Vraag & Antwoord
autorun en system op al mn schijven? pc 2
9 antwoorden
- Hallo,
Hierbij het zelfde verhaaltje als de vorige keer, nu met een andere computer en ik ga gelijk van start met een Hijackthis logje.
:wink:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:26:27, on 23-1-2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Firebird\Firebird_1_5\bin\fbguard.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\NDAS\System\ndassvc.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Firebird\Firebird_1_5\bin\fbserver.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\system32\NWTRAY.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\UltraMon\UltraMon.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\UltraMon\UltraMonTaskbar.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\Wcescomm.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Documents and Settings\Marc\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\PROGRA~1\MICROS~4\rapimgr.exe
C:\Program Files\WinTV\Ir.exe
C:\Program Files\Logitech\SetPoint\KEM.exe
C:\Program Files\NDAS\System\ndasmgmt.exe
C:\Program Files\Logitech\SetPoint\KHALMNPR.EXE
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\PROGRA~1\MICROS~2\OFFICE11\OUTLOOK.EXE
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = wwwproxy.xs4all.nl:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;*.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [NWTRAY] NWTRAY.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Cmaudio8788] RunDll32 cmicnfgp.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\K-Lite Codec Pack\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [UltraMon] "C:\Program Files\UltraMon\UltraMon.exe" /auto
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\RunServices: [SchedulingAgent] C:\WINDOWS\system32\mstask.exe
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\Wcescomm.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Marc\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: AutoStart IR.lnk = C:\Program Files\WinTV\Ir.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\KEM.exe
O4 - Global Startup: NDAS Device Management.lnk = C:\Program Files\NDAS\System\ndasmgmt.exe
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra 'Tools' menuitem: Mobiele favorieten maken… - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll
O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://62.100.53.122/activex/AxisCamControl.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O18 - Protocol: bw+0 - {83AA81C7-A1AD-48B7-B3EB-5146CE36E99F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {83AA81C7-A1AD-48B7-B3EB-5146CE36E99F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {83AA81C7-A1AD-48B7-B3EB-5146CE36E99F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {83AA81C7-A1AD-48B7-B3EB-5146CE36E99F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {83AA81C7-A1AD-48B7-B3EB-5146CE36E99F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {83AA81C7-A1AD-48B7-B3EB-5146CE36E99F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {83AA81C7-A1AD-48B7-B3EB-5146CE36E99F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {83AA81C7-A1AD-48B7-B3EB-5146CE36E99F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {83AA81C7-A1AD-48B7-B3EB-5146CE36E99F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {83AA81C7-A1AD-48B7-B3EB-5146CE36E99F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {83AA81C7-A1AD-48B7-B3EB-5146CE36E99F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {83AA81C7-A1AD-48B7-B3EB-5146CE36E99F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {83AA81C7-A1AD-48B7-B3EB-5146CE36E99F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {83AA81C7-A1AD-48B7-B3EB-5146CE36E99F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {83AA81C7-A1AD-48B7-B3EB-5146CE36E99F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {83AA81C7-A1AD-48B7-B3EB-5146CE36E99F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {83AA81C7-A1AD-48B7-B3EB-5146CE36E99F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {83AA81C7-A1AD-48B7-B3EB-5146CE36E99F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {83AA81C7-A1AD-48B7-B3EB-5146CE36E99F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {83AA81C7-A1AD-48B7-B3EB-5146CE36E99F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {83AA81C7-A1AD-48B7-B3EB-5146CE36E99F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {83AA81C7-A1AD-48B7-B3EB-5146CE36E99F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {83AA81C7-A1AD-48B7-B3EB-5146CE36E99F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {83AA81C7-A1AD-48B7-B3EB-5146CE36E99F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {83AA81C7-A1AD-48B7-B3EB-5146CE36E99F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {83AA81C7-A1AD-48B7-B3EB-5146CE36E99F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {83AA81C7-A1AD-48B7-B3EB-5146CE36E99F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {83AA81C7-A1AD-48B7-B3EB-5146CE36E99F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {83AA81C7-A1AD-48B7-B3EB-5146CE36E99F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {83AA81C7-A1AD-48B7-B3EB-5146CE36E99F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {83AA81C7-A1AD-48B7-B3EB-5146CE36E99F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {83AA81C7-A1AD-48B7-B3EB-5146CE36E99F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {83AA81C7-A1AD-48B7-B3EB-5146CE36E99F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {83AA81C7-A1AD-48B7-B3EB-5146CE36E99F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {83AA81C7-A1AD-48B7-B3EB-5146CE36E99F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {83AA81C7-A1AD-48B7-B3EB-5146CE36E99F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {83AA81C7-A1AD-48B7-B3EB-5146CE36E99F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {83AA81C7-A1AD-48B7-B3EB-5146CE36E99F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {83AA81C7-A1AD-48B7-B3EB-5146CE36E99F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {83AA81C7-A1AD-48B7-B3EB-5146CE36E99F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {83AA81C7-A1AD-48B7-B3EB-5146CE36E99F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {83AA81C7-A1AD-48B7-B3EB-5146CE36E99F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {83AA81C7-A1AD-48B7-B3EB-5146CE36E99F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {83AA81C7-A1AD-48B7-B3EB-5146CE36E99F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {83AA81C7-A1AD-48B7-B3EB-5146CE36E99F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {83AA81C7-A1AD-48B7-B3EB-5146CE36E99F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {83AA81C7-A1AD-48B7-B3EB-5146CE36E99F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {83AA81C7-A1AD-48B7-B3EB-5146CE36E99F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {83AA81C7-A1AD-48B7-B3EB-5146CE36E99F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {83AA81C7-A1AD-48B7-B3EB-5146CE36E99F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {83AA81C7-A1AD-48B7-B3EB-5146CE36E99F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {83AA81C7-A1AD-48B7-B3EB-5146CE36E99F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {83AA81C7-A1AD-48B7-B3EB-5146CE36E99F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {83AA81C7-A1AD-48B7-B3EB-5146CE36E99F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {83AA81C7-A1AD-48B7-B3EB-5146CE36E99F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {83AA81C7-A1AD-48B7-B3EB-5146CE36E99F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {83AA81C7-A1AD-48B7-B3EB-5146CE36E99F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {83AA81C7-A1AD-48B7-B3EB-5146CE36E99F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {83AA81C7-A1AD-48B7-B3EB-5146CE36E99F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {83AA81C7-A1AD-48B7-B3EB-5146CE36E99F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {83AA81C7-A1AD-48B7-B3EB-5146CE36E99F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {83AA81C7-A1AD-48B7-B3EB-5146CE36E99F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {83AA81C7-A1AD-48B7-B3EB-5146CE36E99F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {83AA81C7-A1AD-48B7-B3EB-5146CE36E99F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {83AA81C7-A1AD-48B7-B3EB-5146CE36E99F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {83AA81C7-A1AD-48B7-B3EB-5146CE36E99F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {83AA81C7-A1AD-48B7-B3EB-5146CE36E99F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {83AA81C7-A1AD-48B7-B3EB-5146CE36E99F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {83AA81C7-A1AD-48B7-B3EB-5146CE36E99F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {83AA81C7-A1AD-48B7-B3EB-5146CE36E99F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {83AA81C7-A1AD-48B7-B3EB-5146CE36E99F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {83AA81C7-A1AD-48B7-B3EB-5146CE36E99F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {83AA81C7-A1AD-48B7-B3EB-5146CE36E99F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {83AA81C7-A1AD-48B7-B3EB-5146CE36E99F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {83AA81C7-A1AD-48B7-B3EB-5146CE36E99F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {83AA81C7-A1AD-48B7-B3EB-5146CE36E99F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {83AA81C7-A1AD-48B7-B3EB-5146CE36E99F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: Client Update Service for Novell (cusrvc) - Novell, Inc. - C:\WINDOWS\system32\cusrvc.exe
O23 - Service: Firebird Guardian - DefaultInstance (FirebirdGuardianDefaultInstance) - The Firebird Project - C:\Program Files\Firebird\Firebird_1_5\bin\fbguard.exe
O23 - Service: Firebird Server - DefaultInstance (FirebirdServerDefaultInstance) - The Firebird Project - C:\Program Files\Firebird\Firebird_1_5\bin\fbserver.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NDAS Service (ndassvc) - XIMETA, Inc. - C:\Program Files\NDAS\System\ndassvc.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: Windows_system - Unknown owner - C:\Program Files\Common Files\Microsoft Shared\MSINFO\SYSTEM.exe (file missing)
–
End of file - 23025 bytes - Start hijackthis en kies voor 'do a system scan only'
Selecteer alleen de items die hieronder zijn genoemd:
[b:b43cd52e5c] O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)[/b:b43cd52e5c]
Sluit alle vensters behalve Hijackthis
Klik op 'Fix checked' om de items te verwijderen.
Ga nu naar Start -> Uitvoeren
Typ hier dit commando in: [b:b43cd52e5c]sc stop Windows_system[/b:b43cd52e5c] en druk op OK.
Herhaal dit met dit commando:[b:b43cd52e5c]sc delete Windows_system[/b:b43cd52e5c].
Download combofix.exe van deze site: http://download.bleepingcomputer.com/sUBs/ComboFix.exe
ComboFix zal wanneer de Recovery Console niet geïnstalleerd is, voorstellen om deze te downloaden en te installeren. Sta dit toe.
Wanneer de Recovery Console geïnstalleerd is, laat je ComboFix de computer scannen.
Wanneer ComboFix klaar is, dit kan eventueel na een reboot zijn, opent er een logfile (combofix.txt).
Post de inhoud van dit bestandje in je volgende bericht. - hierbij het logje van ComboFix:
ComboFix 09-01-21.04 - Marc 2009-01-24 21:59:55.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1043.18.511.188 [GMT 1:00]
Gestart vanuit: c:\documents and settings\Marc\Bureaublad\virussesscanss\installs\ComboFix.exe
* Nieuw herstelpunt werd aangemaakt
.
(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\program files\INSTALL.LOG
c:\program files\Mozilla Firefox\plugins\NPNd2fn.dll
c:\program files\Need2Find
c:\program files\Need2Find\bar\History\search
c:\windows\smdat32m.sys
c:\windows\system32\Process.exe
c:\windows\system32\SrchSTS.exe
.
(((((((((((((((((((( Bestanden Gemaakt van 2008-12-24 to 2009-01-24 ))))))))))))))))))))))))))))))
.
Geen nieuwe bestanden aangemaakt in deze periode
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-23 13:37 ——— d—–w c:\program files\Google
2009-01-23 11:05 ——— d—–w c:\program files\Spybot - Search & Destroy
2009-01-23 11:03 ——— d—–w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-01-23 11:01 ——— d—–w c:\program files\RTVSoftwareNL
2009-01-23 11:01 ——— d—–w c:\program files\iPod
2008-12-16 20:12 ——— d—–w c:\documents and settings\Marc\Application Data\Nokia Multimedia Player
2008-12-13 13:49 ——— d—–w c:\program files\Java
2008-12-11 10:57 333,952 —-a-w c:\windows\system32\drivers\srv.sys
2006-10-17 21:50 81,920 —-a-w c:\documents and settings\Marc\Application Data\ezpinst.exe
2006-10-17 21:50 47,360 -c–a-w c:\documents and settings\Marc\Application Data\pcouffin.sys
2006-06-02 19:18 7,856 -c–a-w c:\program files\hijackthis.log
2005-02-16 10:06 218,112 -c–a-w c:\program files\HijackThis.exe
2006-05-06 16:42 7,260,160 -c–a-w c:\program files\mozilla firefox\plugins\libvlc.dll
2007-10-11 19:56 548,443 –sh–w c:\windows\system32\_SYSTEM.exe
2008-08-24 01:12 32,768 –sha-w c:\windows\system32\config\systemprofile\Local Settings\Geschiedenis\History.IE5\MSHist012008082420080825\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MessengerPlus3"="c:\program files\MessengerPlus! 3\MsgPlus.exe" [2006-09-27 190024]
"LDM"="c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2006-06-13 36864]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-21 68856]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\Wcescomm.exe" [2006-11-13 1289000]
"msnmsgr"="c:\program files\MSN Messenger\msnmsgr.exe" [2007-01-19 5674352]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 204288]
"Google Update"="c:\documents and settings\Marc\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2008-09-18 133104]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2003-11-25 335872]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-13 136600]
"QuickTime Task"="c:\program files\K-Lite Codec Pack\QuickTime\qttask.exe" [2007-04-27 282624]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-05-05 185896]
"UltraMon"="c:\program files\UltraMon\UltraMon.exe" [2006-10-12 304640]
"PCSuiteTrayApplication"="c:\program files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2007-01-23 223232]
"CTHelper"="CTHELPER.EXE" [2003-08-28 c:\windows\system32\CTHELPER.EXE]
"NWTRAY"="NWTRAY.EXE" [2002-03-12 c:\windows\system32\nwtray.exe]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2004-06-08 c:\windows\KHALMNPR.Exe]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 c:\windows\system32\bthprops.cpl]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]
"PcSync"="c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2006-11-09 1634304]
c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\
AutoStart IR.lnk - c:\program files\WinTV\Ir.exe [2007-05-26 102455]
Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2006-06-13 196608]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\KEM.exe [2006-05-05 581632]
NDAS Device Management.lnk - c:\program files\NDAS\System\ndasmgmt.exe [2005-02-10 178688]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"CompatibleRUPSecurity"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.ctmp3"= c:\windows\System32\ctmp3.acm
"VIDC.3iv2"= 3ivxVfWCodec.dll
"VIDC.VP31"= vp31vfw.dll
"msacm.l3fhg"= mp3fhg.acm
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 nwv1_0
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"c:\\WINDOWS\\PCHEALTH\\HELPCTR\\Binaries\\helpctr.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"10264:TCP"= 10264:TCP:BitComet 10264 TCP
"10264:UDP"= 10264:UDP:BitComet 10264 UDP
"24842:TCP"= 24842:TCP:BitComet 24842 TCP
"24842:UDP"= 24842:UDP:BitComet 24842 UDP
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
R0 lpx;LPX Protocol;c:\windows\system32\drivers\lpx.sys [2005-02-09 109184]
R0 sojubus;sojubus;c:\windows\system32\drivers\sojubus.sys [2003-10-05 123520]
R0 sojuscsi;sojuscsi;c:\windows\system32\drivers\sojuscsi.sys [2003-09-28 5504]
R1 lfsfilt;Lean File Sharing;c:\windows\system32\drivers\lfsfilt.sys [2007-06-18 120704]
R3 cmudaxp;C-Media Oxygen HD Audio Interface;c:\windows\system32\drivers\cmudaxp.sys [2007-05-26 1393600]
R3 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance;c:\program files\Firebird\Firebird_1_5\bin\fbserver.exe -s –> c:\program files\Firebird\Firebird_1_5\bin\fbserver.exe -s [?]
R3 ndasbus;NDAS Bus Driver;c:\windows\system32\drivers\ndasbus.sys [2005-02-09 38656]
R3 UltraMonMirror;UltraMonMirror;c:\windows\system32\drivers\UltraMonMirror.sys [2006-09-24 3584]
R4 FirebirdGuardianDefaultInstance;Firebird Guardian - DefaultInstance;c:\program files\Firebird\Firebird_1_5\bin\fbguard.exe -s –> c:\program files\Firebird\Firebird_1_5\bin\fbguard.exe -s [?]
R4 SocketLock;Raw Socket Lock Driver;c:\windows\system32\socketlock.sys [2007-03-24 3712]
R4 UltraMonUtility;UltraMon Utility Driver;c:\program files\Common Files\Realtime Soft\UltraMonMirrorDrv\x32\UltraMonUtility.sys [2006-09-24 11776]
S3 ndasscsi;NDAS SCSI Miniport Driver;c:\windows\system32\drivers\ndasscsi.sys [2005-02-09 90752]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\C]
\Shell\Auto\command - C:\SYSTEM.exe
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL SYSTEM.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{12376d43-90d0-11db-bb62-00105ac03c6d}]
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Recycled\ctfmon.exe
\Shell\Open(&0)\command - Recycled\ctfmon.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3fbd60b9-d51e-11dd-be9e-0009dd506f77}]
\Shell\Auto\command - I:\SYSTEM.exe
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL SYSTEM.exe
.
Inhoud van de 'Gedeelde Taken' map
2008-09-17 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 16:57]
2009-01-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1547161642-688789844-682003330-1003.job
- c:\documents and settings\Marc\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-18 00:18]
.
- - - - ORPHANS VERWIJDERD - - - -
HKLM-Run-WinampAgent - c:\program files\Winamp\winampa.exe
HKLM-Run-NWEReboot - (no file)
HKLM-Run-Cmaudio8788 - cmicnfgp.cpl
HKLM-RunServices-SchedulingAgent - c:\windows\system32\mstask.exe
.
——- Bijkomende Scan ——-
.
uStart Page = about:blank
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = localhost;*.local
uInternet Settings,ProxyServer = wwwproxy.xs4all.nl:8080
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
Trusted Zone: hyves.nl
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
FF - ProfilePath - c:\documents and settings\Marc\Application Data\Mozilla\Firefox\Profiles\gnrqcpyd.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - about:blank
FF - plugin: c:\documents and settings\Marc\Local Settings\Application Data\Google\Update\1.2.133.33\npGoogleOneClick7.dll
FF - plugin: c:\program files\K-Lite Codec Pack\QuickTime\Plugins\npqtplugin.dll
FF - plugin: c:\program files\K-Lite Codec Pack\QuickTime\Plugins\npqtplugin2.dll
FF - plugin: c:\program files\K-Lite Codec Pack\QuickTime\Plugins\npqtplugin3.dll
FF - plugin: c:\program files\K-Lite Codec Pack\QuickTime\Plugins\npqtplugin4.dll
FF - plugin: c:\program files\K-Lite Codec Pack\QuickTime\Plugins\npqtplugin5.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npitunes.dll
—- FIREFOX POLICIES —-
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDFE0BD779-44EE-4A4B-AA2E-743C63F2E5E6", "AllAccess";
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-24 22:08:39
Windows 5.1.2600 Service Pack 3 NTFS
scannen van verborgen processen …
scannen van verborgen autostart items …
scannen van verborgen bestanden …
Scan succesvol afgerond
verborgen bestanden: 0
**************************************************************************
.
——————— VERGRENDELDE REGISTER SLEUTELS ———————
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|ù•9~*]
"3140710900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
"3140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
.
——————— DLLs Geladen Onder Lopende Processen ———————
- - - - - - - > 'winlogon.exe'(756)
c:\windows\system32\Ati2evxx.dll
.
———————— Andere Aktieve Processen ————————
.
c:\windows\system32\ati2evxx.exe
c:\windows\system32\ati2evxx.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\CTSVCCDA.EXE
c:\program files\Firebird\Firebird_1_5\bin\fbguard.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\NDAS\System\ndassvc.exe
c:\program files\Analog Devices\SoundMAX\SMAgent.exe
c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
c:\windows\system32\MsPMSPSv.exe
c:\program files\Firebird\Firebird_1_5\bin\fbserver.exe
c:\windows\system32\rundll32.exe
c:\program files\UltraMon\UltraMonTaskbar.exe
c:\program files\PC Connectivity Solution\ServiceLayer.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\progra~1\MICROS~4\rapimgr.exe
c:\program files\Logitech\SetPoint\KHALMNPR.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
.
**************************************************************************
.
Voltooingstijd: 2009-01-24 22:18:52 - machine werd herstart
ComboFix-quarantined-files.txt 2009-01-24 21:18:45
Pre-Run: 13.058.347.008 bytes beschikbaar
Post-Run: 17,524,895,744 bytes beschikbaar
WindowsXP-KB310994-SP2-Pro-BootDisk-NLD.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=AlwaysOff
216 — E O F — 2009-01-13 20:50:37 - Ga naar Virustotal.com
Upload het volgende bestand door het volgende te kopiëren/plakken (dus niet via "Bladeren…" opzoeken!): [b:168bfa5171]c:\windows\system32\_SYSTEM.exe [/b:168bfa5171]
Wacht totdat het resultaat verschijnt. Post dit mee in je volgende reactie.
Download Flash_Disinfector.exe en plaats hem op je bureaublad: http://download.bleepingcomputer.com/sUBs/Flash_Disinfector.exe
Zorg dat de flasdrives / usbsticks / externe harde schijven ook ingestoken zijn.
Dubbelklik op Flash_Disinfector.exe om de tool te starten.
Als de tool klaar is, zal de computer opnieuw starten.
Open een kladblokbestand.
Kopieer de onderstaande code, en plak deze in het kladblokbestand. - hier het logje van virustotal.com:
Dit bestand is reeds gescanned:
MD5: e582f4b243f81b1af5db7f7ba434f6dc
First received: 2008.03.25 22:11:03 (CET)
Datum: 2008.11.08 11:05:50 (CET) [>77D]
Resultaat: 31/36
Permalink: analisis/616ba0781c522aa3fe8d1a3d033510d3
Bestand _SYSTEM.exe ontvangen op 2008.11.08 11:05:50 (CET)
Huidig status: Einde
Resultaat: 31/36 (86.11%)
Geformatteerd Resultaten afdrukken
Antivirus Versie Laatst geüpdatet Resultaat
AhnLab-V3 - - Win-Trojan/Hupigon.548443
AntiVir - - BDS/Backdoor.Gen
Authentium - - W32/Hupigon.C.gen!Eldorado
Avast - - Win32:Trojan-gen {Other}
AVG - - BackDoor.Hupigon4.SHV
BitDefender - - Backdoor.Hupigon.AXRD
CAT-QuickHeal - - Backdoor.Hupigon.aaxv
ClamAV - - -
DrWeb - - BackDoor.Pigeon.7031
eSafe - - Suspicious File
eTrust-Vet - - Win32/Dowque.GA
Ewido - - -
F-Prot - - W32/Hupigon.C.gen!Eldorado
F-Secure - - Backdoor.Win32.Hupigon.aaxv
Fortinet - - -
GData - - Backdoor.Hupigon.AXRD
Ikarus - - Backdoor.Hupigon
K7AntiVirus - - Backdoor.Win32.Hupigon.aoir
Kaspersky - - Backdoor.Win32.Hupigon.aaxv
McAfee - - BackDoor-AWQ
Microsoft - - Backdoor:Win32/Hupigon
NOD32 - - probably a variant of Win32/Hupigon
Norman - - W32/Hupigon.BGYS
Panda - - W32/Nuwar.C.worm
PCTools - - Trojan.Pakes.TO
Prevx1 - - -
Rising - - Backdoor.Win32.ShangXing.kd
SecureWeb-Gateway - - Trojan.Backdoor.Backdoor.Gen
Sophos - - Mal/Emogen-N
Sunbelt - - Trojan-Downloader.Win32.VB.ji
Symantec - - Trojan Horse
TheHacker - - Backdoor/Hupigon.aaxv
TrendMicro - - BKDR_HUPIGON.PSB
VBA32 - - -
ViRobot - - Backdoor.Win32.Hupigon.548443
VirusBuster - - Trojan.Pakes.TO
Extra informatie
MD5: e582f4b243f81b1af5db7f7ba434f6dc
SHA1: fa00d39cf963cbff371aca179d98bd59417ca1b1
SHA256: d5367cd02c4b4750fe84498196d442f29fca61b1cb75653550169af9bc8fd53e
SHA512: ba36d5d86c1ad26d4bae313bfd4b7274e38df768612c853e48e29fcc0920ed887de0ab3f0c3f1e064746e8d31a1991f1e778ef290ac72061ac4c8676cd3f7dd9
en het logje van combofix:
ComboFix 09-01-21.04 - Marc 2009-01-25 11:22:52.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1043.18.511.155 [GMT 1:00]
Gestart vanuit: c:\documents and settings\Marc\Bureaublad\ComboFix.exe
gebruikte Opdracht switches :: c:\documents and settings\Marc\Bureaublad\CFScript.txt
* Nieuw herstelpunt werd aangemaakt
.
(((((((((((((((((((( Bestanden Gemaakt van 2008-12-25 to 2009-01-25 ))))))))))))))))))))))))))))))
.
Geen nieuwe bestanden aangemaakt in deze periode
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-23 13:37 ——— d—–w c:\program files\Google
2009-01-23 11:05 ——— d—–w c:\program files\Spybot - Search & Destroy
2009-01-23 11:03 ——— d—–w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-01-23 11:01 ——— d—–w c:\program files\RTVSoftwareNL
2009-01-23 11:01 ——— d—–w c:\program files\iPod
2008-12-16 20:12 ——— d—–w c:\documents and settings\Marc\Application Data\Nokia Multimedia Player
2008-12-13 13:49 ——— d—–w c:\program files\Java
2008-12-11 10:57 333,952 —-a-w c:\windows\system32\drivers\srv.sys
2006-10-17 21:50 81,920 —-a-w c:\documents and settings\Marc\Application Data\ezpinst.exe
2006-10-17 21:50 47,360 -c–a-w c:\documents and settings\Marc\Application Data\pcouffin.sys
2006-06-02 19:18 7,856 -c–a-w c:\program files\hijackthis.log
2005-02-16 10:06 218,112 -c–a-w c:\program files\HijackThis.exe
2006-05-06 16:42 7,260,160 -c–a-w c:\program files\mozilla firefox\plugins\libvlc.dll
2007-10-11 19:56 548,443 –sh–w c:\windows\system32\_SYSTEM.exe
2008-08-24 01:12 32,768 –sha-w c:\windows\system32\config\systemprofile\Local Settings\Geschiedenis\History.IE5\MSHist012008082420080825\index.dat
.
((((((((((((((((((((((((((((( snapshot@2009-01-24_22.15.42.71 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-01-25 10:33:55 16,384 —-atw c:\windows\Temp\Perflib_Perfdata_230.dat
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MessengerPlus3"="c:\program files\MessengerPlus! 3\MsgPlus.exe" [2006-09-27 190024]
"LDM"="c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2006-06-13 36864]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-21 68856]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\Wcescomm.exe" [2006-11-13 1289000]
"msnmsgr"="c:\program files\MSN Messenger\msnmsgr.exe" [2007-01-19 5674352]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 204288]
"Google Update"="c:\documents and settings\Marc\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2008-09-18 133104]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2003-11-25 335872]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-13 136600]
"QuickTime Task"="c:\program files\K-Lite Codec Pack\QuickTime\qttask.exe" [2007-04-27 282624]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-05-05 185896]
"UltraMon"="c:\program files\UltraMon\UltraMon.exe" [2006-10-12 304640]
"PCSuiteTrayApplication"="c:\program files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2007-01-23 223232]
"CTHelper"="CTHELPER.EXE" [2003-08-28 c:\windows\system32\CTHELPER.EXE]
"NWTRAY"="NWTRAY.EXE" [2002-03-12 c:\windows\system32\nwtray.exe]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2004-06-08 c:\windows\KHALMNPR.Exe]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 c:\windows\system32\bthprops.cpl]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]
"PcSync"="c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2006-11-09 1634304]
c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\
AutoStart IR.lnk - c:\program files\WinTV\Ir.exe [2007-05-26 102455]
Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2006-06-13 196608]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\KEM.exe [2006-05-05 581632]
NDAS Device Management.lnk - c:\program files\NDAS\System\ndasmgmt.exe [2005-02-10 178688]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"CompatibleRUPSecurity"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.ctmp3"= c:\windows\System32\ctmp3.acm
"VIDC.3iv2"= 3ivxVfWCodec.dll
"VIDC.VP31"= vp31vfw.dll
"msacm.l3fhg"= mp3fhg.acm
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 nwv1_0
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"c:\\WINDOWS\\PCHEALTH\\HELPCTR\\Binaries\\helpctr.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"10264:TCP"= 10264:TCP:BitComet 10264 TCP
"10264:UDP"= 10264:UDP:BitComet 10264 UDP
"24842:TCP"= 24842:TCP:BitComet 24842 TCP
"24842:UDP"= 24842:UDP:BitComet 24842 UDP
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
R0 lpx;LPX Protocol;c:\windows\system32\drivers\lpx.sys [2005-02-09 109184]
R0 sojubus;sojubus;c:\windows\system32\drivers\sojubus.sys [2003-10-05 123520]
R0 sojuscsi;sojuscsi;c:\windows\system32\drivers\sojuscsi.sys [2003-09-28 5504]
R1 lfsfilt;Lean File Sharing;c:\windows\system32\drivers\lfsfilt.sys [2007-06-18 120704]
R3 cmudaxp;C-Media Oxygen HD Audio Interface;c:\windows\system32\drivers\cmudaxp.sys [2007-05-26 1393600]
R3 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance;c:\program files\Firebird\Firebird_1_5\bin\fbserver.exe -s –> c:\program files\Firebird\Firebird_1_5\bin\fbserver.exe -s [?]
R3 ndasbus;NDAS Bus Driver;c:\windows\system32\drivers\ndasbus.sys [2005-02-09 38656]
R3 ndasscsi;NDAS SCSI Miniport Driver;c:\windows\system32\drivers\ndasscsi.sys [2005-02-09 90752]
R3 UltraMonMirror;UltraMonMirror;c:\windows\system32\drivers\UltraMonMirror.sys [2006-09-24 3584]
R4 FirebirdGuardianDefaultInstance;Firebird Guardian - DefaultInstance;c:\program files\Firebird\Firebird_1_5\bin\fbguard.exe -s –> c:\program files\Firebird\Firebird_1_5\bin\fbguard.exe -s [?]
R4 SocketLock;Raw Socket Lock Driver;c:\windows\system32\socketlock.sys [2007-03-24 3712]
R4 UltraMonUtility;UltraMon Utility Driver;c:\program files\Common Files\Realtime Soft\UltraMonMirrorDrv\x32\UltraMonUtility.sys [2006-09-24 11776]
.
Inhoud van de 'Gedeelde Taken' map
2008-09-17 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 16:57]
2009-01-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1547161642-688789844-682003330-1003.job
- c:\documents and settings\Marc\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-18 00:18]
.
.
——- Bijkomende Scan ——-
.
uStart Page = about:blank
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = localhost;*.local
uInternet Settings,ProxyServer = wwwproxy.xs4all.nl:8080
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
Trusted Zone: hyves.nl
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
FF - ProfilePath - c:\documents and settings\Marc\Application Data\Mozilla\Firefox\Profiles\gnrqcpyd.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - about:blank
FF - plugin: c:\documents and settings\Marc\Local Settings\Application Data\Google\Update\1.2.133.33\npGoogleOneClick7.dll
FF - plugin: c:\program files\K-Lite Codec Pack\QuickTime\Plugins\npqtplugin.dll
FF - plugin: c:\program files\K-Lite Codec Pack\QuickTime\Plugins\npqtplugin2.dll
FF - plugin: c:\program files\K-Lite Codec Pack\QuickTime\Plugins\npqtplugin3.dll
FF - plugin: c:\program files\K-Lite Codec Pack\QuickTime\Plugins\npqtplugin4.dll
FF - plugin: c:\program files\K-Lite Codec Pack\QuickTime\Plugins\npqtplugin5.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npitunes.dll
—- FIREFOX POLICIES —-
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDFE0BD779-44EE-4A4B-AA2E-743C63F2E5E6", "AllAccess";
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-25 11:34:30
Windows 5.1.2600 Service Pack 3 NTFS
scannen van verborgen processen …
scannen van verborgen autostart items …
scannen van verborgen bestanden …
Scan succesvol afgerond
verborgen bestanden: 0
**************************************************************************
.
——————— VERGRENDELDE REGISTER SLEUTELS ———————
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|ù•9~*]
"3140710900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
"3140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
.
——————— DLLs Geladen Onder Lopende Processen ———————
- - - - - - - > 'winlogon.exe'(760)
c:\windows\system32\Ati2evxx.dll
.
———————— Andere Aktieve Processen ————————
.
c:\windows\system32\ati2evxx.exe
c:\windows\system32\ati2evxx.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\CTSVCCDA.EXE
c:\program files\Firebird\Firebird_1_5\bin\fbguard.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\NDAS\System\ndassvc.exe
c:\program files\Analog Devices\SoundMAX\SMAgent.exe
c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
c:\windows\system32\MsPMSPSv.exe
c:\program files\Firebird\Firebird_1_5\bin\fbserver.exe
c:\windows\system32\rundll32.exe
c:\program files\UltraMon\UltraMonTaskbar.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\progra~1\MICROS~4\rapimgr.exe
c:\program files\Logitech\SetPoint\KHALMNPR.exe
c:\program files\PC Connectivity Solution\ServiceLayer.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
.
**************************************************************************
.
Voltooingstijd: 2009-01-25 11:44:53 - machine werd herstart
ComboFix-quarantined-files.txt 2009-01-25 10:44:48
ComboFix2.txt 2009-01-24 21:18:56
Pre-Run: 16.966.332.416 bytes beschikbaar
Post-Run: 16,951,689,216 bytes beschikbaar
191 — E O F — 2009-01-13 20:50:37
thnx 4 sofar - Open een kladblokbestand.
Kopieer de onderstaande code, en plak deze in het kladblokbestand. - het combofix logje:
ComboFix 09-01-21.04 - Marc 2009-01-25 13:45:51.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1043.18.511.139 [GMT 1:00]
Gestart vanuit: c:\documents and settings\Marc\Bureaublad\ComboFix.exe
gebruikte Opdracht switches :: c:\documents and settings\Marc\Bureaublad\CFScript.txt
* Nieuw herstelpunt werd aangemaakt
FILE ::
c:\windows\system32\_SYSTEM.exe
.
(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\_SYSTEM.exe
.
(((((((((((((((((((( Bestanden Gemaakt van 2008-12-25 to 2009-01-25 ))))))))))))))))))))))))))))))
.
Geen nieuwe bestanden aangemaakt in deze periode
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-23 13:37 ——— d—–w c:\program files\Google
2009-01-23 11:05 ——— d—–w c:\program files\Spybot - Search & Destroy
2009-01-23 11:03 ——— d—–w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-01-23 11:01 ——— d—–w c:\program files\RTVSoftwareNL
2009-01-23 11:01 ——— d—–w c:\program files\iPod
2008-12-16 20:12 ——— d—–w c:\documents and settings\Marc\Application Data\Nokia Multimedia Player
2008-12-13 13:49 ——— d—–w c:\program files\Java
2008-12-11 10:57 333,952 —-a-w c:\windows\system32\drivers\srv.sys
2006-10-17 21:50 81,920 —-a-w c:\documents and settings\Marc\Application Data\ezpinst.exe
2006-10-17 21:50 47,360 -c–a-w c:\documents and settings\Marc\Application Data\pcouffin.sys
2006-06-02 19:18 7,856 -c–a-w c:\program files\hijackthis.log
2005-02-16 10:06 218,112 -c–a-w c:\program files\HijackThis.exe
2006-05-06 16:42 7,260,160 -c–a-w c:\program files\mozilla firefox\plugins\libvlc.dll
2008-08-24 01:12 32,768 –sha-w c:\windows\system32\config\systemprofile\Local Settings\Geschiedenis\History.IE5\MSHist012008082420080825\index.dat
.
((((((((((((((((((((((((((((( snapshot@2009-01-24_22.15.42.71 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-01-25 12:54:50 16,384 —-atw c:\windows\Temp\Perflib_Perfdata_224.dat
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MessengerPlus3"="c:\program files\MessengerPlus! 3\MsgPlus.exe" [2006-09-27 190024]
"LDM"="c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2006-06-13 36864]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-21 68856]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\Wcescomm.exe" [2006-11-13 1289000]
"msnmsgr"="c:\program files\MSN Messenger\msnmsgr.exe" [2007-01-19 5674352]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 204288]
"Google Update"="c:\documents and settings\Marc\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2008-09-18 133104]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2003-11-25 335872]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-13 136600]
"QuickTime Task"="c:\program files\K-Lite Codec Pack\QuickTime\qttask.exe" [2007-04-27 282624]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-05-05 185896]
"UltraMon"="c:\program files\UltraMon\UltraMon.exe" [2006-10-12 304640]
"PCSuiteTrayApplication"="c:\program files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2007-01-23 223232]
"CTHelper"="CTHELPER.EXE" [2003-08-28 c:\windows\system32\CTHELPER.EXE]
"NWTRAY"="NWTRAY.EXE" [2002-03-12 c:\windows\system32\nwtray.exe]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2004-06-08 c:\windows\KHALMNPR.Exe]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 c:\windows\system32\bthprops.cpl]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]
"PcSync"="c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2006-11-09 1634304]
c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\
AutoStart IR.lnk - c:\program files\WinTV\Ir.exe [2007-05-26 102455]
Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2006-06-13 196608]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\KEM.exe [2006-05-05 581632]
NDAS Device Management.lnk - c:\program files\NDAS\System\ndasmgmt.exe [2005-02-10 178688]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"CompatibleRUPSecurity"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.ctmp3"= c:\windows\System32\ctmp3.acm
"VIDC.3iv2"= 3ivxVfWCodec.dll
"VIDC.VP31"= vp31vfw.dll
"msacm.l3fhg"= mp3fhg.acm
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 nwv1_0
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"c:\\WINDOWS\\PCHEALTH\\HELPCTR\\Binaries\\helpctr.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"10264:TCP"= 10264:TCP:BitComet 10264 TCP
"10264:UDP"= 10264:UDP:BitComet 10264 UDP
"24842:TCP"= 24842:TCP:BitComet 24842 TCP
"24842:UDP"= 24842:UDP:BitComet 24842 UDP
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
R0 lpx;LPX Protocol;c:\windows\system32\drivers\lpx.sys [2005-02-09 109184]
R0 sojubus;sojubus;c:\windows\system32\drivers\sojubus.sys [2003-10-05 123520]
R0 sojuscsi;sojuscsi;c:\windows\system32\drivers\sojuscsi.sys [2003-09-28 5504]
R1 lfsfilt;Lean File Sharing;c:\windows\system32\drivers\lfsfilt.sys [2007-06-18 120704]
R3 cmudaxp;C-Media Oxygen HD Audio Interface;c:\windows\system32\drivers\cmudaxp.sys [2007-05-26 1393600]
R3 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance;c:\program files\Firebird\Firebird_1_5\bin\fbserver.exe -s –> c:\program files\Firebird\Firebird_1_5\bin\fbserver.exe -s [?]
R3 ndasbus;NDAS Bus Driver;c:\windows\system32\drivers\ndasbus.sys [2005-02-09 38656]
R3 ndasscsi;NDAS SCSI Miniport Driver;c:\windows\system32\drivers\ndasscsi.sys [2005-02-09 90752]
R3 UltraMonMirror;UltraMonMirror;c:\windows\system32\drivers\UltraMonMirror.sys [2006-09-24 3584]
R4 FirebirdGuardianDefaultInstance;Firebird Guardian - DefaultInstance;c:\program files\Firebird\Firebird_1_5\bin\fbguard.exe -s –> c:\program files\Firebird\Firebird_1_5\bin\fbguard.exe -s [?]
R4 SocketLock;Raw Socket Lock Driver;c:\windows\system32\socketlock.sys [2007-03-24 3712]
R4 UltraMonUtility;UltraMon Utility Driver;c:\program files\Common Files\Realtime Soft\UltraMonMirrorDrv\x32\UltraMonUtility.sys [2006-09-24 11776]
.
Inhoud van de 'Gedeelde Taken' map
2008-09-17 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 16:57]
2009-01-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1547161642-688789844-682003330-1003.job
- c:\documents and settings\Marc\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-18 00:18]
.
.
——- Bijkomende Scan ——-
.
uStart Page = about:blank
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = localhost;*.local
uInternet Settings,ProxyServer = wwwproxy.xs4all.nl:8080
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
Trusted Zone: hyves.nl
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
FF - ProfilePath - c:\documents and settings\Marc\Application Data\Mozilla\Firefox\Profiles\gnrqcpyd.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - about:blank
FF - plugin: c:\documents and settings\Marc\Local Settings\Application Data\Google\Update\1.2.133.33\npGoogleOneClick7.dll
FF - plugin: c:\program files\K-Lite Codec Pack\QuickTime\Plugins\npqtplugin.dll
FF - plugin: c:\program files\K-Lite Codec Pack\QuickTime\Plugins\npqtplugin2.dll
FF - plugin: c:\program files\K-Lite Codec Pack\QuickTime\Plugins\npqtplugin3.dll
FF - plugin: c:\program files\K-Lite Codec Pack\QuickTime\Plugins\npqtplugin4.dll
FF - plugin: c:\program files\K-Lite Codec Pack\QuickTime\Plugins\npqtplugin5.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npitunes.dll
—- FIREFOX POLICIES —-
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDFE0BD779-44EE-4A4B-AA2E-743C63F2E5E6", "AllAccess";
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-25 13:55:33
Windows 5.1.2600 Service Pack 3 NTFS
scannen van verborgen processen …
scannen van verborgen autostart items …
scannen van verborgen bestanden …
Scan succesvol afgerond
verborgen bestanden: 0
**************************************************************************
.
——————— VERGRENDELDE REGISTER SLEUTELS ———————
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|ù•9~*]
"3140710900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
"3140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
.
——————— DLLs Geladen Onder Lopende Processen ———————
- - - - - - - > 'winlogon.exe'(760)
c:\windows\system32\Ati2evxx.dll
.
———————— Andere Aktieve Processen ————————
.
c:\windows\system32\ati2evxx.exe
c:\windows\system32\ati2evxx.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\CTSVCCDA.EXE
c:\program files\Firebird\Firebird_1_5\bin\fbguard.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\NDAS\System\ndassvc.exe
c:\program files\Analog Devices\SoundMAX\SMAgent.exe
c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
c:\windows\system32\MsPMSPSv.exe
c:\program files\Firebird\Firebird_1_5\bin\fbserver.exe
c:\windows\system32\rundll32.exe
c:\program files\UltraMon\UltraMonTaskbar.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\progra~1\MICROS~4\rapimgr.exe
c:\program files\Logitech\SetPoint\KHALMNPR.exe
c:\program files\PC Connectivity Solution\ServiceLayer.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
.
**************************************************************************
.
Voltooingstijd: 2009-01-25 14:05:47 - machine werd herstart
ComboFix-quarantined-files.txt 2009-01-25 13:05:42
ComboFix2.txt 2009-01-25 10:44:57
ComboFix3.txt 2009-01-24 21:18:56
Pre-Run: 16.935.452.672 bytes beschikbaar
Post-Run: 16,910,675,968 bytes beschikbaar
197 — E O F — 2009-01-13 20:50:37 - Hoe staat het met de problemen?
- me schijven zien er weer goed uit,
op deze pc heb ik trouwens wel al enige tijd last dat CCC.exe niet afsluit wanneer ik de computer wil uitzetten, dan zie je in een fractie van een seconde een venster met zo'n balkje wat oploopt om hem af te sluiten
ik heb verder ook geen enkel idee wat voor iets het is
Beantwoord deze vraag
Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.
Gerelateerde vragen
- URL zonder extensie wil niet helemaal lukken
- https verbinding met ssl in owncloud
- afspelen met audacity werkt niet goed
- Computer!Totaal-forum maakt plaats voor v&a-module
- computer start soms niet op
- Pro show gold 4 overgangen tussen tekstdia's
- wie kan mij meer vertellen over een Gigabyte GA-B85M-HD3
- Windows Tijdelijke bestanden