Beste PC-dokter,

De laatste tijd wordt mijn PC geteisterd door verschillende virussen. Zo heb ik ondertussen het w32/trats ergens onder de leden (een hardnekkig en terugkerend virus), krijg ik sind kort de boodschap dat ik een NT_kernel error 1256 heb en is mijn controlpanel e.d. niet meer te openen.
Standaard programma's zoals McAfee, RegistrySmart en XoftspySe blijken niet te helpen.

Ik heb geen verstand van Hijacken, alles wat ik daarvan lees op dit forum is gen gesneden koek voor mij.

Wie wil mij helpen in begrijpbare teksten.


Dank, dank, dank.

Gerard

Download [b:6bad27006b] en sla deze op je bureaublad op.
Open [b:6bad27006b]HJTinstall.exe[/b:6bad27006b] om HijackThis te installeren.

Dubbelklik op het Icoontje van Hijackthis op je bureaublad
[i:6bad27006b](indien je meldingen krijgt, gewoon op OK ed. drukken)[/i:6bad27006b].
Kies de bovenste optie: "[b:6bad27006b]Do a systemscan and save a logfile[/b:6bad27006b]".

Als deze scan compleet is zal er een kladblok/notepad bestand openen.
Kopieer de inhoud van dit bestand en post het in het in je volgende reactie.

Hoi Juisterr.

Dank voor je reactie.
Ben wat verlaat want heb lange dag achter de rug.
Daarbij is er vandaag een generic dropper bijgekomen die mijn systeem overbelast met duizenden .tmp files.
Ja, ja, lachen.

Heb HJT gedownlaod en gedraaid.
Onderstaand de log file.
Ik hoop dat je me kunt helpen.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:00:27, on 26-1-2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLCapSvc.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\Dit.exe
C:\WINDOWS\system32\RunDll32.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\RALINK\RT2500 USB Wireless LAN Card\Installer\WINXP\RaConfig2500.exe
C:\Program Files\ScanWizard 5\ScannerFinder.exe
C:\WINDOWS\system32\ctfmon .exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\SiteAdvisor\6253\SAService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLSched.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://search.bearshare.com/sidebar.html?src=ssb
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startpagina.nl/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startpagina.nl/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll
F3 - REG:win.ini: load=[RANDOM CHARACTERS].exe
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\nl\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Dit] Dit.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [Keyboard Status] C:\PROGRA~1\Medion Tools\KeyStat\KeyStat.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Home Cinema\PowerCinema\PCMService.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask .exe" -atboottime
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
O4 - HKLM\..\Run: [McENUI] C:\PROGRA~1\McAfee\MHN\McENUI.exe /hide
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: RaConfig2500.lnk = C:\Program Files\RALINK\RT2500 USB Wireless LAN Card\Installer\WINXP\RaConfig2500.exe
O4 - Global Startup: Scanner Finder.lnk = C:\Program Files\ScanWizard 5\ScannerFinder.exe
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.mediamall.tv
O15 - Trusted Zone: *.musicmatch.com
O15 - Trusted Zone: *.musicmatch.com (HKLM)
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-3-30.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/nl/4,0,0,83/mcinsctl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {5D8844F9-1CB8-11D2-A0A0-00600859EB9F} (PatchCtl Class) - file://C:\Program Files\EA SPORTS\FIFA 2004\update.1.1\patchx2.cab
O16 - DPF: {6211AC26-A1B4-422A-AC52-1E70B7D24465} (FileSharingCtrl Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/FileSharing/nl/filesharingctrl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1106838455765
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.5 Control) - http://80.73.129.185/fotoxs/ImageUploader3.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/mcgdmgr/nl/1,0,0,20/mcgdmgr.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game10.zylom.com/activex/zylomgamesplayer.cab
O16 - DPF: {C3CD13CE-D69B-439F-9581-21218A5A2A94} (OkeFtpUpload Control) - http://live.mediamall.tv/mmuser/OkeFtpUpload.ocx
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
O23 - Service: McAfee Application Installer Cleanup (0048551201305110) (0048551201305110mcinstcleanup) - McAfee, Inc. - C:\DOCUME~1\Gerard\LOCALS~1\Temp\004855~1.EXE
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: C-DillaCdaC11BA - C-Dilla Ltd - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: MBackMonitor - McAfee - C:\Program Files\McAfee\MBK\MBackMonitor.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: SiteAdvisor-service (SiteAdvisor Service) - Unknown owner - C:\Program Files\SiteAdvisor\6253\SAService.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Unknown owner - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe (file missing)
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe

–
End of file - 11292 bytes

Download http://www.mvps.org/winhelp2002/DelDomains.inf

Klik met je rechtermuis op het deldomains.inf bestand en selecteer "Installeer".

run het even.



Start Hijackthis op en kies voor 'Do a system scan only'
Selecteer alleen de items die hieronder zijn genoemd:
[b:5f2e433e6e]
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://search.bearshare.com/sidebar.html?src=ssb
R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll
F3 - REG:win.ini: load=[RANDOM CHARACTERS].exe

[/b:5f2e433e6e]
Klik op 'Fix checked' om de items te verwijderen.




Download [b:5f2e433e6e].
[list:5f2e433e6e][*:5f2e433e6e]Scroll omlaag naar : "[i:5f2e433e6e]Java Runtime Environment (JRE) 6u4[/i:5f2e433e6e]".
[*:5f2e433e6e]Klik op de "[b:5f2e433e6e]Download[/b:5f2e433e6e]" knop aan de rechterkant.
[*:5f2e433e6e]In het uitklapmenu rechts naast [b:5f2e433e6e]Platform[/b:5f2e433e6e], selecteer

Hoi Juisterr,


Daar ben ik weer.
Was nogal wat huiswerk.
Reden is dat combifix meer als 2 uur heeft gedraaid om al die .tmp te scannen en verwijderen. De log is dan ook ontzettend lang. Hoop dat d e site het aankan.
Alvast dank voor je volgende avdies.

ComboFix 08-01-23.1C - Gerard 2008-01-26 17:05:18.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1043.18.539 [GMT 1:00]
Gestart vanuit: C:\Documents and Settings\Gerard\Bureaublad\ComboFix.exe
* Nieuw herstelpunt werd aangemaakt

Ja, dat dacht ik al.
Was ook een lang bericht.
Ik zal d erst van de log van combifix geven, zonder al die .tmp en de log van HJT.
Komt-ie mog eens.


C:\posFF0.tmp
C:\posFF1.tmp
C:\posFF2.tmp
C:\posFF3.tmp
C:\posFF4.tmp
C:\posFF5.tmp
C:\posFF6.tmp
C:\posFF7.tmp
C:\posFF8.tmp
C:\posFF9.tmp
C:\posFFA.tmp
C:\posFFB.tmp
C:\posFFC.tmp
C:\posFFD.tmp
C:\posFFE.tmp
C:\posFFF.tmp
C:\Program Files\McAfee\SpamKiller\MSKDetct .exe
C:\Program Files\McAfee\SpamKiller\MSKDetct.exe
C:\Program Files\QuickTime\qttask .exe
C:\WINDOWS\cookies.ini
C:\WINDOWS\ime\imjp8_1\IMJPMIG .EXE
C:\WINDOWS\ime\imkr6_1\IMEKRMIG .EXE
C:\WINDOWS\system32\chljhmat.dll
C:\WINDOWS\system32\chljhmat.dllbox
C:\WINDOWS\system32\ctfmon .exe
C:\WINDOWS\system32\ctfmon.exe.tmp
C:\WINDOWS\system32\hhujimmy.dll
C:\WINDOWS\system32\llnmp.ini
C:\WINDOWS\system32\llnmp.ini2
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\pmnll.dll
C:\WINDOWS\system32\rdcjmmki.dll
C:\WINDOWS\system32\uouthsqm.dll
C:\WINDOWS\system32\ymmijuhh.ini

[code:1:b210459713] <pre>
C:\Program Files\McAfee\SpamKiller\MSKDetct .exe —> QooBox
C:\Program Files\QuickTime\qttask .exe —> QooBox
C:\Program Files\QuickTime\qttask .exe —> qttask.exe
C:\Program Files\QuickTime\qttask .exe —> qttask.exe
C:\Program Files\QuickTime\qttask .exe —> qttask.exe
C:\Program Files\QuickTime\qttask .exe —> qttask.exe
C:\Program Files\QuickTime\qttask .exe —> qttask.exe
C:\Program Files\QuickTime\qttask .exe —> qttask.exe
C:\Program Files\QuickTime\qttask .exe —> qttask.exe
C:\Program Files\QuickTime\qttask .exe —> qttask.exe
C:\Program Files\QuickTime\qttask .exe —> qttask.exe
C:\Program Files\QuickTime\qttask .exe —> qttask.exe
C:\Program Files\QuickTime\qttask .exe —> qttask.exe
C:\Program Files\QuickTime\qttask .exe —> qttask.exe
C:\Program Files\QuickTime\qttask .exe —> qttask.exe
C:\Program Files\QuickTime\qttask .exe —> qttask.exe
C:\Program Files\QuickTime\qttask .exe —> qttask.exe
C:\Program Files\QuickTime\qttask .exe —> qttask.exe
C:\Program Files\QuickTime\qttask .exe —> qttask.exe
C:\Program Files\QuickTime\qttask .exe —> qttask.exe
C:\Program Files\QuickTime\qttask .exe —> qttask.exe
C:\Program Files\QuickTime\qttask .exe —> qttask.exe
C:\Program Files\QuickTime\qttask .exe —> qttask.exe
C:\Program Files\QuickTime\qttask .exe —> qttask.exe
C:\Program Files\QuickTime\qttask .exe —> qttask.exe
C:\WINDOWS\ime\imjp8_1\IMJPMIG .EXE —> QooBox
C:\WINDOWS\ime\imkr6_1\IMEKRMIG .EXE —> QooBox
C:\WINDOWS\system32\ctfmon .exe —> QooBox
</pre> [/code:1:b210459713]
.
.
(((((((((((((((((((( Bestanden Gemaakt van 2007-12-26 to 2008-01-26 ))))))))))))))))))))))))))))))
.

2008-01-26 17:01 . 2000-08-31 08:00 51,200 –a—— C:\WINDOWS\Nircmd.exe
2008-01-26 16:52 . 2007-12-14 01:59 69,632 –a—— C:\WINDOWS\system32\javacpl.cpl
2008-01-26 16:51 . 2008-01-26 16:51 <DIR> d——– C:\Program Files\Java
2008-01-26 00:59 . 2008-01-26 00:59 <DIR> d——– C:\Program Files\Trend Micro
2008-01-25 22:06 . 2008-01-25 22:06 <DIR> d——– C:\Program Files\Lavasoft
2008-01-25 22:05 . 2008-01-25 22:05 <DIR> d——– C:\Program Files\Common Files\Wise Installation Wizard
2008-01-17 01:28 . 2008-01-23 19:04 <DIR> d——– C:\Program Files\XoftSpySE
2008-01-13 12:17 . 2004-08-04 13:00 10,096,640 –a–c— C:\WINDOWS\system32\dllcache\hwxcht.dll
2008-01-13 12:16 . 2004-08-04 13:00 332,800 –a–c— C:\WINDOWS\system32\dllcache\aqueue.dll
2008-01-13 12:13 . 2008-01-13 12:13 749 -rah—– C:\WINDOWS\WindowsShell.Manifest
2008-01-13 12:13 . 2008-01-13 12:13 749 -rah—– C:\WINDOWS\system32\wuaucpl.cpl.manifest
2008-01-13 12:13 . 2008-01-13 12:13 749 -rah—– C:\WINDOWS\system32\sapi.cpl.manifest
2008-01-13 12:13 . 2008-01-13 12:13 749 -rah—– C:\WINDOWS\system32\ncpa.cpl.manifest
2008-01-13 12:13 . 2008-01-13 12:13 488 -rah—– C:\WINDOWS\system32\logonui.exe.manifest
2008-01-05 16:32 . 2004-08-04 13:00 1,086,058 -ra—— C:\WINDOWS\SETF5.tmp
2008-01-05 16:32 . 2004-08-04 13:00 1,014,139 -ra—— C:\WINDOWS\SETF2.tmp
2008-01-05 16:32 . 2004-08-04 13:00 14,043 -ra—— C:\WINDOWS\SET101.tmp
2007-12-27 13:06 . 2007-12-27 13:06 <DIR> d——– C:\Program Files\GameSpy
2007-12-27 12:47 . 2007-12-27 12:47 22,328 –a—— C:\WINDOWS\system32\drivers\PnkBstrK.sys
2007-12-27 12:46 . 2007-07-19 18:14 3,727,720 –a—— C:\WINDOWS\system32\d3dx9_35.dll
2007-12-27 12:46 . 2007-05-16 16:45 3,497,832 –a—— C:\WINDOWS\system32\d3dx9_34.dll
2007-12-27 12:46 . 2007-07-19 18:14 1,358,192 –a—— C:\WINDOWS\system32\D3DCompiler_35.dll
2007-12-27 12:46 . 2007-05-16 16:45 1,124,720 –a—— C:\WINDOWS\system32\D3DCompiler_34.dll
2007-12-27 12:46 . 2007-12-27 12:46 669,184 –a—— C:\WINDOWS\system32\pbsvc.exe
2007-12-27 12:46 . 2007-05-16 16:45 443,752 –a—— C:\WINDOWS\system32\d3dx10_34.dll
2007-12-27 12:46 . 2007-12-27 12:46 103,736 –a—— C:\WINDOWS\system32\PnkBstrB.exe
2007-12-27 12:46 . 2007-04-04 18:53 81,768 –a—— C:\WINDOWS\system32\xinput1_3.dll
2007-12-27 12:46 . 2007-12-27 12:46 66,872 –a—— C:\WINDOWS\system32\PnkBstrA.exe
2007-12-26 23:19 . 2008-01-10 01:17 155,648 –a—— C:\WINDOWS\system32\NeroCheck .exe

.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-26 19:22 17,408 —-a-w C:\WINDOWS\system32\drivers\USBCRFT.SYS
2008-01-26 19:07 ——— d—–w C:\Program Files\QuickTime
2008-01-26 14:42 ——— d—–w C:\Program Files\McAfee
2008-01-25 23:53 ——— d—–w C:\Program Files\SiteAdvisor
2008-01-25 22:21 ——— d—–w C:\Program Files\BearShare Applications
2008-01-24 23:59 ——— d—–w C:\Program Files\NoAdware3
2008-01-11 21:45 ——— d—–w C:\Program Files\Shareaza
2008-01-11 18:45 ——— d—–w C:\Program Files\PowerISO
2008-01-11 18:45 ——— d—–w C:\Program Files\D-Tools
2007-12-27 11:40 ——— d—–w C:\Program Files\Electronic Arts
2007-12-27 11:38 ——— d—–w C:\Program Files\EA GAMES
2007-12-27 11:37 ——— d—–w C:\Program Files\Dreamfall - The Longest Journey
2007-12-26 17:08 ——— d—–w C:\Program Files\LimeWire
2007-12-24 12:47 ——— d—–w C:\Program Files\Turbo Torrent
2007-12-24 12:41 ——— d–h–w C:\Program Files\InstallShield Installation Information
2007-12-24 12:41 ——— d—–w C:\Program Files\Ubi Soft
2007-12-24 12:40 ——— d—–w C:\Program Files\Postbank
2007-12-24 12:38 ——— d—–w C:\Program Files\Activision
2007-12-24 12:36 ——— d—–w C:\Program Files\EA SPORTS
2007-12-24 12:32 ——— d—–w C:\Program Files\Azureus
2007-12-12 00:31 ——— d—–w C:\Program Files\McAfee.com
2007-12-07 20:11 25,280 —-a-w C:\WINDOWS\system32\drivers\hamachi.sys
2007-12-07 20:11 ——— d—–w C:\Program Files\van max
2007-12-02 11:15 ——— d—–w C:\Program Files\Google
2005-09-11 21:51 56 –sha-r C:\WINDOWS\system32\3FC26D6B5D.sys
2005-01-27 13:59 8 –sha-r C:\WINDOWS\system32\62A95D688F.sys
2007-07-29 18:37 15,278 –sha-w C:\WINDOWS\system32\KGyGaAvL.sys
.
[code:1:b210459713]<pre>
—-a-w 344,064 2008-01-10 00:17:09 C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx .exe
—-a-w 81,920 2008-01-10 00:17:18 C:\Program Files\D-Tools\daemon .exe
—-a-w 36,864 2008-01-02 16:30:29 C:\Program Files\GameSpy\Comrade\Comrade .exe
—-a-w 1,838,592 2008-01-10 00:17:38 C:\Program Files\Google\Google Desktop Search\GoogleDesktop .exe
—-a-w 68,856 2008-01-10 00:17:43 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier .exe
—-a-w 118,926 2008-01-10 00:17:12 C:\Program Files\Home Cinema\PowerCinema\PCMService .exe
—-a-w 144,784 2008-01-26 15:55:28 C:\Program Files\Java\jre1.6.0_04\bin\jusched .exe
—-a-w 103,712 2008-01-10 00:17:32 C:\Program Files\Macrogaming\SweetIM\SweetIM .exe
—-a-w 1,160,480 2008-01-26 14:43:43 C:\Program Files\McAfee\MHN\McENUI .exe
—-a-w 582,992 2008-01-26 14:43:35 C:\Program Files\McAfee.com\Agent\mcagent .exe
—-a-w 411,648 2008-01-15 01:28:45 C:\Program Files\Medion Tools\KeyStat\KeyStat .exe
—-a-w 200,704 2008-01-10 00:17:25 C:\Program Files\PowerISO\PWRISOVM .EXE
—-a-w 3,887,104 2008-01-04 11:28:35 C:\Program Files\Shareaza\Shareaza .exe
—-a-w 35,928 2008-01-10 00:17:30 C:\Program Files\SiteAdvisor\6253\SiteAdv .exe
—-a-w 204,288 2008-01-10 00:17:48 C:\Program Files\Windows Media Player\WMPNSCFG .exe
—-a-w 155,648 2008-01-10 00:17:08 C:\WINDOWS\system32\NeroCheck .exe
</pre>[/code:1:b210459713]


((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8a86aac3-f6f7-451e-b980-9d74106b4e42}]
C:\WINDOWS\system32\uouthsqm.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9DBE3D0E-82C8-430C-8057-EBB149B13628}]
C:\WINDOWS\system32\pmnll.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [ ]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [ ]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 13:00 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AGRSMMSG"="AGRSMMSG.exe" [2005-03-04 11:01 88209 C:\WINDOWS\AGRSMMSG.exe]
"Dit"="Dit.exe" [2004-07-20 18:18 90112 C:\WINDOWS\Dit.exe]
"Cmaudio"="cmicnfg.cpl" []
"Keyboard Status"="C:\PROGRA~1\Medion Tools\KeyStat\KeyStat.exe" [ ]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [ ]
"PCMService"="C:\Program Files\Home Cinema\PowerCinema\PCMService.exe" [ ]
"QuickTime Task"="C:\Program Files\QuickTime\qttask .exe" [ ]
"DAEMON Tools-1033"="C:\Program Files\D-Tools\daemon.exe" [ ]
"PWRISOVM.EXE"="C:\Program Files\PowerISO\PWRISOVM.EXE" [ ]
"SiteAdvisor"="C:\Program Files\SiteAdvisor\6253\SiteAdv.exe" [ ]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [ ]
"mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [ ]
"MSKDetectorExe"="C:\Program Files\McAfee\SpamKiller\MSKDetct.exe" [ ]
"MISAggregator"="" []
"McENUI"="C:\PROGRA~1\McAfee\MHN\McENUI.exe" [ ]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe" [ ]
"combofix"="C:\WINDOWS\system32\cmd.exe" [2004-08-04 13:00 399360]

C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\
Google Updater.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2007-12-02 12:15:23 126136]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 10:01:04 83360]
RaConfig2500.lnk - C:\Program Files\RALINK\RT2500 USB Wireless LAN Card\Installer\WINXP\RaConfig2500.exe [2005-01-27 13:35:21 528384]
Scanner Finder.lnk - C:\Program Files\ScanWizard 5\ScannerFinder.exe [2005-03-21 00:41:52 315392]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\chljhmat]
chljhmat.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\gebbcdd]
gebbcdd.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
"LoadAppInit_DLLs"=1 (0x1)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli [RANDOM CHARACTERS].dll

R3 3xHybrid;3xHybrid service;C:\WINDOWS\system32\DRIVERS\3xHybrid.sys [2004-10-06 14:10]
R3 cmudax;C-Media High Definition Audio Interface;C:\WINDOWS\system32\drivers\cmudax.sys [2004-10-01 13:58]
R3 wbscr;Winbond Smartcard Reader for I/O;C:\WINDOWS\system32\drivers\wbscr.sys [2002-04-24 12:07]
S3 BTNetFilter;Bluetooth Network Filter;C:\WINDOWS\system32\drivers\BTNetFilter.sys [2004-12-16 16:32]
S3 CardReaderFilter;Card Reader Filter;C:\WINDOWS\system32\Drivers\USBCRFT.SYS [2008-01-26 20:22]
S3 gkmixern;gkmixern;C:\DOCUME~1\Max\LOCALS~1\Temp\gkmixern.sys []
S3 PCASp50;PCASp50 NDIS Protocol Driver;C:\WINDOWS\system32\Drivers\PCASp50.sys []

.
Inhoud van de 'Gedeelde Taken' map
"2008-01-15 00:00:00 C:\WINDOWS\Tasks\McDefragTask.job"
- C:\WINDOWS\system32\defrag.exe
"2007-11-01 00:00:01 C:\WINDOWS\Tasks\McQcTask.job"
- c:\program files\mcafee\mqc\QcConsol.exe
"2008-01-26 19:21:55 C:\WINDOWS\Tasks\XoftSpySE 2.job"
- C:\Program Files\XoftSpySE\XoftSpy.exe
"2008-01-26 02:00:00 C:\WINDOWS\Tasks\XoftSpySE.job"
- C:\Program Files\XoftSpySE\XoftSpy.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-26 20:22:34
Windows 5.1.2600 Service Pack 2 NTFS

scannen van verborgen processen …

scannen van verborgen autostart items …

scannen van verborgen bestanden …

Scan succesvol afgerond
verborgen bestanden: 0

**************************************************************************
.
Voltooingstijd: 2008-01-26 20:30:00 - machine was rebooted
ComboFix-quarantined-files.txt 2008-01-26 19:29:56
.
2008-01-26 12:30:07 — E O F —


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:31:22, on 26-1-2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLCapSvc.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\SiteAdvisor\6253\SAService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLSched.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\Dit.exe
C:\WINDOWS\system32\RunDll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\RALINK\RT2500 USB Wireless LAN Card\Installer\WINXP\RaConfig2500.exe
C:\Program Files\ScanWizard 5\ScannerFinder.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\McAfee\MSC\mcuimgr.exe
C:\WINDOWS\system32\notepad.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcvsshld.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startpagina.nl/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startpagina.nl/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O2 - BHO: SWEETIE - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - C:\PROGRA~1\MACROG~1\SWEETI~1\toolbar.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\nl\msntb.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\nl\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Dit] Dit.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [Keyboard Status] C:\PROGRA~1\Medion Tools\KeyStat\KeyStat.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Home Cinema\PowerCinema\PCMService.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask .exe" -atboottime
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
O4 - HKLM\..\Run: [McENUI] C:\PROGRA~1\McAfee\MHN\McENUI.exe /hide
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: RaConfig2500.lnk = C:\Program Files\RALINK\RT2500 USB Wireless LAN Card\Installer\WINXP\RaConfig2500.exe
O4 - Global Startup: Scanner Finder.lnk = C:\Program Files\ScanWizard 5\ScannerFinder.exe
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-3-30.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/nl/4,0,0,83/mcinsctl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {5D8844F9-1CB8-11D2-A0A0-00600859EB9F} (PatchCtl Class) - file://C:\Program Files\EA SPORTS\FIFA 2004\update.1.1\patchx2.cab
O16 - DPF: {6211AC26-A1B4-422A-AC52-1E70B7D24465} (FileSharingCtrl Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/FileSharing/nl/filesharingctrl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1106838455765
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.5 Control) - http://80.73.129.185/fotoxs/ImageUploader3.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/mcgdmgr/nl/1,0,0,20/mcgdmgr.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game10.zylom.com/activex/zylomgamesplayer.cab
O16 - DPF: {C3CD13CE-D69B-439F-9581-21218A5A2A94} (OkeFtpUpload Control) - http://live.mediamall.tv/mmuser/OkeFtpUpload.ocx
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
O20 - Winlogon Notify: gebbcdd - gebbcdd.dll (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: C-DillaCdaC11BA - C-Dilla Ltd - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: MBackMonitor - McAfee - C:\Program Files\McAfee\MBK\MBackMonitor.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: SiteAdvisor-service (SiteAdvisor Service) - Unknown owner - C:\Program Files\SiteAdvisor\6253\SAService.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Unknown owner - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe (file missing)
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe

–
End of file - 12197 bytes

Inderdaad, een lang logje.

Open Kladblok, kopieer en plak het volgende ( , tekst) in een leeg venster: [list:618449720e][b:618449720e][code:1:618449720e]
File::
C:\WINDOWS\system32\uouthsqm.dll
C:\WINDOWS\system32\pmnll.dll

RENV::
<pre>
—-a-w 344,064 2008-01-10 00:17:09 C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx .exe
—-a-w 81,920 2008-01-10 00:17:18 C:\Program Files\D-Tools\daemon .exe
—-a-w 36,864 2008-01-02 16:30:29 C:\Program Files\GameSpy\Comrade\Comrade .exe
—-a-w 1,838,592 2008-01-10 00:17:38 C:\Program Files\Google\Google Desktop Search\GoogleDesktop .exe
—-a-w 68,856 2008-01-10 00:17:43 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier .exe
—-a-w 118,926 2008-01-10 00:17:12 C:\Program Files\Home Cinema\PowerCinema\PCMService .exe
—-a-w 144,784 2008-01-26 15:55:28 C:\Program Files\Java\jre1.6.0_04\bin\jusched .exe
—-a-w 103,712 2008-01-10 00:17:32 C:\Program Files\Macrogaming\SweetIM\SweetIM .exe
—-a-w 1,160,480 2008-01-26 14:43:43 C:\Program Files\McAfee\MHN\McENUI .exe
—-a-w 582,992 2008-01-26 14:43:35 C:\Program Files\McAfee.com\Agent\mcagent .exe
—-a-w 411,648 2008-01-15 01:28:45 C:\Program Files\Medion Tools\KeyStat\KeyStat .exe
—-a-w 200,704 2008-01-10 00:17:25 C:\Program Files\PowerISO\PWRISOVM .EXE
—-a-w 3,887,104 2008-01-04 11:28:35 C:\Program Files\Shareaza\Shareaza .exe
—-a-w 35,928 2008-01-10 00:17:30 C:\Program Files\SiteAdvisor\6253\SiteAdv .exe
—-a-w 204,288 2008-01-10 00:17:48 C:\Program Files\Windows Media Player\WMPNSCFG .exe
—-a-w 155,648 2008-01-10 00:17:08 C:\WINDOWS\system32\NeroCheck .exe
</pre>

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8a86aac3-f6f7-451e-b980-9d74106b4e42}]

[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9DBE3D0E-82C8-430C-8057-EBB149B13628}]

[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\chljhmat]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\gebbcdd]

[/code:1:618449720e][/b:618449720e]

[/list:u:618449720e]Sla dit op op je Bureaublad als [b:618449720e]CFScript.txt[/b:618449720e].

Sleep [b:618449720e]CFScript.txt[/b:618449720e] in [b:618449720e]ComboFix.exe[/b:618449720e] zoals getoond in onderstaand voorbeeld :

[img:618449720e]http://img.photobucket.com/albums/v666/sUBs/CFScript.gif[/img:618449720e]

Dit zal [b:618449720e]ComboFix[/b:618449720e] doen herstarten.

Na het herstarten van je computer, (indien het vraagt om te herstarten), kopieer en plak de inhoud van [b:618449720e]Combofix.txt[/b:618449720e] in je volgende antwoord.

Hoi Juisterr,

Bedankt voor je antwoord.
Zo gezegd, zo gedaan.
Dit keer was Combifix idd in 5 minuten klaar.
Volgens mij gaat het de goede kant op.
Onderstaande log van combifix en een nieuwe van HJT.

Bij voorbaat dank voor de volgende suggestie.

Gerard

ComboFix 08-01-23.1C - Gerard 2008-01-27 11:44:41.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1043.18.603 [GMT 1:00]
Gestart vanuit: C:\Documents and Settings\Gerard\Bureaublad\ComboFix.exe
Command switches used :: C:\Documents and Settings\Gerard\Bureaublad\CFScript.txt
* Nieuw herstelpunt werd aangemaakt

Ik zou zelf sweetim verwijderen.


Start Hijackthis op en kies voor 'Do a system scan only'
Selecteer alleen de items die hieronder zijn genoemd:
[b:6f70459fa2]
R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll
O2 - BHO: SWEETIE - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - C:\PROGRA~1\MACROG~1\SWEETI~1\toolbar.dll
O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll



[/b:6f70459fa2]
Klik op 'Fix checked' om de items te verwijderen.

vertel even hoe het nu gaat aub.

Hoi Juisterr,

Heb de 3 regels verwijderd, dus ook wsweetIM.


Verder gaat het heel erg goed , geloof ik.

De PC strat in 1 keer goed op.
Geen meldingen meer, ook niet die van kernel error 1256 (ik weet ook nietw at het was, maar hij is nu weg)

de meldingen van w32.trats (door McAfee) blijven achterwege (maar is hij dan ook echt weg?)
En de generic dropper is volgens mij ookw eg, want er worden geen .tmp files meer aangemaakt.

Ik weet niet precies wat je me allemaal hebt laten doen, maar in vergelijking met 2 dagen geleden loopt hij hardstikke goed.

Tot zover al heel veel dank (zeg maar waar de fles wijn naar toe moet..)

Ik vraag me alleen nog 2 dingen af:
- Zie nog een regel staan die ik niet begrijp. Weet jij welk programma dit.exe is. Staat in regel O4-HKLM\…\run: dit.exe.
- moet ik nog iets doen om de huidige situtaie te bestendigen cq een nieuw systeem herstelpunt te krijgen?

Groet,

Gerard

http://www.liutilities.com/products/wintaskspro/processlibrary/dit/

Je mag alle gebruikte tools en aangemaakte mappen terug verwijderen.

Verwijder ComboFix via [b:ce621b8dc3]Start[/b:ce621b8dc3] > [b:ce621b8dc3]Uitvoeren[/b:ce621b8dc3], kopiëer en plak [b:ce621b8dc3]Combofix /U[/b:ce621b8dc3] klik op OK of toets Enter.
Dit verwijdert zowel ComboFix, als je oude systeemherstelpunten (met eventuele restanten van malware), en maakt een nieuw systeemherstelpunt aan.

[img:ce621b8dc3]http://hicheckthis.gethost.nl/images/Uninstall_combofix.JPG[/img:ce621b8dc3]

alles goed zo ??

Hoi Juisterr,

Ik vermoed dat alles goed is.
Krijg geen meldingen meer.
PC start sneller op (of wil ik dat graag zo zien?)
Wat mij betreft doet ie het beter dan voorheen.
Slechts 1 maartje.

Heb de site bezocht achtr jouw link inzake dit.exe.
Snap het programma (das dus OK)
Maar de gratis scan op mijn registry gaf aan dat ik (schrik niet) 781 errors had.
Ben ik nu gek of is dit een verkooptruc.

Nee , je hoeft niet te antwoorden.
Jij hebt al genoeg gedaan.

Hardstikke bedankt voor je hulp.
Stel ik zeer op prijs.
Aanbod van de fles wijn blijst staan.

Groet,

Gerard