Vraag & Antwoord

Beveiliging & privacy

Hoax?

20 antwoorden
  • Ik krijg steeds een melding binnen dat rlvknlg.exe moet worden afgesloten. Neem aan dat dit een Hoax is? En hoe kom ik hier vanaf?
  • Het is geen Hoax: http://www.liutilities.com/products/wintaskspro/processlibrary/rlvknlg/ Maak even een Hijackthis log: Download [url=http://www.trendsecure.com/portal/en-US/threat_analytics/HJTInstall.exe]Hijackthis-setup[/url] naar je [u:0c46434c3e]Bureaublad[/u:0c46434c3e]. Open HJTInstall en bepaal de locatie waar je Hijackthis wilt installeren. Druk vervolgens op Install, na enkele seconde zal Hijackthis automatisch openen. Kies nu voor [b:0c46434c3e]'Do a system scan and save a logfile'[/b:0c46434c3e]. Er opent een kladblok bestand met een logfile. Selecteer deze tekst helemaal ([b:0c46434c3e]ctrl-A[/b:0c46434c3e]), kopieer ([b:0c46434c3e]ctrl C[/b:0c46434c3e]) en plak deze tekst in je volgende bericht. Succes! 8) Pim
  • Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 20:05:11, on 11-9-2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe C:\windows\system\hpsysdrv.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\WINDOWS\SOUNDMAN.EXE C:\WINDOWS\ALCWZRD.EXE C:\WINDOWS\ALCMTR.EXE C:\HP\KBD\KBD.EXE C:\Program Files\HP\HP Software Update\HPwuSchd2.exe C:\WINDOWS\system32\LVCOMSX.EXE C:\Program Files\Logitech\Video\LogiTray.exe C:\Program Files\Eset\nod32kui.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\System32\Rundll32.exe C:\Program Files\Winamp\winampa.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe C:\Program Files\Eset\nod32krn.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Logitech\Video\FxSvr2.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Wanadoo\NL\Mnu\IGOMNU.EXE C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/ R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: MSTBR - {10CA15EA-C0A5-7CAF-B9E9-B8B2A87EFE11} - C:\PROGRA~1\Wanadoo\GLOBAL\Mstbr\mstbr.dll O2 - BHO: RunBus Class - {4865F155-CE00-4E93-A414-147844D7C81A} - C:\WINDOWS\system32\tcbllifs.dll O2 - BHO: URLLink - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} - C:\Program Files\NewDotNet\newdotnet7_48.dll O2 - BHO: SelasI Class - {59F4F380-01A0-4083-9FA4-E3B827319F7E} - C:\WINDOWS\system32\vcbhfatm.dll O2 - BHO: ohb - {5ED7D3DE-6DBE-4516-8712-01B1B64B7057} - C:\WINDOWS\system32\SearchTool\nsh6B.dll (file missing) O2 - BHO: ohb - {5ED7D3DE-6DBE-4516-8712-436325722327} - C:\WINDOWS\system32\SmartShopper\SmartShopper0.dll (file missing) O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll O2 - BHO: AD Bot - {BCBCEE7B-2001-4971-B991-EB6E81C96CC5} - C:\WINDOWS\system32\adspipe.dll O2 - BHO: Hoja Class - {C07F60AC-688D-4F3E-89EC-30B281BDD2CC} - C:\WINDOWS\system32\asclteaq.dll O3 - Toolbar: MSTBR - {10CA15EA-C0A5-7CAF-B9E9-B8B2A87EFE11} - C:\PROGRA~1\Wanadoo\GLOBAL\Mstbr\mstbr.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [HPHUPD08] c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe O4 - HKLM\..\Run: [mnu] C:\Program Files\Wanadoo\NL\Mnu\igomnu.exe /S:T O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~1.DLL,ClientStartup -s O4 - HKLM\..\Run: [adstart] C:\WINDOWS\System32\Rundll32.exe "C:\WINDOWS\system32\adspipe.dll" DllVerify O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot O4 - HKCU\..\Run: [mnu] C:\Program Files\Wanadoo\NL\Mnu\igomnu.exe /S:T O4 - HKCU\..\Run: [Chckup] C:\WINDOWS\system32\Netverchk.exe O4 - HKCU\..\Run: [ItalU] C:\WINDOWS\system32\italfds.exe O4 - HKCU\..\Run: [LifeCU] C:\WINDOWS\system32\BastaYa.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice') O4 - Global Startup: BTTray.lnk = ? O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Verzenden naar &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\WINDOWS\system32\shdocvw.dll O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra button: Verbindingshelp - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm O9 - Extra 'Tools' menuitem: Verbindingshelp - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\windows\system32\rlls.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\rlls.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\rlls.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\rlls.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\rlls.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\rlls.dll O16 - DPF: {2D2BEE6E-3C9A-4D58-B9EC-458EDB28D0F6} - http://cdn.drivecleaner.com/installdrivecleanerstart_nl.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by109fd.bay109.hotmail.msn.com/resources/MsnPUpld.cab O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://partyflock.nl/components/ImageUploader4.cab O16 - DPF: {91F52A42-C10D-49A7-B941-882C657C604F} (Installation Helper Object) - http://kitcentral.wanadoo.nl/download/install/win32/nl/instwact/instwact.dll O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.5 Control) - http://partyflock.nl/components/ImageUploader3.cab O16 - DPF: {B64F4A7C-97C9-11DA-8BDE-F66BAD1E3F3A} - http://locator1.cdn.imagesrvr.com/sites/errorsafe.com/www/download/2006/cabs/ErrorSafeDutchNewReleaseInstall.cab O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by7fd.bay7.hotmail.msn.com/activex/HMAtchmt.ocx O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: iPod-service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe -- End of file - 9130 bytes
  • en nu :o ?
  • Oke, hier is wel wat werk aan de winkel: Download [url=http://download.bleepingcomputer.com/sUBs/ComboFix.exe]Combofix[/url] naar je [b:515b126bed]bureaublad[/b:515b126bed] Dubbelklik op [u:515b126bed]combofix.exe[/u:515b126bed] Volg de instructies, aanvaard de disclaimer door y of Y te typen. Tijdens het runnen van de fix, [b:515b126bed]NIET[/b:515b126bed] in het venster klikken, want dit zal je pc doen vasthangen. Wanneer de fix voltooid is en na herstart, zal de log [b:515b126bed]combofix.txt[/b:515b126bed] openen. Bewaar dit logje. NOTA: Indien je virusscanner reageert met een melding van een scriptuitvoering, mag je dit negeren. Plaats in je volgende antwoord het logje van combofix ([i:515b126bed]combofix.txt[/i:515b126bed]) tesamen met een vers Hijackthis log.
  • ComboFix 07-09-10.6 - "HP_Eigenaar" 2007-09-11 20:54:02.1 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1043.18.56 [GMT 2:00] * Created a new restore point . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\DOCUME~1\HP_EIG~1\err.log C:\Program Files\newdotnet C:\Program Files\newdotnet\newdotnet7_48.dll C:\Program Files\newdotnet\readme.html C:\Program Files\newdotnet\uninstall6_38.exe C:\Program Files\newdotnet\uninstall7_48.exe C:\WINDOWS\NDNuninstall6_38.exe C:\WINDOWS\NDNuninstall7_22.exe C:\WINDOWS\NDNuninstall7_48.exe C:\WINDOWS\system32\ldpackage.dll C:\WINDOWS\system32\model.dat C:\WINDOWS\system32\rlls.dll C:\WINDOWS\system32\rlvknlg.exe C:\WINDOWS\system32\rlxf.dll C:\WINDOWS\system32\silc_dll.dll C:\WINDOWS\system32\vcbhfatm.dll D:\Autorun.inf ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) -------\nm (((((((((((((((((((( Bestanden Gemaakt van 2007-08-11 to 2007-09-11 )))))))))))))))))))))))))))))) . 2007-09-11 20:51 51,200 --a------ C:\WINDOWS\NirCmd.exe 2007-09-11 20:04 <DIR> d-------- C:\Program Files\Trend Micro 2007-08-20 10:20 <DIR> d-------- C:\Temp 2007-08-20 10:19 <DIR> d-------- C:\Program Files\Xilisoft 2007-08-20 10:05 <DIR> d-------- C:\Program Files\mp3DirectCut 2007-08-18 00:28 9,464 --------- C:\WINDOWS\system32\drivers\cdralw2k.sys 2007-08-18 00:28 9,336 --------- C:\WINDOWS\system32\drivers\cdr4_xp.sys 2007-08-18 00:28 129,784 --------- C:\WINDOWS\system32\pxafs.dll . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2007-08-18 00:36 --------- d-------- C:\Program Files\Winamp 2007-06-13 15:24 1036800 --a------ C:\WINDOWS\explorer.exe . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4865F155-CE00-4E93-A414-147844D7C81A}] 2006-11-04 21:22 417792 --a------ C:\WINDOWS\system32\tcbllifs.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5ED7D3DE-6DBE-4516-8712-436325722327}] C:\WINDOWS\system32\SmartShopper\SmartShopper0.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BCBCEE7B-2001-4971-B991-EB6E81C96CC5}] 2007-07-20 13:34 61440 --a------ C:\WINDOWS\system32\adspipe.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C07F60AC-688D-4F3E-89EC-30B281BDD2CC}] 2007-01-05 14:47 421888 --a------ C:\WINDOWS\system32\asclteaq.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe" [2005-11-10 14:03] "hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 11:04] "IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2005-06-08 13:02] "HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2005-06-08 12:59] "Persistence"="C:\WINDOWS\system32\igfxpers.exe" [2005-06-08 13:03] "SoundMan"="SOUNDMAN.EXE" [2005-05-03 20:43 C:\WINDOWS\SOUNDMAN.EXE] "AlcWzrd"="ALCWZRD.EXE" [2005-05-04 12:01 C:\WINDOWS\ALCWZRD.EXE] "HPHUPD08"="c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe" [2005-06-02 01:35] "KBD"="C:\HP\KBD\KBD.EXE" [2005-02-02 18:44] "Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2004-04-14 15:43] "PS2"="C:\WINDOWS\system32\ps2.exe" [2004-10-25 17:17] "HP Software Update"="C:\Program Files\HP\HP Software Update\HPwuSchd2.exe" [2005-05-11 23:12] "LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2005-07-19 18:32] "LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [2005-06-08 16:24] "LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [2005-06-08 16:14] "mnu"="C:\Program Files\Wanadoo\NL\Mnu\igomnu.exe" [2005-01-19 19:35] "nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2007-01-24 20:06] "WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2007-05-15 00:22] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "LogitechSoftwareUpdate"="C:\Program Files\Logitech\Video\ManifestEngine.exe" [2005-06-08 15:44] "mnu"="C:\Program Files\Wanadoo\NL\Mnu\igomnu.exe" [2005-01-19 19:35] "Chckup"="C:\WINDOWS\system32\Netverchk.exe" [] "ItalU"="C:\WINDOWS\system32\italfds.exe" [2006-11-04 21:25] "LifeCU"="C:\WINDOWS\system32\BastaYa.exe" [2007-09-11 21:00] C:\DOCUME~1\ALLUSE~1\MENUST~1\PROGRA~1\OPSTAR~1\ BTTray.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [2005-09-19 17:02:54] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Adobe Reader Snelle start.lnk] path=C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\Adobe Reader Snelle start.lnk backup=C:\WINDOWS\pss\Adobe Reader Snelle start.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^HP Digital Imaging Monitor.lnk] path=C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\HP Digital Imaging Monitor.lnk backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^HP_Eigenaar^Menu Start^Programma's^Opstarten^Adobe Gamma.lnk] path=C:\Documents and Settings\HP_Eigenaar\Menu Start\Programma's\Opstarten\Adobe Gamma.lnk backup=C:\WINDOWS\pss\Adobe Gamma.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^HP_Eigenaar^Menu Start^Programma's^Opstarten^OpenOffice.org 2.0 .lnk] path=C:\Documents and Settings\HP_Eigenaar\Menu Start\Programma's\Opstarten\OpenOffice.org 2.0 .lnk backup=C:\WINDOWS\pss\OpenOffice.org 2.0 .lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\adstart] C:\WINDOWS\System32\Rundll32.exe "C:\WINDOWS\system32\adspipe.dll" DllVerify [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~1.DLL,ClientStartup -s [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCDrProfiler] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Reminder] "C:\Windows\Creator\Remind_XP.exe" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Snelkoppeling naar eigenschappenvenster voor High Definition Audio] HDAShCut.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9 S3 PhilCam8116;Logitech QuickCam Pro 3000(PID_08B0);C:\WINDOWS\system32\DRIVERS\CamDrL21.sys . ************************************************************************** catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-09-11 20:59:58 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2007-09-11 21:01:50 - machine was rebooted C:\ComboFix-quarantined-files.txt ... 2007-09-11 21:01 . --- E O F ---
  • Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 21:08:12, on 11-9-2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\Program Files\Eset\nod32krn.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe C:\windows\system\hpsysdrv.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\WINDOWS\SOUNDMAN.EXE C:\WINDOWS\ALCWZRD.EXE C:\HP\KBD\KBD.EXE C:\Program Files\HP\HP Software Update\HPwuSchd2.exe C:\WINDOWS\system32\LVCOMSX.EXE C:\Program Files\Logitech\Video\LogiTray.exe C:\Program Files\Wanadoo\NL\Mnu\igomnu.exe C:\Program Files\Eset\nod32kui.exe C:\Program Files\Winamp\winampa.exe C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe C:\Program Files\Logitech\Video\FxSvr2.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\notepad.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\WINDOWS\System32\Rundll32.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: MSTBR - {10CA15EA-C0A5-7CAF-B9E9-B8B2A87EFE11} - C:\PROGRA~1\Wanadoo\GLOBAL\Mstbr\mstbr.dll O2 - BHO: RunBus Class - {4865F155-CE00-4E93-A414-147844D7C81A} - C:\WINDOWS\system32\tcbllifs.dll O2 - BHO: ohb - {5ED7D3DE-6DBE-4516-8712-436325722327} - C:\WINDOWS\system32\SmartShopper\SmartShopper0.dll (file missing) O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll O2 - BHO: AD Bot - {BCBCEE7B-2001-4971-B991-EB6E81C96CC5} - C:\WINDOWS\system32\adspipe.dll O2 - BHO: Hoja Class - {C07F60AC-688D-4F3E-89EC-30B281BDD2CC} - C:\WINDOWS\system32\asclteaq.dll O3 - Toolbar: MSTBR - {10CA15EA-C0A5-7CAF-B9E9-B8B2A87EFE11} - C:\PROGRA~1\Wanadoo\GLOBAL\Mstbr\mstbr.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE O4 - HKLM\..\Run: [HPHUPD08] c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe O4 - HKLM\..\Run: [mnu] C:\Program Files\Wanadoo\NL\Mnu\igomnu.exe /S:T O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe O4 - HKLM\..\Run: [adstart] C:\WINDOWS\System32\Rundll32.exe "C:\WINDOWS\system32\adspipe.dll" DllVerify O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot O4 - HKCU\..\Run: [mnu] C:\Program Files\Wanadoo\NL\Mnu\igomnu.exe /S:T O4 - HKCU\..\Run: [Chckup] C:\WINDOWS\system32\Netverchk.exe O4 - HKCU\..\Run: [ItalU] C:\WINDOWS\system32\italfds.exe O4 - HKCU\..\Run: [LifeCU] C:\WINDOWS\system32\BastaYa.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice') O4 - Global Startup: BTTray.lnk = ? O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Verzenden naar &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\WINDOWS\system32\shdocvw.dll O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra button: Verbindingshelp - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm O9 - Extra 'Tools' menuitem: Verbindingshelp - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {2D2BEE6E-3C9A-4D58-B9EC-458EDB28D0F6} - http://cdn.drivecleaner.com/installdrivecleanerstart_nl.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by109fd.bay109.hotmail.msn.com/resources/MsnPUpld.cab O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://partyflock.nl/components/ImageUploader4.cab O16 - DPF: {91F52A42-C10D-49A7-B941-882C657C604F} (Installation Helper Object) - http://kitcentral.wanadoo.nl/download/install/win32/nl/instwact/instwact.dll O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.5 Control) - http://partyflock.nl/components/ImageUploader3.cab O16 - DPF: {B64F4A7C-97C9-11DA-8BDE-F66BAD1E3F3A} - http://locator1.cdn.imagesrvr.com/sites/errorsafe.com/www/download/2006/cabs/ErrorSafeDutchNewReleaseInstall.cab O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by7fd.bay7.hotmail.msn.com/activex/HMAtchmt.ocx O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: iPod-service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe -- End of file - 8234 bytes
  • ik weet wel dat ik er niks van snap :P hij kan toch niet opstarten zonder dll bestanden :o ?
  • Start Hijackthis, kies voor [i:f6549b5ce3]'Do a system scan only'[/i:f6549b5ce3] en vink onderstaande regels aan: [b:f6549b5ce3] O2 - BHO: ohb - {5ED7D3DE-6DBE-4516-8712-436325722327} - C:\WINDOWS\system32\SmartShopper\SmartShopper0.dll (file missing) O4 - HKCU\..\Run: [Chckup] C:\WINDOWS\system32\Netverchk.exe O4 - HKCU\..\Run: [ItalU] C:\WINDOWS\system32\italfds.exe O4 - HKCU\..\Run: [LifeCU] C:\WINDOWS\system32\BastaYa.exe [/b:f6549b5ce3] Er is een beperking in Internet Explorer waardoor je niet alle instellingen kunt wijzigen. Mogelijk dat dit door Spybot S&D is ingesteld. Indien jij deze instelling niet zelf hebt ingesteld, dan mag je de volgende regel fixen: [b:f6549b5ce3] O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present [/b:f6549b5ce3] Vink ook onderstaande regels aan: [b:f6549b5ce3] O16 - DPF: {2D2BEE6E-3C9A-4D58-B9EC-458EDB28D0F6} - http://cdn.drivecleaner.com/installdrivecleanerstart_nl.cab O16 - DPF: {B64F4A7C-97C9-11DA-8BDE-F66BAD1E3F3A} - http://locator1.cdn.imagesrvr.com/sites/errorsafe.com/www/download/2006/cabs/ErrorSafeDutchNewReleaseInstall.cab [/b:f6549b5ce3] Sluit nu [u:f6549b5ce3]alle[/u:f6549b5ce3] openstaande vensters, behalve Hijackthis en klik op [b:f6549b5ce3]Fix Checked[/b:f6549b5ce3]. Open Kladblok, kopiëer en plak het volgende (vetgedrukte tekst) in een leeg venster: [b:f6549b5ce3] File:: C:\WINDOWS\system32\tcbllifs.dll C:\WINDOWS\system32\adspipe.dll C:\WINDOWS\system32\asclteaq.dll Folder:: C:\WINDOWS\system32\SmartShopper [/b:f6549b5ce3] Sla dit op op je Bureaublad als [b:f6549b5ce3]CFScript.txt[/b:f6549b5ce3] Sleep [b:f6549b5ce3]CFScript.txt[/b:f6549b5ce3] in [b:f6549b5ce3]ComboFix.exe[/b:f6549b5ce3] zoals getoond in onderstaand voorbeeld : [img:f6549b5ce3]http://img.photobucket.com/albums/v666/sUBs/CFScript.gif[/img:f6549b5ce3] Dit zal [b:f6549b5ce3]ComboFix[/b:f6549b5ce3] doen herstarten. Start opnieuw op als daarom gevraagd wordt, en post de inhoud van de [b:f6549b5ce3]Combofix.txt[/b:f6549b5ce3] in je volgende antwoord samen met een nieuw HijackThislogje. Pim.
  • ComboFix 07-09-10.6 - "HP_Eigenaar" 2007-09-11 21:57:54.3 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1043.18.50 [GMT 2:00] . (((((((((((((((((((( Bestanden Gemaakt van 2007-08-11 to 2007-09-11 )))))))))))))))))))))))))))))) . 2007-09-11 21:00 118,784 --a------ C:\WINDOWS\system32\BastaYa.exe 2007-09-11 20:51 51,200 --a------ C:\WINDOWS\NirCmd.exe 2007-09-11 20:04 <DIR> d-------- C:\Program Files\Trend Micro 2007-08-20 10:20 <DIR> d-------- C:\Temp 2007-08-20 10:19 <DIR> d-------- C:\Program Files\Xilisoft 2007-08-20 10:05 <DIR> d-------- C:\Program Files\mp3DirectCut 2007-08-18 00:28 9,464 --------- C:\WINDOWS\system32\drivers\cdralw2k.sys 2007-08-18 00:28 9,336 --------- C:\WINDOWS\system32\drivers\cdr4_xp.sys 2007-08-18 00:28 129,784 --------- C:\WINDOWS\system32\pxafs.dll . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2007-08-28 14:46 118784 --a------ C:\WINDOWS\system32\netverchk.Vexe 2007-08-18 00:36 --------- d-------- C:\Program Files\Winamp 2007-07-30 19:19 92504 --a------ C:\WINDOWS\system32\dllcache\cdm.dll 2007-07-30 19:19 92504 --a------ C:\WINDOWS\system32\cdm.dll 2007-07-30 19:19 549720 --a------ C:\WINDOWS\system32\wuapi.dll 2007-07-30 19:19 549720 --a------ C:\WINDOWS\system32\dllcache\wuapi.dll 2007-07-30 19:19 53080 --a------ C:\WINDOWS\system32\wuauclt.exe 2007-07-30 19:19 53080 --a------ C:\WINDOWS\system32\dllcache\wuauclt.exe 2007-07-30 19:19 43352 --a------ C:\WINDOWS\system32\wups2.dll 2007-07-30 19:19 325976 --a------ C:\WINDOWS\system32\wucltui.dll 2007-07-30 19:19 325976 --a------ C:\WINDOWS\system32\dllcache\wucltui.dll 2007-07-30 19:19 203096 --a------ C:\WINDOWS\system32\wuweb.dll 2007-07-30 19:19 203096 --a------ C:\WINDOWS\system32\dllcache\wuweb.dll 2007-07-30 19:19 1712984 --a------ C:\WINDOWS\system32\wuaueng.dll 2007-07-30 19:19 1712984 --a------ C:\WINDOWS\system32\dllcache\wuaueng.dll 2007-07-30 19:18 33624 --a------ C:\WINDOWS\system32\wups.dll 2007-07-30 19:18 33624 --a------ C:\WINDOWS\system32\dllcache\wups.dll 2007-07-20 16:47 40310 --a------ C:\WINDOWS\system32\adspipe-uninst.exe 2007-06-26 16:15 662016 --a------ C:\WINDOWS\system32\dllcache\wininet.dll 2007-06-26 15:58 851968 --a------ C:\WINDOWS\system32\dllcache\vgx.dll 2007-06-26 08:10 1104896 --a------ C:\WINDOWS\system32\msxml3.dll 2007-06-26 08:10 1104896 --a------ C:\WINDOWS\system32\dllcache\msxml3.dll 2007-06-19 15:33 282112 --a------ C:\WINDOWS\system32\gdi32.dll 2007-06-19 15:33 282112 --a------ C:\WINDOWS\system32\dllcache\gdi32.dll 2007-06-14 20:11 96768 --a------ C:\WINDOWS\system32\dllcache\inseng.dll 2007-06-14 20:11 616960 --a------ C:\WINDOWS\system32\dllcache\urlmon.dll 2007-06-14 20:11 55808 --a------ C:\WINDOWS\system32\dllcache\extmgr.dll 2007-06-14 20:11 532480 --a------ C:\WINDOWS\system32\dllcache\mstime.dll 2007-06-14 20:11 474624 --a------ C:\WINDOWS\system32\dllcache\shlwapi.dll 2007-06-14 20:11 449024 --a------ C:\WINDOWS\system32\dllcache\mshtmled.dll 2007-06-14 20:11 39424 --a------ C:\WINDOWS\system32\dllcache\pngfilt.dll 2007-06-14 20:11 357888 --a------ C:\WINDOWS\system32\dllcache\dxtmsft.dll 2007-06-14 20:11 3079680 --a------ C:\WINDOWS\system32\dllcache\mshtml.dll 2007-06-14 20:11 251392 --a------ C:\WINDOWS\system32\dllcache\iepeers.dll 2007-06-14 20:11 205312 --a------ C:\WINDOWS\system32\dllcache\dxtrans.dll 2007-06-14 20:11 16384 --a------ C:\WINDOWS\system32\dllcache\jsproxy.dll 2007-06-14 20:11 151552 --a------ C:\WINDOWS\system32\dllcache\cdfview.dll 2007-06-14 20:11 1494528 --a------ C:\WINDOWS\system32\dllcache\shdocvw.dll 2007-06-14 20:11 146432 --a------ C:\WINDOWS\system32\dllcache\msrating.dll 2007-06-14 20:11 1057280 --a------ C:\WINDOWS\system32\dllcache\danim.dll 2007-06-14 20:11 1023488 --a------ C:\WINDOWS\system32\dllcache\browseui.dll 2007-06-14 16:07 18432 --a------ C:\WINDOWS\system32\dllcache\iedw.exe 2007-06-13 15:24 1036800 --a------ C:\WINDOWS\system32\dllcache\explorer.exe 2007-06-13 15:24 1036800 --a------ C:\WINDOWS\explorer.exe 2005-05-11 23:36 12288 --a--c--- C:\WINDOWS\Fonts\RandFont.dll . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4865F155-CE00-4E93-A414-147844D7C81A}] C:\WINDOWS\system32\tcbllifs.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BCBCEE7B-2001-4971-B991-EB6E81C96CC5}] C:\WINDOWS\system32\adspipe.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C07F60AC-688D-4F3E-89EC-30B281BDD2CC}] C:\WINDOWS\system32\asclteaq.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe" [2005-11-10 14:03] "hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 11:04] "IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2005-06-08 13:02] "HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2005-06-08 12:59] "Persistence"="C:\WINDOWS\system32\igfxpers.exe" [2005-06-08 13:03] "SoundMan"="SOUNDMAN.EXE" [2005-05-03 20:43 C:\WINDOWS\SOUNDMAN.EXE] "AlcWzrd"="ALCWZRD.EXE" [2005-05-04 12:01 C:\WINDOWS\ALCWZRD.EXE] "HPHUPD08"="c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe" [2005-06-02 01:35] "KBD"="C:\HP\KBD\KBD.EXE" [2005-02-02 18:44] "Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2004-04-14 15:43] "PS2"="C:\WINDOWS\system32\ps2.exe" [2004-10-25 17:17] "HP Software Update"="C:\Program Files\HP\HP Software Update\HPwuSchd2.exe" [2005-05-11 23:12] "LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2005-07-19 18:32] "LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [2005-06-08 16:24] "LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [2005-06-08 16:14] "mnu"="C:\Program Files\Wanadoo\NL\Mnu\igomnu.exe" [2005-01-19 19:35] "nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2007-01-24 20:06] "WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2007-05-15 00:22] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "LogitechSoftwareUpdate"="C:\Program Files\Logitech\Video\ManifestEngine.exe" [2005-06-08 15:44] "mnu"="C:\Program Files\Wanadoo\NL\Mnu\igomnu.exe" [2005-01-19 19:35] C:\DOCUME~1\ALLUSE~1\MENUST~1\PROGRA~1\OPSTAR~1\ BTTray.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [2005-09-19 17:02:54] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Adobe Reader Snelle start.lnk] path=C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\Adobe Reader Snelle start.lnk backup=C:\WINDOWS\pss\Adobe Reader Snelle start.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^HP Digital Imaging Monitor.lnk] path=C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\HP Digital Imaging Monitor.lnk backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^HP_Eigenaar^Menu Start^Programma's^Opstarten^Adobe Gamma.lnk] path=C:\Documents and Settings\HP_Eigenaar\Menu Start\Programma's\Opstarten\Adobe Gamma.lnk backup=C:\WINDOWS\pss\Adobe Gamma.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^HP_Eigenaar^Menu Start^Programma's^Opstarten^OpenOffice.org 2.0 .lnk] path=C:\Documents and Settings\HP_Eigenaar\Menu Start\Programma's\Opstarten\OpenOffice.org 2.0 .lnk backup=C:\WINDOWS\pss\OpenOffice.org 2.0 .lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\adstart] C:\WINDOWS\System32\Rundll32.exe "C:\WINDOWS\system32\adspipe.dll" DllVerify [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~1.DLL,ClientStartup -s [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCDrProfiler] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Reminder] "C:\Windows\Creator\Remind_XP.exe" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Snelkoppeling naar eigenschappenvenster voor High Definition Audio] HDAShCut.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9 S3 PhilCam8116;Logitech QuickCam Pro 3000(PID_08B0);C:\WINDOWS\system32\DRIVERS\CamDrL21.sys . ************************************************************************** catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-09-11 22:01:13 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... C:\WINDOWS\system32\cmd.exe [4024] 0xFF40F810 scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2007-09-11 22:02:42 C:\ComboFix-quarantined-files.txt ... 2007-09-11 22:02 C:\ComboFix2.txt ... 2007-09-11 21:01 . --- E O F ---
  • Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 22:06:45, on 11-9-2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe C:\windows\system\hpsysdrv.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\WINDOWS\SOUNDMAN.EXE C:\WINDOWS\ALCWZRD.EXE C:\HP\KBD\KBD.EXE C:\Program Files\HP\HP Software Update\HPwuSchd2.exe C:\WINDOWS\system32\LVCOMSX.EXE C:\Program Files\Logitech\Video\LogiTray.exe C:\Program Files\Eset\nod32kui.exe C:\Program Files\Winamp\winampa.exe C:\Program Files\Wanadoo\NL\Mnu\igomnu.exe C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\Program Files\Eset\nod32krn.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Logitech\Video\FxSvr2.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe C:\WINDOWS\explorer.exe C:\WINDOWS\system32\notepad.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: MSTBR - {10CA15EA-C0A5-7CAF-B9E9-B8B2A87EFE11} - C:\PROGRA~1\Wanadoo\GLOBAL\Mstbr\mstbr.dll O2 - BHO: RunBus Class - {4865F155-CE00-4E93-A414-147844D7C81A} - C:\WINDOWS\system32\tcbllifs.dll (file missing) O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll O2 - BHO: AD Bot - {BCBCEE7B-2001-4971-B991-EB6E81C96CC5} - C:\WINDOWS\system32\adspipe.dll (file missing) O2 - BHO: Hoja Class - {C07F60AC-688D-4F3E-89EC-30B281BDD2CC} - C:\WINDOWS\system32\asclteaq.dll (file missing) O3 - Toolbar: MSTBR - {10CA15EA-C0A5-7CAF-B9E9-B8B2A87EFE11} - C:\PROGRA~1\Wanadoo\GLOBAL\Mstbr\mstbr.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE O4 - HKLM\..\Run: [HPHUPD08] c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe O4 - HKLM\..\Run: [mnu] C:\Program Files\Wanadoo\NL\Mnu\igomnu.exe /S:T O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot O4 - HKCU\..\Run: [mnu] C:\Program Files\Wanadoo\NL\Mnu\igomnu.exe /S:T O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice') O4 - Global Startup: BTTray.lnk = ? O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Verzenden naar &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\WINDOWS\system32\shdocvw.dll O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra button: Verbindingshelp - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm O9 - Extra 'Tools' menuitem: Verbindingshelp - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by109fd.bay109.hotmail.msn.com/resources/MsnPUpld.cab O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://partyflock.nl/components/ImageUploader4.cab O16 - DPF: {91F52A42-C10D-49A7-B941-882C657C604F} (Installation Helper Object) - http://kitcentral.wanadoo.nl/download/install/win32/nl/instwact/instwact.dll O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.5 Control) - http://partyflock.nl/components/ImageUploader3.cab O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by7fd.bay7.hotmail.msn.com/activex/HMAtchmt.ocx O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: iPod-service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe -- End of file - 7457 bytes
  • zijn ze weer ;)
  • Combofix is niet goed gegaan, probeer het nog eens en lees de instructies duidelijk. Je moet nu een bestand erin slepen enz. Pim
  • ComboFix 07-09-10.6 - "HP_Eigenaar" 2007-09-11 22:31:43.4 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1043.18.55 [GMT 2:00] Command switches used :: C:\Documents and Settings\HP_Eigenaar\Bureaublad\CFScript.txt * Created a new restore point FILE:: C:\WINDOWS\system32\tcbllifs.dll C:\WINDOWS\system32\adspipe.dll C:\WINDOWS\system32\asclteaq.dll . (((((((((((((((((((( Bestanden Gemaakt van 2007-08-11 to 2007-09-11 )))))))))))))))))))))))))))))) . 2007-09-11 21:00 118,784 --a------ C:\WINDOWS\system32\BastaYa.exe 2007-09-11 20:51 51,200 --a------ C:\WINDOWS\NirCmd.exe 2007-09-11 20:04 <DIR> d-------- C:\Program Files\Trend Micro 2007-08-20 10:20 <DIR> d-------- C:\Temp 2007-08-20 10:19 <DIR> d-------- C:\Program Files\Xilisoft 2007-08-20 10:05 <DIR> d-------- C:\Program Files\mp3DirectCut 2007-08-18 00:28 9,464 --------- C:\WINDOWS\system32\drivers\cdralw2k.sys 2007-08-18 00:28 9,336 --------- C:\WINDOWS\system32\drivers\cdr4_xp.sys 2007-08-18 00:28 129,784 --------- C:\WINDOWS\system32\pxafs.dll . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2007-08-28 14:46 118784 --a------ C:\WINDOWS\system32\netverchk.Vexe 2007-08-18 00:36 --------- d-------- C:\Program Files\Winamp 2007-07-30 19:19 92504 --a------ C:\WINDOWS\system32\dllcache\cdm.dll 2007-07-30 19:19 92504 --a------ C:\WINDOWS\system32\cdm.dll 2007-07-30 19:19 549720 --a------ C:\WINDOWS\system32\wuapi.dll 2007-07-30 19:19 549720 --a------ C:\WINDOWS\system32\dllcache\wuapi.dll 2007-07-30 19:19 53080 --a------ C:\WINDOWS\system32\wuauclt.exe 2007-07-30 19:19 53080 --a------ C:\WINDOWS\system32\dllcache\wuauclt.exe 2007-07-30 19:19 43352 --a------ C:\WINDOWS\system32\wups2.dll 2007-07-30 19:19 325976 --a------ C:\WINDOWS\system32\wucltui.dll 2007-07-30 19:19 325976 --a------ C:\WINDOWS\system32\dllcache\wucltui.dll 2007-07-30 19:19 203096 --a------ C:\WINDOWS\system32\wuweb.dll 2007-07-30 19:19 203096 --a------ C:\WINDOWS\system32\dllcache\wuweb.dll 2007-07-30 19:19 1712984 --a------ C:\WINDOWS\system32\wuaueng.dll 2007-07-30 19:19 1712984 --a------ C:\WINDOWS\system32\dllcache\wuaueng.dll 2007-07-30 19:18 33624 --a------ C:\WINDOWS\system32\wups.dll 2007-07-30 19:18 33624 --a------ C:\WINDOWS\system32\dllcache\wups.dll 2007-07-20 16:47 40310 --a------ C:\WINDOWS\system32\adspipe-uninst.exe 2007-06-26 16:15 662016 --a------ C:\WINDOWS\system32\dllcache\wininet.dll 2007-06-26 15:58 851968 --a------ C:\WINDOWS\system32\dllcache\vgx.dll 2007-06-26 08:10 1104896 --a------ C:\WINDOWS\system32\msxml3.dll 2007-06-26 08:10 1104896 --a------ C:\WINDOWS\system32\dllcache\msxml3.dll 2007-06-19 15:33 282112 --a------ C:\WINDOWS\system32\gdi32.dll 2007-06-19 15:33 282112 --a------ C:\WINDOWS\system32\dllcache\gdi32.dll 2007-06-14 20:11 96768 --a------ C:\WINDOWS\system32\dllcache\inseng.dll 2007-06-14 20:11 616960 --a------ C:\WINDOWS\system32\dllcache\urlmon.dll 2007-06-14 20:11 55808 --a------ C:\WINDOWS\system32\dllcache\extmgr.dll 2007-06-14 20:11 532480 --a------ C:\WINDOWS\system32\dllcache\mstime.dll 2007-06-14 20:11 474624 --a------ C:\WINDOWS\system32\dllcache\shlwapi.dll 2007-06-14 20:11 449024 --a------ C:\WINDOWS\system32\dllcache\mshtmled.dll 2007-06-14 20:11 39424 --a------ C:\WINDOWS\system32\dllcache\pngfilt.dll 2007-06-14 20:11 357888 --a------ C:\WINDOWS\system32\dllcache\dxtmsft.dll 2007-06-14 20:11 3079680 --a------ C:\WINDOWS\system32\dllcache\mshtml.dll 2007-06-14 20:11 251392 --a------ C:\WINDOWS\system32\dllcache\iepeers.dll 2007-06-14 20:11 205312 --a------ C:\WINDOWS\system32\dllcache\dxtrans.dll 2007-06-14 20:11 16384 --a------ C:\WINDOWS\system32\dllcache\jsproxy.dll 2007-06-14 20:11 151552 --a------ C:\WINDOWS\system32\dllcache\cdfview.dll 2007-06-14 20:11 1494528 --a------ C:\WINDOWS\system32\dllcache\shdocvw.dll 2007-06-14 20:11 146432 --a------ C:\WINDOWS\system32\dllcache\msrating.dll 2007-06-14 20:11 1057280 --a------ C:\WINDOWS\system32\dllcache\danim.dll 2007-06-14 20:11 1023488 --a------ C:\WINDOWS\system32\dllcache\browseui.dll 2007-06-14 16:07 18432 --a------ C:\WINDOWS\system32\dllcache\iedw.exe 2007-06-13 15:24 1036800 --a------ C:\WINDOWS\system32\dllcache\explorer.exe 2007-06-13 15:24 1036800 --a------ C:\WINDOWS\explorer.exe 2005-05-11 23:36 12288 --a--c--- C:\WINDOWS\Fonts\RandFont.dll . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4865F155-CE00-4E93-A414-147844D7C81A}] C:\WINDOWS\system32\tcbllifs.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BCBCEE7B-2001-4971-B991-EB6E81C96CC5}] C:\WINDOWS\system32\adspipe.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C07F60AC-688D-4F3E-89EC-30B281BDD2CC}] C:\WINDOWS\system32\asclteaq.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe" [2005-11-10 14:03] "hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 11:04] "IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2005-06-08 13:02] "HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2005-06-08 12:59] "Persistence"="C:\WINDOWS\system32\igfxpers.exe" [2005-06-08 13:03] "SoundMan"="SOUNDMAN.EXE" [2005-05-03 20:43 C:\WINDOWS\SOUNDMAN.EXE] "AlcWzrd"="ALCWZRD.EXE" [2005-05-04 12:01 C:\WINDOWS\ALCWZRD.EXE] "HPHUPD08"="c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe" [2005-06-02 01:35] "KBD"="C:\HP\KBD\KBD.EXE" [2005-02-02 18:44] "Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2004-04-14 15:43] "PS2"="C:\WINDOWS\system32\ps2.exe" [2004-10-25 17:17] "HP Software Update"="C:\Program Files\HP\HP Software Update\HPwuSchd2.exe" [2005-05-11 23:12] "LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2005-07-19 18:32] "LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [2005-06-08 16:24] "LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [2005-06-08 16:14] "mnu"="C:\Program Files\Wanadoo\NL\Mnu\igomnu.exe" [2005-01-19 19:35] "nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2007-01-24 20:06] "WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2007-05-15 00:22] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "LogitechSoftwareUpdate"="C:\Program Files\Logitech\Video\ManifestEngine.exe" [2005-06-08 15:44] "mnu"="C:\Program Files\Wanadoo\NL\Mnu\igomnu.exe" [2005-01-19 19:35] C:\DOCUME~1\ALLUSE~1\MENUST~1\PROGRA~1\OPSTAR~1\ BTTray.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [2005-09-19 17:02:54] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Adobe Reader Snelle start.lnk] path=C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\Adobe Reader Snelle start.lnk backup=C:\WINDOWS\pss\Adobe Reader Snelle start.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^HP Digital Imaging Monitor.lnk] path=C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\HP Digital Imaging Monitor.lnk backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^HP_Eigenaar^Menu Start^Programma's^Opstarten^Adobe Gamma.lnk] path=C:\Documents and Settings\HP_Eigenaar\Menu Start\Programma's\Opstarten\Adobe Gamma.lnk backup=C:\WINDOWS\pss\Adobe Gamma.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^HP_Eigenaar^Menu Start^Programma's^Opstarten^OpenOffice.org 2.0 .lnk] path=C:\Documents and Settings\HP_Eigenaar\Menu Start\Programma's\Opstarten\OpenOffice.org 2.0 .lnk backup=C:\WINDOWS\pss\OpenOffice.org 2.0 .lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\adstart] C:\WINDOWS\System32\Rundll32.exe "C:\WINDOWS\system32\adspipe.dll" DllVerify [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~1.DLL,ClientStartup -s [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCDrProfiler] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Reminder] "C:\Windows\Creator\Remind_XP.exe" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Snelkoppeling naar eigenschappenvenster voor High Definition Audio] HDAShCut.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9 S3 PhilCam8116;Logitech QuickCam Pro 3000(PID_08B0);C:\WINDOWS\system32\DRIVERS\CamDrL21.sys . ************************************************************************** catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-09-11 22:34:22 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... C:\WINDOWS\system32\cmd.exe [1844] 0xFF1B8DA0 scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2007-09-11 22:35:43 C:\ComboFix-quarantined-files.txt ... 2007-09-11 22:35 C:\ComboFix2.txt ... 2007-09-11 22:02 C:\ComboFix3.txt ... 2007-09-11 21:01 . --- E O F ---
  • Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 22:39:45, on 11-9-2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe C:\windows\system\hpsysdrv.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\WINDOWS\SOUNDMAN.EXE C:\WINDOWS\ALCWZRD.EXE C:\HP\KBD\KBD.EXE C:\Program Files\HP\HP Software Update\HPwuSchd2.exe C:\WINDOWS\system32\LVCOMSX.EXE C:\Program Files\Logitech\Video\LogiTray.exe C:\Program Files\Eset\nod32kui.exe C:\Program Files\Winamp\winampa.exe C:\Program Files\Wanadoo\NL\Mnu\igomnu.exe C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\Program Files\Eset\nod32krn.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Logitech\Video\FxSvr2.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\WINDOWS\explorer.exe C:\WINDOWS\system32\notepad.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: MSTBR - {10CA15EA-C0A5-7CAF-B9E9-B8B2A87EFE11} - C:\PROGRA~1\Wanadoo\GLOBAL\Mstbr\mstbr.dll O2 - BHO: RunBus Class - {4865F155-CE00-4E93-A414-147844D7C81A} - C:\WINDOWS\system32\tcbllifs.dll (file missing) O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll O2 - BHO: AD Bot - {BCBCEE7B-2001-4971-B991-EB6E81C96CC5} - C:\WINDOWS\system32\adspipe.dll (file missing) O2 - BHO: Hoja Class - {C07F60AC-688D-4F3E-89EC-30B281BDD2CC} - C:\WINDOWS\system32\asclteaq.dll (file missing) O3 - Toolbar: MSTBR - {10CA15EA-C0A5-7CAF-B9E9-B8B2A87EFE11} - C:\PROGRA~1\Wanadoo\GLOBAL\Mstbr\mstbr.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE O4 - HKLM\..\Run: [HPHUPD08] c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe O4 - HKLM\..\Run: [mnu] C:\Program Files\Wanadoo\NL\Mnu\igomnu.exe /S:T O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot O4 - HKCU\..\Run: [mnu] C:\Program Files\Wanadoo\NL\Mnu\igomnu.exe /S:T O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice') O4 - Global Startup: BTTray.lnk = ? O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Verzenden naar &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\WINDOWS\system32\shdocvw.dll O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra button: Verbindingshelp - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm O9 - Extra 'Tools' menuitem: Verbindingshelp - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by109fd.bay109.hotmail.msn.com/resources/MsnPUpld.cab O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://partyflock.nl/components/ImageUploader4.cab O16 - DPF: {91F52A42-C10D-49A7-B941-882C657C604F} (Installation Helper Object) - http://kitcentral.wanadoo.nl/download/install/win32/nl/instwact/instwact.dll O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.5 Control) - http://partyflock.nl/components/ImageUploader3.cab O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by7fd.bay7.hotmail.msn.com/activex/HMAtchmt.ocx O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: iPod-service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe -- End of file - 7506 bytes
  • Snap ook echt niet wat ik aan het doen ben :P Kan je dat miss uitleggen?
  • Je had o.a. last van een Vundo en een newnet infectie. Deze wou ik verwijderen met combofix, enkel bleven er nog wat hardnekkige bestandjes achter die ik later met CFscript wou verwijderen, tesamen met enkele regels fixen. De DLL bestanden waren malware, alleen de goede laten we staan. Start Hijackthis, kies voor [i:7973da4907]'Do a system scan only'[/i:7973da4907] en vink onderstaande regels aan: [b:7973da4907] O2 - BHO: RunBus Class - {4865F155-CE00-4E93-A414-147844D7C81A} - C:\WINDOWS\system32\tcbllifs.dll (file missing) O2 - BHO: AD Bot - {BCBCEE7B-2001-4971-B991-EB6E81C96CC5} - C:\WINDOWS\system32\adspipe.dll (file missing) O2 - BHO: Hoja Class - {C07F60AC-688D-4F3E-89EC-30B281BDD2CC} - C:\WINDOWS\system32\asclteaq.dll (file missing) [/b:7973da4907] Sluit nu [u:7973da4907]alle[/u:7973da4907] openstaande vensters, behalve Hijackthis en klik op [b:7973da4907]Fix Checked[/b:7973da4907]. Download [url=http://download.bleepingcomputer.com/oldtimer/OTMoveIt.exe]OTmoveit[/url] en plaats het op je [u:7973da4907]bureaublad[/u:7973da4907] [list:7973da4907] * Dubbelklik op [b:7973da4907]OTMoveIt.exe[/b:7973da4907] om de tool te starten. * Kopiëer (selecteren en druk Ctrl-C) [b:7973da4907]alle[/b:7973da4907] onderstaande, vetgedrukte, blauwe tekst : [color=blue:7973da4907][b:7973da4907] C:\WINDOWS\system32\BastaYa.exe C:\WINDOWS\system32\netverchk.Vexe C:\WINDOWS\system32\adspipe-uninst.exe [/b:7973da4907][/color:7973da4907] * Plak de gekopiëerde tekst (druk Ctrl-V) in het "[b:7973da4907]Paste List of Files/Folders to be moved[/b:7973da4907]" venster * Klik op de rode [color=red:7973da4907]MoveIt![/color:7973da4907] knop * [b:7973da4907]Kopiëer en plak de inhoud van het rechter resultaat-venster in je volgende antwoord.[/b:7973da4907] * Sluit OTMoveIt. Indien een bestand of map niet onmiddellijk kan verplaatst worden, kun je gevraagd worden om de PC te herstarten teneinde het verplaatsen te beeïndigen. Klik dan op [b:7973da4907]Ja/Yes[/b:7973da4907]. [/list:u:7973da4907] Plaats het resultaat van Otmoveit in je volgende antwoord tesamen met een nieuw Combofix en Hijackthis logje! Succes! P
  • C:\WINDOWS\system32\BastaYa.exe moved successfully. C:\WINDOWS\system32\netverchk.Vexe moved successfully. C:\WINDOWS\system32\adspipe-uninst.exe moved successfully. Created on 09-11-2007 23:28:44 en nu is het goed?
  • Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 23:29:32, on 11-9-2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe C:\windows\system\hpsysdrv.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\WINDOWS\SOUNDMAN.EXE C:\WINDOWS\ALCWZRD.EXE C:\HP\KBD\KBD.EXE C:\Program Files\HP\HP Software Update\HPwuSchd2.exe C:\WINDOWS\system32\LVCOMSX.EXE C:\Program Files\Logitech\Video\LogiTray.exe C:\Program Files\Eset\nod32kui.exe C:\Program Files\Winamp\winampa.exe C:\Program Files\Wanadoo\NL\Mnu\igomnu.exe C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\Program Files\Eset\nod32krn.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Logitech\Video\FxSvr2.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\explorer.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: MSTBR - {10CA15EA-C0A5-7CAF-B9E9-B8B2A87EFE11} - C:\PROGRA~1\Wanadoo\GLOBAL\Mstbr\mstbr.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll O3 - Toolbar: MSTBR - {10CA15EA-C0A5-7CAF-B9E9-B8B2A87EFE11} - C:\PROGRA~1\Wanadoo\GLOBAL\Mstbr\mstbr.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE O4 - HKLM\..\Run: [HPHUPD08] c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe O4 - HKLM\..\Run: [mnu] C:\Program Files\Wanadoo\NL\Mnu\igomnu.exe /S:T O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot O4 - HKCU\..\Run: [mnu] C:\Program Files\Wanadoo\NL\Mnu\igomnu.exe /S:T O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice') O4 - Global Startup: BTTray.lnk = ? O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Verzenden naar &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\WINDOWS\system32\shdocvw.dll O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra button: Verbindingshelp - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm O9 - Extra 'Tools' menuitem: Verbindingshelp - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by109fd.bay109.hotmail.msn.com/resources/MsnPUpld.cab O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://partyflock.nl/components/ImageUploader4.cab O16 - DPF: {91F52A42-C10D-49A7-B941-882C657C604F} (Installation Helper Object) - http://kitcentral.wanadoo.nl/download/install/win32/nl/instwact/instwact.dll O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.5 Control) - http://partyflock.nl/components/ImageUploader3.cab O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by7fd.bay7.hotmail.msn.com/activex/HMAtchmt.ocx O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: iPod-service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe -- End of file - 7137 bytes
  • geen bestanden meer die missen.. das goed toch :D

Beantwoord deze vraag

Weet jij het antwoord op deze vraag? Registreer of meld je aan met je account

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.