Vraag & Antwoord

Beveiliging & privacy

hijackthis

Anoniem
Jaimie
4 antwoorden
  • Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 0:27:05, on 28/10/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
    C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
    C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\WINDOWS\System32\00THotkey.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\Program Files\SigmaTel\SigmaTel AC97 audiostuurprogramma's\stacmon.exe
    C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\WINDOWS\LTSMMSG.exe
    C:\WINDOWS\system32\TFNF5.exe
    C:\Program Files\Spyware Doctor\svcntaux.exe
    C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
    C:\WINDOWS\system32\TPSMain.exe
    C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
    C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
    C:\WINDOWS\system32\TPSBattM.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
    C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\Spyware Doctor\SDTrayApp.exe
    C:\Program Files\Spyware Doctor\swdsvc.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
    C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\alg.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\system32\NOTEPAD.EXE
    C:\Program Files\Opera\Opera.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
    C:\WINDOWS\System32\wbem\wmiprvse.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.be/0SENLBE/SAOS01?FORM=TOOLBR
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.be/0SENLBE/SAOS01?FORM=TOOLBR
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
    O4 - HKLM\..\Run: [00THotkey] C:\WINDOWS\System32\00THotkey.exe
    O4 - HKLM\..\Run: [000StTHK] 000StTHK.exe
    O4 - HKLM\..\Run: [SigmaTel StacMon] C:\Program Files\SigmaTel\SigmaTel AC97 audiostuurprogramma's\stacmon.exe
    O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [LTSMMSG] LTSMMSG.exe
    O4 - HKLM\..\Run: [TFNF5] TFNF5.exe
    O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
    O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
    O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
    O4 - HKLM\..\Run: [TouchED] C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [BearFlix] "C:\Program Files\BearFlix\BearFlix.exe" /pause
    O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe"
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service')
    O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'Lokale service')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: Adobe Reader Snelle start.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
    O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Openen in een nieuwe achtergrondtab - res://C:\Program Files\Windows Live Toolbar\Components\nl-be\msntabres.dll.mui/229?5e8f926a371e486f968d9b2605afe8f0
    O8 - Extra context menu item: Openen in een nieuwe voorgrondtab - res://C:\Program Files\Windows Live Toolbar\Components\nl-be\msntabres.dll.mui/230?5e8f926a371e486f968d9b2605afe8f0
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
    O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
    O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://tabita17.spaces.live.com//PhotoUpload/MsnPUpld.cab
    O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
    O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
    O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
    O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
    O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
    O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe


    End of file - 9292 bytes

    ———- BENDEBOYS MSNFIX RAPORT ———-
    - Version: 3.5.0.14 - Last Update: 18/10/07
    - Scan performed on: zo 28/10/2007 - 0:21:35,00 By Tabitake
    - Bootmode: Safe Mode

    ((((((((((((((( CREATED FILES LAST MONTH )))))))))))))))

    2007-09-28 -18:05:40 - A…. "C:\WINDOWS\system32\DivX.dll"
    2007-09-28 -18:08:18 - A…. "C:\WINDOWS\system32\DivXCodecVersionChecker.exe"
    2007-09-28 -18:07:54 - A…. "C:\WINDOWS\system32\DivXsm.exe"
    2007-09-28 -18:05:08 - A…. "C:\WINDOWS\system32\DivXWMPExtType.dll"
    2007-09-28 -18:05:40 - A…. "C:\WINDOWS\system32\divx_xx0c.dll"
    2007-09-28 -18:05:40 - A…. "C:\WINDOWS\system32\divx_xx07.dll"
    2007-09-28 -18:05:40 - A…. "C:\WINDOWS\system32\divx_xx11.dll"
    2007-09-28 -18:05:50 - A…. "C:\WINDOWS\system32\dpl100.dll"
    2007-09-28 -18:05:42 - A…. "C:\WINDOWS\system32\dpu10.dll"
    2007-09-28 -18:05:42 - A…. "C:\WINDOWS\system32\dpu11.dll"
    2007-09-28 -18:05:44 - A…. "C:\WINDOWS\system32\dpuGUI10.dll"
    2007-09-28 -18:05:42 - A…. "C:\WINDOWS\system32\dpuGUI11.dll"
    2007-09-28 -18:05:42 - A…. "C:\WINDOWS\system32\dpus11.dll"
    2007-09-28 -18:05:42 - A…. "C:\WINDOWS\system32\dpv11.dll"
    2007-09-28 -18:05:50 - A…. "C:\WINDOWS\system32\dtu100.dll"
    2007-09-28 -18:07:44 - A…. "C:\WINDOWS\system32\libdivx.dll"
    2007-09-28 - 7:19:40 - A…. "C:\WINDOWS\system32\MRT.exe"
    2007-09-28 -18:07:48 - ….. "C:\WINDOWS\system32\px.dll"
    2007-09-28 -18:07:48 - ….. "C:\WINDOWS\system32\pxafs.dll"
    2007-09-28 -18:07:48 - ….. "C:\WINDOWS\system32\pxcpya64.exe"
    2007-09-28 -18:07:48 - ….. "C:\WINDOWS\system32\pxcpyi64.exe"
    2007-09-28 -18:07:48 - ….. "C:\WINDOWS\system32\pxdrv.dll"
    2007-09-28 -18:07:50 - ….. "C:\WINDOWS\system32\pxhpinst.exe"
    2007-09-28 -18:07:48 - ….. "C:\WINDOWS\system32\pxinsa64.exe"
    2007-09-28 -18:07:48 - ….. "C:\WINDOWS\system32\pxinsi64.exe"
    2007-09-28 -18:07:50 - ….. "C:\WINDOWS\system32\pxmas.dll"
    2007-09-28 -18:07:50 - ….. "C:\WINDOWS\system32\pxsfs.dll"
    2007-09-28 -18:07:50 - ….. "C:\WINDOWS\system32\pxwave.dll"
    2007-09-28 -18:07:52 - A…. "C:\WINDOWS\system32\qt-dx331.dll"
    2007-09-28 -18:07:44 - A…. "C:\WINDOWS\system32\ssldivx.dll"
    2007-09-28 -18:07:48 - ….. "C:\WINDOWS\system32\vxblock.dll"

    ((((((((((((((( FOUND FILES )))))))))))))))

    »»» Nothing Found.
    »»» HOSTS-file has been cleaned.

    ((((((((((((((( ShellServiceObjectDelayLoad )))))))))))))))

    Windows Registry Editor Version 5.00

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
    "PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
    "CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
    "WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
    "SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"
    "WPDShServiceObj"="{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"

    ———- END OF LOG ———-
  • Start Hijackthis op en kies voor 'Do a system scan only'
    Selecteer alleen de items die hieronder zijn genoemd:
    [b:c03aea1a11]
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    [/b:c03aea1a11]
    Sluit alle vensters behalve Hijackthis
    Klik op 'Fix checked' om de items te verwijderen.

    Download [b:c03aea1a11] naar je Bureaublad.[list:c03aea1a11]
    Dubbelklik op [b:c03aea1a11]Combofix.exe[/b:c03aea1a11]
    Volg de instructies, aanvaard de disclaimer door [b:c03aea1a11]1[/b:c03aea1a11] (continue) te typen gevolgd door [b:c03aea1a11]ENTER[/b:c03aea1a11].
    Tijdens het runnen van de fix, [b:c03aea1a11]NIET[/b:c03aea1a11] in het venster klikken, want dit zal je pc doen vasthangen.[/list:u:c03aea1a11]
    Wanneer de fix voltooid is en na herstart, zal de log [b:c03aea1a11]combofix.txt[/b:c03aea1a11] openen.
    [i:c03aea1a11]Plaats deze log in je volgende post samen met een nieuw HijackThis log.[/i:c03aea1a11]

    OPMERKING: Indien je virusscanner reageert tijdens het downloaden of gebruik van Combofix, mag je dit negeren.
  • Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 21:22:05, on 28/10/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
    C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
    C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\WINDOWS\System32\nvsvc32.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\00THotkey.exe
    C:\Program Files\SigmaTel\SigmaTel AC97 audiostuurprogramma's\stacmon.exe
    C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\WINDOWS\LTSMMSG.exe
    C:\WINDOWS\system32\TFNF5.exe
    C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
    C:\WINDOWS\system32\TPSMain.exe
    C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
    C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
    C:\WINDOWS\system32\TPSBattM.exe
    C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
    C:\Program Files\MSN Messenger\usnsvc.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\explorer.exe
    C:\WINDOWS\system32\notepad.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.be/0SENLBE/SAOS01?FORM=TOOLBR
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
    O4 - HKLM\..\Run: [00THotkey] C:\WINDOWS\System32\00THotkey.exe
    O4 - HKLM\..\Run: [000StTHK] 000StTHK.exe
    O4 - HKLM\..\Run: [SigmaTel StacMon] C:\Program Files\SigmaTel\SigmaTel AC97 audiostuurprogramma's\stacmon.exe
    O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [LTSMMSG] LTSMMSG.exe
    O4 - HKLM\..\Run: [TFNF5] TFNF5.exe
    O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
    O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
    O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
    O4 - HKLM\..\Run: [TouchED] C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [BearFlix] "C:\Program Files\BearFlix\BearFlix.exe" /pause
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service')
    O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'Lokale service')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: Adobe Reader Snelle start.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
    O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Openen in een nieuwe achtergrondtab - res://C:\Program Files\Windows Live Toolbar\Components\nl-be\msntabres.dll.mui/229?5e8f926a371e486f968d9b2605afe8f0
    O8 - Extra context menu item: Openen in een nieuwe voorgrondtab - res://C:\Program Files\Windows Live Toolbar\Components\nl-be\msntabres.dll.mui/230?5e8f926a371e486f968d9b2605afe8f0
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
    O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
    O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://tabita17.spaces.live.com//PhotoUpload/MsnPUpld.cab
    O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
    O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
    O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
    O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe


    End of file - 8421 bytes

    ComboFix 07-10-28.2 - Tabitake 2007-10-28 21:18:45.1 - NTFSx86
    Microsoft Windows XP Home Edition 5.1.2600.2.1252.31.1043.18.190 [GMT 1:00]
    Gestart vanuit: C:\Documents and Settings\Tabitake\Bureaublad\ComboFix.exe
    * Nieuw herstelpunt werd aangemaakt
    .

    (((((((((((((((((((( Bestanden Gemaakt van 2007-09-28 to 2007-10-28 ))))))))))))))))))))))))))))))
    .

    2007-10-28 21:17 51,200 –a—— C:\WINDOWS\NirCmd.exe
    2007-10-28 10:22 <DIR> d——– C:\WINDOWS\Sun
    2007-10-28 10:22 <DIR> d-a—— C:\Documents and Settings\All Users\Application Data\TEMP
    2007-10-28 10:22 <DIR> dr-h—– C:\Documents and Settings\Administrator\Onlangs geopend
    2007-10-28 10:22 <DIR> d–h—– C:\Documents and Settings\Administrator\Netwerkprinteromgeving
    2007-10-28 10:22 <DIR> dr——- C:\Documents and Settings\Administrator\Mijn documenten
    2007-10-28 10:22 <DIR> dr——- C:\Documents and Settings\Administrator\Menu Start
    2007-10-28 10:22 <DIR> d——– C:\Documents and Settings\Administrator\Bureaublad
    2007-10-27 23:12 <DIR> d——– C:\BendeBoy
    2007-10-27 23:00 <DIR> d——– C:\Program Files\Trend Micro
    2007-10-27 23:00 626,688 –a—— C:\WINDOWS\system32\msvcr80.dll
    2007-10-27 22:36 <DIR> d–h—– C:\Documents and Settings\Administrator\Sjablonen
    2007-10-27 22:36 <DIR> dr——- C:\Documents and Settings\Administrator\Favorieten
    2007-10-27 21:40 <DIR> d——– C:\Documents and Settings\Tabitake\.housecall6.6
    2007-10-23 21:32 <DIR> d——– C:\WINDOWS\system32\ActiveScan
    2007-10-23 21:19 <DIR> d——– C:\WINDOWS\BDOSCAN8
    2007-10-23 18:09 45,056 –a—— C:\WINDOWS\system32\ftp.exe
    2007-10-23 18:09 17,408 –a—— C:\WINDOWS\system32\tftp.exe
    2007-10-22 19:58 <DIR> d–h—– C:\WINDOWS\PIF
    2007-10-15 20:30 <DIR> d——– C:\Documents and Settings\Tabitake\Application Data\Talkback
    2007-10-11 18:02 584,192 —–c— C:\WINDOWS\system32\dllcache\rpcrt4.dll
    2007-09-28 17:08 156,992 –a—— C:\WINDOWS\system32\DivXCodecVersionChecker.exe
    2007-09-28 17:07 3,596,288 –a—— C:\WINDOWS\system32\qt-dx331.dll
    2007-09-28 17:07 1,044,480 –a—— C:\WINDOWS\system32\libdivx.dll
    2007-09-28 17:07 524,288 –a—— C:\WINDOWS\system32\DivXsm.exe
    2007-09-28 17:07 200,704 –a—— C:\WINDOWS\system32\ssldivx.dll

    .
    ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2007-10-28 17:53 ——— d—–w C:\Documents and Settings\Tabitake\Application Data\AVG7
    2007-10-28 09:21 ——— d—–w C:\Documents and Settings\Tabitake\Application Data\AdobeUM
    2007-10-23 16:52 ——— d—–w C:\Program Files\Opera
    2007-10-23 16:49 ——— d—–w C:\Documents and Settings\All Users\Application Data\AntiVir PersonalEdition Classic
    2007-10-15 21:07 ——— d—–w C:\Program Files\DivX
    2007-10-15 19:33 ——— d—–w C:\Program Files\Windows Media Connect 2
    2007-10-15 19:33 ——— d—–w C:\Program Files\Windows Live Toolbar
    2007-10-15 19:33 ——— d—–w C:\Program Files\PIXresizer
    2007-10-15 19:33 ——— d—–w C:\Program Files\BOB-DEBOECK
    2007-10-11 20:26 ——— d—–w C:\Documents and Settings\Tabitake\Application Data\gtk-2.0
    2007-09-28 16:07 9,464 ——w C:\WINDOWS\system32\drivers\cdralw2k.sys
    2007-09-28 16:07 9,336 ——w C:\WINDOWS\system32\drivers\cdr4_xp.sys
    2007-09-28 16:07 43,528 ——w C:\WINDOWS\system32\drivers\PxHelp20.sys
    2007-09-28 16:07 129,784 ——w C:\WINDOWS\system32\pxafs.dll
    2007-09-28 16:07 120,056 ——w C:\WINDOWS\system32\pxcpyi64.exe
    2007-09-28 16:07 118,520 ——w C:\WINDOWS\system32\pxinsi64.exe
    2007-09-28 16:05 823,296 —-a-w C:\WINDOWS\system32\divx_xx0c.dll
    2007-09-28 16:05 823,296 —-a-w C:\WINDOWS\system32\divx_xx07.dll
    2007-09-28 16:05 81,920 —-a-w C:\WINDOWS\system32\dpl100.dll
    2007-09-28 16:05 802,816 —-a-w C:\WINDOWS\system32\divx_xx11.dll
    2007-09-28 16:05 739,840 —-a-w C:\WINDOWS\system32\DivX.dll
    2007-09-28 16:05 593,920 —-a-w C:\WINDOWS\system32\dpuGUI11.dll
    2007-09-28 16:05 57,344 —-a-w C:\WINDOWS\system32\dpv11.dll
    2007-09-28 16:05 53,248 —-a-w C:\WINDOWS\system32\dpuGUI10.dll
    2007-09-28 16:05 344,064 —-a-w C:\WINDOWS\system32\dpus11.dll
    2007-09-28 16:05 294,912 —-a-w C:\WINDOWS\system32\dpu11.dll
    2007-09-28 16:05 294,912 —-a-w C:\WINDOWS\system32\dpu10.dll
    2007-09-28 16:05 196,608 —-a-w C:\WINDOWS\system32\dtu100.dll
    2007-09-28 16:05 12,288 —-a-w C:\WINDOWS\system32\DivXWMPExtType.dll
    2007-09-18 17:59 ——— d—–w C:\Program Files\Windows Live
    2007-09-18 17:59 ——— d—–w C:\Program Files\MSN Messenger
    2007-09-18 17:59 ——— d—–w C:\Program Files\Messenger Plus! Live
    2007-09-18 17:59 ——— d—–w C:\Documents and Settings\All Users\Application Data\Messenger Plus!
    2007-09-17 17:59 ——— d—–w C:\Program Files\Windows Live Favorites
    2007-09-17 17:59 ——— d—–w C:\Documents and Settings\All Users\Application Data\Windows Live Toolbar
    2007-08-21 06:18 683,520 —-a-w C:\WINDOWS\system32\inetcomm.dll
    2007-07-30 17:19 92,504 —-a-w C:\WINDOWS\system32\cdm.dll
    2007-07-30 17:19 549,720 —-a-w C:\WINDOWS\system32\wuapi.dll
    2007-07-30 17:19 53,080 —-a-w C:\WINDOWS\system32\wuauclt.exe
    2007-07-30 17:19 43,352 —-a-w C:\WINDOWS\system32\wups2.dll
    2007-07-30 17:19 325,976 —-a-w C:\WINDOWS\system32\wucltui.dll
    2007-07-30 17:19 271,224 —-a-w C:\WINDOWS\system32\mucltui.dll
    2007-07-30 17:19 207,736 —-a-w C:\WINDOWS\system32\muweb.dll
    2007-07-30 17:19 203,096 —-a-w C:\WINDOWS\system32\wuweb.dll
    2007-07-30 17:19 1,712,984 —-a-w C:\WINDOWS\system32\wuaueng.dll
    2007-07-30 17:18 33,624 —-a-w C:\WINDOWS\system32\wups.dll
    .

    ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2003-09-24 17:00]
    "nwiz"="nwiz.exe" [2003-09-24 17:00 C:\WINDOWS\system32\nwiz.exe]
    "00THotkey"="C:\WINDOWS\System32\[u:3871eda27f]0[/u:3871eda27f]0THotkey.exe" [2003-05-23 13:13]
    "000StTHK"="000StTHK.exe" [2001-06-23 19:28 C:\WINDOWS\system32\[u:3871eda27f]0[/u:3871eda27f]00StTHK.exe]
    "SigmaTel StacMon"="C:\Program Files\SigmaTel\SigmaTel AC97 audiostuurprogramma's\stacmon.exe" [2003-08-03 15:01]
    "SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2003-05-30 18:25]
    "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2003-05-30 18:23]
    "LTSMMSG"="LTSMMSG.exe" [2003-04-18 09:06 C:\WINDOWS\ltsmmsg.exe]
    "TFNF5"="TFNF5.exe" [2003-07-18 16:41 C:\WINDOWS\system32\TFNF5.exe]
    "NDSTray.exe"="NDSTray.exe" []
    "TPSMain"="TPSMain.exe" [2003-10-02 13:27 C:\WINDOWS\system32\TPSMain.exe]
    "TFncKy"="TFncKy.exe" []
    "TouchED"="C:\Program Files\TOSHIBA\TouchED\TouchED.Exe" [2003-03-11 12:55]
    "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50]
    "AVG7_CC"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe" [2007-10-27 21:22]
    "avgnt"="C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" [2006-03-29 12:54]
    "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-01-28 21:10]
    "BearFlix"="C:\Program Files\BearFlix\BearFlix.exe" []

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 09:03]
    "TOSCDSPD"="C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2003-09-15 16:13]
    "MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 11:54]
    "updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 15:45]

    R0 avgntmgr;avgntmgr;C:\WINDOWS\system32\drivers\avgntmgr.sys
    R1 avgntdd;avgntdd;C:\WINDOWS\system32\DRIVERS\avgntdd.sys
    R3 TOSHIBASoftModem;TOSHIBA Software Modem;C:\WINDOWS\system32\DRIVERS\LTSM.sys
    R3 tsdhd;TOSHIBA SD Card Host Controller Driver;C:\WINDOWS\system32\DRIVERS\tsdhd.sys
    S3 BTNetFilter;Bluetooth Network Filter;\??\C:\Program Files\IVT Corporation\BlueSoleil\Device\Win2k\BTNetFilter.sys
    S3 P1130VID;Creative WebCam NX Pro;C:\WINDOWS\system32\DRIVERS\P1130Vid.sys
    S3 pciSd;pciSd;C:\WINDOWS\system32\DRIVERS\tossdpci.sys

    *Newly Created Service* - CATCHME
    .
    Inhoud van de 'Gedeelde Taken' map
    "2007-10-28 20:08:01 C:\WINDOWS\Tasks\Controleren op updates voor Windows Live Toolbar.job"
    .
    **************************************************************************

    catchme 0.3.1239 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2007-10-28 21:20:49
    Windows 5.1.2600 Service Pack 2 NTFS

    scannen van verborgen processen …

    scannen van verborgen autostart items …

    scannen van verborgen bestanden …

    Scan succesvol afgerond
    verborgen bestanden: 0

    **************************************************************************
    .
    Voltooingstijd: 2007-10-28 21:21:32
    .
    — E O F —
  • ziet er schoon uit, nog problemen???

Beantwoord deze vraag

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.