Volledige versie bekijken : PC is traag door hoog CPU verbruik
Orph4nus 13 February 2009, 18:13 Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:07:46, on 13/02/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\NVIDIA Corporation\NvMixer\NvMixerTray.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
D:\Razer\Diamondback 3G\razerhid.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ASUS\GamerOSD\GamerOSD.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
D:\Razer\Diamondback 3G\razerofa.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Microsoft Office\Office\1043\OLFSNT40.EXE
C:\WINDOWS\ATKKBService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Alwil Software\Avast4\ashSimpl.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.gocyberlink.com/registration/registration1.asp?SoftWare=POWERDVD&Version_Num=5.0&Cd_Key=MV39844293845489&Company=THUIS&FName=Glen&Lang=Nld
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyServer = 192.168.0.0:2
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: (no name) - {048E42D3-6982-4C59-B035-84803CDECB70} - C:\WINDOWS\system32\cvwqjtoy.dll (file missing)
O2 - BHO: (no name) - {185060A5-65B5-4E2B-A5D9-0C568652F6BC} - C:\WINDOWS\system32\xxywTNHW.dll (file missing)
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: (no name) - {2C604029-9381-4776-9E3B-18BA8B80B176} - C:\WINDOWS\system32\iifdbASI.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {77244082-D27E-416C-9661-FAD640973FCE} - C:\WINDOWS\system32\xxyVNEvU.dll (file missing)
O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\sw g.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O3 - Toolbar: (no name) - {D0943516-5076-4020-A3B5-AEFAF26AB263} - (no file)
O3 - Toolbar: sqvgnrpx - {8D52F0EB-21CC-422D-8042-D2F69614D8A6} - C:\WINDOWS\sqvgnrpx.dll (file missing)
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [NvMixerTray] C:\Program Files\NVIDIA Corporation\NvMixer\NvMixerTray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [lphc9p3j0er6p] C:\WINDOWS\system32\lphc9p3j0er6p.exe
O4 - HKLM\..\Run: [SMrhccp3j0er6p] C:\Program Files\rhccp3j0er6p\rhccp3j0er6p.exe
O4 - HKLM\..\Run: [Hitman Pro Expiration Helper] "C:\DOCUME~1\Orph4nus\LOCALS~1\Temp\xphelper.exe"
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [Diamondback] D:\Razer\Diamondback 3G\razerhid.exe
O4 - HKLM\..\Run: [CM106Sound] RunDll32 CM106.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [SMSTray] C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe
O4 - HKLM\..\Run: [MAAgent] C:\Program Files\MarkAny\ContentSafer\MAAgent.exe
O4 - HKLM\..\Run: [ErrorSmart] C:\Program Files\ErrorSmart\ErrorSmart.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ASUSGamerOSD] C:\Program Files\ASUS\GamerOSD\GamerOSD.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [mpx] c:\WINDOWS\system32\mpx.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe
O4 - HKCU\..\Run: [ASUS SmartDoctor] C:\Program Files\ASUS\SmartDoctor\SmartDoctor.exe /start
O4 - Startup: .protected
O4 - Startup: Xfire.lnk = D:\Xfire\xfire.exe
O4 - Global Startup: .protected
O4 - Global Startup: Adobe Reader Snelle start.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Java SATARaid.lnk = C:\Program Files\Silicon Image\Java SATARaid\run.bat
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Poort voor Symantec Fax Starter Edition.lnk = C:\Program Files\Microsoft Office\Office\1043\OLFSNT40.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file)
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.srtest.com/srl_bin/sysreqlab_srl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1215350374406
O16 - DPF: {D1E7CBDA-E60E-4970-A01C-37301EF7BF98} (Futuremark SystemInfo) - http://www.yougamers.com/systeminfo/FMSI.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: xxyVNEvU - xxyVNEvU.dll (file missing)
O20 - Winlogon Notify: xxywTNHW - xxywTNHW.dll (file missing)
O21 - SSODL: fsrpknov - {EF7862AC-6A70-41A0-8E94-5D4E85DC2790} - C:\WINDOWS\fsrpknov.dll (file missing)
O21 - SSODL: fdxbameg - {4A883C40-57D8-4CE8-839A-570695CBA933} - C:\WINDOWS\fdxbameg.dll (file missing)
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762# # (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Unknown owner - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
O24 - Desktop Component 0: Privacy Protection - file:///C:\WINDOWS\privacy_danger\index.htm
--
End of file - 12260 bytes
dit is men log
pc is heel traag
en het CPU verbruik is constant 95%-100%
maar als ik kijk zijn het gewone programmas die veel verbruiken
die normal bijna nix verbruiken
bv msn , avast antivirus
dit is dus zeer raar
aub help mij ik doe er alles aan om het te fixe ( pls kan het graties? xD )
Rosty 13 February 2009, 23:23 Hoi,
ik zou je aanraden om maar 1 Antivirus te gebruiken!!! Ik zie dat je Avast! en Avira hebt.
open HijackThis, klik op do a scan only en vink volgende regels aan:
O2 - BHO: (no name) - {048E42D3-6982-4C59-B035-84803CDECB70} - C:\WINDOWS\system32\cvwqjtoy.dll (file missing)
O2 - BHO: (no name) - {185060A5-65B5-4E2B-A5D9-0C568652F6BC} - C:\WINDOWS\system32\xxywTNHW.dll (file missing)
O2 - BHO: (no name) - {2C604029-9381-4776-9E3B-18BA8B80B176} - C:\WINDOWS\system32\iifdbASI.dll (file missing)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: (no name) - {77244082-D27E-416C-9661-FAD640973FCE} - C:\WINDOWS\system32\xxyVNEvU.dll (file missing)
O3 - Toolbar: (no name) - {D0943516-5076-4020-A3B5-AEFAF26AB263} - (no file)
O3 - Toolbar: sqvgnrpx - {8D52F0EB-21CC-422D-8042-D2F69614D8A6} - C:\WINDOWS\sqvgnrpx.dll (file missing)
O4 - HKLM\..\Run: [lphc9p3j0er6p] C:\WINDOWS\system32\lphc9p3j0er6p.exe
O4 - HKLM\..\Run: [SMrhccp3j0er6p] C:\Program Files\rhccp3j0er6p\rhccp3j0er6p.exe
O4 - HKLM\..\Run: [Hitman Pro Expiration Helper] "C:\DOCUME~1\Orph4nus\LOCALS~1\Temp\xphelper.e xe"
O4 - HKLM\..\Run: [ErrorSmart] C:\Program Files\ErrorSmart\ErrorSmart.exe
O20 - Winlogon Notify: xxyVNEvU - xxyVNEvU.dll (file missing)
O20 - Winlogon Notify: xxywTNHW - xxywTNHW.dll (file missing)
O21 - SSODL: fsrpknov - {EF7862AC-6A70-41A0-8E94-5D4E85DC2790} - C:\WINDOWS\fsrpknov.dll (file missing)
O21 - SSODL: fdxbameg - {4A883C40-57D8-4CE8-839A-570695CBA933} - C:\WINDOWS\fdxbameg.dll (file missing)
O24 - Desktop Component 0: Privacy Protection - file:///C:\WINDOWS\privacy_danger\index.htm
Sluit alle open vensters, behalve Hijackthis, en klik op Fix Checked. Sluit HijackThis.
Download MBAM (Malwarebytes' Anti-Malware) via hier (http://www.besttechie.net/tools/mbam-setup.exe) of hier (http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html).
Dubbelklik op mbam-setup.exe om het programma te installeren.
Zorg ervoor dat er een vinkje geplaatst is voor Update Malwarebytes' Anti-Malware en Start Malwarebytes' Anti-Malware, Klik daarna op "Voltooien".
Indien een update gevonden werd, zal die gedownload en geïnstalleerd worden.
Wanneer het programma volledig up to date is, selecteer dan in het tabblad Scanner : "Snelle Scan", daarna klik op Scan.
Het scannen kan een tijdje duren, dus wees geduldig.
Wanneer de scan voltooid is, klik op OK, daarna "Bekijk Resultaten" om de resultaten te zien.
Zorg ervoor dat daar alles aangevinkt is, daarna klik op: Verwijder geselecteerde.
Na het verwijderen zal een log openen en zal er gevraagd worden om de computer opnieuw op te starten. (Zie verder)
De log wordt automatisch bewaard door MBAM en kan je terugvinden door op de "Logs" tab te klikken in MBAM.
Kopieer en plak de inhoud van het logje in je volgend antwoord, samen met een nieuw HijackThis log.
Indien MBAM moeilijkheden heeft met het verwijderen van bepaalde bestanden zal het enkele meldingen geven waar je OK moet klikken.
Daarna zal het vragen om de Computer opnieuw op te starten... dus sta toe dat MBAM de computer opnieuw opstart.
Orph4nus 14 February 2009, 12:29 Malwarebytes' Anti-Malware 1.34
Database versie 1761
Windows 5.1.2600 Service Pack 2
14022009 112025
mbam-log-2009-02-14 (11-20-25).txt
Scan type Snelle Scan
Objecten gescand 69067
Verstreken tijd 40 minute(s), 4 second(s)
Geheugenprocessen geïnfecteerd 0
Geheugenmodulen geïnfecteerd 0
Registersleutels geïnfecteerd 20
Registerwaarden geïnfecteerd 6
Registerdata bestanden geïnfecteerd 0
Mappen geïnfecteerd 13
Bestanden geïnfecteerd 20
Geheugenprocessen geïnfecteerd
(Geen kwaadaardige items gevonden)
Geheugenmodulen geïnfecteerd
(Geen kwaadaardige items gevonden)
Registersleutels geïnfecteerd
HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVe rsionExtStats{7545d8c8-f53c-4e2f-8fa0-d248ef4a6e61} (Rogue.Installer) - Quarantined and deleted successfully.
HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVe rsionExtStats{77244082-d27e-416c-9661-fad640973fce} (Trojan.Vundo) - Quarantined and deleted successfully.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentV ersionUninstallrhccp3j0er6p (Rogue.AntivirusXP2008) - Quarantined and deleted successfully.
HKEY_LOCAL_MACHINESOFTWARErhccp3j0er6p (Rogue.AntivirusXP2008) - Quarantined and deleted successfully.
HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesc lbdriver (Trojan.Agent) - Quarantined and deleted successfully.
HKEY_CURRENT_USERSOFTWAREMicrosoftrdfa (Trojan.Vundo) - Quarantined and deleted successfully.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftSoftware Notifier (Rogue.Multiple) - Quarantined and deleted successfully.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftMS Juan (Malware.Trace) - Quarantined and deleted successfully.
HKEY_CURRENT_USERSOFTWAREMicrosoftcontim (Trojan.Vundo) - Quarantined and deleted successfully.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftdslcnnct (Trojan.Vundo) - Quarantined and deleted successfully.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftIProxyProvider (Trojan.Vundo) - Quarantined and deleted successfully.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftMS Track System (Trojan.Vundo) - Quarantined and deleted successfully.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFCOVM (Trojan.Vundo) - Quarantined and deleted successfully.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftRemoveRP (Trojan.Vundo) - Quarantined and deleted successfully.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftVSPlugin (Trojan.FakeAlert) - Quarantined and deleted successfully.
HKEY_CLASSES_ROOTsqvgnrpx.bpdl (Trojan.FakeAlert) - Quarantined and deleted successfully.
HKEY_CLASSES_ROOTsqvgnrpx.toolbar.1 (Trojan.FakeAlert) - Quarantined and deleted successfully.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentV ersionUninstallSystemDefender (Rogue.SystemDefender) - Quarantined and deleted successfully.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftaoprndtws (Trojan.Vundo) - Quarantined and deleted successfully.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentV ersionUninstallWebVideo (Trojan.FakeAlert) - Quarantined and deleted successfully.
Registerwaarden geïnfecteerd
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentV ersionExplorerShellExecuteHooks{77244082-d27e-416c-9661-fad640973fce} (Trojan.Vundo) - Quarantined and deleted successfully.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentV ersionrhccp3j0er6p (Rogue.AntivirusXP2008) - Quarantined and deleted successfully.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentV ersionExplorerBrowser Settingsbf (Trojan.Agent) - Quarantined and deleted successfully.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentV ersionExplorerBrowser Settingsbk (Trojan.Agent) - Quarantined and deleted successfully.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentV ersionExplorerBrowser Settingsiu (Trojan.Agent) - Quarantined and deleted successfully.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentV ersionExplorerBrowser Settingsmu (Trojan.Agent) - Quarantined and deleted successfully.
Registerdata bestanden geïnfecteerd
(Geen kwaadaardige items gevonden)
Mappen geïnfecteerd
CWINDOWSprivacy_danger (Trojan.FakeAlert) - Quarantined and deleted successfully.
CWINDOWSprivacy_dangerimages (Trojan.FakeAlert) - Quarantined and deleted successfully.
CDocuments and SettingsOrph4nusApplication Datarhccp3j0er6p (Rogue.Multiple) - Quarantined and deleted successfully.
CDocuments and SettingsOrph4nusApplication Datarhccp3j0er6pQuarantine (Rogue.Multiple) - Quarantined and deleted successfully.
CDocuments and SettingsOrph4nusApplication Datarhccp3j0er6pQuarantineAutorun (Rogue.Multiple) - Quarantined and deleted successfully.
CDocuments and SettingsOrph4nusApplication Datarhccp3j0er6pQuarantineAutorunHKCU (Rogue.Multiple) - Quarantined and deleted successfully.
CDocuments and SettingsOrph4nusApplication Datarhccp3j0er6pQuarantineAutorunHKCURunOnce (Rogue.Multiple) - Quarantined and deleted successfully.
CDocuments and SettingsOrph4nusApplication Datarhccp3j0er6pQuarantineAutorunHKLM (Rogue.Multiple) - Quarantined and deleted successfully.
CDocuments and SettingsOrph4nusApplication Datarhccp3j0er6pQuarantineAutorunHKLMRunOnce (Rogue.Multiple) - Quarantined and deleted successfully.
CDocuments and SettingsOrph4nusApplication Datarhccp3j0er6pQuarantineAutorunStartMenuAllUsers (Rogue.Multiple) - Quarantined and deleted successfully.
CDocuments and SettingsOrph4nusApplication Datarhccp3j0er6pQuarantineAutorunStartMenuCurrentU ser (Rogue.Multiple) - Quarantined and deleted successfully.
CDocuments and SettingsOrph4nusApplication Datarhccp3j0er6pQuarantineBrowserObjects (Rogue.Multiple) - Quarantined and deleted successfully.
CDocuments and SettingsOrph4nusApplication Datarhccp3j0er6pQuarantinePackages (Rogue.Multiple) - Quarantined and deleted successfully.
Bestanden geïnfecteerd
CWINDOWSenfp.exe (Trojan.FakeAlert) - Quarantined and deleted successfully.
CWINDOWSprivacy_dangerindex.htm (Trojan.FakeAlert) - Quarantined and deleted successfully.
CWINDOWSprivacy_dangerimagescapt.gif (Trojan.FakeAlert) - Quarantined and deleted successfully.
CWINDOWSprivacy_dangerimagesdanger.jpg (Trojan.FakeAlert) - Quarantined and deleted successfully.
CWINDOWSprivacy_dangerimagesdown.gif (Trojan.FakeAlert) - Quarantined and deleted successfully.
CWINDOWSprivacy_dangerimagesspacer.gif (Trojan.FakeAlert) - Quarantined and deleted successfully.
CWINDOWSsystem32mcrh.tmp (Malware.Trace) - Quarantined and deleted successfully.
CWINDOWScookies.ini (Malware.Trace) - Quarantined and deleted successfully.
CDocuments and SettingsOrph4nusLocal SettingsTemp.tt1.tmp (Trojan.Downloader) - Quarantined and deleted successfully.
CDocuments and SettingsOrph4nusLocal SettingsTemp.tt4.tmp (Trojan.Downloader) - Quarantined and deleted successfully.
CDocuments and SettingsOrph4nusLocal SettingsTemp.tt5.tmp (Trojan.Downloader) - Quarantined and deleted successfully.
CDocuments and SettingsOrph4nusLocal SettingsTemp.tt6.tmp (Trojan.Downloader) - Quarantined and deleted successfully.
CDocuments and SettingsOrph4nusLocal SettingsTemp.tt8.tmp (Trojan.Downloader) - Quarantined and deleted successfully.
CDocuments and SettingsOrph4nusLocal SettingsTemp.tt9.tmp (Trojan.Downloader) - Quarantined and deleted successfully.
CWINDOWSpskt.ini (Trojan.Vundo) - Quarantined and deleted successfully.
CWINDOWSBM736e76b6.xml (Trojan.Vundo) - Quarantined and deleted successfully.
CWINDOWSBM736e76b6.txt (Trojan.Vundo) - Quarantined and deleted successfully.
CWINDOWSsystem32driversetc.protected (Rogue.Multiple) - Quarantined and deleted successfully.
C.protected (Rogue.Multiple) - Quarantined and deleted successfully.
CWINDOWS.protected (Rogue.Multiple) - Quarantined and deleted successfully.
Orph4nus 14 February 2009, 12:32 dit is mijn log van de scanner
maar mijn CPU verbruik is nog steeds hoog bij nix te doen
50-60% .. Dus ik denk dat er nog wel iets zal zijn
ik zal hieronder nu mijn log plaatste van die htjhack dinges :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:30:39, on 14/02/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\NVIDIA Corporation\NvMixer\NvMixerTray.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
D:\Razer\Diamondback 3G\razerhid.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe
C:\Program Files\MarkAny\ContentSafer\MAAgent.exe
C:\Program Files\ASUS\GamerOSD\GamerOSD.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Microsoft Office\Office\1043\OLFSNT40.EXE
C:\WINDOWS\ATKKBService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
D:\Xfire\xfire.exe
C:\Program Files\Eset\nod32krn.exe
D:\Razer\Diamondback 3G\razerofa.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Silicon Image\Java SATARaid\SiITray.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system\Cm106eye.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Java\jre1.6.0_07\bin\jucheck.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.gocyberlink.com/registration/registration1.asp?SoftWare=POWERDVD&Version_Num=5.0&Cd_Key=MV39844293845489&Company=THUIS&FName=Glen&Lang=Nld
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyServer = 192.168.0.0:2
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\sw g.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [NvMixerTray] C:\Program Files\NVIDIA Corporation\NvMixer\NvMixerTray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [Diamondback] D:\Razer\Diamondback 3G\razerhid.exe
O4 - HKLM\..\Run: [CM106Sound] RunDll32 CM106.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [SMSTray] C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe
O4 - HKLM\..\Run: [MAAgent] C:\Program Files\MarkAny\ContentSafer\MAAgent.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ASUSGamerOSD] C:\Program Files\ASUS\GamerOSD\GamerOSD.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [mpx] c:\WINDOWS\system32\mpx.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe
O4 - HKCU\..\Run: [ASUS SmartDoctor] C:\Program Files\ASUS\SmartDoctor\SmartDoctor.exe /start
O4 - Startup: .protected
O4 - Startup: Xfire.lnk = D:\Xfire\xfire.exe
O4 - Global Startup: .protected
O4 - Global Startup: Adobe Reader Snelle start.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Java SATARaid.lnk = C:\Program Files\Silicon Image\Java SATARaid\run.bat
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Poort voor Symantec Fax Starter Edition.lnk = C:\Program Files\Microsoft Office\Office\1043\OLFSNT40.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file)
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.srtest.com/srl_bin/sysreqlab_srl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1215350374406
O16 - DPF: {D1E7CBDA-E60E-4970-A01C-37301EF7BF98} (Futuremark SystemInfo) - http://www.yougamers.com/systeminfo/FMSI.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762# # (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Unknown owner - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
--
End of file - 10586 bytes
Rosty 14 February 2009, 12:38 We zijn op de goede weg. Al heel wat rommel verwijderd.
Download SDFix (http://downloads.andymanchesta.com/RemovalTools/SDFix.exe) en sla het progje op naar je bureaublad.
Dubbelklik SDFix.exe en kies Install om het uit te pakken. Versie 1.40 en hoger zal de uitgepakte SDFix map automatisch naar je systeemdrive verplaatsen (waarschijnlijk hier: C:\SDFix).
Herstart de pc in de veilige modus.
Safe mode for Windows XP
Herstart de computer
Zodra uw computer klaar is met het laden van de BIOS (zwarte scherm en witte letters, of een ander beginscherm)en vlak voordat Windows wordt geladen
Tap op de F8-toets (of de F5)-toets totdat u in het Windows option-menu terechtkomt Kies hier voor opstarten in veilige modus (Safe mode) door het gebruik van de pijltjestoetsen en daarna Enter
Open de uitgepakte SDFix folder (meestal hier te vinden: C:\SDFix) en dubbelklik RunThis.bat om het script te starten.
Typ Y en klik enter om het schoonmaakproces te starten.
Er zullen Trojan Services en/of Registry Entries worden verwijderd als ze worden gevonden en je zult een toets voor herstart moeten indrukken.
De computer zal dan herstarten; dit duurt langer dan gewoonlijk.
De Fixtool zal opnieuw gaan werken en het verwijderingproces vervolgen, dan wordt Finished, getoond, wacht geduldig af totdat je weer een toets moeten indrukken om het script te beëindigen en je bureaubladiconen weer te laden.
Zodra je bureaublad weer normaal is zal het SDFix report openen en ook te vinden zijn in de SDFix folder als Report.txt.
Copy/paste de inhoud van dit report Report.txt in je volgende antwoord hier samen met een nieuw HijackThis log
Orph4nus 14 February 2009, 13:40 Hey ik heb gedan wat je vroeg
pc loopt weer al wat vlotter .
maar ik denk dat we nog wel wat werk te doen hebben
hieronder het report en onder de streeplijn staat de hijack log:
SDFix: Version 1.240
Run by Orph4nus on za 14/02/2009 at 12:18
Microsoft Windows XP [versie 5.1.2600]
Running From: C:\SDFix
Checking Services :
Restoring Default Security Values
Restoring Default Hosts File
Rebooting
Checking Files :
Trojan Files Found:
C:\Documents and Settings\Orph4nus\Local Settings\Temp\Google Toolbar\gtb3A.tmp.exe - Deleted
C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\.protected - Deleted
C:\Documents and Settings\Orph4nus\Menu Start\Programma's\Opstarten\.protected - Deleted
C:\DOCUME~1\Orph4nus\LOCALS~1\Temp\.tt11.tmp - Deleted
C:\DOCUME~1\Orph4nus\LOCALS~1\Temp\.tt3D.tmp - Deleted
C:\DOCUME~1\Orph4nus\LOCALS~1\Temp\.tt43.tmp - Deleted
C:\DOCUME~1\Orph4nus\LOCALS~1\Temp\atmadm2.exe.bat - Deleted
C:\DOCUME~1\Orph4nus\LOCALS~1\Temp\bindsrv2.exe.ba t - Deleted
C:\DOCUME~1\Orph4nus\LOCALS~1\Temp\smchk.exe.bat - Deleted
C:\DOCUME~1\Orph4nus\LOCALS~1\Temp\tmp12.tmp - Deleted
C:\DOCUME~1\Orph4nus\LOCALS~1\Temp\tmp13.tmp - Deleted
C:\DOCUME~1\Orph4nus\LOCALS~1\Temp\tmp32.tmp - Deleted
C:\DOCUME~1\Orph4nus\LOCALS~1\Temp\tmp33.tmp - Deleted
C:\DOCUME~1\Orph4nus\LOCALS~1\Temp\removalfile.bat - Deleted
C:\DOCUME~1\Orph4nus\LOCALS~1\Temp\software.php.ba t - Deleted
Removing Temp Files
ADS Check :
Final Check :
catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-14 12:26:58
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden services & system hive ...
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\sptd\Cfg]
"s1"=dword:2df9c43f
"s2"=dword:110480d0
"h0"=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools Lite\"
"h0"=dword:00000000
"khjeh"=hex:58,57,14,05,19,d6,c2,8b,b8,c5,ab,71,16,10,fc, 80,aa,24,98,2f,f9,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000 001]
"a0"=hex:20,01,00,00,c3,70,26,d7,89,aa,6e,01,77,a1,9b, 68,b5,61,c8,88,65,..
"khjeh"=hex:24,0f,4e,0e,2f,42,64,46,4e,5f,15,ee,d3,77,ee, 42,80,74,4b,b4,14,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000 001\0Jf40]
"khjeh"=hex:78,62,1f,d3,82,54,c0,b2,96,ba,5f,a7,42,e0,f1, 9f,92,b6,c0,8d,df,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\s ptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools Lite\"
"h0"=dword:00000000
"khjeh"=hex:58,57,14,05,19,d6,c2,8b,b8,c5,ab,71,16,10,fc, 80,aa,24,98,2f,f9,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\s ptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,c3,70,26,d7,89,aa,6e,01,77,a1,9b, 68,b5,61,c8,88,65,..
"khjeh"=hex:24,0f,4e,0e,2f,42,64,46,4e,5f,15,ee,d3,77,ee, 42,80,74,4b,b4,14,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\s ptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\ 0Jf40]
"khjeh"=hex:78,62,1f,d3,82,54,c0,b2,96,ba,5f,a7,42,e0,f1, 9f,92,b6,c0,8d,df,..
scanning hidden registry entries ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
Remaining Services :
Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\system\currentcontrolset\servic es\sharedaccess\parameters\firewallpolicy\standard profile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2re s.dll,-22019"
"C:\\Program Files\\Silicon Image\\Java SATARaid\\SiITray.exe"="C:\\Program Files\\Silicon Image\\Java SATARaid\\SiITray.exe:*:Enabled:SiITray"
"C:\\WINDOWS\\system32\\java.exe"="C:\\WINDOWS\\system32\\java.exe:*:Enabled:Java(TM) Platform SE binary"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"D:\\Xfire\\xfire.exe"="D:\\Xfire\\xfire.exe:*:Enabled:Xfire"
"D:\\Steam\\steamapps\\veneni\\counter-strike source\\hl2.exe"="D:\\Steam\\steamapps\\veneni\\counter-strike source\\hl2.exe:*:Enabled:hl2"
"D:\\Steam\\steamapps\\veneni\\half-life 2 deathmatch\\hl2.exe"="D:\\Steam\\steamapps\\veneni\\half-life 2 deathmatch\\hl2.exe:*:Enabled:hl2"
"C:\\Program Files\\uTorrent\\uTorrent.exe"="C:\\Program Files\\uTorrent\\uTorrent.exe:*:Enabled:æTorrent"
"C:\\WINDOWS\\system32\\dpvsetup.exe"="C:\\WINDOWS\\system32\\dpvsetup.exe:*:Enabled:Micr osoft DirectPlay Voice Test"
"C:\\WINDOWS\\system32\\rundll32.exe"="C:\\WINDOWS\\system32\\rundll32.exe:*:Enabled:Een DLL-bestand als toepassing starten"
"C:\\WINDOWS\\system32\\mpxu.exe"="C:\\WINDOWS\\system32\\mpxu.exe:*:Enabled:mpxu"
"D:\\mIRC_P\\mirc.exe"="D:\\mIRC_P\\mirc.exe:*:Enabled:mIRC"
"D:\\Steam\\steamapps\\thebluesage\\team fortress 2\\hl2.exe"="D:\\Steam\\steamapps\\thebluesage\\team fortress 2\\hl2.exe:*:Enabled:hl2"
"D:\\Steam\\steamapps\\thebluesage\\counter-strike\\hl.exe"="D:\\Steam\\steamapps\\thebluesage\\counter-strike\\hl.exe:*:Disabled:Half-Life Launcher"
"D:\\TmNationsForever\\TmForever.exe"="D:\\TmNationsForever\\TmForever.exe:*:Disabled:TmF orever"
"D:\\cs2d_0104\\CounterStrike2D.exe"="D:\\cs2d_0104\\CounterStrike2D.exe:*:Enabled:Count erStrike2D"
"D:\\FEAR\\FEARXP2.exe"="D:\\FEAR\\FEARXP2.exe:*:Enabled:FEARXP2"
"C:\\WINDOWS\\system32\\PnkBstrA.exe"="C:\\WINDOWS\\system32\\PnkBstrA.exe:*:Enabled:PnkB strA"
"C:\\WINDOWS\\system32\\PnkBstrB.exe"="C:\\WINDOWS\\system32\\PnkBstrB.exe:*:Enabled:PnkB strB"
"D:\\Steam\\steamapps\\veneni\\source dedicated server\\srcds.exe"="D:\\Steam\\steamapps\\veneni\\source dedicated server\\srcds.exe:*:Enabled:srcds"
"D:\\DC++\\DCPlusPlus.exe"="D:\\DC++\\DCPlusPlus.exe:*:Enabled:DC++"
"C:\\Program Files\\DC++\\DCPlusPlus.exe"="C:\\Program Files\\DC++\\DCPlusPlus.exe:*:Enabled:DC++"
"C:\\Program Files\\DC++\\Downloads\\[ PC Games ] - Age of Empires II(FULL)\\empires2.EXE"="C:\\Program Files\\DC++\\Downloads\\[ PC Games ] - Age of Empires II(FULL)\\empires2.EXE:*:Enabled:Age of Empires II"
"D:\\LimeWire\\LimeWire.exe"="D:\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"D:\\UT2004\\System\\UT2004.exe"="D:\\UT2004\\System\\UT2004.exe:*:Enabled:UT2004"
"D:\\rld-w4m\\WORMS 4 MAYHEM.EXE"="D:\\rld-w4m\\WORMS 4 MAYHEM.EXE:*:Disabled:Worms 4 Mayhem"
"D:\\Worms 4 Mayhem\\WORMS 4 MAYHEM.EXE"="D:\\Worms 4 Mayhem\\WORMS 4 MAYHEM.EXE:*:Enabled:Worms 4 Mayhem"
"D:\\Steam\\steam.exe"="D:\\Steam\\steam.exe:*:Enabled:Steam"
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjou r"
"D:\\Warcraft III\\Frozen Throne.exe"="D:\\Warcraft III\\Frozen Throne.exe:*:Enabled:Warcraft III - The Frozen Throne"
"C:\\WINDOWS\\system32\\muzapp.exe"="C:\\WINDOWS\\system32\\muzapp.exe:*:Enabled:MUZ AOD APP player"
"C:\\Program Files\\Microsoft Games\\Halo Trial\\halo.exe"="C:\\Program Files\\Microsoft Games\\Halo Trial\\halo.exe:*:Enabled:Halo"
"D:\\Warcraft III\\Warcraft III.exe"="D:\\Warcraft III\\Warcraft III.exe:*:Enabled:Warcraft III"
"C:\\Documents and Settings\\Orph4nus\\Local Settings\\Temp\\Blizzard Launcher Temporary - d995b8a0\\Launcher.exe"="C:\\Documents and Settings\\Orph4nus\\Local Settings\\Temp\\Blizzard Launcher Temporary - d995b8a0\\Launcher.exe:*:Enabled:Blizzard Launcher"
"C:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"="C:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe:*:Enabled:Windows Live Call"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"D:\\Steam\\steamapps\\common\\flatout demo\\FlatOutDemo.exe"="D:\\Steam\\steamapps\\common\\flatout demo\\FlatOutDemo.exe:*:Enabled:FlatOut Demo"
"D:\\World of Warcraft\\WoW-3.0.8.9506-to-3.0.9.9551-enGB-downloader.exe"="D:\\World of Warcraft\\WoW-3.0.8.9506-to-3.0.9.9551-enGB-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"
"C:\\Program Files\\Unreal Tournament 3\\Binaries\\UT3.exe"="C:\\Program Files\\Unreal Tournament 3\\Binaries\\UT3.exe:*:Enabled:Unreal Tournament 3"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\servic es\sharedaccess\parameters\firewallpolicy\domainpr ofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2re s.dll,-22019"
"C:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"="C:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe:*:Enabled:Windows Live Call"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
Remaining Files :
File Backups: - C:\SDFix\backups\backups.zip
Files with Hidden Attributes :
Wed 21 May 2003 61,440 A..H. --- "C:\Documents and Settings\Orph4nus\Bureaublad\autoplay.exe"
Wed 21 Jan 2009 200,704 ...H. --- "C:\Documents and Settings\Orph4nus\Bureaublad\~WRL0002.tmp"
Mon 4 Oct 2004 417,792 A..H. --- "C:\Program Files\Canon\Canon Setup Utility 2.3\Maint.exe"
Tue 11 May 2004 61,440 A..H. --- "C:\Program Files\Canon\Canon Setup Utility 2.3\uinstrsc.dll"
Finished!
__________________________________________________ ____________________
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:40:10, on 14/02/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\ATKKBService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\NVIDIA Corporation\NvMixer\NvMixerTray.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
D:\Razer\Diamondback 3G\razerhid.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe
C:\Program Files\MarkAny\ContentSafer\MAAgent.exe
C:\Program Files\ASUS\GamerOSD\GamerOSD.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe
C:\Program Files\ASUS\SmartDoctor\SmartDoctor.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Microsoft Office\Office\1043\OLFSNT40.EXE
D:\Xfire\xfire.exe
D:\Razer\Diamondback 3G\razerofa.exe
C:\WINDOWS\system\Cm106eye.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Java\jre1.6.0_07\bin\jucheck.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.gocyberlink.com/registration/registration1.asp?SoftWare=POWERDVD&Version_Num=5.0&Cd_Key=MV39844293845489&Company=THUIS&FName=Glen&Lang=Nld
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyServer = 192.168.0.0:2
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\sw g.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [NvMixerTray] C:\Program Files\NVIDIA Corporation\NvMixer\NvMixerTray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [Diamondback] D:\Razer\Diamondback 3G\razerhid.exe
O4 - HKLM\..\Run: [CM106Sound] RunDll32 CM106.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [SMSTray] C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe
O4 - HKLM\..\Run: [MAAgent] C:\Program Files\MarkAny\ContentSafer\MAAgent.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ASUSGamerOSD] C:\Program Files\ASUS\GamerOSD\GamerOSD.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [mpx] c:\WINDOWS\system32\mpx.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe
O4 - HKCU\..\Run: [ASUS SmartDoctor] C:\Program Files\ASUS\SmartDoctor\SmartDoctor.exe /start
O4 - Startup: Xfire.lnk = D:\Xfire\xfire.exe
O4 - Global Startup: Adobe Reader Snelle start.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Java SATARaid.lnk = C:\Program Files\Silicon Image\Java SATARaid\run.bat
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Poort voor Symantec Fax Starter Edition.lnk = C:\Program Files\Microsoft Office\Office\1043\OLFSNT40.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file)
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.srtest.com/srl_bin/sysreqlab_srl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1215350374406
O16 - DPF: {D1E7CBDA-E60E-4970-A01C-37301EF7BF98} (Futuremark SystemInfo) - http://www.yougamers.com/systeminfo/FMSI.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762# # (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Unknown owner - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
--
End of file - 10678 bytes
Rosty 14 February 2009, 14:55 Je Java software is verouderd.
Oudere versies hebben lekken die malware de kans geeft om zich te installeren op je systeem.
Doe eerst deze stappen om Java te de-installeren en de nieuwere versie te installeren:
* Download Java Runtime Environment (JRE) 6u12 (http://java.sun.com/javase/downloads/index.jsp).
Scroll omlaag naar : "Java Runtime Environment (JRE) 6u12".
Klik op de "Download" knop aan de rechterkant.
Vink aan: "Accept License Agreement".
De pagina zal herladen.
Klik op de link om Windows Offline Installation te downloaden met Meerdere-talen, en bewaar het naar je Bureaublad.
Sluit alle programma's die eventueel open zijn - Zeker je web browser!
Ga dan naar Start > Configuratiescherm > Software en verwijder alle oudere versies van Java uit de Softwarelijst.
Vink alles aan met Java Runtime Environment (JRE of J2SE) in de naam.
Klik dan op Verwijderen of op de Wijzig/Verwijder knop.
Herhaal dit tot alle oudere versies verdwenen zijn.
Na het verwijderen van alle oudere versies, herstart je pc.
Dubbelklik vervolgens op jre-6u12-windows-i586-p.exe op je Bureaublad om de nieuwste versie van Java te installeren.
Vervolgens,
laat je weten hoe alles werkt.
Orph4nus 14 February 2009, 15:28 CPU verbruik is nog steeds abnormaal hoog
maar ik heb dus de nieuwste java
systeem loopt wel al vlotter maar nog steeds traag...
en als ik een spel open is het helemaal supper traag. Dus
tis nog nie opgelost maar het gaat wel de goede richting uit.
Hijack log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:25:35, on 14/02/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\NVIDIA Corporation\NvMixer\NvMixerTray.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
D:\Razer\Diamondback 3G\razerhid.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe
C:\Program Files\MarkAny\ContentSafer\MAAgent.exe
C:\Program Files\ASUS\GamerOSD\GamerOSD.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe
C:\Program Files\ASUS\SmartDoctor\SmartDoctor.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Microsoft Office\Office\1043\OLFSNT40.EXE
C:\WINDOWS\ATKKBService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
D:\Razer\Diamondback 3G\razerofa.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system\Cm106eye.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\msiexec.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Java\jdk1.6.0_12\jre\bin\javaw.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\System32\Wbem\wmic.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.gocyberlink.com/registration/registration1.asp?SoftWare=POWERDVD&Version_Num=5.0&Cd_Key=MV39844293845489&Company=THUIS&FName=Glen&Lang=Nld
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyServer = 192.168.0.0:2
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\sw g.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [NvMixerTray] C:\Program Files\NVIDIA Corporation\NvMixer\NvMixerTray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [Diamondback] D:\Razer\Diamondback 3G\razerhid.exe
O4 - HKLM\..\Run: [CM106Sound] RunDll32 CM106.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [SMSTray] C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe
O4 - HKLM\..\Run: [MAAgent] C:\Program Files\MarkAny\ContentSafer\MAAgent.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ASUSGamerOSD] C:\Program Files\ASUS\GamerOSD\GamerOSD.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [mpx] c:\WINDOWS\system32\mpx.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe
O4 - HKCU\..\Run: [ASUS SmartDoctor] C:\Program Files\ASUS\SmartDoctor\SmartDoctor.exe /start
O4 - Startup: Xfire.lnk = D:\Xfire\xfire.exe
O4 - Global Startup: Adobe Reader Snelle start.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Poort voor Symantec Fax Starter Edition.lnk = C:\Program Files\Microsoft Office\Office\1043\OLFSNT40.EXE
O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file)
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.srtest.com/srl_bin/sysreqlab_srl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1215350374406
O16 - DPF: {D1E7CBDA-E60E-4970-A01C-37301EF7BF98} (Futuremark SystemInfo) - http://www.yougamers.com/systeminfo/FMSI.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762# # (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Unknown owner - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
--
End of file - 10596 bytes
Rosty 14 February 2009, 17:44 Download Combofix (http://download.bleepingcomputer.com/sUBs/ComboFix.exe) naar je Bureaublad en gebruik het volgens deze handleiding (http://www.bleepingcomputer.com/combofix/nl/hoe-dient-combofix-gebruikt-te-worden).
OPMERKING: indien je, tijdens of na het downloaden van Combofix of tijdens het gebruik van Combofix een melding krijgt van je Antivirus- of een andere realtime scanner, schakel dan deze scanner uit en download Combofix opnieuw.
Sommige scanners zien bepaalde componenten die Combofix gebruikt als verdacht en gaan deze blokkeren of verwijderen! Dubbelklik op Combofix.exe om het te starten.
Indien je Combofix al eerder hebt gebruikt, kan je een waarschuwing krijgen dat een update beschikbaar is. Sta toe dat ComboFix wordt geupdate.
Klik op OK in het "NirCmd" venstertje.
Indien de Recovery Console niet geïnstalleerd is, wordt je gevraagd om dit alsnog te doen door op JA te klikken in het "Query - Recovery Console" venster.
Klik op OK en Ja om automatisch de Recovery Console te laten installeren.
Klik na afloop terug op Ja om het scannen op malware te starten.
Tijdens het runnen van de fix, NIET in het venster klikken, want dit zal je pc doen vasthangen.
Wanneer de fix voltooid is en na herstart, zal de log Combofix.txt openen.Post dit logje in je volgende antwoord.
Orph4nus 14 February 2009, 19:45 de log die je vroeg. ik hoop dat dit probleem snel zal opgelost worde...
ComboFix 09-02-12.03 - Orph4nus 2009-02-15 0:34:34.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1043.18.1535.966 [GMT 1:00]
Gestart vanuit: c:\documents and settings\Orph4nus\Bureaublad\ComboFix.exe
AV: avast! antivirus 4.8.1335 [VPS 090214-0] *On-access scanning disabled* (Updated)
AV: ESET NOD32 antivirus systeem 2.70 *On-access scanning disabled* (Outdated)
* Nieuw herstelpunt werd aangemaakt
.
(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\ctoyyndn.ini
c:\windows\system32\hxligonx.ini
c:\windows\system32\ikkjwots.ini
c:\windows\system32\ISAbdfii.ini
c:\windows\system32\ISAbdfii.ini2
c:\windows\system32\kcqjftks.ini
c:\windows\system32\mdm.exe
c:\windows\system32\pjxxbsev.ini
c:\windows\system32\qtgknmtt.ini
c:\windows\system32\qtifcvan.ini
c:\windows\system32\ssjdpyrt.ini
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_CLBDRIVER
(((((((((((((((((((( Bestanden Gemaakt van 2009-01-14 to 2009-02-14 ))))))))))))))))))))))))))))))
.
2009-02-14 16:34 . 2009-02-14 16:24 15,688 --a------ c:\windows\system32\lsdelete.exe
2009-02-14 16:32 . 2009-02-14 16:32 <DIR> d-------- c:\documents and settings\LocalService\Bureaublad
2009-02-14 16:25 . 2009-02-14 16:24 64,160 --a------ c:\windows\system32\drivers\Lbd.sys
2009-02-14 16:24 . 2009-02-14 16:24 <DIR> d--h-c--- c:\documents and settings\All Users\Application Data\{83C91755-2546-441D-AC40-9A6B4B860800}
2009-02-14 14:24 . 2009-02-14 14:24 <DIR> d-------- c:\program files\Sun
2009-02-14 14:24 . 2009-02-14 14:23 410,984 --a------ c:\windows\system32\deploytk.dll
2009-02-14 14:24 . 2009-02-14 14:23 73,728 --a------ c:\windows\system32\javacpl.cpl
2009-02-14 14:22 . 2009-02-14 14:23 <DIR> d-------- c:\program files\Java
2009-02-14 14:11 . 2009-02-14 14:12 <DIR> d-------- c:\documents and settings\Orph4nus\.SunDownloadManager
2009-02-14 12:15 . 2009-02-14 12:15 <DIR> d-------- c:\windows\ERUNT
2009-02-14 12:14 . 2009-02-14 12:14 <DIR> d-------- c:\documents and settings\NetworkService\Application Data\Webroot
2009-02-14 12:08 . 2009-02-14 12:29 <DIR> d-------- C:\SDFix
2009-02-14 09:57 . 2009-02-14 09:57 <DIR> d-------- c:\documents and settings\Orph4nus\Application Data\Malwarebytes
2009-02-14 09:57 . 2009-02-11 10:19 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-02-14 09:56 . 2009-02-14 09:57 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-02-14 09:56 . 2009-02-14 09:56 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-02-14 09:56 . 2009-02-11 10:19 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-02-13 17:06 . 2009-02-13 17:06 <DIR> d-------- c:\program files\Trend Micro
2009-02-12 22:09 . 2009-02-12 22:09 <DIR> d--h----- c:\windows\PIF
2009-02-12 21:17 . 2009-02-12 21:17 <DIR> d-------- c:\documents and settings\Orph4nus\Application Data\ATI
2009-02-12 21:17 . 2009-02-12 21:17 <DIR> d-------- c:\documents and settings\All Users\Application Data\ATI
2009-02-12 21:00 . 2006-06-14 13:44 12,288 -ra------ c:\windows\system32\drivers\EIO_XP.sys
2009-02-12 20:55 . 2008-07-02 08:38 89,600 -ra------ c:\windows\system32\drivers\AtiHdmi.sys
2009-02-12 20:51 . 2006-12-28 11:44 84,992 --a------ c:\windows\system32\drivers\AtiHdAud.sys
2009-02-12 20:23 . 2008-01-09 21:54 9,826,304 --a------ c:\windows\system32\atioglx2.dll
2009-02-12 20:19 . 2009-02-12 20:19 <DIR> d-------- c:\program files\SystemRequirementsLab
2009-02-12 20:18 . 2008-07-29 17:20 102,400 --a------ c:\windows\system32\NetVideo_SBS.ax
2009-02-12 20:18 . 2009-02-12 20:18 12,288 --a------ c:\windows\system32\drivers\EIO64_xp.sys
2009-02-12 20:17 . 2009-02-12 20:18 <DIR> d-------- c:\program files\ASUS
2009-02-12 19:59 . 2009-02-12 19:59 <DIR> d-------- c:\documents and settings\Orph4nus\Application Data\InstallShield Installation Information
2009-02-12 19:45 . 2009-02-12 19:45 <DIR> d-------- c:\windows\system32\AGEIA
2009-02-12 19:45 . 2009-02-12 19:45 <DIR> d-------- c:\program files\AGEIA Technologies
2009-02-12 19:09 . 2009-02-12 19:09 <DIR> d-------- c:\program files\My Company Name
2009-02-12 19:08 . 2009-02-12 19:08 <DIR> d-------- c:\program files\Common Files\ATI Technologies
2009-02-12 19:07 . 2009-02-12 21:11 <DIR> d-------- c:\program files\ATI Technologies
2009-02-12 19:07 . 2008-08-08 09:12 3,107,788 -ra------ c:\windows\system32\ativvaxx.dat
2009-02-12 19:07 . 2008-08-08 09:12 3,107,788 -ra------ c:\windows\system32\ativva5x.dat
2009-02-12 19:07 . 2008-08-08 09:12 887,724 -ra------ c:\windows\system32\ativva6x.dat
2009-02-12 19:07 . 2008-08-08 09:49 425,984 -ra------ c:\windows\system32\ATIDEMGX.dll
2009-02-12 19:07 . 2008-08-08 09:31 307,200 -ra------ c:\windows\system32\atiiiexx.dll
2009-02-12 19:07 . 2008-07-23 23:01 14,505 -ra------ c:\windows\atiogl.xml
2009-02-12 19:07 . 2007-08-31 02:20 7,167 -ra------ c:\windows\system32\atifglpf.xml
2009-02-12 19:07 . 2009-02-12 19:07 0 --a------ c:\windows\ativpsrm.bin
2009-02-12 19:06 . 2008-06-23 02:47 174,820 -ra------ c:\windows\system32\atiicdxx.dat
2009-02-12 19:00 . 2009-02-12 19:00 664 --a------ c:\windows\system32\d3d9caps.dat
2009-02-12 19:00 . 2009-02-12 19:00 552 --a------ c:\windows\system32\d3d8caps.dat
2009-02-11 20:00 . 2009-02-11 20:00 <DIR> d-------- c:\windows\system32\Futuremark
2009-02-11 20:00 . 2009-02-11 20:00 <DIR> d-------- c:\program files\Common Files\Futuremark Shared
2009-02-11 20:00 . 2008-09-17 15:14 27,672 -ra------ c:\windows\system32\drivers\Entech.sys
2009-02-11 19:49 . 2009-02-11 19:49 <DIR> d-------- c:\documents and settings\All Users\Application Data\nView_Profiles
2009-02-11 19:41 . 2007-05-31 19:30 266,088 --a------ c:\windows\system32\xactengine2_8.dll
2009-02-11 19:41 . 2007-04-04 18:55 261,480 --a------ c:\windows\system32\xactengine2_7.dll
2009-02-11 19:41 . 2007-01-24 15:27 255,848 --a------ c:\windows\system32\xactengine2_6.dll
2009-02-11 19:41 . 2007-05-31 19:29 18,280 --a------ c:\windows\system32\x3daudio1_2.dll
2009-02-11 19:40 . 2009-02-11 19:40 324 --a------ c:\windows\game.ini
2009-02-11 19:38 . 2009-02-11 19:38 <DIR> d-------- c:\program files\Activision
2009-02-07 13:32 . 2009-02-15 00:42 <DIR> d-------- c:\documents and settings\Orph4nus\Tracing
2009-02-07 13:25 . 2009-02-07 13:25 <DIR> d-------- c:\program files\Microsoft
2009-02-07 13:24 . 2009-02-07 13:24 <DIR> d-------- c:\program files\Windows Live SkyDrive
2009-02-07 13:12 . 2009-02-07 13:12 <DIR> d-------- c:\program files\Common Files\Windows Live
2009-02-05 21:50 . 2009-02-05 21:50 42,320 --a------ c:\windows\system32\xfcodec.dll
2009-01-14 12:15 . 2006-08-21 10:14 128,896 -----c--- c:\windows\system32\dllcache\fltmgr.sys
2009-01-14 12:15 . 2006-08-21 10:14 23,040 -----c--- c:\windows\system32\dllcache\fltmc.exe
2009-01-14 12:15 . 2006-08-21 13:28 16,896 -----c--- c:\windows\system32\dllcache\fltlib.dll
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2009-02-14 23:42 --------- d-----w c:\documents and settings\Orph4nus\Application Data\Xfire
2009-02-14 23:42 --------- d-----w c:\documents and settings\Orph4nus\Application Data\Skype
2009-02-14 23:41 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2009-02-14 23:22 --------- d-----w c:\documents and settings\Orph4nus\Application Data\skypePM
2009-02-14 15:23 --------- d-----w c:\program files\Lavasoft
2009-02-14 15:23 --------- d-----w c:\program files\Common Files\Wise Installation Wizard
2009-02-14 15:23 --------- d-----w c:\documents and settings\Orph4nus\Application Data\Lavasoft
2009-02-14 11:39 --------- d-----w c:\documents and settings\Orph4nus\Application Data\uTorrent
2009-02-14 10:23 --------- d-----w c:\documents and settings\All Users\Application Data\Avira
2009-02-12 20:57 --------- d--h--w c:\program files\InstallShield Installation Information
2009-02-12 18:06 --------- d-----w c:\program files\Common Files\InstallShield
2009-02-07 12:23 --------- d-----w c:\program files\Windows Live
2009-01-28 13:39 98,304 ----a-w c:\windows\system32\CmdLineExt.dll
2009-01-25 21:47 --------- d-----w c:\program files\Google
2009-01-17 10:40 304,182 ----a-w C:\StiImg.dat
2009-01-11 19:53 --------- d-----w c:\program files\GameSpy Arcade
2009-01-11 19:52 --------- d-----w c:\program files\Microsoft Games
2009-01-05 17:59 --------- d-----w c:\program files\Everest Poker
2008-12-30 23:14 --------- d-----w c:\program files\PartyGaming
2008-12-28 10:31 --------- d-----w c:\program files\MSXML 6.0
2008-12-28 10:29 --------- d-----w c:\program files\MSXML 4.0
2008-12-26 09:16 --------- d-----w c:\program files\CyberLink
2008-12-26 09:08 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Corporation
2008-12-26 09:07 --------- d-----w c:\program files\Microsoft Windows Vista Upgrade Advisor
2008-12-20 23:03 826,368 ----a-w c:\windows\system32\wininet.dll
2008-12-17 23:32 --------- d-----w c:\documents and settings\Orph4nus\Application Data\Acreon
2008-12-12 17:54 107,832 ----a-w c:\windows\system32\PnkBstrB.exe
2008-12-02 21:37 49,480 ----a-w c:\windows\system32\sirenacm.dll
2008-07-26 00:30 22,328 ----a-w c:\documents and settings\Orph4nus\Application Data\PnkBstrK.sys
1999-05-03 14:01 99,840 ----a-w c:\program files\Common Files\IRAABOUT.DLL
1998-12-08 23:53 70,144 ----a-w c:\program files\Common Files\IRAMDMTR.DLL
1998-12-08 23:53 48,640 ----a-w c:\program files\Common Files\IRALPTTR.DLL
1998-12-08 23:53 31,744 ----a-w c:\program files\Common Files\IRAWEBTR.DLL
1998-12-08 23:53 186,368 ----a-w c:\program files\Common Files\IRAREG.DLL
1998-12-08 23:53 17,920 ----a-w c:\program files\Common Files\IRASRIAL.DLL
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))) )
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2008-12-02 3882312]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-04-01 486856]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2008-09-29 21755688]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe" [2009-01-25 39408]
"ASUS SmartDoctor"="c:\program files\ASUS\SmartDoctor\SmartDoctor.exe" [2008-07-31 1159168]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"NvMixerTray"="c:\program files\NVIDIA Corporation\NvMixer\NvMixerTray.exe" [2004-03-03 131072]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-22 7700480]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-07-14 57344]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]
"ISTray"="c:\program files\Spyware Doctor\pctsTray.exe" [2008-04-10 1107848]
"Diamondback"="d:\razer\Diamondback 3G\razerhid.exe" [2007-08-01 147456]
"SMSTray"="c:\program files\Samsung\Samsung Media Studio 5\SMSTray.exe" [2007-02-23 126976]
"MAAgent"="c:\program files\MarkAny\ContentSafer\MAAgent.exe" [2007-01-30 57344]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-10-22 86016]
"ASUSGamerOSD"="c:\program files\ASUS\GamerOSD\GamerOSD.exe" [2008-07-29 380928]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-07-16 61440]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-02-14 148888]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-02-14 509784]
"nwiz"="nwiz.exe" [2006-10-22 c:\windows\system32\nwiz.exe]
c:\documents and settings\Orph4nus\Menu Start\Programma's\Opstarten\
Xfire.lnk - d:\xfire\xfire.exe [2009-02-05 3008336]
c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\
Adobe Reader Snelle start.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-04-23 29696]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-02-17 65588]
Poort voor Symantec Fax Starter Edition.lnk - c:\program files\Microsoft Office\Office\1043\OLFSNT40.EXE [1999-05-03 46077]
[hkey_local_machine\software\microsoft\windows\curr entversion\explorer\ShellExecuteHooks]
"{88485281-8b4b-4f8d-9ede-82e29a064277}"= "c:\progra~1\MarkAny\CONTEN~1\MACSMA~1.DLL" [2004-11-23 192512]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.XFR1"= xfcodec.dll
"vidc.asv2"= asusasv2.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\java.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"d:\\Xfire\\xfire.exe"=
"d:\\Steam\\steamapps\\veneni\\counter-strike source\\hl2.exe"=
"d:\\Steam\\steamapps\\veneni\\half-life 2 deathmatch\\hl2.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"d:\\mIRC_P\\mirc.exe"=
"d:\\Steam\\steamapps\\thebluesage\\team fortress 2\\hl2.exe"=
"d:\\Steam\\steamapps\\thebluesage\\counter-strike\\hl.exe"=
"d:\\TmNationsForever\\TmForever.exe"=
"d:\\cs2d_0104\\CounterStrike2D.exe"=
"d:\\FEAR\\FEARXP2.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"d:\\Steam\\steamapps\\veneni\\source dedicated server\\srcds.exe"=
"d:\\DC++\\DCPlusPlus.exe"=
"c:\\Program Files\\DC++\\DCPlusPlus.exe"=
"d:\\LimeWire\\LimeWire.exe"=
"d:\\UT2004\\System\\UT2004.exe"=
"d:\\Worms 4 Mayhem\\WORMS 4 MAYHEM.EXE"=
"d:\\Steam\\steam.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"d:\\Warcraft III\\Frozen Throne.exe"=
"c:\\WINDOWS\\system32\\muzapp.exe"=
"c:\\Program Files\\Microsoft Games\\Halo Trial\\halo.exe"=
"d:\\Warcraft III\\Warcraft III.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"d:\\Steam\\steamapps\\common\\flatout demo\\FlatOutDemo.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"d:\\Unreal Tournament 3\\Binaries\\UT3.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-02-14 64160]
R0 SiWinAcc;SiWinAcc;c:\windows\system32\drivers\SiWi nAcc.sys [2003-09-17 10240]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-07-06 114768]
R1 nod32drv;nod32drv;c:\windows\system32\drivers\nod3 2drv.sys [2008-07-12 15424]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswF sBlk.sys [2008-07-06 20560]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2009-01-18 950096]
R3 AtiHdmiService;ATI Function Driver for HDMI Service;c:\windows\system32\drivers\AtiHdmi.sys [2009-02-12 89600]
R3 CM1063264;C-Media CM106 Like Sound UDAX Interface;c:\windows\system32\drivers\CM106.sys [2008-07-29 1306112]
R3 SCREAMINGBDRIVER;Screaming Bee Audio;c:\windows\system32\drivers\ScreamingBAudio. sys [2008-09-07 21920]
S0 NVDual;NVDual; [x]
S2 nvTUNEP;nVidia WDM TVTuner;c:\windows\system32\drivers\NVTUNEP.SYS [2008-07-05 15968]
S2 nvtvSND;nVidia WDM TVAudio Crossbar;c:\windows\system32\drivers\NVTVSND.SYS [2008-07-05 13776]
S3 cpuz130;cpuz130;\??\c:\docume~1\Orph4nus\LOCALS~1\ Temp\cpuz130\cpuz_x32.sys --> c:\docume~1\Orph4nus\LOCALS~1\Temp\cpuz130\cpuz_x3 2.sys [?]
S3 Razerlow;Diamondback 3G USB Filter Driver;c:\windows\system32\drivers\DB3G.sys [2008-07-29 13225]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [2008-07-12 337800]
[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\E]
\Shell\AutoRun\command - E:\setup.exe
[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\F]
\Shell\AutoRun\command - F:\AUTORUN.EXE
.
Inhoud van de 'Gedeelde Taken' map
2009-02-14 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-02-14 16:24]
2009-01-18 c:\windows\Tasks\ErrorSmart Scheduled Scan.job
- c:\program files\ErrorSmart\ErrorSmart.exe []
2009-01-18 c:\windows\Tasks\ErrorSmart Scheduled Scan.job
- c:\program files\ErrorSmart []
2009-02-13 c:\windows\Tasks\Norton Security Scan.job
- c:\program files\Norton Security Scan\Nss.exe []
.
- - - - ORPHANS VERWIJDERD - - - -
HKCU-Run-mpx - c:\windows\system32\mpx.exe
HKLM-Run-CM106Sound - CM106.cpl
.
------- Bijkomende Scan -------
.
uStart Page = about:blank
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = hxxp://www.gocyberlink.com/registration/registration1.asp?SoftWare=POWERDVD&Version_Num=5.0&Cd_Key=MV39844293845489&Company=THUIS&FName=Glen&Lang=Nld
uInternet Settings,ProxyServer = 192.168.0.0:2
uInternet Settings,ProxyOverride = *.local
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
.
************************************************** ************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-15 00:41:54
Windows 5.1.2600 Service Pack 2 NTFS
scannen van verborgen processen ...
scannen van verborgen autostart items ...
scannen van verborgen bestanden ...
c:\windows\TEMP\_av_proI.tm~a00536\stamp.tmp 10 bytes
Scan succesvol afgerond
verborgen bestanden: 1
************************************************** ************************
.
--------------------- DLLs Geladen Onder Lopende Processen ---------------------
- - - - - - - > 'winlogon.exe'(752)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\WRLogonNTF.dll
.
------------------------ Andere Aktieve Processen ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\windows\system32\ati2evxx.exe
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\windows\ATKKBService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\ESET\nod32krn.exe
c:\windows\system32\rundll32.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\PnkBstrB.exe
c:\program files\Webroot\Spy Sweeper\SpySweeper.exe
d:\razer\Diamondback 3G\razerofa.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
c:\windows\system32\wbem\unsecapp.exe
.
************************************************** ************************
.
Voltooingstijd: 2009-02-15 0:48:12 - machine werd herstart
ComboFix-quarantined-files.txt 2009-02-14 23:48:03
Pre-Run: 21.431.128.064 bytes beschikbaar
Post-Run: 21,506,723,840 bytes beschikbaar
WindowsXP-KB310994-SP2-Pro-BootDisk-NLD.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOW S
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /usepmtimer /NoExecute=OptIn
300 --- E O F --- 2009-02-12 18:03:36
Rosty 15 February 2009, 10:04 Nog problemen nu?
Orph4nus 15 February 2009, 12:45 JA bij normaal gebruik dus zonder iets te doen nog steeds 60% en vanaf ik iets opstart 100%... dus jaa nog altijd problemen :( en ik begin het irritant te vinde :s
hijack logje ?
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:44:10, on 15/02/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\NVIDIA Corporation\NvMixer\NvMixerTray.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
D:\Razer\Diamondback 3G\razerhid.exe
C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe
C:\Program Files\MarkAny\ContentSafer\MAAgent.exe
C:\Program Files\ASUS\GamerOSD\GamerOSD.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe
C:\Program Files\ASUS\SmartDoctor\SmartDoctor.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\WINDOWS\ATKKBService.exe
C:\Program Files\Microsoft Office\Office\1043\OLFSNT40.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
D:\Razer\Diamondback 3G\razerofa.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.gocyberlink.com/registration/registration1.asp?SoftWare=POWERDVD&Version_Num=5.0&Cd_Key=MV39844293845489&Company=THUIS&FName=Glen&Lang=Nld
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyServer = 192.168.0.0:2
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\sw g.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [NvMixerTray] C:\Program Files\NVIDIA Corporation\NvMixer\NvMixerTray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [Diamondback] D:\Razer\Diamondback 3G\razerhid.exe
O4 - HKLM\..\Run: [SMSTray] C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe
O4 - HKLM\..\Run: [MAAgent] C:\Program Files\MarkAny\ContentSafer\MAAgent.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ASUSGamerOSD] C:\Program Files\ASUS\GamerOSD\GamerOSD.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe
O4 - HKCU\..\Run: [ASUS SmartDoctor] C:\Program Files\ASUS\SmartDoctor\SmartDoctor.exe /start
O4 - Startup: Xfire.lnk = D:\Xfire\xfire.exe
O4 - Global Startup: Adobe Reader Snelle start.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Poort voor Symantec Fax Starter Edition.lnk = C:\Program Files\Microsoft Office\Office\1043\OLFSNT40.EXE
O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file)
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.srtest.com/srl_bin/sysreqlab_srl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1215350374406
O16 - DPF: {D1E7CBDA-E60E-4970-A01C-37301EF7BF98} (Futuremark SystemInfo) - http://www.yougamers.com/systeminfo/FMSI.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762# # (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Unknown owner - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
--
End of file - 10368 bytes
Orph4nus 15 February 2009, 12:51 zelfs als in taakbeheer staat
dat niet actieve systeem zegt 95% +/- cpu dan is cpu verbruik nog altijd 55+/- % :s
ultddave 15 February 2009, 13:51 Hoeveel RAM heb je? en welke CPU?
- Dave -
Orph4nus 15 February 2009, 13:59 CPU: AMD Athlom(tm) 64 proccessor 3000+
RAM: 1536 MB
maar ik had het probleem nooit .. dus daar ligt het niet aan...
het is plots gekomen
Orph4nus 15 February 2009, 16:26 Ok alles is opgelost door systeemherstel ^^
ik heb nog logs gemaakt van alles opnieuw . heironder dus..
mbam-log:
Malwarebytes' Anti-Malware 1.34
Database versie: 1763
Windows 5.1.2600 Service Pack 2
15/02/2009 15:04:34
mbam-log-2009-02-15 (15-04-34).txt
Scan type: Snelle Scan
Objecten gescand: 62989
Verstreken tijd: 8 minute(s), 52 second(s)
Geheugenprocessen geïnfecteerd: 0
Geheugenmodulen geïnfecteerd: 0
Registersleutels geïnfecteerd: 28
Registerwaarden geïnfecteerd: 10
Registerdata bestanden geïnfecteerd: 0
Mappen geïnfecteerd: 13
Bestanden geïnfecteerd: 5
Geheugenprocessen geïnfecteerd:
(Geen kwaadaardige items gevonden)
Geheugenmodulen geïnfecteerd:
(Geen kwaadaardige items gevonden)
Registersleutels geïnfecteerd:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{185060a5-65b5-4e2b-a5d9-0c568652f6bc} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\xxywtnhw (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{185060a5-65b5-4e2b-a5d9-0c568652f6bc} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{77244082-d27e-416c-9661-fad640973fce} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\xxyvnevu (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{77244082-d27e-416c-9661-fad640973fce} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{048e42d3-6982-4c59-b035-84803cdecb70} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{048e42d3-6982-4c59-b035-84803cdecb70} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Ext\Stats\{7545d8c8-f53c-4e2f-8fa0-d248ef4a6e61} (Rogue.Installer) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Ext\Stats\{77244082-d27e-416c-9661-fad640973fce} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Uninstall\rhccp3j0er6p (Rogue.AntivirusXP2008) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\rhccp3j0er6p (Rogue.AntivirusXP2008) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\clbdriver (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Software Notifier (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\dslcnnct (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\IProxyProvid er (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\VSPlugin (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\sqvgnrpx.bpdl (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\sqvgnrpx.toolbar.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Uninstall\SystemDefender (Rogue.SystemDefender) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Uninstall\WebVideo (Trojan.FakeAlert) -> Quarantined and deleted successfully.
Registerwaarden geïnfecteerd:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\ShellExecuteHooks\{77244082-d27e-416c-9661-fad640973fce} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run\smrhccp3j0er6p (Rogue.AntivirusXP2008) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\rhccp3j0er6p (Rogue.AntivirusXP2008) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components\0\source (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Settings\bf (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Settings\bk (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Settings\iu (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Settings\mu (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\ShellServiceObjectDelayLoad\fdxbameg (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\ShellServiceObjectDelayLoad\fsrpknov (Trojan.FakeAlert) -> Quarantined and deleted successfully.
Registerdata bestanden geïnfecteerd:
(Geen kwaadaardige items gevonden)
Mappen geïnfecteerd:
C:\WINDOWS\privacy_danger (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\privacy_danger\images (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Orph4nus\Application Data\rhccp3j0er6p (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Orph4nus\Application Data\rhccp3j0er6p\Quarantine (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Orph4nus\Application Data\rhccp3j0er6p\Quarantine\Autorun (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Orph4nus\Application Data\rhccp3j0er6p\Quarantine\Autorun\HKCU (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Orph4nus\Application Data\rhccp3j0er6p\Quarantine\Autorun\HKCU\RunOnce (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Orph4nus\Application Data\rhccp3j0er6p\Quarantine\Autorun\HKLM (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Orph4nus\Application Data\rhccp3j0er6p\Quarantine\Autorun\HKLM\RunOnce (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Orph4nus\Application Data\rhccp3j0er6p\Quarantine\Autorun\StartMenuAllU sers (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Orph4nus\Application Data\rhccp3j0er6p\Quarantine\Autorun\StartMenuCurr entUser (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Orph4nus\Application Data\rhccp3j0er6p\Quarantine\BrowserObjects (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Orph4nus\Application Data\rhccp3j0er6p\Quarantine\Packages (Rogue.Multiple) -> Quarantined and deleted successfully.
Bestanden geïnfecteerd:
C:\WINDOWS\system32\xxywTNHW.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\xxyVNEvU.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\enfp.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\cookies.ini (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\pskt.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
combofix-log :
ComboFix 09-02-14.01 - Orph4nus 2009-02-15 15:12:46.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1043.18.1535.1082 [GMT 1:00]
Gestart vanuit: c:\documents and settings\Orph4nus\Bureaublad\ComboFix.exe
AV: avast! antivirus 4.8.1296 [VPS 090215-0] *On-access scanning disabled* (Updated)
AV: Avira AntiVir PersonalEdition *On-access scanning enabled* (Outdated)
AV: ESET NOD32 antivirus systeem 2.70 *On-access scanning disabled* (Outdated)
* Nieuw herstelpunt werd aangemaakt
.
(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\ctoyyndn.ini
c:\windows\system32\hxligonx.ini
c:\windows\system32\ikkjwots.ini
c:\windows\system32\ISAbdfii.ini
c:\windows\system32\kcqjftks.ini
c:\windows\system32\mdm.exe
c:\windows\system32\pjxxbsev.ini
c:\windows\system32\qtgknmtt.ini
c:\windows\system32\qtifcvan.ini
c:\windows\system32\ssjdpyrt.ini
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_CLBDRIVER
(((((((((((((((((((( Bestanden Gemaakt van 2009-01-15 to 2009-02-15 ))))))))))))))))))))))))))))))
.
2009-02-15 15:03 . 2009-02-15 15:03 410,984 --a------ c:\windows\system32\deploytk.dll
2009-02-15 14:54 . 2009-02-11 10:19 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-02-15 14:54 . 2009-02-11 10:19 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-02-15 14:49 . 2009-02-15 14:49 <DIR> d-------- c:\documents and settings\Orph4nus\Application Data\ATI
2009-02-15 14:42 . 2009-02-15 14:42 <DIR> d-------- c:\program files\My Company Name
2009-02-15 14:39 . 2009-02-15 14:39 <DIR> d-------- c:\program files\Common Files\ATI Technologies
2009-02-15 14:39 . 2008-08-08 09:49 425,984 -ra------ c:\windows\system32\ATIDEMGX.dll
2009-02-15 14:39 . 2008-08-08 09:31 307,200 -ra------ c:\windows\system32\atiiiexx.dll
2009-02-15 14:24 . 2009-02-15 14:24 <DIR> d-------- c:\documents and settings\Orph4nus\Application Data\InstallShield Installation Information
2009-02-15 14:23 . 2009-02-15 14:23 <DIR> d-------- c:\program files\Silicon Image
2009-02-15 14:23 . 2009-02-15 15:09 <DIR> d-------- c:\program files\Java
2009-02-15 14:23 . 2009-02-15 14:23 <DIR> d-------- c:\program files\Avira
2009-02-15 14:23 . 2009-02-15 14:23 <DIR> d-------- c:\documents and settings\All Users\Application Data\POPWWPROFILES
2009-02-15 14:22 . 2009-02-15 14:22 <DIR> d-------- c:\program files\Webroot
2009-02-15 14:22 . 2009-02-15 14:22 <DIR> d-------- c:\program files\SpywareBlaster
2009-02-15 14:22 . 2009-02-15 14:22 <DIR> d-------- c:\program files\Spyware Doctor
2009-02-15 14:22 . 2009-02-15 14:22 <DIR> d-------- c:\documents and settings\Orph4nus\Application Data\Webroot
2009-02-15 14:22 . 2009-02-15 14:22 <DIR> d-------- c:\documents and settings\Orph4nus\Application Data\PC Tools
2009-02-15 14:22 . 2009-02-15 14:22 <DIR> d-------- c:\documents and settings\LocalService\Application Data\Webroot
2009-02-15 14:22 . 2009-02-15 14:22 <DIR> d-------- c:\documents and settings\All Users\Application Data\Webroot
2009-02-15 14:12 . 2009-02-15 14:22 <DIR> d-------- C:\RECYCLER(2)
2009-02-15 13:25 . 2009-02-15 13:25 <DIR> d-------- c:\program files\AMD
2009-02-14 16:34 . 2008-05-16 10:58 12,632 --a------ c:\windows\system32\lsdelete.exe
2009-02-14 16:24 . 2009-02-15 14:22 <DIR> d----c--- c:\documents and settings\All Users\Application Data\{83C91755-2546-441D-AC40-9A6B4B860800}
2009-02-14 14:24 . 2009-02-14 14:24 <DIR> d-------- c:\program files\Sun
2009-02-14 14:22 . 2009-02-14 14:23 <DIR> d-------- c:\program files\Java(2)
2009-02-14 14:11 . 2009-02-15 14:23 <DIR> d-------- c:\documents and settings\Orph4nus\.SunDownloadManager
2009-02-14 12:15 . 2009-02-14 12:15 <DIR> d-------- c:\windows\ERUNT
2009-02-14 12:08 . 2009-02-15 14:23 <DIR> d-------- C:\SDFix
2009-02-14 09:57 . 2009-02-14 09:57 <DIR> d-------- c:\documents and settings\Orph4nus\Application Data\Malwarebytes
2009-02-14 09:56 . 2009-02-15 14:54 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-02-14 09:56 . 2009-02-14 09:56 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-02-13 17:06 . 2009-02-13 17:06 <DIR> d-------- c:\program files\Trend Micro
2009-02-12 21:17 . 2009-02-12 21:17 <DIR> d-------- c:\documents and settings\All Users\Application Data\ATI
2009-02-12 20:17 . 2009-02-12 20:18 <DIR> d-------- c:\program files\ASUS
2009-02-12 19:45 . 2009-02-12 19:45 <DIR> d-------- c:\windows\system32\AGEIA
2009-02-12 19:45 . 2009-02-15 14:24 <DIR> d-------- c:\program files\AGEIA Technologies
2009-02-12 19:07 . 2009-02-15 14:42 <DIR> d-------- c:\program files\ATI Technologies
2009-02-12 19:07 . 2008-08-08 09:12 3,107,788 -ra------ c:\windows\system32\ativvaxx.dat
2009-02-12 19:07 . 2008-08-08 09:12 3,107,788 -ra------ c:\windows\system32\ativva5x.dat
2009-02-12 19:07 . 2008-08-08 09:12 887,724 -ra------ c:\windows\system32\ativva6x.dat
2009-02-12 19:07 . 2008-07-23 23:01 14,505 -ra------ c:\windows\atiogl.xml
2009-02-12 19:07 . 2007-08-31 02:20 7,167 -ra------ c:\windows\system32\atifglpf.xml
2009-02-12 19:07 . 2009-02-12 19:07 0 --a------ c:\windows\ativpsrm.bin
2009-02-12 19:06 . 2008-06-23 02:47 174,820 -ra------ c:\windows\system32\atiicdxx.dat
2009-02-12 19:00 . 2009-02-15 14:34 664 --a------ c:\windows\system32\d3d9caps.dat
2009-02-12 19:00 . 2009-02-12 19:00 552 --a------ c:\windows\system32\d3d8caps.dat
2009-02-11 20:00 . 2009-02-11 20:00 <DIR> d-------- c:\program files\Common Files\Futuremark Shared
2009-02-11 19:38 . 2009-02-11 19:38 <DIR> d-------- c:\program files\Activision
2009-02-11 01:13 . 2009-02-11 01:13 42,320 --a------ c:\windows\system32\xfcodec.dll
2009-02-07 13:32 . 2009-02-15 15:16 <DIR> d-------- c:\documents and settings\Orph4nus\Tracing
2009-02-07 13:25 . 2009-02-07 13:25 <DIR> d-------- c:\program files\Microsoft
2009-02-07 13:24 . 2009-02-07 13:24 <DIR> d-------- c:\program files\Windows Live SkyDrive
2009-02-07 13:12 . 2009-02-07 13:12 <DIR> d-------- c:\program files\Common Files\Windows Live
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2009-02-15 14:16 --------- d-----w c:\documents and settings\Orph4nus\Application Data\Skype
2009-02-15 14:07 --------- d-----w c:\documents and settings\Orph4nus\Application Data\Xfire
2009-02-15 13:27 --------- d-----w c:\documents and settings\Orph4nus\Application Data\uTorrent
2009-02-15 13:25 --------- d--h--w c:\program files\InstallShield Installation Information
2009-02-15 13:24 --------- d-----w c:\program files\Common Files\Wise Installation Wizard
2009-02-15 13:22 --------- d-----w c:\program files\Spybot - Search & Destroy
2009-02-15 13:22 --------- d-----w c:\program files\Lavasoft
2009-02-15 13:22 --------- d-----w c:\program files\ESET
2009-02-15 13:22 --------- d-----w c:\documents and settings\Orph4nus\Application Data\Lavasoft
2009-02-15 13:22 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-02-15 12:40 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2009-02-15 10:39 --------- d-----w c:\documents and settings\Orph4nus\Application Data\skypePM
2009-02-14 10:23 --------- d-----w c:\documents and settings\All Users\Application Data\Avira
2009-02-12 18:06 --------- d-----w c:\program files\Common Files\InstallShield
2009-02-07 12:23 --------- d-----w c:\program files\Windows Live
2009-01-25 21:47 --------- d-----w c:\program files\Google
2009-01-17 10:40 304,182 ----a-w C:\StiImg.dat
2009-01-11 19:53 --------- d-----w c:\program files\GameSpy Arcade
2009-01-11 19:52 --------- d-----w c:\program files\Microsoft Games
2009-01-05 17:59 --------- d-----w c:\program files\Everest Poker
2008-12-30 23:14 --------- d-----w c:\program files\PartyGaming
2008-12-28 10:31 --------- d-----w c:\program files\MSXML 6.0
2008-12-28 10:29 --------- d-----w c:\program files\MSXML 4.0
2008-12-26 09:16 --------- d-----w c:\program files\CyberLink
2008-12-26 09:08 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Corporation
2008-12-26 09:07 --------- d-----w c:\program files\Microsoft Windows Vista Upgrade Advisor
2008-12-17 23:32 --------- d-----w c:\documents and settings\Orph4nus\Application Data\Acreon
2008-07-26 00:30 22,328 ----a-w c:\documents and settings\Orph4nus\Application Data\PnkBstrK.sys
1999-05-03 14:01 99,840 ----a-w c:\program files\Common Files\IRAABOUT.DLL
1998-12-08 23:53 70,144 ----a-w c:\program files\Common Files\IRAMDMTR.DLL
1998-12-08 23:53 48,640 ----a-w c:\program files\Common Files\IRALPTTR.DLL
1998-12-08 23:53 31,744 ----a-w c:\program files\Common Files\IRAWEBTR.DLL
1998-12-08 23:53 186,368 ----a-w c:\program files\Common Files\IRAREG.DLL
1998-12-08 23:53 17,920 ----a-w c:\program files\Common Files\IRASRIAL.DLL
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))) )
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2008-12-02 3882312]
"mpx"="c:\windows\system32\mpx.exe" [BU]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-04-01 486856]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2008-09-29 21755688]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe" [2009-01-25 39408]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"NvMixerTray"="c:\program files\NVIDIA Corporation\NvMixer\NvMixerTray.exe" [2004-03-03 131072]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-22 7700480]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-07-14 57344]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-11-26 81000]
"ISTray"="c:\program files\Spyware Doctor\pctsTray.exe" [2008-04-10 1107848]
"avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-02-12 262401]
"Diamondback"="d:\razer\Diamondback 3G\razerhid.exe" [2007-08-01 147456]
"SMSTray"="c:\program files\Samsung\Samsung Media Studio 5\SMSTray.exe" [2007-02-23 126976]
"MAAgent"="c:\program files\MarkAny\ContentSafer\MAAgent.exe" [2007-01-30 57344]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-10-22 86016]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-07-16 61440]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-02-15 148888]
"nwiz"="nwiz.exe" [2006-10-22 c:\windows\system32\nwiz.exe]
"CM106Sound"="CM106.cpl" [BU]
c:\documents and settings\Orph4nus\Menu Start\Programma's\Opstarten\
Xfire.lnk - d:\xfire\xfire.exe [2009-02-11 3008336]
c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\
Adobe Reader Snelle start.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-04-23 29696]
Java SATARaid.lnk - c:\program files\Silicon Image\Java SATARaid\run.bat [2008-07-05 91]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-02-17 65588]
Poort voor Symantec Fax Starter Edition.lnk - c:\program files\Microsoft Office\Office\1043\OLFSNT40.EXE [1999-05-03 46077]
[hkey_local_machine\software\microsoft\windows\curr entversion\explorer\ShellExecuteHooks]
"{88485281-8b4b-4f8d-9ede-82e29a064277}"= "c:\progra~1\MarkAny\CONTEN~1\MACSMA~1.DLL" [2004-11-23 192512]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.XFR1"= xfcodec.dll
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Silicon Image\\Java SATARaid\\SiITray.exe"=
"c:\\WINDOWS\\system32\\java.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"d:\\Xfire\\xfire.exe"=
"d:\\Steam\\steamapps\\veneni\\counter-strike source\\hl2.exe"=
"d:\\Steam\\steamapps\\veneni\\half-life 2 deathmatch\\hl2.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"d:\\mIRC_P\\mirc.exe"=
"d:\\Steam\\steamapps\\thebluesage\\team fortress 2\\hl2.exe"=
"d:\\Steam\\steamapps\\thebluesage\\counter-strike\\hl.exe"=
"d:\\TmNationsForever\\TmForever.exe"=
"d:\\cs2d_0104\\CounterStrike2D.exe"=
"d:\\FEAR\\FEARXP2.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"d:\\Steam\\steamapps\\veneni\\source dedicated server\\srcds.exe"=
"d:\\DC++\\DCPlusPlus.exe"=
"c:\\Program Files\\DC++\\DCPlusPlus.exe"=
"d:\\LimeWire\\LimeWire.exe"=
"d:\\UT2004\\System\\UT2004.exe"=
"d:\\Worms 4 Mayhem\\WORMS 4 MAYHEM.EXE"=
"d:\\Steam\\steam.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"d:\\Warcraft III\\Frozen Throne.exe"=
"c:\\WINDOWS\\system32\\muzapp.exe"=
"c:\\Program Files\\Microsoft Games\\Halo Trial\\halo.exe"=
"d:\\Warcraft III\\Warcraft III.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
R0 SiWinAcc;SiWinAcc;c:\windows\system32\drivers\SiWi nAcc.sys [2003-09-17 10240]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-07-06 111184]
R1 nod32drv;nod32drv;c:\windows\system32\drivers\nod3 2drv.sys [2008-07-12 15424]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswF sBlk.sys [2008-07-06 20560]
R3 CM1063264;C-Media CM106 Like Sound UDAX Interface;c:\windows\system32\drivers\CM106.sys [2008-07-29 1306112]
R3 SCREAMINGBDRIVER;Screaming Bee Audio;c:\windows\system32\drivers\ScreamingBAudio. sys [2008-09-07 21920]
S0 NVDual;NVDual; [x]
S2 nvTUNEP;nVidia WDM TVTuner;c:\windows\system32\drivers\NVTUNEP.SYS [2008-07-05 15968]
S2 nvtvSND;nVidia WDM TVAudio Crossbar;c:\windows\system32\drivers\NVTVSND.SYS [2008-07-05 13776]
S3 Razerlow;Diamondback 3G USB Filter Driver;c:\windows\system32\drivers\DB3G.sys [2008-07-29 13225]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [2008-07-12 337800]
.
Inhoud van de 'Gedeelde Taken' map
2009-02-14 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe []
2009-01-18 c:\windows\Tasks\ErrorSmart Scheduled Scan.job
- c:\program files\ErrorSmart\ErrorSmart.exe []
2009-01-18 c:\windows\Tasks\ErrorSmart Scheduled Scan.job
- c:\program files\ErrorSmart []
2009-02-13 c:\windows\Tasks\Norton Security Scan.job
- c:\program files\Norton Security Scan\Nss.exe []
.
- - - - ORPHANS VERWIJDERD - - - -
BHO-{2C604029-9381-4776-9E3B-18BA8B80B176} - c:\windows\system32\iifdbASI.dll
HKLM-Run-lphc9p3j0er6p - c:\windows\system32\lphc9p3j0er6p.exe
HKLM-Run-ErrorSmart - c:\program files\ErrorSmart\ErrorSmart.exe
.
------- Bijkomende Scan -------
.
uStart Page = about:blank
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = hxxp://www.gocyberlink.com/registration/registration1.asp?SoftWare=POWERDVD&Version_Num=5.0&Cd_Key=MV39844293845489&Company=THUIS&FName=Glen&Lang=Nld
uInternet Settings,ProxyServer = 192.168.0.0:2
uInternet Settings,ProxyOverride = *.local
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
.
************************************************** ************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-15 15:17:02
Windows 5.1.2600 Service Pack 2 NTFS
scannen van verborgen processen ...
scannen van verborgen autostart items ...
scannen van verborgen bestanden ...
Scan succesvol afgerond
verborgen bestanden: 0
************************************************** ************************
.
--------------------- DLLs Geladen Onder Lopende Processen ---------------------
- - - - - - - > 'winlogon.exe'(744)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\WRLogonNTF.dll
.
------------------------ Andere Aktieve Processen ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\windows\system32\ati2evxx.exe
c:\program files\Lavasoft\Ad-Aware\aawservice.exe
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\rundll32.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\ESET\nod32krn.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\PnkBstrB.exe
c:\program files\Webroot\Spy Sweeper\SpySweeper.exe
d:\razer\Diamondback 3G\razerofa.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
c:\program files\Skype\Plugin Manager\skypePM.exe
c:\program files\Windows Live\Contacts\wlcomm.exe
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
.
************************************************** ************************
.
Voltooingstijd: 2009-02-15 15:19:53 - machine werd herstart
ComboFix-quarantined-files.txt 2009-02-15 14:19:50
ComboFix2.txt 2009-02-14 23:48:18
Pre-Run: 22.186.541.056 bytes beschikbaar
Post-Run: 22,310,506,496 bytes beschikbaar
WindowsXP-KB310994-SP2-Pro-BootDisk-NLD.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOW S
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /usepmtimer /NoExecute=OptIn
278 --- E O F --- 2009-01-15 05:46:41
hijack -log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:23:09, on 15/02/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\NVIDIA Corporation\NvMixer\NvMixerTray.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
D:\Razer\Diamondback 3G\razerhid.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\MarkAny\ContentSafer\MAAgent.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Microsoft Office\Office\1043\OLFSNT40.EXE
D:\Xfire\xfire.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
D:\Razer\Diamondback 3G\razerofa.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.gocyberlink.com/registration/registration1.asp?SoftWare=POWERDVD&Version_Num=5.0&Cd_Key=MV39844293845489&Company=THUIS&FName=Glen&Lang=Nld
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyServer = 192.168.0.0:2
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\sw g.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: (no name) - {D0943516-5076-4020-A3B5-AEFAF26AB263} - (no file)
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [NvMixerTray] C:\Program Files\NVIDIA Corporation\NvMixer\NvMixerTray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [Diamondback] D:\Razer\Diamondback 3G\razerhid.exe
O4 - HKLM\..\Run: [CM106Sound] RunDll32 CM106.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [SMSTray] C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe
O4 - HKLM\..\Run: [MAAgent] C:\Program Files\MarkAny\ContentSafer\MAAgent.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [mpx] c:\WINDOWS\system32\mpx.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe
O4 - Startup: Xfire.lnk = D:\Xfire\xfire.exe
O4 - Global Startup: Adobe Reader Snelle start.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Java SATARaid.lnk = C:\Program Files\Silicon Image\Java SATARaid\run.bat
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Poort voor Symantec Fax Starter Edition.lnk = C:\Program Files\Microsoft Office\Office\1043\OLFSNT40.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file)
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1215350374406
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762# # (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Unknown owner - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
O24 - Desktop Component 0: Privacy Protection - (no file)
--
End of file - 10732 bytes
Rosty 15 February 2009, 22:08 Als je altijd vanalles zelf gaat uitproberen gaan we er zeker niet uitkomen hoor!!! Hoe werkt alles nu na je laatste veranderingen?
Orph4nus 15 February 2009, 23:29 perfect
systeem is terug ok ^^
maarja ik plaatste logs zodat je kon zien of er mss nog iets te zien was dat niet juist was. maar alles werkt terug super perfect :p
t896743 16 February 2009, 11:37 Ik denk dat wij, zoals je stelde in je mail, inderdaad hetzelfde probleem hebben Orph4nus. Ik hoop dat we eruit geraken want mijn PC draait werkelijk vierkant.
Succes !!
Groeten,
t896743
Orph4nus 16 February 2009, 13:40 Ik denk dat wij, zoals je stelde in je mail, inderdaad hetzelfde probleem hebben Orph4nus. Ik hoop dat we eruit geraken want mijn PC draait werkelijk vierkant.
Succes !!
Groeten,
t896743
wel ik heb het opgelost door systeemherstel van 3 dagen voor ik het probleem had. en dan heb ik alle scans gedaan ( virus , spyware, etc.. )
|
|