Vraag & Antwoord

Beveiliging & privacy

hijack this log

8 antwoorden
  • Hallo ik heb wat problemen op mijn pc, steeds als ik op internet rond surf komen er pop ups te voorschijn van www.mt50.nl die ik niet weg krijg met cleaning tooltjes. ook heb ik bij mijn startup manager in het programma tweak now de volgende filename staan :8cd1b7b4 en bij PATH staan dit : rundll.exe"C:\WINDOWS\system32\xpmktoli.dll",b En als ik die mee laat opstarten krijg ik tijdens het opstarten dus een foutmelding met C:\WINDOWS\system32\xpmktoli.dll dat hij de module niet kan vinden,als ik dit dus uitvink bij tweak now en het dus niet mee op laat starten is de foutmelding wel weg, maar ik wil graag weten waar dit vanaf komt of bij welk programma dit hoort ik heb dus echt geen idee en zoek resultaten met google leveren niks op. Ik heb een hijack this log toegevoegt om te kijken of jullie er wat rotzooi in kunnen vinden. Alvast bedankt voor jullie tijd en moeite Mvg. Opelmantagek Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 22:37:06, on 8-3-2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16608) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe C:\Program Files\Common Files\Symantec Shared\ccProxy.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\RTHDCPL.EXE C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\IncrediMail\bin\ImApp.exe C:\WINDOWS\system32\lxcecoms.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.home.nl/?from=start.home.nl R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll O4 - HKLM\..\Run: [Snelkoppeling naar eigenschappenvenster voor High Definition Audio] HDAShCut.exe O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [LXCECATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCEtime.dll,_RunDLLEntry@16 O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1215861374390 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1200165312531 O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe O23 - Service: lxce_device - Lexmark International, Inc. - C:\WINDOWS\system32\lxcecoms.exe O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- End of file - 6798 bytes
  • Volg [color=blue:6adf9c1f4b][url=http://www.bleepingcomputer.com/combofix/nl/hoe-dient-combofix-gebruikt-te-worden]deze[/url][/color:6adf9c1f4b] instructies om [b:6adf9c1f4b]ComboFix[/b:6adf9c1f4b] te downloaden: [list:6adf9c1f4b] Voer de instructies op de BleepingComputer pagina uit, [i:6adf9c1f4b]inclusief het installeren van de XP Recovery Console[/i:6adf9c1f4b] Indien je Combofix al eerder hebt gebruikt, gelieve die versie te verwijderen en Combofix opnieuw te downloaden via bovenstaande link, want Combofix wordt dagelijks geupdate. OPMERKING: indien je, tijdens of na het downloaden van Combofix of tijdens het gebruik van Combofix een melding krijgt van je Antivirus- of een andere realtime scanner, schakel dan deze scanner uit en [b:6adf9c1f4b]download Combofix opnieuw.[/b:6adf9c1f4b] Sommige scanners zien bepaalde componenten die Combofix gebruikt als verdacht en gaan deze blokkeren of verwijderen! [list:6adf9c1f4b] Dubbelklik op [b:6adf9c1f4b]Combofix.exe[/b:6adf9c1f4b] Tijdens het runnen van de fix, [b:6adf9c1f4b]NIET[/b:6adf9c1f4b] in het venster klikken, want dit zal je pc doen vasthangen. Wanneer de fix voltooid is en na herstart, zal de log [b:6adf9c1f4b]Combofix.txt[/b:6adf9c1f4b] openen. [/list:u:6adf9c1f4b] [i:6adf9c1f4b]Plaats deze log in je volgende post, samen met een vers HijackThis logje.[/i:6adf9c1f4b][/list:u:6adf9c1f4b]
  • ComboFix 08-03-09.1 - Stan 2008-03-09 17:57:06.1 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1043.18.622 [GMT 1:00] Gestart vanuit: C:\Documents and Settings\Stan\Bureaublad\ComboFix.exe . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\system32\jkkjk.dll C:\WINDOWS\system32\kjkkj.ini C:\WINDOWS\system32\kjkkj.ini2 . (((((((((((((((((((( Bestanden Gemaakt van 2008-02-09 to 2008-03-09 )))))))))))))))))))))))))))))) . 2008-03-08 22:36 . 2008-03-08 22:36 <DIR> d-------- C:\Program Files\Trend Micro 2008-03-03 12:07 . 2008-03-03 12:07 268 --ah----- C:\sqmdata05.sqm 2008-03-03 12:07 . 2008-03-03 12:07 244 --ah----- C:\sqmnoopt05.sqm 2008-02-25 14:07 . 2008-02-25 14:07 <DIR> d-------- C:\Program Files\Tuning Car Studio 2008-02-25 13:23 . 2008-02-25 13:24 <DIR> d-------- C:\Program Files\PcMedik 2008-02-22 09:23 . 2008-02-22 10:01 151 --a------ C:\WINDOWS\PhotoSnapViewer.INI 2008-02-19 10:43 . 2008-02-22 20:30 2,334 ---hs---- C:\WINDOWS\system32\ilotkmpx.ini 2008-02-16 10:51 . 2008-02-19 09:37 1,254 ---hs---- C:\WINDOWS\system32\ggmkjwpm.ini 2008-02-15 09:19 . 2008-02-15 09:19 691,545 --a------ C:\WINDOWS\unins000.exe 2008-02-15 09:19 . 2008-02-15 09:19 3,449 --a------ C:\WINDOWS\unins000.dat 2008-02-15 09:06 . 2008-02-16 10:48 834 ---hs---- C:\WINDOWS\system32\blcjpkgm.ini 2008-02-14 09:08 . 2008-02-15 09:00 474 ---hs---- C:\WINDOWS\system32\lxmqcmmh.ini 2008-02-12 15:51 . 2008-02-12 15:51 <DIR> d-------- C:\WINDOWS\Sun 2008-02-12 10:13 . 2008-02-12 10:13 <DIR> d--hs---- C:\WINDOWS\ftpcache 2008-02-12 10:06 . 2008-02-12 10:06 268 --ah----- C:\sqmdata04.sqm 2008-02-12 10:06 . 2008-02-12 10:06 244 --ah----- C:\sqmnoopt04.sqm 2008-02-11 20:10 . 2008-02-11 20:10 244 --ah----- C:\sqmnoopt03.sqm 2008-02-11 20:10 . 2008-02-11 20:10 232 --ah----- C:\sqmdata03.sqm 2008-02-10 20:58 . 2008-02-10 20:58 22 --a------ C:\Display.opt . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-07-12 11:03 --------- d-----w C:\Program Files\microsoft frontpage 2008-03-09 16:52 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec 2008-03-09 16:45 --------- d-----w C:\Program Files\Lx_cats 2008-03-08 21:14 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help 2008-03-07 15:30 --------- d-----w C:\Program Files\Bit Che 2008-03-02 19:17 --------- d-----w C:\Program Files\Common Files\Symantec Shared 2008-02-21 14:48 --------- d-----w C:\Program Files\Common Files\InstallShield 2008-02-20 09:08 --------- d-----w C:\Program Files\Common Files\Adobe 2008-02-15 08:25 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2008-02-15 08:22 --------- d-----w C:\Program Files\Spybot - Search & Destroy 2008-02-14 10:10 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-02-06 15:54 --------- d-----w C:\Program Files\MSBuild 2008-02-06 15:54 --------- d-----w C:\Program Files\Microsoft Works 2008-02-06 15:26 --------- d-----w C:\Documents and Settings\Stan\Application Data\DAEMON Tools 2008-02-06 06:41 --------- d-----w C:\Program Files\MSXML 4.0 2008-02-05 17:03 --------- d-----w C:\Program Files\DAEMON Tools Lite 2008-02-05 17:00 715,248 ----a-w C:\WINDOWS\system32\drivers\sptd.sys 2008-02-04 20:40 --------- d-----w C:\Documents and Settings\Stan\Application Data\LimeWire 2008-02-04 15:29 --------- d-----w C:\Program Files\IncrediMail 2008-02-04 15:29 --------- d-----w C:\Documents and Settings\All Users\Application Data\IM 2008-02-04 15:27 --------- d-----w C:\Documents and Settings\All Users\Application Data\IncrediMail 2008-02-02 15:42 --------- d-----w C:\Program Files\LimeWire 2008-01-29 21:54 --------- d-----w C:\Program Files\Norton 360 2008-01-27 16:14 --------- d-----w C:\Program Files\Windows Media Connect 2 2008-01-21 15:01 --------- d-----w C:\Program Files\BitComet 2008-01-21 09:01 56 --sha-w C:\redir.sys 2008-01-21 09:01 --------- d-----w C:\Program Files\Common Files\PACE Anti-Piracy 2008-01-21 09:01 --------- d-----w C:\Documents and Settings\Stan\Application Data\Sonic 2008-01-21 09:01 --------- d-----w C:\Documents and Settings\All Users\Application Data\PACE Anti-Piracy 2008-01-21 08:59 --------- d-----w C:\Program Files\InterLok 2008-01-21 08:51 --------- d-----w C:\Program Files\Sonic 2008-01-21 08:51 --------- d-----w C:\Program Files\Common Files\SureThing Shared 2008-01-18 18:25 --------- d-----w C:\Documents and Settings\All Users\Application Data\DVD Shrink 2008-01-17 16:26 --------- d-----w C:\Documents and Settings\Stan\Application Data\Ahead 2008-01-16 15:15 --------- d-----w C:\Program Files\MSN Messenger 2008-01-16 15:15 --------- d-----w C:\Program Files\Messenger Plus! Live 2008-01-15 18:39 --------- d-----w C:\Program Files\Magentic 2008-01-15 08:54 10,537 ----a-w C:\WINDOWS\system32\drivers\COH_Mon.cat 2008-01-15 04:28 706 ----a-w C:\WINDOWS\system32\drivers\COH_Mon.inf 2008-01-14 12:34 --------- d-----w C:\Documents and Settings\Stan\Application Data\Media Player Classic 2008-01-14 06:10 --------- d-----w C:\Documents and Settings\Stan\Application Data\Symantec 2008-01-13 17:26 --------- d-----w C:\Program Files\Abbyy FineReader 6.0 Sprint 2008-01-12 22:34 805 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.INF 2008-01-12 22:34 60,800 ----a-w C:\WINDOWS\system32\S32EVNT1.DLL 2008-01-12 22:34 123,952 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.SYS 2008-01-12 22:34 10,740 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.CAT 2008-01-12 22:34 --------- d-----w C:\Program Files\Symantec 2008-01-12 19:20 --------- d-----w C:\Program Files\Microsoft CAPICOM 2.1.0.2 2008-01-12 19:06 28,672 ----a-w C:\WINDOWS\system32\qttask.exe 2008-01-12 19:06 --------- d-----w C:\Program Files\QuickTime 2008-01-12 19:06 --------- d-----w C:\Program Files\Java 2008-01-12 19:06 --------- d-----w C:\Documents and Settings\All Users\Application Data\QuickTime 2008-01-12 19:05 --------- d-----w C:\Program Files\Real 2008-01-12 19:05 --------- d-----w C:\Program Files\Common Files\Real 2008-01-12 18:57 --------- d-----w C:\Documents and Settings\All Users\Application Data\Messenger Plus! 2008-01-12 18:51 --------- d-----w C:\Program Files\Windows Live 2008-01-12 18:51 --------- d-----w C:\Program Files\Common Files\Java 2008-01-12 18:47 --------- d-----w C:\Program Files\K-Lite Codec Pack 2008-01-12 18:44 --------- d-----w C:\Program Files\TweakNow PowerPack 2006 2008-01-12 18:39 --------- d-----w C:\Program Files\Ahead 2008-01-12 18:37 --------- d-----w C:\Program Files\Common Files\Ahead 2008-01-12 18:35 --------- d-----w C:\Documents and Settings\All Users\Application Data\Ahead 2008-01-12 17:32 23,904 ----a-w C:\WINDOWS\system32\drivers\COH_Mon.sys 2008-01-12 14:45 --------- d-----w C:\Program Files\CleanUp! 2008-01-12 14:20 --------- d-----w C:\Program Files\UnderCoverXP 2008-01-12 14:20 --------- d-----w C:\Program Files\DVD Shrink 2008-01-12 13:59 --------- d-----w C:\Program Files\Lexmark 4300 Series 2008-01-12 13:59 --------- d-----w C:\Documents and Settings\Stan\Application Data\FaxCtr 2008-01-12 13:55 --------- d-----w C:\Program Files\Lexmark Fax Solutions 2008-01-12 13:54 --------- d-----w C:\Documents and Settings\All Users\Application Data\FaxCtr 2008-01-12 13:13 --------- d-----w C:\Program Files\Intel . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{23D44BCF-AA7A-41D6-8905-E808F16322EF}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3788ebf9-c4bc-4465-b5e9-3bb1c67a3798}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7F18DFF7-62FC-4C1B-8275-0833F437C679}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{95C9CE4F-3F47-4B3D-85FD-368FD0B4AB65}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D79F97F6-5EFE-433B-84BE-A20F8FA5FD5B}] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Snelkoppeling naar eigenschappenvenster voor High Definition Audio"="HDAShCut.exe" [2005-01-07 17:07 61952 C:\WINDOWS\system32\HdAShCut.exe] "RTHDCPL"="RTHDCPL.EXE" [2005-06-29 13:25 14720000 C:\WINDOWS\RTHDCPL.EXE] "LXCECATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCEtime.dll" [2005-07-20 14:46 73728] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792] "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50 155648] "GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 07:00 33648] "8cd1b7b4"="C:\WINDOWS\system32\xpmktoli.dll" [ ] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 13:00 15360] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "NoResolveSearch"= 1 (0x1) [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 "UpdatesDisableNotify"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\BitComet\\BitComet.exe"= "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"= "C:\\Program Files\\MSN Messenger\\livecall.exe"= "C:\\Program Files\\IncrediMail\\bin\\ImApp.exe"= "C:\\Program Files\\IncrediMail\\bin\\IncMail.exe"= "C:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe"= "C:\\Program Files\\Magentic\\bin\\MgImp.exe"= "C:\\Program Files\\Magentic\\bin\\Magentic.exe"= "C:\\Program Files\\Magentic\\bin\\MgApp.exe"= "C:\\Program Files\\LimeWire\\LimeWire.exe"= "C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"= "C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "25280:TCP"= 25280:TCP:BitComet 25280 TCP "25280:UDP"= 25280:UDP:BitComet 25280 UDP *Newly Created Service* - COMHOST . ************************************************************************** catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-03-09 18:02:09 Windows 5.1.2600 Service Pack 2 NTFS scannen van verborgen processen ... scannen van verborgen autostart items ... scannen van verborgen bestanden ... Scan succesvol afgerond verborgen bestanden: 0 ************************************************************************** . ------------------------ Other Running Processes ------------------------ . C:\WINDOWS\system32\Ati2evxx.exe C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe C:\WINDOWS\system32\Ati2evxx.exe C:\Program Files\Common Files\Symantec Shared\ccProxy.exe C:\WINDOWS\system32\imapi.exe C:\WINDOWS\system32\lxcecoms.exe . ************************************************************************** . Voltooingstijd: 2008-03-09 18:03:38 - machine was rebooted ComboFix-quarantined-files.txt 2008-03-09 17:03:35 . 2008-03-09 08:57:32 --- E O F ---
  • [quote:b64aef1ae6="opelmantagek"]ComboFix 08-03-09.1 - Stan 2008-03-09 17:57:06.1 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1043.18.622 [GMT 1:00] Gestart vanuit: C:\Documents and Settings\Stan\Bureaublad\ComboFix.exe . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\system32\jkkjk.dll C:\WINDOWS\system32\kjkkj.ini C:\WINDOWS\system32\kjkkj.ini2 . (((((((((((((((((((( Bestanden Gemaakt van 2008-02-09 to 2008-03-09 )))))))))))))))))))))))))))))) . 2008-03-08 22:36 . 2008-03-08 22:36 <DIR> d-------- C:\Program Files\Trend Micro 2008-03-03 12:07 . 2008-03-03 12:07 268 --ah----- C:\sqmdata05.sqm 2008-03-03 12:07 . 2008-03-03 12:07 244 --ah----- C:\sqmnoopt05.sqm 2008-02-25 14:07 . 2008-02-25 14:07 <DIR> d-------- C:\Program Files\Tuning Car Studio 2008-02-25 13:23 . 2008-02-25 13:24 <DIR> d-------- C:\Program Files\PcMedik 2008-02-22 09:23 . 2008-02-22 10:01 151 --a------ C:\WINDOWS\PhotoSnapViewer.INI 2008-02-19 10:43 . 2008-02-22 20:30 2,334 ---hs---- C:\WINDOWS\system32\ilotkmpx.ini 2008-02-16 10:51 . 2008-02-19 09:37 1,254 ---hs---- C:\WINDOWS\system32\ggmkjwpm.ini 2008-02-15 09:19 . 2008-02-15 09:19 691,545 --a------ C:\WINDOWS\unins000.exe 2008-02-15 09:19 . 2008-02-15 09:19 3,449 --a------ C:\WINDOWS\unins000.dat 2008-02-15 09:06 . 2008-02-16 10:48 834 ---hs---- C:\WINDOWS\system32\blcjpkgm.ini 2008-02-14 09:08 . 2008-02-15 09:00 474 ---hs---- C:\WINDOWS\system32\lxmqcmmh.ini 2008-02-12 15:51 . 2008-02-12 15:51 <DIR> d-------- C:\WINDOWS\Sun 2008-02-12 10:13 . 2008-02-12 10:13 <DIR> d--hs---- C:\WINDOWS\ftpcache 2008-02-12 10:06 . 2008-02-12 10:06 268 --ah----- C:\sqmdata04.sqm 2008-02-12 10:06 . 2008-02-12 10:06 244 --ah----- C:\sqmnoopt04.sqm 2008-02-11 20:10 . 2008-02-11 20:10 244 --ah----- C:\sqmnoopt03.sqm 2008-02-11 20:10 . 2008-02-11 20:10 232 --ah----- C:\sqmdata03.sqm 2008-02-10 20:58 . 2008-02-10 20:58 22 --a------ C:\Display.opt . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-07-12 11:03 --------- d-----w C:\Program Files\microsoft frontpage 2008-03-09 16:52 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec 2008-03-09 16:45 --------- d-----w C:\Program Files\Lx_cats 2008-03-08 21:14 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help 2008-03-07 15:30 --------- d-----w C:\Program Files\Bit Che 2008-03-02 19:17 --------- d-----w C:\Program Files\Common Files\Symantec Shared 2008-02-21 14:48 --------- d-----w C:\Program Files\Common Files\InstallShield 2008-02-20 09:08 --------- d-----w C:\Program Files\Common Files\Adobe 2008-02-15 08:25 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2008-02-15 08:22 --------- d-----w C:\Program Files\Spybot - Search & Destroy 2008-02-14 10:10 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-02-06 15:54 --------- d-----w C:\Program Files\MSBuild 2008-02-06 15:54 --------- d-----w C:\Program Files\Microsoft Works 2008-02-06 15:26 --------- d-----w C:\Documents and Settings\Stan\Application Data\DAEMON Tools 2008-02-06 06:41 --------- d-----w C:\Program Files\MSXML 4.0 2008-02-05 17:03 --------- d-----w C:\Program Files\DAEMON Tools Lite 2008-02-05 17:00 715,248 ----a-w C:\WINDOWS\system32\drivers\sptd.sys 2008-02-04 20:40 --------- d-----w C:\Documents and Settings\Stan\Application Data\LimeWire 2008-02-04 15:29 --------- d-----w C:\Program Files\IncrediMail 2008-02-04 15:29 --------- d-----w C:\Documents and Settings\All Users\Application Data\IM 2008-02-04 15:27 --------- d-----w C:\Documents and Settings\All Users\Application Data\IncrediMail 2008-02-02 15:42 --------- d-----w C:\Program Files\LimeWire 2008-01-29 21:54 --------- d-----w C:\Program Files\Norton 360 2008-01-27 16:14 --------- d-----w C:\Program Files\Windows Media Connect 2 2008-01-21 15:01 --------- d-----w C:\Program Files\BitComet 2008-01-21 09:01 56 --sha-w C:\redir.sys 2008-01-21 09:01 --------- d-----w C:\Program Files\Common Files\PACE Anti-Piracy 2008-01-21 09:01 --------- d-----w C:\Documents and Settings\Stan\Application Data\Sonic 2008-01-21 09:01 --------- d-----w C:\Documents and Settings\All Users\Application Data\PACE Anti-Piracy 2008-01-21 08:59 --------- d-----w C:\Program Files\InterLok 2008-01-21 08:51 --------- d-----w C:\Program Files\Sonic 2008-01-21 08:51 --------- d-----w C:\Program Files\Common Files\SureThing Shared 2008-01-18 18:25 --------- d-----w C:\Documents and Settings\All Users\Application Data\DVD Shrink 2008-01-17 16:26 --------- d-----w C:\Documents and Settings\Stan\Application Data\Ahead 2008-01-16 15:15 --------- d-----w C:\Program Files\MSN Messenger 2008-01-16 15:15 --------- d-----w C:\Program Files\Messenger Plus! Live 2008-01-15 18:39 --------- d-----w C:\Program Files\Magentic 2008-01-15 08:54 10,537 ----a-w C:\WINDOWS\system32\drivers\COH_Mon.cat 2008-01-15 04:28 706 ----a-w C:\WINDOWS\system32\drivers\COH_Mon.inf 2008-01-14 12:34 --------- d-----w C:\Documents and Settings\Stan\Application Data\Media Player Classic 2008-01-14 06:10 --------- d-----w C:\Documents and Settings\Stan\Application Data\Symantec 2008-01-13 17:26 --------- d-----w C:\Program Files\Abbyy FineReader 6.0 Sprint 2008-01-12 22:34 805 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.INF 2008-01-12 22:34 60,800 ----a-w C:\WINDOWS\system32\S32EVNT1.DLL 2008-01-12 22:34 123,952 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.SYS 2008-01-12 22:34 10,740 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.CAT 2008-01-12 22:34 --------- d-----w C:\Program Files\Symantec 2008-01-12 19:20 --------- d-----w C:\Program Files\Microsoft CAPICOM 2.1.0.2 2008-01-12 19:06 28,672 ----a-w C:\WINDOWS\system32\qttask.exe 2008-01-12 19:06 --------- d-----w C:\Program Files\QuickTime 2008-01-12 19:06 --------- d-----w C:\Program Files\Java 2008-01-12 19:06 --------- d-----w C:\Documents and Settings\All Users\Application Data\QuickTime 2008-01-12 19:05 --------- d-----w C:\Program Files\Real 2008-01-12 19:05 --------- d-----w C:\Program Files\Common Files\Real 2008-01-12 18:57 --------- d-----w C:\Documents and Settings\All Users\Application Data\Messenger Plus! 2008-01-12 18:51 --------- d-----w C:\Program Files\Windows Live 2008-01-12 18:51 --------- d-----w C:\Program Files\Common Files\Java 2008-01-12 18:47 --------- d-----w C:\Program Files\K-Lite Codec Pack 2008-01-12 18:44 --------- d-----w C:\Program Files\TweakNow PowerPack 2006 2008-01-12 18:39 --------- d-----w C:\Program Files\Ahead 2008-01-12 18:37 --------- d-----w C:\Program Files\Common Files\Ahead 2008-01-12 18:35 --------- d-----w C:\Documents and Settings\All Users\Application Data\Ahead 2008-01-12 17:32 23,904 ----a-w C:\WINDOWS\system32\drivers\COH_Mon.sys 2008-01-12 14:45 --------- d-----w C:\Program Files\CleanUp! 2008-01-12 14:20 --------- d-----w C:\Program Files\UnderCoverXP 2008-01-12 14:20 --------- d-----w C:\Program Files\DVD Shrink 2008-01-12 13:59 --------- d-----w C:\Program Files\Lexmark 4300 Series 2008-01-12 13:59 --------- d-----w C:\Documents and Settings\Stan\Application Data\FaxCtr 2008-01-12 13:55 --------- d-----w C:\Program Files\Lexmark Fax Solutions 2008-01-12 13:54 --------- d-----w C:\Documents and Settings\All Users\Application Data\FaxCtr 2008-01-12 13:13 --------- d-----w C:\Program Files\Intel . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{23D44BCF-AA7A-41D6-8905-E808F16322EF}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3788ebf9-c4bc-4465-b5e9-3bb1c67a3798}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7F18DFF7-62FC-4C1B-8275-0833F437C679}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{95C9CE4F-3F47-4B3D-85FD-368FD0B4AB65}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D79F97F6-5EFE-433B-84BE-A20F8FA5FD5B}] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Snelkoppeling naar eigenschappenvenster voor High Definition Audio"="HDAShCut.exe" [2005-01-07 17:07 61952 C:\WINDOWS\system32\HdAShCut.exe] "RTHDCPL"="RTHDCPL.EXE" [2005-06-29 13:25 14720000 C:\WINDOWS\RTHDCPL.EXE] "LXCECATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCEtime.dll" [2005-07-20 14:46 73728] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792] "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50 155648] "GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 07:00 33648] "8cd1b7b4"="C:\WINDOWS\system32\xpmktoli.dll" [ ] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 13:00 15360] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "NoResolveSearch"= 1 (0x1) [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 "UpdatesDisableNotify"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\BitComet\\BitComet.exe"= "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"= "C:\\Program Files\\MSN Messenger\\livecall.exe"= "C:\\Program Files\\IncrediMail\\bin\\ImApp.exe"= "C:\\Program Files\\IncrediMail\\bin\\IncMail.exe"= "C:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe"= "C:\\Program Files\\Magentic\\bin\\MgImp.exe"= "C:\\Program Files\\Magentic\\bin\\Magentic.exe"= "C:\\Program Files\\Magentic\\bin\\MgApp.exe"= "C:\\Program Files\\LimeWire\\LimeWire.exe"= "C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"= "C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "25280:TCP"= 25280:TCP:BitComet 25280 TCP "25280:UDP"= 25280:UDP:BitComet 25280 UDP *Newly Created Service* - COMHOST . ************************************************************************** catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-03-09 18:02:09 Windows 5.1.2600 Service Pack 2 NTFS scannen van verborgen processen ... scannen van verborgen autostart items ... scannen van verborgen bestanden ... Scan succesvol afgerond verborgen bestanden: 0 ************************************************************************** . ------------------------ Other Running Processes ------------------------ . C:\WINDOWS\system32\Ati2evxx.exe C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe C:\WINDOWS\system32\Ati2evxx.exe C:\Program Files\Common Files\Symantec Shared\ccProxy.exe C:\WINDOWS\system32\imapi.exe C:\WINDOWS\system32\lxcecoms.exe . ************************************************************************** . Voltooingstijd: 2008-03-09 18:03:38 - machine was rebooted ComboFix-quarantined-files.txt 2008-03-09 17:03:35 . 2008-03-09 08:57:32 --- E O F ---[/quote:b64aef1ae6] en hier de nieuwe hijacklog Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 18:11:11, on 9-3-2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16608) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe C:\Program Files\Common Files\Symantec Shared\ccProxy.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\RTHDCPL.EXE C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\lxcecoms.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.home.nl/?from=start.home.nl R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O4 - HKLM\..\Run: [Snelkoppeling naar eigenschappenvenster voor High Definition Audio] HDAShCut.exe O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [LXCECATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCEtime.dll,_RunDLLEntry@16 O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [8cd1b7b4] rundll32.exe "C:\WINDOWS\system32\xpmktoli.dll",b O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1215861374390 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1200165312531 O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe O23 - Service: lxce_device - Lexmark International, Inc. - C:\WINDOWS\system32\lxcecoms.exe O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- End of file - 7180 bytes
  • Open Kladblok, kopiëer en plak het volgende (vetgedrukte tekst) in een leeg venster: [b:d8003cad7d] File:: C:\WINDOWS\system32\ggmkjwpm.ini C:\WINDOWS\system32\blcjpkgm.ini C:\WINDOWS\system32\ggmkjwpm.ini C:\WINDOWS\system32\ilotkmpx.ini Registry:: [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{23D44BCF-AA7A-41D6-8905-E808F16322EF}] [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3788ebf9-c4bc-4465-b5e9-3bb1c67a3798}] [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7F18DFF7-62FC-4C1B-8275-0833F437C679}] [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{95C9CE4F-3F47-4B3D-85FD-368FD0B4AB65}] [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D79F97F6-5EFE-433B-84BE-A20F8FA5FD5B}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "8cd1b7b4"=- [/b:d8003cad7d] Sla dit op op je Bureaublad als [b:d8003cad7d]CFScript.txt[/b:d8003cad7d] Sleep [b:d8003cad7d]CFScript.txt[/b:d8003cad7d] in [b:d8003cad7d]ComboFix.exe[/b:d8003cad7d] zoals getoond in onderstaand voorbeeld : [img:d8003cad7d]http://users.pandora.be/bluepatchy/miekiemoes/images/CFScript.gif[/img:d8003cad7d] Dit zal [b:d8003cad7d]ComboFix[/b:d8003cad7d] doen herstarten. Start opnieuw op als daarom gevraagd wordt, en post de inhoud van de [b:d8003cad7d]Combofix.txt[/b:d8003cad7d] in je volgende antwoord samen met een nieuw HijackThislogje. Nog problemen?
  • ComboFix 08-03-09.1 - Stan 2008-03-10 19:44:52.2 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1043.18.592 [GMT 1:00] Gestart vanuit: C:\Documents and Settings\Stan\Bureaublad\ComboFix.exe Command switches used :: C:\Documents and Settings\Stan\Bureaublad\CFScript.txt * Nieuw herstelpunt werd aangemaakt FILE :: C:\WINDOWS\system32\blcjpkgm.ini C:\WINDOWS\system32\ggmkjwpm.ini C:\WINDOWS\system32\ilotkmpx.ini . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\system32\blcjpkgm.ini C:\WINDOWS\system32\ggmkjwpm.ini C:\WINDOWS\system32\ilotkmpx.ini . (((((((((((((((((((( Bestanden Gemaakt van 2008-02-10 to 2008-03-10 )))))))))))))))))))))))))))))) . 2008-03-08 22:36 . 2008-03-08 22:36 <DIR> d-------- C:\Program Files\Trend Micro 2008-03-03 12:07 . 2008-03-03 12:07 268 --ah----- C:\sqmdata05.sqm 2008-03-03 12:07 . 2008-03-03 12:07 244 --ah----- C:\sqmnoopt05.sqm 2008-02-25 14:07 . 2008-02-25 14:07 <DIR> d-------- C:\Program Files\Tuning Car Studio 2008-02-25 13:23 . 2008-02-25 13:24 <DIR> d-------- C:\Program Files\PcMedik 2008-02-22 09:23 . 2008-02-22 10:01 151 --a------ C:\WINDOWS\PhotoSnapViewer.INI 2008-02-15 09:19 . 2008-02-15 09:19 691,545 --a------ C:\WINDOWS\unins000.exe 2008-02-15 09:19 . 2008-02-15 09:19 3,449 --a------ C:\WINDOWS\unins000.dat 2008-02-14 09:08 . 2008-02-15 09:00 474 ---hs---- C:\WINDOWS\system32\lxmqcmmh.ini 2008-02-12 15:51 . 2008-02-12 15:51 <DIR> d-------- C:\WINDOWS\Sun 2008-02-12 10:13 . 2008-02-12 10:13 <DIR> d--hs---- C:\WINDOWS\ftpcache 2008-02-12 10:06 . 2008-02-12 10:06 268 --ah----- C:\sqmdata04.sqm 2008-02-12 10:06 . 2008-02-12 10:06 244 --ah----- C:\sqmnoopt04.sqm 2008-02-11 20:10 . 2008-02-11 20:10 244 --ah----- C:\sqmnoopt03.sqm 2008-02-11 20:10 . 2008-02-11 20:10 232 --ah----- C:\sqmdata03.sqm 2008-02-10 20:58 . 2008-02-10 20:58 22 --a------ C:\Display.opt . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-07-12 11:03 --------- d-----w C:\Program Files\microsoft frontpage 2008-03-10 18:41 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec 2008-03-10 17:09 --------- d-----w C:\Program Files\Lx_cats 2008-03-08 21:14 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help 2008-03-07 15:30 --------- d-----w C:\Program Files\Bit Che 2008-03-02 19:17 --------- d-----w C:\Program Files\Common Files\Symantec Shared 2008-02-21 14:48 --------- d-----w C:\Program Files\Common Files\InstallShield 2008-02-20 09:08 --------- d-----w C:\Program Files\Common Files\Adobe 2008-02-15 08:25 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2008-02-15 08:22 --------- d-----w C:\Program Files\Spybot - Search & Destroy 2008-02-14 10:10 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-02-06 15:54 --------- d-----w C:\Program Files\MSBuild 2008-02-06 15:54 --------- d-----w C:\Program Files\Microsoft Works 2008-02-06 15:26 --------- d-----w C:\Documents and Settings\Stan\Application Data\DAEMON Tools 2008-02-06 06:41 --------- d-----w C:\Program Files\MSXML 4.0 2008-02-05 17:03 --------- d-----w C:\Program Files\DAEMON Tools Lite 2008-02-05 17:00 715,248 ----a-w C:\WINDOWS\system32\drivers\sptd.sys 2008-02-04 20:40 --------- d-----w C:\Documents and Settings\Stan\Application Data\LimeWire 2008-02-04 15:29 --------- d-----w C:\Program Files\IncrediMail 2008-02-04 15:29 --------- d-----w C:\Documents and Settings\All Users\Application Data\IM 2008-02-04 15:27 --------- d-----w C:\Documents and Settings\All Users\Application Data\IncrediMail 2008-02-02 15:42 --------- d-----w C:\Program Files\LimeWire 2008-01-29 21:54 --------- d-----w C:\Program Files\Norton 360 2008-01-27 16:14 --------- d-----w C:\Program Files\Windows Media Connect 2 2008-01-21 15:01 --------- d-----w C:\Program Files\BitComet 2008-01-21 09:01 56 --sha-w C:\redir.sys 2008-01-21 09:01 --------- d-----w C:\Program Files\Common Files\PACE Anti-Piracy 2008-01-21 09:01 --------- d-----w C:\Documents and Settings\Stan\Application Data\Sonic 2008-01-21 09:01 --------- d-----w C:\Documents and Settings\All Users\Application Data\PACE Anti-Piracy 2008-01-21 08:59 --------- d-----w C:\Program Files\InterLok 2008-01-21 08:51 --------- d-----w C:\Program Files\Sonic 2008-01-21 08:51 --------- d-----w C:\Program Files\Common Files\SureThing Shared 2008-01-18 18:25 --------- d-----w C:\Documents and Settings\All Users\Application Data\DVD Shrink 2008-01-17 16:26 --------- d-----w C:\Documents and Settings\Stan\Application Data\Ahead 2008-01-16 15:15 --------- d-----w C:\Program Files\MSN Messenger 2008-01-16 15:15 --------- d-----w C:\Program Files\Messenger Plus! Live 2008-01-15 18:39 --------- d-----w C:\Program Files\Magentic 2008-01-15 08:54 10,537 ----a-w C:\WINDOWS\system32\drivers\COH_Mon.cat 2008-01-15 04:28 706 ----a-w C:\WINDOWS\system32\drivers\COH_Mon.inf 2008-01-14 12:34 --------- d-----w C:\Documents and Settings\Stan\Application Data\Media Player Classic 2008-01-14 06:10 --------- d-----w C:\Documents and Settings\Stan\Application Data\Symantec 2008-01-13 17:26 --------- d-----w C:\Program Files\Abbyy FineReader 6.0 Sprint 2008-01-12 22:34 805 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.INF 2008-01-12 22:34 60,800 ----a-w C:\WINDOWS\system32\S32EVNT1.DLL 2008-01-12 22:34 123,952 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.SYS 2008-01-12 22:34 10,740 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.CAT 2008-01-12 22:34 --------- d-----w C:\Program Files\Symantec 2008-01-12 19:20 --------- d-----w C:\Program Files\Microsoft CAPICOM 2.1.0.2 2008-01-12 19:06 28,672 ----a-w C:\WINDOWS\system32\qttask.exe 2008-01-12 19:06 --------- d-----w C:\Program Files\QuickTime 2008-01-12 19:06 --------- d-----w C:\Program Files\Java 2008-01-12 19:06 --------- d-----w C:\Documents and Settings\All Users\Application Data\QuickTime 2008-01-12 19:05 --------- d-----w C:\Program Files\Real 2008-01-12 19:05 --------- d-----w C:\Program Files\Common Files\Real 2008-01-12 18:57 --------- d-----w C:\Documents and Settings\All Users\Application Data\Messenger Plus! 2008-01-12 18:51 --------- d-----w C:\Program Files\Windows Live 2008-01-12 18:51 --------- d-----w C:\Program Files\Common Files\Java 2008-01-12 18:47 --------- d-----w C:\Program Files\K-Lite Codec Pack 2008-01-12 18:44 --------- d-----w C:\Program Files\TweakNow PowerPack 2006 2008-01-12 18:39 --------- d-----w C:\Program Files\Ahead 2008-01-12 18:37 --------- d-----w C:\Program Files\Common Files\Ahead 2008-01-12 18:35 --------- d-----w C:\Documents and Settings\All Users\Application Data\Ahead 2008-01-12 17:32 23,904 ----a-w C:\WINDOWS\system32\drivers\COH_Mon.sys 2008-01-12 14:45 --------- d-----w C:\Program Files\CleanUp! 2008-01-12 14:20 --------- d-----w C:\Program Files\UnderCoverXP 2008-01-12 14:20 --------- d-----w C:\Program Files\DVD Shrink 2008-01-12 13:59 --------- d-----w C:\Program Files\Lexmark 4300 Series 2008-01-12 13:59 --------- d-----w C:\Documents and Settings\Stan\Application Data\FaxCtr 2008-01-12 13:55 --------- d-----w C:\Program Files\Lexmark Fax Solutions 2008-01-12 13:54 --------- d-----w C:\Documents and Settings\All Users\Application Data\FaxCtr 2008-01-12 13:13 --------- d-----w C:\Program Files\Intel . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Snelkoppeling naar eigenschappenvenster voor High Definition Audio"="HDAShCut.exe" [2005-01-07 17:07 61952 C:\WINDOWS\system32\HdAShCut.exe] "RTHDCPL"="RTHDCPL.EXE" [2005-06-29 13:25 14720000 C:\WINDOWS\RTHDCPL.EXE] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792] "GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 07:00 33648] "ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-03-15 04:10 116328] "LXCECATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCEtime.dll" [2005-07-20 14:46 73728] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 13:00 15360] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "NoResolveSearch"= 1 (0x1) [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 "UpdatesDisableNotify"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\BitComet\\BitComet.exe"= "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"= "C:\\Program Files\\MSN Messenger\\livecall.exe"= "C:\\Program Files\\IncrediMail\\bin\\ImApp.exe"= "C:\\Program Files\\IncrediMail\\bin\\IncMail.exe"= "C:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe"= "C:\\Program Files\\Magentic\\bin\\MgImp.exe"= "C:\\Program Files\\Magentic\\bin\\Magentic.exe"= "C:\\Program Files\\Magentic\\bin\\MgApp.exe"= "C:\\Program Files\\LimeWire\\LimeWire.exe"= "C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"= "C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "25280:TCP"= 25280:TCP:BitComet 25280 TCP "25280:UDP"= 25280:UDP:BitComet 25280 UDP *Newly Created Service* - COMHOST . ************************************************************************** catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-03-10 19:46:17 Windows 5.1.2600 Service Pack 2 NTFS scannen van verborgen processen ... scannen van verborgen autostart items ... scannen van verborgen bestanden ... Scan succesvol afgerond verborgen bestanden: 0 ************************************************************************** . Voltooingstijd: 2008-03-10 19:46:42 ComboFix-quarantined-files.txt 2008-03-10 18:46:40 ComboFix2.txt 2008-03-09 17:03:39 . 2008-03-09 08:57:32 --- E O F --- En het nieuwe hijack log Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 19:49:48, on 10-3-2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16608) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe C:\WINDOWS\system32\Ati2evxx.exe C:\Program Files\Common Files\Symantec Shared\ccProxy.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\RTHDCPL.EXE C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\WINDOWS\system32\lxcecoms.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\WINDOWS\system32\notepad.exe C:\WINDOWS\explorer.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.home.nl/?from=start.home.nl R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O4 - HKLM\..\Run: [Snelkoppeling naar eigenschappenvenster voor High Definition Audio] HDAShCut.exe O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [LXCECATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCEtime.dll,_RunDLLEntry@16 O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1215861374390 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1200165312531 O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe O23 - Service: lxce_device - Lexmark International, Inc. - C:\WINDOWS\system32\lxcecoms.exe O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- End of file - 7059 bytes Volgens mij zijn de problemen opgelost. Of jullie moeten nog wat kunnen vinden in mijn logjes. Heel erg bedankt voor de hulp. Mvg Opelmantagek
  • Open een leeg kladblok venster en kopieer/plak onderstaande dikgedrukte tekst daarin: [b:f0479aa9dd] @ECHO OFF IF EXIST log.txt DEL log.txt ECHO Deleting files>>log.txt FOR %%g in ( C:\WINDOWS\system32\lxmqcmmh.ini) DO ( IF EXIST %%g ( ATTRIB -r -s -h %%g DEL %%g IF EXIST %%g ( ECHO %%g not deleted>>log.txt ) ELSE ( ECHO %%g deleted>>log.txt) ) ELSE ( ECHO %%g not found>>log.txt)) START NOTEPAD.EXE log.txt [/b:f0479aa9dd] Sla het vervolgens op als [b:f0479aa9dd]fix.bat[/b:f0479aa9dd] op je [u:f0479aa9dd]Bureaublad[/u:f0479aa9dd] Kies bij Opslaan als type voor [b:f0479aa9dd]Alle bestanden[/b:f0479aa9dd]. Dubbelklik vervolgens op [b:f0479aa9dd]fix.bat[/b:f0479aa9dd] en post de uitslag in je volgende bericht. Hoe is het met je problemen? Pim :)
  • sorry voor de late reactie. maar hier de uitslag van fix.bat Deleting files C:\WINDOWS\system32\lxmqcmmh.ini deleted Verder zijn er geen problemen meer met de pc. Mvg. Opelmantagek

Beantwoord deze vraag

Weet jij het antwoord op deze vraag? Registreer of meld je aan met je account

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.