Vraag & Antwoord

Beveiliging & privacy

win32\fotomoto

Anoniem
None
34 antwoorden
  • Sins een aantal dagen geeft mijn pc de hele tijd aan dat hij win32\fotomoto vind op mijn pc en ik kom er maar niet vanaf. dus dacht ik dat weten jullie vast wel.

    Logfile of Trend Micro HijackThis v2.0.0 (BETA)
    Scan saved at 11:50:39, on 12-12-2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Windows Defender\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
    C:\Program Files\Network Associates\VirusScan\Mcshield.exe
    C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
    C:\Program Files\Eset\nod32krn.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
    C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
    C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
    C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
    C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
    C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
    C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\WINDOWS\system32\svehost.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\BitTorrent\bittorrent.exe
    C:\Program Files\Microsoft ActiveSync\wcescomm.exe
    C:\PROGRA~1\MICROS~3\rapimgr.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\WINDOWS\system32\jhjsixsk.exe
    C:\Documents and Settings\Greup\Bureaublad\HiJackThis_v2.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.nl/0SENLNL/SAOS01
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=56626&homepage=http://www.home.nl/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: StumbleUpon Launcher - {145B29F4-A56B-4b90-BBAC-45784EBEBBB7} - C:\Program Files\StumbleUpon\StumbleUponIEBar.dll (file missing)
    O2 - BHO: (no name) - {4A54500A-65FE-4F4A-B860-20EAE2F577F9} - C:\WINDOWS\system32\gebbcay.dll (file missing)
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: {612a641c-ef49-220b-f3f4-bf176d605157} - {751506d6-71fb-4f3f-b022-94fec146a216} - C:\WINDOWS\system32\xjqyghhu.dll
    O2 - BHO: (no name) - {79B3844B-6DAC-4B78-B0B8-C99D8BBDCD50} - C:\WINDOWS\system32\iifgfec.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O2 - BHO: (no name) - {AA94BC74-AECD-45F3-A861-AC0FDEB3E3F6} - C:\WINDOWS\system32\efccy.dll
    O3 - Toolbar: StumbleUpon Toolbar - {5093EB4C-3E93-40AB-9266-B607BA87BDC8} - C:\Program Files\StumbleUpon\StumbleUponIEBar.dll (file missing)
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
    O4 - HKLM\..\Run: [WireLessMouse] C:\Program Files\TCM\TCM Mouse Only\MouseDrv.exe
    O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
    O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
    O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
    O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
    O4 - HKLM\..\Run: [Hitman Pro Expiration Helper] "C:\Program Files\Hitman Pro\xphelper.exe"
    O4 - HKLM\..\Run: [Microsoft Updates] svehost.exe
    O4 - HKLM\..\Run: [b836cf32] rundll32.exe "C:\WINDOWS\system32\fxtbrmqb.dll",b
    O4 - HKLM\..\RunServices: [Microsoft Updates] svehost.exe
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1
    O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" –force_start_minimized
    O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: Adobe Reader Snelle start.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: StumbleUpon: &Blog This - res://StumbleUponIEBar.dll/blogimage
    O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file)
    O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
    O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
    O9 - Extra 'Tools' menuitem: Mobiele favorieten maken… - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
    O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
    O15 - Trusted Zone: *.stumbleupon.com
    O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
    O16 - DPF: {326A7290-FAE3-48C5-9FBA-F071633E1EB5} (VPlayer Control) - http://www.sonypictures.com/movies/casinoroyale/vividas/fulltrailer/player/vivid_ocx.jpeg
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.mail.live.com/mail/w1/resources/MSNPUpld.cab
    O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://cache.hyves-static.net/statics/Aurigma/ImageUploader4.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
    O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.5 Control) - http://cache.hyves.nl/statics/Aurigma/ImageUploader.cab
    O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/win/ActiveXPlugin.cab
    O16 - DPF: {A91DEB0D-AD0D-453E-9AC8-60178EC24212} (VPlayer Control) - http://www.sonypictures.com/movies/davincicode/vividas/player/vivid_ocx.jpeg
    O16 - DPF: {DCDC28C5-831C-43EA-9C02-78872CCCA409} (VPlayer Control) - http://video.vividas.com/CDN1/4896_sony/web/player/vivid_ocx.jpeg
    O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} (AxisMediaControlEmb Class) - http://88.211.191.32:9999/activex/AMC.cab
    O16 - DPF: {FD163A9A-A3D8-4F7D-8224-32F81AC29EDA} (VPlayer Control) - http://video.vividas.com/CDN1/5029_paramount/en/web/player/vivid_ocx.jpeg
    O20 - Winlogon Notify: gebbcay - gebbcay.dll (file missing)
    O20 - Winlogon Notify: iifgfec - C:\WINDOWS\SYSTEM32\iifgfec.dll
    O21 - SSODL: Java - {D6E48699-47E5-420D-9378-117205F2FAF4} - java32.dll (file missing)
    O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
    O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
    O23 - Service: DomainService - - C:\WINDOWS\system32\jhjsixsk.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
    O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
    O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
    O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
    O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
    O23 - Service: PC Tools Auxiliary Service (sdAuxService) - Unknown owner - C:\Program Files\Spyware Doctor\svcntaux.exe (file missing)
    O23 - Service: PC Tools Security Service (sdCoreService) - Unknown owner - C:\Program Files\Spyware Doctor\swdsvc.exe (file missing)
    O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe


    End of file - 10656 bytes
    Anoniem
    Anoniem
  • Je gebruikt een verouderde versie van Hijackthis, download de nieuwste versie en werk daarmee:
    http://www.trendsecure.com/portal/en-US/threat_analytics/HJTInstall.exe

    Download SDFix naar je bureaublad.
    [list:7c88233f97]
    Dubbelklikken op SDFix.exe om het uit te pakken.
    Print onderstaande instrukties uit of kopieer ze naar een .txt bestand.
    Start op in Veilige modus
    Open de uitgepakte SDFix folder (meestal hier te vinden: C:\SDFix) en dubbelklik [b:7c88233f97]RunThis.bat[/b:7c88233f97] om het script te starten.
    Typ [b:7c88233f97]Y[/b:7c88233f97] om de fix te beginnen en volg de instructie's. Druk op een toets als het nodig is.
    De computer zal herstarten. Dit duurt langer dan gewoonlijk.
    SDFix zal verder gaan met het verwijderen. Wacht tot er wordt gevraagt om op een toets te drukken.
    Het Bureaublad zal verschijnen en er zal een logje openen.
    Post de inhoud van dat logje samen met een nieuw Hijackthislogje.
    [/list:u:7c88233f97]

    Download Combofix naar je Bureaublad.

    Indien je Combofix al eerder hebt gebruikt, gelieve die versie te verwijderen en Combofix opnieuw te downloaden via bovenstaande link, want Combofix wordt dagelijks geupdate.

    OPMERKING: indien je, tijdens of na het downloaden van Combofix of tijdens het gebruik van Combofix een melding krijgt van je Antivirus- of een andere realtime scanner, schakel dan deze scanner uit en [b:7c88233f97]download Combofix opnieuw[/b:7c88233f97]. Sommige scanners zien bepaalde componenten die Combofix gebruikt als verdacht en gaan deze blokkeren of verwijderen!

    [list:7c88233f97]
    Dubbelklik [b:7c88233f97]Combofix.exe[/b:7c88233f97]
    Volg de instructies, aanvaard de disclaimer door "[b:7c88233f97]1[/b:7c88233f97]" te typen en te bevestigen via "[b:7c88233f97]Enter[/b:7c88233f97]".
    Tijdens het runnen van de fix, [b:7c88233f97]NIET[/b:7c88233f97] in het venster klikken, want dit zal je pc doen vasthangen.[/list:u:7c88233f97]

    Wanneer de fix voltooid is en na herstart, zal de log combofix.txt openen.
    [i:7c88233f97]Plaats deze log in je volgende post samen met een nieuw HijackThis log.[/i:7c88233f97]

    Succes!

    Pim :)
    Anoniem
    Anoniem
  • Hier heb je de nieuwe hijackthis gevolgd door de combofix log.
    Auke-Jan

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 13:04:16, on 12-12-2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Windows Defender\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
    C:\Program Files\Network Associates\VirusScan\Mcshield.exe
    C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
    C:\Program Files\Eset\nod32krn.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
    C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
    C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
    C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
    C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
    C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\BitTorrent\bittorrent.exe
    C:\Program Files\Microsoft ActiveSync\wcescomm.exe
    C:\PROGRA~1\MICROS~3\rapimgr.exe
    C:\WINDOWS\system32\notepad.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=56626&homepage=http://www.home.nl/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: StumbleUpon Launcher - {145B29F4-A56B-4b90-BBAC-45784EBEBBB7} - C:\Program Files\StumbleUpon\StumbleUponIEBar.dll (file missing)
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O3 - Toolbar: StumbleUpon Toolbar - {5093EB4C-3E93-40AB-9266-B607BA87BDC8} - C:\Program Files\StumbleUpon\StumbleUponIEBar.dll (file missing)
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
    O4 - HKLM\..\Run: [WireLessMouse] C:\Program Files\TCM\TCM Mouse Only\MouseDrv.exe
    O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
    O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
    O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
    O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
    O4 - HKLM\..\Run: [Hitman Pro Expiration Helper] "C:\Program Files\Hitman Pro\xphelper.exe"
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1
    O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" –force_start_minimized
    O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: Adobe Reader Snelle start.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: StumbleUpon: &Blog This - res://StumbleUponIEBar.dll/blogimage
    O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file)
    O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
    O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
    O9 - Extra 'Tools' menuitem: Mobiele favorieten maken… - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
    O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
    O15 - Trusted Zone: *.stumbleupon.com
    O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
    O16 - DPF: {326A7290-FAE3-48C5-9FBA-F071633E1EB5} (VPlayer Control) - http://www.sonypictures.com/movies/casinoroyale/vividas/fulltrailer/player/vivid_ocx.jpeg
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.mail.live.com/mail/w1/resources/MSNPUpld.cab
    O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://cache.hyves-static.net/statics/Aurigma/ImageUploader4.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
    O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.5 Control) - http://cache.hyves.nl/statics/Aurigma/ImageUploader.cab
    O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/win/ActiveXPlugin.cab
    O16 - DPF: {A91DEB0D-AD0D-453E-9AC8-60178EC24212} (VPlayer Control) - http://www.sonypictures.com/movies/davincicode/vividas/player/vivid_ocx.jpeg
    O16 - DPF: {DCDC28C5-831C-43EA-9C02-78872CCCA409} (VPlayer Control) - http://video.vividas.com/CDN1/4896_sony/web/player/vivid_ocx.jpeg
    O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} (AxisMediaControlEmb Class) - http://88.211.191.32:9999/activex/AMC.cab
    O16 - DPF: {FD163A9A-A3D8-4F7D-8224-32F81AC29EDA} (VPlayer Control) - http://video.vividas.com/CDN1/5029_paramount/en/web/player/vivid_ocx.jpeg
    O20 - Winlogon Notify: gebbcay - gebbcay.dll (file missing)
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
    O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
    O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
    O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
    O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
    O23 - Service: PC Tools Auxiliary Service (sdAuxService) - Unknown owner - C:\Program Files\Spyware Doctor\svcntaux.exe (file missing)
    O23 - Service: PC Tools Security Service (sdCoreService) - Unknown owner - C:\Program Files\Spyware Doctor\swdsvc.exe (file missing)
    O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe


    End of file - 9334 bytes

    ComboFix 07-12-12.3 - Greup 2007-12-12 12:40:36.1 - NTFSx86
    Microsoft Windows XP Professional 5.1.2600.2.1252.1.1043.18.251 [GMT 1:00]
    Gestart vanuit: C:\Documents and Settings\Greup\Bureaublad\ComboFix.exe
    * Nieuw herstelpunt werd aangemaakt
    .

    (((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\Program Files\autorun.inf
    C:\WINDOWS\system32\awtrpon.dll
    C:\WINDOWS\system32\ayftiksg.dll
    C:\WINDOWS\system32\bqmrbtxf.ini
    C:\WINDOWS\system32\cbxyawv.dll
    C:\WINDOWS\system32\cliapidk.exe
    C:\WINDOWS\system32\drivers\npf.sys
    C:\WINDOWS\system32\efccy.dll
    C:\WINDOWS\system32\exiqabii.exe
    C:\WINDOWS\system32\fxtbrmqb.dll
    C:\WINDOWS\system32\gpkqfgiw.exe
    C:\WINDOWS\system32\iifgfec.dll
    C:\WINDOWS\system32\imhhicwa.dll
    C:\WINDOWS\system32\imxsxjri.dll
    C:\WINDOWS\system32\jhjsixsk.exe
    C:\WINDOWS\system32\jpjwqffq.dll
    C:\WINDOWS\system32\ljjhheb.dll
    C:\WINDOWS\system32\opnoopo.dll
    C:\WINDOWS\system32\packet.dll
    C:\WINDOWS\system32\pmnmkhi.dll
    C:\WINDOWS\system32\rhiicxsb.dll
    C:\WINDOWS\system32\tmkexmsn.dll
    C:\WINDOWS\system32\tuvvtrs.dll
    C:\WINDOWS\system32\upncyxbr.exe
    C:\WINDOWS\system32\utycvsrl.dll
    C:\WINDOWS\system32\wddfalos.exe
    C:\WINDOWS\system32\wpcap.dll
    C:\WINDOWS\system32\xjqyghhu.dll
    C:\WINDOWS\system32\xxyyyab.dll
    C:\WINDOWS\system32\yayxuut.dll
    C:\WINDOWS\system32\yayywwt.dll
    C:\WINDOWS\system32\yccfe.bak1
    C:\WINDOWS\system32\yccfe.bak2
    C:\WINDOWS\system32\yccfe.ini
    C:\WINDOWS\system32\ydaybhrm.dll
    C:\WINDOWS\system32\yxnctsrj.dll
    C:\WINDOWS\system32\yyqyerem.dll

    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

    .
    ——-\LEGACY_DOMAINSERVICE
    ——-\DomainService
    ——-\NPF


    (((((((((((((((((((( Bestanden Gemaakt van 2007-11-12 to 2007-12-12 ))))))))))))))))))))))))))))))
    .

    2007-12-12 12:13 . 2007-12-12 12:13 <DIR> d——– C:\WINDOWS\ERUNT
    2007-12-12 12:01 . 2007-12-12 12:01 <DIR> d——– C:\Program Files\Trend Micro
    2007-12-12 11:43 . 2007-09-05 23:22 289,144 –a—— C:\WINDOWS\system32\VCCLSID.exe
    2007-12-12 11:43 . 2006-04-27 16:49 288,417 –a—— C:\WINDOWS\system32\SrchSTS.exe
    2007-12-12 11:43 . 2003-06-05 20:13 53,248 –a—— C:\WINDOWS\system32\Process.exe
    2007-12-12 11:43 . 2004-07-31 17:50 51,200 –a—— C:\WINDOWS\system32\dumphive.exe
    2007-12-12 11:43 . 2007-10-03 23:36 25,600 –a—— C:\WINDOWS\system32\WS2Fix.exe
    2007-12-12 11:35 . 2007-12-12 11:37 3,624 –a—— C:\WINDOWS\system32\tmp.reg
    2007-12-10 20:34 . 2007-12-10 20:34 <DIR> d——– C:\Program Files\K-Lite Codec Pack
    2007-12-10 19:21 . 2007-12-12 09:33 916,805 —hs—- C:\WINDOWS\system32\psbooijk.ini
    2007-12-09 19:21 . 2007-12-10 11:59 835,060 —hs—- C:\WINDOWS\system32\aevyfnac.ini
    2007-12-08 07:31 . 2007-12-09 19:16 834,940 —hs—- C:\WINDOWS\system32\cmmfjumj.ini
    2007-12-06 21:20 . 2007-12-08 07:29 860,932 —hs—- C:\WINDOWS\system32\lrbcoact.ini
    2007-12-06 11:00 . 2007-12-06 21:11 807,828 —hs—- C:\WINDOWS\system32\nnmwosbq.ini
    2007-12-04 21:21 . 2007-12-06 10:50 807,588 —hs—- C:\WINDOWS\system32\vuweurwa.ini
    2007-12-04 21:11 . 2007-12-04 21:12 4,156 –a—— C:\WINDOWS\system32\twinfphq.dll
    2007-12-03 22:25 . 2007-12-03 22:25 <DIR> d——– C:\Documents and Settings\LocalService\Application Data\SurfRight
    2007-12-03 15:17 . 2007-12-03 15:17 792,276 —hs—- C:\WINDOWS\system32\dxfcbflq.ini
    2007-12-03 14:49 . 2007-12-03 14:49 792,276 —hs—- C:\WINDOWS\system32\godrdvcr.ini
    2007-12-03 14:43 . 2007-12-03 14:43 4,160 –a—— C:\WINDOWS\system32\jvleubre.dll
    2007-12-03 11:10 . 2007-12-03 11:10 <DIR> d——– C:\Program Files\SurfRight
    2007-12-03 11:10 . 2007-12-03 11:10 <DIR> d——– C:\Documents and Settings\All Users\Application Data\SurfRight
    2007-12-02 14:49 . 2007-12-02 14:49 793,664 —hs—- C:\WINDOWS\system32\ykewlnbx.ini
    2007-12-02 14:46 . 2007-12-02 14:46 4,156 –a—— C:\WINDOWS\system32\elfahxwo.dll
    2007-12-01 14:51 . 2007-12-01 14:51 793,664 —hs—- C:\WINDOWS\system32\qxxkgyue.ini
    2007-12-01 14:41 . 2007-12-01 14:42 4,156 –a—— C:\WINDOWS\system32\xaytcrpj.dll
    2007-11-28 16:29 . 2007-11-28 16:30 161 –a—— C:\WINDOWS\system32\temp_0000_85-19.aok
    2007-11-28 16:25 . 2007-11-28 16:25 162 –a—— C:\WINDOWS\system32\test.aok
    2007-11-28 16:01 . 2007-11-28 16:01 36,864 –a—— C:\WINDOWS\system32\gebbcay.dll__DELETE_ON_REBOOT
    2007-11-28 16:00 . 2007-11-28 16:00 33,824 –a—— C:\WINDOWS\system32\drivers\oreans32.sys
    2007-11-28 15:07 . 2002-10-05 07:04 921,600 –a—— C:\WINDOWS\system32\vorbisenc.dll
    2007-11-28 15:07 . 2004-01-11 08:02 258,048 –a—— C:\WINDOWS\system32\GplMpgDec.ax
    2007-11-28 15:07 . 2002-10-07 02:42 237,568 –a—— C:\WINDOWS\system32\OggDS.dll
    2007-11-28 15:07 . 2002-10-05 07:04 188,416 –a—— C:\WINDOWS\system32\vorbis.dll
    2007-11-28 15:07 . 2007-04-12 14:19 129,024 –a—— C:\WINDOWS\system32\AVERM.dll
    2007-11-28 15:07 . 2002-10-05 07:04 45,056 –a—— C:\WINDOWS\system32\ogg.dll
    2007-11-28 15:07 . 2006-09-26 13:57 28,672 –a—— C:\WINDOWS\system32\AVEQT.dll
    2007-11-28 15:03 . 2007-11-28 17:26 <DIR> d——– C:\Program Files\Allok 3gp psp mp4 ipod video converter
    2007-11-28 13:16 . 2007-11-28 13:16 <DIR> d——– C:\Program Files\Xilisoft
    2007-11-27 18:49 . 2007-11-28 17:20 <DIR> d——– C:\Program Files\Ultra Mobile 3GP Video Converter
    2007-11-27 18:16 . 2006-03-29 00:35 475,136 –a—— C:\WINDOWS\system32\SkinCrafter.dll
    2007-11-27 18:16 . 2007-03-09 09:35 208,896 –a—— C:\WINDOWS\system32\VideoEdit.ocx
    2007-11-27 18:16 . 2007-03-09 09:37 139,264 –a—— C:\WINDOWS\system32\viscomqtde.dll
    2007-11-27 18:16 . 2007-03-09 09:36 81,920 –a—— C:\WINDOWS\system32\viscomwave.dll
    2007-11-27 16:48 . 2005-10-21 02:47 30,592 ——— C:\WINDOWS\system32\drivers\rndismpx.sys
    2007-11-27 16:48 . 2005-10-21 02:47 12,800 ——— C:\WINDOWS\system32\drivers\usb8023x.sys
    2007-11-27 16:47 . 2007-11-27 16:47 <DIR> d——– C:\Program Files\Microsoft ActiveSync
    2007-11-27 16:46 . 2007-11-27 16:46 <DIR> d——– C:\Program Files\Windows Mobile-hulpbronnen
    2007-11-26 14:33 . 2007-11-26 13:44 804,106 –a—— C:\WINDOWS\Roulette Cheat Guide.pdf
    2007-11-22 16:37 . 2007-11-22 16:37 46,892 –a—— C:\Documents and Settings\Greup\ytmakn.exe
    2007-11-21 10:43 . 2007-11-21 10:43 46,892 –a—— C:\Documents and Settings\Greup\lmehvm.exe
    2007-11-21 10:23 . 2007-11-21 10:23 46,892 –a—— C:\Documents and Settings\Greup\haiohf.exe
    2007-11-21 10:04 . 2007-11-21 10:04 46,892 –a—— C:\Documents and Settings\Greup\dobykz.exe
    2007-11-21 09:57 . 2007-11-21 09:57 46,892 –a—— C:\Documents and Settings\Greup\jofzek.exe
    2007-11-19 16:27 . 2007-11-19 16:27 46,892 –a—— C:\Documents and Settings\Greup\xtbtvj.exe
    2007-11-19 15:41 . 2007-11-19 15:41 244 –ah—– C:\sqmnoopt12.sqm
    2007-11-19 15:41 . 2007-11-19 15:41 232 –ah—– C:\sqmdata12.sqm
    2007-11-19 15:13 . 2007-11-19 15:13 244 –ah—– C:\sqmnoopt11.sqm
    2007-11-19 15:13 . 2007-11-19 15:13 232 –ah—– C:\sqmdata11.sqm
    2007-11-19 14:42 . 2007-11-19 14:42 244 –ah—– C:\sqmnoopt10.sqm
    2007-11-19 14:42 . 2007-11-19 14:42 232 –ah—– C:\sqmdata10.sqm
    2007-11-19 14:41 . 2007-11-19 14:41 244 –ah—– C:\sqmnoopt09.sqm
    2007-11-19 14:41 . 2007-11-19 14:41 232 –ah—– C:\sqmdata09.sqm
    2007-11-19 14:29 . 2007-11-19 14:29 244 –ah—– C:\sqmnoopt08.sqm
    2007-11-19 14:29 . 2007-11-19 14:29 232 –ah—– C:\sqmdata08.sqm
    2007-11-19 14:22 . 2007-11-19 14:22 244 –ah—– C:\sqmnoopt07.sqm
    2007-11-19 14:22 . 2007-11-19 14:22 232 –ah—– C:\sqmdata07.sqm
    2007-11-19 13:40 . 2007-11-19 13:40 244 –ah—– C:\sqmnoopt06.sqm
    2007-11-19 13:40 . 2007-11-19 13:40 232 –ah—– C:\sqmdata06.sqm
    2007-11-19 13:08 . 2007-11-19 13:08 244 –ah—– C:\sqmnoopt05.sqm
    2007-11-19 13:08 . 2007-11-19 13:08 232 –ah—– C:\sqmdata05.sqm
    2007-11-19 12:25 . 2007-10-17 12:24 2,526,800 –a—— C:\WINDOWS\Install_B4Playing.exe
    2007-11-19 12:25 . 2007-10-17 12:22 842,148 –a—— C:\WINDOWS\B4Playing Bonus Guide.pdf
    2007-11-19 12:25 . 2007-11-18 14:32 112 –a—— C:\WINDOWS\B4Playing, the Smart Casino & Poker Players' Tool.url
    2007-11-13 13:40 . 2007-11-13 13:40 <DIR> d——– C:\Poker

    .
    ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2007-12-12 11:54 ——— d—–w C:\Program Files\Hitman Pro
    2007-12-12 11:08 ——— d—a-w C:\Documents and Settings\All Users\Application Data\TEMP
    2007-12-06 20:47 ——— d—–w C:\Program Files\Lexmark X1100 Series
    2007-12-03 10:33 ——— d—–w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    2007-11-28 13:33 ——— d—–w C:\Documents and Settings\Greup\Application Data\BitTorrent
    2007-11-13 10:25 20,480 —-a-w C:\WINDOWS\system32\drivers\secdrv.sys
    2007-11-07 15:50 ——— d—–w C:\Program Files\MSN Messenger
    2007-11-05 12:14 ——— d—–w C:\Documents and Settings\Greup\Application Data\PC Tools
    2007-11-05 12:13 ——— d—–w C:\Documents and Settings\LocalService\Application Data\Webroot
    2007-11-05 12:12 164 —-a-w C:\install.dat
    2007-11-05 12:12 ——— d—–w C:\Program Files\Webroot
    2007-11-05 12:12 ——— d—–w C:\Documents and Settings\Greup\Application Data\Webroot
    2007-11-05 12:12 ——— d—–w C:\Documents and Settings\All Users\Application Data\Webroot
    2007-11-05 12:08 512,096 —-a-w C:\WINDOWS\system32\drivers\amon.sys
    2007-11-05 12:08 15,424 —-a-w C:\WINDOWS\system32\drivers\nod32drv.sys
    2007-11-05 11:57 ——— d—–w C:\Program Files\SpywareBlaster
    2007-11-05 11:57 ——— d—–w C:\Documents and Settings\All Users\Application Data\Prevx
    2007-11-03 19:26 ——— d—–w C:\Program Files\LimeWire
    2007-10-19 13:29 ——— d—–w C:\Program Files\Panerai
    2007-10-14 13:09 ——— d—–w C:\Program Files\BitTorrent
    2006-10-18 09:09 30,066 —-a-w C:\WINDOWS\Fonts\walt_disney_script.zip
    2006-06-22 12:35 6,704 —-a-w C:\Program Files\Pirates readme.txt
    2006-06-20 22:40 883,162,283 —-a-w C:\Program Files\Data11.cab
    2006-06-20 22:40 703,224 —-a-w C:\Program Files\Pirates of the Caribbean.msi
    2006-06-20 22:40 1,936 —-a-w C:\Program Files\Setup.ini
    2006-06-20 22:14 365,654,016 —-a-w C:\Program Files\Data1.cab
    2005-11-13 22:49 5,693 —-a-w C:\Program Files\[u:c827e2970f]0[/u:c827e2970f]x0409.ini
    2005-11-13 22:44 1,822,520 —-a-w C:\Program Files\instmsiw.exe
    2005-11-13 22:44 1,708,856 —-a-w C:\Program Files\instmsia.exe
    .

    ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 13:00]
    "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" []
    "updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 15:45]
    "BitTorrent"="C:\Program Files\BitTorrent\bittorrent.exe" [2007-09-08 00:01]
    "H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 18:34]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Lexmark X1100 Series"="C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe" [2003-08-19 15:41]
    "WireLessMouse"="C:\Program Files\TCM\TCM Mouse Only\MouseDrv.exe" []
    "RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 20:24]
    "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2006-06-21 09:15]
    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-09-11 19:29]
    "ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2006-09-14 16:18]
    "ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2006-09-14 16:18]
    "ShStatEXE"="C:\Program Files\Network Associates\VirusScan\SHSTAT.exe" [2004-09-22 19:00]
    "McAfeeUpdaterUI"="C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" [2004-08-06 02:50]
    "Network Associates Error Reporting Service"="C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe" [2003-10-07 08:48]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe" [2005-04-13 02:48]
    "Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 18:20]
    "Hitman Pro Expiration Helper"="C:\Program Files\Hitman Pro\xphelper.exe" [2007-01-30 14:41]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 13:00]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\gebbcay]
    gebbcay.dll

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
    @=""

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
    @=""

    R1 NaiAvTdi1;NaiAvTdi1;C:\WINDOWS\system32\drivers\mvstdi5x.sys
    R1 oreans32;oreans32;\??\C:\WINDOWS\system32\drivers\oreans32.sys
    S1 ctredrv.sys;ctredrv.sys;\??\C:\WINDOWS\system32\drivers\ctredrv.sys

    *Newly Created Service* - ENTDRV51
    .
    Inhoud van de 'Gedeelde Taken' map
    "2007-12-12 11:31:46 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
    - C:\Program Files\Windows Defender\MpCmdRun.exe
    .
    **************************************************************************

    catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2007-12-12 12:54:42
    Windows 5.1.2600 Service Pack 2 NTFS

    scannen van verborgen processen …

    scannen van verborgen autostart items …

    scannen van verborgen bestanden …

    Scan succesvol afgerond
    verborgen bestanden: 0

    **************************************************************************
    .
    Voltooingstijd: 2007-12-12 12:57:53 - machine was rebooted
    .
    2007-12-12 09:36:12 — E O F —
    Anoniem
    Anoniem
  • 1. Start hijackthis, kies voor 'Do a system scan only' en vink onderstaande regels aan:
    [b:4f61aa38d7]
    O2 - BHO: StumbleUpon Launcher - {145B29F4-A56B-4b90-BBAC-45784EBEBBB7} - C:\Program Files\StumbleUpon\StumbleUponIEBar.dll (file missing)
    O3 - Toolbar: StumbleUpon Toolbar - {5093EB4C-3E93-40AB-9266-B607BA87BDC8} - C:\Program Files\StumbleUpon\StumbleUponIEBar.dll (file missing)
    O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file)
    [/b:4f61aa38d7]

    Indien je onderstaande Vertrouwde website niet zelf hebt ingesteld, kan je deze regel ook aanvinken:
    [b:4f61aa38d7]O15 - Trusted Zone: *.stumbleupon.com[/b:4f61aa38d7]

    Vink ook nog aan:
    [b:4f61aa38d7]O20 - Winlogon Notify: gebbcay - gebbcay.dll (file missing) [/b:4f61aa38d7]

    Sluit nu alle openstaande vensters, behalve Hijackthis en klik op 'fix checked'

    2. Open Kladblok, kopiëer en plak het volgende (vetgedrukte tekst) in een leeg venster:
    [b:4f61aa38d7]
    File::
    C:\WINDOWS\system32\psbooijk.ini
    C:\WINDOWS\system32\aevyfnac.ini
    C:\WINDOWS\system32\cmmfjumj.ini
    C:\WINDOWS\system32\lrbcoact.ini
    C:\WINDOWS\system32\nnmwosbq.ini
    C:\WINDOWS\system32\vuweurwa.ini
    C:\WINDOWS\system32\twinfphq.dll
    C:\WINDOWS\system32\godrdvcr.ini
    C:\WINDOWS\system32\dxfcbflq.ini
    C:\WINDOWS\system32\jvleubre.dll
    C:\WINDOWS\system32\ykewlnbx.ini
    C:\WINDOWS\system32\elfahxwo.dll
    C:\WINDOWS\system32\qxxkgyue.ini
    C:\WINDOWS\system32\xaytcrpj.dll

    Registry::
    [-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\gebbcay]
    [/b:4f61aa38d7]

    Sla dit op op je Bureaublad als [b:4f61aa38d7]CFScript.txt[/b:4f61aa38d7]

    Sleep [b:4f61aa38d7]CFScript.txt[/b:4f61aa38d7] in [b:4f61aa38d7]ComboFix.exe[/b:4f61aa38d7] zoals getoond in onderstaand voorbeeld :
    [img:4f61aa38d7]http://img.photobucket.com/albums/v666/sUBs/CFScript.gif[/img:4f61aa38d7]

    Dit zal [b:4f61aa38d7]ComboFix[/b:4f61aa38d7] doen herstarten.
    Start opnieuw op als daarom gevraagd wordt en post de inhoud van de Combofix.txt in je volgende antwoord samen met een nieuw HijackThislogje.

    Hoe is het met je problemen?
    Pim
    Anoniem
    Anoniem
  • Hoi Pim,

    Volgens mij werkt het maar ik weet er niet zo heel veel van……… :P

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 13:48:56, on 12-12-2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Windows Defender\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
    C:\Program Files\Network Associates\VirusScan\Mcshield.exe
    C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
    C:\Program Files\Eset\nod32krn.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
    C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
    C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
    C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
    C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
    C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\BitTorrent\bittorrent.exe
    C:\Program Files\Microsoft ActiveSync\wcescomm.exe
    C:\PROGRA~1\MICROS~3\rapimgr.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\WINDOWS\explorer.exe
    C:\WINDOWS\system32\notepad.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=56626&homepage=http://www.home.nl/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
    O4 - HKLM\..\Run: [WireLessMouse] C:\Program Files\TCM\TCM Mouse Only\MouseDrv.exe
    O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
    O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
    O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
    O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
    O4 - HKLM\..\Run: [Hitman Pro Expiration Helper] "C:\Program Files\Hitman Pro\xphelper.exe"
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1
    O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" –force_start_minimized
    O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: Adobe Reader Snelle start.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: StumbleUpon: &Blog This - res://StumbleUponIEBar.dll/blogimage
    O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
    O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
    O9 - Extra 'Tools' menuitem: Mobiele favorieten maken… - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
    O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
    O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
    O16 - DPF: {326A7290-FAE3-48C5-9FBA-F071633E1EB5} (VPlayer Control) - http://www.sonypictures.com/movies/casinoroyale/vividas/fulltrailer/player/vivid_ocx.jpeg
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.mail.live.com/mail/w1/resources/MSNPUpld.cab
    O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://cache.hyves-static.net/statics/Aurigma/ImageUploader4.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
    O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.5 Control) - http://cache.hyves.nl/statics/Aurigma/ImageUploader.cab
    O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/win/ActiveXPlugin.cab
    O16 - DPF: {A91DEB0D-AD0D-453E-9AC8-60178EC24212} (VPlayer Control) - http://www.sonypictures.com/movies/davincicode/vividas/player/vivid_ocx.jpeg
    O16 - DPF: {DCDC28C5-831C-43EA-9C02-78872CCCA409} (VPlayer Control) - http://video.vividas.com/CDN1/4896_sony/web/player/vivid_ocx.jpeg
    O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} (AxisMediaControlEmb Class) - http://88.211.191.32:9999/activex/AMC.cab
    O16 - DPF: {FD163A9A-A3D8-4F7D-8224-32F81AC29EDA} (VPlayer Control) - http://video.vividas.com/CDN1/5029_paramount/en/web/player/vivid_ocx.jpeg
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
    O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
    O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
    O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
    O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
    O23 - Service: PC Tools Auxiliary Service (sdAuxService) - Unknown owner - C:\Program Files\Spyware Doctor\svcntaux.exe (file missing)
    O23 - Service: PC Tools Security Service (sdCoreService) - Unknown owner - C:\Program Files\Spyware Doctor\swdsvc.exe (file missing)
    O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe


    End of file - 8914 bytes

    ComboFix 07-12-12.3 - Greup 2007-12-12 13:42:15.2 - NTFSx86
    Microsoft Windows XP Professional 5.1.2600.2.1252.1.1043.18.218 [GMT 1:00]
    Gestart vanuit: C:\Documents and Settings\Greup\Bureaublad\ComboFix.exe
    Command switches used :: C:\Documents and Settings\Greup\Bureaublad\CFScript.txt
    * Nieuw herstelpunt werd aangemaakt

    FILE
    C:\WINDOWS\system32\aevyfnac.ini
    C:\WINDOWS\system32\cmmfjumj.ini
    C:\WINDOWS\system32\dxfcbflq.ini
    C:\WINDOWS\system32\elfahxwo.dll
    C:\WINDOWS\system32\godrdvcr.ini
    C:\WINDOWS\system32\jvleubre.dll
    C:\WINDOWS\system32\lrbcoact.ini
    C:\WINDOWS\system32\nnmwosbq.ini
    C:\WINDOWS\system32\psbooijk.ini
    C:\WINDOWS\system32\qxxkgyue.ini
    C:\WINDOWS\system32\twinfphq.dll
    C:\WINDOWS\system32\vuweurwa.ini
    C:\WINDOWS\system32\xaytcrpj.dll
    C:\WINDOWS\system32\ykewlnbx.ini
    .

    (((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\WINDOWS\system32\aevyfnac.ini
    C:\WINDOWS\system32\cmmfjumj.ini
    C:\WINDOWS\system32\dxfcbflq.ini
    C:\WINDOWS\system32\elfahxwo.dll
    C:\WINDOWS\system32\godrdvcr.ini
    C:\WINDOWS\system32\jvleubre.dll
    C:\WINDOWS\system32\lrbcoact.ini
    C:\WINDOWS\system32\nnmwosbq.ini
    C:\WINDOWS\system32\psbooijk.ini
    C:\WINDOWS\system32\qxxkgyue.ini
    C:\WINDOWS\system32\twinfphq.dll
    C:\WINDOWS\system32\vuweurwa.ini
    C:\WINDOWS\system32\xaytcrpj.dll
    C:\WINDOWS\system32\ykewlnbx.ini

    .
    (((((((((((((((((((( Bestanden Gemaakt van 2007-11-12 to 2007-12-12 ))))))))))))))))))))))))))))))
    .

    2007-12-12 12:13 . 2007-12-12 12:13 <DIR> d——– C:\WINDOWS\ERUNT
    2007-12-12 12:01 . 2007-12-12 12:01 <DIR> d——– C:\Program Files\Trend Micro
    2007-12-12 11:43 . 2007-09-05 23:22 289,144 –a—— C:\WINDOWS\system32\VCCLSID.exe
    2007-12-12 11:43 . 2006-04-27 16:49 288,417 –a—— C:\WINDOWS\system32\SrchSTS.exe
    2007-12-12 11:43 . 2003-06-05 20:13 53,248 –a—— C:\WINDOWS\system32\Process.exe
    2007-12-12 11:43 . 2004-07-31 17:50 51,200 –a—— C:\WINDOWS\system32\dumphive.exe
    2007-12-12 11:43 . 2007-10-03 23:36 25,600 –a—— C:\WINDOWS\system32\WS2Fix.exe
    2007-12-12 11:35 . 2007-12-12 11:37 3,624 –a—— C:\WINDOWS\system32\tmp.reg
    2007-12-10 20:34 . 2007-12-10 20:34 <DIR> d——– C:\Program Files\K-Lite Codec Pack
    2007-12-03 22:25 . 2007-12-03 22:25 <DIR> d——– C:\Documents and Settings\LocalService\Application Data\SurfRight
    2007-12-03 11:10 . 2007-12-03 11:10 <DIR> d——– C:\Program Files\SurfRight
    2007-12-03 11:10 . 2007-12-03 11:10 <DIR> d——– C:\Documents and Settings\All Users\Application Data\SurfRight
    2007-11-28 16:29 . 2007-11-28 16:30 161 –a—— C:\WINDOWS\system32\temp_0000_85-19.aok
    2007-11-28 16:25 . 2007-11-28 16:25 162 –a—— C:\WINDOWS\system32\test.aok
    2007-11-28 16:01 . 2007-11-28 16:01 36,864 –a—— C:\WINDOWS\system32\gebbcay.dll__DELETE_ON_REBOOT
    2007-11-28 16:00 . 2007-11-28 16:00 33,824 –a—— C:\WINDOWS\system32\drivers\oreans32.sys
    2007-11-28 15:07 . 2002-10-05 07:04 921,600 –a—— C:\WINDOWS\system32\vorbisenc.dll
    2007-11-28 15:07 . 2004-01-11 08:02 258,048 –a—— C:\WINDOWS\system32\GplMpgDec.ax
    2007-11-28 15:07 . 2002-10-07 02:42 237,568 –a—— C:\WINDOWS\system32\OggDS.dll
    2007-11-28 15:07 . 2002-10-05 07:04 188,416 –a—— C:\WINDOWS\system32\vorbis.dll
    2007-11-28 15:07 . 2007-04-12 14:19 129,024 –a—— C:\WINDOWS\system32\AVERM.dll
    2007-11-28 15:07 . 2002-10-05 07:04 45,056 –a—— C:\WINDOWS\system32\ogg.dll
    2007-11-28 15:07 . 2006-09-26 13:57 28,672 –a—— C:\WINDOWS\system32\AVEQT.dll
    2007-11-28 15:03 . 2007-11-28 17:26 <DIR> d——– C:\Program Files\Allok 3gp psp mp4 ipod video converter
    2007-11-28 13:16 . 2007-11-28 13:16 <DIR> d——– C:\Program Files\Xilisoft
    2007-11-27 18:49 . 2007-11-28 17:20 <DIR> d——– C:\Program Files\Ultra Mobile 3GP Video Converter
    2007-11-27 18:16 . 2006-03-29 00:35 475,136 –a—— C:\WINDOWS\system32\SkinCrafter.dll
    2007-11-27 18:16 . 2007-03-09 09:35 208,896 –a—— C:\WINDOWS\system32\VideoEdit.ocx
    2007-11-27 18:16 . 2007-03-09 09:37 139,264 –a—— C:\WINDOWS\system32\viscomqtde.dll
    2007-11-27 18:16 . 2007-03-09 09:36 81,920 –a—— C:\WINDOWS\system32\viscomwave.dll
    2007-11-27 16:48 . 2005-10-21 02:47 30,592 ——— C:\WINDOWS\system32\drivers\rndismpx.sys
    2007-11-27 16:48 . 2005-10-21 02:47 12,800 ——— C:\WINDOWS\system32\drivers\usb8023x.sys
    2007-11-27 16:47 . 2007-11-27 16:47 <DIR> d——– C:\Program Files\Microsoft ActiveSync
    2007-11-27 16:46 . 2007-11-27 16:46 <DIR> d——– C:\Program Files\Windows Mobile-hulpbronnen
    2007-11-26 14:33 . 2007-11-26 13:44 804,106 –a—— C:\WINDOWS\Roulette Cheat Guide.pdf
    2007-11-22 16:37 . 2007-11-22 16:37 46,892 –a—— C:\Documents and Settings\Greup\ytmakn.exe
    2007-11-21 10:43 . 2007-11-21 10:43 46,892 –a—— C:\Documents and Settings\Greup\lmehvm.exe
    2007-11-21 10:23 . 2007-11-21 10:23 46,892 –a—— C:\Documents and Settings\Greup\haiohf.exe
    2007-11-21 10:04 . 2007-11-21 10:04 46,892 –a—— C:\Documents and Settings\Greup\dobykz.exe
    2007-11-21 09:57 . 2007-11-21 09:57 46,892 –a—— C:\Documents and Settings\Greup\jofzek.exe
    2007-11-19 16:27 . 2007-11-19 16:27 46,892 –a—— C:\Documents and Settings\Greup\xtbtvj.exe
    2007-11-19 15:41 . 2007-11-19 15:41 244 –ah—– C:\sqmnoopt12.sqm
    2007-11-19 15:41 . 2007-11-19 15:41 232 –ah—– C:\sqmdata12.sqm
    2007-11-19 15:13 . 2007-11-19 15:13 244 –ah—– C:\sqmnoopt11.sqm
    2007-11-19 15:13 . 2007-11-19 15:13 232 –ah—– C:\sqmdata11.sqm
    2007-11-19 14:42 . 2007-11-19 14:42 244 –ah—– C:\sqmnoopt10.sqm
    2007-11-19 14:42 . 2007-11-19 14:42 232 –ah—– C:\sqmdata10.sqm
    2007-11-19 14:41 . 2007-11-19 14:41 244 –ah—– C:\sqmnoopt09.sqm
    2007-11-19 14:41 . 2007-11-19 14:41 232 –ah—– C:\sqmdata09.sqm
    2007-11-19 14:29 . 2007-11-19 14:29 244 –ah—– C:\sqmnoopt08.sqm
    2007-11-19 14:29 . 2007-11-19 14:29 232 –ah—– C:\sqmdata08.sqm
    2007-11-19 14:22 . 2007-11-19 14:22 244 –ah—– C:\sqmnoopt07.sqm
    2007-11-19 14:22 . 2007-11-19 14:22 232 –ah—– C:\sqmdata07.sqm
    2007-11-19 13:40 . 2007-11-19 13:40 244 –ah—– C:\sqmnoopt06.sqm
    2007-11-19 13:40 . 2007-11-19 13:40 232 –ah—– C:\sqmdata06.sqm
    2007-11-19 13:08 . 2007-11-19 13:08 244 –ah—– C:\sqmnoopt05.sqm
    2007-11-19 13:08 . 2007-11-19 13:08 232 –ah—– C:\sqmdata05.sqm
    2007-11-19 12:25 . 2007-10-17 12:24 2,526,800 –a—— C:\WINDOWS\Install_B4Playing.exe
    2007-11-19 12:25 . 2007-10-17 12:22 842,148 –a—— C:\WINDOWS\B4Playing Bonus Guide.pdf
    2007-11-19 12:25 . 2007-11-18 14:32 112 –a—— C:\WINDOWS\B4Playing, the Smart Casino & Poker Players' Tool.url
    2007-11-13 13:40 . 2007-11-13 13:40 <DIR> d——– C:\Poker

    .
    ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2007-12-12 11:54 ——— d—–w C:\Program Files\Hitman Pro
    2007-12-12 11:08 ——— d—a-w C:\Documents and Settings\All Users\Application Data\TEMP
    2007-12-06 20:47 ——— d—–w C:\Program Files\Lexmark X1100 Series
    2007-12-03 10:33 ——— d—–w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    2007-11-28 13:33 ——— d—–w C:\Documents and Settings\Greup\Application Data\BitTorrent
    2007-11-13 10:25 20,480 —-a-w C:\WINDOWS\system32\drivers\secdrv.sys
    2007-11-07 15:50 ——— d—–w C:\Program Files\MSN Messenger
    2007-11-05 12:14 ——— d—–w C:\Documents and Settings\Greup\Application Data\PC Tools
    2007-11-05 12:13 ——— d—–w C:\Documents and Settings\LocalService\Application Data\Webroot
    2007-11-05 12:12 164 —-a-w C:\install.dat
    2007-11-05 12:12 ——— d—–w C:\Program Files\Webroot
    2007-11-05 12:12 ——— d—–w C:\Documents and Settings\Greup\Application Data\Webroot
    2007-11-05 12:12 ——— d—–w C:\Documents and Settings\All Users\Application Data\Webroot
    2007-11-05 12:08 512,096 —-a-w C:\WINDOWS\system32\drivers\amon.sys
    2007-11-05 12:08 298,104 —-a-w C:\WINDOWS\system32\imon.dll
    2007-11-05 12:08 15,424 —-a-w C:\WINDOWS\system32\drivers\nod32drv.sys
    2007-11-05 11:57 ——— d—–w C:\Program Files\SpywareBlaster
    2007-11-05 11:57 ——— d—–w C:\Documents and Settings\All Users\Application Data\Prevx
    2007-11-03 19:26 ——— d—–w C:\Program Files\LimeWire
    2007-10-29 22:45 1,291,776 —-a-w C:\WINDOWS\system32\quartz.dll
    2007-10-25 08:28 222,720 —-a-w C:\WINDOWS\system32\wmasf.dll
    2007-10-19 13:29 ——— d—–w C:\Program Files\Panerai
    2007-10-14 13:09 ——— d—–w C:\Program Files\BitTorrent
    2006-10-18 09:09 30,066 —-a-w C:\WINDOWS\Fonts\walt_disney_script.zip
    2006-06-22 12:35 6,704 —-a-w C:\Program Files\Pirates readme.txt
    2006-06-20 22:40 883,162,283 —-a-w C:\Program Files\Data11.cab
    2006-06-20 22:40 703,224 —-a-w C:\Program Files\Pirates of the Caribbean.msi
    2006-06-20 22:40 1,936 —-a-w C:\Program Files\Setup.ini
    2006-06-20 22:14 365,654,016 —-a-w C:\Program Files\Data1.cab
    2005-11-13 22:49 5,693 —-a-w C:\Program Files\[u:2f93e268ac]0[/u:2f93e268ac]x0409.ini
    2005-11-13 22:44 1,822,520 —-a-w C:\Program Files\instmsiw.exe
    2005-11-13 22:44 1,708,856 —-a-w C:\Program Files\instmsia.exe
    .

    ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 13:00]
    "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" []
    "updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 15:45]
    "BitTorrent"="C:\Program Files\BitTorrent\bittorrent.exe" [2007-09-08 00:01]
    "H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 18:34]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Lexmark X1100 Series"="C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe" [2003-08-19 15:41]
    "WireLessMouse"="C:\Program Files\TCM\TCM Mouse Only\MouseDrv.exe" []
    "RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 20:24]
    "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2006-06-21 09:15]
    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-09-11 19:29]
    "ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2006-09-14 16:18]
    "ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2006-09-14 16:18]
    "ShStatEXE"="C:\Program Files\Network Associates\VirusScan\SHSTAT.exe" [2004-09-22 19:00]
    "McAfeeUpdaterUI"="C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" [2004-08-06 02:50]
    "Network Associates Error Reporting Service"="C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe" [2003-10-07 08:48]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe" [2005-04-13 02:48]
    "Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 18:20]
    "Hitman Pro Expiration Helper"="C:\Program Files\Hitman Pro\xphelper.exe" [2007-01-30 14:41]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 13:00]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
    @=""

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
    @=""

    R1 NaiAvTdi1;NaiAvTdi1;C:\WINDOWS\system32\drivers\mvstdi5x.sys
    R1 oreans32;oreans32;\??\C:\WINDOWS\system32\drivers\oreans32.sys
    S1 ctredrv.sys;ctredrv.sys;\??\C:\WINDOWS\system32\drivers\ctredrv.sys

    *Newly Created Service* - ENTDRV51
    .
    Inhoud van de 'Gedeelde Taken' map
    "2007-12-12 11:57:18 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
    - C:\Program Files\Windows Defender\MpCmdRun.exe
    .
    **************************************************************************

    catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2007-12-12 13:45:21
    Windows 5.1.2600 Service Pack 2 NTFS

    scannen van verborgen processen …

    scannen van verborgen autostart items …

    scannen van verborgen bestanden …

    Scan succesvol afgerond
    verborgen bestanden: 0

    **************************************************************************
    .
    Voltooingstijd: 2007-12-12 13:46:37
    C:\ComboFix2.txt … 2007-12-12 12:57
    .
    2007-12-12 09:36:12 — E O F —
    Anoniem
    Anoniem
  • Eentje gemist :(

    Verwijder de tekst uit [b:e7faaace6c]CFscript[/b:e7faaace6c] en plaats de volgende tekst erin:
    [b:e7faaace6c]
    File::
    C:\WINDOWS\system32\gebbcay.dll
    [/b:e7faaace6c]

    Sleep deze opnieuw in Combofix via bovenstaande instructies en post het logje.
    Anoniem
    Anoniem
  • ComboFix 07-12-12.3 - Greup 2007-12-13 14:19:09.3 - NTFSx86
    Microsoft Windows XP Professional 5.1.2600.2.1252.1.1043.18.249 [GMT 1:00]
    Gestart vanuit: C:\Documents and Settings\Greup\Bureaublad\ComboFix.exe
    Command switches used :: C:\Documents and Settings\Greup\Bureaublad\CFScript.txt
    * Nieuw herstelpunt werd aangemaakt

    FILE
    C:\WINDOWS\system32\gebbcay.dll
    .

    (((((((((((((((((((( Bestanden Gemaakt van 2007-11-13 to 2007-12-13 ))))))))))))))))))))))))))))))
    .

    2007-12-12 12:13 . 2007-12-12 12:13 <DIR> d——– C:\WINDOWS\ERUNT
    2007-12-12 12:01 . 2007-12-12 12:01 <DIR> d——– C:\Program Files\Trend Micro
    2007-12-12 11:43 . 2007-09-05 23:22 289,144 –a—— C:\WINDOWS\system32\VCCLSID.exe
    2007-12-12 11:43 . 2006-04-27 16:49 288,417 –a—— C:\WINDOWS\system32\SrchSTS.exe
    2007-12-12 11:43 . 2003-06-05 20:13 53,248 –a—— C:\WINDOWS\system32\Process.exe
    2007-12-12 11:43 . 2004-07-31 17:50 51,200 –a—— C:\WINDOWS\system32\dumphive.exe
    2007-12-12 11:43 . 2007-10-03 23:36 25,600 –a—— C:\WINDOWS\system32\WS2Fix.exe
    2007-12-12 11:35 . 2007-12-12 11:37 3,624 –a—— C:\WINDOWS\system32\tmp.reg
    2007-12-10 20:34 . 2007-12-10 20:34 <DIR> d——– C:\Program Files\K-Lite Codec Pack
    2007-12-03 22:25 . 2007-12-03 22:25 <DIR> d——– C:\Documents and Settings\LocalService\Application Data\SurfRight
    2007-12-03 11:10 . 2007-12-03 11:10 <DIR> d——– C:\Program Files\SurfRight
    2007-12-03 11:10 . 2007-12-03 11:10 <DIR> d——– C:\Documents and Settings\All Users\Application Data\SurfRight
    2007-11-28 16:29 . 2007-11-28 16:30 161 –a—— C:\WINDOWS\system32\temp_0000_85-19.aok
    2007-11-28 16:25 . 2007-11-28 16:25 162 –a—— C:\WINDOWS\system32\test.aok
    2007-11-28 16:01 . 2007-11-28 16:01 36,864 –a—— C:\WINDOWS\system32\gebbcay.dll__DELETE_ON_REBOOT
    2007-11-28 16:00 . 2007-11-28 16:00 33,824 –a—— C:\WINDOWS\system32\drivers\oreans32.sys
    2007-11-28 15:07 . 2002-10-05 07:04 921,600 –a—— C:\WINDOWS\system32\vorbisenc.dll
    2007-11-28 15:07 . 2004-01-11 08:02 258,048 –a—— C:\WINDOWS\system32\GplMpgDec.ax
    2007-11-28 15:07 . 2002-10-07 02:42 237,568 –a—— C:\WINDOWS\system32\OggDS.dll
    2007-11-28 15:07 . 2002-10-05 07:04 188,416 –a—— C:\WINDOWS\system32\vorbis.dll
    2007-11-28 15:07 . 2007-04-12 14:19 129,024 –a—— C:\WINDOWS\system32\AVERM.dll
    2007-11-28 15:07 . 2002-10-05 07:04 45,056 –a—— C:\WINDOWS\system32\ogg.dll
    2007-11-28 15:07 . 2006-09-26 13:57 28,672 –a—— C:\WINDOWS\system32\AVEQT.dll
    2007-11-28 15:03 . 2007-11-28 17:26 <DIR> d——– C:\Program Files\Allok 3gp psp mp4 ipod video converter
    2007-11-28 13:16 . 2007-11-28 13:16 <DIR> d——– C:\Program Files\Xilisoft
    2007-11-27 18:49 . 2007-11-28 17:20 <DIR> d——– C:\Program Files\Ultra Mobile 3GP Video Converter
    2007-11-27 18:16 . 2006-03-29 00:35 475,136 –a—— C:\WINDOWS\system32\SkinCrafter.dll
    2007-11-27 18:16 . 2007-03-09 09:35 208,896 –a—— C:\WINDOWS\system32\VideoEdit.ocx
    2007-11-27 18:16 . 2007-03-09 09:37 139,264 –a—— C:\WINDOWS\system32\viscomqtde.dll
    2007-11-27 18:16 . 2007-03-09 09:36 81,920 –a—— C:\WINDOWS\system32\viscomwave.dll
    2007-11-27 16:48 . 2005-10-21 02:47 30,592 ——— C:\WINDOWS\system32\drivers\rndismpx.sys
    2007-11-27 16:48 . 2005-10-21 02:47 12,800 ——— C:\WINDOWS\system32\drivers\usb8023x.sys
    2007-11-27 16:47 . 2007-11-27 16:47 <DIR> d——– C:\Program Files\Microsoft ActiveSync
    2007-11-27 16:46 . 2007-11-27 16:46 <DIR> d——– C:\Program Files\Windows Mobile-hulpbronnen
    2007-11-26 14:33 . 2007-11-26 13:44 804,106 –a—— C:\WINDOWS\Roulette Cheat Guide.pdf
    2007-11-22 16:37 . 2007-11-22 16:37 46,892 –a—— C:\Documents and Settings\Greup\ytmakn.exe
    2007-11-21 10:43 . 2007-11-21 10:43 46,892 –a—— C:\Documents and Settings\Greup\lmehvm.exe
    2007-11-21 10:23 . 2007-11-21 10:23 46,892 –a—— C:\Documents and Settings\Greup\haiohf.exe
    2007-11-21 10:04 . 2007-11-21 10:04 46,892 –a—— C:\Documents and Settings\Greup\dobykz.exe
    2007-11-21 09:57 . 2007-11-21 09:57 46,892 –a—— C:\Documents and Settings\Greup\jofzek.exe
    2007-11-19 16:27 . 2007-11-19 16:27 46,892 –a—— C:\Documents and Settings\Greup\xtbtvj.exe
    2007-11-19 15:41 . 2007-11-19 15:41 244 –ah—– C:\sqmnoopt12.sqm
    2007-11-19 15:41 . 2007-11-19 15:41 232 –ah—– C:\sqmdata12.sqm
    2007-11-19 15:13 . 2007-11-19 15:13 244 –ah—– C:\sqmnoopt11.sqm
    2007-11-19 15:13 . 2007-11-19 15:13 232 –ah—– C:\sqmdata11.sqm
    2007-11-19 14:42 . 2007-11-19 14:42 244 –ah—– C:\sqmnoopt10.sqm
    2007-11-19 14:42 . 2007-11-19 14:42 232 –ah—– C:\sqmdata10.sqm
    2007-11-19 14:41 . 2007-11-19 14:41 244 –ah—– C:\sqmnoopt09.sqm
    2007-11-19 14:41 . 2007-11-19 14:41 232 –ah—– C:\sqmdata09.sqm
    2007-11-19 14:29 . 2007-11-19 14:29 244 –ah—– C:\sqmnoopt08.sqm
    2007-11-19 14:29 . 2007-11-19 14:29 232 –ah—– C:\sqmdata08.sqm
    2007-11-19 14:22 . 2007-11-19 14:22 244 –ah—– C:\sqmnoopt07.sqm
    2007-11-19 14:22 . 2007-11-19 14:22 232 –ah—– C:\sqmdata07.sqm
    2007-11-19 13:40 . 2007-11-19 13:40 244 –ah—– C:\sqmnoopt06.sqm
    2007-11-19 13:40 . 2007-11-19 13:40 232 –ah—– C:\sqmdata06.sqm
    2007-11-19 13:08 . 2007-11-19 13:08 244 –ah—– C:\sqmnoopt05.sqm
    2007-11-19 13:08 . 2007-11-19 13:08 232 –ah—– C:\sqmdata05.sqm
    2007-11-19 12:25 . 2007-10-17 12:24 2,526,800 –a—— C:\WINDOWS\Install_B4Playing.exe
    2007-11-19 12:25 . 2007-10-17 12:22 842,148 –a—— C:\WINDOWS\B4Playing Bonus Guide.pdf
    2007-11-19 12:25 . 2007-11-18 14:32 112 –a—— C:\WINDOWS\B4Playing, the Smart Casino & Poker Players' Tool.url
    2007-11-13 13:40 . 2007-11-13 13:40 <DIR> d——– C:\Poker

    .
    ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2007-12-13 13:12 ——— d—–w C:\Program Files\Hitman Pro
    2007-12-12 11:08 ——— d—a-w C:\Documents and Settings\All Users\Application Data\TEMP
    2007-12-06 20:47 ——— d—–w C:\Program Files\Lexmark X1100 Series
    2007-12-03 10:33 ——— d—–w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    2007-11-28 13:33 ——— d—–w C:\Documents and Settings\Greup\Application Data\BitTorrent
    2007-11-13 10:25 20,480 —-a-w C:\WINDOWS\system32\drivers\secdrv.sys
    2007-11-07 15:50 ——— d—–w C:\Program Files\MSN Messenger
    2007-11-05 12:14 ——— d—–w C:\Documents and Settings\Greup\Application Data\PC Tools
    2007-11-05 12:13 ——— d—–w C:\Documents and Settings\LocalService\Application Data\Webroot
    2007-11-05 12:12 164 —-a-w C:\install.dat
    2007-11-05 12:12 ——— d—–w C:\Program Files\Webroot
    2007-11-05 12:12 ——— d—–w C:\Documents and Settings\Greup\Application Data\Webroot
    2007-11-05 12:12 ——— d—–w C:\Documents and Settings\All Users\Application Data\Webroot
    2007-11-05 12:08 512,096 —-a-w C:\WINDOWS\system32\drivers\amon.sys
    2007-11-05 12:08 298,104 —-a-w C:\WINDOWS\system32\imon.dll
    2007-11-05 12:08 15,424 —-a-w C:\WINDOWS\system32\drivers\nod32drv.sys
    2007-11-05 11:57 ——— d—–w C:\Program Files\SpywareBlaster
    2007-11-05 11:57 ——— d—–w C:\Documents and Settings\All Users\Application Data\Prevx
    2007-11-03 19:26 ——— d—–w C:\Program Files\LimeWire
    2007-10-29 22:45 1,291,776 —-a-w C:\WINDOWS\system32\quartz.dll
    2007-10-25 08:28 222,720 —-a-w C:\WINDOWS\system32\wmasf.dll
    2007-10-19 13:29 ——— d—–w C:\Program Files\Panerai
    2007-10-14 13:09 ——— d—–w C:\Program Files\BitTorrent
    2006-10-18 09:09 30,066 —-a-w C:\WINDOWS\Fonts\walt_disney_script.zip
    2006-06-22 12:35 6,704 —-a-w C:\Program Files\Pirates readme.txt
    2006-06-20 22:40 883,162,283 —-a-w C:\Program Files\Data11.cab
    2006-06-20 22:40 703,224 —-a-w C:\Program Files\Pirates of the Caribbean.msi
    2006-06-20 22:40 1,936 —-a-w C:\Program Files\Setup.ini
    2006-06-20 22:14 365,654,016 —-a-w C:\Program Files\Data1.cab
    2005-11-13 22:49 5,693 —-a-w C:\Program Files\[u:71cc540937]0[/u:71cc540937]x0409.ini
    2005-11-13 22:44 1,822,520 —-a-w C:\Program Files\instmsiw.exe
    2005-11-13 22:44 1,708,856 —-a-w C:\Program Files\instmsia.exe
    .

    ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 13:00]
    "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" []
    "updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 15:45]
    "BitTorrent"="C:\Program Files\BitTorrent\bittorrent.exe" [2007-09-08 00:01]
    "H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 18:34]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Lexmark X1100 Series"="C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe" [2003-08-19 15:41]
    "WireLessMouse"="C:\Program Files\TCM\TCM Mouse Only\MouseDrv.exe" []
    "RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 20:24]
    "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2006-06-21 09:15]
    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-09-11 19:29]
    "ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2006-09-14 16:18]
    "ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2006-09-14 16:18]
    "ShStatEXE"="C:\Program Files\Network Associates\VirusScan\SHSTAT.exe" [2004-09-22 19:00]
    "McAfeeUpdaterUI"="C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" [2004-08-06 02:50]
    "Network Associates Error Reporting Service"="C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe" [2003-10-07 08:48]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe" [2005-04-13 02:48]
    "Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 18:20]
    "Hitman Pro Expiration Helper"="C:\Program Files\Hitman Pro\xphelper.exe" [2007-01-30 14:41]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 13:00]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
    @=""

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
    @=""

    R1 NaiAvTdi1;NaiAvTdi1;C:\WINDOWS\system32\drivers\mvstdi5x.sys
    R1 oreans32;oreans32;\??\C:\WINDOWS\system32\drivers\oreans32.sys
    S1 ctredrv.sys;ctredrv.sys;\??\C:\WINDOWS\system32\drivers\ctredrv.sys

    .
    Inhoud van de 'Gedeelde Taken' map
    "2007-12-13 13:15:23 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
    - C:\Program Files\Windows Defender\MpCmdRun.exe
    .
    **************************************************************************

    catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2007-12-13 14:22:00
    Windows 5.1.2600 Service Pack 2 NTFS

    scannen van verborgen processen …

    scannen van verborgen autostart items …

    scannen van verborgen bestanden …

    Scan succesvol afgerond
    verborgen bestanden: 0

    **************************************************************************
    .
    Voltooingstijd: 2007-12-13 14:23:27
    C:\ComboFix2.txt … 2007-12-12 13:46
    C:\ComboFix3.txt … 2007-12-12 12:57
    .
    2007-12-12 09:36:12 — E O F —

    Volgens mij is het gelukt….
    Hij gaf de melding al niet meer waar ik het in het begin over had
    dus nu maar hopen dat het niet weer gebeurt.

    Maar bedankt want daar was ik zelf echt nooit uitgekomen.

    Auke-Jan
    Anoniem
    Anoniem
  • En toch staat hij er weer :cry:

    Download OTMoveIt (by OldTimer) naar je Bureaublad.
      Dubbelklik op [b:7b582b489a]OTMoveIt.exe[/b:7b582b489a] om de tool te starten. Kopiëer (selecteren en druk Ctrl-C) alle onderstaande, vetgedrukte tekst: [b:7b582b489a] C:\WINDOWS\system32\gebbcay.dll [/b:7b582b489a]
      Plak de gekopiëerde tekst (druk Ctrl-V) in het &quot;[b:7b582b489a]Paste List of Files/Folders to be moved&quot; venster[/b:7b582b489a] Klik op de rode
    Anoniem
    Anoniem
  • Krijg het niet voor elkaar krijg dit als antwoord:
    File/Folder C:\WINDOWS\system32\gebbcay.dll not found.

    Created on 12-14-2007 11:27:00

    Ik weet niet wat dat betekend maar zal wel niet goed zijn.
    Anoniem
    Anoniem
  • Ik ga even in overleg, je hoort nog van me :)
    Anoniem
    Anoniem
  • Is goed ben wel een paar dagen weg dus dat moet genoeg zijn om ff goed te kunnen overleggen :P . Ben woensdag weer in de buurt van de pc :)

    Auke-Jan
    Anoniem
    Anoniem
  • Even afgekeken van Smeenk, probeer het zo eens :D
    Leeg alle tekst in CFscript, zet onderstaande tekst erin en sleep deze in combofix :)

    [b:b79f5ce131]
    File::
    C:\WINDOWS\system32\gebbcay.dll__DELETE_ON_REBOOT
    [/b:b79f5ce131]

    Post de inhoud van de logfile in je volgende bericht.
    Anoniem
    Anoniem
  • Daar was ik weer :wink:

    ComboFix 07-12-21.4 - Greup 2007-12-21 22:30:39.4 - NTFSx86
    Microsoft Windows XP Professional 5.1.2600.2.1252.1.1043.18.251 [GMT 1:00]
    Gestart vanuit: C:\Documents and Settings\Greup\Bureaublad\ComboFix.exe
    Command switches used :: C:\Documents and Settings\Greup\Bureaublad\CFscript.txt
    * Nieuw herstelpunt werd aangemaakt

    FILE
    C:\WINDOWS\system32\gebbcay.dll__DELETE_ON_REBOOT
    .

    (((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\WINDOWS\system32\gebbcay.dll__DELETE_ON_REBOOT

    .
    (((((((((((((((((((( Bestanden Gemaakt van 2007-11-21 to 2007-12-21 ))))))))))))))))))))))))))))))
    .

    2007-12-12 12:13 . 2007-12-12 12:13 <DIR> d——– C:\WINDOWS\ERUNT
    2007-12-12 12:01 . 2007-12-12 12:01 <DIR> d——– C:\Program Files\Trend Micro
    2007-12-12 11:43 . 2007-09-05 23:22 289,144 –a—— C:\WINDOWS\system32\VCCLSID.exe
    2007-12-12 11:43 . 2006-04-27 16:49 288,417 –a—— C:\WINDOWS\system32\SrchSTS.exe
    2007-12-12 11:43 . 2003-06-05 20:13 53,248 –a—— C:\WINDOWS\system32\Process.exe
    2007-12-12 11:43 . 2004-07-31 17:50 51,200 –a—— C:\WINDOWS\system32\dumphive.exe
    2007-12-12 11:43 . 2007-10-03 23:36 25,600 –a—— C:\WINDOWS\system32\WS2Fix.exe
    2007-12-12 11:35 . 2007-12-12 11:37 3,624 –a—— C:\WINDOWS\system32\tmp.reg
    2007-12-10 20:34 . 2007-12-10 20:34 <DIR> d——– C:\Program Files\K-Lite Codec Pack
    2007-12-03 22:25 . 2007-12-03 22:25 <DIR> d——– C:\Documents and Settings\LocalService\Application Data\SurfRight
    2007-12-03 11:10 . 2007-12-03 11:10 <DIR> d——– C:\Program Files\SurfRight
    2007-12-03 11:10 . 2007-12-03 11:10 <DIR> d——– C:\Documents and Settings\All Users\Application Data\SurfRight
    2007-11-28 16:29 . 2007-11-28 16:30 161 –a—— C:\WINDOWS\system32\temp_0000_85-19.aok
    2007-11-28 16:25 . 2007-11-28 16:25 162 –a—— C:\WINDOWS\system32\test.aok
    2007-11-28 16:00 . 2007-11-28 16:00 33,824 –a—— C:\WINDOWS\system32\drivers\oreans32.sys
    2007-11-28 15:07 . 2002-10-05 07:04 921,600 –a—— C:\WINDOWS\system32\vorbisenc.dll
    2007-11-28 15:07 . 2004-01-11 08:02 258,048 –a—— C:\WINDOWS\system32\GplMpgDec.ax
    2007-11-28 15:07 . 2002-10-07 02:42 237,568 –a—— C:\WINDOWS\system32\OggDS.dll
    2007-11-28 15:07 . 2002-10-05 07:04 188,416 –a—— C:\WINDOWS\system32\vorbis.dll
    2007-11-28 15:07 . 2007-04-12 14:19 129,024 –a—— C:\WINDOWS\system32\AVERM.dll
    2007-11-28 15:07 . 2002-10-05 07:04 45,056 –a—— C:\WINDOWS\system32\ogg.dll
    2007-11-28 15:07 . 2006-09-26 13:57 28,672 –a—— C:\WINDOWS\system32\AVEQT.dll
    2007-11-28 15:03 . 2007-11-28 17:26 <DIR> d——– C:\Program Files\Allok 3gp psp mp4 ipod video converter
    2007-11-28 13:16 . 2007-11-28 13:16 <DIR> d——– C:\Program Files\Xilisoft
    2007-11-27 18:49 . 2007-11-28 17:20 <DIR> d——– C:\Program Files\Ultra Mobile 3GP Video Converter
    2007-11-27 18:16 . 2006-03-29 00:35 475,136 –a—— C:\WINDOWS\system32\SkinCrafter.dll
    2007-11-27 18:16 . 2007-03-09 09:35 208,896 –a—— C:\WINDOWS\system32\VideoEdit.ocx
    2007-11-27 18:16 . 2007-03-09 09:37 139,264 –a—— C:\WINDOWS\system32\viscomqtde.dll
    2007-11-27 18:16 . 2007-03-09 09:36 81,920 –a—— C:\WINDOWS\system32\viscomwave.dll
    2007-11-27 16:48 . 2005-10-21 02:47 30,592 ——— C:\WINDOWS\system32\drivers\rndismpx.sys
    2007-11-27 16:48 . 2005-10-21 02:47 12,800 ——— C:\WINDOWS\system32\drivers\usb8023x.sys
    2007-11-27 16:47 . 2007-11-27 16:47 <DIR> d——– C:\Program Files\Microsoft ActiveSync
    2007-11-27 16:46 . 2007-11-27 16:46 <DIR> d——– C:\Program Files\Windows Mobile-hulpbronnen
    2007-11-26 14:33 . 2007-11-26 13:44 804,106 –a—— C:\WINDOWS\Roulette Cheat Guide.pdf
    2007-11-22 16:37 . 2007-11-22 16:37 46,892 –a—— C:\Documents and Settings\Greup\ytmakn.exe
    2007-11-21 10:43 . 2007-11-21 10:43 46,892 –a—— C:\Documents and Settings\Greup\lmehvm.exe
    2007-11-21 10:23 . 2007-11-21 10:23 46,892 –a—— C:\Documents and Settings\Greup\haiohf.exe
    2007-11-21 10:04 . 2007-11-21 10:04 46,892 –a—— C:\Documents and Settings\Greup\dobykz.exe
    2007-11-21 09:57 . 2007-11-21 09:57 46,892 –a—— C:\Documents and Settings\Greup\jofzek.exe

    .
    ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2007-12-21 21:15 ——— d—–w C:\Program Files\Hitman Pro
    2007-12-19 14:58 ——— d—–w C:\Program Files\Lexmark X1100 Series
    2007-12-12 11:08 ——— d—a-w C:\Documents and Settings\All Users\Application Data\TEMP
    2007-12-03 10:33 ——— d—–w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    2007-11-28 13:33 ——— d—–w C:\Documents and Settings\Greup\Application Data\BitTorrent
    2007-11-19 15:27 46,892 —-a-w C:\Documents and Settings\Greup\xtbtvj.exe
    2007-11-13 10:25 20,480 —-a-w C:\WINDOWS\system32\drivers\secdrv.sys
    2007-11-07 15:50 ——— d—–w C:\Program Files\MSN Messenger
    2007-11-05 12:14 ——— d—–w C:\Documents and Settings\Greup\Application Data\PC Tools
    2007-11-05 12:13 ——— d—–w C:\Documents and Settings\LocalService\Application Data\Webroot
    2007-11-05 12:12 164 —-a-w C:\install.dat
    2007-11-05 12:12 ——— d—–w C:\Program Files\Webroot
    2007-11-05 12:12 ——— d—–w C:\Documents and Settings\Greup\Application Data\Webroot
    2007-11-05 12:12 ——— d—–w C:\Documents and Settings\All Users\Application Data\Webroot
    2007-11-05 12:08 512,096 —-a-w C:\WINDOWS\system32\drivers\amon.sys
    2007-11-05 12:08 298,104 —-a-w C:\WINDOWS\system32\imon.dll
    2007-11-05 12:08 15,424 —-a-w C:\WINDOWS\system32\drivers\nod32drv.sys
    2007-11-05 11:57 ——— d—–w C:\Program Files\SpywareBlaster
    2007-11-05 11:57 ——— d—–w C:\Documents and Settings\All Users\Application Data\Prevx
    2007-11-03 19:26 ——— d—–w C:\Program Files\LimeWire
    2007-10-29 22:45 1,291,776 —-a-w C:\WINDOWS\system32\quartz.dll
    2007-10-25 08:28 222,720 —-a-w C:\WINDOWS\system32\wmasf.dll
    2007-10-17 11:24 2,526,800 —-a-w C:\WINDOWS\Install_B4Playing.exe
    2006-10-18 09:09 30,066 —-a-w C:\WINDOWS\Fonts\walt_disney_script.zip
    2006-06-22 12:35 6,704 —-a-w C:\Program Files\Pirates readme.txt
    2006-06-20 22:40 883,162,283 —-a-w C:\Program Files\Data11.cab
    2006-06-20 22:40 703,224 —-a-w C:\Program Files\Pirates of the Caribbean.msi
    2006-06-20 22:40 1,936 —-a-w C:\Program Files\Setup.ini
    2006-06-20 22:14 365,654,016 —-a-w C:\Program Files\Data1.cab
    2005-11-13 22:49 5,693 —-a-w C:\Program Files\[u:1f29d14374]0[/u:1f29d14374]x0409.ini
    2005-11-13 22:44 1,822,520 —-a-w C:\Program Files\instmsiw.exe
    2005-11-13 22:44 1,708,856 —-a-w C:\Program Files\instmsia.exe
    .

    ((((((((((((((((((((((((((((( snapshot@2007-12-12_12.55.35.30 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2006-11-06 17:04:56 28,672 -c–a-w C:\WINDOWS\system32\dllcache\wceusbsh.sys
    + 2006-11-06 17:04:56 28,672 —-a-w C:\WINDOWS\system32\drivers\wceusbsh.sys
    - 2007-11-29 20:10:46 53,996 —-a-w C:\WINDOWS\system32\perfc009.dat
    + 2007-12-14 10:46:34 53,996 —-a-w C:\WINDOWS\system32\perfc009.dat
    - 2007-11-29 20:10:46 71,054 —-a-w C:\WINDOWS\system32\perfc013.dat
    + 2007-12-14 10:46:34 71,054 —-a-w C:\WINDOWS\system32\perfc013.dat
    - 2007-11-29 20:10:46 383,834 —-a-w C:\WINDOWS\system32\perfh009.dat
    + 2007-12-14 10:46:34 383,834 —-a-w C:\WINDOWS\system32\perfh009.dat
    - 2007-11-29 20:10:46 446,016 —-a-w C:\WINDOWS\system32\perfh013.dat
    + 2007-12-14 10:46:34 446,016 —-a-w C:\WINDOWS\system32\perfh013.dat
    - 2007-07-22 17:39:27 279,552 —-a-w C:\WINDOWS\system32\swreg.exe
    + 2007-12-13 20:26:50 156,160 —-a-w C:\WINDOWS\system32\swreg.exe
    .
    ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 13:00]
    "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" []
    "updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 15:45]
    "BitTorrent"="C:\Program Files\BitTorrent\bittorrent.exe" [2007-09-08 00:01]
    "H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 18:34]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Lexmark X1100 Series"="C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe" [2003-08-19 15:41]
    "WireLessMouse"="C:\Program Files\TCM\TCM Mouse Only\MouseDrv.exe" []
    "RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 20:24]
    "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2006-06-21 09:15]
    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-09-11 19:29]
    "ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2006-09-14 16:18]
    "ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2006-09-14 16:18]
    "ShStatEXE"="C:\Program Files\Network Associates\VirusScan\SHSTAT.exe" [2004-09-22 19:00]
    "McAfeeUpdaterUI"="C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" [2004-08-06 02:50]
    "Network Associates Error Reporting Service"="C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe" [2003-10-07 08:48]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe" [2005-04-13 02:48]
    "Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 18:20]
    "Hitman Pro Expiration Helper"="C:\Program Files\Hitman Pro\xphelper.exe" [2007-01-30 14:41]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 13:00]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
    @=""

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
    @=""

    R1 NaiAvTdi1;NaiAvTdi1;C:\WINDOWS\system32\drivers\mvstdi5x.sys [2004-09-22 19:00]
    R1 oreans32;oreans32;C:\WINDOWS\system32\drivers\oreans32.sys [2007-11-28 16:00]
    S1 ctredrv.sys;ctredrv.sys;C:\WINDOWS\system32\drivers\ctredrv.sys []

    .
    Inhoud van de 'Gedeelde Taken' map
    "2007-12-21 21:18:31 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
    - C:\Program Files\Windows Defender\MpCmdRun.exe
    .
    **************************************************************************

    catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2007-12-21 22:33:39
    Windows 5.1.2600 Service Pack 2 NTFS

    scannen van verborgen processen …

    scannen van verborgen autostart items …

    scannen van verborgen bestanden …

    Scan succesvol afgerond
    verborgen bestanden: 0

    **************************************************************************
    .
    Voltooingstijd: 2007-12-21 22:34:54
    C:\ComboFix2.txt … 2007-12-13 14:23
    C:\ComboFix3.txt … 2007-12-12 13:46
    .
    2007-12-21 18:24:37 — E O F —
    Anoniem
    Anoniem
  • Terug van vakantie en een antwoord met dank aan Smeenk :D

    Open Kladblok, kopiëer en plak het volgende (vetgedrukte tekst) in een leeg venster:
    [b:7e77035933]
    File::
    C:\Documents and Settings\Greup\ytmakn.exe
    C:\Documents and Settings\Greup\lmehvm.exe
    C:\Documents and Settings\Greup\haiohf.exe
    C:\Documents and Settings\Greup\dobykz.exe
    C:\Documents and Settings\Greup\jofzek.exe
    C:\Documents and Settings\Greup\xtbtvj.exe

    [/b:7e77035933]
    Sla dit op op je Bureaublad als [b:7e77035933]CFScript.txt[/b:7e77035933]

    Sleep [b:7e77035933]CFScript.txt[/b:7e77035933] in [b:7e77035933]ComboFix.exe[/b:7e77035933] zoals getoond in onderstaand voorbeeld :

    [img:7e77035933]http://img.photobucket.com/albums/v666/sUBs/CFScript.gif[/img:7e77035933]

    Dit zal [b:7e77035933]ComboFix[/b:7e77035933] doen herstarten.
    Start opnieuw op als daarom gevraagd wordt,
    en post de inhoud van de [b:7e77035933]Combofix.txt[/b:7e77035933] in je volgende antwoord samen met een nieuw HijackThislogje.
    Anoniem
    Anoniem
  • ComboFix 07-12-21.4 - Greup 2007-12-31 14:59:52.5 - NTFSx86
    Microsoft Windows XP Professional 5.1.2600.2.1252.1.1043.18.253 [GMT 1:00]
    Gestart vanuit: C:\Documents and Settings\Greup\Bureaublad\ComboFix.exe
    Command switches used :: C:\Documents and Settings\Greup\Bureaublad\CFScript.txt
    * Nieuw herstelpunt werd aangemaakt

    FILE
    C:\Documents and Settings\Greup\dobykz.exe
    C:\Documents and Settings\Greup\haiohf.exe
    C:\Documents and Settings\Greup\jofzek.exe
    C:\Documents and Settings\Greup\lmehvm.exe
    C:\Documents and Settings\Greup\xtbtvj.exe
    C:\Documents and Settings\Greup\ytmakn.exe
    .

    (((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\Documents and Settings\Greup\dobykz.exe
    C:\Documents and Settings\Greup\haiohf.exe
    C:\Documents and Settings\Greup\jofzek.exe
    C:\Documents and Settings\Greup\lmehvm.exe
    C:\Documents and Settings\Greup\xtbtvj.exe
    C:\Documents and Settings\Greup\ytmakn.exe

    .
    (((((((((((((((((((( Bestanden Gemaakt van 2007-11-28 to 2007-12-31 ))))))))))))))))))))))))))))))
    .

    2007-12-25 18:09 . 2007-12-25 18:09 244 –ah—– C:\sqmnoopt13.sqm
    2007-12-25 18:09 . 2007-12-25 18:09 232 –ah—– C:\sqmdata13.sqm
    2007-12-12 12:13 . 2007-12-12 12:13 <DIR> d——– C:\WINDOWS\ERUNT
    2007-12-12 12:01 . 2007-12-12 12:01 <DIR> d——– C:\Program Files\Trend Micro
    2007-12-12 11:43 . 2007-09-05 23:22 289,144 –a—— C:\WINDOWS\system32\VCCLSID.exe
    2007-12-12 11:43 . 2006-04-27 16:49 288,417 –a—— C:\WINDOWS\system32\SrchSTS.exe
    2007-12-12 11:43 . 2003-06-05 20:13 53,248 –a—— C:\WINDOWS\system32\Process.exe
    2007-12-12 11:43 . 2004-07-31 17:50 51,200 –a—— C:\WINDOWS\system32\dumphive.exe
    2007-12-12 11:43 . 2007-10-03 23:36 25,600 –a—— C:\WINDOWS\system32\WS2Fix.exe
    2007-12-12 11:35 . 2007-12-12 11:37 3,624 –a—— C:\WINDOWS\system32\tmp.reg
    2007-12-11 23:34 . 2007-12-11 23:34 1,044,480 –a—— C:\WINDOWS\system32\libdivx.dll
    2007-12-11 23:34 . 2007-12-11 23:34 200,704 –a—— C:\WINDOWS\system32\ssldivx.dll
    2007-12-10 20:34 . 2007-12-10 20:34 <DIR> d——– C:\Program Files\K-Lite Codec Pack
    2007-12-03 22:25 . 2007-12-03 22:25 <DIR> d——– C:\Documents and Settings\LocalService\Application Data\SurfRight
    2007-12-03 11:10 . 2007-12-03 11:10 <DIR> d——– C:\Program Files\SurfRight
    2007-12-03 11:10 . 2007-12-03 11:10 <DIR> d——– C:\Documents and Settings\All Users\Application Data\SurfRight
    2007-11-28 16:29 . 2007-11-28 16:30 161 –a—— C:\WINDOWS\system32\temp_0000_85-19.aok
    2007-11-28 16:25 . 2007-11-28 16:25 162 –a—— C:\WINDOWS\system32\test.aok
    2007-11-28 16:00 . 2007-11-28 16:00 33,824 –a—— C:\WINDOWS\system32\drivers\oreans32.sys
    2007-11-28 15:07 . 2002-10-05 07:04 921,600 –a—— C:\WINDOWS\system32\vorbisenc.dll
    2007-11-28 15:07 . 2004-01-11 08:02 258,048 –a—— C:\WINDOWS\system32\GplMpgDec.ax
    2007-11-28 15:07 . 2002-10-07 02:42 237,568 –a—— C:\WINDOWS\system32\OggDS.dll
    2007-11-28 15:07 . 2002-10-05 07:04 188,416 –a—— C:\WINDOWS\system32\vorbis.dll
    2007-11-28 15:07 . 2007-04-12 14:19 129,024 –a—— C:\WINDOWS\system32\AVERM.dll
    2007-11-28 15:07 . 2002-10-05 07:04 45,056 –a—— C:\WINDOWS\system32\ogg.dll
    2007-11-28 15:07 . 2006-09-26 13:57 28,672 –a—— C:\WINDOWS\system32\AVEQT.dll
    2007-11-28 15:03 . 2007-11-28 17:26 <DIR> d——– C:\Program Files\Allok 3gp psp mp4 ipod video converter
    2007-11-28 13:16 . 2007-11-28 13:16 <DIR> d——– C:\Program Files\Xilisoft
    2007-11-27 18:49 . 2007-11-28 17:20 <DIR> d——– C:\Program Files\Ultra Mobile 3GP Video Converter
    2007-11-27 18:16 . 2006-03-29 00:35 475,136 –a—— C:\WINDOWS\system32\SkinCrafter.dll
    2007-11-27 18:16 . 2007-03-09 09:35 208,896 –a—— C:\WINDOWS\system32\VideoEdit.ocx
    2007-11-27 18:16 . 2007-03-09 09:37 139,264 –a—— C:\WINDOWS\system32\viscomqtde.dll
    2007-11-27 18:16 . 2007-03-09 09:36 81,920 –a—— C:\WINDOWS\system32\viscomwave.dll
    2007-11-27 16:48 . 2005-10-21 02:47 30,592 ——— C:\WINDOWS\system32\drivers\rndismpx.sys
    2007-11-27 16:48 . 2005-10-21 02:47 12,800 ——— C:\WINDOWS\system32\drivers\usb8023x.sys
    2007-11-27 16:47 . 2007-11-27 16:47 <DIR> d——– C:\Program Files\Microsoft ActiveSync
    2007-11-27 16:46 . 2007-11-27 16:46 <DIR> d——– C:\Program Files\Windows Mobile-hulpbronnen
    2007-11-26 14:33 . 2007-11-26 13:44 804,106 –a—— C:\WINDOWS\Roulette Cheat Guide.pdf
    2007-11-19 15:41 . 2007-11-19 15:41 244 –ah—– C:\sqmnoopt12.sqm
    2007-11-19 15:41 . 2007-11-19 15:41 232 –ah—– C:\sqmdata12.sqm
    2007-11-19 15:13 . 2007-11-19 15:13 244 –ah—– C:\sqmnoopt11.sqm
    2007-11-19 15:13 . 2007-11-19 15:13 232 –ah—– C:\sqmdata11.sqm
    2007-11-19 14:42 . 2007-11-19 14:42 244 –ah—– C:\sqmnoopt10.sqm
    2007-11-19 14:42 . 2007-11-19 14:42 232 –ah—– C:\sqmdata10.sqm
    2007-11-19 14:41 . 2007-11-19 14:41 244 –ah—– C:\sqmnoopt09.sqm
    2007-11-19 14:41 . 2007-11-19 14:41 232 –ah—– C:\sqmdata09.sqm
    2007-11-19 14:29 . 2007-11-19 14:29 244 –ah—– C:\sqmnoopt08.sqm
    2007-11-19 14:29 . 2007-11-19 14:29 232 –ah—– C:\sqmdata08.sqm
    2007-11-19 14:22 . 2007-11-19 14:22 244 –ah—– C:\sqmnoopt07.sqm
    2007-11-19 14:22 . 2007-11-19 14:22 232 –ah—– C:\sqmdata07.sqm
    2007-11-19 13:40 . 2007-11-19 13:40 244 –ah—– C:\sqmnoopt06.sqm
    2007-11-19 13:40 . 2007-11-19 13:40 232 –ah—– C:\sqmdata06.sqm
    2007-11-19 13:08 . 2007-11-19 13:08 244 –ah—– C:\sqmnoopt05.sqm
    2007-11-19 13:08 . 2007-11-19 13:08 232 –ah—– C:\sqmdata05.sqm
    2007-11-19 12:25 . 2007-10-17 12:24 2,526,800 –a—— C:\WINDOWS\Install_B4Playing.exe
    2007-11-19 12:25 . 2007-10-17 12:22 842,148 –a—— C:\WINDOWS\B4Playing Bonus Guide.pdf
    2007-11-19 12:25 . 2007-11-18 14:32 112 –a—— C:\WINDOWS\B4Playing, the Smart Casino & Poker Players' Tool.url
    2007-11-13 13:40 . 2007-11-13 13:40 <DIR> d——– C:\Poker
    2007-11-05 16:30 . 2007-11-05 16:30 1,156 –a—— C:\WINDOWS\mozver.dat
    2007-11-05 16:29 . 2007-11-05 16:29 0 –a—— C:\WINDOWS\nsreg.dat
    2007-11-05 13:14 . 2007-11-05 13:14 <DIR> d——– C:\Documents and Settings\Greup\Application Data\PC Tools
    2007-11-05 13:14 . 2007-12-12 12:08 <DIR> d-a—— C:\Documents and Settings\All Users\Application Data\TEMP
    2007-11-05 13:14 . 2007-10-04 17:10 79,688 –a—— C:\WINDOWS\system32\drivers\iksyssec.sys
    2007-11-05 13:14 . 2007-10-04 17:10 62,280 –a—— C:\WINDOWS\system32\drivers\iksysflt.sys
    2007-11-05 13:14 . 2007-10-04 17:10 41,288 –a—— C:\WINDOWS\system32\drivers\ikfilesec.sys
    2007-11-05 13:14 . 2007-10-04 17:11 29,000 –a—— C:\WINDOWS\system32\drivers\kcom.sys
    2007-11-05 13:13 . 2007-11-05 13:13 <DIR> d——– C:\Documents and Settings\LocalService\Application Data\Webroot
    2007-11-05 13:13 . 2005-09-23 07:29 626,688 –a—— C:\WINDOWS\system32\msvcr80.dll
    2007-11-05 13:13 . 2007-03-01 19:54 144,960 –a—— C:\WINDOWS\system32\drivers\ssidrv.sys
    2007-11-05 13:13 . 2007-03-01 19:54 22,080 –a—— C:\WINDOWS\system32\drivers\sshrmd.sys
    2007-11-05 13:13 . 2007-03-01 19:54 21,056 –a—— C:\WINDOWS\system32\drivers\sskbfd.sys
    2007-11-05 13:13 . 2007-03-01 19:54 20,544 –a—— C:\WINDOWS\system32\drivers\SSFS0509.sys
    2007-11-05 13:12 . 2007-11-05 13:12 <DIR> d——– C:\Program Files\Webroot
    2007-11-05 13:12 . 2007-11-05 13:12 <DIR> d——– C:\Documents and Settings\Greup\Application Data\Webroot
    2007-11-05 13:12 . 2007-11-05 13:12 <DIR> d——– C:\Documents and Settings\All Users\Application Data\Webroot
    2007-11-05 13:12 . 2007-11-05 13:12 164 –a—— C:\install.dat
    2007-11-05 13:10 . 2007-12-03 11:33 <DIR> d——– C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    2007-11-05 13:09 . 2007-11-05 13:08 512,096 –a—— C:\WINDOWS\system32\drivers\amon.sys
    2007-11-05 13:09 . 2007-11-05 13:08 298,104 –a—— C:\WINDOWS\system32\imon.dll
    2007-11-05 13:09 . 2007-11-05 13:08 15,424 –a—— C:\WINDOWS\system32\drivers\nod32drv.sys
    2007-11-05 12:57 . 2007-11-05 12:57 <DIR> d——– C:\Program Files\SpywareBlaster
    2007-11-05 12:57 . 2007-11-05 12:57 <DIR> d——– C:\Documents and Settings\All Users\Application Data\Prevx
    2007-11-05 12:34 . 2007-11-05 12:34 <DIR> d——– C:\WINDOWS\system32\GroupPolicy
    2007-11-05 12:33 . 2007-12-31 14:30 <DIR> d——– C:\Program Files\Hitman Pro

    .
    ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2007-12-23 14:06 ——— d—–w C:\Program Files\DivX
    2007-12-19 14:58 ——— d—–w C:\Program Files\Lexmark X1100 Series
    2007-11-28 13:33 ——— d—–w C:\Documents and Settings\Greup\Application Data\BitTorrent
    2007-11-13 10:25 20,480 —-a-w C:\WINDOWS\system32\drivers\secdrv.sys
    2007-11-07 15:50 ——— d—–w C:\Program Files\MSN Messenger
    2007-11-03 19:26 ——— d—–w C:\Program Files\LimeWire
    2007-10-29 22:45 1,291,776 —-a-w C:\WINDOWS\system32\quartz.dll
    2007-10-25 08:28 222,720 —-a-w C:\WINDOWS\system32\wmasf.dll
    2006-10-18 09:09 30,066 —-a-w C:\WINDOWS\Fonts\walt_disney_script.zip
    2006-06-22 12:35 6,704 —-a-w C:\Program Files\Pirates readme.txt
    2006-06-20 22:40 883,162,283 —-a-w C:\Program Files\Data11.cab
    2006-06-20 22:40 703,224 —-a-w C:\Program Files\Pirates of the Caribbean.msi
    2006-06-20 22:40 1,936 —-a-w C:\Program Files\Setup.ini
    2006-06-20 22:14 365,654,016 —-a-w C:\Program Files\Data1.cab
    2005-11-13 22:49 5,693 —-a-w C:\Program Files\[u:762fb3df09]0[/u:762fb3df09]x0409.ini
    2005-11-13 22:44 1,822,520 —-a-w C:\Program Files\instmsiw.exe
    2005-11-13 22:44 1,708,856 —-a-w C:\Program Files\instmsia.exe
    .

    ((((((((((((((((((((((((((((( snapshot@2007-12-12_12.55.35.30 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2006-11-06 17:04:56 28,672 -c–a-w C:\WINDOWS\system32\dllcache\wceusbsh.sys
    + 2006-11-06 17:04:56 28,672 —-a-w C:\WINDOWS\system32\drivers\wceusbsh.sys
    - 2007-11-29 20:10:46 53,996 —-a-w C:\WINDOWS\system32\perfc009.dat
    + 2007-12-14 10:46:34 53,996 —-a-w C:\WINDOWS\system32\perfc009.dat
    - 2007-11-29 20:10:46 71,054 —-a-w C:\WINDOWS\system32\perfc013.dat
    + 2007-12-14 10:46:34 71,054 —-a-w C:\WINDOWS\system32\perfc013.dat
    - 2007-11-29 20:10:46 383,834 —-a-w C:\WINDOWS\system32\perfh009.dat
    + 2007-12-14 10:46:34 383,834 —-a-w C:\WINDOWS\system32\perfh009.dat
    - 2007-11-29 20:10:46 446,016 —-a-w C:\WINDOWS\system32\perfh013.dat
    + 2007-12-14 10:46:34 446,016 —-a-w C:\WINDOWS\system32\perfh013.dat
    - 2007-07-22 17:39:27 279,552 —-a-w C:\WINDOWS\system32\swreg.exe
    + 2007-12-13 20:26:50 156,160 —-a-w C:\WINDOWS\system32\swreg.exe
    .
    ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 13:00]
    "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" []
    "updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 15:45]
    "BitTorrent"="C:\Program Files\BitTorrent\bittorrent.exe" [2007-09-08 00:01]
    "H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 18:34]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Lexmark X1100 Series"="C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe" [2003-08-19 15:41]
    "WireLessMouse"="C:\Program Files\TCM\TCM Mouse Only\MouseDrv.exe" []
    "RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 20:24]
    "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2006-06-21 09:15]
    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-09-11 19:29]
    "ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2006-09-14 16:18]
    "ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2006-09-14 16:18]
    "ShStatEXE"="C:\Program Files\Network Associates\VirusScan\SHSTAT.exe" [2004-09-22 19:00]
    "McAfeeUpdaterUI"="C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" [2004-08-06 02:50]
    "Network Associates Error Reporting Service"="C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe" [2003-10-07 08:48]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe" [2005-04-13 02:48]
    "Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 18:20]
    "Hitman Pro Expiration Helper"="C:\Program Files\Hitman Pro\xphelper.exe" [2007-01-30 14:41]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 13:00]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
    @=""

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
    @=""

    R1 NaiAvTdi1;NaiAvTdi1;C:\WINDOWS\system32\drivers\mvstdi5x.sys [2004-09-22 19:00]
    R1 oreans32;oreans32;C:\WINDOWS\system32\drivers\oreans32.sys [2007-11-28 16:00]
    S1 ctredrv.sys;ctredrv.sys;C:\WINDOWS\system32\drivers\ctredrv.sys []

    *Newly Created Service* - ENTDRV51
    .
    Inhoud van de 'Gedeelde Taken' map
    "2007-12-31 13:33:53 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
    - C:\Program Files\Windows Defender\MpCmdRun.exe
    .
    **************************************************************************

    catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2007-12-31 15:03:16
    Windows 5.1.2600 Service Pack 2 NTFS

    scannen van verborgen processen …

    scannen van verborgen autostart items …

    scannen van verborgen bestanden …

    Scan succesvol afgerond
    verborgen bestanden: 0

    **************************************************************************
    .
    Voltooingstijd: 2007-12-31 15:04:32
    C:\ComboFix2.txt … 2007-12-21 22:34
    C:\ComboFix3.txt … 2007-12-13 14:23
    .
    2007-12-28 01:09:33 — E O F —

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 15:05:00, on 31-12-2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Windows Defender\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
    C:\Program Files\Network Associates\VirusScan\Mcshield.exe
    C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
    C:\Program Files\Eset\nod32krn.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
    C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
    C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
    C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
    C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
    C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
    C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\BitTorrent\bittorrent.exe
    C:\Program Files\Microsoft ActiveSync\wcescomm.exe
    C:\PROGRA~1\MICROS~3\rapimgr.exe
    C:\WINDOWS\explorer.exe
    C:\WINDOWS\system32\notepad.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.home.nl/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
    O4 - HKLM\..\Run: [WireLessMouse] C:\Program Files\TCM\TCM Mouse Only\MouseDrv.exe
    O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
    O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
    O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
    O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
    O4 - HKLM\..\Run: [Hitman Pro Expiration Helper] "C:\Program Files\Hitman Pro\xphelper.exe"
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1
    O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" –force_start_minimized
    O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: Adobe Reader Snelle start.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: StumbleUpon: &Blog This - res://StumbleUponIEBar.dll/blogimage
    O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
    O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
    O9 - Extra 'Tools' menuitem: Mobiele favorieten maken… - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
    O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
    O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
    O16 - DPF: {326A7290-FAE3-48C5-9FBA-F071633E1EB5} (VPlayer Control) - http://www.sonypictures.com/movies/casinoroyale/vividas/fulltrailer/player/vivid_ocx.jpeg
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.mail.live.com/mail/w1/resources/MSNPUpld.cab
    O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://cache.hyves-static.net/statics/Aurigma/ImageUploader4.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
    O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.5 Control) - http://cache.hyves.nl/statics/Aurigma/ImageUploader.cab
    O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/win/ActiveXPlugin.cab
    O16 - DPF: {A91DEB0D-AD0D-453E-9AC8-60178EC24212} (VPlayer Control) - http://www.sonypictures.com/movies/davincicode/vividas/player/vivid_ocx.jpeg
    O16 - DPF: {DCDC28C5-831C-43EA-9C02-78872CCCA409} (VPlayer Control) - http://video.vividas.com/CDN1/4896_sony/web/player/vivid_ocx.jpeg
    O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} (AxisMediaControlEmb Class) - http://88.211.191.32:9999/activex/AMC.cab
    O16 - DPF: {FD163A9A-A3D8-4F7D-8224-32F81AC29EDA} (VPlayer Control) - http://video.vividas.com/CDN1/5029_paramount/en/web/player/vivid_ocx.jpeg
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
    O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
    O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
    O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
    O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
    O23 - Service: PC Tools Auxiliary Service (sdAuxService) - Unknown owner - C:\Program Files\Spyware Doctor\svcntaux.exe (file missing)
    O23 - Service: PC Tools Security Service (sdCoreService) - Unknown owner - C:\Program Files\Spyware Doctor\swdsvc.exe (file missing)
    O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe


    End of file - 8814 bytes
    Anoniem
    Anoniem
  • Hoe is het inmiddels met de problemen?
    Anoniem
    Anoniem
  • Geen last meer van gehad dus lijkt allemaal goed te gaan.
    Anoniem
    Anoniem
  • Ik heb er enkel nog overheen gekeken dat je meerdere virusscanners in je logfile hebt staan, NOD32 en McAfee. Meerdere virusscanners gaan elkaar tegenwerken en leiden tot onnodige traagheid. Verwijder daarom één van de twee scanners via start –> configuratiescherm –> software.

    Herstart je PC en post een logje ter controle.
    Anoniem
    Anoniem
  • als ik NOD32 probeer te verwijderen krijg ik de boodschap er is een fout opgetreden tijdens het verwijderen van NOD32 antivirus systeem. mogelijk si de instalatie van dit onderdeel al ongedaan gemaakt. wilt u NOD32 antivirus systeem uit de lijst geinstalleerde programma's verwijderen?
    Anoniem
    Anoniem
  • NOD32 is meegekomen met Hitman Pro, voer dit even uit:
    http://www.hijackthis.nl/forum/viewtopic.php?t=12603

    Plaats daarna een nieuw Hijackthis log ter controle.
    Pim :)
    Anoniem
    Anoniem

Beantwoord deze vraag

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.

Gerelateerde vragen

We hebben je een e-mail gestuurd!

Oops… er ging wat mis.

Hoera, je account is nu geactiveerd!

Dit token is niet meer valide.

Wachtwoord vergeten?

Je aanvraag is verstuurd

Wachtwoord herstellen

Wachtwoord herstellen

Dit token is niet meer valide.

Je vraag is geplaatst!

Je antwoord is geplaatst!

Bevestigingsmail verstuurd!