Volledige versie bekijken : Log nakijken aub
Riffnux 11 July 2008, 21:04 Hallo,
Ik heb een probleem met mijn pc
- de bureubladachtergrond is veranderd naar wit.
- de knop 'afmelden' bij start is ineens verdwenen
- andere snelkoppelingen bij start zoals 'mijn afbeeldingen' zijn ook verdwenen
- de pc heeft zelf het programma 'Antivirus XP 2008' geïnstalleerd. dit krijg ik
niet gedeïnstalleerd of afgesloten
- bij het opstarten krijg ik ook een foutmelding:
http://www.uploader.be/output/1215807258.jpg
Ik heb al gescant met:
Spybot- Search and destroy
AVG Free 8.0
Malwarebyte's Anti Malware
Ad-Aware
Nu heb ik uiteindelijk HijackThis geïnstalleerd. Hier is mijn logje:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:02:17, on 11/07/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\lphcc81j0ec7e.exe
C:\Program Files\rhc981j0ec7e\rhc981j0ec7e.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
D:\Program Files\Mozilla Firefox\FF.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wmid=6010&mid=MjI6Ojg5&lid=2
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = file://c:/windows/homepage.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = file://c:/windows/homepage.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = file://c:/windows/homepage.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = file://c:/windows/homepage.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {811CC431-48D5-41C0-A6A6-C87F5E554D75} - C:\WINDOWS\system32\byXNheCS.dll (file missing)
O2 - BHO: gooochi browser optimizer - {e8e49713-ba80-9a37-31d3-1339d0776f76} - C:\WINDOWS\system32\{ffad74bd-8b13-e8e9-8533-5142705d86b9}.dll (file missing)
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: sqvgnrpx - {83B3FEA7-601A-4BB0-8D74-A819069A4CFA} - C:\WINDOWS\sqvgnrpx.dll (file missing)
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [lphcc81j0ec7e] C:\WINDOWS\system32\lphcc81j0ec7e.exe
O4 - HKLM\..\Run: [SMrhc981j0ec7e] C:\Program Files\rhc981j0ec7e\rhc981j0ec7e.exe
O4 - HKLM\..\Run: [{64-40-07-77-DW}] C:\windows\system32\jpwnw64m.exe DWram
O4 - HKLM\..\RunOnce: [SpybotDeletingC6109] cmd /c del "C:\WINDOWS\sqvgnrpx.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingA2212] command /c del "C:\WINDOWS\fdxbameg.dll_old"
O4 - HKLM\..\RunOnce: [SpybotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" clear
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [Antispyware-2008.exe] C:\Program Files\Antispyware 2008\Antispyware-2008.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\RunOnce: [SpybotDeletingB418] command /c del "C:\WINDOWS\sqvgnrpx.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingD4971] cmd /c del "C:\WINDOWS\sqvgnrpx.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingB4368] command /c del "C:\WINDOWS\fdxbameg.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingD2811] cmd /c del "C:\WINDOWS\fdxbameg.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingB1309] command /c del "C:\WINDOWS\fsrpknov.dll_old"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: Deewoo.lnk = C:\WINDOWS\system32\ncntqkdm.exe
O4 - Startup: DW_Start.lnk = C:\WINDOWS\system32\jpwnw64m.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Afdrukken - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
O8 - Extra context menu item: Easy-WebPrint Afdrukvoorbeeld - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Toevoegen aan afdruklijst - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint Versneld afdrukken - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_03\bin\npjpi150_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_03\bin\npjpi150_03.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\ntdll64.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\ntdll64.dll
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1209671075453
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} (AcDcToday Control) - file://C:\Program Files\AutoCAD 2002\AcDcToday.ocx
O16 - DPF: {AE563720-B4F5-11D4-A415-00108302FDFD} (NOXLATE-BANR) - file://C:\Program Files\AutoCAD 2002\InstBanr.ocx
O16 - DPF: {C6637286-300D-11D4-AE0A-0010830243BD} (InstaFred) - file://C:\Program Files\AutoCAD 2002\InstFred.ocx
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,5286/mcfscan.cab
O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} (AcPreview Control) - file://C:\Program Files\AutoCAD 2002\AcPreview.ocx
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O20 - Winlogon Notify: ssqRKedb - ssqRKedb.dll (file missing)
O21 - SSODL: fdxbameg - {F3939E86-9627-46D8-A94C-6DCC523F578A} - C:\WINDOWS\fdxbameg.dll (file missing)
O21 - SSODL: fsrpknov - {781DFAF4-B641-496F-A3D5-525D6F930528} - C:\WINDOWS\fsrpknov.dll (file missing)
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O24 - Desktop Component 0: Privacy Protection - (no file)
O24 - Desktop Component 1: Mijn huidige introductiepagina - about:Home
--
End of file - 12245 bytes
Hopelijk kunnen jullie het oplossen.
Dank bij voorbaat.
Hoi
Schakel Spybot's TeaTimer even uit, omdat deze de fix in de weg kan zitten:
- Start Spybot
- Ga naar Mode > selecteer Advanced Mode
- Ga naar Tools en klik op het Resident-icoon in de lijst
- Haal het vinkje weg bij Resident TeaTimer en klik OK
- Herstart de computer
Download vervolgens ResetTeaTimer.bat (http://downloads.subratam.org/ResetTeaTimer.bat) naar je Bureaublad.
Dubbelklik op ResetTeaTimer.bat om alle entries in TeaTimer te verwijderen.
Als de computer schoon is, kun je TeaTimer weer aan zetten
Note: moest ResetTeaTimer.bat niet werken doe dan gewoon verder met de rest van de fix!!!
open HijackThis, klik op do a scan only en vink volgende regels aan:
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {811CC431-48D5-41C0-A6A6-C87F5E554D75} - C:\WINDOWS\system32\byXNheCS.dll (file missing)
O2 - BHO: gooochi browser optimizer - {e8e49713-ba80-9a37-31d3-1339d0776f76} - C:\WINDOWS\system32\{ffad74bd-8b13-e8e9-8533-5142705d86b9}.dll (file missing)
O3 - Toolbar: sqvgnrpx - {83B3FEA7-601A-4BB0-8D74-A819069A4CFA} - C:\WINDOWS\sqvgnrpx.dll (file missing)
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [lphcc81j0ec7e] C:\WINDOWS\system32\lphcc81j0ec7e.exe
O4 - HKLM\..\Run: [SMrhc981j0ec7e] C:\Program Files\rhc981j0ec7e\rhc981j0ec7e.exe
O4 - HKLM\..\RunOnce: [SpybotDeletingC6109] cmd /c del "C:\WINDOWS\sqvgnrpx.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingA2212] command /c del "C:\WINDOWS\fdxbameg.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingB418] command /c del "C:\WINDOWS\sqvgnrpx.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingD4971] cmd /c del "C:\WINDOWS\sqvgnrpx.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingB4368] command /c del "C:\WINDOWS\fdxbameg.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingD2811] cmd /c del "C:\WINDOWS\fdxbameg.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingB1309] command /c del "C:\WINDOWS\fsrpknov.dll_old"
O20 - Winlogon Notify: ssqRKedb - ssqRKedb.dll (file missing)
O21 - SSODL: fdxbameg - {F3939E86-9627-46D8-A94C-6DCC523F578A} - C:\WINDOWS\fdxbameg.dll (file missing)
O21 - SSODL: fsrpknov - {781DFAF4-B641-496F-A3D5-525D6F930528} - C:\WINDOWS\fsrpknov.dll (file missing)
O24 - Desktop Component 0: Privacy Protection - (no file)
O24 - Desktop Component 1: Mijn huidige introductiepagina - about:Home
Sluit alle open vensters, behalve HijackThis, en klik op Fix Checked. Sluit HijackThis.
Download MBAM (Malwarebytes' Anti-Malware) via hier (http://www.besttechie.net/tools/mbam-setup.exe) of hier (http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html).
Dubbelklik op mbam-setup.exe om het programma te installeren.
Zorg ervoor dat er een vinkje geplaatst is voor Update Malwarebytes' Anti-Malware en Start Malwarebytes' Anti-Malware, Klik daarna op "Voltooien".
Indien een update gevonden werd, zal die gedownload en geïnstalleerd worden.
Wanneer het programma volledig up to date is, selecteer dan in het tabblad Scanner : "Snelle Scan", daarna klik op Scan.
Het scannen kan een tijdje duren, dus wees geduldig.
Wanneer de scan voltooid is, klik op OK, daarna "Bekijk Resultaten" om de resultaten te zien.
Zorg ervoor dat daar alles aangevinkt is, daarna klik op: Verwijder geselecteerde.
Na het verwijderen zal een log openen en zal er gevraagd worden om de computer opnieuw op te starten. (Zie verder)
De log wordt automatisch bewaard door MBAM en kan je terugvinden door op de "Logs" tab te klikken in MBAM.
Kopieer en plak de inhoud van het logje in je volgend antwoord, samen met een nieuw HijackThis log.
Indien MBAM moeilijkheden heeft met het verwijderen van bepaalde bestanden zal het enkele meldingen geven waar je OK moet klikken.
Daarna zal het vragen om de Computer opnieuw op te starten... dus sta toe dat MBAM de computer opnieuw opstart.
Riffnux 12 July 2008, 14:21 Hallo,
Bedankt voor de reactie.
De volgende regels heb ik niet meer gevonden dus ook niet kunnen aanvinken:
O4 - HKLM\..\RunOnce: [SpybotDeletingC6109] cmd /c del "C:\WINDOWS\sqvgnrpx.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingA2212] command /c del "C:\WINDOWS\fdxbameg.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingB418] command /c del "C:\WINDOWS\sqvgnrpx.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingD4971] cmd /c del "C:\WINDOWS\sqvgnrpx.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingB4368] command /c del "C:\WINDOWS\fdxbameg.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingD2811] cmd /c del "C:\WINDOWS\fdxbameg.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingB1309] command /c del "C:\WINDOWS\fsrpknov.dll_old"
MBAM logje:
Malwarebytes' Anti-Malware 1.14
Database versie: 827
14:10:32 12/07/2008
mbam-log-7-12-2008 (14-10-32).txt
Scan type: Snelle Scan
Objecten gescand: 34861
Verstreken tijd: 3 minute(s), 9 second(s)
Geheugenprocessen geïnfecteerd: 0
Geheugenmodulen geïnfecteerd: 0
Registersleutels geïnfecteerd: 1
Registerwaarden geïnfecteerd: 0
Registerdata bestanden geïnfecteerd: 2
Mappen geïnfecteerd: 0
Bestanden geïnfecteerd: 16
Geheugenprocessen geïnfecteerd:
(Geen kwaadaardige items gevonden)
Geheugenmodulen geïnfecteerd:
(Geen kwaadaardige items gevonden)
Registersleutels geïnfecteerd:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Software Notifier (Rogue.Multiple) -> Quarantined and deleted successfully.
Registerwaarden geïnfecteerd:
(Geen kwaadaardige items gevonden)
Registerdata bestanden geïnfecteerd:
HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Policies\System\NoDispBackgroundPage (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Policies\System\NoDispScrSavPage (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
Mappen geïnfecteerd:
(Geen kwaadaardige items gevonden)
Bestanden geïnfecteerd:
C:\Documents and Settings\All Users\Bureaublad\Malware Protector 2008.lnk (Rogue.MalwareProtector2008) -> Quarantined and deleted successfully.
C:\Documents and Settings\Willi\Application Data\Microsoft\Internet Explorer\Quick Launch\Malware Protector 2008.lnk (Rogue.MalwareProtector2008) -> Quarantined and deleted successfully.
C:\Documents and Settings\Willi\Local Settings\Temp\.tt1.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Willi\Local Settings\Temp\.tt2.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Willi\Local Settings\Temp\.tt4.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Willi\Local Settings\Temp\.tt5.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Willi\Local Settings\Temp\.tt6.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Willi\Local Settings\Temp\.tt7.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Willi\Local Settings\Temp\.tt8.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Willi\Local Settings\Temp\.tt9.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Willi\Local Settings\Temp\.ttA.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Willi\Local Settings\Temp\.ttB.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Willi\Local Settings\Temp\.ttC.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Willi\Local Settings\Temp\.ttD.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Willi\Local Settings\Temp\.ttE.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Willi\Local Settings\Temp\.ttF.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
HijackThis logje:
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [{64-40-07-77-DW}] C:\windows\system32\jpwnw64m.exe DWram
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" clear
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [Antispyware-2008.exe] C:\Program Files\Antispyware 2008\Antispyware-2008.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: Deewoo.lnk = C:\WINDOWS\system32\ncntqkdm.exe
O4 - Startup: DW_Start.lnk = C:\WINDOWS\system32\jpwnw64m.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Afdrukken - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
O8 - Extra context menu item: Easy-WebPrint Afdrukvoorbeeld - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Toevoegen aan afdruklijst - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint Versneld afdrukken - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_03\bin\npjpi150_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_03\bin\npjpi150_03.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\ntdll64.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\ntdll64.dll
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1209671075453
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} (AcDcToday Control) - file://C:\Program Files\AutoCAD 2002\AcDcToday.ocx
O16 - DPF: {AE563720-B4F5-11D4-A415-00108302FDFD} (NOXLATE-BANR) - file://C:\Program Files\AutoCAD 2002\InstBanr.ocx
O16 - DPF: {C6637286-300D-11D4-AE0A-0010830243BD} (InstaFred) - file://C:\Program Files\AutoCAD 2002\InstFred.ocx
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,5286/mcfscan.cab
O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} (AcPreview Control) - file://C:\Program Files\AutoCAD 2002\AcPreview.ocx
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O24 - Desktop Component 0: Privacy Protection - (no file)
--
End of file - 10199 bytes
Hoi, je HijackThis logje is niet volledig. Ik mis de hoofding.
Download Java Runtime Environment (JRE) 6u7 (http://java.sun.com/javase/downloads/index.jsp).
Scroll omlaag naar : "Java Runtime Environment (JRE) 6u7".
Klik op de "Download" knop aan de rechterkant.
Vink aan: "Accept License Agreement".
De pagina zal herladen.
Klik op de link om Windows Offline Installation te downloaden met Meerdere-talen, en bewaar het naar je Bureaublad.
Sluit alle programma's die eventueel open zijn - Zeker je web browser!
Ga dan naar Start > Configuratiescherm > Software en verwijder alle oudere versies van Java uit de Softwarelijst.
Vink alles aan met Java Runtime Environment (JRE of J2SE) in de naam.
Klik dan op Verwijderen of op de Wijzig/Verwijder knop.
Herhaal dit tot alle oudere versies verdwenen zijn.
Na het verwijderen van alle oudere versies, herstart je pc.
Dubbelklik vervolgens op jre-6u7-windows-i586-p.exe op je Bureaublad om de nieuwste versie van Java te installeren.
Plaats een nieuw Hijackthis logje en vermeldt erbij als je nog enige problemen hebt
Riffnux 12 July 2008, 15:17 Hallo,
Sorry voor het verkeerde logje.
De fout bij het opstarten is weg.
De knop 'afmelden' is nog steeds verdwenen
Het Antivirus XP 2008 krijg ik nog niet gedeïnstalleerd. Het start wel niet meer op bij opstarten van de pc.
Hier is mijn nieuw HijackThis logje:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:13:06, on 12/07/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Steam\Steam.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = file://c:/windows/homepage.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = file://c:/windows/homepage.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = file://c:/windows/homepage.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = file://c:/windows/homepage.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [{64-40-07-77-DW}] C:\windows\system32\jpwnw64m.exe DWram
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" clear
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [Antispyware-2008.exe] C:\Program Files\Antispyware 2008\Antispyware-2008.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: Deewoo.lnk = C:\WINDOWS\system32\ncntqkdm.exe
O4 - Startup: DW_Start.lnk = C:\WINDOWS\system32\jpwnw64m.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Afdrukken - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
O8 - Extra context menu item: Easy-WebPrint Afdrukvoorbeeld - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Toevoegen aan afdruklijst - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint Versneld afdrukken - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\ntdll64.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\ntdll64.dll
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1209671075453
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} (AcDcToday Control) - file://C:\Program Files\AutoCAD 2002\AcDcToday.ocx
O16 - DPF: {AE563720-B4F5-11D4-A415-00108302FDFD} (NOXLATE-BANR) - file://C:\Program Files\AutoCAD 2002\InstBanr.ocx
O16 - DPF: {C6637286-300D-11D4-AE0A-0010830243BD} (InstaFred) - file://C:\Program Files\AutoCAD 2002\InstFred.ocx
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,5286/mcfscan.cab
O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} (AcPreview Control) - file://C:\Program Files\AutoCAD 2002\AcPreview.ocx
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O24 - Desktop Component 0: Privacy Protection - (no file)
--
End of file - 10366 bytes
Volg deze instructies (http://www.bleepingcomputer.com/combofix/nl/hoe-dient-combofix-gebruikt-te-worden) om ComboFix te downloaden.
Voer de instructies op die pagina uit, inclusief het installeren van de XP Recovery Console.
Indien je ComboFix al eerder hebt gebruikt, gelieve die versie te verwijderen en ComboFix opnieuw te downloaden via de bovenstaande link. ComboFix wordt namelijk bijna dagelijks geupdate.
Als je tijdens of na het downloaden van ComboFix of tijdens het gebruik van ComboFix een melding krijgt van je antivirus-of een andere scanner, schakel dan deze scanner uit en download ComboFix opnieuw. Sommige scanners zien bepaalde componenten die ComboFix gebruikt als verdacht en gaan deze blokkeren of verwijderen.
Dubbelklik op ComboFix.exe om ComboFix te openen.
Volg de instructies en aanvaard de disclaimer door op "Ja" te klikken.
Klik tijdens het draaien van ComboFix NIET in het venster, dit kan je systeem doet vastlopen.Wanneer ComboFix klaar is en eventueel na herstart zal er een log (ComboFix.txt) openen.
Post deze samen met een nieuw logje van HijackThis in je volgende reactie.
Riffnux 12 July 2008, 22:49 Combofix logje:
ComboFix 08-07-12.1 - Willi 2008-07-12 22:36:18.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.31.1043.18.1531 [GMT 2:00]
Gestart vanuit: C:\Documents and Settings\Willi\Bureaublad\ComboFix.exe
Command switches used :: C:\Documents and Settings\Willi\Bureaublad\WindowsXP-KB310994-SP2-Pro-BootDisk-NLD.exe
* Nieuw herstelpunt werd aangemaakt
.
(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\All Users\Menu Start\Programma's\Malware Protector 2008
C:\Documents and Settings\All Users\Menu Start\Programma's\Malware Protector 2008\How to Register Malware Protector 2008.lnk
C:\Documents and Settings\All Users\Menu Start\Programma's\Malware Protector 2008\License Agreement.lnk
C:\Documents and Settings\All Users\Menu Start\Programma's\Malware Protector 2008\Malware Protector 2008.lnk
C:\Documents and Settings\All Users\Menu Start\Programma's\Malware Protector 2008\Register Malware Protector 2008.lnk
C:\Documents and Settings\All Users\Menu Start\Programma's\Malware Protector 2008\Uninstall.lnk
C:\Documents and Settings\Willi\Application Data\macromedia\Flash Player\#SharedObjects\GMALZNAU\iforex.com
C:\Documents and Settings\Willi\Application Data\macromedia\Flash Player\#SharedObjects\GMALZNAU\iforex.com\Emerp\Ev ents\flash_object.swf\user_data.sol
C:\Documents and Settings\Willi\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#ifo rex.com
C:\Documents and Settings\Willi\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#ifo rex.com\settings.sol
C:\Documents and Settings\Willi\Application Data\rhc981j0ec7e
C:\Documents and Settings\Willi\Mijn documenten\CROSOF~1.NET
C:\Documents and Settings\Willi\Mijn documenten\ICROSO~1.NET
C:\Program Files\Antispyware 2008
C:\Program Files\Antispyware 2008\vscan.tsi
C:\Program Files\Antispyware 2008\zlib.dll
C:\Program Files\rhc981j0ec7e
C:\Program Files\shca81j0ec7e
C:\WINDOWS\BMdf557344.txt
C:\WINDOWS\elvr.exe
C:\WINDOWS\system32\abfemsmc.ini
C:\WINDOWS\system32\blphcc81j0ec7e.scr
C:\WINDOWS\system32\hsveuldk.ini
C:\WINDOWS\system32\j7
C:\WINDOWS\system32\jvqicmvp.ini
C:\WINDOWS\system32\lxpvosnm.ini
C:\WINDOWS\system32\n4
C:\WINDOWS\system32\pphcc81j0ec7e.exe
C:\WINDOWS\system32\qkjjhskg.ini
C:\WINDOWS\system32\SCehNXyb.ini
C:\WINDOWS\system32\SCehNXyb.ini2
C:\WINDOWS\system32\thfwqefb.ini
.
---- Previous Run -------
.
C:\Program Files\PCHealthCenter
C:\Program Files\PCHealthCenter\0.gif
C:\Program Files\PCHealthCenter\1.gif
C:\Program Files\PCHealthCenter\2.gif
C:\Program Files\PCHealthCenter\3.gif
C:\Program Files\PCHealthCenter\sex1.ico
C:\Program Files\PCHealthCenter\sex2.ico
C:\Temp\1cb
C:\Temp\1cb\syscheck.log
C:\WINDOWS\g32.txt
C:\WINDOWS\gpefaowr.exe
C:\WINDOWS\index.html
C:\WINDOWS\sstem~1
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\mdm.exe
C:\WINDOWS\system32\MSINET.oca
C:\WINDOWS\system32\ymante~1
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_ASPIMGR
-------\Legacy_CMDSERVICE
(((((((((((((((((((( Bestanden Gemaakt van 2008-06-12 to 2008-07-12 ))))))))))))))))))))))))))))))
.
2008-07-12 15:11 . 2008-07-12 15:11 <DIR> d-------- C:\Program Files\Common Files\Java
2008-07-12 15:11 . 2008-06-10 02:32 73,728 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-07-12 15:08 . 2008-07-12 15:08 268 --ah----- C:\sqmdata01.sqm
2008-07-12 15:08 . 2008-07-12 15:08 244 --ah----- C:\sqmnoopt01.sqm
2008-07-12 14:11 . 2008-07-12 14:11 268 --ah----- C:\sqmdata00.sqm
2008-07-12 14:11 . 2008-07-12 14:11 244 --ah----- C:\sqmnoopt00.sqm
2008-07-11 20:37 . 2008-07-11 20:37 <DIR> d-------- C:\Program Files\Trend Micro
2008-07-11 17:51 . 2008-07-11 17:51 184 --a------ C:\WINDOWS\wininit.ini
2008-07-11 17:20 . 2008-07-11 17:20 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-07-11 17:20 . 2008-07-11 17:52 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-07-11 17:12 . 2008-07-11 17:12 <DIR> d-------- C:\Program Files\Lavasoft
2008-07-11 17:12 . 2008-07-11 17:13 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-07-11 17:11 . 2008-07-11 17:11 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-07-10 23:37 . 2008-07-10 23:37 30,208 --a------ C:\WINDOWS\system32\ntdll64.dll
2008-07-10 20:26 . 2008-07-10 19:25 339,968 --a------ C:\WINDOWS\wbxdpgfeqod.dll
2008-07-10 20:03 . 2008-07-10 20:03 <DIR> d-------- C:\Program Files\WinAVI MP4 Converter
2008-07-10 19:44 . 2008-07-10 19:44 <DIR> d-------- C:\Program Files\Red Kawa
2008-07-08 20:40 . 2008-07-08 20:40 <DIR> d-------- C:\Documents and Settings\Willi\Application Data\ArcSoft
2008-06-25 21:00 . 2008-06-25 21:00 <DIR> d-------- C:\Program Files\Google
2008-06-25 18:04 . 2008-06-25 18:04 <DIR> d-------- C:\Program Files\Jasc Software Inc
2008-06-25 18:04 . 2008-06-25 18:04 <DIR> d-------- C:\Documents and Settings\Willi\Application Data\Jasc Software Inc
2008-06-25 17:49 . 2008-06-25 17:49 <DIR> d-------- C:\ConvertTemp
2008-06-24 19:26 . 2004-08-04 01:03 159,232 --a------ C:\WINDOWS\system32\ptpusd.dll
2008-06-24 19:26 . 2001-09-06 21:27 5,632 --a------ C:\WINDOWS\system32\ptpusb.dll
2008-06-23 16:17 . 2008-06-23 16:17 <DIR> dr-h----- C:\Documents and Settings\Willi\Application Data\SecuROM
2008-06-23 16:17 . 2008-06-23 16:17 107,888 --a------ C:\WINDOWS\system32\CmdLineExt.dll
2008-06-23 13:58 . 2008-06-23 15:26 <DIR> d-------- C:\Program Files\EA GAMES
2008-06-23 13:58 . 2005-02-26 07:34 442,368 -ra------ C:\WINDOWS\system32\vp6vfw.dll
2008-06-20 19:43 . 2008-06-20 19:43 247,296 -----c--- C:\WINDOWS\system32\dllcache\mswsock.dll
2008-06-20 12:44 . 2008-06-20 12:44 138,368 -----c--- C:\WINDOWS\system32\dllcache\afd.sys
2008-06-19 20:22 . 2008-06-19 20:22 <DIR> d-------- C:\Program Files\ADJ Video Decoder
2008-06-19 20:22 . 2008-06-19 20:22 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Adjustables
2008-06-19 13:07 . 2008-06-19 13:56 <DIR> d-------- C:\Documents and Settings\Willi\Application Data\GameHouse
2008-06-19 13:07 . 2008-06-19 13:07 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\n7-89-o9-3r-4t-r9
2008-06-19 13:06 . 2008-06-19 13:06 <DIR> d-------- C:\Program Files\GameHouse
2008-06-16 13:36 . 2008-06-16 13:36 <DIR> d-------- C:\Documents and Settings\Willi\Application Data\Valusoft
2008-06-16 13:36 . 2008-06-16 13:36 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Valusoft
2008-06-14 18:14 . 2008-06-14 18:14 <DIR> d-------- C:\Documents and Settings\Willi\Saved Games
2008-06-14 16:34 . 2008-06-14 16:34 <DIR> d-------- C:\Documents and Settings\Willi\Application Data\Home Sweet Home
2008-06-14 14:30 . 2008-06-18 19:43 <DIR> d-------- C:\Program Files\Wedding Dash
2008-06-14 14:30 . 2008-06-14 14:30 <DIR> d-------- C:\Program Files\ReflexiveArcade
2008-06-14 13:26 . 2008-06-14 13:26 4,096 --a------ C:\WINDOWS\d3dx.dat
2008-06-14 13:15 . 2008-06-14 13:15 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Trymedia
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2008-07-12 20:37 --------- d-----w C:\Documents and Settings\Willi\Application Data\DNA
2008-07-12 20:25 --------- d-----w C:\Program Files\Steam
2008-07-12 13:37 --------- d-----w C:\Documents and Settings\Willi\Application Data\LimeWire
2008-07-12 13:32 --------- d-----w C:\Program Files\LimeWire
2008-07-12 13:11 --------- d-----w C:\Program Files\Java
2008-07-12 12:35 --------- d-----w C:\Documents and Settings\All Users\Application Data\TrackMania
2008-07-09 21:50 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-07-06 21:08 --------- d-----w C:\Program Files\Windows Live Safety Center
2008-07-04 09:49 96,520 ----a-w C:\WINDOWS\system32\drivers\avgldx86.sys
2008-07-04 09:49 76,040 ----a-w C:\WINDOWS\system32\drivers\avgtdix.sys
2008-06-23 19:05 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-06-14 20:23 --------- d-----w C:\Program Files\Gamenext
2008-06-14 18:00 272,640 ------w C:\WINDOWS\system32\drivers\bthport.sys
2008-06-14 12:31 --------- d-----w C:\Documents and Settings\Willi\Application Data\PlayFirst
2008-06-14 12:31 --------- d-----w C:\Documents and Settings\All Users\Application Data\PlayFirst
2008-06-14 10:55 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-06-11 14:02 --------- d-----w C:\Program Files\GamesBar
2008-06-11 14:02 --------- d-----w C:\Program Files\Common Files\Oberon Media
2008-06-09 11:19 --------- d-----w C:\Program Files\iTunes
2008-06-09 11:19 --------- d-----w C:\Program Files\iPod
2008-06-09 11:19 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-06-06 16:47 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-06-06 16:47 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-06-06 16:32 --------- d-----w C:\Program Files\Symantec
2008-06-06 16:14 --------- d-----w C:\Documents and Settings\Willi\Application Data\U3
2008-06-05 16:05 --------- d-----w C:\Program Files\Malwarebytes' Anti-Malware
2008-06-05 16:05 --------- d-----w C:\Documents and Settings\Willi\Application Data\Malwarebytes
2008-06-05 16:05 --------- d-----w C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-06-04 20:54 --------- d-----w C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-06-04 20:50 --------- d-----w C:\Program Files\MSXML 4.0
2008-06-04 16:36 --------- d-----w C:\Program Files\Zylom Games
2008-06-04 16:27 --------- d-----w C:\Program Files\AVG
2008-06-04 16:27 --------- d-----w C:\Documents and Settings\All Users\Application Data\avg8
2008-06-03 18:16 --------- d-----w C:\Program Files\AutoCAD 2002
2008-06-03 16:51 --------- d-----w C:\Program Files\Common Files\BitDefender
2008-06-03 15:46 --------- d-----w C:\Documents and Settings\Willi\Application Data\Autodesk
2008-06-03 14:18 --------- d-----w C:\Documents and Settings\Willi\Application Data\Canon
2008-06-02 15:58 --------- d-----w C:\Program Files\WexTech
2008-06-02 15:58 --------- d-----w C:\Program Files\Common Files\Wextech Shared
2008-06-02 15:58 --------- d-----w C:\Program Files\Common Files\LHSPF
2008-06-02 15:57 --------- d-----w C:\Program Files\Volo View Express
2008-06-02 15:57 --------- d-----w C:\Program Files\Common Files\Autodesk Shared
2008-06-02 15:10 --------- d-----w C:\Program Files\Microsoft Works
2008-05-29 23:06 34,296 ----a-w C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-05-29 23:06 15,864 ----a-w C:\WINDOWS\system32\drivers\mbam.sys
2008-05-28 19:21 --------- d-----w C:\Program Files\Canon
2008-05-28 19:18 --------- d-----w C:\Program Files\Common Files\ScanSoft Shared
2008-05-28 19:18 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-05-28 19:18 --------- d-----w C:\Documents and Settings\Willi\Application Data\ScanSoft
2008-05-28 19:18 --------- d-----w C:\Documents and Settings\All Users\Application Data\ScanSoft
2008-05-28 19:18 --------- d-----w C:\Documents and Settings\All Users\Application Data\InstallShield
2008-05-28 19:17 --------- d-----w C:\Program Files\ScanSoft
2008-05-28 19:16 --------- d-----w C:\Program Files\ArcSoft
2008-05-28 19:14 --------- d--h--w C:\Program Files\CanonBJ
2008-05-28 19:14 --------- d--h--w C:\Documents and Settings\All Users\Application Data\CanonBJ
2008-05-27 20:51 --------- d-----w C:\Documents and Settings\Willi\Application Data\BitTorrent
2008-05-27 15:42 --------- d-----w C:\Documents and Settings\Willi\Application Data\Samsung
2008-05-27 15:41 5,632 ----a-w C:\WINDOWS\system32\drivers\StarOpen.sys
2008-05-27 15:35 --------- d-----w C:\Program Files\Samsung
2008-05-21 13:48 --------- d-----w C:\Documents and Settings\Willi\Application Data\Apple Computer
2008-05-21 13:47 --------- d-----w C:\Program Files\QuickTime
2008-05-21 13:46 --------- d-----w C:\Program Files\Common Files\Apple
2008-05-21 13:46 --------- d-----w C:\Program Files\Apple Software Update
2008-05-21 13:46 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple
2008-05-19 14:52 --------- d-----w C:\Program Files\NeroInstall.bak
2008-05-19 14:47 --------- d-----w C:\Documents and Settings\Willi\Application Data\Nero
2008-05-19 14:44 --------- d-----w C:\Program Files\Common Files\Nero
2008-05-19 14:43 --------- d-----w C:\Program Files\Nero
2008-05-19 14:43 --------- d-----w C:\Documents and Settings\All Users\Application Data\Nero
2008-05-18 13:57 --------- d-----w C:\Documents and Settings\Willi\Application Data\AdobeUM
2008-05-17 17:33 --------- d-----w C:\Program Files\JanesHotelFamilyHero_at
2008-05-17 17:33 --------- d-----w C:\Program Files\DinerDashFloontheGo_at
2008-05-17 12:57 --------- d-----w C:\Documents and Settings\Willi\Application Data\Jane s Hotel Family Hero
2008-04-14 10:28 315,392 ----a-w C:\WINDOWS\HideWin.exe
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))) )
.
.
REGEDIT4
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 01:03 15360]
"Steam"="C:\Program Files\Steam\Steam.exe" [2008-04-14 12:55 1271032]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 11:34 5724184]
"NVIDIA nTune"="C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" [2007-09-04 19:25 81920]
"BitTorrent DNA"="C:\Program Files\DNA\btdna.exe" [2008-05-08 16:36 289088]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2008-02-28 17:07 1828136]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-05 02:41 8523776]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-12-05 02:41 81920]
"NeroFilterCheck"="C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" [2008-02-28 09:59 570664]
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-02-18 16:29 2221352]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-03-28 23:37 413696]
"SSBkgdUpdate"="C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-09-28 13:16 185896]
"OpwareSE4"="C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" [2006-10-11 12:45 75304]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-07-04 11:49 1232152]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784]
"RTHDCPL"="RTHDCPL.EXE" [2007-04-10 09:28 16126464 C:\WINDOWS\RTHDCPL.exe]
"SkyTel"="SkyTel.EXE" [2007-04-04 11:22 1822720 C:\WINDOWS\SkyTel.exe]
"nwiz"="nwiz.exe" [2007-12-05 02:41 1626112 C:\WINDOWS\system32\nwiz.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-04 01:03 15360]
C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 04:44:06 29696]
InterVideo WinCinema Manager.lnk - C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe [2008-04-14 14:32:05 303104]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1999-02-17 19:05:56 65588]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.divxa32"= msaud32_divx.acm
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Steam\\SteamApps\\gone2463\\half-life 2 deathmatch\\hl2.exe"=
"C:\\Program Files\\DNA\\btdna.exe"=
"C:\\Program Files\\BitTorrent\\bittorrent.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\Steam\\SteamApps\\bjordy\\counter-strike source\\hl2.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
R1 AvgLdx86;AVG AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-07-04 11:49]
R2 avg8emc;AVG8 E-mail Scanner;C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-07-04 11:49]
R2 avg8wd;AVG8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-07-04 11:49]
R2 AvgTdiX;AVG8 Network Redirector;C:\WINDOWS\system32\Drivers\avgtdix.sys [2008-07-04 11:49]
S3 ss_bus;SAMSUNG Mobile USB Device 1.0 driver (WDM);C:\WINDOWS\system32\DRIVERS\ss_bus.sys [2005-08-30 17:57]
S3 ss_mdfl;SAMSUNG Mobile USB Modem 1.0 Filter;C:\WINDOWS\system32\DRIVERS\ss_mdfl.sys [2005-08-30 17:58]
S3 ss_mdm;SAMSUNG Mobile USB Modem 1.0 Drivers;C:\WINDOWS\system32\DRIVERS\ss_mdm.sys [2005-08-30 17:59]
[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{20193a43-0a18-11dd-9f96-806d6172696f}]
\Shell\AutoRun\command - E:\setup.EXE /AUTORUN
\Shell\configure\command - E:\setup.EXE
\Shell\install\command - E:\setup.EXE
[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{8d4af690-2047-11dd-a565-001d60a176db}]
\Shell\AutoRun\command - H:\LaunchU3.exe -a
.
- - - - ORPHANS REMOVED - - - -
HKCU-Run-Antispyware-2008.exe - C:\Program Files\Antispyware 2008\Antispyware-2008.exe
HKLM-Run-{64-40-07-77-DW} - C:\windows\system32\jpwnw64m.exe
************************************************** ************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-12 22:39:01
Windows 5.1.2600 Service Pack 2 NTFS
scannen van verborgen processen ...
scannen van verborgen autostart items ...
scannen van verborgen bestanden ...
************************************************** ************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\cmd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\Program Files\AVG\AVG8\avgrsx.exe
.
************************************************** ************************
.
Voltooingstijd: 2008-07-12 22:43:51 - machine was rebooted [Willi]
ComboFix-quarantined-files.txt 2008-07-12 20:42:46
Pre-Run: 10,388,668,416 bytes beschikbaar
Post-Run: 10,304,983,040 bytes beschikbaar
WindowsXP-KB310994-SP2-Pro-BootDisk-NLD.exe
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOW S
[operating systems]
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn /usepmtimer
C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
296 --- E O F --- 2008-07-09 21:50:40
[B]Hijackthis logje:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:47:54, on 12/07/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\AVG\AVG8\avgrsx.exe
C:\Program Files\AVG\AVG8\avgrsx.exe
C:\Program Files\AVG\AVG8\avgrsx.exe
C:\Program Files\Microsoft Office\Office\WINWORD.EXE
D:\Program Files\Mozilla Firefox\FF.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = file://c:/windows/homepage.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" clear
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Afdrukken - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
O8 - Extra context menu item: Easy-WebPrint Afdrukvoorbeeld - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Toevoegen aan afdruklijst - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint Versneld afdrukken - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\ntdll64.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\ntdll64.dll
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1209671075453
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} (AcDcToday Control) - file://C:\Program Files\AutoCAD 2002\AcDcToday.ocx
O16 - DPF: {AE563720-B4F5-11D4-A415-00108302FDFD} (NOXLATE-BANR) - file://C:\Program Files\AutoCAD 2002\InstBanr.ocx
O16 - DPF: {C6637286-300D-11D4-AE0A-0010830243BD} (InstaFred) - file://C:\Program Files\AutoCAD 2002\InstFred.ocx
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,5286/mcfscan.cab
O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} (AcPreview Control) - file://C:\Program Files\AutoCAD 2002\AcPreview.ocx
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O24 - Desktop Component 0: Privacy Protection - (no file)
--
End of file - 9670 bytes
Riffnux 14 July 2008, 15:09 Als ik naar een site surf krijg ik altijd dit venster:
http://www.uploader.be/output/1216040794.jpg
Pas als ik dan vernieuw kom ik op de site terecht.
Open Kladblok, kopiëer en plak het volgende (vetgedrukte, blauwe tekst) in een leeg venster:
File::
C:\sqmdata01.sqm
C:\sqmnoopt01.sqm
C:\sqmdata00.sqm
C:\WINDOWS\wbxdpgfeqod.dll
Sla dit op op je Bureaublad als CFScript .
Sleep CFScript in ComboFix.exe zoals getoond in onderstaand voorbeeld :
http://users.pandora.be/bluepatchy/miekiemoes/images/CFScript.gif
Dit zal ComboFix doen herstarten.
Start opnieuw op als daarom gevraagd wordt,
en post de inhoud van de Combofix.txt in je volgende antwoord.
Riffnux 14 July 2008, 15:34 Combofix logje:
ComboFix 08-07-12.1 - Willi 2008-07-14 15:29:49.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.31.1043.18.1546 [GMT 2:00]
Gestart vanuit: C:\Documents and Settings\Willi\Bureaublad\ComboFix.exe
Command switches used :: C:\Documents and Settings\Willi\Bureaublad\CFScript.txt
* Nieuw herstelpunt werd aangemaakt
FILE ::
C:\sqmdata00.sqm
C:\sqmdata01.sqm
C:\sqmnoopt01.sqm
C:\WINDOWS\wbxdpgfeqod.dll
.
(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\sqmdata00.sqm
C:\sqmdata01.sqm
C:\sqmnoopt01.sqm
C:\WINDOWS\BMdf557344.xml
C:\WINDOWS\wbxdpgfeqod.dll
.
(((((((((((((((((((( Bestanden Gemaakt van 2008-06-14 to 2008-07-14 ))))))))))))))))))))))))))))))
.
2008-07-12 15:11 . 2008-07-12 15:11 <DIR> d-------- C:\Program Files\Common Files\Java
2008-07-12 15:11 . 2008-06-10 02:32 73,728 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-07-12 14:11 . 2008-07-12 14:11 244 --ah----- C:\sqmnoopt00.sqm
2008-07-11 20:37 . 2008-07-11 20:37 <DIR> d-------- C:\Program Files\Trend Micro
2008-07-11 17:51 . 2008-07-11 17:51 184 --a------ C:\WINDOWS\wininit.ini
2008-07-11 17:20 . 2008-07-11 17:20 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-07-11 17:20 . 2008-07-11 17:52 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-07-11 17:12 . 2008-07-11 17:12 <DIR> d-------- C:\Program Files\Lavasoft
2008-07-11 17:12 . 2008-07-11 17:13 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-07-11 17:11 . 2008-07-11 17:11 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-07-10 23:37 . 2008-07-10 23:37 30,208 --a------ C:\WINDOWS\system32\ntdll64.dll
2008-07-10 19:44 . 2008-07-10 19:44 <DIR> d-------- C:\Program Files\Red Kawa
2008-07-08 20:40 . 2008-07-08 20:40 <DIR> d-------- C:\Documents and Settings\Willi\Application Data\ArcSoft
2008-06-25 21:00 . 2008-06-25 21:00 <DIR> d-------- C:\Program Files\Google
2008-06-25 18:04 . 2008-06-25 18:04 <DIR> d-------- C:\Program Files\Jasc Software Inc
2008-06-25 18:04 . 2008-06-25 18:04 <DIR> d-------- C:\Documents and Settings\Willi\Application Data\Jasc Software Inc
2008-06-25 17:49 . 2008-06-25 17:49 <DIR> d-------- C:\ConvertTemp
2008-06-24 19:26 . 2004-08-04 01:03 159,232 --a------ C:\WINDOWS\system32\ptpusd.dll
2008-06-24 19:26 . 2001-09-06 21:27 5,632 --a------ C:\WINDOWS\system32\ptpusb.dll
2008-06-23 16:17 . 2008-06-23 16:17 <DIR> dr-h----- C:\Documents and Settings\Willi\Application Data\SecuROM
2008-06-23 16:17 . 2008-06-23 16:17 107,888 --a------ C:\WINDOWS\system32\CmdLineExt.dll
2008-06-23 13:58 . 2008-06-23 15:26 <DIR> d-------- C:\Program Files\EA GAMES
2008-06-23 13:58 . 2005-02-26 07:34 442,368 -ra------ C:\WINDOWS\system32\vp6vfw.dll
2008-06-20 19:43 . 2008-06-20 19:43 247,296 -----c--- C:\WINDOWS\system32\dllcache\mswsock.dll
2008-06-20 12:44 . 2008-06-20 12:44 138,368 -----c--- C:\WINDOWS\system32\dllcache\afd.sys
2008-06-19 20:22 . 2008-06-19 20:22 <DIR> d-------- C:\Program Files\ADJ Video Decoder
2008-06-19 20:22 . 2008-06-19 20:22 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Adjustables
2008-06-19 13:07 . 2008-06-19 13:56 <DIR> d-------- C:\Documents and Settings\Willi\Application Data\GameHouse
2008-06-19 13:07 . 2008-06-19 13:07 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\n7-89-o9-3r-4t-r9
2008-06-19 13:06 . 2008-06-19 13:06 <DIR> d-------- C:\Program Files\GameHouse
2008-06-16 13:36 . 2008-06-16 13:36 <DIR> d-------- C:\Documents and Settings\Willi\Application Data\Valusoft
2008-06-16 13:36 . 2008-06-16 13:36 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Valusoft
2008-06-14 18:14 . 2008-06-14 18:14 <DIR> d-------- C:\Documents and Settings\Willi\Saved Games
2008-06-14 16:34 . 2008-06-14 16:34 <DIR> d-------- C:\Documents and Settings\Willi\Application Data\Home Sweet Home
2008-06-14 14:30 . 2008-06-18 19:43 <DIR> d-------- C:\Program Files\Wedding Dash
2008-06-14 14:30 . 2008-06-14 14:30 <DIR> d-------- C:\Program Files\ReflexiveArcade
2008-06-14 13:26 . 2008-06-14 13:26 4,096 --a------ C:\WINDOWS\d3dx.dat
2008-06-14 13:15 . 2008-06-14 13:15 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Trymedia
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2008-07-14 13:23 --------- d-----w C:\Documents and Settings\Willi\Application Data\DNA
2008-07-14 13:03 --------- d-----w C:\Program Files\Steam
2008-07-13 19:09 --------- d-----w C:\Documents and Settings\Willi\Application Data\LimeWire
2008-07-13 14:11 --------- d-----w C:\Program Files\LimeWire
2008-07-12 21:01 --------- d-----w C:\Documents and Settings\All Users\Application Data\TrackMania
2008-07-12 13:11 --------- d-----w C:\Program Files\Java
2008-07-09 21:50 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-07-06 21:08 --------- d-----w C:\Program Files\Windows Live Safety Center
2008-07-04 09:49 96,520 ----a-w C:\WINDOWS\system32\drivers\avgldx86.sys
2008-07-04 09:49 76,040 ----a-w C:\WINDOWS\system32\drivers\avgtdix.sys
2008-07-04 09:49 10,520 ----a-w C:\WINDOWS\system32\avgrsstx.dll
2008-06-23 19:05 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-06-20 17:43 247,296 ----a-w C:\WINDOWS\system32\mswsock.dll
2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-06-14 20:23 --------- d-----w C:\Program Files\Gamenext
2008-06-14 18:00 272,640 ------w C:\WINDOWS\system32\drivers\bthport.sys
2008-06-14 12:31 --------- d-----w C:\Documents and Settings\Willi\Application Data\PlayFirst
2008-06-14 12:31 --------- d-----w C:\Documents and Settings\All Users\Application Data\PlayFirst
2008-06-14 10:55 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-06-11 14:02 --------- d-----w C:\Program Files\GamesBar
2008-06-11 14:02 --------- d-----w C:\Program Files\Common Files\Oberon Media
2008-06-09 11:19 --------- d-----w C:\Program Files\iTunes
2008-06-09 11:19 --------- d-----w C:\Program Files\iPod
2008-06-09 11:19 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-06-06 16:47 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-06-06 16:47 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-06-06 16:32 --------- d-----w C:\Program Files\Symantec
2008-06-06 16:14 --------- d-----w C:\Documents and Settings\Willi\Application Data\U3
2008-06-05 16:05 --------- d-----w C:\Program Files\Malwarebytes' Anti-Malware
2008-06-05 16:05 --------- d-----w C:\Documents and Settings\Willi\Application Data\Malwarebytes
2008-06-05 16:05 --------- d-----w C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-06-04 20:54 --------- d-----w C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-06-04 20:50 --------- d-----w C:\Program Files\MSXML 4.0
2008-06-04 16:36 --------- d-----w C:\Program Files\Zylom Games
2008-06-04 16:27 --------- d-----w C:\Program Files\AVG
2008-06-04 16:27 --------- d-----w C:\Documents and Settings\All Users\Application Data\avg8
2008-06-04 16:13 81,984 ----a-w C:\WINDOWS\system32\bdod.bin
2008-06-03 18:16 --------- d-----w C:\Program Files\AutoCAD 2002
2008-06-03 16:51 --------- d-----w C:\Program Files\Common Files\BitDefender
2008-06-03 15:46 --------- d-----w C:\Documents and Settings\Willi\Application Data\Autodesk
2008-06-03 14:18 --------- d-----w C:\Documents and Settings\Willi\Application Data\Canon
2008-06-02 15:58 --------- d-----w C:\Program Files\WexTech
2008-06-02 15:58 --------- d-----w C:\Program Files\Common Files\Wextech Shared
2008-06-02 15:58 --------- d-----w C:\Program Files\Common Files\LHSPF
2008-06-02 15:57 --------- d-----w C:\Program Files\Volo View Express
2008-06-02 15:57 --------- d-----w C:\Program Files\Common Files\Autodesk Shared
2008-06-02 15:10 --------- d-----w C:\Program Files\Microsoft Works
2008-05-29 23:06 34,296 ----a-w C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-05-29 23:06 15,864 ----a-w C:\WINDOWS\system32\drivers\mbam.sys
2008-05-28 19:21 --------- d-----w C:\Program Files\Canon
2008-05-28 19:18 --------- d-----w C:\Program Files\Common Files\ScanSoft Shared
2008-05-28 19:18 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-05-28 19:18 --------- d-----w C:\Documents and Settings\Willi\Application Data\ScanSoft
2008-05-28 19:18 --------- d-----w C:\Documents and Settings\All Users\Application Data\ScanSoft
2008-05-28 19:18 --------- d-----w C:\Documents and Settings\All Users\Application Data\InstallShield
2008-05-28 19:17 --------- d-----w C:\Program Files\ScanSoft
2008-05-28 19:16 --------- d-----w C:\Program Files\ArcSoft
2008-05-28 19:14 --------- d--h--w C:\Program Files\CanonBJ
2008-05-28 19:14 --------- d--h--w C:\Documents and Settings\All Users\Application Data\CanonBJ
2008-05-27 20:51 --------- d-----w C:\Documents and Settings\Willi\Application Data\BitTorrent
2008-05-27 15:42 --------- d-----w C:\Documents and Settings\Willi\Application Data\Samsung
2008-05-27 15:41 5,632 ----a-w C:\WINDOWS\system32\drivers\StarOpen.sys
2008-05-27 15:35 --------- d-----w C:\Program Files\Samsung
2008-05-21 13:48 --------- d-----w C:\Documents and Settings\Willi\Application Data\Apple Computer
2008-05-21 13:47 --------- d-----w C:\Program Files\QuickTime
2008-05-21 13:46 --------- d-----w C:\Program Files\Common Files\Apple
2008-05-21 13:46 --------- d-----w C:\Program Files\Apple Software Update
2008-05-21 13:46 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple
2008-05-19 14:52 --------- d-----w C:\Program Files\NeroInstall.bak
2008-05-19 14:47 --------- d-----w C:\Documents and Settings\Willi\Application Data\Nero
2008-05-19 14:44 --------- d-----w C:\Program Files\Common Files\Nero
2008-05-19 14:43 --------- d-----w C:\Program Files\Nero
2008-05-19 14:43 --------- d-----w C:\Documents and Settings\All Users\Application Data\Nero
2008-05-18 13:57 --------- d-----w C:\Documents and Settings\Willi\Application Data\AdobeUM
2008-05-17 17:33 --------- d-----w C:\Program Files\JanesHotelFamilyHero_at
2008-05-17 17:33 --------- d-----w C:\Program Files\DinerDashFloontheGo_at
2008-05-17 12:57 --------- d-----w C:\Documents and Settings\Willi\Application Data\Jane s Hotel Family Hero
2008-05-16 09:58 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe
2008-05-07 05:16 1,291,776 ----a-w C:\WINDOWS\system32\quartz.dll
2008-04-21 07:03 662,528 ----a-w C:\WINDOWS\system32\wininet.dll
2008-04-14 10:28 315,392 ----a-w C:\WINDOWS\HideWin.exe
.
((((((((((((((((((((((((((((( snapshot@2008-07-12_22.42.37.14 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-07-12 20:38:47 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-07-14 13:03:28 2,048 --s-a-w C:\WINDOWS\bootstat.dat
- 2008-07-12 20:29:57 58,596 ----a-w C:\WINDOWS\system32\perfc009.dat
+ 2008-07-14 13:07:50 58,596 ----a-w C:\WINDOWS\system32\perfc009.dat
- 2008-07-12 20:29:57 76,582 ----a-w C:\WINDOWS\system32\perfc013.dat
+ 2008-07-14 13:07:50 76,582 ----a-w C:\WINDOWS\system32\perfc013.dat
- 2008-07-12 20:29:57 392,296 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2008-07-14 13:07:50 392,296 ----a-w C:\WINDOWS\system32\perfh009.dat
- 2008-07-12 20:29:57 455,614 ----a-w C:\WINDOWS\system32\perfh013.dat
+ 2008-07-14 13:07:50 455,614 ----a-w C:\WINDOWS\system32\perfh013.dat
+ 2008-07-14 13:04:01 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_590.dat
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))) )
.
.
REGEDIT4
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 01:03 15360]
"Steam"="C:\Program Files\Steam\Steam.exe" [2008-04-14 12:55 1271032]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 11:34 5724184]
"NVIDIA nTune"="C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" [2007-09-04 19:25 81920]
"BitTorrent DNA"="C:\Program Files\DNA\btdna.exe" [2008-05-08 16:36 289088]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2008-02-28 17:07 1828136]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-05 02:41 8523776]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-12-05 02:41 81920]
"NeroFilterCheck"="C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" [2008-02-28 09:59 570664]
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-02-18 16:29 2221352]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-03-28 23:37 413696]
"SSBkgdUpdate"="C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-09-28 13:16 185896]
"OpwareSE4"="C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" [2006-10-11 12:45 75304]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-07-04 11:49 1232152]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784]
"RTHDCPL"="RTHDCPL.EXE" [2007-04-10 09:28 16126464 C:\WINDOWS\RTHDCPL.exe]
"SkyTel"="SkyTel.EXE" [2007-04-04 11:22 1822720 C:\WINDOWS\SkyTel.exe]
"nwiz"="nwiz.exe" [2007-12-05 02:41 1626112 C:\WINDOWS\system32\nwiz.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-04 01:03 15360]
C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 04:44:06 29696]
InterVideo WinCinema Manager.lnk - C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe [2008-04-14 14:32:05 303104]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1999-02-17 19:05:56 65588]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.divxa32"= msaud32_divx.acm
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Steam\\SteamApps\\gone2463\\half-life 2 deathmatch\\hl2.exe"=
"C:\\Program Files\\DNA\\btdna.exe"=
"C:\\Program Files\\BitTorrent\\bittorrent.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\Steam\\SteamApps\\bjordy\\counter-strike source\\hl2.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
R1 AvgLdx86;AVG AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-07-04 11:49]
R2 avg8emc;AVG8 E-mail Scanner;C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-07-04 11:49]
R2 avg8wd;AVG8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-07-04 11:49]
R2 AvgTdiX;AVG8 Network Redirector;C:\WINDOWS\system32\Drivers\avgtdix.sys [2008-07-04 11:49]
S3 ss_bus;SAMSUNG Mobile USB Device 1.0 driver (WDM);C:\WINDOWS\system32\DRIVERS\ss_bus.sys [2005-08-30 17:57]
S3 ss_mdfl;SAMSUNG Mobile USB Modem 1.0 Filter;C:\WINDOWS\system32\DRIVERS\ss_mdfl.sys [2005-08-30 17:58]
S3 ss_mdm;SAMSUNG Mobile USB Modem 1.0 Drivers;C:\WINDOWS\system32\DRIVERS\ss_mdm.sys [2005-08-30 17:59]
[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{20193a43-0a18-11dd-9f96-806d6172696f}]
\Shell\AutoRun\command - E:\setup.EXE /AUTORUN
\Shell\configure\command - E:\setup.EXE
\Shell\install\command - E:\setup.EXE
[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{8d4af690-2047-11dd-a565-001d60a176db}]
\Shell\AutoRun\command - H:\LaunchU3.exe -a
.
************************************************** ************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-14 15:31:38
Windows 5.1.2600 Service Pack 2 NTFS
scannen van verborgen processen ...
scannen van verborgen autostart items ...
scannen van verborgen bestanden ...
Scan succesvol afgerond
verborgen bestanden: 0
************************************************** ************************
.
Voltooingstijd: 2008-07-14 15:32:26
ComboFix-quarantined-files.txt 2008-07-14 13:32:09
ComboFix2.txt 2008-07-12 20:43:52
Pre-Run: 10,145,759,232 bytes beschikbaar
Post-Run: 10,213,089,280 bytes beschikbaar
241 --- E O F --- 2008-07-09 21:50:40
Dit ziet er goed uit hoor.
Riffnux 14 July 2008, 20:25 Het scherm komt er nog steeds op. Ook heb ik vandaag gemerkt dat ik mijn bureubladachtergond niet meer kan veranderen.
Sorry voor de problemen.
Doe volgende:
Verwijder ComboFix via Start > Uitvoeren, kopiëer en plak Combofix /U klik op OK of toets Enter.
http://hicheckthis.gethost.nl/images/Uninstall_combofix.JPG
Dit zal Combofix verwijderen+gerelateerde mappen en bestanden, herstelt de klokinstellingen opnieuw, verbergt de bestandsextensies, gaat verborgen bestanden en systeembestanden terug verbergen en reset je Systeemherstel opnieuw.
Riffnux 15 July 2008, 21:55 Sorry maar dit heeft niet geholpen. Heb nog altijd dezelfde witte achtergrond en dat scherm van Antispyware 2008
Hoi, AntiSpyware 2008 zie ik niet meer in je log hoor. En kun je je bureaublad niet veranderen via configuratiescherm?
Riffnux 17 July 2008, 11:43 Hallo
Het bureublad heb ik kunnen oplossen. Als ik met het pijltje boven aan het scherm ging kwam er blijkbaar een soort taakbalk waar je de witte achtergrond kon sluiten. Hij komt niet meer terug.
Wat dat venster betreft, heb de cookies eens verwijdert maar zonder success. Als ik klik op 'Continue to this website unprotected' kom ik op de site van Antispyware 2008. Ik weet niet waar het vandaan komt. Toch bedankt voor het oplossen van al de rest
Hoi, blijkbaar is die AntiSpyware 2008 van Trend Micro.
Lees deze eens door:http://us.trendmicro.com/us/products/personal/antivirus-plus-anti-spyware/
Riffnux 18 July 2008, 23:53 Hallo, Ik denk niet dat de antispyware van Trend micro is. Via dat scherm kom ik op deze site: https://secure.software-payment.com/payment/?sku_name=ASPR2008_EN_S,SAWTCEN_EN_S_01,VIPCS_EN_S&aid=aspr2008bill&affid=1003
dus denk ik dat hij van Alphawipe is.
Open Kladblok, kopiëer en plak het volgende (vetgedrukte, blauwe tekst) in een leeg venster:
File::
C:\windows\system32\jpwnw64m.exe
Sla dit op op je Bureaublad als CFScript .
Sleep CFScript in ComboFix.exe zoals getoond in onderstaand voorbeeld :
http://users.pandora.be/bluepatchy/miekiemoes/images/CFScript.gif
Dit zal ComboFix doen herstarten.
Start opnieuw op als daarom gevraagd wordt,
en post de inhoud van de Combofix.txt in je volgende antwoord.
Doe ook nog eens de scan met MBAM en post ook daarvan de log.
Riffnux 19 July 2008, 16:30 Combofix logje:
ComboFix 08-07-18.5 - Willi 2008-07-19 16:20:12.4 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.31.1043.18.1535 [GMT 2:00]
Gestart vanuit: C:\Documents and Settings\Willi\Bureaublad\ComboFix.exe
Command switches used :: C:\Documents and Settings\Willi\Bureaublad\CFScript.txt
* Nieuw herstelpunt werd aangemaakt
FILE ::
C:\windows\system32\jpwnw64m.exe
.
(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\DOCUME~1\Willi\MENUST~1\PROGRA~1\OPSTAR~1\Deewo o.lnk
C:\DOCUME~1\Willi\MENUST~1\PROGRA~1\OPSTAR~1\DW_St art.lnk
C:\Documents and Settings\All Users\Menu Start\Programma's\Malware Protector 2008.lnk
C:\Documents and Settings\Willi\Local Settings\Temporary Internet Files\bestwiner.stt
C:\Documents and Settings\Willi\Local Settings\Temporary Internet Files\CPV.stt
C:\Documents and Settings\Willi\Menu Start\Programma's\Opstarten\Deewoo.lnk
C:\Documents and Settings\Willi\Menu Start\Programma's\Opstarten\DW_Start.lnk
C:\WINDOWS\b152.exe.bin
C:\WINDOWS\b155.exe.bin
C:\WINDOWS\b156.exe.bin
C:\WINDOWS\b157.exe.bin
.
(((((((((((((((((((( Bestanden Gemaakt van 2008-06-19 to 2008-07-19 ))))))))))))))))))))))))))))))
.
2008-08-10 16:01 . 2008-08-10 16:10 10,520 --a------ C:\WINDOWS\system32\avgrsstx.dll
2008-07-18 18:11 . 2008-07-18 18:11 <DIR> d-------- C:\Program Files\Common Files\BOONTY Shared
2008-07-18 18:11 . 2008-07-18 18:11 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\BOONTY
2008-07-12 15:11 . 2008-07-12 15:11 <DIR> d-------- C:\Program Files\Common Files\Java
2008-07-12 15:11 . 2008-06-10 02:32 73,728 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-07-12 14:11 . 2008-07-12 14:11 244 --ah----- C:\sqmnoopt00.sqm
2008-07-11 20:37 . 2008-07-11 20:37 <DIR> d-------- C:\Program Files\Trend Micro
2008-07-11 17:51 . 2008-07-11 17:51 184 --a------ C:\WINDOWS\wininit.ini
2008-07-11 17:20 . 2008-07-11 17:20 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-07-11 17:20 . 2008-07-11 17:52 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-07-11 17:12 . 2008-07-11 17:12 <DIR> d-------- C:\Program Files\Lavasoft
2008-07-11 17:12 . 2008-07-11 17:13 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-07-11 17:11 . 2008-07-11 17:11 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-07-10 23:37 . 2008-07-10 23:37 30,208 --a------ C:\WINDOWS\system32\ntdll64.dll
2008-07-10 19:44 . 2008-07-10 19:44 <DIR> d-------- C:\Program Files\Red Kawa
2008-07-08 20:40 . 2008-07-08 20:40 <DIR> d-------- C:\Documents and Settings\Willi\Application Data\ArcSoft
2008-06-25 21:00 . 2008-06-25 21:00 <DIR> d-------- C:\Program Files\Google
2008-06-25 18:04 . 2008-06-25 18:04 <DIR> d-------- C:\Program Files\Jasc Software Inc
2008-06-25 18:04 . 2008-06-25 18:04 <DIR> d-------- C:\Documents and Settings\Willi\Application Data\Jasc Software Inc
2008-06-25 17:49 . 2008-06-25 17:49 <DIR> d-------- C:\ConvertTemp
2008-06-24 19:26 . 2004-08-04 01:03 159,232 --a------ C:\WINDOWS\system32\ptpusd.dll
2008-06-24 19:26 . 2001-09-06 21:27 5,632 --a------ C:\WINDOWS\system32\ptpusb.dll
2008-06-23 16:17 . 2008-06-23 16:17 <DIR> dr-h----- C:\Documents and Settings\Willi\Application Data\SecuROM
2008-06-23 16:17 . 2008-06-23 16:17 107,888 --a------ C:\WINDOWS\system32\CmdLineExt.dll
2008-06-23 13:58 . 2008-06-23 15:26 <DIR> d-------- C:\Program Files\EA GAMES
2008-06-23 13:58 . 2005-02-26 07:34 442,368 -ra------ C:\WINDOWS\system32\vp6vfw.dll
2008-06-20 19:43 . 2008-06-20 19:43 247,296 -----c--- C:\WINDOWS\system32\dllcache\mswsock.dll
2008-06-20 12:44 . 2008-06-20 12:44 138,368 -----c--- C:\WINDOWS\system32\dllcache\afd.sys
2008-06-19 20:22 . 2008-06-19 20:22 <DIR> d-------- C:\Program Files\ADJ Video Decoder
2008-06-19 20:22 . 2008-06-19 20:22 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Adjustables
2008-06-19 13:07 . 2008-06-19 13:56 <DIR> d-------- C:\Documents and Settings\Willi\Application Data\GameHouse
2008-06-19 13:07 . 2008-06-19 13:07 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\n7-89-o9-3r-4t-r9
2008-06-19 13:06 . 2008-06-19 13:06 <DIR> d-------- C:\Program Files\GameHouse
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2008-08-10 14:10 96,520 ----a-w C:\WINDOWS\system32\drivers\avgldx86.sys
2008-08-10 14:10 76,040 ----a-w C:\WINDOWS\system32\drivers\avgtdix.sys
2008-08-10 14:01 --------- d-----w C:\Documents and Settings\All Users\Application Data\avg8
2008-07-19 14:16 --------- d-----w C:\Program Files\Steam
2008-07-18 14:11 --------- d-----w C:\Documents and Settings\Willi\Application Data\LimeWire
2008-07-17 10:46 --------- d-----w C:\Documents and Settings\All Users\Application Data\TrackMania
2008-07-15 19:45 --------- d-----w C:\Program Files\DNA
2008-07-15 19:42 --------- d-----w C:\Documents and Settings\Willi\Application Data\DNA
2008-07-13 14:11 --------- d-----w C:\Program Files\LimeWire
2008-07-12 13:11 --------- d-----w C:\Program Files\Java
2008-07-09 21:50 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-07-06 21:08 --------- d-----w C:\Program Files\Windows Live Safety Center
2008-06-23 19:05 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-06-20 17:43 247,296 ----a-w C:\WINDOWS\system32\mswsock.dll
2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-06-18 17:43 --------- d-----w C:\Program Files\Wedding Dash
2008-06-16 11:36 --------- d-----w C:\Documents and Settings\Willi\Application Data\Valusoft
2008-06-16 11:36 --------- d-----w C:\Documents and Settings\All Users\Application Data\Valusoft
2008-06-14 20:23 --------- d-----w C:\Program Files\Gamenext
2008-06-14 18:00 272,640 ------w C:\WINDOWS\system32\drivers\bthport.sys
2008-06-14 14:34 --------- d-----w C:\Documents and Settings\Willi\Application Data\Home Sweet Home
2008-06-14 12:31 --------- d-----w C:\Documents and Settings\Willi\Application Data\PlayFirst
2008-06-14 12:31 --------- d-----w C:\Documents and Settings\All Users\Application Data\PlayFirst
2008-06-14 12:30 --------- d-----w C:\Program Files\ReflexiveArcade
2008-06-14 11:15 --------- d-----w C:\Documents and Settings\All Users\Application Data\Trymedia
2008-06-14 10:55 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-06-11 14:02 --------- d-----w C:\Program Files\GamesBar
2008-06-11 14:02 --------- d-----w C:\Program Files\Common Files\Oberon Media
2008-06-09 11:19 --------- d-----w C:\Program Files\iTunes
2008-06-09 11:19 --------- d-----w C:\Program Files\iPod
2008-06-09 11:19 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-06-06 16:47 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-06-06 16:47 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-06-06 16:32 --------- d-----w C:\Program Files\Symantec
2008-06-06 16:14 --------- d-----w C:\Documents and Settings\Willi\Application Data\U3
2008-06-05 16:05 --------- d-----w C:\Program Files\Malwarebytes' Anti-Malware
2008-06-05 16:05 --------- d-----w C:\Documents and Settings\Willi\Application Data\Malwarebytes
2008-06-05 16:05 --------- d-----w C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-06-04 20:54 --------- d-----w C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-06-04 20:50 --------- d-----w C:\Program Files\MSXML 4.0
2008-06-04 16:36 --------- d-----w C:\Program Files\Zylom Games
2008-06-04 16:27 --------- d-----w C:\Program Files\AVG
2008-06-04 16:13 81,984 ----a-w C:\WINDOWS\system32\bdod.bin
2008-06-03 18:16 --------- d-----w C:\Program Files\AutoCAD 2002
2008-06-03 16:51 --------- d-----w C:\Program Files\Common Files\BitDefender
2008-06-03 15:46 --------- d-----w C:\Documents and Settings\Willi\Application Data\Autodesk
2008-06-03 14:18 --------- d-----w C:\Documents and Settings\Willi\Application Data\Canon
2008-06-02 15:58 --------- d-----w C:\Program Files\WexTech
2008-06-02 15:58 --------- d-----w C:\Program Files\Common Files\Wextech Shared
2008-06-02 15:58 --------- d-----w C:\Program Files\Common Files\LHSPF
2008-06-02 15:57 --------- d-----w C:\Program Files\Volo View Express
2008-06-02 15:57 --------- d-----w C:\Program Files\Common Files\Autodesk Shared
2008-06-02 15:10 --------- d-----w C:\Program Files\Microsoft Works
2008-05-29 23:06 34,296 ----a-w C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-05-29 23:06 15,864 ----a-w C:\WINDOWS\system32\drivers\mbam.sys
2008-05-28 19:21 --------- d-----w C:\Program Files\Canon
2008-05-28 19:18 --------- d-----w C:\Program Files\Common Files\ScanSoft Shared
2008-05-28 19:18 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-05-28 19:18 --------- d-----w C:\Documents and Settings\Willi\Application Data\ScanSoft
2008-05-28 19:18 --------- d-----w C:\Documents and Settings\All Users\Application Data\ScanSoft
2008-05-28 19:18 --------- d-----w C:\Documents and Settings\All Users\Application Data\InstallShield
2008-05-28 19:17 --------- d-----w C:\Program Files\ScanSoft
2008-05-28 19:16 --------- d-----w C:\Program Files\ArcSoft
2008-05-28 19:14 --------- d--h--w C:\Program Files\CanonBJ
2008-05-28 19:14 --------- d--h--w C:\Documents and Settings\All Users\Application Data\CanonBJ
2008-05-27 20:51 --------- d-----w C:\Documents and Settings\Willi\Application Data\BitTorrent
2008-05-27 15:42 --------- d-----w C:\Documents and Settings\Willi\Application Data\Samsung
2008-05-27 15:41 5,632 ----a-w C:\WINDOWS\system32\drivers\StarOpen.sys
2008-05-27 15:35 --------- d-----w C:\Program Files\Samsung
2008-05-21 13:48 --------- d-----w C:\Documents and Settings\Willi\Application Data\Apple Computer
2008-05-21 13:47 --------- d-----w C:\Program Files\QuickTime
2008-05-21 13:46 --------- d-----w C:\Program Files\Common Files\Apple
2008-05-21 13:46 --------- d-----w C:\Program Files\Apple Software Update
2008-05-21 13:46 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple
2008-05-19 14:52 --------- d-----w C:\Program Files\NeroInstall.bak
2008-05-19 14:47 --------- d-----w C:\Documents and Settings\Willi\Application Data\Nero
2008-05-19 14:44 --------- d-----w C:\Program Files\Common Files\Nero
2008-05-19 14:43 --------- d-----w C:\Program Files\Nero
2008-05-19 14:43 --------- d-----w C:\Documents and Settings\All Users\Application Data\Nero
2008-05-16 09:58 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe
2008-05-07 05:16 1,291,776 ----a-w C:\WINDOWS\system32\quartz.dll
2008-04-21 07:03 662,528 ----a-w C:\WINDOWS\system32\wininet.dll
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))) )
.
.
REGEDIT4
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 01:03 15360]
"Steam"="C:\Program Files\Steam\Steam.exe" [2008-04-14 12:55 1271032]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 11:34 5724184]
"NVIDIA nTune"="C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" [2007-09-04 19:25 81920]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2008-02-28 17:07 1828136]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-05 02:41 8523776]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-12-05 02:41 81920]
"NeroFilterCheck"="C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" [2008-02-28 09:59 570664]
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-02-18 16:29 2221352]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-03-28 23:37 413696]
"SSBkgdUpdate"="C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-09-28 13:16 185896]
"OpwareSE4"="C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" [2006-10-11 12:45 75304]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-08-10 16:10 1232152]
"RTHDCPL"="RTHDCPL.EXE" [2007-04-10 09:28 16126464 C:\WINDOWS\RTHDCPL.exe]
"SkyTel"="SkyTel.EXE" [2007-04-04 11:22 1822720 C:\WINDOWS\SkyTel.exe]
"nwiz"="nwiz.exe" [2007-12-05 02:41 1626112 C:\WINDOWS\system32\nwiz.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-04 01:03 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.divxa32"= msaud32_divx.acm
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Steam\\SteamApps\\gone2463\\half-life 2 deathmatch\\hl2.exe"=
"C:\\Program Files\\BitTorrent\\bittorrent.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\Steam\\SteamApps\\bjordy\\counter-strike source\\hl2.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
R1 AvgLdx86;AVG AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-08-10 16:10]
R2 avg8emc;AVG8 E-mail Scanner;C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-08-10 16:10]
R2 avg8wd;AVG8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-08-10 16:10]
R2 AvgTdiX;AVG8 Network Redirector;C:\WINDOWS\system32\Drivers\avgtdix.sys [2008-08-10 16:10]
S3 Boonty Games;Boonty Games;C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe [2008-07-18 18:11]
S3 ss_bus;SAMSUNG Mobile USB Device 1.0 driver (WDM);C:\WINDOWS\system32\DRIVERS\ss_bus.sys [2005-08-30 17:57]
S3 ss_mdfl;SAMSUNG Mobile USB Modem 1.0 Filter;C:\WINDOWS\system32\DRIVERS\ss_mdfl.sys [2005-08-30 17:58]
S3 ss_mdm;SAMSUNG Mobile USB Modem 1.0 Drivers;C:\WINDOWS\system32\DRIVERS\ss_mdm.sys [2005-08-30 17:59]
[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{20193a43-0a18-11dd-9f96-806d6172696f}]
\Shell\AutoRun\command - E:\setup.EXE /AUTORUN
\Shell\configure\command - E:\setup.EXE
\Shell\install\command - E:\setup.EXE
[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{8d4af690-2047-11dd-a565-001d60a176db}]
\Shell\AutoRun\command - H:\LaunchU3.exe -a
.
************************************************** ************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-19 16:22:23
Windows 5.1.2600 Service Pack 2 NTFS
scannen van verborgen processen ...
scannen van verborgen autostart items ...
scannen van verborgen bestanden ...
Scan succesvol afgerond
verborgen bestanden: 0
************************************************** ************************
.
Voltooingstijd: 2008-07-19 16:23:05
ComboFix-quarantined-files.txt 2008-07-19 14:22:52
ComboFix2.txt 2008-07-14 13:32:27
Pre-Run: 9,919,381,504 bytes beschikbaar
Post-Run: 10,215,440,384 bytes beschikbaar
221 --- E O F --- 2008-07-09 21:50:40
MBAM logje:
Malwarebytes' Anti-Malware 1.14
Database versie: 827
16:27:23 19/07/2008
mbam-log-7-19-2008 (16-27-23).txt
Scan type: Snelle Scan
Objecten gescand: 34467
Verstreken tijd: 3 minute(s), 3 second(s)
Geheugenprocessen geïnfecteerd: 0
Geheugenmodulen geïnfecteerd: 0
Registersleutels geïnfecteerd: 0
Registerwaarden geïnfecteerd: 0
Registerdata bestanden geïnfecteerd: 0
Mappen geïnfecteerd: 0
Bestanden geïnfecteerd: 0
Geheugenprocessen geïnfecteerd:
(Geen kwaadaardige items gevonden)
Geheugenmodulen geïnfecteerd:
(Geen kwaadaardige items gevonden)
Registersleutels geïnfecteerd:
(Geen kwaadaardige items gevonden)
Registerwaarden geïnfecteerd:
(Geen kwaadaardige items gevonden)
Registerdata bestanden geïnfecteerd:
(Geen kwaadaardige items gevonden)
Mappen geïnfecteerd:
(Geen kwaadaardige items gevonden)
Bestanden geïnfecteerd:
(Geen kwaadaardige items gevonden)
Riffnux 19 July 2008, 18:57 Nog altijd dat scherm van op blz 1
Nog altijd dat scherm van op blz 1
En dat is?
Riffnux 19 July 2008, 20:30 Als ik naar een site surf komt er soms eerst dit scherm op:
http://www.uploader.be/output/1216040794.jpg
Is dit niet zo ingesteld door jezelf!! Hij blocked maar bepaalde site's zo te zien!
Riffnux 19 July 2008, 21:22 Is dit niet zo ingesteld door jezelf!! Hij blocked maar bepaalde site's zo te zien!
Nee ik heb dit niet zelf ingesteld. Enig idee hoe ik dit kan "deblokkeren" ?
Waarschijnlijk in de instellingen van FF.
|
|