Vraag & Antwoord
hijack this log
8 antwoorden
- Hallo ik heb wat problemen op mijn pc, steeds als ik op internet rond surf komen er pop ups te voorschijn van www.mt50.nl die ik niet weg krijg met cleaning tooltjes.
ook heb ik bij mijn startup manager in het programma tweak now de volgende filename staan :8cd1b7b4 en bij PATH staan dit : rundll.exe"C:\WINDOWS\system32\xpmktoli.dll",b
En als ik die mee laat opstarten krijg ik tijdens het opstarten dus een foutmelding met C:\WINDOWS\system32\xpmktoli.dll dat hij de module niet kan vinden,als ik dit dus uitvink bij tweak now en het dus niet mee op laat starten is de foutmelding wel weg, maar ik wil graag weten waar dit vanaf komt of bij welk programma dit hoort ik heb dus echt geen idee en zoek resultaten met google leveren niks op.
Ik heb een hijack this log toegevoegt om te kijken of jullie er wat rotzooi in kunnen vinden.
Alvast bedankt voor jullie tijd en moeite
Mvg. Opelmantagek
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:37:06, on 8-3-2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\IncrediMail\bin\ImApp.exe
C:\WINDOWS\system32\lxcecoms.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.home.nl/?from=start.home.nl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll
O4 - HKLM\..\Run: [Snelkoppeling naar eigenschappenvenster voor High Definition Audio] HDAShCut.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [LXCECATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCEtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1215861374390
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1200165312531
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: lxce_device - Lexmark International, Inc. - C:\WINDOWS\system32\lxcecoms.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
–
End of file - 6798 bytes - Volg
- ComboFix 08-03-09.1 - Stan 2008-03-09 17:57:06.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1043.18.622 [GMT 1:00]
Gestart vanuit: C:\Documents and Settings\Stan\Bureaublad\ComboFix.exe
.
(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\system32\jkkjk.dll
C:\WINDOWS\system32\kjkkj.ini
C:\WINDOWS\system32\kjkkj.ini2
.
(((((((((((((((((((( Bestanden Gemaakt van 2008-02-09 to 2008-03-09 ))))))))))))))))))))))))))))))
.
2008-03-08 22:36 . 2008-03-08 22:36 <DIR> d——– C:\Program Files\Trend Micro
2008-03-03 12:07 . 2008-03-03 12:07 268 –ah—– C:\sqmdata05.sqm
2008-03-03 12:07 . 2008-03-03 12:07 244 –ah—– C:\sqmnoopt05.sqm
2008-02-25 14:07 . 2008-02-25 14:07 <DIR> d——– C:\Program Files\Tuning Car Studio
2008-02-25 13:23 . 2008-02-25 13:24 <DIR> d——– C:\Program Files\PcMedik
2008-02-22 09:23 . 2008-02-22 10:01 151 –a—— C:\WINDOWS\PhotoSnapViewer.INI
2008-02-19 10:43 . 2008-02-22 20:30 2,334 —hs—- C:\WINDOWS\system32\ilotkmpx.ini
2008-02-16 10:51 . 2008-02-19 09:37 1,254 —hs—- C:\WINDOWS\system32\ggmkjwpm.ini
2008-02-15 09:19 . 2008-02-15 09:19 691,545 –a—— C:\WINDOWS\unins000.exe
2008-02-15 09:19 . 2008-02-15 09:19 3,449 –a—— C:\WINDOWS\unins000.dat
2008-02-15 09:06 . 2008-02-16 10:48 834 —hs—- C:\WINDOWS\system32\blcjpkgm.ini
2008-02-14 09:08 . 2008-02-15 09:00 474 —hs—- C:\WINDOWS\system32\lxmqcmmh.ini
2008-02-12 15:51 . 2008-02-12 15:51 <DIR> d——– C:\WINDOWS\Sun
2008-02-12 10:13 . 2008-02-12 10:13 <DIR> d–hs—- C:\WINDOWS\ftpcache
2008-02-12 10:06 . 2008-02-12 10:06 268 –ah—– C:\sqmdata04.sqm
2008-02-12 10:06 . 2008-02-12 10:06 244 –ah—– C:\sqmnoopt04.sqm
2008-02-11 20:10 . 2008-02-11 20:10 244 –ah—– C:\sqmnoopt03.sqm
2008-02-11 20:10 . 2008-02-11 20:10 232 –ah—– C:\sqmdata03.sqm
2008-02-10 20:58 . 2008-02-10 20:58 22 –a—— C:\Display.opt
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-12 11:03 ——— d—–w C:\Program Files\microsoft frontpage
2008-03-09 16:52 ——— d—–w C:\Documents and Settings\All Users\Application Data\Symantec
2008-03-09 16:45 ——— d—–w C:\Program Files\Lx_cats
2008-03-08 21:14 ——— d—–w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-03-07 15:30 ——— d—–w C:\Program Files\Bit Che
2008-03-02 19:17 ——— d—–w C:\Program Files\Common Files\Symantec Shared
2008-02-21 14:48 ——— d—–w C:\Program Files\Common Files\InstallShield
2008-02-20 09:08 ——— d—–w C:\Program Files\Common Files\Adobe
2008-02-15 08:25 ——— d—–w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-02-15 08:22 ——— d—–w C:\Program Files\Spybot - Search & Destroy
2008-02-14 10:10 ——— d–h–w C:\Program Files\InstallShield Installation Information
2008-02-06 15:54 ——— d—–w C:\Program Files\MSBuild
2008-02-06 15:54 ——— d—–w C:\Program Files\Microsoft Works
2008-02-06 15:26 ——— d—–w C:\Documents and Settings\Stan\Application Data\DAEMON Tools
2008-02-06 06:41 ——— d—–w C:\Program Files\MSXML 4.0
2008-02-05 17:03 ——— d—–w C:\Program Files\DAEMON Tools Lite
2008-02-05 17:00 715,248 —-a-w C:\WINDOWS\system32\drivers\sptd.sys
2008-02-04 20:40 ——— d—–w C:\Documents and Settings\Stan\Application Data\LimeWire
2008-02-04 15:29 ——— d—–w C:\Program Files\IncrediMail
2008-02-04 15:29 ——— d—–w C:\Documents and Settings\All Users\Application Data\IM
2008-02-04 15:27 ——— d—–w C:\Documents and Settings\All Users\Application Data\IncrediMail
2008-02-02 15:42 ——— d—–w C:\Program Files\LimeWire
2008-01-29 21:54 ——— d—–w C:\Program Files\Norton 360
2008-01-27 16:14 ——— d—–w C:\Program Files\Windows Media Connect 2
2008-01-21 15:01 ——— d—–w C:\Program Files\BitComet
2008-01-21 09:01 56 –sha-w C:\redir.sys
2008-01-21 09:01 ——— d—–w C:\Program Files\Common Files\PACE Anti-Piracy
2008-01-21 09:01 ——— d—–w C:\Documents and Settings\Stan\Application Data\Sonic
2008-01-21 09:01 ——— d—–w C:\Documents and Settings\All Users\Application Data\PACE Anti-Piracy
2008-01-21 08:59 ——— d—–w C:\Program Files\InterLok
2008-01-21 08:51 ——— d—–w C:\Program Files\Sonic
2008-01-21 08:51 ——— d—–w C:\Program Files\Common Files\SureThing Shared
2008-01-18 18:25 ——— d—–w C:\Documents and Settings\All Users\Application Data\DVD Shrink
2008-01-17 16:26 ——— d—–w C:\Documents and Settings\Stan\Application Data\Ahead
2008-01-16 15:15 ——— d—–w C:\Program Files\MSN Messenger
2008-01-16 15:15 ——— d—–w C:\Program Files\Messenger Plus! Live
2008-01-15 18:39 ——— d—–w C:\Program Files\Magentic
2008-01-15 08:54 10,537 —-a-w C:\WINDOWS\system32\drivers\COH_Mon.cat
2008-01-15 04:28 706 —-a-w C:\WINDOWS\system32\drivers\COH_Mon.inf
2008-01-14 12:34 ——— d—–w C:\Documents and Settings\Stan\Application Data\Media Player Classic
2008-01-14 06:10 ——— d—–w C:\Documents and Settings\Stan\Application Data\Symantec
2008-01-13 17:26 ——— d—–w C:\Program Files\Abbyy FineReader 6.0 Sprint
2008-01-12 22:34 805 —-a-w C:\WINDOWS\system32\drivers\SYMEVENT.INF
2008-01-12 22:34 60,800 —-a-w C:\WINDOWS\system32\S32EVNT1.DLL
2008-01-12 22:34 123,952 —-a-w C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2008-01-12 22:34 10,740 —-a-w C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2008-01-12 22:34 ——— d—–w C:\Program Files\Symantec
2008-01-12 19:20 ——— d—–w C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-01-12 19:06 28,672 —-a-w C:\WINDOWS\system32\qttask.exe
2008-01-12 19:06 ——— d—–w C:\Program Files\QuickTime
2008-01-12 19:06 ——— d—–w C:\Program Files\Java
2008-01-12 19:06 ——— d—–w C:\Documents and Settings\All Users\Application Data\QuickTime
2008-01-12 19:05 ——— d—–w C:\Program Files\Real
2008-01-12 19:05 ——— d—–w C:\Program Files\Common Files\Real
2008-01-12 18:57 ——— d—–w C:\Documents and Settings\All Users\Application Data\Messenger Plus!
2008-01-12 18:51 ——— d—–w C:\Program Files\Windows Live
2008-01-12 18:51 ——— d—–w C:\Program Files\Common Files\Java
2008-01-12 18:47 ——— d—–w C:\Program Files\K-Lite Codec Pack
2008-01-12 18:44 ——— d—–w C:\Program Files\TweakNow PowerPack 2006
2008-01-12 18:39 ——— d—–w C:\Program Files\Ahead
2008-01-12 18:37 ——— d—–w C:\Program Files\Common Files\Ahead
2008-01-12 18:35 ——— d—–w C:\Documents and Settings\All Users\Application Data\Ahead
2008-01-12 17:32 23,904 —-a-w C:\WINDOWS\system32\drivers\COH_Mon.sys
2008-01-12 14:45 ——— d—–w C:\Program Files\CleanUp!
2008-01-12 14:20 ——— d—–w C:\Program Files\UnderCoverXP
2008-01-12 14:20 ——— d—–w C:\Program Files\DVD Shrink
2008-01-12 13:59 ——— d—–w C:\Program Files\Lexmark 4300 Series
2008-01-12 13:59 ——— d—–w C:\Documents and Settings\Stan\Application Data\FaxCtr
2008-01-12 13:55 ——— d—–w C:\Program Files\Lexmark Fax Solutions
2008-01-12 13:54 ——— d—–w C:\Documents and Settings\All Users\Application Data\FaxCtr
2008-01-12 13:13 ——— d—–w C:\Program Files\Intel
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{23D44BCF-AA7A-41D6-8905-E808F16322EF}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3788ebf9-c4bc-4465-b5e9-3bb1c67a3798}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7F18DFF7-62FC-4C1B-8275-0833F437C679}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{95C9CE4F-3F47-4B3D-85FD-368FD0B4AB65}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D79F97F6-5EFE-433B-84BE-A20F8FA5FD5B}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Snelkoppeling naar eigenschappenvenster voor High Definition Audio"="HDAShCut.exe" [2005-01-07 17:07 61952 C:\WINDOWS\system32\HdAShCut.exe]
"RTHDCPL"="RTHDCPL.EXE" [2005-06-29 13:25 14720000 C:\WINDOWS\RTHDCPL.EXE]
"LXCECATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCEtime.dll" [2005-07-20 14:46 73728]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50 155648]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 07:00 33648]
"8cd1b7b4"="C:\WINDOWS\system32\xpmktoli.dll" [ ]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 13:00 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveSearch"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\BitComet\\BitComet.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\IncrediMail\\bin\\ImApp.exe"=
"C:\\Program Files\\IncrediMail\\bin\\IncMail.exe"=
"C:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe"=
"C:\\Program Files\\Magentic\\bin\\MgImp.exe"=
"C:\\Program Files\\Magentic\\bin\\Magentic.exe"=
"C:\\Program Files\\Magentic\\bin\\MgApp.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"25280:TCP"= 25280:TCP:BitComet 25280 TCP
"25280:UDP"= 25280:UDP:BitComet 25280 UDP
*Newly Created Service* - COMHOST
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-09 18:02:09
Windows 5.1.2600 Service Pack 2 NTFS
scannen van verborgen processen …
scannen van verborgen autostart items …
scannen van verborgen bestanden …
Scan succesvol afgerond
verborgen bestanden: 0
**************************************************************************
.
———————— Other Running Processes ————————
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\WINDOWS\system32\imapi.exe
C:\WINDOWS\system32\lxcecoms.exe
.
**************************************************************************
.
Voltooingstijd: 2008-03-09 18:03:38 - machine was rebooted
ComboFix-quarantined-files.txt 2008-03-09 17:03:35
.
2008-03-09 08:57:32 — E O F — - [quote:b64aef1ae6="opelmantagek"]ComboFix 08-03-09.1 - Stan 2008-03-09 17:57:06.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1043.18.622 [GMT 1:00]
Gestart vanuit: C:\Documents and Settings\Stan\Bureaublad\ComboFix.exe
.
(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\system32\jkkjk.dll
C:\WINDOWS\system32\kjkkj.ini
C:\WINDOWS\system32\kjkkj.ini2
.
(((((((((((((((((((( Bestanden Gemaakt van 2008-02-09 to 2008-03-09 ))))))))))))))))))))))))))))))
.
2008-03-08 22:36 . 2008-03-08 22:36 <DIR> d——– C:\Program Files\Trend Micro
2008-03-03 12:07 . 2008-03-03 12:07 268 –ah—– C:\sqmdata05.sqm
2008-03-03 12:07 . 2008-03-03 12:07 244 –ah—– C:\sqmnoopt05.sqm
2008-02-25 14:07 . 2008-02-25 14:07 <DIR> d——– C:\Program Files\Tuning Car Studio
2008-02-25 13:23 . 2008-02-25 13:24 <DIR> d——– C:\Program Files\PcMedik
2008-02-22 09:23 . 2008-02-22 10:01 151 –a—— C:\WINDOWS\PhotoSnapViewer.INI
2008-02-19 10:43 . 2008-02-22 20:30 2,334 —hs—- C:\WINDOWS\system32\ilotkmpx.ini
2008-02-16 10:51 . 2008-02-19 09:37 1,254 —hs—- C:\WINDOWS\system32\ggmkjwpm.ini
2008-02-15 09:19 . 2008-02-15 09:19 691,545 –a—— C:\WINDOWS\unins000.exe
2008-02-15 09:19 . 2008-02-15 09:19 3,449 –a—— C:\WINDOWS\unins000.dat
2008-02-15 09:06 . 2008-02-16 10:48 834 —hs—- C:\WINDOWS\system32\blcjpkgm.ini
2008-02-14 09:08 . 2008-02-15 09:00 474 —hs—- C:\WINDOWS\system32\lxmqcmmh.ini
2008-02-12 15:51 . 2008-02-12 15:51 <DIR> d——– C:\WINDOWS\Sun
2008-02-12 10:13 . 2008-02-12 10:13 <DIR> d–hs—- C:\WINDOWS\ftpcache
2008-02-12 10:06 . 2008-02-12 10:06 268 –ah—– C:\sqmdata04.sqm
2008-02-12 10:06 . 2008-02-12 10:06 244 –ah—– C:\sqmnoopt04.sqm
2008-02-11 20:10 . 2008-02-11 20:10 244 –ah—– C:\sqmnoopt03.sqm
2008-02-11 20:10 . 2008-02-11 20:10 232 –ah—– C:\sqmdata03.sqm
2008-02-10 20:58 . 2008-02-10 20:58 22 –a—— C:\Display.opt
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-12 11:03 ——— d—–w C:\Program Files\microsoft frontpage
2008-03-09 16:52 ——— d—–w C:\Documents and Settings\All Users\Application Data\Symantec
2008-03-09 16:45 ——— d—–w C:\Program Files\Lx_cats
2008-03-08 21:14 ——— d—–w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-03-07 15:30 ——— d—–w C:\Program Files\Bit Che
2008-03-02 19:17 ——— d—–w C:\Program Files\Common Files\Symantec Shared
2008-02-21 14:48 ——— d—–w C:\Program Files\Common Files\InstallShield
2008-02-20 09:08 ——— d—–w C:\Program Files\Common Files\Adobe
2008-02-15 08:25 ——— d—–w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-02-15 08:22 ——— d—–w C:\Program Files\Spybot - Search & Destroy
2008-02-14 10:10 ——— d–h–w C:\Program Files\InstallShield Installation Information
2008-02-06 15:54 ——— d—–w C:\Program Files\MSBuild
2008-02-06 15:54 ——— d—–w C:\Program Files\Microsoft Works
2008-02-06 15:26 ——— d—–w C:\Documents and Settings\Stan\Application Data\DAEMON Tools
2008-02-06 06:41 ——— d—–w C:\Program Files\MSXML 4.0
2008-02-05 17:03 ——— d—–w C:\Program Files\DAEMON Tools Lite
2008-02-05 17:00 715,248 —-a-w C:\WINDOWS\system32\drivers\sptd.sys
2008-02-04 20:40 ——— d—–w C:\Documents and Settings\Stan\Application Data\LimeWire
2008-02-04 15:29 ——— d—–w C:\Program Files\IncrediMail
2008-02-04 15:29 ——— d—–w C:\Documents and Settings\All Users\Application Data\IM
2008-02-04 15:27 ——— d—–w C:\Documents and Settings\All Users\Application Data\IncrediMail
2008-02-02 15:42 ——— d—–w C:\Program Files\LimeWire
2008-01-29 21:54 ——— d—–w C:\Program Files\Norton 360
2008-01-27 16:14 ——— d—–w C:\Program Files\Windows Media Connect 2
2008-01-21 15:01 ——— d—–w C:\Program Files\BitComet
2008-01-21 09:01 56 –sha-w C:\redir.sys
2008-01-21 09:01 ——— d—–w C:\Program Files\Common Files\PACE Anti-Piracy
2008-01-21 09:01 ——— d—–w C:\Documents and Settings\Stan\Application Data\Sonic
2008-01-21 09:01 ——— d—–w C:\Documents and Settings\All Users\Application Data\PACE Anti-Piracy
2008-01-21 08:59 ——— d—–w C:\Program Files\InterLok
2008-01-21 08:51 ——— d—–w C:\Program Files\Sonic
2008-01-21 08:51 ——— d—–w C:\Program Files\Common Files\SureThing Shared
2008-01-18 18:25 ——— d—–w C:\Documents and Settings\All Users\Application Data\DVD Shrink
2008-01-17 16:26 ——— d—–w C:\Documents and Settings\Stan\Application Data\Ahead
2008-01-16 15:15 ——— d—–w C:\Program Files\MSN Messenger
2008-01-16 15:15 ——— d—–w C:\Program Files\Messenger Plus! Live
2008-01-15 18:39 ——— d—–w C:\Program Files\Magentic
2008-01-15 08:54 10,537 —-a-w C:\WINDOWS\system32\drivers\COH_Mon.cat
2008-01-15 04:28 706 —-a-w C:\WINDOWS\system32\drivers\COH_Mon.inf
2008-01-14 12:34 ——— d—–w C:\Documents and Settings\Stan\Application Data\Media Player Classic
2008-01-14 06:10 ——— d—–w C:\Documents and Settings\Stan\Application Data\Symantec
2008-01-13 17:26 ——— d—–w C:\Program Files\Abbyy FineReader 6.0 Sprint
2008-01-12 22:34 805 —-a-w C:\WINDOWS\system32\drivers\SYMEVENT.INF
2008-01-12 22:34 60,800 —-a-w C:\WINDOWS\system32\S32EVNT1.DLL
2008-01-12 22:34 123,952 —-a-w C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2008-01-12 22:34 10,740 —-a-w C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2008-01-12 22:34 ——— d—–w C:\Program Files\Symantec
2008-01-12 19:20 ——— d—–w C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-01-12 19:06 28,672 —-a-w C:\WINDOWS\system32\qttask.exe
2008-01-12 19:06 ——— d—–w C:\Program Files\QuickTime
2008-01-12 19:06 ——— d—–w C:\Program Files\Java
2008-01-12 19:06 ——— d—–w C:\Documents and Settings\All Users\Application Data\QuickTime
2008-01-12 19:05 ——— d—–w C:\Program Files\Real
2008-01-12 19:05 ——— d—–w C:\Program Files\Common Files\Real
2008-01-12 18:57 ——— d—–w C:\Documents and Settings\All Users\Application Data\Messenger Plus!
2008-01-12 18:51 ——— d—–w C:\Program Files\Windows Live
2008-01-12 18:51 ——— d—–w C:\Program Files\Common Files\Java
2008-01-12 18:47 ——— d—–w C:\Program Files\K-Lite Codec Pack
2008-01-12 18:44 ——— d—–w C:\Program Files\TweakNow PowerPack 2006
2008-01-12 18:39 ——— d—–w C:\Program Files\Ahead
2008-01-12 18:37 ——— d—–w C:\Program Files\Common Files\Ahead
2008-01-12 18:35 ——— d—–w C:\Documents and Settings\All Users\Application Data\Ahead
2008-01-12 17:32 23,904 —-a-w C:\WINDOWS\system32\drivers\COH_Mon.sys
2008-01-12 14:45 ——— d—–w C:\Program Files\CleanUp!
2008-01-12 14:20 ——— d—–w C:\Program Files\UnderCoverXP
2008-01-12 14:20 ——— d—–w C:\Program Files\DVD Shrink
2008-01-12 13:59 ——— d—–w C:\Program Files\Lexmark 4300 Series
2008-01-12 13:59 ——— d—–w C:\Documents and Settings\Stan\Application Data\FaxCtr
2008-01-12 13:55 ——— d—–w C:\Program Files\Lexmark Fax Solutions
2008-01-12 13:54 ——— d—–w C:\Documents and Settings\All Users\Application Data\FaxCtr
2008-01-12 13:13 ——— d—–w C:\Program Files\Intel
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{23D44BCF-AA7A-41D6-8905-E808F16322EF}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3788ebf9-c4bc-4465-b5e9-3bb1c67a3798}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7F18DFF7-62FC-4C1B-8275-0833F437C679}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{95C9CE4F-3F47-4B3D-85FD-368FD0B4AB65}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D79F97F6-5EFE-433B-84BE-A20F8FA5FD5B}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Snelkoppeling naar eigenschappenvenster voor High Definition Audio"="HDAShCut.exe" [2005-01-07 17:07 61952 C:\WINDOWS\system32\HdAShCut.exe]
"RTHDCPL"="RTHDCPL.EXE" [2005-06-29 13:25 14720000 C:\WINDOWS\RTHDCPL.EXE]
"LXCECATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCEtime.dll" [2005-07-20 14:46 73728]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50 155648]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 07:00 33648]
"8cd1b7b4"="C:\WINDOWS\system32\xpmktoli.dll" [ ]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 13:00 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveSearch"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\BitComet\\BitComet.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\IncrediMail\\bin\\ImApp.exe"=
"C:\\Program Files\\IncrediMail\\bin\\IncMail.exe"=
"C:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe"=
"C:\\Program Files\\Magentic\\bin\\MgImp.exe"=
"C:\\Program Files\\Magentic\\bin\\Magentic.exe"=
"C:\\Program Files\\Magentic\\bin\\MgApp.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"25280:TCP"= 25280:TCP:BitComet 25280 TCP
"25280:UDP"= 25280:UDP:BitComet 25280 UDP
*Newly Created Service* - COMHOST
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-09 18:02:09
Windows 5.1.2600 Service Pack 2 NTFS
scannen van verborgen processen …
scannen van verborgen autostart items …
scannen van verborgen bestanden …
Scan succesvol afgerond
verborgen bestanden: 0
**************************************************************************
.
———————— Other Running Processes ————————
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\WINDOWS\system32\imapi.exe
C:\WINDOWS\system32\lxcecoms.exe
.
**************************************************************************
.
Voltooingstijd: 2008-03-09 18:03:38 - machine was rebooted
ComboFix-quarantined-files.txt 2008-03-09 17:03:35
.
2008-03-09 08:57:32 — E O F —[/quote:b64aef1ae6]
en hier de nieuwe hijacklog
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:11:11, on 9-3-2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\lxcecoms.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.home.nl/?from=start.home.nl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [Snelkoppeling naar eigenschappenvenster voor High Definition Audio] HDAShCut.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [LXCECATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCEtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [8cd1b7b4] rundll32.exe "C:\WINDOWS\system32\xpmktoli.dll",b
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1215861374390
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1200165312531
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: lxce_device - Lexmark International, Inc. - C:\WINDOWS\system32\lxcecoms.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
–
End of file - 7180 bytes - Open Kladblok, kopiëer en plak het volgende (vetgedrukte tekst) in een leeg venster:
[b:d8003cad7d]
File::
C:\WINDOWS\system32\ggmkjwpm.ini
C:\WINDOWS\system32\blcjpkgm.ini
C:\WINDOWS\system32\ggmkjwpm.ini
C:\WINDOWS\system32\ilotkmpx.ini
Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{23D44BCF-AA7A-41D6-8905-E808F16322EF}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3788ebf9-c4bc-4465-b5e9-3bb1c67a3798}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7F18DFF7-62FC-4C1B-8275-0833F437C679}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{95C9CE4F-3F47-4B3D-85FD-368FD0B4AB65}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D79F97F6-5EFE-433B-84BE-A20F8FA5FD5B}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"8cd1b7b4"=-
[/b:d8003cad7d]
Sla dit op op je Bureaublad als [b:d8003cad7d]CFScript.txt[/b:d8003cad7d]
Sleep [b:d8003cad7d]CFScript.txt[/b:d8003cad7d] in [b:d8003cad7d]ComboFix.exe[/b:d8003cad7d] zoals getoond in onderstaand voorbeeld :
[img:d8003cad7d]http://users.pandora.be/bluepatchy/miekiemoes/images/CFScript.gif[/img:d8003cad7d]
Dit zal [b:d8003cad7d]ComboFix[/b:d8003cad7d] doen herstarten.
Start opnieuw op als daarom gevraagd wordt,
en post de inhoud van de [b:d8003cad7d]Combofix.txt[/b:d8003cad7d] in je volgende antwoord samen met een nieuw HijackThislogje.
Nog problemen? - ComboFix 08-03-09.1 - Stan 2008-03-10 19:44:52.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1043.18.592 [GMT 1:00]
Gestart vanuit: C:\Documents and Settings\Stan\Bureaublad\ComboFix.exe
Command switches used :: C:\Documents and Settings\Stan\Bureaublad\CFScript.txt
* Nieuw herstelpunt werd aangemaakt
FILE ::
C:\WINDOWS\system32\blcjpkgm.ini
C:\WINDOWS\system32\ggmkjwpm.ini
C:\WINDOWS\system32\ilotkmpx.ini
.
(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\system32\blcjpkgm.ini
C:\WINDOWS\system32\ggmkjwpm.ini
C:\WINDOWS\system32\ilotkmpx.ini
.
(((((((((((((((((((( Bestanden Gemaakt van 2008-02-10 to 2008-03-10 ))))))))))))))))))))))))))))))
.
2008-03-08 22:36 . 2008-03-08 22:36 <DIR> d——– C:\Program Files\Trend Micro
2008-03-03 12:07 . 2008-03-03 12:07 268 –ah—– C:\sqmdata05.sqm
2008-03-03 12:07 . 2008-03-03 12:07 244 –ah—– C:\sqmnoopt05.sqm
2008-02-25 14:07 . 2008-02-25 14:07 <DIR> d——– C:\Program Files\Tuning Car Studio
2008-02-25 13:23 . 2008-02-25 13:24 <DIR> d——– C:\Program Files\PcMedik
2008-02-22 09:23 . 2008-02-22 10:01 151 –a—— C:\WINDOWS\PhotoSnapViewer.INI
2008-02-15 09:19 . 2008-02-15 09:19 691,545 –a—— C:\WINDOWS\unins000.exe
2008-02-15 09:19 . 2008-02-15 09:19 3,449 –a—— C:\WINDOWS\unins000.dat
2008-02-14 09:08 . 2008-02-15 09:00 474 —hs—- C:\WINDOWS\system32\lxmqcmmh.ini
2008-02-12 15:51 . 2008-02-12 15:51 <DIR> d——– C:\WINDOWS\Sun
2008-02-12 10:13 . 2008-02-12 10:13 <DIR> d–hs—- C:\WINDOWS\ftpcache
2008-02-12 10:06 . 2008-02-12 10:06 268 –ah—– C:\sqmdata04.sqm
2008-02-12 10:06 . 2008-02-12 10:06 244 –ah—– C:\sqmnoopt04.sqm
2008-02-11 20:10 . 2008-02-11 20:10 244 –ah—– C:\sqmnoopt03.sqm
2008-02-11 20:10 . 2008-02-11 20:10 232 –ah—– C:\sqmdata03.sqm
2008-02-10 20:58 . 2008-02-10 20:58 22 –a—— C:\Display.opt
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-12 11:03 ——— d—–w C:\Program Files\microsoft frontpage
2008-03-10 18:41 ——— d—–w C:\Documents and Settings\All Users\Application Data\Symantec
2008-03-10 17:09 ——— d—–w C:\Program Files\Lx_cats
2008-03-08 21:14 ——— d—–w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-03-07 15:30 ——— d—–w C:\Program Files\Bit Che
2008-03-02 19:17 ——— d—–w C:\Program Files\Common Files\Symantec Shared
2008-02-21 14:48 ——— d—–w C:\Program Files\Common Files\InstallShield
2008-02-20 09:08 ——— d—–w C:\Program Files\Common Files\Adobe
2008-02-15 08:25 ——— d—–w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-02-15 08:22 ——— d—–w C:\Program Files\Spybot - Search & Destroy
2008-02-14 10:10 ——— d–h–w C:\Program Files\InstallShield Installation Information
2008-02-06 15:54 ——— d—–w C:\Program Files\MSBuild
2008-02-06 15:54 ——— d—–w C:\Program Files\Microsoft Works
2008-02-06 15:26 ——— d—–w C:\Documents and Settings\Stan\Application Data\DAEMON Tools
2008-02-06 06:41 ——— d—–w C:\Program Files\MSXML 4.0
2008-02-05 17:03 ——— d—–w C:\Program Files\DAEMON Tools Lite
2008-02-05 17:00 715,248 —-a-w C:\WINDOWS\system32\drivers\sptd.sys
2008-02-04 20:40 ——— d—–w C:\Documents and Settings\Stan\Application Data\LimeWire
2008-02-04 15:29 ——— d—–w C:\Program Files\IncrediMail
2008-02-04 15:29 ——— d—–w C:\Documents and Settings\All Users\Application Data\IM
2008-02-04 15:27 ——— d—–w C:\Documents and Settings\All Users\Application Data\IncrediMail
2008-02-02 15:42 ——— d—–w C:\Program Files\LimeWire
2008-01-29 21:54 ——— d—–w C:\Program Files\Norton 360
2008-01-27 16:14 ——— d—–w C:\Program Files\Windows Media Connect 2
2008-01-21 15:01 ——— d—–w C:\Program Files\BitComet
2008-01-21 09:01 56 –sha-w C:\redir.sys
2008-01-21 09:01 ——— d—–w C:\Program Files\Common Files\PACE Anti-Piracy
2008-01-21 09:01 ——— d—–w C:\Documents and Settings\Stan\Application Data\Sonic
2008-01-21 09:01 ——— d—–w C:\Documents and Settings\All Users\Application Data\PACE Anti-Piracy
2008-01-21 08:59 ——— d—–w C:\Program Files\InterLok
2008-01-21 08:51 ——— d—–w C:\Program Files\Sonic
2008-01-21 08:51 ——— d—–w C:\Program Files\Common Files\SureThing Shared
2008-01-18 18:25 ——— d—–w C:\Documents and Settings\All Users\Application Data\DVD Shrink
2008-01-17 16:26 ——— d—–w C:\Documents and Settings\Stan\Application Data\Ahead
2008-01-16 15:15 ——— d—–w C:\Program Files\MSN Messenger
2008-01-16 15:15 ——— d—–w C:\Program Files\Messenger Plus! Live
2008-01-15 18:39 ——— d—–w C:\Program Files\Magentic
2008-01-15 08:54 10,537 —-a-w C:\WINDOWS\system32\drivers\COH_Mon.cat
2008-01-15 04:28 706 —-a-w C:\WINDOWS\system32\drivers\COH_Mon.inf
2008-01-14 12:34 ——— d—–w C:\Documents and Settings\Stan\Application Data\Media Player Classic
2008-01-14 06:10 ——— d—–w C:\Documents and Settings\Stan\Application Data\Symantec
2008-01-13 17:26 ——— d—–w C:\Program Files\Abbyy FineReader 6.0 Sprint
2008-01-12 22:34 805 —-a-w C:\WINDOWS\system32\drivers\SYMEVENT.INF
2008-01-12 22:34 60,800 —-a-w C:\WINDOWS\system32\S32EVNT1.DLL
2008-01-12 22:34 123,952 —-a-w C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2008-01-12 22:34 10,740 —-a-w C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2008-01-12 22:34 ——— d—–w C:\Program Files\Symantec
2008-01-12 19:20 ——— d—–w C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-01-12 19:06 28,672 —-a-w C:\WINDOWS\system32\qttask.exe
2008-01-12 19:06 ——— d—–w C:\Program Files\QuickTime
2008-01-12 19:06 ——— d—–w C:\Program Files\Java
2008-01-12 19:06 ——— d—–w C:\Documents and Settings\All Users\Application Data\QuickTime
2008-01-12 19:05 ——— d—–w C:\Program Files\Real
2008-01-12 19:05 ——— d—–w C:\Program Files\Common Files\Real
2008-01-12 18:57 ——— d—–w C:\Documents and Settings\All Users\Application Data\Messenger Plus!
2008-01-12 18:51 ——— d—–w C:\Program Files\Windows Live
2008-01-12 18:51 ——— d—–w C:\Program Files\Common Files\Java
2008-01-12 18:47 ——— d—–w C:\Program Files\K-Lite Codec Pack
2008-01-12 18:44 ——— d—–w C:\Program Files\TweakNow PowerPack 2006
2008-01-12 18:39 ——— d—–w C:\Program Files\Ahead
2008-01-12 18:37 ——— d—–w C:\Program Files\Common Files\Ahead
2008-01-12 18:35 ——— d—–w C:\Documents and Settings\All Users\Application Data\Ahead
2008-01-12 17:32 23,904 —-a-w C:\WINDOWS\system32\drivers\COH_Mon.sys
2008-01-12 14:45 ——— d—–w C:\Program Files\CleanUp!
2008-01-12 14:20 ——— d—–w C:\Program Files\UnderCoverXP
2008-01-12 14:20 ——— d—–w C:\Program Files\DVD Shrink
2008-01-12 13:59 ——— d—–w C:\Program Files\Lexmark 4300 Series
2008-01-12 13:59 ——— d—–w C:\Documents and Settings\Stan\Application Data\FaxCtr
2008-01-12 13:55 ——— d—–w C:\Program Files\Lexmark Fax Solutions
2008-01-12 13:54 ——— d—–w C:\Documents and Settings\All Users\Application Data\FaxCtr
2008-01-12 13:13 ——— d—–w C:\Program Files\Intel
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Snelkoppeling naar eigenschappenvenster voor High Definition Audio"="HDAShCut.exe" [2005-01-07 17:07 61952 C:\WINDOWS\system32\HdAShCut.exe]
"RTHDCPL"="RTHDCPL.EXE" [2005-06-29 13:25 14720000 C:\WINDOWS\RTHDCPL.EXE]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 07:00 33648]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-03-15 04:10 116328]
"LXCECATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCEtime.dll" [2005-07-20 14:46 73728]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 13:00 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveSearch"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\BitComet\\BitComet.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\IncrediMail\\bin\\ImApp.exe"=
"C:\\Program Files\\IncrediMail\\bin\\IncMail.exe"=
"C:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe"=
"C:\\Program Files\\Magentic\\bin\\MgImp.exe"=
"C:\\Program Files\\Magentic\\bin\\Magentic.exe"=
"C:\\Program Files\\Magentic\\bin\\MgApp.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"25280:TCP"= 25280:TCP:BitComet 25280 TCP
"25280:UDP"= 25280:UDP:BitComet 25280 UDP
*Newly Created Service* - COMHOST
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-10 19:46:17
Windows 5.1.2600 Service Pack 2 NTFS
scannen van verborgen processen …
scannen van verborgen autostart items …
scannen van verborgen bestanden …
Scan succesvol afgerond
verborgen bestanden: 0
**************************************************************************
.
Voltooingstijd: 2008-03-10 19:46:42
ComboFix-quarantined-files.txt 2008-03-10 18:46:40
ComboFix2.txt 2008-03-09 17:03:39
.
2008-03-09 08:57:32 — E O F —
En het nieuwe hijack log
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:49:48, on 10-3-2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\lxcecoms.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.home.nl/?from=start.home.nl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [Snelkoppeling naar eigenschappenvenster voor High Definition Audio] HDAShCut.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [LXCECATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCEtime.dll,_RunDLLEntry@16
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1215861374390
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1200165312531
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: lxce_device - Lexmark International, Inc. - C:\WINDOWS\system32\lxcecoms.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
–
End of file - 7059 bytes
Volgens mij zijn de problemen opgelost. Of jullie moeten nog wat kunnen vinden in mijn logjes.
Heel erg bedankt voor de hulp.
Mvg Opelmantagek - Open een leeg kladblok venster en kopieer/plak onderstaande dikgedrukte tekst daarin:
[b:f0479aa9dd]
@ECHO OFF
IF EXIST log.txt DEL log.txt
ECHO Deleting files>>log.txt
FOR %%g in (
C:\WINDOWS\system32\lxmqcmmh.ini) DO (
IF EXIST %%g (
ATTRIB -r -s -h %%g
DEL %%g
IF EXIST %%g (
ECHO %%g not deleted>>log.txt
) ELSE (
ECHO %%g deleted>>log.txt)
) ELSE (
ECHO %%g not found>>log.txt))
START NOTEPAD.EXE log.txt
[/b:f0479aa9dd]
Sla het vervolgens op als [b:f0479aa9dd]fix.bat[/b:f0479aa9dd] op je [u:f0479aa9dd]Bureaublad[/u:f0479aa9dd]
Kies bij Opslaan als type voor [b:f0479aa9dd]Alle bestanden[/b:f0479aa9dd].
Dubbelklik vervolgens op [b:f0479aa9dd]fix.bat[/b:f0479aa9dd] en post de uitslag in je volgende bericht.
Hoe is het met je problemen?
Pim - sorry voor de late reactie.
maar hier de uitslag van fix.bat
Deleting files
C:\WINDOWS\system32\lxmqcmmh.ini deleted
Verder zijn er geen problemen meer met de pc.
Mvg. Opelmantagek
Beantwoord deze vraag
Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.
Gerelateerde vragen
- URL zonder extensie wil niet helemaal lukken
- https verbinding met ssl in owncloud
- afspelen met audacity werkt niet goed
- Computer!Totaal-forum maakt plaats voor v&a-module
- computer start soms niet op
- Pro show gold 4 overgangen tussen tekstdia's
- wie kan mij meer vertellen over een Gigabyte GA-B85M-HD3
- Windows Tijdelijke bestanden