Vraag & Antwoord
Explorer.exe sluit automatisch af
9 antwoorden
- Hey allemaal,
Ik zit met een probleem:
Ik ben gister bezig geweest met het installeren van de nieuwe winrar maar na een herstart sloot ie meteen na het aanmelden en opstarten explorer.exe af… ook wanneer ik het weer open via taakbeheer……..
hier mijn hijackthislog, ik ben bezig met combofix, heb al vundofix, ad-aware en atf cleaner gehad…
[code:1:8f4fe72f8b]
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:30:00, on 30-11-2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Safe mode
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.nl/ig/dell?hl=nl&client=dell-row&channel=nl&ibd=6061116
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [CTSVolFE.exe] "C:\Program Files\Creative\Mixer\CTSVolFE.exe" /r
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [LXCYCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCYtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe" -H
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [FLMOFFICE4DMOUSE] C:\Program Files\Labtec\Mouse\V3.0\moffice.exe
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [Adobe_ID0EYTHM] C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
O4 - HKLM\..\Run: [DME-N Network Driver] C:\WINDOWS\system32\DME-N Network Driver.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Gadwin PrintScreen] C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe /nosplash
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Netwerkservice')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Sothink SWF Catcher - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} (Citrix ICA Client) - http://a516.g.akamai.net/f/516/25175/7d/runaware.download.akamai.com/25175/citrix/wficat-no-eula.cab
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://cache.hyves.nl/statics/Aurigma/ImageUploader4.cab
O16 - DPF: {9059F30F-4EB1-4BD2-9FDC-36F43A218F4A} (Microsoft Terminal Services Client Control (redist)) - http://www.e-rocu.nl/techniek/TSWEB/msrdp.cab
O16 - DPF: {C7DC40E0-6601-4530-9AFB-68506CAE2628} - http://www.idoclogicx.com/webdemo/setup.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative Labs Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: lxcy_device - - C:\WINDOWS\system32\lxcycoms.exe
O23 - Service: mental ray 3.5 Satellite (32-bit) (mi-raysat_3dsmax9_32) - Unknown owner - C:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe (file missing)
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
–
End of file - 10566 bytes [/code:1:8f4fe72f8b]
Alvast bedankt voor het lezen in ieder geval
- //EDIT:
Yes! Combofix heeft zijn werk goed gedaan, hij doet het weer
Maar hij is wel super traag nu, misschien dat er iemand even naar mijn combofix logje kan kijken….ComboFix 07-11-19.4C - Mark Stam 2007-12-01 11:25:32.2 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1043.18.410 [GMT 1:00] Gestart vanuit: C:\ComboFix.exe * Nieuw herstelpunt werd aangemaakt .
(((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) .
C:\WINDOWS\system32\gjllm.bak1 C:\WINDOWS\system32\gjllm.ini C:\WINDOWS\system32\mlljg.dll
. (((((((((((((((((((( Bestanden Gemaakt van 2007-11-01 to 2007-12-01 )))))))))))))))))))))))))))))) .
2007-12-01 11:19 1,560,556 --a------ C:\ComboFix.exe 2007-12-01 11:05 <DIR> d-------- C:\VundoFix Backups 2007-12-01 11:05 118,272 --a------ C:\VundoFix.exe 2007-11-30 22:50 <DIR> d-------- C:\Program Files\lx_cats 2007-11-30 20:32 <DIR> d-------- C:\Documents and Settings\Administrator\Sjablonen 2007-11-30 20:32 <DIR> d-------- C:\Documents and Settings\Administrator\Mijn documenten 2007-11-30 20:32 <DIR> d-------- C:\Documents and Settings\Administrator\Favorieten 2007-11-30 20:32 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Gtek 2007-11-30 11:19 35,840 --a------ C:\WINDOWS\system32\rqrspqp.dll 2007-11-29 01:31 <DIR> d-------- C:\Documents and Settings\Mark Stam\Application Data\Windows Desktop Search 2007-11-29 01:29 <DIR> d-------- C:\Program Files\Windows Desktop Search 2007-11-29 01:29 192,000 --------- C:\WINDOWS\system32\dllcache\offfilt.dll 2007-11-29 01:29 98,304 --------- C:\WINDOWS\system32\dllcache\nlhtml.dll 2007-11-29 01:29 29,696 --------- C:\WINDOWS\system32\dllcache\mimefilt.dll 2007-11-24 23:38 <DIR> d-------- C:\Documents and Settings\Mark Stam\Application Data\WizzTones 2007-11-23 00:04 <DIR> d-------- C:\Program Files\Ultra Dvd2mp3 2007-11-21 23:23 <DIR> d-------- C:\WINDOWS\SWAT 4 2007-11-21 23:23 <DIR> d-------- C:\Program Files\SWAT 4 2007-11-21 20:35 <DIR> d-------- C:\Program Files\Direct WAV MP3 Splitter 2007-11-19 12:27 2,526,800 --a------ C:\WINDOWS\Install_B4Playing.exe 2007-11-18 21:41 <DIR> d-------- C:\Documents and Settings\Mark Stam\Application Data\VirtuaWin 2007-11-18 21:31 266,360 --a------ C:\WINDOWS\system32\TweakUI.exe 2007-11-18 21:31 160,217 --a------ C:\WINDOWS\system32\PowerToysLicense.rtf 2007-11-12 16:34 18,432 --ahs---- C:\WINDOWS\system32\Thumbs.db 2007-11-10 13:12 81,768 --a------ C:\WINDOWS\system32\xinput1_3.dll 2007-11-10 12:57 <DIR> d-------- C:\Program Files\directx 2007-11-10 12:32 <DIR> d-------- C:\Program Files\Activision 2007-11-10 12:30 <DIR> d--hs---- C:\WINDOWS\ftpcache 2007-11-06 23:42 <DIR> d-------- C:\Documents and Settings\Mark Stam\Application Data\InstallShield 2007-11-06 23:42 321,168 --a------ C:\WINDOWS\system32\DMENcfg.exe 2007-11-06 23:42 226,976 --a------ C:\WINDOWS\system32\DMENcpl.cpl 2007-11-06 23:42 19,616 --------- C:\WINDOWS\system32\DMENdrv.dll 2007-11-06 23:42 698 --a------ C:\WINDOWS\system32\DMENcpl.cpl.manifest 2007-11-06 23:42 687 --a------ C:\WINDOWS\system32\DMENcfg.exe.manifest 2007-11-06 23:42 666 --a------ C:\WINDOWS\system32\DME-N Network Driver.exe.manifest 2007-11-06 22:59 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Drumsite 2007-11-04 23:33 <DIR> d-------- C:\Program Files\SpacialAudio 2007-11-03 01:26 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Nokia 2007-11-03 00:01 <DIR> d-------- C:\Program Files\Bonjour 2007-11-02 16:27 <DIR> d-------- C:\WINDOWS\system32\windows media 2007-11-02 16:27 <DIR> d--h----- C:\WINDOWS\msdownld.tmp 2007-11-01 11:42 <DIR> d-------- C:\Documents and Settings\NetworkService\Application Data\NCH Swift Sound 2007-11-01 11:42 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
. ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2007-11-30 21:41 --------- d-----w C:\Program Files\Mozilla Thunderbird 2007-11-30 19:54 --------- d-----w C:\Documents and Settings\Mark Stam\Application Data\AVG7 2007-11-29 00:27 --------- d--h--w C:\Program Files\InstallShield Installation Information 2007-11-29 00:08 --------- d-----w C:\Program Files\CyberLink 2007-11-28 23:43 --------- d-----w C:\Program Files\Bluetooth Remote Control 2007-11-27 21:59 --------- d-----w C:\Program Files\AMP WinOFF 2007-11-24 22:42 --------- d-----w C:\Documents and Settings\Mark Stam\Application Data\Skype 2007-11-19 19:25 --------- d-----w C:\Program Files\Electronic Arts 2007-11-19 10:24 --------- d-----w C:\Program Files\Yahoo! 2007-11-19 10:08 --------- d-----w C:\Program Files\ArKaos VJ 3.6.1 FC2 2007-11-13 23:17 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help 2007-11-13 19:06 --------- d-----w C:\Documents and Settings\Mark Stam\Application Data\dvdcss 2007-11-04 23:06 --------- d-----w C:\Program Files\Common Files\Real 2007-11-03 01:03 --------- d-----w C:\Program Files\GameSpy Arcade 2007-11-03 01:02 --------- d-----w C:\Program Files\Common Files\Nokia 2007-11-03 00:25 --------- d-----w C:\Program Files\Nokia 2007-11-03 00:24 --------- d-----w C:\Documents and Settings\All Users\Application Data\Installations 2007-11-03 00:18 --------- d-----w C:\Documents and Settings\Mark Stam\Application Data\PC Suite 2007-11-03 00:01 --------- d-----w C:\Documents and Settings\Mark Stam\Application Data\Nokia 2007-11-02 23:10 --------- d-----w C:\Program Files\Common Files\Adobe 2007-11-02 13:31 --------- d-----w C:\Program Files\Microsoft Games 2007-11-02 11:18 --------- d-----w C:\Program Files\Google 2007-11-01 10:53 --------- d-----w C:\Program Files\NCH Swift Sound 2007-11-01 10:41 --------- d-----w C:\Documents and Settings\Mark Stam\Application Data\NCH Swift Sound 2007-10-29 23:26 --------- d-----w C:\Program Files\CCleaner 2007-10-29 23:07 --------- d-----w C:\Program Files\CBS Software 2007-10-29 22:21 --------- d-----w C:\Program Files\Macromedia 2007-10-29 22:19 --------- d-----w C:\Program Files\Common Files\Macromedia 2007-10-29 20:42 --------- d-----w C:\Documents and Settings\All Users\Application Data\Smaart 2007-10-29 09:03 --------- d-----w C:\Program Files\EA GAMES 2007-10-28 21:19 --------- d-----w C:\Documents and Settings\Mark Stam\Application Data\vlc 2007-10-28 21:18 --------- d-----w C:\Program Files\VideoLAN 2007-10-25 16:44 8,507,392 ----a-w C:\WINDOWS\system32\dllcache\shell32.dll 2007-10-24 20:20 737,280 ----a-w C:\WINDOWS\iun6002.exe 2007-10-22 18:25 --------- d-----w C:\Program Files\Gadwin Systems 2007-10-22 15:10 --------- d-----w C:\Program Files\Alcohol Soft 2007-10-22 15:06 685,816 ----a-w C:\WINDOWS\system32\drivers\sptd.sys 2007-10-22 12:20 163,644 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys 2007-10-22 11:56 --------- d-----w C:\Program Files\Common Files\EasyInfo 2007-10-22 11:49 --------- d-----w C:\Program Files\WMR11 2007-10-22 11:47 --------- d-----w C:\Program Files\Soldier of Fortune II - Double Helix MP TEST 2007-10-22 02:39 267,272 ----a-w C:\WINDOWS\system32\xactengine2_10.dll 2007-10-22 02:37 17,928 ----a-w C:\WINDOWS\system32\X3DAudio1_2.dll 2007-10-21 21:29 --------- d-----w C:\Program Files\Java 2007-10-19 16:57 --------- d-----w C:\Program Files\Winamp 2007-10-16 21:39 --------- d-----w C:\Program Files\AltBinz 2007-10-14 21:45 --------- d-----w C:\Program Files\QuickPar 2007-10-13 08:53 --------- d-----w C:\Documents and Settings\Mark Stam\Application Data\NewsLeecher 2007-10-12 21:14 --------- d-----w C:\Program Files\VJamm3 2007-10-12 20:57 --------- d-----w C:\Program Files\ArKaos Visualizer 1.6.2 2007-10-12 20:29 --------- d-----w C:\Program Files\Flowmotion 2.8 2007-10-12 20:09 --------- d-----w C:\Program Files\Swift Elite 4 2007-10-12 19:58 8,968 ----a-w C:\WINDOWS\system32\KL2DLL.DLL 2007-10-12 19:58 77,824 ----a-w C:\WINDOWS\system32\NWKL2_32.DLL 2007-10-12 19:58 7,440 ----a-w C:\WINDOWS\system32\ppmon.dll 2007-10-12 19:58 40,352 ----a-w C:\WINDOWS\system32\drivers\Usbkey.sys 2007-10-12 19:58 40,352 ----a-w C:\WINDOWS\inf\Usbkey.sys 2007-10-12 19:58 28,672 ----a-w C:\WINDOWS\system32\KL2DLL32.DLL 2007-10-12 19:58 24,136 ----a-w C:\WINDOWS\system32\ppmon.exe 2007-10-12 19:58 12,480 ----a-w C:\WINDOWS\system32\KL2N.DLL 2007-10-12 14:14 3,734,536 ----a-w C:\WINDOWS\system32\d3dx9_36.dll 2007-10-12 14:14 1,374,232 ----a-w C:\WINDOWS\system32\D3DCompiler_36.dll 2007-10-11 09:33 --------- d-----w C:\Program Files\FTDv3.8 2007-10-10 16:09 --------- d-----w C:\Program Files\WinPcap 2007-10-04 14:19 --------- d-----w C:\Program Files\Focus MP3 Recorder 2007-10-03 21:39 --------- d-----w C:\Program Files\Iteral 2007-10-02 08:56 444,776 ----a-w C:\WINDOWS\system32\d3dx10_36.dll 2007-09-19 18:39 36,868 ----a-w C:\Program Files\uninst-shine.exe 2006-11-22 08:36 0 ----a-w C:\Documents and Settings\Mark Stam\Application Data\wklnhst.dat 2006-11-21 19:55 168 --sh--r C:\WINDOWS\system32\7973562660.sys 2006-11-21 19:55 5,642 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys . - Hoi Soundcraft,
Lukt het je om nu in normale modus op te starten en een Hijackthis log te maken?
Start Hijackthis, kies voor [i:a0b80666f0]'Do a system scan only'[/i:a0b80666f0] en vink onderstaande regels aan:
[b:a0b80666f0]
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
[/b:a0b80666f0]
Sluit nu [u:a0b80666f0]alle[/u:a0b80666f0] openstaande vensters, behalve Hijackthis en klik op [b:a0b80666f0]Fix Checked[/b:a0b80666f0]
Draai vervolgens Combofix opnieuw, je log is namelijk niet compleet.
Het stukje hieronder mag je weglaten:
[b:a0b80666f0]
((((((((((((((((((((((((((((( snapshot_2007-09-24_231239,88 ))))))))))))))))))))))))))))))))))))))))) [/b:a0b80666f0]
Succes!
Pim - Ga ik proberen
Want het probleem is toch niet opgelost….., hij sluit explorer.exe weer af… - Hijackthis, stappen gedaan, en daarna combofix gedraaid..
Hier het logje, maar nu blijft explorer.exe herstarten..
[code:1:671c1f8189]ComboFix 07-11-19.4C - Mark Stam 2007-12-01 13:12:53.3 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1043.18.466 [GMT 1:00]
Gestart vanuit: C:\ComboFix.exe
.
(((((((((((((((((((( Bestanden Gemaakt van 2007-11-01 to 2007-12-01 ))))))))))))))))))))))))))))))
.
2007-12-01 12:53 324,192 –a—— C:\WINDOWS\system32\gebcb.dll
2007-12-01 12:53 6,784 –ahs—- C:\WINDOWS\system32\bcbeg.ini
2007-12-01 12:53 6,670 –ahs—- C:\WINDOWS\system32\bcbeg.ini2
2007-12-01 12:00 <DIR> d——– C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-12-01 11:19 1,560,556 –a—— C:\ComboFix.exe
2007-12-01 11:05 <DIR> d——– C:\VundoFix Backups
2007-12-01 11:05 118,272 –a—— C:\VundoFix.exe
2007-11-30 22:50 <DIR> d——– C:\Program Files\lx_cats
2007-11-30 20:32 <DIR> d——– C:\Documents and Settings\Administrator\Sjablonen
2007-11-30 20:32 <DIR> d——– C:\Documents and Settings\Administrator\Mijn documenten
2007-11-30 20:32 <DIR> d——– C:\Documents and Settings\Administrator\Favorieten
2007-11-30 20:32 <DIR> d——– C:\Documents and Settings\Administrator\Application Data\Gtek
2007-11-30 11:19 35,840 –a—— C:\WINDOWS\system32\rqrspqp.dll
2007-11-29 01:31 <DIR> d——– C:\Documents and Settings\Mark Stam\Application Data\Windows Desktop Search
2007-11-29 01:29 <DIR> d——– C:\Program Files\Windows Desktop Search
2007-11-29 01:29 192,000 ——— C:\WINDOWS\system32\dllcache\offfilt.dll
2007-11-29 01:29 98,304 ——— C:\WINDOWS\system32\dllcache\nlhtml.dll
2007-11-29 01:29 29,696 ——— C:\WINDOWS\system32\dllcache\mimefilt.dll
2007-11-24 23:38 <DIR> d——– C:\Documents and Settings\Mark Stam\Application Data\WizzTones
2007-11-23 00:04 <DIR> d——– C:\Program Files\Ultra Dvd2mp3
2007-11-21 23:23 <DIR> d——– C:\WINDOWS\SWAT 4
2007-11-21 23:23 <DIR> d——– C:\Program Files\SWAT 4
2007-11-21 20:35 <DIR> d——– C:\Program Files\Direct WAV MP3 Splitter
2007-11-19 12:27 2,526,800 –a—— C:\WINDOWS\Install_B4Playing.exe
2007-11-18 21:41 <DIR> d——– C:\Documents and Settings\Mark Stam\Application Data\VirtuaWin
2007-11-18 21:31 266,360 –a—— C:\WINDOWS\system32\TweakUI.exe
2007-11-18 21:31 160,217 –a—— C:\WINDOWS\system32\PowerToysLicense.rtf
2007-11-12 16:34 18,432 –ahs—- C:\WINDOWS\system32\Thumbs.db
2007-11-10 13:12 81,768 –a—— C:\WINDOWS\system32\xinput1_3.dll
2007-11-10 12:57 <DIR> d——– C:\Program Files\directx
2007-11-10 12:32 <DIR> d——– C:\Program Files\Activision
2007-11-10 12:30 <DIR> d–hs—- C:\WINDOWS\ftpcache
2007-11-06 23:42 <DIR> d——– C:\Documents and Settings\Mark Stam\Application Data\InstallShield
2007-11-06 23:42 321,168 –a—— C:\WINDOWS\system32\DMENcfg.exe
2007-11-06 23:42 226,976 –a—— C:\WINDOWS\system32\DMENcpl.cpl
2007-11-06 23:42 19,616 ——— C:\WINDOWS\system32\DMENdrv.dll
2007-11-06 23:42 698 –a—— C:\WINDOWS\system32\DMENcpl.cpl.manifest
2007-11-06 23:42 687 –a—— C:\WINDOWS\system32\DMENcfg.exe.manifest
2007-11-06 23:42 666 –a—— C:\WINDOWS\system32\DME-N Network Driver.exe.manifest
2007-11-06 22:59 <DIR> d——– C:\Documents and Settings\All Users\Application Data\Drumsite
2007-11-04 23:33 <DIR> d——– C:\Program Files\SpacialAudio
2007-11-03 01:26 <DIR> d——– C:\Documents and Settings\All Users\Application Data\Nokia
2007-11-03 00:01 <DIR> d——– C:\Program Files\Bonjour
2007-11-02 16:27 <DIR> d——– C:\WINDOWS\system32\windows media
2007-11-02 16:27 <DIR> d–h—– C:\WINDOWS\msdownld.tmp
2007-11-01 11:42 <DIR> d——– C:\Documents and Settings\NetworkService\Application Data\NCH Swift Sound
2007-11-01 11:42 <DIR> d——– C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-01 11:34 ——— d—–w C:\Documents and Settings\Mark Stam\Application Data\AVG7
2007-11-30 21:41 ——— d—–w C:\Program Files\Mozilla Thunderbird
2007-11-29 00:27 ——— d–h–w C:\Program Files\InstallShield Installation Information
2007-11-29 00:08 ——— d—–w C:\Program Files\CyberLink
2007-11-28 23:43 ——— d—–w C:\Program Files\Bluetooth Remote Control
2007-11-27 21:59 ——— d—–w C:\Program Files\AMP WinOFF
2007-11-24 22:42 ——— d—–w C:\Documents and Settings\Mark Stam\Application Data\Skype
2007-11-19 19:25 ——— d—–w C:\Program Files\Electronic Arts
2007-11-19 10:24 ——— d—–w C:\Program Files\Yahoo!
2007-11-19 10:08 ——— d—–w C:\Program Files\ArKaos VJ 3.6.1 FC2
2007-11-13 23:17 ——— d—–w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2007-11-13 19:06 ——— d—–w C:\Documents and Settings\Mark Stam\Application Data\dvdcss
2007-11-04 23:06 ——— d—–w C:\Program Files\Common Files\Real
2007-11-03 01:03 ——— d—–w C:\Program Files\GameSpy Arcade
2007-11-03 01:02 ——— d—–w C:\Program Files\Common Files\Nokia
2007-11-03 00:25 ——— d—–w C:\Program Files\Nokia
2007-11-03 00:24 ——— d—–w C:\Documents and Settings\All Users\Application Data\Installations
2007-11-03 00:18 ——— d—–w C:\Documents and Settings\Mark Stam\Application Data\PC Suite
2007-11-03 00:01 ——— d—–w C:\Documents and Settings\Mark Stam\Application Data\Nokia
2007-11-02 23:10 ——— d—–w C:\Program Files\Common Files\Adobe
2007-11-02 13:31 ——— d—–w C:\Program Files\Microsoft Games
2007-11-02 11:18 ——— d—–w C:\Program Files\Google
2007-11-01 10:53 ——— d—–w C:\Program Files\NCH Swift Sound
2007-11-01 10:41 ——— d—–w C:\Documents and Settings\Mark Stam\Application Data\NCH Swift Sound
2007-10-29 23:26 ——— d—–w C:\Program Files\CCleaner
2007-10-29 23:07 ——— d—–w C:\Program Files\CBS Software
2007-10-29 22:21 ——— d—–w C:\Program Files\Macromedia
2007-10-29 22:19 ——— d—–w C:\Program Files\Common Files\Macromedia
2007-10-29 20:42 ——— d—–w C:\Documents and Settings\All Users\Application Data\Smaart
2007-10-29 09:03 ——— d—–w C:\Program Files\EA GAMES
2007-10-28 21:19 ——— d—–w C:\Documents and Settings\Mark Stam\Application Data\vlc
2007-10-28 21:18 ——— d—–w C:\Program Files\VideoLAN
2007-10-25 16:44 8,507,392 —-a-w C:\WINDOWS\system32\dllcache\shell32.dll
2007-10-24 20:20 737,280 —-a-w C:\WINDOWS\iun6002.exe
2007-10-22 18:25 ——— d—–w C:\Program Files\Gadwin Systems
2007-10-22 15:10 ——— d—–w C:\Program Files\Alcohol Soft
2007-10-22 15:06 685,816 —-a-w C:\WINDOWS\system32\drivers\sptd.sys
2007-10-22 12:20 163,644 —-a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-10-22 11:56 ——— d—–w C:\Program Files\Common Files\EasyInfo
2007-10-22 11:49 ——— d—–w C:\Program Files\WMR11
2007-10-22 11:47 ——— d—–w C:\Program Files\Soldier of Fortune II - Double Helix MP TEST
2007-10-22 02:39 267,272 —-a-w C:\WINDOWS\system32\xactengine2_10.dll
2007-10-22 02:37 17,928 —-a-w C:\WINDOWS\system32\X3DAudio1_2.dll
2007-10-21 21:29 ——— d—–w C:\Program Files\Java
2007-10-19 16:57 ——— d—–w C:\Program Files\Winamp
2007-10-16 21:39 ——— d—–w C:\Program Files\AltBinz
2007-10-14 21:45 ——— d—–w C:\Program Files\QuickPar
2007-10-13 08:53 ——— d—–w C:\Documents and Settings\Mark Stam\Application Data\NewsLeecher
2007-10-12 21:14 ——— d—–w C:\Program Files\VJamm3
2007-10-12 20:57 ——— d—–w C:\Program Files\ArKaos Visualizer 1.6.2
2007-10-12 20:29 ——— d—–w C:\Program Files\Flowmotion 2.8
2007-10-12 20:09 ——— d—–w C:\Program Files\Swift Elite 4
2007-10-12 19:58 8,968 —-a-w C:\WINDOWS\system32\KL2DLL.DLL
2007-10-12 19:58 77,824 —-a-w C:\WINDOWS\system32\NWKL2_32.DLL
2007-10-12 19:58 7,440 —-a-w C:\WINDOWS\system32\ppmon.dll
2007-10-12 19:58 40,352 —-a-w C:\WINDOWS\system32\drivers\Usbkey.sys
2007-10-12 19:58 40,352 —-a-w C:\WINDOWS\inf\Usbkey.sys
2007-10-12 19:58 28,672 —-a-w C:\WINDOWS\system32\KL2DLL32.DLL
2007-10-12 19:58 24,136 —-a-w C:\WINDOWS\system32\ppmon.exe
2007-10-12 19:58 12,480 —-a-w C:\WINDOWS\system32\KL2N.DLL
2007-10-12 14:14 3,734,536 —-a-w C:\WINDOWS\system32\d3dx9_36.dll
2007-10-12 14:14 1,374,232 —-a-w C:\WINDOWS\system32\D3DCompiler_36.dll
2007-10-11 09:33 ——— d—–w C:\Program Files\FTDv3.8
2007-10-10 16:09 ——— d—–w C:\Program Files\WinPcap
2007-10-04 14:19 ——— d—–w C:\Program Files\Focus MP3 Recorder
2007-10-03 21:39 ——— d—–w C:\Program Files\Iteral
2007-10-02 08:56 444,776 —-a-w C:\WINDOWS\system32\d3dx10_36.dll
2007-09-19 18:39 36,868 —-a-w C:\Program Files\uninst-shine.exe
2006-11-22 08:36 0 —-a-w C:\Documents and Settings\Mark Stam\Application Data\wklnhst.dat
2006-11-21 19:55 168 –sh–r C:\WINDOWS\system32\7973562660.sys
2006-11-21 19:55 5,642 –sha-w C:\WINDOWS\system32\KGyGaAvL.sys
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{431057D6-D944-442A-8305-A86E0D87BA2C}]
2007-12-01 12:53 324192 –a—— C:\WINDOWS\system32\gebcb.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{79B3844B-6DAC-4B78-B0B8-C99D8BBDCD50}]
2007-11-30 11:19 35840 –a—— C:\WINDOWS\system32\rqrspqp.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 13:00]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:54]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 17:24]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-01-15 16:14]
"Gadwin PrintScreen"="C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe" [2007-08-20 09:42]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11]
"SigmatelSysTrayApp"="stsystra.exe" [2006-03-25 00:30 C:\WINDOWS\stsystra.exe]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-08 19:48]
"Dell QuickSet"="C:\Program Files\Dell\QuickSet\quickset.exe" [2006-08-03 19:51]
"CTSVolFE.exe"="C:\Program Files\Creative\Mixer\CTSVolFE.exe" [2005-02-23 16:57]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 15:40]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-10-23 19:21]
"LXCYCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCYtime.dll" [2005-12-01 19:38]
"UnlockerAssistant"="C:\Program Files\Unlocker\UnlockerAssistant.exe" [2006-09-07 18:19]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-06-29 05:24]
"PCSuiteTrayApplication"="C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2007-06-18 14:10]
"FLMOFFICE4DMOUSE"="C:\Program Files\Labtec\Mouse\V3.0\moffice.exe" [2007-08-29 13:22]
"Acrobat Assistant 8.0"="C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2007-05-10 21:46]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2007-03-30 19:00]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2007-03-30 19:00]
"Persistence"="C:\WINDOWS\system32\igfxpers.exe" [2007-03-30 18:59]
"Adobe_ID0EYTHM"="C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE" [2007-03-20 16:40]
"DME-N Network Driver"="C:\WINDOWS\system32\DME-N Network Driver.exe" [2007-03-05 10:19]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2007-03-14 21:01]
"LanguageShortcut"="C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" [2007-02-07 16:21]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 13:00]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2007-10-23 19:21]
"Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-06-19 09:17]
C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2006-11-16 16:40:31]
Windows Desktop Search.lnk - C:\Program Files\Windows Desktop Search\WindowsSearch.exe [2007-02-05 15:40:46]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"DisallowRun"= 1 (0x1)
"NoViewOnDrive"= 0 (0x0)
"NoLogoff"= 0 (0x0)
[hklm\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2007-02-05 15:39 294400]
"{79B3844B-6DAC-4B78-B0B8-C99D8BBDCD50}"= C:\WINDOWS\system32\rqrspqp.dll [2007-11-30 11:19 35840]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\rqrspqp]
rqrspqp.dll 2007-11-30 11:19 35840 C:\WINDOWS\system32\rqrspqp.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\gebcb.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EzPrint]
2006-02-07 06:10 98304 –a—— C:\Program Files\Lexmark 3400 Series\ezprint.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FaxCenterServer]
C:\Program Files\Lexmark Fax Solutions\fm3032.exe /s
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\kgsystray]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lxcymon.exe]
2006-01-25 17:02 286720 –a—— C:\Program Files\Lexmark 3400 Series\lxcymon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication]
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
C:\Program Files\PowerISO\PWRISOVM.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UltraMon]
C:\Program Files\UltraMon\UltraMon.exe /auto
R1 Asapi;Asapi;C:\WINDOWS\system32\drivers\Asapi.sys
R2 {95808DC4-FA4A-4c74-92FE-5B863F82066B};{95808DC4-FA4A-4c74-92FE-5B863F82066B};\??\C:\Program Files\CyberLink\PowerDVD\[u]0[/u]00.fcl
R3 lxcy_device;lxcy_device;C:\WINDOWS\system32\lxcycoms.exe -service
S2 G11AV;Trust 610 LCD POWERC@M ZOOM, Webcam mode;C:\WINDOWS\system32\Drivers\G11av.sys
S3 APLMp50;APLMp50 NDIS Protocol Driver;C:\WINDOWS\system32\Drivers\APLMp50.sys
S3 BTNetFilter;Bluetooth Network Filter;\??\C:\WINDOWS\system32\drivers\BTNetFilter.sys
S3 moufiltr;Mouse Filter Driver;C:\WINDOWS\system32\DRIVERS\moufiltr.sys
S3 NPF;NetGroup Packet Filter Driver;C:\WINDOWS\system32\drivers\npf.sys
S3 NWADI;NWADI Bus Enumerator;C:\WINDOWS\system32\DRIVERS\NWADIenum.sys
S3 PCASp50;PCASp50 NDIS Protocol Driver;C:\WINDOWS\system32\Drivers\PCASp50.sys
S3 UltraMonMirror;UltraMonMirror;C:\WINDOWS\system32\DRIVERS\UltraMonMirror.sys
S3 USBCamera;Digital Still Image Capture;C:\WINDOWS\system32\Drivers\Bulk533.sys
S4 Neth;Neth;C:\WINDOWS\system32\netid.exe
S4 Windows sharing object;Windows sharing object;C:\WINDOWS\system32\winvercp.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
\Shell\AutoRun\command - E:\Setup\rsrc\autorun.exe
\Shell\dinstall\command - Directx\dxsetup.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]
\Shell\AutoRun\command - Autoplay.exe -auto
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\I]
\Shell\AutoRun\command - Autoplay.exe -auto
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\K]
\Shell\AutoRun\command - Autoplay.exe -auto
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\L]
\Shell\AutoRun\command - L:\Autoplay.exe -auto
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\M]
\Shell\AutoRun\command - M:\Autoplay.exe -auto
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{41ce37ee-a7bf-11db-8c17-0011675c4428}]
\shell\play\Command - "C:\Program Files\Windows Media Player\wmplayer.exe" /prefetch:4 /device:DVD "%L"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{efae58ba-2d20-11dc-8d40-0011675c4428}]
\Shell\AutoRun\command - E:\PortableApps\PortableAppsMenu\PortableAppsMenu.exe
.
Inhoud van de 'Gedeelde Taken' map
"2007-10-20 23:29:05 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************
catchme 0.3.1262 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-01 13:26:46
Windows 5.1.2600 Service Pack 2 NTFS
scannen van verborgen processen …
scannen van verborgen autostart items …
scannen van verborgen bestanden …
Scan succesvol afgerond
verborgen bestanden: 0
**************************************************************************
.
Voltooingstijd: 2007-12-01 13:29:45
C:\ComboFix2.txt … 2007-12-01 11:54
C:\ComboFix3.txt … 2007-09-24 22:13
.
— E O F —
[/code:1:671c1f8189] - Open Kladblok, kopiëer en plak het volgende (vetgedrukte tekst) in een leeg venster:
[b:6ee2a2dd54]
File::
C:\WINDOWS\system32\gebcb.dll
C:\WINDOWS\system32\bcbeg.ini
C:\WINDOWS\system32\bcbeg.ini2
C:\VundoFix.exe
C:\WINDOWS\system32\rqrspqp.dll
Folder::
C:\VundoFix Backups
Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{431057D6-D944-442A-8305-A86E0D87BA2C}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{79B3844B-6DAC-4B78-B0B8-C99D8BBDCD50}]
[hklm\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{79B3844B-6DAC-4B78-B0B8-C99D8BBDCD50}"=-
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\rqrspqp]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"Authentication Packages"=hex(7):6d,73,76,31,5f,30,00,00
[/b:6ee2a2dd54]
Sla dit op op je Bureaublad als [b:6ee2a2dd54]CFScript.txt[/b:6ee2a2dd54]
Sleep [b:6ee2a2dd54]CFScript.txt[/b:6ee2a2dd54] in [b:6ee2a2dd54]ComboFix.exe[/b:6ee2a2dd54] zoals getoond in onderstaand voorbeeld :
[img:6ee2a2dd54]http://img.photobucket.com/albums/v666/sUBs/CFScript.gif[/img:6ee2a2dd54]
Dit zal [b:6ee2a2dd54]ComboFix[/b:6ee2a2dd54] doen herstarten.
Start opnieuw op als daarom gevraagd wordt,
en post de inhoud van de [b:6ee2a2dd54]Combofix.txt[/b:6ee2a2dd54] in je volgende antwoord samen met een nieuw HijackThislogje. - hier een nieuwe Hijack-Combofix log..
De computer werkt weer.. Maar toch even checken als het kan : )
[code:1:afac5be542]Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:10:56, on 2-12-2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Creative\Mixer\CTSVolFE.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\Labtec\Mouse\V3.0\moffice.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Labtec\Mouse\V3.0\MOUSE32A.EXE
C:\WINDOWS\system32\DME-N Network Driver.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Lexmark 3400 Series\ezprint.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\WINDOWS\system32\lxcycoms.exe
C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.nl/ig/dell?hl=nl&client=dell-row&channel=nl&ibd=6061116
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [CTSVolFE.exe] "C:\Program Files\Creative\Mixer\CTSVolFE.exe" /r
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe" -H
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [FLMOFFICE4DMOUSE] C:\Program Files\Labtec\Mouse\V3.0\moffice.exe
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [Adobe_ID0EYTHM] C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
O4 - HKLM\..\Run: [DME-N Network Driver] C:\WINDOWS\system32\DME-N Network Driver.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [UltraMon] "C:\Program Files\UltraMon\UltraMon.exe" /auto
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [lxcymon.exe] "C:\Program Files\Lexmark 3400 Series\lxcymon.exe"
O4 - HKLM\..\Run: [LXCYCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCYtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 3400 Series\ezprint.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Gadwin PrintScreen] C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe /nosplash
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Lokale service')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Netwerkservice')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Sothink SWF Catcher - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} (Citrix ICA Client) - http://a516.g.akamai.net/f/516/25175/7d/runaware.download.akamai.com/25175/citrix/wficat-no-eula.cab
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://cache.hyves.nl/statics/Aurigma/ImageUploader4.cab
O16 - DPF: {9059F30F-4EB1-4BD2-9FDC-36F43A218F4A} (Microsoft Terminal Services Client Control (redist)) - http://www.e-rocu.nl/techniek/TSWEB/msrdp.cab
O16 - DPF: {C7DC40E0-6601-4530-9AFB-68506CAE2628} - http://www.idoclogicx.com/webdemo/setup.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative Labs Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: lxcy_device - - C:\WINDOWS\system32\lxcycoms.exe
O23 - Service: mental ray 3.5 Satellite (32-bit) (mi-raysat_3dsmax9_32) - Unknown owner - C:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe (file missing)
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
–
End of file - 13567 bytes
[/code:1:afac5be542]
[code:1:afac5be542]ComboFix 07-11-19.4C - Mark Stam 2007-12-02 11:12:41.6 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1043.18.504 [GMT 1:00]
Gestart vanuit: C:\ComboFix.exe
.
(((((((((((((((((((( Bestanden Gemaakt van 2007-11-02 to 2007-12-02 ))))))))))))))))))))))))))))))
.
2007-12-01 16:48 <DIR> d——– C:\Program Files\Security Task Manager
2007-12-01 16:48 <DIR> d——– C:\Documents and Settings\All Users\Application Data\SecTaskMan
2007-12-01 16:41 116,736 –a—— C:\WINDOWS\system32\dllcache\xrxwiadr.dll
2007-12-01 16:41 99,865 –a—— C:\WINDOWS\system32\dllcache\xlog.exe
2007-12-01 16:41 28,288 –a—— C:\WINDOWS\system32\dllcache\xjis.nls
2007-12-01 16:41 27,648 –a—— C:\WINDOWS\system32\dllcache\xrxftplt.exe
2007-12-01 16:41 23,040 –a—— C:\WINDOWS\system32\dllcache\xrxwbtmp.dll
2007-12-01 16:41 19,455 –a—— C:\WINDOWS\system32\dllcache\wvchntxx.sys
2007-12-01 16:41 17,408 –a—— C:\WINDOWS\system32\dllcache\xrxscnui.dll
2007-12-01 16:41 16,970 –a—— C:\WINDOWS\system32\dllcache\xem336n5.sys
2007-12-01 16:41 12,063 –a—— C:\WINDOWS\system32\dllcache\wsiintxx.sys
2007-12-01 16:41 8,192 –a—— C:\WINDOWS\system32\dllcache\wshirda.dll
2007-12-01 16:41 4,608 –a—— C:\WINDOWS\system32\dllcache\xrxflnch.exe
2007-12-01 16:40 13,568 –a—— C:\WINDOWS\system32\dllcache\wacompen.sys
2007-12-01 16:39 224,802 –a—— C:\WINDOWS\system32\dllcache\usr1807a.sys
2007-12-01 16:38 212,480 –a—— C:\WINDOWS\system32\dllcache\um54scan.dll
2007-12-01 16:37 241,664 –a—— C:\WINDOWS\system32\dllcache\tosdvd02.sys
2007-12-01 16:36 3,968 –a—— C:\WINDOWS\system32\dllcache\swusbflt.sys
2007-12-01 16:35 53,760 –a—— C:\WINDOWS\system32\dllcache\sw_wheel.dll
2007-12-01 16:35 41,472 –a—— C:\WINDOWS\system32\dllcache\sw_effct.dll
2007-12-01 16:35 7,552 –a—— C:\WINDOWS\system32\dllcache\sonypvu1.sys
2007-12-01 16:34 26,624 –a—— C:\WINDOWS\system32\dllcache\sm92w.dll
2007-12-01 16:33 161,760 –a—— C:\WINDOWS\system32\dllcache\sgsmusb.sys
2007-12-01 16:32 495,616 –a—— C:\WINDOWS\system32\dllcache\sblfx.dll
2007-12-01 16:31 24,576 –a—— C:\WINDOWS\system32\dllcache\rw001ext.dll
2007-12-01 16:31 20,992 –a—— C:\WINDOWS\system32\dllcache\rtl8139.sys
2007-12-01 16:30 130,942 –a—— C:\WINDOWS\system32\dllcache\ptserlv.sys
2007-12-01 16:29 68,608 –a—— C:\WINDOWS\system32\dllcache\plugin.ocx
2007-12-01 16:27 30,282 –a—— C:\WINDOWS\system32\dllcache\pcntn5hl.sys
2007-12-01 16:26 27,209 –a—— C:\WINDOWS\system32\dllcache\otc06x5.sys
2007-12-01 16:25 60,480 –a—— C:\WINDOWS\system32\dllcache\neo20xx.dll
2007-12-01 16:24 126,686 –a—— C:\WINDOWS\system32\dllcache\mtlmnt5.sys
2007-12-01 16:23 47,616 –a—— C:\WINDOWS\system32\dllcache\memgrp.dll
2007-12-01 16:22 26,922 –a—— C:\WINDOWS\system32\dllcache\lanepic5.sys
2007-12-01 16:21 45,632 –a—— C:\WINDOWS\system32\dllcache\ip5515.sys
2007-12-01 16:20 100,936 –a—— C:\WINDOWS\system32\dllcache\ibmtok.sys
2007-12-01 16:19 19,456 –a—— C:\WINDOWS\system32\dllcache\hr1w.dll
2007-12-01 16:18 82,560 –a—— C:\WINDOWS\system32\dllcache\grclass.sys
2007-12-01 16:17 94,208 –a—— C:\WINDOWS\system32\dllcache\fpencode.dll
2007-12-01 16:16 455,711 –a—— C:\WINDOWS\system32\dllcache\el985n51.sys
2007-12-01 16:14 131,156 –a—— C:\WINDOWS\system32\dllcache\digidbp.dll
2007-12-01 16:14 117,760 –a—— C:\WINDOWS\system32\dllcache\d100ib5.sys
2007-12-01 16:14 103,396 –a—— C:\WINDOWS\system32\dllcache\digidxb.sys
2007-12-01 16:14 65,622 –a—— C:\WINDOWS\system32\dllcache\digiasyn.dll
2007-12-01 16:14 44,544 –a—— C:\WINDOWS\system32\dllcache\cnusd.dll
2007-12-01 16:14 38,023 –a—— C:\WINDOWS\system32\dllcache\digiasyn.sys
2007-12-01 16:13 164,923 –a—— C:\WINDOWS\system32\dllcache\diapi2.sys
2007-12-01 16:13 162,850 –a—— C:\WINDOWS\system32\dllcache\c_10001.nls
2007-12-01 16:13 66,728 –a—— C:\WINDOWS\system32\dllcache\big5.nls
2007-12-01 16:13 32,256 –a—— C:\WINDOWS\system32\dllcache\diapi2NT.dll
2007-12-01 16:12 45,056 –a—— C:\WINDOWS\system32\dllcache\EXCH_aqadmin.dll
2007-12-01 16:12 4,255 –a—— C:\WINDOWS\system32\dllcache\adv01nt5.dll
2007-12-01 16:11 598,071 –a—— C:\WINDOWS\system32\dllcache\fpmmc.dll
2007-12-01 16:11 212,992 –a—— C:\WINDOWS\system32\dllcache\fpmmcsat.dll
2007-12-01 16:11 188,480 –a—— C:\WINDOWS\system32\dllcache\cfgwiz.exe
2007-12-01 16:11 184,435 –a—— C:\WINDOWS\system32\dllcache\fp4amsft.dll
2007-12-01 16:11 147,513 –a—— C:\WINDOWS\system32\dllcache\fp4apws.dll
2007-12-01 16:11 102,509 –a—— C:\WINDOWS\system32\dllcache\fp4atxt.dll
2007-12-01 16:11 82,035 –a—— C:\WINDOWS\system32\dllcache\fp4anscp.dll
2007-12-01 16:11 49,210 –a—— C:\WINDOWS\system32\dllcache\fp4areg.dll
2007-12-01 16:11 20,541 –a—— C:\WINDOWS\system32\dllcache\fpexedll.dll
2007-12-01 16:11 20,540 –a—— C:\WINDOWS\system32\dllcache\author.dll
2007-12-01 16:11 20,536 –a—— C:\WINDOWS\system32\dllcache\shtml.dll
2007-12-01 16:11 16,439 –a—— C:\WINDOWS\system32\dllcache\author.exe
2007-12-01 16:11 16,437 –a—— C:\WINDOWS\system32\dllcache\shtml.exe
2007-12-01 16:11 5,632 –a—— C:\WINDOWS\system32\dllcache\EXCH_adsiisex.dll
2007-12-01 12:00 <DIR> d——– C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-12-01 11:19 1,560,556 –a—— C:\ComboFix.exe
2007-11-30 22:50 <DIR> d——– C:\Program Files\lx_cats
2007-11-30 20:32 <DIR> d——– C:\Documents and Settings\Administrator\Sjablonen
2007-11-30 20:32 <DIR> d——– C:\Documents and Settings\Administrator\Mijn documenten
2007-11-30 20:32 <DIR> d——– C:\Documents and Settings\Administrator\Favorieten
2007-11-30 20:32 <DIR> d——– C:\Documents and Settings\Administrator\Application Data\Gtek
2007-11-29 01:31 <DIR> d——– C:\Documents and Settings\Mark Stam\Application Data\Windows Desktop Search
2007-11-29 01:29 <DIR> d——– C:\Program Files\Windows Desktop Search
2007-11-24 23:38 <DIR> d——– C:\Documents and Settings\Mark Stam\Application Data\WizzTones
2007-11-23 00:04 <DIR> d——– C:\Program Files\Ultra Dvd2mp3
2007-11-21 23:23 <DIR> d——– C:\WINDOWS\SWAT 4
2007-11-21 23:23 <DIR> d——– C:\Program Files\SWAT 4
2007-11-21 20:35 <DIR> d——– C:\Program Files\Direct WAV MP3 Splitter
2007-11-19 12:27 2,526,800 –a—— C:\WINDOWS\Install_B4Playing.exe
2007-11-18 21:41 <DIR> d——– C:\Documents and Settings\Mark Stam\Application Data\VirtuaWin
2007-11-18 21:31 266,360 –a—— C:\WINDOWS\system32\TweakUI.exe
2007-11-18 21:31 160,217 –a—— C:\WINDOWS\system32\PowerToysLicense.rtf
2007-11-12 16:34 18,432 –ahs—- C:\WINDOWS\system32\Thumbs.db
2007-11-10 13:12 81,768 –a—— C:\WINDOWS\system32\xinput1_3.dll
2007-11-10 12:57 <DIR> d——– C:\Program Files\directx
2007-11-10 12:32 <DIR> d——– C:\Program Files\Activision
2007-11-10 12:30 <DIR> d–hs—- C:\WINDOWS\ftpcache
2007-11-06 23:42 <DIR> d——– C:\Documents and Settings\Mark Stam\Application Data\InstallShield
2007-11-06 23:42 321,168 –a—— C:\WINDOWS\system32\DMENcfg.exe
2007-11-06 23:42 226,976 –a—— C:\WINDOWS\system32\DMENcpl.cpl
2007-11-06 23:42 19,616 ——— C:\WINDOWS\system32\DMENdrv.dll
2007-11-06 23:42 698 –a—— C:\WINDOWS\system32\DMENcpl.cpl.manifest
2007-11-06 23:42 687 –a—— C:\WINDOWS\system32\DMENcfg.exe.manifest
2007-11-06 23:42 666 –a—— C:\WINDOWS\system32\DME-N Network Driver.exe.manifest
2007-11-06 22:59 <DIR> d——– C:\Documents and Settings\All Users\Application Data\Drumsite
2007-11-04 23:33 <DIR> d——– C:\Program Files\SpacialAudio
2007-11-03 01:26 <DIR> d——– C:\Documents and Settings\All Users\Application Data\Nokia
2007-11-03 00:01 <DIR> d——– C:\Program Files\Bonjour
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-01 16:00 ——— d—–w C:\Program Files\Mozilla Thunderbird
2007-12-01 11:34 ——— d—–w C:\Documents and Settings\Mark Stam\Application Data\AVG7
2007-11-29 00:27 ——— d–h–w C:\Program Files\InstallShield Installation Information
2007-11-29 00:08 ——— d—–w C:\Program Files\CyberLink
2007-11-28 23:43 ——— d—–w C:\Program Files\Bluetooth Remote Control
2007-11-27 21:59 ——— d—–w C:\Program Files\AMP WinOFF
2007-11-24 22:42 ——— d—–w C:\Documents and Settings\Mark Stam\Application Data\Skype
2007-11-19 19:25 ——— d—–w C:\Program Files\Electronic Arts
2007-11-19 10:24 ——— d—–w C:\Program Files\Yahoo!
2007-11-19 10:08 ——— d—–w C:\Program Files\ArKaos VJ 3.6.1 FC2
2007-11-13 23:17 ——— d—–w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2007-11-13 19:06 ——— d—–w C:\Documents and Settings\Mark Stam\Application Data\dvdcss
2007-11-04 23:06 ——— d—–w C:\Program Files\Common Files\Real
2007-11-03 01:03 ——— d—–w C:\Program Files\GameSpy Arcade
2007-11-03 01:02 ——— d—–w C:\Program Files\Common Files\Nokia
2007-11-03 00:25 ——— d—–w C:\Program Files\Nokia
2007-11-03 00:24 ——— d—–w C:\Documents and Settings\All Users\Application Data\Installations
2007-11-03 00:18 ——— d—–w C:\Documents and Settings\Mark Stam\Application Data\PC Suite
2007-11-03 00:01 ——— d—–w C:\Documents and Settings\Mark Stam\Application Data\Nokia
2007-11-02 23:10 ——— d—–w C:\Program Files\Common Files\Adobe
2007-11-02 13:31 ——— d—–w C:\Program Files\Microsoft Games
2007-11-02 11:18 ——— d—–w C:\Program Files\Google
2007-11-01 10:53 ——— d—–w C:\Program Files\NCH Swift Sound
2007-11-01 10:42 ——— d—–w C:\Documents and Settings\NetworkService\Application Data\NCH Swift Sound
2007-11-01 10:42 ——— d—–w C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
2007-11-01 10:41 ——— d—–w C:\Documents and Settings\Mark Stam\Application Data\NCH Swift Sound
2007-10-29 23:26 ——— d—–w C:\Program Files\CCleaner
2007-10-29 23:07 ——— d—–w C:\Program Files\CBS Software
2007-10-29 22:21 ——— d—–w C:\Program Files\Macromedia
2007-10-29 22:19 ——— d—–w C:\Program Files\Common Files\Macromedia
2007-10-29 20:42 ——— d—–w C:\Documents and Settings\All Users\Application Data\Smaart
2007-10-29 09:03 ——— d—–w C:\Program Files\EA GAMES
2007-10-28 21:19 ——— d—–w C:\Documents and Settings\Mark Stam\Application Data\vlc
2007-10-28 21:18 ——— d—–w C:\Program Files\VideoLAN
2007-10-25 16:44 8,507,392 —-a-w C:\WINDOWS\system32\dllcache\shell32.dll
2007-10-24 20:20 737,280 —-a-w C:\WINDOWS\iun6002.exe
2007-10-22 18:25 ——— d—–w C:\Program Files\Gadwin Systems
2007-10-22 15:10 ——— d—–w C:\Program Files\Alcohol Soft
2007-10-22 15:06 685,816 —-a-w C:\WINDOWS\system32\drivers\sptd.sys
2007-10-22 12:20 163,644 —-a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-10-22 11:56 ——— d—–w C:\Program Files\Common Files\EasyInfo
2007-10-22 11:49 ——— d—–w C:\Program Files\WMR11
2007-10-22 11:47 ——— d—–w C:\Program Files\Soldier of Fortune II - Double Helix MP TEST
2007-10-22 02:39 267,272 —-a-w C:\WINDOWS\system32\xactengine2_10.dll
2007-10-22 02:37 17,928 —-a-w C:\WINDOWS\system32\X3DAudio1_2.dll
2007-10-21 21:29 ——— d—–w C:\Program Files\Java
2007-10-19 16:57 ——— d—–w C:\Program Files\Winamp
2007-10-16 21:39 ——— d—–w C:\Program Files\AltBinz
2007-10-14 21:45 ——— d—–w C:\Program Files\QuickPar
2007-10-13 08:53 ——— d—–w C:\Documents and Settings\Mark Stam\Application Data\NewsLeecher
2007-10-12 21:14 ——— d—–w C:\Program Files\VJamm3
2007-10-12 20:57 ——— d—–w C:\Program Files\ArKaos Visualizer 1.6.2
2007-10-12 20:29 ——— d—–w C:\Program Files\Flowmotion 2.8
2007-10-12 20:09 ——— d—–w C:\Program Files\Swift Elite 4
2007-10-12 19:58 8,968 —-a-w C:\WINDOWS\system32\KL2DLL.DLL
2007-10-12 19:58 77,824 —-a-w C:\WINDOWS\system32\NWKL2_32.DLL
2007-10-12 19:58 7,440 —-a-w C:\WINDOWS\system32\ppmon.dll
2007-10-12 19:58 40,352 —-a-w C:\WINDOWS\system32\drivers\Usbkey.sys
2007-10-12 19:58 40,352 —-a-w C:\WINDOWS\inf\Usbkey.sys
2007-10-12 19:58 28,672 —-a-w C:\WINDOWS\system32\KL2DLL32.DLL
2007-10-12 19:58 24,136 —-a-w C:\WINDOWS\system32\ppmon.exe
2007-10-12 19:58 12,480 —-a-w C:\WINDOWS\system32\KL2N.DLL
2007-10-12 14:14 3,734,536 —-a-w C:\WINDOWS\system32\d3dx9_36.dll
2007-10-12 14:14 1,374,232 —-a-w C:\WINDOWS\system32\D3DCompiler_36.dll
2007-10-11 09:33 ——— d—–w C:\Program Files\FTDv3.8
2007-10-10 16:09 ——— d—–w C:\Program Files\WinPcap
2007-10-04 14:19 ——— d—–w C:\Program Files\Focus MP3 Recorder
2007-10-03 21:39 ——— d—–w C:\Program Files\Iteral
2007-10-02 08:56 444,776 —-a-w C:\WINDOWS\system32\d3dx10_36.dll
2007-09-19 18:39 36,868 —-a-w C:\Program Files\uninst-shine.exe
2006-11-22 08:36 0 —-a-w C:\Documents and Settings\Mark Stam\Application Data\wklnhst.dat
2006-11-21 19:55 168 –sh–r C:\WINDOWS\system32\7973562660.sys
2006-11-21 19:55 5,642 –sha-w C:\WINDOWS\system32\KGyGaAvL.sys
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:54]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 17:24]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-01-15 16:14]
"Gadwin PrintScreen"="C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe" [2007-08-20 09:42]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 13:00]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11]
"SigmatelSysTrayApp"="stsystra.exe" [2006-03-25 00:30 C:\WINDOWS\stsystra.exe]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-08 19:48]
"Dell QuickSet"="C:\Program Files\Dell\QuickSet\quickset.exe" [2006-08-03 19:51]
"CTSVolFE.exe"="C:\Program Files\Creative\Mixer\CTSVolFE.exe" [2005-02-23 16:57]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 15:40]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-10-23 19:21]
"UnlockerAssistant"="C:\Program Files\Unlocker\UnlockerAssistant.exe" [2006-09-07 18:19]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-06-29 05:24]
"PCSuiteTrayApplication"="C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2007-06-18 14:10]
"FLMOFFICE4DMOUSE"="C:\Program Files\Labtec\Mouse\V3.0\moffice.exe" [2007-08-29 13:22]
"Acrobat Assistant 8.0"="C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2007-05-10 21:46]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2007-03-30 19:00]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2007-03-30 19:00]
"Persistence"="C:\WINDOWS\system32\igfxpers.exe" [2007-03-30 18:59]
"Adobe_ID0EYTHM"="C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE" [2007-03-20 16:40]
"DME-N Network Driver"="C:\WINDOWS\system32\DME-N Network Driver.exe" [2007-03-05 10:19]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2007-03-14 21:01]
"LanguageShortcut"="C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" [2007-02-07 16:21]
"UltraMon"="C:\Program Files\UltraMon\UltraMon.exe" []
"PWRISOVM.EXE"="C:\Program Files\PowerISO\PWRISOVM.EXE" []
"lxcymon.exe"="C:\Program Files\Lexmark 3400 Series\lxcymon.exe" [2006-01-25 17:02]
"LXCYCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCYtime.dll" [2005-12-01 19:38]
"FaxCenterServer"="C:\Program Files\Lexmark Fax Solutions\fm3032.exe" []
"EzPrint"="C:\Program Files\Lexmark 3400 Series\ezprint.exe" [2006-02-07 06:10]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2007-10-23 19:21]
"Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-06-19 09:17]
C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2006-11-16 16:40:31]
Windows Desktop Search.lnk - C:\Program Files\Windows Desktop Search\WindowsSearch.exe [2007-02-05 15:40:46]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"DisallowRun"= 1 (0x1)
"NoViewOnDrive"= 0 (0x0)
"NoLogoff"= 0 (0x0)
[hklm\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2007-02-05 15:39 294400]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\kgsystray]
R1 Asapi;Asapi;C:\WINDOWS\system32\drivers\Asapi.sys
R2 {95808DC4-FA4A-4c74-92FE-5B863F82066B};{95808DC4-FA4A-4c74-92FE-5B863F82066B};\??\C:\Program Files\CyberLink\PowerDVD\[u]0[/u]00.fcl
R3 lxcy_device;lxcy_device;C:\WINDOWS\system32\lxcycoms.exe -service
S2 G11AV;Trust 610 LCD POWERC@M ZOOM, Webcam mode;C:\WINDOWS\system32\Drivers\G11av.sys
S3 APLMp50;APLMp50 NDIS Protocol Driver;C:\WINDOWS\system32\Drivers\APLMp50.sys
S3 BTNetFilter;Bluetooth Network Filter;\??\C:\WINDOWS\system32\drivers\BTNetFilter.sys
S3 moufiltr;Mouse Filter Driver;C:\WINDOWS\system32\DRIVERS\moufiltr.sys
S3 NPF;NetGroup Packet Filter Driver;C:\WINDOWS\system32\drivers\npf.sys
S3 NWADI;NWADI Bus Enumerator;C:\WINDOWS\system32\DRIVERS\NWADIenum.sys
S3 PCASp50;PCASp50 NDIS Protocol Driver;C:\WINDOWS\system32\Drivers\PCASp50.sys
S3 UltraMonMirror;UltraMonMirror;C:\WINDOWS\system32\DRIVERS\UltraMonMirror.sys
S3 USBCamera;Digital Still Image Capture;C:\WINDOWS\system32\Drivers\Bulk533.sys
S4 Neth;Neth;C:\WINDOWS\system32\netid.exe
S4 Windows sharing object;Windows sharing object;C:\WINDOWS\system32\winvercp.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
\Shell\AutoRun\command - E:\Setup\rsrc\autorun.exe
\Shell\dinstall\command - Directx\dxsetup.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]
\Shell\AutoRun\command - Autoplay.exe -auto
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\I]
\Shell\AutoRun\command - Autoplay.exe -auto
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\K]
\Shell\AutoRun\command - Autoplay.exe -auto
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\L]
\Shell\AutoRun\command - L:\Autoplay.exe -auto
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\M]
\Shell\AutoRun\command - M:\Autoplay.exe -auto
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{41ce37ee-a7bf-11db-8c17-0011675c4428}]
\shell\play\Command - "C:\Program Files\Windows Media Player\wmplayer.exe" /prefetch:4 /device:DVD "%L"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{efae58ba-2d20-11dc-8d40-0011675c4428}]
\Shell\AutoRun\command - E:\PortableApps\PortableAppsMenu\PortableAppsMenu.exe
.
Inhoud van de 'Gedeelde Taken' map
"2007-10-20 23:29:05 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************
catchme 0.3.1262 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-02 11:21:15
Windows 5.1.2600 Service Pack 2 NTFS
scannen van verborgen processen …
scannen van verborgen autostart items …
scannen van verborgen bestanden …
**************************************************************************
.
Voltooingstijd: 2007-12-02 11:23:28
C:\ComboFix2.txt … 2007-12-02 00:28
C:\ComboFix3.txt … 2007-12-01 14:55
.
— E O F —
[/code:1:afac5be542] - Ziet er weer goed uit
Download ATF Cleaner (by Atribune)
Dubbelklik op ATF cleaner om het programma te starten.
Op het tabblad "Main", plaats je een vinkje bij [b:a15910f46f]Select All[/b:a15910f46f].
Klik op de knop [b:a15910f46f]Empty Selected[/b:a15910f46f].
Het volgende doen als je ook [u:a15910f46f]FireFox[/u:a15910f46f] als browser hebt:
Klik op tabblad "Firefox", plaats een vinkje bij [b:a15910f46f]Select All[/b:a15910f46f].
Wil je de door Firefox opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op "No".
(dit haalt het vinkje weer weg bij "Firefox saved passwords"
Klik op de knop [b:a15910f46f]Empty Selected.[/b:a15910f46f]
Het volgende doen als je ook [u:a15910f46f]Opera[/u:a15910f46f] als browser hebt:
Klik op tabblad "Opera", plaats een vinkje bij [b:a15910f46f]Select All[/b:a15910f46f].
Wil je de door Opera opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op "No".
Klik op de knop [b:a15910f46f]Empty Selected[/b:a15910f46f].
Ga naar het tabblad "Main" en klik op de knop [b:a15910f46f]Exit[/b:a15910f46f] om het programma af te sluiten.
Deinstalleer Combofix:
Ga naar start –> uitvoeren en typ daar: [b:a15910f46f]combofix /u[/b:a15910f46f]
Combofix wordt nu verwijderd en er wordt een nieuw herstelpunt aangemaakt.
Lees om herhaling te voorkomen deze beveiligingstips nog eens door:
http://www.jawwi.nl/nederlands/tips/beveiligen/beveiligen.html
Hoe is het met je problemen?
Pim - ATF cleaner is al gebeurd, en ook ad-aware en spybot hebben gedraaid maar niks gevonden
Bedankt!
Beantwoord deze vraag
Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.
