Vraag & Antwoord
Vreemde verwijzing naar internetpagina.
13 antwoorden
- Beste mensen, sinds vandaag komt er als ik op internet (IE7) wil een vreemde pagina tevoorschijn. Er verschijnt de melding dat ik misschien een serwap virus heb en wordt daarna spontaan doorgezet naar: http://nl.winantivirus.com/. Een scan met adaware geeft geen bijzonderheden. Complete scan met Symantec AV geeft geen bijzonderheden. System restore even uitgezet binnen XP Mediacenter.
[u:5e296a291c]Hyjack This geeft het volgende log:[/u:5e296a291c]
Logfile of HijackThis v1.99.1
Scan saved at 13:04:21, on 29-1-2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\System32\GEARSec.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Symantec\Norton Ghost\Agent\PQV2iSvc.exe
C:\WINDOWS\system32
vsvc32.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\WINDOWS\system32\winsystems16.exe
C:\Program Files\VoipBuster.com\VoipBuster\VoipBuster.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\FireTrust\MailWasher Pro\MailWasher.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\MSN Messenger\msncall.exe
C:\Program Files\Skype\Plugin Manager\SkypePM.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\explorer.exe
C:\Hyjakhthis\HijackThis1991.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startpagina.nl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.aldi.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.aldi.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: HelperObject Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 7\SnagItBHO.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {2D1A6539-579C-4C0B-A73C-4DE8300E61B7} - C:\WINDOWS\system32\mllji.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: (no name) - {B528C6CC-AA98-4753-8980-A6B97A220A63} - C:\WINDOWS\system32\rqrppmn.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 7\SnagItIEAddin.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\Home Cinema\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [InstantOn] "C:\Program Files\CyberLink\PowerCinema Linux\ion_install.exe /c "
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [WinSystems] C:\WINDOWS\system32\winsystems16.exe
O4 - HKLM\..\RunServices: [WinSystems] C:\WINDOWS\system32\winsystems16.exe
O4 - HKCU\..\Run: [VoipBuster] "C:\Program Files\VoipBuster.com\VoipBuster\VoipBuster.exe" -nosplash -minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - Startup: MailWasherPro.lnk = C:\Program Files\FireTrust\MailWasher Pro\MailWasher.exe
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=http://www.aldi.com/
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu…?1162213379953
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: pushow10.dll
O20 - Winlogon Notify: mllji - C:\WINDOWS\system32\mllji.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O20 - Winlogon Notify: rqrppmn - C:\WINDOWS\SYSTEM32\rqrppmn.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Symantec\Norton Ghost\Agent\PQV2iSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32
vsvc32.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
Iemand een oplossing? - Logje staat hier ook:
http://nucia.nl/forum/showthread.php?t=22702
Geef even aan waar je geholpen wilt worden :wink: - Klopt, daar staat mijn vraag ook. Ik zou graag worden geholpen, het maakt me niet uit waar. Ik zal me beperken tot dit forum. Bedankt voor de moeite alvast.
- Download [b:2eb5dcb39e] naar je Bureaublad.
Dubbelklik [b:2eb5dcb39e]Combofix.exe[/b:2eb5dcb39e]
Volg de instructies, aanvaard de disclaimer door "y" of "Y" te typen.
Tijdens het runnen van de fix, [b:2eb5dcb39e]NIET[/b:2eb5dcb39e] in het venster klikken, want dit zal je pc doen vasthangen.
Wanneer de fix voltooid is en na herstart, zal de log [b:2eb5dcb39e]combofix.txt[/b:2eb5dcb39e] openen.
[i:2eb5dcb39e]Plaats deze log in je volgende post samen met een HijackThis log.[/i:2eb5dcb39e]
NOTA: Indien je virusscanner reageert met een melding van een scriptuitvoering, mag je dit negeren. - Log Combo fix
"Leo" - 07-01-29 18:56:57 Service Pack 2
ComboFix 07-01-25 - Running from: "C:\Documents and Settings\Leo\Bureaublad"
((((((((((((((((((((((((((((((( Files Created from 2006-12-29 to 2007-01-29 ))))))))))))))))))))))))))))))))))
2007-01-29 17:18 22,029 —hs—- C:\WINDOWS\system32\efcawut.dll
2007-01-29 16:38 <DIR> d-a—— C:\DOCUME~1\ALLUSE~1\Application Data\TEMP
2007-01-29 13:02 <DIR> d——– C:\Hyjakhthis
2007-01-29 07:07 22,029 —hs—- C:\WINDOWS\system32\gebxurr.dll
2007-01-28 22:14 438,401 —hs—- C:\WINDOWS\system32\ijllm.bak1
2007-01-28 22:13 277,292 —hs—- C:\WINDOWS\system32\mllji.dll
2007-01-28 22:08 22,029 —hs—- C:\WINDOWS\system32\rqrppmn.dll
2007-01-28 17:07 <DIR> d——– C:\Program Files\Hema Album Software Advanced
2007-01-28 14:33 1,117,491 –a—— C:\WINDOWS\system32\exec1.exe
2007-01-28 14:33 <DIR> d——– C:\Program Files\DVD Shrink
2007-01-28 14:33 <DIR> d——– C:\DOCUME~1\ALLUSE~1\Application Data\DVD Shrink
2007-01-25 12:40 <DIR> d——– C:\Program Files\Computerbrains
2007-01-22 09:29 <DIR> d——– C:\DOCUME~1\Leo\WINDOWS
2007-01-19 09:49 83,168 –a—— C:\WINDOWS\system32\S32EVNT1.DLL
2007-01-19 09:49 82,832 –a—— C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2007-01-19 09:49 <DIR> d——– C:\Program Files\Symantec AntiVirus
2007-01-18 21:36 10,344 –a—— C:\WINDOWS\system32\drivers\symlcbrd.sys
2007-01-15 18:09 <DIR> d——– C:\Program Files\GPLGS
2007-01-14 12:21 <DIR> d——– C:\Program Files\MSRT
2007-01-11 08:24 <DIR> d——– C:\DOCUME~1\Leo\Application Data\Bookmarks
2007-01-10 23:25 <DIR> d——– C:\DOCUME~1\ALLUSE~1\Application Data\Adobe
2007-01-10 22:19 87,608 –a—— C:\DOCUME~1\Leo\Application Data\ezpinst.exe
2007-01-10 22:19 47,360 –a—— C:\WINDOWS\system32\drivers\pcouffin.sys
2007-01-10 22:19 47,360 –a—— C:\DOCUME~1\Leo\Application Data\pcouffin.sys
2007-01-10 22:19 <DIR> d——– C:\Program Files\vso
2007-01-10 22:19 <DIR> d——– C:\DOCUME~1\Leo\Application Data\Vso
2007-01-10 22:13 <DIR> d——– C:\WINDOWS\ie7updates
2007-01-09 21:07 19,728 –a—— C:\WINDOWS\system32\pgdfgsvc.exe
2007-01-09 20:48 <DIR> d——– C:\Program Files\PDA
2007-01-09 20:47 35,328 –a—— C:\WINDOWS\system32\cygz.dll
2007-01-09 20:47 35,328 –a—— C:\WINDOWS\cygz.dll
2007-01-09 20:47 1,126,281 –a—— C:\WINDOWS\system32\cygwin1.dll
2007-01-09 20:47 1,126,281 –a—— C:\WINDOWS\cygwin1.dll
2007-01-09 08:25 <DIR> d——– C:\Program Files\Bootvis
2007-01-04 17:40 <DIR> d——– C:\WINDOWS\Sun
2007-01-04 14:57 12,288 –a—— C:\WINDOWS\system32\drivers\mouhid.sys
2007-01-04 11:16 38,016 –a—— C:\WINDOWS\system32\drivers\bthmodem.sys
2007-01-04 11:10 100,992 –a—— C:\WINDOWS\system32\drivers\bthpan.sys
2007-01-04 11:09 8,192 –a—— C:\WINDOWS\system32\wshirda.dll
2007-01-04 11:09 59,648 –a—— C:\WINDOWS\system32\drivers\rfcomm.sys
2007-01-04 11:09 28,160 –a—— C:\WINDOWS\system32\irmon.dll
2007-01-04 11:09 274,816 –a—— C:\WINDOWS\system32\drivers\bthport.sys
2007-01-04 11:09 18,944 –a—— C:\WINDOWS\system32\drivers\BTHUSB.SYS
2007-01-04 11:09 17,024 –a—— C:\WINDOWS\system32\drivers\BthEnum.sys
2007-01-04 11:09 154,112 –a—— C:\WINDOWS\system32\irftp.exe
2007-01-03 22:35 <DIR> d——– C:\WINDOWS\WinRescue
2007-01-03 22:30 <DIR> d——– C:\Program Files\PowerQuest
2007-01-03 22:16 205,312 -ra—— C:\WINDOWS\pw32a.dll
2007-01-03 22:16 205,312 -ra—— C:\WINDOWS\patchw32.dll
2007-01-03 22:09 <DIR> d——– C:\DOCUME~1\Leo\Application Data\IsolatedStorage
2007-01-02 23:43 <DIR> dr——- C:\DOCUME~1\LOCALS~1\Favorieten
2007-01-02 23:39 90,112 –a—— C:\WINDOWS\system32\CNMCP5I.exe
2007-01-02 13:26 <DIR> d——– C:\DOCUME~1\LOCALS~1\Mijn documenten
2006-12-31 18:09 <DIR> d——– C:\Program Files\Orb Networks
2006-12-31 18:09 <DIR> d——– C:\DOCUME~1\ALLUSE~1\Application Data\OrbNetworks
2006-12-31 18:03 266,360 –a—— C:\WINDOWS\system32\TweakUI.exe
2006-12-31 17:52 8,704 –a—— C:\WINDOWS\system32\CNMVS5I.DLL
2006-12-31 17:52 140,288 –a—— C:\WINDOWS\system32\CNMLM5I.DLL
2006-12-31 17:07 25,856 –a—— C:\WINDOWS\system32\drivers\usbprint.sys
2006-12-31 17:04 <DIR> d——– C:\Temp
2006-12-31 11:04 2,297,552 –a—— C:\WINDOWS\system32\d3dx9_26.dll
2006-12-30 18:06 <DIR> d——– C:\DOCUME~1\Leo\Application Data\AdobeUM
2006-12-30 17:15 30,592 ——— C:\WINDOWS\system32\drivers\rndismpx.sys
2006-12-30 17:15 12,800 ——— C:\WINDOWS\system32\drivers\usb8023x.sys
2006-12-30 17:14 <DIR> d——– C:\Program Files\Microsoft ActiveSync
2006-12-30 16:45 <DIR> d——– C:\Program Files\System Cleanup
2006-12-30 16:44 <DIR> d——– C:\DOCUME~1\Leo\Application Data\Franckey
(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))
2007-01-29 18:48 ——– d——– C:\DOCUME~1\Leo\Application Data\skype
2007-01-29 17:18 ——– d——– C:\DOCUME~1\Leo\Application Data\mailwasherpro
2007-01-28 21:27 ——– d——– C:\Program Files\Common Files\symantec shared
2007-01-27 15:13 ——– d——– C:\DOCUME~1\Leo\Application Data\limewire
2007-01-27 08:27 ——– d—s—- C:\DOCUME~1\Leo\Application Data\microsoft
2007-01-27 08:00 ——– d——– C:\Program Files\google
2007-01-26 17:43 ——– d——– C:\DOCUME~1\Leo\Application Data\cyberlink
2007-01-24 13:05 ——– d–h—– C:\Program Files\installshield installation information
2007-01-20 21:55 ——– d——– C:\Program Files\msn messenger
2007-01-20 20:26 ——– d——– C:\Program Files\winrescuexp
2007-01-19 09:49 ——– d——– C:\Program Files\symantec
2007-01-19 09:42 ——– d——– C:\Program Files
orton antivirus
2007-01-19 09:42 ——– d——– C:\DOCUME~1\Leo\Application Data\symantec
2007-01-19 09:26 3888 –a—— C:\WINDOWS\system32\drivers\NTHANDLE.SYS
2007-01-10 23:13 ——– d——– C:\DOCUME~1\Leo\Application Data\adobe
2007-01-10 22:19 7824 –a—— C:\DOCUME~1\Leo\Application Data\pcouffin.cat
2007-01-10 22:19 34 –a—— C:\DOCUME~1\Leo\Application Data\pcouffin.log
2007-01-10 22:19 1144 –a—— C:\DOCUME~1\Leo\Application Data\pcouffin.inf
2007-01-10 06:59 ——– d——– C:\Program Files\divx subtitle displayer
2007-01-05 14:55 ——– d——– C:\DOCUME~1\Leo\Application Data\voipbuster
2007-01-04 20:15 ——– d——– C:\Program Files\winamp
2007-01-04 20:15 ——– d——– C:\Program Files\divx
2006-12-31 00:27 ——– d——– C:\DOCUME~1\Leo\Application Data\ahead
2006-12-30 17:16 2508 –a—— C:\DOCUME~1\Leo\Application Data\$_hpcst$.hpc
2006-12-28 17:54 ——– d——– C:\DOCUME~1\Leo\Application Data
erodctemplates
2006-12-28 10:59 ——– d——– C:\Program Files\who lock me
2006-12-28 10:43 ——– d——– C:\Program Files\Common Files\adobe
2006-12-28 00:19 96256 –a—— C:\WINDOWS\system32\drivers\sptd3965.sys
2006-12-28 00:19 643072 –a—— C:\WINDOWS\system32\drivers\sptd.sys
2006-12-27 20:27 ——– d——– C:\DOCUME~1\Leo\Application Data\acd systems
2006-12-27 15:58 223128 –a—— C:\WINDOWS\system32\drivers\dtscsi.sys
2006-12-27 15:45 ——– d——– C:\Program Files\alcohol soft
2006-12-27 15:44 ——– d——– C:\Program Files\poweriso
2006-12-27 07:59 ——– d——– C:\Program Files\slysoft
2006-12-27 07:58 ——– d——– C:\Program Files\elaborate bytes
2006-12-26 22:38 ——– d——– C:\Program Files\flashfxp
2006-12-26 22:20 ——– d——– C:\Program Files\limewire
2006-12-26 22:17 ——– d——– C:\Program Files\autoruns
2006-12-26 22:15 ——– d——– C:\DOCUME~1\Leo\Application Data\google
2006-12-26 21:54 ——– d——– C:\Program Files\firetrust
2006-12-26 21:28 ——– d——– C:\Program Files\acro software
2006-12-26 21:28 ——– d——– C:\DOCUME~1\Leo\Application Data\help
2006-12-26 21:27 ——– d——– C:\Program Files\messenger plus! live
2006-12-26 21:16 ——– d——– C:\Program Files\diskeeper corporation
2006-12-26 21:16 ——– d——– C:\DOCUME~1\Leo\Application Data\leadertech
2006-12-26 21:05 ——– d——– C:\Program Files\techsmith
2006-12-26 21:05 ——– d——– C:\Program Files\Common Files\wise installation wizard
2006-12-26 21:04 ——– d——– C:\Program Files\pagedefrag
2006-12-26 20:56 ——– d——– C:\Program Files\Common Files\acd systems
2006-12-26 20:56 ——– d——– C:\Program Files\acd systems
2006-12-26 20:54 ——– d——– C:\Program Files\skype
2006-12-26 20:54 ——– d——– C:\Program Files\Common Files\skype
2006-12-26 20:52 ——– d——– C:\Program Files\voipbuster.com
2006-12-26 20:46 ——– d——– C:\DOCUME~1\Leo\Application Data\flashfxp
2006-12-26 20:45 ——– d——– C:\Program Files\lavasoft
2006-12-26 20:45 ——– d——– C:\DOCUME~1\Leo\Application Data\lavasoft
2006-12-26 20:00 ——– d——– C:\Program Files\microsoft.net
2006-12-26 19:35 ——– d——– C:\Program Files\linux
2006-12-26 19:35 ——– d——– C:\Program Files\cyberlink
2006-12-07 05:14 2330624 –a—— C:\WINDOWS\system32\wmvcore.dll
2006-11-08 06:07 679424 –a—— C:\WINDOWS\system32\inetcomm.dll
2006-11-07 21:03 6049280 ——— C:\WINDOWS\system32\ieframe.dll
2006-11-07 21:03 50688 ——— C:\WINDOWS\system32\msfeedsbs.dll
2006-11-07 21:03 458752 ——— C:\WINDOWS\system32\msfeeds.dll
2006-11-07 21:03 413696 –a—— C:\WINDOWS\system32\vbscript.dll
2006-11-07 21:03 231424 –a—— C:\WINDOWS\system32\webcheck.dll
2006-11-07 21:03 180736 ——— C:\WINDOWS\system32\ieui.dll
2006-11-07 21:03 156160 –a—— C:\WINDOWS\system32\msls31.dll
2006-11-07 03:27 382976 –a—— C:\WINDOWS\system32\iedkcs32.dll
2006-11-07 03:27 229376 –a—— C:\WINDOWS\system32\ieaksie.dll
2006-11-07 03:26 71680 –a—— C:\WINDOWS\system32\admparse.dll
2006-11-07 03:26 55296 –a—— C:\WINDOWS\system32\iesetup.dll
2006-11-07 03:26 54784 –a—— C:\WINDOWS\system32\ie4uinit.exe
2006-11-07 03:26 43008 –a—— C:\WINDOWS\system32\iernonce.dll
2006-11-07 03:26 152064 –a—— C:\WINDOWS\system32\ieakeng.dll
2006-11-07 03:26 13312 –a—— C:\WINDOWS\system32\ieudinit.exe
2006-11-07 03:26 123904 –a—— C:\WINDOWS\system32\advpack.dll
2006-11-07 03:25 161792 –a—— C:\WINDOWS\system32\ieakui.dll
2006-11-04 14:14 1245696 –a—— C:\WINDOWS\system32\msxml4.dll
2006-10-30 15:24 278528 –a—— C:\WINDOWS\system32\livesnth.dll
2006-10-30 15:24 203776 –a—— C:\WINDOWS\system32\clrviddc.dll
2006-10-30 12:23 8 -r-hs—- C:\WINDOWS\system32\6b8972dcc0.sys
2006-10-30 12:23 4704 –ahs—- C:\WINDOWS\system32\kgygaavl.sys
(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries & legit default entries are not shown
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"VoipBuster"="\"C:\\Program Files\\VoipBuster.com\\VoipBuster\\VoipBuster.exe\" -nosplash -minimized"
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"msnmsgr"="\"C:\\Program Files\\MSN Messenger\\msnmsgr.exe\" /background"
"Skype"="\"C:\\Program Files\\Skype\\Phone\\Skype.exe\" /nosplash /minimized"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"ehTray"="C:\\WINDOWS\\ehome\\ehtray.exe"
"RTHDCPL"="RTHDCPL.EXE"
"Alcmtr"="ALCMTR.EXE"
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"nwiz"="nwiz.exe /install"
"LanguageShortcut"="\"C:\\Program Files\\Home Cinema\\PowerDVD\\Language\\Language.exe\""
"InstantOn"="\"C:\\Program Files\\CyberLink\\PowerCinema Linux\\ion_install.exe /c \""
@=""
"BluetoothAuthenticationAgent"="rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent"
"Synchronization Manager"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,73,79,\
73,74,65,6d,33,32,5c,6d,6f,62,73,79,6e,63,2e,65,78,65,20,2f,6c,6f,67,6f,6e,\
00
"DiskeeperSystray"="\"C:\\Program Files\\Diskeeper Corporation\\Diskeeper\\DkIcon.exe\""
"ccApp"="\"C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\""
"vptray"="C:\\PROGRA~1\\SYMANT~1\\VPTray.exe"
"WinSystems"="C:\\WINDOWS\\system32\\winsystems16.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices]
"WinSystems"="C:\\WINDOWS\\system32\\winsystems16.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BullGuard]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="bullguard"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\BullGuard Software\\BullGuard\\bullguard.exe\" -boot"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDTray]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="CloneCDTray"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\SlySoft\\CloneCD\\CloneCDTray.exe\" /s"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DiskeeperSystray]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="DkIcon"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Diskeeper Corporation\\Diskeeper\\DkIcon.exe\""
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="NeroCheck"
"hkey"="HKLM"
"command"="C:\\Program Files\\Common Files\\Ahead\\Lib\\NeroCheck.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Norton Ghost 9.0]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="GhostTray"
"hkey"="HKLM"
"command"="C:\\Program Files\\Symantec\\Norton Ghost\\Agent\\GhostTray.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"appinit_dlls"="pushow10.dll"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{B528C6CC-AA98-4753-8980-A6B97A220A63}"=""
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"=hex(2):43,3a,5c,57,49,4e,44,4f,57,53,5c,52,65,73,6f,75,72,\
63,65,73,5c,54,68,65,6d,65,73,5c,52,6f,79,61,6c,65,5c,52,6f,79,61,6c,65,2e,\
6d,73,73,74,79,6c,65,73,00
"InstallTheme"=hex(2):43,3a,5c,57,49,4e,44,4f,57,53,5c,52,65,73,6f,75,72,63,65,\
73,5c,54,68,65,6d,65,73,5c,52,6f,79,61,6c,65,2e,74,68,65,6d,65,00
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon
otify\mllji
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon
otify\rqrppmn
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
Usnsvc REG_MULTI_SZ usnsvc\0\0
bthsvcs REG_MULTI_SZ BthServ\0\0
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\G]
Shell\AutoRun\command G:\setup.exe -q
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3c5f6850-70c7-11db-a1f6-0012bfc591d8}]
Shell\AutoRun\command J:\prime.bat
Completion time: 07-01-29 18:59:26
Log HyackThis
Logfile of HijackThis v1.99.1
Scan saved at 19:05:23, on 29-1-2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\System32\GEARSec.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Symantec\Norton Ghost\Agent\PQV2iSvc.exe
C:\WINDOWS\system32
vsvc32.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\RTHDCPL.EXE
C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\winsystems16.exe
C:\Program Files\VoipBuster.com\VoipBuster\VoipBuster.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\FireTrust\MailWasher Pro\MailWasher.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\MSN Messenger\msncall.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Skype\Plugin Manager\SkypePM.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\rdpclip.exe
C:\WINDOWS\system32\logonui.exe
C:\WINDOWS\system32\logon.scr
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Hyjakhthis\HijackThis1991.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.aldi.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.aldi.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: HelperObject Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 7\SnagItBHO.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {75144EAB-4BA0-4D03-B766-1FA365FE9C51} - C:\WINDOWS\system32\mllji.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: (no name) - {8C9708E1-41E9-4201-AA28-9D11301A161F} - C:\WINDOWS\system32\mllji.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: (no name) - {B528C6CC-AA98-4753-8980-A6B97A220A63} - C:\WINDOWS\system32\rqrppmn.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 7\SnagItIEAddin.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\Home Cinema\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [InstantOn] "C:\Program Files\CyberLink\PowerCinema Linux\ion_install.exe /c "
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [WinSystems] C:\WINDOWS\system32\winsystems16.exe
O4 - HKLM\..\RunServices: [WinSystems] C:\WINDOWS\system32\winsystems16.exe
O4 - HKCU\..\Run: [VoipBuster] "C:\Program Files\VoipBuster.com\VoipBuster\VoipBuster.exe" -nosplash -minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - Startup: MailWasherPro.lnk = C:\Program Files\FireTrust\MailWasher Pro\MailWasher.exe
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=http://www.aldi.com/
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1162213379953
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: pushow10.dll
O20 - Winlogon Notify: mllji - C:\WINDOWS\system32\mllji.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O20 - Winlogon Notify: rqrppmn - C:\WINDOWS\SYSTEM32\rqrppmn.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Symantec\Norton Ghost\Agent\PQV2iSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32
vsvc32.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
Ik hoop dat je met deze logs iets kan,
groeten,
Leo - Ga naar Start - Uitvoeren en geef daar met behulp van kopieeren en plakken het volgende commando in:
[b:2458819603]"C:\Documents and Settings\Leo\Bureaublad\combofix.exe" /v efcawut gebxurr mllji rqrppmn[/b:2458819603]
Bevestig dit met OK.
Combofix zal starten, na het herstarten van je PC post je het nieuwe logje van Combofix tesamen met een nieuw logje van HijackThis
- [u:f33f82dccf]Log combo fix:[/u:f33f82dccf]
"Leo" - 07-01-29 20:39:00 Service Pack 2
ComboFix 07-01-25 - Running from: "C:\Documents and Settings\Leo\Bureaublad"
Command switches used :: /v efcawut gebxurr mllji rqrppmn
(((((((((((((((((((((((((((((((((((((((((((((((( Vundo Log )))))))))))))))))))))))))))))))))))))))))))))))))))))
C:\WINDOWS\system32\efcawut.dll
C:\WINDOWS\system32\gebxurr.dll
C:\WINDOWS\system32\mllji.dll
C:\WINDOWS\system32\rqrppmn.dll
C:\WINDOWS\system32\ijllm.bak1
C:\WINDOWS\system32\ijllm.ini
* * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
((((((((((((((((((((((((((((((( Files Created from 2006-12-29 to 2007-01-29 ))))))))))))))))))))))))))))))))))
2007-01-29 16:38 <DIR> d-a—— C:\DOCUME~1\ALLUSE~1\Application Data\TEMP
2007-01-29 13:02 <DIR> d——– C:\Hyjakhthis
2007-01-28 17:07 <DIR> d——– C:\Program Files\Hema Album Software Advanced
2007-01-28 14:33 1,117,491 –a—— C:\WINDOWS\system32\exec1.exe
2007-01-28 14:33 <DIR> d——– C:\Program Files\DVD Shrink
2007-01-28 14:33 <DIR> d——– C:\DOCUME~1\ALLUSE~1\Application Data\DVD Shrink
2007-01-25 12:40 <DIR> d——– C:\Program Files\Computerbrains
2007-01-22 09:29 <DIR> d——– C:\DOCUME~1\Leo\WINDOWS
2007-01-19 09:49 83,168 –a—— C:\WINDOWS\system32\S32EVNT1.DLL
2007-01-19 09:49 82,832 –a—— C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2007-01-19 09:49 <DIR> d——– C:\Program Files\Symantec AntiVirus
2007-01-18 21:36 10,344 –a—— C:\WINDOWS\system32\drivers\symlcbrd.sys
2007-01-15 18:09 <DIR> d——– C:\Program Files\GPLGS
2007-01-14 12:21 <DIR> d——– C:\Program Files\MSRT
2007-01-11 08:24 <DIR> d——– C:\DOCUME~1\Leo\Application Data\Bookmarks
2007-01-10 23:25 <DIR> d——– C:\DOCUME~1\ALLUSE~1\Application Data\Adobe
2007-01-10 22:19 87,608 –a—— C:\DOCUME~1\Leo\Application Data\ezpinst.exe
2007-01-10 22:19 47,360 –a—— C:\WINDOWS\system32\drivers\pcouffin.sys
2007-01-10 22:19 47,360 –a—— C:\DOCUME~1\Leo\Application Data\pcouffin.sys
2007-01-10 22:19 <DIR> d——– C:\Program Files\vso
2007-01-10 22:19 <DIR> d——– C:\DOCUME~1\Leo\Application Data\Vso
2007-01-10 22:13 <DIR> d——– C:\WINDOWS\ie7updates
2007-01-09 21:07 19,728 –a—— C:\WINDOWS\system32\pgdfgsvc.exe
2007-01-09 20:48 <DIR> d——– C:\Program Files\PDA
2007-01-09 20:47 35,328 –a—— C:\WINDOWS\system32\cygz.dll
2007-01-09 20:47 35,328 –a—— C:\WINDOWS\cygz.dll
2007-01-09 20:47 1,126,281 –a—— C:\WINDOWS\system32\cygwin1.dll
2007-01-09 20:47 1,126,281 –a—— C:\WINDOWS\cygwin1.dll
2007-01-09 08:25 <DIR> d——– C:\Program Files\Bootvis
2007-01-04 17:40 <DIR> d——– C:\WINDOWS\Sun
2007-01-04 14:57 12,288 –a—— C:\WINDOWS\system32\drivers\mouhid.sys
2007-01-04 11:16 38,016 –a—— C:\WINDOWS\system32\drivers\bthmodem.sys
2007-01-04 11:10 100,992 –a—— C:\WINDOWS\system32\drivers\bthpan.sys
2007-01-04 11:09 8,192 –a—— C:\WINDOWS\system32\wshirda.dll
2007-01-04 11:09 59,648 –a—— C:\WINDOWS\system32\drivers\rfcomm.sys
2007-01-04 11:09 28,160 –a—— C:\WINDOWS\system32\irmon.dll
2007-01-04 11:09 274,816 –a—— C:\WINDOWS\system32\drivers\bthport.sys
2007-01-04 11:09 18,944 –a—— C:\WINDOWS\system32\drivers\BTHUSB.SYS
2007-01-04 11:09 17,024 –a—— C:\WINDOWS\system32\drivers\BthEnum.sys
2007-01-04 11:09 154,112 –a—— C:\WINDOWS\system32\irftp.exe
2007-01-03 22:35 <DIR> d——– C:\WINDOWS\WinRescue
2007-01-03 22:30 <DIR> d——– C:\Program Files\PowerQuest
2007-01-03 22:16 205,312 -ra—— C:\WINDOWS\pw32a.dll
2007-01-03 22:16 205,312 -ra—— C:\WINDOWS\patchw32.dll
2007-01-03 22:09 <DIR> d——– C:\DOCUME~1\Leo\Application Data\IsolatedStorage
2007-01-02 23:43 <DIR> dr——- C:\DOCUME~1\LOCALS~1\Favorieten
2007-01-02 23:39 90,112 –a—— C:\WINDOWS\system32\CNMCP5I.exe
2007-01-02 13:26 <DIR> d——– C:\DOCUME~1\LOCALS~1\Mijn documenten
2006-12-31 18:09 <DIR> d——– C:\Program Files\Orb Networks
2006-12-31 18:09 <DIR> d——– C:\DOCUME~1\ALLUSE~1\Application Data\OrbNetworks
2006-12-31 18:03 266,360 –a—— C:\WINDOWS\system32\TweakUI.exe
2006-12-31 17:52 8,704 –a—— C:\WINDOWS\system32\CNMVS5I.DLL
2006-12-31 17:52 140,288 –a—— C:\WINDOWS\system32\CNMLM5I.DLL
2006-12-31 17:07 25,856 –a—— C:\WINDOWS\system32\drivers\usbprint.sys
2006-12-31 17:04 <DIR> d——– C:\Temp
2006-12-31 11:04 2,297,552 –a—— C:\WINDOWS\system32\d3dx9_26.dll
2006-12-30 18:06 <DIR> d——– C:\DOCUME~1\Leo\Application Data\AdobeUM
2006-12-30 17:15 30,592 ——— C:\WINDOWS\system32\drivers\rndismpx.sys
2006-12-30 17:15 12,800 ——— C:\WINDOWS\system32\drivers\usb8023x.sys
2006-12-30 17:14 <DIR> d——– C:\Program Files\Microsoft ActiveSync
2006-12-30 16:45 <DIR> d——– C:\Program Files\System Cleanup
2006-12-30 16:44 <DIR> d——– C:\DOCUME~1\Leo\Application Data\Franckey
(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))
2007-01-29 20:18 ——– d——– C:\Documents and Settings\Leo\Application Data\skype
2007-01-29 17:18 ——– d——– C:\Documents and Settings\Leo\Application Data\mailwasherpro
2007-01-28 21:27 ——– d——– C:\Program Files\Common Files\symantec shared
2007-01-27 15:13 ——– d——– C:\Documents and Settings\Leo\Application Data\limewire
2007-01-27 08:27 ——– d—s—- C:\Documents and Settings\Leo\Application Data\microsoft
2007-01-27 08:00 ——– d——– C:\Program Files\google
2007-01-26 17:43 ——– d——– C:\Documents and Settings\Leo\Application Data\cyberlink
2007-01-24 13:05 ——– d–h—– C:\Program Files\installshield installation information
2007-01-20 21:55 ——– d——– C:\Program Files\msn messenger
2007-01-20 20:26 ——– d——– C:\Program Files\winrescuexp
2007-01-19 09:49 ——– d——– C:\Program Files\symantec
2007-01-19 09:42 ——– d——– C:\Program Files
orton antivirus
2007-01-19 09:42 ——– d——– C:\Documents and Settings\Leo\Application Data\symantec
2007-01-19 09:26 3888 –a—— C:\WINDOWS\system32\drivers\NTHANDLE.SYS
2007-01-19 09:22 ——– d——– C:\Documents and Settings\Leo\Application Data\vso
2007-01-11 08:33 ——– d——– C:\Documents and Settings\Leo\Application Data\bookmarks
2007-01-10 23:22 ——– d——– C:\Documents and Settings\Leo\Application Data\adobeum
2007-01-10 23:13 ——– d——– C:\Documents and Settings\Leo\Application Data\adobe
2007-01-10 22:19 87608 –a—— C:\Documents and Settings\Leo\Application Data\ezpinst.exe
2007-01-10 22:19 7824 –a—— C:\Documents and Settings\Leo\Application Data\pcouffin.cat
2007-01-10 22:19 47360 –a—— C:\Documents and Settings\Leo\Application Data\pcouffin.sys
2007-01-10 22:19 34 –a—— C:\Documents and Settings\Leo\Application Data\pcouffin.log
2007-01-10 22:19 1144 –a—— C:\Documents and Settings\Leo\Application Data\pcouffin.inf
2007-01-10 06:59 ——– d——– C:\Program Files\divx subtitle displayer
2007-01-05 14:55 ——– d——– C:\Documents and Settings\Leo\Application Data\voipbuster
2007-01-04 20:15 ——– d——– C:\Program Files\winamp
2007-01-04 20:15 ——– d——– C:\Program Files\divx
2007-01-03 22:09 ——– d——– C:\Documents and Settings\Leo\Application Data\isolatedstorage
2006-12-31 00:27 ——– d——– C:\Documents and Settings\Leo\Application Data\ahead
2006-12-30 17:16 2508 –a—— C:\Documents and Settings\Leo\Application Data\$_hpcst$.hpc
2006-12-30 16:44 ——– d——– C:\Documents and Settings\Leo\Application Data\franckey
2006-12-28 17:54 ——– d——– C:\Documents and Settings\Leo\Application Data
erodctemplates
2006-12-28 10:59 ——– d——– C:\Program Files\who lock me
2006-12-28 10:43 ——– d——– C:\Program Files\Common Files\adobe
2006-12-28 00:19 96256 –a—— C:\WINDOWS\system32\drivers\sptd3965.sys
2006-12-28 00:19 643072 –a—— C:\WINDOWS\system32\drivers\sptd.sys
2006-12-27 20:27 ——– d——– C:\Documents and Settings\Leo\Application Data\acd systems
2006-12-27 15:58 223128 –a—— C:\WINDOWS\system32\drivers\dtscsi.sys
2006-12-27 15:45 ——– d——– C:\Program Files\alcohol soft
2006-12-27 15:44 ——– d——– C:\Program Files\poweriso
2006-12-27 07:59 ——– d——– C:\Program Files\slysoft
2006-12-27 07:58 ——– d——– C:\Program Files\elaborate bytes
2006-12-26 22:38 ——– d——– C:\Program Files\flashfxp
2006-12-26 22:20 ——– d——– C:\Program Files\limewire
2006-12-26 22:17 ——– d——– C:\Program Files\autoruns
2006-12-26 22:15 ——– d——– C:\Documents and Settings\Leo\Application Data\google
2006-12-26 21:54 ——– d——– C:\Program Files\firetrust
2006-12-26 21:28 ——– d——– C:\Program Files\acro software
2006-12-26 21:28 ——– d——– C:\Documents and Settings\Leo\Application Data\help
2006-12-26 21:27 ——– d——– C:\Program Files\messenger plus! live
2006-12-26 21:16 ——– d——– C:\Program Files\diskeeper corporation
2006-12-26 21:16 ——– d——– C:\Documents and Settings\Leo\Application Data\leadertech
2006-12-26 21:05 ——– d——– C:\Program Files\techsmith
2006-12-26 21:05 ——– d——– C:\Program Files\Common Files\wise installation wizard
2006-12-26 21:04 ——– d——– C:\Program Files\pagedefrag
2006-12-26 20:56 ——– d——– C:\Program Files\Common Files\acd systems
2006-12-26 20:56 ——– d——– C:\Program Files\acd systems
2006-12-26 20:54 ——– d——– C:\Program Files\skype
2006-12-26 20:54 ——– d——– C:\Program Files\Common Files\skype
2006-12-26 20:52 ——– d——– C:\Program Files\voipbuster.com
2006-12-26 20:46 ——– d——– C:\Documents and Settings\Leo\Application Data\flashfxp
2006-12-26 20:45 ——– d——– C:\Program Files\lavasoft
2006-12-26 20:45 ——– d——– C:\Documents and Settings\Leo\Application Data\lavasoft
2006-12-26 20:00 ——– d——– C:\Program Files\microsoft.net
2006-12-26 19:35 ——– d——– C:\Program Files\linux
2006-12-26 19:35 ——– d——– C:\Program Files\cyberlink
2006-12-07 05:14 2330624 –a—— C:\WINDOWS\system32\wmvcore.dll
2006-11-08 06:07 679424 –a—— C:\WINDOWS\system32\inetcomm.dll
2006-11-07 21:03 6049280 ——— C:\WINDOWS\system32\ieframe.dll
2006-11-07 21:03 50688 ——— C:\WINDOWS\system32\msfeedsbs.dll
2006-11-07 21:03 458752 ——— C:\WINDOWS\system32\msfeeds.dll
2006-11-07 21:03 413696 –a—— C:\WINDOWS\system32\vbscript.dll
2006-11-07 21:03 231424 –a—— C:\WINDOWS\system32\webcheck.dll
2006-11-07 21:03 180736 ——— C:\WINDOWS\system32\ieui.dll
2006-11-07 21:03 156160 –a—— C:\WINDOWS\system32\msls31.dll
2006-11-07 03:27 382976 –a—— C:\WINDOWS\system32\iedkcs32.dll
2006-11-07 03:27 229376 –a—— C:\WINDOWS\system32\ieaksie.dll
2006-11-07 03:26 71680 –a—— C:\WINDOWS\system32\admparse.dll
2006-11-07 03:26 55296 –a—— C:\WINDOWS\system32\iesetup.dll
2006-11-07 03:26 54784 –a—— C:\WINDOWS\system32\ie4uinit.exe
2006-11-07 03:26 43008 –a—— C:\WINDOWS\system32\iernonce.dll
2006-11-07 03:26 152064 –a—— C:\WINDOWS\system32\ieakeng.dll
2006-11-07 03:26 13312 –a—— C:\WINDOWS\system32\ieudinit.exe
2006-11-07 03:26 123904 –a—— C:\WINDOWS\system32\advpack.dll
2006-11-07 03:25 161792 –a—— C:\WINDOWS\system32\ieakui.dll
2006-11-04 14:14 1245696 –a—— C:\WINDOWS\system32\msxml4.dll
2006-10-30 15:24 278528 –a—— C:\WINDOWS\system32\livesnth.dll
2006-10-30 15:24 203776 –a—— C:\WINDOWS\system32\clrviddc.dll
2006-10-30 12:23 8 -r-hs—- C:\WINDOWS\system32\6b8972dcc0.sys
2006-10-30 12:23 4704 –ahs—- C:\WINDOWS\system32\kgygaavl.sys
(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries & legit default entries are not shown
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"VoipBuster"="\"C:\\Program Files\\VoipBuster.com\\VoipBuster\\VoipBuster.exe\" -nosplash -minimized"
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"msnmsgr"="\"C:\\Program Files\\MSN Messenger\\msnmsgr.exe\" /background"
"Skype"="\"C:\\Program Files\\Skype\\Phone\\Skype.exe\" /nosplash /minimized"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"ehTray"="C:\\WINDOWS\\ehome\\ehtray.exe"
"RTHDCPL"="RTHDCPL.EXE"
"Alcmtr"="ALCMTR.EXE"
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"nwiz"="nwiz.exe /install"
"LanguageShortcut"="\"C:\\Program Files\\Home Cinema\\PowerDVD\\Language\\Language.exe\""
"InstantOn"="\"C:\\Program Files\\CyberLink\\PowerCinema Linux\\ion_install.exe /c \""
@=""
"BluetoothAuthenticationAgent"="rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent"
"Synchronization Manager"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,73,79,\
73,74,65,6d,33,32,5c,6d,6f,62,73,79,6e,63,2e,65,78,65,20,2f,6c,6f,67,6f,6e,\
00
"DiskeeperSystray"="\"C:\\Program Files\\Diskeeper Corporation\\Diskeeper\\DkIcon.exe\""
"ccApp"="\"C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\""
"vptray"="C:\\PROGRA~1\\SYMANT~1\\VPTray.exe"
"WinSystems"="C:\\WINDOWS\\system32\\winsystems16.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices]
"WinSystems"="C:\\WINDOWS\\system32\\winsystems16.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BullGuard]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="bullguard"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\BullGuard Software\\BullGuard\\bullguard.exe\" -boot"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDTray]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="CloneCDTray"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\SlySoft\\CloneCD\\CloneCDTray.exe\" /s"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DiskeeperSystray]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="DkIcon"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Diskeeper Corporation\\Diskeeper\\DkIcon.exe\""
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="NeroCheck"
"hkey"="HKLM"
"command"="C:\\Program Files\\Common Files\\Ahead\\Lib\\NeroCheck.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Norton Ghost 9.0]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="GhostTray"
"hkey"="HKLM"
"command"="C:\\Program Files\\Symantec\\Norton Ghost\\Agent\\GhostTray.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"appinit_dlls"="pushow10.dll"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"=hex(2):43,3a,5c,57,49,4e,44,4f,57,53,5c,52,65,73,6f,75,72,\
63,65,73,5c,54,68,65,6d,65,73,5c,52,6f,79,61,6c,65,5c,52,6f,79,61,6c,65,2e,\
6d,73,73,74,79,6c,65,73,00
"InstallTheme"=hex(2):43,3a,5c,57,49,4e,44,4f,57,53,5c,52,65,73,6f,75,72,63,65,\
73,5c,54,68,65,6d,65,73,5c,52,6f,79,61,6c,65,2e,74,68,65,6d,65,00
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
Usnsvc REG_MULTI_SZ usnsvc\0\0
bthsv"Leo" - 07-01-29 20:39:00 Service Pack 2
ComboFix 07-01-25 - Running from: "C:\Documents and Settings\Leo\Bureaublad"
Command switches used :: /v efcawut gebxurr mllji rqrppmn
(((((((((((((((((((((((((((((((((((((((((((((((( Vundo Log )))))))))))))))))))))))))))))))))))))))))))))))))))))
C:\WINDOWS\system32\efcawut.dll
C:\WINDOWS\system32\gebxurr.dll
C:\WINDOWS\system32\mllji.dll
C:\WINDOWS\system32\rqrppmn.dll
C:\WINDOWS\system32\ijllm.bak1
C:\WINDOWS\system32\ijllm.ini
* * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
((((((((((((((((((((((((((((((( Files Created from 2006-12-29 to 2007-01-29 ))))))))))))))))))))))))))))))))))
2007-01-29 16:38 <DIR> d-a—— C:\DOCUME~1\ALLUSE~1\Application Data\TEMP
2007-01-29 13:02 <DIR> d——– C:\Hyjakhthis
2007-01-28 17:07 <DIR> d——– C:\Program Files\Hema Album Software Advanced
2007-01-28 14:33 1,117,491 –a—— C:\WINDOWS\system32\exec1.exe
2007-01-28 14:33 <DIR> d——– C:\Program Files\DVD Shrink
2007-01-28 14:33 <DIR> d——– C:\DOCUME~1\ALLUSE~1\Application Data\DVD Shrink
2007-01-25 12:40 <DIR> d——– C:\Program Files\Computerbrains
2007-01-22 09:29 <DIR> d——– C:\DOCUME~1\Leo\WINDOWS
2007-01-19 09:49 83,168 –a—— C:\WINDOWS\system32\S32EVNT1.DLL
2007-01-19 09:49 82,832 –a—— C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2007-01-19 09:49 <DIR> d——– C:\Program Files\Symantec AntiVirus
2007-01-18 21:36 10,344 –a—— C:\WINDOWS\system32\drivers\symlcbrd.sys
2007-01-15 18:09 <DIR> d——– C:\Program Files\GPLGS
2007-01-14 12:21 <DIR> d——– C:\Program Files\MSRT
2007-01-11 08:24 <DIR> d——– C:\DOCUME~1\Leo\Application Data\Bookmarks
2007-01-10 23:25 <DIR> d——– C:\DOCUME~1\ALLUSE~1\Application Data\Adobe
2007-01-10 22:19 87,608 –a—— C:\DOCUME~1\Leo\Application Data\ezpinst.exe
2007-01-10 22:19 47,360 –a—— C:\WINDOWS\system32\drivers\pcouffin.sys
2007-01-10 22:19 47,360 –a—— C:\DOCUME~1\Leo\Application Data\pcouffin.sys
2007-01-10 22:19 <DIR> d——– C:\Program Files\vso
2007-01-10 22:19 <DIR> d——– C:\DOCUME~1\Leo\Application Data\Vso
2007-01-10 22:13 <DIR> d——– C:\WINDOWS\ie7updates
2007-01-09 21:07 19,728 –a—— C:\WINDOWS\system32\pgdfgsvc.exe
2007-01-09 20:48 <DIR> d——– C:\Program Files\PDA
2007-01-09 20:47 35,328 –a—— C:\WINDOWS\system32\cygz.dll
2007-01-09 20:47 35,328 –a—— C:\WINDOWS\cygz.dll
2007-01-09 20:47 1,126,281 –a—— C:\WINDOWS\system32\cygwin1.dll
2007-01-09 20:47 1,126,281 –a—— C:\WINDOWS\cygwin1.dll
2007-01-09 08:25 <DIR> d——– C:\Program Files\Bootvis
2007-01-04 17:40 <DIR> d——– C:\WINDOWS\Sun
2007-01-04 14:57 12,288 –a—— C:\WINDOWS\system32\drivers\mouhid.sys
2007-01-04 11:16 38,016 –a—— C:\WINDOWS\system32\drivers\bthmodem.sys
2007-01-04 11:10 100,992 –a—— C:\WINDOWS\system32\drivers\bthpan.sys
2007-01-04 11:09 8,192 –a—— C:\WINDOWS\system32\wshirda.dll
2007-01-04 11:09 59,648 –a—— C:\WINDOWS\system32\drivers\rfcomm.sys
2007-01-04 11:09 28,160 –a—— C:\WINDOWS\system32\irmon.dll
2007-01-04 11:09 274,816 –a—— C:\WINDOWS\system32\drivers\bthport.sys
2007-01-04 11:09 18,944 –a—— C:\WINDOWS\system32\drivers\BTHUSB.SYS
2007-01-04 11:09 17,024 –a—— C:\WINDOWS\system32\drivers\BthEnum.sys
2007-01-04 11:09 154,112 –a—— C:\WINDOWS\system32\irftp.exe
2007-01-03 22:35 <DIR> d——– C:\WINDOWS\WinRescue
2007-01-03 22:30 <DIR> d——– C:\Program Files\PowerQuest
2007-01-03 22:16 205,312 -ra—— C:\WINDOWS\pw32a.dll
2007-01-03 22:16 205,312 -ra—— C:\WINDOWS\patchw32.dll
2007-01-03 22:09 <DIR> d——– C:\DOCUME~1\Leo\Application Data\IsolatedStorage
2007-01-02 23:43 <DIR> dr——- C:\DOCUME~1\LOCALS~1\Favorieten
2007-01-02 23:39 90,112 –a—— C:\WINDOWS\system32\CNMCP5I.exe
2007-01-02 13:26 <DIR> d——– C:\DOCUME~1\LOCALS~1\Mijn documenten
2006-12-31 18:09 <DIR> d——– C:\Program Files\Orb Networks
2006-12-31 18:09 <DIR> d——– C:\DOCUME~1\ALLUSE~1\Application Data\OrbNetworks
2006-12-31 18:03 266,360 –a—— C:\WINDOWS\system32\TweakUI.exe
2006-12-31 17:52 8,704 –a—— C:\WINDOWS\system32\CNMVS5I.DLL
2006-12-31 17:52 140,288 –a—— C:\WINDOWS\system32\CNMLM5I.DLL
2006-12-31 17:07 25,856 –a—— C:\WINDOWS\system32\drivers\usbprint.sys
2006-12-31 17:04 <DIR> d——– C:\Temp
2006-12-31 11:04 2,297,552 –a—— C:\WINDOWS\system32\d3dx9_26.dll
2006-12-30 18:06 <DIR> d——– C:\DOCUME~1\Leo\Application Data\AdobeUM
2006-12-30 17:15 30,592 ——— C:\WINDOWS\system32\drivers\rndismpx.sys
2006-12-30 17:15 12,800 ——— C:\WINDOWS\system32\drivers\usb8023x.sys
2006-12-30 17:14 <DIR> d——– C:\Program Files\Microsoft ActiveSync
2006-12-30 16:45 <DIR> d——– C:\Program Files\System Cleanup
2006-12-30 16:44 <DIR> d——– C:\DOCUME~1\Leo\Application Data\Franckey
(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))
2007-01-29 20:18 ——– d——– C:\Documents and Settings\Leo\Application Data\skype
2007-01-29 17:18 ——– d——– C:\Documents and Settings\Leo\Application Data\mailwasherpro
2007-01-28 21:27 ——– d——– C:\Program Files\Common Files\symantec shared
2007-01-27 15:13 ——– d——– C:\Documents and Settings\Leo\Application Data\limewire
2007-01-27 08:27 ——– d—s—- C:\Documents and Settings\Leo\Application Data\microsoft
2007-01-27 08:00 ——– d——– C:\Program Files\google
2007-01-26 17:43 ——– d——– C:\Documents and Settings\Leo\Application Data\cyberlink
2007-01-24 13:05 ——– d–h—– C:\Program Files\installshield installation information
2007-01-20 21:55 ——– d——– C:\Program Files\msn messenger
2007-01-20 20:26 ——– d——– C:\Program Files\winrescuexp
2007-01-19 09:49 ——– d——– C:\Program Files\symantec
2007-01-19 09:42 ——– d——– C:\Program Files
orton antivirus
2007-01-19 09:42 ——– d——– C:\Documents and Settings\Leo\Application Data\symantec
2007-01-19 09:26 3888 –a—— C:\WINDOWS\system32\drivers\NTHANDLE.SYS
2007-01-19 09:22 ——– d——– C:\Documents and Settings\Leo\Application Data\vso
2007-01-11 08:33 ——– d——– C:\Documents and Settings\Leo\Application Data\bookmarks
2007-01-10 23:22 ——– d——– C:\Documents and Settings\Leo\Application Data\adobeum
2007-01-10 23:13 ——– d——– C:\Documents and Settings\Leo\Application Data\adobe
2007-01-10 22:19 87608 –a—— C:\Documents and Settings\Leo\Application Data\ezpinst.exe
2007-01-10 22:19 7824 –a—— C:\Documents and Settings\Leo\Application Data\pcouffin.cat
2007-01-10 22:19 47360 –a—— C:\Documents and Settings\Leo\Application Data\pcouffin.sys
2007-01-10 22:19 34 –a—— C:\Documents and Settings\Leo\Application Data\pcouffin.log
2007-01-10 22:19 1144 –a—— C:\Documents and Settings\Leo\Application Data\pcouffin.inf
2007-01-10 06:59 ——– d——– C:\Program Files\divx subtitle displayer
2007-01-05 14:55 ——– d——– C:\Documents and Settings\Leo\Application Data\voipbuster
2007-01-04 20:15 ——– d——– C:\Program Files\winamp
2007-01-04 20:15 ——– d——– C:\Program Files\divx
2007-01-03 22:09 ——– d——– C:\Documents and Settings\Leo\Application Data\isolatedstorage
2006-12-31 00:27 ——– d——– C:\Documents and Settings\Leo\Application Data\ahead
2006-12-30 17:16 2508 –a—— C:\Documents and Settings\Leo\Application Data\$_hpcst$.hpc
2006-12-30 16:44 ——– d——– C:\Documents and Settings\Leo\Application Data\franckey
2006-12-28 17:54 ——– d——– C:\Documents and Settings\Leo\Application Data
erodctemplates
2006-12-28 10:59 ——– d——– C:\Program Files\who lock me
2006-12-28 10:43 ——– d——– C:\Program Files\Common Files\adobe
2006-12-28 00:19 96256 –a—— C:\WINDOWS\system32\drivers\sptd3965.sys
2006-12-28 00:19 643072 –a—— C:\WINDOWS\system32\drivers\sptd.sys
2006-12-27 20:27 ——– d——– C:\Documents and Settings\Leo\Application Data\acd systems
2006-12-27 15:58 223128 –a—— C:\WINDOWS\system32\drivers\dtscsi.sys
2006-12-27 15:45 ——– d——– C:\Program Files\alcohol soft
2006-12-27 15:44 ——– d——– C:\Program Files\poweriso
2006-12-27 07:59 ——– d——– C:\Program Files\slysoft
2006-12-27 07:58 ——– d——– C:\Program Files\elaborate bytes
2006-12-26 22:38 ——– d——– C:\Program Files\flashfxp
2006-12-26 22:20 ——– d——– C:\Program Files\limewire
2006-12-26 22:17 ——– d——– C:\Program Files\autoruns
2006-12-26 22:15 ——– d——– C:\Documents and Settings\Leo\Application Data\google
2006-12-26 21:54 ——– d——– C:\Program Files\firetrust
2006-12-26 21:28 ——– d——– C:\Program Files\acro software
2006-12-26 21:28 ——– d——– C:\Documents and Settings\Leo\Application Data\help
2006-12-26 21:27 ——– d——– C:\Program Files\messenger plus! live
2006-12-26 21:16 ——– d——– C:\Program Files\diskeeper corporation
2006-12-26 21:16 ——– d——– C:\Documents and Settings\Leo\Application Data\leadertech
2006-12-26 21:05 ——– d——– C:\Program Files\techsmith
2006-12-26 21:05 ——– d——– C:\Program Files\Common Files\wise installation wizard
2006-12-26 21:04 ——– d——– C:\Program Files\pagedefrag
2006-12-26 20:56 ——– d——– C:\Program Files\Common Files\acd systems
2006-12-26 20:56 ——– d——– C:\Program Files\acd systems
2006-12-26 20:54 ——– d——– C:\Program Files\skype
2006-12-26 20:54 ——– d——– C:\Program Files\Common Files\skype
2006-12-26 20:52 ——– d——– C:\Program Files\voipbuster.com
2006-12-26 20:46 ——– d——– C:\Documents and Settings\Leo\Application Data\flashfxp
2006-12-26 20:45 ——– d——– C:\Program Files\lavasoft
2006-12-26 20:45 ——– d——– C:\Documents and Settings\Leo\Application Data\lavasoft
2006-12-26 20:00 ——– d——– C:\Program Files\microsoft.net
2006-12-26 19:35 ——– d——– C:\Program Files\linux
2006-12-26 19:35 ——– d——– C:\Program Files\cyberlink
2006-12-07 05:14 2330624 –a—— C:\WINDOWS\system32\wmvcore.dll
2006-11-08 06:07 679424 –a—— C:\WINDOWS\system32\inetcomm.dll
2006-11-07 21:03 6049280 ——— C:\WINDOWS\system32\ieframe.dll
2006-11-07 21:03 50688 ——— C:\WINDOWS\system32\msfeedsbs.dll
2006-11-07 21:03 458752 ——— C:\WINDOWS\system32\msfeeds.dll
2006-11-07 21:03 413696 –a—— C:\WINDOWS\system32\vbscript.dll
2006-11-07 21:03 231424 –a—— C:\WINDOWS\system32\webcheck.dll
2006-11-07 21:03 180736 ——— C:\WINDOWS\system32\ieui.dll
2006-11-07 21:03 156160 –a—— C:\WINDOWS\system32\msls31.dll
2006-11-07 03:27 382976 –a—— C:\WINDOWS\system32\iedkcs32.dll
2006-11-07 03:27 229376 –a—— C:\WINDOWS\system32\ieaksie.dll
2006-11-07 03:26 71680 –a—— C:\WINDOWS\system32\admparse.dll
2006-11-07 03:26 55296 –a—— C:\WINDOWS\system32\iesetup.dll
2006-11-07 03:26 54784 –a—— C:\WINDOWS\system32\ie4uinit.exe
2006-11-07 03:26 43008 –a—— C:\WINDOWS\system32\iernonce.dll
2006-11-07 03:26 152064 –a—— C:\WINDOWS\system32\ieakeng.dll
2006-11-07 03:26 13312 –a—— C:\WINDOWS\system32\ieudinit.exe
2006-11-07 03:26 123904 –a—— C:\WINDOWS\system32\advpack.dll
2006-11-07 03:25 161792 –a—— C:\WINDOWS\system32\ieakui.dll
2006-11-04 14:14 1245696 –a—— C:\WINDOWS\system32\msxml4.dll
2006-10-30 15:24 278528 –a—— C:\WINDOWS\system32\livesnth.dll
2006-10-30 15:24 203776 –a—— C:\WINDOWS\system32\clrviddc.dll
2006-10-30 12:23 8 -r-hs—- C:\WINDOWS\system32\6b8972dcc0.sys
2006-10-30 12:23 4704 –ahs—- C:\WINDOWS\system32\kgygaavl.sys
(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries & legit default entries are not shown
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"VoipBuster"="\"C:\\Program Files\\VoipBuster.com\\VoipBuster\\VoipBuster.exe\" -nosplash -minimized"
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"msnmsgr"="\"C:\\Program Files\\MSN Messenger\\msnmsgr.exe\" /background"
"Skype"="\"C:\\Program Files\\Skype\\Phone\\Skype.exe\" /nosplash /minimized"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"ehTray"="C:\\WINDOWS\\ehome\\ehtray.exe"
"RTHDCPL"="RTHDCPL.EXE"
"Alcmtr"="ALCMTR.EXE"
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"nwiz"="nwiz.exe /install"
"LanguageShortcut"="\"C:\\Program Files\\Home Cinema\\PowerDVD\\Language\\Language.exe\""
"InstantOn"="\"C:\\Program Files\\CyberLink\\PowerCinema Linux\\ion_install.exe /c \""
@=""
"BluetoothAuthenticationAgent"="rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent"
"Synchronization Manager"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,73,79,\
73,74,65,6d,33,32,5c,6d,6f,62,73,79,6e,63,2e,65,78,65,20,2f,6c,6f,67,6f,6e,\
00
"DiskeeperSystray"="\"C:\\Program Files\\Diskeeper Corporation\\Diskeeper\\DkIcon.exe\""
"ccApp"="\"C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\""
"vptray"="C:\\PROGRA~1\\SYMANT~1\\VPTray.exe"
"WinSystems"="C:\\WINDOWS\\system32\\winsystems16.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices]
"WinSystems"="C:\\WINDOWS\\system32\\winsystems16.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BullGuard]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="bullguard"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\BullGuard Software\\BullGuard\\bullguard.exe\" -boot"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDTray]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="CloneCDTray"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\SlySoft\\CloneCD\\CloneCDTray.exe\" /s"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DiskeeperSystray]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="DkIcon"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Diskeeper Corporation\\Diskeeper\\DkIcon.exe\""
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="NeroCheck"
"hkey"="HKLM"
"command"="C:\\Program Files\\Common Files\\Ahead\\Lib\\NeroCheck.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Norton Ghost 9.0]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="GhostTray"
"hkey"="HKLM"
"command"="C:\\Program Files\\Symantec\\Norton Ghost\\Agent\\GhostTray.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"appinit_dlls"="pushow10.dll"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"=hex(2):43,3a,5c,57,49,4e,44,4f,57,53,5c,52,65,73,6f,75,72,\
63,65,73,5c,54,68,65,6d,65,73,5c,52,6f,79,61,6c,65,5c,52,6f,79,61,6c,65,2e,\
6d,73,73,74,79,6c,65,73,00
"InstallTheme"=hex(2):43,3a,5c,57,49,4e,44,4f,57,53,5c,52,65,73,6f,75,72,63,65,\
73,5c,54,68,65,6d,65,73,5c,52,6f,79,61,6c,65,2e,74,68,65,6d,65,00
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
Usnsvc REG_MULTI_SZ usnsvc\0\0
bthsvcs REG_MULTI_SZ BthServ\0\0
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\G]
Shell\AutoRun\command G:\setup.exe -q
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3c5f6850-70c7-11db-a1f6-0012bfc591d8}]
Shell\AutoRun\command J:\prime.bat
Completion time: 07-01-29 20:46:35
C:\ComboFix2.txt … 07-01-29 18:59
cs REG_MULTI_SZ BthServ\0\0
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\G]
Shell\AutoRun\command G:\setup.exe -q
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3c5f6850-70c7-11db-a1f6-0012bfc591d8}]
Shell\AutoRun\command J:\prime.bat
Completion time: 07-01-29 20:46:35
C:\ComboFix2.txt … 07-01-29 18:59
[u:f33f82dccf]
Log HyjackThis:[/u:f33f82dccf]
Logfile of HijackThis v1.99.1
Scan saved at 20:54:22, on 29-1-2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\System32\GEARSec.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Symantec\Norton Ghost\Agent\PQV2iSvc.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\WINDOWS\system32\winsystems16.exe
C:\Program Files\VoipBuster.com\VoipBuster\VoipBuster.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\FireTrust\MailWasher Pro\MailWasher.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Skype\Plugin Manager\SkypePM.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\MSN Messenger\msncall.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Hyjakhthis\HijackThis1991.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.aldi.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.aldi.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: HelperObject Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 7\SnagItBHO.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {68D5CF1D-EC5C-4bdd-A9EF-F0E517565D50} - C:\WINDOWS\system32\wvtlsrtw.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: (no name) - {FD158B35-8BAF-4EA7-96DC-67E3950D5622} - C:\WINDOWS\system32\pmnnn.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 7\SnagItIEAddin.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\Home Cinema\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [InstantOn] "C:\Program Files\CyberLink\PowerCinema Linux\ion_install.exe /c "
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [WinSystems] C:\WINDOWS\system32\winsystems16.exe
O4 - HKLM\..\RunServices: [WinSystems] C:\WINDOWS\system32\winsystems16.exe
O4 - HKCU\..\Run: [VoipBuster] "C:\Program Files\VoipBuster.com\VoipBuster\VoipBuster.exe" -nosplash -minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - Startup: MailWasherPro.lnk = C:\Program Files\FireTrust\MailWasher Pro\MailWasher.exe
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=http://www.aldi.com/
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1162213379953
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: pushow10.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O20 - Winlogon Notify: pmnnn - C:\WINDOWS\system32\pmnnn.dll
O20 - Winlogon Notify: pmnommm - C:\WINDOWS\SYSTEM32\pmnommm.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Symantec\Norton Ghost\Agent\PQV2iSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32
vsvc32.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
Erg knap als je uitdeze log´s iets kunt halen, mijn complimenten! - Het lijkt nog niet helemaal voorbij
Download Killbox naar je bureaublad.
Alternatieve download.
Nog een alternatief.
Klik op killbox.exe.
Selecteer de optie "[b:13c1e9784c]Delete on reboot[/b:13c1e9784c]".
In het veld "Full Path of File to Delete" kopieer en plak je het volgende:
[b:13c1e9784c]C:\WINDOWS\system32\winsystems16.exe [/b:13c1e9784c]
Klik op de knop: [b:13c1e9784c]single file[/b:13c1e9784c] (!Belangrijk!)
Daarna, Klik op de rode cirkel met het wit kruisje erin.
Killbox zal zeggen dat deze file zal verwijderd worden on reboot.. vraagt om nu te rebooten. Klik YES.
Je pc moet nu rebooten.
Ga naar Start - Uitvoeren en geef daar met behulp van kopieeren en plakken het volgende commando in:
[b:13c1e9784c]"C:\Documents and Settings\Leo\Bureaublad\combofix.exe" /v pmnnn pmnommm wvtlsrtw[/b:13c1e9784c]
Bevestig dit met OK.
Combofix zal starten, na het herstarten van je PC post je het nieuwe logje van Combofix tesamen met een nieuw logje van HijackThis - Volgende log:
"Leo" - 07-01-29 23:56:43 Service Pack 2
ComboFix 07-01-25 - Running from: "C:\Documents and Settings\Leo\Bureaublad"
Command switches used :: /v pmnnn pmnommm wvtlsrtw
(((((((((((((((((((((((((((((((((((((((((((((((( Vundo Log )))))))))))))))))))))))))))))))))))))))))))))))))))))
C:\WINDOWS\system32\pmnnn.dll
C:\WINDOWS\system32\pmnommm.dll
C:\WINDOWS\system32\wvtlsrtw.dll
C:\WINDOWS\system32
nnmp.bak1
C:\WINDOWS\system32
nnmp.ini
* * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
((((((((((((((((((((((((((((((( Files Created from 2006-12-29 to 2007-01-29 ))))))))))))))))))))))))))))))))))
2007-01-29 23:25 <DIR> d——– C:\!KillBox
2007-01-29 16:38 <DIR> d-a—— C:\DOCUME~1\ALLUSE~1\Application Data\TEMP
2007-01-29 13:02 <DIR> d——– C:\Hyjakhthis
2007-01-28 17:07 <DIR> d——– C:\Program Files\Hema Album Software Advanced
2007-01-28 14:33 1,117,491 –a—— C:\WINDOWS\system32\exec1.exe
2007-01-28 14:33 <DIR> d——– C:\Program Files\DVD Shrink
2007-01-28 14:33 <DIR> d——– C:\DOCUME~1\ALLUSE~1\Application Data\DVD Shrink
2007-01-25 12:40 <DIR> d——– C:\Program Files\Computerbrains
2007-01-22 09:29 <DIR> d——– C:\DOCUME~1\Leo\WINDOWS
2007-01-19 09:49 83,168 –a—— C:\WINDOWS\system32\S32EVNT1.DLL
2007-01-19 09:49 82,832 –a—— C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2007-01-19 09:49 <DIR> d——– C:\Program Files\Symantec AntiVirus
2007-01-18 21:36 10,344 –a—— C:\WINDOWS\system32\drivers\symlcbrd.sys
2007-01-15 18:09 <DIR> d——– C:\Program Files\GPLGS
2007-01-14 12:21 <DIR> d——– C:\Program Files\MSRT
2007-01-11 08:24 <DIR> d——– C:\DOCUME~1\Leo\Application Data\Bookmarks
2007-01-10 23:25 <DIR> d——– C:\DOCUME~1\ALLUSE~1\Application Data\Adobe
2007-01-10 22:19 47,360 –a—— C:\WINDOWS\system32\drivers\pcouffin.sys
2007-01-10 22:19 <DIR> d——– C:\Program Files\vso
2007-01-10 22:19 <DIR> d——– C:\DOCUME~1\Leo\Application Data\Vso
2007-01-10 22:13 <DIR> d——– C:\WINDOWS\ie7updates
2007-01-09 21:07 19,728 –a—— C:\WINDOWS\system32\pgdfgsvc.exe
2007-01-09 20:48 <DIR> d——– C:\Program Files\PDA
2007-01-09 20:47 35,328 –a—— C:\WINDOWS\system32\cygz.dll
2007-01-09 20:47 35,328 –a—— C:\WINDOWS\cygz.dll
2007-01-09 20:47 1,126,281 –a—— C:\WINDOWS\system32\cygwin1.dll
2007-01-09 20:47 1,126,281 –a—— C:\WINDOWS\cygwin1.dll
2007-01-09 08:25 <DIR> d——– C:\Program Files\Bootvis
2007-01-04 17:40 <DIR> d——– C:\WINDOWS\Sun
2007-01-04 14:57 12,288 –a—— C:\WINDOWS\system32\drivers\mouhid.sys
2007-01-04 11:16 38,016 –a—— C:\WINDOWS\system32\drivers\bthmodem.sys
2007-01-04 11:10 100,992 –a—— C:\WINDOWS\system32\drivers\bthpan.sys
2007-01-04 11:09 8,192 –a—— C:\WINDOWS\system32\wshirda.dll
2007-01-04 11:09 59,648 –a—— C:\WINDOWS\system32\drivers\rfcomm.sys
2007-01-04 11:09 28,160 –a—— C:\WINDOWS\system32\irmon.dll
2007-01-04 11:09 274,816 –a—— C:\WINDOWS\system32\drivers\bthport.sys
2007-01-04 11:09 18,944 –a—— C:\WINDOWS\system32\drivers\BTHUSB.SYS
2007-01-04 11:09 17,024 –a—— C:\WINDOWS\system32\drivers\BthEnum.sys
2007-01-04 11:09 154,112 –a—— C:\WINDOWS\system32\irftp.exe
2007-01-03 22:35 <DIR> d——– C:\WINDOWS\WinRescue
2007-01-03 22:30 <DIR> d——– C:\Program Files\PowerQuest
2007-01-03 22:16 205,312 -ra—— C:\WINDOWS\pw32a.dll
2007-01-03 22:16 205,312 -ra—— C:\WINDOWS\patchw32.dll
2007-01-03 22:09 <DIR> d——– C:\DOCUME~1\Leo\Application Data\IsolatedStorage
2007-01-02 23:43 <DIR> dr——- C:\DOCUME~1\LOCALS~1\Favorieten
2007-01-02 23:39 90,112 –a—— C:\WINDOWS\system32\CNMCP5I.exe
2007-01-02 13:26 <DIR> d——– C:\DOCUME~1\LOCALS~1\Mijn documenten
2006-12-31 18:09 <DIR> d——– C:\Program Files\Orb Networks
2006-12-31 18:09 <DIR> d——– C:\DOCUME~1\ALLUSE~1\Application Data\OrbNetworks
2006-12-31 18:03 266,360 –a—— C:\WINDOWS\system32\TweakUI.exe
2006-12-31 17:52 8,704 –a—— C:\WINDOWS\system32\CNMVS5I.DLL
2006-12-31 17:52 140,288 –a—— C:\WINDOWS\system32\CNMLM5I.DLL
2006-12-31 17:07 25,856 –a—— C:\WINDOWS\system32\drivers\usbprint.sys
2006-12-31 17:04 <DIR> d——– C:\Temp
2006-12-31 11:04 2,297,552 –a—— C:\WINDOWS\system32\d3dx9_26.dll
2006-12-30 18:06 <DIR> d——– C:\DOCUME~1\Leo\Application Data\AdobeUM
2006-12-30 17:15 30,592 ——— C:\WINDOWS\system32\drivers\rndismpx.sys
2006-12-30 17:15 12,800 ——— C:\WINDOWS\system32\drivers\usb8023x.sys
2006-12-30 17:14 <DIR> d——– C:\Program Files\Microsoft ActiveSync
2006-12-30 16:45 <DIR> d——– C:\Program Files\System Cleanup
2006-12-30 16:44 <DIR> d——– C:\DOCUME~1\Leo\Application Data\Franckey
(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))
2007-01-29 23:54 ——– d——– C:\Documents and Settings\Leo\Application Data\skype
2007-01-29 23:53 ——– d——– C:\Documents and Settings\Leo\Application Data\mailwasherpro
2007-01-28 21:27 ——– d——– C:\Program Files\Common Files\symantec shared
2007-01-27 15:13 ——– d——– C:\Documents and Settings\Leo\Application Data\limewire
2007-01-27 08:27 ——– d—s—- C:\Documents and Settings\Leo\Application Data\microsoft
2007-01-27 08:00 ——– d——– C:\Program Files\google
2007-01-26 17:43 ——– d——– C:\Documents and Settings\Leo\Application Data\cyberlink
2007-01-24 13:05 ——– d–h—– C:\Program Files\installshield installation information
2007-01-20 21:55 ——– d——– C:\Program Files\msn messenger
2007-01-20 20:26 ——– d——– C:\Program Files\winrescuexp
2007-01-19 09:49 ——– d——– C:\Program Files\symantec
2007-01-19 09:42 ——– d——– C:\Program Files
orton antivirus
2007-01-19 09:42 ——– d——– C:\Documents and Settings\Leo\Application Data\symantec
2007-01-19 09:26 3888 –a—— C:\WINDOWS\system32\drivers\NTHANDLE.SYS
2007-01-19 09:22 ——– d——– C:\Documents and Settings\Leo\Application Data\vso
2007-01-11 08:33 ——– d——– C:\Documents and Settings\Leo\Application Data\bookmarks
2007-01-10 23:22 ——– d——– C:\Documents and Settings\Leo\Application Data\adobeum
2007-01-10 23:13 ——– d——– C:\Documents and Settings\Leo\Application Data\adobe
2007-01-10 22:19 87608 –a—— C:\Documents and Settings\Leo\Application Data\ezpinst.exe
2007-01-10 22:19 7824 –a—— C:\Documents and Settings\Leo\Application Data\pcouffin.cat
2007-01-10 22:19 47360 –a—— C:\Documents and Settings\Leo\Application Data\pcouffin.sys
2007-01-10 22:19 34 –a—— C:\Documents and Settings\Leo\Application Data\pcouffin.log
2007-01-10 22:19 1144 –a—— C:\Documents and Settings\Leo\Application Data\pcouffin.inf
2007-01-10 06:59 ——– d——– C:\Program Files\divx subtitle displayer
2007-01-05 14:55 ——– d——– C:\Documents and Settings\Leo\Application Data\voipbuster
2007-01-04 20:15 ——– d——– C:\Program Files\winamp
2007-01-04 20:15 ——– d——– C:\Program Files\divx
2007-01-03 22:09 ——– d——– C:\Documents and Settings\Leo\Application Data\isolatedstorage
2006-12-31 00:27 ——– d——– C:\Documents and Settings\Leo\Application Data\ahead
2006-12-30 17:16 2508 –a—— C:\Documents and Settings\Leo\Application Data\$_hpcst$.hpc
2006-12-30 16:44 ——– d——– C:\Documents and Settings\Leo\Application Data\franckey
2006-12-28 17:54 ——– d——– C:\Documents and Settings\Leo\Application Data
erodctemplates
2006-12-28 10:59 ——– d——– C:\Program Files\who lock me
2006-12-28 10:43 ——– d——– C:\Program Files\Common Files\adobe
2006-12-28 00:19 96256 –a—— C:\WINDOWS\system32\drivers\sptd3965.sys
2006-12-28 00:19 643072 –a—— C:\WINDOWS\system32\drivers\sptd.sys
2006-12-27 20:27 ——– d——– C:\Documents and Settings\Leo\Application Data\acd systems
2006-12-27 15:58 223128 –a—— C:\WINDOWS\system32\drivers\dtscsi.sys
2006-12-27 15:45 ——– d——– C:\Program Files\alcohol soft
2006-12-27 15:44 ——– d——– C:\Program Files\poweriso
2006-12-27 07:59 ——– d——– C:\Program Files\slysoft
2006-12-27 07:58 ——– d——– C:\Program Files\elaborate bytes
2006-12-26 22:38 ——– d——– C:\Program Files\flashfxp
2006-12-26 22:20 ——– d——– C:\Program Files\limewire
2006-12-26 22:17 ——– d——– C:\Program Files\autoruns
2006-12-26 22:15 ——– d——– C:\Documents and Settings\Leo\Application Data\google
2006-12-26 21:54 ——– d——– C:\Program Files\firetrust
2006-12-26 21:28 ——– d——– C:\Program Files\acro software
2006-12-26 21:28 ——– d——– C:\Documents and Settings\Leo\Application Data\help
2006-12-26 21:27 ——– d——– C:\Program Files\messenger plus! live
2006-12-26 21:16 ——– d——– C:\Program Files\diskeeper corporation
2006-12-26 21:16 ——– d——– C:\Documents and Settings\Leo\Application Data\leadertech
2006-12-26 21:05 ——– d——– C:\Program Files\techsmith
2006-12-26 21:05 ——– d——– C:\Program Files\Common Files\wise installation wizard
2006-12-26 21:04 ——– d——– C:\Program Files\pagedefrag
2006-12-26 20:56 ——– d——– C:\Program Files\Common Files\acd systems
2006-12-26 20:56 ——– d——– C:\Program Files\acd systems
2006-12-26 20:54 ——– d——– C:\Program Files\skype
2006-12-26 20:54 ——– d——– C:\Program Files\Common Files\skype
2006-12-26 20:52 ——– d——– C:\Program Files\voipbuster.com
2006-12-26 20:46 ——– d——– C:\Documents and Settings\Leo\Application Data\flashfxp
2006-12-26 20:45 ——– d——– C:\Program Files\lavasoft
2006-12-26 20:45 ——– d——– C:\Documents and Settings\Leo\Application Data\lavasoft
2006-12-26 20:00 ——– d——– C:\Program Files\microsoft.net
2006-12-26 19:35 ——– d——– C:\Program Files\linux
2006-12-26 19:35 ——– d——– C:\Program Files\cyberlink
2006-12-07 05:14 2330624 –a—— C:\WINDOWS\system32\wmvcore.dll
2006-11-08 06:07 679424 –a—— C:\WINDOWS\system32\inetcomm.dll
2006-11-07 21:03 6049280 ——— C:\WINDOWS\system32\ieframe.dll
2006-11-07 21:03 50688 ——— C:\WINDOWS\system32\msfeedsbs.dll
2006-11-07 21:03 458752 ——— C:\WINDOWS\system32\msfeeds.dll
2006-11-07 21:03 413696 –a—— C:\WINDOWS\system32\vbscript.dll
2006-11-07 21:03 231424 –a—— C:\WINDOWS\system32\webcheck.dll
2006-11-07 21:03 180736 ——— C:\WINDOWS\system32\ieui.dll
2006-11-07 21:03 156160 –a—— C:\WINDOWS\system32\msls31.dll
2006-11-07 03:27 382976 –a—— C:\WINDOWS\system32\iedkcs32.dll
2006-11-07 03:27 229376 –a—— C:\WINDOWS\system32\ieaksie.dll
2006-11-07 03:26 71680 –a—— C:\WINDOWS\system32\admparse.dll
2006-11-07 03:26 55296 –a—— C:\WINDOWS\system32\iesetup.dll
2006-11-07 03:26 54784 –a—— C:\WINDOWS\system32\ie4uinit.exe
2006-11-07 03:26 43008 –a—— C:\WINDOWS\system32\iernonce.dll
2006-11-07 03:26 152064 –a—— C:\WINDOWS\system32\ieakeng.dll
2006-11-07 03:26 13312 –a—— C:\WINDOWS\system32\ieudinit.exe
2006-11-07 03:26 123904 –a—— C:\WINDOWS\system32\advpack.dll
2006-11-07 03:25 161792 –a—— C:\WINDOWS\system32\ieakui.dll
2006-11-04 14:14 1245696 –a—— C:\WINDOWS\system32\msxml4.dll
2006-10-30 15:24 278528 –a—— C:\WINDOWS\system32\livesnth.dll
2006-10-30 15:24 203776 –a—— C:\WINDOWS\system32\clrviddc.dll
2006-10-30 12:23 8 -r-hs—- C:\WINDOWS\system32\6b8972dcc0.sys
2006-10-30 12:23 4704 –ahs—- C:\WINDOWS\system32\kgygaavl.sys
(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries & legit default entries are not shown
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"VoipBuster"="\"C:\\Program Files\\VoipBuster.com\\VoipBuster\\VoipBuster.exe\" -nosplash -minimized"
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"msnmsgr"="\"C:\\Program Files\\MSN Messenger\\msnmsgr.exe\" /background"
"Skype"="\"C:\\Program Files\\Skype\\Phone\\Skype.exe\" /nosplash /minimized"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"ehTray"="C:\\WINDOWS\\ehome\\ehtray.exe"
"RTHDCPL"="RTHDCPL.EXE"
"Alcmtr"="ALCMTR.EXE"
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"nwiz"="nwiz.exe /install"
"LanguageShortcut"="\"C:\\Program Files\\Home Cinema\\PowerDVD\\Language\\Language.exe\""
"InstantOn"="\"C:\\Program Files\\CyberLink\\PowerCinema Linux\\ion_install.exe /c \""
@=""
"BluetoothAuthenticationAgent"="rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent"
"Synchronization Manager"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,73,79,\
73,74,65,6d,33,32,5c,6d,6f,62,73,79,6e,63,2e,65,78,65,20,2f,6c,6f,67,6f,6e,\
00
"DiskeeperSystray"="\"C:\\Program Files\\Diskeeper Corporation\\Diskeeper\\DkIcon.exe\""
"ccApp"="\"C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\""
"vptray"="C:\\PROGRA~1\\SYMANT~1\\VPTray.exe"
"WinSystems"="C:\\WINDOWS\\system32\\winsystems16.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices]
"WinSystems"="C:\\WINDOWS\\system32\\winsystems16.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BullGuard]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="bullguard"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\BullGuard Software\\BullGuard\\bullguard.exe\" -boot"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDTray]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="CloneCDTray"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\SlySoft\\CloneCD\\CloneCDTray.exe\" /s"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DiskeeperSystray]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="DkIcon"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Diskeeper Corporation\\Diskeeper\\DkIcon.exe\""
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="NeroCheck"
"hkey"="HKLM"
"command"="C:\\Program Files\\Common Files\\Ahead\\Lib\\NeroCheck.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Norton Ghost 9.0]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="GhostTray"
"hkey"="HKLM"
"command"="C:\\Program Files\\Symantec\\Norton Ghost\\Agent\\GhostTray.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"appinit_dlls"="pushow10.dll"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"=hex(2):43,3a,5c,57,49,4e,44,4f,57,53,5c,52,65,73,6f,75,72,\
63,65,73,5c,54,68,65,6d,65,73,5c,52,6f,79,61,6c,65,5c,52,6f,79,61,6c,65,2e,\
6d,73,73,74,79,6c,65,73,00
"InstallTheme"=hex(2):43,3a,5c,57,49,4e,44,4f,57,53,5c,52,65,73,6f,75,72,63,65,\
73,5c,54,68,65,6d,65,73,5c,52,6f,79,61,6c,65,2e,74,68,65,6d,65,00
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
Usnsvc REG_MULTI_SZ usnsvc\0\0
bthsvcs REG_MULTI_SZ BthServ\0\0
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\G]
Shell\AutoRun\command G:\setup.exe -q
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3c5f6850-70c7-11db-a1f6-0012bfc591d8}]
Shell\AutoRun\command J:\prime.bat
Completion time: 07-01-30 0:00:56
C:\ComboFix2.txt … 07-01-29 20:46
C:\ComboFix3.txt … 07-01-29 18:59
Hyjack This:
Logfile of HijackThis v1.99.1
Scan saved at 0:06:30, on 30-1-2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\System32\GEARSec.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Symantec\Norton Ghost\Agent\PQV2iSvc.exe
C:\WINDOWS\system32
vsvc32.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\VoipBuster.com\VoipBuster\VoipBuster.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\FireTrust\MailWasher Pro\MailWasher.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\MSN Messenger\msncall.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Skype\Plugin Manager\SkypePM.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Hyjakhthis\HijackThis1991.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.aldi.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.aldi.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: HelperObject Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 7\SnagItBHO.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 7\SnagItIEAddin.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\Home Cinema\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [InstantOn] "C:\Program Files\CyberLink\PowerCinema Linux\ion_install.exe /c "
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [WinSystems] C:\WINDOWS\system32\winsystems16.exe
O4 - HKLM\..\RunServices: [WinSystems] C:\WINDOWS\system32\winsystems16.exe
O4 - HKCU\..\Run: [VoipBuster] "C:\Program Files\VoipBuster.com\VoipBuster\VoipBuster.exe" -nosplash -minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - Startup: MailWasherPro.lnk = C:\Program Files\FireTrust\MailWasher Pro\MailWasher.exe
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1162213379953
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: pushow10.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Symantec\Norton Ghost\Agent\PQV2iSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32
vsvc32.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
Hartelijk bedankt voorje hulp tot zo ver, zie je nog wat bijzonders? - Het ziet er al beter uit
Start HijackThis nog een keer, kies voor "Do a system scan only" en plaats alleen een vinkje voor de volgende regels:
[b:dbc0d5bfd9]O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [WinSystems] C:\WINDOWS\system32\winsystems16.exe
O4 - HKLM\..\RunServices: [WinSystems] C:\WINDOWS\system32\winsystems16.exe
O20 - AppInit_DLLs: pushow10.dll [/b:dbc0d5bfd9]
Sluit alle open vensters(behalve HijackThis), klik daarna op "Fix checked" en sluit HijackThis af.
Doe daarna de volgende stappen:
1. Download ATF cleaner (gemaakt door Atribune)
Dubbelklik op ATF cleaner om het programma te starten.
Op het tabblad "Main", plaats je een vinkje bij [b:dbc0d5bfd9]Select All[/b:dbc0d5bfd9].
Klik op de knop [b:dbc0d5bfd9]Empty Selected[/b:dbc0d5bfd9].
Het volgende doen als je ook FireFox als browser hebt:
Klik op tabblad "Firefox", plaats een vinkje bij [b:dbc0d5bfd9]Select All[/b:dbc0d5bfd9].
Wil je de door Firefox opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op "No".
(dit haalt het vinkje weer weg bij "Firefox saved passwords"
Klik op de knop [b:dbc0d5bfd9]Empty Selected[/b:dbc0d5bfd9].
Het volgende doen als je ook Opera als browser hebt:
Klik op tabblad "Opera", plaats een vinkje bij [b:dbc0d5bfd9]Select All[/b:dbc0d5bfd9].
Wil je de door Opera opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op "No".
Klik op de knop [b:dbc0d5bfd9]Empty Selected[/b:dbc0d5bfd9].
Ga naar het tabblad "Main" en klik op de knop [b:dbc0d5bfd9]Exit[/b:dbc0d5bfd9] om het programma af te sluiten.
2. Download [b:dbc0d5bfd9]Dr.Web CureIt[/b:dbc0d5bfd9] naar je bureaublad:
ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe
3. Start de computer in veilige modus.
4. Dubbelklik [b:dbc0d5bfd9]drweb-cureit.exe[/b:dbc0d5bfd9] en sta het toe om de express scan te starten.
Dit zal de bestanden scannen die momenteel in het geheugen geladen zijn en wanneer er iets gevonden wordt, klik de Yes to all knop bij de vraag 'cure it?'. Dit is enkel een korte scan.
Eenmaal de korte scan is beeïndigd, Klik [b:dbc0d5bfd9]Options[/b:dbc0d5bfd9] > Change Settings
Kies de "Scan"-tab en verwijder het vinkje bij "Heuristic analyse"
Terug in het hoofdvenster kan je de drives selecteren die je wilt laten scannen.
Selecteer hier alle drives. Een rood bolletje zal dan tevoorschijn komen op de drives die je laat scannen.
Klik daarna de [b:dbc0d5bfd9]groene pijl[/b:dbc0d5bfd9] rechts om de scan te starten.
Klik 'Yes to all' wanneer er gevraagd wordt om cure of move uit te voeren.
Wanneer de scan gedaan is, kijk of je volgende icoontje kan aanklikken dat staat naast hetgeen gevonden werd: [img:dbc0d5bfd9]http://users.telenet.be/bluepatchy/miekiemoes/images/check.gif[/img:dbc0d5bfd9]
Indien wel, klik erop en daarna klik op het icoontje er net onder en kies: [b:dbc0d5bfd9]Move incurable[/b:dbc0d5bfd9] zoals je zal zien in volgende afbeelding:
[img:dbc0d5bfd9]http://users.telenet.be/bluepatchy/miekiemoes/images/move.gif[/img:dbc0d5bfd9]
Dit zal de bestanden verplaatsen naar volgende map %userprofile%\DoctorWeb\quarantaine-folder indien het niet gedesinfecteerd kan worden. (dit in het geval dat we samples nodig hebben)
Na bovenstaande te selecteren, in het menu bovenaan van Dr.Web CureIt, klik [b:dbc0d5bfd9]file[/b:dbc0d5bfd9] en kies [b:dbc0d5bfd9]save report list[/b:dbc0d5bfd9]. Bewaar de log op je bureaublad.
Sluit daarna Dr.Web Cureit.
5. [b:dbc0d5bfd9]Herstart[/b:dbc0d5bfd9] je computer in normale modus!! Belangrijke stap, want het kan zijn dat Dr.Web Cureit bestanden zal verplaatsen/verwijderen tijdens herstart.
Na het herstarten, Kopieer en plak de inhoud van die log die je eerder hebt bewaard in je volgende post tesamen met een logje van Hijackthis - [u:c26533700f]Log drweb-cureit.exe:[/u:c26533700f]
niks gevonden
[u:c26533700f]Log Hijack This:[/u:c26533700f]Logfile of HijackThis v1.99.1
Scan saved at 12:27:04, on 30-1-2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\System32\GEARSec.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Symantec\Norton Ghost\Agent\PQV2iSvc.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\VoipBuster.com\VoipBuster\VoipBuster.exe
C:\WINDOWS\system32
vsvc32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\FireTrust\MailWasher Pro\MailWasher.exe
C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
C:\Program Files\Skype\Plugin Manager\SkypePM.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\MSN Messenger\msncall.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Hyjakhthis\HijackThis1991.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startpagina.nl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.aldi.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.aldi.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: HelperObject Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 7\SnagItBHO.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 7\SnagItIEAddin.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\Home Cinema\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [InstantOn] "C:\Program Files\CyberLink\PowerCinema Linux\ion_install.exe /c "
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKCU\..\Run: [VoipBuster] "C:\Program Files\VoipBuster.com\VoipBuster\VoipBuster.exe" -nosplash -minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - Startup: MailWasherPro.lnk = C:\Program Files\FireTrust\MailWasher Pro\MailWasher.exe
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1162213379953
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Symantec\Norton Ghost\Agent\PQV2iSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32
vsvc32.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
Zo te zien zijn de items die je noemde verdwenen en lijkt het erop dat mijn systeem weer opgeknapt is of zie jij nog wat bijzonders. - Logje ziet er schoon uit
Doe dit nog even:
[b:8972da3744] - Hartelijk bedankt voor de moeite, prima hulp van je gehad. Probleem opgelost!!!!
Beantwoord deze vraag
Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.