Op deze website gebruiken we cookies om content en advertenties te personaliseren, om functies voor social media te bieden en om ons websiteverkeer te analyseren. Ook delen we informatie over uw gebruik van onze site met onze partners voor social media, adverteren en analyse. Deze partners kunnen deze gegevens combineren met andere informatie die u aan ze heeft verstrekt of die ze hebben verzameld op basis van uw gebruik van hun services. Meer informatie.

Akkoord

Vraag & Antwoord

Beveiliging & privacy

Trojan.Win32.Pakes.cc

None
25 antwoorden
  • Hoi,

    Ik heb al enkele dagen een probleem met mijn pc en kan er zelf niet uit komen. Elke keer als ik mijn pc opstart dan doet 'ie het maar even en dan start ie overnieuw op.
    Ik kreeg dinsdag een virus binnen en die werd opgepikt door mijn scanner, heb 'm verwijderd en had gehoopt dat alles weg was. Maar de volgende dag startte hij al niet meer goed op en ook in de veilige modus doet ie het amper. Ik kan nu nog wel op internet, maar ook niet voor lang.

    Het virus dat ik binnenkreeg was Trojan.Win32.Pakes.cc. Ook werd hier nog het volgende bij aangegeven: C://Windows/System32/nyoldfsa.dll. Ik heb een beetje met google gezocht, maar kan het echt niet vinden.

    Wie weet wat ik moet doen?
  • Hallo,
    Het lijkt me het beste om hier een Hijackthis logje te plaatsen, anders wordt het lastig.

    Zie: http://forum.computertotaal.nl/phpBB2/viewtopic.php?p=765174#765174
  • hierbij de logfile. ik hoop dat jullie er wat mee kunnen.


    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 12:11:23, on 31-8-2007
    Platform: Windows XP (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 (6.00.2600.0000)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\System32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\D-Tools\daemon.exe
    C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
    C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
    C:\Program Files\Omni\Omni keyboard driver\5.0\KbdAp32A.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    D:\Program Files\AOL\Active Virus Shield\avp.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Java\jre1.5.0_02\bin\jucheck.exe
    C:\WINDOWS\System32\ctfmon.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    D:\Program Files\AOL\Active Virus Shield\avp.exe
    C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\RealVNC\VNC4\WinVNC4.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {10C2AB4E-8894-455F-AD43-F007F1452119} - c:\windows\system32\fmlafml.dll
    O2 - BHO: (no name) - {4D8BAEB1-6664-41CA-AB7D-6649D7F37299} - c:\windows\system32\rtxzpcai.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
    O2 - BHO: (no name) - {DF332CEC-2741-4E69-9758-9EB74B9FAF1C} - C:\WINDOWS\System32\dfrgsna.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
    O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
    O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [LWBKEYBOARD] C:\Program Files\Omni\Omni keyboard driver\5.0\KbdAp32A.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [aol] "D:\Program Files\AOL\Active Virus Shield\avp.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [mbvigaaa] C:\WINDOWS\System32\mbvigaaa.exe
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [mbvigaaa] C:\WINDOWS\System32\mbvigaaa.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Verzenden naar &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin
    pjpi150_02.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin
    pjpi150_02.dll
    O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll (file missing)
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
    O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    O12 - Plugin for .mpeg: C:\Program Files\Internet Explorer\PLUGINS
    pqtplugin3.dll
    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com
    esources/scan8/oscan8.cab
    O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab
    O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://cache.hyvz.com/statics/Aurigma/ImageUploader4.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
    O16 - DPF: {D83C1BD1-DCBB-11D4-9425-0050BF33FA6E} (CycloScopeLite Control) - http://www.cyclomedia.nl/download/components/CycloScopeLite.cab
    O20 - AppInit_DLLs: C:\WINDOWS\System32\wmfhotfix.dll
    O20 - Winlogon Notify: meqnjzje - C:\WINDOWS\SYSTEM32\fmlafml.dll
    O21 - SSODL: FgQHWLXjBG - {341C3C78-9EB6-96D2-9DF2-8A7063A4210E} - (no file)
    O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: Active Virus Shield (AVP) - AOL - D:\Program Files\AOL\Active Virus Shield\avp.exe
    O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
    O23 - Service: FireDaemon Service: ecure (ecure) - Unknown owner - C:\WINDOWS\Temp\FireDaemon.EXE (file missing)
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
    O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
    O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
    O23 - Service: FireDaemon Service: svchost1 (svchost1) - Unknown owner - C:\WINDOWS\Temp\FireDaemon.EXE (file missing)
    O23 - Service: VNC Server Version 4 (WinVNC4) - RealVNC Ltd. - C:\Program Files\RealVNC\VNC4\WinVNC4.exe


    End of file - 8603 bytes



  • Download [b:cc69ea4bf4]Combofix[/b:cc69ea4bf4] naar je Bureaublad.[list:cc69ea4bf4]
    Dubbelklik op [b:cc69ea4bf4]Combofix.exe[/b:cc69ea4bf4]
    Volg de instructies, aanvaard de disclaimer door [b:cc69ea4bf4]1[/b:cc69ea4bf4] (continue) te typen gevolgd door [b:cc69ea4bf4]ENTER[/b:cc69ea4bf4].
    Tijdens het runnen van de fix, [b:cc69ea4bf4]NIET[/b:cc69ea4bf4] in het venster klikken, want dit zal je pc doen vasthangen.[/list:u:cc69ea4bf4]
    Wanneer de fix voltooid is en na herstart, zal de log [b:cc69ea4bf4]combofix.txt[/b:cc69ea4bf4] openen.
    [i:cc69ea4bf4]Plaats dit log in je volgende post tesamen met een nieuw HijackThis log.[/i:cc69ea4bf4]

    Opmerking: Indien je virusscanner reageert met een melding van een scriptuitvoering, mag je dit negeren.
  • Combofix log:

    ComboFix 07-08-30.3 - "Rik Steverink" 2007-08-31 19:47:13.1 - NTFSx86
    Microsoft Windows XP Professional 5.1.2600.0.1252.1.1043.18.211 [GMT 2:00]
    * Created a new restore point


    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


    C:\WINDOWS\3.exe
    C:\WINDOWS\system32\regscan.exe


    ((((((((((((((((((((((((( Files Created from 2007-07-28 to 2007-08-31 )))))))))))))))))))))))))))))))


    2007-08-31 12:08 <DIR> d——– C:\Program Files\Trend Micro
    2007-08-28 17:28 <DIR> d——– C:\WINDOWS\LogFiles
    2007-08-27 19:29 98,304 –a—— C:\WINDOWS\system32\llnjvmiu.dll
    2007-08-27 19:29 64,512 –a—— C:\WINDOWS\system32\rtxzpcai.dll
    2007-08-27 19:29 44,544 –a—— C:\WINDOWS\system32\rdysjale.dll
    2007-08-27 19:29 43,520 –a—— C:\WINDOWS\system32\lxiwchos.dll
    2007-08-27 19:29 126,976 –a—— C:\WINDOWS\system32\tkndkvsz.dll
    2007-08-27 19:19 77,312 –a—— C:\WINDOWS\system32\fmlafml.dll
    2007-08-27 19:19 17,024 C:\WINDOWS\system32\drivers
    eurwdoq.sys
    2007-08-27 19:18 76,395 –a—— C:\WINDOWS\system32\dfrgsna.dll
    2007-08-27 18:16 <DIR> d——– C:\Program Files\Tams11
    2007-08-22 21:20 <DIR> d——– C:\Bdienst
    2007-08-11 15:23 <DIR> d——– C:\Program Files\Firefly Studios
    2007-07-16 17:10 <DIR> d——– C:\DOCUME~1\RIKSTE~1\APPLIC~1\ATI
    2007-07-16 17:04 6,451,200 –a—— C:\WINDOWS\system32\atioglxx.dll
    2007-07-16 17:04 484,064 –a—— C:\WINDOWS\system32\ativvaxx.dll
    2007-07-16 17:04 294,912 -ra—— C:\WINDOWS\system32\atiiiexx.dll
    2007-07-16 17:04 17,408 –a—— C:\WINDOWS\system32\atitvo32.dll
    2007-07-16 17:04 135,168 -ra—— C:\WINDOWS\system32\ATIDEMGR.dll
    2007-07-16 17:04 118,784 –a—— C:\WINDOWS\system32\atipdlxx.dll
    2007-07-16 17:04 102,400 –a—— C:\WINDOWS\system32\Oemdspif.dll
    2007-07-16 17:02 <DIR> d——– C:\ATI
    2007-07-16 16:51 <DIR> d——– C:\Program Files\SiSoftware
    2007-07-16 16:18 62,744 –a—— C:\WINDOWS\system32\xinput1_2.dll
    2007-07-16 16:18 236,824 –a—— C:\WINDOWS\system32\xactengine2_3.dll
    2007-07-16 16:02 <DIR> d——– C:\Program Files\Radical Games
    2007-07-12 19:25 <DIR> d——– C:\Program Files\BearFlix
    2007-07-02 21:07 <DIR> d——– C:\Program Files\Jasc Software Inc


    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

    2007-08-30 23:36 2393480 –ahs—- C:\WINDOWS\system32\drivers\fidbox.idx
    2007-08-30 23:36 178759200 –ahs—- C:\WINDOWS\system32\drivers\fidbox.dat
    2007-08-30 23:36 1096224 –ahs—- C:\WINDOWS\system32\drivers\fidbox2.dat
    2007-08-30 23:36 103184 –ahs—- C:\WINDOWS\system32\drivers\fidbox2.idx
    2007-08-28 17:14 ——— d——– C:\Program Files\Spyware Doctor
    2007-08-28 15:57 ——— d——– C:\Program Files\Hitman Pro
    2007-08-28 14:49 ——— d——– C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
    2007-08-28 11:40 ——— d——– C:\Program Files\SpywareBlaster
    2007-08-20 21:08 ——— d——– C:\Program Files\Broderbund
    2007-08-20 21:07 ——— d–h—– C:\Program Files\InstallShield Installation Information
    2007-08-20 21:07 ——— d——– C:\Program Files\Nokia
    2007-08-20 21:06 ——— d–h—– C:\DOCUME~1\RIKSTE~1\APPLIC~1\Move Networks
    2007-08-20 21:06 ——— d——– C:\Program Files\DivX
    2007-08-11 15:21 ——— d——– C:\Program Files\ACE Mega CoDecS Pack
    2007-07-16 17:05 ——— d——– C:\Program Files\ATI Technologies
    2007-07-07 17:39 ——— d——– C:\Program Files\Google
    2007-06-17 00:11 51200 –a—— C:\WINDOWS
    ircmd.exe
    2006-11-25 17:56:21 2,932 –sha-w C:\WINDOWS\system32\KGyGaAvL.sys


    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


    *Note* empty entries & legit default entries are not shown

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{10C2AB4E-8894-455F-AD43-F007F1452119}]
    2007-08-30 22:51 77312 –a—— c:\windows\system32\fmlafml.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4D8BAEB1-6664-41CA-AB7D-6649D7F37299}]
    2007-08-27 19:29 64512 –a—— c:\windows\system32\rtxzpcai.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{DF332CEC-2741-4E69-9758-9EB74B9FAF1C}]
    2001-09-07 14:00 76395 –a—— C:\WINDOWS\System32\dfrgsna.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "DAEMON Tools-1033"="C:\Program Files\D-Tools\daemon.exe" [2004-08-22 18:05]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe" [2005-03-04 04:36]
    "ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-08-11 16:30]
    "ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-08-11 16:30]
    "LWBKEYBOARD"="C:\Program Files\Omni\Omni keyboard driver\5.0\KbdAp32A.exe" [2004-05-27 04:37]
    "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2006-03-17 17:25]
    "aol"="D:\Program Files\AOL\Active Virus Shield\avp.exe" [2006-05-30 13:13]
    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-02-05 17:03]
    "mbvigaaa"="C:\WINDOWS\System32\mbvigaaa.exe" []
    "ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 16:41]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\System32\ctfmon.exe" [2001-09-07 14:00]
    "mbvigaaa"="C:\WINDOWS\System32\mbvigaaa.exe" []

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon
    otify\meqnjzje]
    fmlafml.dll 2007-08-30 22:51 77312 C:\WINDOWS\system32\fmlafml.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "appinit_dlls"=C:\WINDOWS\System32\wmfhotfix.dll

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^BTTray.lnk]
    path=C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\BTTray.lnk
    backup=C:\WINDOWS\pss\BTTray.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Cmaudio]
    RunDll32 cmicnfg.cpl,CMICtrlWnd

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DownloadAccelerator]
    "C:\Program Files\DAP\DAP.EXE" /STARTUP

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
    "C:\Program Files\Messenger\msmsgs.exe" /background

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication]
    C:\Program Files\Nokia\Nokia PC Suite 6\Launch Application 2.exe -onlytray

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PcSync]
    C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Picasa Media Detector]
    D:\Program Files\Picasa2\PicasaMediaDetector.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RocketDock]
    "C:\WINDOWS\BricoPacks\Crystal Clear\RocketDock\RocketDock.exe"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
    "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WeatherCast]
    "C:\Program Files\WeatherCast\Weather.exe" /q

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
    "Adobe LM Service"=3 (0x3)

    R0 reaucigj;reaucigj;C:\WINDOWS\System32\drivers
    eurwdoq.sys
    R2 odzpqoil;IPX Traffic Forwarder Monitor;C:\WINDOWS\System32\svchost.exe -k netsvcs
    S2 ecure;FireDaemon Service: ecure;C:\WINDOWS\Temp\FireDaemon.EXE
    S2 svchost1;FireDaemon Service: svchost1;C:\WINDOWS\Temp\FireDaemon.EXE
    S3 Maplom;Maplom;C:\WINDOWS\System32\drivers\Maplom.sys
    S3 NTSIM;NTSIM;\??\C:\WINDOWS\System32
    tsim.sys

    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
    odzpqoil

    *Newly Created Service* - CATCHME

    **************************************************************************

    catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2007-08-31 19:51:26
    Windows 5.1.2600 NTFS

    scanning hidden processes …

    scanning hidden autostart entries …

    scanning hidden files …

    C:\WINDOWS\system32\AppCert
    C:\WINDOWS\system32\drivers\hd_dirs.cfg
    C:\WINDOWS\system32\drivers\hd_files.cfg
    C:\WINDOWS\system32\drivers\hd_rkeys.cfg
    C:\WINDOWS\system32\drivers\hd_rvals.cfg
    C:\WINDOWS\system32\drivers\hd_self.cfg
    C:\WINDOWS\system32\drivers\ippflt.sys

    scan completed successfully
    hidden files: 7

    **************************************************************************

    [HKEY_LOCAL_MACHINE\system\ControlSet003\Services\ippflt]
    "ImagePath"="System32\Drivers\ippflt.sys"

    Completion time: 2007-08-31 19:52:36
    C:\ComboFix-quarantined-files.txt … 2007-08-31 19:52
    C:\ComboFix2.txt … 2007-04-24 20:02

    — E O F —


    hijackthis log:

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 19:59:28, on 31-8-2007
    Platform: Windows XP (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 (6.00.2600.0000)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\savedump.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\System32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\D-Tools\daemon.exe
    C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
    C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
    C:\Program Files\Omni\Omni keyboard driver\5.0\KbdAp32A.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    D:\Program Files\AOL\Active Virus Shield\avp.exe
    C:\Program Files\Java\jre1.5.0_02\bin\jucheck.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\WINDOWS\System32\ctfmon.exe
    C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    D:\Program Files\AOL\Active Virus Shield\avp.exe
    C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\RealVNC\VNC4\WinVNC4.exe
    C:\WINDOWS\System32\wuauclt.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {10C2AB4E-8894-455F-AD43-F007F1452119} - c:\windows\system32\fmlafml.dll
    O2 - BHO: (no name) - {4D8BAEB1-6664-41CA-AB7D-6649D7F37299} - c:\windows\system32\rtxzpcai.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
    O2 - BHO: (no name) - {DF332CEC-2741-4E69-9758-9EB74B9FAF1C} - C:\WINDOWS\System32\dfrgsna.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
    O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
    O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [LWBKEYBOARD] C:\Program Files\Omni\Omni keyboard driver\5.0\KbdAp32A.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [aol] "D:\Program Files\AOL\Active Virus Shield\avp.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [mbvigaaa] C:\WINDOWS\System32\mbvigaaa.exe
    O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
    O4 - HKCU\..\Run: [mbvigaaa] C:\WINDOWS\System32\mbvigaaa.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Verzenden naar &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin
    pjpi150_02.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin
    pjpi150_02.dll
    O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll (file missing)
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
    O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    O12 - Plugin for .mpeg: C:\Program Files\Internet Explorer\PLUGINS
    pqtplugin3.dll
    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com
    esources/scan8/oscan8.cab
    O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab
    O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://cache.hyvz.com/statics/Aurigma/ImageUploader4.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
    O16 - DPF: {D83C1BD1-DCBB-11D4-9425-0050BF33FA6E} (CycloScopeLite Control) - http://www.cyclomedia.nl/download/components/CycloScopeLite.cab
    O20 - AppInit_DLLs: C:\WINDOWS\System32\wmfhotfix.dll
    O20 - Winlogon Notify: meqnjzje - C:\WINDOWS\SYSTEM32\fmlafml.dll
    O21 - SSODL: FgQHWLXjBG - {341C3C78-9EB6-96D2-9DF2-8A7063A4210E} - (no file)
    O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: Active Virus Shield (AVP) - AOL - D:\Program Files\AOL\Active Virus Shield\avp.exe
    O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
    O23 - Service: FireDaemon Service: ecure (ecure) - Unknown owner - C:\WINDOWS\Temp\FireDaemon.EXE (file missing)
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
    O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
    O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
    O23 - Service: FireDaemon Service: svchost1 (svchost1) - Unknown owner - C:\WINDOWS\Temp\FireDaemon.EXE (file missing)
    O23 - Service: VNC Server Version 4 (WinVNC4) - RealVNC Ltd. - C:\Program Files\RealVNC\VNC4\WinVNC4.exe


    End of file - 8557 bytes

    Overigens komt t ook vaak voor sinds een paar dagen dat als ik in explorer een adres typ, dat ie dan naar search-daily gaat…miss heeft dit er ook mee te maken?








  • Open Kladblok, kopiëer en plak het volgende (vetgedrukte, blauwe tekst) in een leeg venster: [list:493f456e32][b:493f456e32]
  • Combolog:

    ComboFix 07-08-30.3 - "Rik Steverink" 2007-09-01 13:04:44.2 - NTFSx86
    Microsoft Windows XP Professional 5.1.2600.0.1252.1.1043.18.209 [GMT 2:00]
    Command switches used :: C:\Documents and Settings\Rik Steverink\Bureaublad\CFScript.txt
    * Created a new restore point

    FILE::
    C:\WINDOWS\system32\llnjvmiu.dll
    C:\WINDOWS\system32\rtxzpcai.dll
    C:\WINDOWS\system32\rdysjale.dll
    C:\WINDOWS\system32\lxiwchos.dll
    C:\WINDOWS\system32\tkndkvsz.dll
    C:\WINDOWS\system32\fmlafml.dll
    C:\WINDOWS\System32\mbvigaaa.exe


    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


    C:\WINDOWS\system32\fmlafml.dll . . . . failed to delete
    C:\WINDOWS\system32\llnjvmiu.dll
    C:\WINDOWS\system32\lxiwchos.dll
    C:\WINDOWS\system32\rdysjale.dll
    C:\WINDOWS\system32\rtxzpcai.dll
    C:\WINDOWS\system32\tkndkvsz.dll


    ((((((((((((((((((((((((( Files Created from 2007-08-01 to 2007-09-01 )))))))))))))))))))))))))))))))


    2007-09-01 12:56 753,664 –a—— C:\WINDOWS\system32
    yoldfsa.dll
    2007-09-01 12:56 684,567 –a—— C:\WINDOWS\system32\libeay32.dll
    2007-09-01 12:56 147,729 –a—— C:\WINDOWS\system32\libssl32.dll
    2007-08-31 12:08 <DIR> d——– C:\Program Files\Trend Micro
    2007-08-28 17:28 <DIR> d——– C:\WINDOWS\LogFiles
    2007-08-27 19:19 78,848 ——— C:\WINDOWS\system32\fmlafml.dll
    2007-08-27 19:19 17,280 C:\WINDOWS\system32\drivers
    eurwdoq.sys
    2007-08-27 19:18 76,395 –a—— C:\WINDOWS\system32\dfrgsna.dll
    2007-08-27 18:16 <DIR> d——– C:\Program Files\Tams11
    2007-08-22 21:20 <DIR> d——– C:\Bdienst
    2007-08-11 15:23 <DIR> d——– C:\Program Files\Firefly Studios


    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

    2007-09-01 13:09 2395112 –ahs—- C:\WINDOWS\system32\drivers\fidbox.idx
    2007-09-01 13:09 178759200 –ahs—- C:\WINDOWS\system32\drivers\fidbox.dat
    2007-09-01 13:09 1096224 –ahs—- C:\WINDOWS\system32\drivers\fidbox2.dat
    2007-09-01 13:09 103784 –ahs—- C:\WINDOWS\system32\drivers\fidbox2.idx
    2007-08-28 17:14 ——— d——– C:\Program Files\Spyware Doctor
    2007-08-28 15:57 ——— d——– C:\Program Files\Hitman Pro
    2007-08-28 14:49 ——— d——– C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
    2007-08-28 11:40 ——— d——– C:\Program Files\SpywareBlaster
    2007-08-20 21:08 ——— d——– C:\Program Files\Broderbund
    2007-08-20 21:07 ——— d–h—– C:\Program Files\InstallShield Installation Information
    2007-08-20 21:07 ——— d——– C:\Program Files\Nokia
    2007-08-20 21:06 ——— d–h—– C:\DOCUME~1\RIKSTE~1\APPLIC~1\Move Networks
    2007-08-20 21:06 ——— d——– C:\Program Files\DivX
    2007-08-20 21:05 ——— d——– C:\Program Files\BearFlix
    2007-08-11 15:21 ——— d——– C:\Program Files\ACE Mega CoDecS Pack
    2007-07-16 17:10 ——— d——– C:\DOCUME~1\RIKSTE~1\APPLIC~1\ATI
    2007-07-16 17:05 ——— d——– C:\Program Files\ATI Technologies
    2007-07-16 16:51 ——— d——– C:\Program Files\SiSoftware
    2007-07-16 16:02 ——— d——– C:\Program Files\Radical Games
    2007-07-07 17:39 ——— d——– C:\Program Files\Google
    2007-07-07 17:36 ——— d——– C:\Program Files\Jasc Software Inc
    2007-06-17 00:11 51200 –a—— C:\WINDOWS
    ircmd.exe
    2006-11-25 17:56:21 2,932 –sha-w C:\WINDOWS\system32\KGyGaAvL.sys


    ((((((((((((((((((((((((((((( snapshot_2007-08-31_195159,45 )))))))))))))))))))))))))))))))))))))))))

    —-a-w 241,664 2007-09-01 11:04:14 C:\WINDOWS\system32\config\systemprofile
    tuser.dat
    —-a-w 32,768 2007-09-01 10:46:22 C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
    —-a-w 32,768 2007-09-01 10:46:22 C:\WINDOWS\system32\config\systemprofile\Local Settings\Geschiedenis\History.IE5\index.dat
    —-a-w 32,768 2007-09-01 10:46:22 C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
    —-a-w 57,344 2007-09-01 10:56:11 C:\WINDOWS\Temp\zvbpgqei.dll

    —-a-w 241,664 2007-08-31 17:46:38 C:\WINDOWS\system32\config\systemprofile
    tuser.dat
    —-a-w 32,768 2007-08-31 16:58:12 C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
    —-a-w 32,768 2007-08-31 16:58:12 C:\WINDOWS\system32\config\systemprofile\Local Settings\Geschiedenis\History.IE5\index.dat
    —-a-w 32,768 2007-08-31 16:58:12 C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


    *Note* empty entries & legit default entries are not shown

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{10C2AB4E-8894-455F-AD43-F007F1452119}]
    2007-09-01 12:56 78848 ——— c:\windows\system32\fmlafml.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "DAEMON Tools-1033"="C:\Program Files\D-Tools\daemon.exe" [2004-08-22 18:05]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe" [2005-03-04 04:36]
    "ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-08-11 16:30]
    "ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-08-11 16:30]
    "LWBKEYBOARD"="C:\Program Files\Omni\Omni keyboard driver\5.0\KbdAp32A.exe" [2004-05-27 04:37]
    "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2006-03-17 17:25]
    "aol"="D:\Program Files\AOL\Active Virus Shield\avp.exe" [2006-05-30 13:13]
    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-02-05 17:03]
    "mbvigaaa"="C:\WINDOWS\System32\mbvigaaa.exe" []
    "ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 16:41]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\System32\ctfmon.exe" [2001-09-07 14:00]
    "mbvigaaa"="C:\WINDOWS\System32\mbvigaaa.exe" []

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon
    otify\meqnjzje]
    fmlafml.dll 2007-09-01 12:56 78848 C:\WINDOWS\system32\fmlafml.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "appinit_dlls"=C:\WINDOWS\System32\wmfhotfix.dll

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^BTTray.lnk]
    path=C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\BTTray.lnk
    backup=C:\WINDOWS\pss\BTTray.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Cmaudio]
    RunDll32 cmicnfg.cpl,CMICtrlWnd

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DownloadAccelerator]
    "C:\Program Files\DAP\DAP.EXE" /STARTUP

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
    "C:\Program Files\Messenger\msmsgs.exe" /background

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication]
    C:\Program Files\Nokia\Nokia PC Suite 6\Launch Application 2.exe -onlytray

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PcSync]
    C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Picasa Media Detector]
    D:\Program Files\Picasa2\PicasaMediaDetector.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RocketDock]
    "C:\WINDOWS\BricoPacks\Crystal Clear\RocketDock\RocketDock.exe"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
    "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WeatherCast]
    "C:\Program Files\WeatherCast\Weather.exe" /q

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
    "Adobe LM Service"=3 (0x3)

    R0 reaucigj;reaucigj;C:\WINDOWS\System32\drivers
    eurwdoq.sys
    S2 ecure;FireDaemon Service: ecure;C:\WINDOWS\Temp\FireDaemon.EXE
    S2 odzpqoil;IPX Traffic Forwarder Monitor;C:\WINDOWS\System32\svchost.exe -k netsvcs
    S2 svchost1;FireDaemon Service: svchost1;C:\WINDOWS\Temp\FireDaemon.EXE
    S3 Maplom;Maplom;C:\WINDOWS\System32\drivers\Maplom.sys
    S3 NTSIM;NTSIM;\??\C:\WINDOWS\System32
    tsim.sys

    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
    odzpqoil


    **************************************************************************

    catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2007-09-01 13:11:15
    Windows 5.1.2600 NTFS

    scanning hidden processes …

    scanning hidden autostart entries …

    scanning hidden files …

    C:\WINDOWS\system32\AppCert
    C:\WINDOWS\system32\drivers\hd_dirs.cfg
    C:\WINDOWS\system32\drivers\hd_files.cfg
    C:\WINDOWS\system32\drivers\hd_rkeys.cfg
    C:\WINDOWS\system32\drivers\hd_rvals.cfg
    C:\WINDOWS\system32\drivers\hd_self.cfg
    C:\WINDOWS\system32\drivers\ippflt.sys

    scan completed successfully
    hidden files: 7

    **************************************************************************

    [HKEY_LOCAL_MACHINE\system\ControlSet003\Services\ippflt]
    "ImagePath"="System32\Drivers\ippflt.sys"

    Completion time: 2007-09-01 13:14:08 - machine was rebooted
    C:\ComboFix-quarantined-files.txt … 2007-09-01 13:14
    C:\ComboFix2.txt … 2007-08-31 19:52
    C:\ComboFix3.txt … 2007-04-24 20:02

    — E O F —


    hijackthis:

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 13:15:41, on 1-9-2007
    Platform: Windows XP (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 (6.00.2600.0000)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\System32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    D:\Program Files\AOL\Active Virus Shield\avp.exe
    C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\RealVNC\VNC4\WinVNC4.exe
    C:\Program Files\D-Tools\daemon.exe
    C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
    C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
    C:\Program Files\Omni\Omni keyboard driver\5.0\KbdAp32A.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    D:\Program Files\AOL\Active Virus Shield\avp.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\WINDOWS\System32\ctfmon.exe
    C:\Program Files\Java\jre1.5.0_02\bin\jucheck.exe
    C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    C:\WINDOWS\System32\wuauclt.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\WINDOWS\system32\osk.exe
    C:\WINDOWS\system32\MSSWCHX.EXE
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {10C2AB4E-8894-455F-AD43-F007F1452119} - c:\windows\system32\fmlafml.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
    O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
    O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [LWBKEYBOARD] C:\Program Files\Omni\Omni keyboard driver\5.0\KbdAp32A.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [aol] "D:\Program Files\AOL\Active Virus Shield\avp.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [mbvigaaa] C:\WINDOWS\System32\mbvigaaa.exe
    O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
    O4 - HKCU\..\Run: [mbvigaaa] C:\WINDOWS\System32\mbvigaaa.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Verzenden naar &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin
    pjpi150_02.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin
    pjpi150_02.dll
    O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll (file missing)
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
    O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    O12 - Plugin for .mpeg: C:\Program Files\Internet Explorer\PLUGINS
    pqtplugin3.dll
    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com
    esources/scan8/oscan8.cab
    O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab
    O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://cache.hyvz.com/statics/Aurigma/ImageUploader4.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
    O16 - DPF: {D83C1BD1-DCBB-11D4-9425-0050BF33FA6E} (CycloScopeLite Control) - http://www.cyclomedia.nl/download/components/CycloScopeLite.cab
    O20 - AppInit_DLLs: C:\WINDOWS\System32\wmfhotfix.dll
    O20 - Winlogon Notify: meqnjzje - C:\WINDOWS\SYSTEM32\fmlafml.dll
    O21 - SSODL: FgQHWLXjBG - {341C3C78-9EB6-96D2-9DF2-8A7063A4210E} - (no file)
    O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: Active Virus Shield (AVP) - AOL - D:\Program Files\AOL\Active Virus Shield\avp.exe
    O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
    O23 - Service: FireDaemon Service: ecure (ecure) - Unknown owner - C:\WINDOWS\Temp\FireDaemon.EXE (file missing)
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
    O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
    O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
    O23 - Service: FireDaemon Service: svchost1 (svchost1) - Unknown owner - C:\WINDOWS\Temp\FireDaemon.EXE (file missing)
    O23 - Service: VNC Server Version 4 (WinVNC4) - RealVNC Ltd. - C:\Program Files\RealVNC\VNC4\WinVNC4.exe


    End of file - 8367 bytes











  • Kun je eens [b:8406389c08] C:\WINDOWS\System32\mbvigaaa.exe [/b:8406389c08]


    http://www.bleepingcomputer.com/subm….php?channel=9

    Hoe ? :
    · 1. In het eerste venstertje (Link to topic where this file was requested: ) kopieer en plak je deze link :
    o http://forum.computertotaal.nl/phpBB2/viewtopic.php?p=1231941#1231941
    2. In het tweede venstertje (Browse to the file you want to submit: ) kopieer en plak je dit :
    o C:\ pad naar het bestand
    3. Klik op de Send file knop



    bij voorbaat dank
  • Ik snap niet helemaal wat de bedoeling is… je zinnen lijken incompleet. Als ik op de link klik, dan krijg ik: sorry, the page you have requested cannot be found. Verkeerde link? Ik kan iig op die pagina alleen maar zoeken, verder niets.
  • http://www.bleepingcomputer.com/submit-malware.php?channel=9

    bij mij deed hij het gewoon ? Ik hoop dat het nu wel lukt.

    laat maar zitten, het zal niet gaan volgens de gegevens is het bestand al niet meer actief.
  • /Hallo,
    [b:8684126339]
  • combofix:


    ComboFix 07-08-30.3 - "Rik Steverink" 2007-09-01 20:40:45.3 - NTFSx86
    Microsoft Windows XP Professional 5.1.2600.0.1252.1.1043.18.234 [GMT 2:00]
    Command switches used :: C:\Documents and Settings\Rik Steverink\Bureaublad\CFScript.txt
    * Created a new restore point


    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


    C:\WINDOWS\system32\dfrgsna.dll
    C:\WINDOWS\system32\drivers
    eurwdoq.sys
    C:\WINDOWS\system32\fmlafml.dll
    C:\WINDOWS\system32
    yoldfsa.dll


    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))


    ——-\LEGACY_ECURE
    ——-\LEGACY_ODZPQOIL
    ——-\LEGACY_REAUCIGJ
    ——-\LEGACY_SVCHOST1
    ——-\ecure
    ——-\odzpqoil
    ——-\reaucigj
    ——-\svchost1


    ((((((((((((((((((((((((( Files Created from 2007-08-01 to 2007-09-01 )))))))))))))))))))))))))))))))


    2007-09-01 12:56 684,567 –a—— C:\WINDOWS\system32\libeay32.dll
    2007-09-01 12:56 147,729 –a—— C:\WINDOWS\system32\libssl32.dll
    2007-08-31 12:08 <DIR> d——– C:\Program Files\Trend Micro
    2007-08-28 17:28 <DIR> d——– C:\WINDOWS\LogFiles
    2007-08-27 18:16 <DIR> d——– C:\Program Files\Tams11
    2007-08-22 21:20 <DIR> d——– C:\Bdienst
    2007-08-11 15:23 <DIR> d——– C:\Program Files\Firefly Studios


    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

    2007-09-01 20:45 2395544 –ahs—- C:\WINDOWS\system32\drivers\fidbox.idx
    2007-09-01 20:45 178759200 –ahs—- C:\WINDOWS\system32\drivers\fidbox.dat
    2007-09-01 20:45 1096224 –ahs—- C:\WINDOWS\system32\drivers\fidbox2.dat
    2007-09-01 20:45 104120 –ahs—- C:\WINDOWS\system32\drivers\fidbox2.idx
    2007-08-28 17:14 ——— d——– C:\Program Files\Spyware Doctor
    2007-08-28 15:57 ——— d——– C:\Program Files\Hitman Pro
    2007-08-28 14:49 ——— d——– C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
    2007-08-28 11:40 ——— d——– C:\Program Files\SpywareBlaster
    2007-08-20 21:08 ——— d——– C:\Program Files\Broderbund
    2007-08-20 21:07 ——— d–h—– C:\Program Files\InstallShield Installation Information
    2007-08-20 21:07 ——— d——– C:\Program Files\Nokia
    2007-08-20 21:06 ——— d–h—– C:\DOCUME~1\RIKSTE~1\APPLIC~1\Move Networks
    2007-08-20 21:06 ——— d——– C:\Program Files\DivX
    2007-08-20 21:05 ——— d——– C:\Program Files\BearFlix
    2007-08-11 15:21 ——— d——– C:\Program Files\ACE Mega CoDecS Pack
    2007-07-16 17:10 ——— d——– C:\DOCUME~1\RIKSTE~1\APPLIC~1\ATI
    2007-07-16 17:05 ——— d——– C:\Program Files\ATI Technologies
    2007-07-16 16:51 ——— d——– C:\Program Files\SiSoftware
    2007-07-16 16:02 ——— d——– C:\Program Files\Radical Games
    2007-07-07 17:39 ——— d——– C:\Program Files\Google
    2007-07-07 17:36 ——— d——– C:\Program Files\Jasc Software Inc
    2007-06-17 00:11 51200 –a—— C:\WINDOWS
    ircmd.exe
    2006-11-25 17:56:21 2,932 –sha-w C:\WINDOWS\system32\KGyGaAvL.sys


    ((((((((((((((((((((((((((((( snapshot_2007-08-31_195159,45 )))))))))))))))))))))))))))))))))))))))))

    —-a-w 241,664 2007-09-01 11:04:14 C:\WINDOWS\system32\config\systemprofile
    tuser.dat
    —-a-w 32,768 2007-09-01 10:46:22 C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
    —-a-w 32,768 2007-09-01 10:46:22 C:\WINDOWS\system32\config\systemprofile\Local Settings\Geschiedenis\History.IE5\index.dat

    —-a-w 241,664 2007-08-31 17:46:38 C:\WINDOWS\system32\config\systemprofile
    tuser.dat
    —-a-w 32,768 2007-08-31 16:58:12 C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
    —-a-w 32,768 2007-08-31 16:58:12 C:\WINDOWS\system32\config\systemprofile\Local Settings\Geschiedenis\History.IE5\index.dat

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


    *Note* empty entries & legit default entries are not shown

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "DAEMON Tools-1033"="C:\Program Files\D-Tools\daemon.exe" [2004-08-22 18:05]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe" [2005-03-04 04:36]
    "ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-08-11 16:30]
    "ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-08-11 16:30]
    "LWBKEYBOARD"="C:\Program Files\Omni\Omni keyboard driver\5.0\KbdAp32A.exe" [2004-05-27 04:37]
    "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2006-03-17 17:25]
    "aol"="D:\Program Files\AOL\Active Virus Shield\avp.exe" [2006-05-30 13:13]
    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-02-05 17:03]
    "ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 16:41]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\System32\ctfmon.exe" [2001-09-07 14:00]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "appinit_dlls"=C:\WINDOWS\System32\wmfhotfix.dll

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^BTTray.lnk]
    path=C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\BTTray.lnk
    backup=C:\WINDOWS\pss\BTTray.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Cmaudio]
    RunDll32 cmicnfg.cpl,CMICtrlWnd

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DownloadAccelerator]
    "C:\Program Files\DAP\DAP.EXE" /STARTUP

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
    "C:\Program Files\Messenger\msmsgs.exe" /background

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication]
    C:\Program Files\Nokia\Nokia PC Suite 6\Launch Application 2.exe -onlytray

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PcSync]
    C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Picasa Media Detector]
    D:\Program Files\Picasa2\PicasaMediaDetector.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RocketDock]
    "C:\WINDOWS\BricoPacks\Crystal Clear\RocketDock\RocketDock.exe"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
    "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WeatherCast]
    "C:\Program Files\WeatherCast\Weather.exe" /q

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
    "Adobe LM Service"=3 (0x3)

    S3 Maplom;Maplom;C:\WINDOWS\System32\drivers\Maplom.sys
    S3 NTSIM;NTSIM;\??\C:\WINDOWS\System32
    tsim.sys

    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
    odzpqoil

    *Newly Created Service* - REAUCIGJ

    **************************************************************************

    catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2007-09-01 20:47:38
    Windows 5.1.2600 NTFS

    scanning hidden processes …

    scanning hidden autostart entries …

    scanning hidden files …

    C:\WINDOWS\system32\AppCert
    C:\WINDOWS\system32\drivers\hd_dirs.cfg
    C:\WINDOWS\system32\drivers\hd_files.cfg
    C:\WINDOWS\system32\drivers\hd_rkeys.cfg
    C:\WINDOWS\system32\drivers\hd_rvals.cfg
    C:\WINDOWS\system32\drivers\hd_self.cfg
    C:\WINDOWS\system32\drivers\ippflt.sys

    scan completed successfully
    hidden files: 7

    **************************************************************************

    [HKEY_LOCAL_MACHINE\system\ControlSet003\Services\ippflt]
    "ImagePath"="System32\Drivers\ippflt.sys"

    Completion time: 2007-09-01 20:50:31 - machine was rebooted
    C:\ComboFix-quarantined-files.txt … 2007-09-01 20:50
    C:\ComboFix2.txt … 2007-09-01 13:14
    C:\ComboFix3.txt … 2007-08-31 19:52

    — E O F —

    hijackthis:

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 20:54:40, on 1-9-2007
    Platform: Windows XP (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 (6.00.2600.0000)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\System32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\D-Tools\daemon.exe
    C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
    C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
    C:\Program Files\Omni\Omni keyboard driver\5.0\KbdAp32A.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    D:\Program Files\AOL\Active Virus Shield\avp.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\WINDOWS\System32\ctfmon.exe
    C:\Program Files\Java\jre1.5.0_02\bin\jucheck.exe
    D:\Program Files\AOL\Active Virus Shield\avp.exe
    C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\RealVNC\VNC4\WinVNC4.exe
    C:\WINDOWS\system32\osk.exe
    C:\WINDOWS\system32\MSSWCHX.EXE
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
    O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
    O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [LWBKEYBOARD] C:\Program Files\Omni\Omni keyboard driver\5.0\KbdAp32A.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [aol] "D:\Program Files\AOL\Active Virus Shield\avp.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Verzenden naar &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin
    pjpi150_02.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin
    pjpi150_02.dll
    O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll (file missing)
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
    O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    O12 - Plugin for .mpeg: C:\Program Files\Internet Explorer\PLUGINS
    pqtplugin3.dll
    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com
    esources/scan8/oscan8.cab
    O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab
    O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://cache.hyvz.com/statics/Aurigma/ImageUploader4.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
    O16 - DPF: {D83C1BD1-DCBB-11D4-9425-0050BF33FA6E} (CycloScopeLite Control) - http://www.cyclomedia.nl/download/components/CycloScopeLite.cab
    O20 - AppInit_DLLs: C:\WINDOWS\System32\wmfhotfix.dll
    O21 - SSODL: FgQHWLXjBG - {341C3C78-9EB6-96D2-9DF2-8A7063A4210E} - (no file)
    O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: Active Virus Shield (AVP) - AOL - D:\Program Files\AOL\Active Virus Shield\avp.exe
    O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
    O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
    O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
    O23 - Service: VNC Server Version 4 (WinVNC4) - RealVNC Ltd. - C:\Program Files\RealVNC\VNC4\WinVNC4.exe


    End of file - 7705 bytes


    Nadat ik combofix had laten lopen kwam er inderdaad een popupvenster met "Submit files for further analysis", ik drukte op OK, maar er opende enkel een scherm van Internet Explorer en die bleef blank. Heb iets meer dan een minuutje gewacht, maar er kwam niets. Moet ik die link in het andere berichtje van bleepingcomputer.com nog even proberen?

    Negeer bovenstaande. Ik zag op m'n bureaublad een link met CF-Submit en toen kwam alsnog hetgeen waar je het over had. Het bestandje is nu succesvol verstuurd.









  • Heel goed, ik weet zeker dat ze er blij mee zijn op bleepingcomputer.

    Ziet er niet verkeerd uit , doe onderstaande nog even aub.
    Ik ga nog 1 ding even navragen, daar kom ik dus nog op terug.
    Hoe gaat het verder met de pc?




    Start Hijackthis op en kies voor 'Do a system scan only'
    Selecteer alleen de items die hieronder zijn genoemd:
    [b:c0c4ac96b1]
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O21 - SSODL: FgQHWLXjBG - {341C3C78-9EB6-96D2-9DF2-8A7063A4210E} - (no file)
    [/b:c0c4ac96b1]
    Sluit alle vensters behalve Hijackthis
    Klik op 'Fix checked' om de items te verwijderen.

    [b:c0c4ac96b1]
  • Hoi,

    heb bovenstaande uitgevoerd. Met de pc gaat 't nog niet veel beter heb ik 't idee. Ik kan wel weer langer internetten, maar dat is het ook zo'n beetje. Als ik bijvoorbeeld mijn hotmail wil openen, kom ik in Postvak IN, maar zodra ik een bericht aanklik springt 'ie er weer uit. Eveneens hetzelfde met spelletjes zoals GTA SA. Hij laadt 't spel, maar komt niet in het menu.

    Hijackthis:

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 15:53:08, on 2-9-2007
    Platform: Windows XP (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 (6.00.2600.0000)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\savedump.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\System32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\D-Tools\daemon.exe
    C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
    C:\Program Files\Omni\Omni keyboard driver\5.0\KbdAp32A.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    D:\Program Files\AOL\Active Virus Shield\avp.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
    C:\WINDOWS\System32\ctfmon.exe
    C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    D:\Program Files\AOL\Active Virus Shield\avp.exe
    C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\RealVNC\VNC4\WinVNC4.exe
    C:\WINDOWS\System32\wuauclt.exe
    C:\Program Files\internet explorer\iexplore.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
    O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
    O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [LWBKEYBOARD] C:\Program Files\Omni\Omni keyboard driver\5.0\KbdAp32A.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [aol] "D:\Program Files\AOL\Active Virus Shield\avp.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Verzenden naar &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll (file missing)
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
    O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    O12 - Plugin for .mpeg: C:\Program Files\Internet Explorer\PLUGINS
    pqtplugin3.dll
    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com
    esources/scan8/oscan8.cab
    O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab
    O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://cache.hyvz.com/statics/Aurigma/ImageUploader4.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
    O16 - DPF: {D83C1BD1-DCBB-11D4-9425-0050BF33FA6E} (CycloScopeLite Control) - http://www.cyclomedia.nl/download/components/CycloScopeLite.cab
    O20 - AppInit_DLLs: C:\WINDOWS\System32\wmfhotfix.dll
    O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: Active Virus Shield (AVP) - AOL - D:\Program Files\AOL\Active Virus Shield\avp.exe
    O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
    O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
    O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
    O23 - Service: VNC Server Version 4 (WinVNC4) - RealVNC Ltd. - C:\Program Files\RealVNC\VNC4\WinVNC4.exe


    End of file - 7710 bytes

  • Start Hijackthis op en kies voor 'Do a system scan only'
    Selecteer alleen de items die hieronder zijn genoemd:
    [b:2820832ce3]
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    [/b:2820832ce3]
    Klik op 'Fix checked' om de items te verwijderen.


    Download [b:2820832ce3]Dr.Web CureIt[/b:2820832ce3] naar je bureaublad:
    ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe

    Dubbelklik [b:2820832ce3]drweb-cureit.exe[/b:2820832ce3] en sta het toe om de express scan te starten.
    Dit zal de bestanden scannen die momenteel in het geheugen geladen zijn en wanneer er iets gevonden wordt, klik de Yes to all knop bij de vraag 'cure it?'. Dit is enkel een korte scan.
    Eenmaal de korte scan is beeïndigd, Klik [b:2820832ce3]Options[/b:2820832ce3] > Change Settings
    Kies de "Scan"-tab en verwijder het vinkje bij "Heuristic analyse"
    Terug in het hoofdvenster kan je de drives selecteren die je wilt laten scannen.
    Selecteer hier alle drives. Een rood bolletje zal dan tevoorschijn komen op de drives die je laat scannen.
    Klik daarna de [b:2820832ce3]groene pijl[/b:2820832ce3] rechts om de scan te starten.
    Klik 'Yes to all' wanneer er gevraagd wordt om cure of move uit te voeren.
    Wanneer de scan gedaan is, kijk of je volgende icoontje kan aanklikken dat staat naast hetgeen gevonden werd: [img:2820832ce3]http://users.telenet.be/bluepatchy/miekiemoes/images/check.gif[/img:2820832ce3]
    Indien wel, klik erop en daarna klik op het icoontje er net onder en kies: [b:2820832ce3]Move incurable[/b:2820832ce3] zoals je zal zien in volgende afbeelding:
    [img:2820832ce3]http://users.telenet.be/bluepatchy/miekiemoes/images/move.gif[/img:2820832ce3]
    Dit zal de bestanden verplaatsen naar volgende map %userprofile%\DoctorWeb\quarantaine-folder indien het niet gedesinfecteerd kan worden. (dit in het geval dat we samples nodig hebben)
    Na bovenstaande te selecteren, in het menu bovenaan van Dr.Web CureIt, klik [b:2820832ce3]file[/b:2820832ce3] en kies [b:2820832ce3]save report list[/b:2820832ce3]. Bewaar de log op je bureaublad.
    Sluit daarna Dr.Web Cureit.

    [b:2820832ce3]Herstart[/b:2820832ce3] je computer!! Belangrijke stap, want het kan zijn dat Dr.Web Cureit bestanden zal verplaatsen/verwijderen tijdens herstart.
    Na het herstarten, Kopieer en plak de inhoud van die log die je eerder hebt bewaard in je volgende post.

    Download F-Secure Blacklight: https://europe.f-secure.com/blacklight/try.shtml
    Plaats het op je bureaublad.
    Dubbelklik op [b:2820832ce3]blbeta.exe[/b:2820832ce3].
    Klik op "I accept the agreement".
    Klik op "Next".
    Klik op "Scan" en als het programma klaar is klik je daarna op "Next".
    Indien Blacklight iets vindt, zal het een lijst van bestanden weergeven.
    Laat nog niks hernoemen.
    Op je bureaublad staat een bestand met de naam fsbl.xxxxxxx.log (de x-en staan voor getallen)
    Dit is het logje dat blacklight gemaakt heeft. Post het.

    succes
  • Dr.Web log:

    vncviewer.exe C:\Program Files\RealVNC\VNC4 Program.RemoteAdmin Niet repareerbaar.Verplaatst.
    wm_hooks.dll C:\Program Files\RealVNC\VNC4 Program.RemoteAdmin Niet repareerbaar.Verplaatst.
    3.exe.vir C:\QooBox\Quarantine\C\WINDOWS Trojan.DownLoader.23861 Verwijderd.
    rtxzpcai.dll.vir C:\QooBox\Quarantine\C\WINDOWS\system32 Trojan.Scrip Verwijderd.
    A0021084.exe C:\System Volume Information\_restore{96AC746A-1A86-470C-9361-CC98AEE9761B}\RP3 Trojan.StartPage.20448 Verwijderd.
    A0021169.dll C:\System Volume Information\_restore{96AC746A-1A86-470C-9361-CC98AEE9761B}\RP4 Trojan.Scrip Verwijderd.
    A0021234.exe C:\System Volume Information\_restore{96AC746A-1A86-470C-9361-CC98AEE9761B}\RP4 Trojan.StartPage.20448 Verwijderd.
    A0021374.exe C:\System Volume Information\_restore{96AC746A-1A86-470C-9361-CC98AEE9761B}\RP5 Trojan.StartPage.20448 Verwijderd.
    process.exe C:\WINDOWS\system32 Tool.Prockill Niet repareerbaar.Verplaatst.
    restart.exe C:\WINDOWS\system32 Tool.ShutDown.11 Niet repareerbaar.Verplaatst.
  • F-Secure BlackLight logje:

    09/02/07 22:09:10 [Info]: BlackLight Engine 1.0.64 initialized
    09/02/07 22:09:10 [Info]: OS: 5.1 build 2600 ()
    09/02/07 22:09:10 [Note]: 7019 4
    09/02/07 22:09:10 [Note]: 7005 0
    09/02/07 22:09:15 [Note]: 7006 0
    09/02/07 22:09:15 [Note]: 7011 1704
    09/02/07 22:09:16 [Note]: 7026 0
    09/02/07 22:09:16 [Note]: 7026 0
    09/02/07 22:09:21 [Note]: FSRAW library version 1.7.1022
    09/02/07 22:13:02 [Info]: Hidden file: c:\WINDOWS\system32\AppCert\filter.drv
    09/02/07 22:13:02 [Note]: 10002 3
    09/02/07 22:13:02 [Info]: Hidden file: c:\WINDOWS\system32\AppCert\prx66b.dll
    09/02/07 22:13:02 [Note]: 10002 3
    09/02/07 22:13:02 [Info]: Hidden file: c:\WINDOWS\system32\AppCert\wnl32.dll
    09/02/07 22:13:02 [Note]: 10002 3
    09/02/07 22:13:02 [Info]: Hidden file: c:\WINDOWS\system32\AppCert\wsil32.dll
    09/02/07 22:13:02 [Note]: 10002 3
    09/02/07 22:13:17 [Note]: 10002 3
    09/02/07 22:13:17 [Note]: 10002 3
    09/02/07 22:13:17 [Note]: 10002 3
    09/02/07 22:13:17 [Note]: 10002 3
    09/02/07 22:13:28 [Info]: Hidden file: c:\WINDOWS\system32\drivers\hd_dirs.cfg
    09/02/07 22:13:28 [Note]: 10002 1
    09/02/07 22:13:29 [Info]: Hidden file: c:\WINDOWS\system32\drivers\hd_files.cfg
    09/02/07 22:13:29 [Note]: 10002 1
    09/02/07 22:13:29 [Info]: Hidden file: c:\WINDOWS\system32\drivers\hd_rkeys.cfg
    09/02/07 22:13:29 [Note]: 10002 1
    09/02/07 22:13:29 [Info]: Hidden file: c:\WINDOWS\system32\drivers\hd_rvals.cfg
    09/02/07 22:13:29 [Note]: 10002 1
    09/02/07 22:13:29 [Info]: Hidden file: c:\WINDOWS\system32\drivers\hd_self.cfg
    09/02/07 22:13:29 [Note]: 10002 1
    09/02/07 22:13:30 [Info]: Hidden file: c:\WINDOWS\system32\drivers\ippflt.sys
    09/02/07 22:13:30 [Note]: 10002 1
    09/02/07 22:17:31 [Note]: 7007 0
  • Deze stap nog

    Open Kladblok, kopiëer en plak het volgende (vetgedrukte, blauwe tekst) in een leeg venster:
      [b:6eddc4bbc6]
  • Combofixlog:

    ComboFix 07-08-30.3 - "Rik Steverink" 2007-09-03 16:43:31.4 - NTFSx86
    Microsoft Windows XP Professional 5.1.2600.0.1252.1.1043.18.243 [GMT 2:00]
    Command switches used :: C:\Documents and Settings\Rik Steverink\Bureaublad\CFScript.txt
    * Created a new restore point


    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))


    ——-\LEGACY_IPPFLT


    ((((((((((((((((((((((((( Files Created from 2007-08-03 to 2007-09-03 )))))))))))))))))))))))))))))))


    2007-09-03 16:16 58,368 –a—— C:\WINDOWS\system32\atmpvcn.dll
    2007-09-03 16:10 24,064 –a—— C:\WINDOWS\system32\sws.exe
    2007-09-03 16:09 58,368 –a—— C:\WINDOWS\system32\avwa.dll
    2007-09-03 16:09 17,280 –a—— C:\WINDOWS\system32\drivers
    eurwdoq.sys
    2007-09-02 19:33 <DIR> d——– C:\DOCUME~1\RIKSTE~1\DoctorWeb
    2007-09-01 12:56 684,567 –a—— C:\WINDOWS\system32\libeay32.dll
    2007-09-01 12:56 147,729 –a—— C:\WINDOWS\system32\libssl32.dll
    2007-08-31 12:08 <DIR> d——– C:\Program Files\Trend Micro
    2007-08-28 17:28 <DIR> d——– C:\WINDOWS\LogFiles
    2007-08-27 19:19 <DIR> d——– C:\WINDOWS\system32\AppCert
    2007-08-27 18:16 <DIR> d——– C:\Program Files\Tams11
    2007-08-22 21:20 <DIR> d——– C:\Bdienst
    2007-08-11 15:23 <DIR> d——– C:\Program Files\Firefly Studios


    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

    2007-09-03 16:47 2401520 –ahs—- C:\WINDOWS\system32\drivers\fidbox.idx
    2007-09-03 16:47 178759200 –ahs—- C:\WINDOWS\system32\drivers\fidbox.dat
    2007-09-03 16:47 1096224 –ahs—- C:\WINDOWS\system32\drivers\fidbox2.dat
    2007-09-03 16:47 105200 –ahs—- C:\WINDOWS\system32\drivers\fidbox2.idx
    2007-08-28 17:14 ——— d——– C:\Program Files\Spyware Doctor
    2007-08-28 15:57 ——— d——– C:\Program Files\Hitman Pro
    2007-08-28 14:49 ——— d——– C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
    2007-08-28 11:40 ——— d——– C:\Program Files\SpywareBlaster
    2007-08-27 19:20 93 –a—— C:\WINDOWS\system32\drivers\hd_files.cfg
    2007-08-27 19:20 44 –a—— C:\WINDOWS\system32\drivers\hd_rkeys.cfg
    2007-08-27 19:20 27 –a—— C:\WINDOWS\system32\drivers\hd_dirs.cfg
    2007-08-27 19:20 17 –a—— C:\WINDOWS\system32\drivers\hd_self.cfg
    2007-08-27 19:20 155 –a—— C:\WINDOWS\system32\drivers\hd_rvals.cfg
    2007-08-20 21:08 ——— d——– C:\Program Files\Broderbund
    2007-08-20 21:07 ——— d–h—– C:\Program Files\InstallShield Installation Information
    2007-08-20 21:07 ——— d——– C:\Program Files\Nokia
    2007-08-20 21:06 ——— d–h—– C:\DOCUME~1\RIKSTE~1\APPLIC~1\Move Networks
    2007-08-20 21:06 ——— d——– C:\Program Files\DivX
    2007-08-20 21:05 ——— d——– C:\Program Files\BearFlix
    2007-08-11 15:21 ——— d——– C:\Program Files\ACE Mega CoDecS Pack
    2007-07-16 17:10 ——— d——– C:\DOCUME~1\RIKSTE~1\APPLIC~1\ATI
    2007-07-16 17:05 ——— d——– C:\Program Files\ATI Technologies
    2007-07-16 16:51 ——— d——– C:\Program Files\SiSoftware
    2007-07-16 16:02 ——— d——– C:\Program Files\Radical Games
    2007-07-07 17:39 ——— d——– C:\Program Files\Google
    2007-07-07 17:36 ——— d——– C:\Program Files\Jasc Software Inc
    2007-06-17 00:11 51200 –a—— C:\WINDOWS
    ircmd.exe
    2006-11-25 17:56:21 2,932 –sha-w C:\WINDOWS\system32\KGyGaAvL.sys


    ((((((((((((((((((((((((((((( snapshot_2007-08-31_195159,45 )))))))))))))))))))))))))))))))))))))))))

    —-a-w 135,168 2007-07-11 23:22:00 C:\WINDOWS\system32\java.exe
    —-a-w 135,168 2007-07-11 23:22:04 C:\WINDOWS\system32\javaw.exe
    —-a-w 139,264 2007-07-12 00:22:38 C:\WINDOWS\system32\javaws.exe
    —-a-w 196,608 2007-08-28 09:33:35 C:\WINDOWS\system32\AppCert\prx66b.dll
    —-a-w 54,684 2001-09-07 12:00:00 C:\WINDOWS\system32\AppCert\wnl32.dll
    —-a-w 24,576 2001-09-07 12:00:00 C:\WINDOWS\system32\AppCert\wsil32.dll
    —-a-w 241,664 2007-09-03 14:43:00 C:\WINDOWS\system32\config\systemprofile
    tuser.dat
    —-a-w 32,768 2007-09-01 10:46:22 C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
    —-a-w 32,768 2007-09-01 10:46:22 C:\WINDOWS\system32\config\systemprofile\Local Settings\Geschiedenis\History.IE5\index.dat
    —-a-w 87,040 2001-09-07 12:00:00 C:\WINDOWS\system32\drivers\ippflt.sys

    —-a-w 49,248 2005-03-04 01:06:58 C:\WINDOWS\system32\java.exe
    —-a-w 49,250 2005-03-04 01:07:06 C:\WINDOWS\system32\javaw.exe
    —-a-w 127,078 2005-03-04 02:36:48 C:\WINDOWS\system32\javaws.exe
    —-a-w 241,664 2007-08-31 17:46:38 C:\WINDOWS\system32\config\systemprofile
    tuser.dat
    —-a-w 32,768 2007-08-31 16:58:12 C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
    —-a-w 32,768 2007-08-31 16:58:12 C:\WINDOWS\system32\config\systemprofile\Local Settings\Geschiedenis\History.IE5\index.dat

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


    *Note* empty entries & legit default entries are not shown

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "DAEMON Tools-1033"="C:\Program Files\D-Tools\daemon.exe" [2004-08-22 18:05]
    "ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-08-11 16:30]
    "ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-08-11 16:30]
    "LWBKEYBOARD"="C:\Program Files\Omni\Omni keyboard driver\5.0\KbdAp32A.exe" [2004-05-27 04:37]
    "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2006-03-17 17:25]
    "aol"="D:\Program Files\AOL\Active Virus Shield\avp.exe" [2006-05-30 13:13]
    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-02-05 17:03]
    "ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 16:41]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\System32\ctfmon.exe" [2001-09-07 14:00]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "appinit_dlls"=C:\WINDOWS\System32\wmfhotfix.dll

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^BTTray.lnk]
    path=C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\BTTray.lnk
    backup=C:\WINDOWS\pss\BTTray.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Cmaudio]
    RunDll32 cmicnfg.cpl,CMICtrlWnd

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DownloadAccelerator]
    "C:\Program Files\DAP\DAP.EXE" /STARTUP

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
    "C:\Program Files\Messenger\msmsgs.exe" /background

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication]
    C:\Program Files\Nokia\Nokia PC Suite 6\Launch Application 2.exe -onlytray

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PcSync]
    C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Picasa Media Detector]
    D:\Program Files\Picasa2\PicasaMediaDetector.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RocketDock]
    "C:\WINDOWS\BricoPacks\Crystal Clear\RocketDock\RocketDock.exe"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
    "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WeatherCast]
    "C:\Program Files\WeatherCast\Weather.exe" /q

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
    "Adobe LM Service"=3 (0x3)

    R0 ippflt;IP Packet Filter;C:\WINDOWS\System32\Drivers\ippflt.sys
    S3 Maplom;Maplom;C:\WINDOWS\System32\drivers\Maplom.sys
    S3 NTSIM;NTSIM;\??\C:\WINDOWS\System32
    tsim.sys

    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
    odzpqoil

    *Newly Created Service* - IPPFLT

    **************************************************************************

    catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2007-09-03 16:49:33
    Windows 5.1.2600 NTFS

    scanning hidden processes …

    scanning hidden autostart entries …

    scanning hidden files …

    scan completed successfully
    hidden files: 0

    **************************************************************************

    Completion time: 2007-09-03 16:51:37 - machine was rebooted
    C:\ComboFix-quarantined-files.txt … 2007-09-03 16:51
    C:\ComboFix2.txt … 2007-09-01 20:50
    C:\ComboFix3.txt … 2007-09-01 13:14

    — E O F —



    Hijackthis Log:

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 17:17:07, on 3-9-2007
    Platform: Windows XP (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 (6.00.2600.0000)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\System32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\D-Tools\daemon.exe
    C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
    C:\Program Files\Omni\Omni keyboard driver\5.0\KbdAp32A.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    D:\Program Files\AOL\Active Virus Shield\avp.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
    C:\WINDOWS\System32\ctfmon.exe
    D:\Program Files\AOL\Active Virus Shield\avp.exe
    C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\RealVNC\VNC4\WinVNC4.exe
    C:\WINDOWS\system32\NOTEPAD.EXE
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
    O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
    O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [LWBKEYBOARD] C:\Program Files\Omni\Omni keyboard driver\5.0\KbdAp32A.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [aol] "D:\Program Files\AOL\Active Virus Shield\avp.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Verzenden naar &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll (file missing)
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
    O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    O12 - Plugin for .mpeg: C:\Program Files\Internet Explorer\PLUGINS
    pqtplugin3.dll
    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
    O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com
    esources/scan8/oscan8.cab
    O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab
    O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://cache.hyvz.com/statics/Aurigma/ImageUploader4.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
    O20 - AppInit_DLLs: C:\WINDOWS\System32\wmfhotfix.dll
    O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: Active Virus Shield (AVP) - AOL - D:\Program Files\AOL\Active Virus Shield\avp.exe
    O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
    O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
    O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
    O23 - Service: VNC Server Version 4 (WinVNC4) - RealVNC Ltd. - C:\Program Files\RealVNC\VNC4\WinVNC4.exe


    End of file - 7301 bytes






  • Mag ik je vragen hoe het nu gaat met de pc ?? Werkt hij naar behoren?

Beantwoord deze vraag

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.