Volledige versie bekijken : Nazicht logje aub
Phil O'Sophe 10 February 2008, 15:40 Naar aanleiding van een post van 8/2/08 (in Beveiliging) hier een logje;
http://www.minatica.be/showthread.php?t=51818
Graag een nazicht als het eens past aub.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:33:10, on 10/02/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\pctspk.exe
C:\Program Files\SPAMfighter\sfus.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Tablet.exe
C:\Program Files\RealVNC\VNC4\WinVNC4.exe
C:\WINDOWS\system32\WTablet\TabUserW.exe
C:\WINDOWS\system32\Tablet.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\TV PVR\RecSche.exe
C:\Program Files\Browser MOUSE\mouse32a.exe
C:\Program Files\Muiltmedia keyboard Utility\1.3\KbdAp32A.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\PROGRA~1\HEWLET~1\HPSHAR~1\hpgs2wnf.exe
C:\WINDOWS\mHotkey.exe
C:\Program Files\SPAMfighter\SFAgent.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\Hewlett-Packard\AiO\hp psc 700 series\Bin\hpobrt07.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\PROGRA~1\HEWLET~1\AiO\Shared\Bin\hpoevm07.exe
C:\Program Files\Hewlett-Packard\AiO\Shared\bin\hpOSTS07.exe
C:\WINDOWS\system32\remote.exe
C:\WINDOWS\system32\hpoipm07.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://breedband.telenet.be
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://breedband.telenet.be
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://breedband.telenet.be
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Telenet Internet
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
F2 - REG:system.ini: UserInit=C:\WINDOWS\regedit /s C:\pav.reg,C:\WINDOWS\system32\pavdr.exe,C:\WINDOW S\system32\userinit.exe,
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar5.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\sw g.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar5.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [LVRemote] C:\WINDOWS\system32\remote.exe
O4 - HKLM\..\Run: [RecSche] "C:\Program Files\TV PVR\RecSche.exe"
O4 - HKLM\..\Run: [FLMOFFICE4DMOUSE] C:\Program Files\Browser MOUSE\mouse32a.exe
O4 - HKLM\..\Run: [FLMK08KB] C:\Program Files\Muiltmedia keyboard Utility\1.3\KbdAp32A.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [CHotkey] mHotkey.exe
O4 - HKLM\..\Run: [SPAMfighter Agent] "C:\Program Files\SPAMfighter\SFAgent.exe" update delay 60
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'Lokale service')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: OneNote 2007 Schermopname en Snel starten.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Herinneringen van Microsoft Works Agenda.lnk = ?
O4 - Global Startup: HPAiODevice(hp psc 700 series) - 1.lnk = C:\Program Files\Hewlett-Packard\AiO\hp psc 700 series\Bin\hpobrt07.exe
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.telenet.be
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1100886920999
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1126378158187
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe
O23 - Service: SPAMfighter Update Service - SPAMfighter ApS - C:\Program Files\SPAMfighter\sfus.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe
O23 - Service: VNC Server Version 4 (WinVNC4) - RealVNC Ltd. - C:\Program Files\RealVNC\VNC4\WinVNC4.exe
--
End of file - 9488 bytes
Met dank!
DJ Inpossible 10 February 2008, 15:54 Gebruik je nog software van Symantec?
Zegt het programma LVRemote jou iets? Zoniet, doe het volgende:
Ga naar www.virustotal.com
In het upload venster, kopieer onderstaande dikgedrukte tekst:
C:\WINDOWS\system32\remote.exe
Klik vervolgens op 'Bestand verzenden'.
Plaats de uitslag in je volgende bericht.
Phil O'Sophe 10 February 2008, 21:53 Gebruik je nog software van Symantec?
Zegt het programma LVRemote jou iets? Zoniet, doe het volgende:
Ga naar www.virustotal.com (http://www.virustotal.com)
In het upload venster, kopieer onderstaande dikgedrukte tekst:
C:\WINDOWS\system32\remote.exe
Klik vervolgens op 'Bestand verzenden'.
Plaats de uitslag in je volgende bericht.
Ga ik zeker doen DJ ! :bow:
DJ Inpossible 10 February 2008, 23:38 Prima, dan zie ik het vanzelf :)
Phil O'Sophe 11 February 2008, 15:10 Prima, dan zie ik het vanzelf :)
Dit is de hoofding van het resultaat (= een screenshot van het bulletin).
Heb ook het volledige indien nodig.
En: wat zou er nog van Symantec kunnen zijn?
http://img156.imageshack.us/img156/6862/resultqp3.jpg
Ik veronderstel dat die rode 0 op fouten slaat, of niet?
DJ Inpossible 11 February 2008, 22:15 Ik zie nog een restje van Symantec draaien, die ruimen we later wel op.
Ik dnek dat de upload niet goed is gegaan, is dit alles wat je krijgt?
Kan je het nog eens proberen op deze site: http://virusscan.jotti.org/
Phil O'Sophe 12 February 2008, 23:28 Hier is dan die andere scan DJ:
http://img137.imageshack.us/img137/6123/tweedescanwx8.jpg
Dank voor de hulp!
Phil O'Sophe 14 February 2008, 21:56 Heeft er niemand commentaar bij dit logje hierboven?
DJ Inpossible 14 February 2008, 22:14 Excuus, ik heb je logfile beetje over het hoofd gezien.
1. Start Hijackthis, kies voor 'Do a system scan only' en vink onnderstaande regels aan:
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
F2 - REG:system.ini: UserInit=C:\WINDOWS\regedit /s C:\pav.reg,C:\WINDOWS\system32\pavdr.exe,C:\WINDOW S\system32\userinit.exe,
O4 - HKLM\..\Run: [LVRemote] C:\WINDOWS\system32\remote.exe
Sluit alle openstaande vensters en klik op 'Fix checked'
2. Download Combofix (http://download.bleepingcomputer.com/sUBs/ComboFix.exe) naar je bureaublad
Indien je Combofix al eerder hebt gebruikt, gelieve die versie te verwijderen en Combofix opnieuw te downloaden via bovenstaande link, want Combofix wordt dagelijks geupdate.
OPMERKING: indien je, tijdens of na het downloaden van Combofix of tijdens het gebruik van Combofix een melding krijgt van je Antivirus- of een andere realtime scanner, schakel dan deze scanner uit en download Combofix opnieuw. Sommige scanners zien bepaalde componenten die Combofix gebruikt als verdacht en gaan deze blokkeren of verwijderen!
Dubbelklik op combofix.exe
Kies voor "Continue" door 1 te typen gevolgd door ENTER.
Tijdens het runnen van de fix, NIET in het venster klikken, want dit zal je pc doen vasthangen.
Wanneer de fix voltooid is en na herstart, zal de log combofix.txt openen.
Plaats in je volgende antwoord het logje van combofix (combofix.txt) tesamen met een vers Hijackthis log.
Phil O'Sophe 15 February 2008, 19:28 Als ik geen blunders heb begaan zou het dit moeten zijn DJ:
NB: voor dat ik je bericht gelezen had, en dus dit hieronder nog niet
had uitgevoerd, had ik deze voormiddag wel al CCleaner, SpyBot en
Ad-aware gerund.
1) Combofix
=========
ComboFix 08-02-15.2 - Eigenaar 2008-02-15 18:00:55.1 - NTFSx86
Gestart vanuit: C:\Documents and Settings\Eigenaar\Bureaublad\ComboFix.exe
* Nieuw herstelpunt werd aangemaakt
WAARSCHUWING - DE RECOVERY CONSOLE IS NIET OP DIT SYSTEEM GEINSTALLEERD !!
.
(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
----- BITS: Mogelijk geïnfecteerde sites -----
hxxp://au.download.windowsupdate.c
.
(((((((((((((((((((( Bestanden Gemaakt van 2008-01-15 to 2008-02-15 ))))))))))))))))))))))))))))))
.
2008-02-15 17:27 . 2008-02-15 17:54 <DIR> dr-h----- C:\Documents and Settings\Eigenaar\Onlangs geopend
2008-02-14 18:23 . 2008-02-14 18:23 <DIR> d-------- C:\Program Files\Common Files\xing shared
2008-02-14 18:22 . 2008-02-14 18:22 <DIR> d-------- C:\Program Files\Real
2008-02-14 18:22 . 2008-02-14 18:23 <DIR> d-------- C:\Program Files\Common Files\Real
2008-02-13 21:03 . 2008-02-15 17:20 <DIR> d-------- C:\Documents and Settings\Eigenaar\Application Data\VersionTracker Pro
2008-02-13 21:02 . 2008-02-13 21:02 <DIR> d-------- C:\Program Files\TechTracker
2008-02-13 11:11 . 2008-02-14 13:06 390 --a------ C:\WINDOWS\system32\drivers\fwdrv.err
2008-02-11 21:15 . 2008-02-11 21:15 <DIR> d-------- C:\Program Files\Sunbelt Software
2008-02-10 13:55 . 2008-02-10 13:55 <DIR> d-------- C:\Program Files\Trend Micro
2008-01-26 18:38 . 2008-01-26 18:38 <DIR> d-------- C:\Program Files\1st AutoRun Express
2008-01-23 21:30 . 2008-02-15 17:17 <DIR> d-------- C:\Documents and Settings\Eigenaar\Application Data\WTablet
2008-01-23 21:30 . 2007-03-30 16:51 2,659,888 --------- C:\WINDOWS\system32\PenTablet.cpl
2008-01-23 21:30 . 2007-03-30 16:45 1,378,779 --------- C:\WINDOWS\system32\PenTablet.znc
2008-01-23 21:30 . 2004-08-04 01:03 21,504 --a------ C:\WINDOWS\system32\hidserv.dll
2008-01-23 21:30 . 2004-08-04 01:03 21,504 --a--c--- C:\WINDOWS\system32\dllcache\hidserv.dll
2008-01-23 21:30 . 2004-08-04 00:57 14,848 --a------ C:\WINDOWS\system32\drivers\kbdhid.sys
2008-01-23 21:30 . 2004-08-04 00:57 14,848 --a--c--- C:\WINDOWS\system32\dllcache\kbdhid.sys
2008-01-23 21:30 . 2007-02-15 15:11 11,440 --a------ C:\WINDOWS\system32\drivers\WacomVKHid.sys
2008-01-23 21:29 . 2008-01-23 21:29 <DIR> d-------- C:\WINDOWS\system32\WTablet
2008-01-23 21:29 . 2008-01-23 21:30 <DIR> d-------- C:\Program Files\Tablet
2008-01-23 21:29 . 2007-03-30 17:06 1,189,424 --------- C:\WINDOWS\system32\Tablet.exe
2008-01-23 21:29 . 2007-03-30 16:38 124,464 --------- C:\WINDOWS\system32\Wintab32.dll
2008-01-23 21:29 . 2007-02-16 09:30 12,848 --a------ C:\WINDOWS\system32\drivers\wacomvhid.sys
2008-01-23 21:29 . 2001-09-06 19:04 12,288 --a------ C:\WINDOWS\system32\drivers\mouhid.sys
2008-01-23 21:29 . 2001-09-06 19:04 12,288 --a--c--- C:\WINDOWS\system32\dllcache\mouhid.sys
2008-01-23 21:29 . 2007-02-16 10:12 11,312 --a------ C:\WINDOWS\system32\drivers\wacommousefilter.sys
2008-01-23 21:29 . 2001-08-17 22:02 9,600 --a------ C:\WINDOWS\system32\drivers\hidusb.sys
2008-01-23 21:29 . 2001-08-17 22:02 9,600 --a--c--- C:\WINDOWS\system32\dllcache\hidusb.sys
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2008-02-15 16:43 --------- d-----w C:\Program Files\SPAMfighter
2008-02-15 16:26 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-02-15 15:04 --------- d-----w C:\Program Files\AdVantage
2008-02-15 14:23 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-02-07 10:34 --------- d-----w C:\Documents and Settings\Eigenaar\Application Data\AVG7
2008-01-29 20:37 --------- d-----w C:\Program Files\Common Files\Adobe
2008-01-23 20:36 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-23 20:36 --------- d-----w C:\Program Files\ArcSoft
2008-01-17 10:58 --------- d-----w C:\Program Files\Yahoo!
2008-01-02 12:18 --------- d-----w C:\Documents and Settings\Eigenaar\Application Data\ArcSoft
2008-01-01 17:12 --------- d-----w C:\Documents and Settings\Eigenaar\Application Data\DAEMON Tools
2008-01-01 17:00 --------- d-----w C:\Program Files\DAEMON Tools Lite
2008-01-01 16:46 715,248 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
2007-12-23 18:06 --------- d-----w C:\Program Files\Common Files\ArcSoft
2007-12-23 18:00 --------- d-----w C:\Program Files\USB video device
2007-12-18 16:16 --------- d-----w C:\Program Files\HijackTh
2007-12-18 16:07 765 ----a-w C:\Program Files\Snelkoppeling naar HijackThis.exe.lnk
2007-12-18 09:51 179,584 ----a-w C:\WINDOWS\system32\drivers\mrxdav.sys
2007-12-07 02:18 824,832 ----a-w C:\WINDOWS\system32\wininet.dll
2007-12-04 18:42 550,912 --sh--w C:\WINDOWS\system32\oleaut32.dll
2007-05-23 10:04 493,160 ----a-w C:\Program Files\incredimail_install.exe
2007-02-13 11:21 1,903 ----a-w C:\Program Files\uninstal.log
2006-11-18 19:48 92,360 ----a-w C:\Documents and Settings\Eigenaar\Application Data\errorsafedutchnewreleaseinstall[1].exe
2006-08-11 11:31 1,468,464 ----a-w C:\Program Files\ccsetup132.exe
2006-06-13 19:33 5,118 ----a-w C:\Program Files\0x0413.ini
2006-01-16 19:24 1,291,040 ----a-w C:\Program Files\WindowsXP-KB823980-x86-ENU.exe
2006-01-12 17:42 4,480,144 ----a-w C:\Program Files\Alcohol120_trial_1_9_5_3105.exe
2006-01-12 16:29 239,983 ----a-w C:\Program Files\aspi32v4.60.zip
2005-12-30 15:24 1,281,160 ----a-w C:\Program Files\registryrepair_rrse03.exe
2005-12-14 19:43 573,424 ----a-w C:\Program Files\GoogleToolbarInstaller.exe
2005-11-20 18:11 3,200,856 ----a-w C:\Program Files\hitmanpro221.exe
2005-10-26 10:48 777 ----a-w C:\Program Files\trial_setup.ini
2005-10-26 10:48 5,126,656 ----a-w C:\Program Files\trial_setup.msi
2005-08-31 16:24 34,235,626 ----a-w C:\Program Files\Nero-6.6.0.16.exe
2005-08-13 19:10 6,479,824 ----a-w C:\Program Files\MsnSearchToolbarSetup_nl-be.exe
2005-08-05 14:50 369,896 ----a-w C:\Program Files\WindowsXP-KB888240-x86-ENU.exe
2005-07-08 17:18 962,174 ----a-w C:\Program Files\powermax.exe
2001-08-28 15:46 23,436 ----a-w C:\Program Files\german.lng
2001-08-28 15:43 6,993 ----a-w C:\Program Files\german.msg
2001-08-20 18:52 6,427 ----a-w C:\Program Files\dutch.msg
2001-08-13 14:51 1,396,337 ----a-w C:\Program Files\Captura.exe
2001-07-11 16:50 21,889 ----a-w C:\Program Files\spanish.lng
2000-07-31 17:51 233 ----a-w C:\Program Files\readme.txt
1997-04-29 07:06 55,808 ----a-w C:\Program Files\vce.flt
1997-04-29 07:06 21,504 ----a-w C:\Program Files\dwd96.flt
1997-04-29 07:06 151,217 ----a-w C:\Program Files\cool.au
1996-12-12 08:06 75,776 ----a-w C:\Program Files\FILTER.XFM
1996-12-12 08:06 69,120 ----a-w C:\Program Files\STRETCH.XFM
1996-12-12 08:06 66,560 ----a-w C:\Program Files\TONES.XFM
1996-12-12 08:06 64,512 ----a-w C:\Program Files\NONOISE.XFM
1996-12-12 08:06 6,207 ----a-w C:\Program Files\sndefx2.scp
1996-12-12 08:06 58,880 ----a-w C:\Program Files\AMPLIFY.XFM
1996-12-12 08:06 58,368 ----a-w C:\Program Files\RESAMPLE.XFM
1996-12-12 08:06 56,320 ----a-w C:\Program Files\ECHO.XFM
1996-12-12 08:06 55,808 ----a-w C:\Program Files\QFILT.XFM
1996-12-12 08:06 52,736 ----a-w C:\Program Files\REVERB.XFM
1996-12-12 08:06 49,152 ----a-w C:\Program Files\CHANMIX.XFM
1996-12-12 08:06 48,640 ----a-w C:\Program Files\FLANGE.XFM
1996-12-12 08:06 48,640 ----a-w C:\Program Files\COOLACM.FLT
1996-12-12 08:06 48,128 ----a-w C:\Program Files\WAVESYNC.XFM
1996-12-12 08:06 48,128 ----a-w C:\Program Files\CHAMBER.XFM
1996-12-12 08:06 47,104 ----a-w C:\Program Files\COMPRESS.XFM
1996-12-12 08:06 46,080 ----a-w C:\Program Files\VOX.FLT
1996-12-12 08:06 45,056 ----a-w C:\Program Files\stats.xfm
1996-12-12 08:06 45,056 ----a-w C:\Program Files\pika8000.flt
1996-12-12 08:06 44,544 ----a-w C:\Program Files\DTMF.XFM
1996-12-12 08:06 43,008 ----a-w C:\Program Files\NOISE.XFM
1996-12-12 08:06 43,008 ----a-w C:\Program Files\ENVELOPE.XFM
1996-12-12 08:06 43,008 ----a-w C:\Program Files\DELAY.XFM
1996-12-12 08:06 41,472 ----a-w C:\Program Files\NORMAL.XFM
1996-12-12 08:06 40,960 ----a-w C:\Program Files\WAVEPCM.FLT
1996-12-12 08:06 40,448 ----a-w C:\Program Files\DISTORT.XFM
1996-12-12 08:06 4,080 ----a-w C:\Program Files\fxns2.scp
1996-12-12 08:06 39,424 ----a-w C:\Program Files\COOLTEXT.FLT
1996-12-12 08:06 37,888 ----a-w C:\Program Files\VOC.FLT
1996-12-12 08:06 37,888 ----a-w C:\Program Files\DVI.FLT
1996-12-12 08:06 32,256 ----a-w C:\Program Files\AIF.FLT
1996-12-12 08:06 31,744 ----a-w C:\Program Files\ADPCM.FLT
1996-12-12 08:06 30,208 ----a-w C:\Program Files\WAVEAU.FLT
1996-12-12 08:06 30,208 ----a-w C:\Program Files\smp.flt
1996-12-12 08:06 28,672 ----a-w C:\Program Files\ra3.flt
1996-12-12 08:06 28,160 ----a-w C:\Program Files\AU.FLT
1996-12-12 08:06 27,648 ----a-w C:\Program Files\PCM.FLT
1996-12-12 08:06 26,112 ----a-w C:\Program Files\IFF.FLT
1996-12-12 08:06 19,456 ----a-w C:\Program Files\SAM.FLT
1996-12-12 08:06 17,234 ----a-w C:\Program Files\mindsnc2.scp
1996-12-12 08:06 1,919 ----a-w C:\Program Files\cfade.scp
2001-09-07 12:00 94,784 --sh--w C:\WINDOWS\twain.dll
2004-08-04 00:03 50,688 --sh--w C:\WINDOWS\twain_32.dll
2004-08-04 00:03 54,784 --sh--w C:\WINDOWS\system32\msvcirt.dll
2004-08-04 00:03 413,696 --sh--w C:\WINDOWS\system32\msvcp60.dll
2004-08-04 00:03 83,456 --sh--w C:\WINDOWS\system32\olepro32.dll
2004-08-04 00:03 12,288 --sh--w C:\WINDOWS\system32\regsvr32.exe
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))) )
.
.
REGEDIT4
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 01:03 15360]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe" [2007-06-17 11:55 68856]
"NBJ"="C:\Program Files\Ahead\Nero BackItUp\NBJ.exe" [2005-07-14 20:35 1961984]
"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [2007-12-29 13:05 486856]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"NvCplDaemon"="NvQTwk" []
"nwiz"="nwiz.exe" [2002-05-03 09:06 364544 C:\WINDOWS\system32\nwiz.exe]
"Microsoft Works Update Detection"="C:\Program Files\Microsoft Works\WkDetect.exe" [2000-08-29 16:56 28739]
"Microsoft Works Portfolio"="C:\Program Files\Microsoft Works\WksSb.exe" [2000-07-12 13:14 311350]
"Share-to-Web Namespace Daemon"="C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" [2001-07-03 09:11 57344]
"PinnacleDriverCheck"="C:\WINDOWS\system32\PSDrvCheck.exe" [2004-03-10 15:26 406016]
"LVRemote"="C:\WINDOWS\system32\remote.exe" [2004-07-15 02:13 40960]
"RecSche"="C:\Program Files\TV PVR\RecSche.exe" [2004-06-11 13:34 466944]
"FLMOFFICE4DMOUSE"="C:\Program Files\Browser MOUSE\mouse32a.exe" [2006-03-15 12:27 360448]
"FLMK08KB"="C:\Program Files\Muiltmedia keyboard Utility\1.3\KbdAp32A.exe" [2006-03-15 12:28 381440]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11 132496]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe" [2007-12-21 17:22 579072]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 18:20 866584]
"CHotkey"="mHotkey.exe" [2001-10-15 16:42 471040 C:\WINDOWS\mHotkey.exe]
"SPAMfighter Agent"="C:\Program Files\SPAMfighter\SFAgent.exe" [2008-01-02 17:03 308880]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-22 15:09 63712]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51 39792]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-02-14 18:22 185896]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-04 01:03 15360]
"Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2007-09-28 02:17 443968]
C:\Documents and Settings\Eigenaar\Menu Start\Programma's\Opstarten\
OneNote 2007 Schermopname en Snel starten.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 19:24:54 98632]
C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\
Herinneringen van Microsoft Works Agenda.lnk - C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe [2000-07-12 13:14:38 24633]
HPAiODevice(hp psc 700 series) - 1.lnk - C:\Program Files\Hewlett-Packard\AiO\hp psc 700 series\Bin\hpobrt07.exe [2002-04-24 01:28:32 487484]
Microsoft Works Calendar Reminders.lnk - C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe [2000-07-12 13:14:38 24633]
VersionTrackerPro.lnk - C:\WINDOWS\Installer\{C1EDC38F-2760-4A4E-9CED-95B53024134C}\New_Shortcut_S1699_A8EB5A2133B04A97A EEFDFB17E2E701D.exe [2008-02-13 21:02:29 53248]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBJ]
--------- 2005-07-14 20:35 1961984 C:\Program Files\Ahead\Nero BackItUp\NBJ.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2001-07-09 10:50 155648 C:\WINDOWS\system32\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCLEPCI]
--a------ 2003-09-23 10:04 32768 C:\PROGRA~1\PINNAC~1\PPE\PPE.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Picasa Media Detector]
--a------ 2007-09-28 02:17 443968 C:\Program Files\Picasa2\PicasaMediaDetector.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
--a------ 2007-06-17 11:55 68856 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe
R1 fwdrv;Firewall Driver;C:\WINDOWS\system32\drivers\fwdrv.sys [2007-04-26 10:21]
R1 khips;Kerio HIPS Driver;C:\WINDOWS\system32\drivers\khips.sys [2007-04-26 10:21]
R1 VIAPFD;VIAPFD;C:\WINDOWS\system32\Drivers\VIAPFD.S YS [2001-12-18 13:45]
R2 nvcap;nVidia WDM Video Capture (universal);C:\WINDOWS\system32\DRIVERS\nvcap.sys [2002-01-29 23:42]
R2 NVXBAR;nVidia WDM A/V Crossbar;C:\WINDOWS\system32\DRIVERS\NVxbar.sys [2002-01-29 23:42]
R2 Pctspk;PCTEL Speaker Phone;C:\WINDOWS\system32\pctspk.exe [2001-09-06 22:27]
R2 SPAMfighter Update Service;SPAMfighter Update Service;"C:\Program Files\SPAMfighter\sfus.exe" [2007-12-12 11:42]
R3 Ptserlp;PCTEL Serial Device Driver for PCI;C:\WINDOWS\system32\DRIVERS\ptserlp.sys [2001-08-17 22:28]
R3 wacommousefilter;Wacom Mouse Filter Driver;C:\WINDOWS\system32\DRIVERS\wacommousefilte r.sys [2007-02-16 10:12]
R3 wacomvhid;Wacom Virtual Hid Driver;C:\WINDOWS\system32\DRIVERS\wacomvhid.sys [2007-02-16 09:30]
R3 WacomVKHid;Virtual Keyboard Driver;C:\WINDOWS\system32\DRIVERS\WacomVKHid.sys [2007-02-15 15:11]
S1 ai2cnt;ai2cnt;C:\WINDOWS\system32\drivers\ai2cnt.s ys []
S2 Ca504bv;Icatch(VII) Video Camera Device;C:\WINDOWS\system32\Drivers\Ca504bv.sys [2002-10-21 10:37]
S2 SPF4;Sunbelt Personal Firewall 4;"C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe" [2007-04-26 10:21]
S2 WisTunerLoader;WIS EZ-USB FX2 FIRMWARE LOADER (WisTunerLoader.sys);C:\WINDOWS\system32\Drivers\W isTunerLoader.sys [2004-03-10 04:18]
S3 AvFlt;Antivirus Filter Driver;C:\WINDOWS\system32\drivers\av5flt.sys []
S3 nvcoafl51;nvcoafl51;C:\PROGRAM FILES\NORMAN\nvc\BIN\nvcoafl51.sys []
S3 nvcoaft51;nvcoaft51;C:\PROGRAM FILES\NORMAN\nvc\BIN\nvcoaft51.sys []
S3 nvcoarc51;nvcoarc51;C:\PROGRAM FILES\NORMAN\nvc\BIN\nvcoarc51.sys []
S3 Qpclepci;Qpclepci;C:\DOCUME~1\Eigenaar\LOCALS~1\Te mp\Qpclepci.sys []
S3 SNDP202;Dual Mode Camera (8008 VGA);C:\WINDOWS\system32\DRIVERS\sndp202.sys [2002-10-17 15:01]
S3 USBCamera;Icatch(VII) Still Camera Device;C:\WINDOWS\system32\Drivers\Bulk504B.sys [2002-07-25 10:19]
S3 WlanUIG;IEEE 802.11g USB Driver;C:\WINDOWS\system32\DRIVERS\WlanUIG.sys [2003-11-14 10:41]
.
Inhoud van de 'Gedeelde Taken' map
"2008-01-18 16:15:00 C:\WINDOWS\Tasks\Easy Onderhoud.job"
- C:\Program Files\TuneUp Utilities 2006\SystemOptimizer.exe
"2008-02-15 16:19:39 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
"2008-02-14 20:06:15 C:\WINDOWS\Tasks\Symantec NetDetect.job"
- C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE
.
************************************************** ************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-15 18:10:20
Windows 5.1.2600 Service Pack 2 NTFS
scannen van verborgen processen ...
scannen van verborgen autostart items ...
scannen van verborgen bestanden ...
Scan succesvol afgerond
verborgen bestanden: 0
************************************************** ************************
.
Voltooingstijd: 2008-02-15 18:13:25
ComboFix-quarantined-files.txt 2008-02-15 17:13:17
.
2008-02-15 12:36:39 --- E O F ---
2) Nieuwe Hijackthis:
================
Logfile of HijackThis v1.99.1
Scan saved at 18:22:53, on 15/02/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\pctspk.exe
C:\Program Files\SPAMfighter\sfus.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Tablet.exe
C:\Program Files\RealVNC\VNC4\WinVNC4.exe
C:\WINDOWS\system32\WTablet\TabUserW.exe
C:\WINDOWS\system32\Tablet.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\TV PVR\RecSche.exe
C:\PROGRA~1\HEWLET~1\HPSHAR~1\hpgs2wnf.exe
C:\Program Files\Browser MOUSE\mouse32a.exe
C:\Program Files\Muiltmedia keyboard Utility\1.3\KbdAp32A.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\mHotkey.exe
C:\Program Files\SPAMfighter\SFAgent.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\remote.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\Hewlett-Packard\AiO\hp psc 700 series\Bin\hpobrt07.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\TechTracker\VersionTracker Pro\VersionTrackerPro.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\PROGRA~1\HEWLET~1\AiO\Shared\Bin\hpoevm07.exe
C:\Program Files\Hewlett-Packard\AiO\Shared\bin\hpOSTS07.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\hpoipm07.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\remote.exe
C:\Documents and Settings\Eigenaar\Mijn documenten\hijackthis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://breedband.telenet.be
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar5.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\sw g.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar5.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [LVRemote] C:\WINDOWS\system32\remote.exe
O4 - HKLM\..\Run: [RecSche] "C:\Program Files\TV PVR\RecSche.exe"
O4 - HKLM\..\Run: [FLMOFFICE4DMOUSE] C:\Program Files\Browser MOUSE\mouse32a.exe
O4 - HKLM\..\Run: [FLMK08KB] C:\Program Files\Muiltmedia keyboard Utility\1.3\KbdAp32A.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [CHotkey] mHotkey.exe
O4 - HKLM\..\Run: [SPAMfighter Agent] "C:\Program Files\SPAMfighter\SFAgent.exe" update delay 60
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe"
O4 - Startup: OneNote 2007 Schermopname en Snel starten.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Herinneringen van Microsoft Works Agenda.lnk = ?
O4 - Global Startup: HPAiODevice(hp psc 700 series) - 1.lnk = C:\Program Files\Hewlett-Packard\AiO\hp psc 700 series\Bin\hpobrt07.exe
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O4 - Global Startup: VersionTrackerPro.lnk = ?
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=http://www.telenet.be
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1100886920999
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1126378158187
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DL L
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe
O23 - Service: SPAMfighter Update Service - SPAMfighter ApS - C:\Program Files\SPAMfighter\sfus.exe
O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe
O23 - Service: VNC Server Version 4 (WinVNC4) - Unknown owner - C:\Program Files\RealVNC\VNC4\WinVNC4.exe" -service (file missing)
Ben benieuwd voor het resultaat en hartelijk bedankt voor je hulp.
DJ Inpossible 17 February 2008, 15:53 Open Kladblok, kopiëer en plak het volgende (vetgedrukte tekst) in een leeg venster:
Folder::
C:\Program Files\AdVantage
File::
C:\Documents and Settings\Eigenaar\Application Data\errorsafedutchnewreleaseinstall[1].exe
Sla dit op op je Bureaublad als CFScript.txt
Sleep CFScript.txt in ComboFix.exe zoals getoond in onderstaand voorbeeld :
http://users.pandora.be/bluepatchy/miekiemoes/images/CFScript.gif
Dit zal ComboFix doen herstarten.
Start opnieuw op als daarom gevraagd wordt,
en post de inhoud van de Combofix.txt in je volgende antwoord samen met een nieuw HijackThislogje.
Nog problemen?
Phil O'Sophe 18 February 2008, 19:13 DJ, alvorens je voorgeschreven handelingen nog eens uit te voeren, deze
mededeling: sinds een paar dagen start de pc soms niet op, tenzij ik eerst
nog eens reset; had deze morgen, voor het lezen van je laatste post, een
heraanpassing gedaan naar het herstelpunt van 1 febr. 2008.
Daarna gedaan wat je vroeg, maar ... op het ogenblik van verzending: "kan
de webpagina niet bereiken"; pech dus.
Daarom straks een nieuwe poging.
Phil O'Sophe 18 February 2008, 19:50 NB. Er bevindt zich nog een bestand "Symantec update live" op de pc.
ComboFix 08-02-18.1 - Eigenaar 2008-02-18 18:20:18.3 - NTFSx86
Gestart vanuit: C:\Documents and Settings\Eigenaar\Bureaublad\ComboFix.exe
Command switches used :: C:\Documents and Settings\Eigenaar\Bureaublad\CFScript.txt
* Nieuw herstelpunt werd aangemaakt
WAARSCHUWING - DE RECOVERY CONSOLE IS NIET OP DIT SYSTEEM GEINSTALLEERD !!
FILE ::
C:\Documents and Settings\Eigenaar\Application Data\errorsafedutchnewreleaseinstall[1].exe
.
(((((((((((((((((((( Bestanden Gemaakt van 2008-01-18 to 2008-02-18 ))))))))))))))))))))))))))))))
.
2008-02-18 14:54 . 2008-02-18 14:55 1,374 --a------ C:\WINDOWS\imsins.BAK
2008-02-18 13:26 . 2008-02-18 13:28 <DIR> d-------- C:\WINDOWS\$regcmp$
2008-02-18 12:55 . 2008-02-18 12:55 <DIR> d-------- C:\Program Files\Registry Clean Expert
2008-02-18 12:55 . 2008-02-18 18:17 <DIR> dr-h----- C:\Documents and Settings\Eigenaar\Onlangs geopend
2008-02-17 18:27 . 2008-02-17 18:27 <DIR> d-------- C:\WTablet
2008-02-14 18:22 . 2008-02-14 18:22 <DIR> d-------- C:\Program Files\Real
2008-02-14 18:22 . 2008-02-18 12:53 <DIR> d-------- C:\Program Files\Common Files\Real
2008-02-13 11:11 . 2008-02-14 13:06 390 --a------ C:\WINDOWS\system32\drivers\fwdrv.err
2008-02-11 21:15 . 2008-02-11 21:15 <DIR> d-------- C:\Program Files\Sunbelt Software
2008-02-10 13:55 . 2008-02-10 13:55 <DIR> d-------- C:\Program Files\Trend Micro
2008-01-26 18:38 . 2008-01-26 18:38 <DIR> d-------- C:\Program Files\1st AutoRun Express
2008-01-23 21:30 . 2008-02-18 18:01 <DIR> d-------- C:\Documents and Settings\Eigenaar\Application Data\WTablet
2008-01-23 21:30 . 2007-03-30 16:51 2,659,888 --------- C:\WINDOWS\system32\PenTablet.cpl
2008-01-23 21:30 . 2007-03-30 16:45 1,378,779 --------- C:\WINDOWS\system32\PenTablet.znc
2008-01-23 21:30 . 2004-08-04 01:03 21,504 --a------ C:\WINDOWS\system32\hidserv.dll
2008-01-23 21:30 . 2004-08-04 01:03 21,504 --a--c--- C:\WINDOWS\system32\dllcache\hidserv.dll
2008-01-23 21:30 . 2004-08-04 00:57 14,848 --a------ C:\WINDOWS\system32\drivers\kbdhid.sys
2008-01-23 21:30 . 2004-08-04 00:57 14,848 --a--c--- C:\WINDOWS\system32\dllcache\kbdhid.sys
2008-01-23 21:30 . 2007-02-15 15:11 11,440 --a------ C:\WINDOWS\system32\drivers\WacomVKHid.sys
2008-01-23 21:29 . 2008-01-23 21:29 <DIR> d-------- C:\WINDOWS\system32\WTablet
2008-01-23 21:29 . 2008-01-23 21:30 <DIR> d-------- C:\Program Files\Tablet
2008-01-23 21:29 . 2007-03-30 17:06 1,189,424 --------- C:\WINDOWS\system32\Tablet.exe
2008-01-23 21:29 . 2007-03-30 16:38 124,464 --------- C:\WINDOWS\system32\Wintab32.dll
2008-01-23 21:29 . 2007-02-16 09:30 12,848 --a------ C:\WINDOWS\system32\drivers\wacomvhid.sys
2008-01-23 21:29 . 2001-09-06 19:04 12,288 --a------ C:\WINDOWS\system32\drivers\mouhid.sys
2008-01-23 21:29 . 2001-09-06 19:04 12,288 --a--c--- C:\WINDOWS\system32\dllcache\mouhid.sys
2008-01-23 21:29 . 2007-02-16 10:12 11,312 --a------ C:\WINDOWS\system32\drivers\wacommousefilter.sys
2008-01-23 21:29 . 2001-08-17 22:02 9,600 --a------ C:\WINDOWS\system32\drivers\hidusb.sys
2008-01-23 21:29 . 2001-08-17 22:02 9,600 --a--c--- C:\WINDOWS\system32\dllcache\hidusb.sys
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2008-02-18 17:04 --------- d-----w C:\Program Files\SPAMfighter
2008-02-18 11:52 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-02-18 11:52 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-02-07 10:34 --------- d-----w C:\Documents and Settings\Eigenaar\Application Data\AVG7
2008-01-29 20:37 --------- d-----w C:\Program Files\Common Files\Adobe
2008-01-23 20:36 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-23 20:36 --------- d-----w C:\Program Files\ArcSoft
2008-01-17 10:58 --------- d-----w C:\Program Files\Yahoo!
2008-01-02 12:18 --------- d-----w C:\Documents and Settings\Eigenaar\Application Data\ArcSoft
2008-01-01 17:12 --------- d-----w C:\Documents and Settings\Eigenaar\Application Data\DAEMON Tools
2008-01-01 17:00 --------- d-----w C:\Program Files\DAEMON Tools Lite
2008-01-01 16:46 715,248 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
2007-12-23 18:06 --------- d-----w C:\Program Files\Common Files\ArcSoft
2007-12-23 18:00 --------- d-----w C:\Program Files\USB video device
2007-12-18 16:16 --------- d-----w C:\Program Files\HijackTh
2007-12-18 16:07 765 ----a-w C:\Program Files\Snelkoppeling naar HijackThis.exe.lnk
2007-12-18 09:51 179,584 ----a-w C:\WINDOWS\system32\drivers\mrxdav.sys
2007-05-23 10:04 493,160 ----a-w C:\Program Files\incredimail_install.exe
2007-02-13 11:21 1,903 ----a-w C:\Program Files\uninstal.log
2006-08-11 11:31 1,468,464 ----a-w C:\Program Files\ccsetup132.exe
2006-06-13 19:33 5,118 ----a-w C:\Program Files\0x0413.ini
2006-01-16 19:24 1,291,040 ----a-w C:\Program Files\WindowsXP-KB823980-x86-ENU.exe
2006-01-12 17:42 4,480,144 ----a-w C:\Program Files\Alcohol120_trial_1_9_5_3105.exe
2006-01-12 16:29 239,983 ----a-w C:\Program Files\aspi32v4.60.zip
2005-12-30 15:24 1,281,160 ----a-w C:\Program Files\registryrepair_rrse03.exe
2005-12-14 19:43 573,424 ----a-w C:\Program Files\GoogleToolbarInstaller.exe
2005-11-20 18:11 3,200,856 ----a-w C:\Program Files\hitmanpro221.exe
2005-10-26 10:48 777 ----a-w C:\Program Files\trial_setup.ini
2005-10-26 10:48 5,126,656 ----a-w C:\Program Files\trial_setup.msi
2005-08-31 16:24 34,235,626 ----a-w C:\Program Files\Nero-6.6.0.16.exe
2005-08-13 19:10 6,479,824 ----a-w C:\Program Files\MsnSearchToolbarSetup_nl-be.exe
2005-08-05 14:50 369,896 ----a-w C:\Program Files\WindowsXP-KB888240-x86-ENU.exe
2005-07-08 17:18 962,174 ----a-w C:\Program Files\powermax.exe
2001-08-28 15:46 23,436 ----a-w C:\Program Files\german.lng
2001-08-28 15:43 6,993 ----a-w C:\Program Files\german.msg
2001-08-20 18:52 6,427 ----a-w C:\Program Files\dutch.msg
2001-08-13 14:51 1,396,337 ----a-w C:\Program Files\Captura.exe
2001-07-11 16:50 21,889 ----a-w C:\Program Files\spanish.lng
2000-07-31 17:51 233 ----a-w C:\Program Files\readme.txt
1997-04-29 07:06 55,808 ----a-w C:\Program Files\vce.flt
1997-04-29 07:06 21,504 ----a-w C:\Program Files\dwd96.flt
1997-04-29 07:06 151,217 ----a-w C:\Program Files\cool.au
2001-09-07 12:00 94,784 --sh--w C:\WINDOWS\twain.dll
2004-08-04 00:03 50,688 --sh--w C:\WINDOWS\twain_32.dll
2004-08-04 00:03 54,784 --sh--w C:\WINDOWS\system32\msvcirt.dll
2004-08-04 00:03 413,696 --sh--w C:\WINDOWS\system32\msvcp60.dll
2004-08-04 00:03 83,456 --sh--w C:\WINDOWS\system32\olepro32.dll
2004-08-04 00:03 12,288 --sh--w C:\WINDOWS\system32\regsvr32.exe
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))) )
.
.
REGEDIT4
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 01:03 15360]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe" [2007-06-17 11:55 68856]
"NBJ"="C:\Program Files\Ahead\Nero BackItUp\NBJ.exe" [2005-07-14 20:35 1961984]
"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [2007-12-29 13:05 486856]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2002-06-18 17:44 46592 C:\WINDOWS\SOUNDMAN.EXE]
"NvCplDaemon"="NvQTwk" []
"nwiz"="nwiz.exe" [2002-05-03 09:06 364544 C:\WINDOWS\system32\nwiz.exe]
"Microsoft Works Update Detection"="C:\Program Files\Microsoft Works\WkDetect.exe" [2000-08-29 16:56 28739]
"Microsoft Works Portfolio"="C:\Program Files\Microsoft Works\WksSb.exe" [2000-07-12 13:14 311350]
"Share-to-Web Namespace Daemon"="C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" [2001-07-03 09:11 57344]
"PinnacleDriverCheck"="C:\WINDOWS\system32\PSDrvCheck.exe" [2004-03-10 15:26 406016]
"LVRemote"="C:\WINDOWS\system32\remote.exe" [2004-07-15 02:13 40960]
"RecSche"="C:\Program Files\TV PVR\RecSche.exe" [2004-06-11 13:34 466944]
"FLMOFFICE4DMOUSE"="C:\Program Files\Browser MOUSE\mouse32a.exe" [2006-03-15 12:27 360448]
"FLMK08KB"="C:\Program Files\Muiltmedia keyboard Utility\1.3\KbdAp32A.exe" [2006-03-15 12:28 381440]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11 132496]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe" [2007-12-21 17:22 579072]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 18:20 866584]
"CHotkey"="mHotkey.exe" [2001-10-15 16:42 471040 C:\WINDOWS\mHotkey.exe]
"SPAMfighter Agent"="C:\Program Files\SPAMfighter\SFAgent.exe" [2008-01-02 17:03 308880]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-22 15:09 63712]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51 39792]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-04 01:03 15360]
"Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2007-09-28 02:17 443968]
C:\Documents and Settings\Eigenaar\Menu Start\Programma's\Opstarten\
OneNote 2007 Schermopname en Snel starten.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 19:24:54 98632]
C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\
Herinneringen van Microsoft Works Agenda.lnk - C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe [2000-07-12 13:14:38 24633]
HPAiODevice(hp psc 700 series) - 1.lnk - C:\Program Files\Hewlett-Packard\AiO\hp psc 700 series\Bin\hpobrt07.exe [2002-04-24 01:28:32 487484]
Microsoft Works Calendar Reminders.lnk - C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe [2000-07-12 13:14:38 24633]
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Adobe Reader Snelle start.lnk]
path=C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\Adobe Reader Snelle start.lnk
backup=C:\WINDOWS\pss\Adobe Reader Snelle start.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBJ]
--------- 2005-07-14 20:35 1961984 C:\Program Files\Ahead\Nero BackItUp\NBJ.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2001-07-09 10:50 155648 C:\WINDOWS\system32\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCLEPCI]
--a------ 2003-09-23 10:04 32768 C:\PROGRA~1\PINNAC~1\PPE\PPE.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Picasa Media Detector]
--a------ 2007-09-28 02:17 443968 C:\Program Files\Picasa2\PicasaMediaDetector.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
--a------ 2007-06-17 11:55 68856 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe
R2 nvcap;nVidia WDM Video Capture (universal);C:\WINDOWS\system32\DRIVERS\nvcap.sys [2002-01-29 23:42]
R2 NVXBAR;nVidia WDM A/V Crossbar;C:\WINDOWS\system32\DRIVERS\NVxbar.sys [2002-01-29 23:42]
R3 Ptserlp;PCTEL Serial Device Driver for PCI;C:\WINDOWS\system32\DRIVERS\ptserlp.sys [2001-08-17 22:28]
S1 ai2cnt;ai2cnt;C:\WINDOWS\system32\drivers\ai2cnt.s ys []
S2 Ca504bv;Icatch(VII) Video Camera Device;C:\WINDOWS\system32\Drivers\Ca504bv.sys [2002-10-21 10:37]
S3 AvFlt;Antivirus Filter Driver;C:\WINDOWS\system32\drivers\av5flt.sys []
S3 nvcoafl51;nvcoafl51;C:\PROGRAM FILES\NORMAN\nvc\BIN\nvcoafl51.sys []
S3 nvcoaft51;nvcoaft51;C:\PROGRAM FILES\NORMAN\nvc\BIN\nvcoaft51.sys []
S3 nvcoarc51;nvcoarc51;C:\PROGRAM FILES\NORMAN\nvc\BIN\nvcoarc51.sys []
S3 Qpclepci;Qpclepci;C:\DOCUME~1\Eigenaar\LOCALS~1\Te mp\Qpclepci.sys []
.
Inhoud van de 'Gedeelde Taken' map
"2008-01-18 16:15:00 C:\WINDOWS\Tasks\Easy Onderhoud.job"
- C:\Program Files\TuneUp Utilities 2006\SystemOptimizer.exe
"2008-02-18 17:04:41 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
"2008-02-18 12:08:01 C:\WINDOWS\Tasks\Symantec NetDetect.job"
- C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE
.
************************************************** ************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-18 18:28:46
Windows 5.1.2600 Service Pack 2 NTFS
scannen van verborgen processen ...
scannen van verborgen autostart items ...
scannen van verborgen bestanden ...
Scan succesvol afgerond
verborgen bestanden: 0
************************************************** ************************
.
Voltooingstijd: 2008-02-18 18:34:02
ComboFix-quarantined-files.txt 2008-02-18 17:33:50
ComboFix2.txt 2008-02-18 13:20:05
ComboFix3.txt 2008-02-18 13:06:39
ComboFix4.txt 2008-02-15 17:13:27
.
2008-02-18 13:58:28 --- E O F ---
Logfile of HijackThis v1.99.1
Scan saved at 18:47:41, on 18/02/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\pctspk.exe
C:\Program Files\SPAMfighter\sfus.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Tablet.exe
C:\Program Files\RealVNC\VNC4\WinVNC4.exe
C:\WINDOWS\system32\WTablet\TabUserW.exe
C:\WINDOWS\system32\Tablet.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\TV PVR\RecSche.exe
C:\Program Files\Browser MOUSE\mouse32a.exe
C:\Program Files\Muiltmedia keyboard Utility\1.3\KbdAp32A.exe
C:\PROGRA~1\HEWLET~1\HPSHAR~1\hpgs2wnf.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\mHotkey.exe
C:\Program Files\SPAMfighter\SFAgent.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\Hewlett-Packard\AiO\hp psc 700 series\Bin\hpobrt07.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\PROGRA~1\HEWLET~1\AiO\Shared\Bin\hpoevm07.exe
C:\Program Files\Hewlett-Packard\AiO\Shared\bin\hpOSTS07.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Eigenaar\Mijn documenten\hijackthis\HijackThis.exe
C:\WINDOWS\system32\remote.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://breedband.telenet.be
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://breedband.telenet.be
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar5.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\sw g.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar5.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [LVRemote] C:\WINDOWS\system32\remote.exe
O4 - HKLM\..\Run: [RecSche] "C:\Program Files\TV PVR\RecSche.exe"
O4 - HKLM\..\Run: [FLMOFFICE4DMOUSE] C:\Program Files\Browser MOUSE\mouse32a.exe
O4 - HKLM\..\Run: [FLMK08KB] C:\Program Files\Muiltmedia keyboard Utility\1.3\KbdAp32A.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [CHotkey] mHotkey.exe
O4 - HKLM\..\Run: [SPAMfighter Agent] "C:\Program Files\SPAMfighter\SFAgent.exe" update delay 60
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe"
O4 - Startup: OneNote 2007 Schermopname en Snel starten.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Herinneringen van Microsoft Works Agenda.lnk = ?
O4 - Global Startup: HPAiODevice(hp psc 700 series) - 1.lnk = C:\Program Files\Hewlett-Packard\AiO\hp psc 700 series\Bin\hpobrt07.exe
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=http://www.telenet.be
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1100886920999
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1126378158187
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DL L
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe
O23 - Service: SPAMfighter Update Service - SPAMfighter ApS - C:\Program Files\SPAMfighter\sfus.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe
O23 - Service: VNC Server Version 4 (WinVNC4) - Unknown owner - C:\Program Files\RealVNC\VNC4\WinVNC4.exe" -service (file missing)
DJ Inpossible 18 February 2008, 20:24 Het is niet slim om systeemherstel te gaan doen, nu kunnen we weer opnieuw beginnen :(
Ik zie dat Symantec ook niet goed verwijderd is, download deze verwijder tool en laat hem zijn werk doen:
http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2005033108162039
Doe hetzelfde met deze verwijdertool van Norman:
http://download.norman.no/public/Delnvc5.exe
Daarnaast zie ik dat die remote.exe op je computer staat sinds 2004-07-15??
Start Hijackthis, kies voor 'Do a system scan only' en vink onderstaande regels aan:
O4 - HKLM\..\Run: [LVRemote] C:\WINDOWS\system32\remote.exe
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
Sluit nu alle openstaande vensters, behalve Hijackthis en klik op Fix Checked.
Herstart je PC en post een nieuw hijackthis logje ter controle.
Phil O'Sophe 18 February 2008, 22:43 Met Symantec (Norton) is dat gelukt.
Met Norman niet: bericht: "Cannot find a Norman Virus installed"
NB. Norman stond op de pc bij aankoop.
En wat met die remote.exe ???? Ken dat niet.
Moet die verwijderd worden???
DJ Inpossible 18 February 2008, 22:56 Volg de rest van de instructies maar op en post een Hijackthis logje samen met een Combofix logje.
Phil O'Sophe 19 February 2008, 13:10 Hopelijk deze keer goed DJ;
ben op mijn leeftijd daar geen crack in; wist een paar weken geleden
zelfs nog niet dat deze manier van werken bestond;
Sorry.
Logfile of HijackThis v1.99.1
Scan saved at 11:46:19, on 19/02/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\pctspk.exe
C:\Program Files\SPAMfighter\sfus.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Tablet.exe
C:\Program Files\RealVNC\VNC4\WinVNC4.exe
C:\WINDOWS\system32\WTablet\TabUserW.exe
C:\WINDOWS\system32\Tablet.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\TV PVR\RecSche.exe
C:\PROGRA~1\HEWLET~1\HPSHAR~1\hpgs2wnf.exe
C:\Program Files\Browser MOUSE\mouse32a.exe
C:\Program Files\Muiltmedia keyboard Utility\1.3\KbdAp32A.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\mHotkey.exe
C:\Program Files\SPAMfighter\SFAgent.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\Hewlett-Packard\AiO\hp psc 700 series\Bin\hpobrt07.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\PROGRA~1\HEWLET~1\AiO\Shared\Bin\hpoevm07.exe
C:\Program Files\Hewlett-Packard\AiO\Shared\bin\hpOSTS07.exe
C:\Documents and Settings\Eigenaar\Mijn documenten\hijackthis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://breedband.telenet.be
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://breedband.telenet.be
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar5.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\sw g.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar5.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [RecSche] "C:\Program Files\TV PVR\RecSche.exe"
O4 - HKLM\..\Run: [FLMOFFICE4DMOUSE] C:\Program Files\Browser MOUSE\mouse32a.exe
O4 - HKLM\..\Run: [FLMK08KB] C:\Program Files\Muiltmedia keyboard Utility\1.3\KbdAp32A.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [CHotkey] mHotkey.exe
O4 - HKLM\..\Run: [SPAMfighter Agent] "C:\Program Files\SPAMfighter\SFAgent.exe" update delay 60
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe"
O4 - Startup: OneNote 2007 Schermopname en Snel starten.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Herinneringen van Microsoft Works Agenda.lnk = ?
O4 - Global Startup: HPAiODevice(hp psc 700 series) - 1.lnk = C:\Program Files\Hewlett-Packard\AiO\hp psc 700 series\Bin\hpobrt07.exe
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=http://www.telenet.be
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1100886920999
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1126378158187
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DL L
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe
O23 - Service: SPAMfighter Update Service - SPAMfighter ApS - C:\Program Files\SPAMfighter\sfus.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe
O23 - Service: VNC Server Version 4 (WinVNC4) - Unknown owner - C:\Program Files\RealVNC\VNC4\WinVNC4.exe" -service (file missing)
ComboFix 08-02-18.1 - Eigenaar 2008-02-19 11:49:00.4 - NTFSx86
Gestart vanuit: C:\Documents and Settings\Eigenaar\Bureaublad\ComboFix.exe
WAARSCHUWING - DE RECOVERY CONSOLE IS NIET OP DIT SYSTEEM GEINSTALLEERD !!
.
(((((((((((((((((((( Bestanden Gemaakt van 2008-01-19 to 2008-02-19 ))))))))))))))))))))))))))))))
.
2008-02-18 14:54 . 2008-02-18 14:55 1,374 --a------ C:\WINDOWS\imsins.BAK
2008-02-18 13:26 . 2008-02-18 13:28 <DIR> d-------- C:\WINDOWS\$regcmp$
2008-02-18 12:55 . 2008-02-18 12:55 <DIR> d-------- C:\Program Files\Registry Clean Expert
2008-02-18 12:55 . 2008-02-19 11:46 <DIR> dr-h----- C:\Documents and Settings\Eigenaar\Onlangs geopend
2008-02-17 18:27 . 2008-02-17 18:27 <DIR> d-------- C:\WTablet
2008-02-14 18:22 . 2008-02-14 18:22 <DIR> d-------- C:\Program Files\Real
2008-02-14 18:22 . 2008-02-18 12:53 <DIR> d-------- C:\Program Files\Common Files\Real
2008-02-13 11:11 . 2008-02-14 13:06 390 --a------ C:\WINDOWS\system32\drivers\fwdrv.err
2008-02-11 21:15 . 2008-02-11 21:15 <DIR> d-------- C:\Program Files\Sunbelt Software
2008-02-10 13:55 . 2008-02-10 13:55 <DIR> d-------- C:\Program Files\Trend Micro
2008-01-26 18:38 . 2008-01-26 18:38 <DIR> d-------- C:\Program Files\1st AutoRun Express
2008-01-23 21:30 . 2008-02-19 10:59 <DIR> d-------- C:\Documents and Settings\Eigenaar\Application Data\WTablet
2008-01-23 21:30 . 2007-03-30 16:51 2,659,888 --------- C:\WINDOWS\system32\PenTablet.cpl
2008-01-23 21:30 . 2007-03-30 16:45 1,378,779 --------- C:\WINDOWS\system32\PenTablet.znc
2008-01-23 21:30 . 2004-08-04 01:03 21,504 --a------ C:\WINDOWS\system32\hidserv.dll
2008-01-23 21:30 . 2004-08-04 01:03 21,504 --a--c--- C:\WINDOWS\system32\dllcache\hidserv.dll
2008-01-23 21:30 . 2004-08-04 00:57 14,848 --a------ C:\WINDOWS\system32\drivers\kbdhid.sys
2008-01-23 21:30 . 2004-08-04 00:57 14,848 --a--c--- C:\WINDOWS\system32\dllcache\kbdhid.sys
2008-01-23 21:30 . 2007-02-15 15:11 11,440 --a------ C:\WINDOWS\system32\drivers\WacomVKHid.sys
2008-01-23 21:29 . 2008-01-23 21:29 <DIR> d-------- C:\WINDOWS\system32\WTablet
2008-01-23 21:29 . 2008-01-23 21:30 <DIR> d-------- C:\Program Files\Tablet
2008-01-23 21:29 . 2007-03-30 17:06 1,189,424 --------- C:\WINDOWS\system32\Tablet.exe
2008-01-23 21:29 . 2007-03-30 16:38 124,464 --------- C:\WINDOWS\system32\Wintab32.dll
2008-01-23 21:29 . 2007-02-16 09:30 12,848 --a------ C:\WINDOWS\system32\drivers\wacomvhid.sys
2008-01-23 21:29 . 2001-09-06 19:04 12,288 --a------ C:\WINDOWS\system32\drivers\mouhid.sys
2008-01-23 21:29 . 2001-09-06 19:04 12,288 --a--c--- C:\WINDOWS\system32\dllcache\mouhid.sys
2008-01-23 21:29 . 2007-02-16 10:12 11,312 --a------ C:\WINDOWS\system32\drivers\wacommousefilter.sys
2008-01-23 21:29 . 2001-08-17 22:02 9,600 --a------ C:\WINDOWS\system32\drivers\hidusb.sys
2008-01-23 21:29 . 2001-08-17 22:02 9,600 --a--c--- C:\WINDOWS\system32\dllcache\hidusb.sys
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2008-02-19 10:02 --------- d-----w C:\Program Files\SPAMfighter
2008-02-18 20:22 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-02-18 11:52 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-02-18 11:52 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-02-07 10:34 --------- d-----w C:\Documents and Settings\Eigenaar\Application Data\AVG7
2008-01-29 20:37 --------- d-----w C:\Program Files\Common Files\Adobe
2008-01-23 20:36 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-23 20:36 --------- d-----w C:\Program Files\ArcSoft
2008-01-17 10:58 --------- d-----w C:\Program Files\Yahoo!
2008-01-02 12:18 --------- d-----w C:\Documents and Settings\Eigenaar\Application Data\ArcSoft
2008-01-01 17:12 --------- d-----w C:\Documents and Settings\Eigenaar\Application Data\DAEMON Tools
2008-01-01 17:00 --------- d-----w C:\Program Files\DAEMON Tools Lite
2008-01-01 16:46 715,248 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
2007-12-23 18:06 --------- d-----w C:\Program Files\Common Files\ArcSoft
2007-12-23 18:00 --------- d-----w C:\Program Files\USB video device
2007-12-18 16:07 765 ----a-w C:\Program Files\Snelkoppeling naar HijackThis.exe.lnk
2007-05-23 10:04 493,160 ----a-w C:\Program Files\incredimail_install.exe
2007-02-13 11:21 1,903 ----a-w C:\Program Files\uninstal.log
2006-08-11 11:31 1,468,464 ----a-w C:\Program Files\ccsetup132.exe
2006-06-13 19:33 5,118 ----a-w C:\Program Files\0x0413.ini
2006-01-16 19:24 1,291,040 ----a-w C:\Program Files\WindowsXP-KB823980-x86-ENU.exe
2006-01-12 17:42 4,480,144 ----a-w C:\Program Files\Alcohol120_trial_1_9_5_3105.exe
2006-01-12 16:29 239,983 ----a-w C:\Program Files\aspi32v4.60.zip
2005-12-30 15:24 1,281,160 ----a-w C:\Program Files\registryrepair_rrse03.exe
2005-12-14 19:43 573,424 ----a-w C:\Program Files\GoogleToolbarInstaller.exe
2005-11-20 18:11 3,200,856 ----a-w C:\Program Files\hitmanpro221.exe
2005-10-26 10:48 777 ----a-w C:\Program Files\trial_setup.ini
2005-10-26 10:48 5,126,656 ----a-w C:\Program Files\trial_setup.msi
2005-08-31 16:24 34,235,626 ----a-w C:\Program Files\Nero-6.6.0.16.exe
2005-08-13 19:10 6,479,824 ----a-w C:\Program Files\MsnSearchToolbarSetup_nl-be.exe
2005-08-05 14:50 369,896 ----a-w C:\Program Files\WindowsXP-KB888240-x86-ENU.exe
2005-07-08 17:18 962,174 ----a-w C:\Program Files\powermax.exe
2001-08-28 15:46 23,436 ----a-w C:\Program Files\german.lng
2001-08-28 15:43 6,993 ----a-w C:\Program Files\german.msg
2001-08-20 18:52 6,427 ----a-w C:\Program Files\dutch.msg
2001-08-13 14:51 1,396,337 ----a-w C:\Program Files\Captura.exe
2001-07-11 16:50 21,889 ----a-w C:\Program Files\spanish.lng
2000-07-31 17:51 233 ----a-w C:\Program Files\readme.txt
1997-04-29 07:06 55,808 ----a-w C:\Program Files\vce.flt
1997-04-29 07:06 21,504 ----a-w C:\Program Files\dwd96.flt
1997-04-29 07:06 151,217 ----a-w C:\Program Files\cool.au
2001-09-07 12:00 94,784 --sh--w C:\WINDOWS\twain.dll
2004-08-04 00:03 50,688 --sh--w C:\WINDOWS\twain_32.dll
2004-08-04 00:03 54,784 --sh--w C:\WINDOWS\system32\msvcirt.dll
2004-08-04 00:03 413,696 --sh--w C:\WINDOWS\system32\msvcp60.dll
2004-08-04 00:03 83,456 --sh--w C:\WINDOWS\system32\olepro32.dll
2004-08-04 00:03 12,288 --sh--w C:\WINDOWS\system32\regsvr32.exe
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))) )
.
.
REGEDIT4
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 01:03 15360]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe" [2007-06-17 11:55 68856]
"NBJ"="C:\Program Files\Ahead\Nero BackItUp\NBJ.exe" [2005-07-14 20:35 1961984]
"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [2007-12-29 13:05 486856]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2002-06-18 17:44 46592 C:\WINDOWS\SOUNDMAN.EXE]
"NvCplDaemon"="NvQTwk" []
"nwiz"="nwiz.exe" [2002-05-03 09:06 364544 C:\WINDOWS\system32\nwiz.exe]
"Microsoft Works Update Detection"="C:\Program Files\Microsoft Works\WkDetect.exe" [2000-08-29 16:56 28739]
"Microsoft Works Portfolio"="C:\Program Files\Microsoft Works\WksSb.exe" [2000-07-12 13:14 311350]
"Share-to-Web Namespace Daemon"="C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" [2001-07-03 09:11 57344]
"PinnacleDriverCheck"="C:\WINDOWS\system32\PSDrvCheck.exe" [2004-03-10 15:26 406016]
"RecSche"="C:\Program Files\TV PVR\RecSche.exe" [2004-06-11 13:34 466944]
"FLMOFFICE4DMOUSE"="C:\Program Files\Browser MOUSE\mouse32a.exe" [2006-03-15 12:27 360448]
"FLMK08KB"="C:\Program Files\Muiltmedia keyboard Utility\1.3\KbdAp32A.exe" [2006-03-15 12:28 381440]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11 132496]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe" [2007-12-21 17:22 579072]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 18:20 866584]
"CHotkey"="mHotkey.exe" [2001-10-15 16:42 471040 C:\WINDOWS\mHotkey.exe]
"SPAMfighter Agent"="C:\Program Files\SPAMfighter\SFAgent.exe" [2008-01-02 17:03 308880]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-22 15:09 63712]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51 39792]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-04 01:03 15360]
"Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2007-09-28 02:17 443968]
C:\Documents and Settings\Eigenaar\Menu Start\Programma's\Opstarten\
OneNote 2007 Schermopname en Snel starten.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 19:24:54 98632]
C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\
Herinneringen van Microsoft Works Agenda.lnk - C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe [2000-07-12 13:14:38 24633]
HPAiODevice(hp psc 700 series) - 1.lnk - C:\Program Files\Hewlett-Packard\AiO\hp psc 700 series\Bin\hpobrt07.exe [2002-04-24 01:28:32 487484]
Microsoft Works Calendar Reminders.lnk - C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe [2000-07-12 13:14:38 24633]
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Adobe Reader Snelle start.lnk]
path=C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\Adobe Reader Snelle start.lnk
backup=C:\WINDOWS\pss\Adobe Reader Snelle start.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBJ]
--------- 2005-07-14 20:35 1961984 C:\Program Files\Ahead\Nero BackItUp\NBJ.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2001-07-09 10:50 155648 C:\WINDOWS\system32\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCLEPCI]
--a------ 2003-09-23 10:04 32768 C:\PROGRA~1\PINNAC~1\PPE\PPE.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Picasa Media Detector]
--a------ 2007-09-28 02:17 443968 C:\Program Files\Picasa2\PicasaMediaDetector.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
--a------ 2007-06-17 11:55 68856 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe
R1 VIAPFD;VIAPFD;C:\WINDOWS\system32\Drivers\VIAPFD.S YS [2001-12-18 13:45]
R2 nvcap;nVidia WDM Video Capture (universal);C:\WINDOWS\system32\DRIVERS\nvcap.sys [2002-01-29 23:42]
R2 NVXBAR;nVidia WDM A/V Crossbar;C:\WINDOWS\system32\DRIVERS\NVxbar.sys [2002-01-29 23:42]
R3 Ptserlp;PCTEL Serial Device Driver for PCI;C:\WINDOWS\system32\DRIVERS\ptserlp.sys [2001-08-17 22:28]
R3 wacommousefilter;Wacom Mouse Filter Driver;C:\WINDOWS\system32\DRIVERS\wacommousefilte r.sys [2007-02-16 10:12]
R3 wacomvhid;Wacom Virtual Hid Driver;C:\WINDOWS\system32\DRIVERS\wacomvhid.sys [2007-02-16 09:30]
R3 WacomVKHid;Virtual Keyboard Driver;C:\WINDOWS\system32\DRIVERS\WacomVKHid.sys [2007-02-15 15:11]
S1 ai2cnt;ai2cnt;C:\WINDOWS\system32\drivers\ai2cnt.s ys []
S2 Ca504bv;Icatch(VII) Video Camera Device;C:\WINDOWS\system32\Drivers\Ca504bv.sys [2002-10-21 10:37]
S2 WisTunerLoader;WIS EZ-USB FX2 FIRMWARE LOADER (WisTunerLoader.sys);C:\WINDOWS\system32\Drivers\W isTunerLoader.sys [2004-03-10 04:18]
S3 AvFlt;Antivirus Filter Driver;C:\WINDOWS\system32\drivers\av5flt.sys []
S3 nvcoafl51;nvcoafl51;C:\PROGRAM FILES\NORMAN\nvc\BIN\nvcoafl51.sys []
S3 nvcoaft51;nvcoaft51;C:\PROGRAM FILES\NORMAN\nvc\BIN\nvcoaft51.sys []
S3 nvcoarc51;nvcoarc51;C:\PROGRAM FILES\NORMAN\nvc\BIN\nvcoarc51.sys []
S3 Qpclepci;Qpclepci;C:\DOCUME~1\Eigenaar\LOCALS~1\Te mp\Qpclepci.sys []
S3 SNDP202;Dual Mode Camera (8008 VGA);C:\WINDOWS\system32\DRIVERS\sndp202.sys [2002-10-17 15:01]
S3 USBCamera;Icatch(VII) Still Camera Device;C:\WINDOWS\system32\Drivers\Bulk504B.sys [2002-07-25 10:19]
S3 WlanUIG;IEEE 802.11g USB Driver;C:\WINDOWS\system32\DRIVERS\WlanUIG.sys [2003-11-14 10:41]
.
Inhoud van de 'Gedeelde Taken' map
"2008-01-18 16:15:00 C:\WINDOWS\Tasks\Easy Onderhoud.job"
- C:\Program Files\TuneUp Utilities 2006\SystemOptimizer.exe
"2008-02-19 10:02:40 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
.
************************************************** ************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-19 11:57:25
Windows 5.1.2600 Service Pack 2 NTFS
scannen van verborgen processen ...
scannen van verborgen autostart items ...
scannen van verborgen bestanden ...
Scan succesvol afgerond
verborgen bestanden: 0
************************************************** ************************
.
Voltooingstijd: 2008-02-19 12:03:35
ComboFix-quarantined-files.txt 2008-02-19 11:03:10
ComboFix2.txt 2008-02-18 17:34:03
ComboFix3.txt 2008-02-18 13:20:05
ComboFix4.txt 2008-02-18 13:06:39
ComboFix5.txt 2008-02-15 17:13:27
.
2008-02-19 10:07:55 --- E O F ---
DJ Inpossible 19 February 2008, 22:55 Open Kladblok, kopiëer en plak het volgende (vetgedrukte tekst) in een leeg venster:
Driver::
nvcoarc51
Antivirus Filter Driver
Folder::
C:\PROGRAM FILES\NORMAN
Sla dit op op je Bureaublad als CFScript.txt
Sleep CFScript.txt in ComboFix.exe zoals getoond in onderstaand voorbeeld :
http://users.pandora.be/bluepatchy/miekiemoes/images/CFScript.gif
Dit zal ComboFix doen herstarten.
Start opnieuw op als daarom gevraagd wordt,
en post de inhoud van de Combofix.txt in je volgende antwoord
Nog problemen?
Phil O'Sophe 21 February 2008, 22:26 Hoi DJ, hier een nieuwe poging:
ComboFix 08-02-18.1 - Eigenaar 2008-02-21 20:56:01.5 - NTFSx86
Gestart vanuit: C:\Documents and Settings\Eigenaar\Bureaublad\ComboFix.exe
Command switches used :: C:\Documents and Settings\Eigenaar\Bureaublad\CFscript.txt
* Nieuw herstelpunt werd aangemaakt
WAARSCHUWING - DE RECOVERY CONSOLE IS NIET OP DIT SYSTEEM GEINSTALLEERD !!
.
(((((((((((((((((((( Bestanden Gemaakt van 2008-01-21 to 2008-02-21 ))))))))))))))))))))))))))))))
.
2008-02-19 13:00 . 2008-02-19 13:00 <DIR> d-------- C:\Program Files\PresenterSoft MediaEasy
2008-02-19 13:00 . 2000-05-22 00:00 166,600 --a------ C:\WINDOWS\system32\MSMASK32.OCX
2008-02-18 14:54 . 2008-02-18 14:55 1,374 --a------ C:\WINDOWS\imsins.BAK
2008-02-18 13:26 . 2008-02-18 13:28 <DIR> d-------- C:\WINDOWS\$regcmp$
2008-02-18 12:55 . 2008-02-18 12:55 <DIR> d-------- C:\Program Files\Registry Clean Expert
2008-02-18 12:55 . 2008-02-21 20:53 <DIR> dr-h----- C:\Documents and Settings\Eigenaar\Onlangs geopend
2008-02-17 18:27 . 2008-02-17 18:27 <DIR> d-------- C:\WTablet
2008-02-14 18:22 . 2008-02-14 18:22 <DIR> d-------- C:\Program Files\Real
2008-02-14 18:22 . 2008-02-18 12:53 <DIR> d-------- C:\Program Files\Common Files\Real
2008-02-13 11:11 . 2008-02-14 13:06 390 --a------ C:\WINDOWS\system32\drivers\fwdrv.err
2008-02-11 21:15 . 2008-02-11 21:15 <DIR> d-------- C:\Program Files\Sunbelt Software
2008-02-10 13:55 . 2008-02-10 13:55 <DIR> d-------- C:\Program Files\Trend Micro
2008-01-26 18:38 . 2008-01-26 18:38 <DIR> d-------- C:\Program Files\1st AutoRun Express
2008-01-23 21:30 . 2008-02-21 21:08 <DIR> d-------- C:\Documents and Settings\Eigenaar\Application Data\WTablet
2008-01-23 21:30 . 2007-03-30 16:51 2,659,888 --------- C:\WINDOWS\system32\PenTablet.cpl
2008-01-23 21:30 . 2007-03-30 16:45 1,378,779 --------- C:\WINDOWS\system32\PenTablet.znc
2008-01-23 21:30 . 2004-08-04 01:03 21,504 --a------ C:\WINDOWS\system32\hidserv.dll
2008-01-23 21:30 . 2004-08-04 01:03 21,504 --a--c--- C:\WINDOWS\system32\dllcache\hidserv.dll
2008-01-23 21:30 . 2004-08-04 00:57 14,848 --a------ C:\WINDOWS\system32\drivers\kbdhid.sys
2008-01-23 21:30 . 2004-08-04 00:57 14,848 --a--c--- C:\WINDOWS\system32\dllcache\kbdhid.sys
2008-01-23 21:30 . 2007-02-15 15:11 11,440 --a------ C:\WINDOWS\system32\drivers\WacomVKHid.sys
2008-01-23 21:29 . 2008-01-23 21:29 <DIR> d-------- C:\WINDOWS\system32\WTablet
2008-01-23 21:29 . 2008-01-23 21:30 <DIR> d-------- C:\Program Files\Tablet
2008-01-23 21:29 . 2007-03-30 17:06 1,189,424 --------- C:\WINDOWS\system32\Tablet.exe
2008-01-23 21:29 . 2007-03-30 16:38 124,464 --------- C:\WINDOWS\system32\Wintab32.dll
2008-01-23 21:29 . 2007-02-16 09:30 12,848 --a------ C:\WINDOWS\system32\drivers\wacomvhid.sys
2008-01-23 21:29 . 2001-09-06 19:04 12,288 --a------ C:\WINDOWS\system32\drivers\mouhid.sys
2008-01-23 21:29 . 2001-09-06 19:04 12,288 --a--c--- C:\WINDOWS\system32\dllcache\mouhid.sys
2008-01-23 21:29 . 2007-02-16 10:12 11,312 --a------ C:\WINDOWS\system32\drivers\wacommousefilter.sys
2008-01-23 21:29 . 2001-08-17 22:02 9,600 --a------ C:\WINDOWS\system32\drivers\hidusb.sys
2008-01-23 21:29 . 2001-08-17 22:02 9,600 --a--c--- C:\WINDOWS\system32\dllcache\hidusb.sys
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2008-02-21 20:12 --------- d-----w C:\Program Files\SPAMfighter
2008-02-18 20:22 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-02-18 11:52 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-02-18 11:52 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-02-07 10:34 --------- d-----w C:\Documents and Settings\Eigenaar\Application Data\AVG7
2008-01-29 20:37 --------- d-----w C:\Program Files\Common Files\Adobe
2008-01-23 20:36 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-23 20:36 --------- d-----w C:\Program Files\ArcSoft
2008-01-17 10:58 --------- d-----w C:\Program Files\Yahoo!
2008-01-02 12:18 --------- d-----w C:\Documents and Settings\Eigenaar\Application Data\ArcSoft
2008-01-01 17:12 --------- d-----w C:\Documents and Settings\Eigenaar\Application Data\DAEMON Tools
2008-01-01 17:00 --------- d-----w C:\Program Files\DAEMON Tools Lite
2008-01-01 16:46 715,248 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
2007-12-23 18:06 --------- d-----w C:\Program Files\Common Files\ArcSoft
2007-12-23 18:00 --------- d-----w C:\Program Files\USB video device
2007-12-18 16:07 765 ----a-w C:\Program Files\Snelkoppeling naar HijackThis.exe.lnk
2007-12-07 02:18 824,832 ----a-w C:\WINDOWS\system32\wininet.dll
2007-12-04 18:42 550,912 --sha-w C:\WINDOWS\system32\oleaut32.dll
2007-05-23 10:04 493,160 ----a-w C:\Program Files\incredimail_install.exe
2007-02-13 11:21 1,903 ----a-w C:\Program Files\uninstal.log
2006-08-11 11:31 1,468,464 ----a-w C:\Program Files\ccsetup132.exe
2006-06-13 19:33 5,118 ----a-w C:\Program Files\0x0413.ini
2006-01-16 19:24 1,291,040 ----a-w C:\Program Files\WindowsXP-KB823980-x86-ENU.exe
2006-01-12 17:42 4,480,144 ----a-w C:\Program Files\Alcohol120_trial_1_9_5_3105.exe
2006-01-12 16:29 239,983 ----a-w C:\Program Files\aspi32v4.60.zip
2005-12-30 15:24 1,281,160 ----a-w C:\Program Files\registryrepair_rrse03.exe
2005-12-14 19:43 573,424 ----a-w C:\Program Files\GoogleToolbarInstaller.exe
2005-11-20 18:11 3,200,856 ----a-w C:\Program Files\hitmanpro221.exe
2005-10-26 10:48 777 ----a-w C:\Program Files\trial_setup.ini
2005-10-26 10:48 5,126,656 ----a-w C:\Program Files\trial_setup.msi
2005-08-31 16:24 34,235,626 ----a-w C:\Program Files\Nero-6.6.0.16.exe
2005-08-13 19:10 6,479,824 ----a-w C:\Program Files\MsnSearchToolbarSetup_nl-be.exe
2005-08-05 14:50 369,896 ----a-w C:\Program Files\WindowsXP-KB888240-x86-ENU.exe
2005-07-08 17:18 962,174 ----a-w C:\Program Files\powermax.exe
2001-08-28 15:46 23,436 ----a-w C:\Program Files\german.lng
2001-08-28 15:43 6,993 ----a-w C:\Program Files\german.msg
2001-08-20 18:52 6,427 ----a-w C:\Program Files\dutch.msg
2001-08-13 14:51 1,396,337 ----a-w C:\Program Files\Captura.exe
2001-07-11 16:50 21,889 ----a-w C:\Program Files\spanish.lng
2000-07-31 17:51 233 ----a-w C:\Program Files\readme.txt
1997-04-29 07:06 55,808 ----a-w C:\Program Files\vce.flt
1997-04-29 07:06 21,504 ----a-w C:\Program Files\dwd96.flt
1997-04-29 07:06 151,217 ----a-w C:\Program Files\cool.au
2001-09-07 12:00 94,784 --sh--w C:\WINDOWS\twain.dll
2004-08-04 00:03 50,688 --sh--w C:\WINDOWS\twain_32.dll
2004-08-04 00:03 54,784 --sh--w C:\WINDOWS\system32\msvcirt.dll
2004-08-04 00:03 413,696 --sh--w C:\WINDOWS\system32\msvcp60.dll
2004-08-04 00:03 83,456 --sh--w C:\WINDOWS\system32\olepro32.dll
2004-08-04 00:03 12,288 --sh--w C:\WINDOWS\system32\regsvr32.exe
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))) )
.
.
REGEDIT4
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 01:03 15360]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe" [2007-06-17 11:55 68856]
"NBJ"="C:\Program Files\Ahead\Nero BackItUp\NBJ.exe" [2005-07-14 20:35 1961984]
"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [2007-12-29 13:05 486856]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2002-06-18 17:44 46592 C:\WINDOWS\SOUNDMAN.EXE]
"NvCplDaemon"="NvQTwk" []
"nwiz"="nwiz.exe" [2002-05-03 09:06 364544 C:\WINDOWS\system32\nwiz.exe]
"Microsoft Works Update Detection"="C:\Program Files\Microsoft Works\WkDetect.exe" [2000-08-29 16:56 28739]
"Microsoft Works Portfolio"="C:\Program Files\Microsoft Works\WksSb.exe" [2000-07-12 13:14 311350]
"Share-to-Web Namespace Daemon"="C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" [2001-07-03 09:11 57344]
"PinnacleDriverCheck"="C:\WINDOWS\system32\PSDrvCheck.exe" [2004-03-10 15:26 406016]
"RecSche"="C:\Program Files\TV PVR\RecSche.exe" [2004-06-11 13:34 466944]
"FLMOFFICE4DMOUSE"="C:\Program Files\Browser MOUSE\mouse32a.exe" [2006-03-15 12:27 360448]
"FLMK08KB"="C:\Program Files\Muiltmedia keyboard Utility\1.3\KbdAp32A.exe" [2006-03-15 12:28 381440]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11 132496]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe" [2007-12-21 17:22 579072]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 18:20 866584]
"CHotkey"="mHotkey.exe" [2001-10-15 16:42 471040 C:\WINDOWS\mHotkey.exe]
"SPAMfighter Agent"="C:\Program Files\SPAMfighter\SFAgent.exe" [2008-01-02 17:03 308880]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-22 15:09 63712]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51 39792]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-04 01:03 15360]
"Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2007-09-28 02:17 443968]
C:\Documents and Settings\Eigenaar\Menu Start\Programma's\Opstarten\
OneNote 2007 Schermopname en Snel starten.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 19:24:54 98632]
C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\
Herinneringen van Microsoft Works Agenda.lnk - C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe [2000-07-12 13:14:38 24633]
HPAiODevice(hp psc 700 series) - 1.lnk - C:\Program Files\Hewlett-Packard\AiO\hp psc 700 series\Bin\hpobrt07.exe [2002-04-24 01:28:32 487484]
Microsoft Works Calendar Reminders.lnk - C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe [2000-07-12 13:14:38 24633]
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Adobe Reader Snelle start.lnk]
path=C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\Adobe Reader Snelle start.lnk
backup=C:\WINDOWS\pss\Adobe Reader Snelle start.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBJ]
--------- 2005-07-14 20:35 1961984 C:\Program Files\Ahead\Nero BackItUp\NBJ.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2001-07-09 10:50 155648 C:\WINDOWS\system32\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCLEPCI]
--a------ 2003-09-23 10:04 32768 C:\PROGRA~1\PINNAC~1\PPE\PPE.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Picasa Media Detector]
--a------ 2007-09-28 02:17 443968 C:\Program Files\Picasa2\PicasaMediaDetector.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
--a------ 2007-06-17 11:55 68856 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe
R1 VIAPFD;VIAPFD;C:\WINDOWS\system32\Drivers\VIAPFD.S YS [2001-12-18 13:45]
R2 nvcap;nVidia WDM Video Capture (universal);C:\WINDOWS\system32\DRIVERS\nvcap.sys [2002-01-29 23:42]
R2 NVXBAR;nVidia WDM A/V Crossbar;C:\WINDOWS\system32\DRIVERS\NVxbar.sys [2002-01-29 23:42]
R3 Ptserlp;PCTEL Serial Device Driver for PCI;C:\WINDOWS\system32\DRIVERS\ptserlp.sys [2001-08-17 22:28]
R3 wacommousefilter;Wacom Mouse Filter Driver;C:\WINDOWS\system32\DRIVERS\wacommousefilte r.sys [2007-02-16 10:12]
R3 wacomvhid;Wacom Virtual Hid Driver;C:\WINDOWS\system32\DRIVERS\wacomvhid.sys [2007-02-16 09:30]
R3 WacomVKHid;Virtual Keyboard Driver;C:\WINDOWS\system32\DRIVERS\WacomVKHid.sys [2007-02-15 15:11]
S1 ai2cnt;ai2cnt;C:\WINDOWS\system32\drivers\ai2cnt.s ys []
S2 Ca504bv;Icatch(VII) Video Camera Device;C:\WINDOWS\system32\Drivers\Ca504bv.sys [2002-10-21 10:37]
S2 WisTunerLoader;WIS EZ-USB FX2 FIRMWARE LOADER (WisTunerLoader.sys);C:\WINDOWS\system32\Drivers\W isTunerLoader.sys [2004-03-10 04:18]
S3 AvFlt;Antivirus Filter Driver;C:\WINDOWS\system32\drivers\av5flt.sys []
S3 nvcoafl51;nvcoafl51;C:\PROGRAM FILES\NORMAN\nvc\BIN\nvcoafl51.sys []
S3 nvcoaft51;nvcoaft51;C:\PROGRAM FILES\NORMAN\nvc\BIN\nvcoaft51.sys []
S3 Qpclepci;Qpclepci;C:\DOCUME~1\Eigenaar\LOCALS~1\Te mp\Qpclepci.sys []
S3 SNDP202;Dual Mode Camera (8008 VGA);C:\WINDOWS\system32\DRIVERS\sndp202.sys [2002-10-17 15:01]
S3 USBCamera;Icatch(VII) Still Camera Device;C:\WINDOWS\system32\Drivers\Bulk504B.sys [2002-07-25 10:19]
S3 WlanUIG;IEEE 802.11g USB Driver;C:\WINDOWS\system32\DRIVERS\WlanUIG.sys [2003-11-14 10:41]
.
Inhoud van de 'Gedeelde Taken' map
"2008-01-18 16:15:00 C:\WINDOWS\Tasks\Easy Onderhoud.job"
- C:\Program Files\TuneUp Utilities 2006\SystemOptimizer.exe
"2008-02-21 20:11:19 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
.
************************************************** ************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-21 21:09:41
Windows 5.1.2600 Service Pack 2 NTFS
scannen van verborgen processen ...
scannen van verborgen autostart items ...
scannen van verborgen bestanden ...
Scan succesvol afgerond
verborgen bestanden: 0
************************************************** ************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Windows Defender\MsMpEng.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\pctspk.exe
C:\Program Files\SPAMfighter\sfus.exe
C:\WINDOWS\system32\Tablet.exe
C:\Program Files\RealVNC\VNC4\WinVNC4.exe
C:\WINDOWS\system32\WTablet\TabUserW.exe
C:\WINDOWS\system32\Tablet.exe
C:\PROGRA~1\HEWLET~1\HPSHAR~1\hpgs2wnf.exe
C:\WINDOWS\system32\msiexec.exe
C:\PROGRA~1\HEWLET~1\AiO\Shared\Bin\hpoevm07.exe
C:\Program Files\Hewlett-Packard\AiO\Shared\bin\hpOSTS07.exe
.
************************************************** ************************
.
Voltooingstijd: 2008-02-21 21:21:17 - machine was rebooted
ComboFix-quarantined-files.txt 2008-02-21 20:21:11
ComboFix2.txt 2008-02-19 11:03:36
ComboFix3.txt 2008-02-18 17:34:03
ComboFix4.txt 2008-02-18 13:20:05
ComboFix5.txt 2008-02-18 13:06:39
.
2008-02-20 08:44:58 --- E O F ---
Op hoop van zegen !
DJ Inpossible 22 February 2008, 23:02 Ga naar start --> uitvoeren en typ daar: Combofix /u
Download Combofix daarna opnieuw en herhaal de laatste stap nog eens.
Phil O'Sophe 23 February 2008, 14:30 Hallo DJ !
Gedaan wat je vroeg:
ComboFix 08-02-23.2 - Eigenaar 2008-02-23 13:13:34.6 - NTFSx86
Gestart vanuit: C:\Documents and Settings\Eigenaar\Bureaublad\ComboFix.exe
Command switches used :: C:\Documents and Settings\Eigenaar\Bureaublad\CFScript.txt
* Nieuw herstelpunt werd aangemaakt
WAARSCHUWING - DE RECOVERY CONSOLE IS NIET OP DIT SYSTEEM GEINSTALLEERD !!
.
(((((((((((((((((((( Bestanden Gemaakt van 2008-01-23 to 2008-02-23 ))))))))))))))))))))))))))))))
.
2008-02-22 17:05 . 2008-02-22 17:05 <DIR> d-------- C:\videooutput
2008-02-22 17:05 . 2008-02-22 17:05 <DIR> d-------- C:\Program Files\Free FLV to AVI Converter
2008-02-22 17:05 . 2007-03-07 00:45 3,086,336 --a------ C:\WINDOWS\system32\NCMedia.dll
2008-02-22 17:05 . 2007-03-07 00:45 3,086,336 --a------ C:\WINDOWS\system32\flvvideo.dll
2008-02-22 17:05 . 2006-11-01 14:52 765,952 --a------ C:\WINDOWS\system32\xvidcore.dll
2008-02-22 17:05 . 2007-02-25 15:36 383,238 --a------ C:\WINDOWS\system32\libmp3lame-0.dll
2008-02-19 13:00 . 2008-02-19 13:00 <DIR> d-------- C:\Program Files\PresenterSoft MediaEasy
2008-02-19 13:00 . 2000-05-22 00:00 166,600 --a------ C:\WINDOWS\system32\MSMASK32.OCX
2008-02-18 14:54 . 2008-02-18 14:55 1,374 --a------ C:\WINDOWS\imsins.BAK
2008-02-18 13:26 . 2008-02-18 13:28 <DIR> d-------- C:\WINDOWS\$regcmp$
2008-02-18 12:55 . 2008-02-18 12:55 <DIR> d-------- C:\Program Files\Registry Clean Expert
2008-02-18 12:55 . 2008-02-23 13:04 <DIR> dr-h----- C:\Documents and Settings\Eigenaar\Onlangs geopend
2008-02-17 18:27 . 2008-02-17 18:27 <DIR> d-------- C:\WTablet
2008-02-14 18:22 . 2008-02-14 18:22 <DIR> d-------- C:\Program Files\Real
2008-02-14 18:22 . 2008-02-18 12:53 <DIR> d-------- C:\Program Files\Common Files\Real
2008-02-13 11:11 . 2008-02-14 13:06 390 --a------ C:\WINDOWS\system32\drivers\fwdrv.err
2008-02-11 21:15 . 2008-02-11 21:15 <DIR> d-------- C:\Program Files\Sunbelt Software
2008-02-10 13:55 . 2008-02-10 13:55 <DIR> d-------- C:\Program Files\Trend Micro
2008-01-26 18:38 . 2008-01-26 18:38 <DIR> d-------- C:\Program Files\1st AutoRun Express
2008-01-23 21:30 . 2008-02-23 12:13 <DIR> d-------- C:\Documents and Settings\Eigenaar\Application Data\WTablet
2008-01-23 21:30 . 2007-03-30 16:51 2,659,888 --------- C:\WINDOWS\system32\PenTablet.cpl
2008-01-23 21:30 . 2007-03-30 16:45 1,378,779 --------- C:\WINDOWS\system32\PenTablet.znc
2008-01-23 21:30 . 2004-08-04 01:03 21,504 --a------ C:\WINDOWS\system32\hidserv.dll
2008-01-23 21:30 . 2004-08-04 01:03 21,504 --a--c--- C:\WINDOWS\system32\dllcache\hidserv.dll
2008-01-23 21:30 . 2004-08-04 00:57 14,848 --a------ C:\WINDOWS\system32\drivers\kbdhid.sys
2008-01-23 21:30 . 2004-08-04 00:57 14,848 --a--c--- C:\WINDOWS\system32\dllcache\kbdhid.sys
2008-01-23 21:30 . 2007-02-15 15:11 11,440 --a------ C:\WINDOWS\system32\drivers\WacomVKHid.sys
2008-01-23 21:29 . 2008-01-23 21:29 <DIR> d-------- C:\WINDOWS\system32\WTablet
2008-01-23 21:29 . 2008-01-23 21:30 <DIR> d-------- C:\Program Files\Tablet
2008-01-23 21:29 . 2007-03-30 17:06 1,189,424 --------- C:\WINDOWS\system32\Tablet.exe
2008-01-23 21:29 . 2007-03-30 16:38 124,464 --------- C:\WINDOWS\system32\Wintab32.dll
2008-01-23 21:29 . 2007-02-16 09:30 12,848 --a------ C:\WINDOWS\system32\drivers\wacomvhid.sys
2008-01-23 21:29 . 2001-09-06 19:04 12,288 --a------ C:\WINDOWS\system32\drivers\mouhid.sys
2008-01-23 21:29 . 2001-09-06 19:04 12,288 --a--c--- C:\WINDOWS\system32\dllcache\mouhid.sys
2008-01-23 21:29 . 2007-02-16 10:12 11,312 --a------ C:\WINDOWS\system32\drivers\wacommousefilter.sys
2008-01-23 21:29 . 2001-08-17 22:02 9,600 --a------ C:\WINDOWS\system32\drivers\hidusb.sys
2008-01-23 21:29 . 2001-08-17 22:02 9,600 --a--c--- C:\WINDOWS\system32\dllcache\hidusb.sys
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2008-02-23 11:15 --------- d-----w C:\Program Files\SPAMfighter
2008-02-18 20:22 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-02-18 11:52 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-02-18 11:52 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-02-07 10:34 --------- d-----w C:\Documents and Settings\Eigenaar\Application Data\AVG7
2008-01-29 20:37 --------- d-----w C:\Program Files\Common Files\Adobe
2008-01-23 20:36 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-23 20:36 --------- d-----w C:\Program Files\ArcSoft
2008-01-17 10:58 --------- d-----w C:\Program Files\Yahoo!
2008-01-02 12:18 --------- d-----w C:\Documents and Settings\Eigenaar\Application Data\ArcSoft
2008-01-01 17:12 --------- d-----w C:\Documents and Settings\Eigenaar\Application Data\DAEMON Tools
2008-01-01 17:00 --------- d-----w C:\Program Files\DAEMON Tools Lite
2008-01-01 16:46 715,248 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
2007-12-23 18:06 --------- d-----w C:\Program Files\Common Files\ArcSoft
2007-12-23 18:00 --------- d-----w C:\Program Files\USB video device
2007-12-18 16:07 765 ----a-w C:\Program Files\Snelkoppeling naar HijackThis.exe.lnk
2007-05-23 10:04 493,160 ----a-w C:\Program Files\incredimail_install.exe
2007-02-13 11:21 1,903 ----a-w C:\Program Files\uninstal.log
2006-08-11 11:31 1,468,464 ----a-w C:\Program Files\ccsetup132.exe
2006-06-13 19:33 5,118 ----a-w C:\Program Files\0x0413.ini
2006-01-16 19:24 1,291,040 ----a-w C:\Program Files\WindowsXP-KB823980-x86-ENU.exe
2006-01-12 17:42 4,480,144 ----a-w C:\Program Files\Alcohol120_trial_1_9_5_3105.exe
2006-01-12 16:29 239,983 ----a-w C:\Program Files\aspi32v4.60.zip
2005-12-30 15:24 1,281,160 ----a-w C:\Program Files\registryrepair_rrse03.exe
2005-12-14 19:43 573,424 ----a-w C:\Program Files\GoogleToolbarInstaller.exe
2005-11-20 18:11 3,200,856 ----a-w C:\Program Files\hitmanpro221.exe
2005-10-26 10:48 777 ----a-w C:\Program Files\trial_setup.ini
2005-10-26 10:48 5,126,656 ----a-w C:\Program Files\trial_setup.msi
2005-08-31 16:24 34,235,626 ----a-w C:\Program Files\Nero-6.6.0.16.exe
2005-08-13 19:10 6,479,824 ----a-w C:\Program Files\MsnSearchToolbarSetup_nl-be.exe
2005-08-05 14:50 369,896 ----a-w C:\Program Files\WindowsXP-KB888240-x86-ENU.exe
2005-07-08 17:18 962,174 ----a-w C:\Program Files\powermax.exe
2001-08-28 15:46 23,436 ----a-w C:\Program Files\german.lng
2001-08-28 15:43 6,993 ----a-w C:\Program Files\german.msg
2001-08-20 18:52 6,427 ----a-w C:\Program Files\dutch.msg
2001-08-13 14:51 1,396,337 ----a-w C:\Program Files\Captura.exe
2001-07-11 16:50 21,889 ----a-w C:\Program Files\spanish.lng
2000-07-31 17:51 233 ----a-w C:\Program Files\readme.txt
1997-04-29 07:06 55,808 ----a-w C:\Program Files\vce.flt
1997-04-29 07:06 21,504 ----a-w C:\Program Files\dwd96.flt
1997-04-29 07:06 151,217 ----a-w C:\Program Files\cool.au
2001-09-07 12:00 94,784 --sh--w C:\WINDOWS\twain.dll
2004-08-04 00:03 50,688 --sh--w C:\WINDOWS\twain_32.dll
2004-08-04 00:03 54,784 --sh--w C:\WINDOWS\system32\msvcirt.dll
2004-08-04 00:03 413,696 --sh--w C:\WINDOWS\system32\msvcp60.dll
2004-08-04 00:03 83,456 --sh--w C:\WINDOWS\system32\olepro32.dll
2004-08-04 00:03 12,288 --sh--w C:\WINDOWS\system32\regsvr32.exe
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))) )
.
.
REGEDIT4
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 01:03 15360]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe" [2007-06-17 11:55 68856]
"NBJ"="C:\Program Files\Ahead\Nero BackItUp\NBJ.exe" [2005-07-14 20:35 1961984]
"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [2007-12-29 13:05 486856]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2002-06-18 17:44 46592 C:\WINDOWS\SOUNDMAN.EXE]
"NvCplDaemon"="NvQTwk" []
"nwiz"="nwiz.exe" [2002-05-03 09:06 364544 C:\WINDOWS\system32\nwiz.exe]
"Microsoft Works Update Detection"="C:\Program Files\Microsoft Works\WkDetect.exe" [2000-08-29 16:56 28739]
"Microsoft Works Portfolio"="C:\Program Files\Microsoft Works\WksSb.exe" [2000-07-12 13:14 311350]
"Share-to-Web Namespace Daemon"="C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" [2001-07-03 09:11 57344]
"PinnacleDriverCheck"="C:\WINDOWS\system32\PSDrvCheck.exe" [2004-03-10 15:26 406016]
"RecSche"="C:\Program Files\TV PVR\RecSche.exe" [2004-06-11 13:34 466944]
"FLMOFFICE4DMOUSE"="C:\Program Files\Browser MOUSE\mouse32a.exe" [2006-03-15 12:27 360448]
"FLMK08KB"="C:\Program Files\Muiltmedia keyboard Utility\1.3\KbdAp32A.exe" [2006-03-15 12:28 381440]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11 132496]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe" [2007-12-21 17:22 579072]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 18:20 866584]
"CHotkey"="mHotkey.exe" [2001-10-15 16:42 471040 C:\WINDOWS\mHotkey.exe]
"SPAMfighter Agent"="C:\Program Files\SPAMfighter\SFAgent.exe" [2008-01-02 17:03 308880]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-22 15:09 63712]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51 39792]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-04 01:03 15360]
"Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2007-09-28 02:17 443968]
C:\Documents and Settings\Eigenaar\Menu Start\Programma's\Opstarten\
OneNote 2007 Schermopname en Snel starten.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 19:24:54 98632]
C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\
Herinneringen van Microsoft Works Agenda.lnk - C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe [2000-07-12 13:14:38 24633]
HPAiODevice(hp psc 700 series) - 1.lnk - C:\Program Files\Hewlett-Packard\AiO\hp psc 700 series\Bin\hpobrt07.exe [2002-04-24 01:28:32 487484]
Microsoft Works Calendar Reminders.lnk - C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe [2000-07-12 13:14:38 24633]
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Adobe Reader Snelle start.lnk]
path=C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\Adobe Reader Snelle start.lnk
backup=C:\WINDOWS\pss\Adobe Reader Snelle start.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBJ]
--------- 2005-07-14 20:35 1961984 C:\Program Files\Ahead\Nero BackItUp\NBJ.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2001-07-09 10:50 155648 C:\WINDOWS\system32\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCLEPCI]
--a------ 2003-09-23 10:04 32768 C:\PROGRA~1\PINNAC~1\PPE\PPE.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Picasa Media Detector]
--a------ 2007-09-28 02:17 443968 C:\Program Files\Picasa2\PicasaMediaDetector.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
--a------ 2007-06-17 11:55 68856 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"C:\\WINDOWS\\network diagnostic\\xpnetdiag.exe"=
R1 VIAPFD;VIAPFD;C:\WINDOWS\system32\Drivers\VIAPFD.S YS [2001-12-18 13:45]
R2 nvcap;nVidia WDM Video Capture (universal);C:\WINDOWS\system32\DRIVERS\nvcap.sys [2002-01-29 23:42]
R2 NVXBAR;nVidia WDM A/V Crossbar;C:\WINDOWS\system32\DRIVERS\NVxbar.sys [2002-01-29 23:42]
R3 Ptserlp;PCTEL Serial Device Driver for PCI;C:\WINDOWS\system32\DRIVERS\ptserlp.sys [2001-08-17 22:28]
R3 wacommousefilter;Wacom Mouse Filter Driver;C:\WINDOWS\system32\DRIVERS\wacommousefilte r.sys [2007-02-16 10:12]
R3 wacomvhid;Wacom Virtual Hid Driver;C:\WINDOWS\system32\DRIVERS\wacomvhid.sys [2007-02-16 09:30]
R3 WacomVKHid;Virtual Keyboard Driver;C:\WINDOWS\system32\DRIVERS\WacomVKHid.sys [2007-02-15 15:11]
S1 ai2cnt;ai2cnt;C:\WINDOWS\system32\drivers\ai2cnt.s ys []
S2 Ca504bv;Icatch(VII) Video Camera Device;C:\WINDOWS\system32\Drivers\Ca504bv.sys [2002-10-21 10:37]
S2 WisTunerLoader;WIS EZ-USB FX2 FIRMWARE LOADER (WisTunerLoader.sys);C:\WINDOWS\system32\Drivers\W isTunerLoader.sys [2004-03-10 04:18]
S3 AvFlt;Antivirus Filter Driver;C:\WINDOWS\system32\drivers\av5flt.sys []
S3 nvcoafl51;nvcoafl51;C:\PROGRAM FILES\NORMAN\nvc\BIN\nvcoafl51.sys []
S3 nvcoaft51;nvcoaft51;C:\PROGRAM FILES\NORMAN\nvc\BIN\nvcoaft51.sys []
S3 Qpclepci;Qpclepci;C:\DOCUME~1\Eigenaar\LOCALS~1\Te mp\Qpclepci.sys []
S3 SNDP202;Dual Mode Camera (8008 VGA);C:\WINDOWS\system32\DRIVERS\sndp202.sys [2002-10-17 15:01]
S3 USBCamera;Icatch(VII) Still Camera Device;C:\WINDOWS\system32\Drivers\Bulk504B.sys [2002-07-25 10:19]
S3 WlanUIG;IEEE 802.11g USB Driver;C:\WINDOWS\system32\DRIVERS\WlanUIG.sys [2003-11-14 10:41]
.
Inhoud van de 'Gedeelde Taken' map
"2008-02-22 16:15:00 C:\WINDOWS\Tasks\Easy Onderhoud.job"
- C:\Program Files\TuneUp Utilities 2006\SystemOptimizer.exe
"2008-02-23 11:16:12 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
.
************************************************** ************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-23 13:21:56
Windows 5.1.2600 Service Pack 2 NTFS
scannen van verborgen processen ...
scannen van verborgen autostart items ...
scannen van verborgen bestanden ...
Scan succesvol afgerond
verborgen bestanden: 0
************************************************** ************************
.
Voltooingstijd: 2008-02-23 13:27:15
ComboFix2.txt 2008-02-21 20:21:18
.
2008-02-22 16:02:16 --- E O F ---
Merk je nog verdachte dingen op?
DJ Inpossible 24 February 2008, 23:34 Logje ziet er goed uit, hoe werkt het verder?
Phil O'Sophe 25 February 2008, 20:13 Logje ziet er goed uit, hoe werkt het verder?
Heb momenteel geen klachten DJ.
Hartelijk bedankt voor alle moeite en hulp ! :bow:
DJ Inpossible 25 February 2008, 23:25 Graag gedaan :)
Deinstalleer Combofix:
Ga naar start --> uitvoeren en typ daar: combofix /u
Combofix wordt nu verwijderd en er wordt een nieuw herstelpunt aangemaakt.
Download ATF Cleaner (http://www.atribune.org/ccount/click.php?id=1) (by Atribune)
Dubbelklik op ATF cleaner om het programma te starten.
Op het tabblad "Main", plaats je een vinkje bij Select All.
Klik op de knop Empty Selected.
Het volgende doen als je ook FireFox als browser hebt:
Klik op tabblad "Firefox", plaats een vinkje bij Select All.
Wil je de door Firefox opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op "No".
(dit haalt het vinkje weer weg bij "Firefox saved passwords")
Klik op de knop Empty Selected.
Het volgende doen als je ook Opera als browser hebt:
Klik op tabblad "Opera", plaats een vinkje bij Select All.
Wil je de door Opera opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op "No".
Klik op de knop Empty Selected.
Ga naar het tabblad "Main" en klik op de knop Exit om het programma af te sluiten.
Lees om herhaling te voorkomen deze beveiligingstips nog eens door:
http://www.jawwi.nl/nederlands/tips/beveiligen/beveiligen.html
Pim :)
Phil O'Sophe 27 February 2008, 12:14 Gedaan wat je vroeg Pim.
Firefox en Opera heb ik niet; was dus niet nodig voor dit;
dank ook voor die link naar beveiligingstips!
Georges :bow:
DJ Inpossible 28 February 2008, 02:29 Graag gedaan :)
|
|