Op deze website gebruiken we cookies om content en advertenties te personaliseren, om functies voor social media te bieden en om ons websiteverkeer te analyseren. Ook delen we informatie over uw gebruik van onze site met onze partners voor social media, adverteren en analyse. Deze partners kunnen deze gegevens combineren met andere informatie die u aan ze heeft verstrekt of die ze hebben verzameld op basis van uw gebruik van hun services. Meer informatie.

Akkoord

Vraag & Antwoord

Beveiliging & privacy

[b]veel virusleed[/b]

juisterr
12 antwoorden
  • Beste PC-dokter,

    De laatste tijd wordt mijn PC geteisterd door verschillende virussen. Zo heb ik ondertussen het w32/trats ergens onder de leden (een hardnekkig en terugkerend virus), krijg ik sind kort de boodschap dat ik een NT_kernel error 1256 heb en is mijn controlpanel e.d. niet meer te openen.
    Standaard programma's zoals McAfee, RegistrySmart en XoftspySe blijken niet te helpen.

    Ik heb geen verstand van Hijacken, alles wat ik daarvan lees op dit forum is gen gesneden koek voor mij.

    Wie wil mij helpen in begrijpbare teksten.


    Dank, dank, dank.

    Gerard
  • Download [b:6bad27006b] en sla deze op je bureaublad op.
    Open [b:6bad27006b]HJTinstall.exe[/b:6bad27006b] om HijackThis te installeren.

    Dubbelklik op het Icoontje van Hijackthis op je bureaublad
    [i:6bad27006b](indien je meldingen krijgt, gewoon op OK ed. drukken)[/i:6bad27006b].
    Kies de bovenste optie: "[b:6bad27006b]Do a systemscan and save a logfile[/b:6bad27006b]".

    Als deze scan compleet is zal er een kladblok/notepad bestand openen.
    Kopieer de inhoud van dit bestand en post het in het in je volgende reactie.
  • Hoi Juisterr.

    Dank voor je reactie.
    Ben wat verlaat want heb lange dag achter de rug.
    Daarbij is er vandaag een generic dropper bijgekomen die mijn systeem overbelast met duizenden .tmp files.
    Ja, ja, lachen.

    Heb HJT gedownlaod en gedraaid.
    Onderstaand de log file.
    Ik hoop dat je me kunt helpen.

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 1:00:27, on 26-1-2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\drivers\CDAC11BA.EXE
    C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLCapSvc.exe
    C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
    C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
    C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\AGRSMMSG.exe
    C:\WINDOWS\Dit.exe
    C:\WINDOWS\system32\RunDll32.exe
    c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
    C:\Program Files\Google\Google Updater\GoogleUpdater.exe
    C:\Program Files\RALINK\RT2500 USB Wireless LAN Card\Installer\WINXP\RaConfig2500.exe
    C:\Program Files\ScanWizard 5\ScannerFinder.exe
    C:\WINDOWS\system32\ctfmon .exe
    C:\Program Files\McAfee\MPF\MPFSrv.exe
    C:\WINDOWS\system32\PnkBstrA.exe
    C:\Program Files\SiteAdvisor\6253\SAService.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLSched.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
    c:\program files\common files\mcafee\mna\mcnasvc.exe
    c:\PROGRA~1\mcafee.com\agent\mcagent.exe
    C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://search.bearshare.com/sidebar.html?src=ssb
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startpagina.nl/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startpagina.nl/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll
    F3 - REG:win.ini: load=[RANDOM CHARACTERS].exe
    O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021
    l\msntb.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
    O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
    O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll
    O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
    O4 - HKLM\..\Run: [Dit] Dit.exe
    O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
    O4 - HKLM\..\Run: [Keyboard Status] C:\PROGRA~1\Medion Tools\KeyStat\KeyStat.exe
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Home Cinema\PowerCinema\PCMService.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask .exe" -atboottime
    O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
    O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
    O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
    O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
    O4 - HKLM\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
    O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe
    unkey
    O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
    O4 - HKLM\..\Run: [McENUI] C:\PROGRA~1\McAfee\MHN\McENUI.exe /hide
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - HKCU\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
    O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O4 - Global Startup: RaConfig2500.lnk = C:\Program Files\RALINK\RT2500 USB Wireless LAN Card\Installer\WINXP\RaConfig2500.exe
    O4 - Global Startup: Scanner Finder.lnk = C:\Program Files\ScanWizard 5\ScannerFinder.exe
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O15 - Trusted Zone: *.mediamall.tv
    O15 - Trusted Zone: *.musicmatch.com
    O15 - Trusted Zone: *.musicmatch.com (HKLM)
    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
    O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
    O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-3-30.cab
    O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/nl/4,0,0,83/mcinsctl.cab
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
    O16 - DPF: {5D8844F9-1CB8-11D2-A0A0-00600859EB9F} (PatchCtl Class) - file://C:\Program Files\EA SPORTS\FIFA 2004\update.1.1\patchx2.cab
    O16 - DPF: {6211AC26-A1B4-422A-AC52-1E70B7D24465} (FileSharingCtrl Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/FileSharing/nl/filesharingctrl.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1106838455765
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
    O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.5 Control) - http://80.73.129.185/fotoxs/ImageUploader3.cab
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
    O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/mcgdmgr/nl/1,0,0,20/mcgdmgr.cab
    O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game10.zylom.com/activex/zylomgamesplayer.cab
    O16 - DPF: {C3CD13CE-D69B-439F-9581-21218A5A2A94} (OkeFtpUpload Control) - http://live.mediamall.tv/mmuser/OkeFtpUpload.ocx
    O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
    O23 - Service: McAfee Application Installer Cleanup (0048551201305110) (0048551201305110mcinstcleanup) - McAfee, Inc. - C:\DOCUME~1\Gerard\LOCALS~1\Temp\004855~1.EXE
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: C-DillaCdaC11BA - C-Dilla Ltd - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
    O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLCapSvc.exe
    O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLSched.exe
    O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: MBackMonitor - McAfee - C:\Program Files\McAfee\MBK\MBackMonitor.exe
    O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
    O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
    O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
    O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
    O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
    O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
    O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
    O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
    O23 - Service: SiteAdvisor-service (SiteAdvisor Service) - Unknown owner - C:\Program Files\SiteAdvisor\6253\SAService.exe
    O23 - Service: StarWind iSCSI Service (StarWindService) - Unknown owner - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe (file missing)
    O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe


    End of file - 11292 bytes

  • Download http://www.mvps.org/winhelp2002/DelDomains.inf

    Klik met je rechtermuis op het deldomains.inf bestand en selecteer "Installeer".

    run het even.



    Start Hijackthis op en kies voor 'Do a system scan only'
    Selecteer alleen de items die hieronder zijn genoemd:
    [b:5f2e433e6e]
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://search.bearshare.com/sidebar.html?src=ssb
    R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll
    F3 - REG:win.ini: load=[RANDOM CHARACTERS].exe

    [/b:5f2e433e6e]
    Klik op 'Fix checked' om de items te verwijderen.




    Download [b:5f2e433e6e].
    [list:5f2e433e6e][*:5f2e433e6e]Scroll omlaag naar : "[i:5f2e433e6e]Java Runtime Environment (JRE) 6u4[/i:5f2e433e6e]".
    [*:5f2e433e6e]Klik op de "[b:5f2e433e6e]Download[/b:5f2e433e6e]" knop aan de rechterkant.
    [*:5f2e433e6e]In het uitklapmenu rechts naast [b:5f2e433e6e]Platform[/b:5f2e433e6e], selecteer
  • Hoi Juisterr,


    Daar ben ik weer.
    Was nogal wat huiswerk.
    Reden is dat combifix meer als 2 uur heeft gedraaid om al die .tmp te scannen en verwijderen. De log is dan ook ontzettend lang. Hoop dat d e site het aankan.
    Alvast dank voor je volgende avdies.

    ComboFix 08-01-23.1C - Gerard 2008-01-26 17:05:18.1 - NTFSx86
    Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1043.18.539 [GMT 1:00]
    Gestart vanuit: C:\Documents and Settings\Gerard\Bureaublad\ComboFix.exe
    * Nieuw herstelpunt werd aangemaakt

  • Ja, dat dacht ik al.
    Was ook een lang bericht.
    Ik zal d erst van de log van combifix geven, zonder al die .tmp en de log van HJT.
    Komt-ie mog eens.


    C:\posFF0.tmp
    C:\posFF1.tmp
    C:\posFF2.tmp
    C:\posFF3.tmp
    C:\posFF4.tmp
    C:\posFF5.tmp
    C:\posFF6.tmp
    C:\posFF7.tmp
    C:\posFF8.tmp
    C:\posFF9.tmp
    C:\posFFA.tmp
    C:\posFFB.tmp
    C:\posFFC.tmp
    C:\posFFD.tmp
    C:\posFFE.tmp
    C:\posFFF.tmp
    C:\Program Files\McAfee\SpamKiller\MSKDetct .exe
    C:\Program Files\McAfee\SpamKiller\MSKDetct.exe
    C:\Program Files\QuickTime\qttask .exe
    C:\WINDOWS\cookies.ini
    C:\WINDOWS\ime\imjp8_1\IMJPMIG .EXE
    C:\WINDOWS\ime\imkr6_1\IMEKRMIG .EXE
    C:\WINDOWS\system32\chljhmat.dll
    C:\WINDOWS\system32\chljhmat.dllbox
    C:\WINDOWS\system32\ctfmon .exe
    C:\WINDOWS\system32\ctfmon.exe.tmp
    C:\WINDOWS\system32\hhujimmy.dll
    C:\WINDOWS\system32\llnmp.ini
    C:\WINDOWS\system32\llnmp.ini2
    C:\WINDOWS\system32\mcrh.tmp
    C:\WINDOWS\system32\pmnll.dll
    C:\WINDOWS\system32\rdcjmmki.dll
    C:\WINDOWS\system32\uouthsqm.dll
    C:\WINDOWS\system32\ymmijuhh.ini

    [code:1:b210459713] <pre>
    C:\Program Files\McAfee\SpamKiller\MSKDetct .exe —> QooBox
    C:\Program Files\QuickTime\qttask .exe —> QooBox
    C:\Program Files\QuickTime\qttask .exe —> qttask.exe
    C:\Program Files\QuickTime\qttask .exe —> qttask.exe
    C:\Program Files\QuickTime\qttask .exe —> qttask.exe
    C:\Program Files\QuickTime\qttask .exe —> qttask.exe
    C:\Program Files\QuickTime\qttask .exe —> qttask.exe
    C:\Program Files\QuickTime\qttask .exe —> qttask.exe
    C:\Program Files\QuickTime\qttask .exe —> qttask.exe
    C:\Program Files\QuickTime\qttask .exe —> qttask.exe
    C:\Program Files\QuickTime\qttask .exe —> qttask.exe
    C:\Program Files\QuickTime\qttask .exe —> qttask.exe
    C:\Program Files\QuickTime\qttask .exe —> qttask.exe
    C:\Program Files\QuickTime\qttask .exe —> qttask.exe
    C:\Program Files\QuickTime\qttask .exe —> qttask.exe
    C:\Program Files\QuickTime\qttask .exe —> qttask.exe
    C:\Program Files\QuickTime\qttask .exe —> qttask.exe
    C:\Program Files\QuickTime\qttask .exe —> qttask.exe
    C:\Program Files\QuickTime\qttask .exe —> qttask.exe
    C:\Program Files\QuickTime\qttask .exe —> qttask.exe
    C:\Program Files\QuickTime\qttask .exe —> qttask.exe
    C:\Program Files\QuickTime\qttask .exe —> qttask.exe
    C:\Program Files\QuickTime\qttask .exe —> qttask.exe
    C:\Program Files\QuickTime\qttask .exe —> qttask.exe
    C:\Program Files\QuickTime\qttask .exe —> qttask.exe
    C:\WINDOWS\ime\imjp8_1\IMJPMIG .EXE —> QooBox
    C:\WINDOWS\ime\imkr6_1\IMEKRMIG .EXE —> QooBox
    C:\WINDOWS\system32\ctfmon .exe —> QooBox
    </pre> [/code:1:b210459713]
    .
    .
    (((((((((((((((((((( Bestanden Gemaakt van 2007-12-26 to 2008-01-26 ))))))))))))))))))))))))))))))
    .

    2008-01-26 17:01 . 2000-08-31 08:00 51,200 –a—— C:\WINDOWS\Nircmd.exe
    2008-01-26 16:52 . 2007-12-14 01:59 69,632 –a—— C:\WINDOWS\system32\javacpl.cpl
    2008-01-26 16:51 . 2008-01-26 16:51 <DIR> d——– C:\Program Files\Java
    2008-01-26 00:59 . 2008-01-26 00:59 <DIR> d——– C:\Program Files\Trend Micro
    2008-01-25 22:06 . 2008-01-25 22:06 <DIR> d——– C:\Program Files\Lavasoft
    2008-01-25 22:05 . 2008-01-25 22:05 <DIR> d——– C:\Program Files\Common Files\Wise Installation Wizard
    2008-01-17 01:28 . 2008-01-23 19:04 <DIR> d——– C:\Program Files\XoftSpySE
    2008-01-13 12:17 . 2004-08-04 13:00 10,096,640 –a–c— C:\WINDOWS\system32\dllcache\hwxcht.dll
    2008-01-13 12:16 . 2004-08-04 13:00 332,800 –a–c— C:\WINDOWS\system32\dllcache\aqueue.dll
    2008-01-13 12:13 . 2008-01-13 12:13 749 -rah—– C:\WINDOWS\WindowsShell.Manifest
    2008-01-13 12:13 . 2008-01-13 12:13 749 -rah—– C:\WINDOWS\system32\wuaucpl.cpl.manifest
    2008-01-13 12:13 . 2008-01-13 12:13 749 -rah—– C:\WINDOWS\system32\sapi.cpl.manifest
    2008-01-13 12:13 . 2008-01-13 12:13 749 -rah—– C:\WINDOWS\system32
    cpa.cpl.manifest
    2008-01-13 12:13 . 2008-01-13 12:13 488 -rah—– C:\WINDOWS\system32\logonui.exe.manifest
    2008-01-05 16:32 . 2004-08-04 13:00 1,086,058 -ra—— C:\WINDOWS\SETF5.tmp
    2008-01-05 16:32 . 2004-08-04 13:00 1,014,139 -ra—— C:\WINDOWS\SETF2.tmp
    2008-01-05 16:32 . 2004-08-04 13:00 14,043 -ra—— C:\WINDOWS\SET101.tmp
    2007-12-27 13:06 . 2007-12-27 13:06 <DIR> d——– C:\Program Files\GameSpy
    2007-12-27 12:47 . 2007-12-27 12:47 22,328 –a—— C:\WINDOWS\system32\drivers\PnkBstrK.sys
    2007-12-27 12:46 . 2007-07-19 18:14 3,727,720 –a—— C:\WINDOWS\system32\d3dx9_35.dll
    2007-12-27 12:46 . 2007-05-16 16:45 3,497,832 –a—— C:\WINDOWS\system32\d3dx9_34.dll
    2007-12-27 12:46 . 2007-07-19 18:14 1,358,192 –a—— C:\WINDOWS\system32\D3DCompiler_35.dll
    2007-12-27 12:46 . 2007-05-16 16:45 1,124,720 –a—— C:\WINDOWS\system32\D3DCompiler_34.dll
    2007-12-27 12:46 . 2007-12-27 12:46 669,184 –a—— C:\WINDOWS\system32\pbsvc.exe
    2007-12-27 12:46 . 2007-05-16 16:45 443,752 –a—— C:\WINDOWS\system32\d3dx10_34.dll
    2007-12-27 12:46 . 2007-12-27 12:46 103,736 –a—— C:\WINDOWS\system32\PnkBstrB.exe
    2007-12-27 12:46 . 2007-04-04 18:53 81,768 –a—— C:\WINDOWS\system32\xinput1_3.dll
    2007-12-27 12:46 . 2007-12-27 12:46 66,872 –a—— C:\WINDOWS\system32\PnkBstrA.exe
    2007-12-26 23:19 . 2008-01-10 01:17 155,648 –a—— C:\WINDOWS\system32\NeroCheck .exe

    .
    ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-01-26 19:22 17,408 —-a-w C:\WINDOWS\system32\drivers\USBCRFT.SYS
    2008-01-26 19:07 ——— d—–w C:\Program Files\QuickTime
    2008-01-26 14:42 ——— d—–w C:\Program Files\McAfee
    2008-01-25 23:53 ——— d—–w C:\Program Files\SiteAdvisor
    2008-01-25 22:21 ——— d—–w C:\Program Files\BearShare Applications
    2008-01-24 23:59 ——— d—–w C:\Program Files\NoAdware3
    2008-01-11 21:45 ——— d—–w C:\Program Files\Shareaza
    2008-01-11 18:45 ——— d—–w C:\Program Files\PowerISO
    2008-01-11 18:45 ——— d—–w C:\Program Files\D-Tools
    2007-12-27 11:40 ——— d—–w C:\Program Files\Electronic Arts
    2007-12-27 11:38 ——— d—–w C:\Program Files\EA GAMES
    2007-12-27 11:37 ——— d—–w C:\Program Files\Dreamfall - The Longest Journey
    2007-12-26 17:08 ——— d—–w C:\Program Files\LimeWire
    2007-12-24 12:47 ——— d—–w C:\Program Files\Turbo Torrent
    2007-12-24 12:41 ——— d–h–w C:\Program Files\InstallShield Installation Information
    2007-12-24 12:41 ——— d—–w C:\Program Files\Ubi Soft
    2007-12-24 12:40 ——— d—–w C:\Program Files\Postbank
    2007-12-24 12:38 ——— d—–w C:\Program Files\Activision
    2007-12-24 12:36 ——— d—–w C:\Program Files\EA SPORTS
    2007-12-24 12:32 ——— d—–w C:\Program Files\Azureus
    2007-12-12 00:31 ——— d—–w C:\Program Files\McAfee.com
    2007-12-07 20:11 25,280 —-a-w C:\WINDOWS\system32\drivers\hamachi.sys
    2007-12-07 20:11 ——— d—–w C:\Program Files\van max
    2007-12-02 11:15 ——— d—–w C:\Program Files\Google
    2005-09-11 21:51 56 –sha-r C:\WINDOWS\system32\3FC26D6B5D.sys
    2005-01-27 13:59 8 –sha-r C:\WINDOWS\system32\62A95D688F.sys
    2007-07-29 18:37 15,278 –sha-w C:\WINDOWS\system32\KGyGaAvL.sys
    .
    [code:1:b210459713]<pre>
    —-a-w 344,064 2008-01-10 00:17:09 C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx .exe
    —-a-w 81,920 2008-01-10 00:17:18 C:\Program Files\D-Tools\daemon .exe
    —-a-w 36,864 2008-01-02 16:30:29 C:\Program Files\GameSpy\Comrade\Comrade .exe
    —-a-w 1,838,592 2008-01-10 00:17:38 C:\Program Files\Google\Google Desktop Search\GoogleDesktop .exe
    —-a-w 68,856 2008-01-10 00:17:43 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier .exe
    —-a-w 118,926 2008-01-10 00:17:12 C:\Program Files\Home Cinema\PowerCinema\PCMService .exe
    —-a-w 144,784 2008-01-26 15:55:28 C:\Program Files\Java\jre1.6.0_04\bin\jusched .exe
    —-a-w 103,712 2008-01-10 00:17:32 C:\Program Files\Macrogaming\SweetIM\SweetIM .exe
    —-a-w 1,160,480 2008-01-26 14:43:43 C:\Program Files\McAfee\MHN\McENUI .exe
    —-a-w 582,992 2008-01-26 14:43:35 C:\Program Files\McAfee.com\Agent\mcagent .exe
    —-a-w 411,648 2008-01-15 01:28:45 C:\Program Files\Medion Tools\KeyStat\KeyStat .exe
    —-a-w 200,704 2008-01-10 00:17:25 C:\Program Files\PowerISO\PWRISOVM .EXE
    —-a-w 3,887,104 2008-01-04 11:28:35 C:\Program Files\Shareaza\Shareaza .exe
    —-a-w 35,928 2008-01-10 00:17:30 C:\Program Files\SiteAdvisor\6253\SiteAdv .exe
    —-a-w 204,288 2008-01-10 00:17:48 C:\Program Files\Windows Media Player\WMPNSCFG .exe
    —-a-w 155,648 2008-01-10 00:17:08 C:\WINDOWS\system32\NeroCheck .exe
    </pre>[/code:1:b210459713]


    ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8a86aac3-f6f7-451e-b980-9d74106b4e42}]
    C:\WINDOWS\system32\uouthsqm.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9DBE3D0E-82C8-430C-8057-EBB149B13628}]
    C:\WINDOWS\system32\pmnll.dll

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [ ]
    "WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [ ]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 13:00 15360]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "AGRSMMSG"="AGRSMMSG.exe" [2005-03-04 11:01 88209 C:\WINDOWS\AGRSMMSG.exe]
    "Dit"="Dit.exe" [2004-07-20 18:18 90112 C:\WINDOWS\Dit.exe]
    "Cmaudio"="cmicnfg.cpl" []
    "Keyboard Status"="C:\PROGRA~1\Medion Tools\KeyStat\KeyStat.exe" [ ]
    "ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [ ]
    "PCMService"="C:\Program Files\Home Cinema\PowerCinema\PCMService.exe" [ ]
    "QuickTime Task"="C:\Program Files\QuickTime\qttask .exe" [ ]
    "DAEMON Tools-1033"="C:\Program Files\D-Tools\daemon.exe" [ ]
    "PWRISOVM.EXE"="C:\Program Files\PowerISO\PWRISOVM.EXE" [ ]
    "SiteAdvisor"="C:\Program Files\SiteAdvisor\6253\SiteAdv.exe" [ ]
    "Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [ ]
    "mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [ ]
    "MSKDetectorExe"="C:\Program Files\McAfee\SpamKiller\MSKDetct.exe" [ ]
    "MISAggregator"="" []
    "McENUI"="C:\PROGRA~1\McAfee\MHN\McENUI.exe" [ ]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe" [ ]
    "combofix"="C:\WINDOWS\system32\cmd.exe" [2004-08-04 13:00 399360]

    C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\
    Google Updater.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2007-12-02 12:15:23 126136]
    Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 10:01:04 83360]
    RaConfig2500.lnk - C:\Program Files\RALINK\RT2500 USB Wireless LAN Card\Installer\WINXP\RaConfig2500.exe [2005-01-27 13:35:21 528384]
    Scanner Finder.lnk - C:\Program Files\ScanWizard 5\ScannerFinder.exe [2005-03-21 00:41:52 315392]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon
    otify\chljhmat]
    chljhmat.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon
    otify\gebbcdd]
    gebbcdd.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
    "LoadAppInit_DLLs"=1 (0x1)

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Notification Packages REG_MULTI_SZ scecli [RANDOM CHARACTERS].dll

    R3 3xHybrid;3xHybrid service;C:\WINDOWS\system32\DRIVERS\3xHybrid.sys [2004-10-06 14:10]
    R3 cmudax;C-Media High Definition Audio Interface;C:\WINDOWS\system32\drivers\cmudax.sys [2004-10-01 13:58]
    R3 wbscr;Winbond Smartcard Reader for I/O;C:\WINDOWS\system32\drivers\wbscr.sys [2002-04-24 12:07]
    S3 BTNetFilter;Bluetooth Network Filter;C:\WINDOWS\system32\drivers\BTNetFilter.sys [2004-12-16 16:32]
    S3 CardReaderFilter;Card Reader Filter;C:\WINDOWS\system32\Drivers\USBCRFT.SYS [2008-01-26 20:22]
    S3 gkmixern;gkmixern;C:\DOCUME~1\Max\LOCALS~1\Temp\gkmixern.sys []
    S3 PCASp50;PCASp50 NDIS Protocol Driver;C:\WINDOWS\system32\Drivers\PCASp50.sys []

    .
    Inhoud van de 'Gedeelde Taken' map
    "2008-01-15 00:00:00 C:\WINDOWS\Tasks\McDefragTask.job"
    - C:\WINDOWS\system32\defrag.exe
    "2007-11-01 00:00:01 C:\WINDOWS\Tasks\McQcTask.job"
    - c:\program files\mcafee\mqc\QcConsol.exe
    "2008-01-26 19:21:55 C:\WINDOWS\Tasks\XoftSpySE 2.job"
    - C:\Program Files\XoftSpySE\XoftSpy.exe
    "2008-01-26 02:00:00 C:\WINDOWS\Tasks\XoftSpySE.job"
    - C:\Program Files\XoftSpySE\XoftSpy.exe
    .
    **************************************************************************

    catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-01-26 20:22:34
    Windows 5.1.2600 Service Pack 2 NTFS

    scannen van verborgen processen …

    scannen van verborgen autostart items …

    scannen van verborgen bestanden …

    Scan succesvol afgerond
    verborgen bestanden: 0

    **************************************************************************
    .
    Voltooingstijd: 2008-01-26 20:30:00 - machine was rebooted
    ComboFix-quarantined-files.txt 2008-01-26 19:29:56
    .
    2008-01-26 12:30:07 — E O F —


    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 20:31:22, on 26-1-2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\drivers\CDAC11BA.EXE
    C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLCapSvc.exe
    C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
    C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
    C:\WINDOWS\System32\svchost.exe
    C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
    c:\program files\common files\mcafee\mna\mcnasvc.exe
    c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
    C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
    C:\Program Files\McAfee\MPF\MPFSrv.exe
    C:\WINDOWS\system32\PnkBstrA.exe
    C:\Program Files\SiteAdvisor\6253\SAService.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLSched.exe
    C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\AGRSMMSG.exe
    C:\WINDOWS\Dit.exe
    C:\WINDOWS\system32\RunDll32.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Google\Google Updater\GoogleUpdater.exe
    C:\Program Files\RALINK\RT2500 USB Wireless LAN Card\Installer\WINXP\RaConfig2500.exe
    C:\Program Files\ScanWizard 5\ScannerFinder.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\McAfee\MSC\mcuimgr.exe
    C:\WINDOWS\system32
    otepad.exe
    C:\PROGRA~1\McAfee\VIRUSS~1\mcvsshld.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startpagina.nl/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startpagina.nl/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll
    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
    O2 - BHO: SWEETIE - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - C:\PROGRA~1\MACROG~1\SWEETI~1\toolbar.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
    O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
    O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021
    l\msntb.dll
    O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021
    l\msntb.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
    O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
    O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll
    O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
    O4 - HKLM\..\Run: [Dit] Dit.exe
    O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
    O4 - HKLM\..\Run: [Keyboard Status] C:\PROGRA~1\Medion Tools\KeyStat\KeyStat.exe
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Home Cinema\PowerCinema\PCMService.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask .exe" -atboottime
    O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
    O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
    O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
    O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
    O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe
    unkey
    O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
    O4 - HKLM\..\Run: [McENUI] C:\PROGRA~1\McAfee\MHN\McENUI.exe /hide
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe"
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
    O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O4 - Global Startup: RaConfig2500.lnk = C:\Program Files\RALINK\RT2500 USB Wireless LAN Card\Installer\WINXP\RaConfig2500.exe
    O4 - Global Startup: Scanner Finder.lnk = C:\Program Files\ScanWizard 5\ScannerFinder.exe
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
    O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
    O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
    O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-3-30.cab
    O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/nl/4,0,0,83/mcinsctl.cab
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
    O16 - DPF: {5D8844F9-1CB8-11D2-A0A0-00600859EB9F} (PatchCtl Class) - file://C:\Program Files\EA SPORTS\FIFA 2004\update.1.1\patchx2.cab
    O16 - DPF: {6211AC26-A1B4-422A-AC52-1E70B7D24465} (FileSharingCtrl Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/FileSharing/nl/filesharingctrl.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1106838455765
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
    O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.5 Control) - http://80.73.129.185/fotoxs/ImageUploader3.cab
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
    O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/mcgdmgr/nl/1,0,0,20/mcgdmgr.cab
    O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game10.zylom.com/activex/zylomgamesplayer.cab
    O16 - DPF: {C3CD13CE-D69B-439F-9581-21218A5A2A94} (OkeFtpUpload Control) - http://live.mediamall.tv/mmuser/OkeFtpUpload.ocx
    O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
    O20 - Winlogon Notify: gebbcdd - gebbcdd.dll (file missing)
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: C-DillaCdaC11BA - C-Dilla Ltd - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
    O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLCapSvc.exe
    O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLSched.exe
    O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: MBackMonitor - McAfee - C:\Program Files\McAfee\MBK\MBackMonitor.exe
    O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
    O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
    O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
    O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
    O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
    O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
    O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
    O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
    O23 - Service: SiteAdvisor-service (SiteAdvisor Service) - Unknown owner - C:\Program Files\SiteAdvisor\6253\SAService.exe
    O23 - Service: StarWind iSCSI Service (StarWindService) - Unknown owner - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe (file missing)
    O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe


    End of file - 12197 bytes






  • Inderdaad, een lang logje.

    Open Kladblok, kopieer en plak het volgende ( , tekst) in een leeg venster: [list:618449720e][b:618449720e][code:1:618449720e]
    File::
    C:\WINDOWS\system32\uouthsqm.dll
    C:\WINDOWS\system32\pmnll.dll

    RENV::
    <pre>
    —-a-w 344,064 2008-01-10 00:17:09 C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx .exe
    —-a-w 81,920 2008-01-10 00:17:18 C:\Program Files\D-Tools\daemon .exe
    —-a-w 36,864 2008-01-02 16:30:29 C:\Program Files\GameSpy\Comrade\Comrade .exe
    —-a-w 1,838,592 2008-01-10 00:17:38 C:\Program Files\Google\Google Desktop Search\GoogleDesktop .exe
    —-a-w 68,856 2008-01-10 00:17:43 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier .exe
    —-a-w 118,926 2008-01-10 00:17:12 C:\Program Files\Home Cinema\PowerCinema\PCMService .exe
    —-a-w 144,784 2008-01-26 15:55:28 C:\Program Files\Java\jre1.6.0_04\bin\jusched .exe
    —-a-w 103,712 2008-01-10 00:17:32 C:\Program Files\Macrogaming\SweetIM\SweetIM .exe
    —-a-w 1,160,480 2008-01-26 14:43:43 C:\Program Files\McAfee\MHN\McENUI .exe
    —-a-w 582,992 2008-01-26 14:43:35 C:\Program Files\McAfee.com\Agent\mcagent .exe
    —-a-w 411,648 2008-01-15 01:28:45 C:\Program Files\Medion Tools\KeyStat\KeyStat .exe
    —-a-w 200,704 2008-01-10 00:17:25 C:\Program Files\PowerISO\PWRISOVM .EXE
    —-a-w 3,887,104 2008-01-04 11:28:35 C:\Program Files\Shareaza\Shareaza .exe
    —-a-w 35,928 2008-01-10 00:17:30 C:\Program Files\SiteAdvisor\6253\SiteAdv .exe
    —-a-w 204,288 2008-01-10 00:17:48 C:\Program Files\Windows Media Player\WMPNSCFG .exe
    —-a-w 155,648 2008-01-10 00:17:08 C:\WINDOWS\system32\NeroCheck .exe
    </pre>

    Registry::
    [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8a86aac3-f6f7-451e-b980-9d74106b4e42}]

    [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9DBE3D0E-82C8-430C-8057-EBB149B13628}]

    [-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon
    otify\chljhmat]
    [-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon
    otify\gebbcdd]

    [/code:1:618449720e][/b:618449720e]

    [/list:u:618449720e]Sla dit op op je Bureaublad als [b:618449720e]CFScript.txt[/b:618449720e].

    Sleep [b:618449720e]CFScript.txt[/b:618449720e] in [b:618449720e]ComboFix.exe[/b:618449720e] zoals getoond in onderstaand voorbeeld :

    [img:618449720e]http://img.photobucket.com/albums/v666/sUBs/CFScript.gif[/img:618449720e]

    Dit zal [b:618449720e]ComboFix[/b:618449720e] doen herstarten.

    Na het herstarten van je computer, (indien het vraagt om te herstarten), kopieer en plak de inhoud van [b:618449720e]Combofix.txt[/b:618449720e] in je volgende antwoord.

  • Hoi Juisterr,

    Bedankt voor je antwoord.
    Zo gezegd, zo gedaan.
    Dit keer was Combifix idd in 5 minuten klaar.
    Volgens mij gaat het de goede kant op.
    Onderstaande log van combifix en een nieuwe van HJT.

    Bij voorbaat dank voor de volgende suggestie.

    Gerard

    ComboFix 08-01-23.1C - Gerard 2008-01-27 11:44:41.2 - NTFSx86
    Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1043.18.603 [GMT 1:00]
    Gestart vanuit: C:\Documents and Settings\Gerard\Bureaublad\ComboFix.exe
    Command switches used :: C:\Documents and Settings\Gerard\Bureaublad\CFScript.txt
    * Nieuw herstelpunt werd aangemaakt

  • Ik zou zelf sweetim verwijderen.


    Start Hijackthis op en kies voor 'Do a system scan only'
    Selecteer alleen de items die hieronder zijn genoemd:
    [b:6f70459fa2]
    R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll
    O2 - BHO: SWEETIE - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - C:\PROGRA~1\MACROG~1\SWEETI~1\toolbar.dll
    O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll



    [/b:6f70459fa2]
    Klik op 'Fix checked' om de items te verwijderen.

    vertel even hoe het nu gaat aub.
  • Hoi Juisterr,

    Heb de 3 regels verwijderd, dus ook wsweetIM.


    Verder gaat het heel erg goed , geloof ik.

    De PC strat in 1 keer goed op.
    Geen meldingen meer, ook niet die van kernel error 1256 (ik weet ook nietw at het was, maar hij is nu weg)

    de meldingen van w32.trats (door McAfee) blijven achterwege (maar is hij dan ook echt weg?)
    En de generic dropper is volgens mij ookw eg, want er worden geen .tmp files meer aangemaakt.

    Ik weet niet precies wat je me allemaal hebt laten doen, maar in vergelijking met 2 dagen geleden loopt hij hardstikke goed.

    Tot zover al heel veel dank (zeg maar waar de fles wijn naar toe moet..)

    Ik vraag me alleen nog 2 dingen af:
    - Zie nog een regel staan die ik niet begrijp. Weet jij welk programma dit.exe is. Staat in regel O4-HKLM\…\run: dit.exe.
    - moet ik nog iets doen om de huidige situtaie te bestendigen cq een nieuw systeem herstelpunt te krijgen?

    Groet,

    Gerard
  • http://www.liutilities.com/products/wintaskspro/processlibrary/dit/

    Je mag alle gebruikte tools en aangemaakte mappen terug verwijderen.

    Verwijder ComboFix via [b:ce621b8dc3]Start[/b:ce621b8dc3] > [b:ce621b8dc3]Uitvoeren[/b:ce621b8dc3], kopiëer en plak [b:ce621b8dc3]Combofix /U[/b:ce621b8dc3] klik op OK of toets Enter.
    Dit verwijdert zowel ComboFix, als je oude systeemherstelpunten (met eventuele restanten van malware), en maakt een nieuw systeemherstelpunt aan.

    [img:ce621b8dc3]http://hicheckthis.gethost.nl/images/Uninstall_combofix.JPG[/img:ce621b8dc3]

    alles goed zo ??
  • Hoi Juisterr,

    Ik vermoed dat alles goed is.
    Krijg geen meldingen meer.
    PC start sneller op (of wil ik dat graag zo zien?)
    Wat mij betreft doet ie het beter dan voorheen.
    Slechts 1 maartje.

    Heb de site bezocht achtr jouw link inzake dit.exe.
    Snap het programma (das dus OK)
    Maar de gratis scan op mijn registry gaf aan dat ik (schrik niet) 781 errors had.
    Ben ik nu gek of is dit een verkooptruc.

    Nee , je hoeft niet te antwoorden.
    Jij hebt al genoeg gedaan.

    Hardstikke bedankt voor je hulp.
    Stel ik zeer op prijs.
    Aanbod van de fles wijn blijst staan.

    Groet,

    Gerard

Beantwoord deze vraag

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.