Vraag & Antwoord

Beveiliging & privacy

win32\fotomoto

34 antwoorden
  • Sins een aantal dagen geeft mijn pc de hele tijd aan dat hij win32\fotomoto vind op mijn pc en ik kom er maar niet vanaf. dus dacht ik dat weten jullie vast wel. Logfile of Trend Micro HijackThis v2.0.0 (BETA) Scan saved at 11:50:39, on 12-12-2007 Platform: Windows XP SP2 (WinNT 5.01.2600) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\LEXPPS.EXE C:\WINDOWS\Explorer.EXE C:\Program Files\Network Associates\Common Framework\FrameworkService.exe C:\Program Files\Network Associates\VirusScan\Mcshield.exe C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe C:\Program Files\Eset\nod32krn.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe C:\Program Files\Windows Defender\MSASCui.exe C:\WINDOWS\system32\svehost.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\BitTorrent\bittorrent.exe C:\Program Files\Microsoft ActiveSync\wcescomm.exe C:\PROGRA~1\MICROS~3\rapimgr.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\WINDOWS\system32\jhjsixsk.exe C:\Documents and Settings\Greup\Bureaublad\HiJackThis_v2.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.nl/0SENLNL/SAOS01 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=56626&homepage=http://www.home.nl/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: StumbleUpon Launcher - {145B29F4-A56B-4b90-BBAC-45784EBEBBB7} - C:\Program Files\StumbleUpon\StumbleUponIEBar.dll (file missing) O2 - BHO: (no name) - {4A54500A-65FE-4F4A-B860-20EAE2F577F9} - C:\WINDOWS\system32\gebbcay.dll (file missing) O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: {612a641c-ef49-220b-f3f4-bf176d605157} - {751506d6-71fb-4f3f-b022-94fec146a216} - C:\WINDOWS\system32\xjqyghhu.dll O2 - BHO: (no name) - {79B3844B-6DAC-4B78-B0B8-C99D8BBDCD50} - C:\WINDOWS\system32\iifgfec.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO: (no name) - {AA94BC74-AECD-45F3-A861-AC0FDEB3E3F6} - C:\WINDOWS\system32\efccy.dll O3 - Toolbar: StumbleUpon Toolbar - {5093EB4C-3E93-40AB-9266-B607BA87BDC8} - C:\Program Files\StumbleUpon\StumbleUponIEBar.dll (file missing) O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe" O4 - HKLM\..\Run: [WireLessMouse] C:\Program Files\TCM\TCM Mouse Only\MouseDrv.exe O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide O4 - HKLM\..\Run: [Hitman Pro Expiration Helper] "C:\Program Files\Hitman Pro\xphelper.exe" O4 - HKLM\..\Run: [Microsoft Updates] svehost.exe O4 - HKLM\..\Run: [b836cf32] rundll32.exe "C:\WINDOWS\system32\fxtbrmqb.dll",b O4 - HKLM\..\RunServices: [Microsoft Updates] svehost.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1 O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe" O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Adobe Reader Snelle start.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: StumbleUpon: &Blog This - res://StumbleUponIEBar.dll/blogimage O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file) O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll O9 - Extra 'Tools' menuitem: Mobiele favorieten maken... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing) O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing) O15 - Trusted Zone: *.stumbleupon.com O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab O16 - DPF: {326A7290-FAE3-48C5-9FBA-F071633E1EB5} (VPlayer Control) - http://www.sonypictures.com/movies/casinoroyale/vividas/fulltrailer/player/vivid_ocx.jpeg O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.mail.live.com/mail/w1/resources/MSNPUpld.cab O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://cache.hyves-static.net/statics/Aurigma/ImageUploader4.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.5 Control) - http://cache.hyves.nl/statics/Aurigma/ImageUploader.cab O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/win/ActiveXPlugin.cab O16 - DPF: {A91DEB0D-AD0D-453E-9AC8-60178EC24212} (VPlayer Control) - http://www.sonypictures.com/movies/davincicode/vividas/player/vivid_ocx.jpeg O16 - DPF: {DCDC28C5-831C-43EA-9C02-78872CCCA409} (VPlayer Control) - http://video.vividas.com/CDN1/4896_sony/web/player/vivid_ocx.jpeg O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} (AxisMediaControlEmb Class) - http://88.211.191.32:9999/activex/AMC.cab O16 - DPF: {FD163A9A-A3D8-4F7D-8224-32F81AC29EDA} (VPlayer Control) - http://video.vividas.com/CDN1/5029_paramount/en/web/player/vivid_ocx.jpeg O20 - Winlogon Notify: gebbcay - gebbcay.dll (file missing) O20 - Winlogon Notify: iifgfec - C:\WINDOWS\SYSTEM32\iifgfec.dll O21 - SSODL: Java - {D6E48699-47E5-420D-9378-117205F2FAF4} - java32.dll (file missing) O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: DomainService - - C:\WINDOWS\system32\jhjsixsk.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe O23 - Service: PC Tools Auxiliary Service (sdAuxService) - Unknown owner - C:\Program Files\Spyware Doctor\svcntaux.exe (file missing) O23 - Service: PC Tools Security Service (sdCoreService) - Unknown owner - C:\Program Files\Spyware Doctor\swdsvc.exe (file missing) O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe -- End of file - 10656 bytes
  • Je gebruikt een verouderde versie van Hijackthis, download de nieuwste versie en werk daarmee: http://www.trendsecure.com/portal/en-US/threat_analytics/HJTInstall.exe Download [url=http://downloads.andymanchesta.com/RemovalTools/SDFix.exe]SDFix[/url] naar je bureaublad. [list:7c88233f97] Dubbelklikken op SDFix.exe om het uit te pakken. Print onderstaande instrukties uit of kopieer ze naar een .txt bestand. Start op in [url=http://www.virushelp.nl/veilige_modus.htm]Veilige modus[/url] Open de uitgepakte SDFix folder (meestal hier te vinden: C:\SDFix) en dubbelklik [b:7c88233f97]RunThis.bat[/b:7c88233f97] om het script te starten. Typ [b:7c88233f97]Y[/b:7c88233f97] om de fix te beginnen en volg de instructie's. Druk op een toets als het nodig is. De computer zal herstarten. Dit duurt langer dan gewoonlijk. SDFix zal verder gaan met het verwijderen. Wacht tot er wordt gevraagt om op een toets te drukken. Het Bureaublad zal verschijnen en er zal een logje openen. Post de inhoud van dat logje samen met een nieuw Hijackthislogje. [/list:u:7c88233f97] Download [url=http://download.bleepingcomputer.com/sUBs/Beta/ComboFix.exe]Combofix[/url] naar je Bureaublad. Indien je Combofix al eerder hebt gebruikt, gelieve die versie te verwijderen en Combofix opnieuw te downloaden via bovenstaande link, want Combofix wordt dagelijks geupdate. OPMERKING: indien je, tijdens of na het downloaden van Combofix of tijdens het gebruik van Combofix een melding krijgt van je Antivirus- of een andere realtime scanner, schakel dan deze scanner uit en [b:7c88233f97]download Combofix opnieuw[/b:7c88233f97]. Sommige scanners zien bepaalde componenten die Combofix gebruikt als verdacht en gaan deze blokkeren of verwijderen! [list:7c88233f97] Dubbelklik [b:7c88233f97]Combofix.exe[/b:7c88233f97] Volg de instructies, aanvaard de disclaimer door "[b:7c88233f97]1[/b:7c88233f97]" te typen en te bevestigen via "[b:7c88233f97]Enter[/b:7c88233f97]". Tijdens het runnen van de fix, [b:7c88233f97]NIET[/b:7c88233f97] in het venster klikken, want dit zal je pc doen vasthangen.[/list:u:7c88233f97] Wanneer de fix voltooid is en na herstart, zal de log combofix.txt openen. [i:7c88233f97]Plaats deze log in je volgende post samen met een nieuw HijackThis log.[/i:7c88233f97] Succes! Pim :)
  • Hier heb je de nieuwe hijackthis gevolgd door de combofix log. Auke-Jan Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 13:04:16, on 12-12-2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\LEXPPS.EXE C:\Program Files\Network Associates\Common Framework\FrameworkService.exe C:\Program Files\Network Associates\VirusScan\Mcshield.exe C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe C:\Program Files\Eset\nod32krn.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe C:\Program Files\Windows Defender\MSASCui.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\BitTorrent\bittorrent.exe C:\Program Files\Microsoft ActiveSync\wcescomm.exe C:\PROGRA~1\MICROS~3\rapimgr.exe C:\WINDOWS\system32\notepad.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=56626&homepage=http://www.home.nl/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: StumbleUpon Launcher - {145B29F4-A56B-4b90-BBAC-45784EBEBBB7} - C:\Program Files\StumbleUpon\StumbleUponIEBar.dll (file missing) O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O3 - Toolbar: StumbleUpon Toolbar - {5093EB4C-3E93-40AB-9266-B607BA87BDC8} - C:\Program Files\StumbleUpon\StumbleUponIEBar.dll (file missing) O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe" O4 - HKLM\..\Run: [WireLessMouse] C:\Program Files\TCM\TCM Mouse Only\MouseDrv.exe O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide O4 - HKLM\..\Run: [Hitman Pro Expiration Helper] "C:\Program Files\Hitman Pro\xphelper.exe" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1 O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe" O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Adobe Reader Snelle start.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: StumbleUpon: &Blog This - res://StumbleUponIEBar.dll/blogimage O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file) O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll O9 - Extra 'Tools' menuitem: Mobiele favorieten maken... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing) O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing) O15 - Trusted Zone: *.stumbleupon.com O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab O16 - DPF: {326A7290-FAE3-48C5-9FBA-F071633E1EB5} (VPlayer Control) - http://www.sonypictures.com/movies/casinoroyale/vividas/fulltrailer/player/vivid_ocx.jpeg O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.mail.live.com/mail/w1/resources/MSNPUpld.cab O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://cache.hyves-static.net/statics/Aurigma/ImageUploader4.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.5 Control) - http://cache.hyves.nl/statics/Aurigma/ImageUploader.cab O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/win/ActiveXPlugin.cab O16 - DPF: {A91DEB0D-AD0D-453E-9AC8-60178EC24212} (VPlayer Control) - http://www.sonypictures.com/movies/davincicode/vividas/player/vivid_ocx.jpeg O16 - DPF: {DCDC28C5-831C-43EA-9C02-78872CCCA409} (VPlayer Control) - http://video.vividas.com/CDN1/4896_sony/web/player/vivid_ocx.jpeg O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} (AxisMediaControlEmb Class) - http://88.211.191.32:9999/activex/AMC.cab O16 - DPF: {FD163A9A-A3D8-4F7D-8224-32F81AC29EDA} (VPlayer Control) - http://video.vividas.com/CDN1/5029_paramount/en/web/player/vivid_ocx.jpeg O20 - Winlogon Notify: gebbcay - gebbcay.dll (file missing) O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe O23 - Service: PC Tools Auxiliary Service (sdAuxService) - Unknown owner - C:\Program Files\Spyware Doctor\svcntaux.exe (file missing) O23 - Service: PC Tools Security Service (sdCoreService) - Unknown owner - C:\Program Files\Spyware Doctor\swdsvc.exe (file missing) O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe -- End of file - 9334 bytes ComboFix 07-12-12.3 - Greup 2007-12-12 12:40:36.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1043.18.251 [GMT 1:00] Gestart vanuit: C:\Documents and Settings\Greup\Bureaublad\ComboFix.exe * Nieuw herstelpunt werd aangemaakt . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Program Files\autorun.inf C:\WINDOWS\system32\awtrpon.dll C:\WINDOWS\system32\ayftiksg.dll C:\WINDOWS\system32\bqmrbtxf.ini C:\WINDOWS\system32\cbxyawv.dll C:\WINDOWS\system32\cliapidk.exe C:\WINDOWS\system32\drivers\npf.sys C:\WINDOWS\system32\efccy.dll C:\WINDOWS\system32\exiqabii.exe C:\WINDOWS\system32\fxtbrmqb.dll C:\WINDOWS\system32\gpkqfgiw.exe C:\WINDOWS\system32\iifgfec.dll C:\WINDOWS\system32\imhhicwa.dll C:\WINDOWS\system32\imxsxjri.dll C:\WINDOWS\system32\jhjsixsk.exe C:\WINDOWS\system32\jpjwqffq.dll C:\WINDOWS\system32\ljjhheb.dll C:\WINDOWS\system32\opnoopo.dll C:\WINDOWS\system32\packet.dll C:\WINDOWS\system32\pmnmkhi.dll C:\WINDOWS\system32\rhiicxsb.dll C:\WINDOWS\system32\tmkexmsn.dll C:\WINDOWS\system32\tuvvtrs.dll C:\WINDOWS\system32\upncyxbr.exe C:\WINDOWS\system32\utycvsrl.dll C:\WINDOWS\system32\wddfalos.exe C:\WINDOWS\system32\wpcap.dll C:\WINDOWS\system32\xjqyghhu.dll C:\WINDOWS\system32\xxyyyab.dll C:\WINDOWS\system32\yayxuut.dll C:\WINDOWS\system32\yayywwt.dll C:\WINDOWS\system32\yccfe.bak1 C:\WINDOWS\system32\yccfe.bak2 C:\WINDOWS\system32\yccfe.ini C:\WINDOWS\system32\ydaybhrm.dll C:\WINDOWS\system32\yxnctsrj.dll C:\WINDOWS\system32\yyqyerem.dll . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\LEGACY_DOMAINSERVICE -------\DomainService -------\NPF (((((((((((((((((((( Bestanden Gemaakt van 2007-11-12 to 2007-12-12 )))))))))))))))))))))))))))))) . 2007-12-12 12:13 . 2007-12-12 12:13 <DIR> d-------- C:\WINDOWS\ERUNT 2007-12-12 12:01 . 2007-12-12 12:01 <DIR> d-------- C:\Program Files\Trend Micro 2007-12-12 11:43 . 2007-09-05 23:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe 2007-12-12 11:43 . 2006-04-27 16:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe 2007-12-12 11:43 . 2003-06-05 20:13 53,248 --a------ C:\WINDOWS\system32\Process.exe 2007-12-12 11:43 . 2004-07-31 17:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe 2007-12-12 11:43 . 2007-10-03 23:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe 2007-12-12 11:35 . 2007-12-12 11:37 3,624 --a------ C:\WINDOWS\system32\tmp.reg 2007-12-10 20:34 . 2007-12-10 20:34 <DIR> d-------- C:\Program Files\K-Lite Codec Pack 2007-12-10 19:21 . 2007-12-12 09:33 916,805 ---hs---- C:\WINDOWS\system32\psbooijk.ini 2007-12-09 19:21 . 2007-12-10 11:59 835,060 ---hs---- C:\WINDOWS\system32\aevyfnac.ini 2007-12-08 07:31 . 2007-12-09 19:16 834,940 ---hs---- C:\WINDOWS\system32\cmmfjumj.ini 2007-12-06 21:20 . 2007-12-08 07:29 860,932 ---hs---- C:\WINDOWS\system32\lrbcoact.ini 2007-12-06 11:00 . 2007-12-06 21:11 807,828 ---hs---- C:\WINDOWS\system32\nnmwosbq.ini 2007-12-04 21:21 . 2007-12-06 10:50 807,588 ---hs---- C:\WINDOWS\system32\vuweurwa.ini 2007-12-04 21:11 . 2007-12-04 21:12 4,156 --a------ C:\WINDOWS\system32\twinfphq.dll 2007-12-03 22:25 . 2007-12-03 22:25 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\SurfRight 2007-12-03 15:17 . 2007-12-03 15:17 792,276 ---hs---- C:\WINDOWS\system32\dxfcbflq.ini 2007-12-03 14:49 . 2007-12-03 14:49 792,276 ---hs---- C:\WINDOWS\system32\godrdvcr.ini 2007-12-03 14:43 . 2007-12-03 14:43 4,160 --a------ C:\WINDOWS\system32\jvleubre.dll 2007-12-03 11:10 . 2007-12-03 11:10 <DIR> d-------- C:\Program Files\SurfRight 2007-12-03 11:10 . 2007-12-03 11:10 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SurfRight 2007-12-02 14:49 . 2007-12-02 14:49 793,664 ---hs---- C:\WINDOWS\system32\ykewlnbx.ini 2007-12-02 14:46 . 2007-12-02 14:46 4,156 --a------ C:\WINDOWS\system32\elfahxwo.dll 2007-12-01 14:51 . 2007-12-01 14:51 793,664 ---hs---- C:\WINDOWS\system32\qxxkgyue.ini 2007-12-01 14:41 . 2007-12-01 14:42 4,156 --a------ C:\WINDOWS\system32\xaytcrpj.dll 2007-11-28 16:29 . 2007-11-28 16:30 161 --a------ C:\WINDOWS\system32\temp_0000_85-19.aok 2007-11-28 16:25 . 2007-11-28 16:25 162 --a------ C:\WINDOWS\system32\test.aok 2007-11-28 16:01 . 2007-11-28 16:01 36,864 --a------ C:\WINDOWS\system32\gebbcay.dll__DELETE_ON_REBOOT 2007-11-28 16:00 . 2007-11-28 16:00 33,824 --a------ C:\WINDOWS\system32\drivers\oreans32.sys 2007-11-28 15:07 . 2002-10-05 07:04 921,600 --a------ C:\WINDOWS\system32\vorbisenc.dll 2007-11-28 15:07 . 2004-01-11 08:02 258,048 --a------ C:\WINDOWS\system32\GplMpgDec.ax 2007-11-28 15:07 . 2002-10-07 02:42 237,568 --a------ C:\WINDOWS\system32\OggDS.dll 2007-11-28 15:07 . 2002-10-05 07:04 188,416 --a------ C:\WINDOWS\system32\vorbis.dll 2007-11-28 15:07 . 2007-04-12 14:19 129,024 --a------ C:\WINDOWS\system32\AVERM.dll 2007-11-28 15:07 . 2002-10-05 07:04 45,056 --a------ C:\WINDOWS\system32\ogg.dll 2007-11-28 15:07 . 2006-09-26 13:57 28,672 --a------ C:\WINDOWS\system32\AVEQT.dll 2007-11-28 15:03 . 2007-11-28 17:26 <DIR> d-------- C:\Program Files\Allok 3gp psp mp4 ipod video converter 2007-11-28 13:16 . 2007-11-28 13:16 <DIR> d-------- C:\Program Files\Xilisoft 2007-11-27 18:49 . 2007-11-28 17:20 <DIR> d-------- C:\Program Files\Ultra Mobile 3GP Video Converter 2007-11-27 18:16 . 2006-03-29 00:35 475,136 --a------ C:\WINDOWS\system32\SkinCrafter.dll 2007-11-27 18:16 . 2007-03-09 09:35 208,896 --a------ C:\WINDOWS\system32\VideoEdit.ocx 2007-11-27 18:16 . 2007-03-09 09:37 139,264 --a------ C:\WINDOWS\system32\viscomqtde.dll 2007-11-27 18:16 . 2007-03-09 09:36 81,920 --a------ C:\WINDOWS\system32\viscomwave.dll 2007-11-27 16:48 . 2005-10-21 02:47 30,592 --------- C:\WINDOWS\system32\drivers\rndismpx.sys 2007-11-27 16:48 . 2005-10-21 02:47 12,800 --------- C:\WINDOWS\system32\drivers\usb8023x.sys 2007-11-27 16:47 . 2007-11-27 16:47 <DIR> d-------- C:\Program Files\Microsoft ActiveSync 2007-11-27 16:46 . 2007-11-27 16:46 <DIR> d-------- C:\Program Files\Windows Mobile-hulpbronnen 2007-11-26 14:33 . 2007-11-26 13:44 804,106 --a------ C:\WINDOWS\Roulette Cheat Guide.pdf 2007-11-22 16:37 . 2007-11-22 16:37 46,892 --a------ C:\Documents and Settings\Greup\ytmakn.exe 2007-11-21 10:43 . 2007-11-21 10:43 46,892 --a------ C:\Documents and Settings\Greup\lmehvm.exe 2007-11-21 10:23 . 2007-11-21 10:23 46,892 --a------ C:\Documents and Settings\Greup\haiohf.exe 2007-11-21 10:04 . 2007-11-21 10:04 46,892 --a------ C:\Documents and Settings\Greup\dobykz.exe 2007-11-21 09:57 . 2007-11-21 09:57 46,892 --a------ C:\Documents and Settings\Greup\jofzek.exe 2007-11-19 16:27 . 2007-11-19 16:27 46,892 --a------ C:\Documents and Settings\Greup\xtbtvj.exe 2007-11-19 15:41 . 2007-11-19 15:41 244 --ah----- C:\sqmnoopt12.sqm 2007-11-19 15:41 . 2007-11-19 15:41 232 --ah----- C:\sqmdata12.sqm 2007-11-19 15:13 . 2007-11-19 15:13 244 --ah----- C:\sqmnoopt11.sqm 2007-11-19 15:13 . 2007-11-19 15:13 232 --ah----- C:\sqmdata11.sqm 2007-11-19 14:42 . 2007-11-19 14:42 244 --ah----- C:\sqmnoopt10.sqm 2007-11-19 14:42 . 2007-11-19 14:42 232 --ah----- C:\sqmdata10.sqm 2007-11-19 14:41 . 2007-11-19 14:41 244 --ah----- C:\sqmnoopt09.sqm 2007-11-19 14:41 . 2007-11-19 14:41 232 --ah----- C:\sqmdata09.sqm 2007-11-19 14:29 . 2007-11-19 14:29 244 --ah----- C:\sqmnoopt08.sqm 2007-11-19 14:29 . 2007-11-19 14:29 232 --ah----- C:\sqmdata08.sqm 2007-11-19 14:22 . 2007-11-19 14:22 244 --ah----- C:\sqmnoopt07.sqm 2007-11-19 14:22 . 2007-11-19 14:22 232 --ah----- C:\sqmdata07.sqm 2007-11-19 13:40 . 2007-11-19 13:40 244 --ah----- C:\sqmnoopt06.sqm 2007-11-19 13:40 . 2007-11-19 13:40 232 --ah----- C:\sqmdata06.sqm 2007-11-19 13:08 . 2007-11-19 13:08 244 --ah----- C:\sqmnoopt05.sqm 2007-11-19 13:08 . 2007-11-19 13:08 232 --ah----- C:\sqmdata05.sqm 2007-11-19 12:25 . 2007-10-17 12:24 2,526,800 --a------ C:\WINDOWS\Install_B4Playing.exe 2007-11-19 12:25 . 2007-10-17 12:22 842,148 --a------ C:\WINDOWS\B4Playing Bonus Guide.pdf 2007-11-19 12:25 . 2007-11-18 14:32 112 --a------ C:\WINDOWS\B4Playing, the Smart Casino & Poker Players' Tool.url 2007-11-13 13:40 . 2007-11-13 13:40 <DIR> d-------- C:\Poker . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2007-12-12 11:54 --------- d-----w C:\Program Files\Hitman Pro 2007-12-12 11:08 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP 2007-12-06 20:47 --------- d-----w C:\Program Files\Lexmark X1100 Series 2007-12-03 10:33 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2007-11-28 13:33 --------- d-----w C:\Documents and Settings\Greup\Application Data\BitTorrent 2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys 2007-11-07 15:50 --------- d-----w C:\Program Files\MSN Messenger 2007-11-05 12:14 --------- d-----w C:\Documents and Settings\Greup\Application Data\PC Tools 2007-11-05 12:13 --------- d-----w C:\Documents and Settings\LocalService\Application Data\Webroot 2007-11-05 12:12 164 ----a-w C:\install.dat 2007-11-05 12:12 --------- d-----w C:\Program Files\Webroot 2007-11-05 12:12 --------- d-----w C:\Documents and Settings\Greup\Application Data\Webroot 2007-11-05 12:12 --------- d-----w C:\Documents and Settings\All Users\Application Data\Webroot 2007-11-05 12:08 512,096 ----a-w C:\WINDOWS\system32\drivers\amon.sys 2007-11-05 12:08 15,424 ----a-w C:\WINDOWS\system32\drivers\nod32drv.sys 2007-11-05 11:57 --------- d-----w C:\Program Files\SpywareBlaster 2007-11-05 11:57 --------- d-----w C:\Documents and Settings\All Users\Application Data\Prevx 2007-11-03 19:26 --------- d-----w C:\Program Files\LimeWire 2007-10-19 13:29 --------- d-----w C:\Program Files\Panerai 2007-10-14 13:09 --------- d-----w C:\Program Files\BitTorrent 2006-10-18 09:09 30,066 ----a-w C:\WINDOWS\Fonts\walt_disney_script.zip 2006-06-22 12:35 6,704 ----a-w C:\Program Files\Pirates readme.txt 2006-06-20 22:40 883,162,283 ----a-w C:\Program Files\Data11.cab 2006-06-20 22:40 703,224 ----a-w C:\Program Files\Pirates of the Caribbean.msi 2006-06-20 22:40 1,936 ----a-w C:\Program Files\Setup.ini 2006-06-20 22:14 365,654,016 ----a-w C:\Program Files\Data1.cab 2005-11-13 22:49 5,693 ----a-w C:\Program Files\[u:c827e2970f]0[/u:c827e2970f]x0409.ini 2005-11-13 22:44 1,822,520 ----a-w C:\Program Files\instmsiw.exe 2005-11-13 22:44 1,708,856 ----a-w C:\Program Files\instmsia.exe . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 13:00] "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [] "updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 15:45] "BitTorrent"="C:\Program Files\BitTorrent\bittorrent.exe" [2007-09-08 00:01] "H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 18:34] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Lexmark X1100 Series"="C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe" [2003-08-19 15:41] "WireLessMouse"="C:\Program Files\TCM\TCM Mouse Only\MouseDrv.exe" [] "RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 20:24] "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2006-06-21 09:15] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-09-11 19:29] "ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2006-09-14 16:18] "ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2006-09-14 16:18] "ShStatEXE"="C:\Program Files\Network Associates\VirusScan\SHSTAT.exe" [2004-09-22 19:00] "McAfeeUpdaterUI"="C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" [2004-08-06 02:50] "Network Associates Error Reporting Service"="C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe" [2003-10-07 08:48] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe" [2005-04-13 02:48] "Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 18:20] "Hitman Pro Expiration Helper"="C:\Program Files\Hitman Pro\xphelper.exe" [2007-01-30 14:41] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 13:00] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\gebbcay] gebbcay.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice] @="" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice] @="" R1 NaiAvTdi1;NaiAvTdi1;C:\WINDOWS\system32\drivers\mvstdi5x.sys R1 oreans32;oreans32;\??\C:\WINDOWS\system32\drivers\oreans32.sys S1 ctredrv.sys;ctredrv.sys;\??\C:\WINDOWS\system32\drivers\ctredrv.sys *Newly Created Service* - ENTDRV51 . Inhoud van de 'Gedeelde Taken' map "2007-12-12 11:31:46 C:\WINDOWS\Tasks\MP Scheduled Scan.job" - C:\Program Files\Windows Defender\MpCmdRun.exe . ************************************************************************** catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-12-12 12:54:42 Windows 5.1.2600 Service Pack 2 NTFS scannen van verborgen processen ... scannen van verborgen autostart items ... scannen van verborgen bestanden ... Scan succesvol afgerond verborgen bestanden: 0 ************************************************************************** . Voltooingstijd: 2007-12-12 12:57:53 - machine was rebooted . 2007-12-12 09:36:12 --- E O F ---
  • 1. Start hijackthis, kies voor 'Do a system scan only' en vink onderstaande regels aan: [b:4f61aa38d7] O2 - BHO: StumbleUpon Launcher - {145B29F4-A56B-4b90-BBAC-45784EBEBBB7} - C:\Program Files\StumbleUpon\StumbleUponIEBar.dll (file missing) O3 - Toolbar: StumbleUpon Toolbar - {5093EB4C-3E93-40AB-9266-B607BA87BDC8} - C:\Program Files\StumbleUpon\StumbleUponIEBar.dll (file missing) O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file) [/b:4f61aa38d7] Indien je onderstaande Vertrouwde website niet zelf hebt ingesteld, kan je deze regel ook aanvinken: [b:4f61aa38d7]O15 - Trusted Zone: *.stumbleupon.com[/b:4f61aa38d7] Vink ook nog aan: [b:4f61aa38d7]O20 - Winlogon Notify: gebbcay - gebbcay.dll (file missing) [/b:4f61aa38d7] Sluit nu alle openstaande vensters, behalve Hijackthis en klik op 'fix checked' 2. Open Kladblok, kopiëer en plak het volgende (vetgedrukte tekst) in een leeg venster: [b:4f61aa38d7] File:: C:\WINDOWS\system32\psbooijk.ini C:\WINDOWS\system32\aevyfnac.ini C:\WINDOWS\system32\cmmfjumj.ini C:\WINDOWS\system32\lrbcoact.ini C:\WINDOWS\system32\nnmwosbq.ini C:\WINDOWS\system32\vuweurwa.ini C:\WINDOWS\system32\twinfphq.dll C:\WINDOWS\system32\godrdvcr.ini C:\WINDOWS\system32\dxfcbflq.ini C:\WINDOWS\system32\jvleubre.dll C:\WINDOWS\system32\ykewlnbx.ini C:\WINDOWS\system32\elfahxwo.dll C:\WINDOWS\system32\qxxkgyue.ini C:\WINDOWS\system32\xaytcrpj.dll Registry:: [-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\gebbcay] [/b:4f61aa38d7] Sla dit op op je Bureaublad als [b:4f61aa38d7]CFScript.txt[/b:4f61aa38d7] Sleep [b:4f61aa38d7]CFScript.txt[/b:4f61aa38d7] in [b:4f61aa38d7]ComboFix.exe[/b:4f61aa38d7] zoals getoond in onderstaand voorbeeld : [img:4f61aa38d7]http://img.photobucket.com/albums/v666/sUBs/CFScript.gif[/img:4f61aa38d7] Dit zal [b:4f61aa38d7]ComboFix[/b:4f61aa38d7] doen herstarten. Start opnieuw op als daarom gevraagd wordt en post de inhoud van de Combofix.txt in je volgende antwoord samen met een nieuw HijackThislogje. Hoe is het met je problemen? Pim
  • Hoi Pim, Volgens mij werkt het maar ik weet er niet zo heel veel van......... :P Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 13:48:56, on 12-12-2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\LEXPPS.EXE C:\Program Files\Network Associates\Common Framework\FrameworkService.exe C:\Program Files\Network Associates\VirusScan\Mcshield.exe C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe C:\Program Files\Eset\nod32krn.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe C:\Program Files\Windows Defender\MSASCui.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\BitTorrent\bittorrent.exe C:\Program Files\Microsoft ActiveSync\wcescomm.exe C:\PROGRA~1\MICROS~3\rapimgr.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\WINDOWS\explorer.exe C:\WINDOWS\system32\notepad.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=56626&homepage=http://www.home.nl/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe" O4 - HKLM\..\Run: [WireLessMouse] C:\Program Files\TCM\TCM Mouse Only\MouseDrv.exe O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide O4 - HKLM\..\Run: [Hitman Pro Expiration Helper] "C:\Program Files\Hitman Pro\xphelper.exe" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1 O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe" O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Adobe Reader Snelle start.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: StumbleUpon: &Blog This - res://StumbleUponIEBar.dll/blogimage O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll O9 - Extra 'Tools' menuitem: Mobiele favorieten maken... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing) O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing) O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab O16 - DPF: {326A7290-FAE3-48C5-9FBA-F071633E1EB5} (VPlayer Control) - http://www.sonypictures.com/movies/casinoroyale/vividas/fulltrailer/player/vivid_ocx.jpeg O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.mail.live.com/mail/w1/resources/MSNPUpld.cab O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://cache.hyves-static.net/statics/Aurigma/ImageUploader4.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.5 Control) - http://cache.hyves.nl/statics/Aurigma/ImageUploader.cab O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/win/ActiveXPlugin.cab O16 - DPF: {A91DEB0D-AD0D-453E-9AC8-60178EC24212} (VPlayer Control) - http://www.sonypictures.com/movies/davincicode/vividas/player/vivid_ocx.jpeg O16 - DPF: {DCDC28C5-831C-43EA-9C02-78872CCCA409} (VPlayer Control) - http://video.vividas.com/CDN1/4896_sony/web/player/vivid_ocx.jpeg O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} (AxisMediaControlEmb Class) - http://88.211.191.32:9999/activex/AMC.cab O16 - DPF: {FD163A9A-A3D8-4F7D-8224-32F81AC29EDA} (VPlayer Control) - http://video.vividas.com/CDN1/5029_paramount/en/web/player/vivid_ocx.jpeg O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe O23 - Service: PC Tools Auxiliary Service (sdAuxService) - Unknown owner - C:\Program Files\Spyware Doctor\svcntaux.exe (file missing) O23 - Service: PC Tools Security Service (sdCoreService) - Unknown owner - C:\Program Files\Spyware Doctor\swdsvc.exe (file missing) O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe -- End of file - 8914 bytes ComboFix 07-12-12.3 - Greup 2007-12-12 13:42:15.2 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1043.18.218 [GMT 1:00] Gestart vanuit: C:\Documents and Settings\Greup\Bureaublad\ComboFix.exe Command switches used :: C:\Documents and Settings\Greup\Bureaublad\CFScript.txt * Nieuw herstelpunt werd aangemaakt FILE C:\WINDOWS\system32\aevyfnac.ini C:\WINDOWS\system32\cmmfjumj.ini C:\WINDOWS\system32\dxfcbflq.ini C:\WINDOWS\system32\elfahxwo.dll C:\WINDOWS\system32\godrdvcr.ini C:\WINDOWS\system32\jvleubre.dll C:\WINDOWS\system32\lrbcoact.ini C:\WINDOWS\system32\nnmwosbq.ini C:\WINDOWS\system32\psbooijk.ini C:\WINDOWS\system32\qxxkgyue.ini C:\WINDOWS\system32\twinfphq.dll C:\WINDOWS\system32\vuweurwa.ini C:\WINDOWS\system32\xaytcrpj.dll C:\WINDOWS\system32\ykewlnbx.ini . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\system32\aevyfnac.ini C:\WINDOWS\system32\cmmfjumj.ini C:\WINDOWS\system32\dxfcbflq.ini C:\WINDOWS\system32\elfahxwo.dll C:\WINDOWS\system32\godrdvcr.ini C:\WINDOWS\system32\jvleubre.dll C:\WINDOWS\system32\lrbcoact.ini C:\WINDOWS\system32\nnmwosbq.ini C:\WINDOWS\system32\psbooijk.ini C:\WINDOWS\system32\qxxkgyue.ini C:\WINDOWS\system32\twinfphq.dll C:\WINDOWS\system32\vuweurwa.ini C:\WINDOWS\system32\xaytcrpj.dll C:\WINDOWS\system32\ykewlnbx.ini . (((((((((((((((((((( Bestanden Gemaakt van 2007-11-12 to 2007-12-12 )))))))))))))))))))))))))))))) . 2007-12-12 12:13 . 2007-12-12 12:13 <DIR> d-------- C:\WINDOWS\ERUNT 2007-12-12 12:01 . 2007-12-12 12:01 <DIR> d-------- C:\Program Files\Trend Micro 2007-12-12 11:43 . 2007-09-05 23:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe 2007-12-12 11:43 . 2006-04-27 16:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe 2007-12-12 11:43 . 2003-06-05 20:13 53,248 --a------ C:\WINDOWS\system32\Process.exe 2007-12-12 11:43 . 2004-07-31 17:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe 2007-12-12 11:43 . 2007-10-03 23:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe 2007-12-12 11:35 . 2007-12-12 11:37 3,624 --a------ C:\WINDOWS\system32\tmp.reg 2007-12-10 20:34 . 2007-12-10 20:34 <DIR> d-------- C:\Program Files\K-Lite Codec Pack 2007-12-03 22:25 . 2007-12-03 22:25 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\SurfRight 2007-12-03 11:10 . 2007-12-03 11:10 <DIR> d-------- C:\Program Files\SurfRight 2007-12-03 11:10 . 2007-12-03 11:10 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SurfRight 2007-11-28 16:29 . 2007-11-28 16:30 161 --a------ C:\WINDOWS\system32\temp_0000_85-19.aok 2007-11-28 16:25 . 2007-11-28 16:25 162 --a------ C:\WINDOWS\system32\test.aok 2007-11-28 16:01 . 2007-11-28 16:01 36,864 --a------ C:\WINDOWS\system32\gebbcay.dll__DELETE_ON_REBOOT 2007-11-28 16:00 . 2007-11-28 16:00 33,824 --a------ C:\WINDOWS\system32\drivers\oreans32.sys 2007-11-28 15:07 . 2002-10-05 07:04 921,600 --a------ C:\WINDOWS\system32\vorbisenc.dll 2007-11-28 15:07 . 2004-01-11 08:02 258,048 --a------ C:\WINDOWS\system32\GplMpgDec.ax 2007-11-28 15:07 . 2002-10-07 02:42 237,568 --a------ C:\WINDOWS\system32\OggDS.dll 2007-11-28 15:07 . 2002-10-05 07:04 188,416 --a------ C:\WINDOWS\system32\vorbis.dll 2007-11-28 15:07 . 2007-04-12 14:19 129,024 --a------ C:\WINDOWS\system32\AVERM.dll 2007-11-28 15:07 . 2002-10-05 07:04 45,056 --a------ C:\WINDOWS\system32\ogg.dll 2007-11-28 15:07 . 2006-09-26 13:57 28,672 --a------ C:\WINDOWS\system32\AVEQT.dll 2007-11-28 15:03 . 2007-11-28 17:26 <DIR> d-------- C:\Program Files\Allok 3gp psp mp4 ipod video converter 2007-11-28 13:16 . 2007-11-28 13:16 <DIR> d-------- C:\Program Files\Xilisoft 2007-11-27 18:49 . 2007-11-28 17:20 <DIR> d-------- C:\Program Files\Ultra Mobile 3GP Video Converter 2007-11-27 18:16 . 2006-03-29 00:35 475,136 --a------ C:\WINDOWS\system32\SkinCrafter.dll 2007-11-27 18:16 . 2007-03-09 09:35 208,896 --a------ C:\WINDOWS\system32\VideoEdit.ocx 2007-11-27 18:16 . 2007-03-09 09:37 139,264 --a------ C:\WINDOWS\system32\viscomqtde.dll 2007-11-27 18:16 . 2007-03-09 09:36 81,920 --a------ C:\WINDOWS\system32\viscomwave.dll 2007-11-27 16:48 . 2005-10-21 02:47 30,592 --------- C:\WINDOWS\system32\drivers\rndismpx.sys 2007-11-27 16:48 . 2005-10-21 02:47 12,800 --------- C:\WINDOWS\system32\drivers\usb8023x.sys 2007-11-27 16:47 . 2007-11-27 16:47 <DIR> d-------- C:\Program Files\Microsoft ActiveSync 2007-11-27 16:46 . 2007-11-27 16:46 <DIR> d-------- C:\Program Files\Windows Mobile-hulpbronnen 2007-11-26 14:33 . 2007-11-26 13:44 804,106 --a------ C:\WINDOWS\Roulette Cheat Guide.pdf 2007-11-22 16:37 . 2007-11-22 16:37 46,892 --a------ C:\Documents and Settings\Greup\ytmakn.exe 2007-11-21 10:43 . 2007-11-21 10:43 46,892 --a------ C:\Documents and Settings\Greup\lmehvm.exe 2007-11-21 10:23 . 2007-11-21 10:23 46,892 --a------ C:\Documents and Settings\Greup\haiohf.exe 2007-11-21 10:04 . 2007-11-21 10:04 46,892 --a------ C:\Documents and Settings\Greup\dobykz.exe 2007-11-21 09:57 . 2007-11-21 09:57 46,892 --a------ C:\Documents and Settings\Greup\jofzek.exe 2007-11-19 16:27 . 2007-11-19 16:27 46,892 --a------ C:\Documents and Settings\Greup\xtbtvj.exe 2007-11-19 15:41 . 2007-11-19 15:41 244 --ah----- C:\sqmnoopt12.sqm 2007-11-19 15:41 . 2007-11-19 15:41 232 --ah----- C:\sqmdata12.sqm 2007-11-19 15:13 . 2007-11-19 15:13 244 --ah----- C:\sqmnoopt11.sqm 2007-11-19 15:13 . 2007-11-19 15:13 232 --ah----- C:\sqmdata11.sqm 2007-11-19 14:42 . 2007-11-19 14:42 244 --ah----- C:\sqmnoopt10.sqm 2007-11-19 14:42 . 2007-11-19 14:42 232 --ah----- C:\sqmdata10.sqm 2007-11-19 14:41 . 2007-11-19 14:41 244 --ah----- C:\sqmnoopt09.sqm 2007-11-19 14:41 . 2007-11-19 14:41 232 --ah----- C:\sqmdata09.sqm 2007-11-19 14:29 . 2007-11-19 14:29 244 --ah----- C:\sqmnoopt08.sqm 2007-11-19 14:29 . 2007-11-19 14:29 232 --ah----- C:\sqmdata08.sqm 2007-11-19 14:22 . 2007-11-19 14:22 244 --ah----- C:\sqmnoopt07.sqm 2007-11-19 14:22 . 2007-11-19 14:22 232 --ah----- C:\sqmdata07.sqm 2007-11-19 13:40 . 2007-11-19 13:40 244 --ah----- C:\sqmnoopt06.sqm 2007-11-19 13:40 . 2007-11-19 13:40 232 --ah----- C:\sqmdata06.sqm 2007-11-19 13:08 . 2007-11-19 13:08 244 --ah----- C:\sqmnoopt05.sqm 2007-11-19 13:08 . 2007-11-19 13:08 232 --ah----- C:\sqmdata05.sqm 2007-11-19 12:25 . 2007-10-17 12:24 2,526,800 --a------ C:\WINDOWS\Install_B4Playing.exe 2007-11-19 12:25 . 2007-10-17 12:22 842,148 --a------ C:\WINDOWS\B4Playing Bonus Guide.pdf 2007-11-19 12:25 . 2007-11-18 14:32 112 --a------ C:\WINDOWS\B4Playing, the Smart Casino & Poker Players' Tool.url 2007-11-13 13:40 . 2007-11-13 13:40 <DIR> d-------- C:\Poker . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2007-12-12 11:54 --------- d-----w C:\Program Files\Hitman Pro 2007-12-12 11:08 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP 2007-12-06 20:47 --------- d-----w C:\Program Files\Lexmark X1100 Series 2007-12-03 10:33 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2007-11-28 13:33 --------- d-----w C:\Documents and Settings\Greup\Application Data\BitTorrent 2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys 2007-11-07 15:50 --------- d-----w C:\Program Files\MSN Messenger 2007-11-05 12:14 --------- d-----w C:\Documents and Settings\Greup\Application Data\PC Tools 2007-11-05 12:13 --------- d-----w C:\Documents and Settings\LocalService\Application Data\Webroot 2007-11-05 12:12 164 ----a-w C:\install.dat 2007-11-05 12:12 --------- d-----w C:\Program Files\Webroot 2007-11-05 12:12 --------- d-----w C:\Documents and Settings\Greup\Application Data\Webroot 2007-11-05 12:12 --------- d-----w C:\Documents and Settings\All Users\Application Data\Webroot 2007-11-05 12:08 512,096 ----a-w C:\WINDOWS\system32\drivers\amon.sys 2007-11-05 12:08 298,104 ----a-w C:\WINDOWS\system32\imon.dll 2007-11-05 12:08 15,424 ----a-w C:\WINDOWS\system32\drivers\nod32drv.sys 2007-11-05 11:57 --------- d-----w C:\Program Files\SpywareBlaster 2007-11-05 11:57 --------- d-----w C:\Documents and Settings\All Users\Application Data\Prevx 2007-11-03 19:26 --------- d-----w C:\Program Files\LimeWire 2007-10-29 22:45 1,291,776 ----a-w C:\WINDOWS\system32\quartz.dll 2007-10-25 08:28 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll 2007-10-19 13:29 --------- d-----w C:\Program Files\Panerai 2007-10-14 13:09 --------- d-----w C:\Program Files\BitTorrent 2006-10-18 09:09 30,066 ----a-w C:\WINDOWS\Fonts\walt_disney_script.zip 2006-06-22 12:35 6,704 ----a-w C:\Program Files\Pirates readme.txt 2006-06-20 22:40 883,162,283 ----a-w C:\Program Files\Data11.cab 2006-06-20 22:40 703,224 ----a-w C:\Program Files\Pirates of the Caribbean.msi 2006-06-20 22:40 1,936 ----a-w C:\Program Files\Setup.ini 2006-06-20 22:14 365,654,016 ----a-w C:\Program Files\Data1.cab 2005-11-13 22:49 5,693 ----a-w C:\Program Files\[u:2f93e268ac]0[/u:2f93e268ac]x0409.ini 2005-11-13 22:44 1,822,520 ----a-w C:\Program Files\instmsiw.exe 2005-11-13 22:44 1,708,856 ----a-w C:\Program Files\instmsia.exe . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 13:00] "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [] "updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 15:45] "BitTorrent"="C:\Program Files\BitTorrent\bittorrent.exe" [2007-09-08 00:01] "H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 18:34] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Lexmark X1100 Series"="C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe" [2003-08-19 15:41] "WireLessMouse"="C:\Program Files\TCM\TCM Mouse Only\MouseDrv.exe" [] "RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 20:24] "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2006-06-21 09:15] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-09-11 19:29] "ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2006-09-14 16:18] "ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2006-09-14 16:18] "ShStatEXE"="C:\Program Files\Network Associates\VirusScan\SHSTAT.exe" [2004-09-22 19:00] "McAfeeUpdaterUI"="C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" [2004-08-06 02:50] "Network Associates Error Reporting Service"="C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe" [2003-10-07 08:48] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe" [2005-04-13 02:48] "Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 18:20] "Hitman Pro Expiration Helper"="C:\Program Files\Hitman Pro\xphelper.exe" [2007-01-30 14:41] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 13:00] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice] @="" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice] @="" R1 NaiAvTdi1;NaiAvTdi1;C:\WINDOWS\system32\drivers\mvstdi5x.sys R1 oreans32;oreans32;\??\C:\WINDOWS\system32\drivers\oreans32.sys S1 ctredrv.sys;ctredrv.sys;\??\C:\WINDOWS\system32\drivers\ctredrv.sys *Newly Created Service* - ENTDRV51 . Inhoud van de 'Gedeelde Taken' map "2007-12-12 11:57:18 C:\WINDOWS\Tasks\MP Scheduled Scan.job" - C:\Program Files\Windows Defender\MpCmdRun.exe . ************************************************************************** catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-12-12 13:45:21 Windows 5.1.2600 Service Pack 2 NTFS scannen van verborgen processen ... scannen van verborgen autostart items ... scannen van verborgen bestanden ... Scan succesvol afgerond verborgen bestanden: 0 ************************************************************************** . Voltooingstijd: 2007-12-12 13:46:37 C:\ComboFix2.txt ... 2007-12-12 12:57 . 2007-12-12 09:36:12 --- E O F ---
  • Eentje gemist :( Verwijder de tekst uit [b:e7faaace6c]CFscript[/b:e7faaace6c] en plaats de volgende tekst erin: [b:e7faaace6c] File:: C:\WINDOWS\system32\gebbcay.dll [/b:e7faaace6c] Sleep deze opnieuw in Combofix via bovenstaande instructies en post het logje.
  • ComboFix 07-12-12.3 - Greup 2007-12-13 14:19:09.3 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1043.18.249 [GMT 1:00] Gestart vanuit: C:\Documents and Settings\Greup\Bureaublad\ComboFix.exe Command switches used :: C:\Documents and Settings\Greup\Bureaublad\CFScript.txt * Nieuw herstelpunt werd aangemaakt FILE C:\WINDOWS\system32\gebbcay.dll . (((((((((((((((((((( Bestanden Gemaakt van 2007-11-13 to 2007-12-13 )))))))))))))))))))))))))))))) . 2007-12-12 12:13 . 2007-12-12 12:13 <DIR> d-------- C:\WINDOWS\ERUNT 2007-12-12 12:01 . 2007-12-12 12:01 <DIR> d-------- C:\Program Files\Trend Micro 2007-12-12 11:43 . 2007-09-05 23:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe 2007-12-12 11:43 . 2006-04-27 16:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe 2007-12-12 11:43 . 2003-06-05 20:13 53,248 --a------ C:\WINDOWS\system32\Process.exe 2007-12-12 11:43 . 2004-07-31 17:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe 2007-12-12 11:43 . 2007-10-03 23:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe 2007-12-12 11:35 . 2007-12-12 11:37 3,624 --a------ C:\WINDOWS\system32\tmp.reg 2007-12-10 20:34 . 2007-12-10 20:34 <DIR> d-------- C:\Program Files\K-Lite Codec Pack 2007-12-03 22:25 . 2007-12-03 22:25 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\SurfRight 2007-12-03 11:10 . 2007-12-03 11:10 <DIR> d-------- C:\Program Files\SurfRight 2007-12-03 11:10 . 2007-12-03 11:10 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SurfRight 2007-11-28 16:29 . 2007-11-28 16:30 161 --a------ C:\WINDOWS\system32\temp_0000_85-19.aok 2007-11-28 16:25 . 2007-11-28 16:25 162 --a------ C:\WINDOWS\system32\test.aok 2007-11-28 16:01 . 2007-11-28 16:01 36,864 --a------ C:\WINDOWS\system32\gebbcay.dll__DELETE_ON_REBOOT 2007-11-28 16:00 . 2007-11-28 16:00 33,824 --a------ C:\WINDOWS\system32\drivers\oreans32.sys 2007-11-28 15:07 . 2002-10-05 07:04 921,600 --a------ C:\WINDOWS\system32\vorbisenc.dll 2007-11-28 15:07 . 2004-01-11 08:02 258,048 --a------ C:\WINDOWS\system32\GplMpgDec.ax 2007-11-28 15:07 . 2002-10-07 02:42 237,568 --a------ C:\WINDOWS\system32\OggDS.dll 2007-11-28 15:07 . 2002-10-05 07:04 188,416 --a------ C:\WINDOWS\system32\vorbis.dll 2007-11-28 15:07 . 2007-04-12 14:19 129,024 --a------ C:\WINDOWS\system32\AVERM.dll 2007-11-28 15:07 . 2002-10-05 07:04 45,056 --a------ C:\WINDOWS\system32\ogg.dll 2007-11-28 15:07 . 2006-09-26 13:57 28,672 --a------ C:\WINDOWS\system32\AVEQT.dll 2007-11-28 15:03 . 2007-11-28 17:26 <DIR> d-------- C:\Program Files\Allok 3gp psp mp4 ipod video converter 2007-11-28 13:16 . 2007-11-28 13:16 <DIR> d-------- C:\Program Files\Xilisoft 2007-11-27 18:49 . 2007-11-28 17:20 <DIR> d-------- C:\Program Files\Ultra Mobile 3GP Video Converter 2007-11-27 18:16 . 2006-03-29 00:35 475,136 --a------ C:\WINDOWS\system32\SkinCrafter.dll 2007-11-27 18:16 . 2007-03-09 09:35 208,896 --a------ C:\WINDOWS\system32\VideoEdit.ocx 2007-11-27 18:16 . 2007-03-09 09:37 139,264 --a------ C:\WINDOWS\system32\viscomqtde.dll 2007-11-27 18:16 . 2007-03-09 09:36 81,920 --a------ C:\WINDOWS\system32\viscomwave.dll 2007-11-27 16:48 . 2005-10-21 02:47 30,592 --------- C:\WINDOWS\system32\drivers\rndismpx.sys 2007-11-27 16:48 . 2005-10-21 02:47 12,800 --------- C:\WINDOWS\system32\drivers\usb8023x.sys 2007-11-27 16:47 . 2007-11-27 16:47 <DIR> d-------- C:\Program Files\Microsoft ActiveSync 2007-11-27 16:46 . 2007-11-27 16:46 <DIR> d-------- C:\Program Files\Windows Mobile-hulpbronnen 2007-11-26 14:33 . 2007-11-26 13:44 804,106 --a------ C:\WINDOWS\Roulette Cheat Guide.pdf 2007-11-22 16:37 . 2007-11-22 16:37 46,892 --a------ C:\Documents and Settings\Greup\ytmakn.exe 2007-11-21 10:43 . 2007-11-21 10:43 46,892 --a------ C:\Documents and Settings\Greup\lmehvm.exe 2007-11-21 10:23 . 2007-11-21 10:23 46,892 --a------ C:\Documents and Settings\Greup\haiohf.exe 2007-11-21 10:04 . 2007-11-21 10:04 46,892 --a------ C:\Documents and Settings\Greup\dobykz.exe 2007-11-21 09:57 . 2007-11-21 09:57 46,892 --a------ C:\Documents and Settings\Greup\jofzek.exe 2007-11-19 16:27 . 2007-11-19 16:27 46,892 --a------ C:\Documents and Settings\Greup\xtbtvj.exe 2007-11-19 15:41 . 2007-11-19 15:41 244 --ah----- C:\sqmnoopt12.sqm 2007-11-19 15:41 . 2007-11-19 15:41 232 --ah----- C:\sqmdata12.sqm 2007-11-19 15:13 . 2007-11-19 15:13 244 --ah----- C:\sqmnoopt11.sqm 2007-11-19 15:13 . 2007-11-19 15:13 232 --ah----- C:\sqmdata11.sqm 2007-11-19 14:42 . 2007-11-19 14:42 244 --ah----- C:\sqmnoopt10.sqm 2007-11-19 14:42 . 2007-11-19 14:42 232 --ah----- C:\sqmdata10.sqm 2007-11-19 14:41 . 2007-11-19 14:41 244 --ah----- C:\sqmnoopt09.sqm 2007-11-19 14:41 . 2007-11-19 14:41 232 --ah----- C:\sqmdata09.sqm 2007-11-19 14:29 . 2007-11-19 14:29 244 --ah----- C:\sqmnoopt08.sqm 2007-11-19 14:29 . 2007-11-19 14:29 232 --ah----- C:\sqmdata08.sqm 2007-11-19 14:22 . 2007-11-19 14:22 244 --ah----- C:\sqmnoopt07.sqm 2007-11-19 14:22 . 2007-11-19 14:22 232 --ah----- C:\sqmdata07.sqm 2007-11-19 13:40 . 2007-11-19 13:40 244 --ah----- C:\sqmnoopt06.sqm 2007-11-19 13:40 . 2007-11-19 13:40 232 --ah----- C:\sqmdata06.sqm 2007-11-19 13:08 . 2007-11-19 13:08 244 --ah----- C:\sqmnoopt05.sqm 2007-11-19 13:08 . 2007-11-19 13:08 232 --ah----- C:\sqmdata05.sqm 2007-11-19 12:25 . 2007-10-17 12:24 2,526,800 --a------ C:\WINDOWS\Install_B4Playing.exe 2007-11-19 12:25 . 2007-10-17 12:22 842,148 --a------ C:\WINDOWS\B4Playing Bonus Guide.pdf 2007-11-19 12:25 . 2007-11-18 14:32 112 --a------ C:\WINDOWS\B4Playing, the Smart Casino & Poker Players' Tool.url 2007-11-13 13:40 . 2007-11-13 13:40 <DIR> d-------- C:\Poker . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2007-12-13 13:12 --------- d-----w C:\Program Files\Hitman Pro 2007-12-12 11:08 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP 2007-12-06 20:47 --------- d-----w C:\Program Files\Lexmark X1100 Series 2007-12-03 10:33 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2007-11-28 13:33 --------- d-----w C:\Documents and Settings\Greup\Application Data\BitTorrent 2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys 2007-11-07 15:50 --------- d-----w C:\Program Files\MSN Messenger 2007-11-05 12:14 --------- d-----w C:\Documents and Settings\Greup\Application Data\PC Tools 2007-11-05 12:13 --------- d-----w C:\Documents and Settings\LocalService\Application Data\Webroot 2007-11-05 12:12 164 ----a-w C:\install.dat 2007-11-05 12:12 --------- d-----w C:\Program Files\Webroot 2007-11-05 12:12 --------- d-----w C:\Documents and Settings\Greup\Application Data\Webroot 2007-11-05 12:12 --------- d-----w C:\Documents and Settings\All Users\Application Data\Webroot 2007-11-05 12:08 512,096 ----a-w C:\WINDOWS\system32\drivers\amon.sys 2007-11-05 12:08 298,104 ----a-w C:\WINDOWS\system32\imon.dll 2007-11-05 12:08 15,424 ----a-w C:\WINDOWS\system32\drivers\nod32drv.sys 2007-11-05 11:57 --------- d-----w C:\Program Files\SpywareBlaster 2007-11-05 11:57 --------- d-----w C:\Documents and Settings\All Users\Application Data\Prevx 2007-11-03 19:26 --------- d-----w C:\Program Files\LimeWire 2007-10-29 22:45 1,291,776 ----a-w C:\WINDOWS\system32\quartz.dll 2007-10-25 08:28 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll 2007-10-19 13:29 --------- d-----w C:\Program Files\Panerai 2007-10-14 13:09 --------- d-----w C:\Program Files\BitTorrent 2006-10-18 09:09 30,066 ----a-w C:\WINDOWS\Fonts\walt_disney_script.zip 2006-06-22 12:35 6,704 ----a-w C:\Program Files\Pirates readme.txt 2006-06-20 22:40 883,162,283 ----a-w C:\Program Files\Data11.cab 2006-06-20 22:40 703,224 ----a-w C:\Program Files\Pirates of the Caribbean.msi 2006-06-20 22:40 1,936 ----a-w C:\Program Files\Setup.ini 2006-06-20 22:14 365,654,016 ----a-w C:\Program Files\Data1.cab 2005-11-13 22:49 5,693 ----a-w C:\Program Files\[u:71cc540937]0[/u:71cc540937]x0409.ini 2005-11-13 22:44 1,822,520 ----a-w C:\Program Files\instmsiw.exe 2005-11-13 22:44 1,708,856 ----a-w C:\Program Files\instmsia.exe . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 13:00] "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [] "updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 15:45] "BitTorrent"="C:\Program Files\BitTorrent\bittorrent.exe" [2007-09-08 00:01] "H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 18:34] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Lexmark X1100 Series"="C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe" [2003-08-19 15:41] "WireLessMouse"="C:\Program Files\TCM\TCM Mouse Only\MouseDrv.exe" [] "RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 20:24] "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2006-06-21 09:15] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-09-11 19:29] "ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2006-09-14 16:18] "ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2006-09-14 16:18] "ShStatEXE"="C:\Program Files\Network Associates\VirusScan\SHSTAT.exe" [2004-09-22 19:00] "McAfeeUpdaterUI"="C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" [2004-08-06 02:50] "Network Associates Error Reporting Service"="C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe" [2003-10-07 08:48] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe" [2005-04-13 02:48] "Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 18:20] "Hitman Pro Expiration Helper"="C:\Program Files\Hitman Pro\xphelper.exe" [2007-01-30 14:41] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 13:00] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice] @="" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice] @="" R1 NaiAvTdi1;NaiAvTdi1;C:\WINDOWS\system32\drivers\mvstdi5x.sys R1 oreans32;oreans32;\??\C:\WINDOWS\system32\drivers\oreans32.sys S1 ctredrv.sys;ctredrv.sys;\??\C:\WINDOWS\system32\drivers\ctredrv.sys . Inhoud van de 'Gedeelde Taken' map "2007-12-13 13:15:23 C:\WINDOWS\Tasks\MP Scheduled Scan.job" - C:\Program Files\Windows Defender\MpCmdRun.exe . ************************************************************************** catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-12-13 14:22:00 Windows 5.1.2600 Service Pack 2 NTFS scannen van verborgen processen ... scannen van verborgen autostart items ... scannen van verborgen bestanden ... Scan succesvol afgerond verborgen bestanden: 0 ************************************************************************** . Voltooingstijd: 2007-12-13 14:23:27 C:\ComboFix2.txt ... 2007-12-12 13:46 C:\ComboFix3.txt ... 2007-12-12 12:57 . 2007-12-12 09:36:12 --- E O F --- Volgens mij is het gelukt.... Hij gaf de melding al niet meer waar ik het in het begin over had dus nu maar hopen dat het niet weer gebeurt. Maar bedankt want daar was ik zelf echt nooit uitgekomen. Auke-Jan
  • En toch staat hij er weer :cry: Download [url=http://download.bleepingcomputer.com/oldtimer/OTMoveIt.exe]OTMoveIt[/url] (by OldTimer) naar je Bureaublad. [list] Dubbelklik op [b:7b582b489a]OTMoveIt.exe[/b:7b582b489a] om de tool te starten. Kopiëer (selecteren en druk Ctrl-C) alle onderstaande, vetgedrukte tekst: [b:7b582b489a] C:\WINDOWS\system32\gebbcay.dll [/b:7b582b489a] Plak de gekopiëerde tekst (druk Ctrl-V) in het "[b:7b582b489a]Paste List of Files/Folders to be moved" venster[/b:7b582b489a] Klik op de rode [color=red:7b582b489a]MoveIt![/color:7b582b489a] knop [b:7b582b489a]Kopiëer en plak de inhoud van het rechter resultaat-venster in je volgende antwoord.[/b:7b582b489a] Sluit [b:7b582b489a]OTMoveIt[/b:7b582b489a] Indien een bestand of map niet onmiddellijk kan verplaatst worden, kun je gevraagd worden om de PC te herstarten teneinde het verplaatsen te beeïndigen. Klik dan op [b:7b582b489a]Ja/Yes[/b:7b582b489a].
  • Krijg het niet voor elkaar krijg dit als antwoord: File/Folder C:\WINDOWS\system32\gebbcay.dll not found. Created on 12-14-2007 11:27:00 Ik weet niet wat dat betekend maar zal wel niet goed zijn.
  • Ik ga even in overleg, je hoort nog van me :)
  • Is goed ben wel een paar dagen weg dus dat moet genoeg zijn om ff goed te kunnen overleggen :P . Ben woensdag weer in de buurt van de pc :) Auke-Jan
  • Even afgekeken van Smeenk, probeer het zo eens :D Leeg alle tekst in CFscript, zet onderstaande tekst erin en sleep deze in combofix :) [b:b79f5ce131] File:: C:\WINDOWS\system32\gebbcay.dll__DELETE_ON_REBOOT [/b:b79f5ce131] Post de inhoud van de logfile in je volgende bericht.
  • Daar was ik weer :wink: ComboFix 07-12-21.4 - Greup 2007-12-21 22:30:39.4 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1043.18.251 [GMT 1:00] Gestart vanuit: C:\Documents and Settings\Greup\Bureaublad\ComboFix.exe Command switches used :: C:\Documents and Settings\Greup\Bureaublad\CFscript.txt * Nieuw herstelpunt werd aangemaakt FILE C:\WINDOWS\system32\gebbcay.dll__DELETE_ON_REBOOT . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\system32\gebbcay.dll__DELETE_ON_REBOOT . (((((((((((((((((((( Bestanden Gemaakt van 2007-11-21 to 2007-12-21 )))))))))))))))))))))))))))))) . 2007-12-12 12:13 . 2007-12-12 12:13 <DIR> d-------- C:\WINDOWS\ERUNT 2007-12-12 12:01 . 2007-12-12 12:01 <DIR> d-------- C:\Program Files\Trend Micro 2007-12-12 11:43 . 2007-09-05 23:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe 2007-12-12 11:43 . 2006-04-27 16:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe 2007-12-12 11:43 . 2003-06-05 20:13 53,248 --a------ C:\WINDOWS\system32\Process.exe 2007-12-12 11:43 . 2004-07-31 17:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe 2007-12-12 11:43 . 2007-10-03 23:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe 2007-12-12 11:35 . 2007-12-12 11:37 3,624 --a------ C:\WINDOWS\system32\tmp.reg 2007-12-10 20:34 . 2007-12-10 20:34 <DIR> d-------- C:\Program Files\K-Lite Codec Pack 2007-12-03 22:25 . 2007-12-03 22:25 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\SurfRight 2007-12-03 11:10 . 2007-12-03 11:10 <DIR> d-------- C:\Program Files\SurfRight 2007-12-03 11:10 . 2007-12-03 11:10 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SurfRight 2007-11-28 16:29 . 2007-11-28 16:30 161 --a------ C:\WINDOWS\system32\temp_0000_85-19.aok 2007-11-28 16:25 . 2007-11-28 16:25 162 --a------ C:\WINDOWS\system32\test.aok 2007-11-28 16:00 . 2007-11-28 16:00 33,824 --a------ C:\WINDOWS\system32\drivers\oreans32.sys 2007-11-28 15:07 . 2002-10-05 07:04 921,600 --a------ C:\WINDOWS\system32\vorbisenc.dll 2007-11-28 15:07 . 2004-01-11 08:02 258,048 --a------ C:\WINDOWS\system32\GplMpgDec.ax 2007-11-28 15:07 . 2002-10-07 02:42 237,568 --a------ C:\WINDOWS\system32\OggDS.dll 2007-11-28 15:07 . 2002-10-05 07:04 188,416 --a------ C:\WINDOWS\system32\vorbis.dll 2007-11-28 15:07 . 2007-04-12 14:19 129,024 --a------ C:\WINDOWS\system32\AVERM.dll 2007-11-28 15:07 . 2002-10-05 07:04 45,056 --a------ C:\WINDOWS\system32\ogg.dll 2007-11-28 15:07 . 2006-09-26 13:57 28,672 --a------ C:\WINDOWS\system32\AVEQT.dll 2007-11-28 15:03 . 2007-11-28 17:26 <DIR> d-------- C:\Program Files\Allok 3gp psp mp4 ipod video converter 2007-11-28 13:16 . 2007-11-28 13:16 <DIR> d-------- C:\Program Files\Xilisoft 2007-11-27 18:49 . 2007-11-28 17:20 <DIR> d-------- C:\Program Files\Ultra Mobile 3GP Video Converter 2007-11-27 18:16 . 2006-03-29 00:35 475,136 --a------ C:\WINDOWS\system32\SkinCrafter.dll 2007-11-27 18:16 . 2007-03-09 09:35 208,896 --a------ C:\WINDOWS\system32\VideoEdit.ocx 2007-11-27 18:16 . 2007-03-09 09:37 139,264 --a------ C:\WINDOWS\system32\viscomqtde.dll 2007-11-27 18:16 . 2007-03-09 09:36 81,920 --a------ C:\WINDOWS\system32\viscomwave.dll 2007-11-27 16:48 . 2005-10-21 02:47 30,592 --------- C:\WINDOWS\system32\drivers\rndismpx.sys 2007-11-27 16:48 . 2005-10-21 02:47 12,800 --------- C:\WINDOWS\system32\drivers\usb8023x.sys 2007-11-27 16:47 . 2007-11-27 16:47 <DIR> d-------- C:\Program Files\Microsoft ActiveSync 2007-11-27 16:46 . 2007-11-27 16:46 <DIR> d-------- C:\Program Files\Windows Mobile-hulpbronnen 2007-11-26 14:33 . 2007-11-26 13:44 804,106 --a------ C:\WINDOWS\Roulette Cheat Guide.pdf 2007-11-22 16:37 . 2007-11-22 16:37 46,892 --a------ C:\Documents and Settings\Greup\ytmakn.exe 2007-11-21 10:43 . 2007-11-21 10:43 46,892 --a------ C:\Documents and Settings\Greup\lmehvm.exe 2007-11-21 10:23 . 2007-11-21 10:23 46,892 --a------ C:\Documents and Settings\Greup\haiohf.exe 2007-11-21 10:04 . 2007-11-21 10:04 46,892 --a------ C:\Documents and Settings\Greup\dobykz.exe 2007-11-21 09:57 . 2007-11-21 09:57 46,892 --a------ C:\Documents and Settings\Greup\jofzek.exe . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2007-12-21 21:15 --------- d-----w C:\Program Files\Hitman Pro 2007-12-19 14:58 --------- d-----w C:\Program Files\Lexmark X1100 Series 2007-12-12 11:08 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP 2007-12-03 10:33 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2007-11-28 13:33 --------- d-----w C:\Documents and Settings\Greup\Application Data\BitTorrent 2007-11-19 15:27 46,892 ----a-w C:\Documents and Settings\Greup\xtbtvj.exe 2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys 2007-11-07 15:50 --------- d-----w C:\Program Files\MSN Messenger 2007-11-05 12:14 --------- d-----w C:\Documents and Settings\Greup\Application Data\PC Tools 2007-11-05 12:13 --------- d-----w C:\Documents and Settings\LocalService\Application Data\Webroot 2007-11-05 12:12 164 ----a-w C:\install.dat 2007-11-05 12:12 --------- d-----w C:\Program Files\Webroot 2007-11-05 12:12 --------- d-----w C:\Documents and Settings\Greup\Application Data\Webroot 2007-11-05 12:12 --------- d-----w C:\Documents and Settings\All Users\Application Data\Webroot 2007-11-05 12:08 512,096 ----a-w C:\WINDOWS\system32\drivers\amon.sys 2007-11-05 12:08 298,104 ----a-w C:\WINDOWS\system32\imon.dll 2007-11-05 12:08 15,424 ----a-w C:\WINDOWS\system32\drivers\nod32drv.sys 2007-11-05 11:57 --------- d-----w C:\Program Files\SpywareBlaster 2007-11-05 11:57 --------- d-----w C:\Documents and Settings\All Users\Application Data\Prevx 2007-11-03 19:26 --------- d-----w C:\Program Files\LimeWire 2007-10-29 22:45 1,291,776 ----a-w C:\WINDOWS\system32\quartz.dll 2007-10-25 08:28 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll 2007-10-17 11:24 2,526,800 ----a-w C:\WINDOWS\Install_B4Playing.exe 2006-10-18 09:09 30,066 ----a-w C:\WINDOWS\Fonts\walt_disney_script.zip 2006-06-22 12:35 6,704 ----a-w C:\Program Files\Pirates readme.txt 2006-06-20 22:40 883,162,283 ----a-w C:\Program Files\Data11.cab 2006-06-20 22:40 703,224 ----a-w C:\Program Files\Pirates of the Caribbean.msi 2006-06-20 22:40 1,936 ----a-w C:\Program Files\Setup.ini 2006-06-20 22:14 365,654,016 ----a-w C:\Program Files\Data1.cab 2005-11-13 22:49 5,693 ----a-w C:\Program Files\[u:1f29d14374]0[/u:1f29d14374]x0409.ini 2005-11-13 22:44 1,822,520 ----a-w C:\Program Files\instmsiw.exe 2005-11-13 22:44 1,708,856 ----a-w C:\Program Files\instmsia.exe . ((((((((((((((((((((((((((((( snapshot@2007-12-12_12.55.35.30 ))))))))))))))))))))))))))))))))))))))))) . + 2006-11-06 17:04:56 28,672 -c--a-w C:\WINDOWS\system32\dllcache\wceusbsh.sys + 2006-11-06 17:04:56 28,672 ----a-w C:\WINDOWS\system32\drivers\wceusbsh.sys - 2007-11-29 20:10:46 53,996 ----a-w C:\WINDOWS\system32\perfc009.dat + 2007-12-14 10:46:34 53,996 ----a-w C:\WINDOWS\system32\perfc009.dat - 2007-11-29 20:10:46 71,054 ----a-w C:\WINDOWS\system32\perfc013.dat + 2007-12-14 10:46:34 71,054 ----a-w C:\WINDOWS\system32\perfc013.dat - 2007-11-29 20:10:46 383,834 ----a-w C:\WINDOWS\system32\perfh009.dat + 2007-12-14 10:46:34 383,834 ----a-w C:\WINDOWS\system32\perfh009.dat - 2007-11-29 20:10:46 446,016 ----a-w C:\WINDOWS\system32\perfh013.dat + 2007-12-14 10:46:34 446,016 ----a-w C:\WINDOWS\system32\perfh013.dat - 2007-07-22 17:39:27 279,552 ----a-w C:\WINDOWS\system32\swreg.exe + 2007-12-13 20:26:50 156,160 ----a-w C:\WINDOWS\system32\swreg.exe . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 13:00] "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [] "updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 15:45] "BitTorrent"="C:\Program Files\BitTorrent\bittorrent.exe" [2007-09-08 00:01] "H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 18:34] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Lexmark X1100 Series"="C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe" [2003-08-19 15:41] "WireLessMouse"="C:\Program Files\TCM\TCM Mouse Only\MouseDrv.exe" [] "RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 20:24] "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2006-06-21 09:15] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-09-11 19:29] "ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2006-09-14 16:18] "ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2006-09-14 16:18] "ShStatEXE"="C:\Program Files\Network Associates\VirusScan\SHSTAT.exe" [2004-09-22 19:00] "McAfeeUpdaterUI"="C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" [2004-08-06 02:50] "Network Associates Error Reporting Service"="C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe" [2003-10-07 08:48] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe" [2005-04-13 02:48] "Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 18:20] "Hitman Pro Expiration Helper"="C:\Program Files\Hitman Pro\xphelper.exe" [2007-01-30 14:41] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 13:00] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice] @="" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice] @="" R1 NaiAvTdi1;NaiAvTdi1;C:\WINDOWS\system32\drivers\mvstdi5x.sys [2004-09-22 19:00] R1 oreans32;oreans32;C:\WINDOWS\system32\drivers\oreans32.sys [2007-11-28 16:00] S1 ctredrv.sys;ctredrv.sys;C:\WINDOWS\system32\drivers\ctredrv.sys [] . Inhoud van de 'Gedeelde Taken' map "2007-12-21 21:18:31 C:\WINDOWS\Tasks\MP Scheduled Scan.job" - C:\Program Files\Windows Defender\MpCmdRun.exe . ************************************************************************** catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-12-21 22:33:39 Windows 5.1.2600 Service Pack 2 NTFS scannen van verborgen processen ... scannen van verborgen autostart items ... scannen van verborgen bestanden ... Scan succesvol afgerond verborgen bestanden: 0 ************************************************************************** . Voltooingstijd: 2007-12-21 22:34:54 C:\ComboFix2.txt ... 2007-12-13 14:23 C:\ComboFix3.txt ... 2007-12-12 13:46 . 2007-12-21 18:24:37 --- E O F ---
  • Terug van vakantie en een antwoord met dank aan Smeenk :D Open Kladblok, kopiëer en plak het volgende (vetgedrukte tekst) in een leeg venster: [b:7e77035933] File:: C:\Documents and Settings\Greup\ytmakn.exe C:\Documents and Settings\Greup\lmehvm.exe C:\Documents and Settings\Greup\haiohf.exe C:\Documents and Settings\Greup\dobykz.exe C:\Documents and Settings\Greup\jofzek.exe C:\Documents and Settings\Greup\xtbtvj.exe [/b:7e77035933] Sla dit op op je Bureaublad als [b:7e77035933]CFScript.txt[/b:7e77035933] Sleep [b:7e77035933]CFScript.txt[/b:7e77035933] in [b:7e77035933]ComboFix.exe[/b:7e77035933] zoals getoond in onderstaand voorbeeld : [img:7e77035933]http://img.photobucket.com/albums/v666/sUBs/CFScript.gif[/img:7e77035933] Dit zal [b:7e77035933]ComboFix[/b:7e77035933] doen herstarten. Start opnieuw op als daarom gevraagd wordt, en post de inhoud van de [b:7e77035933]Combofix.txt[/b:7e77035933] in je volgende antwoord samen met een nieuw HijackThislogje.
  • ComboFix 07-12-21.4 - Greup 2007-12-31 14:59:52.5 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1043.18.253 [GMT 1:00] Gestart vanuit: C:\Documents and Settings\Greup\Bureaublad\ComboFix.exe Command switches used :: C:\Documents and Settings\Greup\Bureaublad\CFScript.txt * Nieuw herstelpunt werd aangemaakt FILE C:\Documents and Settings\Greup\dobykz.exe C:\Documents and Settings\Greup\haiohf.exe C:\Documents and Settings\Greup\jofzek.exe C:\Documents and Settings\Greup\lmehvm.exe C:\Documents and Settings\Greup\xtbtvj.exe C:\Documents and Settings\Greup\ytmakn.exe . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Documents and Settings\Greup\dobykz.exe C:\Documents and Settings\Greup\haiohf.exe C:\Documents and Settings\Greup\jofzek.exe C:\Documents and Settings\Greup\lmehvm.exe C:\Documents and Settings\Greup\xtbtvj.exe C:\Documents and Settings\Greup\ytmakn.exe . (((((((((((((((((((( Bestanden Gemaakt van 2007-11-28 to 2007-12-31 )))))))))))))))))))))))))))))) . 2007-12-25 18:09 . 2007-12-25 18:09 244 --ah----- C:\sqmnoopt13.sqm 2007-12-25 18:09 . 2007-12-25 18:09 232 --ah----- C:\sqmdata13.sqm 2007-12-12 12:13 . 2007-12-12 12:13 <DIR> d-------- C:\WINDOWS\ERUNT 2007-12-12 12:01 . 2007-12-12 12:01 <DIR> d-------- C:\Program Files\Trend Micro 2007-12-12 11:43 . 2007-09-05 23:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe 2007-12-12 11:43 . 2006-04-27 16:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe 2007-12-12 11:43 . 2003-06-05 20:13 53,248 --a------ C:\WINDOWS\system32\Process.exe 2007-12-12 11:43 . 2004-07-31 17:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe 2007-12-12 11:43 . 2007-10-03 23:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe 2007-12-12 11:35 . 2007-12-12 11:37 3,624 --a------ C:\WINDOWS\system32\tmp.reg 2007-12-11 23:34 . 2007-12-11 23:34 1,044,480 --a------ C:\WINDOWS\system32\libdivx.dll 2007-12-11 23:34 . 2007-12-11 23:34 200,704 --a------ C:\WINDOWS\system32\ssldivx.dll 2007-12-10 20:34 . 2007-12-10 20:34 <DIR> d-------- C:\Program Files\K-Lite Codec Pack 2007-12-03 22:25 . 2007-12-03 22:25 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\SurfRight 2007-12-03 11:10 . 2007-12-03 11:10 <DIR> d-------- C:\Program Files\SurfRight 2007-12-03 11:10 . 2007-12-03 11:10 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SurfRight 2007-11-28 16:29 . 2007-11-28 16:30 161 --a------ C:\WINDOWS\system32\temp_0000_85-19.aok 2007-11-28 16:25 . 2007-11-28 16:25 162 --a------ C:\WINDOWS\system32\test.aok 2007-11-28 16:00 . 2007-11-28 16:00 33,824 --a------ C:\WINDOWS\system32\drivers\oreans32.sys 2007-11-28 15:07 . 2002-10-05 07:04 921,600 --a------ C:\WINDOWS\system32\vorbisenc.dll 2007-11-28 15:07 . 2004-01-11 08:02 258,048 --a------ C:\WINDOWS\system32\GplMpgDec.ax 2007-11-28 15:07 . 2002-10-07 02:42 237,568 --a------ C:\WINDOWS\system32\OggDS.dll 2007-11-28 15:07 . 2002-10-05 07:04 188,416 --a------ C:\WINDOWS\system32\vorbis.dll 2007-11-28 15:07 . 2007-04-12 14:19 129,024 --a------ C:\WINDOWS\system32\AVERM.dll 2007-11-28 15:07 . 2002-10-05 07:04 45,056 --a------ C:\WINDOWS\system32\ogg.dll 2007-11-28 15:07 . 2006-09-26 13:57 28,672 --a------ C:\WINDOWS\system32\AVEQT.dll 2007-11-28 15:03 . 2007-11-28 17:26 <DIR> d-------- C:\Program Files\Allok 3gp psp mp4 ipod video converter 2007-11-28 13:16 . 2007-11-28 13:16 <DIR> d-------- C:\Program Files\Xilisoft 2007-11-27 18:49 . 2007-11-28 17:20 <DIR> d-------- C:\Program Files\Ultra Mobile 3GP Video Converter 2007-11-27 18:16 . 2006-03-29 00:35 475,136 --a------ C:\WINDOWS\system32\SkinCrafter.dll 2007-11-27 18:16 . 2007-03-09 09:35 208,896 --a------ C:\WINDOWS\system32\VideoEdit.ocx 2007-11-27 18:16 . 2007-03-09 09:37 139,264 --a------ C:\WINDOWS\system32\viscomqtde.dll 2007-11-27 18:16 . 2007-03-09 09:36 81,920 --a------ C:\WINDOWS\system32\viscomwave.dll 2007-11-27 16:48 . 2005-10-21 02:47 30,592 --------- C:\WINDOWS\system32\drivers\rndismpx.sys 2007-11-27 16:48 . 2005-10-21 02:47 12,800 --------- C:\WINDOWS\system32\drivers\usb8023x.sys 2007-11-27 16:47 . 2007-11-27 16:47 <DIR> d-------- C:\Program Files\Microsoft ActiveSync 2007-11-27 16:46 . 2007-11-27 16:46 <DIR> d-------- C:\Program Files\Windows Mobile-hulpbronnen 2007-11-26 14:33 . 2007-11-26 13:44 804,106 --a------ C:\WINDOWS\Roulette Cheat Guide.pdf 2007-11-19 15:41 . 2007-11-19 15:41 244 --ah----- C:\sqmnoopt12.sqm 2007-11-19 15:41 . 2007-11-19 15:41 232 --ah----- C:\sqmdata12.sqm 2007-11-19 15:13 . 2007-11-19 15:13 244 --ah----- C:\sqmnoopt11.sqm 2007-11-19 15:13 . 2007-11-19 15:13 232 --ah----- C:\sqmdata11.sqm 2007-11-19 14:42 . 2007-11-19 14:42 244 --ah----- C:\sqmnoopt10.sqm 2007-11-19 14:42 . 2007-11-19 14:42 232 --ah----- C:\sqmdata10.sqm 2007-11-19 14:41 . 2007-11-19 14:41 244 --ah----- C:\sqmnoopt09.sqm 2007-11-19 14:41 . 2007-11-19 14:41 232 --ah----- C:\sqmdata09.sqm 2007-11-19 14:29 . 2007-11-19 14:29 244 --ah----- C:\sqmnoopt08.sqm 2007-11-19 14:29 . 2007-11-19 14:29 232 --ah----- C:\sqmdata08.sqm 2007-11-19 14:22 . 2007-11-19 14:22 244 --ah----- C:\sqmnoopt07.sqm 2007-11-19 14:22 . 2007-11-19 14:22 232 --ah----- C:\sqmdata07.sqm 2007-11-19 13:40 . 2007-11-19 13:40 244 --ah----- C:\sqmnoopt06.sqm 2007-11-19 13:40 . 2007-11-19 13:40 232 --ah----- C:\sqmdata06.sqm 2007-11-19 13:08 . 2007-11-19 13:08 244 --ah----- C:\sqmnoopt05.sqm 2007-11-19 13:08 . 2007-11-19 13:08 232 --ah----- C:\sqmdata05.sqm 2007-11-19 12:25 . 2007-10-17 12:24 2,526,800 --a------ C:\WINDOWS\Install_B4Playing.exe 2007-11-19 12:25 . 2007-10-17 12:22 842,148 --a------ C:\WINDOWS\B4Playing Bonus Guide.pdf 2007-11-19 12:25 . 2007-11-18 14:32 112 --a------ C:\WINDOWS\B4Playing, the Smart Casino & Poker Players' Tool.url 2007-11-13 13:40 . 2007-11-13 13:40 <DIR> d-------- C:\Poker 2007-11-05 16:30 . 2007-11-05 16:30 1,156 --a------ C:\WINDOWS\mozver.dat 2007-11-05 16:29 . 2007-11-05 16:29 0 --a------ C:\WINDOWS\nsreg.dat 2007-11-05 13:14 . 2007-11-05 13:14 <DIR> d-------- C:\Documents and Settings\Greup\Application Data\PC Tools 2007-11-05 13:14 . 2007-12-12 12:08 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP 2007-11-05 13:14 . 2007-10-04 17:10 79,688 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys 2007-11-05 13:14 . 2007-10-04 17:10 62,280 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys 2007-11-05 13:14 . 2007-10-04 17:10 41,288 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys 2007-11-05 13:14 . 2007-10-04 17:11 29,000 --a------ C:\WINDOWS\system32\drivers\kcom.sys 2007-11-05 13:13 . 2007-11-05 13:13 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\Webroot 2007-11-05 13:13 . 2005-09-23 07:29 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll 2007-11-05 13:13 . 2007-03-01 19:54 144,960 --a------ C:\WINDOWS\system32\drivers\ssidrv.sys 2007-11-05 13:13 . 2007-03-01 19:54 22,080 --a------ C:\WINDOWS\system32\drivers\sshrmd.sys 2007-11-05 13:13 . 2007-03-01 19:54 21,056 --a------ C:\WINDOWS\system32\drivers\sskbfd.sys 2007-11-05 13:13 . 2007-03-01 19:54 20,544 --a------ C:\WINDOWS\system32\drivers\SSFS0509.sys 2007-11-05 13:12 . 2007-11-05 13:12 <DIR> d-------- C:\Program Files\Webroot 2007-11-05 13:12 . 2007-11-05 13:12 <DIR> d-------- C:\Documents and Settings\Greup\Application Data\Webroot 2007-11-05 13:12 . 2007-11-05 13:12 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Webroot 2007-11-05 13:12 . 2007-11-05 13:12 164 --a------ C:\install.dat 2007-11-05 13:10 . 2007-12-03 11:33 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2007-11-05 13:09 . 2007-11-05 13:08 512,096 --a------ C:\WINDOWS\system32\drivers\amon.sys 2007-11-05 13:09 . 2007-11-05 13:08 298,104 --a------ C:\WINDOWS\system32\imon.dll 2007-11-05 13:09 . 2007-11-05 13:08 15,424 --a------ C:\WINDOWS\system32\drivers\nod32drv.sys 2007-11-05 12:57 . 2007-11-05 12:57 <DIR> d-------- C:\Program Files\SpywareBlaster 2007-11-05 12:57 . 2007-11-05 12:57 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Prevx 2007-11-05 12:34 . 2007-11-05 12:34 <DIR> d-------- C:\WINDOWS\system32\GroupPolicy 2007-11-05 12:33 . 2007-12-31 14:30 <DIR> d-------- C:\Program Files\Hitman Pro . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2007-12-23 14:06 --------- d-----w C:\Program Files\DivX 2007-12-19 14:58 --------- d-----w C:\Program Files\Lexmark X1100 Series 2007-11-28 13:33 --------- d-----w C:\Documents and Settings\Greup\Application Data\BitTorrent 2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys 2007-11-07 15:50 --------- d-----w C:\Program Files\MSN Messenger 2007-11-03 19:26 --------- d-----w C:\Program Files\LimeWire 2007-10-29 22:45 1,291,776 ----a-w C:\WINDOWS\system32\quartz.dll 2007-10-25 08:28 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll 2006-10-18 09:09 30,066 ----a-w C:\WINDOWS\Fonts\walt_disney_script.zip 2006-06-22 12:35 6,704 ----a-w C:\Program Files\Pirates readme.txt 2006-06-20 22:40 883,162,283 ----a-w C:\Program Files\Data11.cab 2006-06-20 22:40 703,224 ----a-w C:\Program Files\Pirates of the Caribbean.msi 2006-06-20 22:40 1,936 ----a-w C:\Program Files\Setup.ini 2006-06-20 22:14 365,654,016 ----a-w C:\Program Files\Data1.cab 2005-11-13 22:49 5,693 ----a-w C:\Program Files\[u:762fb3df09]0[/u:762fb3df09]x0409.ini 2005-11-13 22:44 1,822,520 ----a-w C:\Program Files\instmsiw.exe 2005-11-13 22:44 1,708,856 ----a-w C:\Program Files\instmsia.exe . ((((((((((((((((((((((((((((( snapshot@2007-12-12_12.55.35.30 ))))))))))))))))))))))))))))))))))))))))) . + 2006-11-06 17:04:56 28,672 -c--a-w C:\WINDOWS\system32\dllcache\wceusbsh.sys + 2006-11-06 17:04:56 28,672 ----a-w C:\WINDOWS\system32\drivers\wceusbsh.sys - 2007-11-29 20:10:46 53,996 ----a-w C:\WINDOWS\system32\perfc009.dat + 2007-12-14 10:46:34 53,996 ----a-w C:\WINDOWS\system32\perfc009.dat - 2007-11-29 20:10:46 71,054 ----a-w C:\WINDOWS\system32\perfc013.dat + 2007-12-14 10:46:34 71,054 ----a-w C:\WINDOWS\system32\perfc013.dat - 2007-11-29 20:10:46 383,834 ----a-w C:\WINDOWS\system32\perfh009.dat + 2007-12-14 10:46:34 383,834 ----a-w C:\WINDOWS\system32\perfh009.dat - 2007-11-29 20:10:46 446,016 ----a-w C:\WINDOWS\system32\perfh013.dat + 2007-12-14 10:46:34 446,016 ----a-w C:\WINDOWS\system32\perfh013.dat - 2007-07-22 17:39:27 279,552 ----a-w C:\WINDOWS\system32\swreg.exe + 2007-12-13 20:26:50 156,160 ----a-w C:\WINDOWS\system32\swreg.exe . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 13:00] "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [] "updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 15:45] "BitTorrent"="C:\Program Files\BitTorrent\bittorrent.exe" [2007-09-08 00:01] "H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 18:34] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Lexmark X1100 Series"="C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe" [2003-08-19 15:41] "WireLessMouse"="C:\Program Files\TCM\TCM Mouse Only\MouseDrv.exe" [] "RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 20:24] "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2006-06-21 09:15] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-09-11 19:29] "ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2006-09-14 16:18] "ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2006-09-14 16:18] "ShStatEXE"="C:\Program Files\Network Associates\VirusScan\SHSTAT.exe" [2004-09-22 19:00] "McAfeeUpdaterUI"="C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" [2004-08-06 02:50] "Network Associates Error Reporting Service"="C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe" [2003-10-07 08:48] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe" [2005-04-13 02:48] "Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 18:20] "Hitman Pro Expiration Helper"="C:\Program Files\Hitman Pro\xphelper.exe" [2007-01-30 14:41] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 13:00] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice] @="" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice] @="" R1 NaiAvTdi1;NaiAvTdi1;C:\WINDOWS\system32\drivers\mvstdi5x.sys [2004-09-22 19:00] R1 oreans32;oreans32;C:\WINDOWS\system32\drivers\oreans32.sys [2007-11-28 16:00] S1 ctredrv.sys;ctredrv.sys;C:\WINDOWS\system32\drivers\ctredrv.sys [] *Newly Created Service* - ENTDRV51 . Inhoud van de 'Gedeelde Taken' map "2007-12-31 13:33:53 C:\WINDOWS\Tasks\MP Scheduled Scan.job" - C:\Program Files\Windows Defender\MpCmdRun.exe . ************************************************************************** catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-12-31 15:03:16 Windows 5.1.2600 Service Pack 2 NTFS scannen van verborgen processen ... scannen van verborgen autostart items ... scannen van verborgen bestanden ... Scan succesvol afgerond verborgen bestanden: 0 ************************************************************************** . Voltooingstijd: 2007-12-31 15:04:32 C:\ComboFix2.txt ... 2007-12-21 22:34 C:\ComboFix3.txt ... 2007-12-13 14:23 . 2007-12-28 01:09:33 --- E O F --- Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 15:05:00, on 31-12-2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\LEXPPS.EXE C:\Program Files\Network Associates\Common Framework\FrameworkService.exe C:\Program Files\Network Associates\VirusScan\Mcshield.exe C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe C:\Program Files\Eset\nod32krn.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe C:\Program Files\Windows Defender\MSASCui.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\BitTorrent\bittorrent.exe C:\Program Files\Microsoft ActiveSync\wcescomm.exe C:\PROGRA~1\MICROS~3\rapimgr.exe C:\WINDOWS\explorer.exe C:\WINDOWS\system32\notepad.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.home.nl/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe" O4 - HKLM\..\Run: [WireLessMouse] C:\Program Files\TCM\TCM Mouse Only\MouseDrv.exe O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide O4 - HKLM\..\Run: [Hitman Pro Expiration Helper] "C:\Program Files\Hitman Pro\xphelper.exe" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1 O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe" O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Adobe Reader Snelle start.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: StumbleUpon: &Blog This - res://StumbleUponIEBar.dll/blogimage O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll O9 - Extra 'Tools' menuitem: Mobiele favorieten maken... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing) O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing) O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab O16 - DPF: {326A7290-FAE3-48C5-9FBA-F071633E1EB5} (VPlayer Control) - http://www.sonypictures.com/movies/casinoroyale/vividas/fulltrailer/player/vivid_ocx.jpeg O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.mail.live.com/mail/w1/resources/MSNPUpld.cab O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://cache.hyves-static.net/statics/Aurigma/ImageUploader4.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.5 Control) - http://cache.hyves.nl/statics/Aurigma/ImageUploader.cab O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/win/ActiveXPlugin.cab O16 - DPF: {A91DEB0D-AD0D-453E-9AC8-60178EC24212} (VPlayer Control) - http://www.sonypictures.com/movies/davincicode/vividas/player/vivid_ocx.jpeg O16 - DPF: {DCDC28C5-831C-43EA-9C02-78872CCCA409} (VPlayer Control) - http://video.vividas.com/CDN1/4896_sony/web/player/vivid_ocx.jpeg O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} (AxisMediaControlEmb Class) - http://88.211.191.32:9999/activex/AMC.cab O16 - DPF: {FD163A9A-A3D8-4F7D-8224-32F81AC29EDA} (VPlayer Control) - http://video.vividas.com/CDN1/5029_paramount/en/web/player/vivid_ocx.jpeg O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe O23 - Service: PC Tools Auxiliary Service (sdAuxService) - Unknown owner - C:\Program Files\Spyware Doctor\svcntaux.exe (file missing) O23 - Service: PC Tools Security Service (sdCoreService) - Unknown owner - C:\Program Files\Spyware Doctor\swdsvc.exe (file missing) O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe -- End of file - 8814 bytes
  • Hoe is het inmiddels met de problemen?
  • Geen last meer van gehad dus lijkt allemaal goed te gaan.
  • Ik heb er enkel nog overheen gekeken dat je meerdere virusscanners in je logfile hebt staan, NOD32 en McAfee. Meerdere virusscanners gaan elkaar tegenwerken en leiden tot onnodige traagheid. Verwijder daarom één van de twee scanners via start --> configuratiescherm --> software. Herstart je PC en post een logje ter controle.
  • als ik NOD32 probeer te verwijderen krijg ik de boodschap er is een fout opgetreden tijdens het verwijderen van NOD32 antivirus systeem. mogelijk si de instalatie van dit onderdeel al ongedaan gemaakt. wilt u NOD32 antivirus systeem uit de lijst geinstalleerde programma's verwijderen?
  • NOD32 is meegekomen met Hitman Pro, voer dit even uit: http://www.hijackthis.nl/forum/viewtopic.php?t=12603 Plaats daarna een nieuw Hijackthis log ter controle. Pim :)

Beantwoord deze vraag

Weet jij het antwoord op deze vraag? Registreer of meld je aan met je account

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.