Vraag & Antwoord
win32\fotomoto
34 antwoorden
- Sins een aantal dagen geeft mijn pc de hele tijd aan dat hij win32\fotomoto vind op mijn pc en ik kom er maar niet vanaf. dus dacht ik dat weten jullie vast wel.
Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 11:50:39, on 12-12-2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\system32\svehost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\BitTorrent\bittorrent.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\PROGRA~1\MICROS~3\rapimgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\jhjsixsk.exe
C:\Documents and Settings\Greup\Bureaublad\HiJackThis_v2.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.nl/0SENLNL/SAOS01
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=56626&homepage=http://www.home.nl/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: StumbleUpon Launcher - {145B29F4-A56B-4b90-BBAC-45784EBEBBB7} - C:\Program Files\StumbleUpon\StumbleUponIEBar.dll (file missing)
O2 - BHO: (no name) - {4A54500A-65FE-4F4A-B860-20EAE2F577F9} - C:\WINDOWS\system32\gebbcay.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: {612a641c-ef49-220b-f3f4-bf176d605157} - {751506d6-71fb-4f3f-b022-94fec146a216} - C:\WINDOWS\system32\xjqyghhu.dll
O2 - BHO: (no name) - {79B3844B-6DAC-4B78-B0B8-C99D8BBDCD50} - C:\WINDOWS\system32\iifgfec.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: (no name) - {AA94BC74-AECD-45F3-A861-AC0FDEB3E3F6} - C:\WINDOWS\system32\efccy.dll
O3 - Toolbar: StumbleUpon Toolbar - {5093EB4C-3E93-40AB-9266-B607BA87BDC8} - C:\Program Files\StumbleUpon\StumbleUponIEBar.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
O4 - HKLM\..\Run: [WireLessMouse] C:\Program Files\TCM\TCM Mouse Only\MouseDrv.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [Hitman Pro Expiration Helper] "C:\Program Files\Hitman Pro\xphelper.exe"
O4 - HKLM\..\Run: [Microsoft Updates] svehost.exe
O4 - HKLM\..\Run: [b836cf32] rundll32.exe "C:\WINDOWS\system32\fxtbrmqb.dll",b
O4 - HKLM\..\RunServices: [Microsoft Updates] svehost.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" –force_start_minimized
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Snelle start.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: StumbleUpon: &Blog This - res://StumbleUponIEBar.dll/blogimage
O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file)
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra 'Tools' menuitem: Mobiele favorieten maken… - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O15 - Trusted Zone: *.stumbleupon.com
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {326A7290-FAE3-48C5-9FBA-F071633E1EB5} (VPlayer Control) - http://www.sonypictures.com/movies/casinoroyale/vividas/fulltrailer/player/vivid_ocx.jpeg
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.mail.live.com/mail/w1/resources/MSNPUpld.cab
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://cache.hyves-static.net/statics/Aurigma/ImageUploader4.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.5 Control) - http://cache.hyves.nl/statics/Aurigma/ImageUploader.cab
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/win/ActiveXPlugin.cab
O16 - DPF: {A91DEB0D-AD0D-453E-9AC8-60178EC24212} (VPlayer Control) - http://www.sonypictures.com/movies/davincicode/vividas/player/vivid_ocx.jpeg
O16 - DPF: {DCDC28C5-831C-43EA-9C02-78872CCCA409} (VPlayer Control) - http://video.vividas.com/CDN1/4896_sony/web/player/vivid_ocx.jpeg
O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} (AxisMediaControlEmb Class) - http://88.211.191.32:9999/activex/AMC.cab
O16 - DPF: {FD163A9A-A3D8-4F7D-8224-32F81AC29EDA} (VPlayer Control) - http://video.vividas.com/CDN1/5029_paramount/en/web/player/vivid_ocx.jpeg
O20 - Winlogon Notify: gebbcay - gebbcay.dll (file missing)
O20 - Winlogon Notify: iifgfec - C:\WINDOWS\SYSTEM32\iifgfec.dll
O21 - SSODL: Java - {D6E48699-47E5-420D-9378-117205F2FAF4} - java32.dll (file missing)
O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: DomainService - - C:\WINDOWS\system32\jhjsixsk.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - Unknown owner - C:\Program Files\Spyware Doctor\svcntaux.exe (file missing)
O23 - Service: PC Tools Security Service (sdCoreService) - Unknown owner - C:\Program Files\Spyware Doctor\swdsvc.exe (file missing)
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
–
End of file - 10656 bytes - Je gebruikt een verouderde versie van Hijackthis, download de nieuwste versie en werk daarmee:
http://www.trendsecure.com/portal/en-US/threat_analytics/HJTInstall.exe
Download SDFix naar je bureaublad.
[list:7c88233f97]
Dubbelklikken op SDFix.exe om het uit te pakken.
Print onderstaande instrukties uit of kopieer ze naar een .txt bestand.
Start op in Veilige modus
Open de uitgepakte SDFix folder (meestal hier te vinden: C:\SDFix) en dubbelklik [b:7c88233f97]RunThis.bat[/b:7c88233f97] om het script te starten.
Typ [b:7c88233f97]Y[/b:7c88233f97] om de fix te beginnen en volg de instructie's. Druk op een toets als het nodig is.
De computer zal herstarten. Dit duurt langer dan gewoonlijk.
SDFix zal verder gaan met het verwijderen. Wacht tot er wordt gevraagt om op een toets te drukken.
Het Bureaublad zal verschijnen en er zal een logje openen.
Post de inhoud van dat logje samen met een nieuw Hijackthislogje.
[/list:u:7c88233f97]
Download Combofix naar je Bureaublad.
Indien je Combofix al eerder hebt gebruikt, gelieve die versie te verwijderen en Combofix opnieuw te downloaden via bovenstaande link, want Combofix wordt dagelijks geupdate.
OPMERKING: indien je, tijdens of na het downloaden van Combofix of tijdens het gebruik van Combofix een melding krijgt van je Antivirus- of een andere realtime scanner, schakel dan deze scanner uit en [b:7c88233f97]download Combofix opnieuw[/b:7c88233f97]. Sommige scanners zien bepaalde componenten die Combofix gebruikt als verdacht en gaan deze blokkeren of verwijderen!
[list:7c88233f97]
Dubbelklik [b:7c88233f97]Combofix.exe[/b:7c88233f97]
Volg de instructies, aanvaard de disclaimer door "[b:7c88233f97]1[/b:7c88233f97]" te typen en te bevestigen via "[b:7c88233f97]Enter[/b:7c88233f97]".
Tijdens het runnen van de fix, [b:7c88233f97]NIET[/b:7c88233f97] in het venster klikken, want dit zal je pc doen vasthangen.[/list:u:7c88233f97]
Wanneer de fix voltooid is en na herstart, zal de log combofix.txt openen.
[i:7c88233f97]Plaats deze log in je volgende post samen met een nieuw HijackThis log.[/i:7c88233f97]
Succes!
Pim - Hier heb je de nieuwe hijackthis gevolgd door de combofix log.
Auke-Jan
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:04:16, on 12-12-2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\BitTorrent\bittorrent.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\PROGRA~1\MICROS~3\rapimgr.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=56626&homepage=http://www.home.nl/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: StumbleUpon Launcher - {145B29F4-A56B-4b90-BBAC-45784EBEBBB7} - C:\Program Files\StumbleUpon\StumbleUponIEBar.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: StumbleUpon Toolbar - {5093EB4C-3E93-40AB-9266-B607BA87BDC8} - C:\Program Files\StumbleUpon\StumbleUponIEBar.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
O4 - HKLM\..\Run: [WireLessMouse] C:\Program Files\TCM\TCM Mouse Only\MouseDrv.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [Hitman Pro Expiration Helper] "C:\Program Files\Hitman Pro\xphelper.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" –force_start_minimized
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Snelle start.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: StumbleUpon: &Blog This - res://StumbleUponIEBar.dll/blogimage
O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file)
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra 'Tools' menuitem: Mobiele favorieten maken… - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O15 - Trusted Zone: *.stumbleupon.com
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {326A7290-FAE3-48C5-9FBA-F071633E1EB5} (VPlayer Control) - http://www.sonypictures.com/movies/casinoroyale/vividas/fulltrailer/player/vivid_ocx.jpeg
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.mail.live.com/mail/w1/resources/MSNPUpld.cab
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://cache.hyves-static.net/statics/Aurigma/ImageUploader4.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.5 Control) - http://cache.hyves.nl/statics/Aurigma/ImageUploader.cab
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/win/ActiveXPlugin.cab
O16 - DPF: {A91DEB0D-AD0D-453E-9AC8-60178EC24212} (VPlayer Control) - http://www.sonypictures.com/movies/davincicode/vividas/player/vivid_ocx.jpeg
O16 - DPF: {DCDC28C5-831C-43EA-9C02-78872CCCA409} (VPlayer Control) - http://video.vividas.com/CDN1/4896_sony/web/player/vivid_ocx.jpeg
O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} (AxisMediaControlEmb Class) - http://88.211.191.32:9999/activex/AMC.cab
O16 - DPF: {FD163A9A-A3D8-4F7D-8224-32F81AC29EDA} (VPlayer Control) - http://video.vividas.com/CDN1/5029_paramount/en/web/player/vivid_ocx.jpeg
O20 - Winlogon Notify: gebbcay - gebbcay.dll (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - Unknown owner - C:\Program Files\Spyware Doctor\svcntaux.exe (file missing)
O23 - Service: PC Tools Security Service (sdCoreService) - Unknown owner - C:\Program Files\Spyware Doctor\swdsvc.exe (file missing)
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
–
End of file - 9334 bytes
ComboFix 07-12-12.3 - Greup 2007-12-12 12:40:36.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1043.18.251 [GMT 1:00]
Gestart vanuit: C:\Documents and Settings\Greup\Bureaublad\ComboFix.exe
* Nieuw herstelpunt werd aangemaakt
.
(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Program Files\autorun.inf
C:\WINDOWS\system32\awtrpon.dll
C:\WINDOWS\system32\ayftiksg.dll
C:\WINDOWS\system32\bqmrbtxf.ini
C:\WINDOWS\system32\cbxyawv.dll
C:\WINDOWS\system32\cliapidk.exe
C:\WINDOWS\system32\drivers\npf.sys
C:\WINDOWS\system32\efccy.dll
C:\WINDOWS\system32\exiqabii.exe
C:\WINDOWS\system32\fxtbrmqb.dll
C:\WINDOWS\system32\gpkqfgiw.exe
C:\WINDOWS\system32\iifgfec.dll
C:\WINDOWS\system32\imhhicwa.dll
C:\WINDOWS\system32\imxsxjri.dll
C:\WINDOWS\system32\jhjsixsk.exe
C:\WINDOWS\system32\jpjwqffq.dll
C:\WINDOWS\system32\ljjhheb.dll
C:\WINDOWS\system32\opnoopo.dll
C:\WINDOWS\system32\packet.dll
C:\WINDOWS\system32\pmnmkhi.dll
C:\WINDOWS\system32\rhiicxsb.dll
C:\WINDOWS\system32\tmkexmsn.dll
C:\WINDOWS\system32\tuvvtrs.dll
C:\WINDOWS\system32\upncyxbr.exe
C:\WINDOWS\system32\utycvsrl.dll
C:\WINDOWS\system32\wddfalos.exe
C:\WINDOWS\system32\wpcap.dll
C:\WINDOWS\system32\xjqyghhu.dll
C:\WINDOWS\system32\xxyyyab.dll
C:\WINDOWS\system32\yayxuut.dll
C:\WINDOWS\system32\yayywwt.dll
C:\WINDOWS\system32\yccfe.bak1
C:\WINDOWS\system32\yccfe.bak2
C:\WINDOWS\system32\yccfe.ini
C:\WINDOWS\system32\ydaybhrm.dll
C:\WINDOWS\system32\yxnctsrj.dll
C:\WINDOWS\system32\yyqyerem.dll
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
——-\LEGACY_DOMAINSERVICE
——-\DomainService
——-\NPF
(((((((((((((((((((( Bestanden Gemaakt van 2007-11-12 to 2007-12-12 ))))))))))))))))))))))))))))))
.
2007-12-12 12:13 . 2007-12-12 12:13 <DIR> d——– C:\WINDOWS\ERUNT
2007-12-12 12:01 . 2007-12-12 12:01 <DIR> d——– C:\Program Files\Trend Micro
2007-12-12 11:43 . 2007-09-05 23:22 289,144 –a—— C:\WINDOWS\system32\VCCLSID.exe
2007-12-12 11:43 . 2006-04-27 16:49 288,417 –a—— C:\WINDOWS\system32\SrchSTS.exe
2007-12-12 11:43 . 2003-06-05 20:13 53,248 –a—— C:\WINDOWS\system32\Process.exe
2007-12-12 11:43 . 2004-07-31 17:50 51,200 –a—— C:\WINDOWS\system32\dumphive.exe
2007-12-12 11:43 . 2007-10-03 23:36 25,600 –a—— C:\WINDOWS\system32\WS2Fix.exe
2007-12-12 11:35 . 2007-12-12 11:37 3,624 –a—— C:\WINDOWS\system32\tmp.reg
2007-12-10 20:34 . 2007-12-10 20:34 <DIR> d——– C:\Program Files\K-Lite Codec Pack
2007-12-10 19:21 . 2007-12-12 09:33 916,805 —hs—- C:\WINDOWS\system32\psbooijk.ini
2007-12-09 19:21 . 2007-12-10 11:59 835,060 —hs—- C:\WINDOWS\system32\aevyfnac.ini
2007-12-08 07:31 . 2007-12-09 19:16 834,940 —hs—- C:\WINDOWS\system32\cmmfjumj.ini
2007-12-06 21:20 . 2007-12-08 07:29 860,932 —hs—- C:\WINDOWS\system32\lrbcoact.ini
2007-12-06 11:00 . 2007-12-06 21:11 807,828 —hs—- C:\WINDOWS\system32\nnmwosbq.ini
2007-12-04 21:21 . 2007-12-06 10:50 807,588 —hs—- C:\WINDOWS\system32\vuweurwa.ini
2007-12-04 21:11 . 2007-12-04 21:12 4,156 –a—— C:\WINDOWS\system32\twinfphq.dll
2007-12-03 22:25 . 2007-12-03 22:25 <DIR> d——– C:\Documents and Settings\LocalService\Application Data\SurfRight
2007-12-03 15:17 . 2007-12-03 15:17 792,276 —hs—- C:\WINDOWS\system32\dxfcbflq.ini
2007-12-03 14:49 . 2007-12-03 14:49 792,276 —hs—- C:\WINDOWS\system32\godrdvcr.ini
2007-12-03 14:43 . 2007-12-03 14:43 4,160 –a—— C:\WINDOWS\system32\jvleubre.dll
2007-12-03 11:10 . 2007-12-03 11:10 <DIR> d——– C:\Program Files\SurfRight
2007-12-03 11:10 . 2007-12-03 11:10 <DIR> d——– C:\Documents and Settings\All Users\Application Data\SurfRight
2007-12-02 14:49 . 2007-12-02 14:49 793,664 —hs—- C:\WINDOWS\system32\ykewlnbx.ini
2007-12-02 14:46 . 2007-12-02 14:46 4,156 –a—— C:\WINDOWS\system32\elfahxwo.dll
2007-12-01 14:51 . 2007-12-01 14:51 793,664 —hs—- C:\WINDOWS\system32\qxxkgyue.ini
2007-12-01 14:41 . 2007-12-01 14:42 4,156 –a—— C:\WINDOWS\system32\xaytcrpj.dll
2007-11-28 16:29 . 2007-11-28 16:30 161 –a—— C:\WINDOWS\system32\temp_0000_85-19.aok
2007-11-28 16:25 . 2007-11-28 16:25 162 –a—— C:\WINDOWS\system32\test.aok
2007-11-28 16:01 . 2007-11-28 16:01 36,864 –a—— C:\WINDOWS\system32\gebbcay.dll__DELETE_ON_REBOOT
2007-11-28 16:00 . 2007-11-28 16:00 33,824 –a—— C:\WINDOWS\system32\drivers\oreans32.sys
2007-11-28 15:07 . 2002-10-05 07:04 921,600 –a—— C:\WINDOWS\system32\vorbisenc.dll
2007-11-28 15:07 . 2004-01-11 08:02 258,048 –a—— C:\WINDOWS\system32\GplMpgDec.ax
2007-11-28 15:07 . 2002-10-07 02:42 237,568 –a—— C:\WINDOWS\system32\OggDS.dll
2007-11-28 15:07 . 2002-10-05 07:04 188,416 –a—— C:\WINDOWS\system32\vorbis.dll
2007-11-28 15:07 . 2007-04-12 14:19 129,024 –a—— C:\WINDOWS\system32\AVERM.dll
2007-11-28 15:07 . 2002-10-05 07:04 45,056 –a—— C:\WINDOWS\system32\ogg.dll
2007-11-28 15:07 . 2006-09-26 13:57 28,672 –a—— C:\WINDOWS\system32\AVEQT.dll
2007-11-28 15:03 . 2007-11-28 17:26 <DIR> d——– C:\Program Files\Allok 3gp psp mp4 ipod video converter
2007-11-28 13:16 . 2007-11-28 13:16 <DIR> d——– C:\Program Files\Xilisoft
2007-11-27 18:49 . 2007-11-28 17:20 <DIR> d——– C:\Program Files\Ultra Mobile 3GP Video Converter
2007-11-27 18:16 . 2006-03-29 00:35 475,136 –a—— C:\WINDOWS\system32\SkinCrafter.dll
2007-11-27 18:16 . 2007-03-09 09:35 208,896 –a—— C:\WINDOWS\system32\VideoEdit.ocx
2007-11-27 18:16 . 2007-03-09 09:37 139,264 –a—— C:\WINDOWS\system32\viscomqtde.dll
2007-11-27 18:16 . 2007-03-09 09:36 81,920 –a—— C:\WINDOWS\system32\viscomwave.dll
2007-11-27 16:48 . 2005-10-21 02:47 30,592 ——— C:\WINDOWS\system32\drivers\rndismpx.sys
2007-11-27 16:48 . 2005-10-21 02:47 12,800 ——— C:\WINDOWS\system32\drivers\usb8023x.sys
2007-11-27 16:47 . 2007-11-27 16:47 <DIR> d——– C:\Program Files\Microsoft ActiveSync
2007-11-27 16:46 . 2007-11-27 16:46 <DIR> d——– C:\Program Files\Windows Mobile-hulpbronnen
2007-11-26 14:33 . 2007-11-26 13:44 804,106 –a—— C:\WINDOWS\Roulette Cheat Guide.pdf
2007-11-22 16:37 . 2007-11-22 16:37 46,892 –a—— C:\Documents and Settings\Greup\ytmakn.exe
2007-11-21 10:43 . 2007-11-21 10:43 46,892 –a—— C:\Documents and Settings\Greup\lmehvm.exe
2007-11-21 10:23 . 2007-11-21 10:23 46,892 –a—— C:\Documents and Settings\Greup\haiohf.exe
2007-11-21 10:04 . 2007-11-21 10:04 46,892 –a—— C:\Documents and Settings\Greup\dobykz.exe
2007-11-21 09:57 . 2007-11-21 09:57 46,892 –a—— C:\Documents and Settings\Greup\jofzek.exe
2007-11-19 16:27 . 2007-11-19 16:27 46,892 –a—— C:\Documents and Settings\Greup\xtbtvj.exe
2007-11-19 15:41 . 2007-11-19 15:41 244 –ah—– C:\sqmnoopt12.sqm
2007-11-19 15:41 . 2007-11-19 15:41 232 –ah—– C:\sqmdata12.sqm
2007-11-19 15:13 . 2007-11-19 15:13 244 –ah—– C:\sqmnoopt11.sqm
2007-11-19 15:13 . 2007-11-19 15:13 232 –ah—– C:\sqmdata11.sqm
2007-11-19 14:42 . 2007-11-19 14:42 244 –ah—– C:\sqmnoopt10.sqm
2007-11-19 14:42 . 2007-11-19 14:42 232 –ah—– C:\sqmdata10.sqm
2007-11-19 14:41 . 2007-11-19 14:41 244 –ah—– C:\sqmnoopt09.sqm
2007-11-19 14:41 . 2007-11-19 14:41 232 –ah—– C:\sqmdata09.sqm
2007-11-19 14:29 . 2007-11-19 14:29 244 –ah—– C:\sqmnoopt08.sqm
2007-11-19 14:29 . 2007-11-19 14:29 232 –ah—– C:\sqmdata08.sqm
2007-11-19 14:22 . 2007-11-19 14:22 244 –ah—– C:\sqmnoopt07.sqm
2007-11-19 14:22 . 2007-11-19 14:22 232 –ah—– C:\sqmdata07.sqm
2007-11-19 13:40 . 2007-11-19 13:40 244 –ah—– C:\sqmnoopt06.sqm
2007-11-19 13:40 . 2007-11-19 13:40 232 –ah—– C:\sqmdata06.sqm
2007-11-19 13:08 . 2007-11-19 13:08 244 –ah—– C:\sqmnoopt05.sqm
2007-11-19 13:08 . 2007-11-19 13:08 232 –ah—– C:\sqmdata05.sqm
2007-11-19 12:25 . 2007-10-17 12:24 2,526,800 –a—— C:\WINDOWS\Install_B4Playing.exe
2007-11-19 12:25 . 2007-10-17 12:22 842,148 –a—— C:\WINDOWS\B4Playing Bonus Guide.pdf
2007-11-19 12:25 . 2007-11-18 14:32 112 –a—— C:\WINDOWS\B4Playing, the Smart Casino & Poker Players' Tool.url
2007-11-13 13:40 . 2007-11-13 13:40 <DIR> d——– C:\Poker
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-12 11:54 ——— d—–w C:\Program Files\Hitman Pro
2007-12-12 11:08 ——— d—a-w C:\Documents and Settings\All Users\Application Data\TEMP
2007-12-06 20:47 ——— d—–w C:\Program Files\Lexmark X1100 Series
2007-12-03 10:33 ——— d—–w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-11-28 13:33 ——— d—–w C:\Documents and Settings\Greup\Application Data\BitTorrent
2007-11-13 10:25 20,480 —-a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-11-07 15:50 ——— d—–w C:\Program Files\MSN Messenger
2007-11-05 12:14 ——— d—–w C:\Documents and Settings\Greup\Application Data\PC Tools
2007-11-05 12:13 ——— d—–w C:\Documents and Settings\LocalService\Application Data\Webroot
2007-11-05 12:12 164 —-a-w C:\install.dat
2007-11-05 12:12 ——— d—–w C:\Program Files\Webroot
2007-11-05 12:12 ——— d—–w C:\Documents and Settings\Greup\Application Data\Webroot
2007-11-05 12:12 ——— d—–w C:\Documents and Settings\All Users\Application Data\Webroot
2007-11-05 12:08 512,096 —-a-w C:\WINDOWS\system32\drivers\amon.sys
2007-11-05 12:08 15,424 —-a-w C:\WINDOWS\system32\drivers\nod32drv.sys
2007-11-05 11:57 ——— d—–w C:\Program Files\SpywareBlaster
2007-11-05 11:57 ——— d—–w C:\Documents and Settings\All Users\Application Data\Prevx
2007-11-03 19:26 ——— d—–w C:\Program Files\LimeWire
2007-10-19 13:29 ——— d—–w C:\Program Files\Panerai
2007-10-14 13:09 ——— d—–w C:\Program Files\BitTorrent
2006-10-18 09:09 30,066 —-a-w C:\WINDOWS\Fonts\walt_disney_script.zip
2006-06-22 12:35 6,704 —-a-w C:\Program Files\Pirates readme.txt
2006-06-20 22:40 883,162,283 —-a-w C:\Program Files\Data11.cab
2006-06-20 22:40 703,224 —-a-w C:\Program Files\Pirates of the Caribbean.msi
2006-06-20 22:40 1,936 —-a-w C:\Program Files\Setup.ini
2006-06-20 22:14 365,654,016 —-a-w C:\Program Files\Data1.cab
2005-11-13 22:49 5,693 —-a-w C:\Program Files\[u:c827e2970f]0[/u:c827e2970f]x0409.ini
2005-11-13 22:44 1,822,520 —-a-w C:\Program Files\instmsiw.exe
2005-11-13 22:44 1,708,856 —-a-w C:\Program Files\instmsia.exe
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 13:00]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" []
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 15:45]
"BitTorrent"="C:\Program Files\BitTorrent\bittorrent.exe" [2007-09-08 00:01]
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 18:34]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Lexmark X1100 Series"="C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe" [2003-08-19 15:41]
"WireLessMouse"="C:\Program Files\TCM\TCM Mouse Only\MouseDrv.exe" []
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 20:24]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2006-06-21 09:15]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-09-11 19:29]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2006-09-14 16:18]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2006-09-14 16:18]
"ShStatEXE"="C:\Program Files\Network Associates\VirusScan\SHSTAT.exe" [2004-09-22 19:00]
"McAfeeUpdaterUI"="C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" [2004-08-06 02:50]
"Network Associates Error Reporting Service"="C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe" [2003-10-07 08:48]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe" [2005-04-13 02:48]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 18:20]
"Hitman Pro Expiration Helper"="C:\Program Files\Hitman Pro\xphelper.exe" [2007-01-30 14:41]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 13:00]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\gebbcay]
gebbcay.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""
R1 NaiAvTdi1;NaiAvTdi1;C:\WINDOWS\system32\drivers\mvstdi5x.sys
R1 oreans32;oreans32;\??\C:\WINDOWS\system32\drivers\oreans32.sys
S1 ctredrv.sys;ctredrv.sys;\??\C:\WINDOWS\system32\drivers\ctredrv.sys
*Newly Created Service* - ENTDRV51
.
Inhoud van de 'Gedeelde Taken' map
"2007-12-12 11:31:46 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
.
**************************************************************************
catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-12 12:54:42
Windows 5.1.2600 Service Pack 2 NTFS
scannen van verborgen processen …
scannen van verborgen autostart items …
scannen van verborgen bestanden …
Scan succesvol afgerond
verborgen bestanden: 0
**************************************************************************
.
Voltooingstijd: 2007-12-12 12:57:53 - machine was rebooted
.
2007-12-12 09:36:12 — E O F — - 1. Start hijackthis, kies voor 'Do a system scan only' en vink onderstaande regels aan:
[b:4f61aa38d7]
O2 - BHO: StumbleUpon Launcher - {145B29F4-A56B-4b90-BBAC-45784EBEBBB7} - C:\Program Files\StumbleUpon\StumbleUponIEBar.dll (file missing)
O3 - Toolbar: StumbleUpon Toolbar - {5093EB4C-3E93-40AB-9266-B607BA87BDC8} - C:\Program Files\StumbleUpon\StumbleUponIEBar.dll (file missing)
O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file)
[/b:4f61aa38d7]
Indien je onderstaande Vertrouwde website niet zelf hebt ingesteld, kan je deze regel ook aanvinken:
[b:4f61aa38d7]O15 - Trusted Zone: *.stumbleupon.com[/b:4f61aa38d7]
Vink ook nog aan:
[b:4f61aa38d7]O20 - Winlogon Notify: gebbcay - gebbcay.dll (file missing) [/b:4f61aa38d7]
Sluit nu alle openstaande vensters, behalve Hijackthis en klik op 'fix checked'
2. Open Kladblok, kopiëer en plak het volgende (vetgedrukte tekst) in een leeg venster:
[b:4f61aa38d7]
File::
C:\WINDOWS\system32\psbooijk.ini
C:\WINDOWS\system32\aevyfnac.ini
C:\WINDOWS\system32\cmmfjumj.ini
C:\WINDOWS\system32\lrbcoact.ini
C:\WINDOWS\system32\nnmwosbq.ini
C:\WINDOWS\system32\vuweurwa.ini
C:\WINDOWS\system32\twinfphq.dll
C:\WINDOWS\system32\godrdvcr.ini
C:\WINDOWS\system32\dxfcbflq.ini
C:\WINDOWS\system32\jvleubre.dll
C:\WINDOWS\system32\ykewlnbx.ini
C:\WINDOWS\system32\elfahxwo.dll
C:\WINDOWS\system32\qxxkgyue.ini
C:\WINDOWS\system32\xaytcrpj.dll
Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\gebbcay]
[/b:4f61aa38d7]
Sla dit op op je Bureaublad als [b:4f61aa38d7]CFScript.txt[/b:4f61aa38d7]
Sleep [b:4f61aa38d7]CFScript.txt[/b:4f61aa38d7] in [b:4f61aa38d7]ComboFix.exe[/b:4f61aa38d7] zoals getoond in onderstaand voorbeeld :
[img:4f61aa38d7]http://img.photobucket.com/albums/v666/sUBs/CFScript.gif[/img:4f61aa38d7]
Dit zal [b:4f61aa38d7]ComboFix[/b:4f61aa38d7] doen herstarten.
Start opnieuw op als daarom gevraagd wordt en post de inhoud van de Combofix.txt in je volgende antwoord samen met een nieuw HijackThislogje.
Hoe is het met je problemen?
Pim - Hoi Pim,
Volgens mij werkt het maar ik weet er niet zo heel veel van………
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:48:56, on 12-12-2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\BitTorrent\bittorrent.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\PROGRA~1\MICROS~3\rapimgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=56626&homepage=http://www.home.nl/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
O4 - HKLM\..\Run: [WireLessMouse] C:\Program Files\TCM\TCM Mouse Only\MouseDrv.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [Hitman Pro Expiration Helper] "C:\Program Files\Hitman Pro\xphelper.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" –force_start_minimized
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Snelle start.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: StumbleUpon: &Blog This - res://StumbleUponIEBar.dll/blogimage
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra 'Tools' menuitem: Mobiele favorieten maken… - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {326A7290-FAE3-48C5-9FBA-F071633E1EB5} (VPlayer Control) - http://www.sonypictures.com/movies/casinoroyale/vividas/fulltrailer/player/vivid_ocx.jpeg
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.mail.live.com/mail/w1/resources/MSNPUpld.cab
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://cache.hyves-static.net/statics/Aurigma/ImageUploader4.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.5 Control) - http://cache.hyves.nl/statics/Aurigma/ImageUploader.cab
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/win/ActiveXPlugin.cab
O16 - DPF: {A91DEB0D-AD0D-453E-9AC8-60178EC24212} (VPlayer Control) - http://www.sonypictures.com/movies/davincicode/vividas/player/vivid_ocx.jpeg
O16 - DPF: {DCDC28C5-831C-43EA-9C02-78872CCCA409} (VPlayer Control) - http://video.vividas.com/CDN1/4896_sony/web/player/vivid_ocx.jpeg
O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} (AxisMediaControlEmb Class) - http://88.211.191.32:9999/activex/AMC.cab
O16 - DPF: {FD163A9A-A3D8-4F7D-8224-32F81AC29EDA} (VPlayer Control) - http://video.vividas.com/CDN1/5029_paramount/en/web/player/vivid_ocx.jpeg
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - Unknown owner - C:\Program Files\Spyware Doctor\svcntaux.exe (file missing)
O23 - Service: PC Tools Security Service (sdCoreService) - Unknown owner - C:\Program Files\Spyware Doctor\swdsvc.exe (file missing)
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
–
End of file - 8914 bytes
ComboFix 07-12-12.3 - Greup 2007-12-12 13:42:15.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1043.18.218 [GMT 1:00]
Gestart vanuit: C:\Documents and Settings\Greup\Bureaublad\ComboFix.exe
Command switches used :: C:\Documents and Settings\Greup\Bureaublad\CFScript.txt
* Nieuw herstelpunt werd aangemaakt
FILE
C:\WINDOWS\system32\aevyfnac.ini
C:\WINDOWS\system32\cmmfjumj.ini
C:\WINDOWS\system32\dxfcbflq.ini
C:\WINDOWS\system32\elfahxwo.dll
C:\WINDOWS\system32\godrdvcr.ini
C:\WINDOWS\system32\jvleubre.dll
C:\WINDOWS\system32\lrbcoact.ini
C:\WINDOWS\system32\nnmwosbq.ini
C:\WINDOWS\system32\psbooijk.ini
C:\WINDOWS\system32\qxxkgyue.ini
C:\WINDOWS\system32\twinfphq.dll
C:\WINDOWS\system32\vuweurwa.ini
C:\WINDOWS\system32\xaytcrpj.dll
C:\WINDOWS\system32\ykewlnbx.ini
.
(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\system32\aevyfnac.ini
C:\WINDOWS\system32\cmmfjumj.ini
C:\WINDOWS\system32\dxfcbflq.ini
C:\WINDOWS\system32\elfahxwo.dll
C:\WINDOWS\system32\godrdvcr.ini
C:\WINDOWS\system32\jvleubre.dll
C:\WINDOWS\system32\lrbcoact.ini
C:\WINDOWS\system32\nnmwosbq.ini
C:\WINDOWS\system32\psbooijk.ini
C:\WINDOWS\system32\qxxkgyue.ini
C:\WINDOWS\system32\twinfphq.dll
C:\WINDOWS\system32\vuweurwa.ini
C:\WINDOWS\system32\xaytcrpj.dll
C:\WINDOWS\system32\ykewlnbx.ini
.
(((((((((((((((((((( Bestanden Gemaakt van 2007-11-12 to 2007-12-12 ))))))))))))))))))))))))))))))
.
2007-12-12 12:13 . 2007-12-12 12:13 <DIR> d——– C:\WINDOWS\ERUNT
2007-12-12 12:01 . 2007-12-12 12:01 <DIR> d——– C:\Program Files\Trend Micro
2007-12-12 11:43 . 2007-09-05 23:22 289,144 –a—— C:\WINDOWS\system32\VCCLSID.exe
2007-12-12 11:43 . 2006-04-27 16:49 288,417 –a—— C:\WINDOWS\system32\SrchSTS.exe
2007-12-12 11:43 . 2003-06-05 20:13 53,248 –a—— C:\WINDOWS\system32\Process.exe
2007-12-12 11:43 . 2004-07-31 17:50 51,200 –a—— C:\WINDOWS\system32\dumphive.exe
2007-12-12 11:43 . 2007-10-03 23:36 25,600 –a—— C:\WINDOWS\system32\WS2Fix.exe
2007-12-12 11:35 . 2007-12-12 11:37 3,624 –a—— C:\WINDOWS\system32\tmp.reg
2007-12-10 20:34 . 2007-12-10 20:34 <DIR> d——– C:\Program Files\K-Lite Codec Pack
2007-12-03 22:25 . 2007-12-03 22:25 <DIR> d——– C:\Documents and Settings\LocalService\Application Data\SurfRight
2007-12-03 11:10 . 2007-12-03 11:10 <DIR> d——– C:\Program Files\SurfRight
2007-12-03 11:10 . 2007-12-03 11:10 <DIR> d——– C:\Documents and Settings\All Users\Application Data\SurfRight
2007-11-28 16:29 . 2007-11-28 16:30 161 –a—— C:\WINDOWS\system32\temp_0000_85-19.aok
2007-11-28 16:25 . 2007-11-28 16:25 162 –a—— C:\WINDOWS\system32\test.aok
2007-11-28 16:01 . 2007-11-28 16:01 36,864 –a—— C:\WINDOWS\system32\gebbcay.dll__DELETE_ON_REBOOT
2007-11-28 16:00 . 2007-11-28 16:00 33,824 –a—— C:\WINDOWS\system32\drivers\oreans32.sys
2007-11-28 15:07 . 2002-10-05 07:04 921,600 –a—— C:\WINDOWS\system32\vorbisenc.dll
2007-11-28 15:07 . 2004-01-11 08:02 258,048 –a—— C:\WINDOWS\system32\GplMpgDec.ax
2007-11-28 15:07 . 2002-10-07 02:42 237,568 –a—— C:\WINDOWS\system32\OggDS.dll
2007-11-28 15:07 . 2002-10-05 07:04 188,416 –a—— C:\WINDOWS\system32\vorbis.dll
2007-11-28 15:07 . 2007-04-12 14:19 129,024 –a—— C:\WINDOWS\system32\AVERM.dll
2007-11-28 15:07 . 2002-10-05 07:04 45,056 –a—— C:\WINDOWS\system32\ogg.dll
2007-11-28 15:07 . 2006-09-26 13:57 28,672 –a—— C:\WINDOWS\system32\AVEQT.dll
2007-11-28 15:03 . 2007-11-28 17:26 <DIR> d——– C:\Program Files\Allok 3gp psp mp4 ipod video converter
2007-11-28 13:16 . 2007-11-28 13:16 <DIR> d——– C:\Program Files\Xilisoft
2007-11-27 18:49 . 2007-11-28 17:20 <DIR> d——– C:\Program Files\Ultra Mobile 3GP Video Converter
2007-11-27 18:16 . 2006-03-29 00:35 475,136 –a—— C:\WINDOWS\system32\SkinCrafter.dll
2007-11-27 18:16 . 2007-03-09 09:35 208,896 –a—— C:\WINDOWS\system32\VideoEdit.ocx
2007-11-27 18:16 . 2007-03-09 09:37 139,264 –a—— C:\WINDOWS\system32\viscomqtde.dll
2007-11-27 18:16 . 2007-03-09 09:36 81,920 –a—— C:\WINDOWS\system32\viscomwave.dll
2007-11-27 16:48 . 2005-10-21 02:47 30,592 ——— C:\WINDOWS\system32\drivers\rndismpx.sys
2007-11-27 16:48 . 2005-10-21 02:47 12,800 ——— C:\WINDOWS\system32\drivers\usb8023x.sys
2007-11-27 16:47 . 2007-11-27 16:47 <DIR> d——– C:\Program Files\Microsoft ActiveSync
2007-11-27 16:46 . 2007-11-27 16:46 <DIR> d——– C:\Program Files\Windows Mobile-hulpbronnen
2007-11-26 14:33 . 2007-11-26 13:44 804,106 –a—— C:\WINDOWS\Roulette Cheat Guide.pdf
2007-11-22 16:37 . 2007-11-22 16:37 46,892 –a—— C:\Documents and Settings\Greup\ytmakn.exe
2007-11-21 10:43 . 2007-11-21 10:43 46,892 –a—— C:\Documents and Settings\Greup\lmehvm.exe
2007-11-21 10:23 . 2007-11-21 10:23 46,892 –a—— C:\Documents and Settings\Greup\haiohf.exe
2007-11-21 10:04 . 2007-11-21 10:04 46,892 –a—— C:\Documents and Settings\Greup\dobykz.exe
2007-11-21 09:57 . 2007-11-21 09:57 46,892 –a—— C:\Documents and Settings\Greup\jofzek.exe
2007-11-19 16:27 . 2007-11-19 16:27 46,892 –a—— C:\Documents and Settings\Greup\xtbtvj.exe
2007-11-19 15:41 . 2007-11-19 15:41 244 –ah—– C:\sqmnoopt12.sqm
2007-11-19 15:41 . 2007-11-19 15:41 232 –ah—– C:\sqmdata12.sqm
2007-11-19 15:13 . 2007-11-19 15:13 244 –ah—– C:\sqmnoopt11.sqm
2007-11-19 15:13 . 2007-11-19 15:13 232 –ah—– C:\sqmdata11.sqm
2007-11-19 14:42 . 2007-11-19 14:42 244 –ah—– C:\sqmnoopt10.sqm
2007-11-19 14:42 . 2007-11-19 14:42 232 –ah—– C:\sqmdata10.sqm
2007-11-19 14:41 . 2007-11-19 14:41 244 –ah—– C:\sqmnoopt09.sqm
2007-11-19 14:41 . 2007-11-19 14:41 232 –ah—– C:\sqmdata09.sqm
2007-11-19 14:29 . 2007-11-19 14:29 244 –ah—– C:\sqmnoopt08.sqm
2007-11-19 14:29 . 2007-11-19 14:29 232 –ah—– C:\sqmdata08.sqm
2007-11-19 14:22 . 2007-11-19 14:22 244 –ah—– C:\sqmnoopt07.sqm
2007-11-19 14:22 . 2007-11-19 14:22 232 –ah—– C:\sqmdata07.sqm
2007-11-19 13:40 . 2007-11-19 13:40 244 –ah—– C:\sqmnoopt06.sqm
2007-11-19 13:40 . 2007-11-19 13:40 232 –ah—– C:\sqmdata06.sqm
2007-11-19 13:08 . 2007-11-19 13:08 244 –ah—– C:\sqmnoopt05.sqm
2007-11-19 13:08 . 2007-11-19 13:08 232 –ah—– C:\sqmdata05.sqm
2007-11-19 12:25 . 2007-10-17 12:24 2,526,800 –a—— C:\WINDOWS\Install_B4Playing.exe
2007-11-19 12:25 . 2007-10-17 12:22 842,148 –a—— C:\WINDOWS\B4Playing Bonus Guide.pdf
2007-11-19 12:25 . 2007-11-18 14:32 112 –a—— C:\WINDOWS\B4Playing, the Smart Casino & Poker Players' Tool.url
2007-11-13 13:40 . 2007-11-13 13:40 <DIR> d——– C:\Poker
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-12 11:54 ——— d—–w C:\Program Files\Hitman Pro
2007-12-12 11:08 ——— d—a-w C:\Documents and Settings\All Users\Application Data\TEMP
2007-12-06 20:47 ——— d—–w C:\Program Files\Lexmark X1100 Series
2007-12-03 10:33 ——— d—–w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-11-28 13:33 ——— d—–w C:\Documents and Settings\Greup\Application Data\BitTorrent
2007-11-13 10:25 20,480 —-a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-11-07 15:50 ——— d—–w C:\Program Files\MSN Messenger
2007-11-05 12:14 ——— d—–w C:\Documents and Settings\Greup\Application Data\PC Tools
2007-11-05 12:13 ——— d—–w C:\Documents and Settings\LocalService\Application Data\Webroot
2007-11-05 12:12 164 —-a-w C:\install.dat
2007-11-05 12:12 ——— d—–w C:\Program Files\Webroot
2007-11-05 12:12 ——— d—–w C:\Documents and Settings\Greup\Application Data\Webroot
2007-11-05 12:12 ——— d—–w C:\Documents and Settings\All Users\Application Data\Webroot
2007-11-05 12:08 512,096 —-a-w C:\WINDOWS\system32\drivers\amon.sys
2007-11-05 12:08 298,104 —-a-w C:\WINDOWS\system32\imon.dll
2007-11-05 12:08 15,424 —-a-w C:\WINDOWS\system32\drivers\nod32drv.sys
2007-11-05 11:57 ——— d—–w C:\Program Files\SpywareBlaster
2007-11-05 11:57 ——— d—–w C:\Documents and Settings\All Users\Application Data\Prevx
2007-11-03 19:26 ——— d—–w C:\Program Files\LimeWire
2007-10-29 22:45 1,291,776 —-a-w C:\WINDOWS\system32\quartz.dll
2007-10-25 08:28 222,720 —-a-w C:\WINDOWS\system32\wmasf.dll
2007-10-19 13:29 ——— d—–w C:\Program Files\Panerai
2007-10-14 13:09 ——— d—–w C:\Program Files\BitTorrent
2006-10-18 09:09 30,066 —-a-w C:\WINDOWS\Fonts\walt_disney_script.zip
2006-06-22 12:35 6,704 —-a-w C:\Program Files\Pirates readme.txt
2006-06-20 22:40 883,162,283 —-a-w C:\Program Files\Data11.cab
2006-06-20 22:40 703,224 —-a-w C:\Program Files\Pirates of the Caribbean.msi
2006-06-20 22:40 1,936 —-a-w C:\Program Files\Setup.ini
2006-06-20 22:14 365,654,016 —-a-w C:\Program Files\Data1.cab
2005-11-13 22:49 5,693 —-a-w C:\Program Files\[u:2f93e268ac]0[/u:2f93e268ac]x0409.ini
2005-11-13 22:44 1,822,520 —-a-w C:\Program Files\instmsiw.exe
2005-11-13 22:44 1,708,856 —-a-w C:\Program Files\instmsia.exe
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 13:00]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" []
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 15:45]
"BitTorrent"="C:\Program Files\BitTorrent\bittorrent.exe" [2007-09-08 00:01]
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 18:34]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Lexmark X1100 Series"="C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe" [2003-08-19 15:41]
"WireLessMouse"="C:\Program Files\TCM\TCM Mouse Only\MouseDrv.exe" []
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 20:24]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2006-06-21 09:15]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-09-11 19:29]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2006-09-14 16:18]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2006-09-14 16:18]
"ShStatEXE"="C:\Program Files\Network Associates\VirusScan\SHSTAT.exe" [2004-09-22 19:00]
"McAfeeUpdaterUI"="C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" [2004-08-06 02:50]
"Network Associates Error Reporting Service"="C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe" [2003-10-07 08:48]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe" [2005-04-13 02:48]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 18:20]
"Hitman Pro Expiration Helper"="C:\Program Files\Hitman Pro\xphelper.exe" [2007-01-30 14:41]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 13:00]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""
R1 NaiAvTdi1;NaiAvTdi1;C:\WINDOWS\system32\drivers\mvstdi5x.sys
R1 oreans32;oreans32;\??\C:\WINDOWS\system32\drivers\oreans32.sys
S1 ctredrv.sys;ctredrv.sys;\??\C:\WINDOWS\system32\drivers\ctredrv.sys
*Newly Created Service* - ENTDRV51
.
Inhoud van de 'Gedeelde Taken' map
"2007-12-12 11:57:18 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
.
**************************************************************************
catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-12 13:45:21
Windows 5.1.2600 Service Pack 2 NTFS
scannen van verborgen processen …
scannen van verborgen autostart items …
scannen van verborgen bestanden …
Scan succesvol afgerond
verborgen bestanden: 0
**************************************************************************
.
Voltooingstijd: 2007-12-12 13:46:37
C:\ComboFix2.txt … 2007-12-12 12:57
.
2007-12-12 09:36:12 — E O F — - Eentje gemist
Verwijder de tekst uit [b:e7faaace6c]CFscript[/b:e7faaace6c] en plaats de volgende tekst erin:
[b:e7faaace6c]
File::
C:\WINDOWS\system32\gebbcay.dll
[/b:e7faaace6c]
Sleep deze opnieuw in Combofix via bovenstaande instructies en post het logje. - ComboFix 07-12-12.3 - Greup 2007-12-13 14:19:09.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1043.18.249 [GMT 1:00]
Gestart vanuit: C:\Documents and Settings\Greup\Bureaublad\ComboFix.exe
Command switches used :: C:\Documents and Settings\Greup\Bureaublad\CFScript.txt
* Nieuw herstelpunt werd aangemaakt
FILE
C:\WINDOWS\system32\gebbcay.dll
.
(((((((((((((((((((( Bestanden Gemaakt van 2007-11-13 to 2007-12-13 ))))))))))))))))))))))))))))))
.
2007-12-12 12:13 . 2007-12-12 12:13 <DIR> d——– C:\WINDOWS\ERUNT
2007-12-12 12:01 . 2007-12-12 12:01 <DIR> d——– C:\Program Files\Trend Micro
2007-12-12 11:43 . 2007-09-05 23:22 289,144 –a—— C:\WINDOWS\system32\VCCLSID.exe
2007-12-12 11:43 . 2006-04-27 16:49 288,417 –a—— C:\WINDOWS\system32\SrchSTS.exe
2007-12-12 11:43 . 2003-06-05 20:13 53,248 –a—— C:\WINDOWS\system32\Process.exe
2007-12-12 11:43 . 2004-07-31 17:50 51,200 –a—— C:\WINDOWS\system32\dumphive.exe
2007-12-12 11:43 . 2007-10-03 23:36 25,600 –a—— C:\WINDOWS\system32\WS2Fix.exe
2007-12-12 11:35 . 2007-12-12 11:37 3,624 –a—— C:\WINDOWS\system32\tmp.reg
2007-12-10 20:34 . 2007-12-10 20:34 <DIR> d——– C:\Program Files\K-Lite Codec Pack
2007-12-03 22:25 . 2007-12-03 22:25 <DIR> d——– C:\Documents and Settings\LocalService\Application Data\SurfRight
2007-12-03 11:10 . 2007-12-03 11:10 <DIR> d——– C:\Program Files\SurfRight
2007-12-03 11:10 . 2007-12-03 11:10 <DIR> d——– C:\Documents and Settings\All Users\Application Data\SurfRight
2007-11-28 16:29 . 2007-11-28 16:30 161 –a—— C:\WINDOWS\system32\temp_0000_85-19.aok
2007-11-28 16:25 . 2007-11-28 16:25 162 –a—— C:\WINDOWS\system32\test.aok
2007-11-28 16:01 . 2007-11-28 16:01 36,864 –a—— C:\WINDOWS\system32\gebbcay.dll__DELETE_ON_REBOOT
2007-11-28 16:00 . 2007-11-28 16:00 33,824 –a—— C:\WINDOWS\system32\drivers\oreans32.sys
2007-11-28 15:07 . 2002-10-05 07:04 921,600 –a—— C:\WINDOWS\system32\vorbisenc.dll
2007-11-28 15:07 . 2004-01-11 08:02 258,048 –a—— C:\WINDOWS\system32\GplMpgDec.ax
2007-11-28 15:07 . 2002-10-07 02:42 237,568 –a—— C:\WINDOWS\system32\OggDS.dll
2007-11-28 15:07 . 2002-10-05 07:04 188,416 –a—— C:\WINDOWS\system32\vorbis.dll
2007-11-28 15:07 . 2007-04-12 14:19 129,024 –a—— C:\WINDOWS\system32\AVERM.dll
2007-11-28 15:07 . 2002-10-05 07:04 45,056 –a—— C:\WINDOWS\system32\ogg.dll
2007-11-28 15:07 . 2006-09-26 13:57 28,672 –a—— C:\WINDOWS\system32\AVEQT.dll
2007-11-28 15:03 . 2007-11-28 17:26 <DIR> d——– C:\Program Files\Allok 3gp psp mp4 ipod video converter
2007-11-28 13:16 . 2007-11-28 13:16 <DIR> d——– C:\Program Files\Xilisoft
2007-11-27 18:49 . 2007-11-28 17:20 <DIR> d——– C:\Program Files\Ultra Mobile 3GP Video Converter
2007-11-27 18:16 . 2006-03-29 00:35 475,136 –a—— C:\WINDOWS\system32\SkinCrafter.dll
2007-11-27 18:16 . 2007-03-09 09:35 208,896 –a—— C:\WINDOWS\system32\VideoEdit.ocx
2007-11-27 18:16 . 2007-03-09 09:37 139,264 –a—— C:\WINDOWS\system32\viscomqtde.dll
2007-11-27 18:16 . 2007-03-09 09:36 81,920 –a—— C:\WINDOWS\system32\viscomwave.dll
2007-11-27 16:48 . 2005-10-21 02:47 30,592 ——— C:\WINDOWS\system32\drivers\rndismpx.sys
2007-11-27 16:48 . 2005-10-21 02:47 12,800 ——— C:\WINDOWS\system32\drivers\usb8023x.sys
2007-11-27 16:47 . 2007-11-27 16:47 <DIR> d——– C:\Program Files\Microsoft ActiveSync
2007-11-27 16:46 . 2007-11-27 16:46 <DIR> d——– C:\Program Files\Windows Mobile-hulpbronnen
2007-11-26 14:33 . 2007-11-26 13:44 804,106 –a—— C:\WINDOWS\Roulette Cheat Guide.pdf
2007-11-22 16:37 . 2007-11-22 16:37 46,892 –a—— C:\Documents and Settings\Greup\ytmakn.exe
2007-11-21 10:43 . 2007-11-21 10:43 46,892 –a—— C:\Documents and Settings\Greup\lmehvm.exe
2007-11-21 10:23 . 2007-11-21 10:23 46,892 –a—— C:\Documents and Settings\Greup\haiohf.exe
2007-11-21 10:04 . 2007-11-21 10:04 46,892 –a—— C:\Documents and Settings\Greup\dobykz.exe
2007-11-21 09:57 . 2007-11-21 09:57 46,892 –a—— C:\Documents and Settings\Greup\jofzek.exe
2007-11-19 16:27 . 2007-11-19 16:27 46,892 –a—— C:\Documents and Settings\Greup\xtbtvj.exe
2007-11-19 15:41 . 2007-11-19 15:41 244 –ah—– C:\sqmnoopt12.sqm
2007-11-19 15:41 . 2007-11-19 15:41 232 –ah—– C:\sqmdata12.sqm
2007-11-19 15:13 . 2007-11-19 15:13 244 –ah—– C:\sqmnoopt11.sqm
2007-11-19 15:13 . 2007-11-19 15:13 232 –ah—– C:\sqmdata11.sqm
2007-11-19 14:42 . 2007-11-19 14:42 244 –ah—– C:\sqmnoopt10.sqm
2007-11-19 14:42 . 2007-11-19 14:42 232 –ah—– C:\sqmdata10.sqm
2007-11-19 14:41 . 2007-11-19 14:41 244 –ah—– C:\sqmnoopt09.sqm
2007-11-19 14:41 . 2007-11-19 14:41 232 –ah—– C:\sqmdata09.sqm
2007-11-19 14:29 . 2007-11-19 14:29 244 –ah—– C:\sqmnoopt08.sqm
2007-11-19 14:29 . 2007-11-19 14:29 232 –ah—– C:\sqmdata08.sqm
2007-11-19 14:22 . 2007-11-19 14:22 244 –ah—– C:\sqmnoopt07.sqm
2007-11-19 14:22 . 2007-11-19 14:22 232 –ah—– C:\sqmdata07.sqm
2007-11-19 13:40 . 2007-11-19 13:40 244 –ah—– C:\sqmnoopt06.sqm
2007-11-19 13:40 . 2007-11-19 13:40 232 –ah—– C:\sqmdata06.sqm
2007-11-19 13:08 . 2007-11-19 13:08 244 –ah—– C:\sqmnoopt05.sqm
2007-11-19 13:08 . 2007-11-19 13:08 232 –ah—– C:\sqmdata05.sqm
2007-11-19 12:25 . 2007-10-17 12:24 2,526,800 –a—— C:\WINDOWS\Install_B4Playing.exe
2007-11-19 12:25 . 2007-10-17 12:22 842,148 –a—— C:\WINDOWS\B4Playing Bonus Guide.pdf
2007-11-19 12:25 . 2007-11-18 14:32 112 –a—— C:\WINDOWS\B4Playing, the Smart Casino & Poker Players' Tool.url
2007-11-13 13:40 . 2007-11-13 13:40 <DIR> d——– C:\Poker
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-13 13:12 ——— d—–w C:\Program Files\Hitman Pro
2007-12-12 11:08 ——— d—a-w C:\Documents and Settings\All Users\Application Data\TEMP
2007-12-06 20:47 ——— d—–w C:\Program Files\Lexmark X1100 Series
2007-12-03 10:33 ——— d—–w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-11-28 13:33 ——— d—–w C:\Documents and Settings\Greup\Application Data\BitTorrent
2007-11-13 10:25 20,480 —-a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-11-07 15:50 ——— d—–w C:\Program Files\MSN Messenger
2007-11-05 12:14 ——— d—–w C:\Documents and Settings\Greup\Application Data\PC Tools
2007-11-05 12:13 ——— d—–w C:\Documents and Settings\LocalService\Application Data\Webroot
2007-11-05 12:12 164 —-a-w C:\install.dat
2007-11-05 12:12 ——— d—–w C:\Program Files\Webroot
2007-11-05 12:12 ——— d—–w C:\Documents and Settings\Greup\Application Data\Webroot
2007-11-05 12:12 ——— d—–w C:\Documents and Settings\All Users\Application Data\Webroot
2007-11-05 12:08 512,096 —-a-w C:\WINDOWS\system32\drivers\amon.sys
2007-11-05 12:08 298,104 —-a-w C:\WINDOWS\system32\imon.dll
2007-11-05 12:08 15,424 —-a-w C:\WINDOWS\system32\drivers\nod32drv.sys
2007-11-05 11:57 ——— d—–w C:\Program Files\SpywareBlaster
2007-11-05 11:57 ——— d—–w C:\Documents and Settings\All Users\Application Data\Prevx
2007-11-03 19:26 ——— d—–w C:\Program Files\LimeWire
2007-10-29 22:45 1,291,776 —-a-w C:\WINDOWS\system32\quartz.dll
2007-10-25 08:28 222,720 —-a-w C:\WINDOWS\system32\wmasf.dll
2007-10-19 13:29 ——— d—–w C:\Program Files\Panerai
2007-10-14 13:09 ——— d—–w C:\Program Files\BitTorrent
2006-10-18 09:09 30,066 —-a-w C:\WINDOWS\Fonts\walt_disney_script.zip
2006-06-22 12:35 6,704 —-a-w C:\Program Files\Pirates readme.txt
2006-06-20 22:40 883,162,283 —-a-w C:\Program Files\Data11.cab
2006-06-20 22:40 703,224 —-a-w C:\Program Files\Pirates of the Caribbean.msi
2006-06-20 22:40 1,936 —-a-w C:\Program Files\Setup.ini
2006-06-20 22:14 365,654,016 —-a-w C:\Program Files\Data1.cab
2005-11-13 22:49 5,693 —-a-w C:\Program Files\[u:71cc540937]0[/u:71cc540937]x0409.ini
2005-11-13 22:44 1,822,520 —-a-w C:\Program Files\instmsiw.exe
2005-11-13 22:44 1,708,856 —-a-w C:\Program Files\instmsia.exe
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 13:00]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" []
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 15:45]
"BitTorrent"="C:\Program Files\BitTorrent\bittorrent.exe" [2007-09-08 00:01]
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 18:34]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Lexmark X1100 Series"="C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe" [2003-08-19 15:41]
"WireLessMouse"="C:\Program Files\TCM\TCM Mouse Only\MouseDrv.exe" []
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 20:24]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2006-06-21 09:15]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-09-11 19:29]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2006-09-14 16:18]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2006-09-14 16:18]
"ShStatEXE"="C:\Program Files\Network Associates\VirusScan\SHSTAT.exe" [2004-09-22 19:00]
"McAfeeUpdaterUI"="C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" [2004-08-06 02:50]
"Network Associates Error Reporting Service"="C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe" [2003-10-07 08:48]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe" [2005-04-13 02:48]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 18:20]
"Hitman Pro Expiration Helper"="C:\Program Files\Hitman Pro\xphelper.exe" [2007-01-30 14:41]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 13:00]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""
R1 NaiAvTdi1;NaiAvTdi1;C:\WINDOWS\system32\drivers\mvstdi5x.sys
R1 oreans32;oreans32;\??\C:\WINDOWS\system32\drivers\oreans32.sys
S1 ctredrv.sys;ctredrv.sys;\??\C:\WINDOWS\system32\drivers\ctredrv.sys
.
Inhoud van de 'Gedeelde Taken' map
"2007-12-13 13:15:23 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
.
**************************************************************************
catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-13 14:22:00
Windows 5.1.2600 Service Pack 2 NTFS
scannen van verborgen processen …
scannen van verborgen autostart items …
scannen van verborgen bestanden …
Scan succesvol afgerond
verborgen bestanden: 0
**************************************************************************
.
Voltooingstijd: 2007-12-13 14:23:27
C:\ComboFix2.txt … 2007-12-12 13:46
C:\ComboFix3.txt … 2007-12-12 12:57
.
2007-12-12 09:36:12 — E O F —
Volgens mij is het gelukt….
Hij gaf de melding al niet meer waar ik het in het begin over had
dus nu maar hopen dat het niet weer gebeurt.
Maar bedankt want daar was ik zelf echt nooit uitgekomen.
Auke-Jan - En toch staat hij er weer :cry:
Download OTMoveIt (by OldTimer) naar je Bureaublad.- Dubbelklik op [b:7b582b489a]OTMoveIt.exe[/b:7b582b489a] om de tool te starten.
Kopiëer (selecteren en druk Ctrl-C) alle onderstaande, vetgedrukte tekst:
[b:7b582b489a]
C:\WINDOWS\system32\gebbcay.dll
[/b:7b582b489a]
Plak de gekopiëerde tekst (druk Ctrl-V) in het "[b:7b582b489a]Paste List of Files/Folders to be moved" venster[/b:7b582b489a] Klik op de rode - Krijg het niet voor elkaar krijg dit als antwoord:
File/Folder C:\WINDOWS\system32\gebbcay.dll not found.
Created on 12-14-2007 11:27:00
Ik weet niet wat dat betekend maar zal wel niet goed zijn. - Ik ga even in overleg, je hoort nog van me
- Is goed ben wel een paar dagen weg dus dat moet genoeg zijn om ff goed te kunnen overleggen
. Ben woensdag weer in de buurt van de pc
Auke-Jan - Even afgekeken van Smeenk, probeer het zo eens
Leeg alle tekst in CFscript, zet onderstaande tekst erin en sleep deze in combofix
[b:b79f5ce131]
File::
C:\WINDOWS\system32\gebbcay.dll__DELETE_ON_REBOOT
[/b:b79f5ce131]
Post de inhoud van de logfile in je volgende bericht. - Daar was ik weer :wink:
ComboFix 07-12-21.4 - Greup 2007-12-21 22:30:39.4 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1043.18.251 [GMT 1:00]
Gestart vanuit: C:\Documents and Settings\Greup\Bureaublad\ComboFix.exe
Command switches used :: C:\Documents and Settings\Greup\Bureaublad\CFscript.txt
* Nieuw herstelpunt werd aangemaakt
FILE
C:\WINDOWS\system32\gebbcay.dll__DELETE_ON_REBOOT
.
(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\system32\gebbcay.dll__DELETE_ON_REBOOT
.
(((((((((((((((((((( Bestanden Gemaakt van 2007-11-21 to 2007-12-21 ))))))))))))))))))))))))))))))
.
2007-12-12 12:13 . 2007-12-12 12:13 <DIR> d——– C:\WINDOWS\ERUNT
2007-12-12 12:01 . 2007-12-12 12:01 <DIR> d——– C:\Program Files\Trend Micro
2007-12-12 11:43 . 2007-09-05 23:22 289,144 –a—— C:\WINDOWS\system32\VCCLSID.exe
2007-12-12 11:43 . 2006-04-27 16:49 288,417 –a—— C:\WINDOWS\system32\SrchSTS.exe
2007-12-12 11:43 . 2003-06-05 20:13 53,248 –a—— C:\WINDOWS\system32\Process.exe
2007-12-12 11:43 . 2004-07-31 17:50 51,200 –a—— C:\WINDOWS\system32\dumphive.exe
2007-12-12 11:43 . 2007-10-03 23:36 25,600 –a—— C:\WINDOWS\system32\WS2Fix.exe
2007-12-12 11:35 . 2007-12-12 11:37 3,624 –a—— C:\WINDOWS\system32\tmp.reg
2007-12-10 20:34 . 2007-12-10 20:34 <DIR> d——– C:\Program Files\K-Lite Codec Pack
2007-12-03 22:25 . 2007-12-03 22:25 <DIR> d——– C:\Documents and Settings\LocalService\Application Data\SurfRight
2007-12-03 11:10 . 2007-12-03 11:10 <DIR> d——– C:\Program Files\SurfRight
2007-12-03 11:10 . 2007-12-03 11:10 <DIR> d——– C:\Documents and Settings\All Users\Application Data\SurfRight
2007-11-28 16:29 . 2007-11-28 16:30 161 –a—— C:\WINDOWS\system32\temp_0000_85-19.aok
2007-11-28 16:25 . 2007-11-28 16:25 162 –a—— C:\WINDOWS\system32\test.aok
2007-11-28 16:00 . 2007-11-28 16:00 33,824 –a—— C:\WINDOWS\system32\drivers\oreans32.sys
2007-11-28 15:07 . 2002-10-05 07:04 921,600 –a—— C:\WINDOWS\system32\vorbisenc.dll
2007-11-28 15:07 . 2004-01-11 08:02 258,048 –a—— C:\WINDOWS\system32\GplMpgDec.ax
2007-11-28 15:07 . 2002-10-07 02:42 237,568 –a—— C:\WINDOWS\system32\OggDS.dll
2007-11-28 15:07 . 2002-10-05 07:04 188,416 –a—— C:\WINDOWS\system32\vorbis.dll
2007-11-28 15:07 . 2007-04-12 14:19 129,024 –a—— C:\WINDOWS\system32\AVERM.dll
2007-11-28 15:07 . 2002-10-05 07:04 45,056 –a—— C:\WINDOWS\system32\ogg.dll
2007-11-28 15:07 . 2006-09-26 13:57 28,672 –a—— C:\WINDOWS\system32\AVEQT.dll
2007-11-28 15:03 . 2007-11-28 17:26 <DIR> d——– C:\Program Files\Allok 3gp psp mp4 ipod video converter
2007-11-28 13:16 . 2007-11-28 13:16 <DIR> d——– C:\Program Files\Xilisoft
2007-11-27 18:49 . 2007-11-28 17:20 <DIR> d——– C:\Program Files\Ultra Mobile 3GP Video Converter
2007-11-27 18:16 . 2006-03-29 00:35 475,136 –a—— C:\WINDOWS\system32\SkinCrafter.dll
2007-11-27 18:16 . 2007-03-09 09:35 208,896 –a—— C:\WINDOWS\system32\VideoEdit.ocx
2007-11-27 18:16 . 2007-03-09 09:37 139,264 –a—— C:\WINDOWS\system32\viscomqtde.dll
2007-11-27 18:16 . 2007-03-09 09:36 81,920 –a—— C:\WINDOWS\system32\viscomwave.dll
2007-11-27 16:48 . 2005-10-21 02:47 30,592 ——— C:\WINDOWS\system32\drivers\rndismpx.sys
2007-11-27 16:48 . 2005-10-21 02:47 12,800 ——— C:\WINDOWS\system32\drivers\usb8023x.sys
2007-11-27 16:47 . 2007-11-27 16:47 <DIR> d——– C:\Program Files\Microsoft ActiveSync
2007-11-27 16:46 . 2007-11-27 16:46 <DIR> d——– C:\Program Files\Windows Mobile-hulpbronnen
2007-11-26 14:33 . 2007-11-26 13:44 804,106 –a—— C:\WINDOWS\Roulette Cheat Guide.pdf
2007-11-22 16:37 . 2007-11-22 16:37 46,892 –a—— C:\Documents and Settings\Greup\ytmakn.exe
2007-11-21 10:43 . 2007-11-21 10:43 46,892 –a—— C:\Documents and Settings\Greup\lmehvm.exe
2007-11-21 10:23 . 2007-11-21 10:23 46,892 –a—— C:\Documents and Settings\Greup\haiohf.exe
2007-11-21 10:04 . 2007-11-21 10:04 46,892 –a—— C:\Documents and Settings\Greup\dobykz.exe
2007-11-21 09:57 . 2007-11-21 09:57 46,892 –a—— C:\Documents and Settings\Greup\jofzek.exe
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-21 21:15 ——— d—–w C:\Program Files\Hitman Pro
2007-12-19 14:58 ——— d—–w C:\Program Files\Lexmark X1100 Series
2007-12-12 11:08 ——— d—a-w C:\Documents and Settings\All Users\Application Data\TEMP
2007-12-03 10:33 ——— d—–w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-11-28 13:33 ——— d—–w C:\Documents and Settings\Greup\Application Data\BitTorrent
2007-11-19 15:27 46,892 —-a-w C:\Documents and Settings\Greup\xtbtvj.exe
2007-11-13 10:25 20,480 —-a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-11-07 15:50 ——— d—–w C:\Program Files\MSN Messenger
2007-11-05 12:14 ——— d—–w C:\Documents and Settings\Greup\Application Data\PC Tools
2007-11-05 12:13 ——— d—–w C:\Documents and Settings\LocalService\Application Data\Webroot
2007-11-05 12:12 164 —-a-w C:\install.dat
2007-11-05 12:12 ——— d—–w C:\Program Files\Webroot
2007-11-05 12:12 ——— d—–w C:\Documents and Settings\Greup\Application Data\Webroot
2007-11-05 12:12 ——— d—–w C:\Documents and Settings\All Users\Application Data\Webroot
2007-11-05 12:08 512,096 —-a-w C:\WINDOWS\system32\drivers\amon.sys
2007-11-05 12:08 298,104 —-a-w C:\WINDOWS\system32\imon.dll
2007-11-05 12:08 15,424 —-a-w C:\WINDOWS\system32\drivers\nod32drv.sys
2007-11-05 11:57 ——— d—–w C:\Program Files\SpywareBlaster
2007-11-05 11:57 ——— d—–w C:\Documents and Settings\All Users\Application Data\Prevx
2007-11-03 19:26 ——— d—–w C:\Program Files\LimeWire
2007-10-29 22:45 1,291,776 —-a-w C:\WINDOWS\system32\quartz.dll
2007-10-25 08:28 222,720 —-a-w C:\WINDOWS\system32\wmasf.dll
2007-10-17 11:24 2,526,800 —-a-w C:\WINDOWS\Install_B4Playing.exe
2006-10-18 09:09 30,066 —-a-w C:\WINDOWS\Fonts\walt_disney_script.zip
2006-06-22 12:35 6,704 —-a-w C:\Program Files\Pirates readme.txt
2006-06-20 22:40 883,162,283 —-a-w C:\Program Files\Data11.cab
2006-06-20 22:40 703,224 —-a-w C:\Program Files\Pirates of the Caribbean.msi
2006-06-20 22:40 1,936 —-a-w C:\Program Files\Setup.ini
2006-06-20 22:14 365,654,016 —-a-w C:\Program Files\Data1.cab
2005-11-13 22:49 5,693 —-a-w C:\Program Files\[u:1f29d14374]0[/u:1f29d14374]x0409.ini
2005-11-13 22:44 1,822,520 —-a-w C:\Program Files\instmsiw.exe
2005-11-13 22:44 1,708,856 —-a-w C:\Program Files\instmsia.exe
.
((((((((((((((((((((((((((((( snapshot@2007-12-12_12.55.35.30 )))))))))))))))))))))))))))))))))))))))))
.
+ 2006-11-06 17:04:56 28,672 -c–a-w C:\WINDOWS\system32\dllcache\wceusbsh.sys
+ 2006-11-06 17:04:56 28,672 —-a-w C:\WINDOWS\system32\drivers\wceusbsh.sys
- 2007-11-29 20:10:46 53,996 —-a-w C:\WINDOWS\system32\perfc009.dat
+ 2007-12-14 10:46:34 53,996 —-a-w C:\WINDOWS\system32\perfc009.dat
- 2007-11-29 20:10:46 71,054 —-a-w C:\WINDOWS\system32\perfc013.dat
+ 2007-12-14 10:46:34 71,054 —-a-w C:\WINDOWS\system32\perfc013.dat
- 2007-11-29 20:10:46 383,834 —-a-w C:\WINDOWS\system32\perfh009.dat
+ 2007-12-14 10:46:34 383,834 —-a-w C:\WINDOWS\system32\perfh009.dat
- 2007-11-29 20:10:46 446,016 —-a-w C:\WINDOWS\system32\perfh013.dat
+ 2007-12-14 10:46:34 446,016 —-a-w C:\WINDOWS\system32\perfh013.dat
- 2007-07-22 17:39:27 279,552 —-a-w C:\WINDOWS\system32\swreg.exe
+ 2007-12-13 20:26:50 156,160 —-a-w C:\WINDOWS\system32\swreg.exe
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 13:00]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" []
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 15:45]
"BitTorrent"="C:\Program Files\BitTorrent\bittorrent.exe" [2007-09-08 00:01]
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 18:34]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Lexmark X1100 Series"="C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe" [2003-08-19 15:41]
"WireLessMouse"="C:\Program Files\TCM\TCM Mouse Only\MouseDrv.exe" []
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 20:24]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2006-06-21 09:15]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-09-11 19:29]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2006-09-14 16:18]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2006-09-14 16:18]
"ShStatEXE"="C:\Program Files\Network Associates\VirusScan\SHSTAT.exe" [2004-09-22 19:00]
"McAfeeUpdaterUI"="C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" [2004-08-06 02:50]
"Network Associates Error Reporting Service"="C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe" [2003-10-07 08:48]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe" [2005-04-13 02:48]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 18:20]
"Hitman Pro Expiration Helper"="C:\Program Files\Hitman Pro\xphelper.exe" [2007-01-30 14:41]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 13:00]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""
R1 NaiAvTdi1;NaiAvTdi1;C:\WINDOWS\system32\drivers\mvstdi5x.sys [2004-09-22 19:00]
R1 oreans32;oreans32;C:\WINDOWS\system32\drivers\oreans32.sys [2007-11-28 16:00]
S1 ctredrv.sys;ctredrv.sys;C:\WINDOWS\system32\drivers\ctredrv.sys []
.
Inhoud van de 'Gedeelde Taken' map
"2007-12-21 21:18:31 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
.
**************************************************************************
catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-21 22:33:39
Windows 5.1.2600 Service Pack 2 NTFS
scannen van verborgen processen …
scannen van verborgen autostart items …
scannen van verborgen bestanden …
Scan succesvol afgerond
verborgen bestanden: 0
**************************************************************************
.
Voltooingstijd: 2007-12-21 22:34:54
C:\ComboFix2.txt … 2007-12-13 14:23
C:\ComboFix3.txt … 2007-12-12 13:46
.
2007-12-21 18:24:37 — E O F — - Terug van vakantie en een antwoord met dank aan Smeenk
Open Kladblok, kopiëer en plak het volgende (vetgedrukte tekst) in een leeg venster:
[b:7e77035933]
File::
C:\Documents and Settings\Greup\ytmakn.exe
C:\Documents and Settings\Greup\lmehvm.exe
C:\Documents and Settings\Greup\haiohf.exe
C:\Documents and Settings\Greup\dobykz.exe
C:\Documents and Settings\Greup\jofzek.exe
C:\Documents and Settings\Greup\xtbtvj.exe
[/b:7e77035933]
Sla dit op op je Bureaublad als [b:7e77035933]CFScript.txt[/b:7e77035933]
Sleep [b:7e77035933]CFScript.txt[/b:7e77035933] in [b:7e77035933]ComboFix.exe[/b:7e77035933] zoals getoond in onderstaand voorbeeld :
[img:7e77035933]http://img.photobucket.com/albums/v666/sUBs/CFScript.gif[/img:7e77035933]
Dit zal [b:7e77035933]ComboFix[/b:7e77035933] doen herstarten.
Start opnieuw op als daarom gevraagd wordt,
en post de inhoud van de [b:7e77035933]Combofix.txt[/b:7e77035933] in je volgende antwoord samen met een nieuw HijackThislogje. - ComboFix 07-12-21.4 - Greup 2007-12-31 14:59:52.5 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1043.18.253 [GMT 1:00]
Gestart vanuit: C:\Documents and Settings\Greup\Bureaublad\ComboFix.exe
Command switches used :: C:\Documents and Settings\Greup\Bureaublad\CFScript.txt
* Nieuw herstelpunt werd aangemaakt
FILE
C:\Documents and Settings\Greup\dobykz.exe
C:\Documents and Settings\Greup\haiohf.exe
C:\Documents and Settings\Greup\jofzek.exe
C:\Documents and Settings\Greup\lmehvm.exe
C:\Documents and Settings\Greup\xtbtvj.exe
C:\Documents and Settings\Greup\ytmakn.exe
.
(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\Greup\dobykz.exe
C:\Documents and Settings\Greup\haiohf.exe
C:\Documents and Settings\Greup\jofzek.exe
C:\Documents and Settings\Greup\lmehvm.exe
C:\Documents and Settings\Greup\xtbtvj.exe
C:\Documents and Settings\Greup\ytmakn.exe
.
(((((((((((((((((((( Bestanden Gemaakt van 2007-11-28 to 2007-12-31 ))))))))))))))))))))))))))))))
.
2007-12-25 18:09 . 2007-12-25 18:09 244 –ah—– C:\sqmnoopt13.sqm
2007-12-25 18:09 . 2007-12-25 18:09 232 –ah—– C:\sqmdata13.sqm
2007-12-12 12:13 . 2007-12-12 12:13 <DIR> d——– C:\WINDOWS\ERUNT
2007-12-12 12:01 . 2007-12-12 12:01 <DIR> d——– C:\Program Files\Trend Micro
2007-12-12 11:43 . 2007-09-05 23:22 289,144 –a—— C:\WINDOWS\system32\VCCLSID.exe
2007-12-12 11:43 . 2006-04-27 16:49 288,417 –a—— C:\WINDOWS\system32\SrchSTS.exe
2007-12-12 11:43 . 2003-06-05 20:13 53,248 –a—— C:\WINDOWS\system32\Process.exe
2007-12-12 11:43 . 2004-07-31 17:50 51,200 –a—— C:\WINDOWS\system32\dumphive.exe
2007-12-12 11:43 . 2007-10-03 23:36 25,600 –a—— C:\WINDOWS\system32\WS2Fix.exe
2007-12-12 11:35 . 2007-12-12 11:37 3,624 –a—— C:\WINDOWS\system32\tmp.reg
2007-12-11 23:34 . 2007-12-11 23:34 1,044,480 –a—— C:\WINDOWS\system32\libdivx.dll
2007-12-11 23:34 . 2007-12-11 23:34 200,704 –a—— C:\WINDOWS\system32\ssldivx.dll
2007-12-10 20:34 . 2007-12-10 20:34 <DIR> d——– C:\Program Files\K-Lite Codec Pack
2007-12-03 22:25 . 2007-12-03 22:25 <DIR> d——– C:\Documents and Settings\LocalService\Application Data\SurfRight
2007-12-03 11:10 . 2007-12-03 11:10 <DIR> d——– C:\Program Files\SurfRight
2007-12-03 11:10 . 2007-12-03 11:10 <DIR> d——– C:\Documents and Settings\All Users\Application Data\SurfRight
2007-11-28 16:29 . 2007-11-28 16:30 161 –a—— C:\WINDOWS\system32\temp_0000_85-19.aok
2007-11-28 16:25 . 2007-11-28 16:25 162 –a—— C:\WINDOWS\system32\test.aok
2007-11-28 16:00 . 2007-11-28 16:00 33,824 –a—— C:\WINDOWS\system32\drivers\oreans32.sys
2007-11-28 15:07 . 2002-10-05 07:04 921,600 –a—— C:\WINDOWS\system32\vorbisenc.dll
2007-11-28 15:07 . 2004-01-11 08:02 258,048 –a—— C:\WINDOWS\system32\GplMpgDec.ax
2007-11-28 15:07 . 2002-10-07 02:42 237,568 –a—— C:\WINDOWS\system32\OggDS.dll
2007-11-28 15:07 . 2002-10-05 07:04 188,416 –a—— C:\WINDOWS\system32\vorbis.dll
2007-11-28 15:07 . 2007-04-12 14:19 129,024 –a—— C:\WINDOWS\system32\AVERM.dll
2007-11-28 15:07 . 2002-10-05 07:04 45,056 –a—— C:\WINDOWS\system32\ogg.dll
2007-11-28 15:07 . 2006-09-26 13:57 28,672 –a—— C:\WINDOWS\system32\AVEQT.dll
2007-11-28 15:03 . 2007-11-28 17:26 <DIR> d——– C:\Program Files\Allok 3gp psp mp4 ipod video converter
2007-11-28 13:16 . 2007-11-28 13:16 <DIR> d——– C:\Program Files\Xilisoft
2007-11-27 18:49 . 2007-11-28 17:20 <DIR> d——– C:\Program Files\Ultra Mobile 3GP Video Converter
2007-11-27 18:16 . 2006-03-29 00:35 475,136 –a—— C:\WINDOWS\system32\SkinCrafter.dll
2007-11-27 18:16 . 2007-03-09 09:35 208,896 –a—— C:\WINDOWS\system32\VideoEdit.ocx
2007-11-27 18:16 . 2007-03-09 09:37 139,264 –a—— C:\WINDOWS\system32\viscomqtde.dll
2007-11-27 18:16 . 2007-03-09 09:36 81,920 –a—— C:\WINDOWS\system32\viscomwave.dll
2007-11-27 16:48 . 2005-10-21 02:47 30,592 ——— C:\WINDOWS\system32\drivers\rndismpx.sys
2007-11-27 16:48 . 2005-10-21 02:47 12,800 ——— C:\WINDOWS\system32\drivers\usb8023x.sys
2007-11-27 16:47 . 2007-11-27 16:47 <DIR> d——– C:\Program Files\Microsoft ActiveSync
2007-11-27 16:46 . 2007-11-27 16:46 <DIR> d——– C:\Program Files\Windows Mobile-hulpbronnen
2007-11-26 14:33 . 2007-11-26 13:44 804,106 –a—— C:\WINDOWS\Roulette Cheat Guide.pdf
2007-11-19 15:41 . 2007-11-19 15:41 244 –ah—– C:\sqmnoopt12.sqm
2007-11-19 15:41 . 2007-11-19 15:41 232 –ah—– C:\sqmdata12.sqm
2007-11-19 15:13 . 2007-11-19 15:13 244 –ah—– C:\sqmnoopt11.sqm
2007-11-19 15:13 . 2007-11-19 15:13 232 –ah—– C:\sqmdata11.sqm
2007-11-19 14:42 . 2007-11-19 14:42 244 –ah—– C:\sqmnoopt10.sqm
2007-11-19 14:42 . 2007-11-19 14:42 232 –ah—– C:\sqmdata10.sqm
2007-11-19 14:41 . 2007-11-19 14:41 244 –ah—– C:\sqmnoopt09.sqm
2007-11-19 14:41 . 2007-11-19 14:41 232 –ah—– C:\sqmdata09.sqm
2007-11-19 14:29 . 2007-11-19 14:29 244 –ah—– C:\sqmnoopt08.sqm
2007-11-19 14:29 . 2007-11-19 14:29 232 –ah—– C:\sqmdata08.sqm
2007-11-19 14:22 . 2007-11-19 14:22 244 –ah—– C:\sqmnoopt07.sqm
2007-11-19 14:22 . 2007-11-19 14:22 232 –ah—– C:\sqmdata07.sqm
2007-11-19 13:40 . 2007-11-19 13:40 244 –ah—– C:\sqmnoopt06.sqm
2007-11-19 13:40 . 2007-11-19 13:40 232 –ah—– C:\sqmdata06.sqm
2007-11-19 13:08 . 2007-11-19 13:08 244 –ah—– C:\sqmnoopt05.sqm
2007-11-19 13:08 . 2007-11-19 13:08 232 –ah—– C:\sqmdata05.sqm
2007-11-19 12:25 . 2007-10-17 12:24 2,526,800 –a—— C:\WINDOWS\Install_B4Playing.exe
2007-11-19 12:25 . 2007-10-17 12:22 842,148 –a—— C:\WINDOWS\B4Playing Bonus Guide.pdf
2007-11-19 12:25 . 2007-11-18 14:32 112 –a—— C:\WINDOWS\B4Playing, the Smart Casino & Poker Players' Tool.url
2007-11-13 13:40 . 2007-11-13 13:40 <DIR> d——– C:\Poker
2007-11-05 16:30 . 2007-11-05 16:30 1,156 –a—— C:\WINDOWS\mozver.dat
2007-11-05 16:29 . 2007-11-05 16:29 0 –a—— C:\WINDOWS\nsreg.dat
2007-11-05 13:14 . 2007-11-05 13:14 <DIR> d——– C:\Documents and Settings\Greup\Application Data\PC Tools
2007-11-05 13:14 . 2007-12-12 12:08 <DIR> d-a—— C:\Documents and Settings\All Users\Application Data\TEMP
2007-11-05 13:14 . 2007-10-04 17:10 79,688 –a—— C:\WINDOWS\system32\drivers\iksyssec.sys
2007-11-05 13:14 . 2007-10-04 17:10 62,280 –a—— C:\WINDOWS\system32\drivers\iksysflt.sys
2007-11-05 13:14 . 2007-10-04 17:10 41,288 –a—— C:\WINDOWS\system32\drivers\ikfilesec.sys
2007-11-05 13:14 . 2007-10-04 17:11 29,000 –a—— C:\WINDOWS\system32\drivers\kcom.sys
2007-11-05 13:13 . 2007-11-05 13:13 <DIR> d——– C:\Documents and Settings\LocalService\Application Data\Webroot
2007-11-05 13:13 . 2005-09-23 07:29 626,688 –a—— C:\WINDOWS\system32\msvcr80.dll
2007-11-05 13:13 . 2007-03-01 19:54 144,960 –a—— C:\WINDOWS\system32\drivers\ssidrv.sys
2007-11-05 13:13 . 2007-03-01 19:54 22,080 –a—— C:\WINDOWS\system32\drivers\sshrmd.sys
2007-11-05 13:13 . 2007-03-01 19:54 21,056 –a—— C:\WINDOWS\system32\drivers\sskbfd.sys
2007-11-05 13:13 . 2007-03-01 19:54 20,544 –a—— C:\WINDOWS\system32\drivers\SSFS0509.sys
2007-11-05 13:12 . 2007-11-05 13:12 <DIR> d——– C:\Program Files\Webroot
2007-11-05 13:12 . 2007-11-05 13:12 <DIR> d——– C:\Documents and Settings\Greup\Application Data\Webroot
2007-11-05 13:12 . 2007-11-05 13:12 <DIR> d——– C:\Documents and Settings\All Users\Application Data\Webroot
2007-11-05 13:12 . 2007-11-05 13:12 164 –a—— C:\install.dat
2007-11-05 13:10 . 2007-12-03 11:33 <DIR> d——– C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-11-05 13:09 . 2007-11-05 13:08 512,096 –a—— C:\WINDOWS\system32\drivers\amon.sys
2007-11-05 13:09 . 2007-11-05 13:08 298,104 –a—— C:\WINDOWS\system32\imon.dll
2007-11-05 13:09 . 2007-11-05 13:08 15,424 –a—— C:\WINDOWS\system32\drivers\nod32drv.sys
2007-11-05 12:57 . 2007-11-05 12:57 <DIR> d——– C:\Program Files\SpywareBlaster
2007-11-05 12:57 . 2007-11-05 12:57 <DIR> d——– C:\Documents and Settings\All Users\Application Data\Prevx
2007-11-05 12:34 . 2007-11-05 12:34 <DIR> d——– C:\WINDOWS\system32\GroupPolicy
2007-11-05 12:33 . 2007-12-31 14:30 <DIR> d——– C:\Program Files\Hitman Pro
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-23 14:06 ——— d—–w C:\Program Files\DivX
2007-12-19 14:58 ——— d—–w C:\Program Files\Lexmark X1100 Series
2007-11-28 13:33 ——— d—–w C:\Documents and Settings\Greup\Application Data\BitTorrent
2007-11-13 10:25 20,480 —-a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-11-07 15:50 ——— d—–w C:\Program Files\MSN Messenger
2007-11-03 19:26 ——— d—–w C:\Program Files\LimeWire
2007-10-29 22:45 1,291,776 —-a-w C:\WINDOWS\system32\quartz.dll
2007-10-25 08:28 222,720 —-a-w C:\WINDOWS\system32\wmasf.dll
2006-10-18 09:09 30,066 —-a-w C:\WINDOWS\Fonts\walt_disney_script.zip
2006-06-22 12:35 6,704 —-a-w C:\Program Files\Pirates readme.txt
2006-06-20 22:40 883,162,283 —-a-w C:\Program Files\Data11.cab
2006-06-20 22:40 703,224 —-a-w C:\Program Files\Pirates of the Caribbean.msi
2006-06-20 22:40 1,936 —-a-w C:\Program Files\Setup.ini
2006-06-20 22:14 365,654,016 —-a-w C:\Program Files\Data1.cab
2005-11-13 22:49 5,693 —-a-w C:\Program Files\[u:762fb3df09]0[/u:762fb3df09]x0409.ini
2005-11-13 22:44 1,822,520 —-a-w C:\Program Files\instmsiw.exe
2005-11-13 22:44 1,708,856 —-a-w C:\Program Files\instmsia.exe
.
((((((((((((((((((((((((((((( snapshot@2007-12-12_12.55.35.30 )))))))))))))))))))))))))))))))))))))))))
.
+ 2006-11-06 17:04:56 28,672 -c–a-w C:\WINDOWS\system32\dllcache\wceusbsh.sys
+ 2006-11-06 17:04:56 28,672 —-a-w C:\WINDOWS\system32\drivers\wceusbsh.sys
- 2007-11-29 20:10:46 53,996 —-a-w C:\WINDOWS\system32\perfc009.dat
+ 2007-12-14 10:46:34 53,996 —-a-w C:\WINDOWS\system32\perfc009.dat
- 2007-11-29 20:10:46 71,054 —-a-w C:\WINDOWS\system32\perfc013.dat
+ 2007-12-14 10:46:34 71,054 —-a-w C:\WINDOWS\system32\perfc013.dat
- 2007-11-29 20:10:46 383,834 —-a-w C:\WINDOWS\system32\perfh009.dat
+ 2007-12-14 10:46:34 383,834 —-a-w C:\WINDOWS\system32\perfh009.dat
- 2007-11-29 20:10:46 446,016 —-a-w C:\WINDOWS\system32\perfh013.dat
+ 2007-12-14 10:46:34 446,016 —-a-w C:\WINDOWS\system32\perfh013.dat
- 2007-07-22 17:39:27 279,552 —-a-w C:\WINDOWS\system32\swreg.exe
+ 2007-12-13 20:26:50 156,160 —-a-w C:\WINDOWS\system32\swreg.exe
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 13:00]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" []
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 15:45]
"BitTorrent"="C:\Program Files\BitTorrent\bittorrent.exe" [2007-09-08 00:01]
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 18:34]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Lexmark X1100 Series"="C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe" [2003-08-19 15:41]
"WireLessMouse"="C:\Program Files\TCM\TCM Mouse Only\MouseDrv.exe" []
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 20:24]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2006-06-21 09:15]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-09-11 19:29]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2006-09-14 16:18]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2006-09-14 16:18]
"ShStatEXE"="C:\Program Files\Network Associates\VirusScan\SHSTAT.exe" [2004-09-22 19:00]
"McAfeeUpdaterUI"="C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" [2004-08-06 02:50]
"Network Associates Error Reporting Service"="C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe" [2003-10-07 08:48]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe" [2005-04-13 02:48]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 18:20]
"Hitman Pro Expiration Helper"="C:\Program Files\Hitman Pro\xphelper.exe" [2007-01-30 14:41]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 13:00]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""
R1 NaiAvTdi1;NaiAvTdi1;C:\WINDOWS\system32\drivers\mvstdi5x.sys [2004-09-22 19:00]
R1 oreans32;oreans32;C:\WINDOWS\system32\drivers\oreans32.sys [2007-11-28 16:00]
S1 ctredrv.sys;ctredrv.sys;C:\WINDOWS\system32\drivers\ctredrv.sys []
*Newly Created Service* - ENTDRV51
.
Inhoud van de 'Gedeelde Taken' map
"2007-12-31 13:33:53 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
.
**************************************************************************
catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-31 15:03:16
Windows 5.1.2600 Service Pack 2 NTFS
scannen van verborgen processen …
scannen van verborgen autostart items …
scannen van verborgen bestanden …
Scan succesvol afgerond
verborgen bestanden: 0
**************************************************************************
.
Voltooingstijd: 2007-12-31 15:04:32
C:\ComboFix2.txt … 2007-12-21 22:34
C:\ComboFix3.txt … 2007-12-13 14:23
.
2007-12-28 01:09:33 — E O F —
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:05:00, on 31-12-2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\BitTorrent\bittorrent.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\PROGRA~1\MICROS~3\rapimgr.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.home.nl/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
O4 - HKLM\..\Run: [WireLessMouse] C:\Program Files\TCM\TCM Mouse Only\MouseDrv.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [Hitman Pro Expiration Helper] "C:\Program Files\Hitman Pro\xphelper.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" –force_start_minimized
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Snelle start.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: StumbleUpon: &Blog This - res://StumbleUponIEBar.dll/blogimage
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra 'Tools' menuitem: Mobiele favorieten maken… - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {326A7290-FAE3-48C5-9FBA-F071633E1EB5} (VPlayer Control) - http://www.sonypictures.com/movies/casinoroyale/vividas/fulltrailer/player/vivid_ocx.jpeg
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.mail.live.com/mail/w1/resources/MSNPUpld.cab
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://cache.hyves-static.net/statics/Aurigma/ImageUploader4.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.5 Control) - http://cache.hyves.nl/statics/Aurigma/ImageUploader.cab
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/win/ActiveXPlugin.cab
O16 - DPF: {A91DEB0D-AD0D-453E-9AC8-60178EC24212} (VPlayer Control) - http://www.sonypictures.com/movies/davincicode/vividas/player/vivid_ocx.jpeg
O16 - DPF: {DCDC28C5-831C-43EA-9C02-78872CCCA409} (VPlayer Control) - http://video.vividas.com/CDN1/4896_sony/web/player/vivid_ocx.jpeg
O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} (AxisMediaControlEmb Class) - http://88.211.191.32:9999/activex/AMC.cab
O16 - DPF: {FD163A9A-A3D8-4F7D-8224-32F81AC29EDA} (VPlayer Control) - http://video.vividas.com/CDN1/5029_paramount/en/web/player/vivid_ocx.jpeg
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - Unknown owner - C:\Program Files\Spyware Doctor\svcntaux.exe (file missing)
O23 - Service: PC Tools Security Service (sdCoreService) - Unknown owner - C:\Program Files\Spyware Doctor\swdsvc.exe (file missing)
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
–
End of file - 8814 bytes - Hoe is het inmiddels met de problemen?
- Geen last meer van gehad dus lijkt allemaal goed te gaan.
- Ik heb er enkel nog overheen gekeken dat je meerdere virusscanners in je logfile hebt staan, NOD32 en McAfee. Meerdere virusscanners gaan elkaar tegenwerken en leiden tot onnodige traagheid. Verwijder daarom één van de twee scanners via start –> configuratiescherm –> software.
Herstart je PC en post een logje ter controle. - als ik NOD32 probeer te verwijderen krijg ik de boodschap er is een fout opgetreden tijdens het verwijderen van NOD32 antivirus systeem. mogelijk si de instalatie van dit onderdeel al ongedaan gemaakt. wilt u NOD32 antivirus systeem uit de lijst geinstalleerde programma's verwijderen?
- NOD32 is meegekomen met Hitman Pro, voer dit even uit:
http://www.hijackthis.nl/forum/viewtopic.php?t=12603
Plaats daarna een nieuw Hijackthis log ter controle.
Pim
Beantwoord deze vraag
Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.