Here we go again

[alBildjiekiyya]

Hoi,

op aanvraag van Rody_2_NL nadat hij geantwoord had op mijn bericht (http://www.minatica.be/showthread.php?t=50835), volgt hier het hijackthis logje.

• Logfile of Trend Micro HijackThis v2.0.2
  Scan saved at 13:49:48, on 25/12/2007
  Platform: Windows XP SP2 (WinNT 5.01.2600)
  MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
  Boot mode: Normal
• Running processes: C:\WINDOWS\System32\smss.exe
  C:\WINDOWS\system32\winlogon.exe
  C:\WINDOWS\system32\services.exe
  C:\WINDOWS\system32\lsass.exe
  C:\WINDOWS\system32\svchost.exe
  C:\WINDOWS\System32\svchost.exe
  C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
  C:\Program Files\Alwil Software\Avast4\ashServ.exe
  C:\WINDOWS\system32\spoolsv.exe
  C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
  C:\WINDOWS\system32\nvsvc32.exe
  C:\WINDOWS\system32\PnkBstrA.exe
  C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
  C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
  C:\WINDOWS\Explorer.EXE
  C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
  C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
  C:\Program Files\Microsoft IntelliType Pro\type32.exe
  C:\Program Files\Microsoft IntelliPoint\point32.exe
  C:\WINDOWS\SOUNDMAN.EXE
  C:\WINDOWS\system32\RUNDLL32.EXE
  C:\WINDOWS\system32\ctfmon.exe
  C:\Program Files\SMC\SMC2802W 2.4GHz 54 Mbps Wireless PCI Adapter\Installer\WINXP\SMC11GMonitor.exe
  C:\Program Files\Mozilla Firefox\firefox.exe
  C:\WINDOWS\system32\wuauclt.exe
  C:\WINDOWS\system32\svchost.exe
  C:\Program Files\MSN Messenger\usnsvc.exe
  C:\WINDOWS\system32\epdfvxdebo.exe
  C:\WINDOWS\system32\msiexec.exe
  C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
  
  R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
  O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
  O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
  O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
  O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
  O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
  O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
  O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
  O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
  O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
  O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
  O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
  O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
  O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
  O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
  O4 - HKLM\..\Run: [epdfvxdebo] C:\WINDOWS\system32\epdfvxdebo.exe
  O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
  O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
  O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
  O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
  O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
  O4 - Global Startup: SMC2802W 54Mbps WLAN Monitor.lnk = C:\Program Files\SMC\SMC2802W 2.4GHz 54 Mbps Wireless PCI Adapter\Installer\WINXP\SMC11GMonitor.exe
  O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
  O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
  O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe
  O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
  O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
  O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
  O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
  O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
  O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
  O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
  O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
  O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
  O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
  O23 - Service: Print Spooler Service (iyhwwuqcye) - Unknown owner - C:\WINDOWS\system32\m.exe
  O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
  O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
  
  --
  End of file - 5443 bytes

Groet,

I.

[Rosty]

Hoi,

Download SDFix en sla het progje op naar je bureaublad.

Dubbelklik SDFix.exe en kies Install om het uit te pakken. Versie 1.40 en hoger zal de uitgepakte SDFix map automatisch naar je systeemdrive verplaatsen (waarschijnlijk hier: C:\SDFix).
Herstart de pc in de veilige modus.
Safe mode for Windows XP

• Herstart de computer
• Zodra uw computer klaar is met het laden van de BIOS (zwarte scherm en witte letters, of een ander beginscherm)en vlak voordat Windows wordt geladen
• Tap op de F8-toets (of de F5)-toets totdat u in het Windows option-menu terechtkomt
• Kies hier voor opstarten in veilige modus (Safe mode) door het gebruik van de pijltjestoetsen en daarna Enter
  
• Open de uitgepakte SDFix folder (meestal hier te vinden: C:\SDFix) en dubbelklik RunThis.bat om het script te starten.
• Typ Y en klik enter om het schoonmaakproces te starten.
• Er zullen Trojan Services en/of Registry Entries worden verwijderd als ze worden gevonden en je zult een toets voor herstart moeten indrukken.
• De computer zal dan herstarten; dit duurt langer dan gewoonlijk.
• De Fixtool zal opnieuw gaan werken en het verwijderingproces vervolgen, dan wordt Finished, getoond, wacht geduldig af totdat je weer een toets moeten indrukken om het script te beëindigen en je bureaubladiconen weer te laden.
• Zodra je bureaublad weer normaal is zal het SDFix report openen en ook te vinden zijn in de SDFix folder als Report.txt.
• Copy/paste de inhoud van dit report Report.txt in je volgende antwoord hier samen met een nieuw HijackThis log

[alBildjiekiyya]

SDFix: Version 1.121

Run by [...] on di 01/01/2008 at 21:26

Microsoft Windows XP [versie 5.1.2600]

Running From: C:\PROGRA~1\SDFix

Safe Mode:
Checking Services:

Name:
iyhwwuqcye

Path:
C:\WINDOWS\system32\m.exe /service

iyhwwuqcye - Deleted



Restoring Windows Registry Values
Restoring Windows Default Hosts File

Rebooting...


Normal Mode:
Checking Files:

Trojan Files Found:

C:\WINDOWS\SYSTEM32\EPDFVX~1.EXE - Deleted
C:\WINDOWS\SYSTEM32\M.EXE - Deleted
C:\DOCUME~1\[...]\LOCALS~1\Temp\GLFCD.tmp.dll - Deleted
C:\DOCUME~1\[...]\LOCALS~1\Temp\GLFD.tmp.dll - Deleted
C:\DOCUME~1\[...]\LOCALS~1\Temp\GLFE1.tmp.dll - Deleted




Removing Temp Files...

ADS Check:

C:\WINDOWS
No streams found.

C:\WINDOWS\system32
No streams found.

C:\WINDOWS\system32\svchost.exe
No streams found.

C:\WINDOWS\system32\ntoskrnl.exe
No streams found.



Final Check:

catchme 0.3.1333.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-01 21:33:41
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\sptd\Cfg]
"s1"=dword:2df9c43f
"s2"=dword:110480d0
"h0"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools Lite\"
"h0"=dword:00000000
"khjeh"=hex:46,3a,47,4a,ef,97,35,47,0a,9b,36,a4,d4 ,15,50,8e,15,3c,a5,c5,90,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000 001]
"a0"=hex:20,01,00,00,4d,f3,15,6a,0a,c9,02,81,95,67 ,48,61,1b,b5,67,ae,b3,..
"khjeh"=hex:ba,0e,b2,44,1f,44,53,f7,29,bc,5c,d0,90 ,32,4b,83,70,28,93,c0,af,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000 001\0Jf40]
"khjeh"=hex:1a,a7,28,41,e0,26,94,bf,9a,60,9f,6f,d7 ,4e,71,c6,52,34,ed,46,82,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\s ptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools Lite\"
"h0"=dword:00000000
"khjeh"=hex:46,3a,47,4a,ef,97,35,47,0a,9b,36,a4,d4 ,15,50,8e,15,3c,a5,c5,90,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\s ptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,4d,f3,15,6a,0a,c9,02,81,95,67 ,48,61,1b,b5,67,ae,b3,..
"khjeh"=hex:ba,0e,b2,44,1f,44,53,f7,29,bc,5c,d0,90 ,32,4b,83,70,28,93,c0,af,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\s ptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\ 0Jf40]
"khjeh"=hex:1a,a7,28,41,e0,26,94,bf,9a,60,9f,6f,d7 ,4e,71,c6,52,34,ed,46,82,..

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


Remaining Services:
------------------



Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\servic es\sharedaccess\parameters\firewallpolicy\standard profile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\syste m32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr .exe"="C:\\WINDOWS\\pchealth\\helpctr\\binaries\\H elpCtr.exe:*:Enabled:Hulp op afstand - Windows Messenger en spraak"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Program Files\\Paltalk Messenger\\paltalk.exe"="C:\\Program Files\\Paltalk Messenger\\paltalk.exe:*:Enabled:PaltalkScene"
"C:\\Program Files\\VoipStunt.com\\VoipStunt\\VoipStunt.exe"="C :\\Program Files\\VoipStunt.com\\VoipStunt\\VoipStunt.exe:*:E nabled:VoipStunt"
"C:\\WINDOWS\\system32\\dpvsetup.exe"="C:\\WINDOWS \\system32\\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"C:\\WINDOWS\\system32\\rundll32.exe"="C:\\WINDOWS \\system32\\rundll32.exe:*:Enabled:Een DLL-bestand als toepassing starten"
"C:\\Program Files\\Sierra\\FEARCombat\\fpupdate.exe"="C:\\Prog ram Files\\Sierra\\FEARCombat\\fpupdate.exe:*:Enabled: fpupdate"
"C:\\Program Files\\uTorrent\\uTorrent.exe"="C:\\Program Files\\uTorrent\\uTorrent.exe:*:Enabled:æTorrent"
"C:\\Program Files\\NCH Swift Sound\\Talk\\talk.exe"="C:\\Program Files\\NCH Swift Sound\\Talk\\talk.exe:*:Enabled:Express Talk"
"C:\\Program Files\\The Creative Assembly\\Rome - Total War\\RomeTW.exe"="C:\\Program Files\\The Creative Assembly\\Rome - Total War\\RomeTW.exe:*:Enabled:Rome: Total War"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\servic es\sharedaccess\parameters\firewallpolicy\domainpr ofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\syste m32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

Remaining Files:
---------------

File Backups: - C:\PROGRA~1\SDFix\backups\backups.zip

Files with Hidden Attributes:

Wed 4 Aug 2004 93,184 A.SH. --- "C:\Program Files\Internet Explorer\IEXPLORE.EXE"
Wed 13 Oct 2004 1,694,208 ..SH. --- "C:\Program Files\Messenger\msmsgs.exe"
Wed 4 Aug 2004 60,416 A.SH. --- "C:\Program Files\Outlook Express\msimn.exe"
Wed 3 May 2006 163,328 ..SHR --- "C:\WINDOWS\system32\flvDX.dll"
Wed 21 Feb 2007 31,232 ..SHR --- "C:\WINDOWS\system32\msfDX.dll"
Sun 26 Jun 2005 616,448 ..SHR --- "C:\Program Files\eRightSoft\SUPER\cygwin1.dll"
Tue 21 Jun 2005 45,568 ..SHR --- "C:\Program Files\eRightSoft\SUPER\cygz.dll"
Thu 13 Dec 2007 72,704 ..SHR --- "C:\Program Files\eRightSoft\SUPER\Setup.exe"
Fri 27 Oct 2006 15,360 A.SHR --- "C:\Program Files\eRightSoft\SUPER\_Setup.dll"
Tue 4 Jun 2002 84,992 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\14_43260.dll"
Tue 4 Jun 2002 44,032 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\28_83260.dll"
Tue 10 Dec 2002 73,766 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\atrc3260.dll"
Tue 10 Dec 2002 65,575 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\cook3260.dll"
Sun 9 Jun 2002 36,864 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\ddnt3260.dll"
Tue 4 Jun 2002 20,480 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\dnet3260.dll"
Tue 10 Dec 2002 102,437 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\drv13260.dll"
Tue 10 Dec 2002 176,165 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\drv23260.dll"
Tue 10 Dec 2002 208,935 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\drv33260.dll"
Tue 10 Dec 2002 217,127 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\drv43260.dll"
Sun 9 Jun 2002 40,448 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\dspr3260.dll"
Sat 3 Nov 2001 225,280 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\ivvideo.dll"
Tue 10 Apr 2001 225,280 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\qtmlClient.dll"
Fri 20 Feb 2004 232,960 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\raac.dll"
Sun 9 Jun 2002 525,824 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\rnco3260.dll"
Tue 10 Dec 2002 245,805 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\rnlt3260.dll"
Tue 10 Dec 2002 45,093 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\rv103260.dll"
Tue 10 Dec 2002 98,341 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\rv203260.dll"
Tue 10 Dec 2002 94,247 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\rv303260.dll"
Tue 10 Dec 2002 90,151 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\rv403260.dll"
Tue 10 Dec 2002 102,439 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\sipr3260.dll"
Sun 9 Jun 2002 49,152 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\tokr3260.dll"
Fri 7 Dec 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\b8d5769e d022fab7a177db7759e6a27b\BIT2.tmp"
Fri 7 Dec 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\ba05f11a 8264e17c096210906e201b1b\BIT1.tmp"
Wed 15 Nov 2006 38,400 A..H. --- "C:\Documents and Settings\[...]\Bureaublad\Documenten van A-Buroblad\rhabdomyolysis\Reviews\~WRL3162.tmp"
Wed 15 Nov 2006 38,400 A..H. --- "C:\Documents and Settings\[...]\Bureaublad\Documenten van A-Buroblad\rhabdomyolysis\Reviews\~WRL3213.tmp"
Sat 11 Nov 2006 28,160 A..H. --- "C:\Documents and Settings\[...]\Bureaublad\Documenten van A-Buroblad\rhabdomyolysis\Reviews\~WRL3870.tmp"

Finished!

[alBildjiekiyya]

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:42:08, on 1/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SMC\SMC2802W 2.4GHz 54 Mbps Wireless PCI Adapter\Installer\WINXP\SMC11GMonitor.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: SMC2802W 54Mbps WLAN Monitor.lnk = C:\Program Files\SMC\SMC2802W 2.4GHz 54 Mbps Wireless PCI Adapter\Installer\WINXP\SMC11GMonitor.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

--
End of file - 5168 bytes

[alBildjiekiyya]

Hoi,

ik merk op dat ik op mijn bureaublad ook nog zo'n 'catchme' file heb. Effe posten, maar dan heb ik het ge-upload. Want als het van geen belang is, dan staat het niet in de weg. En als je het nodig hebt, kun je het alsnog downloaden. Ik weet niet of het normaal is dat SDFix zo'n bestandje achterlaat?

http://nl.swoopshare.com/file/7440bf...atchme&lang=nl


Groet,

I.

[Rosty]

Oeps post niet gezien!! Sorry, even controleren.

[Rosty]

Hoi,
die file mag je verwijderen hoor, is van Daemen tools .
Doe dit eens:

Download hier MSNFix by BendeBoy (Mirror) en sla het op je bureaublad.
Dubbelklik MSNFix.exe, er zal nu een icoontje op je bureaublad verschijnen.

Dubbelklik het icoontje "Start MSNFix"en laat het zijn gang gaan.
(Indien je meldingen krijgt van je scanner e.d. sta dit toe).

Het bestand gaat zijn taken uitvoeren, je hoeft ondertussen niets te doen. Zodra het klaar is en eventueel na herstart zal het een rapport openen (C:\MSNFix.txt). Post deze in je volgende reactie.

[alBildjiekiyya]

Top, ik zal het meteen doen. Dus geen HiJackThis-logje voor zover ik begrijpend kan lezen.

[alBildjiekiyya]

------------- BENDEBOYS MSNFIX RAPORT -------------
- Version: 3.6.0.10 - Last Update: 26/12/07
- Scan performed on: wo 02/01/2008 - 19:17:01,82 By Iones
- Bootmode: Normal Mode

It is possible to complain about messenger virusses.
Visit MalwareComplaints.com for more information!

Het is mogelijk om uw beklag te doen tegen messenger

virussen.
Bezoek MalwareComplaints.com voor meer informatie.


((((((((((((((( CREATED FILES LAST MONTH )))))))))))))))

2008-01-02 -18:22:10 - A.S.. "C:\WINDOWS\bootstat.dat"
2007-12-05 -19:05:08 - A.... "C:\WINDOWS\mozver.dat"
2007-12-05 -18:37:26 - A.... "C:\WINDOWS\nsreg.dat"
2007-12-04 -14:04:28 - A.... "C:\WINDOWS\system32

\aswBoot.exe"
2007-12-04 -13:54:04 - A.... "C:\WINDOWS\system32

\AVASTSS.scr"
2007-12-05 -19:16:56 - A.... "C:\WINDOWS\system32

\BD2030.DAT"
2007-12-16 - 0:12:28 - A.... "C:\WINDOWS\system32

\CmdLineExt.dll"
2007-12-12 -14:49:46 - A.... "C:\WINDOWS\system32

\d3d8caps.dat"
2007-11-13 -11:44:14 - A.... "C:\WINDOWS\system32

\D3DX9_29.DLL"
2007-12-13 - 3:07:06 - A.... "C:\WINDOWS\system32

\DataRnvx.dat"
2007-12-05 -17:10:56 - A.... "C:\WINDOWS\system32

\emptyregdb.dat"
2007-12-30 -19:03:02 - A.... "C:\WINDOWS\system32

\FNTCACHE.DAT"
2008-01-01 -23:25:28 - A.... "C:\WINDOWS\system32

\guard32.dll"
2008-01-02 -18:26:32 - A.... "C:\WINDOWS\system32

\perfc009.dat"
2008-01-02 -18:26:32 - A.... "C:\WINDOWS\system32

\perfc013.dat"
2008-01-02 -18:26:32 - A.... "C:\WINDOWS\system32

\perfh009.dat"
2008-01-02 -18:26:32 - A.... "C:\WINDOWS\system32

\perfh013.dat"
2007-12-09 -10:12:54 - A.... "C:\WINDOWS\system32

\pncrt.dll"
2007-12-09 -10:12:58 - A.... "C:\WINDOWS\system32

\pndx5016.dll"
2007-12-09 -10:12:58 - A.... "C:\WINDOWS\system32

\pndx5032.dll"
2007-12-06 - 5:16:34 - A.... "C:\WINDOWS\system32

\PnkBstrA.exe"
2007-12-22 -19:17:56 - A.... "C:\WINDOWS\system32

\PnkBstrB.exe"
2007-12-09 -10:13:06 - A.... "C:\WINDOWS\system32

\rmoc3260.dll"
2007-11-13 -11:44:14 - A.... "C:\WINDOWS\system32

\xinput9_1_0.dll"
2008-01-02 -18:21:26 - A..H. "C:\Documents and

Settings\[...]\NTUSER.DAT"
2007-12-16 - 0:37:56 - A.... "C:\Program Files\MSN

Messenger\msimg32.dll"

((((((((((((((( FOUND FILES )))))))))))))))

!! BEFORE FIX !!

C:\WINDOWS\System32\javaws.exe

!! AFTER FIX !!


((((((((((((((( ShellServiceObjectDelayLoad )))))))))))))))

"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"

---------- END OF LOG ----------

[Rosty]

Sorry voor het late antwoord.
Dat ziet er goed uit hoor.
Nog problemen?