Vraag & Antwoord
internetsnelheid naar nul!
12 antwoorden
- Dat ziet er weer goed uit! 8)
Schakel Systeemherstel uit. Herstart de computer. Schakel Systeemherstel weer in.
Kijk hier hoe je je systeemherstel moet uitschakelen.
Hiermee verwijder je eventuele restanten van de infecties uit je systeemherstel.
Lees om herhaling te voorkomen deze beveiligingstips nog eens door:
http://www.jawwi.nl/nederlands/tips/beveiligen/beveiligen.html
Pim - Ik heb de laatste tijd last van een irritant en vreemd verschijnsel.
Soms onder het downloaden van het net, klapt de snelheid ineens naar nul. Hierna kan ik niks meer downloaden en op IE krijg ik geen site meer te pakken . Niks kan worden gevonden. Op mozilla idem. Het rare is, dat de ADSL-verbinding goed is. We hebben een 2e pc via een LAN-verbinding aan de mijne hangen, en deze heeft er dan geen last van, gewoon surfen, msn-en, geen probleem. Alleen bij de mijne werkt dan het hele internet niet meer en restarten helpt ook niet. Een image van C terugzetten met norton ghost 9.0 wel. Dan draait alles weer normaal.
Alles draait op XP pro SP1 met symantec antivirus corp.10.0, sygate firewall, spywareblaster en regelmatig scan ik de boel met ad-aware SE professional, AVG anti-spyware 7.5 en superantispyware.
Wie weet wat dit euvel kan zijn?? Ik kan de boel wel repareren met een image, maar dit wordt wel erg hinderlijk, want het gebeurt bijna wekelijks.Graag hulp, want ik heb het nu al 2 dagen achtereen en ik word er helemaal gek van!
Hieronder het hijack this-logfile:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:38:45, on 7-10-2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\System32\GEARSec.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Symantec\Norton Ghost\Agent\PQV2iSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb0 7.exe
C:\Program Files\ASUS\AASP\1.00.12\aaCenter.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\DAP\DAP.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Editor plugin - {66CEAA7E-6FBD-4e0f-BDD2-190D5A354C99} - micropr.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\sw g.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb0 7.exe
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [LXCFCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCFtim e.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [AsusServiceProvider] C:\Program Files\ASUS\AASP\1.00.12\aaCenter.exe
O4 - HKLM\..\Run: [AsusStartupHelp] C:\Program Files\ASUS\AASP\1.00.12\AsRunHelp.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\RunServices: [RegisterDropHandler] C:\PROGRA~1\TEXTBR~1.0\Bin\REGIST~1.EXE
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O17 - HKLM\System\CCS\Services\Tcpip\..\{FBABE7BD-D178-4534-882C-DC515C68C2F9}: NameServer = 195.121.1.34 195.121.1.66
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Indexing-service CiSvcsdCoreService (CiSvcsdCoreService) - Unknown owner - C:\WINDOWS\System32\rt27.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: lxcf_device - - C:\WINDOWS\System32\lxcfcoms.exe
O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Symantec\Norton Ghost\Agent\PQV2iSvc.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe - Download Combofix naar je [b:6b3da4e85c]bureaublad[/b:6b3da4e85c]
Dubbelklik op [u:6b3da4e85c]combofix.exe[/u:6b3da4e85c]
Kies voor "Continue" door [b:6b3da4e85c]1[/b:6b3da4e85c] te typen gevolgd door [b:6b3da4e85c]ENTER[/b:6b3da4e85c].
Tijdens het runnen van de fix, [b:6b3da4e85c]NIET[/b:6b3da4e85c] in het venster klikken, want dit zal je pc doen vasthangen.
Wanneer de fix voltooid is en na herstart, zal de log [b:6b3da4e85c]combofix.txt[/b:6b3da4e85c] openen. Bewaar dit logje.
[i:6b3da4e85c]NOTA: Indien je virusscanner reageert met een melding van een scriptuitvoering, mag je dit negeren.[/i:6b3da4e85c]
Plaats in je volgende antwoord het logje van combofix ([i:6b3da4e85c]combofix.txt[/i:6b3da4e85c]) tesamen met een vers Hijackthis log. - Nou, daar gaat ie dan! Eerst de logfile van combofix:
ComboFix 07-10-09.3 - rob 2007-10-09 10:27:46.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.1.1252.1.1043.18.1591 [GMT 2:00]
Gestart vanuit: C:\Documents and Settings\rob\Bureaublad\ComboFix.exe
.
(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\system32\drivers\services.exe
.
(((((((((((((((((((( Bestanden Gemaakt van 2007-09-09 to 2007-10-09 ))))))))))))))))))))))))))))))
.
2007-10-09 10:27 51,200 –a—— C:\WINDOWS\NirCmd.exe
2007-10-07 17:38 <DIR> d——– C:\Program Files\Trend Micro
2007-09-26 16:59 <DIR> d——– C:\Program Files\PC DUAL SHOCK
2007-09-26 16:59 335,872 –a—— C:\WINDOWS\Property.exe
2007-09-26 16:59 291,840 –a—— C:\WINDOWS\FCVAP64.dll
2007-09-26 16:59 155,712 –a—— C:\WINDOWS\GetWinVer.exe
2007-09-26 16:59 145,408 –a—— C:\WINDOWS\setreg.exe
2007-09-26 16:59 86,016 –a—— C:\WINDOWS\EZFRD64.dll
2007-09-12 23:08 <DIR> d——– C:\Documents and Settings\rob\Application Data\dvdcss
2007-09-09 19:23 30,720 –a—— C:\WINDOWS\EWhiteu12.dat
2007-09-09 19:23 30,720 –a—— C:\WINDOWS\EDarku12.dat
2007-09-09 19:23 6 –a—— C:\WINDOWS\EExpou.dat
2007-09-09 19:23 4 –a—— C:\WINDOWS\AErroru3.dat
2007-09-09 19:23 3 –a—— C:\WINDOWS\EOffsetu.dat
2007-09-09 19:23 3 –a—— C:\WINDOWS\EGain6.dat
2007-09-09 15:37 <DIR> d——– C:\Program Files\SUPERAntiSpyware
2007-09-09 15:37 <DIR> d——– C:\Documents and Settings\rob\Application Data\SUPERAntiSpyware.com
2007-09-09 15:37 <DIR> d——– C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-10-09 08:17 ——— d—–w C:\Documents and Settings\rob\Application Data\MailWasherPro
2007-10-09 08:16 ——— d—–w C:\Program Files\Symantec AntiVirus
2007-10-08 16:48 ——— d—–w C:\Program Files\DOSBox-0.70
2007-10-07 15:51 ——— d—a-w C:\Documents and Settings\All Users\Application Data\TEMP
2007-10-07 15:35 ——— d—–w C:\Program Files\SpywareBlaster
2007-09-26 21:05 ——— d—–w C:\Program Files\RegClean
2007-09-26 19:19 ——— d—–w C:\Documents and Settings\All Users\Application Data\Google Updater
2007-09-26 14:59 ——— d–h–w C:\Program Files\InstallShield Installation Information
2007-09-25 18:06 ——— d—–w C:\Program Files\Lx_cats
2007-09-09 13:37 ——— d—–w C:\Program Files\Common Files\Wise Installation Wizard
2007-09-08 14:46 ——— d—–w C:\Program Files\IrfanView
2007-09-08 13:25 ——— d—–w C:\Program Files\Free CD-DA Extractor 4.8
2007-08-29 16:15 ——— d—–w C:\Documents and Settings\rob\Application Data\Lavasoft
2007-08-29 16:14 ——— d—–w C:\Program Files\Lavasoft
2007-08-20 19:56 ——— d—–w C:\Program Files\DAP
2007-08-20 15:30 ——— d—–w C:\Documents and Settings\All Users\Application Data\PC Tools
2007-08-20 15:15 ——— d—–w C:\Documents and Settings\rob\Application Data\PC Tools
2007-08-04 00:59 47,580 —-a-w C:\WINDOWS\system32\rt27.exe
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2004-10-27 15:21 C:\WINDOWS\system32\HdAShCut.exe]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2005-05-18 10:00]
"SpeedTouch USB Diagnostics"="C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" [2002-11-12 11:02]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2005-06-02 09:21]
"vptray"="C:\PROGRA~1\SYMANT~1\VPTray.exe" [2005-06-23 19:27]
"HPDJ Taskbar Utility"="C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe" [2003-04-26 02:37]
"SmcService"="C:\PROGRA~1\Sygate\SPF\smc.exe" [2004-10-15 20:40]
"@"="" []
"LXCFCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCFtime.dll" [2005-07-20 19:47]
"AsusServiceProvider"="C:\Program Files\ASUS\AASP\1.00.12\aaCenter.exe" [2006-10-23 21:28]
"AsusStartupHelp"="C:\Program Files\ASUS\AASP\1.00.12\AsRunHelp.exe" [2006-10-30 16:07]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-05-03 21:05]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices]
"RegisterDropHandler"=C:\PROGRA~1\TEXTBR~1.0\Bin\REGIST~1.EXE
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoUserNameInStartMenu"=01000000
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Adobe Reader Snelle start.lnk]
path=C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\Adobe Reader Snelle start.lnk
backup=C:\WINDOWS\pss\Adobe Reader Snelle start.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Google Updater.lnk]
path=C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\Google Updater.lnk
backup=C:\WINDOWS\pss\Google Updater.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^ScanPanel.lnk]
path=C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\ScanPanel.lnk
backup=C:\WINDOWS\pss\ScanPanel.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^rob^Menu Start^Programma's^Opstarten^Microsoft Office Snelzoeken.lnk]
path=C:\Documents and Settings\rob\Menu Start\Programma's\Opstarten\Microsoft Office Snelzoeken.lnk
backup=C:\WINDOWS\pss\Microsoft Office Snelzoeken.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^rob^Menu Start^Programma's^Opstarten^Office Opstarten.lnk]
path=C:\Documents and Settings\rob\Menu Start\Programma's\Opstarten\Office Opstarten.lnk
backup=C:\WINDOWS\pss\Office Opstarten.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^rob^Menu Start^Programma's^Opstarten^reminder-ScanSoft Product Registration.lnk]
path=C:\Documents and Settings\rob\Menu Start\Programma's\Opstarten\reminder-ScanSoft Product Registration.lnk
backup=C:\WINDOWS\pss\reminder-ScanSoft Product Registration.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ASUS SmartDoctor]
C:\Program Files\ASUS\SmartDoctor\SmartDoctor.exe /start
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AWMON]
"C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDElbyCDFL]
"C:\Program Files\Elaborate Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
C:\WINDOWS\System32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GameFace Messenger]
C:\Program Files\GameFace Messenger\GameFace.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InstantAccess]
C:\PROGRA~1\TEXTBR~1.0\Bin\INSTAN~1.EXE /h
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"C:\Program Files\Messenger\msmsgs.exe" /background
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\WINDOWS\System32\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Norton Ghost 9.0]
C:\Program Files\Symantec\Norton Ghost\Agent\GhostTray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NWEReboot]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
nwiz.exe /install
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RegisterDropHandler]
C:\PROGRA~1\TEXTBR~1.0\Bin\REGIST~1.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SDTray]
"C:\Program Files\Spyware Doctor\SDTrayApp.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAX]
"C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
R0 PQV2i;PQV2i;C:\WINDOWS\System32\drivers\PQV2i.sys
R1 PQIMount;PQIMount;C:\WINDOWS\System32\drivers\PQIMount.sys
R2 SampleScanner;USB-Flachbettscanner;C:\WINDOWS\System32\DRIVERS\ArtecGT.sys
R3 AEAudioService;AEAudio Service;C:\WINDOWS\System32\drivers\AEAudio.sys
R3 AtcL001;NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Adapter;C:\WINDOWS\System32\DRIVERS\atl01_xp.sys
S1 asusgsb;ASUS Virtual Video Capture Device Driver;C:\WINDOWS\System32\drivers\asusgsb32.sys
S2 CiSvcsdCoreService;Indexing-service CiSvcsdCoreService;C:\WINDOWS\System32\rt27.exe srv
S3 kbeepm;kbeepm;\??\C:\DOCUME~1\rob\LOCALS~1\Temp\kbeepm.sys
S3 Video3D;ASUS Video3D Service;C:\WINDOWS\System32\Drivers\Video3D32.sys
*Newly Created Service* - CATCHME
.
**************************************************************************
catchme 0.3.1169 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-10-09 10:28:31
Windows 5.1.2600 Service Pack 1 NTFS
scannen van verborgen processen …
scannen van verborgen autostart items …
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
LXCFCATS = rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCFtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????
scannen van verborgen bestanden …
Scan succesvol afgerond
verborgen bestanden: 0
**************************************************************************
.
Voltooingstijd: 2007-10-09 10:28:45
C:\ComboFix-quarantined-files.txt … 2007-10-09 10:28
.
— E O F —
En nu de verse log van hijackthis:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:30:42, on 9-10-2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\System32\GEARSec.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Symantec\Norton Ghost\Agent\PQV2iSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe
C:\Program Files\ASUS\AASP\1.00.12\aaCenter.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [LXCFCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCFtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [AsusServiceProvider] C:\Program Files\ASUS\AASP\1.00.12\aaCenter.exe
O4 - HKLM\..\Run: [AsusStartupHelp] C:\Program Files\ASUS\AASP\1.00.12\AsRunHelp.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\RunServices: [RegisterDropHandler] C:\PROGRA~1\TEXTBR~1.0\Bin\REGIST~1.EXE
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O17 - HKLM\System\CCS\Services\Tcpip\..\{FBABE7BD-D178-4534-882C-DC515C68C2F9}: NameServer = 195.121.1.34 195.121.1.66
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Indexing-service CiSvcsdCoreService (CiSvcsdCoreService) - Unknown owner - C:\WINDOWS\System32\rt27.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: lxcf_device - - C:\WINDOWS\System32\lxcfcoms.exe
O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Symantec\Norton Ghost\Agent\PQV2iSvc.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
–
End of file - 6546 bytes - http://www.nationaalcomputerforum.nl/showthread.php?t=31913 :roll:
Omdat dat topic ten einde loopt zal ik hier wel een fix voor je schrijven, geef daar even aan dat je hier verder geholpen wordt geholpen.
1. Ga naar start –> uitvoeren/run en typ daar het volgende:
[b:08b01b9f6e]
sc delete CiSvcsdCoreService
[/b:08b01b9f6e]
Druk vervolgens op Ok. Er springt heel even een dos scherm op, dit is normaal.
2. Open Kladblok, kopiëer en plak het volgende (vetgedrukte tekst) in een leeg venster:
[b:08b01b9f6e]
File::
C:\WINDOWS\Property.exe
C:\WINDOWS\FCVAP64.dll
C:\WINDOWS\GetWinVer.exe
C:\WINDOWS\setreg.exe
C:\WINDOWS\system32\rt27.exe
[/b:08b01b9f6e]
Sla dit op op je Bureaublad als [b:08b01b9f6e]CFScript.txt[/b:08b01b9f6e]
Sleep [b:08b01b9f6e]CFScript.txt[/b:08b01b9f6e] in [b:08b01b9f6e]ComboFix.exe[/b:08b01b9f6e] zoals getoond in onderstaand voorbeeld :
[img:08b01b9f6e]http://img.photobucket.com/albums/v666/sUBs/CFScript.gif[/img:08b01b9f6e]
Dit zal [b:08b01b9f6e]ComboFix[/b:08b01b9f6e] doen herstarten.
Start opnieuw op als daarom gevraagd wordt en post de inhoud van de Combofix.txt in je volgende antwoord samen met een nieuw HijackThislogje.
Pim - Nou, Pim. Alles tot de letter uitgevoerd en dit is het resultaat.
Eerst combofix:
ComboFix 07-10-09.3 - rob 2007-10-09 12:06:39.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.1.1252.1.1043.18.1592 [GMT 2:00]
Gestart vanuit: C:\Documents and Settings\rob\Bureaublad\ComboFix.exe
Command switches used :: C:\Documents and Settings\rob\Bureaublad\CFScript.txt
* Nieuw herstelpunt werd aangemaakt
FILE::
C:\WINDOWS\FCVAP64.dll
C:\WINDOWS\GetWinVer.exe
C:\WINDOWS\Property.exe
C:\WINDOWS\setreg.exe
C:\WINDOWS\system32\rt27.exe
.
(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\FCVAP64.dll
C:\WINDOWS\GetWinVer.exe
C:\WINDOWS\Property.exe
C:\WINDOWS\setreg.exe
C:\WINDOWS\system32\rt27.exe
.
(((((((((((((((((((( Bestanden Gemaakt van 2007-09-09 to 2007-10-09 ))))))))))))))))))))))))))))))
.
2007-10-09 10:27 51,200 –a—— C:\WINDOWS\NirCmd.exe
2007-10-07 17:38 <DIR> d——– C:\Program Files\Trend Micro
2007-09-26 16:59 <DIR> d——– C:\Program Files\PC DUAL SHOCK
2007-09-26 16:59 86,016 –a—— C:\WINDOWS\EZFRD64.dll
2007-09-12 23:08 <DIR> d——– C:\Documents and Settings\rob\Application Data\dvdcss
2007-09-09 19:23 30,720 –a—— C:\WINDOWS\EWhiteu12.dat
2007-09-09 19:23 30,720 –a—— C:\WINDOWS\EDarku12.dat
2007-09-09 19:23 6 –a—— C:\WINDOWS\EExpou.dat
2007-09-09 19:23 4 –a—— C:\WINDOWS\AErroru3.dat
2007-09-09 19:23 3 –a—— C:\WINDOWS\EOffsetu.dat
2007-09-09 19:23 3 –a—— C:\WINDOWS\EGain6.dat
2007-09-09 15:37 <DIR> d——– C:\Program Files\SUPERAntiSpyware
2007-09-09 15:37 <DIR> d——– C:\Documents and Settings\rob\Application Data\SUPERAntiSpyware.com
2007-09-09 15:37 <DIR> d——– C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-10-09 10:07 ——— d—–w C:\Program Files\Symantec AntiVirus
2007-10-09 09:16 ——— d—–w C:\Documents and Settings\rob\Application Data\MailWasherPro
2007-10-08 16:48 ——— d—–w C:\Program Files\DOSBox-0.70
2007-10-07 15:51 ——— d—a-w C:\Documents and Settings\All Users\Application Data\TEMP
2007-10-07 15:35 ——— d—–w C:\Program Files\SpywareBlaster
2007-09-26 21:05 ——— d—–w C:\Program Files\RegClean
2007-09-26 19:19 ——— d—–w C:\Documents and Settings\All Users\Application Data\Google Updater
2007-09-26 14:59 ——— d–h–w C:\Program Files\InstallShield Installation Information
2007-09-25 18:06 ——— d—–w C:\Program Files\Lx_cats
2007-09-09 13:37 ——— d—–w C:\Program Files\Common Files\Wise Installation Wizard
2007-09-08 14:46 ——— d—–w C:\Program Files\IrfanView
2007-09-08 13:25 ——— d—–w C:\Program Files\Free CD-DA Extractor 4.8
2007-08-29 16:15 ——— d—–w C:\Documents and Settings\rob\Application Data\Lavasoft
2007-08-29 16:14 ——— d—–w C:\Program Files\Lavasoft
2007-08-20 19:56 ——— d—–w C:\Program Files\DAP
2007-08-20 15:30 ——— d—–w C:\Documents and Settings\All Users\Application Data\PC Tools
2007-08-20 15:15 ——— d—–w C:\Documents and Settings\rob\Application Data\PC Tools
.
((((((((((((((((((((((((((((( snapshot@2007-10-09_10.28.32,46 )))))))))))))))))))))))))))))))))))))))))
.
—-a-w 16,384 2007-10-09 09:59:04 C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
—-a-w 32,768 2007-10-09 09:59:04 C:\WINDOWS\system32\config\systemprofile\Local Settings\Geschiedenis\History.IE5\index.dat
—-a-w 81,920 2007-10-09 09:59:04 C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
.
—-a-w 16,384 2007-10-09 08:16:26 C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
—-a-w 32,768 2007-10-09 08:16:26 C:\WINDOWS\system32\config\systemprofile\Local Settings\Geschiedenis\History.IE5\index.dat
—-a-w 81,920 2007-10-09 08:16:26 C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"@"="" []
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2004-10-27 15:21 C:\WINDOWS\system32\HdAShCut.exe]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2005-05-18 10:00]
"SpeedTouch USB Diagnostics"="C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" [2002-11-12 11:02]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2005-06-02 09:21]
"vptray"="C:\PROGRA~1\SYMANT~1\VPTray.exe" [2005-06-23 19:27]
"HPDJ Taskbar Utility"="C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe" [2003-04-26 02:37]
"SmcService"="C:\PROGRA~1\Sygate\SPF\smc.exe" [2004-10-15 20:40]
"LXCFCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCFtime.dll" [2005-07-20 19:47]
"AsusServiceProvider"="C:\Program Files\ASUS\AASP\1.00.12\aaCenter.exe" [2006-10-23 21:28]
"AsusStartupHelp"="C:\Program Files\ASUS\AASP\1.00.12\AsRunHelp.exe" [2006-10-30 16:07]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-05-03 21:05]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices]
"RegisterDropHandler"=C:\PROGRA~1\TEXTBR~1.0\Bin\REGIST~1.EXE
[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"<NO NAME>"=
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoUserNameInStartMenu"=01000000
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Adobe Reader Snelle start.lnk]
path=C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\Adobe Reader Snelle start.lnk
backup=C:\WINDOWS\pss\Adobe Reader Snelle start.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Google Updater.lnk]
path=C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\Google Updater.lnk
backup=C:\WINDOWS\pss\Google Updater.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^ScanPanel.lnk]
path=C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\ScanPanel.lnk
backup=C:\WINDOWS\pss\ScanPanel.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^rob^Menu Start^Programma's^Opstarten^Microsoft Office Snelzoeken.lnk]
path=C:\Documents and Settings\rob\Menu Start\Programma's\Opstarten\Microsoft Office Snelzoeken.lnk
backup=C:\WINDOWS\pss\Microsoft Office Snelzoeken.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^rob^Menu Start^Programma's^Opstarten^Office Opstarten.lnk]
path=C:\Documents and Settings\rob\Menu Start\Programma's\Opstarten\Office Opstarten.lnk
backup=C:\WINDOWS\pss\Office Opstarten.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^rob^Menu Start^Programma's^Opstarten^reminder-ScanSoft Product Registration.lnk]
path=C:\Documents and Settings\rob\Menu Start\Programma's\Opstarten\reminder-ScanSoft Product Registration.lnk
backup=C:\WINDOWS\pss\reminder-ScanSoft Product Registration.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ASUS SmartDoctor]
C:\Program Files\ASUS\SmartDoctor\SmartDoctor.exe /start
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AWMON]
"C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDElbyCDFL]
"C:\Program Files\Elaborate Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
C:\WINDOWS\System32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GameFace Messenger]
C:\Program Files\GameFace Messenger\GameFace.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InstantAccess]
C:\PROGRA~1\TEXTBR~1.0\Bin\INSTAN~1.EXE /h
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"C:\Program Files\Messenger\msmsgs.exe" /background
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\WINDOWS\System32\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Norton Ghost 9.0]
C:\Program Files\Symantec\Norton Ghost\Agent\GhostTray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NWEReboot]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
nwiz.exe /install
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RegisterDropHandler]
C:\PROGRA~1\TEXTBR~1.0\Bin\REGIST~1.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SDTray]
"C:\Program Files\Spyware Doctor\SDTrayApp.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAX]
"C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
R0 PQV2i;PQV2i;C:\WINDOWS\System32\drivers\PQV2i.sys
R1 PQIMount;PQIMount;C:\WINDOWS\System32\drivers\PQIMount.sys
R2 SampleScanner;USB-Flachbettscanner;C:\WINDOWS\System32\DRIVERS\ArtecGT.sys
R3 AEAudioService;AEAudio Service;C:\WINDOWS\System32\drivers\AEAudio.sys
R3 AtcL001;NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Adapter;C:\WINDOWS\System32\DRIVERS\atl01_xp.sys
S1 asusgsb;ASUS Virtual Video Capture Device Driver;C:\WINDOWS\System32\drivers\asusgsb32.sys
S3 kbeepm;kbeepm;\??\C:\DOCUME~1\rob\LOCALS~1\Temp\kbeepm.sys
S3 Video3D;ASUS Video3D Service;C:\WINDOWS\System32\Drivers\Video3D32.sys
.
**************************************************************************
catchme 0.3.1169 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-10-09 12:09:02
Windows 5.1.2600 Service Pack 1 NTFS
scannen van verborgen processen …
scannen van verborgen autostart items …
scannen van verborgen bestanden …
Scan succesvol afgerond
verborgen bestanden: 0
**************************************************************************
.
Voltooingstijd: 2007-10-09 12:09:37 - machine was rebooted
C:\ComboFix-quarantined-files.txt … 2007-10-09 12:09
C:\ComboFix2.txt … 2007-10-09 10:28
.
— E O F —
En nu de verse hijack this:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:12:10, on 9-10-2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\System32\GEARSec.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Symantec\Norton Ghost\Agent\PQV2iSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe
C:\Program Files\ASUS\AASP\1.00.12\aaCenter.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [LXCFCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCFtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [AsusServiceProvider] C:\Program Files\ASUS\AASP\1.00.12\aaCenter.exe
O4 - HKLM\..\Run: [AsusStartupHelp] C:\Program Files\ASUS\AASP\1.00.12\AsRunHelp.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\RunServices: [RegisterDropHandler] C:\PROGRA~1\TEXTBR~1.0\Bin\REGIST~1.EXE
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O17 - HKLM\System\CCS\Services\Tcpip\..\{FBABE7BD-D178-4534-882C-DC515C68C2F9}: NameServer = 195.121.1.34 195.121.1.66
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: lxcf_device - - C:\WINDOWS\System32\lxcfcoms.exe
O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Symantec\Norton Ghost\Agent\PQV2iSvc.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
–
End of file - 6449 bytes
Vraag me trouwens wel af, waarom svchost.exe in hijack this driemaal voorkomt.
Groeten, Rob. - [quote:233594ce90]
Vraag me trouwens wel af, waarom svchost.exe in hijack this driemaal voorkomt.
[/quote:233594ce90]
Dit is normaal, lees dit eens door:
http://www.helpmij.nl/forum/archive/index.php/t-248155.html
Ik zie trouwens wel dat ik nog één bestandje vergeten ben met me domme kop :oops:
Verwijder de CFscript dat nu op je bureaublad staat!
Download ATF Cleaner ( van Atribune)
Dubbelklik op [b:233594ce90]ATF cleaner[/b:233594ce90] om het programma te starten.
Op het tabblad "Main", plaats je een vinkje bij Select All. Haal het vinkje weg bij Prefetch.
Klik op de knop Empty Selected.
Gebruik je ook [b:233594ce90]Firefox[/b:233594ce90] als browser:
Klik op tabblad "Firefox", plaats een vinkje bij Select All.
Wil je de door Firefox opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op "No".
(dit verwijdert het vinkje bij "Firefox saved passwords"
Klik op de knop Empty Selected.
Gebruik je ook [b:233594ce90]Opera[/b:233594ce90] als browser:
Klik op tabblad "Opera", plaats een vinkje bij Select All.
Wil je de door Opera opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op "No".
Klik op de knop Empty Selected.
Ga naar het tabblad "Main" en klik op de knop [b:233594ce90]Exit[/b:233594ce90] om het programma af te sluiten.
Open Kladblok, kopiëer en plak het volgende (vetgedrukte tekst) in een leeg venster:
[b:233594ce90]
C:\WINDOWS\EZFRD64.dll
[/b:233594ce90]
Sla dit op op je Bureaublad als [b:233594ce90]CFScript.txt[/b:233594ce90]
Sleep [b:233594ce90]CFScript.txt[/b:233594ce90] in [b:233594ce90]ComboFix.exe[/b:233594ce90] zoals getoond in onderstaand voorbeeld :
[img:233594ce90]http://img.photobucket.com/albums/v666/sUBs/CFScript.gif[/img:233594ce90]
Dit zal [b:233594ce90]ComboFix[/b:233594ce90] doen herstarten.
Start opnieuw op als daarom gevraagd wordt en post de inhoud van de Combofix.txt in je volgende antwoord samen met een nieuw HijackThislogje.
Pim - Nou, Pim, dev olgende stap.
ComboFix 07-10-09.3 - rob 2007-10-09 12:57:20.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.1.1252.1.1043.18.1565 [GMT 2:00]
Gestart vanuit: C:\Documents and Settings\rob\Bureaublad\ComboFix.exe
Command switches used :: C:\Documents and Settings\rob\Bureaublad\CFScript.txt
* Nieuw herstelpunt werd aangemaakt
.
(((((((((((((((((((( Bestanden Gemaakt van 2007-09-09 to 2007-10-09 ))))))))))))))))))))))))))))))
.
2007-10-09 10:27 51,200 –a—— C:\WINDOWS\NirCmd.exe
2007-10-07 17:38 <DIR> d——– C:\Program Files\Trend Micro
2007-09-26 16:59 <DIR> d——– C:\Program Files\PC DUAL SHOCK
2007-09-26 16:59 86,016 –a—— C:\WINDOWS\EZFRD64.dll
2007-09-12 23:08 <DIR> d——– C:\Documents and Settings\rob\Application Data\dvdcss
2007-09-09 19:23 30,720 –a—— C:\WINDOWS\EWhiteu12.dat
2007-09-09 19:23 30,720 –a—— C:\WINDOWS\EDarku12.dat
2007-09-09 19:23 6 –a—— C:\WINDOWS\EExpou.dat
2007-09-09 19:23 4 –a—— C:\WINDOWS\AErroru3.dat
2007-09-09 19:23 3 –a—— C:\WINDOWS\EOffsetu.dat
2007-09-09 19:23 3 –a—— C:\WINDOWS\EGain6.dat
2007-09-09 15:37 <DIR> d——– C:\Program Files\SUPERAntiSpyware
2007-09-09 15:37 <DIR> d——– C:\Documents and Settings\rob\Application Data\SUPERAntiSpyware.com
2007-09-09 15:37 <DIR> d——– C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-10-09 10:43 ——— d—–w C:\Program Files\DOSBox-0.70
2007-10-09 10:09 ——— d—–w C:\Program Files\Symantec AntiVirus
2007-10-09 09:16 ——— d—–w C:\Documents and Settings\rob\Application Data\MailWasherPro
2007-10-07 15:51 ——— d—a-w C:\Documents and Settings\All Users\Application Data\TEMP
2007-10-07 15:35 ——— d—–w C:\Program Files\SpywareBlaster
2007-09-26 21:05 ——— d—–w C:\Program Files\RegClean
2007-09-26 19:19 ——— d—–w C:\Documents and Settings\All Users\Application Data\Google Updater
2007-09-26 14:59 ——— d–h–w C:\Program Files\InstallShield Installation Information
2007-09-25 18:06 ——— d—–w C:\Program Files\Lx_cats
2007-09-09 13:37 ——— d—–w C:\Program Files\Common Files\Wise Installation Wizard
2007-09-08 14:46 ——— d—–w C:\Program Files\IrfanView
2007-09-08 13:25 ——— d—–w C:\Program Files\Free CD-DA Extractor 4.8
2007-08-29 16:15 ——— d—–w C:\Documents and Settings\rob\Application Data\Lavasoft
2007-08-29 16:14 ——— d—–w C:\Program Files\Lavasoft
2007-08-20 19:56 ——— d—–w C:\Program Files\DAP
2007-08-20 15:30 ——— d—–w C:\Documents and Settings\All Users\Application Data\PC Tools
2007-08-20 15:15 ——— d—–w C:\Documents and Settings\rob\Application Data\PC Tools
.
((((((((((((((((((((((((((((( snapshot@2007-10-09_10.28.32,46 )))))))))))))))))))))))))))))))))))))))))
.
—-a-w 16,384 2007-10-09 10:08:44 C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
—-a-w 32,768 2007-10-09 10:08:44 C:\WINDOWS\system32\config\systemprofile\Local Settings\Geschiedenis\History.IE5\index.dat
—-a-w 32,768 2007-10-09 10:08:44 C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
.
—-a-w 16,384 2007-10-09 08:16:26 C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
—-a-w 32,768 2007-10-09 08:16:26 C:\WINDOWS\system32\config\systemprofile\Local Settings\Geschiedenis\History.IE5\index.dat
—-a-w 81,920 2007-10-09 08:16:26 C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2004-10-27 15:21 C:\WINDOWS\system32\HdAShCut.exe]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2005-05-18 10:00]
"SpeedTouch USB Diagnostics"="C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" [2002-11-12 11:02]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2005-06-02 09:21]
"vptray"="C:\PROGRA~1\SYMANT~1\VPTray.exe" [2005-06-23 19:27]
"HPDJ Taskbar Utility"="C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe" [2003-04-26 02:37]
"SmcService"="C:\PROGRA~1\Sygate\SPF\smc.exe" [2004-10-15 20:40]
"LXCFCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCFtime.dll" [2005-07-20 19:47]
"AsusServiceProvider"="C:\Program Files\ASUS\AASP\1.00.12\aaCenter.exe" [2006-10-23 21:28]
"AsusStartupHelp"="C:\Program Files\ASUS\AASP\1.00.12\AsRunHelp.exe" [2006-10-30 16:07]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-05-03 21:05]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices]
"RegisterDropHandler"=C:\PROGRA~1\TEXTBR~1.0\Bin\REGIST~1.EXE
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoUserNameInStartMenu"=01000000
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Adobe Reader Snelle start.lnk]
path=C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\Adobe Reader Snelle start.lnk
backup=C:\WINDOWS\pss\Adobe Reader Snelle start.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Google Updater.lnk]
path=C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\Google Updater.lnk
backup=C:\WINDOWS\pss\Google Updater.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^ScanPanel.lnk]
path=C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\ScanPanel.lnk
backup=C:\WINDOWS\pss\ScanPanel.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^rob^Menu Start^Programma's^Opstarten^Microsoft Office Snelzoeken.lnk]
path=C:\Documents and Settings\rob\Menu Start\Programma's\Opstarten\Microsoft Office Snelzoeken.lnk
backup=C:\WINDOWS\pss\Microsoft Office Snelzoeken.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^rob^Menu Start^Programma's^Opstarten^Office Opstarten.lnk]
path=C:\Documents and Settings\rob\Menu Start\Programma's\Opstarten\Office Opstarten.lnk
backup=C:\WINDOWS\pss\Office Opstarten.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^rob^Menu Start^Programma's^Opstarten^reminder-ScanSoft Product Registration.lnk]
path=C:\Documents and Settings\rob\Menu Start\Programma's\Opstarten\reminder-ScanSoft Product Registration.lnk
backup=C:\WINDOWS\pss\reminder-ScanSoft Product Registration.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ASUS SmartDoctor]
C:\Program Files\ASUS\SmartDoctor\SmartDoctor.exe /start
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AWMON]
"C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDElbyCDFL]
"C:\Program Files\Elaborate Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
C:\WINDOWS\System32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GameFace Messenger]
C:\Program Files\GameFace Messenger\GameFace.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InstantAccess]
C:\PROGRA~1\TEXTBR~1.0\Bin\INSTAN~1.EXE /h
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"C:\Program Files\Messenger\msmsgs.exe" /background
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\WINDOWS\System32\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Norton Ghost 9.0]
C:\Program Files\Symantec\Norton Ghost\Agent\GhostTray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NWEReboot]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
nwiz.exe /install
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RegisterDropHandler]
C:\PROGRA~1\TEXTBR~1.0\Bin\REGIST~1.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SDTray]
"C:\Program Files\Spyware Doctor\SDTrayApp.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAX]
"C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
R0 PQV2i;PQV2i;C:\WINDOWS\System32\drivers\PQV2i.sys
R1 PQIMount;PQIMount;C:\WINDOWS\System32\drivers\PQIMount.sys
R2 SampleScanner;USB-Flachbettscanner;C:\WINDOWS\System32\DRIVERS\ArtecGT.sys
R3 AEAudioService;AEAudio Service;C:\WINDOWS\System32\drivers\AEAudio.sys
R3 AtcL001;NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Adapter;C:\WINDOWS\System32\DRIVERS\atl01_xp.sys
S1 asusgsb;ASUS Virtual Video Capture Device Driver;C:\WINDOWS\System32\drivers\asusgsb32.sys
S3 kbeepm;kbeepm;\??\C:\DOCUME~1\rob\LOCALS~1\Temp\kbeepm.sys
S3 Video3D;ASUS Video3D Service;C:\WINDOWS\System32\Drivers\Video3D32.sys
.
**************************************************************************
catchme 0.3.1169 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-10-09 12:57:58
Windows 5.1.2600 Service Pack 1 NTFS
scannen van verborgen processen …
scannen van verborgen autostart items …
scannen van verborgen bestanden …
Scan succesvol afgerond
verborgen bestanden: 0
**************************************************************************
.
Voltooingstijd: 2007-10-09 12:58:15
C:\ComboFix-quarantined-files.txt … 2007-10-09 12:58
C:\ComboFix2.txt … 2007-10-09 12:09
C:\ComboFix3.txt … 2007-10-09 10:28
.
— E O F —
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:58:28, on 9-10-2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\System32\GEARSec.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Symantec\Norton Ghost\Agent\PQV2iSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe
C:\Program Files\ASUS\AASP\1.00.12\aaCenter.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\internet explorer\iexplore.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [LXCFCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCFtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [AsusServiceProvider] C:\Program Files\ASUS\AASP\1.00.12\aaCenter.exe
O4 - HKLM\..\Run: [AsusStartupHelp] C:\Program Files\ASUS\AASP\1.00.12\AsRunHelp.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\RunServices: [RegisterDropHandler] C:\PROGRA~1\TEXTBR~1.0\Bin\REGIST~1.EXE
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O17 - HKLM\System\CCS\Services\Tcpip\..\{FBABE7BD-D178-4534-882C-DC515C68C2F9}: NameServer = 195.121.1.34 195.121.1.66
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: lxcf_device - - C:\WINDOWS\System32\lxcfcoms.exe
O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Symantec\Norton Ghost\Agent\PQV2iSvc.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
–
End of file - 6393 bytes
Ben benieuwd wat dit oplevert.
Groeten, Rob. - Ik zit te slapen hier :oops:
Best dat je onderstaande instructies even uitprint of opslaat, je moet namelijk in veilige
modus gaan werken en daar kan je deze webpagina niet terugvinden omdat je geen internet hebt.
Herstart je computer in veilige modus:
http://www.hijackthis.nl/veiligemodus.html
Zorg ervoor dat alle verborgen bestanden en mappen weergegeven worden.
Zet in configuratiescherm-mapoptie's eerst een vinkje bij verborgen bestanden en mappen weergeven
en haal het vinkje weg bij extensie's voor bekende bestandstypen verbergen en bij beschermde besturingsbestanden verbergen ( aanbevolen), klik op toepassen en OK
Leeg je Temp-mappen (Let op : de mappen leegmaken, niet verwijderen !!):
C:\Windows\[b:76fe74954d]Temp[/b:76fe74954d]
C:\Documents and Settings\<profielnaam>\Local Settings\[b:76fe74954d]Temp[/b:76fe74954d]
C:\Documents and Settings\<profielnaam>\Local Settings\[b:76fe74954d]Temporary Internet Files[/b:76fe74954d]
C:\Documents and Settings\<profielnaam>\Local Settings\Temporary Internet Files\[b:76fe74954d]content.ie5[/b:76fe74954d]
Als de laatste map niet wordt weergegeven, ga dan naar de map Temporary Internet Files en type er \content.ie5 achter in de adresbalk en klik enter.
Verwijder onderstaand bestand:
C:\WINDOWS\[b:76fe74954d]EZFRD64.dll [/b:76fe74954d]
Maak je prullenbak leeg.
Herstart je computer in normale modus en maak een nieuw combofix logje.
Hoe is het inmiddels met je problemen?
Pim - Nou, Pim, dit is de laatste stand.
Alles in safe mode uitgevoerd en dit is het logje.
ComboFix 07-10-09.3 - rob 2007-10-09 15:45:37.4 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.1.1252.1.1043.18.1533 [GMT 2:00]
Gestart vanuit: C:\Documents and Settings\rob\Bureaublad\ComboFix.exe
.
(((((((((((((((((((( Bestanden Gemaakt van 2007-09-09 to 2007-10-09 ))))))))))))))))))))))))))))))
.
2007-10-09 10:27 51,200 –a—— C:\WINDOWS\NirCmd.exe
2007-10-07 17:38 <DIR> d——– C:\Program Files\Trend Micro
2007-09-26 16:59 <DIR> d——– C:\Program Files\PC DUAL SHOCK
2007-09-12 23:08 <DIR> d——– C:\Documents and Settings\rob\Application Data\dvdcss
2007-09-09 19:23 30,720 –a—— C:\WINDOWS\EWhiteu12.dat
2007-09-09 19:23 30,720 –a—— C:\WINDOWS\EDarku12.dat
2007-09-09 19:23 6 –a—— C:\WINDOWS\EExpou.dat
2007-09-09 19:23 4 –a—— C:\WINDOWS\AErroru3.dat
2007-09-09 19:23 3 –a—— C:\WINDOWS\EOffsetu.dat
2007-09-09 19:23 3 –a—— C:\WINDOWS\EGain6.dat
2007-09-09 15:37 <DIR> d——– C:\Program Files\SUPERAntiSpyware
2007-09-09 15:37 <DIR> d——– C:\Documents and Settings\rob\Application Data\SUPERAntiSpyware.com
2007-09-09 15:37 <DIR> d——– C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-10-09 13:44 ——— d—–w C:\Program Files\Symantec AntiVirus
2007-10-09 13:34 ——— d—–w C:\Program Files\Lx_cats
2007-10-09 10:43 ——— d—–w C:\Program Files\DOSBox-0.70
2007-10-09 09:16 ——— d—–w C:\Documents and Settings\rob\Application Data\MailWasherPro
2007-10-07 15:51 ——— d—a-w C:\Documents and Settings\All Users\Application Data\TEMP
2007-10-07 15:35 ——— d—–w C:\Program Files\SpywareBlaster
2007-09-26 21:05 ——— d—–w C:\Program Files\RegClean
2007-09-26 19:19 ——— d—–w C:\Documents and Settings\All Users\Application Data\Google Updater
2007-09-26 14:59 ——— d–h–w C:\Program Files\InstallShield Installation Information
2007-09-09 13:37 ——— d—–w C:\Program Files\Common Files\Wise Installation Wizard
2007-09-08 14:46 ——— d—–w C:\Program Files\IrfanView
2007-09-08 13:25 ——— d—–w C:\Program Files\Free CD-DA Extractor 4.8
2007-08-29 16:15 ——— d—–w C:\Documents and Settings\rob\Application Data\Lavasoft
2007-08-29 16:14 ——— d—–w C:\Program Files\Lavasoft
2007-08-20 19:56 ——— d—–w C:\Program Files\DAP
2007-08-20 15:30 ——— d—–w C:\Documents and Settings\All Users\Application Data\PC Tools
2007-08-20 15:15 ——— d—–w C:\Documents and Settings\rob\Application Data\PC Tools
.
((((((((((((((((((((((((((((( snapshot@2007-10-09_10.28.32,46 )))))))))))))))))))))))))))))))))))))))))
.
—-a-w 16,384 2007-10-09 13:44:16 C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
—-a-w 32,768 2007-10-09 13:44:16 C:\WINDOWS\system32\config\systemprofile\Local Settings\Geschiedenis\History.IE5\index.dat
—-a-w 32,768 2007-10-09 13:44:16 C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
.
—-a-w 16,384 2007-10-09 08:16:26 C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
—-a-w 32,768 2007-10-09 08:16:26 C:\WINDOWS\system32\config\systemprofile\Local Settings\Geschiedenis\History.IE5\index.dat
—-a-w 81,920 2007-10-09 08:16:26 C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2004-10-27 15:21 C:\WINDOWS\system32\HdAShCut.exe]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2005-05-18 10:00]
"SpeedTouch USB Diagnostics"="C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" [2002-11-12 11:02]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2005-06-02 09:21]
"vptray"="C:\PROGRA~1\SYMANT~1\VPTray.exe" [2005-06-23 19:27]
"HPDJ Taskbar Utility"="C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe" [2003-04-26 02:37]
"SmcService"="C:\PROGRA~1\Sygate\SPF\smc.exe" [2004-10-15 20:40]
"LXCFCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCFtime.dll" [2005-07-20 19:47]
"AsusServiceProvider"="C:\Program Files\ASUS\AASP\1.00.12\aaCenter.exe" [2006-10-23 21:28]
"AsusStartupHelp"="C:\Program Files\ASUS\AASP\1.00.12\AsRunHelp.exe" [2006-10-30 16:07]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-05-03 21:05]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices]
"RegisterDropHandler"=C:\PROGRA~1\TEXTBR~1.0\Bin\REGIST~1.EXE
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoUserNameInStartMenu"=01000000
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Adobe Reader Snelle start.lnk]
path=C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\Adobe Reader Snelle start.lnk
backup=C:\WINDOWS\pss\Adobe Reader Snelle start.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Google Updater.lnk]
path=C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\Google Updater.lnk
backup=C:\WINDOWS\pss\Google Updater.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^ScanPanel.lnk]
path=C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\ScanPanel.lnk
backup=C:\WINDOWS\pss\ScanPanel.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^rob^Menu Start^Programma's^Opstarten^Microsoft Office Snelzoeken.lnk]
path=C:\Documents and Settings\rob\Menu Start\Programma's\Opstarten\Microsoft Office Snelzoeken.lnk
backup=C:\WINDOWS\pss\Microsoft Office Snelzoeken.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^rob^Menu Start^Programma's^Opstarten^Office Opstarten.lnk]
path=C:\Documents and Settings\rob\Menu Start\Programma's\Opstarten\Office Opstarten.lnk
backup=C:\WINDOWS\pss\Office Opstarten.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^rob^Menu Start^Programma's^Opstarten^reminder-ScanSoft Product Registration.lnk]
path=C:\Documents and Settings\rob\Menu Start\Programma's\Opstarten\reminder-ScanSoft Product Registration.lnk
backup=C:\WINDOWS\pss\reminder-ScanSoft Product Registration.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ASUS SmartDoctor]
C:\Program Files\ASUS\SmartDoctor\SmartDoctor.exe /start
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AWMON]
"C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDElbyCDFL]
"C:\Program Files\Elaborate Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
C:\WINDOWS\System32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GameFace Messenger]
C:\Program Files\GameFace Messenger\GameFace.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InstantAccess]
C:\PROGRA~1\TEXTBR~1.0\Bin\INSTAN~1.EXE /h
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"C:\Program Files\Messenger\msmsgs.exe" /background
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\WINDOWS\System32\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Norton Ghost 9.0]
C:\Program Files\Symantec\Norton Ghost\Agent\GhostTray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NWEReboot]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
nwiz.exe /install
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RegisterDropHandler]
C:\PROGRA~1\TEXTBR~1.0\Bin\REGIST~1.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SDTray]
"C:\Program Files\Spyware Doctor\SDTrayApp.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAX]
"C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
R0 PQV2i;PQV2i;C:\WINDOWS\System32\drivers\PQV2i.sys
R1 PQIMount;PQIMount;C:\WINDOWS\System32\drivers\PQIMount.sys
R2 SampleScanner;USB-Flachbettscanner;C:\WINDOWS\System32\DRIVERS\ArtecGT.sys
R3 AEAudioService;AEAudio Service;C:\WINDOWS\System32\drivers\AEAudio.sys
R3 AtcL001;NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Adapter;C:\WINDOWS\System32\DRIVERS\atl01_xp.sys
S1 asusgsb;ASUS Virtual Video Capture Device Driver;C:\WINDOWS\System32\drivers\asusgsb32.sys
S3 kbeepm;kbeepm;\??\C:\DOCUME~1\rob\LOCALS~1\Temp\kbeepm.sys
S3 Video3D;ASUS Video3D Service;C:\WINDOWS\System32\Drivers\Video3D32.sys
.
**************************************************************************
catchme 0.3.1169 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-10-09 15:46:17
Windows 5.1.2600 Service Pack 1 NTFS
scannen van verborgen processen …
scannen van verborgen autostart items …
scannen van verborgen bestanden …
Scan succesvol afgerond
verborgen bestanden: 0
**************************************************************************
.
Voltooingstijd: 2007-10-09 15:46:33
C:\ComboFix-quarantined-files.txt … 2007-10-09 15:46
C:\ComboFix2.txt … 2007-10-09 12:58
C:\ComboFix3.txt … 2007-10-09 12:09
.
— E O F —
Geen problemen meer gehad, maar dat moet je toch over een langere tijd bekijken, maar tot zover geen trammelant.
Als alles klaar is, maak ik ook gelijk weer even een image aan in ghost.
Groeten, Rob. - Systeemherstel blijft bij mij uitgeschakeld, daar ik Norton Ghost gebruik.
Ik heb nu een image van de huidige situatie van C:\ opgeslagen op een backup-partitie en als er wat fout is, zet ik die binnen 5 minuten terug en draait alles weer als op het momeny dat ik de image maakte.
Verbaast me trouwens, ik heb symantec antivirus 10.0, sygate firewall, spywareblaster, ad aware SE professional, AVG antispyware en superantispyware en regelmatig update en scan ik de boel en toch overkomt je deze ellende nog.
Maar vorlopig gaan we weer als een trein.
Pim, ontzettend bedankt voor het diepgaand uitmesten van mijn PC.
Rob. - Graag gedaan Rob,
Zo zie je maar weer dat je niet voorzichtig genoeg kan zijn!
Beantwoord deze vraag
Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.
