Volledige versie bekijken : Fake Anti-Spyware
guillaume520 8 September 2008, 11:58 naar aanleiding van dit (http://www.minatica.be/showthread.php?t=56237) topic, hier een Hijackthis logje
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:57:40, on 8/09/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\COMODO\Firewall\cmdagent.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\COMODO\Firewall\cfp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\WhatPulse\WhatPulse.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.nexon.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyServer = 128.112.139.80:3128
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = *.local;*.https
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [InstantOn] "C:\Program Files\CyberLink\PowerCinema Linux\ion_install.exe /c "
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl05a\BrStDvPt.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\COMODO\Firewall\cfp.exe" -h
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [WhatPulse] C:\Program Files\WhatPulse\WhatPulse.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Statusvenster.lnk = C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: In weblog opnemen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &In weblog opnemen met Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.messenger.msn.com/Medialogic.CAB
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{48B521CB-ACEB-4290-9128-A4012D1A0E5A}: NameServer = 195.238.2.21,195.238.2.22
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: C:\program files\permissionresearch\prai.dll C:\WINDOWS\system32\guard32.dll
O20 - Winlogon Notify: PermissionResearch - C:\program files\permissionresearch\prls.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - Unknown owner - C:\Program Files\COMODO\Firewall\cmdagent.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
--
End of file - 9579 bytes
Roelof 9 September 2008, 11:12 Hoi guillaume520,
Ik ga even naar je logje kijken ;)
Ik ben nog wel in Opleiding, en zal daarom mijn fix eerst moeten laten controleren. Het kan dus iets langer duren,
Roelof
guillaume520 9 September 2008, 18:43 Ok, met mijn probleem valt te leven :p.
Roelof 9 September 2008, 19:56 Oke,
maar we gaan wel proberen het probleem op te lossen.
Wil je daarvoor de volgende stappen nemen.
Download MalwareBytes' Anti-Malware (http://www.besttechie.net/tools/mbam-setup.exe) en sla het op je bureaublad op.
Dubbelklik op mbam-setup.exe om het programma te installeren.
Zorg dat er na de installatie een vinkje is geplaatst bij:
Update MalwareBytes' Anti-Malware
Start MalwareBytes' Anti-Malware
Klik daarna op "Voltooien".
Indien een update gevonden wordt, zal die gedownload en geïnstalleerd worden.
Zodra het programma gestart is, ga dan naar het tabblad "Instellingen".
Vink hier aan: "Sluit Internet Explorer tijdens verwijdering van malware".
Ga daarna naar het tabblad "Scanner", kies hier voor "Snelle Scan".
Druk vervolgens op "Scannen" om de scan te starten.
Het scannen kan een tijdje duren, dus wees geduldig.
Wanneer de scan voltooid is, klik op OK, daarna "Bekijk Resultaten" om de resultaten te zien.
Zorg ervoor dat daar alles aangevinkt is, daarna klik op: "Verwijder geselecteerde".
Na het verwijderen zal een log openen, indien er gevraagd wordt om je computer te herstarten moet je dit toestaan.
Dit is namelijk noodzakelijk om sommige infecties te kunnen verwijderen
Het log wordt automatisch bewaard door MalwareBytes' Anti-Malware en kan je terugvinden door op de "Logs" tab te klikken in het programma. Post dit logje in je volgende reactie te samen met een nieuw Hijackthis logje.
Groetjes,
Roelof
guillaume520 10 September 2008, 12:15 Malwarebytes' Anti-Malware 1.28
Database versie: 1136
Windows 5.1.2600 Service Pack 3
10/09/2008 12:04:06
mbam-log-2008-09-10 (12-04-06).txt
Scan type: Snelle Scan
Objecten gescand: 50902
Verstreken tijd: 5 minute(s), 54 second(s)
Geheugenprocessen geïnfecteerd: 0
Geheugenmodulen geïnfecteerd: 0
Registersleutels geïnfecteerd: 1
Registerwaarden geïnfecteerd: 0
Registerdata bestanden geïnfecteerd: 2
Mappen geïnfecteerd: 0
Bestanden geïnfecteerd: 0
Geheugenprocessen geïnfecteerd:
(Geen kwaadaardige items gevonden)
Geheugenmodulen geïnfecteerd:
(Geen kwaadaardige items gevonden)
Registersleutels geïnfecteerd:
HKEY_CLASSES_ROOT\CLSID\{9afb8248-617f-460d-9366-d71cdeda3179} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
Registerwaarden geïnfecteerd:
(Geen kwaadaardige items gevonden)
Registerdata bestanden geïnfecteerd:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SecurityProviders\SecurityProviders (Broken.SecurityProviders) -> Bad: (msapsspc.dll schannel.dll digest.dll msnsspc.dll) Good: (msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\scrfile\shell\open\command\ (Broken.OpenCommand) -> Bad: ("%1" %*) Good: ("%1" /S) -> Quarantined and deleted successfully.
Mappen geïnfecteerd:
(Geen kwaadaardige items gevonden)
Bestanden geïnfecteerd:
(Geen kwaadaardige items gevonden)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:14:42, on 10/09/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\COMODO\Firewall\cmdagent.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\COMODO\Firewall\cfp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\WhatPulse\WhatPulse.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.nexon.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyServer = 128.112.139.80:3128
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = *.local;*.https
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [InstantOn] "C:\Program Files\CyberLink\PowerCinema Linux\ion_install.exe /c "
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl05a\BrStDvPt.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\COMODO\Firewall\cfp.exe" -h
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [WhatPulse] C:\Program Files\WhatPulse\WhatPulse.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Statusvenster.lnk = C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: In weblog opnemen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &In weblog opnemen met Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.messenger.msn.com/Medialogic.CAB
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{48B521CB-ACEB-4290-9128-A4012D1A0E5A}: NameServer = 195.238.2.21,195.238.2.22
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: C:\program files\permissionresearch\prai.dll C:\WINDOWS\system32\guard32.dll
O20 - Winlogon Notify: PermissionResearch - C:\program files\permissionresearch\prls.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - Unknown owner - C:\Program Files\COMODO\Firewall\cmdagent.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
--
End of file - 9700 bytes
Roelof 10 September 2008, 19:28 Hoi,
Wil je nu onderstaande stappen nemen.
Volg deze instructies (http://www.bleepingcomputer.com/combofix/nl/hoe-dient-combofix-gebruikt-te-worden) om Combofix te downloaden. Is er iets niet duidelijk, dan vraag je het.
Voer de instructies op de BleepingComputer pagina uit, inclusief het installeren van de XP Recovery Console.
Indien je combofix al eerder gebruikt hebt en de recovery console al geïnstalleerd hebt mag je die stap overslaan.
OPMERKING:
Indien je, tijdens of na het downloaden van Combofix of tijdens het gebruik van Combofix een melding krijgt van je Antivirus- of een andere realtime scanner,
schakel dan deze scanner uit en download Combofix opnieuw.
Sommige scanners zien bepaalde componenten die Combofix gebruikt als verdacht en gaan deze blokkeren of verwijderen!
Dubbelklik op Combofix.exe, als Combofix aangeeft dat er een nieuwere versie beschikbaar is, dan sta je toe dat deze gedownload wordt.
Volg de instructies en aanvaard de disclaimer.
Tijdens het runnen van de fix, NIET in het venster klikken, want dit zal je pc doen vasthangen.
Wanneer de fix voltooid is en na herstart, zal de log Combofix.txt openen.
Post de inhoud van dit bestandje samen met een nieuwe hijackthislog.
Groetjes,
Roelof
guillaume520 12 September 2008, 17:48 hallo,
als ik combofix opstart krijg ik dit :
http://pic.filehostserver.eu/images/1221235883187916ca056cfbbc1edd516302700b8cd8f11.bm p
Roelof 12 September 2008, 18:12 Jawel hoor,
In de 2e alinea staat hoe je de recovery kunt installeren zonder in het bezit te zijn van een cd.
Roelof
guillaume520 12 September 2008, 18:16 sorry, heb ik nu gevonden. maar kijk eens in mijn vorige post want nu heb ik een ander probleem.
Roelof 12 September 2008, 19:06 oke,
Wanneeer precies krijg je de foutmelding ?
Roelof
guillaume520 12 September 2008, 19:14 ik dubbelklik dus op het combofix icoontje, en dan komt er zo een schermpje dat ie aan het laden is en dan komt die popup. als ik dan op ok druk krijg ik gewoon een lege command prompt
Roelof 12 September 2008, 21:52 1) Verwijder ComboFix via Start > Uitvoeren, kopiëer en plak Combofix /U klik op OK of toets Enter.
http://hicheckthis.gethost.nl/images/Uninstall_combofix.JPG
Dit zal Combofix verwijderen+gerelateerde mappen en bestanden, herstelt de klokinstellingen opnieuw, verbergt de bestandsextensies, gaat verborgen bestanden en systeembestanden terug verbergen en reset je Systeemherstel opnieuw.
2) 1) Start MBAM.
Ga naar het tabblad Updaten.
Laat daar zoeken naar updates.
Laat daarna MBAM eens scannen
3) Volg deze instructies (http://www.bleepingcomputer.com/combofix/nl/hoe-dient-combofix-gebruikt-te-worden) om Combofix te downloaden. Is er iets niet duidelijk, dan vraag je het.
Voer de instructies op de BleepingComputer pagina uit, inclusief het installeren van de XP Recovery Console.
Indien je combofix al eerder gebruikt hebt en de recovery console al geïnstalleerd hebt mag je die stap overslaan.
OPMERKING:
Indien je, tijdens of na het downloaden van Combofix of tijdens het gebruik van Combofix een melding krijgt van je Antivirus- of een andere realtime scanner,
schakel dan deze scanner uit en download Combofix opnieuw.
Sommige scanners zien bepaalde componenten die Combofix gebruikt als verdacht en gaan deze blokkeren of verwijderen!
Dubbelklik op Combofix.exe, als Combofix aangeeft dat er een nieuwere versie beschikbaar is, dan sta je toe dat deze gedownload wordt.
Volg de instructies en aanvaard de disclaimer.
Tijdens het runnen van de fix, NIET in het venster klikken, want dit zal je pc doen vasthangen.
Wanneer de fix voltooid is en na herstart, zal de log Combofix.txt openen.
Post de inhoud van dit bestandje samen met een nieuwe hijackthislog.
Groetjes,
Roelof
guillaume520 14 September 2008, 10:16 weer een probleem, bij de xp recovery console staat er geen service pack 3... Moet ik dan de service pack 2 nemen ?
Roelof 14 September 2008, 10:20 Is goed.
Roelof
guillaume520 14 September 2008, 17:36 Ik heb windows xp mediacenter edition. Welke versie moet ik dan nemen ? De xp professional of de xp home ?
Roelof 15 September 2008, 21:24 Je moet de Pro versie nemen.
Roelof
guillaume520 16 September 2008, 17:54 ComboFix 08-09-15.02 - Guillaume 2008-09-16 17:36:10.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1043.18.583 [GMT 2:00]
Gestart vanuit: C:\Documents and Settings\Guillaume\Bureaublad\ComboFix.exe
* Nieuw herstelpunt werd aangemaakt
WAARSCHUWING - DE RECOVERY CONSOLE IS NIET OP DIT SYSTEEM GEINSTALLEERD !!
.
(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\All Users\Menu Start\Programma's\MessengerSkinner\Algemene voorwaarden.url
C:\Documents and Settings\All Users\Menu Start\Programma's\MessengerSkinner\Privacybeleid.u rl
C:\Documents and Settings\All Users\Menu Start\Programma's\MessengerSkinner\Website.url
C:\install.exe
.
(((((((((((((((((((( Bestanden Gemaakt van 2008-08-16 to 2008-09-16 ))))))))))))))))))))))))))))))
.
2008-09-14 16:04 . 2008-09-14 16:04 <DIR> d-------- C:\Program Files\Teach2000
2008-09-09 17:46 . 2008-09-10 13:14 137,800 --a------ C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-09-08 20:26 . 2008-09-10 13:14 111,928 --a------ C:\WINDOWS\system32\PnkBstrB.exe
2008-09-08 20:26 . 2008-09-08 20:26 66,872 --a------ C:\WINDOWS\system32\PnkBstrA.exe
2008-09-08 20:19 . 2008-09-08 20:19 674,600 --a------ C:\WINDOWS\system32\pbsvc(2).exe
2008-09-08 20:05 . 2008-09-08 20:26 682,280 --a------ C:\WINDOWS\system32\pbsvc.exe
2008-09-08 20:05 . 2008-09-08 20:26 107,832 --a------ C:\Documents and Settings\Guillaume\Application Data\PnkBstrB.exe
2008-09-08 12:09 . 2008-09-08 12:11 <DIR> d-------- C:\Documents and Settings\Guillaume\.housecall6.6
2008-09-08 12:09 . 2008-09-08 12:09 102,664 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys
2008-09-07 17:54 . 2008-09-10 20:31 1,374 --a------ C:\WINDOWS\imsins.BAK
2008-09-07 17:43 . 2008-09-14 17:15 <DIR> dr-h----- C:\Documents and Settings\Guillaume\Onlangs geopend
2008-09-07 17:41 . 2008-09-07 17:41 50 --a------ C:\WINDOWS\MegaManager.INI
2008-09-07 17:35 . 2008-09-07 17:35 <DIR> d-------- C:\Program Files\JRTwine Software
2008-09-07 17:30 . 2008-09-07 17:32 <DIR> d-------- C:\!KillBox
2008-09-07 17:24 . 2008-09-10 15:50 <DIR> d-------- C:\Documents and Settings\Guillaume\Application Data\IDM
2008-09-07 15:57 . 2008-09-07 15:57 <DIR> d-------- C:\Documents and Settings\Guillaume\Application Data\DivX
2008-09-07 14:12 . 2008-09-07 14:58 <DIR> d-------- C:\VideoOutput
2008-09-07 14:05 . 2008-09-07 14:12 <DIR> d-------- C:\Program Files\Ultra Video Converter
2008-09-07 14:05 . 2007-04-12 14:19 129,024 --a------ C:\WINDOWS\system32\AVERM.dll
2008-09-07 14:05 . 2006-09-26 13:57 28,672 --a------ C:\WINDOWS\system32\AVEQT.dll
2008-09-07 10:46 . 2008-09-07 17:50 <DIR> d-------- C:\Program Files\Internet Download Manager
2008-09-07 10:46 . 2008-09-12 18:00 <DIR> d-------- C:\Documents and Settings\Guillaume\Application Data\DMCache
2008-09-06 17:27 . 2008-09-06 17:27 <DIR> d-------- C:\Program Files\COMODO
2008-09-06 17:27 . 2008-09-06 17:27 <DIR> d-------- C:\Documents and Settings\Guillaume\Application Data\Comodo
2008-09-06 17:27 . 2008-09-06 17:28 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\comodo
2008-09-06 17:27 . 2008-09-06 17:27 143,104 --a------ C:\WINDOWS\system32\guard32.dll
2008-09-06 17:27 . 2008-09-06 17:27 87,056 --a------ C:\WINDOWS\system32\drivers\cmdguard.sys
2008-09-06 17:27 . 2008-09-06 17:27 24,208 --a------ C:\WINDOWS\system32\drivers\cmdhlp.sys
2008-09-06 12:05 . 2008-04-11 21:06 691,712 -----c--- C:\WINDOWS\system32\dllcache\inetcomm.dll
2008-09-06 12:05 . 2008-06-14 19:36 272,640 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys
2008-09-06 12:05 . 2008-05-08 16:02 203,136 -----c--- C:\WINDOWS\system32\dllcache\rmcast.sys
2008-09-06 12:00 . 2008-09-06 12:00 <DIR> d-------- C:\WINDOWS\system32\nl
2008-09-06 12:00 . 2008-09-06 12:00 <DIR> d-------- C:\WINDOWS\system32\bits
2008-09-06 12:00 . 2008-09-06 12:00 <DIR> d-------- C:\WINDOWS\l2schemas
2008-09-06 11:57 . 2008-09-06 11:57 <DIR> d-------- C:\WINDOWS\ServicePackFiles
2008-09-06 10:42 . 2008-09-06 10:42 <DIR> d-------- C:\Program Files\Driver-Soft
2008-09-06 09:23 . 2008-09-06 09:23 <DIR> d-------- C:\Program Files\uTorrent
2008-09-05 17:51 . 2008-09-05 17:51 <DIR> d-------- C:\PacSteamT
2008-09-05 16:54 . 2008-09-05 16:54 155,648 --a------ C:\WINDOWS\system32\libssl32.dll
2008-09-05 16:24 . 2008-09-06 12:31 <DIR> d-------- C:\Program Files\PermissionResearch
2008-09-05 11:53 . 2008-04-14 19:02 1,737,856 --------- C:\WINDOWS\system32\mtxparhd.dll
2008-09-05 11:52 . 2008-04-14 19:02 1,888,992 --------- C:\WINDOWS\system32\ati3duag.dll
2008-09-05 11:45 . 2008-09-11 20:14 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-09-05 11:45 . 2008-09-05 11:45 1,409 --a------ C:\WINDOWS\QTFont.for
2008-09-04 12:20 . 2008-09-14 12:31 <DIR> d--h----- C:\$AVG8.VAULT$
2008-09-03 15:33 . 2008-09-03 15:33 <DIR> d-------- C:\Documents and Settings\Guillaume\Application Data\EmailNotifier
2008-09-03 15:33 . 2008-09-04 12:14 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Megaupload
2008-09-03 15:33 . 2008-09-03 15:33 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\EmailNotifier
2008-09-03 14:13 . 2008-09-14 09:59 <DIR> d-------- C:\WINDOWS\system32\drivers\Avg
2008-09-03 14:13 . 2008-09-03 14:13 <DIR> d-------- C:\Program Files\AVG
2008-09-03 14:13 . 2008-09-03 14:13 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg8
2008-09-03 14:13 . 2008-09-03 14:13 97,928 --a------ C:\WINDOWS\system32\drivers\avgldx86.sys
2008-09-03 14:13 . 2008-09-03 14:13 76,040 --a------ C:\WINDOWS\system32\drivers\avgtdix.sys
2008-09-03 14:13 . 2008-09-03 14:13 10,520 --a------ C:\WINDOWS\system32\avgrsstx.dll
2008-09-03 13:48 . 2008-09-03 13:48 <DIR> d-------- C:\kav
2008-09-02 11:59 . 2008-09-02 19:03 <DIR> d-------- C:\SRCDS
2008-08-27 23:03 . 2008-08-27 23:03 42,320 --a------ C:\WINDOWS\system32\xfcodec.dll
2008-08-27 11:57 . 2008-08-27 11:57 <DIR> d-------- C:\Program Files\CFToolbox
2008-08-27 11:39 . 2008-09-15 12:15 <DIR> d-------- C:\Freesteam
2008-08-23 18:40 . 2008-09-10 00:04 38,528 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-08-23 15:25 . 2008-09-16 11:55 <DIR> d-------- C:\Program Files\Steam
2008-08-23 11:28 . 2008-02-11 12:44 <DIR> d--h----- C:\Documents and Settings\Administrator\Sjablonen
2008-08-23 11:28 . 2008-08-23 11:29 <DIR> d--h----- C:\Documents and Settings\Administrator\Onlangs geopend
2008-08-23 11:28 . 2008-02-11 13:28 <DIR> d--h----- C:\Documents and Settings\Administrator\Netwerkprinteromgeving
2008-08-23 11:28 . 2008-02-11 13:28 <DIR> d-------- C:\Documents and Settings\Administrator\Mijn documenten
2008-08-23 11:28 . 2008-02-11 13:28 <DIR> dr------- C:\Documents and Settings\Administrator\Menu Start
2008-08-23 11:28 . 2008-02-11 13:28 <DIR> d-------- C:\Documents and Settings\Administrator\Favorieten
2008-08-23 11:28 . 2008-02-11 13:28 <DIR> d-------- C:\Documents and Settings\Administrator\Bureaublad
2008-08-23 11:28 . 2008-09-03 14:13 <DIR> d-------- C:\Documents and Settings\Administrator
2008-08-23 11:10 . 2008-08-23 11:20 <DIR> d-------- C:\Program Files\Yahoo!
2008-08-22 14:48 . 2008-08-22 15:00 <DIR> d-------- C:\Program Files\WhatPulse
2008-08-22 11:38 . 2008-08-22 11:38 <DIR> d-------- C:\Documents and Settings\Guillaume\Application Data\GlobalSCAPE
2008-08-22 11:38 . 2008-08-22 11:38 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\GlobalSCAPE
2008-08-22 11:28 . 2008-08-22 11:28 <DIR> d-------- C:\Documents and Settings\Guillaume\Application Data\SmartFTP
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2008-09-16 15:31 --------- d-----w C:\Documents and Settings\Guillaume\Application Data\SiteAdvisor
2008-09-14 15:30 --------- d-----w C:\Documents and Settings\Guillaume\Application Data\uTorrent
2008-09-10 18:32 --------- d-----w C:\Program Files\Microsoft Works
2008-09-10 11:53 --------- d-----w C:\Documents and Settings\Guillaume\Application Data\Xfire
2008-09-10 09:56 --------- d-----w C:\Program Files\Malwarebytes' Anti-Malware
2008-09-09 22:03 17,200 ----a-w C:\WINDOWS\system32\drivers\mbam.sys
2008-09-09 15:40 --------- d-----w C:\Program Files\Xfire
2008-09-08 18:30 22,328 ----a-w C:\Documents and Settings\Guillaume\Application Data\PnkBstrK.sys
2008-09-07 15:37 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-09-07 15:35 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-09-07 11:57 --------- d-----w C:\Documents and Settings\Guillaume\Application Data\Ahead
2008-09-06 12:18 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-09-06 10:23 --------- d-----w C:\Program Files\X10 Hardware
2008-09-03 13:33 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-09-03 13:06 --------- d-----w C:\Program Files\Tales of Pirates Online
2008-09-03 13:05 --------- d-----w C:\Program Files\ESET
2008-09-03 13:05 --------- d-----w C:\Program Files\Bonjour
2008-08-23 09:48 --------- d-----w C:\Program Files\SystemRequirementsLab
2008-08-23 09:48 --------- d-----w C:\Documents and Settings\Guillaume\Application Data\SystemRequirementsLab
2008-08-23 09:20 --------- d-----w C:\Program Files\Portable Photoshop
2008-08-23 09:18 --------- d-----w C:\Program Files\Wolfenstein - Enemy Territory
2008-08-23 09:17 --------- d-----w C:\Program Files\SpeedFan
2008-08-23 09:16 --------- d-----w C:\Program Files\Java
2008-08-23 09:14 --------- d--h--w C:\Documents and Settings\Guillaume\Application Data\ijjigame
2008-08-23 09:13 --------- d-----w C:\Program Files\Game Cam V2
2008-08-23 09:11 --------- d-----w C:\Program Files\BSR Screen Recorder 4
2008-08-22 10:59 --------- d-----w C:\Documents and Settings\Guillaume\Application Data\FileZilla
2008-08-22 08:13 --------- d-----w C:\Program Files\WarRock
2008-08-16 16:29 --------- d-----w C:\Program Files\FileZilla Client
2008-08-14 12:53 --------- d-----w C:\Program Files\SmartClose
2008-08-13 15:31 --------- d-----w C:\Program Files\DivX
2008-08-12 09:15 --------- d-----w C:\Documents and Settings\Guillaume\Application Data\mIRC
2008-08-04 09:36 23 ----a-w C:\Documents and Settings\Guillaume\jagex_runescape_preferences.dat
2008-08-02 07:48 1,336 ----a-w C:\Documents and Settings\Guillaume\Application Data\wklnhst.dat
2008-07-31 13:53 --------- d-----w C:\Program Files\Codemasters
2008-07-30 17:39 --------- d-----w C:\Program Files\Permeo
2008-07-29 19:20 --------- d-----w C:\Documents and Settings\All Users\Application Data\NexonUS
2008-07-23 16:50 9,464 ------w C:\WINDOWS\system32\drivers\cdralw2k.sys
2008-07-23 16:50 9,336 ------w C:\WINDOWS\system32\drivers\cdr4_xp.sys
2008-07-23 16:50 43,528 ------w C:\WINDOWS\system32\drivers\pxhelp20.sys
2008-07-18 15:54 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-07-18 13:01 --------- d-----w C:\Program Files\SignGATE
2008-07-18 12:23 --------- d-----w C:\Documents and Settings\All Users\Application Data\Nexon
2008-07-17 18:54 --------- d-----w C:\Documents and Settings\Guillaume\Application Data\Sony
2008-07-17 18:50 --------- d-----w C:\Documents and Settings\Guillaume\Application Data\Publish Providers
2008-07-17 12:41 --------- d-----w C:\Documents and Settings\All Users\Application Data\Sony
2008-07-17 12:33 --------- d-----w C:\Program Files\Vstplugins
2008-07-17 12:32 --------- d-----w C:\Program Files\Sony
2008-07-17 12:29 --------- d-----w C:\Program Files\Sony Setup
2008-07-17 12:29 --------- d-----w C:\Documents and Settings\Guillaume\Application Data\Sony Setup
2008-07-16 14:07 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-07-16 14:06 --------- d-----w C:\Program Files\Lavasoft
2004-07-22 09:51 3,432,656 ----a-w C:\Program Files\ManagedDX.CAB
2004-07-19 21:58 1,156,363 ----a-w C:\Program Files\BDANT.cab
2004-07-19 21:53 976,020 ----a-w C:\Program Files\BDAXP.cab
2004-07-09 13:17 13,265,040 ----a-w C:\Program Files\dxnt.cab
2004-07-09 08:13 703,080 ----a-w C:\Program Files\BDA.cab
2004-07-09 08:13 15,493,481 ----a-w C:\Program Files\DirectX.cab
2004-07-09 03:08 472,576 ----a-w C:\Program Files\dxsetup.exe
2004-07-09 03:08 2,242,560 ----a-w C:\Program Files\dsetup32.dll
2004-07-09 02:03 62,976 ----a-w C:\Program Files\DSETUP.dll
2008-02-11 14:24 4,184 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))) )
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 15360]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-06-01 94208]
"WhatPulse"="C:\Program Files\WhatPulse\WhatPulse.exe" [2006-08-21 665600]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-08-17 64512]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2008-05-16 13529088]
"InstantOn"="C:\Program Files\CyberLink\PowerCinema Linux\ion_install.exe" [2006-06-21 93640]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"PaperPort PTD"="C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe" [2005-03-18 57393]
"SetDefPrt"="C:\Program Files\Brother\Brmfl05a\BrStDvPt.exe" [2005-01-26 49152]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-02-01 385024]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2008-05-16 86016]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-09-03 1235736]
"COMODO Firewall Pro"="C:\Program Files\COMODO\Firewall\cfp.exe" [2008-09-06 1655552]
"RTHDCPL"="RTHDCPL.EXE" [2006-10-09 C:\WINDOWS\RTHDCPL.exe]
"nwiz"="nwiz.exe" [2008-05-16 C:\WINDOWS\system32\nwiz.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 15360]
C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\
Statusvenster.lnk - C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe [2008-02-19 802816]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\PermissionResear ch]
2008-04-24 13:51 331776 C:\Program Files\PermissionResearch\prls.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.XFR1"= xfcodec.dll
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Home Cinema\\MakeDisc\\MakeDisc.exe"=
"C:\\Program Files\\Home Cinema\\MagicDirector\\MagicDirector.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\Teamspeak2_RC2\\server_windows.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Documents and Settings\\Guillaume\\Application Data\\Thinstall\\Adobe Dreamweaver CS3\\800000fbe00002i\\Dreamweaver.exe"=
"C:\\Documents and Settings\\Guillaume\\Bureaublad\\Adobe Dreamweaver CS3.exe"=
"C:\\Program Files\\Xfire\\xfire.exe"=
"C:\\WINDOWS\\system32\\PnkBstrA.exe"=
"C:\\WINDOWS\\system32\\PnkBstrB.exe"=
"C:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"C:\\Program Files\\Lavasoft\\Ad-Aware\\Ad-Aware.exe"=
"C:\\Program Files\\WarRock\\WRLauncher.exe"=
"C:\\Documents and Settings\\All Users\\Application Data\\Nexon\\NGM\\NGM.exe"=
"C:\\Documents and Settings\\All Users\\Application Data\\Nexon\\Common\\NMService.exe"=
"C:\\Documents and Settings\\All Users\\Application Data\\NexonUS\\NGM\\NGM.exe"=
"C:\\Freesteam\\steamapps\\tikkevette\\counter-strike source\\hl2.exe"=
"C:\\SRCDS\\srcds.exe"=
"C:\\kav\\kis\\setup.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"C:\\Freesteam\\steamapps\\tikkevette\\day of defeat source\\hl2.exe"=
"C:\\Freesteam\\steamapps\\tikkevette\\counter-strike\\hl.exe"=
"C:\\Documents and Settings\\Guillaume\\Mijn documenten\\Firefox Downloads\\utorrent.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\GloballyOpenPorts\List]
"5340:TCP"= 5340:TCP:WarRock1
"5350:UDP"= 5350:UDP:WarRock2
R0 hotcore2;hotcore2;C:\WINDOWS\system32\drivers\hotc ore2.sys [2006-10-02 30808]
R0 videX32;videX32;C:\WINDOWS\system32\DRIVERS\videX3 2.sys [2006-10-17 9216]
R0 xfilt;VIA SATA IDE Hot-plug Driver;C:\WINDOWS\system32\DRIVERS\xfilt.sys [2006-10-18 17920]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-09-03 97928]
R1 cmdGuard;COMODO Firewall Pro Sandbox Driver;C:\WINDOWS\system32\DRIVERS\cmdguard.sys [2008-09-06 87056]
R1 cmdHlp;COMODO Firewall Pro Helper Driver;C:\WINDOWS\system32\DRIVERS\cmdhlp.sys [2008-09-06 24208]
R2 avg8emc;AVG Free8 E-mail Scanner;C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-09-03 875288]
R2 avg8wd;AVG Free8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-09-03 231704]
R2 AvgTdiX;AVG Free8 Network Redirector;C:\WINDOWS\system32\Drivers\avgtdix.sys [2008-09-03 76040]
R3 Cap7134;Philips WDM Video Capture;C:\WINDOWS\system32\DRIVERS\Cap7134.sys [2003-03-07 348160]
R3 X10Hid;X10 Hid Device;C:\WINDOWS\system32\Drivers\x10hid.sys [2005-11-28 7040]
.
Inhoud van de 'Gedeelde Taken' map
.
- - - - ORPHANS REMOVED - - - -
WebBrowser-{A057A204-BACC-4D26-C39E-35F1D2A32EC8} - (no file)
HKLM-Run-NWEReboot - (no file)
.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\Guillaume\Application Data\Mozilla\Firefox\Profiles\h4jg787p.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - forum.warrock.net|www.lunagang.nl|www.youtube.com
FF -: plugin - C:\Documents and Settings\All Users\Application Data\Nexon\NGM\npNxGame.dll
FF -: plugin - C:\Documents and Settings\All Users\Application Data\NexonUS\NGM\npNxGameUS.dll
FF -: plugin - C:\Program Files\Yahoo!\Common\npyaxmpb.dll
.
************************************************** ************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-16 17:44:22
Windows 5.1.2600 Service Pack 3 NTFS
scannen van verborgen processen ...
scannen van verborgen autostart items ...
scannen van verborgen bestanden ...
Scan succesvol afgerond
verborgen bestanden: 0
************************************************** ************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\brss01a.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\COMODO\Firewall\cmdagent.exe
C:\WINDOWS\ehome\ehrecvr.exe
C:\WINDOWS\ehome\ehSched.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\PROGRA~1\COMMON~1\X10\Common\X10nets.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\ehome\ehmsas.exe
C:\WINDOWS\system32\rundll32.exe
.
************************************************** ************************
.
Voltooingstijd: 2008-09-16 17:50:52 - machine was rebooted
ComboFix-quarantined-files.txt 2008-09-16 15:50:46
Pre-Run: 174,280,687,616 bytes beschikbaar
Post-Run: 174,725,873,664 bytes beschikbaar
288 --- E O F --- 2008-09-10 18:34:49
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:53:52, on 16/09/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\COMODO\Firewall\cmdagent.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\WhatPulse\WhatPulse.exe
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.nexon.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyServer = 128.112.139.80:3128
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = *.local;*.https
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [InstantOn] "C:\Program Files\CyberLink\PowerCinema Linux\ion_install.exe /c "
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl05a\BrStDvPt.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\COMODO\Firewall\cfp.exe" -h
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [WhatPulse] C:\Program Files\WhatPulse\WhatPulse.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Statusvenster.lnk = C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: In weblog opnemen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &In weblog opnemen met Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.messenger.msn.com/Medialogic.CAB
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{48B521CB-ACEB-4290-9128-A4012D1A0E5A}: NameServer = 195.238.2.21,195.238.2.22
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: PermissionResearch - C:\program files\permissionresearch\prls.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - Unknown owner - C:\Program Files\COMODO\Firewall\cmdagent.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
--
End of file - 9012 bytes
Roelof 16 September 2008, 18:48 Hoi,
Je bent het MBAM logje vergeten ?
Roelof
Roelof 16 September 2008, 21:07 hoi,
Open Kladblok, kopiëer en plak de onderstaande tekst in een leeg venster:
Folder::
C:\Program Files\PermissionResearch
Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\PermissionResear ch]
Sla dit op op je Bureaublad als CFScript.txt
Sleep CFScript.txt in ComboFix.exe zoals getoond in onderstaand voorbeeld :
http://img.photobucket.com/albums/v666/sUBs/CFScript.gif
Dit zal ComboFix doen herstarten.
Start opnieuw op als daarom gevraagd wordt en post de inhoud van de Combofix.txt in je volgende antwoord samen met een nieuw HijackThislogje.
guillaume520 17 September 2008, 12:26 ComboFix 08-09-15.02 - Guillaume 2008-09-17 12:08:34.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1043.18.580 [GMT 2:00]
Gestart vanuit: C:\Documents and Settings\Guillaume\Bureaublad\ComboFix.exe
Command switches used :: C:\Documents and Settings\Guillaume\Bureaublad\CFScript.txt
* Nieuw herstelpunt werd aangemaakt
WAARSCHUWING - DE RECOVERY CONSOLE IS NIET OP DIT SYSTEEM GEINSTALLEERD !!
.
(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\All Users\Menu Start\Programma's\MessengerSkinner
C:\Program Files\PermissionResearch
C:\Program Files\PermissionResearch\prls.dll
.
(((((((((((((((((((( Bestanden Gemaakt van 2008-08-17 to 2008-09-17 ))))))))))))))))))))))))))))))
.
2008-09-14 16:04 . 2008-09-14 16:04 <DIR> d-------- C:\Program Files\Teach2000
2008-09-09 17:46 . 2008-09-10 13:14 137,800 --a------ C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-09-08 20:26 . 2008-09-10 13:14 111,928 --a------ C:\WINDOWS\system32\PnkBstrB.exe
2008-09-08 20:26 . 2008-09-08 20:26 66,872 --a------ C:\WINDOWS\system32\PnkBstrA.exe
2008-09-08 20:19 . 2008-09-08 20:19 674,600 --a------ C:\WINDOWS\system32\pbsvc(2).exe
2008-09-08 20:05 . 2008-09-08 20:26 682,280 --a------ C:\WINDOWS\system32\pbsvc.exe
2008-09-08 20:05 . 2008-09-08 20:26 107,832 --a------ C:\Documents and Settings\Guillaume\Application Data\PnkBstrB.exe
2008-09-08 12:09 . 2008-09-08 12:11 <DIR> d-------- C:\Documents and Settings\Guillaume\.housecall6.6
2008-09-08 12:09 . 2008-09-08 12:09 102,664 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys
2008-09-07 17:54 . 2008-09-10 20:31 1,374 --a------ C:\WINDOWS\imsins.BAK
2008-09-07 17:43 . 2008-09-17 12:05 <DIR> dr-h----- C:\Documents and Settings\Guillaume\Onlangs geopend
2008-09-07 17:41 . 2008-09-07 17:41 50 --a------ C:\WINDOWS\MegaManager.INI
2008-09-07 17:35 . 2008-09-07 17:35 <DIR> d-------- C:\Program Files\JRTwine Software
2008-09-07 17:30 . 2008-09-07 17:32 <DIR> d-------- C:\!KillBox
2008-09-07 17:24 . 2008-09-10 15:50 <DIR> d-------- C:\Documents and Settings\Guillaume\Application Data\IDM
2008-09-07 15:57 . 2008-09-07 15:57 <DIR> d-------- C:\Documents and Settings\Guillaume\Application Data\DivX
2008-09-07 14:12 . 2008-09-07 14:58 <DIR> d-------- C:\VideoOutput
2008-09-07 14:05 . 2008-09-07 14:12 <DIR> d-------- C:\Program Files\Ultra Video Converter
2008-09-07 14:05 . 2007-04-12 14:19 129,024 --a------ C:\WINDOWS\system32\AVERM.dll
2008-09-07 14:05 . 2006-09-26 13:57 28,672 --a------ C:\WINDOWS\system32\AVEQT.dll
2008-09-07 10:46 . 2008-09-07 17:50 <DIR> d-------- C:\Program Files\Internet Download Manager
2008-09-07 10:46 . 2008-09-12 18:00 <DIR> d-------- C:\Documents and Settings\Guillaume\Application Data\DMCache
2008-09-06 17:27 . 2008-09-06 17:27 <DIR> d-------- C:\Program Files\COMODO
2008-09-06 17:27 . 2008-09-06 17:27 <DIR> d-------- C:\Documents and Settings\Guillaume\Application Data\Comodo
2008-09-06 17:27 . 2008-09-06 17:28 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\comodo
2008-09-06 17:27 . 2008-09-06 17:27 143,104 --a------ C:\WINDOWS\system32\guard32.dll
2008-09-06 17:27 . 2008-09-06 17:27 87,056 --a------ C:\WINDOWS\system32\drivers\cmdguard.sys
2008-09-06 17:27 . 2008-09-06 17:27 24,208 --a------ C:\WINDOWS\system32\drivers\cmdhlp.sys
2008-09-06 12:05 . 2008-04-11 21:06 691,712 -----c--- C:\WINDOWS\system32\dllcache\inetcomm.dll
2008-09-06 12:05 . 2008-06-14 19:36 272,640 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys
2008-09-06 12:05 . 2008-05-08 16:02 203,136 -----c--- C:\WINDOWS\system32\dllcache\rmcast.sys
2008-09-06 12:00 . 2008-09-06 12:00 <DIR> d-------- C:\WINDOWS\system32\nl
2008-09-06 12:00 . 2008-09-06 12:00 <DIR> d-------- C:\WINDOWS\system32\bits
2008-09-06 12:00 . 2008-09-06 12:00 <DIR> d-------- C:\WINDOWS\l2schemas
2008-09-06 11:57 . 2008-09-06 11:57 <DIR> d-------- C:\WINDOWS\ServicePackFiles
2008-09-06 10:42 . 2008-09-06 10:42 <DIR> d-------- C:\Program Files\Driver-Soft
2008-09-06 09:23 . 2008-09-06 09:23 <DIR> d-------- C:\Program Files\uTorrent
2008-09-05 17:51 . 2008-09-05 17:51 <DIR> d-------- C:\PacSteamT
2008-09-05 16:54 . 2008-09-05 16:54 155,648 --a------ C:\WINDOWS\system32\libssl32.dll
2008-09-05 11:53 . 2008-04-14 19:02 1,737,856 --------- C:\WINDOWS\system32\mtxparhd.dll
2008-09-05 11:52 . 2008-04-14 19:02 1,888,992 --------- C:\WINDOWS\system32\ati3duag.dll
2008-09-05 11:45 . 2008-09-11 20:14 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-09-05 11:45 . 2008-09-05 11:45 1,409 --a------ C:\WINDOWS\QTFont.for
2008-09-04 12:20 . 2008-09-14 12:31 <DIR> d--h----- C:\$AVG8.VAULT$
2008-09-03 15:33 . 2008-09-03 15:33 <DIR> d-------- C:\Documents and Settings\Guillaume\Application Data\EmailNotifier
2008-09-03 15:33 . 2008-09-04 12:14 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Megaupload
2008-09-03 15:33 . 2008-09-03 15:33 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\EmailNotifier
2008-09-03 14:13 . 2008-09-14 09:59 <DIR> d-------- C:\WINDOWS\system32\drivers\Avg
2008-09-03 14:13 . 2008-09-03 14:13 <DIR> d-------- C:\Program Files\AVG
2008-09-03 14:13 . 2008-09-03 14:13 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg8
2008-09-03 14:13 . 2008-09-03 14:13 97,928 --a------ C:\WINDOWS\system32\drivers\avgldx86.sys
2008-09-03 14:13 . 2008-09-03 14:13 76,040 --a------ C:\WINDOWS\system32\drivers\avgtdix.sys
2008-09-03 14:13 . 2008-09-03 14:13 10,520 --a------ C:\WINDOWS\system32\avgrsstx.dll
2008-09-03 13:48 . 2008-09-03 13:48 <DIR> d-------- C:\kav
2008-09-02 11:59 . 2008-09-02 19:03 <DIR> d-------- C:\SRCDS
2008-08-27 23:03 . 2008-08-27 23:03 42,320 --a------ C:\WINDOWS\system32\xfcodec.dll
2008-08-27 11:57 . 2008-08-27 11:57 <DIR> d-------- C:\Program Files\CFToolbox
2008-08-27 11:39 . 2008-09-15 12:15 <DIR> d-------- C:\Freesteam
2008-08-23 18:40 . 2008-09-10 00:04 38,528 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-08-23 15:25 . 2008-09-16 20:26 <DIR> d-------- C:\Program Files\Steam
2008-08-23 11:28 . 2008-02-11 12:44 <DIR> d--h----- C:\Documents and Settings\Administrator\Sjablonen
2008-08-23 11:28 . 2008-08-23 11:29 <DIR> d--h----- C:\Documents and Settings\Administrator\Onlangs geopend
2008-08-23 11:28 . 2008-02-11 13:28 <DIR> d--h----- C:\Documents and Settings\Administrator\Netwerkprinteromgeving
2008-08-23 11:28 . 2008-02-11 13:28 <DIR> d-------- C:\Documents and Settings\Administrator\Mijn documenten
2008-08-23 11:28 . 2008-02-11 13:28 <DIR> dr------- C:\Documents and Settings\Administrator\Menu Start
2008-08-23 11:28 . 2008-02-11 13:28 <DIR> d-------- C:\Documents and Settings\Administrator\Favorieten
2008-08-23 11:28 . 2008-02-11 13:28 <DIR> d-------- C:\Documents and Settings\Administrator\Bureaublad
2008-08-23 11:28 . 2008-09-03 14:13 <DIR> d-------- C:\Documents and Settings\Administrator
2008-08-23 11:10 . 2008-08-23 11:20 <DIR> d-------- C:\Program Files\Yahoo!
2008-08-22 14:48 . 2008-08-22 15:00 <DIR> d-------- C:\Program Files\WhatPulse
2008-08-22 11:38 . 2008-08-22 11:38 <DIR> d-------- C:\Documents and Settings\Guillaume\Application Data\GlobalSCAPE
2008-08-22 11:38 . 2008-08-22 11:38 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\GlobalSCAPE
2008-08-22 11:28 . 2008-08-22 11:28 <DIR> d-------- C:\Documents and Settings\Guillaume\Application Data\SmartFTP
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2008-09-17 10:04 --------- d-----w C:\Documents and Settings\Guillaume\Application Data\SiteAdvisor
2008-09-14 15:30 --------- d-----w C:\Documents and Settings\Guillaume\Application Data\uTorrent
2008-09-10 18:32 --------- d-----w C:\Program Files\Microsoft Works
2008-09-10 11:53 --------- d-----w C:\Documents and Settings\Guillaume\Application Data\Xfire
2008-09-10 09:56 --------- d-----w C:\Program Files\Malwarebytes' Anti-Malware
2008-09-09 22:03 17,200 ----a-w C:\WINDOWS\system32\drivers\mbam.sys
2008-09-09 15:40 --------- d-----w C:\Program Files\Xfire
2008-09-08 18:30 22,328 ----a-w C:\Documents and Settings\Guillaume\Application Data\PnkBstrK.sys
2008-09-07 15:37 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-09-07 15:35 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-09-07 11:57 --------- d-----w C:\Documents and Settings\Guillaume\Application Data\Ahead
2008-09-06 12:18 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-09-06 10:23 --------- d-----w C:\Program Files\X10 Hardware
2008-09-03 13:33 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-09-03 13:06 --------- d-----w C:\Program Files\Tales of Pirates Online
2008-09-03 13:05 --------- d-----w C:\Program Files\ESET
2008-09-03 13:05 --------- d-----w C:\Program Files\Bonjour
2008-08-23 09:48 --------- d-----w C:\Program Files\SystemRequirementsLab
2008-08-23 09:48 --------- d-----w C:\Documents and Settings\Guillaume\Application Data\SystemRequirementsLab
2008-08-23 09:20 --------- d-----w C:\Program Files\Portable Photoshop
2008-08-23 09:18 --------- d-----w C:\Program Files\Wolfenstein - Enemy Territory
2008-08-23 09:17 --------- d-----w C:\Program Files\SpeedFan
2008-08-23 09:16 --------- d-----w C:\Program Files\Java
2008-08-23 09:14 --------- d--h--w C:\Documents and Settings\Guillaume\Application Data\ijjigame
2008-08-23 09:13 --------- d-----w C:\Program Files\Game Cam V2
2008-08-23 09:11 --------- d-----w C:\Program Files\BSR Screen Recorder 4
2008-08-22 10:59 --------- d-----w C:\Documents and Settings\Guillaume\Application Data\FileZilla
2008-08-22 08:13 --------- d-----w C:\Program Files\WarRock
2008-08-16 16:29 --------- d-----w C:\Program Files\FileZilla Client
2008-08-14 12:53 --------- d-----w C:\Program Files\SmartClose
2008-08-13 15:31 --------- d-----w C:\Program Files\DivX
2008-08-12 09:15 --------- d-----w C:\Documents and Settings\Guillaume\Application Data\mIRC
2008-08-04 09:36 23 ----a-w C:\Documents and Settings\Guillaume\jagex_runescape_preferences.dat
2008-08-02 07:48 1,336 ----a-w C:\Documents and Settings\Guillaume\Application Data\wklnhst.dat
2008-07-31 13:53 --------- d-----w C:\Program Files\Codemasters
2008-07-30 17:39 --------- d-----w C:\Program Files\Permeo
2008-07-29 19:20 --------- d-----w C:\Documents and Settings\All Users\Application Data\NexonUS
2008-07-23 16:50 9,464 ------w C:\WINDOWS\system32\drivers\cdralw2k.sys
2008-07-23 16:50 9,336 ------w C:\WINDOWS\system32\drivers\cdr4_xp.sys
2008-07-23 16:50 43,528 ------w C:\WINDOWS\system32\drivers\pxhelp20.sys
2008-07-18 15:54 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-07-18 13:01 --------- d-----w C:\Program Files\SignGATE
2008-07-18 12:23 --------- d-----w C:\Documents and Settings\All Users\Application Data\Nexon
2008-07-17 18:54 --------- d-----w C:\Documents and Settings\Guillaume\Application Data\Sony
2008-07-17 18:50 --------- d-----w C:\Documents and Settings\Guillaume\Application Data\Publish Providers
2008-07-17 12:41 --------- d-----w C:\Documents and Settings\All Users\Application Data\Sony
2008-07-17 12:33 --------- d-----w C:\Program Files\Vstplugins
2008-07-17 12:32 --------- d-----w C:\Program Files\Sony
2008-07-17 12:29 --------- d-----w C:\Program Files\Sony Setup
2008-07-17 12:29 --------- d-----w C:\Documents and Settings\Guillaume\Application Data\Sony Setup
2004-07-22 09:51 3,432,656 ----a-w C:\Program Files\ManagedDX.CAB
2004-07-19 21:58 1,156,363 ----a-w C:\Program Files\BDANT.cab
2004-07-19 21:53 976,020 ----a-w C:\Program Files\BDAXP.cab
2004-07-09 13:17 13,265,040 ----a-w C:\Program Files\dxnt.cab
2004-07-09 08:13 703,080 ----a-w C:\Program Files\BDA.cab
2004-07-09 08:13 15,493,481 ----a-w C:\Program Files\DirectX.cab
2004-07-09 03:08 472,576 ----a-w C:\Program Files\dxsetup.exe
2004-07-09 03:08 2,242,560 ----a-w C:\Program Files\dsetup32.dll
2004-07-09 02:03 62,976 ----a-w C:\Program Files\DSETUP.dll
2008-02-11 14:24 4,184 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))) )
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 15360]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-06-01 94208]
"WhatPulse"="C:\Program Files\WhatPulse\WhatPulse.exe" [2006-08-21 665600]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-08-17 64512]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2008-05-16 13529088]
"InstantOn"="C:\Program Files\CyberLink\PowerCinema Linux\ion_install.exe" [2006-06-21 93640]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"PaperPort PTD"="C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe" [2005-03-18 57393]
"SetDefPrt"="C:\Program Files\Brother\Brmfl05a\BrStDvPt.exe" [2005-01-26 49152]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-02-01 385024]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2008-05-16 86016]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-09-03 1235736]
"COMODO Firewall Pro"="C:\Program Files\COMODO\Firewall\cfp.exe" [2008-09-06 1655552]
"RTHDCPL"="RTHDCPL.EXE" [2006-10-09 C:\WINDOWS\RTHDCPL.exe]
"nwiz"="nwiz.exe" [2008-05-16 C:\WINDOWS\system32\nwiz.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 15360]
C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\
Statusvenster.lnk - C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe [2008-02-19 802816]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.XFR1"= xfcodec.dll
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Home Cinema\\MakeDisc\\MakeDisc.exe"=
"C:\\Program Files\\Home Cinema\\MagicDirector\\MagicDirector.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\Teamspeak2_RC2\\server_windows.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Documents and Settings\\Guillaume\\Application Data\\Thinstall\\Adobe Dreamweaver CS3\\800000fbe00002i\\Dreamweaver.exe"=
"C:\\Documents and Settings\\Guillaume\\Bureaublad\\Adobe Dreamweaver CS3.exe"=
"C:\\Program Files\\Xfire\\xfire.exe"=
"C:\\WINDOWS\\system32\\PnkBstrA.exe"=
"C:\\WINDOWS\\system32\\PnkBstrB.exe"=
"C:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"C:\\Program Files\\Lavasoft\\Ad-Aware\\Ad-Aware.exe"=
"C:\\Program Files\\WarRock\\WRLauncher.exe"=
"C:\\Documents and Settings\\All Users\\Application Data\\Nexon\\NGM\\NGM.exe"=
"C:\\Documents and Settings\\All Users\\Application Data\\Nexon\\Common\\NMService.exe"=
"C:\\Documents and Settings\\All Users\\Application Data\\NexonUS\\NGM\\NGM.exe"=
"C:\\Freesteam\\steamapps\\tikkevette\\counter-strike source\\hl2.exe"=
"C:\\SRCDS\\srcds.exe"=
"C:\\kav\\kis\\setup.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"C:\\Freesteam\\steamapps\\tikkevette\\day of defeat source\\hl2.exe"=
"C:\\Freesteam\\steamapps\\tikkevette\\counter-strike\\hl.exe"=
"C:\\Documents and Settings\\Guillaume\\Mijn documenten\\Firefox Downloads\\utorrent.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\GloballyOpenPorts\List]
"5340:TCP"= 5340:TCP:WarRock1
"5350:UDP"= 5350:UDP:WarRock2
R0 hotcore2;hotcore2;C:\WINDOWS\system32\drivers\hotc ore2.sys [2006-10-02 30808]
R0 videX32;videX32;C:\WINDOWS\system32\DRIVERS\videX3 2.sys [2006-10-17 9216]
R0 xfilt;VIA SATA IDE Hot-plug Driver;C:\WINDOWS\system32\DRIVERS\xfilt.sys [2006-10-18 17920]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-09-03 97928]
R1 cmdGuard;COMODO Firewall Pro Sandbox Driver;C:\WINDOWS\system32\DRIVERS\cmdguard.sys [2008-09-06 87056]
R1 cmdHlp;COMODO Firewall Pro Helper Driver;C:\WINDOWS\system32\DRIVERS\cmdhlp.sys [2008-09-06 24208]
R2 avg8emc;AVG Free8 E-mail Scanner;C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-09-03 875288]
R2 avg8wd;AVG Free8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-09-03 231704]
R2 AvgTdiX;AVG Free8 Network Redirector;C:\WINDOWS\system32\Drivers\avgtdix.sys [2008-09-03 76040]
R3 Cap7134;Philips WDM Video Capture;C:\WINDOWS\system32\DRIVERS\Cap7134.sys [2003-03-07 348160]
R3 X10Hid;X10 Hid Device;C:\WINDOWS\system32\Drivers\x10hid.sys [2005-11-28 7040]
.
Inhoud van de 'Gedeelde Taken' map
.
************************************************** ************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-17 12:14:36
Windows 5.1.2600 Service Pack 3 NTFS
scannen van verborgen processen ...
scannen van verborgen autostart items ...
scannen van verborgen bestanden ...
Scan succesvol afgerond
verborgen bestanden: 0
************************************************** ************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\brss01a.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\COMODO\Firewall\cmdagent.exe
C:\WINDOWS\ehome\ehrecvr.exe
C:\WINDOWS\ehome\ehSched.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\PROGRA~1\COMMON~1\X10\Common\X10nets.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\ehome\ehmsas.exe
C:\WINDOWS\system32\rundll32.exe
C:\ComboFix\pv.cfexe
.
************************************************** ************************
.
Voltooingstijd: 2008-09-17 12:21:32 - machine was rebooted
ComboFix-quarantined-files.txt 2008-09-17 10:21:26
ComboFix2.txt 2008-09-16 15:50:53
Pre-Run: 174,629,720,064 bytes beschikbaar
Post-Run: 174,613,606,400 bytes beschikbaar
273 --- E O F --- 2008-09-10 18:34:49
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:25:16, on 17/09/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\COMODO\Firewall\cmdagent.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\WhatPulse\WhatPulse.exe
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.nexon.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyServer = 128.112.139.80:3128
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = *.local;*.https
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [InstantOn] "C:\Program Files\CyberLink\PowerCinema Linux\ion_install.exe /c "
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl05a\BrStDvPt.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\COMODO\Firewall\cfp.exe" -h
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [WhatPulse] C:\Program Files\WhatPulse\WhatPulse.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Statusvenster.lnk = C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: In weblog opnemen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &In weblog opnemen met Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.messenger.msn.com/Medialogic.CAB
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{48B521CB-ACEB-4290-9128-A4012D1A0E5A}: NameServer = 195.238.2.21,195.238.2.22
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - Unknown owner - C:\Program Files\COMODO\Firewall\cmdagent.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
--
End of file - 8889 bytes
Het MBAM logje was niks speciaal denk ik want hij had niks gevonden.
Roelof 17 September 2008, 19:42 Hoi,
Volgens mij is je computer nu weer schoon.
Je mag alle gebruikte tools en aangemaakte mappen gaan verwijderen.
Verwijder ComboFix via Start > Uitvoeren, kopiëer en plak Combofix /U, en Enter.
Dit verwijdert zowel ComboFix als je oude systeemherstelpunten (met eventuele restanten van malware), en maakt een nieuw systeemherstelpunt aan.
Nog een paar tips om problemen te voorkomen in de toekomst:
Installeer alvast volgende GRATIS programmatjes indien je ze nog niet hebt:
Spywareblaster (http://www.javacoolsoftware.com/spywareblaster.html)
Adaware se (http://www.majorgeeks.com/download506.html)
Spybot s&d (http://www.safer-networking.org/en/index.html)
Tijdens het surfen, klik niet overal klakkeloos op ja als je dit gevraagd wordt... doe dit enkel wanneer je het volledig vertrouwt.
En kies eventueel een alternatieve browser zoals Opera (http://www.opera.com/) of Firefox (http://www.mozilla.org/products/firefox/).
En ik raad je ook aan om af en toe een online virusscan uit te voeren. housecall (http://housecall.trendmicro.com/) en/of Bitdefender (http://nl.bitdefender.com/scan8/). Want, wat de ene scanner niet kan vinden, kan een andere misschien wel.
Zorg er ook voor dat je virusscanner die op je systeem geïnstalleerd is altijd up to date is!!
En... geregeld eens een bezoekje brengen aan: http://windowsupdate.microsoft.com/ (http://windowsupdate.microsoft.com/)
Bekijk ook eens deze 2 filmpjes.. Heel interessant:
http://www2.trosradar.nl/mediaplayer...&mode=dossier# (http://www2.trosradar.nl/mediaplayer/player.php?videoID=524&mode=dossier#)
http://www.benedelman.org/spyware/security-111804.wmv (http://www.benedelman.org/spyware/security-111804.wmv)
Meer preventietips zijn ook op volgende sites te vinden:
http://www.bluemedicine.be (http://www.bluemedicine.be/)
http://users.telenet.be/marcvn/spyware (http://users.telenet.be/marcvn/spyware)
How did I get infected in the first place (http://castlecops.com/postitle7736-0-0-.html) (article by TonyKlein)
Het voorkomen van spyware-infecties en browserhijacking (http://www.antispywareoffensief.nl/forum/showthread.php?t=55)
Groetjes,
Roelof
guillaume520 18 September 2008, 11:46 Heel erg bedankt. Nu is mijn computer weer voor een tijdje malware vrij. (hier mag een slotje op)
|
|