.bat

C:\DxhgtO.bat

C:\Xkogd.bat

C:\wGiKFu.bat

C:\wlaFykOF.bat

Sla dit bestand op je bureaublad op als CFScript.txt.

Sleep CFScript.txt in ComboFix.exe

Dit zal ComboFix doen herstarten. Start opnieuw op als dat gevraagd wordt.

Om die oude Norton/Symantec-scanner te verwijderen, gebruik je best de Norton Removal Tool.

Post na herstart de inhoud van de Combofix.txt in je volgende bericht, samen met een nieuw log van HiJackThis.

Link naar reactie
Delen op andere sites

Hier zijn we weer. Het lijkt inderdaad een aardig werkje te worden. Alvast zeer hartelijk bedankt!

Ik heb alle batch-jobs op C gedeleted. Het waren er 235, de oudste dateerde van 11/7/2009, de jongste van 23/07/2009. Norton zit er nog op, dat verwijder ik straks.

Hieronder weer twee logjes...

ComboFix

ComboFix 09-07-25.04 - Pieter 26/07/2009 11:24.3.1 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.32.1033.18.511.202 [GMT 2:00]

Running from: c:\documents and settings\Pieter\Desktop\ComboFix.exe

Command switches used :: c:\documents and settings\Pieter\Desktop\CFScript.txt

AV: Kaspersky Internet Security *On-access scanning disabled* (Outdated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}

FW: Kaspersky Internet Security *disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::

"C:\AaK.bat"

"C:\AF7I.bat"

"C:\ASLvBD.bat"

"C:\ASNwscar.bat"

"C:\aYIbBT.bat"

"C:\B36m0Y.bat"

"C:\BA8U8yMo.bat"

"C:\BeaX.bat"

"C:\BFT.bat"

"C:\BIDPL.bat"

"C:\bmZ.bat"

"C:\c1ud.bat"

"C:\cktm.bat"

"C:\CX1ToA.bat"

"C:\DDp.bat"

"C:\DFhvRZXO.bat"

"C:\dglPkM.bat"

"C:\DrKymJPg.bat"

"C:\dT9sKfAr.bat"

"C:\DxhgtO.bat"

"C:\E87D.bat"

"C:\E931.bat"

"C:\E9C.bat"

"C:\EEFbU36t.bat"

"C:\eH8l5.bat"

"C:\FEg.bat"

"C:\Fo5pPC.bat"

"C:\foQqpI.bat"

"C:\fPWoRFFt.bat"

"C:\fRVw.bat"

"C:\FvOSlasK.bat"

"C:\g84e1.bat"

"C:\G9qTcZRP.bat"

"C:\GEUOzh.bat"

"C:\gMnF.bat"

"C:\Gon6zjn9.bat"

"C:\GQpS4.bat"

"C:\gR6KxiIG.bat"

"C:\hDQg5.bat"

"C:\HF2.bat"

"C:\hPZ.bat"

"C:\hq2kB.bat"

"C:\hyVa3.bat"

"C:\I53JSdlw.bat"

"C:\ISoaVQ.bat"

"C:\iW67.bat"

"C:\jDG.bat"

"C:\JHjGPkAE.bat"

"C:\jrVC0Q.bat"

"C:\jrYGQ.bat"

"C:\JSKRTSw7.bat"

"C:\jz4g4jqR.bat"

"C:\JzVq.bat"

"C:\K0vXD.bat"

"C:\kdce8.bat"

"C:\Kgjwo.bat"

"C:\lBsr1uBX.bat"

"C:\LhvSVcYC.bat"

"C:\Ll4.bat"

"C:\Lsf9.bat"

"C:\lYTu.bat"

"C:\M3hL39ij.bat"

"C:\m9OHJv.bat"

"C:\mKzkZY.bat"

"C:\MrGR5.bat"

"C:\n0NF.bat"

"C:\n4Md.bat"

"C:\nDre.bat"

"C:\NGC2.bat"

"C:\NIGwLD.bat"

"C:\nVNJiE.bat"

"C:\O9V.bat"

"C:\odXBTWNJ.bat"

"C:\OhF.bat"

"C:\okCnlq.bat"

"C:\Omx18.bat"

"C:\oYEz65rb.bat"

"C:\oytH3.bat"

"C:\OZo.bat"

"C:\P5Fw.bat"

"C:\PM5.bat"

"C:\Py4ax.bat"

"C:\QgzR.bat"

"C:\QIJnZ.bat"

"C:\QjzMie.bat"

"C:\QR8Qssad.bat"

"C:\Qua.bat"

"C:\qxw.bat"

"C:\r6jsXI.bat"

"C:\rGqFK1.bat"

"C:\RV5.bat"

"C:\septX.bat"

"C:\SUf9.bat"

"C:\SYhaOf.bat"

"C:\t3BQVL.bat"

"C:\THcxgyec.bat"

"C:\UBmemIuB.bat"

"C:\UKlB1.bat"

"C:\uKpT4sLW.bat"

"C:\v6l5ipEN.bat"

"C:\V8d7yWui.bat"

"C:\vm6.bat"

"C:\VVUOs6.bat"

"C:\w2V.bat"

"C:\w5cJd.bat"

"C:\wGiKFu.bat"

"c:\windows\Tasks\Norton Security Scan for Pieter.job"

"C:\wK2x0L.bat"

"C:\wlaFykOF.bat"

"C:\wRiQnRSg.bat"

"C:\WrZxjH.bat"

"C:\WSf.bat"

"C:\WYew.bat"

"C:\xEO.bat"

"C:\XhL.bat"

"C:\xJFx9qMt.bat"

"C:\Xkogd.bat"

"C:\XLkm.bat"

"C:\YgeAa.bat"

"C:\YOekYS.bat"

"C:\Yta8.bat"

"C:\Z2M.bat"

"C:\zSe.bat"

"C:\zyf.bat"

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\windows\Tasks\Norton Security Scan for Pieter.job

.

((((((((((((((((((((((((( Files Created from 2009-06-26 to 2009-07-26 )))))))))))))))))))))))))))))))

.

2009-07-25 15:03 . 2009-07-25 15:03 -------- d-----w- c:\program files\Common Files\Symantec Shared

2009-07-25 15:02 . 2009-07-25 15:02 -------- d-----w- c:\program files\Norton Security Scan

2009-07-14 20:03 . 2009-07-14 20:05 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe

2009-07-13 22:31 . 2009-07-13 22:31 -------- d-----w- C:\Rooter$

2009-07-11 11:44 . 2008-07-08 11:54 148496 ----a-w- c:\windows\system32\drivers\70178015.sys

2009-07-11 11:35 . 2009-07-11 11:35 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard

2009-07-11 11:25 . 2009-07-13 21:54 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy

2009-07-11 11:25 . 2009-07-13 18:02 -------- d-----w- c:\program files\Spybot - Search & Destroy

2009-07-11 10:17 . 2009-07-20 21:53 664 ----a-w- c:\windows\system32\d3d9caps.dat

2009-07-11 10:17 . 2009-07-11 10:17 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Apple Computer

2009-07-10 23:34 . 2009-07-10 23:34 -------- d-----w- c:\windows\system32\wbem\Repository

2009-07-10 22:23 . 2009-07-10 22:23 -------- d-----w- c:\documents and settings\NetworkService\IETldCache

2009-07-07 17:23 . 2009-07-07 17:23 -------- d-----w- c:\documents and settings\Pieter\PrivacIE

2009-07-07 09:52 . 2009-07-07 09:52 -------- d-----w- c:\windows\system32\config\systemprofile\IETldCache

2009-07-07 09:52 . 2009-07-07 09:52 -------- d-----w- c:\documents and settings\Pieter\IETldCache

2009-07-07 09:45 . 2009-07-07 09:46 -------- d-----w- c:\windows\ie8updates

2009-07-07 09:40 . 2009-07-10 23:33 -------- dc----w- c:\windows\ie8

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-07-26 08:51 . 2008-10-01 19:12 -------- d-----w- c:\documents and settings\Pieter\Application Data\Skype

2009-07-26 08:51 . 2008-10-01 19:12 -------- d-----w- c:\documents and settings\Pieter\Application Data\skypePM

2009-07-26 08:51 . 2009-01-28 19:50 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater

2009-07-26 08:51 . 2007-06-08 11:11 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab

2009-07-25 22:14 . 2007-06-08 11:11 1701860 --sha-w- c:\windows\system32\drivers\fidbox.idx

2009-07-25 22:14 . 2007-06-08 11:11 1661472 --sha-w- c:\windows\system32\drivers\fidbox2.dat

2009-07-25 22:14 . 2007-06-08 11:11 158396 --sha-w- c:\windows\system32\drivers\fidbox2.idx

2009-07-25 22:14 . 2007-06-08 11:11 145133600 --sha-w- c:\windows\system32\drivers\fidbox.dat

2009-07-25 14:56 . 2007-10-04 19:39 -------- d-----w- c:\program files\MSN Messenger

2009-07-25 09:45 . 2008-08-25 18:20 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2009-07-25 09:37 . 2009-03-03 23:00 -------- d-----w- c:\program files\Download Youtube Free

2009-07-13 11:36 . 2008-08-25 18:21 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2009-07-13 11:36 . 2008-08-25 18:24 19096 ----a-w- c:\windows\system32\drivers\mbam.sys

2009-06-16 14:55 . 2001-08-23 12:00 82432 ----a-w- c:\windows\system32\fontsub.dll

2009-06-16 14:55 . 2001-08-23 12:00 119808 ----a-w- c:\windows\system32\t2embed.dll

2009-06-03 19:27 . 2005-08-30 04:02 1290752 ----a-w- c:\windows\system32\quartz.dll

2009-05-27 19:12 . 2009-05-27 19:12 -------- d-----w- c:\documents and settings\All Users\Application Data\SpinTop Games

2009-05-07 15:44 . 2002-08-29 02:41 344064 ----a-w- c:\windows\system32\localspl.dll

2009-04-29 04:52 . 2006-08-30 18:42 616448 ----a-w- c:\windows\system32\urlmon(3).dll

2009-04-29 04:52 . 2006-06-23 09:33 659456 ----a-w- c:\windows\system32\wininet.dll

2009-04-29 04:52 . 2006-06-23 09:33 659456 ----a-w- c:\windows\system32\wininet(3).dll

2009-04-29 04:52 . 2004-08-04 07:56 81920 ----a-w- c:\windows\system32\ieencode.dll

2009-07-16 00:37 . 2009-07-25 09:49 137208 ----a-w- c:\program files\mozilla firefox\components\brwsrcmp.dll

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]

"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-05-16 153136]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-21 68856]

"MsnMsgr"="c:\program files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 5674352]

"TomTomHOME.exe"="c:\program files\TomTom HOME 2\TomTomHOMERunner.exe" [2009-04-08 251240]

"Shareaza"="c:\program files\Shareaza\Shareaza.exe" [2005-10-27 3887104]

"Skype"="c:\program files\Skype\Phone\Skype.exe" [2008-09-29 21755688]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 63712]

"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]

"SunJavaUpdateSched"="c:\program files\Java\jre1.5.0\bin\jusched.exe" [2007-08-28 36972]

"PCSuiteTrayApplication"="c:\program files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2006-11-28 222720]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-05-02 413696]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-03-30 267048]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]

"PD0620 STISvc"="P0620Pin.dll" - c:\windows\system32\P0620Pin.dll [2005-05-10 36864]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2004-08-04 15360]

"PcSync"="c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2006-11-09 1634304]

c:\documents and settings\Pieter\Start Menu\Programs\Startup\

is-16TD9.lnk - c:\documents and settings\Pieter\Desktop\Virus Removal Tool\is-16TD9\startup.exe [2009-7-11 65536]

is-C133G.lnk - c:\documents and settings\Pieter\Desktop\Virus Removal Tool1\is-C133G\startup.exe [2009-7-11 65536]

c:\documents and settings\All Users\Start Menu\Programs\Startup\

Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2007-6-11 110592]

Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [2000-1-21 65588]

WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2009-3-4 389120]

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]

"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Messenger\\msmsgs.exe"=

"c:\\Program Files\\NetMeeting\\conf.exe"=

"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=

"c:\\Program Files\\MSN Messenger\\livecall.exe"=

"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=

"c:\\Program Files\\mIRC\\mirc.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

"c:\\Program Files\\Shareaza\\Shareaza.exe"=

"c:\\Documents and Settings\\All Users\\Application Data\\Kaspersky Lab Setup Files\\Kaspersky Internet Security 2009\\English\\setup.exe"=

"c:\\Program Files\\SightSpeed\\SightSpeed.exe"=

"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [26/08/2008 19:43 32784]

R2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [8/04/2009 12:38 92008]

R3 KLFLTDEV;Kaspersky Lab KLFltDev;c:\windows\system32\drivers\klfltdev.sys [26/08/2008 19:43 26640]

R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [26/08/2008 19:43 24592]

.

Contents of the 'Scheduled Tasks' folder

2009-05-21 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 12:57]

2009-07-26 c:\windows\Tasks\Google Software Updater.job

- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-06-11 22:17]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.destandaard.be/

uSearch Page = hxxp://www.google.com

uSearchMigratedDefaultURL = 687474703a2f2f7777772e676f6f676c652e636f6d2f

uDefault_Search_URL = 687474703a2f2f7777772e676f6f676c652e636f6d2f

uSearch Bar = hxxp://www.google.com/ie

mSearch Bar = 687474703a2f2f7777772e676f6f676c652e636f6d2f

mSearchMigratedDefaultURL = 687474703a2f2f7777772e676f6f676c652e636f6d2f

uInternet Settings,ProxyOverride = *.local

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

mSearchURL = 687474703a2f2f7777772e676f6f676c652e636f6d2f

IE: &Search

IE: Download &Youtube Free - c:\program files\Download Youtube Free\save.htm

DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab

DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab

FF - ProfilePath - c:\documents and settings\Pieter\Application Data\Mozilla\Firefox\Profiles\jtjnlzxc.default\

FF - plugin: c:\documents and settings\All Users\Application Data\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll

FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll

FF - plugin: c:\program files\Java\jre1.5.0\bin\NPJava11.dll

FF - plugin: c:\program files\Java\jre1.5.0\bin\NPJava12.dll

FF - plugin: c:\program files\Java\jre1.5.0\bin\NPJava13.dll

FF - plugin: c:\program files\Java\jre1.5.0\bin\NPJava14.dll

FF - plugin: c:\program files\Java\jre1.5.0\bin\NPJava32.dll

FF - plugin: c:\program files\Java\jre1.5.0\bin\NPJPI150.dll

FF - plugin: c:\program files\Java\jre1.5.0\bin\NPOJI610.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\npzylomgamesplayer.dll

---- FIREFOX POLICIES ----

c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.cache_size", 51200);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.ogg.enabled", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.wave.enabled", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.autoplay.enabled", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");

c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.dpi", -1);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("geo.enabled", true);

c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");

c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");

.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover

Rootkit scan 2009-07-26 11:34

Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(856)

c:\windows\system32\Ati2evxx.dll

c:\windows\System32\klogon.dll

.

Completion time: 2009-07-26 11:44

ComboFix-quarantined-files.txt 2009-07-26 09:44

ComboFix2.txt 2009-07-25 20:24

ComboFix3.txt 2009-07-25 17:15

Pre-Run: 3.442.614.272 bytes free

Post-Run: 3.393.064.960 bytes free

342 --- E O F --- 2009-07-14 20:16

HijackThis

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 11:58:36, on 26/07/2009

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\System32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\Program Files\Java\jre1.5.0\bin\jusched.exe

C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Java\jre1.5.0\bin\jucheck.exe

C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe

C:\Program Files\Shareaza\Shareaza.exe

C:\Program Files\WinZip\WZQKPICK.EXE

C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\system32\notepad.exe

C:\WINDOWS\explorer.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = De Standaard Online

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll

O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll

O2 - BHO: (no name) - {C90DBB52-46E0-4E65-92BC-799ADEE54C86} - C:\PROGRA~1\Flash2X\FLASHP~1\FLASHP~1.DLL

O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll

O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0\bin\jusched.exe

O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [PD0620 STISvc] RunDLL32.exe P0620Pin.dll,RunDLL32EP 513

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe"

O4 - HKCU\..\Run: [shareaza] "C:\Program Files\Shareaza\Shareaza.exe" -tray

O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')

O4 - Startup: is-16TD9.lnk = C:\Documents and Settings\Pieter\Desktop\Virus Removal Tool\is-16TD9\startup.exe

O4 - Startup: is-C133G.lnk = C:\Documents and Settings\Pieter\Desktop\Virus Removal Tool1\is-C133G\startup.exe

O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE

O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE

O8 - Extra context menu item: Download &Youtube Free - C:\Program Files\Download Youtube Free\save.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll

O9 - Extra button: Antivirus Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\scieplugin.dll

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O14 - IERESET.INF: START_PAGE_URL=www.coften.be

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {3BFFE033-BF43-11D5-A271-00A024A51325} (iNotes6 Class) - https://mailserv.sofico.be/iNotes6W.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1181295815703

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll

O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: Kaspersky Internet Security 6.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe

O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe

O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

O23 - Service: TomTomHOMEService - TomTom - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe

--

End of file - 8666 bytes

Link naar reactie
Delen op andere sites

Het lijkt inderdaad een aardig werkje te worden. Alvast zeer hartelijk bedankt! Ik heb alle batch-jobs op C gedeleted. Het waren er 235, de oudste dateerde van 11/7/2009, de jongste van 23/07/2009. Norton zit er nog op, dat verwijder ik straks.
Dit moet zowat de langste lijst besmette bestanden zijn, die ik in mijn jonge loopbaan als loglezer ben tegenkomen. Een record, dus :-)

Maar je hebt ondertussen al flink opgeruimd ... en je datum is ook erg interessant. Want die verwijst ons meteen naar de boosdoener. En die pikken we hieronder op om te verwijderen van je PC :

Verwijder deze twee snelkoppelingen stante pede van je bureaublad en de mappen Virus Removal Tool en Virus Removal Tool1 (indien je die ergens kan ontdekken) eveneens :

is-16TD9.lnk - c:\documents and settings\Pieter\Desktop\Virus Removal Tool\is-16TD9\startup.exe

is-C133G.lnk - c:\documents and settings\Pieter\Desktop\Virus Removal Tool1\is-C133G\startup.exe

Open een kladblokbestand.

Kopieer en plak daarin de onderstaande vetgedrukte tekst.

File::

c:\windows\system32\drivers\70178015.sys

Driver::

70178015

Sla dit bestand op je bureaublad op als CFScript.txt.

Sleep CFScript.txt in ComboFix.exe

Dit zal ComboFix doen herstarten. Start opnieuw op als dat gevraagd wordt.

Post na herstart de inhoud van de Combofix.txt in je volgende bericht.

Link naar reactie
Delen op andere sites

Gast
Dit topic is nu gesloten voor nieuwe reacties.
×
×
  • Nieuwe aanmaken...

Belangrijke informatie

We hebben cookies geplaatst op je toestel om deze website voor jou beter te kunnen maken. Je kunt de cookie instellingen aanpassen, anders gaan we er van uit dat het goed is om verder te gaan.