Volledige versie bekijken : Gehackt of virus?
Bongers 26 July 2008, 13:41 Dit onderwerp had ik geplaatst bij virussen, maar bij deze plaats ik het vanwege de Hijack log hier:
'Hallo mensen,
Vanmorgen kwam ik erachter dat er met mijn hotmailadres een e-mail is verstuurd naar al mijn contactpersonen, zonder dat ik aangemeld was (de computer stond niet eens aan). In deze mail staat dit bericht:
Hey
How is going now !
I got a good webiste ,that guys sell electronics,the price is cheap and quality is nice .
Go and check it :www.csuuw.com (http://www.csuuw.com/)
Toen ik mij aanmeldde bij MSN Messenger waren al mijn contactpersonen verdwenen. Ik heb mijn wachtwoord inmiddels veranderd. Ik heb geprobeerd een e-mail te sturen naar iedereen (door de adressen bij 'verzonden' te kopieren) om iedereen op de hoogte te stellen van de mail, dat ze die link dus niet moeten openen, maar ik kreeg de mail niet verstuurd. Ook niet via een ander e-mailadres (geen hotmail).
Via google kwam ik een paar dezelfde gevallen tegen:
http://www.google.nl/search?hl=nl&q=...e+zoeken&meta= (http://www.google.nl/search?hl=nl&q=csuuw+virus&btnG=Google+zoeken&meta=)
Kan iemand mij helpen? Alvast bedankt!
Met vriendelijke groet,
Rob Bongers'
Momenteel loopt al een virusscaner (AVG 7.5).
Dit is de Hijack log die ik net gemaakt heb:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:36:37, on 26-7-2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\system32\VTTimer.exe
D:\WINDOWS\system32\VTtrayp.exe
D:\Program Files\Winamp\winampa.exe
D:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
D:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
D:\Program Files\Common Files\Network Associates\TalkBack\tbmon.exe
D:\Program Files\D-Tools\daemon.exe
D:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
D:\Program Files\MSI\Live Update 3\LMonitor.exe
D:\WINDOWS\SOUNDMAN.EXE
D:\WINDOWS\Mixer.exe
D:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe
D:\Program Files\HP\HP Software Update\HPWuSchd2.exe
D:\Program Files\HP\hpcoretech\hpcmpmgr.exe
D:\WINDOWS\system32\RunDll32.exe
D:\Program Files\AVG Anti-Spyware 7.5\avgas.exe
D:\Program Files\Common Files\Real\Update_OB\realsched.exe
D:\WINDOWS\system32\ctfmon.exe
D:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
D:\Program Files\Google\Google Updater\GoogleUpdater.exe
D:\Program Files\Hp\Digital Imaging\bin\hpqtra08.exe
D:\Program Files\Paltalk Messenger\paltalk.exe
D:\Program Files\NETGEAR\WG111v2 Configuration Utility\WG111v2.exe
D:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\OpenOffice\program\soffice.exe
D:\Program Files\AVG Anti-Spyware 7.5\guard.exe
D:\Program Files\Bonjour\mDNSResponder.exe
D:\Program Files\802.11g USB\RT2573\WLService.exe
D:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
D:\Program Files\802.11g USB\RT2573\RT2573.exe
D:\WINDOWS\system32\svchost.exe
D:\Program Files\Network Associates\Common Framework\FrameworkService.exe
D:\Program Files\Network Associates\VirusScan\mcshield.exe
D:\Program Files\Network Associates\VirusScan\vstskmgr.exe
D:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
D:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\HPZipm12.exe
D:\WINDOWS\system32\wscntfy.exe
D:\WINDOWS\system32\wuauclt.exe
D:\Program Files\Winamp\winamp.exe
D:\Program Files\Windows Live\Messenger\usnsvc.exe
D:\PROGRA~1\MI3AA1~1\rapimgr.exe
D:\Program Files\Microsoft ActiveSync\wcescomm.exe
D:\Program Files\Java\jre1.6.0_02\bin\jucheck.exe
D:\PROGRA~1\Mozilla Firefox\firefox.exe
D:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - D:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - d:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - D:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\s wg.dll
O2 - BHO: Burn4Free Toolbar Helper - {D187A56B-A33F-4CBE-9D77-459FC0BAE012} - D:\Program Files\Burn4Free Toolbar\v3.3.0.1\Burn4Free_Toolbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - d:\program files\google\googletoolbar1.dll
O3 - Toolbar: Burn4Free Toolbar - {4F11ACBB-393F-4C86-A214-FF3D0D155CC3} - D:\Program Files\Burn4Free Toolbar\v3.3.0.1\Burn4Free_Toolbar.dll
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [WinampAgent] D:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [ShStatEXE] "D:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "D:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "D:\Program Files\Common Files\Network Associates\TalkBack\tbmon.exe"
O4 - HKLM\..\Run: [DAEMON Tools-1033] "D:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [LiveMonitor] D:\Program Files\MSI\Live Update 3\LMonitor.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "D:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] D:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "D:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [HP Software Update] D:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [HP Component Manager] "D:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [CmUsbSound] RunDll32 cmcnfgu.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "D:\Program Files\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [TkBellExe] "D:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [UpdateManager] "D:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "D:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [msnmsgr] "D:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: OpenOffice.org 1.1.4.lnk = C:\Program Files\OpenOffice\program\quickstart.exe
O4 - Global Startup: Google Updater.lnk = D:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = D:\Program Files\Hp\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office OneNote 2003 Snel Starten.lnk = D:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
O4 - Global Startup: PalTalk.lnk = D:\Program Files\Paltalk Messenger\paltalk.exe
O4 - Global Startup: Snelstart HP Image Zone.lnk = D:\Program Files\Hp\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: WG111v2 Smart Wizard Wireless Setting.lnk = ?
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://D:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - D:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - D:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Mobiele favorieten maken... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - D:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - D:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - D:\Program Files\Paltalk Messenger\Paltalk.exe
O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - D:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - D:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: Unibet Poker - {C53BFCFC-7A54-4627-AEBA-2CD4871FCA97} - C:\Microgaming\Poker\UnibetpokerMPP\MPPoker.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - D:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - D:\Program Files\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762# # (Bonjour Service) - Apple Computer, Inc. - D:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - D:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Gemtek USB Wireless LAN Card - Unknown owner - D:\Program Files\802.11g USB\RT2573\WLService.exe
O23 - Service: Google Updater Service (gusvc) - Google - D:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - D:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - D:\Program Files\Network Associates\VirusScan\mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - D:\Program Files\Network Associates\VirusScan\vstskmgr.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - D:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - D:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: Pml Driver HPZ12 - HP - D:\WINDOWS\system32\HPZipm12.exe
--
End of file - 10413 bytes
Deïnstalleer eerst MSN live Messenger, deze is namelijk ook geïnfecteerd.
Download hier MSNFix by BendeBoy (http://bendeboy.gethost.nl/MSNFix.exe) en sla het op naar je Bureaublad.
Pak het vervolgens uit naar een eigen map
Sla eerst al uw documenten en werkjes etc. op omdat er een kans is dat de PC opnieuw moet worden opgestart. Dit is normaal indien er een bestand zich hardnekkig heeft vastgezet.
Open de map van MSNFix en dubbelklik MSNFix.cmd.
Het bestand gaat zijn taken uitvoeren, je hoeft ondertussen niets te doen. Zodra het klaar is en eventueel na herstart zal het een rapport openen (MSNFix.txt ).
Post de inhoud van dit rapport in je volgende bericht, samen met een logje van HijackThis aub.
Bongers 26 July 2008, 14:34 De inhoud van MSNfix:
---------- MSNFIXS MSNFIX RAPORT ----------
- Version: v2.004 - Last Update: 06/07/2008
- Scan performed on: za 26-07-2008 - 14:32:34,90 By Rob
- Bootmode: Normal Mode
It is possible to complain about messenger virusses.
Visit MalwareComplaints.com for more information!
Het is mogelijk om uw beklag te doen tegen messenger virussen.
Bezoek MalwareComplaints.com voor meer informatie.
((((((((((((((( CREATED FILES LAST MONTH )))))))))))))))
2008-07-26 -12:03:06 - A.S.. "D:\WINDOWS\bootstat.dat"
2008-07-14 -23:17:36 - A.... "D:\WINDOWS\Burn4Free_Toolbar_Uninstaller_2359.exe"
2008-07-26 -14:31:30 - A.... "D:\WINDOWS\system32\LOcATE.COM"
2008-07-26 -14:31:30 - A.... "D:\WINDOWS\system32\NIRCMD.EXE"
2008-07-25 -13:10:40 - A..H. "D:\Documents and Settings\Rob\NTUSER.DAT"
((((((((((((((( FIX-LOG )))))))))))))))
-- FIRST RUN --
Nothing found
-- SECOND RUN --
Nothing found
((((((((((((((( REGISTRY EXPORT )))))))))))))))
-- HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run --
"VTTimer"="VTTimer.exe"
"VTTrayp"="VTtrayp.exe"
"WinampAgent"="D:\\Program Files\\Winamp\\winampa.exe"
"ShStatEXE"="\"D:\\Program Files\\Network Associates\\VirusScan\\SHSTAT.EXE\" /STANDALONE"
"McAfeeUpdaterUI"="\"D:\\Program Files\\Network Associates\\Common Framework\\UpdaterUI.exe\" /StartedFromRunKey"
"Network Associates Error Reporting Service"="\"D:\\Program Files\\Common Files\\Network Associates\\TalkBack\\tbmon.exe\""
"DAEMON Tools-1033"="\"D:\\Program Files\\D-Tools\\daemon.exe\" -lang 1033"
"SunJavaUpdateSched"="\"D:\\Program Files\\Java\\jre1.6.0_02\\bin\\jusched.exe\""
"LiveMonitor"="D:\\Program Files\\MSI\\Live Update 3\\LMonitor.exe"
"SoundMan"="SOUNDMAN.EXE"
"C-Media Mixer"="Mixer.exe /startup"
"Adobe Reader Speed Launcher"="\"D:\\Program Files\\Adobe\\Reader 8.0\\Reader\\Reader_sl.exe\""
"NeroFilterCheck"="D:\\Program Files\\Common Files\\Nero\\Lib\\NeroCheck.exe"
"NBKeyScan"="\"D:\\Program Files\\Nero\\Nero8\\Nero BackItUp\\NBKeyScan.exe\""
"HP Software Update"="D:\\Program Files\\HP\\HP Software Update\\HPWuSchd2.exe"
"HP Component Manager"="\"D:\\Program Files\\HP\\hpcoretech\\hpcmpmgr.exe\""
"CmUsbSound"="RunDll32 cmcnfgu.cpl,CMICtrlWnd"
"!AVG Anti-Spyware"="\"D:\\Program Files\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized"
"TkBellExe"="\"D:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"UpdateManager"="\"D:\\Program Files\\Common Files\\Sonic\\Update Manager\\sgtray.exe\" /r"
-- HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run --
"CTFMON.EXE"="D:\\WINDOWS\\system32\\ctfmon.exe"
"H/PC Connection Agent"="\"D:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe\""
"msnmsgr"="\"D:\\Program Files\\Windows Live\\Messenger\\MsnMsgr.Exe\" /background"
"Sonic RecordNow!"=""
---------- END OF LOG ----------
HijackThis:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:33:20, on 26-7-2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\system32\VTTimer.exe
D:\WINDOWS\system32\VTtrayp.exe
D:\Program Files\Winamp\winampa.exe
D:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
D:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
D:\Program Files\Common Files\Network Associates\TalkBack\tbmon.exe
D:\Program Files\D-Tools\daemon.exe
D:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
D:\Program Files\MSI\Live Update 3\LMonitor.exe
D:\WINDOWS\SOUNDMAN.EXE
D:\WINDOWS\Mixer.exe
D:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe
D:\Program Files\HP\HP Software Update\HPWuSchd2.exe
D:\Program Files\HP\hpcoretech\hpcmpmgr.exe
D:\WINDOWS\system32\RunDll32.exe
D:\Program Files\AVG Anti-Spyware 7.5\avgas.exe
D:\Program Files\Common Files\Real\Update_OB\realsched.exe
D:\WINDOWS\system32\ctfmon.exe
D:\Program Files\Google\Google Updater\GoogleUpdater.exe
D:\Program Files\Hp\Digital Imaging\bin\hpqtra08.exe
D:\Program Files\Paltalk Messenger\paltalk.exe
D:\Program Files\NETGEAR\WG111v2 Configuration Utility\WG111v2.exe
D:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\OpenOffice\program\soffice.exe
D:\Program Files\AVG Anti-Spyware 7.5\guard.exe
D:\Program Files\Bonjour\mDNSResponder.exe
D:\Program Files\802.11g USB\RT2573\WLService.exe
D:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
D:\Program Files\802.11g USB\RT2573\RT2573.exe
D:\WINDOWS\system32\svchost.exe
D:\Program Files\Network Associates\Common Framework\FrameworkService.exe
D:\Program Files\Network Associates\VirusScan\mcshield.exe
D:\Program Files\Network Associates\VirusScan\vstskmgr.exe
D:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
D:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\HPZipm12.exe
D:\WINDOWS\system32\wscntfy.exe
D:\WINDOWS\system32\wuauclt.exe
D:\PROGRA~1\MI3AA1~1\rapimgr.exe
D:\Program Files\Microsoft ActiveSync\wcescomm.exe
D:\Program Files\Java\jre1.6.0_02\bin\jucheck.exe
D:\PROGRA~1\Mozilla Firefox\firefox.exe
D:\WINDOWS\system32\wuauclt.exe
D:\WINDOWS\system32\msiexec.exe
D:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - d:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - D:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\s wg.dll
O2 - BHO: Burn4Free Toolbar Helper - {D187A56B-A33F-4CBE-9D77-459FC0BAE012} - D:\Program Files\Burn4Free Toolbar\v3.3.0.1\Burn4Free_Toolbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - d:\program files\google\googletoolbar1.dll
O3 - Toolbar: Burn4Free Toolbar - {4F11ACBB-393F-4C86-A214-FF3D0D155CC3} - D:\Program Files\Burn4Free Toolbar\v3.3.0.1\Burn4Free_Toolbar.dll
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [WinampAgent] D:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [ShStatEXE] "D:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "D:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "D:\Program Files\Common Files\Network Associates\TalkBack\tbmon.exe"
O4 - HKLM\..\Run: [DAEMON Tools-1033] "D:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [LiveMonitor] D:\Program Files\MSI\Live Update 3\LMonitor.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "D:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] D:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "D:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [HP Software Update] D:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [HP Component Manager] "D:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [CmUsbSound] RunDll32 cmcnfgu.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "D:\Program Files\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [TkBellExe] "D:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [UpdateManager] "D:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "D:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [msnmsgr] "D:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: OpenOffice.org 1.1.4.lnk = C:\Program Files\OpenOffice\program\quickstart.exe
O4 - Global Startup: Google Updater.lnk = D:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = D:\Program Files\Hp\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office OneNote 2003 Snel Starten.lnk = D:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
O4 - Global Startup: PalTalk.lnk = D:\Program Files\Paltalk Messenger\paltalk.exe
O4 - Global Startup: Snelstart HP Image Zone.lnk = D:\Program Files\Hp\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: WG111v2 Smart Wizard Wireless Setting.lnk = ?
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://D:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - D:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - D:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Mobiele favorieten maken... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - D:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - D:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - D:\Program Files\Paltalk Messenger\Paltalk.exe
O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - D:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - D:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: Unibet Poker - {C53BFCFC-7A54-4627-AEBA-2CD4871FCA97} - C:\Microgaming\Poker\UnibetpokerMPP\MPPoker.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - D:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - D:\Program Files\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762# # (Bonjour Service) - Apple Computer, Inc. - D:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - D:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Gemtek USB Wireless LAN Card - Unknown owner - D:\Program Files\802.11g USB\RT2573\WLService.exe
O23 - Service: Google Updater Service (gusvc) - Google - D:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - D:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - D:\Program Files\Network Associates\VirusScan\mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - D:\Program Files\Network Associates\VirusScan\vstskmgr.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - D:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - D:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: Pml Driver HPZ12 - HP - D:\WINDOWS\system32\HPZipm12.exe
--
End of file - 10173 bytes
Bongers 26 July 2008, 14:56 Dan zal ik ff Windows Live Messenger opnieuw moeten installeren. Ik ben dus hierdoor mijn hele contactpersonenlijst kwijt.
Is het mogelijk dat iemand mijn wachtwoord gekraakt heeft en wijzigingen heeft aangebracht in mijn mail/msn?
Hoe verklaart U het dat er een mail vanaf mijn account is verstuurd, zonder dat ik aangemeld was?
Alvast bedankt!
Dan zal ik ff Windows Live Messenger opnieuw moeten installeren. Ik ben dus hierdoor mijn hele contactpersonenlijst kwijt.
Nee hoor, van zodra je alles terug hebt geinstaleerd heb je je contacten terug.
Is het mogelijk dat iemand mijn wachtwoord gekraakt heeft en wijzigingen heeft aangebracht in mijn mail/msn?
Waarschijnlijk heeft er iemand een link doorgestuurd waarop stond: "ben jij dit op de foto" met een link naar een virus.
Hoe verklaart U het dat er een mail vanaf mijn account is verstuurd, zonder dat ik aangemeld was?
Alvast bedankt!
Dit is door het virus.
Bongers 26 July 2008, 15:19 Ok, bedankt!
Ik heb Windows Live Messenger nu weer geinstalleerd en me aangemeld, maar mijn contactpersonen ben ik toch allemaal kwijt. Is dit op te lossen, of moet ik iedereen weer gaan toevoegen?
Ok, bedankt!
Ik heb Windows Live Messenger nu weer geinstalleerd en me aangemeld, maar mijn contactpersonen ben ik toch allemaal kwijt. Is dit op te lossen, of moet ik iedereen weer gaan toevoegen?
Das raar, heb je je aangemeld met je gewone gebruikersnaam en psawoord?
Bongers 26 July 2008, 15:38 Yep, met mijn veranderde wachtwoord (uit voorzorg). Toen ik me vanmorgen aanmeldde zag ik mijn lijst wel, en een paar seconden later verdwenen alle contactpersonen. Vervolgens kwam het bericht: 'U hebt geen nog contactpersonen, klik op toevoegen'.
Ik meldde me daarna nog eens aan en weer zag ik de lijst, en verdween weer na enkele seconden. Ook waren er een flink aantal personen geblokkeerd. Erg vreemd. Van sommige personen kreeg ik de pop-up dat ze me wilden toevoegen aan hun lijst, terwijl zij al een contactpersoon waren van mij.
Hoi,
* Bezoek volgende pagina met de instructies voor het downloaden en gebruiken van Combofix.
http://www.bleepingcomputer.com/combofix/n...ruikt-te-worden (http://www.bleepingcomputer.com/combofix/nl/hoe-dient-combofix-gebruikt-te-worden)
Voer dus de instructies op die pagina uit, dus inclusief het installeren van de XP Recovery Console.
(Indien je geen XP hebt, mag je deze stap ivm de Recovery Console overslaan)
Daarna post je de log van Combofix in je volgende post samen met een nieuw HijackThislog.
Bongers 26 July 2008, 17:30 De log van Combofix:
ComboFix 08-07-25.7 - Rob 2008-07-26 17:23:07.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1043.18.348 [GMT 2:00]
Gestart vanuit: D:\Documents and Settings\Rob\Bureaublad\ComboFix.exe
.
(((((((((((((((((((( Bestanden Gemaakt van 2008-06-26 to 2008-07-26 ))))))))))))))))))))))))))))))
.
2008-07-26 15:16 . 2008-07-26 15:16 <DIR> d-------- D:\Program Files\Windows Live Toolbar
2008-07-26 15:16 . 2008-07-26 15:16 <DIR> d-------- D:\Program Files\Windows Live Favorites
2008-07-26 14:31 . 2008-07-26 14:32 <DIR> d-------- D:\MSNFix
2008-07-26 14:31 . 2008-07-26 14:31 28,672 --a------ D:\WINDOWS\system32\NIRCMD.EXE
2008-07-26 14:31 . 2008-07-26 14:31 11,254 --a------ D:\WINDOWS\system32\LOcATE.COM
2008-07-20 23:31 . 2008-07-20 23:31 <DIR> d-------- D:\Program Files\Microsoft Silverlight
2008-07-14 23:17 . 2008-07-14 23:17 <DIR> d-------- D:\Program Files\Burn4Free Toolbar
2008-07-14 23:17 . 2008-07-14 23:17 232,075 --a------ D:\WINDOWS\Burn4Free_Toolbar_Uninstaller_2359.exe
2008-07-14 23:13 . 2008-07-23 22:16 <DIR> d-------- D:\Program Files\Burn4Free
2008-07-14 22:43 . 2008-07-14 22:43 <DIR> d-------- D:\Program Files\Common Files\Sonic
2008-07-14 22:43 . 2008-07-14 22:43 <DIR> d-------- D:\Documents and Settings\Rob\Application Data\Sonic
2008-07-14 22:42 . 2008-07-14 22:42 <DIR> d-------- D:\Program Files\Common Files\SureThing Shared
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2008-07-26 12:57 --------- d-----w D:\Program Files\Windows Live
2008-07-26 12:57 --------- d-----w D:\Documents and Settings\All Users\Application Data\WLInstaller
2008-07-26 12:42 --------- d-----w D:\Program Files\Microsoft ActiveSync
2008-07-26 12:29 --------- d-----w D:\Documents and Settings\All Users\Application Data\WindowsLiveInstaller
2008-07-26 10:15 --------- d-----w D:\Documents and Settings\All Users\Application Data\Google Updater
2008-06-30 16:31 --------- d-----w D:\Documents and Settings\Koen\Application Data\DNA
2008-06-30 16:26 --------- d-----w D:\Documents and Settings\Koen\Application Data\Skype
2008-06-10 21:38 --------- d-----w D:\Program Files\PokerStars
2008-06-02 16:54 --------- d-----w D:\Program Files\AVG Anti-Spyware 7.5
2008-01-27 16:11 50,688 ----a-w D:\Program Files\ATF-Cleaner.exe
2006-06-29 14:45 712,704 ----a-r D:\WINDOWS\inf\OTHER\AUDIO3D.DLL
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))) )
.
.
REGEDIT4
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D187A56B-A33F-4CBE-9D77-459FC0BAE012}]
2008-07-14 23:17 806912 --a------ D:\Program Files\Burn4Free Toolbar\v3.3.0.1\Burn4Free_Toolbar.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{4F11ACBB-393F-4C86-A214-FF3D0D155CC3}"= "D:\Program Files\Burn4Free Toolbar\v3.3.0.1\Burn4Free_Toolbar.dll" [2008-07-14 23:17 806912]
[HKEY_CLASSES_ROOT\clsid\{4f11acbb-393f-4c86-a214-ff3d0d155cc3}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{4F11ACBB-393F-4C86-A214-FF3D0D155CC3}"= "D:\Program Files\Burn4Free Toolbar\v3.3.0.1\Burn4Free_Toolbar.dll" [2008-07-14 23:17 806912]
[HKEY_CLASSES_ROOT\clsid\{4f11acbb-393f-4c86-a214-ff3d0d155cc3}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"CTFMON.EXE"="D:\WINDOWS\system32\ctfmon.exe" [2004-08-04 04:03 15360]
"H/PC Connection Agent"="D:\Program Files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 18:34 1289000]
"msnmsgr"="D:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 11:34 5724184]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"WinampAgent"="D:\Program Files\Winamp\winampa.exe" [2006-03-10 19:45 35328]
"ShStatEXE"="D:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" [2004-09-22 20:00 94208]
"McAfeeUpdaterUI"="D:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" [2004-08-06 03:50 139320]
"Network Associates Error Reporting Service"="D:\Program Files\Common Files\Network Associates\TalkBack\tbmon.exe" [2003-10-07 09:48 147514]
"DAEMON Tools-1033"="D:\Program Files\D-Tools\daemon.exe" [2004-08-22 17:05 81920]
"SunJavaUpdateSched"="D:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00 132496]
"LiveMonitor"="D:\Program Files\MSI\Live Update 3\LMonitor.exe" [2007-01-17 17:01 496640]
"Adobe Reader Speed Launcher"="D:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"NeroFilterCheck"="D:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 15:57 153136]
"NBKeyScan"="D:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-09-20 09:51 1836328]
"HP Software Update"="D:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-11 22:34 49152]
"HP Component Manager"="D:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [2004-05-12 16:18 241664]
"!AVG Anti-Spyware"="D:\Program Files\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 11:25 6731312]
"TkBellExe"="D:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-02-11 13:44 185896]
"UpdateManager"="D:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-08-19 01:01 110592]
"VTTimer"="VTTimer.exe" [2004-10-01 16:31 53248 D:\WINDOWS\system32\VTTimer.exe]
"VTTrayp"="VTtrayp.exe" [2004-06-22 02:57 143360 D:\WINDOWS\system32\VTTrayp.exe]
"SoundMan"="SOUNDMAN.EXE" [2006-11-17 05:42 577536 D:\WINDOWS\soundman.exe]
"C-Media Mixer"="Mixer.exe" [2006-06-29 16:45 1581056 D:\WINDOWS\mixer.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Run]
"CTFMON.EXE"="D:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 04:03 15360]
D:\Documents and Settings\Rob\Menu Start\Programma's\Opstarten\
OpenOffice.org 1.1.4.lnk - C:\Program Files\OpenOffice\program\quickstart.exe [2004-12-03 02:10:00 61440]
D:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\
Google Updater.lnk - D:\Program Files\Google\Google Updater\GoogleUpdater.exe [2007-09-14 08:52:22 125624]
HP Digital Imaging Monitor.lnk - D:\Program Files\Hp\Digital Imaging\bin\hpqtra08.exe [2007-03-11 22:26:24 210520]
Microsoft Office OneNote 2003 Snel Starten.lnk - D:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE [2003-08-06 22:23:32 51776]
PalTalk.lnk - D:\Program Files\Paltalk Messenger\paltalk.exe [2007-09-08 16:31:00 10186752]
Snelstart HP Image Zone.lnk - D:\Program Files\Hp\Digital Imaging\bin\hpqthb08.exe [2004-05-29 00:06:36 53248]
WG111v2 Smart Wizard Wireless Setting.lnk - D:\Program Files\NETGEAR\WG111v2 Configuration Utility\WG111v2.exe [2007-09-07 13:19:16 1261568]
[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\policies\explorer]
"LockTaskbar"= 0 (0x0)
[HKEY_USERS\.default\software\microsoft\windows\cur rentversion\policies\explorer]
"LockTaskbar"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.3iv2"= 3ivxVfWCodec.dll
"VIDC.VP31"= vp31vfw.dll
"SENTINEL"= snti386.dll
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile]
"DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"D:\\WINDOWS\\system32\\sessmgr.exe"=
"D:\\Program Files\\802.11g USB\\RT2573\\RT2573.exe"=
"D:\Program Files\Microsoft ActiveSync\rapimgr.exe"= D:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"D:\Program Files\Microsoft ActiveSync\wcescomm.exe"= D:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"D:\Program Files\Microsoft ActiveSync\WCESMgr.exe"= D:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"D:\\Program Files\\BitTorrent_DNA\\dna.exe"=
"D:\\Program Files\\BitTorrent\\bittorrent.exe"=
"D:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"D:\\Program Files\\Joost\\xulrunner\\tvprunner.exe"=
"D:\\Program Files\\LimeWire\\LimeWire.exe"=
"D:\\Program Files\\SopCast\\SopCast.exe"=
"D:\\Program Files\\SopCast\\adv\\SopAdver.exe"=
"D:\\Program Files\\TVAnts\\Tvants.exe"=
"D:\\Program Files\\Network Associates\\Common Framework\\FrameworkService.exe"=
"D:\\Program Files\\DNA\\btdna.exe"=
"D:\\Program Files\\Skype\\Phone\\Skype.exe"=
"D:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"D:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"9927:TCP"= 9927:TCP:BitComet 9927 TCP
"9927:UDP"= 9927:UDP:BitComet 9927 UDP
"7525:TCP"= 7525:TCP:BitComet 7525 TCP
"7525:UDP"= 7525:UDP:BitComet 7525 UDP
"0:TCP"= 0:TCP:BND
"2387:TCP"= 2387:TCP:BND
":TCP"= :TCP:BNDFTP
R0 viaidexp;viaidexp;D:\WINDOWS\system32\drivers\viai dexp.sys [2005-05-09 03:03]
R0 videX32;videX32;D:\WINDOWS\system32\DRIVERS\videX3 2.sys [2006-10-17 20:22]
R0 xfilt;VIA SATA IDE Hot-plug Driver;D:\WINDOWS\system32\DRIVERS\xfilt.sys [2006-10-18 17:39]
R2 Gemtek USB Wireless LAN Card;Gemtek USB Wireless LAN Card;D:\Program Files\802.11g USB\RT2573\WLService.exe [2004-03-29 16:08]
R3 cmudau;C-Media USB Sound Interface;D:\WINDOWS\system32\drivers\cmudaxu.sys [2005-12-04 12:00]
S3 RTLWUSB;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter NT Driver;D:\WINDOWS\system32\DRIVERS\wg111v2.sys [2007-02-06 22:22]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
*Newly Created Service* - APPMGMT
*Newly Created Service* - CATCHME
*Newly Created Service* - ENTDRV51
*Newly Created Service* - PROCEXP90
*Newly Created Service* - USNJSVC
*Newly Created Service* - WEBNTACCESS
*Newly Created Service* - WLSETUPSVC
.
Inhoud van de 'Gedeelde Taken' map
2008-07-26 D:\WINDOWS\Tasks\Controleren op updates voor Windows Live Toolbar.job - s!2D:\Program Files\Windows Live Toolbar\MSNTBUP.EXERob0%< []
.
.
------- Supplementary Scan -------
.
O8 -: &Windows Live Search - D:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 -: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 -: E&xporteren naar Microsoft Excel - D:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 -: {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - D:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 -: {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - D:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 -: {C53BFCFC-7A54-4627-AEBA-2CD4871FCA97} - C:\Microgaming\Poker\UnibetpokerMPP\MPPoker.exe
************************************************** ************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-26 17:24:27
Windows 5.1.2600 Service Pack 2 NTFS
scannen van verborgen processen ...
scannen van verborgen autostart items ...
scannen van verborgen bestanden ...
Scan succesvol afgerond
verborgen bestanden: 0
************************************************** ************************
.
Voltooingstijd: 2008-07-26 17:25:53
ComboFix-quarantined-files.txt 2008-07-26 15:25:23
ComboFix2.txt 2008-07-26 15:09:52
Pre-Run: 5,749,633,024 bytes beschikbaar
Post-Run: 5,741,625,344 bytes beschikbaar
163
HijackThis:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:30:02, on 26-7-2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\system32\VTTimer.exe
D:\WINDOWS\system32\VTtrayp.exe
D:\Program Files\Winamp\winampa.exe
D:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
D:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
D:\Program Files\Common Files\Network Associates\TalkBack\tbmon.exe
D:\Program Files\D-Tools\daemon.exe
D:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
D:\WINDOWS\SOUNDMAN.EXE
D:\WINDOWS\Mixer.exe
D:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe
D:\Program Files\HP\HP Software Update\HPWuSchd2.exe
D:\Program Files\HP\hpcoretech\hpcmpmgr.exe
D:\WINDOWS\system32\RunDll32.exe
D:\Program Files\Common Files\Real\Update_OB\realsched.exe
D:\WINDOWS\system32\ctfmon.exe
D:\Program Files\Google\Google Updater\GoogleUpdater.exe
D:\Program Files\Hp\Digital Imaging\bin\hpqtra08.exe
D:\Program Files\Paltalk Messenger\paltalk.exe
D:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\OpenOffice\program\soffice.exe
D:\Program Files\AVG Anti-Spyware 7.5\guard.exe
D:\Program Files\Bonjour\mDNSResponder.exe
D:\Program Files\802.11g USB\RT2573\WLService.exe
D:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
D:\Program Files\802.11g USB\RT2573\RT2573.exe
D:\WINDOWS\system32\svchost.exe
D:\Program Files\Network Associates\Common Framework\FrameworkService.exe
D:\Program Files\Network Associates\VirusScan\mcshield.exe
D:\Program Files\Network Associates\VirusScan\vstskmgr.exe
D:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
D:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\HPZipm12.exe
D:\WINDOWS\system32\wscntfy.exe
D:\WINDOWS\system32\wuauclt.exe
D:\Program Files\Java\jre1.6.0_02\bin\jucheck.exe
D:\Program Files\Windows Live\installer\WLSetupSvc.exe
D:\Program Files\Windows Live\Messenger\msnmsgr.exe
D:\Program Files\Windows Live\Messenger\usnsvc.exe
D:\WINDOWS\explorer.exe
D:\WINDOWS\system32\notepad.exe
D:\Program Files\Mozilla Firefox\firefox.exe
D:\Program Files\Winamp\winamp.exe
D:\WINDOWS\system32\msiexec.exe
D:\WINDOWS\system32\MsiExec.exe
D:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - D:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - d:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - D:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\s wg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - D:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: Burn4Free Toolbar Helper - {D187A56B-A33F-4CBE-9D77-459FC0BAE012} - D:\Program Files\Burn4Free Toolbar\v3.3.0.1\Burn4Free_Toolbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - d:\program files\google\googletoolbar1.dll
O3 - Toolbar: Burn4Free Toolbar - {4F11ACBB-393F-4C86-A214-FF3D0D155CC3} - D:\Program Files\Burn4Free Toolbar\v3.3.0.1\Burn4Free_Toolbar.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - D:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [WinampAgent] D:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [ShStatEXE] "D:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "D:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "D:\Program Files\Common Files\Network Associates\TalkBack\tbmon.exe"
O4 - HKLM\..\Run: [DAEMON Tools-1033] "D:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [LiveMonitor] D:\Program Files\MSI\Live Update 3\LMonitor.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "D:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] D:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "D:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [HP Software Update] D:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [HP Component Manager] "D:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "D:\Program Files\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [TkBellExe] "D:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [UpdateManager] "D:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "D:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [msnmsgr] "D:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: OpenOffice.org 1.1.4.lnk = C:\Program Files\OpenOffice\program\quickstart.exe
O4 - Global Startup: Google Updater.lnk = D:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = D:\Program Files\Hp\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office OneNote 2003 Snel Starten.lnk = D:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
O4 - Global Startup: PalTalk.lnk = D:\Program Files\Paltalk Messenger\paltalk.exe
O4 - Global Startup: Snelstart HP Image Zone.lnk = D:\Program Files\Hp\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: WG111v2 Smart Wizard Wireless Setting.lnk = ?
O8 - Extra context menu item: &Windows Live Search - res://D:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://D:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - D:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - D:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Mobiele favorieten maken... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - D:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - D:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - D:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - D:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: Unibet Poker - {C53BFCFC-7A54-4627-AEBA-2CD4871FCA97} - C:\Microgaming\Poker\UnibetpokerMPP\MPPoker.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - D:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - D:\Program Files\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762# # (Bonjour Service) - Apple Computer, Inc. - D:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - D:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Gemtek USB Wireless LAN Card - Unknown owner - D:\Program Files\802.11g USB\RT2573\WLService.exe
O23 - Service: Google Updater Service (gusvc) - Google - D:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - D:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - D:\Program Files\Network Associates\VirusScan\mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - D:\Program Files\Network Associates\VirusScan\vstskmgr.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - D:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - D:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: Pml Driver HPZ12 - HP - D:\WINDOWS\system32\HPZipm12.exe
--
End of file - 11041 bytes
Bongers 28 July 2008, 12:15 Eergisteren had ik een virusscan gedaan (AVG), en heb ik alle geinfecteerde items verwijderd. Er was er eentje bij met High Risk, namelijk deze: Downloader.delf.ain Toen ik gisteren weer een scan maakte (weer AVG) vond hij weer het Downloader.delf.ain item. Daarom heb ik nog even een nieuwe HijackThis log gemaakt:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:14:57, on 28-7-2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
D:\WINDOWS\system32\spoolsv.exe
D:\Program Files\AVG Anti-Spyware 7.5\guard.exe
D:\Program Files\Bonjour\mDNSResponder.exe
D:\Program Files\802.11g USB\RT2573\WLService.exe
D:\Program Files\802.11g USB\RT2573\RT2573.exe
D:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
D:\WINDOWS\system32\svchost.exe
D:\Program Files\Network Associates\Common Framework\FrameworkService.exe
D:\Program Files\Network Associates\VirusScan\mcshield.exe
D:\Program Files\Network Associates\VirusScan\vstskmgr.exe
D:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
D:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\system32\wscntfy.exe
D:\WINDOWS\system32\VTTimer.exe
D:\WINDOWS\system32\VTtrayp.exe
D:\Program Files\Winamp\winampa.exe
D:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
D:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
D:\Program Files\Common Files\Network Associates\TalkBack\tbmon.exe
D:\Program Files\D-Tools\daemon.exe
D:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
D:\Program Files\MSI\Live Update 3\LMonitor.exe
D:\WINDOWS\SOUNDMAN.EXE
D:\WINDOWS\Mixer.exe
D:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe
D:\Program Files\HP\HP Software Update\HPWuSchd2.exe
D:\Program Files\HP\hpcoretech\hpcmpmgr.exe
D:\Program Files\AVG Anti-Spyware 7.5\avgas.exe
D:\Program Files\Common Files\Real\Update_OB\realsched.exe
D:\WINDOWS\system32\ctfmon.exe
D:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
D:\Program Files\Google\Google Updater\GoogleUpdater.exe
D:\Program Files\Hp\Digital Imaging\bin\hpqtra08.exe
D:\Program Files\Paltalk Messenger\paltalk.exe
D:\Program Files\NETGEAR\WG111v2 Configuration Utility\WG111v2.exe
D:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\OpenOffice\program\soffice.exe
D:\WINDOWS\system32\wuauclt.exe
D:\WINDOWS\system32\HPZipm12.exe
D:\Program Files\Java\jre1.6.0_02\bin\jucheck.exe
D:\Program Files\Windows Live\Messenger\usnsvc.exe
D:\Program Files\Winamp\winamp.exe
D:\PROGRA~1\MI3AA1~1\rapimgr.exe
D:\Program Files\Microsoft ActiveSync\wcescomm.exe
D:\Program Files\Mozilla Firefox\firefox.exe
D:\Program Files\BitComet\BitComet.exe
D:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - D:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - d:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - D:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\s wg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - D:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: Burn4Free Toolbar Helper - {D187A56B-A33F-4CBE-9D77-459FC0BAE012} - D:\Program Files\Burn4Free Toolbar\v3.3.0.1\Burn4Free_Toolbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - d:\program files\google\googletoolbar1.dll
O3 - Toolbar: Burn4Free Toolbar - {4F11ACBB-393F-4C86-A214-FF3D0D155CC3} - D:\Program Files\Burn4Free Toolbar\v3.3.0.1\Burn4Free_Toolbar.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - D:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [WinampAgent] D:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [ShStatEXE] "D:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "D:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "D:\Program Files\Common Files\Network Associates\TalkBack\tbmon.exe"
O4 - HKLM\..\Run: [DAEMON Tools-1033] "D:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [LiveMonitor] D:\Program Files\MSI\Live Update 3\LMonitor.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "D:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] D:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "D:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [HP Software Update] D:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [HP Component Manager] "D:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "D:\Program Files\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [TkBellExe] "D:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [UpdateManager] "D:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "D:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [msnmsgr] "D:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: OpenOffice.org 1.1.4.lnk = C:\Program Files\OpenOffice\program\quickstart.exe
O4 - Global Startup: Google Updater.lnk = D:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = D:\Program Files\Hp\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office OneNote 2003 Snel Starten.lnk = D:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
O4 - Global Startup: PalTalk.lnk = D:\Program Files\Paltalk Messenger\paltalk.exe
O4 - Global Startup: Snelstart HP Image Zone.lnk = D:\Program Files\Hp\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: WG111v2 Smart Wizard Wireless Setting.lnk = ?
O8 - Extra context menu item: &Windows Live Search - res://D:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://D:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - D:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - D:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Mobiele favorieten maken... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - D:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - D:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - D:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - D:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: Unibet Poker - {C53BFCFC-7A54-4627-AEBA-2CD4871FCA97} - C:\Microgaming\Poker\UnibetpokerMPP\MPPoker.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - D:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - D:\Program Files\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762# # (Bonjour Service) - Apple Computer, Inc. - D:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - D:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Gemtek USB Wireless LAN Card - Unknown owner - D:\Program Files\802.11g USB\RT2573\WLService.exe
O23 - Service: Google Updater Service (gusvc) - Google - D:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - D:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - D:\Program Files\Network Associates\VirusScan\mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - D:\Program Files\Network Associates\VirusScan\vstskmgr.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - D:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - D:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: Pml Driver HPZ12 - HP - D:\WINDOWS\system32\HPZipm12.exe
--
End of file - 11144 bytes
Logje ziet er goed uit hoor. Zal een False Positive zijn. Doe anders nog eens een scan met MBAM.
Bongers 29 July 2008, 17:16 Dit is log van de snelle scan, de grote zal ik later plaatsen:
Malwarebytes' Anti-Malware 1.23
Database versie: 1006
Windows 5.1.2600 Service Pack 2
17:15:44 29-7-2008
mbam-log-7-29-2008 (17-15-44).txt
Scan type: Snelle Scan
Objecten gescand: 43553
Verstreken tijd: 4 minute(s), 28 second(s)
Geheugenprocessen geïnfecteerd: 0
Geheugenmodulen geïnfecteerd: 0
Registersleutels geïnfecteerd: 0
Registerwaarden geïnfecteerd: 0
Registerdata bestanden geïnfecteerd: 0
Mappen geïnfecteerd: 0
Bestanden geïnfecteerd: 0
Geheugenprocessen geïnfecteerd:
(Geen kwaadaardige items gevonden)
Geheugenmodulen geïnfecteerd:
(Geen kwaadaardige items gevonden)
Registersleutels geïnfecteerd:
(Geen kwaadaardige items gevonden)
Registerwaarden geïnfecteerd:
(Geen kwaadaardige items gevonden)
Registerdata bestanden geïnfecteerd:
(Geen kwaadaardige items gevonden)
Mappen geïnfecteerd:
(Geen kwaadaardige items gevonden)
Bestanden geïnfecteerd:
(Geen kwaadaardige items gevonden)
|
|