Vraag & Antwoord

Beveiliging & privacy

Navcancl

9 antwoorden
  • Kan iemand mijn hijackthis log bekijken? Ik heb al enige tijd last van de navcancl melding als ik IE7 open. Ook merk ik dat de computer erg langzaam begint te worden. Ik heb al van alles geprobeerd, ook de workaround die door microsoft gegeven worden maar niks helpt. Weet inmiddels niet meer hoe ik het aan moet pakken. Bedankt Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 20:42:33, on 10-1-2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16574) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\SurfRight\Caretaker\CaretakerService.exe C:\Program Files\SurfRight\Caretaker\AntispamService.exe C:\Program Files\SurfRight\Caretaker\CaretakerProxy.exe C:\Program Files\SurfRight\Caretaker\CaretakerUpdater.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe C:\PROGRA~1\Casema SnelHelp\SmartBridge\MotiveSB.exe C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\WinPortrait\wpctrl.exe C:\Program Files\D-Tools\daemon.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\MSI\Live Update 3\LMonitor.exe C:\WINDOWS\system32\PuXpMan2.exe C:\Program Files\SurfRight\Caretaker\Notifier.exe C:\Program Files\Google\Gmail Notifier\G001-1.0.25.0\gnotify.exe C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe C:\Program Files\MSN Messenger\MsnMsgr.Exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\WINDOWS\System32\cisvc.exe C:\WINDOWS\NCLAUNCH.EXe C:\WINDOWS\System32\inetsrv\inetinfo.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe C:\Program Files\WinZip\WZQKPICK.EXE C:\Program Files\Mp3tag\Mp3tagQuickPick.exe C:\WINDOWS\System32\tcpsvcs.exe C:\WINDOWS\System32\snmp.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\WinPortrait\floater.exe C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe C:\WINDOWS\System32\MsPMSPSv.exe C:\WINDOWS\system32\SearchIndexer.exe C:\WINDOWS\System32\mqsvc.exe C:\Program Files\RegistrySmart\RegistrySmart.exe C:\Program Files\Trend Micro\BM\TMBMSRV.exe C:\WINDOWS\System32\mqtgsvc.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\MSN Messenger\usnsvc.exe C:\WINDOWS\system32\SearchProtocolHost.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.7.4.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GrooveShellExtensions.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll O4 - HKLM\..\Run: [PinnacleDriverCheck] "C:\WINDOWS\System32\PSDrvCheck.exe" -CheckReg O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\Casema SnelHelp\SmartBridge\MotiveSB.exe O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [PivotSoftware] "C:\Program Files\WinPortrait\wpctrl.exe" O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [LiveMonitor] C:\Program Files\MSI\Live Update 3\LMonitor.exe O4 - HKLM\..\Run: [mspwr] C:\WINDOWS\system32\PuXpMan2.exe O4 - HKLM\..\Run: [CaretakerNotifier] C:\Program Files\SurfRight\Caretaker\Notifier.exe O4 - HKLM\..\Run: [Hitman Pro Expiration Helper] "C:\Program Files\Hitman Pro\xphelper.exe" O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\G001-1.0.25.0\gnotify.exe O4 - HKLM\..\Run: [UfSeAgnt.exe] "C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe" O4 - HKLM\..\Run: [RegistrySmart] C:\Program Files\RegistrySmart\RegistrySmart.exe O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [updateMgr] "C:\PROGRAM FILES\ADOBE\ACROBAT 7.0\READER\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1 O4 - HKCU\..\Run: [SpybotSD TeaTimer] "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [NCLaunch] C:\WINDOWS\NCLAUNCH.EXe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - Startup: Mp3tag Quick Pick.lnk = C:\Program Files\Mp3tag\Mp3tagQuickPick.exe O4 - Global Startup: Adobe Reader Snelle start.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: TREND MICRO HouseCall - {2B5EA4F8-620A-4A8B-B003-4C8C5EBEA826} - http://uk.trendmicro-europe.com/enterprise/products/housecall_pre.php (file missing) O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.7.4.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\Microsoft Expression\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab O16 - DPF: {1EF9F042-C2EB-4293-8213-474CAEEF531D} (TmHcmsX Control) - http://www.trendsecure.com/framework/control/activex/TmHcmsX.CAB O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab O16 - DPF: {7ED7005B-4AF6-4CFF-9AE0-F243C4B8260F} (HouseCallButton.setup) - http://de.trendmicro-europe.com/file_downloads/common/housecall/HouseCallButton.CAB O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab O16 - DPF: {B0A2C7FC-8666-44D6-A990-2FCE3B933341} (ING Bank Autorisatiescherm) - https://secure.ingbank.nl/download/DigiSign.cab O16 - DPF: {B7D07999-2ADB-4AEB-997E-F61CB7B2E2CD} (TSEasyInstallX Control) - http://www.trendsecure.com/easy_install/_activex/nl/TSEasyInstallX.CAB O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GrooveSystemServices.dll O23 - Service: Caretaker Antispam Service (CaretakerAntispam) - SurfRight B.V. - C:\Program Files\SurfRight\Caretaker\AntispamService.exe O23 - Service: Caretaker Proxy (CaretakerProxy) - SurfRight B.V. - C:\Program Files\SurfRight\Caretaker\CaretakerProxy.exe O23 - Service: Caretaker Service (CaretakerSvc) - SurfRight B.V. - C:\Program Files\SurfRight\Caretaker\CaretakerService.exe O23 - Service: Caretaker Updater (CaretakerUpdate) - SurfRight B.V. - C:\Program Files\SurfRight\Caretaker\CaretakerUpdater.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Trend Micro Centrale besturing (SfCtlCom) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe O23 - Service: Trend Micro Unauthorized Change Prevention Service (TMBMServer) - Trend Micro Inc. - C:\Program Files\Trend Micro\BM\TMBMSRV.exe O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\Internet Security\TmPfw.exe O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmProxy.exe O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2004\WinStylerThemeSvc.exe O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
  • Hoi FGerits, Wat bedoel je precies met de navcancl melding? 1. Teatimer van Spybot is actief, deze kan de fix hinderen dus schakelen we deze tijdelijk uit. - Start Spybot - Ga naar Mode > selecteer Advanced Mode - Ga naar Tools en klik op het Resident-icoon in de lijst - Haal het vinkje weg bij Resident TeaTimer en klik OK - Herstart de computer - Download vervolgens [url=http://downloads.subratam.org/ResetTeaTimer.bat]ResetTeaTimer.bat[/url] naar je Bureaublad. Dubbelklik op ResetTeaTimer.bat om alle entries in TeaTimer te verwijderen. 2. Start HijackThis nog een keer en kies voor [b:7f4c5db603]Do a system scan only[/b:7f4c5db603]. Als het scannen klaar is, vink dan de volgende regels aan: [list:7f4c5db603][b:7f4c5db603]R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = F2 - REG:System.ini: UserInit=C:\WINDOWS\system32\userinit.exe O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k[/b:7f4c5db603][/list:u:7f4c5db603] Sluit nu eerst [u:7f4c5db603]alle[/u:7f4c5db603] vensters behalve die van HijackThis). Klik daarna op "Fix Checked". 3. Download [b:7f4c5db603][url=http://download.bleepingcomputer.com/sUBs/ComboFix.exe]Combofix[/url][/b:7f4c5db603] naar je [b:7f4c5db603]bureaublad[/b:7f4c5db603] Indien je Combofix al eerder hebt gebruikt, gelieve die versie te verwijderen en Combofix opnieuw te downloaden via bovenstaande link, want Combofix wordt dagelijks geupdate. OPMERKING: indien je, tijdens of na het downloaden van Combofix of tijdens het gebruik van Combofix een melding krijgt van je Antivirus- of een andere realtime scanner, schakel dan deze scanner uit en [b:7f4c5db603]download Combofix opnieuw[/b:7f4c5db603]. Sommige scanners zien bepaalde componenten die Combofix gebruikt als verdacht en gaan deze blokkeren of verwijderen! Dubbelklik op [u:7f4c5db603]combofix.exe[/u:7f4c5db603] Kies voor "Continue" door [b:7f4c5db603]1[/b:7f4c5db603] te typen gevolgd door [b:7f4c5db603]ENTER[/b:7f4c5db603]. Tijdens het runnen van de fix, [b:7f4c5db603]NIET[/b:7f4c5db603] in het venster klikken, want dit zal je pc doen vasthangen. Wanneer de fix voltooid is en na herstart, zal de log [b:7f4c5db603]combofix.txt[/b:7f4c5db603] openen. [i:7f4c5db603]Plaats in je volgende antwoord het logje van combofix (combofix.txt) tesamen met een vers Hijackthis log. [/i:7f4c5db603] Veel succes ;)
  • Beste Malwarefreak, Mat de navcancl melding bedoel ik dat wanneer ik IE7 of applicaties die gebruik maken van IE7 probeer te opeen ik een beveiligingswaarschuwing krijg. Ik krijg eerst de vraag of ik een bestand wil downloaden of opslaan. Dit bestand is: Naam: msn_com.htm Type: Opera Van: www.msn.com Als ik dit annuleer krijg ik de dialoog Bestand downloaden-beveiligingswaarschuwing Wilt u dit bestand opslaan, of online een programma zoeken om dit bestand te openen: Ook na de door jou aangegeven acties gebeurt dit nog. Frank Naam: navcancl Type: Onbekend bestandstype, 2,66 kB Van: ieframe.dll Als ik dit annuleer sluit IE7. Opera heb ik geinstalleerd en die werkt wel. Op internet staan diverse workarounds van Microsoft voor dit probleem zoals TIF map op oede plaats terugzetten, anti phishing uitzetten in internet opties bij IE7 maar geen van deze werkt. Goed bijgaand de combofix log en de nieuwe hijackthis log: ComboFix 08-01-13.1 - fank 2008-01-13 20:46:41.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1043.18.483 [GMT 1:00] Gestart vanuit: C:\Documents and Settings\fank\Bureaublad\ComboFix.exe * Nieuw herstelpunt werd aangemaakt [color=red:c7b19ed956][b:c7b19ed956]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b:c7b19ed956][/color:c7b19ed956] . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Autorun.inf C:\WINDOWS\system32\Cache . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\LEGACY_IPRIP -------\Iprip (((((((((((((((((((( Bestanden Gemaakt van 2007-12-13 to 2008-01-13 )))))))))))))))))))))))))))))) . 2008-01-13 20:32 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe 2008-01-08 21:13 . 2008-01-08 21:22 <DIR> d-------- C:\Program Files\RegCleaner 2008-01-08 20:55 . 2008-01-08 21:12 <DIR> d-------- C:\Program Files\TweakNow RegCleaner Std 2008-01-07 15:46 . 2008-01-10 21:39 <DIR> d-------- C:\Program Files\RegistrySmart 2008-01-07 15:46 . 2008-01-09 12:41 <DIR> d-------- C:\Documents and Settings\fank\Application Data\RegistrySmart 2008-01-07 11:34 . 2008-01-07 11:34 <DIR> d-------- C:\Documents and Settings\fank\Application Data\Lavasoft 2008-01-07 11:33 . 2008-01-07 11:33 <DIR> d-------- C:\Documents and Settings\NetworkService\Application Data\Webroot 2008-01-07 11:16 . 2008-01-07 11:16 <DIR> d-------- C:\Program Files\Webroot 2008-01-07 11:16 . 2008-01-07 11:16 <DIR> d-------- C:\Program Files\Spyware Doctor 2008-01-07 11:16 . 2008-01-07 11:16 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\Webroot 2008-01-07 11:16 . 2008-01-07 11:16 <DIR> d-------- C:\Documents and Settings\fank\Application Data\PC Tools 2008-01-07 11:16 . 2008-01-07 11:16 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Webroot 2008-01-07 11:15 . 2008-01-07 11:15 <DIR> d-------- C:\Program Files\Lavasoft 2008-01-07 11:15 . 2008-01-07 11:15 164 --a------ C:\install.dat 2008-01-04 16:38 . 2007-11-06 13:58 138,512 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys 2008-01-04 16:38 . 2007-11-06 13:58 52,496 --a------ C:\WINDOWS\system32\drivers\tmactmon.sys 2008-01-04 16:38 . 2007-11-06 13:58 52,368 --a------ C:\WINDOWS\system32\drivers\tmevtmgr.sys 2008-01-04 16:05 . 2008-01-04 16:35 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Trend Micro 2008-01-03 21:07 . 2007-08-30 20:03 46,456 --a------ C:\WINDOWS\system32\exitwx.exe 2008-01-03 15:59 . 2008-01-03 17:00 <DIR> d-------- C:\Program Files\RegCure 2008-01-03 15:28 . 2007-01-10 17:44 1,032,192 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll.mui 2008-01-02 22:34 . 2008-01-07 11:14 <DIR> d-------- C:\Program Files\SpywareBlaster 2008-01-02 22:32 . 2008-01-02 22:32 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Prevx 2008-01-02 22:31 . 2008-01-07 11:30 <DIR> d-------- C:\Temp 2008-01-02 22:20 . 2008-01-02 22:20 <DIR> d-------- C:\Program Files\SurfRight 2008-01-02 22:20 . 2008-01-02 22:20 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SurfRight 2008-01-02 22:08 . 2008-01-10 21:59 <DIR> d-------- C:\Program Files\Hitman Pro 2008-01-02 21:18 . 2008-01-02 21:18 <DIR> d-------- C:\Program Files\Opera 2008-01-02 19:59 . 2008-01-02 19:59 244 --ah----- C:\sqmnoopt01.sqm 2008-01-02 19:59 . 2008-01-02 19:59 244 --ah----- C:\sqmnoopt00.sqm 2008-01-02 19:59 . 2008-01-02 19:59 232 --ah----- C:\sqmdata01.sqm 2008-01-02 19:59 . 2008-01-02 19:59 232 --ah----- C:\sqmdata00.sqm 2008-01-02 19:45 . 2008-01-02 19:45 <DIR> d-------- C:\Documents and Settings\fank\Application Data\SpywareBot 2008-01-02 16:53 . 2004-08-04 10:03 116,736 --a--c--- C:\WINDOWS\system32\dllcache\xrxwiadr.dll 2008-01-02 16:53 . 2001-09-06 21:27 99,865 --a--c--- C:\WINDOWS\system32\dllcache\xlog.exe 2008-01-02 16:53 . 2003-04-08 13:00 28,288 --a--c--- C:\WINDOWS\system32\dllcache\xjis.nls 2008-01-02 16:53 . 2001-09-06 21:27 27,648 --a--c--- C:\WINDOWS\system32\dllcache\xrxftplt.exe 2008-01-02 16:53 . 2001-09-06 21:27 23,040 --a--c--- C:\WINDOWS\system32\dllcache\xrxwbtmp.dll 2008-01-02 16:53 . 2001-09-06 21:27 17,408 --a--c--- C:\WINDOWS\system32\dllcache\xrxscnui.dll 2008-01-02 16:53 . 2001-08-17 20:11 16,970 --a--c--- C:\WINDOWS\system32\dllcache\xem336n5.sys 2008-01-02 16:53 . 2001-09-06 21:27 4,608 --a--c--- C:\WINDOWS\system32\dllcache\xrxflnch.exe 2008-01-02 16:52 . 2004-08-04 07:29 19,455 --a--c--- C:\WINDOWS\system32\dllcache\wvchntxx.sys 2008-01-02 16:52 . 2004-08-04 07:29 12,063 --a--c--- C:\WINDOWS\system32\dllcache\wsiintxx.sys 2008-01-02 16:52 . 2004-08-04 08:07 8,832 --a--c--- C:\WINDOWS\system32\dllcache\wmiacpi.sys 2008-01-02 16:51 . 2001-08-17 21:28 771,581 --a--c--- C:\WINDOWS\system32\dllcache\winacisa.sys 2008-01-02 16:51 . 2001-08-17 21:28 701,386 --a--c--- C:\WINDOWS\system32\dllcache\wdhaalba.sys 2008-01-02 16:51 . 2002-08-28 22:59 154,624 --a--c--- C:\WINDOWS\system32\dllcache\wlluc48.sys 2008-01-02 16:51 . 2001-09-06 21:27 87,040 --a--c--- C:\WINDOWS\system32\dllcache\wiafbdrv.dll 2008-01-02 16:51 . 2001-09-06 21:27 54,272 --a--c--- C:\WINDOWS\system32\dllcache\wiamsmud.dll 2008-01-02 16:51 . 2001-08-17 20:10 35,871 --a--c--- C:\WINDOWS\system32\dllcache\wbfirdma.sys 2008-01-02 16:51 . 2001-09-06 19:08 34,890 --a--c--- C:\WINDOWS\system32\dllcache\wlandrv2.sys 2008-01-02 16:51 . 2004-08-04 07:29 33,599 --a--c--- C:\WINDOWS\system32\dllcache\watv04nt.sys 2008-01-02 16:51 . 2004-08-04 09:56 32,000 --a--c--- C:\WINDOWS\system32\dllcache\wceusbsh.sys 2008-01-02 16:51 . 2004-08-04 07:29 23,615 --a--c--- C:\WINDOWS\system32\dllcache\wch7xxnt.sys 2008-01-02 16:49 . 2001-08-17 21:28 794,654 --a--c--- C:\WINDOWS\system32\dllcache\usr1801.sys 2008-01-02 16:48 . 2001-09-06 21:27 525,568 --a--c--- C:\WINDOWS\system32\dllcache\tridxp.dll 2008-01-02 16:47 . 2001-09-06 18:20 286,432 --a--c--- C:\WINDOWS\system32\dllcache\stlnata.sys 2008-01-02 16:46 . 2001-09-06 21:26 147,200 --a--c--- C:\WINDOWS\system32\dllcache\smidispb.dll 2008-01-02 16:45 . 2001-09-06 21:26 252,032 --a--c--- C:\WINDOWS\system32\dllcache\sis300iv.dll 2008-01-02 16:44 . 2001-09-06 21:27 495,616 --a--c--- C:\WINDOWS\system32\dllcache\sblfx.dll 2008-01-02 16:43 . 2001-09-06 20:29 899,594 --a--c--- C:\WINDOWS\system32\dllcache\r2mdkxga.sys 2008-01-02 16:42 . 2004-08-04 10:02 259,328 --a--c--- C:\WINDOWS\system32\dllcache\perm3dd.dll 2008-01-02 16:41 . 2001-08-17 22:05 351,616 --a--c--- C:\WINDOWS\system32\dllcache\ovcodek2.sys 2008-01-02 16:40 . 2002-09-09 14:02 132,695 --a--c--- C:\WINDOWS\system32\dllcache\netwlan5.sys 2008-01-02 16:39 . 2004-08-04 08:09 49,024 --a--c--- C:\WINDOWS\system32\dllcache\mstape.sys 2008-01-02 16:39 . 2004-08-04 08:00 22,016 --a--c--- C:\WINDOWS\system32\dllcache\msircomm.sys 2008-01-02 16:39 . 2001-08-17 21:48 12,416 --a--c--- C:\WINDOWS\system32\dllcache\msriffwv.sys 2008-01-02 16:39 . 2001-08-17 22:00 2,944 --a--c--- C:\WINDOWS\system32\dllcache\msmpu401.sys 2008-01-02 16:38 . 2001-09-06 18:59 320,384 --a--c--- C:\WINDOWS\system32\dllcache\mgaum.sys 2008-01-02 16:38 . 2001-09-06 21:26 235,648 --a--c--- C:\WINDOWS\system32\dllcache\mgaud.dll 2008-01-02 16:38 . 2001-09-06 21:26 47,616 --a--c--- C:\WINDOWS\system32\dllcache\memgrp.dll 2008-01-02 16:38 . 2001-08-17 22:02 35,200 --a--c--- C:\WINDOWS\system32\dllcache\msgame.sys 2008-01-02 16:38 . 2004-08-04 08:00 26,112 --a--c--- C:\WINDOWS\system32\dllcache\memstpci.sys 2008-01-02 16:38 . 2001-08-17 21:52 17,280 --a--c--- C:\WINDOWS\system32\dllcache\mraid35x.sys 2008-01-02 16:38 . 2001-08-17 21:57 16,128 --a--c--- C:\WINDOWS\system32\dllcache\modemcsa.sys 2008-01-02 16:38 . 2001-08-17 21:52 6,528 --a--c--- C:\WINDOWS\system32\dllcache\miniqic.sys 2008-01-02 16:38 . 2001-08-17 21:48 6,016 --a--c--- C:\WINDOWS\system32\dllcache\msfsio.sys 2008-01-02 16:36 . 2001-09-06 21:26 242,688 --a--c--- C:\WINDOWS\system32\dllcache\kdsusd.dll 2008-01-02 16:36 . 2003-04-08 13:00 47,066 --a--c--- C:\WINDOWS\system32\dllcache\ksc.nls 2008-01-02 16:36 . 2001-09-06 21:26 45,568 --a--c--- C:\WINDOWS\system32\dllcache\kdsui.dll 2008-01-02 16:36 . 2001-09-06 21:26 37,888 --a--c--- C:\WINDOWS\system32\dllcache\kousd.dll 2008-01-02 16:36 . 2001-09-06 21:26 8,704 --a--c--- C:\WINDOWS\system32\dllcache\kbdjpn.dll 2008-01-02 16:36 . 2001-09-06 21:26 8,192 --a--c--- C:\WINDOWS\system32\dllcache\kbdkor.dll 2008-01-02 16:34 . 2001-09-06 21:26 372,824 --a--c--- C:\WINDOWS\system32\dllcache\iconf32.dll 2008-01-02 16:34 . 2001-08-17 22:06 154,496 --a--c--- C:\WINDOWS\system32\dllcache\icam4usb.sys 2008-01-02 16:34 . 2001-08-17 22:06 100,992 --a--c--- C:\WINDOWS\system32\dllcache\icam5usb.sys 2008-01-02 16:34 . 2001-09-06 21:26 62,976 --a--c--- C:\WINDOWS\system32\dllcache\icam4ext.dll 2008-01-02 16:34 . 2001-09-06 21:26 45,056 --a--c--- C:\WINDOWS\system32\dllcache\icam5com.dll 2008-01-02 16:34 . 2001-09-06 21:26 20,992 --a--c--- C:\WINDOWS\system32\dllcache\icam5ext.dll 2008-01-02 16:32 . 2001-08-17 21:28 542,879 --a--c--- C:\WINDOWS\system32\dllcache\hsf_msft.sys 2008-01-02 16:31 . 2001-09-06 21:26 1,733,120 --a--c--- C:\WINDOWS\system32\dllcache\g400d.dll 2008-01-02 16:30 . 2001-09-06 20:14 630,016 --a--c--- C:\WINDOWS\system32\dllcache\eqn.sys 2008-01-02 16:29 . 2001-08-17 20:14 952,007 --a--c--- C:\WINDOWS\system32\dllcache\diwan.sys 2008-01-02 16:28 . 2001-09-06 21:27 622,621 --a--c--- C:\WINDOWS\system32\dllcache\digiview.exe 2008-01-02 16:27 . 2004-08-04 10:03 251,904 --a--c--- C:\WINDOWS\system32\dllcache\ctmasetp.dll 2008-01-02 16:26 . 2001-09-06 18:59 980,034 --a--c--- C:\WINDOWS\system32\dllcache\cicap.sys 2008-01-02 16:25 . 2001-09-06 18:55 715,146 --a--c--- C:\WINDOWS\system32\dllcache\cbmdmkxx.sys 2008-01-02 16:24 . 2003-04-08 13:00 189,986 --a--c--- C:\WINDOWS\system32\dllcache\c_1361.nls 2008-01-02 16:23 . 2003-04-08 13:00 195,618 --a--c--- C:\WINDOWS\system32\dllcache\c_10002.nls 2008-01-02 16:22 . 2001-08-17 21:28 871,388 --a--c--- C:\WINDOWS\system32\dllcache\bcmdm.sys . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-01-13 19:32 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2008-01-07 10:15 --------- d-----w C:\Documents and Settings\fank\Application Data\Webroot 2008-01-04 15:38 --------- d-----w C:\Program Files\Trend Micro 2008-01-03 20:25 --------- d-----w C:\Program Files\WinPortrait 2008-01-03 19:42 --------- d-----w C:\Program Files\Super de Boer 2008-01-03 09:27 --------- d-----w C:\Program Files\Common Files\Webroot Shared 2007-12-14 17:02 --------- d-----w C:\Program Files\GrabIt 2007-12-14 15:37 98,304 ----a-w C:\WINDOWS\system32\CmdLineExt.dll 2007-12-12 21:07 --------- d-----w C:\Program Files\MSXML 6.0 2007-12-12 21:06 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help 2007-12-10 13:53 81,288 ----a-w C:\WINDOWS\system32\drivers\iksyssec.sys 2007-12-10 13:53 66,952 ----a-w C:\WINDOWS\system32\drivers\iksysflt.sys 2007-12-10 13:53 41,864 ----a-w C:\WINDOWS\system32\drivers\ikfilesec.sys 2007-12-10 13:53 29,576 ----a-w C:\WINDOWS\system32\drivers\kcom.sys 2007-12-04 18:11 --------- d-----w C:\Documents and Settings\fank\Application Data\InstallShield 2007-11-30 19:31 --------- d-----w C:\Program Files\Windows Live Toolbar 2007-11-30 19:29 --------- d-----w C:\Program Files\Windows Live Favorites 2007-11-23 16:24 --------- d-----w C:\Program Files\Dinos 2007-11-21 17:09 --------- d-----w C:\Program Files\Common Files\EasyInfo 2007-11-21 15:09 --------- d--h--w C:\Program Files\InstallShield Installation Information 2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys 2007-11-07 09:30 727,040 ----a-w C:\WINDOWS\system32\lsasrv.dll 2007-10-29 22:45 1,291,776 ----a-w C:\WINDOWS\system32\quartz.dll 2007-10-22 02:31 76,808 ----a-w C:\WINDOWS\system32\DSETUP.dll 2007-10-22 02:31 502,792 ----a-w C:\WINDOWS\system32\DXSETUP.exe 2007-10-22 02:31 1,673,224 ----a-w C:\WINDOWS\system32\dsetup32.dll 2007-10-20 05:01 227,328 ----a-w C:\WINDOWS\system32\wmasf.dll 2004-05-06 10:11 777 ----a-w C:\Program Files\trial_setup.ini 2004-05-06 10:11 40,448 ----a-w C:\Program Files\trial_setup.exe 2004-05-06 10:11 4,289,024 ----a-w C:\Program Files\trial_setup.msi . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "updateMgr"="C:\PROGRAM FILES\ADOBE\ACROBAT 7.0\READER\AdobeUpdateManager.exe" [2006-03-30 16:45 313472] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-30 19:09 68856] "NCLaunch"="C:\WINDOWS\NCLAUNCH.EXe" [2007-05-08 20:47 40960] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 09:03 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "PinnacleDriverCheck"="C:\WINDOWS\System32\PSDrvCheck.exe" [2004-03-10 16:26 406016] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11 132496] "SoundMan"="SOUNDMAN.EXE" [2005-12-14 17:06 577536 C:\WINDOWS\soundman.exe] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-08-18 18:16 77824] "mspwr"="C:\WINDOWS\system32\PuXpMan2.exe" [2005-09-29 10:05 110592] "{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="C:\Program Files\Google\Gmail Notifier\G001-1.0.25.0\gnotify.exe" [2005-07-15 13:48 479232] "UfSeAgnt.exe"="C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe" [2007-11-06 13:54 1393928] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-04 09:03 15360] C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\ Adobe Reader Snelle start.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26] WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK.EXE [2007-04-25 11:31:51] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks] "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2007-02-05 14:39 294400] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-] "Window Washer"=C:\Program Files\Tools\Webroot\Washer\wwDisp.exe "Shareaza"="I:\Shareaza\Shareaza.exe" -tray [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "RunDLL"=rundll32.exe "C:\WINDOWS\Downloaded Program Files\bridge.dll",Load R2 LANPkt;Realtek LANPkt Protocol;C:\WINDOWS\system32\DRIVERS\LANPkt.sys [2003-09-17 14:57] R2 SMTPSVC;SMTP (Simple Mail Transfer Protocol);C:\WINDOWS\System32\inetsrv\inetinfo.exe [2004-08-04 09:03] R3 3xHybrid;Pinnacle PCTV Stereo service;C:\WINDOWS\system32\DRIVERS\3xHybrid.sys [2003-12-05 11:56] R3 pctvvbi;PCTVVBI;C:\WINDOWS\system32\DRIVERS\pctvvbi.sys [2002-11-11 18:52] S1 ctredrv.sys;ctredrv.sys;C:\WINDOWS\system32\drivers\ctredrv.sys [] S1 pivot;pivot;C:\WINDOWS\system32\drivers\pivot.sys [2003-04-16 18:47] S2 CX23880;Conexant 2388x Video Capture;C:\WINDOWS\system32\drivers\cx88vid.sys [2003-06-11 05:47] S2 CX88XBAR;Conexant 2388x Crossbar;C:\WINDOWS\system32\drivers\CX88XBAR.sys [2003-06-11 05:47] S2 CXTUNE;Conexant 2388x Tuner;C:\WINDOWS\system32\drivers\CX88TUNE.sys [2003-06-11 05:47] S3 jatmlano;jatmlano;C:\DOCUME~1\fank\LOCALS~1\Temp\jatmlano.sys [] S3 pivotmou;Pivot Mouse/Pointers Filter Driver;C:\WINDOWS\system32\drivers\pivotmou.sys [2003-04-16 18:47] S3 XDva032;XDva032;C:\WINDOWS\system32\XDva032.sys [] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\C] \Shell\AutoRun\command - install.exe [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\Windows Sidebar] C:\WINDOWS\system32\hidec /W C:\VAIO\Tools\REGTLIB.EXE "C:\Program Files\Windows Sidebar\sidebar.exe" [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{34A19196-274E-4D75-9D30-D7A45A0A4178}] "C:\Program Files\Windows Sidebar\.\regsvr32.exe" /s wlsrvc.dll [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6B9228DA-9C15-419e-856C-19E768A13BDC}] "C:\Program Files\Windows Sidebar\.\regsvr32.exe" /s sbdrop.dll [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{BADA65A0-86B7-462B-B720-CE66655C73F5}] regsvr32 /s C:\VAIO\.\vshellext.dll . Inhoud van de 'Gedeelde Taken' map "2008-01-11 16:15:00 C:\WINDOWS\Tasks\1-Click Maintenance.job" - C:\Program Files\TuneUp Utilities 2004\SystemOptimizer.exe "2008-01-13 19:16:02 C:\WINDOWS\Tasks\Controleren op updates voor Windows Live Toolbar.job" - C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE "2008-01-13 19:56:12 C:\WINDOWS\Tasks\RegCure Program Check.job" - C:\Program Files\RegCure\RegCure.exe "2008-01-03 14:59:41 C:\WINDOWS\Tasks\RegCure.job" - C:\Program Files\RegCure\RegCure.exe "2008-01-10 19:41:32 C:\WINDOWS\Tasks\RegistrySmart Scheduled Scan.job" - C:\Program Files\RegistrySmart\RegistrySmart.ex - C:\Program Files\RegistrySmart "2008-01-03 13:50:09 C:\WINDOWS\Tasks\SpywareBot Scheduled Scan.job" - C:\Program Files\SpywareBot\SpywareBot.ex - C:\Program Files\SpywareBot "2008-01-13 09:34:27 C:\WINDOWS\Tasks\User_Feed_Synchronization-{DF0DCDE2-02BE-4223-A2D7-EAF4447023BC}.job" - C:\WINDOWS\system32\msfeedssync.exe . ************************************************************************** catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-01-13 20:58:18 Windows 5.1.2600 Service Pack 2 NTFS scannen van verborgen processen ... scannen van verborgen autostart items ... scannen van verborgen bestanden ... Scan succesvol afgerond verborgen bestanden: 0 ************************************************************************** . Voltooingstijd: 2008-01-13 21:02:07 - machine was rebooted [fank] ComboFix-quarantined-files.txt 2008-01-13 20:01:53 . 2008-01-09 21:07:21 --- E O F --- Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 21:12:56, on 13-1-2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16574) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\System32\inetsrv\inetinfo.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe C:\WINDOWS\System32\tcpsvcs.exe C:\WINDOWS\System32\snmp.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe C:\WINDOWS\System32\MsPMSPSv.exe C:\WINDOWS\system32\SearchIndexer.exe C:\WINDOWS\System32\mqsvc.exe C:\Program Files\Trend Micro\BM\TMBMSRV.exe C:\WINDOWS\System32\mqtgsvc.exe C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\QuickTime\qttask.exe C:\WINDOWS\system32\PuXpMan2.exe C:\Program Files\Google\Gmail Notifier\G001-1.0.25.0\gnotify.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\WINDOWS\NCLAUNCH.EXe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\WinZip\WZQKPICK.EXE C:\Program Files\Trend Micro\Internet Security\TmProxy.exe C:\WINDOWS\system32\SearchProtocolHost.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.7.4.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GrooveShellExtensions.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll O4 - HKLM\..\Run: [PinnacleDriverCheck] "C:\WINDOWS\System32\PSDrvCheck.exe" -CheckReg O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [mspwr] C:\WINDOWS\system32\PuXpMan2.exe O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\G001-1.0.25.0\gnotify.exe O4 - HKLM\..\Run: [UfSeAgnt.exe] "C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe" O4 - HKCU\..\Run: [updateMgr] "C:\PROGRAM FILES\ADOBE\ACROBAT 7.0\READER\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1 O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [NCLaunch] C:\WINDOWS\NCLAUNCH.EXe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Adobe Reader Snelle start.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: TREND MICRO HouseCall - {2B5EA4F8-620A-4A8B-B003-4C8C5EBEA826} - http://uk.trendmicro-europe.com/enterprise/products/housecall_pre.php (file missing) O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.7.4.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\Microsoft Expression\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab O16 - DPF: {1EF9F042-C2EB-4293-8213-474CAEEF531D} (TmHcmsX Control) - http://www.trendsecure.com/framework/control/activex/TmHcmsX.CAB O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab O16 - DPF: {7ED7005B-4AF6-4CFF-9AE0-F243C4B8260F} (HouseCallButton.setup) - http://de.trendmicro-europe.com/file_downloads/common/housecall/HouseCallButton.CAB O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab O16 - DPF: {B0A2C7FC-8666-44D6-A990-2FCE3B933341} (ING Bank Autorisatiescherm) - https://secure.ingbank.nl/download/DigiSign.cab O16 - DPF: {B7D07999-2ADB-4AEB-997E-F61CB7B2E2CD} (TSEasyInstallX Control) - http://www.trendsecure.com/easy_install/_activex/nl/TSEasyInstallX.CAB O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GrooveSystemServices.dll O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Trend Micro Centrale besturing (SfCtlCom) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe O23 - Service: Trend Micro Unauthorized Change Prevention Service (TMBMServer) - Trend Micro Inc. - C:\Program Files\Trend Micro\BM\TMBMSRV.exe O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\Internet Security\TmPfw.exe O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmProxy.exe O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2004\WinStylerThemeSvc.exe O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe -- End of file - 9296 bytes
  • Op vraag van Malwarefreak neem ik het even over :) Download [url=http://www.nod32.it/tools/undll.zip][b:cae43b166a]unDLL[/b:cae43b166a][/url] by ESET naar je bureaublad. Unzip het/pak het uit. Lees [URL=http://support.bluemedicine.be/mybb/showthread.php?tid=206]hier[/URL] hoe een bestand uit te pakken. Daarna, nadat het uitgepakt is, dubbelklik de '[b:cae43b166a]UNDLL[/b:cae43b166a]' icoon om de tool te starten. Klik de [b:cae43b166a]Select infected DLL[/b:cae43b166a] knop links bovenaan. In het [b:cae43b166a]Select infected dynamic library[/b:cae43b166a] venster, kopieer en plak het volgende in het venster naast bestandsnaam. [b:cae43b166a]C:\WINDOWS\Downloaded Program Files\bridge.dll[/b:cae43b166a] Klik open. unDLL zal nu het bestand proberen te verwijderen en gerelateerde sleutels ook verwijderen. Wanneer het vraagt om de Computer opnieuw op te starten, klik ja om dit toe te staan. Na herstart, kijk in de unDLL map voor de log. De log zal undll-************.log (* staat voor random getallen) genoemd zijn. Kopieer en plak de inhoud van die log in je volgende post. Post ook een nieuwe logfile van Combofix. Succes! Pim
  • Beste Pim, Heb geprobeerd je instructies uit te voeren. Kan de dll bridge in de betreffende map echter niet vinden. Weet niet hoe hij verdwenen is maar hij is het wel. De computer wordt overdag overigens intensief gebruikt door de kinderen met Opera als browser, zou het door gebruik verdwenen kunnen zijn? Is het verstandig om een nieuwe combofix log te maken en een nieuwe hijackthis log?
  • Doe het volgende even: Open Kladblok, kopiëer en plak het volgende (vetgedrukte tekst) in een leeg venster: [b:42e8d855f1] File:: C:\WINDOWS\Downloaded Program Files\bridge.dll [/b:42e8d855f1] Sla dit op op je Bureaublad als [b:42e8d855f1]CFScript.txt[/b:42e8d855f1] Sleep [b:42e8d855f1]CFScript.txt[/b:42e8d855f1] in [b:42e8d855f1]ComboFix.exe[/b:42e8d855f1] zoals getoond in onderstaand voorbeeld : [img:42e8d855f1]http://img.photobucket.com/albums/v666/sUBs/CFScript.gif[/img:42e8d855f1] Dit zal [b:42e8d855f1]ComboFix[/b:42e8d855f1] doen herstarten. Start opnieuw op als daarom gevraagd wordt, en post de inhoud van de [b:42e8d855f1]Combofix.txt[/b:42e8d855f1] in je volgende antwoord samen met een nieuw HijackThislogje.
  • Hallo Pim, Bijgaand de Hijachthis log en de combofix log ComboFix 08-01-13.1 - fank 2008-01-15 17:25:08.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1043.18.618 [GMT 1:00] Gestart vanuit: C:\Documents and Settings\fank\Bureaublad\ComboFix.exe Command switches used :: C:\Documents and Settings\fank\Bureaublad\CFScript.txt * Nieuw herstelpunt werd aangemaakt [color=red:8980d054de][b:8980d054de]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b:8980d054de][/color:8980d054de] FILE C:\WINDOWS\Downloaded Program Files\bridge.dll . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Autorun.inf C:\WINDOWS\system32\Cache . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\LEGACY_IPRIP -------\Iprip (((((((((((((((((((( Bestanden Gemaakt van 2007-12-15 to 2008-01-15 )))))))))))))))))))))))))))))) . 2008-01-13 20:32 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe 2008-01-08 21:13 . 2008-01-08 21:22 <DIR> d-------- C:\Program Files\RegCleaner 2008-01-08 20:55 . 2008-01-08 21:12 <DIR> d-------- C:\Program Files\TweakNow RegCleaner Std 2008-01-07 15:46 . 2008-01-10 21:39 <DIR> d-------- C:\Program Files\RegistrySmart 2008-01-07 15:46 . 2008-01-09 12:41 <DIR> d-------- C:\Documents and Settings\fank\Application Data\RegistrySmart 2008-01-07 11:34 . 2008-01-07 11:34 <DIR> d-------- C:\Documents and Settings\fank\Application Data\Lavasoft 2008-01-07 11:33 . 2008-01-07 11:33 <DIR> d-------- C:\Documents and Settings\NetworkService\Application Data\Webroot 2008-01-07 11:16 . 2008-01-07 11:16 <DIR> d-------- C:\Program Files\Webroot 2008-01-07 11:16 . 2008-01-07 11:16 <DIR> d-------- C:\Program Files\Spyware Doctor 2008-01-07 11:16 . 2008-01-07 11:16 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\Webroot 2008-01-07 11:16 . 2008-01-07 11:16 <DIR> d-------- C:\Documents and Settings\fank\Application Data\PC Tools 2008-01-07 11:16 . 2008-01-07 11:16 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Webroot 2008-01-07 11:15 . 2008-01-07 11:15 <DIR> d-------- C:\Program Files\Lavasoft 2008-01-07 11:15 . 2008-01-07 11:15 164 --a------ C:\install.dat 2008-01-04 16:38 . 2007-11-06 13:58 138,512 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys 2008-01-04 16:38 . 2007-11-06 13:58 52,496 --a------ C:\WINDOWS\system32\drivers\tmactmon.sys 2008-01-04 16:38 . 2007-11-06 13:58 52,368 --a------ C:\WINDOWS\system32\drivers\tmevtmgr.sys 2008-01-04 16:05 . 2008-01-04 16:35 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Trend Micro 2008-01-03 21:07 . 2007-08-30 20:03 46,456 --a------ C:\WINDOWS\system32\exitwx.exe 2008-01-03 15:59 . 2008-01-03 17:00 <DIR> d-------- C:\Program Files\RegCure 2008-01-03 15:28 . 2007-01-10 17:44 1,032,192 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll.mui 2008-01-02 22:34 . 2008-01-07 11:14 <DIR> d-------- C:\Program Files\SpywareBlaster 2008-01-02 22:32 . 2008-01-02 22:32 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Prevx 2008-01-02 22:31 . 2008-01-07 11:30 <DIR> d-------- C:\Temp 2008-01-02 22:20 . 2008-01-02 22:20 <DIR> d-------- C:\Program Files\SurfRight 2008-01-02 22:20 . 2008-01-02 22:20 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SurfRight 2008-01-02 22:08 . 2008-01-10 21:59 <DIR> d-------- C:\Program Files\Hitman Pro 2008-01-02 21:18 . 2008-01-02 21:18 <DIR> d-------- C:\Program Files\Opera 2008-01-02 19:59 . 2008-01-02 19:59 244 --ah----- C:\sqmnoopt01.sqm 2008-01-02 19:59 . 2008-01-02 19:59 244 --ah----- C:\sqmnoopt00.sqm 2008-01-02 19:59 . 2008-01-02 19:59 232 --ah----- C:\sqmdata01.sqm 2008-01-02 19:59 . 2008-01-02 19:59 232 --ah----- C:\sqmdata00.sqm 2008-01-02 19:45 . 2008-01-02 19:45 <DIR> d-------- C:\Documents and Settings\fank\Application Data\SpywareBot 2008-01-02 16:53 . 2004-08-04 10:03 116,736 --a--c--- C:\WINDOWS\system32\dllcache\xrxwiadr.dll 2008-01-02 16:53 . 2001-09-06 21:27 99,865 --a--c--- C:\WINDOWS\system32\dllcache\xlog.exe 2008-01-02 16:53 . 2003-04-08 13:00 28,288 --a--c--- C:\WINDOWS\system32\dllcache\xjis.nls 2008-01-02 16:53 . 2001-09-06 21:27 27,648 --a--c--- C:\WINDOWS\system32\dllcache\xrxftplt.exe 2008-01-02 16:53 . 2001-09-06 21:27 23,040 --a--c--- C:\WINDOWS\system32\dllcache\xrxwbtmp.dll 2008-01-02 16:53 . 2001-09-06 21:27 17,408 --a--c--- C:\WINDOWS\system32\dllcache\xrxscnui.dll 2008-01-02 16:53 . 2001-08-17 20:11 16,970 --a--c--- C:\WINDOWS\system32\dllcache\xem336n5.sys 2008-01-02 16:53 . 2001-09-06 21:27 4,608 --a--c--- C:\WINDOWS\system32\dllcache\xrxflnch.exe 2008-01-02 16:52 . 2004-08-04 07:29 19,455 --a--c--- C:\WINDOWS\system32\dllcache\wvchntxx.sys 2008-01-02 16:52 . 2004-08-04 07:29 12,063 --a--c--- C:\WINDOWS\system32\dllcache\wsiintxx.sys 2008-01-02 16:52 . 2004-08-04 08:07 8,832 --a--c--- C:\WINDOWS\system32\dllcache\wmiacpi.sys 2008-01-02 16:51 . 2001-08-17 21:28 771,581 --a--c--- C:\WINDOWS\system32\dllcache\winacisa.sys 2008-01-02 16:51 . 2001-08-17 21:28 701,386 --a--c--- C:\WINDOWS\system32\dllcache\wdhaalba.sys 2008-01-02 16:51 . 2002-08-28 22:59 154,624 --a--c--- C:\WINDOWS\system32\dllcache\wlluc48.sys 2008-01-02 16:51 . 2001-09-06 21:27 87,040 --a--c--- C:\WINDOWS\system32\dllcache\wiafbdrv.dll 2008-01-02 16:51 . 2001-09-06 21:27 54,272 --a--c--- C:\WINDOWS\system32\dllcache\wiamsmud.dll 2008-01-02 16:51 . 2001-08-17 20:10 35,871 --a--c--- C:\WINDOWS\system32\dllcache\wbfirdma.sys 2008-01-02 16:51 . 2001-09-06 19:08 34,890 --a--c--- C:\WINDOWS\system32\dllcache\wlandrv2.sys 2008-01-02 16:51 . 2004-08-04 07:29 33,599 --a--c--- C:\WINDOWS\system32\dllcache\watv04nt.sys 2008-01-02 16:51 . 2004-08-04 09:56 32,000 --a--c--- C:\WINDOWS\system32\dllcache\wceusbsh.sys 2008-01-02 16:51 . 2004-08-04 07:29 23,615 --a--c--- C:\WINDOWS\system32\dllcache\wch7xxnt.sys 2008-01-02 16:49 . 2001-08-17 21:28 794,654 --a--c--- C:\WINDOWS\system32\dllcache\usr1801.sys 2008-01-02 16:48 . 2001-09-06 21:27 525,568 --a--c--- C:\WINDOWS\system32\dllcache\tridxp.dll 2008-01-02 16:47 . 2001-09-06 18:20 286,432 --a--c--- C:\WINDOWS\system32\dllcache\stlnata.sys 2008-01-02 16:46 . 2001-09-06 21:26 147,200 --a--c--- C:\WINDOWS\system32\dllcache\smidispb.dll 2008-01-02 16:45 . 2001-09-06 21:26 252,032 --a--c--- C:\WINDOWS\system32\dllcache\sis300iv.dll 2008-01-02 16:44 . 2001-09-06 21:27 495,616 --a--c--- C:\WINDOWS\system32\dllcache\sblfx.dll 2008-01-02 16:43 . 2001-09-06 20:29 899,594 --a--c--- C:\WINDOWS\system32\dllcache\r2mdkxga.sys 2008-01-02 16:42 . 2004-08-04 10:02 259,328 --a--c--- C:\WINDOWS\system32\dllcache\perm3dd.dll 2008-01-02 16:41 . 2001-08-17 22:05 351,616 --a--c--- C:\WINDOWS\system32\dllcache\ovcodek2.sys 2008-01-02 16:40 . 2002-09-09 14:02 132,695 --a--c--- C:\WINDOWS\system32\dllcache\netwlan5.sys 2008-01-02 16:39 . 2004-08-04 08:09 49,024 --a--c--- C:\WINDOWS\system32\dllcache\mstape.sys 2008-01-02 16:39 . 2004-08-04 08:00 22,016 --a--c--- C:\WINDOWS\system32\dllcache\msircomm.sys 2008-01-02 16:39 . 2001-08-17 21:48 12,416 --a--c--- C:\WINDOWS\system32\dllcache\msriffwv.sys 2008-01-02 16:39 . 2001-08-17 22:00 2,944 --a--c--- C:\WINDOWS\system32\dllcache\msmpu401.sys 2008-01-02 16:38 . 2001-09-06 18:59 320,384 --a--c--- C:\WINDOWS\system32\dllcache\mgaum.sys 2008-01-02 16:38 . 2001-09-06 21:26 235,648 --a--c--- C:\WINDOWS\system32\dllcache\mgaud.dll 2008-01-02 16:38 . 2001-09-06 21:26 47,616 --a--c--- C:\WINDOWS\system32\dllcache\memgrp.dll 2008-01-02 16:38 . 2001-08-17 22:02 35,200 --a--c--- C:\WINDOWS\system32\dllcache\msgame.sys 2008-01-02 16:38 . 2004-08-04 08:00 26,112 --a--c--- C:\WINDOWS\system32\dllcache\memstpci.sys 2008-01-02 16:38 . 2001-08-17 21:52 17,280 --a--c--- C:\WINDOWS\system32\dllcache\mraid35x.sys 2008-01-02 16:38 . 2001-08-17 21:57 16,128 --a--c--- C:\WINDOWS\system32\dllcache\modemcsa.sys 2008-01-02 16:38 . 2001-08-17 21:52 6,528 --a--c--- C:\WINDOWS\system32\dllcache\miniqic.sys 2008-01-02 16:38 . 2001-08-17 21:48 6,016 --a--c--- C:\WINDOWS\system32\dllcache\msfsio.sys 2008-01-02 16:36 . 2001-09-06 21:26 242,688 --a--c--- C:\WINDOWS\system32\dllcache\kdsusd.dll 2008-01-02 16:36 . 2003-04-08 13:00 47,066 --a--c--- C:\WINDOWS\system32\dllcache\ksc.nls 2008-01-02 16:36 . 2001-09-06 21:26 45,568 --a--c--- C:\WINDOWS\system32\dllcache\kdsui.dll 2008-01-02 16:36 . 2001-09-06 21:26 37,888 --a--c--- C:\WINDOWS\system32\dllcache\kousd.dll 2008-01-02 16:36 . 2001-09-06 21:26 8,704 --a--c--- C:\WINDOWS\system32\dllcache\kbdjpn.dll 2008-01-02 16:36 . 2001-09-06 21:26 8,192 --a--c--- C:\WINDOWS\system32\dllcache\kbdkor.dll 2008-01-02 16:34 . 2001-09-06 21:26 372,824 --a--c--- C:\WINDOWS\system32\dllcache\iconf32.dll 2008-01-02 16:34 . 2001-08-17 22:06 154,496 --a--c--- C:\WINDOWS\system32\dllcache\icam4usb.sys 2008-01-02 16:34 . 2001-08-17 22:06 100,992 --a--c--- C:\WINDOWS\system32\dllcache\icam5usb.sys 2008-01-02 16:34 . 2001-09-06 21:26 62,976 --a--c--- C:\WINDOWS\system32\dllcache\icam4ext.dll 2008-01-02 16:34 . 2001-09-06 21:26 45,056 --a--c--- C:\WINDOWS\system32\dllcache\icam5com.dll 2008-01-02 16:34 . 2001-09-06 21:26 20,992 --a--c--- C:\WINDOWS\system32\dllcache\icam5ext.dll 2008-01-02 16:32 . 2001-08-17 21:28 542,879 --a--c--- C:\WINDOWS\system32\dllcache\hsf_msft.sys 2008-01-02 16:31 . 2001-09-06 21:26 1,733,120 --a--c--- C:\WINDOWS\system32\dllcache\g400d.dll 2008-01-02 16:30 . 2001-09-06 20:14 630,016 --a--c--- C:\WINDOWS\system32\dllcache\eqn.sys 2008-01-02 16:29 . 2001-08-17 20:14 952,007 --a--c--- C:\WINDOWS\system32\dllcache\diwan.sys 2008-01-02 16:28 . 2001-09-06 21:27 622,621 --a--c--- C:\WINDOWS\system32\dllcache\digiview.exe 2008-01-02 16:27 . 2004-08-04 10:03 251,904 --a--c--- C:\WINDOWS\system32\dllcache\ctmasetp.dll 2008-01-02 16:26 . 2001-09-06 18:59 980,034 --a--c--- C:\WINDOWS\system32\dllcache\cicap.sys 2008-01-02 16:25 . 2001-09-06 18:55 715,146 --a--c--- C:\WINDOWS\system32\dllcache\cbmdmkxx.sys 2008-01-02 16:24 . 2003-04-08 13:00 189,986 --a--c--- C:\WINDOWS\system32\dllcache\c_1361.nls 2008-01-02 16:23 . 2003-04-08 13:00 195,618 --a--c--- C:\WINDOWS\system32\dllcache\c_10002.nls 2008-01-02 16:22 . 2001-08-17 21:28 871,388 --a--c--- C:\WINDOWS\system32\dllcache\bcmdm.sys . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-01-13 19:32 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2008-01-07 10:15 --------- d-----w C:\Documents and Settings\fank\Application Data\Webroot 2008-01-04 15:38 --------- d-----w C:\Program Files\Trend Micro 2008-01-03 20:25 --------- d-----w C:\Program Files\WinPortrait 2008-01-03 19:42 --------- d-----w C:\Program Files\Super de Boer 2008-01-03 09:27 --------- d-----w C:\Program Files\Common Files\Webroot Shared 2007-12-14 18:14 --------- d-----w C:\Documents and Settings\fank\Application Data\GrabIt 2007-12-14 17:02 --------- d-----w C:\Program Files\GrabIt 2007-12-14 15:37 98,304 ----a-w C:\WINDOWS\system32\CmdLineExt.dll 2007-12-12 21:07 --------- d-----w C:\Program Files\MSXML 6.0 2007-12-12 21:06 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help 2007-12-10 13:53 81,288 ----a-w C:\WINDOWS\system32\drivers\iksyssec.sys 2007-12-10 13:53 66,952 ----a-w C:\WINDOWS\system32\drivers\iksysflt.sys 2007-12-10 13:53 41,864 ----a-w C:\WINDOWS\system32\drivers\ikfilesec.sys 2007-12-10 13:53 29,576 ----a-w C:\WINDOWS\system32\drivers\kcom.sys 2007-12-04 18:11 --------- d-----w C:\Documents and Settings\fank\Application Data\InstallShield 2007-11-30 19:31 --------- d-----w C:\Program Files\Windows Live Toolbar 2007-11-30 19:29 --------- d-----w C:\Program Files\Windows Live Favorites 2007-11-23 16:24 --------- d-----w C:\Program Files\Dinos 2007-11-21 17:09 --------- d-----w C:\Program Files\Common Files\EasyInfo 2007-11-21 15:09 --------- d--h--w C:\Program Files\InstallShield Installation Information 2007-11-07 09:30 727,040 ----a-w C:\WINDOWS\system32\lsasrv.dll 2007-10-29 22:45 1,291,776 ----a-w C:\WINDOWS\system32\quartz.dll 2007-10-22 02:31 76,808 ----a-w C:\WINDOWS\system32\DSETUP.dll 2007-10-22 02:31 502,792 ----a-w C:\WINDOWS\system32\DXSETUP.exe 2007-10-22 02:31 1,673,224 ----a-w C:\WINDOWS\system32\dsetup32.dll 2007-10-20 05:01 227,328 ----a-w C:\WINDOWS\system32\wmasf.dll 2004-05-06 10:11 777 ----a-w C:\Program Files\trial_setup.ini 2004-05-06 10:11 40,448 ----a-w C:\Program Files\trial_setup.exe 2004-05-06 10:11 4,289,024 ----a-w C:\Program Files\trial_setup.msi . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "updateMgr"="C:\PROGRAM FILES\ADOBE\ACROBAT 7.0\READER\AdobeUpdateManager.exe" [2006-03-30 16:45 313472] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-30 19:09 68856] "NCLaunch"="C:\WINDOWS\NCLAUNCH.EXe" [2007-05-08 20:47 40960] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 09:03 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "PinnacleDriverCheck"="C:\WINDOWS\System32\PSDrvCheck.exe" [2004-03-10 16:26 406016] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11 132496] "SoundMan"="SOUNDMAN.EXE" [2005-12-14 17:06 577536 C:\WINDOWS\soundman.exe] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-08-18 18:16 77824] "mspwr"="C:\WINDOWS\system32\PuXpMan2.exe" [2005-09-29 10:05 110592] "{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="C:\Program Files\Google\Gmail Notifier\G001-1.0.25.0\gnotify.exe" [2005-07-15 13:48 479232] "UfSeAgnt.exe"="C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe" [2007-11-06 13:54 1393928] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-04 09:03 15360] C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\ Adobe Reader Snelle start.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26] WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK.EXE [2007-04-25 11:31:51] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks] "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2007-02-05 14:39 294400] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-] "Window Washer"=C:\Program Files\Tools\Webroot\Washer\wwDisp.exe "Shareaza"="I:\Shareaza\Shareaza.exe" -tray [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "RunDLL"=rundll32.exe "C:\WINDOWS\Downloaded Program Files\bridge.dll",Load R2 LANPkt;Realtek LANPkt Protocol;C:\WINDOWS\system32\DRIVERS\LANPkt.sys [2003-09-17 14:57] R2 SMTPSVC;SMTP (Simple Mail Transfer Protocol);C:\WINDOWS\System32\inetsrv\inetinfo.exe [2004-08-04 09:03] R3 3xHybrid;Pinnacle PCTV Stereo service;C:\WINDOWS\system32\DRIVERS\3xHybrid.sys [2003-12-05 11:56] R3 pctvvbi;PCTVVBI;C:\WINDOWS\system32\DRIVERS\pctvvbi.sys [2002-11-11 18:52] S1 ctredrv.sys;ctredrv.sys;C:\WINDOWS\system32\drivers\ctredrv.sys [] S1 pivot;pivot;C:\WINDOWS\system32\drivers\pivot.sys [2003-04-16 18:47] S2 CX23880;Conexant 2388x Video Capture;C:\WINDOWS\system32\drivers\cx88vid.sys [2003-06-11 05:47] S2 CX88XBAR;Conexant 2388x Crossbar;C:\WINDOWS\system32\drivers\CX88XBAR.sys [2003-06-11 05:47] S2 CXTUNE;Conexant 2388x Tuner;C:\WINDOWS\system32\drivers\CX88TUNE.sys [2003-06-11 05:47] S3 jatmlano;jatmlano;C:\DOCUME~1\fank\LOCALS~1\Temp\jatmlano.sys [] S3 pivotmou;Pivot Mouse/Pointers Filter Driver;C:\WINDOWS\system32\drivers\pivotmou.sys [2003-04-16 18:47] S3 XDva032;XDva032;C:\WINDOWS\system32\XDva032.sys [] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\C] \Shell\AutoRun\command - install.exe [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\Windows Sidebar] C:\WINDOWS\system32\hidec /W C:\VAIO\Tools\REGTLIB.EXE "C:\Program Files\Windows Sidebar\sidebar.exe" [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{34A19196-274E-4D75-9D30-D7A45A0A4178}] "C:\Program Files\Windows Sidebar\.\regsvr32.exe" /s wlsrvc.dll [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6B9228DA-9C15-419e-856C-19E768A13BDC}] "C:\Program Files\Windows Sidebar\.\regsvr32.exe" /s sbdrop.dll [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{BADA65A0-86B7-462B-B720-CE66655C73F5}] regsvr32 /s C:\VAIO\.\vshellext.dll . Inhoud van de 'Gedeelde Taken' map "2008-01-11 16:15:00 C:\WINDOWS\Tasks\1-Click Maintenance.job" - C:\Program Files\TuneUp Utilities 2004\SystemOptimizer.exe "2008-01-15 16:16:02 C:\WINDOWS\Tasks\Controleren op updates voor Windows Live Toolbar.job" - C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE "2008-01-15 16:35:48 C:\WINDOWS\Tasks\RegCure Program Check.job" - C:\Program Files\RegCure\RegCure.exe "2008-01-03 14:59:41 C:\WINDOWS\Tasks\RegCure.job" - C:\Program Files\RegCure\RegCure.exe "2008-01-10 19:41:32 C:\WINDOWS\Tasks\RegistrySmart Scheduled Scan.job" - C:\Program Files\RegistrySmart\RegistrySmart.ex - C:\Program Files\RegistrySmart "2008-01-03 13:50:09 C:\WINDOWS\Tasks\SpywareBot Scheduled Scan.job" - C:\Program Files\SpywareBot\SpywareBot.ex - C:\Program Files\SpywareBot "2008-01-15 14:38:29 C:\WINDOWS\Tasks\User_Feed_Synchronization-{DF0DCDE2-02BE-4223-A2D7-EAF4447023BC}.job" - C:\WINDOWS\system32\msfeedssync.exe . ************************************************************************** catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-01-15 17:37:36 Windows 5.1.2600 Service Pack 2 NTFS scannen van verborgen processen ... scannen van verborgen autostart items ... scannen van verborgen bestanden ... Scan succesvol afgerond verborgen bestanden: 0 ************************************************************************** . Voltooingstijd: 2008-01-15 17:44:29 - machine was rebooted [fank] ComboFix-quarantined-files.txt 2008-01-15 16:44:10 ComboFix2.txt 2008-01-13 21:23:53 ComboFix3.txt 2008-01-13 20:02:08 . 2008-01-09 21:07:21 --- E O F --- Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 17:54:55, on 15-1-2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16574) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\System32\inetsrv\inetinfo.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe C:\WINDOWS\System32\tcpsvcs.exe C:\WINDOWS\System32\snmp.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe C:\WINDOWS\System32\MsPMSPSv.exe C:\WINDOWS\system32\SearchIndexer.exe C:\WINDOWS\System32\mqsvc.exe C:\Program Files\Trend Micro\BM\TMBMSRV.exe C:\WINDOWS\System32\mqtgsvc.exe C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\QuickTime\qttask.exe C:\WINDOWS\system32\PuXpMan2.exe C:\Program Files\Google\Gmail Notifier\G001-1.0.25.0\gnotify.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\WINDOWS\NCLAUNCH.EXe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\WinZip\WZQKPICK.EXE C:\Program Files\Trend Micro\Internet Security\TmProxy.exe C:\WINDOWS\system32\notepad.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.7.4.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GrooveShellExtensions.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll O4 - HKLM\..\Run: [PinnacleDriverCheck] "C:\WINDOWS\System32\PSDrvCheck.exe" -CheckReg O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [mspwr] C:\WINDOWS\system32\PuXpMan2.exe O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\G001-1.0.25.0\gnotify.exe O4 - HKLM\..\Run: [UfSeAgnt.exe] "C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe" O4 - HKCU\..\Run: [updateMgr] "C:\PROGRAM FILES\ADOBE\ACROBAT 7.0\READER\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1 O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [NCLaunch] C:\WINDOWS\NCLAUNCH.EXe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Adobe Reader Snelle start.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: TREND MICRO HouseCall - {2B5EA4F8-620A-4A8B-B003-4C8C5EBEA826} - http://uk.trendmicro-europe.com/enterprise/products/housecall_pre.php (file missing) O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.7.4.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\Microsoft Expression\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab O16 - DPF: {1EF9F042-C2EB-4293-8213-474CAEEF531D} (TmHcmsX Control) - http://www.trendsecure.com/framework/control/activex/TmHcmsX.CAB O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab O16 - DPF: {7ED7005B-4AF6-4CFF-9AE0-F243C4B8260F} (HouseCallButton.setup) - http://de.trendmicro-europe.com/file_downloads/common/housecall/HouseCallButton.CAB O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab O16 - DPF: {B0A2C7FC-8666-44D6-A990-2FCE3B933341} (ING Bank Autorisatiescherm) - https://secure.ingbank.nl/download/DigiSign.cab O16 - DPF: {B7D07999-2ADB-4AEB-997E-F61CB7B2E2CD} (TSEasyInstallX Control) - http://www.trendsecure.com/easy_install/_activex/nl/TSEasyInstallX.CAB O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GrooveSystemServices.dll O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Trend Micro Centrale besturing (SfCtlCom) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe O23 - Service: Trend Micro Unauthorized Change Prevention Service (TMBMServer) - Trend Micro Inc. - C:\Program Files\Trend Micro\BM\TMBMSRV.exe O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\Internet Security\TmPfw.exe O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmProxy.exe O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2004\WinStylerThemeSvc.exe O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe -- End of file - 9285 bytes
  • Probeer die stap met Undll nog eens, in het veld hoef je niet met bladeren naar het bestand toe, maar kan je gewoon de dikgedrukte tekst kopieren, goed lezen :wink:
  • Ik heb de Undll nogmaals geprobeerd maar hij geeft aan dat hij het bestand niet kan vinden.

Beantwoord deze vraag

Weet jij het antwoord op deze vraag? Registreer of meld je aan met je account

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.